www.iforgot.apple.mthyx.cn Open in urlscan Pro
116.89.242.131 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.iforgot.apple.mthyx.cn/
Effective URL:
https://www.iforgot.apple.mthyx.cn/y
Submission: On June 04 via automatic, source certstream-suspicious (June 4th 2020, 7:22:28 am UTC)

Summary HTTP 20 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 20 HTTP transactions. The main IP is 116.89.242.131, located in China and belongs to ANCHGLOBAL-AS-AP Anchnet Asia Limited, HK. The main domain is www.iforgot.apple.mthyx.cn.
TLS certificate: Issued by TrustAsia TLS RSA CA on June 4th 2020. Valid for: a year.

This is the only time www.iforgot.apple.mthyx.cn was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Apple (Online)

Domain & IP information

	IP Address		AS Autonomous System
1 15	116.89.242.131 116.89.242.131		137443 (ANCHGLOBA...) (ANCHGLOBAL-AS-AP Anchnet Asia Limited)
20	2

15 116.89.242.131 (China) 1 redirects

ASN137443 (ANCHGLOBAL-AS-AP Anchnet Asia Limited, HK)

www.iforgot.apple.mthyx.cn	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
15	mthyx.cn 1 redirects www.iforgot.apple.mthyx.cn	1 MB
0	icloud.com Failed www.icloud.com Failed
20	2

	Domain	Requested by
15	www.iforgot.apple.mthyx.cn	1 redirects www.iforgot.apple.mthyx.cn
0	www.icloud.com Failed	www.iforgot.apple.mthyx.cn
20	2

This site contains links to these domains. Also see Links.

Domain
www.icloud.com
www.apple.com

Subject Issuer	Validity	Valid
www.iforgot.apple.mthyx.cn TrustAsia TLS RSA CA	`2020-06-04` - `2021-06-05`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://www.iforgot.apple.mthyx.cn/y
Frame ID: CEF9F36940C4237D6A9CABD564BCDA30
Requests: 14 HTTP requests in this frame

Frame: https://www.iforgot.apple.mthyx.cn/icloudsignin
Frame ID: E0F30CF7B86BE0DE4F615AA30E59023B
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://www.iforgot.apple.mthyx.cn/ HTTP 302
https://www.iforgot.apple.mthyx.cn/y Page URL

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

20
Requests

70 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

1090 kB
Transfer

1952 kB
Size

0
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://www.icloud.com/
Title: 创建 AppleID

Search URL Search Domain Scan URL

URL: https://www.apple.com/cn/support/systemstatus/
Title: 系统状态

Search URL Search Domain Scan URL

URL: https://www.apple.com/cn/privacy/
Title: 隐私政策

Search URL Search Domain Scan URL

URL: https://www.apple.com/legal/icloud/ww/
Title: 条款与条件

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.iforgot.apple.mthyx.cn/ HTTP 302
https://www.iforgot.apple.mthyx.cn/y Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 14

blob://https://www.icloud.com/92e2039e-c938-4419-ac9c-7b581990f556 HTTP 0
blob://https://www.icloud.com/92e2039e-c938-4419-ac9c-7b581990f556 HTTP 0
blob://https://www.icloud.com/92e2039e-c938-4419-ac9c-7b581990f556 HTTP 0
blob://https://www.icloud.com/92e2039e-c938-4419-ac9c-7b581990f556

