Report - a70a1ccbd4.nxcli.io/home

Report Overview

Visited public
2024-08-14 23:35:10
Tags
australia government phishing
URL
a70a1ccbd4.nxcli.io/home
Finishing URL
a70a1ccbd4.nxcli.io/home/index.html
IP / ASN
185.145.13.166
#202521 Liquid Web B.V.
Title
Sign in with myGov - myGov
Phishing - Australian Government

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Sent	Received	IP
a70a1ccbd4.nxcli.io	unknown	3.6 kB	77 kB	185.145.13.166
o.pki.goog	unknown	975 B	2.1 kB	142.250.74.67
fonts.googleapis.com	8877	485 B	2.1 kB	142.250.74.106
fonts.gstatic.com	unknown	1.6 kB	58 kB	216.58.207.227
r11.o.lencr.org	unknown	1.6 kB	4.4 kB	23.36.76.226
r10.o.lencr.org	unknown	981 B	2.7 kB	23.36.77.32

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-08-14 23:34:45	high	185.145.13.166	Client IP	ET PHISHING myGov Credential Phish 2023-02-15
2024-08-14 23:34:45	high	185.145.13.166	Client IP	ET PHISHING Prohqcker Phish Kit
2024-08-14 23:34:45	medium	185.145.13.166	Client IP	ET PHISHING MyGovAU Credential Phish Landing Page 2024-06-24

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (24)

URL IP Response Size

r11.o.lencr.org/

23.36.76.226

504 B

URL
r11.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
686480d25645ac2aca7a99974693a82f
55ca9d53bd758d2afc75e8a9b59c656ff26a3f70
8902058e383c2f43751417e1af1d582f7a16ce0b6fc180ab20cbc76c4b00f914

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "8902058E383C2F43751417E1AF1D582F7A16CE0B6FC180AB20CBC76C4B00F914"
Last-Modified: Wed, 14 Aug 2024 12:55:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2673
Expires: Thu, 15 Aug 2024 00:19:17 GMT
Date: Wed, 14 Aug 2024 23:34:44 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
90149b127cd563315012f026a9e0544f
1e148905fa524fb8fec15249f30f33085978dc2e
7098a3b23aece2b00e86fd3a23c5e532001a5002b061170d3ed53ddd36bf8f5b

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "7098A3B23AECE2B00E86FD3A23C5E532001A5002B061170D3ED53DDD36BF8F5B"
Last-Modified: Tue, 13 Aug 2024 18:27:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12937
Expires: Thu, 15 Aug 2024 03:10:21 GMT
Date: Wed, 14 Aug 2024 23:34:44 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
4d209e16679910b467c26590a0073236
ddd59fa6902b498e9c0cfb22e342757f954789d0
9ef3dab56215a67804db0e12d33772a1902f5914b788530717712902a294bcb5

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "9EF3DAB56215A67804DB0E12D33772A1902F5914B788530717712902A294BCB5"
Last-Modified: Wed, 14 Aug 2024 21:59:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15799
Expires: Thu, 15 Aug 2024 03:58:03 GMT
Date: Wed, 14 Aug 2024 23:34:44 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
e4a9f1133ab7ff8fdfec972dc9d80181
2a253964c7b022d903b90b57585333f32f730527
62acc6047405e1e5e89c898325a6f5ba2d9f993214648dc9e50cf0d4f5aa9baa

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "62ACC6047405E1E5E89C898325A6F5BA2D9F993214648DC9E50CF0D4F5AA9BAA"
Last-Modified: Tue, 13 Aug 2024 18:27:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8223
Expires: Thu, 15 Aug 2024 01:51:47 GMT
Date: Wed, 14 Aug 2024 23:34:44 GMT
Connection: keep-alive

a70a1ccbd4.nxcli.io/home

185.145.13.166

301 Moved Permanently

240 B

URL User Request GET HTTP/2
a70a1ccbd4.nxcli.io/home
IP
185.145.13.166:443
ASN
#202521 Liquid Web B.V.

