Report - cba-verify-au.xyz/

Report Overview

Submitted URL
cba-verify-au.xyz/
IP
172.86.127.172
ASN
#8100 ASN-QUADRANET-GLOBAL
Submitted
2022-12-19 08:01:42
Access
Website Title
Final URL
Tags
commonwealth_bank financial phishing
urlquery detections
Phishing - Commonwealth Bank

Detections

urlquery
35
Network Intrusion Detection
0
Threat Detection Systems
88

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-09T05:09:18Z	782 B	2.4 kB	35.241.9.150
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-09T05:09:49Z	413 B	5.8 kB	34.160.144.191
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-09T05:09:48Z	333 B	391 B	34.117.237.239
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-09T11:52:10Z	341 B	796 B	93.184.220.29
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-09T05:09:13Z	606 B	127 B	34.208.31.97
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-09T10:04:36Z	3.2 kB	56 kB	34.120.237.76
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-09T05:09:05Z	2.7 kB	7.1 kB	95.101.11.115
cba-verify-au.xyz	unknown	2022-12-17T08:32:52Z	2022-12-21T01:35:39Z	18 kB	204 kB	172.86.127.172

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2022-12-18	medium	cba-verify-au.xyz/	Commonwealth Bank of Australia
2022-12-18	medium	cba-verify-au.xyz/	Commonwealth Bank of Australia
2022-12-18	medium	cba-verify-au.xyz/	Commonwealth Bank of Australia
2022-12-18	medium	cba-verify-au.xyz/	Commonwealth Bank of Australia
2022-12-18	medium	cba-verify-au.xyz/	Commonwealth Bank of Australia
2022-12-18	medium	cba-verify-au.xyz/	Commonwealth Bank of Australia
2022-12-18	medium	cba-verify-au.xyz/	Commonwealth Bank of Australia
2022-12-18	medium	cba-verify-au.xyz/	Commonwealth Bank of Australia
2022-12-18	medium	cba-verify-au.xyz/	Commonwealth Bank of Australia
2022-12-18	medium	cba-verify-au.xyz/	Commonwealth Bank of Australia
2022-12-18	medium	cba-verify-au.xyz/	Commonwealth Bank of Australia
2022-12-18	medium	cba-verify-au.xyz/	Commonwealth Bank of Australia
2022-12-18	medium	cba-verify-au.xyz/	Commonwealth Bank of Australia
2022-12-18	medium	cba-verify-au.xyz/	Commonwealth Bank of Australia
2022-12-18	medium	cba-verify-au.xyz/	Commonwealth Bank of Australia
2022-12-18	medium	cba-verify-au.xyz/	Commonwealth Bank of Australia
2022-12-18	medium	cba-verify-au.xyz/	Commonwealth Bank of Australia

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-12-19	medium	cba-verify-au.xyz/	Phishing
2022-12-19	medium	cba-verify-au.xyz/	Phishing
2022-12-19	medium	cba-verify-au.xyz/static/js/jquery.cookie.js	Phishing
2022-12-19	medium	cba-verify-au.xyz/static/js/jquery.mask.js	Phishing
2022-12-19	medium	cba-verify-au.xyz/static/layer/layer.js	Phishing
2022-12-19	medium	cba-verify-au.xyz/static/js/lib/jquery-2.1.4.min.js	Phishing
2022-12-19	medium	cba-verify-au.xyz/static/js/data.js	Phishing
2022-12-19	medium	cba-verify-au.xyz/static/js/lib/jsencrypt.min.js	Phishing
2022-12-19	medium	cba-verify-au.xyz/static/js/lib/crypto-js.js	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-12-19	medium	cba-verify-au.xyz	Sinkholed
2022-12-19	medium	cba-verify-au.xyz	Sinkholed
2022-12-19	medium	cba-verify-au.xyz	Sinkholed
2022-12-19	medium	cba-verify-au.xyz	Sinkholed
2022-12-19	medium	cba-verify-au.xyz	Sinkholed
2022-12-19	medium	cba-verify-au.xyz	Sinkholed
2022-12-19	medium	cba-verify-au.xyz	Sinkholed
2022-12-19	medium	cba-verify-au.xyz	Sinkholed
2022-12-19	medium	cba-verify-au.xyz	Sinkholed
2022-12-19	medium	cba-verify-au.xyz	Sinkholed
2022-12-19	medium	cba-verify-au.xyz	Sinkholed
2022-12-19	medium	cba-verify-au.xyz	Sinkholed
2022-12-19	medium	cba-verify-au.xyz	Sinkholed
2022-12-19	medium	cba-verify-au.xyz	Sinkholed
2022-12-19	medium	cba-verify-au.xyz	Sinkholed
2022-12-19	medium	cba-verify-au.xyz	Sinkholed
2022-12-19	medium	cba-verify-au.xyz	Sinkholed
2022-12-19	medium	cba-verify-au.xyz	Sinkholed

JavaScript (10)

	URL	Size	First Seen	Last Seen
	cba-verify-au.xyz/static/js/jquery.mask.js	20 kB	2023-03-07	2024-07-26
Pretty URL cba-verify-au.xyz/static/js/jquery.mask.js IP 172.86.127.172 ASN #8100 ASN-QUADRANET-GLOBAL Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:35 Last Seen2024-07-26 12:46:55 Times Seen4336 Hash 053305c2b293c27c02523cda42962c09 556b0af7346b9e21a8eea1be8b195b563169ecd5 be483938eb34538b970684f72e312f62652e84b42b7ad86953962d1ce2217c44 Loading...

	cba-verify-au.xyz/static/layer/layer.js	22 kB	2023-03-09	2023-03-14
Pretty URL cba-verify-au.xyz/static/layer/layer.js IP 172.86.127.172 ASN #8100 ASN-QUADRANET-GLOBAL Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 15:02:35 Last Seen2023-03-14 05:57:14 Times Seen1 Hash 8c97bfb944565c528470adfe1787e0a0 56be7b7d04d86d013c44e9e1ace6f18b1994458a 5056e0b712ac6e11566296592c2f4a641d1fc19174c7b053715e1714a8b61afd Loading...

	cba-verify-au.xyz/	39 B	2023-03-09	2023-03-14
Pretty URL cba-verify-au.xyz/ IP 172.86.127.172 ASN #8100 ASN-QUADRANET-GLOBAL Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 15:02:35 Last Seen2023-03-14 05:57:14 Times Seen1 Hash 453cbb2d5bb48b4944ecb2f2402da0e0 3825bf62d3f3ebd9b3f527b64f077c1d6f229f8d b3b6a3a861bfab2eb9b9581a2c0f69bea5870348992e084de5cbf04c88c19c0f Loading...

	cba-verify-au.xyz/static/js/lib/jquery-2.1.4.min.js	93 kB	2023-03-07	2024-07-25
Pretty URL cba-verify-au.xyz/static/js/lib/jquery-2.1.4.min.js IP 172.86.127.172 ASN #8100 ASN-QUADRANET-GLOBAL Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:41:46 Last Seen2024-07-25 08:13:13 Times Seen112 Hash d1c14ce3c1f1b9a8f92d9640d7360307 29a0f87c686e328f2b739d77dd4d641e28e26825 21cafb6e71a6112d3c1f4777fefa66300fa3e09db01fc7b92dfee436b8373e2c Loading...

	cba-verify-au.xyz/static/js/jquery.cookie.js	1.1 kB	2023-03-07	2024-07-23
Pretty URL cba-verify-au.xyz/static/js/jquery.cookie.js IP 172.86.127.172 ASN #8100 ASN-QUADRANET-GLOBAL Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:41:46 Last Seen2024-07-23 12:19:52 Times Seen25 Hash 4550d2a382c8a3447d463046655a1c1e 1bb1dff15e554320926cfb12bc3afbf4e8a2c6a4 395ec7b4d89d0085bccdfb3031f553a80237f676701239b764de31ee27cd8357 Loading...

	cba-verify-au.xyz/	1.3 kB	2023-03-09	2023-03-14
Pretty URL cba-verify-au.xyz/ IP 172.86.127.172 ASN #8100 ASN-QUADRANET-GLOBAL Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 15:02:35 Last Seen2023-03-14 05:57:14 Times Seen1 Hash 6ba57d67d2af1e7ba3b85fd1ada2e167 74d0bf3310a607f2da4a46a9c86ff6b208259754 6c3e36c3141802504f14a4277f94898b4e3a0cd8c223c8b19b2ff45c9db7b143 Loading...

	unknown	0 B	2023-03-07	2024-07-27
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-07-27 04:25:26 Times Seen41185457 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	cba-verify-au.xyz/static/js/lib/jsencrypt.min.js	56 kB	2023-03-07	2024-07-23
Pretty URL cba-verify-au.xyz/static/js/lib/jsencrypt.min.js IP 172.86.127.172 ASN #8100 ASN-QUADRANET-GLOBAL Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:41:46 Last Seen2024-07-23 12:19:52 Times Seen8 Hash 7e8ce3203c36dd0ca4120acd9c9accfc 3ba55207b4ae796711d9f3df2b13984bbea2972a 45bc337deb12378508f7173b11c86dcf7bba33e6731dc7c1dc9724fb5820ca8a Loading...

	cba-verify-au.xyz/static/js/data.js	3.2 kB	2023-03-09	2023-03-14
Pretty URL cba-verify-au.xyz/static/js/data.js IP 172.86.127.172 ASN #8100 ASN-QUADRANET-GLOBAL Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 15:02:35 Last Seen2023-03-14 05:57:14 Times Seen1 Hash 840d15c548352aa888a9b2b1830a4a96 55e27d4c30e0ea71879f30708fad7c8114dc0ba3 7d3419f7240467f0465c93457e599fd7eef9f233458ff886cda751d4a70f1973 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 4aa7e20f1c908393da85abb9f8cb3d23	978 B	2023-03-07	2024-07-23
Pretty Observations First Seen2023-03-07 12:12:30 Last Seen2024-07-23 19:42:09 Times Seen112 Hash 4aa7e20f1c908393da85abb9f8cb3d23 6349cff2f2ad97dd6246bdc9db365dbe349417a7 d5a3348bb779da9508ef61e8c7f04c6c6143c3452717124e764844eee1125490 Loading...

HTTP Transactions (38)

URL IP Response Size

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
4cbb89840b57466fcbc0b31305c9dc47
c2c08a7a243a3f7972e8068c448488cac6d2519f
5f871ffd142470f132fed1c93f5f1a7fe6a5ecc3b4311d3d47555fce1d9a35f1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5F871FFD142470F132FED1C93F5F1A7FE6A5ECC3B4311D3D47555FCE1D9A35F1"
Last-Modified: Sat, 17 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9045
Expires: Mon, 19 Dec 2022 10:32:17 GMT
Date: Mon, 19 Dec 2022 08:01:32 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
2039a1dda99e075b82840608771d2326
e89713a35b312f3b87fbeaad98f03fddecbf77ce
aae78c754635e9833fa6c231d775bddc82add02f9ce3197a0b260a0806e708c3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AAE78C754635E9833FA6C231D775BDDC82ADD02F9CE3197A0B260A0806E708C3"
Last-Modified: Sat, 17 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17676
Expires: Mon, 19 Dec 2022 12:56:08 GMT
Date: Mon, 19 Dec 2022 08:01:32 GMT
Connection: keep-alive

cba-verify-au.xyz/

172.86.127.172

301 Moved Permanently

301 B

URL HTTP/1.1
cba-verify-au.xyz/
IP
172.86.127.172:0
ASN
#8100 ASN-QUADRANET-GLOBAL

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
301 B (301 bytes)
Hash
565ac3e6568fe13e65a4d369c614befd
55099711b5ea9c840cbf60fdcb58aafb94b06ba9
75b2acdc3e3e2490110f85aac5cbd51be22f2d4199b39b7f04010be0463751ce

Detections

Analyzer	Verdict	Alert
openphish	Commonwealth Bank of Australia
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: cba-verify-au.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Date: Mon, 19 Dec 2022 08:01:32 GMT
Server: Apache
Location: https://cba-verify-au.xyz/
Content-Length: 301
Connection: close
Content-Type: text/html; charset=iso-8859-1

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Backoff, Content-Length, Content-Type, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 19 Dec 2022 07:45:36 GMT
content-type: application/json
age: 956
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
bcade8542361774f13ecd22557ff8fb8
5e67a3753b0856c765f3b17f1742d3ed684ffb6d
647f8d9d3d1170e60a60e15fdfd9b59445feb56a6ce9d9bb2fa4720f0bfc3a14

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "647F8D9D3D1170E60A60E15FDFD9B59445FEB56A6CE9D9BB2FA4720F0BFC3A14"
Last-Modified: Sat, 17 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7866
Expires: Mon, 19 Dec 2022 10:12:38 GMT
Date: Mon, 19 Dec 2022 08:01:32 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: kdnoAzj+ncIOeLDMWH5UGelgkzIiJwrHDDtlp8rA8mnBx74wdYbarKl5CyYy8O4BBzIV3Eozpyc=
x-amz-request-id: 2N9V1S7R1KF76GZC
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 19 Dec 2022 07:28:56 GMT
age: 1956
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 19 Dec 2022 08:01:32 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Cache-Control, Backoff, Content-Length, Pragma, Alert, Expires, Last-Modified, Retry-After, ETag, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 19 Dec 2022 07:33:24 GMT
age: 1688
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
5629fc650d7cc6b81c7091cf069a54d5
be54a47a2d43cfb2b94b309f90cce9e6fd901699
ca26621ff3d72662ae7f7486b750b2553007fc056d292a27cb8d01a99f8fceab

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CA26621FF3D72662AE7F7486B750B2553007FC056D292A27CB8D01A99F8FCEAB"
Last-Modified: Sat, 17 Dec 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21560
Expires: Mon, 19 Dec 2022 14:00:52 GMT
Date: Mon, 19 Dec 2022 08:01:32 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
0bc27cdcd6c42d7f8eece6c074bc452f
ff1234b58f7381f51f9082c1ef4894b1ac5700ff
672fc3b7ba7ee7a8b376c73a86a5bab00b1a1aead54c3ca64c0bff83d831348e

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4723
Cache-Control: max-age=95042
Content-Type: application/ocsp-response
Date: Mon, 19 Dec 2022 08:01:32 GMT
Etag: "639ed82b-1d7"
Expires: Tue, 20 Dec 2022 10:25:34 GMT
Last-Modified: Sun, 18 Dec 2022 09:06:51 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 471

cba-verify-au.xyz/

172.86.127.172

200 OK

2.7 kB

URL HTTP/2
cba-verify-au.xyz/
IP
172.86.127.172:0
ASN
#8100 ASN-QUADRANET-GLOBAL

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (399)
Size
2.7 kB (2666 bytes)
Hash
6cb758aa779b3c95fb66606b0de28b18
56e4277615d77a98248112bd1057a7bcf27f1e4f
6c01d3de0b1575cfa9460bf24fd4a3ca259bcd5521d5a41b6f5af1dbe2e470d2

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Commonwealth Bank
urlquery	phishing	Phishing - Commonwealth Bank
openphish	Commonwealth Bank of Australia
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: cba-verify-au.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
cache-control: no-cache, private
date: Mon, 19 Dec 2022 08:01:32 GMT
set-cookie: XSRF-TOKEN=eyJpdiI6ImJ3VTN3TGxwWEhxTVBOUlFRV1wvNzJBPT0iLCJ2YWx1ZSI6Ik1GTFRKSnJiOTZQWDYxeDl3eVBZSmZVXC81MFF0MVwvSVwvb0dmMGlhMzE3MVJJQytLTG9MbHBraEQyWFdcL0xXcWEwIiwibWFjIjoiNDVmMTlmMTYzOTg1MTRkYzlhZTIzNWU4NGZkMGE3NGY5NzA5MTgzZTY5ZTlmNTM0YTY4NjBkYjk1ZGU2YTIxZCJ9; expires=Mon, 19-Dec-2022 10:01:33 GMT; Max-Age=7200; path=/
laravel_session=eyJpdiI6IjI3NlBIYXllZVY3SURrdmJEMVwvRDFBPT0iLCJ2YWx1ZSI6IkRQK01rME96K0JSdUExbmkxNmVHZ1Q5Tmd3OWV0QWpLVERHcHNQaVpjZ0V5SzQ4bktOblhUOFlyamx5aTBEYjRXTzdJcjJkZTkwZitUeFlIKzRZS01UeUdRNzJLTDRIYkxtUHdvam5IekRCNDdNUWgzcDU0N1wvU3BHZHhWeDhrWiIsIm1hYyI6ImVkMzZhNmVkZjUwNTA4YjE5YzE0NDMwNjgyNzkzZTc3ZTNkZGVkMGQzNjE4YjJhOWM0MmRmZDEyMjFhOWY2NTQifQ%3D%3D; expires=Mon, 19-Dec-2022 10:01:33 GMT; Max-Age=7200; path=/; httponly
vary: Accept-Encoding
content-encoding: gzip
content-length: 2666
content-type: text/html; charset=UTF-8
server: Apache
X-Firefox-Spdy: h2

push.services.mozilla.com/

34.208.31.97

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
34.208.31.97:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: cPwwGbQ+ruhtLjvH3HUz0g==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: En2HOFXph8Ml8AueCLNuKiDJrwc=

cba-verify-au.xyz/css/logon-merge.8397238ab0ae7a25ea1af4d375f2c3df.css

172.86.127.172

200 OK

7.1 kB

URL HTTP/2
cba-verify-au.xyz/css/logon-merge.8397238ab0ae7a25ea1af4d375f2c3df.css
IP
172.86.127.172:0
ASN
#8100 ASN-QUADRANET-GLOBAL

File type
ASCII text, with very long lines (31678), with no line terminators
Size
7.1 kB (7082 bytes)
Hash
3b54851907a4f52a96513f574a0b77ec
5fa7a77290db9edcb902d6d8fce4da97aa561fb7
cf5a58a73dfbc046c2b8d87ebad70a27e74a65979603d137f39beed6ee747c58

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Commonwealth Bank
urlquery	phishing	Phishing - Commonwealth Bank
openphish	Commonwealth Bank of Australia
quad9	Sinkholed

HTTP Headers

GET /css/logon-merge.8397238ab0ae7a25ea1af4d375f2c3df.css HTTP/1.1
Host: cba-verify-au.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cba-verify-au.xyz/
Cookie: XSRF-TOKEN=eyJpdiI6ImJ3VTN3TGxwWEhxTVBOUlFRV1wvNzJBPT0iLCJ2YWx1ZSI6Ik1GTFRKSnJiOTZQWDYxeDl3eVBZSmZVXC81MFF0MVwvSVwvb0dmMGlhMzE3MVJJQytLTG9MbHBraEQyWFdcL0xXcWEwIiwibWFjIjoiNDVmMTlmMTYzOTg1MTRkYzlhZTIzNWU4NGZkMGE3NGY5NzA5MTgzZTY5ZTlmNTM0YTY4NjBkYjk1ZGU2YTIxZCJ9; laravel_session=eyJpdiI6IjI3NlBIYXllZVY3SURrdmJEMVwvRDFBPT0iLCJ2YWx1ZSI6IkRQK01rME96K0JSdUExbmkxNmVHZ1Q5Tmd3OWV0QWpLVERHcHNQaVpjZ0V5SzQ4bktOblhUOFlyamx5aTBEYjRXTzdJcjJkZTkwZitUeFlIKzRZS01UeUdRNzJLTDRIYkxtUHdvam5IekRCNDdNUWgzcDU0N1wvU3BHZHhWeDhrWiIsIm1hYyI6ImVkMzZhNmVkZjUwNTA4YjE5YzE0NDMwNjgyNzkzZTc3ZTNkZGVkMGQzNjE4YjJhOWM0MmRmZDEyMjFhOWY2NTQifQ%3D%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 03 Nov 2022 14:59:44 GMT
etag: "7bbe-5ec92351c9800-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 7082
content-type: text/css
date: Mon, 19 Dec 2022 08:01:33 GMT
server: Apache
X-Firefox-Spdy: h2

cba-verify-au.xyz/css/clientlib-common.min.4a40b402b2c29f52593911596519e15e.css

172.86.127.172

200 OK

14 kB

URL HTTP/2
cba-verify-au.xyz/css/clientlib-common.min.4a40b402b2c29f52593911596519e15e.css
IP
172.86.127.172:0
ASN
#8100 ASN-QUADRANET-GLOBAL

File type
ASCII text, with very long lines (2844)
Size
14 kB (14394 bytes)
Hash
b8e3c28cc48480e6da96512bb5182d2b
1a2519ad045bb2f9cf282d2a2d9839732e117213
b156324d02b5529ff5a820a2df5ad447fc1fc83ea2257ea4774b9160927beb87

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Commonwealth Bank
urlquery	phishing	Phishing - Commonwealth Bank
openphish	Commonwealth Bank of Australia
quad9	Sinkholed

HTTP Headers

GET /css/clientlib-common.min.4a40b402b2c29f52593911596519e15e.css HTTP/1.1
Host: cba-verify-au.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cba-verify-au.xyz/
Cookie: XSRF-TOKEN=eyJpdiI6ImJ3VTN3TGxwWEhxTVBOUlFRV1wvNzJBPT0iLCJ2YWx1ZSI6Ik1GTFRKSnJiOTZQWDYxeDl3eVBZSmZVXC81MFF0MVwvSVwvb0dmMGlhMzE3MVJJQytLTG9MbHBraEQyWFdcL0xXcWEwIiwibWFjIjoiNDVmMTlmMTYzOTg1MTRkYzlhZTIzNWU4NGZkMGE3NGY5NzA5MTgzZTY5ZTlmNTM0YTY4NjBkYjk1ZGU2YTIxZCJ9; laravel_session=eyJpdiI6IjI3NlBIYXllZVY3SURrdmJEMVwvRDFBPT0iLCJ2YWx1ZSI6IkRQK01rME96K0JSdUExbmkxNmVHZ1Q5Tmd3OWV0QWpLVERHcHNQaVpjZ0V5SzQ4bktOblhUOFlyamx5aTBEYjRXTzdJcjJkZTkwZitUeFlIKzRZS01UeUdRNzJLTDRIYkxtUHdvam5IekRCNDdNUWgzcDU0N1wvU3BHZHhWeDhrWiIsIm1hYyI6ImVkMzZhNmVkZjUwNTA4YjE5YzE0NDMwNjgyNzkzZTc3ZTNkZGVkMGQzNjE4YjJhOWM0MmRmZDEyMjFhOWY2NTQifQ%3D%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 06 Nov 2022 16:31:14 GMT
etag: "150dc-5eccfd5dd7880-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 14394
content-type: text/css
date: Mon, 19 Dec 2022 08:01:33 GMT
server: Apache
X-Firefox-Spdy: h2

cba-verify-au.xyz/css/loading.css

172.86.127.172

200 OK

246 B

URL HTTP/2
cba-verify-au.xyz/css/loading.css
IP
172.86.127.172:0
ASN
#8100 ASN-QUADRANET-GLOBAL

File type
ASCII text, with very long lines (465), with no line terminators
Size
246 B (246 bytes)
Hash
5912202177e1f28af4e90ab9b8760b11
35e6a570de9d5e5455e84c87fe87d5d762671edf
9795b8d41b163f7a7b86b8dfa904c5e0fa9c6c3590d8ccc2826689c8427a2596

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Commonwealth Bank
urlquery	phishing	Phishing - Commonwealth Bank
openphish	Commonwealth Bank of Australia
quad9	Sinkholed

HTTP Headers

GET /css/loading.css HTTP/1.1
Host: cba-verify-au.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cba-verify-au.xyz/
Cookie: XSRF-TOKEN=eyJpdiI6ImJ3VTN3TGxwWEhxTVBOUlFRV1wvNzJBPT0iLCJ2YWx1ZSI6Ik1GTFRKSnJiOTZQWDYxeDl3eVBZSmZVXC81MFF0MVwvSVwvb0dmMGlhMzE3MVJJQytLTG9MbHBraEQyWFdcL0xXcWEwIiwibWFjIjoiNDVmMTlmMTYzOTg1MTRkYzlhZTIzNWU4NGZkMGE3NGY5NzA5MTgzZTY5ZTlmNTM0YTY4NjBkYjk1ZGU2YTIxZCJ9; laravel_session=eyJpdiI6IjI3NlBIYXllZVY3SURrdmJEMVwvRDFBPT0iLCJ2YWx1ZSI6IkRQK01rME96K0JSdUExbmkxNmVHZ1Q5Tmd3OWV0QWpLVERHcHNQaVpjZ0V5SzQ4bktOblhUOFlyamx5aTBEYjRXTzdJcjJkZTkwZitUeFlIKzRZS01UeUdRNzJLTDRIYkxtUHdvam5IekRCNDdNUWgzcDU0N1wvU3BHZHhWeDhrWiIsIm1hYyI6ImVkMzZhNmVkZjUwNTA4YjE5YzE0NDMwNjgyNzkzZTc3ZTNkZGVkMGQzNjE4YjJhOWM0MmRmZDEyMjFhOWY2NTQifQ%3D%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 04 Nov 2022 02:10:44 GMT
etag: "1d1-5ec9b94cb7100-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 246
content-type: text/css
date: Mon, 19 Dec 2022 08:01:33 GMT
server: Apache
X-Firefox-Spdy: h2

cba-verify-au.xyz/css/clientlib-homepage-2020.min.99e7dc0d7d9b11ea5aec970bf60fa00d.css

172.86.127.172

200 OK

22 kB

URL HTTP/2
cba-verify-au.xyz/css/clientlib-homepage-2020.min.99e7dc0d7d9b11ea5aec970bf60fa00d.css
IP
172.86.127.172:0
ASN
#8100 ASN-QUADRANET-GLOBAL

File type
ASCII text, with very long lines (1559)
Size
22 kB (22034 bytes)
Hash
210f8059d22941e7ce805b75cce7a53d
892b1d9aefd755e5f5aa6a46194294d42b90d0bb
af51d34ad776bac95c46e01ffeaf14696f3f0e2f5e420d52c6ff343bc84a5c7a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Commonwealth Bank
urlquery	phishing	Phishing - Commonwealth Bank
openphish	Commonwealth Bank of Australia
quad9	Sinkholed

HTTP Headers

GET /css/clientlib-homepage-2020.min.99e7dc0d7d9b11ea5aec970bf60fa00d.css HTTP/1.1
Host: cba-verify-au.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cba-verify-au.xyz/
Cookie: XSRF-TOKEN=eyJpdiI6ImJ3VTN3TGxwWEhxTVBOUlFRV1wvNzJBPT0iLCJ2YWx1ZSI6Ik1GTFRKSnJiOTZQWDYxeDl3eVBZSmZVXC81MFF0MVwvSVwvb0dmMGlhMzE3MVJJQytLTG9MbHBraEQyWFdcL0xXcWEwIiwibWFjIjoiNDVmMTlmMTYzOTg1MTRkYzlhZTIzNWU4NGZkMGE3NGY5NzA5MTgzZTY5ZTlmNTM0YTY4NjBkYjk1ZGU2YTIxZCJ9; laravel_session=eyJpdiI6IjI3NlBIYXllZVY3SURrdmJEMVwvRDFBPT0iLCJ2YWx1ZSI6IkRQK01rME96K0JSdUExbmkxNmVHZ1Q5Tmd3OWV0QWpLVERHcHNQaVpjZ0V5SzQ4bktOblhUOFlyamx5aTBEYjRXTzdJcjJkZTkwZitUeFlIKzRZS01UeUdRNzJLTDRIYkxtUHdvam5IekRCNDdNUWgzcDU0N1wvU3BHZHhWeDhrWiIsIm1hYyI6ImVkMzZhNmVkZjUwNTA4YjE5YzE0NDMwNjgyNzkzZTc3ZTNkZGVkMGQzNjE4YjJhOWM0MmRmZDEyMjFhOWY2NTQifQ%3D%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 06 Nov 2022 16:30:25 GMT
etag: "3cc88-5eccfd2f1ca40-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 22034
content-type: text/css
date: Mon, 19 Dec 2022 08:01:33 GMT
server: Apache
X-Firefox-Spdy: h2

cba-verify-au.xyz/static/js/jquery.cookie.js

172.86.127.172

200 OK

685 B

URL HTTP/2
cba-verify-au.xyz/static/js/jquery.cookie.js
IP
172.86.127.172:0
ASN
#8100 ASN-QUADRANET-GLOBAL

File type
ASCII text, with very long lines (1052)
Size
685 B (685 bytes)
Hash
75098ede41615f0fd3299b601bf7a35f
5034160694cb3e200373fa52ad27ed3e85fadf1c
5e988764cb6888fcc2a1dfcd689dea7a71b23f6952499d8ddf142a4de436ddfe

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Commonwealth Bank
urlquery	phishing	Phishing - Commonwealth Bank
openphish	Commonwealth Bank of Australia
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /static/js/jquery.cookie.js HTTP/1.1
Host: cba-verify-au.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cba-verify-au.xyz/
Cookie: XSRF-TOKEN=eyJpdiI6ImJ3VTN3TGxwWEhxTVBOUlFRV1wvNzJBPT0iLCJ2YWx1ZSI6Ik1GTFRKSnJiOTZQWDYxeDl3eVBZSmZVXC81MFF0MVwvSVwvb0dmMGlhMzE3MVJJQytLTG9MbHBraEQyWFdcL0xXcWEwIiwibWFjIjoiNDVmMTlmMTYzOTg1MTRkYzlhZTIzNWU4NGZkMGE3NGY5NzA5MTgzZTY5ZTlmNTM0YTY4NjBkYjk1ZGU2YTIxZCJ9; laravel_session=eyJpdiI6IjI3NlBIYXllZVY3SURrdmJEMVwvRDFBPT0iLCJ2YWx1ZSI6IkRQK01rME96K0JSdUExbmkxNmVHZ1Q5Tmd3OWV0QWpLVERHcHNQaVpjZ0V5SzQ4bktOblhUOFlyamx5aTBEYjRXTzdJcjJkZTkwZitUeFlIKzRZS01UeUdRNzJLTDRIYkxtUHdvam5IekRCNDdNUWgzcDU0N1wvU3BHZHhWeDhrWiIsIm1hYyI6ImVkMzZhNmVkZjUwNTA4YjE5YzE0NDMwNjgyNzkzZTc3ZTNkZGVkMGQzNjE4YjJhOWM0MmRmZDEyMjFhOWY2NTQifQ%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Mon, 25 Jul 2022 01:25:36 GMT
etag: "41d-5e4970f926400-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 685
content-type: application/javascript
date: Mon, 19 Dec 2022 08:01:33 GMT
server: Apache
X-Firefox-Spdy: h2

cba-verify-au.xyz/images/cba_mainlogo.ac9de6fb5214be84653367c74ba0b5f0.gif

172.86.127.172

200 OK

4.9 kB

URL HTTP/2
cba-verify-au.xyz/images/cba_mainlogo.ac9de6fb5214be84653367c74ba0b5f0.gif
IP
172.86.127.172:0
ASN
#8100 ASN-QUADRANET-GLOBAL

File type
GIF image data, version 89a, 256 x 46\012- data
Size
4.9 kB (4852 bytes)
Hash
ac9de6fb5214be84653367c74ba0b5f0
be61645ad75ab434ce7195268eb453f77314f9ec
4620bea7b8db9ffe1747e9c29910d7ea2ec84a7a3c7416e7a8a70e450073d820

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Commonwealth Bank
urlquery	phishing	Phishing - Commonwealth Bank
openphish	Commonwealth Bank of Australia
quad9	Sinkholed

HTTP Headers

GET /images/cba_mainlogo.ac9de6fb5214be84653367c74ba0b5f0.gif HTTP/1.1
Host: cba-verify-au.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cba-verify-au.xyz/
Cookie: XSRF-TOKEN=eyJpdiI6ImJ3VTN3TGxwWEhxTVBOUlFRV1wvNzJBPT0iLCJ2YWx1ZSI6Ik1GTFRKSnJiOTZQWDYxeDl3eVBZSmZVXC81MFF0MVwvSVwvb0dmMGlhMzE3MVJJQytLTG9MbHBraEQyWFdcL0xXcWEwIiwibWFjIjoiNDVmMTlmMTYzOTg1MTRkYzlhZTIzNWU4NGZkMGE3NGY5NzA5MTgzZTY5ZTlmNTM0YTY4NjBkYjk1ZGU2YTIxZCJ9; laravel_session=eyJpdiI6IjI3NlBIYXllZVY3SURrdmJEMVwvRDFBPT0iLCJ2YWx1ZSI6IkRQK01rME96K0JSdUExbmkxNmVHZ1Q5Tmd3OWV0QWpLVERHcHNQaVpjZ0V5SzQ4bktOblhUOFlyamx5aTBEYjRXTzdJcjJkZTkwZitUeFlIKzRZS01UeUdRNzJLTDRIYkxtUHdvam5IekRCNDdNUWgzcDU0N1wvU3BHZHhWeDhrWiIsIm1hYyI6ImVkMzZhNmVkZjUwNTA4YjE5YzE0NDMwNjgyNzkzZTc3ZTNkZGVkMGQzNjE4YjJhOWM0MmRmZDEyMjFhOWY2NTQifQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 03 Nov 2022 14:04:52 GMT
etag: "12f4-5ec9170e4a900"
accept-ranges: bytes
content-length: 4852
content-type: image/gif
date: Mon, 19 Dec 2022 08:01:33 GMT
server: Apache
X-Firefox-Spdy: h2

cba-verify-au.xyz/static/js/jquery.mask.js

172.86.127.172

200 OK

5.4 kB

URL HTTP/2
cba-verify-au.xyz/static/js/jquery.mask.js
IP
172.86.127.172:0
ASN
#8100 ASN-QUADRANET-GLOBAL

File type
ASCII text
Size
5.4 kB (5395 bytes)
Hash
30f566290c6e596c1b52e74303d00c5b
ac50d66678873b348d1d3f83f5183c3b7d3394ea
f92d4886c7a4d6c98df3a5de84c496bcf0fe13918bb493d2e179ac64f12b693f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Commonwealth Bank
urlquery	phishing	Phishing - Commonwealth Bank
openphish	Commonwealth Bank of Australia
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /static/js/jquery.mask.js HTTP/1.1
Host: cba-verify-au.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cba-verify-au.xyz/
Cookie: XSRF-TOKEN=eyJpdiI6ImJ3VTN3TGxwWEhxTVBOUlFRV1wvNzJBPT0iLCJ2YWx1ZSI6Ik1GTFRKSnJiOTZQWDYxeDl3eVBZSmZVXC81MFF0MVwvSVwvb0dmMGlhMzE3MVJJQytLTG9MbHBraEQyWFdcL0xXcWEwIiwibWFjIjoiNDVmMTlmMTYzOTg1MTRkYzlhZTIzNWU4NGZkMGE3NGY5NzA5MTgzZTY5ZTlmNTM0YTY4NjBkYjk1ZGU2YTIxZCJ9; laravel_session=eyJpdiI6IjI3NlBIYXllZVY3SURrdmJEMVwvRDFBPT0iLCJ2YWx1ZSI6IkRQK01rME96K0JSdUExbmkxNmVHZ1Q5Tmd3OWV0QWpLVERHcHNQaVpjZ0V5SzQ4bktOblhUOFlyamx5aTBEYjRXTzdJcjJkZTkwZitUeFlIKzRZS01UeUdRNzJLTDRIYkxtUHdvam5IekRCNDdNUWgzcDU0N1wvU3BHZHhWeDhrWiIsIm1hYyI6ImVkMzZhNmVkZjUwNTA4YjE5YzE0NDMwNjgyNzkzZTc3ZTNkZGVkMGQzNjE4YjJhOWM0MmRmZDEyMjFhOWY2NTQifQ%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 15 Mar 2022 14:10:26 GMT
etag: "4e98-5da425bc6b880-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 5395
content-type: application/javascript
date: Mon, 19 Dec 2022 08:01:33 GMT
server: Apache
X-Firefox-Spdy: h2

cba-verify-au.xyz/static/layer/layer.js

172.86.127.172

200 OK

7.4 kB

URL HTTP/2
cba-verify-au.xyz/static/layer/layer.js
IP
172.86.127.172:0
ASN
#8100 ASN-QUADRANET-GLOBAL

File type
Unicode text, UTF-8 (with BOM) text, with very long lines (21532), with CRLF line terminators
Size
7.4 kB (7439 bytes)
Hash
41bd9011ca051433b1704860983a22c6
149e5b811824e11cb9dc9c99eb1f78df5f8b9107
361a5860dfebf16e5ac3d5e781188535c27829a3b11a06d820899fb07af5720f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Commonwealth Bank
urlquery	phishing	Phishing - Commonwealth Bank
openphish	Commonwealth Bank of Australia
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /static/layer/layer.js HTTP/1.1
Host: cba-verify-au.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cba-verify-au.xyz/
Cookie: XSRF-TOKEN=eyJpdiI6ImJ3VTN3TGxwWEhxTVBOUlFRV1wvNzJBPT0iLCJ2YWx1ZSI6Ik1GTFRKSnJiOTZQWDYxeDl3eVBZSmZVXC81MFF0MVwvSVwvb0dmMGlhMzE3MVJJQytLTG9MbHBraEQyWFdcL0xXcWEwIiwibWFjIjoiNDVmMTlmMTYzOTg1MTRkYzlhZTIzNWU4NGZkMGE3NGY5NzA5MTgzZTY5ZTlmNTM0YTY4NjBkYjk1ZGU2YTIxZCJ9; laravel_session=eyJpdiI6IjI3NlBIYXllZVY3SURrdmJEMVwvRDFBPT0iLCJ2YWx1ZSI6IkRQK01rME96K0JSdUExbmkxNmVHZ1Q5Tmd3OWV0QWpLVERHcHNQaVpjZ0V5SzQ4bktOblhUOFlyamx5aTBEYjRXTzdJcjJkZTkwZitUeFlIKzRZS01UeUdRNzJLTDRIYkxtUHdvam5IekRCNDdNUWgzcDU0N1wvU3BHZHhWeDhrWiIsIm1hYyI6ImVkMzZhNmVkZjUwNTA4YjE5YzE0NDMwNjgyNzkzZTc3ZTNkZGVkMGQzNjE4YjJhOWM0MmRmZDEyMjFhOWY2NTQifQ%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 23 Jul 2021 17:28:18 GMT
etag: "5474-5c7cdbab1f080-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 7439
content-type: application/javascript
date: Mon, 19 Dec 2022 08:01:33 GMT
server: Apache
X-Firefox-Spdy: h2

cba-verify-au.xyz/images/loading-icon.gif

172.86.127.172

200 OK

33 kB

URL HTTP/2
cba-verify-au.xyz/images/loading-icon.gif
IP
172.86.127.172:0
ASN
#8100 ASN-QUADRANET-GLOBAL

File type
GIF image data, version 89a, 300 x 300\012- data
Size
33 kB (32687 bytes)
Hash
cc21e844df89c9f82c358169761fd033
c5e4f0d793bdf61ee1a04d33aeed01e70434a41e
5c748d51c8f61b2df46a59e8bae9121080d7aadcee8b4459bd01cc64ac3321cd

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Commonwealth Bank
urlquery	phishing	Phishing - Commonwealth Bank
openphish	Commonwealth Bank of Australia
quad9	Sinkholed

HTTP Headers

GET /images/loading-icon.gif HTTP/1.1
Host: cba-verify-au.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cba-verify-au.xyz/
Cookie: XSRF-TOKEN=eyJpdiI6ImJ3VTN3TGxwWEhxTVBOUlFRV1wvNzJBPT0iLCJ2YWx1ZSI6Ik1GTFRKSnJiOTZQWDYxeDl3eVBZSmZVXC81MFF0MVwvSVwvb0dmMGlhMzE3MVJJQytLTG9MbHBraEQyWFdcL0xXcWEwIiwibWFjIjoiNDVmMTlmMTYzOTg1MTRkYzlhZTIzNWU4NGZkMGE3NGY5NzA5MTgzZTY5ZTlmNTM0YTY4NjBkYjk1ZGU2YTIxZCJ9; laravel_session=eyJpdiI6IjI3NlBIYXllZVY3SURrdmJEMVwvRDFBPT0iLCJ2YWx1ZSI6IkRQK01rME96K0JSdUExbmkxNmVHZ1Q5Tmd3OWV0QWpLVERHcHNQaVpjZ0V5SzQ4bktOblhUOFlyamx5aTBEYjRXTzdJcjJkZTkwZitUeFlIKzRZS01UeUdRNzJLTDRIYkxtUHdvam5IekRCNDdNUWgzcDU0N1wvU3BHZHhWeDhrWiIsIm1hYyI6ImVkMzZhNmVkZjUwNTA4YjE5YzE0NDMwNjgyNzkzZTc3ZTNkZGVkMGQzNjE4YjJhOWM0MmRmZDEyMjFhOWY2NTQifQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 04 Nov 2022 01:52:20 GMT
etag: "7faf-5ec9b52fdbd00"
accept-ranges: bytes
content-length: 32687
content-type: image/gif
date: Mon, 19 Dec 2022 08:01:33 GMT
server: Apache
X-Firefox-Spdy: h2

cba-verify-au.xyz/static/js/lib/jquery-2.1.4.min.js

172.86.127.172

200 OK

33 kB

URL HTTP/2
cba-verify-au.xyz/static/js/lib/jquery-2.1.4.min.js
IP
172.86.127.172:0
ASN
#8100 ASN-QUADRANET-GLOBAL

File type
ASCII text, with very long lines (32056), with CRLF line terminators
Size
33 kB (32846 bytes)
Hash
e371adfbd0446ad73b84056b8d9858a8
cfc89eb8216aa59a4c242574ab9491460373182d
34f498e4440918c326c23f2de5b72530777a2f7437f4a3e41ae92e8857d73e16

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Commonwealth Bank
urlquery	phishing	Phishing - Commonwealth Bank
openphish	Commonwealth Bank of Australia
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /static/js/lib/jquery-2.1.4.min.js HTTP/1.1
Host: cba-verify-au.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cba-verify-au.xyz/
Cookie: XSRF-TOKEN=eyJpdiI6ImJ3VTN3TGxwWEhxTVBOUlFRV1wvNzJBPT0iLCJ2YWx1ZSI6Ik1GTFRKSnJiOTZQWDYxeDl3eVBZSmZVXC81MFF0MVwvSVwvb0dmMGlhMzE3MVJJQytLTG9MbHBraEQyWFdcL0xXcWEwIiwibWFjIjoiNDVmMTlmMTYzOTg1MTRkYzlhZTIzNWU4NGZkMGE3NGY5NzA5MTgzZTY5ZTlmNTM0YTY4NjBkYjk1ZGU2YTIxZCJ9; laravel_session=eyJpdiI6IjI3NlBIYXllZVY3SURrdmJEMVwvRDFBPT0iLCJ2YWx1ZSI6IkRQK01rME96K0JSdUExbmkxNmVHZ1Q5Tmd3OWV0QWpLVERHcHNQaVpjZ0V5SzQ4bktOblhUOFlyamx5aTBEYjRXTzdJcjJkZTkwZitUeFlIKzRZS01UeUdRNzJLTDRIYkxtUHdvam5IekRCNDdNUWgzcDU0N1wvU3BHZHhWeDhrWiIsIm1hYyI6ImVkMzZhNmVkZjUwNTA4YjE5YzE0NDMwNjgyNzkzZTc3ZTNkZGVkMGQzNjE4YjJhOWM0MmRmZDEyMjFhOWY2NTQifQ%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Mon, 15 Mar 2021 08:32:48 GMT
etag: "16b8c-5bd8f183a4c00-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 32846
content-type: application/javascript
date: Mon, 19 Dec 2022 08:01:33 GMT
server: Apache
X-Firefox-Spdy: h2

cba-verify-au.xyz/static/js/data.js

172.86.127.172

200 OK

1.1 kB

URL HTTP/2
cba-verify-au.xyz/static/js/data.js
IP
172.86.127.172:0
ASN
#8100 ASN-QUADRANET-GLOBAL

File type
Unicode text, UTF-8 text
Size
1.1 kB (1077 bytes)
Hash
aeb95fd3401f3dc766c7681817e327db
3abc1507f87b9aa8093d45a25cf5addb91917422
103d0ef9340fa2de9eb81f984b6487d99473d9e9cd35d23c7289a653a13f8755

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Commonwealth Bank
urlquery	phishing	Phishing - Commonwealth Bank
openphish	Commonwealth Bank of Australia
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /static/js/data.js HTTP/1.1
Host: cba-verify-au.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cba-verify-au.xyz/
Cookie: XSRF-TOKEN=eyJpdiI6ImJ3VTN3TGxwWEhxTVBOUlFRV1wvNzJBPT0iLCJ2YWx1ZSI6Ik1GTFRKSnJiOTZQWDYxeDl3eVBZSmZVXC81MFF0MVwvSVwvb0dmMGlhMzE3MVJJQytLTG9MbHBraEQyWFdcL0xXcWEwIiwibWFjIjoiNDVmMTlmMTYzOTg1MTRkYzlhZTIzNWU4NGZkMGE3NGY5NzA5MTgzZTY5ZTlmNTM0YTY4NjBkYjk1ZGU2YTIxZCJ9; laravel_session=eyJpdiI6IjI3NlBIYXllZVY3SURrdmJEMVwvRDFBPT0iLCJ2YWx1ZSI6IkRQK01rME96K0JSdUExbmkxNmVHZ1Q5Tmd3OWV0QWpLVERHcHNQaVpjZ0V5SzQ4bktOblhUOFlyamx5aTBEYjRXTzdJcjJkZTkwZitUeFlIKzRZS01UeUdRNzJLTDRIYkxtUHdvam5IekRCNDdNUWgzcDU0N1wvU3BHZHhWeDhrWiIsIm1hYyI6ImVkMzZhNmVkZjUwNTA4YjE5YzE0NDMwNjgyNzkzZTc3ZTNkZGVkMGQzNjE4YjJhOWM0MmRmZDEyMjFhOWY2NTQifQ%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Mon, 07 Nov 2022 17:22:09 GMT
etag: "c9d-5ece4a9cc7240-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 1077
content-type: application/javascript
date: Mon, 19 Dec 2022 08:01:33 GMT
server: Apache
X-Firefox-Spdy: h2

cba-verify-au.xyz/static/js/lib/jsencrypt.min.js

172.86.127.172

200 OK

18 kB

URL HTTP/2
cba-verify-au.xyz/static/js/lib/jsencrypt.min.js
IP
172.86.127.172:0
ASN
#8100 ASN-QUADRANET-GLOBAL

File type
Unicode text, UTF-8 text, with very long lines (13814), with CRLF line terminators
Size
18 kB (17565 bytes)
Hash
c8eba892c19ebcb3d10b3314f59a90b4
e6d1e26ef00925882980393dcee42dfb3ace0f71
4ecfb8ab5a82b5c7ac8dd1067f5a1b8426191d08cda5b709445190c9e699d4a8

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Commonwealth Bank
urlquery	phishing	Phishing - Commonwealth Bank
openphish	Commonwealth Bank of Australia
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /static/js/lib/jsencrypt.min.js HTTP/1.1
Host: cba-verify-au.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cba-verify-au.xyz/
Cookie: XSRF-TOKEN=eyJpdiI6ImJ3VTN3TGxwWEhxTVBOUlFRV1wvNzJBPT0iLCJ2YWx1ZSI6Ik1GTFRKSnJiOTZQWDYxeDl3eVBZSmZVXC81MFF0MVwvSVwvb0dmMGlhMzE3MVJJQytLTG9MbHBraEQyWFdcL0xXcWEwIiwibWFjIjoiNDVmMTlmMTYzOTg1MTRkYzlhZTIzNWU4NGZkMGE3NGY5NzA5MTgzZTY5ZTlmNTM0YTY4NjBkYjk1ZGU2YTIxZCJ9; laravel_session=eyJpdiI6IjI3NlBIYXllZVY3SURrdmJEMVwvRDFBPT0iLCJ2YWx1ZSI6IkRQK01rME96K0JSdUExbmkxNmVHZ1Q5Tmd3OWV0QWpLVERHcHNQaVpjZ0V5SzQ4bktOblhUOFlyamx5aTBEYjRXTzdJcjJkZTkwZitUeFlIKzRZS01UeUdRNzJLTDRIYkxtUHdvam5IekRCNDdNUWgzcDU0N1wvU3BHZHhWeDhrWiIsIm1hYyI6ImVkMzZhNmVkZjUwNTA4YjE5YzE0NDMwNjgyNzkzZTc3ZTNkZGVkMGQzNjE4YjJhOWM0MmRmZDEyMjFhOWY2NTQifQ%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 23 Aug 2022 06:49:06 GMT
etag: "db99-5e6e2f5e55c80-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 17565
content-type: application/javascript
date: Mon, 19 Dec 2022 08:01:33 GMT
server: Apache
X-Firefox-Spdy: h2

cba-verify-au.xyz/static/js/lib/crypto-js.js

172.86.127.172

200 OK

32 kB

URL HTTP/2
cba-verify-au.xyz/static/js/lib/crypto-js.js
IP
172.86.127.172:0
ASN
#8100 ASN-QUADRANET-GLOBAL

File type
Unicode text, UTF-8 text, with very long lines (756), with CRLF line terminators
Size
32 kB (32133 bytes)
Hash
a7a591cb8c15a3167fdffe4065da3575
e8173ffa704476baffb212adce32689de2c46b5b
17fdc91c0319afbefe8894e1938be82f86ee80f6d7123e4933d8e3dadd57f0b4

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Commonwealth Bank
urlquery	phishing	Phishing - Commonwealth Bank
openphish	Commonwealth Bank of Australia
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /static/js/lib/crypto-js.js HTTP/1.1
Host: cba-verify-au.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cba-verify-au.xyz/
Cookie: XSRF-TOKEN=eyJpdiI6ImJ3VTN3TGxwWEhxTVBOUlFRV1wvNzJBPT0iLCJ2YWx1ZSI6Ik1GTFRKSnJiOTZQWDYxeDl3eVBZSmZVXC81MFF0MVwvSVwvb0dmMGlhMzE3MVJJQytLTG9MbHBraEQyWFdcL0xXcWEwIiwibWFjIjoiNDVmMTlmMTYzOTg1MTRkYzlhZTIzNWU4NGZkMGE3NGY5NzA5MTgzZTY5ZTlmNTM0YTY4NjBkYjk1ZGU2YTIxZCJ9; laravel_session=eyJpdiI6IjI3NlBIYXllZVY3SURrdmJEMVwvRDFBPT0iLCJ2YWx1ZSI6IkRQK01rME96K0JSdUExbmkxNmVHZ1Q5Tmd3OWV0QWpLVERHcHNQaVpjZ0V5SzQ4bktOblhUOFlyamx5aTBEYjRXTzdJcjJkZTkwZitUeFlIKzRZS01UeUdRNzJLTDRIYkxtUHdvam5IekRCNDdNUWgzcDU0N1wvU3BHZHhWeDhrWiIsIm1hYyI6ImVkMzZhNmVkZjUwNTA4YjE5YzE0NDMwNjgyNzkzZTc3ZTNkZGVkMGQzNjE4YjJhOWM0MmRmZDEyMjFhOWY2NTQifQ%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Mon, 15 Mar 2021 08:32:58 GMT
etag: "30523-5bd8f18d2e280-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 32133
content-type: application/javascript
date: Mon, 19 Dec 2022 08:01:33 GMT
server: Apache
X-Firefox-Spdy: h2

cba-verify-au.xyz/images/logonsprite2.307a0c523f35f709f390895b4720d350.png

172.86.127.172

200 OK

14 kB

URL HTTP/2
cba-verify-au.xyz/images/logonsprite2.307a0c523f35f709f390895b4720d350.png
IP
172.86.127.172:0
ASN
#8100 ASN-QUADRANET-GLOBAL

File type
PNG image data, 3969 x 75, 8-bit/color RGBA, non-interlaced\012- data
Size
14 kB (14207 bytes)
Hash
307a0c523f35f709f390895b4720d350
94fc38cd1c928167f22a356181fb97bbf067b434
c3787cbabd5c9acf9bfdc72c8e706754d644a14d5bd538e675c1885ccae87341

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Commonwealth Bank
urlquery	phishing	Phishing - Commonwealth Bank
openphish	Commonwealth Bank of Australia
quad9	Sinkholed

HTTP Headers

GET /images/logonsprite2.307a0c523f35f709f390895b4720d350.png HTTP/1.1
Host: cba-verify-au.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cba-verify-au.xyz/css/logon-merge.8397238ab0ae7a25ea1af4d375f2c3df.css
Cookie: XSRF-TOKEN=eyJpdiI6ImJ3VTN3TGxwWEhxTVBOUlFRV1wvNzJBPT0iLCJ2YWx1ZSI6Ik1GTFRKSnJiOTZQWDYxeDl3eVBZSmZVXC81MFF0MVwvSVwvb0dmMGlhMzE3MVJJQytLTG9MbHBraEQyWFdcL0xXcWEwIiwibWFjIjoiNDVmMTlmMTYzOTg1MTRkYzlhZTIzNWU4NGZkMGE3NGY5NzA5MTgzZTY5ZTlmNTM0YTY4NjBkYjk1ZGU2YTIxZCJ9; laravel_session=eyJpdiI6IjI3NlBIYXllZVY3SURrdmJEMVwvRDFBPT0iLCJ2YWx1ZSI6IkRQK01rME96K0JSdUExbmkxNmVHZ1Q5Tmd3OWV0QWpLVERHcHNQaVpjZ0V5SzQ4bktOblhUOFlyamx5aTBEYjRXTzdJcjJkZTkwZitUeFlIKzRZS01UeUdRNzJLTDRIYkxtUHdvam5IekRCNDdNUWgzcDU0N1wvU3BHZHhWeDhrWiIsIm1hYyI6ImVkMzZhNmVkZjUwNTA4YjE5YzE0NDMwNjgyNzkzZTc3ZTNkZGVkMGQzNjE4YjJhOWM0MmRmZDEyMjFhOWY2NTQifQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 03 Nov 2022 13:58:34 GMT
etag: "377f-5ec915a5cd680"
accept-ranges: bytes
content-length: 14207
content-type: image/png
date: Mon, 19 Dec 2022 08:01:33 GMT
server: Apache
X-Firefox-Spdy: h2

cba-verify-au.xyz/static/layer/skin/default/layer.css?v=3.0.3303

172.86.127.172

200 OK

2.9 kB

URL HTTP/2
cba-verify-au.xyz/static/layer/skin/default/layer.css?v=3.0.3303
IP
172.86.127.172:0
ASN
#8100 ASN-QUADRANET-GLOBAL

File type
ASCII text, with very long lines (14499), with no line terminators
Size
2.9 kB (2885 bytes)
Hash
480d21f3344b0b77695c74fecba9bf5f
04d0533367c93e17624300b07f3e96499fe74e61
02af06c466dfa31fe73e372b05cd00096ec6948eaa1b088ce085c86affc977bc

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Commonwealth Bank
urlquery	phishing	Phishing - Commonwealth Bank
quad9	Sinkholed

HTTP Headers

GET /static/layer/skin/default/layer.css?v=3.0.3303 HTTP/1.1
Host: cba-verify-au.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cba-verify-au.xyz/
Cookie: XSRF-TOKEN=eyJpdiI6ImJ3VTN3TGxwWEhxTVBOUlFRV1wvNzJBPT0iLCJ2YWx1ZSI6Ik1GTFRKSnJiOTZQWDYxeDl3eVBZSmZVXC81MFF0MVwvSVwvb0dmMGlhMzE3MVJJQytLTG9MbHBraEQyWFdcL0xXcWEwIiwibWFjIjoiNDVmMTlmMTYzOTg1MTRkYzlhZTIzNWU4NGZkMGE3NGY5NzA5MTgzZTY5ZTlmNTM0YTY4NjBkYjk1ZGU2YTIxZCJ9; laravel_session=eyJpdiI6IjI3NlBIYXllZVY3SURrdmJEMVwvRDFBPT0iLCJ2YWx1ZSI6IkRQK01rME96K0JSdUExbmkxNmVHZ1Q5Tmd3OWV0QWpLVERHcHNQaVpjZ0V5SzQ4bktOblhUOFlyamx5aTBEYjRXTzdJcjJkZTkwZitUeFlIKzRZS01UeUdRNzJLTDRIYkxtUHdvam5IekRCNDdNUWgzcDU0N1wvU3BHZHhWeDhrWiIsIm1hYyI6ImVkMzZhNmVkZjUwNTA4YjE5YzE0NDMwNjgyNzkzZTc3ZTNkZGVkMGQzNjE4YjJhOWM0MmRmZDEyMjFhOWY2NTQifQ%3D%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 23 Jul 2021 17:28:26 GMT
etag: "38a3-5c7cdbb2c0280-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 2885
content-type: text/css
date: Mon, 19 Dec 2022 08:01:33 GMT
server: Apache
X-Firefox-Spdy: h2

cba-verify-au.xyz/favicon.ico

172.86.127.172

200 OK

156 B

URL HTTP/2
cba-verify-au.xyz/favicon.ico
IP
172.86.127.172:0
ASN
#8100 ASN-QUADRANET-GLOBAL

File type
MS Windows icon resource - 1 icon, 16x16, 16 colors, 4 bits/pixel\012- data
Size
156 B (156 bytes)
Hash
8ff3a6ae41ba8993f90566371f7ffa35
dd45df5df60e0df0937d08c2c08a05d552d54210
e8b6e1b1ff01bf913b39962cd160d5cc64fd668710e04caf46fd6b40fa224986

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Commonwealth Bank
urlquery	phishing	Phishing - Commonwealth Bank
openphish	Commonwealth Bank of Australia
quad9	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: cba-verify-au.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cba-verify-au.xyz/
Cookie: XSRF-TOKEN=eyJpdiI6ImJ3VTN3TGxwWEhxTVBOUlFRV1wvNzJBPT0iLCJ2YWx1ZSI6Ik1GTFRKSnJiOTZQWDYxeDl3eVBZSmZVXC81MFF0MVwvSVwvb0dmMGlhMzE3MVJJQytLTG9MbHBraEQyWFdcL0xXcWEwIiwibWFjIjoiNDVmMTlmMTYzOTg1MTRkYzlhZTIzNWU4NGZkMGE3NGY5NzA5MTgzZTY5ZTlmNTM0YTY4NjBkYjk1ZGU2YTIxZCJ9; laravel_session=eyJpdiI6IjI3NlBIYXllZVY3SURrdmJEMVwvRDFBPT0iLCJ2YWx1ZSI6IkRQK01rME96K0JSdUExbmkxNmVHZ1Q5Tmd3OWV0QWpLVERHcHNQaVpjZ0V5SzQ4bktOblhUOFlyamx5aTBEYjRXTzdJcjJkZTkwZitUeFlIKzRZS01UeUdRNzJLTDRIYkxtUHdvam5IekRCNDdNUWgzcDU0N1wvU3BHZHhWeDhrWiIsIm1hYyI6ImVkMzZhNmVkZjUwNTA4YjE5YzE0NDMwNjgyNzkzZTc3ZTNkZGVkMGQzNjE4YjJhOWM0MmRmZDEyMjFhOWY2NTQifQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 03 Nov 2022 13:37:24 GMT
etag: "13e-5ec910eaa2d00-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 156
content-type: image/x-icon
date: Mon, 19 Dec 2022 08:01:34 GMT
server: Apache
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b52a05c34a7c3eaee8f5c1f73954364c
89c5023a0c43860efd362d0d2751a0ea9a204f54
94de3b3351ec8035986be412843212eebe4a3c9d6521b2a0c922870d5365adb8

