Report - mwj.qtw.mybluehost.me/myapp/

Report Overview

Visited public
2023-12-11 15:34:31
Tags
australia government phishing
URL
mwj.qtw.mybluehost.me/myapp/
Finishing URL
mwj.qtw.mybluehost.me/myapp/app/
IP / ASN
162.241.30.19
#46606 UNIFIEDLAYER-AS-1
Title
Sign in with myGov - myGov
Phishing - Australian Government

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
mwj.qtw.mybluehost.me	unknown	2016-10-05	2023-12-11 06:43:01	2023-12-11 06:43:01	9.9 kB	484 kB	162.241.30.19
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-12-11 10:04:41	1.6 kB	50 kB	216.58.207.227
login.my.gov.au	unknown	unknown	2022-06-20 21:07:43	2023-12-10 12:19:26	471 B	1.7 kB	161.146.235.204

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-12-11	medium	mwj.qtw.mybluehost.me/myapp/	Australian Government
2023-12-11	medium	mwj.qtw.mybluehost.me/myapp/app/	Australian Government

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (4)

	URL	From	Size	First Seen	Last Seen
	mwj.qtw.mybluehost.me/myapp/app/login_files/mgv2-application.js.download	ScriptElement	76 kB	2023-03-07	2025-03-17
Pretty URL mwj.qtw.mybluehost.me/myapp/app/login_files/mgv2-application.js.download IP 162.241.30.19 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:24 Last Seen2025-03-17 18:11 Times Seen154 Hash 36d05e84bc9762e8caca2ac41617d6ec 05954311fc189a24a0362f8ab2d4e19e63144462 2c237ee02f34af672a7b889a44a32183f8558274bd727ff6d453062240c6d090 Loading...

	mwj.qtw.mybluehost.me/myapp/app/login_files/login.js.download	ScriptElement	1.6 kB	2023-03-07	2025-05-06
Pretty URL mwj.qtw.mybluehost.me/myapp/app/login_files/login.js.download IP 162.241.30.19 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:24 Last Seen2025-05-06 10:45 Times Seen225 Hash b370795fcbbe14ef5fe323bdb5501fce f68bc3a5786e9c04d71686ed0876b6e29f670e85 3398bdeeb65157116e93bdeef72d320cb5d90700b149a62f60ff1dcb2ac8f9a5 Loading...

	mwj.qtw.mybluehost.me/myapp/app/login_files/ruxitagentjs_ICA2Vfghjqrux_10243220606153550.js.download	ScriptElement	245 kB	2023-03-08	2025-03-17
Pretty URL mwj.qtw.mybluehost.me/myapp/app/login_files/ruxitagentjs_ICA2Vfghjqrux_10243220606153550.js.download IP 162.241.30.19 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 06:18 Last Seen2025-03-17 18:11 Times Seen145 Hash 7216f7be2f8ca34e027acb1fb5934958 7c9bdd64c89cb8bdc301c8f182a387c7a279ba09 551d6fdc92d330f73f7b1b18554fd619d72aa8e883f8192a05f6466049ae58b9 Loading...

	mwj.qtw.mybluehost.me/myapp/app/login_files/mgv2-vendor.js.download	ScriptElement	152 kB	2023-03-07	2025-05-06
Pretty URL mwj.qtw.mybluehost.me/myapp/app/login_files/mgv2-vendor.js.download IP 162.241.30.19 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:24 Last Seen2025-05-06 10:45 Times Seen203 Hash 977ee72ff0891a72f5766a357cc78336 3cb5504b13591ce0471b29dec114b94df7420ddb 2bedda083bdbe6820e493159f1e3e27146b96ef6840094bd74447925e8c66e26 Loading...

HTTP Transactions (19)

URL IP Response Size

mwj.qtw.mybluehost.me/myapp/

162.241.30.19

302 Found

0 B

URL User Request GET HTTP/2
mwj.qtw.mybluehost.me/myapp/
IP
162.241.30.19:443
ASN
#46606 UNIFIEDLAYER-AS-1

Certificate
IssuerLet's Encrypt
Subjectautodiscover.mwj.qtw.mybluehost.me
Fingerprint66:96:65:CD:7B:C4:BC:D7:74:57:BA:3E:92:97:99:F8:EE:09:FB:66
ValiditySat, 02 Dec 2023 19:53:16 GMT - Fri, 01 Mar 2024 19:53:15 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Australian Government

