106.52.247.30
Open in
urlscan Pro
106.52.247.30
Malicious Activity!
Public Scan
Submission: On June 14 via automatic, source urlhaus — Scanned from DE
Summary
This is the only time 106.52.247.30 was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Email (Online)Downloads These files were downloaded by the website
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
17 | 106.52.247.30 106.52.247.30 | 45090 (TENCENT-N...) (TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited) | |
17 | 1 |
ASN45090 (TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited, CN)
106.52.247.30 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
17 | 0 |
Domain | Requested by | |
---|---|---|
17 | 0 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.magicwinmail.com |
Subject Issuer | Validity | Valid |
---|
This page contains 2 frames:
Primary Page:
http://106.52.247.30:6080/
Frame ID: 430B36795ECA059887195548679123F5
Requests: 16 HTTP requests in this frame
Frame:
http://106.52.247.30:6080/help.scr
Frame ID: 56231763600CC364FBFC6B02EA771E7C
Requests: 1 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://106.52.247.30:6080/
HTTP 307
https://106.52.247.30:6080/ HTTP 307
http://106.52.247.30:6080/ Page URL
Detected technologies
jQuery (JavaScript Libraries) ExpandDetected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: Powered by Winmail Server
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://106.52.247.30:6080/
HTTP 307
https://106.52.247.30:6080/ HTTP 307
http://106.52.247.30:6080/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
17 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
106.52.247.30/ Redirect Chain
|
12 KB 13 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
base64.js
106.52.247.30/js/ |
4 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
webmail.css
106.52.247.30/css/default/ |
2 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.js
106.52.247.30/js/ |
95 KB 95 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.dialog.css
106.52.247.30/common/dialog/ |
1 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.dialog.js
106.52.247.30/common/dialog/ |
8 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
qrcode.js
106.52.247.30/js/ |
32 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.gif
106.52.247.30/customer/ |
4 KB 4 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index_winmail_new.gif
106.52.247.30/customer/ |
4 KB 5 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
l.gif
106.52.247.30/images/default/ |
766 B 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
b_02.gif
106.52.247.30/images/default/ |
59 B 397 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
qrcode.gif
106.52.247.30/images/ |
184 B 523 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
help.scr
106.52.247.30/ Frame 5623 |
0 0 |
Document
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
b_02.gif
106.52.247.30/images/default/ |
59 B 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index_bg2.jpg
106.52.247.30/customer/ |
63 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login_bg.gif
106.52.247.30/images/default/ |
3 KB 3 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bt_blue.gif
106.52.247.30/images/default/ |
2 KB 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Email (Online)17 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 undefined| event object| fence object| BASE64 function| $ function| jQuery function| QRCode function| contact function| encryptPwd function| getvalue function| selectLanguage function| lostUserFocus function| loginCheck function| getPwd function| qrcode function| keypress function| isPlaceholder4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
106.52.247.30/ | Name: magicwinmail_default_theme Value: default |
|
106.52.247.30/ | Name: magicwinmail_agent_type Value: pc |
|
106.52.247.30/ | Name: magicwinmail_default_language Value: ch_gb |
|
106.52.247.30/ | Name: magicwinmail_login_domain Value: gocomeb.com |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
106.52.247.30
07976ddf9f1472e5dc3dc18348342242039241311f0adcdacfba1f3a8b067704
226b6144cdb819eac26eadc929c7bd106af75fb21d0c1ac6ca4f6ba50f4c184d
2c1a4b3ccbe66f276fbe7ae87be71aa9c8744d61f42c9c2f32b81e84acff25a0
3aff0b9a0774dc199c2371382b6fc126dbb8638c95266e7e24559419b037c327
3e3836e16fd5f7ca5df9ea99dd040f6e4165025428916ba9d426cfc0967ad058
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
8469ccbe52adc70adb58c089ca488dbaf56f798d73eb0c719638fdd100bb06b3
905978bb7c2c1d23d5301d7788c24f79f00c350554f198b1b96b0682e345fafe
b18e3a01586028100f94278a882b60404ce1d5fea14b02269130cd5179c4f775
b4c3823d8ec3b9d662ac5a54fcc6521d6df8da6ae7df7b3735de00aeff922ef9
b6a026488e20b8cd6419beb893bd29b332ebd025aed4e854277693bb41fcbe81
e88b26d53061fa91ec08e8abb1abaaeb8415c89a7dd97fdcaa89a6d2e891fef2
ed24821b5dc76dbbbea283173cfe71a8a70767c53965b5a712023d759b3078e1
f1f68f942dc956746a5b898e7498d29e08d06a446adb4ed43cd4f97f0834231a