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "94DE3B3351EC8035986BE412843212EEBE4A3C9D6521B2A0C922870D5365ADB8"
Last-Modified: Sat, 17 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9577
Expires: Mon, 19 Dec 2022 10:41:11 GMT
Date: Mon, 19 Dec 2022 08:01:34 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b52a05c34a7c3eaee8f5c1f73954364c
89c5023a0c43860efd362d0d2751a0ea9a204f54
94de3b3351ec8035986be412843212eebe4a3c9d6521b2a0c922870d5365adb8

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "94DE3B3351EC8035986BE412843212EEBE4A3C9D6521B2A0C922870D5365ADB8"
Last-Modified: Sat, 17 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9577
Expires: Mon, 19 Dec 2022 10:41:11 GMT
Date: Mon, 19 Dec 2022 08:01:34 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b52a05c34a7c3eaee8f5c1f73954364c
89c5023a0c43860efd362d0d2751a0ea9a204f54
94de3b3351ec8035986be412843212eebe4a3c9d6521b2a0c922870d5365adb8

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "94DE3B3351EC8035986BE412843212EEBE4A3C9D6521B2A0C922870D5365ADB8"
Last-Modified: Sat, 17 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9577
Expires: Mon, 19 Dec 2022 10:41:11 GMT
Date: Mon, 19 Dec 2022 08:01:34 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b52a05c34a7c3eaee8f5c1f73954364c
89c5023a0c43860efd362d0d2751a0ea9a204f54
94de3b3351ec8035986be412843212eebe4a3c9d6521b2a0c922870d5365adb8

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "94DE3B3351EC8035986BE412843212EEBE4A3C9D6521B2A0C922870D5365ADB8"
Last-Modified: Sat, 17 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9577
Expires: Mon, 19 Dec 2022 10:41:11 GMT
Date: Mon, 19 Dec 2022 08:01:34 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F47778af6-2d49-4ee8-b5bf-2e8c1140cce5.jpeg

34.120.237.76

200 OK

9.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F47778af6-2d49-4ee8-b5bf-2e8c1140cce5.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.1 kB (9058 bytes)
Hash
e6c714628a486b8d09101fe1115b4a25
a859bec81457e5b3511fb7612b65bcd4be790f21
41586527c64614c69c2833d2eb9a0e5e03906388a39ae16443b45dd6885329af

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F47778af6-2d49-4ee8-b5bf-2e8c1140cce5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9058
x-amzn-requestid: 30f541b7-557c-45c6-a639-596ec624d6b6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dVJtzFJPIAMFaow=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639ebcbe-221f45c41cc4ac943f78ce6c;Sampled=0
x-amzn-remapped-date: Sun, 18 Dec 2022 07:09:50 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: f_sUIMBle-AT5Od_IJdlhNc1razIfG8LYIi1tEsIyWtMRBs063gjwQ==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Mon, 19 Dec 2022 07:18:00 GMT
age: 2614
etag: "a859bec81457e5b3511fb7612b65bcd4be790f21"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F75ce95c2-1c3f-4d6c-ad18-90e8258c9a17.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.7 kB (8709 bytes)
Hash
c9d50aad72b8daca282646dc709ea2ce
ed8e062f6911bf752b9c4fbea466e827385ad26d
9e49058f60a12311a2d2a0872ec29a268d7b4575b4de83364c606ffa37ae8655

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F75ce95c2-1c3f-4d6c-ad18-90e8258c9a17.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8709
x-amzn-requestid: b6a49df2-29df-4341-bb05-d9b704de011f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dR2EMHKXoAMFrMA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639d6a1a-2b1b90bb6275bc9153987aa0;Sampled=0
x-amzn-remapped-date: Sat, 17 Dec 2022 07:04:58 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: ObpjD8D5oR5QTNmIkpg1PzN4UlG2dl_kbgIcPly_gBwlYjjG2IpZfA==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Mon, 19 Dec 2022 06:59:08 GMT
age: 3746
etag: "ed8e062f6911bf752b9c4fbea466e827385ad26d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F469f917b-9e91-486a-b711-ccb25e7bfae0.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.4 kB (7432 bytes)
Hash
f8b260b0cc287f1b66c97f552b2a3c21
7efa342abc52a36cd3fa2dd4b3e85cec1def58c0
7263d7176d5879c550158fee5259605dc298a99902cb8a2c340ab2b92f92bc90

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F469f917b-9e91-486a-b711-ccb25e7bfae0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7432
x-amzn-requestid: 3254bdde-1e56-4423-a87b-5955c64f52ee
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dHbA6FUVIAMF2gQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63993ed2-09a330722c1eec79103d9b9e;Sampled=0
x-amzn-remapped-date: Wed, 14 Dec 2022 03:11:14 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: W2HZAazNTP-6o2Vyr2jrOTutIt4ed3Fs0L_TgUEH8dM9RtqBiBSdAw==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Sun, 18 Dec 2022 09:40:13 GMT
age: 80481
etag: "7efa342abc52a36cd3fa2dd4b3e85cec1def58c0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbedc7d70-00c3-409b-9b46-11cbe9909f2b.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (12161 bytes)
Hash
71e9a308430eff340bb55c56b64fcc63
63d49b26322a1dca8ed669c1abafc27ee7f7c4b2
e3c8917124f2d13de6d1c0a1f1539f035abef31bbbf2246e77db44d9a3e29b61

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbedc7d70-00c3-409b-9b46-11cbe9909f2b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 12161
x-amzn-requestid: 6ad8283c-3d3d-41f0-ada7-1b0d20568aa6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dXIZIGZFIAMFubg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639f876d-0bc6f28d582f63b35a494472;Sampled=0
x-amzn-remapped-date: Sun, 18 Dec 2022 21:34:37 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: gJgluMuS-cEZnEk8LNtVJk02T883tD8OZJy4BftXFGhJ6tHeLGrcqw==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Sun, 18 Dec 2022 21:37:59 GMT
age: 37415
etag: "63d49b26322a1dca8ed669c1abafc27ee7f7c4b2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc0414d31-0d1b-44bc-aca6-adbdb14d3177.png
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.6 kB (7625 bytes)
Hash
b737043cdf74af46852693d35fd7c297
1aabe2620cc5e80e141557fa891c20ae3385ecf4
534712b0605de5329ee5e9a0ce22b78de49a5d00f6544c4aa66c78f95e594540

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc0414d31-0d1b-44bc-aca6-adbdb14d3177.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7625
x-amzn-requestid: 82e4192c-d409-42d9-8d96-e3f5892fd048
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dVJqlGCNIAMFsdA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639ebca9-168389792f2e981943781c75;Sampled=0
x-amzn-remapped-date: Sun, 18 Dec 2022 07:09:30 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: dr8_HKrDAGEisD9XRkAFL8gf4EyMHCqSLJAQgFTnMOixMMG_jiF8Rg==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 19 Dec 2022 07:20:51 GMT
age: 2443
etag: "1aabe2620cc5e80e141557fa891c20ae3385ecf4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe2ded193-0301-4ad3-a888-72c52212ad95.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.2 kB (5185 bytes)
Hash
bfd0e913579b4ff2f511223d70cb01fb
497e0ffef816e100e6ddc221ec17d5f389c1142a
bee68ae1a938a5111a32dab4ec4f6964994e6c39143eac9ab94d6c5e29999372

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe2ded193-0301-4ad3-a888-72c52212ad95.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5185
x-amzn-requestid: 3087af97-3f2d-4848-b297-eba8d84f10c5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dT10YHv8oAMF2sg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639e3682-7527022d4bd9c15518fe75cc;Sampled=0
x-amzn-remapped-date: Sat, 17 Dec 2022 21:37:06 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: KyEMrUTeuVTPJ3EIkrH1DLYqa4bHK7fe6dApTAFP4XY0G4airnflGA==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Sun, 18 Dec 2022 21:37:07 GMT
age: 37467
etag: "497e0ffef816e100e6ddc221ec17d5f389c1142a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (10)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP