mail.mentech.com
Open in
urlscan Pro
2409:8c6a:b021:1400:0:3:0:47
Malicious Activity!
Public Scan
Submission: On July 20 via api from US — Scanned from DE
Summary
TLS certificate: Issued by TrustAsia RSA DV TLS CA G3 on June 25th 2024. Valid for: 3 months.
This is the only time mail.mentech.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic China (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 | 2409:8c6a:b02... 2409:8c6a:b021:1400:0:3:0:47 | 9808 (CHINAMOBI...) (CHINAMOBILE-CN China Mobile Communications Group Co.) | |
16 | 103.129.255.238 103.129.255.238 | 137263 (NETEASE-A...) (NETEASE-AS-AP NETEASE HONG KONG LIMITED) | |
19 | 2 |
ASN9808 (CHINAMOBILE-CN China Mobile Communications Group Co., Ltd., CN)
mail.mentech.com |
ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK)
PTR: mail-m255238.qiye.163.com
mimghz.qiye.163.com | |
mimg.qiye.163.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
16 |
163.com
mimghz.qiye.163.com mimg.qiye.163.com |
110 KB |
3 |
mentech.com
mail.mentech.com |
3 KB |
19 | 2 |
Domain | Requested by | |
---|---|---|
13 | mimghz.qiye.163.com |
mail.mentech.com
|
3 | mimg.qiye.163.com |
mail.mentech.com
mimghz.qiye.163.com |
3 | mail.mentech.com |
mail.mentech.com
|
19 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
mail.mentech.com TrustAsia RSA DV TLS CA G3 |
2024-06-25 - 2024-09-23 |
3 months | crt.sh |
*.qiye.163.com GeoTrust RSA CN CA G2 |
2024-01-26 - 2025-02-23 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://mail.mentech.com/
Frame ID: 4918B107738BE82BC76574E450B1A3F6
Requests: 19 HTTP requests in this frame
Screenshot
Page Title
铭普光磁 - 邮箱用户登录Detected technologies
jQuery (JavaScript Libraries) ExpandDetected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
jQuery Migrate (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
19 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
mail.mentech.com/ |
8 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
global.css
mimghz.qiye.163.com/o/domain/201906051135/index/css/ |
4 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
user.css
mimghz.qiye.163.com/o/domain/201906051135/index/css/ |
515 B 525 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
custom.css
mimghz.qiye.163.com/o/domain/201906051135/index/css/ |
5 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
loginjs.jsp
mail.mentech.com/js/ |
8 B 160 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.js
mimghz.qiye.163.com/o/domain/201906051135/index/js/ |
81 KB 29 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-migrate.js
mimghz.qiye.163.com/o/domain/201906051135/index/js/ |
7 KB 3 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
lang_zhcn.js
mimghz.qiye.163.com/o/domain/201906051135/index/js/ |
165 B 419 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
select_network.js
mimghz.qiye.163.com/o/domain/201906051135/index/js/ |
5 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login_util.js
mimghz.qiye.163.com/o/domain/201906051135/index/js/ |
14 KB 5 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.jsonp-2.4.0.min.js
mimghz.qiye.163.com/o/domain/201906051135/index/js/ |
2 KB 1 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
select_banner.js
mimghz.qiye.163.com/o/domain/201906051135/index/js/ |
8 KB 3 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
reset_pwd.js
mimghz.qiye.163.com/o/domain/201906051135/index/js/ |
408 B 501 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
qiye_algorithm.js
mimg.qiye.163.com/o/index/lib/scripts/ |
27 KB 9 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bg_cn_noqiye.png
mimghz.qiye.163.com/o/domain/201906051135/index/img/ |
9 KB 9 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bgx.gif
mimg.qiye.163.com/xm/qiye/login/img/ |
87 B 306 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bg.gif
mimg.qiye.163.com/xm/qiye/login/img/ |
12 KB 13 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
defaultBgRight3.8f205c3b.jpg
mimghz.qiye.163.com/o/admin/20150730/images/ |
30 KB 31 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon.ico
mail.mentech.com/ |
894 B 1 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic China (Online)118 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
string| currentBanner string| currentStyle string| addresses string| domainType string| pageType string| verifyCodeUrl string| verifyCode function| $ function| jQuery object| message function| fSpeedTest function| fSpd function| cookie object| msgMap function| showTips string| defaultClass boolean| isClassDefault string| code string| hl function| getHl function| getId function| getParam function| getMsg function| setMsgpid function| showError function| setMsg function| getQueryString function| changeVerifyCode function| frmvalidator function| isEmpty function| prelogin function| doSubmitForm function| DrawImage string| b64map string| b64pad function| hex2b64 function| b64tohex function| b64toBA number| dbits number| canary boolean| j_lm function| BigInteger function| nbi function| am1 function| am2 function| am3 number| BI_FP string| BI_RM object| BI_RC number| rr number| vv function| int2char function| intAt function| bnpCopyTo function| bnpFromInt function| nbv function| bnpFromString function| bnpClamp function| bnToString function| bnNegate function| bnAbs function| bnCompareTo function| nbits function| bnBitLength function| bnpDLShiftTo function| bnpDRShiftTo function| bnpLShiftTo function| bnpRShiftTo function| bnpSubTo function| bnpMultiplyTo function| bnpSquareTo function| bnpDivRemTo function| bnMod function| Classic function| cConvert function| cRevert function| cReduce function| cMulTo function| cSqrTo function| bnpInvDigit function| Montgomery function| montConvert function| montRevert function| montReduce function| montSqrTo function| montMulTo function| bnpIsEven function| bnpExp function| bnModPowInt function| Arcfour function| ARC4init function| ARC4next function| prng_newstate number| rng_psize object| rng_pool number| rng_pptr function| rng_seed_int function| rng_seed_time number| t function| rng_get_byte function| rng_get_bytes function| SecureRandom function| parseBigInt function| linebrk function| byte2Hex function| pkcs1pad2 function| RSAKey function| RSASetPublic function| RSADoPublic function| RSAEncrypt function| add function| MD5hex function| R1 function| R2 function| R3 function| R4 function| MD5 object| account1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
mail.mentech.com/ | Name: ds Value: 00 |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
mail.mentech.com
mimg.qiye.163.com
mimghz.qiye.163.com
103.129.255.238
2409:8c6a:b021:1400:0:3:0:47
000114f7ef19aac009b411eff3232439da5e89a7476248a8813b94e9c4cd7bc1
09e7fb9326ea92a21d2e4703ed5274db3e63652e90892761ae12e82ffc33eb66
22a3a07ec7f1cf1e74425f0b9f4fe090abb317d8655220cdb30bc23bf94b672e
54cce4207020984ff31f527bcc36000f12446bb286f859f32b1ed6d4fd1a4166
57f37271dc71a424614a1b51d7c9c95bc5d81ccc40588afb31f54689b46f8715
6913fe60c3be16d42565b2d97660c60423c6e4b088d5f5b4ce8d97772200f0c0
79488488398f5f5aed236dd6e9f914599370d04dfe70fda61b8c83bf739b1088
8c7c933589b7475336aedd38dcb4d47fd69b5f4e6a3f96de9cc6bcd16668ead6
93ed16cd24d6668ae2ec63f33e5456b31d940f4f22044f0298f5f553beca5b40
9680f628715e90308b15fe04893fa8494bd74b0aca1ab79889956aa29fc1d52f
9fbba19171af44efe31699786b016f8a3158560da6e846f5f8ab005a5a19a665
ab8567cf96f024c171a5bad2d97b8e23469e8a43ddcf29d508072c5d0bc640b4
c4d24f6b27cc7ceea56fbec786bb1f486fdad9a1f998f760f76d1f44671e105c
c885da4a8201d00d35da21db41ef3847353ad1ef6b9254e7991294bd796e6af5
c8a5ae04c0da8eb8002570c53870db9a5bb8ba1a5286cdba33e268f085a25f88
c948a51709e4f0bd4c7f0b6f21ed55286524e2b6c74efdb1969473cb40deccde
cf018496eb76bb111624b1a1f0ffc86ba179056b3e4dc5bd8d91b6e9b23813be
f47380a77de7dd452a0004c2282a1ffa5bb6270b1737a220934ca2ec9158f502
f93dc8fce9eb4b6b68c4bab1aed3d4964b704f46e29aa452ee72ab1d9752cbf9