Report - apple-seed-portal-support-online.com/signin.html?InvitationUrl=19a23a64ebc10e6da7e6a88631facb53&KeyInvite=19a23a64ebc10e6da7e6a88631facb53

Report Overview

URL

apple-seed-portal-support-online.com/signin.html?InvitationUrl=19a23a64ebc10e6da7e6a88631facb53&KeyInvite=19a23a64ebc10e6da7e6a88631facb53
IP

190.14.39.250

ASN

#52469 Offshore Racks S.A
Submitted

2022-11-21T10:23:33Z

Access
Tags

None
urlquery detections

Phishing - Apple

Phishing - Apple

Detections

urlquery

11
Network Intrusion Detection

0
Threat Detection Systems

3

Domain Summary

Domain	Rank	First Seen	Last Seen	Sent	Received	IP
contile.services.mozilla.com (1)	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333	229	34.117.237.239
push.services.mozilla.com (1)	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606	127	54.148.190.4
appleid.cdn-apple.com (1)	3288	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	453	628	23.60.29.145
img-getpocket.cdn.mozilla.net (6)	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3246	48719	34.120.237.76
r3.o.lencr.org (7)	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2366	6203	23.36.76.226
content-signature-2.cdn.mozilla.net (3)	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1267	17531	34.160.144.191
apple-seed-portal-support-online.com (9)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	4035	190221	190.14.39.250
ocsp.digicert.com (4)	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1364	3186	93.184.220.29
firefox.settings.services.mozilla.com (10)	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	4708	103498	34.102.187.140
shavar.services.mozilla.com (1)	3602	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	453	204	34.215.6.110
detectportal.firefox.com (2)	1601	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606	428	34.107.221.82
getpocket.cdn.mozilla.net (1)	1369	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	435	50236	34.120.5.221

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2022-11-16	medium	apple-seed-portal-support-online.com/	Generic/Spear Phishing
2022-11-16	medium	apple-seed-portal-support-online.com/	Generic/Spear Phishing
2022-11-16	medium	apple-seed-portal-support-online.com/	Generic/Spear Phishing

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (7)

HTTP Transactions (46)

URL IP Response Size

detectportal.firefox.com/success.txt?ipv4

34.107.221.82

200 OK

URL HTTP/1.1

detectportal.firefox.com/success.txt?ipv4
IP

34.107.221.82:0
ASN

#15169 GOOGLE

Magic

ASCII text

Size

8
Hash

ae780585f49b94ce1444eb7d28906123

7d5ca8c0c03e883c56c4eb1ef6f6bb9bccad4d86

81b2bd4ea98c8db66554fbc8d7637a1a69a130f331feb732b75caab4c4868fd5

HTTP Headers

                                        GET /success.txt?ipv4 HTTP/1.1
Host: detectportal.firefox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Length: 8
Via: 1.1 google
Date: Sun, 20 Nov 2022 11:38:05 GMT
Age: 81911
Content-Type: text/plain
Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

6ed951622549ed76959631f8a1bf497b

682b2dd2a72190510e3fa7bdb0c0c6f25a322dfb

86f5e5ae2da408a899d16c83b7ca441033ac0c30062cd29f2db1b1b5be666746

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "86F5E5AE2DA408A899D16C83B7CA441033AC0C30062CD29F2DB1B1B5BE666746"
Last-Modified: Sat, 19 Nov 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8440
Expires: Mon, 21 Nov 2022 12:43:56 GMT
Date: Mon, 21 Nov 2022 10:23:16 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

99eee0fd87df8b99a83164735a4769bd

3b7a503d30e0e064158231e10374d8d5f2e98039

9fde45b83e2a57eaea97abeba0cce7f9f31ee21354e41bc420b6b814afea26b1

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9FDE45B83E2A57EAEA97ABEBA0CCE7F9F31EE21354E41BC420B6B814AFEA26B1"
Last-Modified: Mon, 21 Nov 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10294
Expires: Mon, 21 Nov 2022 13:14:50 GMT
Date: Mon, 21 Nov 2022 10:23:16 GMT
Connection: keep-alive

getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=NO&count=30

34.120.5.221

200 OK

49549

URL HTTP/2

getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=NO&count=30
IP

34.120.5.221:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (65536), with no line terminators

Size

49549
Hash

82015c4965fb5d3447299f0a5b6b5b4a

a9e020f2ded0a8dee0f3da0757a5ce134d5ae622

f7b5b00768ebe29d1d5b4be7812918109d10f4be20a1fac812d7b26c30a9c6bc

HTTP Headers

                                        GET /v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=NO&count=30 HTTP/1.1
Host: getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
vary: Accept-Encoding
content-location: global-recs.php
tcn: choice
x-frame-options: SAMEORIGIN
status: 200 OK
x-source: Pocket
pragma: cache
p3p: policyref="/w3c/p3p.xml", CP="ALL CURa ADMa DEVa OUR IND UNI COM NAV INT STA PRE"
x-cache: Miss from cloudfront
x-amz-cf-pop: SEA73-P2
x-amz-cf-id: 7y_mELG52Fl5NOs6nMO52YO8bkwus81ZcFQzKmZGXt4dW8Dq5l25mw==
content-encoding: gzip
via: 1.1 45d6a557ecb29942f314e3dd736d817a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 21 Nov 2022 10:17:11 GMT
content-type: application/json
content-length: 49549
age: 365
cache-control: s-maxage=900,public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

e7724a1f27dc1b5b2fb63c7e486f74db

ef0ea648ce8bc189d31382baec4b181c724af93b

2a46916079563d95fa6a695104ebf41829ee95a156d6e4d45b9aef7231a8a80e

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A46916079563D95FA6A695104EBF41829EE95A156D6E4D45B9AEF7231A8A80E"
Last-Modified: Fri, 18 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8138
Expires: Mon, 21 Nov 2022 12:38:54 GMT
Date: Mon, 21 Nov 2022 10:23:16 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain

34.160.144.191

200 OK

5348

URL HTTP/2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP

34.160.144.191:0
ASN

#15169 GOOGLE

Magic

PEM certificate\012- , ASCII text

Size

5348
Hash

67d5a988edcda47bc3b3b3f65d32b4b6

d4f0e0da8b3690cc7da925026d3414b68c7d954f

55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78

HTTP Headers

                                        GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
x-amz-id-2: MHRz9tdm1Fmd8Nbo1kjLVgOvCzBJNPfACqc9BmLfYXKz+PvnZcyzxzzY8gQuvj/I9/TdNWu/8PA=
x-amz-request-id: F8EVYMDCHEF3YXYN
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 21 Nov 2022 09:54:16 GMT
age: 1740
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

apple-seed-portal-support-online.com/signin.html?InvitationUrl=19a23a64ebc10e6da7e6a88631facb53&KeyInvite=19a23a64ebc10e6da7e6a88631facb53

190.14.39.250

200 OK

5204

URL HTTP/1.1

apple-seed-portal-support-online.com/signin.html?InvitationUrl=19a23a64ebc10e6da7e6a88631facb53&KeyInvite=19a23a64ebc10e6da7e6a88631facb53
IP

190.14.39.250:0
ASN

#52469 Offshore Racks S.A

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (1362)

Size

5204
Hash

4d9118bb7e9e807567dfa27feb8cce37

7af70618a965089a0859b1e332bbb8f941ba141d

5dca5c5df90643f6a40501d4648c1989bb00e121f0567655c9179f43e19855bd

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Apple

HTTP Headers

                                        GET /signin.html?InvitationUrl=19a23a64ebc10e6da7e6a88631facb53&KeyInvite=19a23a64ebc10e6da7e6a88631facb53 HTTP/1.1
Host: apple-seed-portal-support-online.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                        HTTP/1.1 200 OK
Date: Mon, 21 Nov 2022 10:23:16 GMT
Server: Apache
Last-Modified: Fri, 11 Nov 2022 18:11:37 GMT
Accept-Ranges: bytes
Content-Length: 5204
Keep-Alive: timeout=3, max=100
Connection: Keep-Alive
Content-Type: text/html

ocsp.digicert.com/

93.184.220.29

200 OK

471

URL HTTP/1.1

ocsp.digicert.com/
IP

93.184.220.29:0
ASN

#15133 EDGECAST

Magic

data

Size

471
Hash

2061bb5a62c7dbe5a39e49a98bf7d214

812ff4923fc0fa69fa7db7c362d5af728e297099

6f0c1ecd37ba47802a386c487e3c2eb1794a06e8b9f56e016326686e3d80ef92

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5861
Cache-Control: max-age=92749
Content-Type: application/ocsp-response
Date: Mon, 21 Nov 2022 10:23:16 GMT
Etag: "637a01fc-1d7"
Expires: Tue, 22 Nov 2022 12:09:05 GMT
Last-Modified: Sun, 20 Nov 2022 10:31:24 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 471

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939

URL HTTP/2

firefox.settings.services.mozilla.com/v1/
IP

34.102.187.140:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (939), with no line terminators

Size

939
Hash

4d7e4eed097b9c4e5d509419f1cfc85a

290bb3d428a7c6330e2e3d73a952b16f820896c8

0dc9ca0f57af15adcd416035e92794711434e3d53a1feff21d8481d6d500986c

HTTP Headers

                                        GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Length, Alert, Backoff, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 21 Nov 2022 09:45:23 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2273
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

URL HTTP/2

contile.services.mozilla.com/v1/tiles
IP

34.117.237.239:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with no line terminators

Size

12
Hash

23e88fb7b99543fb33315b29b1fad9d6

a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce

7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

                                        GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
date: Mon, 21 Nov 2022 10:23:16 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

apple-seed-portal-support-online.com/signin_files/sslconnectionstandardpagealert.css

190.14.39.250

200 OK

655

URL HTTP/1.1

apple-seed-portal-support-online.com/signin_files/sslconnectionstandardpagealert.css
IP

190.14.39.250:0
ASN

#52469 Offshore Racks S.A

Magic

ASCII text, with very long lines (655), with no line terminators

Size

655
Hash

e782587c40c8dcf3a635d130f63e32e2

558f5a277407be6f9d6ea37ca5ff2928cad85967

d3730b50271a906fac3a83d99f9fb6c29cb2d4f5151fd854eb08e13089ceadd5

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Apple
openphish	Generic/Spear Phishing

HTTP Headers

                                        GET /signin_files/sslconnectionstandardpagealert.css HTTP/1.1
Host: apple-seed-portal-support-online.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://apple-seed-portal-support-online.com/signin.html?InvitationUrl=19a23a64ebc10e6da7e6a88631facb53&KeyInvite=19a23a64ebc10e6da7e6a88631facb53

                                        HTTP/1.1 200 OK
Date: Mon, 21 Nov 2022 10:23:16 GMT
Server: Apache
Last-Modified: Mon, 07 Jun 2021 23:57:12 GMT
Accept-Ranges: bytes
Content-Length: 655
Keep-Alive: timeout=3, max=100
Connection: Keep-Alive
Content-Type: text/css

ocsp.digicert.com/

93.184.220.29

200 OK

471

URL HTTP/1.1

ocsp.digicert.com/
IP

93.184.220.29:0
ASN

#15133 EDGECAST

Magic

data

Size

471
Hash

a4efa4c86e412b4ddd6b70518e658567

c4b5d1e5eb5bf1c1fbcb9386e9d3320dab4eed00

ba9a2fc992f6ab5e504a92ee70201496743f1f65d133c0ca04e0ae336221e715

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5482
Cache-Control: max-age=119000
Content-Type: application/ocsp-response
Date: Mon, 21 Nov 2022 10:23:16 GMT
Etag: "637a6a02-1d7"
Expires: Tue, 22 Nov 2022 19:26:36 GMT
Last-Modified: Sun, 20 Nov 2022 17:55:14 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471

apple-seed-portal-support-online.com/signin_files/dcutil_2_2.js

190.14.39.250

200 OK

9853

URL HTTP/1.1

apple-seed-portal-support-online.com/signin_files/dcutil_2_2.js
IP

190.14.39.250:0
ASN

#52469 Offshore Racks S.A

Magic

ASCII text, with very long lines (9853), with no line terminators

Size

9853
Hash

8cfbb21e37613eeff2e4edfd79486c31

3267ca95abcc36eae1d293d8d11f45ee429c1df9

64adb7a8c8e1bb39d4bd9ccda626629acc674e8e7856f30f77618b834203850a

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Apple

HTTP Headers

                                        GET /signin_files/dcutil_2_2.js HTTP/1.1
Host: apple-seed-portal-support-online.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://apple-seed-portal-support-online.com/signin.html?InvitationUrl=19a23a64ebc10e6da7e6a88631facb53&KeyInvite=19a23a64ebc10e6da7e6a88631facb53

                                        HTTP/1.1 200 OK
Date: Mon, 21 Nov 2022 10:23:16 GMT
Server: Apache
Last-Modified: Mon, 07 Jun 2021 23:57:12 GMT
Accept-Ranges: bytes
Content-Length: 9853
Keep-Alive: timeout=3, max=100
Connection: Keep-Alive
Content-Type: application/javascript

apple-seed-portal-support-online.com/signin_files/commonLogin.js

190.14.39.250

200 OK

8131

URL HTTP/1.1

apple-seed-portal-support-online.com/signin_files/commonLogin.js
IP

190.14.39.250:0
ASN

#52469 Offshore Racks S.A

Magic

ASCII text, with very long lines (8131), with no line terminators

Size

8131
Hash

a1029a5fe2afeec5adc800fbf8373362

e08a24c99e6bdc490134e4d1120ac4c7f5abc4e8

635a77e3b53082ccde899a47d8bb5ecd4e111eb29cdaeb3d53966b74a405fb8f

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Apple

HTTP Headers

                                        GET /signin_files/commonLogin.js HTTP/1.1
Host: apple-seed-portal-support-online.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://apple-seed-portal-support-online.com/signin.html?InvitationUrl=19a23a64ebc10e6da7e6a88631facb53&KeyInvite=19a23a64ebc10e6da7e6a88631facb53

                                        HTTP/1.1 200 OK
Date: Mon, 21 Nov 2022 10:23:16 GMT
Server: Apache
Last-Modified: Mon, 07 Jun 2021 23:57:12 GMT
Accept-Ranges: bytes
Content-Length: 8131
Keep-Alive: timeout=3, max=100
Connection: Keep-Alive
Content-Type: application/javascript

apple-seed-portal-support-online.com/signin_files/commonScript.js

190.14.39.250

200 OK

426

URL HTTP/1.1

apple-seed-portal-support-online.com/signin_files/commonScript.js
IP

190.14.39.250:0
ASN

#52469 Offshore Racks S.A

Magic

ASCII text, with very long lines (426), with no line terminators

Size

426
Hash

32ee6304a190aa4f930602e73ae3bfb5

4d334eb4e6a451e9ee669c1ae4ac3612eba7233f

12b7cf283479c08b9661e1a18b4e4131b08a1893747dd43dd9d9ee8a23b43510

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Apple

HTTP Headers

                                        GET /signin_files/commonScript.js HTTP/1.1
Host: apple-seed-portal-support-online.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://apple-seed-portal-support-online.com/signin.html?InvitationUrl=19a23a64ebc10e6da7e6a88631facb53&KeyInvite=19a23a64ebc10e6da7e6a88631facb53

