ocsp.pki.goog/gts1c3
142.250.74.3 472 B IP 142.250.74.3:0
Hash 72c6da94ee45fc2dd0f2b2fd8c51b649
e1f2b78c9d5d6c0da8f927dd9efbe4536fcf1eea
ea45a568cf670048ec1944643f14654716430bdc797c3aec2a89b2aeb7575817
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 10 May 2023 00:14:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ajax.googleapis.com/ajax/libs/jquery/3.6.1/jquery.min.js
172.217.21.170 31 kB URL ajax.googleapis.com/ajax/libs/jquery/3.6.1/jquery.min.js
IP 172.217.21.170:0
File type ASCII text, with very long lines (65447)
Hash 00727d1d5d9c90f7de826f1a4a9cc632
ea61688671d0c3044f2c5b2f2c4af0a6620ac6c2
a3cf00c109d907e543bc4f6dbc85eb31068f94515251347e9e57509b52ee3d74
GET /ajax/libs/jquery/3.6.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auspost.ua-site.cloud/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 31100
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 06 May 2023 11:37:50 GMT
expires: Sun, 05 May 2024 11:37:50 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 304579
last-modified: Thu, 08 Sep 2022 18:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
auspost.ua-site.cloud/css/Commonwealth/cba_mainlogo.ac9de6fb5214be84653367c74ba0b5f0.gif
172.67.157.18 4.9 kB URL auspost.ua-site.cloud/css/Commonwealth/cba_mainlogo.ac9de6fb5214be84653367c74ba0b5f0.gif
IP 172.67.157.18:0
File type GIF image data, version 89a, 256 x 46\012- data
Hash ac9de6fb5214be84653367c74ba0b5f0
be61645ad75ab434ce7195268eb453f77314f9ec
4620bea7b8db9ffe1747e9c29910d7ea2ec84a7a3c7416e7a8a70e450073d820
Analyzer Verdict Alert urlquery phishing Phishing - Commonwealth Bank
GET /css/Commonwealth/cba_mainlogo.ac9de6fb5214be84653367c74ba0b5f0.gif HTTP/1.1
Host: auspost.ua-site.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auspost.ua-site.cloud/bank/commonwealth.php?id=d517005
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 10 May 2023 00:14:09 GMT
content-type: image/gif
content-length: 4852
last-modified: Thu, 26 May 2022 19:43:22 GMT
etag: "628fd85a-12f4"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cJmGZLCZuVoawMrhTOUbzMkz1oFY8o95aw%2BgNTzTqlviEo3X6I8xy7mxQ95AduFiW%2FFK4jvbkpmKaeC4W61AsPg48BKWHzhBejYz6Xbnk6RY6wj0cBHhHFbruZDH5RD5KJ9voVTZKiE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c4dfafc68ba0b49-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
auspost.ua-site.cloud/css/Commonwealth/nb-logon-floods.jpg
172.67.157.18200 OK 28 kB URL GET HTTP/3 auspost.ua-site.cloud/css/Commonwealth/nb-logon-floods.jpg
IP 172.67.157.18:443
Requested by https://auspost.ua-site.cloud/bank/commonwealth.php?id=d517005
Certificate IssuerGoogle Trust Services LLC
Subjectua-site.cloud
Fingerprint47:27:40:02:52:72:08:EF:06:58:E3:DD:EE:AF:C0:7E:5D:46:D9:0A
ValidityFri, 05 May 2023 09:06:16 GMT - Thu, 03 Aug 2023 09:06:15 GMT
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 201x101, components 3\012- data
Hash e0bb16b82c279b2df5f1ae2751c13c41
cc04e8a72ac739451daa5e93e023d4c9b7b8c06c
c97ab139820011a8fa74366aeb672f82f7bf0295aa96478620a3c50a49e18a20
GET /css/Commonwealth/nb-logon-floods.jpg HTTP/1.1
Host: auspost.ua-site.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auspost.ua-site.cloud/bank/commonwealth.php?id=d517005
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 10 May 2023 00:14:09 GMT
content-type: image/jpeg
content-length: 28356
last-modified: Thu, 26 May 2022 19:43:22 GMT
etag: "628fd85a-6ec4"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hXZH29zuSHI1rEWS7azc3dQu1Fht2B2tM4D3Uzyi6I63aoJtOa%2Fv2DZV4dknUo4zz3Ph3EpO%2BpxPQUiSZsrhFvRYU7tJ8456CNAKAqEXvT0t7hW7EdQQUDWs8Uru5dwS7sodZ25il3c%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c4dfafc68bb0b49-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
ocsp.pki.goog/gts1c3
142.250.74.3 472 B IP 142.250.74.3:0
Hash 72c6da94ee45fc2dd0f2b2fd8c51b649
e1f2b78c9d5d6c0da8f927dd9efbe4536fcf1eea
ea45a568cf670048ec1944643f14654716430bdc797c3aec2a89b2aeb7575817
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 10 May 2023 00:14:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.my.commbank.com.au/financial.js?url=https%3A%2F%2Fauspost.ua-site.cloud%2Fbank%2Fcommonwealth.php%3Fid%3Dd517005&referrer=
23.38.202.24 0 B URL www.my.commbank.com.au/financial.js?url=https%3A%2F%2Fauspost.ua-site.cloud%2Fbank%2Fcommonwealth.php%3Fid%3Dd517005&referrer=
IP 23.38.202.24:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery phishing Phishing - Commonwealth Bank
GET /financial.js?url=https%3A%2F%2Fauspost.ua-site.cloud%2Fbank%2Fcommonwealth.php%3Fid%3Dd517005&referrer= HTTP/1.1
Host: www.my.commbank.com.au
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auspost.ua-site.cloud/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Moved Temporarily
Location: https://www1.my.commbank.com.au/financial.js?url=https%3A%2F%2Fauspost.ua-site.cloud%2Fbank%2Fcommonwealth.php%3Fid%3Dd517005&referrer=
Server: BigIP
Content-Length: 0
X-EdgeConnect-MidMile-RTT: 22
X-EdgeConnect-Origin-MEX-Latency: 308
Date: Wed, 10 May 2023 00:14:10 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
auspost.ua-site.cloud/css/Commonwealth/sign-out.html
172.67.157.18200 OK 49 kB URL GET HTTP/3 auspost.ua-site.cloud/css/Commonwealth/sign-out.html
IP 172.67.157.18:443
Requested by https://auspost.ua-site.cloud/bank/commonwealth.php?id=d517005
Certificate IssuerGoogle Trust Services LLC
Subjectua-site.cloud
Fingerprint47:27:40:02:52:72:08:EF:06:58:E3:DD:EE:AF:C0:7E:5D:46:D9:0A
ValidityFri, 05 May 2023 09:06:16 GMT - Thu, 03 Aug 2023 09:06:15 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (5440)
Hash 112f41288104b3496b8e5c1b592821f3
120c997df33eb62bd546c749dfa26c589ee69f77
26b9d89566ef22ed8a11e4b35f3e0780151a69b1c7d20a7a44b36a1df4cffc00
Analyzer Verdict Alert fortinet Phishing
GET /css/Commonwealth/sign-out.html HTTP/1.1
Host: auspost.ua-site.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auspost.ua-site.cloud/bank/commonwealth.php?id=d517005
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 10 May 2023 00:14:09 GMT
content-type: text/html
last-modified: Thu, 26 May 2022 19:43:22 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WXjrNh5Xjc8cA8CoPFsGXoI1%2BhSoB9EQS%2FyWMDQDofDSkEMK5a9YZFj65ByalkZs%2BPByJBVWzorUeN8h2zonWqduK3KxD7Qe4RizQRk7bTGWMbkFmlRDW8sbQrcivD%2BLopgbDW%2BcEBA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c4dfafda92b0b49-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
auspost.ua-site.cloud/css/Commonwealth/smartbanner.d1197ec1675a985d0591d2083729fe1a.js