Certificate
IssuerLet's Encrypt
Subjecta70a1ccbd4.nxcli.io
Fingerprint6B:1F:77:E5:15:70:5F:C8:30:24:8C:70:0B:82:5C:65:11:88:FF:CC
ValidityMon, 05 Aug 2024 05:45:20 GMT - Sun, 03 Nov 2024 05:45:19 GMT

File type
HTML document, ASCII text
Size
240 B (240 bytes)
Hash
5a977932e3d80c0a9a15724d431f4dae
fb6994fe847581d293d8bb143a4bf07ada43f8dc
af7094a1eaa71ec66d5f86f0da5906a8a780cefad1d2621b5385018e6fe1b553

HTTP Headers

GET /home HTTP/1.1
Host: a70a1ccbd4.nxcli.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
server: nginx
date: Wed, 14 Aug 2024 23:34:44 GMT
content-type: text/html; charset=iso-8859-1
content-length: 240
location: http://a70a1ccbd4.nxcli.io/home/
x-cache-nxaccel: BYPASS
X-Firefox-Spdy: h2

a70a1ccbd4.nxcli.io/home/

185.145.13.166

302 Found

0 B

URL User Request GET HTTP/1.1
a70a1ccbd4.nxcli.io/home/
IP
185.145.13.166:80
ASN
#202521 Liquid Web B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /home/ HTTP/1.1
Host: a70a1ccbd4.nxcli.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Wed, 14 Aug 2024 23:34:44 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: ./index.html
X-Cache-NxAccel: BYPASS

a70a1ccbd4.nxcli.io/home/index.html

185.145.13.166

200 OK

1.5 kB

URL User Request GET HTTP/1.1
a70a1ccbd4.nxcli.io/home/index.html
IP
185.145.13.166:80
ASN
#202521 Liquid Web B.V.

File type
HTML document, ASCII text, with CRLF line terminators
Size
1.5 kB (1503 bytes)
Hash
3d1fecea44468075e254a2ff2a403553
f860ded6c9d9bec29ce49132c558d4c8903190fa
38853d540983cf082518097782c71841aed210ee7729cab00837bf5d47bcff61

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Australian Government

NIDS	Severity	Alert
suricata	high	ET PHISHING myGov Credential Phish 2023-02-15
suricata	high	ET PHISHING Prohqcker Phish Kit
suricata	medium	ET PHISHING MyGovAU Credential Phish Landing Page 2024-06-24

HTTP Headers

GET /home/index.html HTTP/1.1
Host: a70a1ccbd4.nxcli.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 14 Aug 2024 23:34:44 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 11 Jan 2023 12:23:15 GMT
ETag: W/"1126-5f1fc1088b2c0"
X-Cache-NxAccel: BYPASS
Content-Encoding: gzip

a70a1ccbd4.nxcli.io/home/css/mgv2-application.css

185.145.13.166

200 OK

21 kB

URL GET HTTP/1.1
a70a1ccbd4.nxcli.io/home/css/mgv2-application.css
IP
185.145.13.166:80
ASN
#202521 Liquid Web B.V.

Requested by
http://a70a1ccbd4.nxcli.io/home/index.html

File type
ASCII text, with very long lines (59825)
Size
21 kB (21016 bytes)
Hash
ff76c80e5ee6b2dac5b2c1f6d81a7db1
51a288c36145212e75fd2d5af5bee813443a5204
f820184b143520527fa900eb1d53900501f71106be05c653f6c2b81534f3801f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Australian Government

HTTP Headers

GET /home/css/mgv2-application.css HTTP/1.1
Host: a70a1ccbd4.nxcli.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://a70a1ccbd4.nxcli.io/home/index.html
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 14 Aug 2024 23:34:45 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 22 Dec 2022 11:50:42 GMT
ETag: W/"1ea1e-5f069474cc880"
X-Cache-NxAccel: HIT
Content-Encoding: gzip

a70a1ccbd4.nxcli.io/home/css/blugov.css

185.145.13.166

200 OK

10 kB

URL GET HTTP/1.1
a70a1ccbd4.nxcli.io/home/css/blugov.css
IP
185.145.13.166:80
ASN
#202521 Liquid Web B.V.

