124.71.133.130
Open in
urlscan Pro
124.71.133.130
Malicious Activity!
Public Scan
Submission: On October 03 via manual from IN — Scanned from DE
Summary
This is the only time 124.71.133.130 was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Email (Online) DoCANVAS (Telecommunication)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
11 | 124.71.133.130 124.71.133.130 | 55990 (HWCSNET H...) (HWCSNET Huawei Cloud Service data center) | |
1 | 219.118.67.12 219.118.67.12 | 2514 (INFOSPHER...) (INFOSPHERE NTT PC Communications) | |
12 | 2 |
ASN55990 (HWCSNET Huawei Cloud Service data center, CN)
PTR: ecs-124-71-133-130.compute.hwclouds-dns.com
124.71.133.130 |
ASN2514 (INFOSPHERE NTT PC Communications, Inc., JP)
PTR: webmail.earth-core.jp
webmail.earth-core.jp |
Apex Domain Subdomains |
Transfer | |
---|---|---|
1 |
earth-core.jp
webmail.earth-core.jp |
1 KB |
12 | 1 |
Domain | Requested by | |
---|---|---|
1 | webmail.earth-core.jp | |
12 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.earth-core.jp JPRS Domain Validation Authority - G4 |
2024-07-18 - 2025-07-31 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
http://124.71.133.130/webmail/secure/
Frame ID: 0B6D107D4AB61BF7822D83898BAC3E0B
Requests: 12 HTTP requests in this frame
Screenshot
Page Title
Webmail :: Welcome to WebmailPage URL History Show full URLs
-
http://124.71.133.130/webmail/secure/
HTTP 307
https://124.71.133.130/webmail/secure/ HTTP 307
http://124.71.133.130/webmail/secure/ Page URL
Detected technologies
jQuery (JavaScript Libraries) ExpandDetected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
jQuery UI (JavaScript Libraries) Expand
Detected patterns
- jquery-ui[.-]([\d.]*\d)[^/]*\.js
- jquery-ui.*\.js
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://124.71.133.130/webmail/secure/
HTTP 307
https://124.71.133.130/webmail/secure/ HTTP 307
http://124.71.133.130/webmail/secure/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
124.71.133.130/webmail/secure/ Redirect Chain
|
4 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
common.css
124.71.133.130/webmail/secure/index_files/ |
14 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-ui-1.css
124.71.133.130/webmail/secure/index_files/ |
34 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.js
124.71.133.130/webmail/secure/index_files/ |
94 KB 37 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
common.js
124.71.133.130/webmail/secure/index_files/ |
13 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
app.js
124.71.133.130/webmail/secure/index_files/ |
248 KB 70 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jstz.js
124.71.133.130/webmail/secure/index_files/ |
5 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-ui-1.js
124.71.133.130/webmail/secure/index_files/ |
231 KB 72 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
no-logo.png
124.71.133.130/webmail/secure/index_files/ |
182 B 484 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
listheader.gif
124.71.133.130/webmail/secure/index_files/images/ |
548 B 548 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bg.gif
124.71.133.130/webmail/secure/index_files/images/buttons/ |
548 B 548 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
favicon.ico
webmail.earth-core.jp/skins/default//images/ |
1 KB 1 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Email (Online) DoCANVAS (Telecommunication)21 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery number| CONTROL_KEY number| SHIFT_KEY number| CONTROL_SHIFT_KEY function| roundcube_browser object| rcube_event function| rcube_event_engine function| rcube_check_email function| rcube_clone_object function| urlencode function| rcube_find_object function| rcube_mouse_is_over function| setCookie function| getCookie function| rcube_console object| bw object| Base64 function| rcube_webmail object| jstz function| DP_jQuery_17279365628700 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
webmail.earth-core.jp
124.71.133.130
219.118.67.12
1ea9dad3602d77369e7aaded77c6808cc9385b971a380f9c93e47465933eadd5
44e0e21d8230eab6ff9bfc832676a711116a7deae0686756dce6a35cd5c1e2f6
4cbb138f810bdde4e309dc7b9e6d3d09510f7df1e139d95666253c43f16708d0
746e54e89161118a67bd59103c4ab55e3060735cc85c1d047c2cf04d4b12043d
7b902b041c9d374bec0476422b7a3f7e27f546e371e962e45e4cebe1c482a91b
8436b8d56ce0596f7df21bb46cac82344d082d6a1f481bd9ad3e08fe7834bf25
a6eaf994e7a16aa9b5c156b2e4a96adae87f06c5237c60e559863ace8ac9b02d
b07c6db6107f3140db715ce545e2a03f4a6c5da9cee98b216de028db016f340d
d465172175d35d493fb1633e237700022bd849fa123164790b168b8318acb090
f672b7ca18ae0e12d1e01cf31be2daa4cd65733b8a5471eedd2ac939b150d4f9
fee5a30ddc52ae26830d5e5c91ad1e765f8cfd3f00c093ba9bc804683ee8fa64