172.67.157.18200 OK 7.5 kB URL GET HTTP/3 auspost.ua-site.cloud/css/Commonwealth/smartbanner.d1197ec1675a985d0591d2083729fe1a.js
IP 172.67.157.18:443
Requested by https://auspost.ua-site.cloud/bank/commonwealth.php?id=d517005
Certificate IssuerGoogle Trust Services LLC
Subjectua-site.cloud
Fingerprint47:27:40:02:52:72:08:EF:06:58:E3:DD:EE:AF:C0:7E:5D:46:D9:0A
ValidityFri, 05 May 2023 09:06:16 GMT - Thu, 03 Aug 2023 09:06:15 GMT
File type Unicode text, UTF-8 text, with very long lines (7880), with no line terminators
Hash c390bf76bfa6ee3c8e317669580d78d4
b6a7e66a838ad933f3fc459deba258f41b68f330
706a404f29e5e198e8961c798886fe837dd26b3cd5f2237d7d17c0ddadbecc11
Analyzer Verdict Alert fortinet Phishing
GET /css/Commonwealth/smartbanner.d1197ec1675a985d0591d2083729fe1a.js HTTP/1.1
Host: auspost.ua-site.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auspost.ua-site.cloud/bank/commonwealth.php?id=d517005
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 10 May 2023 00:14:09 GMT
content-type: application/javascript
last-modified: Thu, 26 May 2022 19:43:22 GMT
etag: W/"628fd85a-1d64"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=26fPiERDgEG6FpWt3Hx9C4hJQCiw%2BQf20Q8GaYMjTOuIbSZ4beYw0XGBs13CQfw3Ek4qUW0cIh34mEPEcs1vw0dDiNjZzSsgo0KW%2BQIrYcoFv15hnesF2FVmCq%2BLM8k408OB7PCeU4Y%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c4dfafc68c50b49-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
auspost.ua-site.cloud/css/Commonwealth/instrumentation-merge.4043785f5795e2e8297bdfe0cdf60f4d.js
172.67.157.18200 OK 20 kB URL GET HTTP/3 auspost.ua-site.cloud/css/Commonwealth/instrumentation-merge.4043785f5795e2e8297bdfe0cdf60f4d.js
IP 172.67.157.18:443
Requested by https://auspost.ua-site.cloud/bank/commonwealth.php?id=d517005
Certificate IssuerGoogle Trust Services LLC
Subjectua-site.cloud
Fingerprint47:27:40:02:52:72:08:EF:06:58:E3:DD:EE:AF:C0:7E:5D:46:D9:0A
ValidityFri, 05 May 2023 09:06:16 GMT - Thu, 03 Aug 2023 09:06:15 GMT
File type ASCII text, with very long lines (11721)
Hash 4043785f5795e2e8297bdfe0cdf60f4d
2f6c06391199d8c4f89f468e398f94fef932798e
7cf46fbfca24dd814d3ef457da79b54ca3a38858a75f6f70ff49343231cc0bf9
Analyzer Verdict Alert urlquery phishing Phishing - Commonwealth Bank
fortinet Phishing
GET /css/Commonwealth/instrumentation-merge.4043785f5795e2e8297bdfe0cdf60f4d.js HTTP/1.1
Host: auspost.ua-site.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auspost.ua-site.cloud/bank/commonwealth.php?id=d517005
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 10 May 2023 00:14:09 GMT
content-type: application/javascript
last-modified: Thu, 26 May 2022 19:43:22 GMT
etag: W/"628fd85a-4de1"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8wjQWtsrGB888EPQnwAQoOHFBB%2FTXovzvra4Kxa2dMyBVdNYaFFkdcmC3EPW7DnA%2BX4JX0%2BhuNP7NQ1yJBvTYgcNSYBIA%2BclVpuEwy8KKKq9dHebfs9g3u9HqQqX5jIPs%2B1%2FQgp4dkc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c4dfafc68c10b49-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
auspost.ua-site.cloud/css/Commonwealth/tracking-merge.8784d605543edaf86ccd7ce9c54ba0eb.js
172.67.157.18200 OK 120 kB URL GET HTTP/3 auspost.ua-site.cloud/css/Commonwealth/tracking-merge.8784d605543edaf86ccd7ce9c54ba0eb.js
IP 172.67.157.18:443
Requested by https://auspost.ua-site.cloud/bank/commonwealth.php?id=d517005
Certificate IssuerGoogle Trust Services LLC
Subjectua-site.cloud
Fingerprint47:27:40:02:52:72:08:EF:06:58:E3:DD:EE:AF:C0:7E:5D:46:D9:0A
ValidityFri, 05 May 2023 09:06:16 GMT - Thu, 03 Aug 2023 09:06:15 GMT
File type ASCII text, with very long lines (62938)
Size 120 kB (119793 bytes)
Hash 8784d605543edaf86ccd7ce9c54ba0eb
1d48fa88879007911570ad8dcbcfa890d3df0f4e
47db8c5a79387f5a1a5c43b4ccd04c9b0633e33ffcdd6bc0d9e68c4686d49413
Analyzer Verdict Alert urlquery phishing Phishing - Commonwealth Bank
fortinet Phishing
GET /css/Commonwealth/tracking-merge.8784d605543edaf86ccd7ce9c54ba0eb.js HTTP/1.1
Host: auspost.ua-site.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auspost.ua-site.cloud/bank/commonwealth.php?id=d517005
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 10 May 2023 00:14:09 GMT
content-type: application/javascript
last-modified: Thu, 26 May 2022 19:43:22 GMT
etag: W/"628fd85a-1d3f1"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kPlxDm9tNJTajw5PuBAV%2BZtt05WcC8C6uOOJ9WhtO53Yr7icclFoiExVX6SMnuCnwl4%2BAcLqhlm9BaX%2BhOVC2Ez4wMcHPxfd0smeNQAyN9x8AbEqFJJh2p6rMSHete%2F%2B%2F7StUFXTE6E%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c4dfafc68bc0b49-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
auspost.ua-site.cloud/css/Commonwealth/core-merge.36971982ebc03a2658d8e51f70007637.js
172.67.157.18200 OK 400 kB URL GET HTTP/3 auspost.ua-site.cloud/css/Commonwealth/core-merge.36971982ebc03a2658d8e51f70007637.js
IP 172.67.157.18:443
Requested by https://auspost.ua-site.cloud/bank/commonwealth.php?id=d517005
Certificate IssuerGoogle Trust Services LLC
Subjectua-site.cloud
Fingerprint47:27:40:02:52:72:08:EF:06:58:E3:DD:EE:AF:C0:7E:5D:46:D9:0A
ValidityFri, 05 May 2023 09:06:16 GMT - Thu, 03 Aug 2023 09:06:15 GMT
File type ASCII text, with very long lines (39928)
Size 400 kB (400180 bytes)
Hash 36971982ebc03a2658d8e51f70007637
389e5799a0321f5fa83d3ac1f14bf86799be4cb2
c1366941e76e519a2aa15c50241f44f81528f5c5765f200c420d70e1fd26b893
Analyzer Verdict Alert urlquery phishing Phishing - Commonwealth Bank
fortinet Phishing
GET /css/Commonwealth/core-merge.36971982ebc03a2658d8e51f70007637.js HTTP/1.1
Host: auspost.ua-site.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auspost.ua-site.cloud/bank/commonwealth.php?id=d517005
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 10 May 2023 00:14:09 GMT
content-type: application/javascript
last-modified: Thu, 26 May 2022 19:43:22 GMT
etag: W/"628fd85a-61b34"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XSrKmIy75TxHImxcApl9OUfSdxsQV4afs7Z6uVKOtEUeMnyrGuRJtZqM9K2KvsjsjoX5fFcjaeFpBgmejiv1TBTerP%2F5kyVKlOHuB7Ggqqy3QEk%2FueQFV6JIELzkpFjET%2BO94unQGpc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c4dfafc68bd0b49-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
auspost.ua-site.cloud/css/Commonwealth/trackingbootstrap.c8068b07c37c03776d99cb952fec6272.js
172.67.157.18200 OK 11 kB URL GET HTTP/3 auspost.ua-site.cloud/css/Commonwealth/trackingbootstrap.c8068b07c37c03776d99cb952fec6272.js
IP 172.67.157.18:443
Requested by https://auspost.ua-site.cloud/bank/commonwealth.php?id=d517005
Certificate IssuerGoogle Trust Services LLC
Subjectua-site.cloud
Fingerprint47:27:40:02:52:72:08:EF:06:58:E3:DD:EE:AF:C0:7E:5D:46:D9:0A
ValidityFri, 05 May 2023 09:06:16 GMT - Thu, 03 Aug 2023 09:06:15 GMT
File type ASCII text, with very long lines (11366), with no line terminators
Hash c8068b07c37c03776d99cb952fec6272
40abb09c948c6deb5789acf6de5d1df21cce3fb6
81bf6b11b38dd4edee209e4783acd0180f5a4660b9123635d6afebe9470e9fd3
Analyzer Verdict Alert urlquery phishing Phishing - Commonwealth Bank
fortinet Phishing
GET /css/Commonwealth/trackingbootstrap.c8068b07c37c03776d99cb952fec6272.js HTTP/1.1
Host: auspost.ua-site.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auspost.ua-site.cloud/bank/commonwealth.php?id=d517005
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 10 May 2023 00:14:09 GMT
content-type: application/javascript
last-modified: Thu, 26 May 2022 19:43:22 GMT
etag: W/"628fd85a-2c66"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4%2BedqcZPVReqajsTA2QPd8ZOK8Mu%2FQ0Ul8kTerXdMA1Qyj42RHU8zw4%2BiErjF11TJOFqDUKw2EC3TWdW%2FTwiA27OxaUgADKWZWmWaDrQ7qF80q0F56Cf7IWBczf5H2Iq1aaWeF%2F9KeA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c4dfafc68bf0b49-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
auspost.ua-site.cloud/css/Commonwealth/signout.html
172.67.157.18200 OK 275 B URL GET HTTP/3 auspost.ua-site.cloud/css/Commonwealth/signout.html
IP 172.67.157.18:443
Requested by https://auspost.ua-site.cloud/bank/commonwealth.php?id=d517005
Certificate IssuerGoogle Trust Services LLC
Subjectua-site.cloud
Fingerprint47:27:40:02:52:72:08:EF:06:58:E3:DD:EE:AF:C0:7E:5D:46:D9:0A
ValidityFri, 05 May 2023 09:06:16 GMT - Thu, 03 Aug 2023 09:06:15 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with no line terminators
Hash 9a5f805483cea3c9465ebc1388fe4cf4
474d2b3a9caa57dc87c5a3e39880ec5a7ed90b7e
feb86313dc4c0874f4ac87290bece99c5589899651879b6433d440a269e94392
Analyzer Verdict Alert fortinet Phishing
GET /css/Commonwealth/signout.html HTTP/1.1
Host: auspost.ua-site.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auspost.ua-site.cloud/bank/commonwealth.php?id=d517005
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 10 May 2023 00:14:09 GMT
content-type: text/html
last-modified: Thu, 26 May 2022 19:43:22 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5JqybjHlxGNurzsVoWHmJkgkFxwb9FNLqELQaCi%2FWXMWZjzIb8k3%2B5Gw9pc3ngunhEAPegaQ74oJjRBO2pZtLM1%2F8qtWWJesfgLYbpuKMxAIuxi62smVCuZ0mHAsv%2BTwNfVX%2BccQ9Ik%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c4dfafdb92f0b49-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
auspost.ua-site.cloud/css/images/hbg.0236e4e9a193069c4e8554db8b06354c.png
172.67.157.18200 OK 35 B URL GET HTTP/3 auspost.ua-site.cloud/css/images/hbg.0236e4e9a193069c4e8554db8b06354c.png
IP 172.67.157.18:443
Requested by https://auspost.ua-site.cloud/bank/commonwealth.php?id=d517005
Certificate IssuerGoogle Trust Services LLC
Subjectua-site.cloud
Fingerprint47:27:40:02:52:72:08:EF:06:58:E3:DD:EE:AF:C0:7E:5D:46:D9:0A
ValidityFri, 05 May 2023 09:06:16 GMT - Thu, 03 Aug 2023 09:06:15 GMT
File type ASCII text, with no line terminators
Hash f587343dc9ef3acbd3eaccb31edc834d
73ae3d935cd10bfadec97370fd8645a0e16bc78e
4b7b64400d2cb92e1827b86fda6ed86051765dab0f92d930b5479440fb3af954
