saikou.xrea.jp - urlscan.io

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 7 HTTP transactions. The main IP is 150.95.9.227, located in Japan and belongs to GMOOSK-NET GMO Internet,Inc, JP. The main domain is saikou.xrea.jp.

This is the only time saikou.xrea.jp was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PayPay (Financial)

Domain & IP information

	IP Address		AS Autonomous System
7	150.95.9.227 150.95.9.227		58791 (GMOOSK-NE...) (GMOOSK-NET GMO Internet)
7	1

7 150.95.9.227 (Japan)

ASN58791 (GMOOSK-NET GMO Internet,Inc, JP)
PTR: s1007.xrea.com

saikou.xrea.jp	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	xrea.jp saikou.xrea.jp	219 KB
7	1

	Domain	Requested by
7	saikou.xrea.jp	saikou.xrea.jp
7	1

This site contains links to these domains. Also see Links.

Domain
ameblo.jp
www.asahi-shoes.co.jp
www.gunze.style
www.paypay-corp.co.jp
itp.ne.jp

Subject Issuer	Validity	Valid
	`1970-01-01` - `1970-01-01`	a few seconds	crt.sh

This page contains 1 frames:

Primary Page: http://saikou.xrea.jp/
Frame ID: BE63F94F2426AD2713484EEA2AA97E32
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i

Page Statistics

7
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

219 kB
Transfer

222 kB
Size

0
Cookies

5 Outgoing links

These are links going to different origins than the main page.

URL: https://ameblo.jp/saikou-hanyu
Title: さいこうブログ

Search URL Search Domain Scan URL

URL: https://www.asahi-shoes.co.jp/brand/kaiho/
Title: 「快歩主義」

Search URL Search Domain Scan URL

URL: http://www.gunze.style/newkaiteki/
Title: 「グンゼ快適工房」

Search URL Search Domain Scan URL

URL: https://www.paypay-corp.co.jp/
Title: スマホ決算OK

Search URL Search Domain Scan URL

URL: https://itp.ne.jp/info/110332963200000899/#tabmap
Title: iタウンページ

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response saikou.xrea.jp/	6 KB 2 KB	804ms 282ms	Document text/html	150.95.9.227 GMOOSK-NET GMO In...
General Check archive.org Show headers Download Go to Full URL http://saikou.xrea.jp/ Protocol HTTP/1.1 Server 150.95.9.227 , Japan, ASN58791 (GMOOSK-NET GMO Internet,Inc, JP), Reverse DNS s1007.xrea.com Software Apache / Resource Hash `85d8235086d5204a1788a3111cd8d0c4bdb3f35c14cf1d4ac0712d2840d673da` Request headers Host saikou.xrea.jp Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3 Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 29 Aug 2019 08:31:17 GMT Server Apache Vary Accept-Encoding,User-Agent Content-Encoding gzip Keep-Alive timeout=15, max=100 Connection Keep-Alive Transfer-Encoding chunked Content-Type text/html; charset=UTF-8
GET H/1.1	200 OK	saiko.css saikou.xrea.jp/	2 KB 1 KB	269ms 268ms	Stylesheet text/css	150.95.9.227 GMOOSK-NET GMO In...
General Check archive.org Show headers Download Go to Full URL http://saikou.xrea.jp/saiko.css Requested by Host: saikou.xrea.jp URL: http://saikou.xrea.jp/ Protocol HTTP/1.1 Security , , Server 150.95.9.227 , Japan, ASN58791 (GMOOSK-NET GMO Internet,Inc, JP), Reverse DNS s1007.xrea.com Software Apache / Resource Hash `c9e369e301a487d2d3d479002097675c9ddde7290c433d48dd09f8445f3a2a22` Request headers Referer http://saikou.xrea.jp/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 29 Aug 2019 08:31:18 GMT Content-Encoding gzip Last-Modified Sun, 12 May 2019 05:08:18 GMT Server Apache ETag "9fc-588a9c9b873e5-gzip" Vary Accept-Encoding,User-Agent Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=15, max=99 Content-Length 832
GET H/1.1	200 OK	logo2.png saikou.xrea.jp/	5 KB 5 KB	270ms 269ms	Image image/png	150.95.9.227 GMOOSK-NET GMO In...
General Check archive.org Show headers Download Go to Show image Full URL http://saikou.xrea.jp/logo2.png Requested by Host: saikou.xrea.jp URL: http://saikou.xrea.jp/ Protocol HTTP/1.1 Security , , Server 150.95.9.227 , Japan, ASN58791 (GMOOSK-NET GMO Internet,Inc, JP), Reverse DNS s1007.xrea.com Software Apache / Resource Hash `0a9b11a00b2bce833025f2b88a4b9534ee1baf8cb938d95b15be26c192a9a063` Request headers Referer http://saikou.xrea.jp/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 29 Aug 2019 08:31:18 GMT Last-Modified Fri, 19 Apr 2019 10:07:00 GMT Server Apache ETag "1428-586df478ff900" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=15, max=100 Content-Length 5160
GET H/1.1	200 OK	shop.png saikou.xrea.jp/	153 KB 153 KB	528ms 266ms	Image image/png	150.95.9.227 GMOOSK-NET GMO In...
General Check archive.org Show headers Download Go to Show image Full URL http://saikou.xrea.jp/shop.png Requested by Host: saikou.xrea.jp URL: http://saikou.xrea.jp/ Protocol HTTP/1.1 Security , , Server 150.95.9.227 , Japan, ASN58791 (GMOOSK-NET GMO Internet,Inc, JP), Reverse DNS s1007.xrea.com Software Apache / Resource Hash `5ce0788f10f668965b394bd2e16cbb7c3b35bbb7aac0c362efdb0e3cb0f0f530` Request headers Referer http://saikou.xrea.jp/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 29 Aug 2019 08:31:18 GMT Last-Modified Mon, 05 Nov 2018 21:46:00 GMT Server Apache ETag "264d8-579f1cf90b600" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=15, max=100 Content-Length 156888
GET H/1.1	200 OK	test.jpg saikou.xrea.jp/	33 KB 33 KB	534ms 268ms	Image image/jpeg	150.95.9.227 GMOOSK-NET GMO In...
General Check archive.org Show headers Download Go to Show image Full URL http://saikou.xrea.jp/test.jpg Requested by Host: saikou.xrea.jp URL: http://saikou.xrea.jp/ Protocol HTTP/1.1 Security , , Server 150.95.9.227 , Japan, ASN58791 (GMOOSK-NET GMO Internet,Inc, JP), Reverse DNS s1007.xrea.com Software Apache / Resource Hash `3b82d8bd29147da4708f95fbad40113ac4c9e8bd23c456c48c8f46779bd65dfc` Request headers Referer http://saikou.xrea.jp/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 29 Aug 2019 08:31:18 GMT Last-Modified Fri, 19 Apr 2019 10:35:00 GMT Server Apache ETag "83b0-586dfabb2bd00" Content-Type image/jpeg Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=15, max=100 Content-Length 33712
GET H/1.1	200 OK	staff.png saikou.xrea.jp/	20 KB 20 KB	556ms 288ms	Image image/png	150.95.9.227 GMOOSK-NET GMO In...
General Check archive.org Show headers Download Go to Show image Full URL http://saikou.xrea.jp/staff.png Requested by Host: saikou.xrea.jp URL: http://saikou.xrea.jp/ Protocol HTTP/1.1 Security , , Server 150.95.9.227 , Japan, ASN58791 (GMOOSK-NET GMO Internet,Inc, JP), Reverse DNS s1007.xrea.com Software Apache / Resource Hash `3c55fc24a77e0534c564a3991891c32c29b2f153acb9ba27a7d8f75e3a4f702a` Request headers Referer http://saikou.xrea.jp/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 29 Aug 2019 08:31:18 GMT Last-Modified Fri, 19 Apr 2019 10:07:00 GMT Server Apache ETag "4f70-586df478ff900" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=15, max=100 Content-Length 20336
GET H/1.1	200 OK	img_logo.png saikou.xrea.jp/	3 KB 3 KB	540ms 268ms	Image image/png	150.95.9.227 GMOOSK-NET GMO In...
General Check archive.org Show headers Download Go to Show image Full URL http://saikou.xrea.jp/img_logo.png Requested by Host: saikou.xrea.jp URL: http://saikou.xrea.jp/ Protocol HTTP/1.1 Security , , Server 150.95.9.227 , Japan, ASN58791 (GMOOSK-NET GMO Internet,Inc, JP), Reverse DNS s1007.xrea.com Software Apache / Resource Hash `5ae82ced18f26ecb4117409ff2d4bdda73abde9f5a0e20ac42a8fa1ac9b34585` Request headers Referer http://saikou.xrea.jp/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 29 Aug 2019 08:31:18 GMT Last-Modified Tue, 27 Nov 2018 00:17:00 GMT Server Apache ETag "c50-57b9a5e403700" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=15, max=98 Content-Length 3152

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PayPay (Financial)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

saikou.xrea.jp
150.95.9.227
0a9b11a00b2bce833025f2b88a4b9534ee1baf8cb938d95b15be26c192a9a063
3b82d8bd29147da4708f95fbad40113ac4c9e8bd23c456c48c8f46779bd65dfc
3c55fc24a77e0534c564a3991891c32c29b2f153acb9ba27a7d8f75e3a4f702a
5ae82ced18f26ecb4117409ff2d4bdda73abde9f5a0e20ac42a8fa1ac9b34585
5ce0788f10f668965b394bd2e16cbb7c3b35bbb7aac0c362efdb0e3cb0f0f530
85d8235086d5204a1788a3111cd8d0c4bdb3f35c14cf1d4ac0712d2840d673da
c9e369e301a487d2d3d479002097675c9ddde7290c433d48dd09f8445f3a2a22

saikou.xrea.jp Open in urlscan Pro 150.95.9.227 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

7 Requests

0 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

219 kBTransfer

222 kBSize

0 Cookies

5 Outgoing links

Redirected requests

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

0 Cookies

Indicators

saikou.xrea.jp Open in urlscan Pro
150.95.9.227 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

7
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

219 kB
Transfer

222 kB
Size

0
Cookies

7 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!