HTTP Headers

GET /myapp/ HTTP/1.1
Host: mwj.qtw.mybluehost.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Mon, 11 Dec 2023 15:34:06 GMT
server: nginx/1.21.6
content-type: text/html; charset=UTF-8
content-length: 0
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
location: app/
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-newfold-cache-level: 2
x-server-cache: false
set-cookie: PHPSESSID=a0b2c8f4b53327f7e4015f3661a1dbce; path=/
X-Firefox-Spdy: h2

mwj.qtw.mybluehost.me/myapp/app/

162.241.30.19

200 OK

3.3 kB

URL User Request GET HTTP/2
mwj.qtw.mybluehost.me/myapp/app/
IP
162.241.30.19:443
ASN
#46606 UNIFIEDLAYER-AS-1

Certificate
IssuerLet's Encrypt
Subjectautodiscover.mwj.qtw.mybluehost.me
Fingerprint66:96:65:CD:7B:C4:BC:D7:74:57:BA:3E:92:97:99:F8:EE:09:FB:66
ValiditySat, 02 Dec 2023 19:53:16 GMT - Fri, 01 Mar 2024 19:53:15 GMT

File type
HTML document text - HTML document text - HTML document text - HTML document text - HTML document text - exported SGML document, ASCII text, with very long lines (953), with CRLF line terminators
Size
3.3 kB (3314 bytes)
Hash
dac1cbf2f8c35f5d0c68e2683bfbcb1a
26ffecf7e0593db195059176b7effb92780ca418
4ec46fad74fd10553f74b5afd6499fba6a2b43e84fe8d2a1aa029457a4d02c9a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Australian Government
OpenPhish	phishing	Australian Government

HTTP Headers

GET /myapp/app/ HTTP/1.1
Host: mwj.qtw.mybluehost.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=a0b2c8f4b53327f7e4015f3661a1dbce
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 11 Dec 2023 15:34:06 GMT
server: nginx/1.21.6
content-type: text/html; charset=UTF-8
content-length: 3314
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-newfold-cache-level: 2
x-server-cache: false
X-Firefox-Spdy: h2

mwj.qtw.mybluehost.me/myapp/app/login_files/myGov-cobranded-logo-white.svg

162.241.30.19

200 OK

64 kB

URL GET HTTP/2
mwj.qtw.mybluehost.me/myapp/app/login_files/myGov-cobranded-logo-white.svg
IP
162.241.30.19:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://mwj.qtw.mybluehost.me/myapp/app/
Certificate
IssuerLet's Encrypt
Subjectautodiscover.mwj.qtw.mybluehost.me
Fingerprint66:96:65:CD:7B:C4:BC:D7:74:57:BA:3E:92:97:99:F8:EE:09:FB:66
ValiditySat, 02 Dec 2023 19:53:16 GMT - Fri, 01 Mar 2024 19:53:15 GMT

File type
SVG Scalable Vector Graphics image - HTML document, ASCII text, with very long lines (64140), with no line terminators
Size
64 kB (64140 bytes)
Hash
de646b2f77f5fa27d55a01bbb9cf584e
33316eb871adf6e08af7c780eb15872549d08dc3
10b11a7c97b90bcf7ad520ac94c5769d08540ce1ee3b84d487c587bf128e3388

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Australian Government

HTTP Headers

GET /myapp/app/login_files/myGov-cobranded-logo-white.svg HTTP/1.1
Host: mwj.qtw.mybluehost.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mwj.qtw.mybluehost.me/myapp/app/
Cookie: PHPSESSID=a0b2c8f4b53327f7e4015f3661a1dbce
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 04 Oct 2022 15:04:42 GMT
accept-ranges: bytes
content-length: 64140
cache-control: max-age=86400
expires: Tue, 12 Dec 2023 15:34:07 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-newfold-cache-level: 2
content-type: image/svg+xml
date: Mon, 11 Dec 2023 15:34:07 GMT
server: Apache
X-Firefox-Spdy: h2

mwj.qtw.mybluehost.me/myapp/app/login_files/myGov-cobranded-logo-black.svg

162.241.30.19

200 OK

64 kB

URL GET HTTP/2
mwj.qtw.mybluehost.me/myapp/app/login_files/myGov-cobranded-logo-black.svg
IP
162.241.30.19:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://mwj.qtw.mybluehost.me/myapp/app/
Certificate
IssuerLet's Encrypt
Subjectautodiscover.mwj.qtw.mybluehost.me
Fingerprint66:96:65:CD:7B:C4:BC:D7:74:57:BA:3E:92:97:99:F8:EE:09:FB:66
ValiditySat, 02 Dec 2023 19:53:16 GMT - Fri, 01 Mar 2024 19:53:15 GMT

File type
SVG Scalable Vector Graphics image - HTML document, ASCII text, with very long lines (64143), with no line terminators
Size
64 kB (64143 bytes)
Hash
b53f20300babca4ebb422e59b888be1f
699c5898c6dd9d2b8b949db2e13c8f0b0d29e26b
954aa858b3bffb8511bc41bc88b07d2b24597c37faf522550e26c9aa3b0d220d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Australian Government

