www.itunes.app-xs.cn
Open in
urlscan Pro
116.89.241.223
Malicious Activity!
Public Scan
Effective URL: https://www.itunes.app-xs.cn/tn9mouk6rtajex0xn7mp.asp?tn9mouk6rtajex0xn7mp
Submission: On April 22 via automatic, source certstream-suspicious
Summary
TLS certificate: Issued by Encryption Everywhere DV TLS CA - G1 on April 22nd 2020. Valid for: a year.
This is the only time www.itunes.app-xs.cn was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Apple (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 16 | 116.89.241.223 116.89.241.223 | 137443 (ANCHGLOBA...) (ANCHGLOBAL-AS-AP Anchnet Asia Limited) | |
1 | 23.36.232.119 23.36.232.119 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
16 | 3 |
ASN137443 (ANCHGLOBAL-AS-AP Anchnet Asia Limited, HK)
www.itunes.app-xs.cn |
ASN16625 (AKAMAI-AS, US)
PTR: a23-36-232-119.deploy.static.akamaitechnologies.com
www.icloud.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
16 |
app-xs.cn
2 redirects
www.itunes.app-xs.cn |
366 KB |
1 |
icloud.com
www.icloud.com |
|
16 | 2 |
Domain | Requested by | |
---|---|---|
16 | www.itunes.app-xs.cn |
2 redirects
www.itunes.app-xs.cn
|
1 | www.icloud.com |
www.itunes.app-xs.cn
|
16 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
iforgot.apple.com |
www.apple.com |
www.apple.com.cn |
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.itunes.app-xs.cn Encryption Everywhere DV TLS CA - G1 |
2020-04-22 - 2021-04-22 |
a year | crt.sh |
www.icloud.com DigiCert SHA2 Extended Validation Server CA |
2019-07-17 - 2020-08-05 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.itunes.app-xs.cn/tn9mouk6rtajex0xn7mp.asp?tn9mouk6rtajex0xn7mp
Frame ID: 139B262666BAF0BB9BD9C85EA37C4BCE
Requests: 16 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://www.itunes.app-xs.cn/ Page URL
-
https://www.itunes.app-xs.cn/admail
HTTP 301
https://www.itunes.app-xs.cn/admail/ Page URL
-
https://www.itunes.app-xs.cn/index_dnacn.asp
HTTP 302
https://www.itunes.app-xs.cn/tn9mouk6rtajex0xn7mp.asp?tn9mouk6rtajex0xn7mp Page URL
Detected technologies
Windows Server (Operating Systems) ExpandDetected patterns
- headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i
IIS (Web Servers) Expand
Detected patterns
- headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i
Page Statistics
5 Outgoing links
These are links going to different origins than the main page.
Title: 忘记了 Apple ID 或密码?
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: 系统状态
Search URL Search Domain Scan URL
Title: 隐私政策
Search URL Search Domain Scan URL
Title: 条款与条件
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://www.itunes.app-xs.cn/ Page URL
-
https://www.itunes.app-xs.cn/admail
HTTP 301
https://www.itunes.app-xs.cn/admail/ Page URL
-
https://www.itunes.app-xs.cn/index_dnacn.asp
HTTP 302
https://www.itunes.app-xs.cn/tn9mouk6rtajex0xn7mp.asp?tn9mouk6rtajex0xn7mp Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 1- https://www.itunes.app-xs.cn/admail HTTP 301
- https://www.itunes.app-xs.cn/admail/
16 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Cookie set
/
www.itunes.app-xs.cn/ |
1 KB 897 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Cookie set
/
www.itunes.app-xs.cn/admail/ Redirect Chain
|
1 KB 904 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
Cookie set
tn9mouk6rtajex0xn7mp.asp
www.itunes.app-xs.cn/ Redirect Chain
|
47 KB 18 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wzwstylel.css
www.itunes.app-xs.cn/Content/css/ |
2 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wzwbbb.css
www.itunes.app-xs.cn/Content/css/ |
863 B 729 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login.css
www.itunes.app-xs.cn/Content/css/ |
12 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-1.11.3.min.js
www.itunes.app-xs.cn/Content/Scripts/ |
94 KB 42 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wzwbg.png
www.itunes.app-xs.cn/Content/img/ |
211 KB 211 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.png
www.itunes.app-xs.cn/Content/img/ |
27 KB 27 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
packed-1.png
www.itunes.app-xs.cn/Content/img/ |
23 KB 23 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
stylesheet-1.png
www.itunes.app-xs.cn/Content/img/ |
33 KB 33 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wzwan.png
www.itunes.app-xs.cn/Content/img/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sf-pro-text_regular.woff2
www.itunes.app-xs.cn/Content/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
HR_gradient_light.png
www.itunes.app-xs.cn/Content/img/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sf-pro-text_regular.woff
www.icloud.com/wss/fonts/SF-Pro-Text/v1/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
sf-pro-text_regular.ttf
www.icloud.com/wss/fonts/SF-Pro-Text/v1/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- www.icloud.com
- URL
- https://www.icloud.com/wss/fonts/SF-Pro-Text/v1/sf-pro-text_regular.ttf
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Apple (Online)14 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| XOR object| STR function| performPage string| strHTML function| $ function| jQuery function| myCheckbox function| checkform function| changesignin1 function| changesignin2 function| showpassword function| showloading0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
www.icloud.com
www.itunes.app-xs.cn
www.icloud.com
116.89.241.223
23.36.232.119
104f0f6b1697cb2b43671be9337e78b517550693c8bd4f85b2ba146126e43b3f
3a3214b501fe041d89edfae0ac654c684556aadaf2865f330bb8c3e194379bff
4101dce7d362b99dd6871cbd9bd68b5bcc6307236367f7125791ffeb64d61795
45d2c7a323518ebf73dad8742ef8622b70cdb766a11e5b6fdec0c664ca00b7d5
4b6dd2f5058afb571c10ebfda119e9d6283a77998b2b84785bdbfe38e3f3b18a
5f2e1ff82606b620ba956f23570281305159f08dc1eb098492f7432c5d59959a
6a19361b652e193a0acc2bbcda4a47ec51c23650647355d298637dd40edc3d5a
910c60cd70ae62be03bc24940418f8a5f23db875272096e977b75c00ac159c32
b08baceee8b4f4cd11c5c067c15382ec1f98c631985fa2638b11a866456ea374
b3d98c4c8aa4055992854cedc838d36b8970d5c1c9030936d206d2dd31f44428
c386c766bde56cb556e10b5e81d075235220c43de2e6f398adc2ef4e98c83acf
c5e273ccb105e8fdd861167af85891e5f843a0b326fab2a77e5202910a5f2dd6
ecb916133a9376911f10bc5c659952eb0031e457f5df367cde560edbfba38fb8