{"report_id":"f69857b4-c3d1-45c0-af60-b0136326ad65","version":6,"status":"done","tags":["australia","government","phishing"],"date":"2023-12-10T08:57:52Z","url":{"schema":"http","addr":"auservices-alert.tax/intl/secure.php/auservices-alert.tax/auservices-alert.tax/auservices-alert.tax/auservices-alert.tax/auservices-alert.tax/auservices-alert.tax/","fqdn":"auservices-alert.tax","domain":"auservices-alert.tax","tld":"tax"},"ip":{"addr":"172.67.165.61","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"auservices-alert.tax/intl/secure.php","fqdn":"auservices-alert.tax","domain":"auservices-alert.tax","tld":"tax"},"title":"Sign in with myGov - myGov"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-26T08:19:00Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"default"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"fonts.gstatic.com","ip":{"addr":"142.250.74.3","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-09-09 02:40:21","last_seen":"2023-12-09 06:06:20","alert_count":0,"request_count":2,"received_data":33270,"sent_data":1074,"comment":"","tags":null,"fingerprints":null},{"fqdn":"aus5.mozilla.org","ip":{"addr":"35.244.181.201","port":0,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"1998-01-24","domain_rank":2548,"first_seen":"2015-10-27 08:06:24","last_seen":"2023-12-09 05:09:35","alert_count":0,"request_count":1,"received_data":1214,"sent_data":523,"comment":"","tags":null,"fingerprints":null},{"fqdn":"ciscobinary.openh264.org","ip":{"addr":"62.115.252.113","port":0,"asn":1299,"as":"Telia Company AB","country":"Sweden","country_code":"SE"},"domain_registered":"2013-10-19","domain_rank":40822,"first_seen":"2014-10-07 07:43:56","last_seen":"2023-12-09 05:09:36","alert_count":0,"request_count":1,"received_data":512218,"sent_data":305,"comment":"","tags":null,"fingerprints":null},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.250.74.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":8877,"first_seen":"2013-06-10 22:14:26","last_seen":"2023-12-09 07:42:19","alert_count":0,"request_count":1,"received_data":17514,"sent_data":501,"comment":"","tags":null,"fingerprints":null},{"fqdn":"auservices-alert.tax","ip":{"addr":"104.21.73.181","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2023-11-28","domain_rank":0,"first_seen":"2023-11-28 03:01:02","last_seen":"2023-11-28 04:27:56","alert_count":10,"request_count":14,"received_data":631720,"sent_data":7590,"comment":"","tags":null,"fingerprints":null},{"fqdn":"code.jquery.com","ip":{"addr":"151.101.194.137","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2005-12-10","domain_rank":634,"first_seen":"2012-05-21 19:28:02","last_seen":"2023-12-09 08:21:37","alert_count":0,"request_count":1,"received_data":84117,"sent_data":457,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":[{"md5":"152eda253e242e18443ef3282495bc7c","sha1":"ff0fa85565f21ec4931baad4573b4c0bd08c4019","sha256":"8e03090fee16f6e0ee2e436af8e51d0c3deed6d9f0db80dec048e668fc009a48","sha512":"94531e267314de661b2205c606283fb066d781e5c11027578f2a3c3aa353437c2289544074a28101b6b6f0179f0fe6bd890a0ae2bb6e1cf9053650472576366c","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate\n- data","size":511815,"url":{"schema":"http","addr":"ciscobinary.openh264.org/openh264-linux64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip","fqdn":"ciscobinary.openh264.org","domain":"openh264.org","tld":"org"},"ip":{"addr":"62.115.252.113","port":0,"asn":1299,"as":"Telia Company AB","country":"Sweden","country_code":"SE"},"archive":[{"path":"gmpopenh264.info","filename":"gmpopenh264.info","modified":"","Modified":"2019-03-02T16:47:07Z","magic":"ASCII text","size":116,"md5":"3d33cdc0b3d281e67dd52e14435dd04f","sha1":"4db88689282fd4f9e9e6ab95fcbb23df6e6485db","sha256":"f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b","sha512":"a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1","alerts":{"urlquery":null,"analyzer":null}},{"path":"libgmpopenh264.so","filename":"libgmpopenh264.so","modified":"","Modified":"2019-03-02T16:47:26Z","magic":"ELF 64-bit LSB shared object, x86-64, version 1 (SYSV)","size":1381690,"md5":"b2c1253e8a09cfe03b3d7f37de12dff7","sha1":"31835791d3f838d7b7b63e3f6d8a463388dd6b41","sha256":"990004dc8be970eb133c7bb9220c380ffbc19be991476bef446801e2c510640c","sha512":"121f154427c1176f5ab3b1b30b720a8dcc6345517f30e30c8b5598f297a744be0750b75bea6255e1eb653bc6ae2941eb1330d36b3150584caa93db76b2b76f5f","alerts":{"urlquery":null,"analyzer":null}}],"alerts":{"urlquery":null,"analyzer":null}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Australian Government","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Australian Government phishing","tags":["australia","government","phishing"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"auservices-alert.tax/files/js/login.js","fqdn":"auservices-alert.tax","domain":"auservices-alert.tax","tld":"tax"},"ip":{"addr":"104.21.73.181","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"5d5f8084ae54f6646b8478eee08891fd","sha1":"f53fc45a940da16b2a78f4225d2177147dcb1ac0","sha256":"d9264589ed286cac458fe1c922f1ee20cd17377b73c8ec34fe606498f1def4c8","sha512":"ebebd21396e9e769ab51b903641840dbb6b0d0aa9e6b4b9fc14f6b0f4d18321ab5852529df245ea2ce46036e81e4d5d7cfa17af501da96db8399e4dfa66b4b4b","ssdeep":"","tlshash":"fe019c4db90912700603ba554df244401ba1fc6d0222c8157decda92b7eed1ed2537be","size":727,"data":"","first_seen":"2023-07-19T18:08:10Z","last_seen":"2024-08-21T08:49:00.20142Z","times_seen":705,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"code.jquery.com/jquery-3.7.0.js","fqdn":"code.jquery.com","domain":"jquery.com","tld":"com"},"ip":{"addr":"151.101.194.137","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"bce53304d5d3438acfa5fcfae816769f","sha1":"d70fbf2f6aed2c76801d35fd793bf70a9cc060eb","sha256":"265a924c42de4784cba8fd0e1bd77133bc833ea5f5a31fc77e08922c18fcfa43","sha512":"f19e7ef8ad6b07753e51268b286ea83bcb9658185d62c337866762ae73845a9f21d81d5a3a2923e73073957b3c40eaef63d3b11270f640391b48a2a97ea7085b","ssdeep":"6144:1w3mYhct1W7+TC1lmhTzeKRYcYmD2zK8USJsdZQ/coLGVFyygRgL/uaOgeNTIPft:EuYcYmD4/cZQ/coLGVFyzRTiPf7AqqAv","tlshash":"0a54a3d8f78d112e423231aaad2e12cdbb7dd171561454aefd4d497c24a083c83baf7a","size":284996,"data":"","first_seen":"2023-05-19T18:31:32Z","last_seen":"2026-04-18T23:34:05.154171Z","times_seen":4790,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"auservices-alert.tax/files/js/jquery.js","fqdn":"auservices-alert.tax","domain":"auservices-alert.tax","tld":"tax"},"ip":{"addr":"104.21.73.181","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"da00af26ac4ac5a56ffdb41d1242adda","sha1":"d1688a893bc280c7206182077a6a0886b9d172cf","sha256":"880d71e238d522092c9d6534b286d5898a8d0968270e0eea3a457777527e58ae","sha512":"5cd8db90fb0c41799e249b0a84b34520e00e0199aab97c6c38c3e001d8881ad9d1ff5a9422aaaa38ce648c656ac872ebadbef36150c1e8690bd49cbf6531e8b8","ssdeep":"6144:aCfa6/j7/KDT1krl+xFbP8s+JgOO/p89lPuY1BHpkYpHeGEbMcAeQe:apbxFbPuhY89RJjHe3bMc7Qe","tlshash":"4d44c4d9734f116f4b6233aae43b5249ff7dd1b0520551acb58d986c24a081883fafbe","size":272027,"data":"","first_seen":"2023-07-19T18:08:10Z","last_seen":"2024-08-21T08:49:00.184761Z","times_seen":1034,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"auservices-alert.tax/files/js/clientStatus.js","fqdn":"auservices-alert.tax","domain":"auservices-alert.tax","tld":"tax"},"ip":{"addr":"104.21.73.181","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"cf74f2a0fe145c80d4b2b284a76c2d61","sha1":"567890515298391bf79228237e92bd2180e52bf5","sha256":"70b94b7d45c64d68c378083f4b7feb5b8b2b0d107a2775fbb9813e3ddadb85f2","sha512":"82ab82a7ee50422510e6a3c29eefc594c289cb64ee51f73553c9ae773a8919b26e8f995c9209871ef535ff4e34b5f0beb51dee6fe1c2a2dae06e045ccd6c3d96","ssdeep":"","tlshash":"8de04f0ebe0664794a2276a2947b4095192132091252c5207e0da4a29baf94dfa867bc","size":397,"data":"","first_seen":"2023-07-19T18:08:10Z","last_seen":"2024-08-21T08:49:00.200831Z","times_seen":1050,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"auservices-alert.tax/files/img/myGov-cobranded-logo-black.svg","fqdn":"auservices-alert.tax","domain":"auservices-alert.tax","tld":"tax"},"ip":{"addr":"104.21.73.181","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://auservices-alert.tax/intl/secure.php","date":"2023-12-10T08:57:28.785Z","timestamp":1702198648785,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"auservices-alert.tax","organization":""},"issuer":{"commonName":"GTS CA 1P5","organization":"Google Trust Services LLC"},"validity":{"start":"Tue, 28 Nov 2023 00:52:47 GMT","end":"Mon, 26 Feb 2024 00:52:46 GMT"},"fingerprint":{"sha1":"BC:AF:20:AB:C4:F1:A4:B7:F9:F4:4D:60:FB:72:48:4F:B8:8B:55:ED","sha256":"CE:CA:55:E6:A5:13:E9:0E:8E:F2:6D:85:B2:19:DB:6F:23:B5:C4:1E:03:0C:1A:44:99:0B:C1:C1:18:03:37:D0"}}},"request":{"raw":"GET /files/img/myGov-cobranded-logo-black.svg HTTP/1.1\r\nHost: auservices-alert.tax\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://auservices-alert.tax/intl/secure.php\r\nCookie: PHPSESSID=3mk28hf455n2rc9rrbohghal95; allowed=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 10 Dec 2023 08:57:28 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Wed, 08 Nov 2023 13:38:49 GMT\r\nx-content-type-options: nosniff\r\nx-frame-options: sameorigin\r\nx-xss-protection: 1; mode=block\r\nsec-fetch-site: same-origin\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nage: 4\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=ADW9W2KAibAssvdlUH3WTapfy0vp3F74XvfkyUaoN%2F4WtZh%2FL4xGQnPBip9OOiDoU7oMr1x4v8rxHjLDr67wDWg4jHdbmb7kEhq2HIfK6OpDUtNCAzVsf8cHevXxSbPZoJVVwySK1A%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\ncf-ray: 833447d2d8a056bb-OSL\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":20833,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image\n- HTML document, ASCII text, with very long lines (64143), with no line terminators","md5":"b53f20300babca4ebb422e59b888be1f","sha1":"699c5898c6dd9d2b8b949db2e13c8f0b0d29e26b","sha256":"954aa858b3bffb8511bc41bc88b07d2b24597c37faf522550e26c9aa3b0d220d","sha512":"3c8417a8c6b689a876633c18f00558b89334f5bcaf8fcd0242d4ed3120bdc0eebc1f1981642c7337c3f690fbc7b243fd61f08220bc7c0bc3bcb2b2ac8c9ae5a1","ssdeep":"768:pOLsHDCJYU28s5MBiVkYR1utxxmLhtzP4GWWT5m/tW0BhRL26WGiGy5ZGrr:pT+Jo8sifYRIaWgKVl29GiGuZU","tlshash":"fc532f7a5308877b45c3cb84dbda64c9325dd1c3f2faa0c8dba3158b5d128bb95bca11","first_seen":"2023-05-05T04:27:34Z","last_seen":"2026-04-14T09:34:03.838551Z","times_seen":2478,"resource_available":false,"data":null}},"time_used":13,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Australian Government","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Australian Government phishing","tags":["australia","government","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"code.jquery.com/jquery-3.7.0.js","fqdn":"code.jquery.com","domain":"jquery.com","tld":"com"},"ip":{"addr":"151.101.194.137","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://auservices-alert.tax/intl/secure.php","date":"2023-12-10T08:57:28.782Z","timestamp":1702198648782,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.jquery.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 11 Jul 2023 00:00:00 GMT","end":"Sun, 14 Jul 2024 23:59:59 GMT"},"fingerprint":{"sha1":"D2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D","sha256":"B1:CA:3A:23:BA:70:1D:18:3F:EC:99:D7:BE:6D:B2:FD:66:5F:5C:A7:7D:7F:C1:FC:16:D1:FD:89:4B:CC:15:34"}}},"request":{"raw":"GET /jquery-3.7.0.js HTTP/1.1\r\nHost: code.jquery.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://auservices-alert.tax\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://auservices-alert.tax/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ncontent-type: application/javascript; charset=utf-8\r\nlast-modified: Fri, 18 Oct 1991 12:00:00 GMT\r\netag: W/\"28feccc0-45944\"\r\ncache-control: public, max-age=31536000, stale-while-revalidate=604800\r\naccess-control-allow-origin: *\r\ncontent-encoding: gzip\r\nvia: 1.1 varnish, 1.1 varnish\r\naccept-ranges: bytes\r\ndate: Sun, 10 Dec 2023 08:57:28 GMT\r\nage: 7396450\r\nx-served-by: cache-lga13628-LGA, cache-bma1662-BMA\r\nx-cache: HIT, HIT\r\nx-cache-hits: 35, 28611\r\nx-timer: S1702198649.815221,VS0,VE0\r\nvary: Accept-Encoding\r\ncontent-length: 83531\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":83531,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"ASCII text","md5":"bce53304d5d3438acfa5fcfae816769f","sha1":"d70fbf2f6aed2c76801d35fd793bf70a9cc060eb","sha256":"265a924c42de4784cba8fd0e1bd77133bc833ea5f5a31fc77e08922c18fcfa43","sha512":"f19e7ef8ad6b07753e51268b286ea83bcb9658185d62c337866762ae73845a9f21d81d5a3a2923e73073957b3c40eaef63d3b11270f640391b48a2a97ea7085b","ssdeep":"6144:1w3mYhct1W7+TC1lmhTzeKRYcYmD2zK8USJsdZQ/coLGVFyygRgL/uaOgeNTIPft:EuYcYmD4/cZQ/coLGVFyzRTiPf7AqqAv","tlshash":"0a54a3d8f78d112e423231aaad2e12cdbb7dd171561454aefd4d497c24a083c83baf7a","first_seen":"2023-05-19T18:31:32Z","last_seen":"2026-04-18T23:34:05.154171Z","times_seen":4790,"resource_available":true,"data":null}},"time_used":136,"timings":{"blocked":32,"dns":12,"connect":12,"send":0,"wait":8,"receive":51,"ssl":18},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"auservices-alert.tax/files/img/myGov-cobranded-logo-white.svg","fqdn":"auservices-alert.tax","domain":"auservices-alert.tax","tld":"tax"},"ip":{"addr":"104.21.73.181","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://auservices-alert.tax/intl/secure.php","date":"2023-12-10T08:57:28.788Z","timestamp":1702198648788,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"auservices-alert.tax","organization":""},"issuer":{"commonName":"GTS CA 1P5","organization":"Google Trust Services LLC"},"validity":{"start":"Tue, 28 Nov 2023 00:52:47 GMT","end":"Mon, 26 Feb 2024 00:52:46 GMT"},"fingerprint":{"sha1":"BC:AF:20:AB:C4:F1:A4:B7:F9:F4:4D:60:FB:72:48:4F:B8:8B:55:ED","sha256":"CE:CA:55:E6:A5:13:E9:0E:8E:F2:6D:85:B2:19:DB:6F:23:B5:C4:1E:03:0C:1A:44:99:0B:C1:C1:18:03:37:D0"}}},"request":{"raw":"GET /files/img/myGov-cobranded-logo-white.svg HTTP/1.1\r\nHost: auservices-alert.tax\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://auservices-alert.tax/intl/secure.php\r\nCookie: PHPSESSID=3mk28hf455n2rc9rrbohghal95; allowed=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 10 Dec 2023 08:57:28 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Wed, 08 Nov 2023 13:38:48 GMT\r\nx-content-type-options: nosniff\r\nx-frame-options: sameorigin\r\nx-xss-protection: 1; mode=block\r\nsec-fetch-site: same-origin\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nage: 4\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=cm3crObmxbXNr4p6cbvugHvGvzzNig%2BbpcNu4rrsOGzlK9J40av78IaG3oCU3pmCN9Y1PUjh4K9ZS1rI2IOjqeh1f2L3wR3EfjLw09H6fqJr%2FpP1S4mHuaeYCSrFVilKEgcxCd0M1Q%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\ncf-ray: 833447d2d8a256bb-OSL\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":25960,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image\n- HTML document, ASCII text, with very long lines (64140), with no line terminators","md5":"de646b2f77f5fa27d55a01bbb9cf584e","sha1":"33316eb871adf6e08af7c780eb15872549d08dc3","sha256":"10b11a7c97b90bcf7ad520ac94c5769d08540ce1ee3b84d487c587bf128e3388","sha512":"e9045ed1fc7c7820e37a6ae88fadb685a79a5d162676fa81360081824bb4ef63dae66ae0d62337d81668eb83998b26ee6404faf0fb299c03cc52e505ad027354","ssdeep":"768:bOLsHDCJYU28s5MBiVkYR1utxxmLhtzP4GWWT5m/tW0BhRL26WGiGy5ZGrr:bT+Jo8sifYRIaWgKVl29GiGuZU","tlshash":"9e532f7a5308877b45c3cb84dbda64c9325dd1c3f2faa0c8dba3158b5d128bb95bca11","first_seen":"2023-05-05T04:27:34Z","last_seen":"2026-04-14T09:34:03.833086Z","times_seen":2413,"resource_available":true,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Australian Government","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Australian Government phishing","tags":["australia","government","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.3","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://auservices-alert.tax/intl/secure.php","date":"2023-12-10T08:57:29.019Z","timestamp":1702198649019,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"GTS CA 1C3","organization":"Google Trust Services LLC"},"validity":{"start":"Mon, 20 Nov 2023 08:08:49 GMT","end":"Mon, 12 Feb 2024 08:08:48 GMT"},"fingerprint":{"sha1":"5F:60:69:C9:59:6D:F1:B5:87:82:8D:B0:57:3C:D9:24:10:FD:74:D1","sha256":"80:CC:7B:86:3B:74:87:87:51:57:4E:D5:46:B4:9E:75:8C:D9:BA:D5:3D:29:B0:19:02:4F:62:61:AA:42:DF:C9"}}},"request":{"raw":"GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://auservices-alert.tax\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 15744\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 07 Dec 2023 04:57:34 GMT\r\nexpires: Fri, 06 Dec 2024 04:57:34 GMT\r\ncache-control: public, max-age=31536000\r\nage: 273595\r\nlast-modified: Wed, 11 May 2022 19:24:48 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":15744,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\n- data","md5":"15d9f621c3bd1599f0169dcf0bd5e63e","sha1":"7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52","sha256":"f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615","sha512":"d35a47162fc160cd5f806c3bb7feb50ec96fdfc81753660ead22ef33f89be6b1bfd63d1135f6b479d35c2e9d30f2360ffc8819efca672270e230635bcb206c82","ssdeep":"384:z1TLklSElcS5V6qQTMUP07JwirW6RlLwK79/:p7EJ5E2bJwi5jLwK79/","tlshash":"8162e00158a163ade9b2327ed10b1b91c40660a27d2504e8c6e4fc95fe3d7ed5487b76","first_seen":"2023-04-05T08:15:27Z","last_seen":"2026-04-19T21:51:14.922632Z","times_seen":158959,"resource_available":true,"data":null}},"time_used":146,"timings":{"blocked":67,"dns":1,"connect":7,"send":0,"wait":8,"receive":2,"ssl":54},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.3","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://auservices-alert.tax/intl/secure.php","date":"2023-12-10T08:57:29.034Z","timestamp":1702198649034,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"GTS CA 1C3","organization":"Google Trust Services LLC"},"validity":{"start":"Mon, 20 Nov 2023 08:08:49 GMT","end":"Mon, 12 Feb 2024 08:08:48 GMT"},"fingerprint":{"sha1":"5F:60:69:C9:59:6D:F1:B5:87:82:8D:B0:57:3C:D9:24:10:FD:74:D1","sha256":"80:CC:7B:86:3B:74:87:87:51:57:4E:D5:46:B4:9E:75:8C:D9:BA:D5:3D:29:B0:19:02:4F:62:61:AA:42:DF:C9"}}},"request":{"raw":"GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://auservices-alert.tax\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 15860\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 07 Dec 2023 15:46:25 GMT\r\nexpires: Fri, 06 Dec 2024 15:46:25 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Wed, 11 May 2022 19:24:42 GMT\r\ncontent-type: font/woff2\r\nage: 234664\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":15860,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\n- data","md5":"e9f5aaf547f165386cd313b995dddd8e","sha1":"acdef5603c2387b0e5bffd744b679a24a8bc1968","sha256":"f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860","sha512":"2a71edb5490f286642a874d52a1969f54282bc43cb24e8d5a297e13b320321fb7b7af5524eac609cf5f95ee08d5e4ec5803e2a3c8d13c09f6cc38713c665d0ce","ssdeep":"384:S7qmPTF4N21t//YW2FS6+1XxrsbGmjlAbvqMmtCN:S621tHY4xwbGmjloSM7N","tlshash":"1a62d0058ba5850bf5b907fb0e1ab7ee30664b523c8c42278348073970db47a6b2b1fd","first_seen":"2023-04-05T14:47:55Z","last_seen":"2026-04-19T21:32:17.144082Z","times_seen":90200,"resource_available":false,"data":null}},"time_used":188,"timings":{"blocked":89,"dns":1,"connect":7,"send":0,"wait":9,"receive":1,"ssl":63},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"auservices-alert.tax/files/img/favicon.png","fqdn":"auservices-alert.tax","domain":"auservices-alert.tax","tld":"tax"},"ip":{"addr":"104.21.73.181","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://auservices-alert.tax/intl/secure.php","date":"2023-12-10T08:57:29.140Z","timestamp":1702198649140,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"auservices-alert.tax","organization":""},"issuer":{"commonName":"GTS CA 1P5","organization":"Google Trust Services LLC"},"validity":{"start":"Tue, 28 Nov 2023 00:52:47 GMT","end":"Mon, 26 Feb 2024 00:52:46 GMT"},"fingerprint":{"sha1":"BC:AF:20:AB:C4:F1:A4:B7:F9:F4:4D:60:FB:72:48:4F:B8:8B:55:ED","sha256":"CE:CA:55:E6:A5:13:E9:0E:8E:F2:6D:85:B2:19:DB:6F:23:B5:C4:1E:03:0C:1A:44:99:0B:C1:C1:18:03:37:D0"}}},"request":{"raw":"GET /files/img/favicon.png HTTP/1.1\r\nHost: auservices-alert.tax\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://auservices-alert.tax/intl/secure.php\r\nCookie: PHPSESSID=3mk28hf455n2rc9rrbohghal95; allowed=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 10 Dec 2023 08:57:29 GMT\r\ncontent-type: image/png\r\ncontent-length: 238\r\nlast-modified: Wed, 08 Nov 2023 13:38:49 GMT\r\nx-content-type-options: nosniff\r\nx-frame-options: sameorigin\r\nx-xss-protection: 1; mode=block\r\nsec-fetch-site: same-origin\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nage: 5\r\naccept-ranges: bytes\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=4Ap2DCJkzsY8jOPGZ5Og3V3tEVDjnIR08RNzI9Ny%2F%2BMHdTPs6LKVb4fcFIlYgX1GADeaP1Oiv%2F6k4urVCc6lidyEronrsEzRQXU%2F6onhPGbwqtQ4QTok8yaquVx%2BGwB0i0NkHgJijg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\ncf-ray: 833447d51a8156bb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":238,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\n- data","md5":"734603b796e313e6b30c5314cfff7a0d","sha1":"9ef8bcab45a447a173ba98d4e8af6114c30a1aca","sha256":"5e70f30259d620e25efa88586a8871d5c94113f0b0d7d6f3e817f585891bf154","sha512":"747a27c58f5395436643d58de585c2cd4870a171b99f9dd3480dc112034426702cfdfafb5c006abfba092d00254d31b51c9a6ae2971a007b980370eb5d43e354","ssdeep":"","tlshash":"edd097e4b5a49d64c5dad1351ba0d1038ca31323483103af2a4b982806b1c0d08f6a00","first_seen":"2023-05-09T01:10:32Z","last_seen":"2026-03-20T04:21:32.678736Z","times_seen":1482,"resource_available":false,"data":null}},"time_used":8,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":7,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Australian Government","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Australian Government phishing","tags":["australia","government","phishing"],"meta":null}]}},{"url":{"schema":"http","addr":"aus5.mozilla.org/update/3/GMP/111.0a1/20230218104546/Linux_x86_64-gcc3/null/default/Linux%205.15.0-76-generic%20(GTK%203.24.34%2Clibpulse%20not-available)/default/default/update.xml","fqdn":"aus5.mozilla.org","domain":"mozilla.org","tld":"org"},"ip":{"addr":"35.244.181.201","port":0,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2023-12-10T08:57:46.219814395Z","timestamp":1702198666219,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /update/3/GMP/111.0a1/20230218104546/Linux_x86_64-gcc3/null/default/Linux%205.15.0-76-generic%20(GTK%203.24.34%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1\r\nHost: aus5.mozilla.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nCache-Control: no-cache\r\nPragma: no-cache\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\nrule-id: unknown\r\nrule-data-version: unknown\r\ncontent-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/aus.content-signature.mozilla.org-2024-01-19-16-42-22.chain; p384ecdsa=kMCK8vkv3ntbh5AKLWc5je7suMtvE4VTPYwSPfxTmaTSz5d0V6htiwrYFDE9JrfT1BmsQNS5aIP6i4766BclzZ1y7GegfnKZ97awCvEW-zGxNobvymFSR2LH31DLwBXC\r\nstrict-transport-security: max-age=31536000;\r\nx-content-type-options: nosniff\r\ncontent-security-policy: default-src 'none'; frame-ancestors 'none'\r\nx-proxy-cache-status: EXPIRED\r\ncontent-encoding: gzip\r\nvia: 1.1 google\r\ndate: Sun, 10 Dec 2023 08:57:09 GMT\r\ncontent-type: text/xml; charset=utf-8\r\nvary: Accept-Encoding\r\ncontent-length: 444\r\nage: 37\r\ncache-control: public,max-age=90\r\nalt-svc: clear\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":444,"size_decoded":0,"mime_type":"text/xml; charset=utf-8","magic":"XML 1.0 document text\n- XML document, ASCII text, with very long lines (332)","md5":"3b324dec137a87ef7e24a30a65b13dd0","sha1":"c0faa95b2f1018e264b3a14aaf50d1003e6c27b3","sha256":"6cd0b591d9239fc8564627e92a804fc261951b1cbaf5fa58a8ada3cc13f51463","sha512":"eee5d0a6354c5cfafdba69236359dbb38be1d7cbfd841230c07617fa3d8982751d8ddbe4f3b9c533a277e836b28a2f483d8ddc79aa09573ca9d49fc16341c061","ssdeep":"","tlshash":"54011069bdb5f89100860aa76626c8015a232287e1541888b8df5fc04f9b9b4536f09d","first_seen":"2023-10-13T18:17:52Z","last_seen":"2025-06-20T01:29:36.566077Z","times_seen":185315,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"ciscobinary.openh264.org/openh264-linux64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip","fqdn":"ciscobinary.openh264.org","domain":"openh264.org","tld":"org"},"ip":{"addr":"62.115.252.113","port":0,"asn":1299,"as":"Telia Company AB","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2023-12-10T08:57:46.434964561Z","timestamp":1702198666434,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /openh264-linux64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip HTTP/1.1\r\nHost: ciscobinary.openh264.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Thu, 16 Nov 2023 07:38:15 GMT\r\nETag: 152eda253e242e18443ef3282495bc7c\r\nContent-Length: 511815\r\nAccept-Ranges: bytes\r\nX-Timestamp: 1700120294.87662\r\nContent-Type: application/zip\r\nX-Trans-Id: tx15b69f172b404fa58b2bb-006555fb11dfw1\r\nCache-Control: public, max-age=180164\r\nExpires: Tue, 12 Dec 2023 11:00:30 GMT\r\nDate: Sun, 10 Dec 2023 08:57:46 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":511815,"size_decoded":0,"mime_type":"application/zip","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate\n- data","md5":"152eda253e242e18443ef3282495bc7c","sha1":"ff0fa85565f21ec4931baad4573b4c0bd08c4019","sha256":"8e03090fee16f6e0ee2e436af8e51d0c3deed6d9f0db80dec048e668fc009a48","sha512":"94531e267314de661b2205c606283fb066d781e5c11027578f2a3c3aa353437c2289544074a28101b6b6f0179f0fe6bd890a0ae2bb6e1cf9053650472576366c","ssdeep":"12288:tnLGiHK1hLMRqmDWebRbi9bh4FnQ72frEDZwin7rX3xWrSgvkRfDH:tqiK/M7Nli9bWdQ7sQ1vO5sRbH","tlshash":"fcb423d0eeb462b2fd70d1ba59465870184eb54beb5f322e731e103e28bbe59b35c064","first_seen":"2023-04-05T03:30:47Z","last_seen":"2025-03-24T20:26:10.792856Z","times_seen":32987,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"auservices-alert.tax/files/js/login.js","fqdn":"auservices-alert.tax","domain":"auservices-alert.tax","tld":"tax"},"ip":{"addr":"104.21.73.181","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://auservices-alert.tax/intl/secure.php","date":"2023-12-10T08:57:28.787Z","timestamp":1702198648787,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"auservices-alert.tax","organization":""},"issuer":{"commonName":"GTS CA 1P5","organization":"Google Trust Services LLC"},"validity":{"start":"Tue, 28 Nov 2023 00:52:47 GMT","end":"Mon, 26 Feb 2024 00:52:46 GMT"},"fingerprint":{"sha1":"BC:AF:20:AB:C4:F1:A4:B7:F9:F4:4D:60:FB:72:48:4F:B8:8B:55:ED","sha256":"CE:CA:55:E6:A5:13:E9:0E:8E:F2:6D:85:B2:19:DB:6F:23:B5:C4:1E:03:0C:1A:44:99:0B:C1:C1:18:03:37:D0"}}},"request":{"raw":"GET /files/js/login.js HTTP/1.1\r\nHost: auservices-alert.tax\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://auservices-alert.tax/intl/secure.php\r\nCookie: PHPSESSID=3mk28hf455n2rc9rrbohghal95; allowed=1\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 10 Dec 2023 08:57:28 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Wed, 08 Nov 2023 13:38:47 GMT\r\nvary: Accept-Encoding\r\nx-content-type-options: nosniff\r\nx-frame-options: sameorigin\r\nx-xss-protection: 1; mode=block\r\nsec-fetch-site: same-origin\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nage: 4\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=0LtL2o%2FN81cwB38CdIACpQgxgNkrAHCvNrTZxhMRuABp0UL6zn%2FVrp5bEcTAVm3x9JEnmiI0X1%2BSOQ4bsIdowlhi85rfbFaib9TgTkps5p%2F7z1ZZwNJP70fzKMLq118kB2jcrTLVnQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 833447d2d8a156bb-OSL\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1279,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text","md5":"5d5f8084ae54f6646b8478eee08891fd","sha1":"f53fc45a940da16b2a78f4225d2177147dcb1ac0","sha256":"d9264589ed286cac458fe1c922f1ee20cd17377b73c8ec34fe606498f1def4c8","sha512":"ebebd21396e9e769ab51b903641840dbb6b0d0aa9e6b4b9fc14f6b0f4d18321ab5852529df245ea2ce46036e81e4d5d7cfa17af501da96db8399e4dfa66b4b4b","ssdeep":"","tlshash":"fe019c4db90912700603ba554df244401ba1fc6d0222c8157decda92b7eed1ed2537be","first_seen":"2023-07-19T18:08:10Z","last_seen":"2024-08-21T08:49:00.20142Z","times_seen":705,"resource_available":true,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Australian Government","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Australian Government phishing","tags":["australia","government","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"auservices-alert.tax/files/incl/action.php?type=clientStatus","fqdn":"auservices-alert.tax","domain":"auservices-alert.tax","tld":"tax"},"ip":{"addr":"104.21.73.181","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://auservices-alert.tax/intl/secure.php","date":"2023-12-10T08:57:31.989Z","timestamp":1702198651989,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"auservices-alert.tax","organization":""},"issuer":{"commonName":"GTS CA 1P5","organization":"Google Trust Services LLC"},"validity":{"start":"Tue, 28 Nov 2023 00:52:47 GMT","end":"Mon, 26 Feb 2024 00:52:46 GMT"},"fingerprint":{"sha1":"BC:AF:20:AB:C4:F1:A4:B7:F9:F4:4D:60:FB:72:48:4F:B8:8B:55:ED","sha256":"CE:CA:55:E6:A5:13:E9:0E:8E:F2:6D:85:B2:19:DB:6F:23:B5:C4:1E:03:0C:1A:44:99:0B:C1:C1:18:03:37:D0"}}},"request":{"raw":"GET /files/incl/action.php?type=clientStatus HTTP/1.1\r\nHost: auservices-alert.tax\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Requested-With: XMLHttpRequest\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://auservices-alert.tax/intl/secure.php\r\nCookie: PHPSESSID=3mk28hf455n2rc9rrbohghal95; allowed=1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 10 Dec 2023 08:57:32 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nx-content-type-options: nosniff\r\nx-frame-options: sameorigin\r\nx-xss-protection: 1; mode=block\r\nsec-fetch-site: same-origin\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=h1BcNLsY3rv5OL%2BaA%2FGvPEkEiQYJ1Jnnir8fBG7%2Fba4apmQH6j56z2GZ9%2BCLBWtQK%2Fpxf2NHLxX6nrP%2FXUBYp8zLYFWcRHXuNMkQ79JvqxCVdVsTciGZSmr5wezhUZMk%2FRd9YQwwiQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 833447e6e96c56bb-OSL\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1799,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with very long lines (1799), with no line terminators","md5":"7d5cc7a5cb52442b3046221f8b3f5d3b","sha1":"cdf56d3f5f086b06bc8b4d96203b955305b6317f","sha256":"4301d18f057dcd0a60bdeead0c8ed67e3a3aa99ca8d6ab6e84afd82ffc68d3ea","sha512":"493fa0e46e440d6c44bafcbe5ddfac125f20ede63e51dd353ecf1824518a683f4a30d87854f8876dcbfa0f5d73aa5dfd4ad7faa9d619a957b9ffea5aa4cc53d5","ssdeep":"","tlshash":"b8313348c17008b007d48376bcbc595545ba46a4f1d0f8acefe98b3d8578eefa1b0957","first_seen":"2023-12-10T09:57:56Z","last_seen":"2023-12-10T09:57:56Z","times_seen":1,"resource_available":false,"data":null}},"time_used":189,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":189,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"auservices-alert.tax/files/css/mgv2-application.css","fqdn":"auservices-alert.tax","domain":"auservices-alert.tax","tld":"tax"},"ip":{"addr":"104.21.73.181","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://auservices-alert.tax/intl/secure.php","date":"2023-12-10T08:57:28.775Z","timestamp":1702198648775,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"auservices-alert.tax","organization":""},"issuer":{"commonName":"GTS CA 1P5","organization":"Google Trust Services LLC"},"validity":{"start":"Tue, 28 Nov 2023 00:52:47 GMT","end":"Mon, 26 Feb 2024 00:52:46 GMT"},"fingerprint":{"sha1":"BC:AF:20:AB:C4:F1:A4:B7:F9:F4:4D:60:FB:72:48:4F:B8:8B:55:ED","sha256":"CE:CA:55:E6:A5:13:E9:0E:8E:F2:6D:85:B2:19:DB:6F:23:B5:C4:1E:03:0C:1A:44:99:0B:C1:C1:18:03:37:D0"}}},"request":{"raw":"GET /files/css/mgv2-application.css HTTP/1.1\r\nHost: auservices-alert.tax\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://auservices-alert.tax/intl/secure.php\r\nCookie: PHPSESSID=3mk28hf455n2rc9rrbohghal95; allowed=1\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 10 Dec 2023 08:57:28 GMT\r\ncontent-type: text/css\r\nlast-modified: Wed, 08 Nov 2023 13:38:48 GMT\r\nvary: Accept-Encoding\r\nx-content-type-options: nosniff\r\nx-frame-options: sameorigin\r\nx-xss-protection: 1; mode=block\r\nsec-fetch-site: same-origin\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nage: 4\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=%2FsGI8avb96%2B77f9DFBrofVdb4y1Ogh0qNfSJ6dCEMyzfSZWvLG3OlOSJyCM758izw8RkGYfhTi6s7SHTFyxQ0cOAgTq%2FTuVNB8%2BUBszA9relu7MTIUssu2C9njSVW3kr8T1f1uyT4A%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 833447d2c89356bb-OSL\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":127809,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (59825)","md5":"dc1b3b3e5043dd0f04efd60c46ac3953","sha1":"a3d401b405720346eed630f13bd2c792af27a05b","sha256":"4da7bbf336eb443d346f3fe3604ccbcde366b43df36f87434334d54fa1aa0ed7","sha512":"5a184ff91ad659ad8529738969ee30e74b52fe31054cd9c7d9c2565913600f296eb6567bd6cd88998c73f1750352b99d9964f17faa507c62aba7757ce7048906","ssdeep":"768:cbSf1xHTSkGI1VGIOX5mSXpYQS1OTCsg9mFTYiLT1aCGjbrqp80zhoq+b4vuwCxK:IW1xsGOJmSHTNjGjbrqp80zs4dwMxFvj","tlshash":"edc309a28db0322da557c52df8d2a78c3738a121d2468fbafc1161e9c7ce2d4193775d","first_seen":"2023-04-18T10:39:08Z","last_seen":"2025-03-08T17:13:22.954827Z","times_seen":1238,"resource_available":false,"data":null}},"time_used":14,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Australian Government","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Australian Government phishing","tags":["australia","government","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"auservices-alert.tax/files/css/page.css","fqdn":"auservices-alert.tax","domain":"auservices-alert.tax","tld":"tax"},"ip":{"addr":"104.21.73.181","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://auservices-alert.tax/intl/secure.php","date":"2023-12-10T08:57:28.780Z","timestamp":1702198648780,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"auservices-alert.tax","organization":""},"issuer":{"commonName":"GTS CA 1P5","organization":"Google Trust Services LLC"},"validity":{"start":"Tue, 28 Nov 2023 00:52:47 GMT","end":"Mon, 26 Feb 2024 00:52:46 GMT"},"fingerprint":{"sha1":"BC:AF:20:AB:C4:F1:A4:B7:F9:F4:4D:60:FB:72:48:4F:B8:8B:55:ED","sha256":"CE:CA:55:E6:A5:13:E9:0E:8E:F2:6D:85:B2:19:DB:6F:23:B5:C4:1E:03:0C:1A:44:99:0B:C1:C1:18:03:37:D0"}}},"request":{"raw":"GET /files/css/page.css HTTP/1.1\r\nHost: auservices-alert.tax\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://auservices-alert.tax/intl/secure.php\r\nCookie: PHPSESSID=3mk28hf455n2rc9rrbohghal95; allowed=1\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 10 Dec 2023 08:57:28 GMT\r\ncontent-type: text/css\r\nlast-modified: Wed, 08 Nov 2023 13:38:48 GMT\r\nvary: Accept-Encoding\r\nx-content-type-options: nosniff\r\nx-frame-options: sameorigin\r\nx-xss-protection: 1; mode=block\r\nsec-fetch-site: same-origin\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nage: 4\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=viBa6c7w8ZbkXlhnZ3k0dXXmwVgw3%2BbT%2FKjQZnIIIN93ttn7TUUIm2TJPsOxfcmCmFefcN4%2FTQKmATz4eRAsuWQdq33Aahfubvzsa3qOeLyWQ1GicEq%2BwvjSUzy4wYgPZV1E17jFkA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 833447d2c89856bb-OSL\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3298,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (3693), with no line terminators","md5":"77413232682900e41dda93f606c6e61b","sha1":"41ae2a16215d79273718ae59ae7df640823547ef","sha256":"db28002de241acb14290140e8fb2af832edb0c978313bd2f2bcfbca8c2768e40","sha512":"e670e4936d4e35d06b0a643e34256eff0ecb4feb572cdcd6cb8239ccef10b60c0bcff2c43d6399b5974d728f96a11b449254266826f207dfd5f80e33235798b8","ssdeep":"","tlshash":"f371cd185e1a3a76fe52c86c3ce38a87120eb41bc152866e7fc05644c3e759ca96177e","first_seen":"2023-07-19T18:08:10Z","last_seen":"2024-08-21T08:49:00.195799Z","times_seen":554,"resource_available":false,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Australian Government","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Australian Government phishing","tags":["australia","government","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"auservices-alert.tax/files/js/clientStatus.js","fqdn":"auservices-alert.tax","domain":"auservices-alert.tax","tld":"tax"},"ip":{"addr":"104.21.73.181","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://auservices-alert.tax/intl/secure.php","date":"2023-12-10T08:57:28.784Z","timestamp":1702198648784,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"auservices-alert.tax","organization":""},"issuer":{"commonName":"GTS CA 1P5","organization":"Google Trust Services LLC"},"validity":{"start":"Tue, 28 Nov 2023 00:52:47 GMT","end":"Mon, 26 Feb 2024 00:52:46 GMT"},"fingerprint":{"sha1":"BC:AF:20:AB:C4:F1:A4:B7:F9:F4:4D:60:FB:72:48:4F:B8:8B:55:ED","sha256":"CE:CA:55:E6:A5:13:E9:0E:8E:F2:6D:85:B2:19:DB:6F:23:B5:C4:1E:03:0C:1A:44:99:0B:C1:C1:18:03:37:D0"}}},"request":{"raw":"GET /files/js/clientStatus.js HTTP/1.1\r\nHost: auservices-alert.tax\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://auservices-alert.tax/intl/secure.php\r\nCookie: PHPSESSID=3mk28hf455n2rc9rrbohghal95; allowed=1\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 10 Dec 2023 08:57:28 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Wed, 08 Nov 2023 13:38:47 GMT\r\nvary: Accept-Encoding\r\nx-content-type-options: nosniff\r\nx-frame-options: sameorigin\r\nx-xss-protection: 1; mode=block\r\nsec-fetch-site: same-origin\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nage: 4\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=k83P0YOJnmjDk%2BUpdvW1DIvM%2BtMDgb17Ml%2BtCqTdhSY5DLoei0q6sxY2XYZqU3vEYQadzNKaDaq9HCOncxb454gW%2B6FmAPze0rT731gPb1D2R0Kh6Bzyo4SAug%2FEN%2Bqezb2WQqOjDg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 833447d2d89f56bb-OSL\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":397,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (413), with no line terminators","md5":"eb47d18525565b0e30f12ed5b2884d2d","sha1":"0a302c27abb001dffda3a284bf2d08a8c7b50a23","sha256":"ca7c77aa3f00071673ad0fec0585b9690d746e9b685bfe5bec054e784aa75b36","sha512":"dcc450d7270230b3285635b505dcb888a9f604c353c3e1af5127cea678f4f2a85b31c4d0b9ca4dc0e097f0e54a613b7edf77b75f0b3715b2ae9c413b3dcf3088","ssdeep":"","tlshash":"8de04f0ebe0664794a2276a2947b4095192132091252c5207e0da4a29baf94dfa867bc","first_seen":"2023-07-19T18:08:10Z","last_seen":"2024-08-21T08:49:00.186743Z","times_seen":723,"resource_available":false,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Australian Government","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Australian Government phishing","tags":["australia","government","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"auservices-alert.tax/intl/secure.php","fqdn":"auservices-alert.tax","domain":"auservices-alert.tax","tld":"tax"},"ip":{"addr":"104.21.73.181","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2023-12-10T08:57:28.209Z","timestamp":1702198648209,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"auservices-alert.tax","organization":""},"issuer":{"commonName":"GTS CA 1P5","organization":"Google Trust Services LLC"},"validity":{"start":"Tue, 28 Nov 2023 00:52:47 GMT","end":"Mon, 26 Feb 2024 00:52:46 GMT"},"fingerprint":{"sha1":"BC:AF:20:AB:C4:F1:A4:B7:F9:F4:4D:60:FB:72:48:4F:B8:8B:55:ED","sha256":"CE:CA:55:E6:A5:13:E9:0E:8E:F2:6D:85:B2:19:DB:6F:23:B5:C4:1E:03:0C:1A:44:99:0B:C1:C1:18:03:37:D0"}}},"request":{"raw":"GET /intl/secure.php HTTP/1.1\r\nHost: auservices-alert.tax\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=3mk28hf455n2rc9rrbohghal95; allowed=1\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 10 Dec 2023 08:57:28 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nvary: Accept-Encoding\r\nx-content-type-options: nosniff\r\nx-frame-options: sameorigin\r\nx-xss-protection: 1; mode=block\r\nsec-fetch-site: same-origin\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=zotpaQyfb3jMuQffb%2F%2F05UZfcKDY7MY7yzKvnBaoTD9KfMZOstxVy1cWxHFYzG9HPBOA080vAcZgxStw10f4OozUzbcZ2nkwcRi1QMyUHfWJ25MFPVplbiAyi9D1e2ITs2VLIVl4rg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 833447cf4da356bb-OSL\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":9015,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document text\n- HTML document text\n- HTML document text\n- HTML document text\n- HTML document, ASCII text, with very long lines (9557), with no line terminators","md5":"4e5bbad1e9a840d945fc882c51b21420","sha1":"2048759d14a8360103c9cc854ad1b1ba0a2405a9","sha256":"a7ee8f6cd69f741265ce56c0315e3f7655185e28d5c0c18da0cdf310ed2d44ea","sha512":"547c964f04e01ab5c74b75fbb4a1d2c9ddffb5a6ebe85f5d727427b42c67bd6ffb3f32741887a3b143e8532ee2f606ba8228f5fe82bf3be47cdfe065770cebe6","ssdeep":"96:zpZN0CHSGKCcIX6M2GKgTGRLFj5q9jSWVkzDsBRmDeJKf:SFM2GK2aj5qz0DsKDeJq","tlshash":"d012303b24d8b03516028a9a5b313f3ebe95f10a9d764a0972ec4bdcc7e7d90ce47621","first_seen":"2023-11-30T04:02:25Z","last_seen":"2024-08-20T17:23:55.562783Z","times_seen":222,"resource_available":false,"data":null}},"time_used":193,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":192,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"auservices-alert.tax/intl/secure.php/auservices-alert.tax/auservices-alert.tax/auservices-alert.tax/auservices-alert.tax/auservices-alert.tax/auservices-alert.tax/","fqdn":"auservices-alert.tax","domain":"auservices-alert.tax","tld":"tax"},"ip":{"addr":"104.21.73.181","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2023-12-10T08:57:26.623Z","timestamp":1702198646623,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"auservices-alert.tax","organization":""},"issuer":{"commonName":"GTS CA 1P5","organization":"Google Trust Services LLC"},"validity":{"start":"Tue, 28 Nov 2023 00:52:47 GMT","end":"Mon, 26 Feb 2024 00:52:46 GMT"},"fingerprint":{"sha1":"BC:AF:20:AB:C4:F1:A4:B7:F9:F4:4D:60:FB:72:48:4F:B8:8B:55:ED","sha256":"CE:CA:55:E6:A5:13:E9:0E:8E:F2:6D:85:B2:19:DB:6F:23:B5:C4:1E:03:0C:1A:44:99:0B:C1:C1:18:03:37:D0"}}},"request":{"raw":"GET /intl/secure.php/auservices-alert.tax/auservices-alert.tax/auservices-alert.tax/auservices-alert.tax/auservices-alert.tax/auservices-alert.tax/ HTTP/1.1\r\nHost: auservices-alert.tax\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ndate: Sun, 10 Dec 2023 08:57:26 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nlocation: //auservices-alert.tax/\r\nx-content-type-options: nosniff\r\nx-frame-options: sameorigin\r\nx-xss-protection: 1; mode=block\r\nsec-fetch-site: same-origin\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=9lNa1Q%2FzTWwNzXfFrJRvZNdOZHlVIPe9wGlsCoBzzoEVdKC5sar%2FzD7U4mP0BVMCl3a6PpN228xiVns5EApngR2TtKypGlNlhGPVbqB4%2FGwVz%2F6yvw4sDxqjroq2fHzC41LAoHC4RQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 833447c579c6b51e-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":null,"data":{"size":9015,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-19T21:59:57.282302Z","times_seen":13949743,"resource_available":true,"data":null}},"time_used":262,"timings":{"blocked":17,"dns":0,"connect":1,"send":0,"wait":228,"receive":0,"ssl":14},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"auservices-alert.tax/","fqdn":"auservices-alert.tax","domain":"auservices-alert.tax","tld":"tax"},"ip":{"addr":"104.21.73.181","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2023-12-10T08:57:26.906Z","timestamp":1702198646906,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"auservices-alert.tax","organization":""},"issuer":{"commonName":"GTS CA 1P5","organization":"Google Trust Services LLC"},"validity":{"start":"Tue, 28 Nov 2023 00:52:47 GMT","end":"Mon, 26 Feb 2024 00:52:46 GMT"},"fingerprint":{"sha1":"BC:AF:20:AB:C4:F1:A4:B7:F9:F4:4D:60:FB:72:48:4F:B8:8B:55:ED","sha256":"CE:CA:55:E6:A5:13:E9:0E:8E:F2:6D:85:B2:19:DB:6F:23:B5:C4:1E:03:0C:1A:44:99:0B:C1:C1:18:03:37:D0"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: auservices-alert.tax\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ndate: Sun, 10 Dec 2023 08:57:28 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nlocation: intl/secure.php\r\nset-cookie: PHPSESSID=3mk28hf455n2rc9rrbohghal95; path=/\nallowed=1; expires=Sun, 10-Dec-2023 09:17:53 GMT; Max-Age=1200; path=/\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nx-content-type-options: nosniff\r\nx-frame-options: sameorigin\r\nx-xss-protection: 1; mode=block\r\nsec-fetch-site: same-origin\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=TvKaTRSAtRsEaLX6q0zVTbk5H4L1oi5vKSumaOv0y0vsPjFbzgF0eXIjIO2LZ5Rddkr%2FkJnl05FNgYuYQRu2uyNjvVYtmISVvXodR2%2FnmL5bbDqooEsEsHMItceQaCL6jZb8xiSiHA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 833447c71b37b51e-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":null,"data":{"size":9015,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-19T21:59:57.282302Z","times_seen":13949743,"resource_available":true,"data":null}},"time_used":1293,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1293,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css?family=Montserrat:200,400,700|Roboto:300,400,500,700,900\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.74.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://auservices-alert.tax/intl/secure.php","date":"2023-12-10T08:57:28.773Z","timestamp":1702198648773,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"GTS CA 1C3","organization":"Google Trust Services LLC"},"validity":{"start":"Mon, 20 Nov 2023 08:08:50 GMT","end":"Mon, 12 Feb 2024 08:08:49 GMT"},"fingerprint":{"sha1":"10:D0:ED:9A:F4:53:C8:99:DE:B6:5E:5C:04:E6:20:0B:68:7D:46:EC","sha256":"BC:5E:71:C1:5A:A5:DD:67:BF:ED:14:DB:1C:4E:F2:8E:5E:BE:D7:9A:F9:1F:7A:64:C7:3C:9B:ED:83:B2:8C:95"}}},"request":{"raw":"GET /css?family=Montserrat:200,400,700|Roboto:300,400,500,700,900\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://auservices-alert.tax/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Sun, 10 Dec 2023 08:57:28 GMT\r\ndate: Sun, 10 Dec 2023 08:57:28 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":16882,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"ca4edca1bb8422cefee03d35674c783b","sha1":"2510ce3810515d486b7fcc9bd0da591d18e01dac","sha256":"daced01a20c71f769238dfbb8a8d735dbc27dcbb7f6dba7777c3e1d9532639c5","sha512":"0b2f261e0e1fb125b085f8e7d8c3a0366b13a9c7e6841a9dcd7546a7f74ac86b5eeefdba564ec4bab89924d0beb4a3cc65f5e913b446241a8021af36685c4af5","ssdeep":"384:yVnHyalahIrR2iEkFAXcJrV34UvcbbMi8XndpGmqpBMV7t2swVxe:uGIrciEkWXctV34ucboi8XdpGHpBMBt9","tlshash":"2972ac91045b9400eb831cc673cf7e35ad4e61263092c57aaffd2ca8addbd221364b1e","first_seen":"2023-09-15T04:08:22Z","last_seen":"2025-09-22T16:32:24.386839Z","times_seen":425,"resource_available":false,"data":null}},"time_used":262,"timings":{"blocked":115,"dns":0,"connect":8,"send":0,"wait":19,"receive":0,"ssl":118},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"auservices-alert.tax/files/js/jquery.js","fqdn":"auservices-alert.tax","domain":"auservices-alert.tax","tld":"tax"},"ip":{"addr":"104.21.73.181","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://auservices-alert.tax/intl/secure.php","date":"2023-12-10T08:57:28.783Z","timestamp":1702198648783,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"auservices-alert.tax","organization":""},"issuer":{"commonName":"GTS CA 1P5","organization":"Google Trust Services LLC"},"validity":{"start":"Tue, 28 Nov 2023 00:52:47 GMT","end":"Mon, 26 Feb 2024 00:52:46 GMT"},"fingerprint":{"sha1":"BC:AF:20:AB:C4:F1:A4:B7:F9:F4:4D:60:FB:72:48:4F:B8:8B:55:ED","sha256":"CE:CA:55:E6:A5:13:E9:0E:8E:F2:6D:85:B2:19:DB:6F:23:B5:C4:1E:03:0C:1A:44:99:0B:C1:C1:18:03:37:D0"}}},"request":{"raw":"GET /files/js/jquery.js HTTP/1.1\r\nHost: auservices-alert.tax\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://auservices-alert.tax/intl/secure.php\r\nCookie: PHPSESSID=3mk28hf455n2rc9rrbohghal95; allowed=1\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 10 Dec 2023 08:57:28 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Wed, 08 Nov 2023 13:38:47 GMT\r\nvary: Accept-Encoding\r\nx-content-type-options: nosniff\r\nx-frame-options: sameorigin\r\nx-xss-protection: 1; mode=block\r\nsec-fetch-site: same-origin\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nage: 4\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=GoZckqoip6wHreikkBLYmOfna7hzaqneaIywVov30THdJ8mCSnm0SzsDqbnISRft3jajEXzbOY1vjUAy%2BSQwcb2A97Pcv6eJff7jUv2Ogs63xJNBAEuRgDyBpxXEw7HjN3Yd0Wyerw%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 833447d2d89e56bb-OSL\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":272027,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with CRLF line terminators","md5":"da00af26ac4ac5a56ffdb41d1242adda","sha1":"d1688a893bc280c7206182077a6a0886b9d172cf","sha256":"880d71e238d522092c9d6534b286d5898a8d0968270e0eea3a457777527e58ae","sha512":"5cd8db90fb0c41799e249b0a84b34520e00e0199aab97c6c38c3e001d8881ad9d1ff5a9422aaaa38ce648c656ac872ebadbef36150c1e8690bd49cbf6531e8b8","ssdeep":"6144:aCfa6/j7/KDT1krl+xFbP8s+JgOO/p89lPuY1BHpkYpHeGEbMcAeQe:apbxFbPuhY89RJjHe3bMc7Qe","tlshash":"4d44c4d9734f116f4b6233aae43b5249ff7dd1b0520551acb58d986c24a081883fafbe","first_seen":"2023-07-19T18:08:10Z","last_seen":"2024-08-21T08:49:00.184761Z","times_seen":1034,"resource_available":true,"data":null}},"time_used":22,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":16,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Australian Government","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Australian Government phishing","tags":["australia","government","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"auservices-alert.tax/files/fonts/Lucida%20Sans.ttf","fqdn":"auservices-alert.tax","domain":"auservices-alert.tax","tld":"tax"},"ip":{"addr":"104.21.73.181","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://auservices-alert.tax/intl/secure.php","date":"2023-12-10T08:57:29.022Z","timestamp":1702198649022,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"auservices-alert.tax","organization":""},"issuer":{"commonName":"GTS CA 1P5","organization":"Google Trust Services LLC"},"validity":{"start":"Tue, 28 Nov 2023 00:52:47 GMT","end":"Mon, 26 Feb 2024 00:52:46 GMT"},"fingerprint":{"sha1":"BC:AF:20:AB:C4:F1:A4:B7:F9:F4:4D:60:FB:72:48:4F:B8:8B:55:ED","sha256":"CE:CA:55:E6:A5:13:E9:0E:8E:F2:6D:85:B2:19:DB:6F:23:B5:C4:1E:03:0C:1A:44:99:0B:C1:C1:18:03:37:D0"}}},"request":{"raw":"GET /files/fonts/Lucida%20Sans.ttf HTTP/1.1\r\nHost: auservices-alert.tax\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://auservices-alert.tax/files/css/page.css\r\nCookie: PHPSESSID=3mk28hf455n2rc9rrbohghal95; allowed=1\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 10 Dec 2023 08:57:29 GMT\r\ncontent-type: font/ttf\r\nlast-modified: Wed, 08 Nov 2023 13:38:47 GMT\r\nx-content-type-options: nosniff\r\nx-frame-options: sameorigin\r\nx-xss-protection: 1; mode=block\r\nsec-fetch-site: same-origin\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nage: 5\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=%2Fsy8E00hEKoYVVz3AUHGyM49HDN7mw8ccq%2Bs696qxanKz4WkZqDbt24KVok7OI9tkvMhcuSeybHUCgm%2B6iPIkqXl5q6%2FtUzWuFlyLGUjRIzAwshWcf0elteb1csWlHP3dxWdQv4UUA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\ncf-ray: 833447d469e156bb-OSL\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":58740,"size_decoded":0,"mime_type":"font/ttf","magic":"TrueType Font data, 16 tables, 1st \"LTSH\", 40 names, Macintosh, � 1991 Bigelow \u0026 Holmes Inc. Pat. Des. 289,420. All Rights Reserved. � 1990-1991 Type Solutions,\n- data","md5":"d324d81ab6bb59a57b48685202de640f","sha1":"1deaf2cec9417ad343c3592646b5f14294bbdbd2","sha256":"373f07a5c2c147ee5e6ec6a6167df0e67e7d008fc9fb2109fe06610ca439ed50","sha512":"e39c215a55d6016b280875c10a0d69a5fd1d1f4fc8b522043e79e4e6feddcf1077e4b737234a26c3c9b3836b9ae5ccf90a3bc5bee22377a2440d3f60cb135311","ssdeep":"1536:cvDNh1ERvabijmPnP5AmQ6ievPm8pYb/yvLx9fhwt:cvD1ERvdjmPPuO+9Kc","tlshash":"8243ae0bf3e28babefa72134e90177740b60b4198ba242ff35051673c48d578e995b67","first_seen":"2023-07-19T18:08:10Z","last_seen":"2026-02-26T21:13:04.677016Z","times_seen":734,"resource_available":false,"data":null}},"time_used":12,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":11,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Australian Government","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Australian Government phishing","tags":["australia","government","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"auservices-alert.tax/files/css/blugov.css","fqdn":"auservices-alert.tax","domain":"auservices-alert.tax","tld":"tax"},"ip":{"addr":"104.21.73.181","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://auservices-alert.tax/intl/secure.php","date":"2023-12-10T08:57:28.778Z","timestamp":1702198648778,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"auservices-alert.tax","organization":""},"issuer":{"commonName":"GTS CA 1P5","organization":"Google Trust Services LLC"},"validity":{"start":"Tue, 28 Nov 2023 00:52:47 GMT","end":"Mon, 26 Feb 2024 00:52:46 GMT"},"fingerprint":{"sha1":"BC:AF:20:AB:C4:F1:A4:B7:F9:F4:4D:60:FB:72:48:4F:B8:8B:55:ED","sha256":"CE:CA:55:E6:A5:13:E9:0E:8E:F2:6D:85:B2:19:DB:6F:23:B5:C4:1E:03:0C:1A:44:99:0B:C1:C1:18:03:37:D0"}}},"request":{"raw":"GET /files/css/blugov.css HTTP/1.1\r\nHost: auservices-alert.tax\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://auservices-alert.tax/intl/secure.php\r\nCookie: PHPSESSID=3mk28hf455n2rc9rrbohghal95; allowed=1\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 10 Dec 2023 08:57:28 GMT\r\ncontent-type: text/css\r\nlast-modified: Wed, 08 Nov 2023 13:38:48 GMT\r\nvary: Accept-Encoding\r\nx-content-type-options: nosniff\r\nx-frame-options: sameorigin\r\nx-xss-protection: 1; mode=block\r\nsec-fetch-site: same-origin\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nage: 4\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=n5eJR71FDO5Hru774uvg8b3xVaP%2FCdFRzHhgQCFRrwowQRVXzLJAmbEZ%2BHXCt18%2Fte%2BC3tZdZrgvvVrSlBkUbZLRQGbfN5JY3crlqMViM5r%2F%2Bz40sCMyManUbTFNSY6NJmDz02Jflg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 833447d2c89556bb-OSL\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":81369,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"bc2f77e3f9197b79fa5124e7532f8aa1","sha1":"95e931e353dded9f56be47d3bba0f88275ed109f","sha256":"9c3ea6e74fc925e182bac33c333f7a3f2691bd1af7cb614cc70d3827ec205f82","sha512":"bdd6d30952809109b5291283565d8950ab4a7ca1408865972291d8673fc88b631486bb8e07786974059489f041382de73726146be80378a53ca766ccab342f26","ssdeep":"768:AFxjyFhF3FPFJzFTIFeFSF2FhF9FhFVFhFXFfFXqMQF1FJUB8Vg:AbjyTZhz5IEQ0fDfTfxVAjw","tlshash":"d08372d307603606b556886cbd473b947729c426954debb8fed920dccfd93812a3a70e","first_seen":"2023-04-18T10:39:08Z","last_seen":"2025-03-08T17:13:22.951267Z","times_seen":1235,"resource_available":false,"data":null}},"time_used":12,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Australian Government","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Australian Government phishing","tags":["australia","government","phishing"],"meta":null}]}}]}