HTTP Headers

GET /myapp/app/login_files/myGov-cobranded-logo-black.svg HTTP/1.1
Host: mwj.qtw.mybluehost.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mwj.qtw.mybluehost.me/myapp/app/
Cookie: PHPSESSID=a0b2c8f4b53327f7e4015f3661a1dbce
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 04 Oct 2022 15:04:42 GMT
accept-ranges: bytes
content-length: 64143
cache-control: max-age=86400
expires: Tue, 12 Dec 2023 15:34:07 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-newfold-cache-level: 2
content-type: image/svg+xml
date: Mon, 11 Dec 2023 15:34:07 GMT
server: Apache
X-Firefox-Spdy: h2

mwj.qtw.mybluehost.me/myapp/app/login_files/login.js.download

162.241.30.19

200 OK

648 B

URL GET HTTP/2
mwj.qtw.mybluehost.me/myapp/app/login_files/login.js.download
IP
162.241.30.19:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://mwj.qtw.mybluehost.me/myapp/app/
Certificate
IssuerLet's Encrypt
Subjectautodiscover.mwj.qtw.mybluehost.me
Fingerprint66:96:65:CD:7B:C4:BC:D7:74:57:BA:3E:92:97:99:F8:EE:09:FB:66
ValiditySat, 02 Dec 2023 19:53:16 GMT - Fri, 01 Mar 2024 19:53:15 GMT

File type
ASCII text, with very long lines (1560), with no line terminators
Size
648 B (648 bytes)
Hash
b370795fcbbe14ef5fe323bdb5501fce
f68bc3a5786e9c04d71686ed0876b6e29f670e85
3398bdeeb65157116e93bdeef72d320cb5d90700b149a62f60ff1dcb2ac8f9a5

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Australian Government

HTTP Headers

GET /myapp/app/login_files/login.js.download HTTP/1.1
Host: mwj.qtw.mybluehost.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mwj.qtw.mybluehost.me/myapp/app/
Cookie: PHPSESSID=a0b2c8f4b53327f7e4015f3661a1dbce
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 04 Oct 2022 15:04:42 GMT
accept-ranges: bytes
cache-control: max-age=86400
expires: Tue, 12 Dec 2023 15:34:07 GMT
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-newfold-cache-level: 2
content-length: 648
content-type: application/javascript
date: Mon, 11 Dec 2023 15:34:07 GMT
server: Apache
X-Firefox-Spdy: h2

mwj.qtw.mybluehost.me/myapp/app/login_files/blugov.css

162.241.30.19

200 OK

15 kB

URL GET HTTP/2
mwj.qtw.mybluehost.me/myapp/app/login_files/blugov.css
IP
162.241.30.19:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://mwj.qtw.mybluehost.me/myapp/app/
Certificate
IssuerLet's Encrypt
Subjectautodiscover.mwj.qtw.mybluehost.me
Fingerprint66:96:65:CD:7B:C4:BC:D7:74:57:BA:3E:92:97:99:F8:EE:09:FB:66
ValiditySat, 02 Dec 2023 19:53:16 GMT - Fri, 01 Mar 2024 19:53:15 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
15 kB (15191 bytes)
Hash
ff098034b744b4eb9d01ac2fd6c6e87d
981587e0b6aba900202f45ec0ae6c1e0274aab64
5ad45c3c8b9efc9e5427d60339eb9b65ffa97a501fe111fe373b100393acc405

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Australian Government

HTTP Headers

GET /myapp/app/login_files/blugov.css HTTP/1.1
Host: mwj.qtw.mybluehost.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mwj.qtw.mybluehost.me/myapp/app/
Cookie: PHPSESSID=a0b2c8f4b53327f7e4015f3661a1dbce
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 04 Oct 2022 15:04:42 GMT
accept-ranges: bytes
cache-control: max-age=86400
expires: Tue, 12 Dec 2023 15:34:07 GMT
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-newfold-cache-level: 2
content-length: 15191
content-type: text/css
date: Mon, 11 Dec 2023 15:34:07 GMT
server: Apache
X-Firefox-Spdy: h2

mwj.qtw.mybluehost.me/myapp/app/login_files/css

162.241.30.19

200 OK

16 kB

URL GET HTTP/2
mwj.qtw.mybluehost.me/myapp/app/login_files/css
IP
162.241.30.19:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://mwj.qtw.mybluehost.me/myapp/app/
Certificate
IssuerLet's Encrypt
Subjectautodiscover.mwj.qtw.mybluehost.me
Fingerprint66:96:65:CD:7B:C4:BC:D7:74:57:BA:3E:92:97:99:F8:EE:09:FB:66
ValiditySat, 02 Dec 2023 19:53:16 GMT - Fri, 01 Mar 2024 19:53:15 GMT

File type
ASCII text
Size
16 kB (16018 bytes)
Hash
4fbcef1c5886d331a7b70aedfc9f6eb9
30ae86d838e734cdbd3ac38821c54364e2a242b3
00b399de3012a5f809a1fb531286f8cdb5e7671e865f0423a0ba0dfffcc8d9c5

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Australian Government

HTTP Headers

GET /myapp/app/login_files/css HTTP/1.1
Host: mwj.qtw.mybluehost.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mwj.qtw.mybluehost.me/myapp/app/
Cookie: PHPSESSID=a0b2c8f4b53327f7e4015f3661a1dbce
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 11 Dec 2023 15:34:07 GMT
server: nginx/1.21.6
content-length: 16018
last-modified: Tue, 04 Oct 2022 15:04:42 GMT
accept-ranges: bytes
cache-control: max-age=86400
expires: Tue, 12 Dec 2023 15:34:07 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-newfold-cache-level: 2
x-server-cache: false
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://mwj.qtw.mybluehost.me/myapp/app/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint5F:60:69:C9:59:6D:F1:B5:87:82:8D:B0:57:3C:D9:24:10:FD:74:D1
ValidityMon, 20 Nov 2023 08:08:49 GMT - Mon, 12 Feb 2024 08:08:48 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0 - data
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://mwj.qtw.mybluehost.me
DNT: 1
Connection: keep-alive
Referer: https://mwj.qtw.mybluehost.me/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 07 Dec 2023 04:57:34 GMT
expires: Fri, 06 Dec 2024 04:57:34 GMT
cache-control: public, max-age=31536000
age: 383794
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

mwj.qtw.mybluehost.me/myapp/app/login_files/mgv2-application.css

162.241.30.19

200 OK

48 kB

URL GET HTTP/2
mwj.qtw.mybluehost.me/myapp/app/login_files/mgv2-application.css
IP
162.241.30.19:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://mwj.qtw.mybluehost.me/myapp/app/
Certificate
IssuerLet's Encrypt
Subjectautodiscover.mwj.qtw.mybluehost.me
Fingerprint66:96:65:CD:7B:C4:BC:D7:74:57:BA:3E:92:97:99:F8:EE:09:FB:66
ValiditySat, 02 Dec 2023 19:53:16 GMT - Fri, 01 Mar 2024 19:53:15 GMT

File type
gzip compressed data, from Unix - data
Size
48 kB (47967 bytes)
Hash
2484d8befd8c505a4f73b97253b63de7
334fbd0c137f332d5696254999c23928c388ec5a
d2b5bbfc305667b61052a79a694126992d1d9edfe7ee12e9ebdab5a30a6679cf

HTTP Headers

GET /myapp/app/login_files/mgv2-application.css HTTP/1.1
Host: mwj.qtw.mybluehost.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mwj.qtw.mybluehost.me/myapp/app/
Cookie: PHPSESSID=a0b2c8f4b53327f7e4015f3661a1dbce
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 04 Oct 2022 15:04:42 GMT
accept-ranges: bytes
cache-control: max-age=86400
expires: Tue, 12 Dec 2023 15:34:07 GMT
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-newfold-cache-level: 2
content-type: text/css
date: Mon, 11 Dec 2023 15:34:07 GMT
server: Apache
X-Firefox-Spdy: h2

mwj.qtw.mybluehost.me/myapp/app/login_files/ruxitagentjs_ICA2Vfghjqrux_10243220606153550.js.download

162.241.30.19

200 OK

128 kB

URL GET HTTP/2
mwj.qtw.mybluehost.me/myapp/app/login_files/ruxitagentjs_ICA2Vfghjqrux_10243220606153550.js.download
IP
162.241.30.19:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://mwj.qtw.mybluehost.me/myapp/app/
Certificate
IssuerLet's Encrypt
Subjectautodiscover.mwj.qtw.mybluehost.me
Fingerprint66:96:65:CD:7B:C4:BC:D7:74:57:BA:3E:92:97:99:F8:EE:09:FB:66
ValiditySat, 02 Dec 2023 19:53:16 GMT - Fri, 01 Mar 2024 19:53:15 GMT

File type
gzip compressed data, from Unix - data
Size
128 kB (128145 bytes)
Hash
edad4367cdee8a8148b505824c50a573
3c0cc46cbef3800eb3ccc4b5d08d09746c3ad21d
fc0ebe119aa3d356670382e13581ef5e51944ace458dd65015527463bcc9e8c9

