www.apple.sezrld.com
Open in
urlscan Pro
116.89.241.74
Malicious Activity!
Public Scan
Submitted URL: https://www.apple.sezrld.com/
Effective URL: https://www.apple.sezrld.com/z80euygvmcfzi5wajmyj.asp?z80euygvmcfzi5wajmyj
Submission: On October 05 via automatic, source certstream-suspicious
Effective URL: https://www.apple.sezrld.com/z80euygvmcfzi5wajmyj.asp?z80euygvmcfzi5wajmyj
Submission: On October 05 via automatic, source certstream-suspicious
Summary
This website contacted 3 IPs
in 2 countries
across 2 domains to perform 16 HTTP transactions.
The main IP is 116.89.241.74, located in
China and
belongs to ANCHNET Shanghai Anchang Network Security Technology Co.,Ltd., CN.
The main domain is www.apple.sezrld.com.
TLS certificate: Issued by RapidSSL TLS DV RSA Mixed SHA256 2020... on October 5th 2020. Valid for: a year.
This is the only time www.apple.sezrld.com was scanned on urlscan.io!
TLS certificate: Issued by RapidSSL TLS DV RSA Mixed SHA256 2020... on October 5th 2020. Valid for: a year.
This is the only time www.apple.sezrld.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Apple (Online)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 2 16 | 116.89.241.74 116.89.241.74 | 58879 (ANCHNET S...) (ANCHNET Shanghai Anchang Network Security Technology Co.) | |
| 1 | 104.111.230.122 104.111.230.122 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
| 16 | 3 |
16
116.89.241.74
(China)
ASN58879 (ANCHNET Shanghai Anchang Network Security Technology Co.,Ltd., CN)
ASN58879 (ANCHNET Shanghai Anchang Network Security Technology Co.,Ltd., CN)
| www.apple.sezrld.com |
1
104.111.230.122
(Netherlands)
ASN16625 (AKAMAI-AS, US)
PTR: a104-111-230-122.deploy.static.akamaitechnologies.com
ASN16625 (AKAMAI-AS, US)
PTR: a104-111-230-122.deploy.static.akamaitechnologies.com
| www.icloud.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 16 |
sezrld.com
2 redirects
www.apple.sezrld.com |
366 KB |
| 1 |
icloud.com
www.icloud.com |
|
| 16 | 2 |
| Domain | Requested by | |
|---|---|---|
| 16 | www.apple.sezrld.com |
2 redirects
www.apple.sezrld.com
|
| 1 | www.icloud.com |
www.apple.sezrld.com
|
| 16 | 2 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| iforgot.apple.com |
| www.apple.com |
| www.apple.com.cn |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| www.apple.sezrld.com RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1 |
2020-10-05 - 2021-10-06 |
a year | crt.sh |
| www.icloud.com DigiCert SHA2 Extended Validation Server CA-3 |
2020-07-02 - 2021-07-03 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.apple.sezrld.com/z80euygvmcfzi5wajmyj.asp?z80euygvmcfzi5wajmyj
Frame ID: 8E6DA76A30C0670DA72EE91BBFB89ED2
Requests: 16 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://www.apple.sezrld.com/ Page URL
-
https://www.apple.sezrld.com/admail
HTTP 301
https://www.apple.sezrld.com/admail/ Page URL
-
https://www.apple.sezrld.com/index_dnacn.asp
HTTP 302
https://www.apple.sezrld.com/z80euygvmcfzi5wajmyj.asp?z80euygvmcfzi5wajmyj Page URL
Detected technologies
Windows Server
(Operating Systems)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i
IIS
(Web Servers)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i
Page Statistics
5 Outgoing links
These are links going to different origins than the main page.
URL: https://iforgot.apple.com/password/verify/appleid
Title: 忘记了 Apple ID 或密码?
Title: 忘记了 Apple ID 或密码?
Search URL Search Domain Scan URL
URL: https://www.apple.com/cn
Search URL Search Domain Scan URL
URL: https://www.apple.com.cn/support/systemstatus/
Title: 系统状态
Title: 系统状态
Search URL Search Domain Scan URL
URL: https://www.apple.com/cn/privacy/
Title: 隐私政策
Title: 隐私政策
Search URL Search Domain Scan URL
URL: https://www.apple.com/legal/icloud/ww/
Title: 条款与条件
Title: 条款与条件
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://www.apple.sezrld.com/ Page URL
-
https://www.apple.sezrld.com/admail
HTTP 301
https://www.apple.sezrld.com/admail/ Page URL
-
https://www.apple.sezrld.com/index_dnacn.asp
HTTP 302
https://www.apple.sezrld.com/z80euygvmcfzi5wajmyj.asp?z80euygvmcfzi5wajmyj Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 1- https://www.apple.sezrld.com/admail HTTP 301
- https://www.apple.sezrld.com/admail/
16 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
 Cookie set
/
www.apple.sezrld.com/ |
1 KB 897 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Cookie set
/
www.apple.sezrld.com/admail/ Redirect Chain
|
1 KB 904 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Primary Request
Cookie set
z80euygvmcfzi5wajmyj.asp
www.apple.sezrld.com/ Redirect Chain
|
47 KB 18 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
wzwstylel.css
www.apple.sezrld.com/Content/css/ |
2 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
wzwbbb.css
www.apple.sezrld.com/Content/css/ |
863 B 729 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
login.css
www.apple.sezrld.com/Content/css/ |
12 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery-1.11.3.min.js
www.apple.sezrld.com/Content/Scripts/ |
94 KB 42 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
wzwbg.png
www.apple.sezrld.com/Content/img/ |
211 KB 211 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
logo.png
www.apple.sezrld.com/Content/img/ |
27 KB 27 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
packed-1.png
www.apple.sezrld.com/Content/img/ |
23 KB 23 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
stylesheet-1.png
www.apple.sezrld.com/Content/img/ |
33 KB 33 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
wzwan.png
www.apple.sezrld.com/Content/img/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
HR_gradient_light.png
www.apple.sezrld.com/Content/img/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
sf-pro-text_regular.woff2
www.apple.sezrld.com/Content/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
sf-pro-text_regular.woff
www.icloud.com/wss/fonts/SF-Pro-Text/v1/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
sf-pro-text_regular.ttf
www.icloud.com/wss/fonts/SF-Pro-Text/v1/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- www.icloud.com
- URL
- https://www.icloud.com/wss/fonts/SF-Pro-Text/v1/sf-pro-text_regular.ttf
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Apple (Online)13 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| trustedTypes function| XOR object| STR function| performPage string| strHTML function| $ function| jQuery function| myCheckbox function| checkform function| changesignin1 function| changesignin2 function| showpassword function| showloading2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| www.apple.sezrld.com/ | Name: password Value: default |
|
| www.apple.sezrld.com/ | Name: ASPSESSIONIDQGSQSSSC Value: JIFHAAHBLBHDHFFBODPCPOKJ |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
www.apple.sezrld.com
www.icloud.com
www.icloud.com
104.111.230.122
116.89.241.74
104f0f6b1697cb2b43671be9337e78b517550693c8bd4f85b2ba146126e43b3f
3a3214b501fe041d89edfae0ac654c684556aadaf2865f330bb8c3e194379bff
4101dce7d362b99dd6871cbd9bd68b5bcc6307236367f7125791ffeb64d61795
45d2c7a323518ebf73dad8742ef8622b70cdb766a11e5b6fdec0c664ca00b7d5
4b6dd2f5058afb571c10ebfda119e9d6283a77998b2b84785bdbfe38e3f3b18a
5f2e1ff82606b620ba956f23570281305159f08dc1eb098492f7432c5d59959a
6a19361b652e193a0acc2bbcda4a47ec51c23650647355d298637dd40edc3d5a
910c60cd70ae62be03bc24940418f8a5f23db875272096e977b75c00ac159c32
b08baceee8b4f4cd11c5c067c15382ec1f98c631985fa2638b11a866456ea374
b3d98c4c8aa4055992854cedc838d36b8970d5c1c9030936d206d2dd31f44428
c386c766bde56cb556e10b5e81d075235220c43de2e6f398adc2ef4e98c83acf
c5e273ccb105e8fdd861167af85891e5f843a0b326fab2a77e5202910a5f2dd6
ecb916133a9376911f10bc5c659952eb0031e457f5df367cde560edbfba38fb8