Report - pub-10510343597e4ee99c2f706af4158fa2.r2.dev/indexjs%20(2).html

Report Overview

Submitted URL
pub-10510343597e4ee99c2f706af4158fa2.r2.dev/indexjs%20(2).html
IP
104.18.3.35
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-18 06:07:00
Access
public
Website Title
Sign in with myGov - myGov
Final URL
pub-10510343597e4ee99c2f706af4158fa2.r2.dev/fbd34494-5d9a-44a6-a92f-4bc5cd63fab2
Tags
australia government phishing
urlquery detections
Phishing - Australian Government

Detections

urlquery
4
Network Intrusion Detection
0
Threat Detection Systems
4

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
gv-44z.pages.dev	unknown	2020-09-02	2023-11-06	2024-03-12	2.9 kB	345 kB	172.66.47.175
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-04-18	1.6 kB	50 kB	142.250.74.163
login.my.gov.au	unknown	unknown	2022-06-20	2024-03-30	418 B	1.5 kB	161.146.235.204
maxcdn.bootstrapcdn.com	724	2012-05-25	2014-06-18	2024-04-17	422 B	28 kB	104.18.11.207
dev-dewdrop101.pantheonsite.io	unknown	2016-01-29	2024-02-21	2024-03-22	895 B	310 kB	23.185.0.4
pub-10510343597e4ee99c2f706af4158fa2.r2.dev	unknown	unknown	No data	No data	1.0 kB	894 B	104.18.2.35
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17	2024-04-17	404 B	5.5 kB	104.17.24.14
ajax.aspnetcdn.com	693	2010-10-12	2012-05-24	2024-04-17	389 B	31 kB	152.199.19.160

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-04-17	medium	pub-10510343597e4ee99c2f706af4158fa2.r2.dev/indexjs%20(2).html	Australian Government

PhishTank

Scan Date	Severity	Indicator	Alert
2024-04-18	medium	pub-10510343597e4ee99c2f706af4158fa2.r2.dev/indexjs%20(2).html	Other

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (3)

	URL	Size	First Seen	Last Seen
	ajax.aspnetcdn.com/ajax/jQuery/jquery-3.3.1.min.js	87 kB	2023-03-07	2024-05-01
Pretty URL ajax.aspnetcdn.com/ajax/jQuery/jquery-3.3.1.min.js IP 152.199.19.160 ASN #15133 EDGECAST Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-05-01 09:03:08 Times Seen107393 Hash a09e13ee94d51c524b7e2a728c7d4039 0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.10/jquery.mask.js	20 kB	2023-03-07	2024-04-30
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.10/jquery.mask.js IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:35 Last Seen2024-04-30 19:25:10 Times Seen3647 Hash 053305c2b293c27c02523cda42962c09 556b0af7346b9e21a8eea1be8b195b563169ecd5 be483938eb34538b970684f72e312f62652e84b42b7ad86953962d1ce2217c44 Loading...

	pub-10510343597e4ee99c2f706af4158fa2.r2.dev/fbd34494-5d9a-44a6-a92f-4bc5cd63fab2	2.2 kB	2024-04-18	2024-04-25
Pretty URL pub-10510343597e4ee99c2f706af4158fa2.r2.dev/fbd34494-5d9a-44a6-a92f-4bc5cd63fab2 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-18 08:07:06 Last Seen2024-04-25 08:17:23 Times Seen3 Hash a8d7f6c4bb2191a7f6c1f2ab8534ca55 590824f63c65e110c7cf8f2081b8800b61221df0 e9960653c37f426799698b2af1a98890235cb5577392d1fa171376ae40376241 Loading...

HTTP Transactions (18)

URL IP Response Size

pub-10510343597e4ee99c2f706af4158fa2.r2.dev/indexjs%20(2).html

104.18.2.35

200 OK

587 B

URL User Request GET HTTP/1.1
pub-10510343597e4ee99c2f706af4158fa2.r2.dev/indexjs%20(2).html
IP
104.18.2.35:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subject*.r2.dev
Fingerprint48:74:F0:98:E0:A1:57:3E:86:18:BF:B3:DC:C9:7A:5B:53:50:FE:E0
ValidityFri, 05 Apr 2024 15:25:24 GMT - Thu, 04 Jul 2024 15:25:23 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
587 B (587 bytes)
Hash
9ae120151a3e70d129a31f24c2e7f55a
d6d47b3ab21dc345cdd8082780ed37dddecaa842
c3015a25da1088273aa371b4ffe243769e3742bbbee3d941aa568c72169be389

