Overview

URL apple-gsx2-online-support.com/
IP190.14.39.250
ASNOffshore Racks S.A
Location Panama
Report completed2022-11-24 19:13:20 UTC
StatusLoading report..
urlquery Alerts Phishing - Apple
Phishing - Apple


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish
Scan Date Severity Indicator Comment
2022-11-24 2 apple-gsx2-online-support.com/ Apple Inc.
2022-11-24 2 apple-gsx2-online-support.com/ Apple Inc.
2022-11-24 2 apple-gsx2-online-support.com/ Apple Inc.
2022-11-24 2 apple-gsx2-online-support.com/ Apple Inc.
2022-11-24 2 apple-gsx2-online-support.com/ Apple Inc.
2022-11-24 2 apple-gsx2-online-support.com/ Apple Inc.
2022-11-24 2 apple-gsx2-online-support.com/ Apple Inc.
2022-11-24 2 apple-gsx2-online-support.com/ Apple Inc.
2022-11-24 2 apple-gsx2-online-support.com/ Apple Inc.
2022-11-24 2 apple-gsx2-online-support.com/ Apple Inc.
PhishTank  No alerts detected
Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-11-24 2 apple-gsx2-online-support.com/ Phishing
2022-11-24 2 apple-gsx2-online-support.com/go.php?ssl=yes Phishing
2022-11-24 2 apple-gsx2-online-support.com/signin_files/dcutil_2_2.js Phishing
2022-11-24 2 apple-gsx2-online-support.com/signin_files/appleConnect.js Phishing
2022-11-24 2 apple-gsx2-online-support.com/signin_files/commonScript.js Phishing
2022-11-24 2 apple-gsx2-online-support.com/signin_files/commonLogin.js Phishing
2022-11-24 2 apple-gsx2-online-support.com/signin_files/common.js Phishing
2022-11-24 2 apple-gsx2-online-support.com/signin_files/jquery-1.11.1.min.js Phishing
mnemonic secure dns  No alerts detected
Quad9 DNS  No alerts detected


Files

No files detected



Passive DNS (9)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2020-05-03 10:09:39 UTC 52.88.25.203
mnemonic passive DNS img-getpocket.cdn.mozilla.net (6) 1631 2018-06-21 23:36:00 UTC 2020-02-19 04:43:25 UTC 34.120.237.76
mnemonic passive DNS r3.o.lencr.org (7) 344 No data No data 23.36.76.249
mnemonic passive DNS content-signature-2.cdn.mozilla.net (1) 1152 No data No data 34.160.144.191
mnemonic passive DNS firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-11-24 05:36:55 UTC 34.102.187.140
mnemonic passive DNS contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-11-24 05:30:55 UTC 34.117.237.239
mnemonic passive DNS ocsp.digicert.com (3) 86 2012-05-21 07:02:23 UTC 2020-05-02 20:58:10 UTC 93.184.220.29
mnemonic passive DNS apple-gsx2-online-support.com (11) 0 2022-11-24 00:19:26 UTC 2022-11-24 00:19:26 UTC 190.14.39.250 Unknown ranking
mnemonic passive DNS appleid.cdn-apple.com (1) 3288 2013-09-15 17:16:35 UTC 2019-05-16 05:37:30 UTC 23.60.29.145


Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 190.14.39.250

Date UQ / IDS / BL URL IP
2022-11-27 08:00:33 +0000
11 - 0 - 15 apple-ast2-support-online.com/signin.html?Inv (...) 190.14.39.250
2022-11-27 01:55:31 +0000
11 - 0 - 15 apple-ast2-support-online.com/signin.html?Inv (...) 190.14.39.250
2022-11-26 21:25:24 +0000
11 - 0 - 15 apple-ast2-support-online.com/signin.html?Inv (...) 190.14.39.250
2022-11-26 17:13:00 +0000
11 - 0 - 15 apple-ast2-support-online.com/signin.html?Inv (...) 190.14.39.250
2022-11-26 05:12:21 +0000
9 - 0 - 8 apple-my-store-online-support.com/signin.html 190.14.39.250

Last 5 reports on ASN: Offshore Racks S.A

Date UQ / IDS / BL URL IP
2022-11-27 09:34:38 +0000
28 - 0 - 69 acikdenizkredim.ga/ 190.14.39.151
2022-11-27 08:00:33 +0000
11 - 0 - 15 apple-ast2-support-online.com/signin.html?Inv (...) 190.14.39.250
2022-11-27 06:43:21 +0000
0 - 0 - 17 ekle-kampanya-bizde-var-haydi-9000tl-com.cf/s (...) 190.14.39.225
2022-11-27 06:43:01 +0000
0 - 0 - 17 ekle-kampanya-bizde-var-haydi-9000tl-com.cf/s (...) 190.14.39.225
2022-11-27 06:42:42 +0000
0 - 0 - 17 ekle-kampanya-bizde-var-haydi-9000tl-com.cf/g (...) 190.14.39.225

Last 5 reports on domain: apple-gsx2-online-support.com

Date UQ / IDS / BL URL IP
2022-11-25 15:38:11 +0000
10 - 0 - 23 apple-gsx2-online-support.com/signin.html?Inv (...) 190.14.39.250
2022-11-25 15:37:41 +0000
10 - 0 - 23 apple-gsx2-online-support.com/signin.html?Inv (...) 190.14.39.250
2022-11-25 13:55:26 +0000
10 - 0 - 23 apple-gsx2-online-support.com/signin.html?Inv (...) 190.14.39.250
2022-11-25 04:32:13 +0000
9 - 0 - 16 apple-gsx2-online-support.com/signin.html 190.14.39.250
2022-11-25 02:41:16 +0000
9 - 0 - 16 apple-gsx2-online-support.com/signin.html 190.14.39.250

Last 5 reports with similar screenshot

Date UQ / IDS / BL URL IP
2022-11-27 08:00:33 +0000
11 - 0 - 15 apple-ast2-support-online.com/signin.html?Inv (...) 190.14.39.250
2022-11-27 01:55:31 +0000
11 - 0 - 15 apple-ast2-support-online.com/signin.html?Inv (...) 190.14.39.250
2022-11-26 21:25:24 +0000
11 - 0 - 15 apple-ast2-support-online.com/signin.html?Inv (...) 190.14.39.250
2022-11-26 17:13:00 +0000
11 - 0 - 15 apple-ast2-support-online.com/signin.html?Inv (...) 190.14.39.250
2022-11-26 05:12:02 +0000
10 - 0 - 7 apple-my-store-online-support.com/signin.html (...) 190.14.39.250


JavaScript

Executed Scripts (7)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (33)


Request Response
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.249
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "12AF026999398F4976749E320667D43DA3F99B7A2E8254ACA7A410A964A106AA"
Last-Modified: Thu, 24 Nov 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3426
Expires: Thu, 24 Nov 2022 20:10:16 GMT
Date: Thu, 24 Nov 2022 19:13:10 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.249
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "141AC47ACC3800E5D35A82012FA4B044277ABAD3A95DC24415F66FB72C972AE6"
Last-Modified: Wed, 23 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2971
Expires: Thu, 24 Nov 2022 20:02:41 GMT
Date: Thu, 24 Nov 2022 19:13:10 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5962
Cache-Control: max-age=147443
Date: Thu, 24 Nov 2022 19:13:10 GMT
Etag: "637f47ef-1d7"
Expires: Sat, 26 Nov 2022 12:10:33 GMT
Last-Modified: Thu, 24 Nov 2022 10:31:11 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: wOJzBQHsBe1TVF6dWqviI0nRb97tqHuSqimoOAu8LnPnL1VdaNnsHl5D6yp8uD7s9cihHbtt93c=
x-amz-request-id: SQ52B5V31NXETVRW
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 24 Nov 2022 18:40:30 GMT
age: 1960
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    9ebddc2b260d081ebbefee47c037cb28
Sha1:   492bad62a7ca6a74738921ef5ae6f0be5edebf39
Sha256: 74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Length, Alert, Backoff, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 24 Nov 2022 18:18:59 GMT
cache-control: public,max-age=3600
age: 3251
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    4d7e4eed097b9c4e5d509419f1cfc85a
Sha1:   290bb3d428a7c6330e2e3d73a952b16f820896c8
Sha256: 0dc9ca0f57af15adcd416035e92794711434e3d53a1feff21d8481d6d500986c
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Thu, 24 Nov 2022 19:13:10 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET / HTTP/1.1 
Host: apple-gsx2-online-support.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         190.14.39.250
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=UTF-8
                                        
Date: Thu, 24 Nov 2022 19:13:09 GMT
Server: Apache
Location: https://apple-gsx2-online-support.com/go.php?ssl=yes
Keep-Alive: timeout=3, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - openphish: Apple Inc.
    - fortinet: Phishing
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Cache-Control, ETag, Pragma, Expires, Backoff, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 24 Nov 2022 19:11:11 GMT
cache-control: public,max-age=3600
age: 119
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 6510
Cache-Control: 'max-age=158059'
Date: Thu, 24 Nov 2022 19:13:10 GMT
Last-Modified: Thu, 24 Nov 2022 17:24:40 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: n/sINpzQVi7zF+/QxbU0cw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         52.88.25.203
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: SE3POSdzveiosvScPHgIHY9E3UY=

                                        
                                            GET /go.php?ssl=yes HTTP/1.1 
Host: apple-gsx2-online-support.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                         
                                         190.14.39.250
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Thu, 24 Nov 2022 19:13:10 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=eevgg1p3j2b6jk7em2pevtds06; path=/
Keep-Alive: timeout=3, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   243
Md5:    9f5013b2fa23c618223ffa78e1f0ffe1
Sha1:   7bd59d0667e0c0e9e28bd7220b04d5e0b426243e
Sha256: 7ffc4387509f75b1221bc1a7ae655a0fb34865603749698c583a5c125fd7b5c1

Alerts:
  Blocklists:
    - openphish: Apple Inc.
    - fortinet: Phishing
                                        
                                            GET /signin.html?InvitationUrl=f920017d2e5d67c22d4d485bc9a89908&KeyInvite=f920017d2e5d67c22d4d485bc9a89908 HTTP/1.1 
Host: apple-gsx2-online-support.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: PHPSESSID=eevgg1p3j2b6jk7em2pevtds06
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin

                                         
                                         190.14.39.250
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Thu, 24 Nov 2022 19:13:11 GMT
Server: Apache
Last-Modified: Wed, 23 Nov 2022 11:31:07 GMT
Accept-Ranges: bytes
Content-Length: 5205
Keep-Alive: timeout=3, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (1362)
Size:   5205
Md5:    d6f82ffa52930787c2ca0d46d53234f3
Sha1:   5b073e83c4966e3c9895bcbfb188d40d909959db
Sha256: ee7f6ede1edb4c4cdd09c45edbe391de00a8fd5c321d008c42ef89eee7c8e115
                                        
                                            GET /signin_files/sslconnectionstandardpagealert.css HTTP/1.1 
Host: apple-gsx2-online-support.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://apple-gsx2-online-support.com/signin.html?InvitationUrl=f920017d2e5d67c22d4d485bc9a89908&KeyInvite=f920017d2e5d67c22d4d485bc9a89908
Cookie: PHPSESSID=eevgg1p3j2b6jk7em2pevtds06
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         190.14.39.250
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Thu, 24 Nov 2022 19:13:12 GMT
Server: Apache
Last-Modified: Mon, 07 Jun 2021 23:57:12 GMT
Accept-Ranges: bytes
Content-Length: 655
Keep-Alive: timeout=3, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (655), with no line terminators
Size:   655
Md5:    e782587c40c8dcf3a635d130f63e32e2
Sha1:   558f5a277407be6f9d6ea37ca5ff2928cad85967
Sha256: d3730b50271a906fac3a83d99f9fb6c29cb2d4f5151fd854eb08e13089ceadd5

Alerts:
  urlquery:
    - Phishing - Apple
  Blocklists:
    - openphish: Apple Inc.
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.249
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17301
Expires: Fri, 25 Nov 2022 00:01:33 GMT
Date: Thu, 24 Nov 2022 19:13:12 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.249
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17301
Expires: Fri, 25 Nov 2022 00:01:33 GMT
Date: Thu, 24 Nov 2022 19:13:12 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.249
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17301
Expires: Fri, 25 Nov 2022 00:01:33 GMT
Date: Thu, 24 Nov 2022 19:13:12 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.249
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17301
Expires: Fri, 25 Nov 2022 00:01:33 GMT
Date: Thu, 24 Nov 2022 19:13:12 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.249
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17301
Expires: Fri, 25 Nov 2022 00:01:33 GMT
Date: Thu, 24 Nov 2022 19:13:12 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4309
x-amzn-requestid: a22b4d7e-e208-4bda-81c2-d13e6463380e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: blE0hGNioAMF_Tg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6371e81c-1b13846866f56a0e47675e56;Sampled=0
x-amzn-remapped-date: Mon, 14 Nov 2022 07:02:52 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 0sYKpJWi2Tv9Atz3PYXm5j7kmncAOxjcLcK4hgAkJ5b4pNMDmjdB6g==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 07:14:07 GMT
age: 43145
etag: "126771b86638108050cf57c0d12faa27f80f0edb"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4309
Md5:    841a4b110022a99ddea6f7bf66df0fa1
Sha1:   126771b86638108050cf57c0d12faa27f80f0edb
Sha256: 240fbffc1f9104433297d3ff7afba2d0b58d7f1b13d9a9260a1bad25216665db
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F81517ad5-7c1b-49aa-9ba9-dbfa36fbb071.webp HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 13882
x-amzn-requestid: 9022b0b3-31d5-4149-a969-02514f11b95a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cEvzNHjMoAMFWMg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637e9347-0e8354a02bef623644714e31;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 21:40:23 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ve4q5FDkwMGhPK6ZVVVCZtoBTaGaz43r_PwINzwS5Nx5tcZeQkVIfw==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Wed, 23 Nov 2022 21:49:47 GMT
age: 77005
etag: "1102dbdcbcabf5c25d17840f8f00d5b55b9b8f0a"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   13882
Md5:    64d79191f005c9876b952c5f948aa0f7
Sha1:   1102dbdcbcabf5c25d17840f8f00d5b55b9b8f0a
Sha256: 00fb36c3d322e8302c5ce202d6d4119d637510cd6f3b63e1347781ec3bb9d7fc
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fca5cb469-21a0-420a-875c-a81635b33f53.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7993
x-amzn-requestid: 9f0ff853-4819-47cd-959d-658401ea5748
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cEvCsG5mIAMFqAQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637e9211-1c48b9223684f2942f8dd42d;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 21:35:13 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 7YSXUV-LZpsI7vciFhuqt1EVr6YRkhxcOgMg8z8bxLcOE01_baf6Gg==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 23 Nov 2022 21:47:06 GMT
etag: "43d1dec7fc06879988c9c3cadd800cc8145df988"
age: 77166
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7993
Md5:    92c78302bcce1568eb6a5563100b932c
Sha1:   43d1dec7fc06879988c9c3cadd800cc8145df988
Sha256: 0dda9914306c8e3a7ea75eade8e762652d93907dd6c5a8cc81707d6d8098b60a
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F433fbaf5-7c54-485b-af70-542e1e788832.webp HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5070
x-amzn-requestid: d86d95ad-9b78-4047-82e7-04e83a97e330
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cEwViF1GIAMF_PQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637e9423-10809ba1634776171cf79cb8;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 21:44:03 GMT
x-amz-cf-pop: SFO5-P2, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 8rbsN9OVJmneT9ov-Q7V4RB8DP5UWhhn-7cnukHiBpl06zmMM0zJTg==
via: 1.1 0dc4feb22bb4657ce2bb95fd05ec7122.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 23 Nov 2022 21:57:20 GMT
age: 76552
etag: "89accd230fba95fe0049678070817b36ead015fa"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5070
Md5:    0856fdb55f19f03a1bec38b3d6e0ac77
Sha1:   89accd230fba95fe0049678070817b36ead015fa
Sha256: 17c6e6f9bb8f4261fff2dc2a43ed994986418761624b8afead768e89927594f2
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F50d7d834-f80d-4fd9-a728-24643ed00c45.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6789
x-amzn-requestid: 4d94ce1b-d18f-43b8-bb4d-e7093f9bea42
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cCvd2G9UIAMFrEg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637dc5f2-64a570135be59b83031811da;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 07:04:18 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: JygkDI7XSvlgurUTot874ZAXlOIqnv4cntMQ55IvHVqw93JBcksZjQ==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 07:15:22 GMT
age: 43070
etag: "303c571b13b05fcf27ee1159d8fdf6369aaef0a2"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6789
Md5:    d9d93b2a6875d446c3467eb49767eef5
Sha1:   303c571b13b05fcf27ee1159d8fdf6369aaef0a2
Sha256: 2a2345a925e0187979930a7f2de8548957ad9f2baae77364dcb157286e2b3fcf
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d85d03d-8fcf-42f4-bada-e7f488f04307.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7462
x-amzn-requestid: 1f6fb14d-83e0-43d3-9dab-5bc83af1a7c4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cEwV3HV9oAMFs9w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637e9425-634d43db6308e0be596aa5a0;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 21:44:05 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: GW5UTfY7-TwPWTno9z1e21a2cA9fmU7GfHFYWdL-zQvMLxeq-S9Trg==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Wed, 23 Nov 2022 22:03:54 GMT
age: 76158
etag: "a7d9135f9d01ba13c3cdaf8b038c70212f159297"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7462
Md5:    b4157f2c5c3c77ce699324ecb08f47c7
Sha1:   a7d9135f9d01ba13c3cdaf8b038c70212f159297
Sha256: 2305f7afee95bb34d9e8dbff571c6b146ba7b694be96e9e925c32d1f41785916
                                        
                                            GET /signin_files/dcutil_2_2.js HTTP/1.1 
Host: apple-gsx2-online-support.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://apple-gsx2-online-support.com/signin.html?InvitationUrl=f920017d2e5d67c22d4d485bc9a89908&KeyInvite=f920017d2e5d67c22d4d485bc9a89908
Cookie: PHPSESSID=eevgg1p3j2b6jk7em2pevtds06
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         190.14.39.250
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Thu, 24 Nov 2022 19:13:12 GMT
Server: Apache
Last-Modified: Mon, 07 Jun 2021 23:57:12 GMT
Accept-Ranges: bytes
Content-Length: 9853
Keep-Alive: timeout=3, max=98
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (9853), with no line terminators
Size:   9853
Md5:    8cfbb21e37613eeff2e4edfd79486c31
Sha1:   3267ca95abcc36eae1d293d8d11f45ee429c1df9
Sha256: 64adb7a8c8e1bb39d4bd9ccda626629acc674e8e7856f30f77618b834203850a

Alerts:
  urlquery:
    - Phishing - Apple
  Blocklists:
    - openphish: Apple Inc.
    - fortinet: Phishing
                                        
                                            GET /signin_files/appleConnect.js HTTP/1.1 
Host: apple-gsx2-online-support.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://apple-gsx2-online-support.com/signin.html?InvitationUrl=f920017d2e5d67c22d4d485bc9a89908&KeyInvite=f920017d2e5d67c22d4d485bc9a89908
Cookie: PHPSESSID=eevgg1p3j2b6jk7em2pevtds06
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         190.14.39.250
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Thu, 24 Nov 2022 19:13:12 GMT
Server: Apache
Last-Modified: Mon, 07 Jun 2021 23:57:12 GMT
Accept-Ranges: bytes
Content-Length: 2615
Keep-Alive: timeout=3, max=97
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (2615), with no line terminators
Size:   2615
Md5:    38b17298bf75adf82609b7e4bc21d7e2
Sha1:   8df60271f3cc725ad3e832dfe5494a41f5954cdf
Sha256: 34a19c4ff3d24951063abd0a16fbedf42ef19d5facfccf49aad2198302ce7c48

Alerts:
  urlquery:
    - Phishing - Apple
  Blocklists:
    - openphish: Apple Inc.
    - fortinet: Phishing
                                        
                                            GET /signin_files/commonScript.js HTTP/1.1 
Host: apple-gsx2-online-support.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://apple-gsx2-online-support.com/signin.html?InvitationUrl=f920017d2e5d67c22d4d485bc9a89908&KeyInvite=f920017d2e5d67c22d4d485bc9a89908
Cookie: PHPSESSID=eevgg1p3j2b6jk7em2pevtds06
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         190.14.39.250
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Thu, 24 Nov 2022 19:13:12 GMT
Server: Apache
Last-Modified: Mon, 07 Jun 2021 23:57:12 GMT
Accept-Ranges: bytes
Content-Length: 426
Keep-Alive: timeout=3, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (426), with no line terminators
Size:   426
Md5:    32ee6304a190aa4f930602e73ae3bfb5
Sha1:   4d334eb4e6a451e9ee669c1ae4ac3612eba7233f
Sha256: 12b7cf283479c08b9661e1a18b4e4131b08a1893747dd43dd9d9ee8a23b43510

Alerts:
  urlquery:
    - Phishing - Apple
  Blocklists:
    - openphish: Apple Inc.
    - fortinet: Phishing
                                        
                                            GET /signin_files/commonLogin.js HTTP/1.1 
Host: apple-gsx2-online-support.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://apple-gsx2-online-support.com/signin.html?InvitationUrl=f920017d2e5d67c22d4d485bc9a89908&KeyInvite=f920017d2e5d67c22d4d485bc9a89908
Cookie: PHPSESSID=eevgg1p3j2b6jk7em2pevtds06
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         190.14.39.250
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Thu, 24 Nov 2022 19:13:12 GMT
Server: Apache
Last-Modified: Mon, 07 Jun 2021 23:57:12 GMT
Accept-Ranges: bytes
Content-Length: 8131
Keep-Alive: timeout=3, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (8131), with no line terminators
Size:   8131
Md5:    a1029a5fe2afeec5adc800fbf8373362
Sha1:   e08a24c99e6bdc490134e4d1120ac4c7f5abc4e8
Sha256: 635a77e3b53082ccde899a47d8bb5ecd4e111eb29cdaeb3d53966b74a405fb8f

Alerts:
  urlquery:
    - Phishing - Apple
  Blocklists:
    - openphish: Apple Inc.
    - fortinet: Phishing
                                        
                                            GET /signin_files/common.js HTTP/1.1 
Host: apple-gsx2-online-support.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://apple-gsx2-online-support.com/signin.html?InvitationUrl=f920017d2e5d67c22d4d485bc9a89908&KeyInvite=f920017d2e5d67c22d4d485bc9a89908
Cookie: PHPSESSID=eevgg1p3j2b6jk7em2pevtds06
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         190.14.39.250
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Thu, 24 Nov 2022 19:13:12 GMT
Server: Apache
Last-Modified: Mon, 07 Jun 2021 23:57:12 GMT
Accept-Ranges: bytes
Content-Length: 14852
Keep-Alive: timeout=3, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (14852), with no line terminators
Size:   14852
Md5:    439ecaa236575c25770b39148ad3fe1b
Sha1:   1d445a4fe0a76467a56104876fe4ebf44fb354f3
Sha256: d9d174e1e1aa91f501a512f024b52778969b76dd7e6f63a4dc1f75d7a4ac21fd

Alerts:
  urlquery:
    - Phishing - Apple
  Blocklists:
    - openphish: Apple Inc.
    - fortinet: Phishing
                                        
                                            GET /signin_files/appleconnect.css HTTP/1.1 
Host: apple-gsx2-online-support.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://apple-gsx2-online-support.com/signin.html?InvitationUrl=f920017d2e5d67c22d4d485bc9a89908&KeyInvite=f920017d2e5d67c22d4d485bc9a89908
Cookie: PHPSESSID=eevgg1p3j2b6jk7em2pevtds06
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         190.14.39.250
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Thu, 24 Nov 2022 19:13:12 GMT
Server: Apache
Last-Modified: Mon, 07 Jun 2021 23:57:12 GMT
Accept-Ranges: bytes
Content-Length: 50456
Keep-Alive: timeout=3, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (50456), with no line terminators
Size:   50456
Md5:    67495aadd5f25f8fa2f14f2637a9578e
Sha1:   36cde42d625ddda0f20b5821d5f09c5f2eb9cb0e
Sha256: 9af2aae85733913b7357536fdee95c5fa87f8ba03a481f34d8d5209a75f97a88

Alerts:
  urlquery:
    - Phishing - Apple
  Blocklists:
    - openphish: Apple Inc.
                                        
                                            GET /signin_files/jquery-1.11.1.min.js HTTP/1.1 
Host: apple-gsx2-online-support.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://apple-gsx2-online-support.com/signin.html?InvitationUrl=f920017d2e5d67c22d4d485bc9a89908&KeyInvite=f920017d2e5d67c22d4d485bc9a89908
Cookie: PHPSESSID=eevgg1p3j2b6jk7em2pevtds06
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         190.14.39.250
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Thu, 24 Nov 2022 19:13:12 GMT
Server: Apache
Last-Modified: Mon, 07 Jun 2021 23:57:12 GMT
Accept-Ranges: bytes
Content-Length: 95786
Keep-Alive: timeout=3, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (32086)
Size:   95786
Md5:    8101d596b2b8fa35fe3a634ea342d7c3
Sha1:   d6c1f41972de07b09bfa63d2e50f9ab41ec372bd
Sha256: 540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441

Alerts:
  urlquery:
    - Phishing - Apple
  Blocklists:
    - openphish: Apple Inc.
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3793
Cache-Control: max-age=167600
Date: Thu, 24 Nov 2022 19:13:13 GMT
Etag: "637f9f28-1d7"
Expires: Sat, 26 Nov 2022 17:46:33 GMT
Last-Modified: Thu, 24 Nov 2022 16:43:20 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /daw/uat/IDMSWebAuth/static/23May2018/images/favicon.ico HTTP/1.1 
Host: appleid.cdn-apple.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://apple-gsx2-online-support.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         23.60.29.145
HTTP/1.1 200 OK
Content-Type: image/x-icon
                                        
Server: Apple
Cache-Control: public, max-age=2592000
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Accept-Ranges: bytes
ETag: W/"9062-1528474469663"
Last-Modified: Fri, 08 Jun 2018 16:14:29 GMT
Vary: accept-encoding
Content-Encoding: gzip
Host: appleid.cdn-apple.com
Content-Length: 1628
Date: Thu, 24 Nov 2022 19:13:13 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  MS Windows icon resource - 4 icons, 32x32, 8 bits/pixel, 16x16, 8 bits/pixel\012- data
Size:   1628
Md5:    0b3389d96530d233beca5e396cb12608
Sha1:   88b0e1f430d106249ad21b16bdf33e1faea7b589
Sha256: e65ddb464994c243b7f71d6d440d7cbe4f52b78c3de8da9e740c3472b71185eb