GET /css/images/hbg.0236e4e9a193069c4e8554db8b06354c.png HTTP/1.1
Host: auspost.ua-site.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auspost.ua-site.cloud/css/Commonwealth/logon-merge.8397238ab0ae7a25ea1af4d375f2c3df.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 10 May 2023 00:14:10 GMT
content-type: text/html; charset=UTF-8
cache-control: max-age=14400
cf-cache-status: EXPIRED
last-modified: Tue, 09 May 2023 05:02:48 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n5MrDMIxVqsX8h6QS3iZ%2FNFLzI0tiVuR0h0DcmfzS7mzn07ivkKIsHRsNX%2B0ef36vC0TWSiha4BpqE0M3vnHHEvuy6AJBkyAmmkibAT0PV4IU6mE3g4UDOZjf%2Bvc1SIss4Wv9z5qbus%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c4dfafd89220b49-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
auspost.ua-site.cloud/css/images/logonsprite2.307a0c523f35f709f390895b4720d350.png
172.67.157.18200 OK 35 B URL GET HTTP/3 auspost.ua-site.cloud/css/images/logonsprite2.307a0c523f35f709f390895b4720d350.png
IP 172.67.157.18:443
Requested by https://auspost.ua-site.cloud/bank/commonwealth.php?id=d517005
Certificate IssuerGoogle Trust Services LLC
Subjectua-site.cloud
Fingerprint47:27:40:02:52:72:08:EF:06:58:E3:DD:EE:AF:C0:7E:5D:46:D9:0A
ValidityFri, 05 May 2023 09:06:16 GMT - Thu, 03 Aug 2023 09:06:15 GMT
File type ASCII text, with no line terminators
Hash f587343dc9ef3acbd3eaccb31edc834d
73ae3d935cd10bfadec97370fd8645a0e16bc78e
4b7b64400d2cb92e1827b86fda6ed86051765dab0f92d930b5479440fb3af954
GET /css/images/logonsprite2.307a0c523f35f709f390895b4720d350.png HTTP/1.1
Host: auspost.ua-site.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auspost.ua-site.cloud/css/Commonwealth/logon-merge.8397238ab0ae7a25ea1af4d375f2c3df.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 10 May 2023 00:14:10 GMT
content-type: text/html; charset=UTF-8
cache-control: max-age=14400
cf-cache-status: EXPIRED
last-modified: Tue, 09 May 2023 05:02:48 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6UXIRKDR3G5m5%2FfCxoeoDgpiuzy4pZFTjCgh9tZ3Q0f%2FzygcF7Cb5RP1ZOvmM7mv9YYV9OsMonGmyKist8%2FPqVO95Kvp%2BxKVoX1HdoErs%2B1Q6OhNldmkNrUF13B%2BaW2LKdwckxd%2FYWc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c4dfafdc9310b49-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
auspost.ua-site.cloud/css/Commonwealth/func.f0330340f884763807de32b27dc4c28f.js
172.67.157.18200 OK 85 kB URL GET HTTP/3 auspost.ua-site.cloud/css/Commonwealth/func.f0330340f884763807de32b27dc4c28f.js
IP 172.67.157.18:443
Requested by https://auspost.ua-site.cloud/bank/commonwealth.php?id=d517005
Certificate IssuerGoogle Trust Services LLC
Subjectua-site.cloud
Fingerprint47:27:40:02:52:72:08:EF:06:58:E3:DD:EE:AF:C0:7E:5D:46:D9:0A
ValidityFri, 05 May 2023 09:06:16 GMT - Thu, 03 Aug 2023 09:06:15 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Hash f0330340f884763807de32b27dc4c28f
1b93fd0e1d6d8b882bf0cf73b7601cc1155235ec
c4372f552296dc603163c17a7ab10318e33a05c900089e24d67e9bb904c4fd08
Analyzer Verdict Alert fortinet Phishing
GET /css/Commonwealth/func.f0330340f884763807de32b27dc4c28f.js HTTP/1.1
Host: auspost.ua-site.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auspost.ua-site.cloud/bank/commonwealth.php?id=d517005
