itunes.verification.compte.sovsales.co.za Open in urlscan Pro
129.232.228.74  Malicious Activity! Public Scan

URL: http://itunes.verification.compte.sovsales.co.za/itunes/form/
Submission Tags: @ipnigh
Submission: On September 30 via api from GB

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 4 HTTP transactions. The main IP is 129.232.228.74, located in South Africa and belongs to xneelo, ZA. The main domain is itunes.verification.compte.sovsales.co.za.
This is the only time itunes.verification.compte.sovsales.co.za was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: iTunes Connect (Online)

Domain & IP information

IP Address AS Autonomous System
2 129.232.228.74 37153 (xneelo)
1 3 23.5.105.169 16625 (AKAMAI-AS)
4 2
Apex Domain
Subdomains
Transfer
3 apple.com
itunesconnect.apple.com
8 KB
2 sovsales.co.za
itunes.verification.compte.sovsales.co.za
18 KB
4 2
Domain Requested by
3 itunesconnect.apple.com 1 redirects itunes.verification.compte.sovsales.co.za
2 itunes.verification.compte.sovsales.co.za itunes.verification.compte.sovsales.co.za
4 2

This site contains links to these domains. Also see Links.

Domain
www.apple.com
Subject Issuer Validity Valid
itunesconnect.apple.com
DigiCert SHA2 Extended Validation Server CA
2019-02-14 -
2020-02-26
a year crt.sh

This page contains 1 frames:

Primary Page: http://itunes.verification.compte.sovsales.co.za/itunes/form/
Frame ID: 77F39AD91E9BBFB91C6BFC729D0B3DD3
Requests: 4 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i

Page Statistics

4
Requests

50 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

26 kB
Transfer

23 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 2
  • http://itunesconnect.apple.com/itc/images/link-arrow-tiny.png HTTP 301
  • https://itunesconnect.apple.com/itc/images/link-arrow-tiny.png

4 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
itunes.verification.compte.sovsales.co.za/itunes/form/
13 KB
14 KB
Document
General
Full URL
http://itunes.verification.compte.sovsales.co.za/itunes/form/
Protocol
HTTP/1.1
Server
129.232.228.74 , South Africa, ASN37153 (xneelo, ZA),
Reverse DNS
chs18.ampledns.com
Software
Apache /
Resource Hash
c288da2e1774aff9e7e3f28aac7e64e22a73bc5f6437020960724a70d0c43716

Request headers

Host
itunes.verification.compte.sovsales.co.za
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 30 Sep 2019 13:24:12 GMT
Server
Apache
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
style.css
itunes.verification.compte.sovsales.co.za/itunes/form/css/
4 KB
4 KB
Stylesheet
General
Full URL
http://itunes.verification.compte.sovsales.co.za/itunes/form/css/style.css
Requested by
Host: itunes.verification.compte.sovsales.co.za
URL: http://itunes.verification.compte.sovsales.co.za/itunes/form/
Protocol
HTTP/1.1
Server
129.232.228.74 , South Africa, ASN37153 (xneelo, ZA),
Reverse DNS
chs18.ampledns.com
Software
Apache /
Resource Hash
49dce346ebfa84fa7b02dd0d30313100e9d96ba8970e659d2de467a479000aad

Request headers

Referer
http://itunes.verification.compte.sovsales.co.za/itunes/form/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 30 Sep 2019 13:24:13 GMT
Last-Modified
Mon, 26 Nov 2012 21:01:40 GMT
Server
Apache
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
3816
itc-masthead.png
itunesconnect.apple.com/itc/images/
6 KB
7 KB
Image
General
Full URL
https://itunesconnect.apple.com/itc/images/itc-masthead.png
Requested by
Host: itunes.verification.compte.sovsales.co.za
URL: http://itunes.verification.compte.sovsales.co.za/itunes/form/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.5.105.169 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-5-105-169.deploy.static.akamaitechnologies.com
Software
daiquiri/3.0.0 /
Resource Hash
129a97f9b2716d52599ce5a4c20113b0302d6ebeb5d0ba81e1798afb8947e069
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
http://itunes.verification.compte.sovsales.co.za/itunes/form/css/style.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

X-Apple-Jingle-Correlation-Key
X2ZNXIOPDBITOPHXORO3B2S5
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Encoding
gzip
X-Responding-Instance
silverbullet-external:3031:mr28p00it-ztdg08102401:8300:19J10
X-Apple-Version-Number
git-b731992
x-daiquiri-instance
daiquiri:15887002:mr85p00it-hyhk04103901:7987:19M24, daiquiri:38493002:pv50p00it-hyhk10063901:7987:19M24
X-Apple-Request-UUID
beb2dba1-cf18-5137-3cf7-745db0ea5d
Connection
keep-alive
Content-Length
5975
X-XSS-Protection
1; mode=block
apple-tk
false
Last-Modified
Wed, 25 Sep 2019 22:15:54 GMT
Server
daiquiri/3.0.0
apple-seq
0.0
x-frame-options
SAMEORIGIN
Date
Mon, 30 Sep 2019 13:24:13 GMT
Apple-Originating-System
UnknownOriginatingSystem
Vary
Accept-Encoding
Content-Type
image/png
Cache-Control
max-age=72154
ETag
13cba5d2ecba6f7d84c6960eab9e8388
link-arrow-tiny.png
itunesconnect.apple.com/itc/images/
Redirect Chain
  • http://itunesconnect.apple.com/itc/images/link-arrow-tiny.png
  • https://itunesconnect.apple.com/itc/images/link-arrow-tiny.png
90 B
1023 B
Image
General
Full URL
https://itunesconnect.apple.com/itc/images/link-arrow-tiny.png
Requested by
Host: itunes.verification.compte.sovsales.co.za
URL: http://itunes.verification.compte.sovsales.co.za/itunes/form/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.5.105.169 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-5-105-169.deploy.static.akamaitechnologies.com
Software
daiquiri/3.0.0 /
Resource Hash
63bd5a7cf21f8d4f564f8d9f533d914263e5aff3899e42de814da2b4e173a84e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://itunes.verification.compte.sovsales.co.za/itunes/form/css/style.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

X-Apple-Jingle-Correlation-Key
JFXRTJDATS3TJSTYEYMGEFSV
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Encoding
gzip
X-Responding-Instance
silverbullet-external:3012:mr28p00it-ztdg08092401:8301:19J10
X-Apple-Version-Number
git-b731992
x-daiquiri-instance
daiquiri:15887002:mr85p00it-hyhk04103901:7987:19M24, daiquiri:38493002:pv50p00it-hyhk10063901:7987:19M24
X-Apple-Request-UUID
496f19a4-609c-b734-ca78-2618621655
Connection
keep-alive
Content-Length
104
X-XSS-Protection
1; mode=block
apple-tk
false
Last-Modified
Wed, 25 Sep 2019 22:15:54 GMT
Server
daiquiri/3.0.0
apple-seq
0.0
x-frame-options
SAMEORIGIN
Date
Mon, 30 Sep 2019 13:24:18 GMT
Apple-Originating-System
UnknownOriginatingSystem
Vary
Accept-Encoding
Content-Type
image/png
Cache-Control
max-age=72223
ETag
996d7d735fcaa528df6d38f8ac15dce3

Redirect headers

Location
https://itunesconnect.apple.com/itc/images/link-arrow-tiny.png
Date
Mon, 30 Sep 2019 13:24:18 GMT
Server
AkamaiGHost
Connection
keep-alive
Content-Length
0

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: iTunes Connect (Online)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| valider

0 Cookies