Report - colcdwteres.work.gd/

Report Overview

Submitted URL
colcdwteres.work.gd/
IP
174.136.231.90
ASN
#396362 LEASEWEB-USA-NYC
Submitted
2024-04-18 09:55:37
Access
public
Website Title
Notes
Final URL
colcdwteres.work.gd/
Tags
dyndns
urlquery detections
Suspicious - DynDNS domain

Detections

urlquery
28
Network Intrusion Detection
29
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
colcdwteres.work.gd	unknown	2022-06-18	2023-05-12	2023-07-19	9.4 kB	683 kB	174.136.231.90
code.ionicframework.com	14473	2013-09-02	2014-02-05	2024-04-16	834 B	120 kB	104.26.7.173
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-04-18	359 B	936 B	142.250.74.106
maps.googleapis.com	33876	2005-01-25	2019-10-17	2024-04-18	1.8 kB	183 kB	142.250.74.170
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-04-18	1.3 kB	72 kB	216.58.207.227

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-04-18 09:55:10	high	174.136.231.90	Client IP	ET POLICY Self Signed SSL Certificate (SomeOrganizationalUnit)
2024-04-18 09:55:11	high	174.136.231.90	Client IP	ET POLICY Self Signed SSL Certificate (SomeOrganizationalUnit)
2024-04-18 09:55:11	medium	Client IP	174.136.231.90	ET INFO DYNAMIC_DNS HTTP Request to a *.work .gd Domain
2024-04-18 09:55:11	medium	Client IP	174.136.231.90	ET INFO DYNAMIC_DNS HTTP Request to a *.work .gd Domain
2024-04-18 09:55:11	medium	Client IP	174.136.231.90	ET INFO DYNAMIC_DNS HTTP Request to a *.work .gd Domain
2024-04-18 09:55:11	medium	Client IP	174.136.231.90	ET INFO DYNAMIC_DNS HTTP Request to a *.work .gd Domain
2024-04-18 09:55:11	medium	Client IP	174.136.231.90	ET INFO DYNAMIC_DNS HTTP Request to a *.work .gd Domain
2024-04-18 09:55:11	medium	Client IP	174.136.231.90	ET INFO DYNAMIC_DNS HTTP Request to a *.work .gd Domain
2024-04-18 09:55:11	medium	Client IP	174.136.231.90	ET INFO DYNAMIC_DNS HTTP Request to a *.work .gd Domain
2024-04-18 09:55:11	medium	Client IP	174.136.231.90	ET INFO DYNAMIC_DNS HTTP Request to a *.work .gd Domain
2024-04-18 09:55:11	medium	Client IP	174.136.231.90	ET INFO DYNAMIC_DNS HTTP Request to a *.work .gd Domain
2024-04-18 09:55:11	medium	Client IP	174.136.231.90	ET INFO DYNAMIC_DNS HTTP Request to a *.work .gd Domain
2024-04-18 09:55:11	medium	Client IP	174.136.231.90	ET INFO DYNAMIC_DNS HTTP Request to a *.work .gd Domain
2024-04-18 09:55:11	medium	Client IP	174.136.231.90	ET INFO DYNAMIC_DNS HTTP Request to a *.work .gd Domain
2024-04-18 09:55:11	medium	Client IP	174.136.231.90	ET INFO DYNAMIC_DNS HTTP Request to a *.work .gd Domain
2024-04-18 09:55:11	medium	Client IP	174.136.231.90	ET INFO DYNAMIC_DNS HTTP Request to a *.work .gd Domain
2024-04-18 09:55:11	medium	Client IP	174.136.231.90	ET INFO DYNAMIC_DNS HTTP Request to a *.work .gd Domain
2024-04-18 09:55:11	medium	Client IP	174.136.231.90	ET INFO DYNAMIC_DNS HTTP Request to a *.work .gd Domain
2024-04-18 09:55:11	medium	Client IP	174.136.231.90	ET INFO DYNAMIC_DNS HTTP Request to a *.work .gd Domain
2024-04-18 09:55:12	medium	Client IP	174.136.231.90	ET INFO DYNAMIC_DNS HTTP Request to a *.work .gd Domain
2024-04-18 09:55:12	medium	Client IP	174.136.231.90	ET INFO DYNAMIC_DNS HTTP Request to a *.work .gd Domain
2024-04-18 09:55:12	medium	Client IP	174.136.231.90	ET INFO DYNAMIC_DNS HTTP Request to a *.work .gd Domain
2024-04-18 09:55:12	medium	Client IP	174.136.231.90	ET INFO DYNAMIC_DNS HTTP Request to a *.work .gd Domain
2024-04-18 09:55:12	medium	Client IP	174.136.231.90	ET INFO DYNAMIC_DNS HTTP Request to a *.work .gd Domain
2024-04-18 09:55:12	medium	Client IP	174.136.231.90	ET INFO DYNAMIC_DNS HTTP Request to a *.work .gd Domain
2024-04-18 09:55:12	medium	Client IP	174.136.231.90	ET INFO DYNAMIC_DNS HTTP Request to a *.work .gd Domain
2024-04-18 09:55:12	medium	Client IP	174.136.231.90	ET INFO DYNAMIC_DNS HTTP Request to a *.work .gd Domain
2024-04-18 09:55:12	medium	Client IP	174.136.231.90	ET INFO DYNAMIC_DNS HTTP Request to a *.work .gd Domain
2024-04-18 09:55:22	medium	Client IP	174.136.231.90	ET INFO DYNAMIC_DNS HTTP Request to a *.work .gd Domain

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (16)

	URL	Size	First Seen	Last Seen
	colcdwteres.work.gd/js/jquery.form.js	39 kB	2023-03-07	2024-04-23
Pretty URL colcdwteres.work.gd/js/jquery.form.js IP 174.136.231.90 ASN #396362 LEASEWEB-USA-NYC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:02 Last Seen2024-04-23 21:50:14 Times Seen894 Hash 529b65010afdc2aac6389b647908f5b8 96828fd4ab8a75a96338df88f986b36c7e754fef 800c1c83a86f7fe665ac6d49c6370e2f045f70f5c7859ef4a0e686b4759e46b3 Loading...

	colcdwteres.work.gd/js/plugins.js	733 B	2023-03-07	2024-04-23
Pretty URL colcdwteres.work.gd/js/plugins.js IP 174.136.231.90 ASN #396362 LEASEWEB-USA-NYC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:08:03 Last Seen2024-04-23 21:50:14 Times Seen880 Hash e2679049e95a7201b815c3cf004aefc4 ea250a66815d0665a9b5677991eaaba789bfc125 267f86b986829cb9a3c46b9fcdbc56783bb923005ba5ef5b27efce504e72ecfa Loading...

	colcdwteres.work.gd/js/vendor/jquery-1.10.2.min.js	93 kB	2023-03-07	2024-04-30
Pretty URL colcdwteres.work.gd/js/vendor/jquery-1.10.2.min.js IP 174.136.231.90 ASN #396362 LEASEWEB-USA-NYC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-04-30 20:09:47 Times Seen10329 Hash 628072e7212db1e8cdacb22b21752cda 0511abe9863c2ea7084efa7e24d1d86c5b3974f1 0ba081f546084bd5097aa8a73c75931d5aa1fc4d6e846e53c21f98e6a1509988 Loading...

	colcdwteres.work.gd/js/jquery.lwtCountdown-1.0.js	5.2 kB	2023-03-07	2024-04-23
Pretty URL colcdwteres.work.gd/js/jquery.lwtCountdown-1.0.js IP 174.136.231.90 ASN #396362 LEASEWEB-USA-NYC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:08:03 Last Seen2024-04-23 21:50:14 Times Seen859 Hash 2356a2380e099ee017e2800dc1448509 e2ff5607657bd0a45c0b7765d87d502cb16bd141 47ab023691eeed8f1eff1479fb882b115dd905ca3dabd01171f0896c6a2e52dc Loading...

	colcdwteres.work.gd/js/bootstrap.min.js	29 kB	2023-03-07	2024-04-29
Pretty URL colcdwteres.work.gd/js/bootstrap.min.js IP 174.136.231.90 ASN #396362 LEASEWEB-USA-NYC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:01 Last Seen2024-04-29 23:33:31 Times Seen1667 Hash e1d08589ec26bec3a81625ce274d76d9 c6a8a0f02ee0ecd975226ae4b38e9660750d1f93 03bf371e3ca4739cfe6bea61f0126b7cbb94e4713e970651f9acd5acb3d9e399 Loading...

	colcdwteres.work.gd/js/owl.carousel.min.js	40 kB	2023-03-07	2024-04-30
Pretty URL colcdwteres.work.gd/js/owl.carousel.min.js IP 174.136.231.90 ASN #396362 LEASEWEB-USA-NYC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06:47 Last Seen2024-04-30 09:14:10 Times Seen4719 Hash ffaa3c82ad2c6e216e68aca44746e1be 2fa7c468110fa68f1f3df6718daf971871623ee9 83553d22ccd56e5576d544f6ba93475c712b3c02d312893eea2acc16de5fcf91 Loading...

	colcdwteres.work.gd/js/jquery.nav.js	5.1 kB	2023-03-07	2024-04-25
Pretty URL colcdwteres.work.gd/js/jquery.nav.js IP 174.136.231.90 ASN #396362 LEASEWEB-USA-NYC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:33:05 Last Seen2024-04-25 08:07:55 Times Seen1128 Hash a33571eb2591514e45765696e5d92c9f e680863a86670bf2d8e0b1f5b33c267f0ddc5cd1 707a967916ff7ca8411b995ff078ee44fcbb627bbb11f067643f7a6ab7f99806 Loading...

	maps.googleapis.com/maps-api-v3/api/js/56/8/util.js	186 kB	2024-04-10	2024-04-25
Pretty URL maps.googleapis.com/maps-api-v3/api/js/56/8/util.js IP 142.250.74.170 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-10 20:15:54 Last Seen2024-04-25 21:32:11 Times Seen530 Hash 6cc4537f5b0fb2554830940d2ef390c1 deae273e7dca2c26ffb13cd11c32280462fc351e c2f957bdab42c74b2dfa9f67e6fb1866edb41034f319d84ca185e5c0f1985f58 Loading...

	colcdwteres.work.gd/	146 B	2023-03-07	2024-04-23
Pretty URL colcdwteres.work.gd/ IP 174.136.231.90 ASN #396362 LEASEWEB-USA-NYC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:29:57 Last Seen2024-04-23 21:50:14 Times Seen744 Hash c4cffc0349a21ca64eb83f0ac33270e6 a6bf8c2c85c24465a0867475ceb6ee89a528676a 05a4b0e51b6395fa2bc718532912915e4b649ecf6c298b193dc77c09ab8ba66e Loading...

	colcdwteres.work.gd/js/vendor/modernizr-2.6.2.min.js	15 kB	2023-03-07	2024-04-29
Pretty URL colcdwteres.work.gd/js/vendor/modernizr-2.6.2.min.js IP 174.136.231.90 ASN #396362 LEASEWEB-USA-NYC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:49 Last Seen2024-04-29 18:35:24 Times Seen2876 Hash 42306a279a9e831515347ae319181cd1 d069641242e4fe1beb6de8f53a77dd964c98bce0 cf25ec18f223f4c51ce1128a42e644cdc2244d88f89d1a51440d9dbe51f4efe8 Loading...

	colcdwteres.work.gd/js/jquery.validate.min.js	22 kB	2023-04-05	2024-05-01
Pretty URL colcdwteres.work.gd/js/jquery.validate.min.js IP 174.136.231.90 ASN #396362 LEASEWEB-USA-NYC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-05 10:34:02 Last Seen2024-05-01 00:26:32 Times Seen901 Hash 6575852a4af3170a3855594124021413 52cf2d8beb90f42322631b345972f3fe87d3b545 6f7250dd7c3fd9f3bd2cdda1ce09481124ea4a4c88ace131424afa87673d142b Loading...

	colcdwteres.work.gd/js/jquery.sticky.js	5.7 kB	2023-03-07	2024-04-23
Pretty URL colcdwteres.work.gd/js/jquery.sticky.js IP 174.136.231.90 ASN #396362 LEASEWEB-USA-NYC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:08:03 Last Seen2024-04-23 21:50:14 Times Seen960 Hash 1207f10dca0217442912cb14dfcac518 341a3c047fbb6916ef9f27026c239682286acea4 e2625c28848cbca930c42cf94c85201372302f87978932e468d75466addc23e6 Loading...

	maps.googleapis.com/maps-api-v3/api/js/56/8/common.js	262 kB	2024-04-10	2024-04-25
Pretty URL maps.googleapis.com/maps-api-v3/api/js/56/8/common.js IP 142.250.74.170 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-10 20:15:54 Last Seen2024-04-25 21:32:11 Times Seen532 Hash 418ecbb83c2df2a704fdec98cba736bf 0b0535ebe27dfcef7437bc75cf33648c61be3dbe cf0c03bd0efee39705d10989e116ce08d2810c4ed1b578b6451dd26a34beede5 Loading...

	maps.googleapis.com/maps/api/js?sensor=false	197 kB	2024-04-18	2024-04-18
Pretty URL maps.googleapis.com/maps/api/js?sensor=false IP 142.250.74.170 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 11:55:40 Last Seen2024-04-18 11:55:40 Times Seen2 Hash 4789fc168b49b808088b96902b75d656 759234214ea384bd65685229e8a51796a70b88c4 83bfe2426367b22d5f5a2e1e2ac0836246c105417501a3681fb175a1e235ecb3 Loading...

	colcdwteres.work.gd/js/wow.min.js	8.2 kB	2023-03-07	2024-05-01
Pretty URL colcdwteres.work.gd/js/wow.min.js IP 174.136.231.90 ASN #396362 LEASEWEB-USA-NYC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:44 Last Seen2024-05-01 00:16:19 Times Seen1377 Hash ed4b12ef0f7e4bf5d5ff3555d18718cb 258fa26dec8fcf4769d49eaca6712ef56923673e 3162b6468674133d7b6c903e4b8a06f7faf51216d1e7f8b3edc8f326b1bfe461 Loading...

	colcdwteres.work.gd/js/main.js	4.9 kB	2023-03-07	2024-04-23
Pretty URL colcdwteres.work.gd/js/main.js IP 174.136.231.90 ASN #396362 LEASEWEB-USA-NYC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:08:03 Last Seen2024-04-23 21:50:14 Times Seen820 Hash 8a7f1358e65bad790f1f1c24da310aea aa44e2bb61cdbc57271759d77d4b7803e1ef95a0 bd6808f1443357a7c2208297567f99f4a8ba54a538d0283e105721e42b40ddbc Loading...