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 10 May 2023 00:14:09 GMT
content-type: application/javascript
last-modified: Thu, 26 May 2022 19:43:22 GMT
etag: W/"628fd85a-14aeb"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4%2FWvCmuwUain4GWlgHKLQBZwu5lBhbPBjIHBiM3r1PyaNfrjEpuwtSwDNTSZJMWksCKrHIeVvQu4fzB4YysTy9we%2FJIGdHPFUcF7Uf3hYG8K%2Fjqy%2FOnGbPBDLVQhGdQFLy%2BSpJ0Wgzg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c4dfafc68c30b49-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
auspost.ua-site.cloud/css/Commonwealth/logon-merge.8397238ab0ae7a25ea1af4d375f2c3df.css
172.67.157.18200 OK 32 kB URL GET HTTP/3 auspost.ua-site.cloud/css/Commonwealth/logon-merge.8397238ab0ae7a25ea1af4d375f2c3df.css
IP 172.67.157.18:443
Requested by https://auspost.ua-site.cloud/bank/commonwealth.php?id=d517005
Certificate IssuerGoogle Trust Services LLC
Subjectua-site.cloud
Fingerprint47:27:40:02:52:72:08:EF:06:58:E3:DD:EE:AF:C0:7E:5D:46:D9:0A
ValidityFri, 05 May 2023 09:06:16 GMT - Thu, 03 Aug 2023 09:06:15 GMT
File type ASCII text, with very long lines (31873), with no line terminators
Hash 8397238ab0ae7a25ea1af4d375f2c3df
299454f71219bb8827c6f131d396f167e6e69e6d
700303a27f1a898cfba0febbb9ef126ce76fad6ba65108d3b56c35ea973b73fb
GET /css/Commonwealth/logon-merge.8397238ab0ae7a25ea1af4d375f2c3df.css HTTP/1.1
Host: auspost.ua-site.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auspost.ua-site.cloud/bank/commonwealth.php?id=d517005
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 10 May 2023 00:14:09 GMT
content-type: text/css
last-modified: Thu, 26 May 2022 19:43:22 GMT
etag: W/"628fd85a-7c81"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eHMeKHzeZmr95gY37p9naEvHUsronS4%2FvpRK7WImfaqnVcIcXurf9AMH6%2BNG5j6%2B3ilOk0K85kE1ZXec2YTaLx0rUVcVOmpAluu4UOGetsCHfThkY%2FxmqvKzor6%2FE%2FtpyAhd6I%2B%2FD%2BI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c4dfafc58b90b49-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
www1.my.commbank.com.au/financial.js?url=https%3A%2F%2Fauspost.ua-site.cloud%2Fbank%2Fcommonwealth.php%3Fid%3Dd517005&referrer=
23.38.202.24404 Not Found 0 B URL GET HTTP/1.1 www1.my.commbank.com.au/financial.js?url=https%3A%2F%2Fauspost.ua-site.cloud%2Fbank%2Fcommonwealth.php%3Fid%3Dd517005&referrer=
IP 23.38.202.24:443
Requested by https://auspost.ua-site.cloud/bank/commonwealth.php?id=d517005
Certificate IssuerEntrust, Inc.
Subjectmy.commbank.com.au
FingerprintC1:93:98:7F:05:39:AC:08:31:4A:82:A2:ED:6A:20:C5:A9:61:46:8F
ValidityTue, 28 Jun 2022 02:00:16 GMT - Thu, 27 Jul 2023 02:00:16 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery phishing Phishing - Commonwealth Bank
GET /financial.js?url=https%3A%2F%2Fauspost.ua-site.cloud%2Fbank%2Fcommonwealth.php%3Fid%3Dd517005&referrer= HTTP/1.1
Host: www1.my.commbank.com.au
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://auspost.ua-site.cloud/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Encoding: gzip
Content-Length: 832
X-EdgeConnect-MidMile-RTT: 18
X-EdgeConnect-Origin-MEX-Latency: 318
Date: Wed, 10 May 2023 00:14:11 GMT
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: BIGipServermy.commbank.com.au_Burwood=740433580.35437.0000; path=/; Secure
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload