animalhospital.groundwork-partners.jp Open in urlscan Pro
49.212.207.146  Malicious Activity! Public Scan

URL: https://animalhospital.groundwork-partners.jp/it/135b3cbfc3175385f8acaf8f6fa86fdf/?https://managehosting.aruba.it/AreaUtenti.asp?Lang=EN
Submission Tags: 6722542
Submission: On August 07 via api from NL

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 2 HTTP transactions. The main IP is 49.212.207.146, located in Osaka, Japan and belongs to SAKURA-C SAKURA Internet Inc., JP. The main domain is animalhospital.groundwork-partners.jp.
TLS certificate: Issued by Let's Encrypt Authority X3 on June 21st 2020. Valid for: 3 months.
This is the only time animalhospital.groundwork-partners.jp was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Aruba (Online)

Domain & IP information

IP Address AS Autonomous System
2 49.212.207.146 9371 (SAKURA-C ...)
2 2
Apex Domain
Subdomains
Transfer
2 groundwork-partners.jp
animalhospital.groundwork-partners.jp
66 KB
2 1
Domain Requested by
2 animalhospital.groundwork-partners.jp animalhospital.groundwork-partners.jp
2 1

This site contains no links.

Subject Issuer Validity Valid
animalhospital.groundwork-partners.jp
Let's Encrypt Authority X3
2020-06-21 -
2020-09-19
3 months crt.sh

This page contains 1 frames:

Primary Page: https://animalhospital.groundwork-partners.jp/it/135b3cbfc3175385f8acaf8f6fa86fdf/?https://managehosting.aruba.it/AreaUtenti.asp?Lang=EN
Frame ID: 1DAC5CBF1D3278DD2D4EB107769C9873
Requests: 10 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 50%
Detected patterns
  • url /\.aspx?(?:$|\?)/i

Overall confidence: 100%
Detected patterns
  • url /\.aspx?(?:$|\?)/i

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Overall confidence: 50%
Detected patterns
  • url /\.aspx?(?:$|\?)/i

Page Statistics

2
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

111 kB
Transfer

250 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

2 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
animalhospital.groundwork-partners.jp/it/135b3cbfc3175385f8acaf8f6fa86fdf/
155 KB
64 KB
Document
General
Full URL
https://animalhospital.groundwork-partners.jp/it/135b3cbfc3175385f8acaf8f6fa86fdf/?https://managehosting.aruba.it/AreaUtenti.asp?Lang=EN
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
49.212.207.146 Osaka, Japan, ASN9371 (SAKURA-C SAKURA Internet Inc., JP),
Reverse DNS
www3106.sakura.ne.jp
Software
nginx / PHP/7.4.7
Resource Hash
c02b5d21d2aaae2f59eade91f0d716b709b90cd7021ba6eec80fbf0bd5c070e5

Request headers

:method
GET
:authority
animalhospital.groundwork-partners.jp
:scheme
https
:path
/it/135b3cbfc3175385f8acaf8f6fa86fdf/?https://managehosting.aruba.it/AreaUtenti.asp?Lang=EN
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
200
server
nginx
date
Fri, 07 Aug 2020 09:55:12 GMT
content-type
text/html; charset=UTF-8
x-powered-by
PHP/7.4.7
vary
Accept-Encoding
content-encoding
gzip
truncated
/
17 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a525f163e73542be1b82c5ae4e4beed74d137d56161ac5b02833a279ef6d9b61

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
15 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bcedcafd81248b08cb428b22618a38866d0cee85b4e9ecd27ef734d0533e2792

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
23 KB
23 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
Origin
https://animalhospital.groundwork-partners.jp

Response headers

Content-Type
font/woff2
sub.png
animalhospital.groundwork-partners.jp/it/135b3cbfc3175385f8acaf8f6fa86fdf/app2/
2 KB
2 KB
Image
General
Full URL
https://animalhospital.groundwork-partners.jp/it/135b3cbfc3175385f8acaf8f6fa86fdf/app2/sub.png
Requested by
Host: animalhospital.groundwork-partners.jp
URL: https://animalhospital.groundwork-partners.jp/it/135b3cbfc3175385f8acaf8f6fa86fdf/?https://managehosting.aruba.it/AreaUtenti.asp?Lang=EN
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
49.212.207.146 Osaka, Japan, ASN9371 (SAKURA-C SAKURA Internet Inc., JP),
Reverse DNS
www3106.sakura.ne.jp
Software
nginx /
Resource Hash
5140966cfac3ddbe2ee1901750f6a6c9417aa6f6c6fdc9552e047f4cc97df923

Request headers

Referer
https://animalhospital.groundwork-partners.jp/it/135b3cbfc3175385f8acaf8f6fa86fdf/?https://managehosting.aruba.it/AreaUtenti.asp?Lang=EN
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 07 Aug 2020 09:55:14 GMT
content-encoding
gzip
last-modified
Fri, 07 Aug 2020 03:03:17 GMT
server
nginx
etag
"6b9-5ac40d8b24740-gzip"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
max-age=2592000
accept-ranges
bytes
content-length
1744
expires
Sun, 06 Sep 2020 09:55:14 GMT
truncated
/
45 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d9ad9ccafbc7696d83a75b36483dc07f3a1465c7d4443047f7d2803045435dcd

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/gif
truncated
/
94 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a59a3fbd896bb90a2ec0a57a93726e5ffe5faeb214b5e6e2d0899029cf106414

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
841 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
50c0214cab06f02e4e1501e2edd9e707dfcb1a6c3e1c38c05235b49dae984033

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
15 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f7d4f46e5b853727d9fe49f79faadb7c77d3235992542e1229b5c3f9cc1184a2

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
22 KB
22 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8d3ca80fa271e94b0c36cf3053b0f806b7a42bb3395b424c99dc0bd218f0ac20

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
Origin
https://animalhospital.groundwork-partners.jp

Response headers

Content-Type
font/woff2

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Aruba (Online)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies