169.129.222.7
Open in
urlscan Pro
169.129.222.7
Malicious Activity!
Public Scan
Effective URL: https://169.129.222.7/taih9tr8rfka0yafawkg.asp?taih9tr8rfka0yafawkg
Submission: On June 05 via automatic, source openphish
Summary
TLS certificate: Issued by TrustAsia TLS RSA CA on June 1st 2021. Valid for: a year.
This is the only time 169.129.222.7 was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Apple (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 15 | 169.129.222.7 169.129.222.7 | 137443 (ANCHGLOBA...) (ANCHGLOBAL-AS-AP Anchnet Asia Limited) | |
1 | 104.109.70.123 104.109.70.123 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
15 | 3 |
ASN137443 (ANCHGLOBAL-AS-AP Anchnet Asia Limited, HK)
169.129.222.7 |
ASN16625 (AKAMAI-AS, US)
PTR: a104-109-70-123.deploy.static.akamaitechnologies.com
www.icloud.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
1 |
icloud.com
www.icloud.com |
|
15 | 1 |
Domain | Requested by | |
---|---|---|
1 | www.icloud.com |
169.129.222.7
|
15 | 1 |
This site contains links to these domains. Also see Links.
Domain |
---|
iforgot.apple.com |
www.apple.com |
www.apple.com.cn |
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.lphone.aperld.com TrustAsia TLS RSA CA |
2021-06-01 - 2022-05-31 |
a year | crt.sh |
www.icloud.com DigiCert SHA2 Extended Validation Server CA-3 |
2020-07-02 - 2021-07-03 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://169.129.222.7/taih9tr8rfka0yafawkg.asp?taih9tr8rfka0yafawkg
Frame ID: 0F990296F5872DCA4D92C8D04C43329F
Requests: 15 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://169.129.222.7/admail
HTTP 301
https://169.129.222.7/admail/ Page URL
-
https://169.129.222.7/index_dnacn.asp
HTTP 302
https://169.129.222.7/taih9tr8rfka0yafawkg.asp?taih9tr8rfka0yafawkg Page URL
Detected technologies
Windows Server (Operating Systems) ExpandDetected patterns
- headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i
IIS (Web Servers) Expand
Detected patterns
- headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i
Page Statistics
5 Outgoing links
These are links going to different origins than the main page.
Title: 忘记了 Apple ID 或密码?
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: 系统状态
Search URL Search Domain Scan URL
Title: 隐私政策
Search URL Search Domain Scan URL
Title: 条款与条件
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://169.129.222.7/admail
HTTP 301
https://169.129.222.7/admail/ Page URL
-
https://169.129.222.7/index_dnacn.asp
HTTP 302
https://169.129.222.7/taih9tr8rfka0yafawkg.asp?taih9tr8rfka0yafawkg Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://169.129.222.7/admail HTTP 301
- https://169.129.222.7/admail/
15 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Cookie set
/
169.129.222.7/admail/ Redirect Chain
|
1 KB 904 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
Cookie set
taih9tr8rfka0yafawkg.asp
169.129.222.7/ Redirect Chain
|
47 KB 18 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wzwstylel.css
169.129.222.7/Content/css/ |
2 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wzwbbb.css
169.129.222.7/Content/css/ |
863 B 729 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login.css
169.129.222.7/Content/css/ |
12 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-1.11.3.min.js
169.129.222.7/Content/Scripts/ |
94 KB 42 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wzwbg.png
169.129.222.7/Content/img/ |
211 KB 211 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.png
169.129.222.7/Content/img/ |
27 KB 27 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
packed-1.png
169.129.222.7/Content/img/ |
23 KB 23 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
stylesheet-1.png
169.129.222.7/Content/img/ |
33 KB 33 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wzwan.png
169.129.222.7/Content/img/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
HR_gradient_light.png
169.129.222.7/Content/img/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sf-pro-text_regular.woff2
169.129.222.7/Content/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sf-pro-text_regular.woff
www.icloud.com/wss/fonts/SF-Pro-Text/v1/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
sf-pro-text_regular.ttf
www.icloud.com/wss/fonts/SF-Pro-Text/v1/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- www.icloud.com
- URL
- https://www.icloud.com/wss/fonts/SF-Pro-Text/v1/sf-pro-text_regular.ttf
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Apple (Online)23 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated function| XOR object| STR function| performPage string| strHTML function| $ function| jQuery function| myCheckbox function| checkform function| changesignin1 function| changesignin2 function| showpassword function| showloading0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
www.icloud.com
www.icloud.com
104.109.70.123
169.129.222.7
104f0f6b1697cb2b43671be9337e78b517550693c8bd4f85b2ba146126e43b3f
3a3214b501fe041d89edfae0ac654c684556aadaf2865f330bb8c3e194379bff
4101dce7d362b99dd6871cbd9bd68b5bcc6307236367f7125791ffeb64d61795
45d2c7a323518ebf73dad8742ef8622b70cdb766a11e5b6fdec0c664ca00b7d5
4b6dd2f5058afb571c10ebfda119e9d6283a77998b2b84785bdbfe38e3f3b18a
5f2e1ff82606b620ba956f23570281305159f08dc1eb098492f7432c5d59959a
6a19361b652e193a0acc2bbcda4a47ec51c23650647355d298637dd40edc3d5a
910c60cd70ae62be03bc24940418f8a5f23db875272096e977b75c00ac159c32
b08baceee8b4f4cd11c5c067c15382ec1f98c631985fa2638b11a866456ea374
b3d98c4c8aa4055992854cedc838d36b8970d5c1c9030936d206d2dd31f44428
c386c766bde56cb556e10b5e81d075235220c43de2e6f398adc2ef4e98c83acf
ecb916133a9376911f10bc5c659952eb0031e457f5df367cde560edbfba38fb8