                                        HTTP/1.1 200 OK
Date: Mon, 21 Nov 2022 10:23:16 GMT
Server: Apache
Last-Modified: Mon, 07 Jun 2021 23:57:12 GMT
Accept-Ranges: bytes
Content-Length: 426
Keep-Alive: timeout=3, max=100
Connection: Keep-Alive
Content-Type: application/javascript

ocsp.digicert.com/

93.184.220.29

200 OK

471

URL HTTP/1.1

ocsp.digicert.com/
IP

93.184.220.29:0
ASN

#15133 EDGECAST

Magic

data

Size

471
Hash

27138f8625c320bd1434ccd92263b641

6a8f18728c9f324c1c631ffc85901d84ec4d0e0c

02338368cfa2325e8463bd169cb0ad4df2967ca4260b75bc665cd0836e90e9f4

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5935
Cache-Control: max-age=87751
Content-Type: application/ocsp-response
Date: Mon, 21 Nov 2022 10:23:17 GMT
Etag: "6379ee2d-1d7"
Expires: Tue, 22 Nov 2022 10:45:48 GMT
Last-Modified: Sun, 20 Nov 2022 09:06:53 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 471

apple-seed-portal-support-online.com/signin_files/common.js

190.14.39.250

200 OK

14852

URL HTTP/1.1

apple-seed-portal-support-online.com/signin_files/common.js
IP

190.14.39.250:0
ASN

#52469 Offshore Racks S.A

Magic

ASCII text, with very long lines (14852), with no line terminators

Size

14852
Hash

439ecaa236575c25770b39148ad3fe1b

1d445a4fe0a76467a56104876fe4ebf44fb354f3

d9d174e1e1aa91f501a512f024b52778969b76dd7e6f63a4dc1f75d7a4ac21fd

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Apple
openphish	Generic/Spear Phishing

HTTP Headers

                                        GET /signin_files/common.js HTTP/1.1
Host: apple-seed-portal-support-online.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://apple-seed-portal-support-online.com/signin.html?InvitationUrl=19a23a64ebc10e6da7e6a88631facb53&KeyInvite=19a23a64ebc10e6da7e6a88631facb53

                                        HTTP/1.1 200 OK
Date: Mon, 21 Nov 2022 10:23:16 GMT
Server: Apache
Last-Modified: Mon, 07 Jun 2021 23:57:12 GMT
Accept-Ranges: bytes
Content-Length: 14852
Keep-Alive: timeout=3, max=99
Connection: Keep-Alive
Content-Type: application/javascript

apple-seed-portal-support-online.com/signin_files/appleconnect.css

190.14.39.250

200 OK

50456

URL HTTP/1.1

apple-seed-portal-support-online.com/signin_files/appleconnect.css
IP

190.14.39.250:0
ASN

#52469 Offshore Racks S.A

Magic

ASCII text, with very long lines (50456), with no line terminators

Size

50456
Hash

67495aadd5f25f8fa2f14f2637a9578e

36cde42d625ddda0f20b5821d5f09c5f2eb9cb0e

9af2aae85733913b7357536fdee95c5fa87f8ba03a481f34d8d5209a75f97a88

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Apple
openphish	Generic/Spear Phishing

HTTP Headers

                                        GET /signin_files/appleconnect.css HTTP/1.1
Host: apple-seed-portal-support-online.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://apple-seed-portal-support-online.com/signin.html?InvitationUrl=19a23a64ebc10e6da7e6a88631facb53&KeyInvite=19a23a64ebc10e6da7e6a88631facb53

                                        HTTP/1.1 200 OK
Date: Mon, 21 Nov 2022 10:23:16 GMT
Server: Apache
Last-Modified: Mon, 07 Jun 2021 23:57:12 GMT
Accept-Ranges: bytes
Content-Length: 50456
Keep-Alive: timeout=3, max=99
Connection: Keep-Alive
Content-Type: text/css

apple-seed-portal-support-online.com/signin_files/appleConnect.js

190.14.39.250

200 OK

2615

URL HTTP/1.1

apple-seed-portal-support-online.com/signin_files/appleConnect.js
IP

190.14.39.250:0
ASN

#52469 Offshore Racks S.A

Magic

ASCII text, with very long lines (2615), with no line terminators

Size

2615
Hash

38b17298bf75adf82609b7e4bc21d7e2

8df60271f3cc725ad3e832dfe5494a41f5954cdf

34a19c4ff3d24951063abd0a16fbedf42ef19d5facfccf49aad2198302ce7c48

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Apple

HTTP Headers

                                        GET /signin_files/appleConnect.js HTTP/1.1
Host: apple-seed-portal-support-online.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://apple-seed-portal-support-online.com/signin.html?InvitationUrl=19a23a64ebc10e6da7e6a88631facb53&KeyInvite=19a23a64ebc10e6da7e6a88631facb53

                                        HTTP/1.1 200 OK
Date: Mon, 21 Nov 2022 10:23:17 GMT
Server: Apache
Last-Modified: Mon, 07 Jun 2021 23:57:12 GMT
Accept-Ranges: bytes
Content-Length: 2615
Keep-Alive: timeout=3, max=99
Connection: Keep-Alive
Content-Type: application/javascript

shavar.services.mozilla.com/downloads?client=Firefox&appver=96.0a&pver=2.2

34.215.6.110

200 OK

URL HTTP/1.1

shavar.services.mozilla.com/downloads?client=Firefox&appver=96.0a&pver=2.2
IP

34.215.6.110:0
ASN

#16509 AMAZON-02

Magic

ASCII text

Size

8
Hash

29fc57841962e407cb50c1be60284bf7

ce968a77e2996da5eee8925182318f171ccdce47

ae7e7075247dcfad763f1e131aeac3d2e756bb03d48b0d315a50c69636e5dc8b

HTTP Headers

                                        POST /downloads?client=Firefox&appver=96.0a&pver=2.2 HTTP/1.1
Host: shavar.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 773
Connection: close
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: none
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/octet-stream
Date: Mon, 21 Nov 2022 10:23:17 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Length: 8
Connection: Close

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329

URL HTTP/2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP

34.102.187.140:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (329), with no line terminators

Size

329
Hash

0333b0655111aa68de771adfcc4db243

63f295a144ac87a7c8e23417626724eeca68a7eb

60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

                                        GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: ETag, Content-Type, Content-Length, Last-Modified, Alert, Backoff, Pragma, Expires, Retry-After, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 21 Nov 2022 09:44:50 GMT
cache-control: public,max-age=3600
age: 2307
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

apple-seed-portal-support-online.com/signin_files/jquery-1.11.1.min.js

190.14.39.250

200 OK

95786

URL HTTP/1.1

apple-seed-portal-support-online.com/signin_files/jquery-1.11.1.min.js
IP

190.14.39.250:0
ASN

#52469 Offshore Racks S.A

Magic

ASCII text, with very long lines (32086)

Size

95786
Hash

8101d596b2b8fa35fe3a634ea342d7c3

d6c1f41972de07b09bfa63d2e50f9ab41ec372bd

540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Apple

HTTP Headers

                                        GET /signin_files/jquery-1.11.1.min.js HTTP/1.1
Host: apple-seed-portal-support-online.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://apple-seed-portal-support-online.com/signin.html?InvitationUrl=19a23a64ebc10e6da7e6a88631facb53&KeyInvite=19a23a64ebc10e6da7e6a88631facb53

                                        HTTP/1.1 200 OK
Date: Mon, 21 Nov 2022 10:23:16 GMT
Server: Apache
Last-Modified: Mon, 07 Jun 2021 23:57:12 GMT
Accept-Ranges: bytes
Content-Length: 95786
Keep-Alive: timeout=3, max=100
Connection: Keep-Alive
Content-Type: application/javascript

push.services.mozilla.com/

54.148.190.4

101 Switching Protocols

URL HTTP/1.1

push.services.mozilla.com/
IP

54.148.190.4:0
ASN

#16509 AMAZON-02

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: G50TB07UND5RC0kZBwswyA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                        HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: eF9cr2jT+iJmsZWrI1snKHXz7+0=

ocsp.digicert.com/

93.184.220.29

200 OK

471

URL HTTP/1.1

ocsp.digicert.com/
IP

93.184.220.29:0
ASN

#15133 EDGECAST

Magic

data

Size

471
Hash

525553ef054d38aa5f4a077125ab7365

d8bcac969c8bf4634d53ce9643a0ea2bacc1772a

72b7f8cc7beb69c080be0d421e62e8496c9fa59a228a38eb320ad0e01b5436f6

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4626
Cache-Control: max-age=113833
Content-Type: application/ocsp-response
Date: Mon, 21 Nov 2022 10:23:17 GMT
Etag: "637a592c-1d7"
Expires: Tue, 22 Nov 2022 18:00:30 GMT
Last-Modified: Sun, 20 Nov 2022 16:43:24 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471

firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expected=%221669024641920%22

34.102.187.140

200 OK

21675

URL HTTP/2

firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expected=%221669024641920%22
IP

34.102.187.140:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (21675), with no line terminators

Size

21675
Hash

efde21c0b222527be332b89353f37daa

5566cd27899ce09a803ef9d8581145f172c22f4a

783053f5d6cd96e2d14a066828b176de69c006d2a1f3a1e42c58d23f3795bb50

HTTP Headers

                                        GET /v1/buckets/monitor/collections/changes/changeset?_expected=%221669024641920%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 21675
via: 1.1 google
date: Mon, 21 Nov 2022 10:02:19 GMT
cache-control: public,max-age=3600
last-modified: Mon, 21 Nov 2022 09:57:21 GMT
content-type: application/json
age: 1258
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/blocklists/collections/addons-bloomfilters/changeset?_expected=1668515834263&_since=%221666204638208%22

34.102.187.140

200 OK

6205

URL HTTP/2

firefox.settings.services.mozilla.com/v1/buckets/blocklists/collections/addons-bloomfilters/changeset?_expected=1668515834263&_since=%221666204638208%22
IP

34.102.187.140:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (6205), with no line terminators

Size

6205
Hash

275e02efdb1123be2e678c68fb1caa3d

b1e730dd1ee030847aa12c7fbc8c193ad7d8da3b

5e886af7be0684b02aa5be344e49088347390095f30abdc8137c4973ccc85312

HTTP Headers

                                        GET /v1/buckets/blocklists/collections/addons-bloomfilters/changeset?_expected=1668515834263&_since=%221666204638208%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 6205
via: 1.1 google
date: Mon, 21 Nov 2022 10:06:29 GMT
cache-control: public,max-age=3600
age: 1008
last-modified: Tue, 15 Nov 2022 12:37:14 GMT
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain

34.160.144.191

200 OK

5348

URL HTTP/2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP

34.160.144.191:0
ASN

#15169 GOOGLE

Magic

PEM certificate\012- , ASCII text

Size

5348
Hash

9ebddc2b260d081ebbefee47c037cb28

492bad62a7ca6a74738921ef5ae6f0be5edebf39

74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5

HTTP Headers

                                        GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                        HTTP/2 200 OK
x-amz-id-2: FP3lSFxpRjIDebCxnOt9PbCBO9kjVQovr438PGLPN3f31e5npAUAu4nfO2/gRGbLtlCjhJHRedc=
x-amz-request-id: QTFFYW3A2TMXVB6P
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 21 Nov 2022 09:42:04 GMT
age: 2473
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

detectportal.firefox.com/success.txt?ipv4

34.107.221.82

200 OK

URL HTTP/1.1

detectportal.firefox.com/success.txt?ipv4
IP

34.107.221.82:0
ASN

#15169 GOOGLE

Magic

ASCII text

Size

8
Hash

ae780585f49b94ce1444eb7d28906123

7d5ca8c0c03e883c56c4eb1ef6f6bb9bccad4d86

81b2bd4ea98c8db66554fbc8d7637a1a69a130f331feb732b75caab4c4868fd5

HTTP Headers

                                        GET /success.txt?ipv4 HTTP/1.1
Host: detectportal.firefox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Length: 8
Via: 1.1 google
Date: Sun, 20 Nov 2022 11:38:05 GMT
Age: 81912
Content-Type: text/plain
Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600

firefox.settings.services.mozilla.com/v1/buckets/main/collections/normandy-recipes-capabilities/changeset?_expected=1668988864065&_since=%221666483264567%22

34.102.187.140

200 OK

50072

URL HTTP/2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/normandy-recipes-capabilities/changeset?_expected=1668988864065&_since=%221666483264567%22
IP

34.102.187.140:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (50072), with no line terminators

Size

50072
Hash

e0205d980e946b8a01b0957e7303baa2

0196862d650302b9f0b5875953fbd52147b7d573

476fb034094191138f456815cfcad19d7e7a8b533962fa5b911377929979444d

HTTP Headers

                                        GET /v1/buckets/main/collections/normandy-recipes-capabilities/changeset?_expected=1668988864065&_since=%221666483264567%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 50072
via: 1.1 google
date: Mon, 21 Nov 2022 10:09:31 GMT
cache-control: public,max-age=3600
age: 826
last-modified: Mon, 21 Nov 2022 00:01:04 GMT
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/hijack-blocklists?_expected=1605801189258

34.102.187.140

200 OK

681

URL HTTP/2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/hijack-blocklists?_expected=1605801189258
IP

34.102.187.140:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (681), with no line terminators

Size

681
Hash

eaee4fcc2a30b5cb65768e7228765063

a618faa6e4c7c412584de1dbc760a8067e32b7d7

20565fc5642a0bc063da8706ee310dd2512ee2a096a39976c34056a13a2bc2f6

HTTP Headers

                                        GET /v1/buckets/main/collections/hijack-blocklists?_expected=1605801189258 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Cache-Control, ETag, Pragma, Expires, Backoff, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 681
via: 1.1 google
date: Mon, 21 Nov 2022 09:51:47 GMT
cache-control: public,max-age=3600
age: 1890
last-modified: Sun, 20 Nov 2022 16:36:52 GMT
etag: "1668962212585"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/cfr/changeset?_expected=1666894461944&_since=%221659547595259%22

34.102.187.140

200 OK

1506

URL HTTP/2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/cfr/changeset?_expected=1666894461944&_since=%221659547595259%22
IP

34.102.187.140:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (1506), with no line terminators

Size

1506
Hash

4bf9c108a3dab80c738cbf2d4995721f

b818b30329d25e588f8f262831841d936d676c1d

4d3bf358f40290e38873e8395288055dd23ef0eeef99790fe175e91bcc9edc29

HTTP Headers

                                        GET /v1/buckets/main/collections/cfr/changeset?_expected=1666894461944&_since=%221659547595259%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Alert, Content-Type, Retry-After, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 1506
via: 1.1 google
date: Mon, 21 Nov 2022 10:11:34 GMT
cache-control: public,max-age=3600
age: 703
last-modified: Thu, 27 Oct 2022 18:14:21 GMT
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-09-20-34-00.chain

34.160.144.191

200 OK

5348

URL HTTP/2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-09-20-34-00.chain
IP

34.160.144.191:0
ASN

#15169 GOOGLE

Magic

PEM certificate\012- , ASCII text

Size

5348
Hash

c22da7ef9d9661440ea75c23cb583813

45e567955ce3901a1f2d723fdab3c607f7419dd9

2499384fa96f3b1644f5ff8ec2f7a058f5e9b516684e89eb3ff1a1a3060ff053

HTTP Headers

                                        GET /chains/remote-settings.content-signature.mozilla.org-2022-12-09-20-34-00.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                        HTTP/2 200 OK
x-amz-id-2: yhLp3ovml1dBMAJ0YTUZFv8Tul/MkRrmocrCj2/pHWN0jUXXDw1A13bUcc2DzG0ddXedpKcD1F0=
x-amz-request-id: QRDY3K2TAAQ70N1G
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 21 Nov 2022 10:21:36 GMT
age: 101
last-modified: Thu, 20 Oct 2022 20:34:01 GMT
etag: "c22da7ef9d9661440ea75c23cb583813"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/nimbus-desktop-experiments/changeset?_expected=1668794322415&_since=%221666279968541%22

34.102.187.140

200 OK

13396

URL HTTP/2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/nimbus-desktop-experiments/changeset?_expected=1668794322415&_since=%221666279968541%22
IP

34.102.187.140:0
ASN

#15169 GOOGLE

Magic

ASCII text, with very long lines (13396), with no line terminators

Size

13396
Hash

8fa19cb185173863e048adc8c93019c1

5c4b4db59cbd49c709dca4ce5d5beb1e8b1b51f1

e546bd486680d144a721b20ca6bc6a7f50bb827fc9dcdbd1ca92a5f45c255b9b

HTTP Headers

                                        GET /v1/buckets/main/collections/nimbus-desktop-experiments/changeset?_expected=1668794322415&_since=%221666279968541%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Length, Alert, Backoff, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 13396
via: 1.1 google
date: Mon, 21 Nov 2022 09:34:37 GMT
cache-control: public,max-age=3600
age: 2920
last-modified: Fri, 18 Nov 2022 17:58:42 GMT
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/partitioning-exempt-urls/changeset?_expected=1668607340435&_since=%221657747510534%22

34.102.187.140

200 OK

1482

URL HTTP/2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/partitioning-exempt-urls/changeset?_expected=1668607340435&_since=%221657747510534%22
IP

34.102.187.140:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (1482), with no line terminators

Size

1482
Hash

151df207a4786253007ead8264c7a9fe

ef39481d3f610c25b27836fb375e24ac0f3c6b47

352e05fd634451861f76ed1790e01b4f9f8d8fe3993464263f846ada17eb343e

HTTP Headers

                                        GET /v1/buckets/main/collections/partitioning-exempt-urls/changeset?_expected=1668607340435&_since=%221657747510534%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Length, Alert, Backoff, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 1482
via: 1.1 google
date: Mon, 21 Nov 2022 09:30:19 GMT
cache-control: public,max-age=3600
age: 3179
last-modified: Wed, 16 Nov 2022 14:02:20 GMT
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

appleid.cdn-apple.com/daw/uat/IDMSWebAuth/static/23May2018/images/favicon.ico

23.60.29.145

404 Not Found

162

URL HTTP/1.1

appleid.cdn-apple.com/daw/uat/IDMSWebAuth/static/23May2018/images/favicon.ico
IP

23.60.29.145:0
ASN

#16625 AKAMAI-AS

Magic

HTML document text\012- HTML document text\012- HTML document, ASCII text

Size

162
Hash

bc2ea204aec47651271f128d442a5940

07c33b4d131140fb8baf100d68feb6d94aef0fd0

a623921fc837564be01648a40682c97602546303d8065ab6ae79e6672cf66e5f

HTTP Headers

                                        GET /daw/uat/IDMSWebAuth/static/23May2018/images/favicon.ico HTTP/1.1
Host: appleid.cdn-apple.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://apple-seed-portal-support-online.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/1.1 404 Not Found
Server: Apple
Content-Type: text/html;charset=ISO-8859-1
Cache-Control: public, max-age=2592000
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Vary: accept-encoding
Content-Encoding: gzip
Content-Length: 162
Date: Mon, 21 Nov 2022 10:23:18 GMT
Connection: keep-alive
Set-Cookie: srv_id=f2c8f5a4cd6308fa4bfc336815b41e11
JSESSIONID=2638E898F0790335F4638B2336FE3B74; Path=/IDMSWebAuth/static; Secure; HttpOnly

firefox.settings.services.mozilla.com/v1/buckets/main/collections/query-stripping/changeset?_expected=1667238122278&_since=%221656585893704%22

34.102.187.140

200 OK

1719

URL HTTP/2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/query-stripping/changeset?_expected=1667238122278&_since=%221656585893704%22
IP

34.102.187.140:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (1719), with no line terminators

Size

1719
Hash

1971557ee32481ccb55dd637b351b263

be18a39de55151bb40ab40c95de41468fa47b8a2

cfffc68c1707cfbf7e93112696e899f31e4473c82130180e5767b4889e6c62ee

HTTP Headers

                                        GET /v1/buckets/main/collections/query-stripping/changeset?_expected=1667238122278&_since=%221656585893704%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Alert, Content-Type, Retry-After, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 1719
via: 1.1 google
date: Mon, 21 Nov 2022 09:57:52 GMT
cache-control: public,max-age=3600
age: 1526
last-modified: Mon, 31 Oct 2022 17:42:02 GMT
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

798ef0955be535268547903e74dacfcd

782823486f9ded693609cade264d1950e816f7d0

75df3810e787be95774282d4851ce350bba5c326843f1bd02348746355866e95

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "75DF3810E787BE95774282D4851CE350BBA5C326843F1BD02348746355866E95"
Last-Modified: Sat, 19 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8654
Expires: Mon, 21 Nov 2022 12:47:32 GMT
Date: Mon, 21 Nov 2022 10:23:18 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

798ef0955be535268547903e74dacfcd

782823486f9ded693609cade264d1950e816f7d0

75df3810e787be95774282d4851ce350bba5c326843f1bd02348746355866e95

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "75DF3810E787BE95774282D4851CE350BBA5C326843F1BD02348746355866E95"
Last-Modified: Sat, 19 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8654
Expires: Mon, 21 Nov 2022 12:47:32 GMT
Date: Mon, 21 Nov 2022 10:23:18 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

798ef0955be535268547903e74dacfcd

782823486f9ded693609cade264d1950e816f7d0

75df3810e787be95774282d4851ce350bba5c326843f1bd02348746355866e95

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "75DF3810E787BE95774282D4851CE350BBA5C326843F1BD02348746355866E95"
Last-Modified: Sat, 19 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8545
Expires: Mon, 21 Nov 2022 12:45:43 GMT
Date: Mon, 21 Nov 2022 10:23:18 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

798ef0955be535268547903e74dacfcd

782823486f9ded693609cade264d1950e816f7d0

75df3810e787be95774282d4851ce350bba5c326843f1bd02348746355866e95

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "75DF3810E787BE95774282D4851CE350BBA5C326843F1BD02348746355866E95"
Last-Modified: Sat, 19 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8545
Expires: Mon, 21 Nov 2022 12:45:43 GMT
Date: Mon, 21 Nov 2022 10:23:18 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe57c6459-b963-4139-8dae-a8267aa1a8f2.jpeg

34.120.237.76

200 OK

8378

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe57c6459-b963-4139-8dae-a8267aa1a8f2.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

8378
Hash

41411a3a962d84e5ed247d31370cf3db

881962de8e060a78af9372942adfd32ce27ce1fe

f2bf7a0475048a07980d1f475f8a65ee7cf1513d6f88870d0565abcdb8b58d3b

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe57c6459-b963-4139-8dae-a8267aa1a8f2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 8378
x-amzn-requestid: 9fbe32f0-abb9-4281-9f42-03de9c1ca24b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b1BZ1Hg6IAMF0_A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6378490b-26ddfff25e3effd33bc3af35;Sampled=0
x-amzn-remapped-date: Sat, 19 Nov 2022 03:10:03 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: dm8cNGU4HRAaDhonIUGCCgi9-QtNS_8wEEB7CyBmxOeCjs_pILPE3g==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 2ab6211e66998c8b58132661a7e3cade.cloudfront.net (CloudFront), 1.1 google
date: Sun, 20 Nov 2022 13:13:04 GMT
age: 76214
etag: "881962de8e060a78af9372942adfd32ce27ce1fe"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5045

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F645dc32f-cd66-4021-92e9-77c4eff2fa1f.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

5045
Hash

96135f96986369533c0362367c1e6fd8

bc8b0612b79cb30817880fac9728318f837854b4

f4eab133baf21daae8b809966e8ffbe64a2414fd334538a226a2a39ab39c3d46

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F645dc32f-cd66-4021-92e9-77c4eff2fa1f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 5045
x-amzn-requestid: 93295168-385b-4b26-92e0-65858db59541
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b0PgfGfVoAMFjWg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6377f936-7d3d9e44191051f454bd53ca;Sampled=0
x-amzn-remapped-date: Fri, 18 Nov 2022 21:29:26 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: hYkfj6mcRyzHioX7RAjvhpITDBX_CXLhum92tHz6ilGAY2C0fNi48g==
via: 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 a9e73292d0b92053c3e38dcec15fd0e2.cloudfront.net (CloudFront), 1.1 google
date: Sun, 20 Nov 2022 12:50:23 GMT
age: 77575
etag: "bc8b0612b79cb30817880fac9728318f837854b4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7589

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F20f7461d-18d1-4343-9ecb-d68d44ce1ee4.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

7589
Hash

06c6e720bc9900b38e88cd72f739603e

22884cbc78622d6f78c1c3397c9b440946144a99

8675d08e6d8ae5bdedbc7c7ce647f8c6e72cc457917b4ed1856c50b11c2fe88b

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F20f7461d-18d1-4343-9ecb-d68d44ce1ee4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 7589
x-amzn-requestid: 533d7650-cb21-4090-a50a-e205adad316d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: brr5zH4qoAMF79Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63748d0b-017f7bf4390eb124097af648;Sampled=0
x-amzn-remapped-date: Wed, 16 Nov 2022 07:11:07 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 34I3ZsWcHKNvx-MctWUIyOgHOm8vjDMxuHtcGZmykKvEtbs4JziNqA==
via: 1.1 95b0ac620fa3a80ee590ecf1cda1c698.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Sun, 20 Nov 2022 16:12:33 GMT
age: 65445
etag: "22884cbc78622d6f78c1c3397c9b440946144a99"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5342

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0e2c726b-e91a-4cf6-95b8-c267e110416c.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

5342
Hash

a9e0f5c07511d0f6ad0f2441db92797d

2dcc6187d7173ce741975ad4ec24435c9dcb0880

3c57bf58bab9d54dd152eb0260a203b1cb201a9e2d960f25a0cea685b539ea04

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0e2c726b-e91a-4cf6-95b8-c267e110416c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 5342
x-amzn-requestid: e396cea4-ddae-4b88-a73a-ceafb1e11620
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b0b91EMLoAMFYYQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63780d25-7f1187713f288a0c158508ea;Sampled=0
x-amzn-remapped-date: Fri, 18 Nov 2022 22:54:29 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: PkFAourr7ixQ5NYcdMugerMxFTdCLgIAaBz6erANuppgzE2Tm4yVpA==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 3236f234d59c0fda99b416088c283260.cloudfront.net (CloudFront), 1.1 google
date: Sun, 20 Nov 2022 22:34:27 GMT
age: 42531
etag: "2dcc6187d7173ce741975ad4ec24435c9dcb0880"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7191

Report Overview

URL

IP

ASN

Submitted

Access

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (7)

#1 JS:Script (size: 9853)

#2 JS:Script (size: 8131)

#3 JS:Script (size: 14852)

#4 JS:Script (size: 0)

#5 JS:Script (size: 426)

#6 JS:Script (size: 2615)

#7 JS:Script (size: 31)

HTTP Transactions (46)

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

Detections