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Australian Government
PhishTank	phishing	Other

HTTP Headers

GET /indexjs%20(2).html HTTP/1.1
Host: pub-10510343597e4ee99c2f706af4158fa2.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 06:06:34 GMT
Content-Type: text/html
Content-Length: 587
Connection: keep-alive
Accept-Ranges: bytes
ETag: "9ae120151a3e70d129a31f24c2e7f55a"
Last-Modified: Tue, 16 Apr 2024 20:51:51 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87627835faea56aa-OSL

cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.10/jquery.mask.js

104.17.24.14

200 OK

4.5 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.10/jquery.mask.js
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pub-10510343597e4ee99c2f706af4158fa2.r2.dev/indexjs%20(2).html
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text
Size
4.5 kB (4517 bytes)
Hash
053305c2b293c27c02523cda42962c09
556b0af7346b9e21a8eea1be8b195b563169ecd5
be483938eb34538b970684f72e312f62652e84b42b7ad86953962d1ce2217c44

HTTP Headers

GET /ajax/libs/jquery.mask/1.14.10/jquery.mask.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 06:06:35 GMT
content-type: application/javascript; charset=utf-8
content-length: 4517
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec3-4e98"
last-modified: Mon, 04 May 2020 16:11:47 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 116883
expires: Tue, 08 Apr 2025 06:06:35 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2LVPKZN7%2FWqPWdIcn6hKmuwwxG7YzbtqdUP513NjxA0ODlUESE8ZhWTVQ509Nvs3f29QFa3Z4LThl1C6obm9%2FbqmflaMTtbzlSi%2Bd9JtHMZlR3f2cP2jbFgfoA1RnrbJTGYHFsaO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 8762783ddf8cb4fa-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ajax.aspnetcdn.com/ajax/jQuery/jquery-3.3.1.min.js

152.199.19.160

200 OK

30 kB

URL GET HTTP/2
ajax.aspnetcdn.com/ajax/jQuery/jquery-3.3.1.min.js
IP
152.199.19.160:443
ASN
#15133 EDGECAST

Requested by
https://pub-10510343597e4ee99c2f706af4158fa2.r2.dev/indexjs%20(2).html
Certificate
IssuerDigiCert Inc
Subject*.vo.msecnd.net
Fingerprint86:E0:37:E4:B1:31:51:81:DD:54:33:82:FF:4D:EB:D1:15:5F:65:C4
ValidityTue, 30 Jan 2024 00:00:00 GMT - Thu, 30 Jan 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65451)
Size
30 kB (30394 bytes)
Hash
a09e13ee94d51c524b7e2a728c7d4039
0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

HTTP Headers

GET /ajax/jQuery/jquery-3.3.1.min.js HTTP/1.1
Host: ajax.aspnetcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
age: 2087195
cache-control: public,max-age=31536000
content-type: application/javascript
date: Thu, 18 Apr 2024 06:06:35 GMT
etag: "80288516b793d31:0"
last-modified: Mon, 22 Jan 2018 19:27:49 GMT
server: ECAcc (ska/F6AE)
timing-allow-origin: *
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 30394
X-Firefox-Spdy: h2

gv-44z.pages.dev/icons/icon-blugov-info.svg

172.66.47.175

404 Not Found

0 B

URL GET HTTP/3
gv-44z.pages.dev/icons/icon-blugov-info.svg
IP
172.66.47.175:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pub-10510343597e4ee99c2f706af4158fa2.r2.dev/indexjs%20(2).html
Certificate
IssuerGoogle Trust Services LLC
Subjectgv-44z.pages.dev
Fingerprint00:19:1B:2C:85:DF:8B:4F:B0:82:C5:C4:AC:67:09:1F:B9:83:E8:D3
ValiditySun, 03 Mar 2024 14:43:05 GMT - Sat, 01 Jun 2024 14:43:04 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /icons/icon-blugov-info.svg HTTP/1.1
Host: gv-44z.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gv-44z.pages.dev/css/blugov.css
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 404 Not Found
date: Thu, 18 Apr 2024 06:06:35 GMT
content-length: 0
access-control-allow-origin: *
referrer-policy: strict-origin-when-cross-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QtO%2BP2Qe23p0YK8D%2Bm0Ryl2WMtEkjLseuTZDWSrzGwnXgEwZlDYMe4HUxVz1lk%2Bsbp5jAo0Rz2dYah5%2F3NHteG%2Fv1mbxTrp17kdOInVFbuVHiBe9g4VpurRw3dvdVgjAKcDX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876278400e3d0b4d-OSL
alt-svc: h3=":443"; ma=86400

gv-44z.pages.dev/icons/icon-external-link.svg

172.66.47.175

404 Not Found

0 B

URL GET HTTP/3
gv-44z.pages.dev/icons/icon-external-link.svg
IP
172.66.47.175:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pub-10510343597e4ee99c2f706af4158fa2.r2.dev/indexjs%20(2).html
Certificate
IssuerGoogle Trust Services LLC
Subjectgv-44z.pages.dev
Fingerprint00:19:1B:2C:85:DF:8B:4F:B0:82:C5:C4:AC:67:09:1F:B9:83:E8:D3
ValiditySun, 03 Mar 2024 14:43:05 GMT - Sat, 01 Jun 2024 14:43:04 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /icons/icon-external-link.svg HTTP/1.1
Host: gv-44z.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gv-44z.pages.dev/css/mgv2-application.css
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 404 Not Found
date: Thu, 18 Apr 2024 06:06:35 GMT
content-length: 0
access-control-allow-origin: *
referrer-policy: strict-origin-when-cross-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2MFwSTuLZ6DCH%2BTHwCl2eskIw16nDTV3ndNtldIlLWq5kgswtbTET5bUBmGvHK75rCVRccBAigbE5QZfw93gmXlWe8a0RM3y%2BB4yeNGGBvpaxaHYHFa%2F3%2FwsjXRH6msZVzNo"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876278400e3f0b4d-OSL
alt-svc: h3=":443"; ma=86400

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

142.250.74.163

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
142.250.74.163:443
ASN
#15169 GOOGLE

Requested by
https://pub-10510343597e4ee99c2f706af4158fa2.r2.dev/indexjs%20(2).html
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15920, version 1.0
Size
16 kB (15920 bytes)
Hash
3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://gv-44z.pages.dev/
Origin: https://pub-10510343597e4ee99c2f706af4158fa2.r2.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 18 Apr 2024 02:32:53 GMT
expires: Fri, 18 Apr 2025 02:32:53 GMT
cache-control: public, max-age=31536000
age: 12822
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

142.250.74.163

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
142.250.74.163:443
ASN
#15169 GOOGLE

Requested by
https://pub-10510343597e4ee99c2f706af4158fa2.r2.dev/indexjs%20(2).html
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://gv-44z.pages.dev/
Origin: https://pub-10510343597e4ee99c2f706af4158fa2.r2.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 18 Apr 2024 02:37:01 GMT
expires: Fri, 18 Apr 2025 02:37:01 GMT
cache-control: public, max-age=31536000
age: 12574
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

142.250.74.163

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
142.250.74.163:443
ASN
#15169 GOOGLE

Requested by
https://pub-10510343597e4ee99c2f706af4158fa2.r2.dev/indexjs%20(2).html
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://gv-44z.pages.dev/
Origin: https://pub-10510343597e4ee99c2f706af4158fa2.r2.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 16 Apr 2024 10:46:32 GMT
expires: Wed, 16 Apr 2025 10:46:32 GMT
cache-control: public, max-age=31536000
age: 156003
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

161.146.235.204

200 OK

238 B

URL GET HTTP/1.1
login.my.gov.au/mygov/content/mgv2/icons/favicon-16x16.png
IP
161.146.235.204:443
ASN
#18055 Department of Human Services

Requested by
https://pub-10510343597e4ee99c2f706af4158fa2.r2.dev/indexjs%20(2).html
Certificate
IssuerEntrust, Inc.
Subjectlogin.my.gov.au
Fingerprint3F:38:1C:2B:B0:B1:C1:DB:07:34:27:8D:11:90:AA:91:56:95:97:B2
ValidityWed, 14 Jun 2023 01:29:42 GMT - Sun, 23 Jun 2024 01:29:42 GMT

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Size
238 B (238 bytes)
Hash
734603b796e313e6b30c5314cfff7a0d
9ef8bcab45a447a173ba98d4e8af6114c30a1aca
5e70f30259d620e25efa88586a8871d5c94113f0b0d7d6f3e817f585891bf154

HTTP Headers

GET /mygov/content/mgv2/icons/favicon-16x16.png HTTP/1.1
Host: login.my.gov.au
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
accept-ranges: bytes
content-length: 238
content-type: image/png
date: Thu, 18 Apr 2024 06:06:36 GMT
last-modified: Sat, 13 Apr 2024 15:09:31 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
vary: Accept-Encoding
x-frame-options: DENY
x-content-type-options: nosniff
cache-control: max-age=3600,public,must-revalidate
inst: 1a
expires: Thu, 18 Apr 2024 07:06:36 GMT
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubDomains
server-timing: dtRpid;desc="104616831"
Set-Cookie: BIGipServerHBZK2i12N308Oa3l35yEhg=!tHlXe8Lh4sSSPkkG6zMjgWwrfzKDRl2oDM4cTz4GTlsix9+f4Fm2G9i91cguXQYdEIkn6HBKey5J+6g=; expires=Thu, 18-Apr-2024 06:36:36 GMT; path=/; Httponly; Secure; SameSite=none
PD_STATEFUL_aaa1d6bc-31d2-11e6-b102-0050568e537f=%2Fmygov; Path=/; Secure; HttpOnly; SameSite=none
TS0143fa37=01e535258ff9defd99be64c438474dbfeea407e960e37cccf29abf02191e787273c6288949a40191a83597a3ca473917b8565692dcf0511200e43193b57a82ea708b701e62429abe8579863f44b7ed7e3b2192e05f; Path=/; Domain=.login.my.gov.au; SameSite=none; Secure
TS76481464027=082d0e0bfcab200011e09c0d67ceb00e33e4740007d0426b81ddb200746fc665d1af300bc7006e1f08e2ce3a0a1130008dcdd48fd9c2dc0e5b1c813ac6db0df8f35323d16a16cbb39095e0d8874ddcad8cf03c1d81a705a9e5a293ecd9c71a40; Path=/; SameSite=none; Secure

gv-44z.pages.dev/css/css.css

172.66.47.175

200 OK

11 kB

URL GET HTTP/2
gv-44z.pages.dev/css/css.css
IP
172.66.47.175:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pub-10510343597e4ee99c2f706af4158fa2.r2.dev/indexjs%20(2).html
Certificate
IssuerGoogle Trust Services LLC
Subjectgv-44z.pages.dev
Fingerprint00:19:1B:2C:85:DF:8B:4F:B0:82:C5:C4:AC:67:09:1F:B9:83:E8:D3
ValiditySun, 03 Mar 2024 14:43:05 GMT - Sat, 01 Jun 2024 14:43:04 GMT

File type
ASCII text
Size
11 kB (10901 bytes)
Hash
ca4edca1bb8422cefee03d35674c783b
2510ce3810515d486b7fcc9bd0da591d18e01dac
daced01a20c71f769238dfbb8a8d735dbc27dcbb7f6dba7777c3e1d9532639c5

HTTP Headers

GET /css/css.css HTTP/1.1
Host: gv-44z.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 06:06:35 GMT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"cf0c8686973dffb84f171cca0e243e58"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3VMdLhMqsZF7HlAZn04ESRYdT6%2BgBxKkEjFMEeIXqnWVITw4sJoZ2d9UjcSWupbkNCqEFcHeYDmXmcBXIYYIJoI8tD3ecYXApyMPMkeMgJLJGenm2vGKfMJxN%2Bbssr25ybvo"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8762783dc999b505-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

gv-44z.pages.dev/css/blugov.css

172.66.47.175

200 OK

72 kB

URL GET HTTP/2
gv-44z.pages.dev/css/blugov.css
IP
172.66.47.175:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pub-10510343597e4ee99c2f706af4158fa2.r2.dev/indexjs%20(2).html
Certificate
IssuerGoogle Trust Services LLC
Subjectgv-44z.pages.dev
Fingerprint00:19:1B:2C:85:DF:8B:4F:B0:82:C5:C4:AC:67:09:1F:B9:83:E8:D3
ValiditySun, 03 Mar 2024 14:43:05 GMT - Sat, 01 Jun 2024 14:43:04 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
72 kB (71748 bytes)
Hash
c322754577042a878a690e8114cdcb0e
c7423076ff0eb5bf55f43d5e9bcd883e1dc36827
62d587573e8fb758992b48ccffea6f8f1391833d14839af2681f512659ec7faa