20 HTTP transactions
2 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request y Show response www.iforgot.apple.mthyx.cn/ Redirect Chain https://www.iforgot.apple.mthyx.cn/ https://www.iforgot.apple.mthyx.cn/y	37 KB 10 KB	380ms 379ms	Document text/html	116.89.242.131 ANCHGLOBAL-AS-AP ...
General Check archive.org Show headers Download Go to Full URL https://www.iforgot.apple.mthyx.cn/y Protocol H2 Security TLS 1.3, , AES_256_GCM Server 116.89.242.131 , China, ASN137443 (ANCHGLOBAL-AS-AP Anchnet Asia Limited, HK), Reverse DNS Software nginx / Resource Hash `602f39e565f9cc1bd096607bfe7a5008f5a3dd77838d943c81cb76bedb188055` Request headers :method GET :authority www.iforgot.apple.mthyx.cn :scheme https :path /y pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US cookie PHPSESSID=iqoatel0dp570ju8497ul5k0sg Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers status 200 server nginx date Thu, 04 Jun 2020 07:21:51 GMT content-type text/html; charset=utf-8 vary Accept-Encoding access-control-allow-origin * access-control-allow-method * access-control-allow-headers * access-control-expose-headers * expires Thu, 19 Nov 1981 08:52:00 GMT cache-control no-store, no-cache, must-revalidate pragma no-cache content-encoding gzip Redirect headers status 302 server nginx date Thu, 04 Jun 2020 07:21:51 GMT content-type text/html; charset=utf-8 access-control-allow-origin * access-control-allow-method * access-control-allow-headers * access-control-expose-headers * set-cookie PHPSESSID=iqoatel0dp570ju8497ul5k0sg; path=/; HttpOnly expires Thu, 19 Nov 1981 08:52:00 GMT pragma no-cache cache-control no-cache,must-revalidate location /y
GET H2	200	main.css www.iforgot.apple.mthyx.cn/html/iCloud/css/	280 KB 38 KB	318ms 317ms	Stylesheet text/css	116.89.242.131 ANCHGLOBAL-AS-AP ...
General Check archive.org Show headers Download Go to Full URL https://www.iforgot.apple.mthyx.cn/html/iCloud/css/main.css Requested by Host: www.iforgot.apple.mthyx.cn URL: https://www.iforgot.apple.mthyx.cn/y Protocol H2 Security TLS 1.3, , AES_256_GCM Server 116.89.242.131 , China, ASN137443 (ANCHGLOBAL-AS-AP Anchnet Asia Limited, HK), Reverse DNS Software nginx / Resource Hash `1b79ed9c9738c2287af025063485b9c52bd55fdbcad28b293f5dc128e206b24c` Request headers Referer https://www.iforgot.apple.mthyx.cn/y User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 04 Jun 2020 07:21:52 GMT content-encoding gzip last-modified Tue, 22 Oct 2019 05:07:21 GMT server nginx etag W/"5dae8e89-45e7f" vary Accept-Encoding content-type text/css status 200 cache-control max-age=43200 expires Thu, 04 Jun 2020 19:21:52 GMT
GET H2	200	r$__16.png www.iforgot.apple.mthyx.cn/html/iCloud/img/	25 KB 25 KB	661ms 661ms	Image image/png	116.89.242.131 ANCHGLOBAL-AS-AP ...
General Check archive.org Show headers Download Go to Show image Full URL https://www.iforgot.apple.mthyx.cn/html/iCloud/img/r$__16.png Requested by Host: www.iforgot.apple.mthyx.cn URL: https://www.iforgot.apple.mthyx.cn/y Protocol H2 Security TLS 1.3, , AES_256_GCM Server 116.89.242.131 , China, ASN137443 (ANCHGLOBAL-AS-AP Anchnet Asia Limited, HK), Reverse DNS Software nginx / Resource Hash `dbc9f6c349d47d83a47dbe77613d742527516e6ae08510bc67655191867a864f` Request headers Referer https://www.iforgot.apple.mthyx.cn/y User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 04 Jun 2020 07:21:52 GMT last-modified Tue, 22 Oct 2019 05:07:21 GMT server nginx etag "5dae8e89-64f4" content-type image/png status 200 cache-control max-age=2592000 accept-ranges bytes content-length 25844 expires Sat, 04 Jul 2020 07:21:52 GMT
GET DATA	200 OK	truncated /	5 KB 0		Stylesheet text/css
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `320ea3b5e7afea1320fdd9de9589f0665b9931205a69f3fc516b2826fd1d6d19` Request headers Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Content-Type text/css
GET H2	200	icloudsignin Show response www.iforgot.apple.mthyx.cn/ Frame E0F3	40 KB 28 KB	1227ms 1227ms	Document text/html	116.89.242.131 ANCHGLOBAL-AS-AP ...
General Check archive.org Show headers Download Go to Full URL https://www.iforgot.apple.mthyx.cn/icloudsignin Requested by Host: www.iforgot.apple.mthyx.cn URL: https://www.iforgot.apple.mthyx.cn/y Protocol H2 Security TLS 1.3, , AES_256_GCM Server 116.89.242.131 , China, ASN137443 (ANCHGLOBAL-AS-AP Anchnet Asia Limited, HK), Reverse DNS Software nginx / Resource Hash `f508650a477a23d635aceb920c089b9eb1ae2b151f07fbd0bdacf3160a6fce96` Request headers :method GET :authority www.iforgot.apple.mthyx.cn :scheme https :path /icloudsignin pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site same-origin sec-fetch-mode navigate sec-fetch-dest iframe referer https://www.iforgot.apple.mthyx.cn/y accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer https://www.iforgot.apple.mthyx.cn/y Response headers status 200 server nginx date Thu, 04 Jun 2020 07:21:52 GMT content-type text/html; charset=utf-8 vary Accept-Encoding access-control-allow-origin * access-control-allow-method * access-control-allow-headers * access-control-expose-headers * content-encoding gzip
GET		92e2039e-c938-4419-ac9c-7b581990f556 https://www.icloud.com/	0 0

GET H2	200	SFNSDisplay-Semibold.woff www.iforgot.apple.mthyx.cn/html/iCloud/font/	215 KB 216 KB	326ms 326ms	Font font/woff	116.89.242.131 ANCHGLOBAL-AS-AP ...
General Check archive.org Show headers Download Go to Full URL https://www.iforgot.apple.mthyx.cn/html/iCloud/font/SFNSDisplay-Semibold.woff Requested by Host: www.iforgot.apple.mthyx.cn URL: https://www.iforgot.apple.mthyx.cn/y Protocol H2 Security TLS 1.3, , AES_256_GCM Server 116.89.242.131 , China, ASN137443 (ANCHGLOBAL-AS-AP Anchnet Asia Limited, HK), Reverse DNS Software nginx / Resource Hash `1e903559463abcbcd75f7b61f88e60a6a267415ef1fc14efeac88261b4d78318` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer https://www.iforgot.apple.mthyx.cn/html/iCloud/css/main.css Origin https://www.iforgot.apple.mthyx.cn Response headers date Thu, 04 Jun 2020 07:21:52 GMT last-modified Tue, 22 Oct 2019 05:07:21 GMT server nginx etag "5dae8e89-35c9c" content-type font/woff status 200 accept-ranges bytes content-length 220316
GET H2	200	SFNSText-Medium.woff www.iforgot.apple.mthyx.cn/html/iCloud/font/	210 KB 210 KB	1217ms 1217ms	Font font/woff	116.89.242.131 ANCHGLOBAL-AS-AP ...
General Check archive.org Show headers Download Go to Full URL https://www.iforgot.apple.mthyx.cn/html/iCloud/font/SFNSText-Medium.woff Requested by Host: www.iforgot.apple.mthyx.cn URL: https://www.iforgot.apple.mthyx.cn/y Protocol H2 Security TLS 1.3, , AES_256_GCM Server 116.89.242.131 , China, ASN137443 (ANCHGLOBAL-AS-AP Anchnet Asia Limited, HK), Reverse DNS Software nginx / Resource Hash `6a2583a6d3fd8564dda4ac2a5ae4a8798d3af6df68718743397ff39111485123` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer https://www.iforgot.apple.mthyx.cn/html/iCloud/css/main.css Origin https://www.iforgot.apple.mthyx.cn Response headers date Thu, 04 Jun 2020 07:21:52 GMT last-modified Tue, 22 Oct 2019 05:07:21 GMT server nginx etag "5dae8e89-347a8" content-type font/woff status 200 accept-ranges bytes content-length 214952
GET H2	200	SFNSText-Regular.woff www.iforgot.apple.mthyx.cn/html/iCloud/font/	176 KB 176 KB	1217ms 1216ms	Font font/woff	116.89.242.131 ANCHGLOBAL-AS-AP ...
General Check archive.org Show headers Download Go to Full URL https://www.iforgot.apple.mthyx.cn/html/iCloud/font/SFNSText-Regular.woff Requested by Host: www.iforgot.apple.mthyx.cn URL: https://www.iforgot.apple.mthyx.cn/y Protocol H2 Security TLS 1.3, , AES_256_GCM Server 116.89.242.131 , China, ASN137443 (ANCHGLOBAL-AS-AP Anchnet Asia Limited, HK), Reverse DNS Software nginx / Resource Hash `1e31de8591163047c24af00b651123b5417cb4cb5a94068ca8e091d58fad432f` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer https://www.iforgot.apple.mthyx.cn/html/iCloud/css/main.css Origin https://www.iforgot.apple.mthyx.cn Response headers date Thu, 04 Jun 2020 07:21:52 GMT last-modified Tue, 22 Oct 2019 05:07:21 GMT server nginx etag "5dae8e89-2bf9c" content-type font/woff status 200 accept-ranges bytes content-length 180124
GET H2	200	SFNSText-Light.woff www.iforgot.apple.mthyx.cn/html/iCloud/font/	210 KB 211 KB	1216ms 1216ms	Font font/woff	116.89.242.131 ANCHGLOBAL-AS-AP ...
General Check archive.org Show headers Download Go to Full URL https://www.iforgot.apple.mthyx.cn/html/iCloud/font/SFNSText-Light.woff Requested by Host: www.iforgot.apple.mthyx.cn URL: https://www.iforgot.apple.mthyx.cn/y Protocol H2 Security TLS 1.3, , AES_256_GCM Server 116.89.242.131 , China, ASN137443 (ANCHGLOBAL-AS-AP Anchnet Asia Limited, HK), Reverse DNS Software nginx / Resource Hash `635cebe91454ae2d5a03a25d6ae73692273a942e4fcb89badcba1fb606d0f6ad` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer https://www.iforgot.apple.mthyx.cn/html/iCloud/css/main.css Origin https://www.iforgot.apple.mthyx.cn Response headers date Thu, 04 Jun 2020 07:21:52 GMT last-modified Tue, 22 Oct 2019 05:07:21 GMT server nginx etag "5dae8e89-34920" content-type font/woff status 200 accept-ranges bytes content-length 215328