HTTP Headers

GET /myapp/app/login_files/ruxitagentjs_ICA2Vfghjqrux_10243220606153550.js.download HTTP/1.1
Host: mwj.qtw.mybluehost.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mwj.qtw.mybluehost.me/myapp/app/
Cookie: PHPSESSID=a0b2c8f4b53327f7e4015f3661a1dbce
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 04 Oct 2022 15:04:42 GMT
accept-ranges: bytes
cache-control: max-age=86400
expires: Tue, 12 Dec 2023 15:34:07 GMT
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-newfold-cache-level: 2
content-type: application/javascript
date: Mon, 11 Dec 2023 15:34:07 GMT
server: Apache
X-Firefox-Spdy: h2

mwj.qtw.mybluehost.me/myapp/app/login_files/mgv2-vendor.js.download

162.241.30.19

200 OK

63 kB

URL GET HTTP/2
mwj.qtw.mybluehost.me/myapp/app/login_files/mgv2-vendor.js.download
IP
162.241.30.19:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://mwj.qtw.mybluehost.me/myapp/app/
Certificate
IssuerLet's Encrypt
Subjectautodiscover.mwj.qtw.mybluehost.me
Fingerprint66:96:65:CD:7B:C4:BC:D7:74:57:BA:3E:92:97:99:F8:EE:09:FB:66
ValiditySat, 02 Dec 2023 19:53:16 GMT - Fri, 01 Mar 2024 19:53:15 GMT

File type
gzip compressed data, from Unix - data
Size
63 kB (63269 bytes)
Hash
c3e300a7960fbb706240e3db7f27b2f8
3046752e376f3d84a4db9905b34c644d31a4a018
058e529310f6ad3545aa956f0355d4a7aa0a1afafcd85b0b67d749e813eaadae

HTTP Headers

GET /myapp/app/login_files/mgv2-vendor.js.download HTTP/1.1
Host: mwj.qtw.mybluehost.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mwj.qtw.mybluehost.me/myapp/app/
Cookie: PHPSESSID=a0b2c8f4b53327f7e4015f3661a1dbce
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 04 Oct 2022 15:04:42 GMT
accept-ranges: bytes
cache-control: max-age=86400
expires: Tue, 12 Dec 2023 15:34:07 GMT
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-newfold-cache-level: 2
content-type: application/javascript
date: Mon, 11 Dec 2023 15:34:07 GMT
server: Apache
X-Firefox-Spdy: h2

mwj.qtw.mybluehost.me/myapp/app/icons/icon-blugov-info.svg

162.241.30.19

404 Not Found

315 B

URL GET HTTP/2
mwj.qtw.mybluehost.me/myapp/app/icons/icon-blugov-info.svg
IP
162.241.30.19:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://mwj.qtw.mybluehost.me/myapp/app/
Certificate
IssuerLet's Encrypt
Subjectautodiscover.mwj.qtw.mybluehost.me
Fingerprint66:96:65:CD:7B:C4:BC:D7:74:57:BA:3E:92:97:99:F8:EE:09:FB:66
ValiditySat, 02 Dec 2023 19:53:16 GMT - Fri, 01 Mar 2024 19:53:15 GMT

File type
HTML document text - HTML document text - HTML document text - HTML document text - exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Australian Government

HTTP Headers

GET /myapp/app/icons/icon-blugov-info.svg HTTP/1.1
Host: mwj.qtw.mybluehost.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mwj.qtw.mybluehost.me/myapp/app/login_files/blugov.css
Cookie: PHPSESSID=a0b2c8f4b53327f7e4015f3661a1dbce; dtCookie=v_4_srv_-2D10_sn_FTRUB28T399MO0JVB22C7BG0FPL52OO0; rxVisitor=1702308848278J9J1EM74HG4GR3UA2ULEL75J7LO0K3QE; dtPC=-10$108848273_278h1vBCDRCFEIITFPSPESFETHLSWCBMQCEMLP-0e0; rxvt=1702310648285|1702308848280; dtLatC=784; dtSa=-
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
content-length: 315
content-type: text/html; charset=iso-8859-1
date: Mon, 11 Dec 2023 15:34:08 GMT
server: Apache
X-Firefox-Spdy: h2

mwj.qtw.mybluehost.me/myapp/app/blugov/M-myGov-Coloured%20Line.svg

162.241.30.19

404 Not Found

315 B

URL GET HTTP/2
mwj.qtw.mybluehost.me/myapp/app/blugov/M-myGov-Coloured%20Line.svg
IP
162.241.30.19:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://mwj.qtw.mybluehost.me/myapp/app/
Certificate
IssuerLet's Encrypt
Subjectautodiscover.mwj.qtw.mybluehost.me
Fingerprint66:96:65:CD:7B:C4:BC:D7:74:57:BA:3E:92:97:99:F8:EE:09:FB:66
ValiditySat, 02 Dec 2023 19:53:16 GMT - Fri, 01 Mar 2024 19:53:15 GMT

File type
HTML document text - HTML document text - HTML document text - HTML document text - exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Australian Government

HTTP Headers

GET /myapp/app/blugov/M-myGov-Coloured%20Line.svg HTTP/1.1
Host: mwj.qtw.mybluehost.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mwj.qtw.mybluehost.me/myapp/app/
Cookie: PHPSESSID=a0b2c8f4b53327f7e4015f3661a1dbce; dtCookie=v_4_srv_-2D10_sn_FTRUB28T399MO0JVB22C7BG0FPL52OO0; rxVisitor=1702308848278J9J1EM74HG4GR3UA2ULEL75J7LO0K3QE; dtPC=-10$108848273_278h1vBCDRCFEIITFPSPESFETHLSWCBMQCEMLP-0e0; rxvt=1702310648285|1702308848280; dtLatC=784; dtSa=-
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
content-length: 315
content-type: text/html; charset=iso-8859-1
date: Mon, 11 Dec 2023 15:34:08 GMT
server: Apache
X-Firefox-Spdy: h2

161.146.235.204

200 OK

238 B

URL GET HTTP/1.1
login.my.gov.au/mygov/content/mgv2/icons/favicon-16x16.png
IP
161.146.235.204:443
ASN
#18055 Department of Human Services

Requested by
https://mwj.qtw.mybluehost.me/myapp/app/
Certificate
IssuerEntrust, Inc.
Subjectlogin.my.gov.au
Fingerprint3F:38:1C:2B:B0:B1:C1:DB:07:34:27:8D:11:90:AA:91:56:95:97:B2
ValidityWed, 14 Jun 2023 01:29:42 GMT - Sun, 23 Jun 2024 01:29:42 GMT

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced - data
Size
238 B (238 bytes)
Hash
734603b796e313e6b30c5314cfff7a0d
9ef8bcab45a447a173ba98d4e8af6114c30a1aca
5e70f30259d620e25efa88586a8871d5c94113f0b0d7d6f3e817f585891bf154

HTTP Headers

GET /mygov/content/mgv2/icons/favicon-16x16.png HTTP/1.1
Host: login.my.gov.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mwj.qtw.mybluehost.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
accept-ranges: bytes
content-length: 238
content-type: image/png
date: Mon, 11 Dec 2023 15:34:09 GMT
last-modified: Sat, 04 Nov 2023 12:24:00 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
vary: Accept-Encoding
x-frame-options: DENY
x-content-type-options: nosniff
cache-control: max-age=3600,public,must-revalidate
inst: 1a
expires: Mon, 11 Dec 2023 16:34:09 GMT
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubDomains
server-timing: dtRpid;desc="-1727391102"
Set-Cookie: BIGipServerHBZK2i12N308Oa3l35yEhg=!/0ZLGU1U3qeNMbh+/UraNkFBJteO9wodIfrg9je6dHLOG9HxsksMsuZ5vNY1crOL8+MErhIvcY4Log==; expires=Mon, 11-Dec-2023 16:04:09 GMT; path=/; Httponly; Secure; SameSite=none
dtCookie=v_4_srv_48_sn_104B33B9CF8AA694CB63D8602DFB1A50_perc_100000_ol_0_mul_1; Domain=.my.gov.au.; Path=/; SameSite=None; Secure; HttpOnly
PD_STATEFUL_aaa1d6bc-31d2-11e6-b102-0050568e537f=mygov; Path=/; Secure; HttpOnly; SameSite=none
TS0143fa37=01e535258fbe7276b29c8e8443ce1d69469b4f8e09f38f2a37f76b4169bf0a50c150664324af51ec2e4e2f8d0143ccbb4eb2296552903b80e39dcaa2db8c963430093fff2f168d57d2c39690c883c701c3b869e3527fc03b6b332f40404113509667e7b3eb; Path=/; Domain=.login.my.gov.au; SameSite=none; Secure
TS76481464027=082d0e0bfcab2000e81ea679a4bf3ba7dd1a8266fa55ddf4acab644dedbf4cbaf37f411808855cf2083a46419d11300033a8185060e7b811a31f80e2b4d717853f0c4ec88411f483ea5f94fc0949519a5671b3625a944607b63801d50f954c22; Path=/; SameSite=none; Secure

mwj.qtw.mybluehost.me/LoginServices/main/rb_6de8e2e9-6719-45b3-86be-7effcb9f6525?type=js3&sn=v_4_srv_-2D10_sn_FTRUB28T399MO0JVB22C7BG0FPL52OO0&svrid=-10&flavor=post&vi=BCDRCFEIITFPSPESFETHLSWCBMQCEMLP-0&modifiedSince=1664408259780&rf=https%3A%2F%2Fmwj.qtw.mybluehost.me%2Fmyapp%2Fapp%2F&bp=3&app=5f15dc81410a75c1&crc=2178367089&en=gpalpirq&end=1

162.241.30.19

406 Not Acceptable

226 B

URL POST HTTP/2
mwj.qtw.mybluehost.me/LoginServices/main/rb_6de8e2e9-6719-45b3-86be-7effcb9f6525?type=js3&sn=v_4_srv_-2D10_sn_FTRUB28T399MO0JVB22C7BG0FPL52OO0&svrid=-10&flavor=post&vi=BCDRCFEIITFPSPESFETHLSWCBMQCEMLP-0&modifiedSince=1664408259780&rf=https%3A%2F%2Fmwj.qtw.mybluehost.me%2Fmyapp%2Fapp%2F&bp=3&app=5f15dc81410a75c1&crc=2178367089&en=gpalpirq&end=1
IP
162.241.30.19:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://mwj.qtw.mybluehost.me/myapp/app/
Certificate
IssuerLet's Encrypt
Subjectautodiscover.mwj.qtw.mybluehost.me
Fingerprint66:96:65:CD:7B:C4:BC:D7:74:57:BA:3E:92:97:99:F8:EE:09:FB:66
ValiditySat, 02 Dec 2023 19:53:16 GMT - Fri, 01 Mar 2024 19:53:15 GMT

File type
HTML document text - HTML document, ASCII text, with no line terminators
Size
226 B (226 bytes)
Hash
5360980bad11bf9723da89687501effc
1dd1a5c4e08392684b25d8f6cfd7d670b5d9db99
80a265bed528211aa708dcd58f7a95db36eeb7f873c6fe4ddab0b3a1dc0973a4

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Australian Government

HTTP Headers

POST /LoginServices/main/rb_6de8e2e9-6719-45b3-86be-7effcb9f6525?type=js3&sn=v_4_srv_-2D10_sn_FTRUB28T399MO0JVB22C7BG0FPL52OO0&svrid=-10&flavor=post&vi=BCDRCFEIITFPSPESFETHLSWCBMQCEMLP-0&modifiedSince=1664408259780&rf=https%3A%2F%2Fmwj.qtw.mybluehost.me%2Fmyapp%2Fapp%2F&bp=3&app=5f15dc81410a75c1&crc=2178367089&en=gpalpirq&end=1 HTTP/1.1
Host: mwj.qtw.mybluehost.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1270
Origin: https://mwj.qtw.mybluehost.me
DNT: 1
Connection: keep-alive
Referer: https://mwj.qtw.mybluehost.me/myapp/app/
Cookie: PHPSESSID=a0b2c8f4b53327f7e4015f3661a1dbce; dtCookie=v_4_srv_-2D10_sn_FTRUB28T399MO0JVB22C7BG0FPL52OO0; rxVisitor=1702308848278J9J1EM74HG4GR3UA2ULEL75J7LO0K3QE; dtPC=-10$108848273_278h-vBCDRCFEIITFPSPESFETHLSWCBMQCEMLP-0e0; rxvt=1702310648611|1702308848280; dtLatC=784; dtSa=-
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 406 Not Acceptable
content-length: 226
content-type: text/html; charset=iso-8859-1
date: Mon, 11 Dec 2023 15:34:09 GMT
server: Apache
X-Firefox-Spdy: h2

162.241.30.19

406 Not Acceptable

226 B

URL POST HTTP/2
mwj.qtw.mybluehost.me/LoginServices/main/rb_6de8e2e9-6719-45b3-86be-7effcb9f6525?type=js3&sn=v_4_srv_-2D10_sn_FTRUB28T399MO0JVB22C7BG0FPL52OO0&svrid=-10&flavor=post&vi=BCDRCFEIITFPSPESFETHLSWCBMQCEMLP-0&modifiedSince=1664408259780&rf=https%3A%2F%2Fmwj.qtw.mybluehost.me%2Fmyapp%2Fapp%2F&bp=3&app=5f15dc81410a75c1&crc=2917105807&en=gpalpirq&end=1
IP
162.241.30.19:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://mwj.qtw.mybluehost.me/myapp/app/
Certificate
IssuerLet's Encrypt
Subjectautodiscover.mwj.qtw.mybluehost.me
Fingerprint66:96:65:CD:7B:C4:BC:D7:74:57:BA:3E:92:97:99:F8:EE:09:FB:66
ValiditySat, 02 Dec 2023 19:53:16 GMT - Fri, 01 Mar 2024 19:53:15 GMT

File type
HTML document text - HTML document, ASCII text, with no line terminators
Size
226 B (226 bytes)
Hash
5360980bad11bf9723da89687501effc
1dd1a5c4e08392684b25d8f6cfd7d670b5d9db99
80a265bed528211aa708dcd58f7a95db36eeb7f873c6fe4ddab0b3a1dc0973a4

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Australian Government

HTTP Headers

POST /LoginServices/main/rb_6de8e2e9-6719-45b3-86be-7effcb9f6525?type=js3&sn=v_4_srv_-2D10_sn_FTRUB28T399MO0JVB22C7BG0FPL52OO0&svrid=-10&flavor=post&vi=BCDRCFEIITFPSPESFETHLSWCBMQCEMLP-0&modifiedSince=1664408259780&rf=https%3A%2F%2Fmwj.qtw.mybluehost.me%2Fmyapp%2Fapp%2F&bp=3&app=5f15dc81410a75c1&crc=2917105807&en=gpalpirq&end=1 HTTP/1.1
Host: mwj.qtw.mybluehost.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 2334
Origin: https://mwj.qtw.mybluehost.me
DNT: 1
Connection: keep-alive
Referer: https://mwj.qtw.mybluehost.me/myapp/app/
Cookie: PHPSESSID=a0b2c8f4b53327f7e4015f3661a1dbce; dtCookie=v_4_srv_-2D10_sn_FTRUB28T399MO0JVB22C7BG0FPL52OO0; rxVisitor=1702308848278J9J1EM74HG4GR3UA2ULEL75J7LO0K3QE; dtPC=-10$108848273_278h-vBCDRCFEIITFPSPESFETHLSWCBMQCEMLP-0e0; rxvt=1702310648611|1702308848280; dtLatC=784; dtSa=-
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 406 Not Acceptable
content-length: 226
content-type: text/html; charset=iso-8859-1
date: Mon, 11 Dec 2023 15:34:11 GMT
server: Apache
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://mwj.qtw.mybluehost.me/myapp/app/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint5F:60:69:C9:59:6D:F1:B5:87:82:8D:B0:57:3C:D9:24:10:FD:74:D1
ValidityMon, 20 Nov 2023 08:08:49 GMT - Mon, 12 Feb 2024 08:08:48 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15920, version 1.0 - data
Size
16 kB (15920 bytes)
Hash
3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://mwj.qtw.mybluehost.me
DNT: 1
Connection: keep-alive
Referer: https://mwj.qtw.mybluehost.me/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 07 Dec 2023 15:57:09 GMT
expires: Fri, 06 Dec 2024 15:57:09 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
age: 344219
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://mwj.qtw.mybluehost.me/myapp/app/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint5F:60:69:C9:59:6D:F1:B5:87:82:8D:B0:57:3C:D9:24:10:FD:74:D1
ValidityMon, 20 Nov 2023 08:08:49 GMT - Mon, 12 Feb 2024 08:08:48 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0 - data
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://mwj.qtw.mybluehost.me
DNT: 1
Connection: keep-alive
Referer: https://mwj.qtw.mybluehost.me/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 07 Dec 2023 15:46:25 GMT
expires: Fri, 06 Dec 2024 15:46:25 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
age: 344863
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

mwj.qtw.mybluehost.me/myapp/app/login_files/mgv2-application.js.download

162.241.30.19

200 OK

76 kB

URL GET HTTP/2
mwj.qtw.mybluehost.me/myapp/app/login_files/mgv2-application.js.download
IP
162.241.30.19:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://mwj.qtw.mybluehost.me/myapp/app/
Certificate
IssuerLet's Encrypt
Subjectautodiscover.mwj.qtw.mybluehost.me
Fingerprint66:96:65:CD:7B:C4:BC:D7:74:57:BA:3E:92:97:99:F8:EE:09:FB:66
ValiditySat, 02 Dec 2023 19:53:16 GMT - Fri, 01 Mar 2024 19:53:15 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
76 kB (75795 bytes)
Hash
36d05e84bc9762e8caca2ac41617d6ec
05954311fc189a24a0362f8ab2d4e19e63144462
2c237ee02f34af672a7b889a44a32183f8558274bd727ff6d453062240c6d090

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Australian Government

HTTP Headers

GET /myapp/app/login_files/mgv2-application.js.download HTTP/1.1
Host: mwj.qtw.mybluehost.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mwj.qtw.mybluehost.me/myapp/app/
Cookie: PHPSESSID=a0b2c8f4b53327f7e4015f3661a1dbce
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
last-modified: Tue, 04 Oct 2022 15:04:42 GMT
accept-ranges: bytes
cache-control: max-age=86400
expires: Tue, 12 Dec 2023 15:34:07 GMT
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-newfold-cache-level: 2
content-type: application/javascript
date: Mon, 11 Dec 2023 15:34:07 GMT
server: Apache
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (4)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (19)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers