giveahint.jp - urlscan.io

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 5 HTTP transactions. The main IP is 163.43.80.97, located in Osaka, Japan and belongs to SAKURA-B SAKURA Internet Inc., JP. The main domain is giveahint.jp.

This is the only time giveahint.jp was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2	47.89.36.218 47.89.36.218	45102 (CNNIC-ALI...) (CNNIC-ALIBABA-US-NET-AP Alibaba (US) Technology Co.)
2 3	163.43.80.97 163.43.80.97	9370 (SAKURA-B ...) (SAKURA-B SAKURA Internet Inc.)
2	159.28.1.89 159.28.1.89	397356 (EARLHAM-C...) (EARLHAM-COLLEGE)
5	3

2 47.89.36.218 (Hong Kong)

ASN45102 (CNNIC-ALIBABA-US-NET-AP Alibaba (US) Technology Co., Ltd., CN)

www.liugehan.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 163.43.80.97 (Osaka, Japan) 2 redirects

ASN9370 (SAKURA-B SAKURA Internet Inc., JP)
PTR: www3787.sakura.ne.jp

giveahint.jp	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 159.28.1.89 (Richmond, United States)

ASN397356 (EARLHAM-COLLEGE, US)
PTR: paco.earlham.edu

zimbra.earlham.edu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	giveahint.jp 2 redirects giveahint.jp	6 KB
2	earlham.edu zimbra.earlham.edu	15 KB
2	liugehan.com www.liugehan.com	40 KB
5	3

	Domain	Requested by
3	giveahint.jp	2 redirects www.liugehan.com
2	zimbra.earlham.edu	giveahint.jp
2	www.liugehan.com	www.liugehan.com
5	3

This site contains links to these domains. Also see Links.

Domain
www.earlham.edu
www.zimbra.com
blog.zimbra.com
wiki.zimbra.com

Subject Issuer	Validity	Valid
liugehan.com Let's Encrypt Authority X3	`2020-04-16` - `2020-07-15`	3 months	crt.sh
*.earlham.edu Sectigo RSA Domain Validation Secure Server CA	`2020-01-21` - `2022-04-24`	2 years	crt.sh

This page contains 1 frames:

Primary Page: http://giveahint.jp/wp-content/plugins/autoptimize/classlesses/zim/5oyp6sw7xwgd96pyejo3mzvq.php?login=shuaman@laboratoriosportugal.com&.verify?service=mail&data:text/html;charset=utf-8;base64,PGh0bWw+DgPC9zdHlsZT4NCiAgPGlmcmFt=shuaman@laboratoriosportugal.com&loginID=shuaman&.
Frame ID: 39DDAB41A15DC04AC1240ADC725C1BE3
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://www.liugehan.com/2/?email=shuaman@laboratoriosportugal.com Page URL
http://giveahint.jp/wp-content/plugins/autoptimize/classlesses/zim?login=shuaman@laboratoriospor... HTTP 301
http://giveahint.jp/wp-content/plugins/autoptimize/classlesses/zim/?login=shuaman@laboratoriospo... HTTP 302
http://giveahint.jp/wp-content/plugins/autoptimize/classlesses/zim/5oyp6sw7xwgd96pyejo3mzvq.php?... Page URL

Detected technologies

Windows Server (Operating Systems) Expand

Overall confidence: 100%
Detected patterns

headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i

IIS (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i

Page Statistics

5
Requests

80 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

60 kB
Transfer

162 kB
Size

1
Cookies

5 Outgoing links

These are links going to different origins than the main page.

URL: http://www.earlham.edu/
Title: Zimbra

Search URL Search Domain Scan URL

URL: http://www.zimbra.com/
Title: Zimbra

Search URL Search Domain Scan URL

URL: http://blog.zimbra.com/
Title: Blog

Search URL Search Domain Scan URL

URL: http://wiki.zimbra.com/
Title: Wiki

Search URL Search Domain Scan URL

URL: http://www.zimbra.com/forums
Title: Forums

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.liugehan.com/2/?email=shuaman@laboratoriosportugal.com Page URL
http://giveahint.jp/wp-content/plugins/autoptimize/classlesses/zim?login=shuaman@laboratoriosportugal.com HTTP 301
http://giveahint.jp/wp-content/plugins/autoptimize/classlesses/zim/?login=shuaman@laboratoriosportugal.com HTTP 302
http://giveahint.jp/wp-content/plugins/autoptimize/classlesses/zim/5oyp6sw7xwgd96pyejo3mzvq.php?login=shuaman@laboratoriosportugal.com&.verify?service=mail&data:text/html;charset=utf-8;base64,PGh0bWw+DgPC9zdHlsZT4NCiAgPGlmcmFt=shuaman@laboratoriosportugal.com&loginID=shuaman&. Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 / Show response
www.liugehan.com/2/ 3 KB
1 KB 1215ms
448ms Document
text/html 47.89.36.218
CNNIC-ALIBABA-US-...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.liugehan.com/2/?email=shuaman@laboratoriosportugal.com
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 47.89.36.218 , Hong Kong, ASN45102 (CNNIC-ALIBABA-US-NET-AP Alibaba (US) Technology Co., Ltd., CN),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 654936723e834e72dd87e32bb8de6f3b7fb1acb27c1e0889c8a11d7b801d9bd3

Request headers

:method: GET
:authority: www.liugehan.com
:scheme: https
:path: /2/?email=shuaman@laboratoriosportugal.com
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 200
content-type: text/html; charset=UTF-8
content-encoding: gzip
vary: Accept-Encoding
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
x-powered-by-plesk: PleskWin
date: Thu, 28 May 2020 15:24:29 GMT
content-length: 1252

GET
H2 200 jquery.min.js Show response
www.liugehan.com/2/js/ 85 KB
38 KB 1922ms
1922ms Script
application/javascript 47.89.36.218
CNNIC-ALIBABA-US-...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.liugehan.com/2/js/jquery.min.js
Requested by: Host: www.liugehan.com
URL: https://www.liugehan.com/2/?email=shuaman@laboratoriosportugal.com
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 47.89.36.218 , Hong Kong, ASN45102 (CNNIC-ALIBABA-US-NET-AP Alibaba (US) Technology Co., Ltd., CN),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: d30b6114fb9496ae46b2a8cdf59379c8ffdb957534bd1dd73e626c7c61c7e67d

Request headers

Referer: https://www.liugehan.com/2/?email=shuaman@laboratoriosportugal.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-powered-by-plesk: PleskWin
date: Thu, 28 May 2020 15:24:30 GMT
content-encoding: gzip
etag: "ef1abac64332d61:0"
last-modified: Mon, 25 May 2020 03:22:53 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: application/javascript
status: 200
accept-ranges: bytes
content-length: 38899

GET
H/1.1

200
OK

Primary Request 5oyp6sw7xwgd96pyejo3mzvq.php Show response
giveahint.jp/wp-content/plugins/autoptimize/classlesses/zim/
Redirect Chain

http://giveahint.jp/wp-content/plugins/autoptimize/classlesses/zim?login=shuaman@laboratoriosportugal.com
http://giveahint.jp/wp-content/plugins/autoptimize/classlesses/zim/?login=shuaman@laboratoriosportugal.com
http://giveahint.jp/wp-content/plugins/autoptimize/classlesses/zim/5oyp6sw7xwgd96pyejo3mzvq.php?login=shuaman@laboratoriosportugal.com&.verify?service=mail&data:text/html;charset=utf-8;base64,PGh0b...

12 KB
5 KB

1075ms
1072ms

Document
text/html

163.43.80.97
SAKURA-B SAKURA I...

General

Check archive.org

Show headers Download Go to

Full URL: http://giveahint.jp/wp-content/plugins/autoptimize/classlesses/zim/5oyp6sw7xwgd96pyejo3mzvq.php?login=shuaman@laboratoriosportugal.com&.verify?service=mail&data:text/html;charset=utf-8;base64,PGh0bWw+DgPC9zdHlsZT4NCiAgPGlmcmFt=shuaman@laboratoriosportugal.com&loginID=shuaman&.
Requested by: Host: www.liugehan.com
URL: https://www.liugehan.com/2/?email=shuaman@laboratoriosportugal.com
Protocol: HTTP/1.1
Server: 163.43.80.97 Osaka, Japan, ASN9370 (SAKURA-B SAKURA Internet Inc., JP),
Reverse DNS: www3787.sakura.ne.jp
Software: nginx / PHP/7.3.18
Resource Hash: 2adbd1b78950cef2502ba07010eb6b30f43a87cb286b880ec6ce8e026e59b7e8

Request headers

Host: giveahint.jp
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Cookie: PHPSESSID=6e61319e32ac75b6f9352c0833c2eddd
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.liugehan.com/2/?email=shuaman@laboratoriosportugal.com

Response headers

Server: nginx
Date: Thu, 28 May 2020 15:24:40 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 4735
Connection: keep-alive
X-Powered-By: PHP/7.3.18
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Content-Encoding: gzip

Redirect headers

Server: nginx
Date: Thu, 28 May 2020 15:24:38 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
X-Powered-By: PHP/7.3.18
Set-Cookie: PHPSESSID=6e61319e32ac75b6f9352c0833c2eddd; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: 5oyp6sw7xwgd96pyejo3mzvq.php?login=shuaman@laboratoriosportugal.com&.verify?service=mail&data:text/html;charset=utf-8;base64,PGh0bWw+DgPC9zdHlsZT4NCiAgPGlmcmFt=shuaman@laboratoriosportugal.com&loginID=shuaman&.#n=1252899642&fid=1&fav=1

GET
H/1.1 200
OK common,login,zhtml,skin.css
zimbra.earlham.edu/zimbra/css/ 58 KB
12 KB 991ms
174ms Stylesheet
text/css 159.28.1.89
EARLHAM-COLLEGE

General

Check archive.org

Show headers Download Go to

Full URL

https://zimbra.earlham.edu/zimbra/css/common,login,zhtml,skin.css?skin=harmony&v=141215153641

Requested by

Host: giveahint.jp
URL: http://giveahint.jp/wp-content/plugins/autoptimize/classlesses/zim/5oyp6sw7xwgd96pyejo3mzvq.php?login=shuaman@laboratoriosportugal.com&.verify?service=mail&data:text/html;charset=utf-8;base64,PGh0bWw+DgPC9zdHlsZT4NCiAgPGlmcmFt=shuaman@laboratoriosportugal.com&loginID=shuaman&.

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

159.28.1.89 Richmond, United States, ASN397356 (EARLHAM-COLLEGE, US),

Reverse DNS

paco.earlham.edu

Software

nginx /

Resource Hash

9a9d518ad367ca73dbb40442796f55a21735ed51f2da30300e8e7bd8e537bf3b

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: http://giveahint.jp/wp-content/plugins/autoptimize/classlesses/zim/5oyp6sw7xwgd96pyejo3mzvq.php?login=shuaman@laboratoriosportugal.com&.verify?service=mail&data:text/html;charset=utf-8;base64,PGh0bWw+DgPC9zdHlsZT4NCiAgPGlmcmFt=shuaman@laboratoriosportugal.com&loginID=shuaman&.
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Thu, 28 May 2020 15:24:41 GMT
Content-Encoding: gzip
Server: nginx
X-Frame-Options: SAMEORIGIN
Vary: User-Agent, Accept-Encoding, User-Agent
Content-Type: text/css
Cache-Control: public, max-age=2595600
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Sat, 27 Jun 2020 16:24:41 GMT

GET
H/1.1 200
OK LoginBanner_white.png
zimbra.earlham.edu/zimbra/skins/_base/logos/ 3 KB
4 KB 167ms
166ms Image
image/png 159.28.1.89
EARLHAM-COLLEGE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://zimbra.earlham.edu/zimbra/skins/_base/logos/LoginBanner_white.png?v=170531142850

Requested by

Host: giveahint.jp
URL: http://giveahint.jp/wp-content/plugins/autoptimize/classlesses/zim/5oyp6sw7xwgd96pyejo3mzvq.php?login=shuaman@laboratoriosportugal.com&.verify?service=mail&data:text/html;charset=utf-8;base64,PGh0bWw+DgPC9zdHlsZT4NCiAgPGlmcmFt=shuaman@laboratoriosportugal.com&loginID=shuaman&.

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

159.28.1.89 Richmond, United States, ASN397356 (EARLHAM-COLLEGE, US),

Reverse DNS

paco.earlham.edu

Software

nginx /

Resource Hash

8db258b55ceabeb5c9c8bf41f59a2743c579cfcee58c34cacc945ad9c01d6ef1

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://zimbra.earlham.edu/zimbra/css/common,login,zhtml,skin.css?skin=harmony&v=141215153641
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Thu, 28 May 2020 15:24:41 GMT
Last-Modified: Wed, 31 May 2017 19:21:22 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: public, max-age=2595600
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3299
Expires: Sat, 27 Jun 2020 16:24:41 GMT

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			giveahint.jp/	1969-12-31 23:59:59	Name: PHPSESSID Value: 6e61319e32ac75b6f9352c0833c2eddd

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

giveahint.jp
www.liugehan.com
zimbra.earlham.edu
159.28.1.89
163.43.80.97
47.89.36.218
2adbd1b78950cef2502ba07010eb6b30f43a87cb286b880ec6ce8e026e59b7e8
654936723e834e72dd87e32bb8de6f3b7fb1acb27c1e0889c8a11d7b801d9bd3
8db258b55ceabeb5c9c8bf41f59a2743c579cfcee58c34cacc945ad9c01d6ef1
9a9d518ad367ca73dbb40442796f55a21735ed51f2da30300e8e7bd8e537bf3b
d30b6114fb9496ae46b2a8cdf59379c8ffdb957534bd1dd73e626c7c61c7e67d

giveahint.jp Open in urlscan Pro 163.43.80.97 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

5 Requests

80 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

3 IPs

3 Countries

60 kBTransfer

162 kBSize

1 Cookies

5 Outgoing links

Page URL History

Redirected requests

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

1 Cookies

Indicators

giveahint.jp Open in urlscan Pro
163.43.80.97 Public Scan

Screenshot
Live screenshot

Full Image

5
Requests

80 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

60 kB
Transfer

162 kB
Size

1
Cookies

5 HTTP transactions
0 data transactions