103.117.72.15
Open in
urlscan Pro
103.117.72.15
Malicious Activity!
Public Scan
Effective URL: https://103.117.72.15/5tlzdk11piisvqwnfx08.asp?5tlzdk11piisvqwnfx08
Submission: On April 02 via automatic, source openphish
Summary
TLS certificate: Issued by TrustAsia TLS RSA CA on March 25th 2021. Valid for: a year.
This is the only time 103.117.72.15 was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Apple (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 15 | 103.117.72.15 103.117.72.15 | 137443 (ANCHGLOBA...) (ANCHGLOBAL-AS-AP Anchnet Asia Limited) | |
1 | 104.109.70.123 104.109.70.123 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
15 | 3 |
ASN20940 (AKAMAI-ASN1, NL)
PTR: a104-109-70-123.deploy.static.akamaitechnologies.com
www.icloud.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
1 |
icloud.com
www.icloud.com |
|
15 | 1 |
Domain | Requested by | |
---|---|---|
1 | www.icloud.com |
103.117.72.15
|
15 | 1 |
This site contains links to these domains. Also see Links.
Domain |
---|
iforgot.apple.com |
www.apple.com |
www.apple.com.cn |
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.lphone.id-iosz.cn TrustAsia TLS RSA CA |
2021-03-25 - 2022-03-24 |
a year | crt.sh |
www.icloud.com DigiCert SHA2 Extended Validation Server CA-3 |
2020-07-02 - 2021-07-03 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://103.117.72.15/5tlzdk11piisvqwnfx08.asp?5tlzdk11piisvqwnfx08
Frame ID: 854CA9775A4E53B3C0FDC4C55A3B429C
Requests: 15 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://103.117.72.15/admail
HTTP 301
https://103.117.72.15/admail/ Page URL
-
https://103.117.72.15/index_dnacn.asp
HTTP 302
https://103.117.72.15/5tlzdk11piisvqwnfx08.asp?5tlzdk11piisvqwnfx08 Page URL
Detected technologies
Windows Server (Operating Systems) ExpandDetected patterns
- headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i
IIS (Web Servers) Expand
Detected patterns
- headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i
Page Statistics
5 Outgoing links
These are links going to different origins than the main page.
Title: 忘记了 Apple ID 或密码?
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: 系统状态
Search URL Search Domain Scan URL
Title: 隐私政策
Search URL Search Domain Scan URL
Title: 条款与条件
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://103.117.72.15/admail
HTTP 301
https://103.117.72.15/admail/ Page URL
-
https://103.117.72.15/index_dnacn.asp
HTTP 302
https://103.117.72.15/5tlzdk11piisvqwnfx08.asp?5tlzdk11piisvqwnfx08 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://103.117.72.15/admail HTTP 301
- https://103.117.72.15/admail/
15 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Cookie set
/
103.117.72.15/admail/ Redirect Chain
|
1 KB 904 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
Cookie set
5tlzdk11piisvqwnfx08.asp
103.117.72.15/ Redirect Chain
|
47 KB 18 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wzwstylel.css
103.117.72.15/Content/css/ |
2 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wzwbbb.css
103.117.72.15/Content/css/ |
863 B 729 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login.css
103.117.72.15/Content/css/ |
12 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-1.11.3.min.js
103.117.72.15/Content/Scripts/ |
94 KB 42 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wzwbg.png
103.117.72.15/Content/img/ |
211 KB 211 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.png
103.117.72.15/Content/img/ |
27 KB 27 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
packed-1.png
103.117.72.15/Content/img/ |
23 KB 23 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
stylesheet-1.png
103.117.72.15/Content/img/ |
33 KB 33 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wzwan.png
103.117.72.15/Content/img/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
HR_gradient_light.png
103.117.72.15/Content/img/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sf-pro-text_regular.woff2
103.117.72.15/Content/fonts/ |
3 KB 2 KB |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sf-pro-text_regular.woff
www.icloud.com/wss/fonts/SF-Pro-Text/v1/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
sf-pro-text_regular.ttf
www.icloud.com/wss/fonts/SF-Pro-Text/v1/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- www.icloud.com
- URL
- https://www.icloud.com/wss/fonts/SF-Pro-Text/v1/sf-pro-text_regular.ttf
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Apple (Online)21 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated function| XOR object| STR function| performPage string| strHTML function| $ function| jQuery function| myCheckbox function| checkform function| changesignin1 function| changesignin2 function| showpassword function| showloading0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
www.icloud.com
www.icloud.com
103.117.72.15
104.109.70.123
104f0f6b1697cb2b43671be9337e78b517550693c8bd4f85b2ba146126e43b3f
3a3214b501fe041d89edfae0ac654c684556aadaf2865f330bb8c3e194379bff
4101dce7d362b99dd6871cbd9bd68b5bcc6307236367f7125791ffeb64d61795
45d2c7a323518ebf73dad8742ef8622b70cdb766a11e5b6fdec0c664ca00b7d5
4b6dd2f5058afb571c10ebfda119e9d6283a77998b2b84785bdbfe38e3f3b18a
5f2e1ff82606b620ba956f23570281305159f08dc1eb098492f7432c5d59959a
6a19361b652e193a0acc2bbcda4a47ec51c23650647355d298637dd40edc3d5a
6d84d0c2a15358dc77d03a72b1482fe2ef1681ba203d7404c3d4bf997d61ef4a
910c60cd70ae62be03bc24940418f8a5f23db875272096e977b75c00ac159c32
b08baceee8b4f4cd11c5c067c15382ec1f98c631985fa2638b11a866456ea374
b3d98c4c8aa4055992854cedc838d36b8970d5c1c9030936d206d2dd31f44428
c386c766bde56cb556e10b5e81d075235220c43de2e6f398adc2ef4e98c83acf
ecb916133a9376911f10bc5c659952eb0031e457f5df367cde560edbfba38fb8