GET H2	200	fonts www.iforgot.apple.mthyx.cn/html/iCloud/css/ Frame E0F3	18 KB 18 KB	3491ms 3490ms	Stylesheet application/octet-stream	116.89.242.131 ANCHGLOBAL-AS-AP ...
General Check archive.org Show headers Download Go to Full URL https://www.iforgot.apple.mthyx.cn/html/iCloud/css/fonts Requested by Host: www.iforgot.apple.mthyx.cn URL: https://www.iforgot.apple.mthyx.cn/icloudsignin Protocol H2 Security TLS 1.3, , AES_256_GCM Server 116.89.242.131 , China, ASN137443 (ANCHGLOBAL-AS-AP Anchnet Asia Limited, HK), Reverse DNS Software nginx / Resource Hash `2c506ef11296ef02ae329b467553ef48594167bfea44b5ac68272be2ee371d92` Request headers Referer https://www.iforgot.apple.mthyx.cn/icloudsignin User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 04 Jun 2020 07:21:53 GMT last-modified Tue, 22 Oct 2019 05:07:21 GMT server nginx etag "5dae8e89-4780" content-type application/octet-stream status 200 accept-ranges bytes content-length 18304
GET H2	200	app.css www.iforgot.apple.mthyx.cn/html/iCloud/css/ Frame E0F3	425 KB 51 KB	3491ms 3490ms	Stylesheet text/css	116.89.242.131 ANCHGLOBAL-AS-AP ...
General Check archive.org Show headers Download Go to Full URL https://www.iforgot.apple.mthyx.cn/html/iCloud/css/app.css Requested by Host: www.iforgot.apple.mthyx.cn URL: https://www.iforgot.apple.mthyx.cn/icloudsignin Protocol H2 Security TLS 1.3, , AES_256_GCM Server 116.89.242.131 , China, ASN137443 (ANCHGLOBAL-AS-AP Anchnet Asia Limited, HK), Reverse DNS Software nginx / Resource Hash `28081adeb867875a60f8736833be4991db13f076408efc8391d2e6c068ca03c9` Request headers Referer https://www.iforgot.apple.mthyx.cn/icloudsignin User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 04 Jun 2020 07:21:53 GMT content-encoding gzip last-modified Tue, 22 Oct 2019 05:07:21 GMT server nginx etag W/"5dae8e89-6a4a3" vary Accept-Encoding content-type text/css status 200 cache-control max-age=43200 expires Thu, 04 Jun 2020 19:21:53 GMT
GET H2	200	jquery.js Show response www.iforgot.apple.mthyx.cn/html/apple/js/ Frame E0F3	276 KB 96 KB	5463ms 5463ms	Script application/javascript	116.89.242.131 ANCHGLOBAL-AS-AP ...
General Check archive.org Show headers Download Go to Full URL https://www.iforgot.apple.mthyx.cn/html/apple/js/jquery.js Requested by Host: www.iforgot.apple.mthyx.cn URL: https://www.iforgot.apple.mthyx.cn/icloudsignin Protocol H2 Security TLS 1.3, , AES_256_GCM Server 116.89.242.131 , China, ASN137443 (ANCHGLOBAL-AS-AP Anchnet Asia Limited, HK), Reverse DNS Software nginx / Resource Hash `3029834a820c79c154c377f52e2719fc3ff2a27600a07ae089ea7fde9087f6bc` Request headers Referer https://www.iforgot.apple.mthyx.cn/icloudsignin User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 04 Jun 2020 07:21:53 GMT content-encoding gzip last-modified Tue, 22 Oct 2019 05:07:21 GMT server nginx etag W/"5dae8e89-4508e" vary Accept-Encoding content-type application/javascript status 200 cache-control max-age=43200 expires Thu, 04 Jun 2020 19:21:53 GMT
GET DATA	200 OK	truncated / Frame E0F3	24 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `c382f99f49158456a7b367b9a1a96fe0702e996b2cb5daec67cad7e1b8f5b02c` Request headers Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Content-Type image/png
GET		92e2039e-c938-4419-ac9c-7b581990f556 https://www.icloud.com/	0 0

GET		92e2039e-c938-4419-ac9c-7b581990f556 https://www.icloud.com/ Redirect Chain blob:https://www.icloud.com/92e2039e-c938-4419-ac9c-7b581990f556 blob:https://www.icloud.com/92e2039e-c938-4419-ac9c-7b581990f556 blob:https://www.icloud.com/92e2039e-c938-4419-ac9c-7b581990f556 blob:https://www.icloud.com/92e2039e-c938-4419-ac9c-7b581990f556	0 0

GET		92e2039e-c938-4419-ac9c-7b581990f556 https://www.icloud.com/	0 0

GET H2	200	HR_gradient_dark.png www.iforgot.apple.mthyx.cn/html/iCloud/img/ Frame E0F3	1 KB 1 KB	1828ms 1828ms	Image image/png	116.89.242.131 ANCHGLOBAL-AS-AP ...
General Check archive.org Show headers Download Go to Show image Full URL https://www.iforgot.apple.mthyx.cn/html/iCloud/img/HR_gradient_dark.png Requested by Host: www.iforgot.apple.mthyx.cn URL: https://www.iforgot.apple.mthyx.cn/icloudsignin Protocol H2 Security TLS 1.3, , AES_256_GCM Server 116.89.242.131 , China, ASN137443 (ANCHGLOBAL-AS-AP Anchnet Asia Limited, HK), Reverse DNS Software nginx / Resource Hash `e39f78e3fd9428c8ad22060046d9cc07d65cf9fa784a16a3925b9acb52f35c3d` Request headers Referer https://www.iforgot.apple.mthyx.cn/html/iCloud/css/app.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 04 Jun 2020 07:21:59 GMT last-modified Tue, 22 Oct 2019 05:07:21 GMT server nginx etag "5dae8e89-4d8" content-type image/png status 200 cache-control max-age=2592000 accept-ranges bytes content-length 1240 expires Sat, 04 Jul 2020 07:21:59 GMT
GET H2	200	shared-icons.woff www.iforgot.apple.mthyx.cn/html/iCloud/font/ Frame E0F3	9 KB 9 KB	1898ms 1897ms	Font font/woff	116.89.242.131 ANCHGLOBAL-AS-AP ...
General Check archive.org Show headers Download Go to Full URL https://www.iforgot.apple.mthyx.cn/html/iCloud/font/shared-icons.woff Requested by Host: www.iforgot.apple.mthyx.cn URL: https://www.iforgot.apple.mthyx.cn/icloudsignin Protocol H2 Security TLS 1.3, , AES_256_GCM Server 116.89.242.131 , China, ASN137443 (ANCHGLOBAL-AS-AP Anchnet Asia Limited, HK), Reverse DNS Software nginx / Resource Hash `6de3580fdeace0ff74927b2449e34587dd0b2a03c7711cf0087925e25429efe3` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer https://www.iforgot.apple.mthyx.cn/html/iCloud/css/app.css Origin https://www.iforgot.apple.mthyx.cn Response headers date Thu, 04 Jun 2020 07:21:59 GMT last-modified Tue, 22 Oct 2019 05:07:21 GMT server nginx etag "5dae8e89-2550" content-type font/woff status 200 accept-ranges bytes content-length 9552
GET		92e2039e-c938-4419-ac9c-7b581990f556 https://www.icloud.com/	0 0

GET H2	200	log Show response www.iforgot.apple.mthyx.cn/api/ Frame E0F3	30 B 330 B	728ms 728ms	XHR application/json	116.89.242.131 ANCHGLOBAL-AS-AP ...
General Check archive.org Show headers Download Go to Full URL https://www.iforgot.apple.mthyx.cn/api/log Requested by Host: www.iforgot.apple.mthyx.cn URL: https://www.iforgot.apple.mthyx.cn/html/apple/js/jquery.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 116.89.242.131 , China, ASN137443 (ANCHGLOBAL-AS-AP Anchnet Asia Limited, HK), Reverse DNS Software nginx / Resource Hash `fdde467abb9332910069b23905b167a4492ce4b43cab89cc2fc152fe4f3d726d` Request headers Accept application/json, text/javascript, /; q=0.01 Referer https://www.iforgot.apple.mthyx.cn/icloudsignin X-Requested-With XMLHttpRequest User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers pragma no-cache date Thu, 04 Jun 2020 07:22:01 GMT server nginx status 200 content-type application/json; charset=utf-8 access-control-allow-origin * access-control-expose-headers * cache-control no-store, no-cache, must-revalidate access-control-allow-headers * access-control-allow-method * expires Thu, 19 Nov 1981 08:52:00 GMT
GET		92e2039e-c938-4419-ac9c-7b581990f556 https://www.icloud.com/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.icloud.com
URL: blob:https://www.icloud.com/92e2039e-c938-4419-ac9c-7b581990f556

Domain: www.icloud.com
URL: blob:https://www.icloud.com/92e2039e-c938-4419-ac9c-7b581990f556

Domain: www.icloud.com
URL: blob:https://www.icloud.com/92e2039e-c938-4419-ac9c-7b581990f556

Domain: www.icloud.com
URL: blob:https://www.icloud.com/92e2039e-c938-4419-ac9c-7b581990f556

Domain: www.icloud.com
URL: blob:https://www.icloud.com/92e2039e-c938-4419-ac9c-7b581990f556

Domain: www.icloud.com
URL: blob:https://www.icloud.com/92e2039e-c938-4419-ac9c-7b581990f556

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Apple (Online)

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

www.icloud.com
www.iforgot.apple.mthyx.cn
www.icloud.com
116.89.242.131
1b79ed9c9738c2287af025063485b9c52bd55fdbcad28b293f5dc128e206b24c
1e31de8591163047c24af00b651123b5417cb4cb5a94068ca8e091d58fad432f
1e903559463abcbcd75f7b61f88e60a6a267415ef1fc14efeac88261b4d78318
28081adeb867875a60f8736833be4991db13f076408efc8391d2e6c068ca03c9
2c506ef11296ef02ae329b467553ef48594167bfea44b5ac68272be2ee371d92
3029834a820c79c154c377f52e2719fc3ff2a27600a07ae089ea7fde9087f6bc
320ea3b5e7afea1320fdd9de9589f0665b9931205a69f3fc516b2826fd1d6d19
602f39e565f9cc1bd096607bfe7a5008f5a3dd77838d943c81cb76bedb188055
635cebe91454ae2d5a03a25d6ae73692273a942e4fcb89badcba1fb606d0f6ad
6a2583a6d3fd8564dda4ac2a5ae4a8798d3af6df68718743397ff39111485123
6de3580fdeace0ff74927b2449e34587dd0b2a03c7711cf0087925e25429efe3
c382f99f49158456a7b367b9a1a96fe0702e996b2cb5daec67cad7e1b8f5b02c
dbc9f6c349d47d83a47dbe77613d742527516e6ae08510bc67655191867a864f
e39f78e3fd9428c8ad22060046d9cc07d65cf9fa784a16a3925b9acb52f35c3d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f508650a477a23d635aceb920c089b9eb1ae2b151f07fbd0bdacf3160a6fce96
fdde467abb9332910069b23905b167a4492ce4b43cab89cc2fc152fe4f3d726d

www.iforgot.apple.mthyx.cn Open in urlscan Pro 116.89.242.131 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

20 Requests

70 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

1090 kBTransfer

1952 kBSize

0 Cookies

4 Outgoing links

Page URL History

Redirected requests

20 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

13 JavaScript Global Variables

0 Cookies

Indicators

www.iforgot.apple.mthyx.cn Open in urlscan Pro
116.89.242.131 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

20
Requests

70 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

1090 kB
Transfer

1952 kB
Size

0
Cookies

20 HTTP transactions
2 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!