urlscan.io logo urlscan.io
SecurityTrails logo

recover-icloud.com Open in urlscan Pro
2606:4700:3030::ac43:a565  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://recover-icloud.com/
Effective URL: https://recover-icloud.com/username.php
Submission: On January 29 via api from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 4 HTTP transactions. The main IP is 2606:4700:3030::ac43:a565, located in United States and belongs to CLOUDFLARENET, US. The main domain is recover-icloud.com.
TLS certificate: Issued by E1 on January 27th 2024. Valid for: 3 months.
This is the only time recover-icloud.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Apple (Online) Generic Cloudflare (Online)

Domain & IP information

IP Address AS Autonomous System
2 6 2606:4700:303... 13335 (CLOUDFLAR...)
4 2
Apex Domain
Subdomains		 Transfer
6 recover-icloud.com
recover-icloud.com
85 KB
4 1
Domain Requested by
6 recover-icloud.com 2 redirects recover-icloud.com
4 1

This site contains links to these domains. Also see Links.

Domain
www.icloud.com
www.apple.com
Subject Issuer Validity Valid
recover-icloud.com
E1		 2024-01-27 -
2024-04-26		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://recover-icloud.com/username.php
Frame ID: 98B68EFBB78BC38FD14DE8B4C155228A
Requests: 9 HTTP requests in this frame

Frame: data://truncated
Frame ID: 6A4DF41968582EF8E29118FE8E0DEB6F
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

iCloud

Page URL History Show full URLs

  1. https://recover-icloud.com/ Page URL
  2. https://recover-icloud.com/cdn-cgi/phish-bypass?atok=xlS1Bp3NgYRSii.AXWh.XEgtfolLkOy9qnaKksmdAoo-170649... HTTP 301
    https://recover-icloud.com/ HTTP 302
    https://recover-icloud.com/username.php Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)

Page Statistics

4
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

93 kB
Transfer

346 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://recover-icloud.com/ Page URL
  2. https://recover-icloud.com/cdn-cgi/phish-bypass?atok=xlS1Bp3NgYRSii.AXWh.XEgtfolLkOy9qnaKksmdAoo-1706492196-0-%2F HTTP 301
    https://recover-icloud.com/ HTTP 302
    https://recover-icloud.com/username.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
recover-icloud.com/ 		4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://recover-icloud.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::ac43:a565 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d7ab9f620f70fdfe006b0adadc3617b26da459fab960fb2c858dc769b9c92bb5
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

cf-ray
84cdbec159f86aed-BUF
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Mon, 29 Jan 2024 01:36:36 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AB%2BgYBaIaZFmK8vFibTkj6hb29VQX7fdt0p2EmhJymWKqO5erQdIuKeTQJP0cTFHM2%2BXwPO9H5i99l6Ex2H4zKwxRjFcJmOKCNiImYsiFxF0cX%2BEJ1Od4a5vl8xLJjr3sNpq2I0A1ywpAYMDjS2UDRg%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
cf.errors.css
recover-icloud.com/cdn-cgi/styles/ 		24 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://recover-icloud.com/cdn-cgi/styles/cf.errors.css
Requested by
Host: recover-icloud.com
URL: https://recover-icloud.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::ac43:a565 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1103290e25ebda2712abe344a87facbac00ddaba712729be9fe5feef807bf91b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
en-US,en;q=0.9
Referer
https://recover-icloud.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Mon, 29 Jan 2024 01:36:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 26 Jan 2024 10:32:07 GMT
server
cloudflare
etag
W/"65b38a27-5e44"
x-frame-options
DENY
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=7200, public
cf-ray
84cdbec18a0b6aed-BUF
expires
Mon, 29 Jan 2024 03:36:36 GMT
icon-exclamation.png
recover-icloud.com/cdn-cgi/images/ 		452 B
540 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://recover-icloud.com/cdn-cgi/images/icon-exclamation.png?1376755637
Requested by
Host: recover-icloud.com
URL: https://recover-icloud.com/cdn-cgi/styles/cf.errors.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::ac43:a565 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
en-US,en;q=0.9
Referer
https://recover-icloud.com/cdn-cgi/styles/cf.errors.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Mon, 29 Jan 2024 01:36:36 GMT
x-content-type-options
nosniff
last-modified
Fri, 26 Jan 2024 10:32:07 GMT
server
cloudflare
etag
"65b38a27-1c4"
x-frame-options
DENY
vary
Accept-Encoding
content-type
image/png
cache-control
max-age=7200, public
accept-ranges
bytes
cf-ray
84cdbec1ca1e6aed-BUF
content-length
452
expires
Mon, 29 Jan 2024 03:36:36 GMT
Primary Request username.php
recover-icloud.com/
Redirect Chain
  • https://recover-icloud.com/cdn-cgi/phish-bypass?atok=xlS1Bp3NgYRSii.AXWh.XEgtfolLkOy9qnaKksmdAoo-1706492196-0-%2F
  • https://recover-icloud.com/
  • https://recover-icloud.com/username.php
282 KB
77 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://recover-icloud.com/username.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::ac43:a565 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/8.0.28
Resource Hash
bbc4b480c3830b7df13e065290aafaadd537f36cabc29ec58e2596b4a5af310d

Request headers

Referer
https://recover-icloud.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
84cdbedd5ff06aed-BUF
content-encoding
br
content-type
text/html; charset=UTF-8
date
Mon, 29 Jan 2024 01:36:40 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BWqflTmAd7t103ih34JgcfVxK0HLkAl2sGynhhcHTVRO7UmR59Rb167H%2Fq057pjZS2v29bsYtX7L%2BMVoIb5Iu5%2BjK2oVmLUUswDrgYtu6%2BvdHux3OjzFuibIL%2BZeJdpZatDU016sWDd47Uo0nVLQNJE%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
PHP/8.0.28

Redirect headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
84cdbeda3f106aed-BUF
content-type
text/html; charset=UTF-8
date
Mon, 29 Jan 2024 01:36:40 GMT
location
username.php
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Uw%2Fdt7SJCIBOrFU5uGTYeYA9nJpTIpfZOoHF0gUu5cR2NkjtdBLefU2CMciN8mWZCsNtu5PluDu7LMEOXwsBKC0VflhSgguJDHY3oiwU%2B8mNhm8nlPMZLfafDAAP2eP7OHsQo9mclxx%2F54rntFXACyg%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
PHP/8.0.28
truncated
/ 		8 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
276618038f0474681826eed2cd12fae281387deaba057cee6dea869ecb8d292f

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ Frame 6A4D 		9 KB
9 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6de3580fdeace0ff74927b2449e34587dd0b2a03c7711cf0087925e25429efe3

Request headers

Referer
Origin
https://recover-icloud.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type
application/x-font-woff
truncated
/ 		884 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c7037d9b702f2a33c79588eb11c56b0333d283802a5786372c18d58184854017

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		8 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8815436f1605c853987b40bb1fd16cc13999f7e7bd0f830f78c030fcfd9da430

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		9 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
147d15ed329374ff3394977ab23641694f17a3567ec0c0c7838ca6ee59a26176

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		661 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
446c4fde5ecf439bfed24e9704de915bdc7b0d06b4e8a6c5c7eb6493e06f4a37

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type
image/svg+xml

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Apple (Online) Generic Cloudflare (Online)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1

1 Cookies

Domain/Path Name / Value
.recover-icloud.com/ Name: __cf_mw_byp
Value: xlS1Bp3NgYRSii.AXWh.XEgtfolLkOy9qnaKksmdAoo-1706492196-0-/

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Frame-Options SAMEORIGIN