Requested by
http://a70a1ccbd4.nxcli.io/home/index.html

File type
ASCII text, with very long lines (65536), with no line terminators
Size
10 kB (10003 bytes)
Hash
017be08165c903d14304596847c2661b
90d38f57be7614813e1e49a6090064dc023985b3
4217794b756a7de5f436ce268788f5f5ec0d457fbba048d13aa6addf30135b14

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Australian Government

HTTP Headers

GET /home/css/blugov.css HTTP/1.1
Host: a70a1ccbd4.nxcli.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://a70a1ccbd4.nxcli.io/home/index.html
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 14 Aug 2024 23:34:45 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 21 Dec 2022 10:24:46 GMT
ETag: W/"11400-5f053f6231780"
X-Cache-NxAccel: HIT
Content-Encoding: gzip

o.pki.goog/wr2

142.250.74.67

472 B

URL
o.pki.goog/wr2
IP
142.250.74.67:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
e56a082d6444f42c80a7ae10ec1e5909
b5a3766c1e5dcad969d411f99c54bb0ad0992ffb
5d15e52df1f7a97f31af113511ccade2d1aa23881cf1291255a79a30e201a1e4

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 14 Aug 2024 23:34:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

a70a1ccbd4.nxcli.io/home/images/myGov-cobranded-logo-black.svg

185.145.13.166

200 OK

21 kB

URL GET HTTP/1.1
a70a1ccbd4.nxcli.io/home/images/myGov-cobranded-logo-black.svg
IP
185.145.13.166:80
ASN
#202521 Liquid Web B.V.

Requested by
http://a70a1ccbd4.nxcli.io/home/index.html

File type
SVG Scalable Vector Graphics image
Size
21 kB (20767 bytes)
Hash
b53f20300babca4ebb422e59b888be1f
699c5898c6dd9d2b8b949db2e13c8f0b0d29e26b
954aa858b3bffb8511bc41bc88b07d2b24597c37faf522550e26c9aa3b0d220d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Australian Government

HTTP Headers

GET /home/images/myGov-cobranded-logo-black.svg HTTP/1.1
Host: a70a1ccbd4.nxcli.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://a70a1ccbd4.nxcli.io/home/index.html
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 14 Aug 2024 23:34:45 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 21 Dec 2022 10:22:02 GMT
ETag: W/"fa8f-5f053ec5ca680"
X-Cache-NxAccel: HIT
Content-Encoding: gzip

a70a1ccbd4.nxcli.io/home/images/myGov-cobranded-logo-white.svg

185.145.13.166

200 OK

21 kB

URL GET HTTP/1.1
a70a1ccbd4.nxcli.io/home/images/myGov-cobranded-logo-white.svg
IP
185.145.13.166:80
ASN
#202521 Liquid Web B.V.

Requested by
http://a70a1ccbd4.nxcli.io/home/index.html

File type
SVG Scalable Vector Graphics image
Size
21 kB (20766 bytes)
Hash
de646b2f77f5fa27d55a01bbb9cf584e
33316eb871adf6e08af7c780eb15872549d08dc3
10b11a7c97b90bcf7ad520ac94c5769d08540ce1ee3b84d487c587bf128e3388

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Australian Government

HTTP Headers

GET /home/images/myGov-cobranded-logo-white.svg HTTP/1.1
Host: a70a1ccbd4.nxcli.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://a70a1ccbd4.nxcli.io/home/index.html
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 14 Aug 2024 23:34:45 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 21 Dec 2022 10:22:04 GMT
ETag: W/"fa8c-5f053ec7b2b00"
X-Cache-NxAccel: HIT
Content-Encoding: gzip

fonts.googleapis.com/css?family=Montserrat:200,400,700|Roboto:300,400,500,700,900&display=swap

142.250.74.106

200 OK

1.4 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Montserrat:200,400,700|Roboto:300,400,500,700,900&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
http://a70a1ccbd4.nxcli.io/home/index.html
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
FingerprintC4:3F:12:39:D2:EC:4C:2C:1C:0A:A6:18:8E:2A:97:2C:D8:C2:7E:AF
ValidityTue, 30 Jul 2024 12:49:45 GMT - Tue, 22 Oct 2024 12:49:44 GMT

File type
gzip compressed data, max compression
Size
1.4 kB (1428 bytes)
Hash
6809c04970db37fdebe53cf55a083737
7e1db432e94df290ae6366e6a8a3eb2ee666c9d6
f96f7f854b725468ca3fc6bb93332ac40750da4b52c28b3e904b9e39420607e2

HTTP Headers

GET /css?family=Montserrat:200,400,700|Roboto:300,400,500,700,900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://a70a1ccbd4.nxcli.io/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 14 Aug 2024 23:34:45 GMT
date: Wed, 14 Aug 2024 23:34:45 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

a70a1ccbd4.nxcli.io/home/favicon-16x16.png

185.145.13.166

200 OK

238 B

URL GET HTTP/1.1
a70a1ccbd4.nxcli.io/home/favicon-16x16.png
IP
185.145.13.166:80
ASN
#202521 Liquid Web B.V.

Requested by
http://a70a1ccbd4.nxcli.io/home/index.html

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Size
238 B (238 bytes)
Hash
734603b796e313e6b30c5314cfff7a0d
9ef8bcab45a447a173ba98d4e8af6114c30a1aca
5e70f30259d620e25efa88586a8871d5c94113f0b0d7d6f3e817f585891bf154

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Australian Government

HTTP Headers

GET /home/favicon-16x16.png HTTP/1.1
Host: a70a1ccbd4.nxcli.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://a70a1ccbd4.nxcli.io/home/index.html
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 14 Aug 2024 23:34:45 GMT
Content-Type: image/png
Content-Length: 238
Connection: keep-alive
Last-Modified: Mon, 09 Jan 2023 00:46:47 GMT
ETag: "ee-5f1ca1a17abc0"
X-Cache-NxAccel: MISS
Accept-Ranges: bytes

a70a1ccbd4.nxcli.io/home/icons/icon-blugov-info.svg

185.145.13.166

404 Not Found

196 B

URL GET HTTP/1.1
a70a1ccbd4.nxcli.io/home/icons/icon-blugov-info.svg
IP
185.145.13.166:80
ASN
#202521 Liquid Web B.V.

Requested by
http://a70a1ccbd4.nxcli.io/home/index.html

File type
HTML document, ASCII text
Size
196 B (196 bytes)
Hash
62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Australian Government

HTTP Headers

GET /home/icons/icon-blugov-info.svg HTTP/1.1
Host: a70a1ccbd4.nxcli.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://a70a1ccbd4.nxcli.io/home/css/blugov.css
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: nginx
Date: Wed, 14 Aug 2024 23:34:45 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
Vary: Accept-Encoding

o.pki.goog/wr2

142.250.74.67

472 B

URL
o.pki.goog/wr2
IP
142.250.74.67:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
20f29d79156ce6e076ffc03423170212
42848421099a36aa9d89589eedaa66d475bbc3f3
f0aac7512893e26edfb16b570f2ea6223a1bf2e0d61acb473acb9bfe1dc1da6e

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 14 Aug 2024 23:34:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

200 OK

18 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
http://a70a1ccbd4.nxcli.io/home/index.html
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
FingerprintF2:15:54:4E:F3:58:7F:5A:14:9D:F2:45:37:0E:B1:A6:48:C6:2B:14
ValidityTue, 30 Jul 2024 12:49:30 GMT - Tue, 22 Oct 2024 12:49:29 GMT

File type
Web Open Font Format (Version 2), TrueType, length 18536, version 1.0
Size
18 kB (18536 bytes)
Hash
8eff0b8045fd1959e117f85654ae7770
227fee13ceb7c410b5c0bb8000258b6643cb6255
89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571

HTTP Headers

GET /s/roboto/v32/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://a70a1ccbd4.nxcli.io
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 18536
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 10 Aug 2024 03:11:10 GMT
expires: Sun, 10 Aug 2025 03:11:10 GMT
cache-control: public, max-age=31536000
age: 419015
last-modified: Thu, 01 Aug 2024 20:41:24 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

216.58.207.227

200 OK

19 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
http://a70a1ccbd4.nxcli.io/home/index.html
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
FingerprintF2:15:54:4E:F3:58:7F:5A:14:9D:F2:45:37:0E:B1:A6:48:C6:2B:14
ValidityTue, 30 Jul 2024 12:49:30 GMT - Tue, 22 Oct 2024 12:49:29 GMT

File type
Web Open Font Format (Version 2), TrueType, length 18596, version 1.0
Size
19 kB (18596 bytes)
Hash
c83e4437a53d7f849f9d32df3d6b68f3
fabea5ad92ed3e2431659b02e7624df30d0c6bbc
d9bada3a44bb2ffa66dec5cc781cafc9ef17ed876cd9b0c5f7ef18228b63cebb

HTTP Headers

GET /s/roboto/v32/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://a70a1ccbd4.nxcli.io
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 18596
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 08 Aug 2024 20:57:23 GMT
expires: Fri, 08 Aug 2025 20:57:23 GMT
cache-control: public, max-age=31536000
age: 527842
last-modified: Thu, 01 Aug 2024 20:41:21 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

216.58.207.227

200 OK

19 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
http://a70a1ccbd4.nxcli.io/home/index.html
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
FingerprintF2:15:54:4E:F3:58:7F:5A:14:9D:F2:45:37:0E:B1:A6:48:C6:2B:14
ValidityTue, 30 Jul 2024 12:49:30 GMT - Tue, 22 Oct 2024 12:49:29 GMT

File type
Web Open Font Format (Version 2), TrueType, length 18588, version 1.0
Size
19 kB (18588 bytes)
Hash
115c2d84727b41da5e9b4394887a8c40
44f495a7f32620e51acca2e78f7e0615cb305781
ae0e442895406e9922237108496c2cd60f4947649a826463e2da9860b5c25dd6

HTTP Headers

GET /s/roboto/v32/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://a70a1ccbd4.nxcli.io
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 18588
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 10 Aug 2024 02:58:46 GMT
expires: Sun, 10 Aug 2025 02:58:46 GMT
cache-control: public, max-age=31536000
age: 419759
last-modified: Thu, 01 Aug 2024 20:41:24 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

o.pki.goog/wr2

142.250.74.67

472 B

URL
o.pki.goog/wr2
IP
142.250.74.67:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
20f29d79156ce6e076ffc03423170212
42848421099a36aa9d89589eedaa66d475bbc3f3
f0aac7512893e26edfb16b570f2ea6223a1bf2e0d61acb473acb9bfe1dc1da6e

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 14 Aug 2024 23:34:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

r11.o.lencr.org/

23.36.77.32

504 B

URL
r11.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
77619f0113a62e8c4c44f195901b385c
1e1a5e3768ca683e66667aa14efa7042df57ee2f
520dbca26889dcd055ad1e36265c6d088b8b7c9d6907cc59eecc7ff47e4c9942

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "520DBCA26889DCD055AD1E36265C6D088B8B7C9D6907CC59EECC7FF47E4C9942"
Last-Modified: Mon, 12 Aug 2024 21:16:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10380
Expires: Thu, 15 Aug 2024 02:27:46 GMT
Date: Wed, 14 Aug 2024 23:34:46 GMT
Connection: keep-alive

r11.o.lencr.org/

23.36.77.32

504 B

URL
r11.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
77619f0113a62e8c4c44f195901b385c
1e1a5e3768ca683e66667aa14efa7042df57ee2f
520dbca26889dcd055ad1e36265c6d088b8b7c9d6907cc59eecc7ff47e4c9942

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "520DBCA26889DCD055AD1E36265C6D088B8B7C9D6907CC59EECC7FF47E4C9942"
Last-Modified: Mon, 12 Aug 2024 21:16:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10380
Expires: Thu, 15 Aug 2024 02:27:46 GMT
Date: Wed, 14 Aug 2024 23:34:46 GMT
Connection: keep-alive

r11.o.lencr.org/

23.36.77.32

504 B

URL
r11.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
77619f0113a62e8c4c44f195901b385c
1e1a5e3768ca683e66667aa14efa7042df57ee2f
520dbca26889dcd055ad1e36265c6d088b8b7c9d6907cc59eecc7ff47e4c9942

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "520DBCA26889DCD055AD1E36265C6D088B8B7C9D6907CC59EECC7FF47E4C9942"
Last-Modified: Mon, 12 Aug 2024 21:16:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10380
Expires: Thu, 15 Aug 2024 02:27:46 GMT
Date: Wed, 14 Aug 2024 23:34:46 GMT
Connection: keep-alive

r11.o.lencr.org/

23.36.77.32

504 B

URL
r11.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
77619f0113a62e8c4c44f195901b385c
1e1a5e3768ca683e66667aa14efa7042df57ee2f
520dbca26889dcd055ad1e36265c6d088b8b7c9d6907cc59eecc7ff47e4c9942

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "520DBCA26889DCD055AD1E36265C6D088B8B7C9D6907CC59EECC7FF47E4C9942"
Last-Modified: Mon, 12 Aug 2024 21:16:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10380
Expires: Thu, 15 Aug 2024 02:27:46 GMT
Date: Wed, 14 Aug 2024 23:34:46 GMT
Connection: keep-alive

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (24)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size