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Australian Government

HTTP Headers

GET /css/blugov.css HTTP/1.1
Host: gv-44z.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 06:06:35 GMT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"7ced24856018cdf1ee050efb0e82a644"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ktvsbr72Hij56xDOfGSCU9OYpPn2MlPC9Jxu2Fztk77FDUSZc0YYiUxgXMLRK619oI0Wyw7zQD65bfSE6crfvP8INJu9D7i9uYQvmzCPVRnhUdiUyadPB87fb%2FkDOsu1F2NY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8762783dc9a8b505-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

gv-44z.pages.dev/css/myGov-cobranded-logo-black.svg

172.66.47.175

200 OK

64 kB

URL GET HTTP/2
gv-44z.pages.dev/css/myGov-cobranded-logo-black.svg
IP
172.66.47.175:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pub-10510343597e4ee99c2f706af4158fa2.r2.dev/indexjs%20(2).html
Certificate
IssuerGoogle Trust Services LLC
Subjectgv-44z.pages.dev
Fingerprint00:19:1B:2C:85:DF:8B:4F:B0:82:C5:C4:AC:67:09:1F:B9:83:E8:D3
ValiditySun, 03 Mar 2024 14:43:05 GMT - Sat, 01 Jun 2024 14:43:04 GMT

File type
SVG Scalable Vector Graphics image
Size
64 kB (64143 bytes)
Hash
b53f20300babca4ebb422e59b888be1f
699c5898c6dd9d2b8b949db2e13c8f0b0d29e26b
954aa858b3bffb8511bc41bc88b07d2b24597c37faf522550e26c9aa3b0d220d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Australian Government

HTTP Headers

GET /css/myGov-cobranded-logo-black.svg HTTP/1.1
Host: gv-44z.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 06:06:35 GMT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"b7d79a0510019d5d23626b30fa2cdbb1"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iudcfpxMOh58ZcLfJ3JbJfc5sShPdT0%2F1fEangL%2B1PV2D20abo%2BXJ14igigECcW5CWhgdAS52bjR%2FnbeE%2Be%2BEA8bGJe11iws7%2F9W35ZftQucF%2BDaI6XIOKA62ZyQ3jSkawoZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8762783dc99bb505-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

pub-10510343597e4ee99c2f706af4158fa2.r2.dev/favicon.ico

0.0.0.0

0 B

URL GET
pub-10510343597e4ee99c2f706af4158fa2.r2.dev/favicon.ico
IP
0.0.0.0:0
ASN
#0

Requested by
https://pub-10510343597e4ee99c2f706af4158fa2.r2.dev/indexjs%20(2).html
Certificate
IssuerLet's Encrypt
Subject*.r2.dev
Fingerprint48:74:F0:98:E0:A1:57:3E:86:18:BF:B3:DC:C9:7A:5B:53:50:FE:E0
ValidityFri, 05 Apr 2024 15:25:24 GMT - Thu, 04 Jul 2024 15:25:23 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: pub-10510343597e4ee99c2f706af4158fa2.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-10510343597e4ee99c2f706af4158fa2.r2.dev/indexjs%20(2).html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

gv-44z.pages.dev/css/mgv2-application.css

172.66.47.175

200 OK

129 kB

URL GET HTTP/2
gv-44z.pages.dev/css/mgv2-application.css
IP
172.66.47.175:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pub-10510343597e4ee99c2f706af4158fa2.r2.dev/indexjs%20(2).html
Certificate
IssuerGoogle Trust Services LLC
Subjectgv-44z.pages.dev
Fingerprint00:19:1B:2C:85:DF:8B:4F:B0:82:C5:C4:AC:67:09:1F:B9:83:E8:D3
ValiditySun, 03 Mar 2024 14:43:05 GMT - Sat, 01 Jun 2024 14:43:04 GMT

File type
ASCII text, with very long lines (59825)
Size
129 kB (129374 bytes)
Hash
beef50c5133526925ebf17d27a0d8a91
3f9c441f5fb6304b5210bf4c131b5680a6725b1d
2bb7a6a1c69c680150feae21505a9fca6da3260dc64647ebaff0567543a98d0f

HTTP Headers

GET /css/mgv2-application.css HTTP/1.1
Host: gv-44z.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 06:06:35 GMT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"28434831edbcae23f37718c6156b2017"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=A4c3tXNRANIBYDDjrp1UF4CFrITGQPokqxvUGTVLwadDowZ0Y4zpvOxn9%2BrBcv%2BHZ90SiAcKjcd6t9SJ3F%2BoycolsQpKrDxBHgSDIY8eeUSqT8mnE6ahRaCOWg4gCoyqU9Fi"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8762783dc9aab505-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css

104.18.11.207

200 OK

28 kB

URL GET HTTP/2
maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css
IP
104.18.11.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pub-10510343597e4ee99c2f706af4158fa2.r2.dev/indexjs%20(2).html
Certificate
IssuerGoogle Trust Services LLC
Subjectbootstrapcdn.com
Fingerprint57:B4:25:B9:9C:88:A1:A3:3D:F7:31:74:02:E4:D1:E0:0A:F5:11:63
ValidityWed, 27 Mar 2024 00:22:09 GMT - Tue, 25 Jun 2024 00:22:08 GMT

File type
ASCII text, with very long lines (27303)
Size
28 kB (27466 bytes)
Hash
4fbd15cb6047af93373f4f895639c8bf
12d6861075de8e293265ff6ff03b1f3adcb44c76
ddd92f10ad162c7449eff0acaf40598c05b1111739587edb75e5326b6697c5d5

HTTP Headers

GET /font-awesome/4.5.0/css/font-awesome.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 06:06:35 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"4fbd15cb6047af93373f4f895639c8bf"
last-modified: Mon, 25 Jan 2021 22:04:54 GMT
cdn-cachedat: 10/31/2023 18:58:32
cdn-proxyver: 1.04
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 1047
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 25754c75fb460a03a208e88579fbc0b3
cdn-cache: HIT
cf-cache-status: HIT
age: 12524040
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 8762783db89856a8-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

dev-dewdrop101.pantheonsite.io/Ato/jquery.js

23.185.0.4

200 OK

291 kB

URL GET HTTP/2
dev-dewdrop101.pantheonsite.io/Ato/jquery.js
IP
23.185.0.4:443
ASN
#54113 FASTLY

Requested by
https://pub-10510343597e4ee99c2f706af4158fa2.r2.dev/indexjs%20(2).html
Certificate
IssuerLet's Encrypt
Subjectpantheonsite.io
Fingerprint23:29:40:F0:5B:2A:65:6E:BF:46:58:A1:10:8F:CF:AE:E4:77:7A:DA
ValidityWed, 24 Jan 2024 20:55:39 GMT - Tue, 23 Apr 2024 20:55:38 GMT

File type
JavaScript source, ASCII text, with CRLF line terminators
Size
291 kB (290960 bytes)
Hash
24fa855a7678b1938f16235881e3e80b
67b6c9946134456d67c07765d230130d8679f8c6
f2a84bc4f4cb8ae04162f42f1f3ebed1e05725d9b5bf666b885356c7698a071f

HTTP Headers

GET /Ato/jquery.js HTTP/1.1
Host: dev-dewdrop101.pantheonsite.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-10510343597e4ee99c2f706af4158fa2.r2.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-encoding: gzip
content-type: application/x-javascript
etag: W/"65d69e44-47090"
expires: Thu, 18 Apr 2024 06:06:33 GMT
last-modified: Thu, 22 Feb 2024 01:07:16 GMT
server: nginx
strict-transport-security: max-age=300
x-pantheon-styx-hostname: styx-fe4-a-685f954744-rsjbx
x-styx-req-id: cf5a9f5f-fd49-11ee-9e53-0649753233bf
cache-control: no-cache, must-revalidate
date: Thu, 18 Apr 2024 06:06:34 GMT
x-served-by: cache-chi-kigq8000023-CHI, cache-hel1410033-HEL
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-timer: S1713420395.770742,VS0,VE143
vary: Accept-Encoding
x-robots-tag: noindex
age: 0
accept-ranges: bytes
via: 1.1 varnish, 1.1 varnish
X-Firefox-Spdy: h2

dev-dewdrop101.pantheonsite.io/Ato/basic.js

23.185.0.4

200 OK

17 kB

URL GET HTTP/2
dev-dewdrop101.pantheonsite.io/Ato/basic.js
IP
23.185.0.4:443
ASN
#54113 FASTLY

Requested by
https://pub-10510343597e4ee99c2f706af4158fa2.r2.dev/indexjs%20(2).html
Certificate
IssuerLet's Encrypt
Subjectpantheonsite.io
Fingerprint23:29:40:F0:5B:2A:65:6E:BF:46:58:A1:10:8F:CF:AE:E4:77:7A:DA
ValidityWed, 24 Jan 2024 20:55:39 GMT - Tue, 23 Apr 2024 20:55:38 GMT

File type
JavaScript source, ASCII text, with very long lines (16656), with CRLF line terminators
Size
17 kB (17211 bytes)
Hash
0e25a1884f83e4c81881f408fdb761b5
1fb6f03ae1bfde2e6e3d121c26308b59c09075d5
cdee3291ed95a0cb95a5dee473f5fee38a7a71b8d01755776295a217fdfb8073

HTTP Headers

GET /Ato/basic.js HTTP/1.1
Host: dev-dewdrop101.pantheonsite.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-10510343597e4ee99c2f706af4158fa2.r2.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-encoding: gzip
content-type: application/x-javascript
etag: W/"661edefe-433b"
expires: Thu, 18 Apr 2024 06:06:33 GMT
last-modified: Tue, 16 Apr 2024 20:26:38 GMT
server: nginx
strict-transport-security: max-age=300
x-pantheon-styx-hostname: styx-fe4-b-7cb7fd6d5-l976x
x-styx-req-id: cf5e8b35-fd49-11ee-a7d2-e6bb36c57d07
cache-control: no-cache, must-revalidate
date: Thu, 18 Apr 2024 06:06:34 GMT
x-served-by: cache-chi-kigq8000124-CHI, cache-hel1410033-HEL
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-timer: S1713420395.796889,VS0,VE141
vary: Accept-Encoding
x-robots-tag: noindex
age: 0
accept-ranges: bytes
via: 1.1 varnish, 1.1 varnish
X-Firefox-Spdy: h2

gv-44z.pages.dev/css/myGov-cobranded-logo-white.svg

172.66.47.175

200 OK

64 kB

URL GET HTTP/2
gv-44z.pages.dev/css/myGov-cobranded-logo-white.svg
IP
172.66.47.175:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pub-10510343597e4ee99c2f706af4158fa2.r2.dev/indexjs%20(2).html
Certificate
IssuerGoogle Trust Services LLC
Subjectgv-44z.pages.dev
Fingerprint00:19:1B:2C:85:DF:8B:4F:B0:82:C5:C4:AC:67:09:1F:B9:83:E8:D3
ValiditySun, 03 Mar 2024 14:43:05 GMT - Sat, 01 Jun 2024 14:43:04 GMT

File type
SVG Scalable Vector Graphics image
Size
64 kB (64140 bytes)
Hash
de646b2f77f5fa27d55a01bbb9cf584e
33316eb871adf6e08af7c780eb15872549d08dc3
10b11a7c97b90bcf7ad520ac94c5769d08540ce1ee3b84d487c587bf128e3388

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Australian Government

HTTP Headers

GET /css/myGov-cobranded-logo-white.svg HTTP/1.1
Host: gv-44z.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 06:06:35 GMT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"2505abc899f3807a546ccb9bcfe8a858"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4yzasDkjqYNlzuZyW5s%2B28UL%2BvCKUMQH9e2lIc6OHJ%2BpRaWPanyE%2FDkhvAvZ686G3ply3Xe84L5x9XQaimkUkNL2MO57nSxu0mwZmPY6q57ybyfjt3RKfO8B%2FUylFpoxTbR3"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8762783dc9a1b505-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (3)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (18)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate