124.71.133.130
Open in
urlscan Pro
124.71.133.130
Malicious Activity!
Public Scan
URL:
http://124.71.133.130/webmail/secure/
Submission: On October 03 via manual from IN — Scanned from DE
Submission: On October 03 via manual from IN — Scanned from DE
Summary
This website contacted 2 IPs
in 2 countries
across 1 domains to perform 12 HTTP transactions.
The main IP is 124.71.133.130, located in
China and
belongs to HWCSNET Huawei Cloud Service data center, CN.
The main domain is 124.71.133.130.
This is the only time 124.71.133.130 was scanned on urlscan.io!
This is the only time 124.71.133.130 was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Email (Online) DoCANVAS (Telecommunication)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 11 | 124.71.133.130 124.71.133.130 | 55990 (HWCSNET H...) (HWCSNET Huawei Cloud Service data center) | |
| 1 | 219.118.67.12 219.118.67.12 | 2514 (INFOSPHER...) (INFOSPHERE NTT PC Communications) | |
| 12 | 2 |
11
124.71.133.130
(China)
ASN55990 (HWCSNET Huawei Cloud Service data center, CN)
PTR: ecs-124-71-133-130.compute.hwclouds-dns.com
ASN55990 (HWCSNET Huawei Cloud Service data center, CN)
PTR: ecs-124-71-133-130.compute.hwclouds-dns.com
| 124.71.133.130 |
1
219.118.67.12
(Japan)
ASN2514 (INFOSPHERE NTT PC Communications, Inc., JP)
PTR: webmail.earth-core.jp
ASN2514 (INFOSPHERE NTT PC Communications, Inc., JP)
PTR: webmail.earth-core.jp
| webmail.earth-core.jp |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 1 |
earth-core.jp
webmail.earth-core.jp |
1 KB |
| 12 | 1 |
| Domain | Requested by | |
|---|---|---|
| 1 | webmail.earth-core.jp | |
| 12 | 1 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| *.earth-core.jp JPRS Domain Validation Authority - G4 |
2024-07-18 - 2025-07-31 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
http://124.71.133.130/webmail/secure/
Frame ID: 0B6D107D4AB61BF7822D83898BAC3E0B
Requests: 12 HTTP requests in this frame
Screenshot
Page Title
Webmail :: Welcome to WebmailPage URL History Show full URLs
-
http://124.71.133.130/webmail/secure/
HTTP 307
https://124.71.133.130/webmail/secure/ HTTP 307
http://124.71.133.130/webmail/secure/ Page URL
Detected technologies
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
jQuery UI
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- jquery-ui[.-]([\d.]*\d)[^/]*\.js
- jquery-ui.*\.js
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://124.71.133.130/webmail/secure/
HTTP 307
https://124.71.133.130/webmail/secure/ HTTP 307
http://124.71.133.130/webmail/secure/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
12 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
Primary Request
/
124.71.133.130/webmail/secure/ Redirect Chain
|
4 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
common.css
124.71.133.130/webmail/secure/index_files/ |
14 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery-ui-1.css
124.71.133.130/webmail/secure/index_files/ |
34 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery.js
124.71.133.130/webmail/secure/index_files/ |
94 KB 37 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
common.js
124.71.133.130/webmail/secure/index_files/ |
13 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
app.js
124.71.133.130/webmail/secure/index_files/ |
248 KB 70 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jstz.js
124.71.133.130/webmail/secure/index_files/ |
5 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery-ui-1.js
124.71.133.130/webmail/secure/index_files/ |
231 KB 72 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
no-logo.png
124.71.133.130/webmail/secure/index_files/ |
182 B 484 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
listheader.gif
124.71.133.130/webmail/secure/index_files/images/ |
548 B 548 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
bg.gif
124.71.133.130/webmail/secure/index_files/images/buttons/ |
548 B 548 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
favicon.ico
webmail.earth-core.jp/skins/default//images/ |
1 KB 1 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Email (Online) DoCANVAS (Telecommunication)21 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery number| CONTROL_KEY number| SHIFT_KEY number| CONTROL_SHIFT_KEY function| roundcube_browser object| rcube_event function| rcube_event_engine function| rcube_check_email function| rcube_clone_object function| urlencode function| rcube_find_object function| rcube_mouse_is_over function| setCookie function| getCookie function| rcube_console object| bw object| Base64 function| rcube_webmail object| jstz function| DP_jQuery_17279365628700 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
| Source | Level | URL Text |
|---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
webmail.earth-core.jp
124.71.133.130
219.118.67.12
1ea9dad3602d77369e7aaded77c6808cc9385b971a380f9c93e47465933eadd5
44e0e21d8230eab6ff9bfc832676a711116a7deae0686756dce6a35cd5c1e2f6
4cbb138f810bdde4e309dc7b9e6d3d09510f7df1e139d95666253c43f16708d0
746e54e89161118a67bd59103c4ab55e3060735cc85c1d047c2cf04d4b12043d
7b902b041c9d374bec0476422b7a3f7e27f546e371e962e45e4cebe1c482a91b
8436b8d56ce0596f7df21bb46cac82344d082d6a1f481bd9ad3e08fe7834bf25
a6eaf994e7a16aa9b5c156b2e4a96adae87f06c5237c60e559863ace8ac9b02d
b07c6db6107f3140db715ce545e2a03f4a6c5da9cee98b216de028db016f340d
d465172175d35d493fb1633e237700022bd849fa123164790b168b8318acb090
f672b7ca18ae0e12d1e01cf31be2daa4cd65733b8a5471eedd2ac939b150d4f9
fee5a30ddc52ae26830d5e5c91ad1e765f8cfd3f00c093ba9bc804683ee8fa64