HTTP Transactions (37)

URL IP Response Size

colcdwteres.work.gd/

174.136.231.90

200 OK

16 kB

URL User Request GET HTTP/1.1
colcdwteres.work.gd/
IP
174.136.231.90:80
ASN
#396362 LEASEWEB-USA-NYC

File type
HTML document, ASCII text
Size
16 kB (16435 bytes)
Hash
b476ce761c1500c31c50362aa2e2b001
4ccbcf65215adebbf1a736063a50269085c648f6
4221242c1db13887821ed4600a955addd90c5ae57c8a770a628f0ff96976d597

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.work .gd Domain

HTTP Headers

GET / HTTP/1.1
Host: colcdwteres.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 09:55:10 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
X-Powered-By: PHP/7.1.33
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

code.ionicframework.com/ionicons/2.0.1/css/ionicons.min.css

104.26.7.173

200 OK

8.3 kB

URL GET HTTP/1.1
code.ionicframework.com/ionicons/2.0.1/css/ionicons.min.css
IP
104.26.7.173:80
ASN
#13335 CLOUDFLARENET

Requested by
http://colcdwteres.work.gd/

File type
Unicode text, UTF-8 text, with very long lines (50806)
Size
8.3 kB (8313 bytes)
Hash
1690997909aae14b023a6580d4a2f33f
a4fd9551382a3b5c9c43e14adb8c4c4149cd2352
92ac508220f5bb60ec94e07650528eb66625f82a4740ada068cde05365781286

HTTP Headers

GET /ionicons/2.0.1/css/ionicons.min.css HTTP/1.1
Host: code.ionicframework.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://colcdwteres.work.gd/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 09:55:11 GMT
Content-Type: text/css; charset=utf-8
Content-Length: 8313
Connection: keep-alive
Last-Modified: Thu, 13 Apr 2023 16:20:19 GMT
Access-Control-Allow-Origin: *
ETag: W/"64382bc3-c854"
expires: Wed, 17 Apr 2024 18:18:00 GMT
Cache-Control: max-age=31536000
Content-Encoding: gzip
x-proxy-cache: MISS
X-GitHub-Request-Id: 27BA:156FBE:258D251:2663C48:66201000
Age: 35425
Via: 1.1 varnish
X-Served-By: cache-osl6522-OSL
X-Cache: HIT
X-Cache-Hits: 0
X-Timer: S1713398687.862260,VS0,VE103
Vary: Accept-Encoding
X-Fastly-Request-ID: f32d1d848740b85122f843cefa29a29f408997c9
CF-Cache-Status: HIT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ligmABE3aPUpWjZzLQQpJ4EMbm%2BcKa6lUoJs5d9hlJfC3KjEdtynpUdQidrjheBmA8XQ6RINYF61w%2BuUt1bNnepy4MvYCEemGR62V%2FGT1Co1F8QtB3oPdtiwjSoPwziBH3mvrYlFt%2BxY"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8763c71c79420b51-OSL
alt-svc: h2=":443"; ma=60

fonts.googleapis.com/css?family=Lato:400,300,700

142.250.74.106

200 OK

399 B

URL GET HTTP/1.1
fonts.googleapis.com/css?family=Lato:400,300,700
IP
142.250.74.106:80
ASN
#15169 GOOGLE

Requested by
http://colcdwteres.work.gd/

File type
ASCII text
Size
399 B (399 bytes)
Hash
b766e478e64b94a7dff13ca53bc12ad1
d0062e05b168c666eb4f47462ebd1c5129075e79
d071d93b24c71f2c3535ba20557f8ce14a5cdd2accd1c3e99423c23120d5ecbe

HTTP Headers

GET /css?family=Lato:400,300,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://colcdwteres.work.gd/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Thu, 18 Apr 2024 09:55:11 GMT
Date: Thu, 18 Apr 2024 09:55:11 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Opener-Policy: same-origin-allow-popups
Cross-Origin-Resource-Policy: cross-origin
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff

colcdwteres.work.gd/css/responsive.css

174.136.231.90

200 OK

2.1 kB

URL GET HTTP/1.1
colcdwteres.work.gd/css/responsive.css
IP
174.136.231.90:80
ASN
#396362 LEASEWEB-USA-NYC

Requested by
http://colcdwteres.work.gd/

File type
ASCII text
Size
2.1 kB (2063 bytes)
Hash
e1d0cd3c8d6d29d24aef915cb4da5b29
0dd2140da190e7f9ca4bf9eec42cf6af9e268484
a6c274f085ba8d281e715ae0dfcdddee04f76196cdc71d9dc1403e91fa5c0123

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.work .gd Domain

HTTP Headers

GET /css/responsive.css HTTP/1.1
Host: colcdwteres.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://colcdwteres.work.gd/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 09:55:11 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
Last-Modified: Thu, 11 Aug 2016 10:38:52 GMT
ETag: "80f-539c95f33e700"
Accept-Ranges: bytes
Content-Length: 2063
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

colcdwteres.work.gd/css/owl.carousel.css

174.136.231.90

200 OK

4.6 kB

URL GET HTTP/1.1
colcdwteres.work.gd/css/owl.carousel.css
IP
174.136.231.90:80
ASN
#396362 LEASEWEB-USA-NYC

Requested by
http://colcdwteres.work.gd/

File type
ASCII text
Size
4.6 kB (4614 bytes)
Hash
b51416af9e8adbe3d16f5f2526aba221
097c8d67412f44534449ed4cadc6dd22b025801d
dd7b97c7ad9d7b3eb79bdc728bcbc6a7ab8e3d5db0421fb0dd16d34f3dc88277

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.work .gd Domain

HTTP Headers

GET /css/owl.carousel.css HTTP/1.1
Host: colcdwteres.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://colcdwteres.work.gd/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 09:55:11 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
Last-Modified: Thu, 11 Aug 2016 10:38:52 GMT
ETag: "1206-539c95f33e700"
Accept-Ranges: bytes
Content-Length: 4614
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

maps.googleapis.com/maps/api/js?sensor=false

142.250.74.170

200 OK

66 kB

URL GET HTTP/2
maps.googleapis.com/maps/api/js?sensor=false
IP
142.250.74.170:443
ASN
#15169 GOOGLE

Requested by
http://colcdwteres.work.gd/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint47:5A:64:7D:9F:47:34:07:31:91:97:F7:04:42:7A:D5:EA:AD:07:4E
ValidityMon, 04 Mar 2024 07:16:44 GMT - Mon, 27 May 2024 07:16:43 GMT

File type
JavaScript source, ASCII text, with very long lines (10289)
Size
66 kB (65981 bytes)
Hash
4789fc168b49b808088b96902b75d656
759234214ea384bd65685229e8a51796a70b88c4
83bfe2426367b22d5f5a2e1e2ac0836246c105417501a3681fb175a1e235ecb3

HTTP Headers

GET /maps/api/js?sensor=false HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://colcdwteres.work.gd/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
cache-control: public, max-age=1800
content-type: text/javascript; charset=UTF-8
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Language, Origin, X-Origin, Referer
content-encoding: gzip
date: Thu, 18 Apr 2024 09:55:11 GMT
server: scaffolding on HTTPServer2
content-length: 65981
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

colcdwteres.work.gd/css/font-awesome.min.css

174.136.231.90

200 OK

22 kB

URL GET HTTP/1.1
colcdwteres.work.gd/css/font-awesome.min.css
IP
174.136.231.90:80
ASN
#396362 LEASEWEB-USA-NYC

Requested by
http://colcdwteres.work.gd/

File type
ASCII text, with very long lines (21822)
Size
22 kB (21984 bytes)
Hash
feda974a77ea5783b8be673f142b7c88
b71d1c7c315b67c614563382d1c2a868ac14d729
0fb1bbca73646e8e2b93c82e8d8b219647b13d4b440c48e338290b9a685b8de1

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.work .gd Domain

HTTP Headers

GET /css/font-awesome.min.css HTTP/1.1
Host: colcdwteres.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://colcdwteres.work.gd/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 09:55:11 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
Last-Modified: Thu, 11 Aug 2016 10:38:52 GMT
ETag: "55e0-539c95f33e700"
Accept-Ranges: bytes
Content-Length: 21984
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

colcdwteres.work.gd/css/bootstrap.min.css

174.136.231.90

200 OK

114 kB

URL GET HTTP/1.1
colcdwteres.work.gd/css/bootstrap.min.css
IP
174.136.231.90:80
ASN
#396362 LEASEWEB-USA-NYC

Requested by
http://colcdwteres.work.gd/

File type
ASCII text, with very long lines (65371)
Size
114 kB (114011 bytes)
Hash
78e7f91c0c4cca415e0683626aa23925
35e0b4e5ac71901d9919b1a32b5ae69cc660d470
96b126417447a9c5d415f06e00e2e6372248c9857f5ff60b6477f8c6f55c449a

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.work .gd Domain

HTTP Headers

GET /css/bootstrap.min.css HTTP/1.1
Host: colcdwteres.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://colcdwteres.work.gd/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 09:55:10 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
Last-Modified: Thu, 11 Aug 2016 10:38:52 GMT
ETag: "1bd5b-539c95f33e700"
Accept-Ranges: bytes
Content-Length: 114011
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css

colcdwteres.work.gd/css/main.css

174.136.231.90

200 OK

18 kB

URL GET HTTP/1.1
colcdwteres.work.gd/css/main.css
IP
174.136.231.90:80
ASN
#396362 LEASEWEB-USA-NYC

Requested by
http://colcdwteres.work.gd/

File type
ASCII text
Size
18 kB (17490 bytes)
Hash
976a85850fd9c2dc8b9f67c975ee08b0
ecd2dfde1e7c5b90ddc116b8d38f14cf0c361c64
b218230494c356941b5afcb3e1f2fb8d03950b02bd79d76a935276503a53ab5e

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.work .gd Domain

HTTP Headers

GET /css/main.css HTTP/1.1
Host: colcdwteres.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://colcdwteres.work.gd/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 09:55:11 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
Last-Modified: Thu, 11 Aug 2016 10:38:52 GMT
ETag: "4452-539c95f33e700"
Accept-Ranges: bytes
Content-Length: 17490
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

colcdwteres.work.gd/js/jquery.lwtCountdown-1.0.js

174.136.231.90

200 OK

5.2 kB

URL GET HTTP/1.1
colcdwteres.work.gd/js/jquery.lwtCountdown-1.0.js
IP
174.136.231.90:80
ASN
#396362 LEASEWEB-USA-NYC

Requested by
http://colcdwteres.work.gd/

File type
JavaScript source, ASCII text, with CRLF line terminators
Size
5.2 kB (5188 bytes)
Hash
2356a2380e099ee017e2800dc1448509
e2ff5607657bd0a45c0b7765d87d502cb16bd141
47ab023691eeed8f1eff1479fb882b115dd905ca3dabd01171f0896c6a2e52dc

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.work .gd Domain

HTTP Headers

GET /js/jquery.lwtCountdown-1.0.js HTTP/1.1
Host: colcdwteres.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://colcdwteres.work.gd/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 09:55:11 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
Last-Modified: Thu, 11 Aug 2016 10:38:52 GMT
ETag: "1444-539c95f33e700"
Accept-Ranges: bytes
Content-Length: 5188
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript

colcdwteres.work.gd/js/vendor/modernizr-2.6.2.min.js

174.136.231.90

200 OK

15 kB

URL GET HTTP/1.1
colcdwteres.work.gd/js/vendor/modernizr-2.6.2.min.js
IP
174.136.231.90:80
ASN
#396362 LEASEWEB-USA-NYC

Requested by
http://colcdwteres.work.gd/

File type
JavaScript source, ASCII text, with very long lines (14756)
Size
15 kB (15414 bytes)
Hash
42306a279a9e831515347ae319181cd1
d069641242e4fe1beb6de8f53a77dd964c98bce0
cf25ec18f223f4c51ce1128a42e644cdc2244d88f89d1a51440d9dbe51f4efe8

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.work .gd Domain

HTTP Headers

GET /js/vendor/modernizr-2.6.2.min.js HTTP/1.1
Host: colcdwteres.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://colcdwteres.work.gd/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 09:55:11 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
Last-Modified: Thu, 11 Aug 2016 10:38:52 GMT
ETag: "3c36-539c95f33e700"
Accept-Ranges: bytes
Content-Length: 15414
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript

colcdwteres.work.gd/css/animate.css

174.136.231.90

200 OK

74 kB

URL GET HTTP/1.1
colcdwteres.work.gd/css/animate.css
IP
174.136.231.90:80
ASN
#396362 LEASEWEB-USA-NYC

Requested by
http://colcdwteres.work.gd/

File type
ASCII text, with CRLF line terminators
Size
74 kB (74361 bytes)
Hash
3a5e1fcbbef53d830e580efc7b32d0b1
619625d017eadd7f30156ae2237f23ae7cc3b68d
668b90c3bed422fa7ce2453a294ceb2fd81419d2ad13813d53e8501072d79f16

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.work .gd Domain

HTTP Headers

GET /css/animate.css HTTP/1.1
Host: colcdwteres.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://colcdwteres.work.gd/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 09:55:11 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
Last-Modified: Thu, 11 Aug 2016 10:38:52 GMT
ETag: "12279-539c95f33e700"
Accept-Ranges: bytes
Content-Length: 74361
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

colcdwteres.work.gd/js/bootstrap.min.js

174.136.231.90

200 OK

29 kB

URL GET HTTP/1.1
colcdwteres.work.gd/js/bootstrap.min.js
IP
174.136.231.90:80
ASN
#396362 LEASEWEB-USA-NYC

Requested by
http://colcdwteres.work.gd/

File type
JavaScript source, ASCII text, with very long lines (28928)
Size
29 kB (29097 bytes)
Hash
e1d08589ec26bec3a81625ce274d76d9
c6a8a0f02ee0ecd975226ae4b38e9660750d1f93
03bf371e3ca4739cfe6bea61f0126b7cbb94e4713e970651f9acd5acb3d9e399

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.work .gd Domain

HTTP Headers

GET /js/bootstrap.min.js HTTP/1.1
Host: colcdwteres.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://colcdwteres.work.gd/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 09:55:11 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
Last-Modified: Thu, 11 Aug 2016 10:38:52 GMT
ETag: "71a9-539c95f33e700"
Accept-Ranges: bytes
Content-Length: 29097
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript

colcdwteres.work.gd/js/jquery.validate.min.js

174.136.231.90

200 OK

22 kB

URL GET HTTP/1.1
colcdwteres.work.gd/js/jquery.validate.min.js
IP
174.136.231.90:80
ASN
#396362 LEASEWEB-USA-NYC

Requested by
http://colcdwteres.work.gd/

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (21445)
Size
22 kB (21584 bytes)
Hash
d7342d64b483db4cdc836047765c07f3
e1085fb6185d0c47ccd1f202d197ba626f017e15
f0f5373ad203101ea91bf826c5a7ef8f7cd74887f06bad2cb9277a504503b9e2

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.work .gd Domain

HTTP Headers

GET /js/jquery.validate.min.js HTTP/1.1
Host: colcdwteres.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://colcdwteres.work.gd/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 09:55:11 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
Last-Modified: Thu, 11 Aug 2016 10:38:52 GMT
ETag: "5450-539c95f33e700"
Accept-Ranges: bytes
Content-Length: 21584
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript

colcdwteres.work.gd/js/jquery.nav.js

174.136.231.90

200 OK

5.1 kB

URL GET HTTP/1.1
colcdwteres.work.gd/js/jquery.nav.js
IP
174.136.231.90:80
ASN
#396362 LEASEWEB-USA-NYC

Requested by
http://colcdwteres.work.gd/

File type
JavaScript source, ASCII text
Size
5.1 kB (5138 bytes)
Hash
a33571eb2591514e45765696e5d92c9f
e680863a86670bf2d8e0b1f5b33c267f0ddc5cd1
707a967916ff7ca8411b995ff078ee44fcbb627bbb11f067643f7a6ab7f99806

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.work .gd Domain

HTTP Headers

GET /js/jquery.nav.js HTTP/1.1
Host: colcdwteres.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://colcdwteres.work.gd/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 09:55:11 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
Last-Modified: Thu, 11 Aug 2016 10:38:52 GMT
ETag: "1412-539c95f33e700"
Accept-Ranges: bytes
Content-Length: 5138
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript

colcdwteres.work.gd/js/vendor/jquery-1.10.2.min.js

174.136.231.90

200 OK

93 kB

URL GET HTTP/1.1
colcdwteres.work.gd/js/vendor/jquery-1.10.2.min.js
IP
174.136.231.90:80
ASN
#396362 LEASEWEB-USA-NYC

Requested by
http://colcdwteres.work.gd/

File type
JavaScript source, ASCII text, with very long lines (32072)
Size
93 kB (93107 bytes)
Hash
628072e7212db1e8cdacb22b21752cda
0511abe9863c2ea7084efa7e24d1d86c5b3974f1
0ba081f546084bd5097aa8a73c75931d5aa1fc4d6e846e53c21f98e6a1509988

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.work .gd Domain

HTTP Headers

GET /js/vendor/jquery-1.10.2.min.js HTTP/1.1
Host: colcdwteres.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://colcdwteres.work.gd/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 09:55:11 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
Last-Modified: Thu, 11 Aug 2016 10:38:52 GMT
ETag: "16bb3-539c95f33e700"
Accept-Ranges: bytes
Content-Length: 93107
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript

fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh7USSwiPGQ.woff2

216.58.207.227

200 OK

23 kB

URL GET HTTP/1.1
fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh7USSwiPGQ.woff2
IP
216.58.207.227:80
ASN
#15169 GOOGLE

Requested by
http://colcdwteres.work.gd/

File type
Web Open Font Format (Version 2), TrueType, length 23236, version 1.0
Size
23 kB (23236 bytes)
Hash
716309aab2bca045f9627f63ad79d0bf
38804233a29aaf975d557fe14e762c627bef76e0
115f6a626ca115d4ad5581b59275327e0e860b30330a52b0f785561332dd2429

HTTP Headers

GET /s/lato/v24/S6u9w4BMUTPHh7USSwiPGQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://colcdwteres.work.gd
DNT: 1
Connection: keep-alive
Referer: http://fonts.googleapis.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 23236
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 13 Apr 2024 07:04:29 GMT
Expires: Sun, 13 Apr 2025 07:04:29 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Tue, 02 May 2023 15:08:26 GMT
Content-Type: font/woff2
Age: 442242

colcdwteres.work.gd/js/owl.carousel.min.js

174.136.231.90

200 OK

40 kB

URL GET HTTP/1.1
colcdwteres.work.gd/js/owl.carousel.min.js
IP
174.136.231.90:80
ASN
#396362 LEASEWEB-USA-NYC

Requested by
http://colcdwteres.work.gd/

File type
JavaScript source, ASCII text, with very long lines (32068)
Size
40 kB (40401 bytes)
Hash
ffaa3c82ad2c6e216e68aca44746e1be
2fa7c468110fa68f1f3df6718daf971871623ee9
83553d22ccd56e5576d544f6ba93475c712b3c02d312893eea2acc16de5fcf91

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.work .gd Domain

HTTP Headers

GET /js/owl.carousel.min.js HTTP/1.1
Host: colcdwteres.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://colcdwteres.work.gd/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 09:55:11 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
Last-Modified: Thu, 11 Aug 2016 10:38:52 GMT
ETag: "9dd1-539c95f33e700"
Accept-Ranges: bytes
Content-Length: 40401
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript

fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2

216.58.207.227

200 OK

24 kB

URL GET HTTP/1.1
fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2
IP
216.58.207.227:80
ASN
#15169 GOOGLE

Requested by
http://colcdwteres.work.gd/

File type
Web Open Font Format (Version 2), TrueType, length 23580, version 1.0
Size
24 kB (23580 bytes)
Hash
e1b3b5908c9cf23dfb2b9c52b9a023ab
fcd4136085f2a03481d9958cc6793a5ed98e714c
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537

HTTP Headers

GET /s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://colcdwteres.work.gd
DNT: 1
Connection: keep-alive
Referer: http://fonts.googleapis.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 23580
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Thu, 11 Apr 2024 17:34:47 GMT
Expires: Fri, 11 Apr 2025 17:34:47 GMT
Cache-Control: public, max-age=31536000
Age: 577224
Last-Modified: Tue, 02 May 2023 15:17:22 GMT
Content-Type: font/woff2

fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ.woff2

216.58.207.227

200 OK

23 kB

URL GET HTTP/1.1
fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ.woff2
IP
216.58.207.227:80
ASN
#15169 GOOGLE

Requested by
http://colcdwteres.work.gd/

File type
Web Open Font Format (Version 2), TrueType, length 23040, version 1.0
Size
23 kB (23040 bytes)
Hash
de69cf9e514df447d1b0bb16f49d2457
2ac78601179c3a63ba3f3f3081556b12ddcaf655
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49

HTTP Headers

GET /s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://colcdwteres.work.gd
DNT: 1
Connection: keep-alive
Referer: http://fonts.googleapis.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 23040
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Thu, 18 Apr 2024 03:02:53 GMT
Expires: Fri, 18 Apr 2025 03:02:53 GMT
Cache-Control: public, max-age=31536000
Age: 24738
Last-Modified: Tue, 02 May 2023 15:07:25 GMT
Content-Type: font/woff2

colcdwteres.work.gd/js/jquery.sticky.js

174.136.231.90

200 OK

5.7 kB

URL GET HTTP/1.1
colcdwteres.work.gd/js/jquery.sticky.js
IP
174.136.231.90:80
ASN
#396362 LEASEWEB-USA-NYC

Requested by
http://colcdwteres.work.gd/

File type
JavaScript source, ASCII text
Size
5.7 kB (5654 bytes)
Hash
1207f10dca0217442912cb14dfcac518
341a3c047fbb6916ef9f27026c239682286acea4
e2625c28848cbca930c42cf94c85201372302f87978932e468d75466addc23e6

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.work .gd Domain

HTTP Headers

GET /js/jquery.sticky.js HTTP/1.1
Host: colcdwteres.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://colcdwteres.work.gd/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 09:55:11 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
Last-Modified: Thu, 11 Aug 2016 10:38:52 GMT
ETag: "1616-539c95f33e700"
Accept-Ranges: bytes
Content-Length: 5654
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript

colcdwteres.work.gd/js/plugins.js

174.136.231.90

200 OK

733 B

URL GET HTTP/1.1
colcdwteres.work.gd/js/plugins.js
IP
174.136.231.90:80
ASN
#396362 LEASEWEB-USA-NYC

Requested by
http://colcdwteres.work.gd/

File type
JavaScript source, ASCII text
Size
733 B (733 bytes)
Hash
e2679049e95a7201b815c3cf004aefc4
ea250a66815d0665a9b5677991eaaba789bfc125
267f86b986829cb9a3c46b9fcdbc56783bb923005ba5ef5b27efce504e72ecfa

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.work .gd Domain

HTTP Headers

GET /js/plugins.js HTTP/1.1
Host: colcdwteres.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://colcdwteres.work.gd/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 09:55:11 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
Last-Modified: Thu, 11 Aug 2016 10:38:52 GMT
ETag: "2dd-539c95f33e700"
Accept-Ranges: bytes
Content-Length: 733
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript

colcdwteres.work.gd/js/jquery.form.js

174.136.231.90

200 OK

39 kB

URL GET HTTP/1.1
colcdwteres.work.gd/js/jquery.form.js
IP
174.136.231.90:80
ASN
#396362 LEASEWEB-USA-NYC

Requested by
http://colcdwteres.work.gd/

File type
JavaScript source, ASCII text
Size
39 kB (39236 bytes)
Hash
529b65010afdc2aac6389b647908f5b8
96828fd4ab8a75a96338df88f986b36c7e754fef
800c1c83a86f7fe665ac6d49c6370e2f045f70f5c7859ef4a0e686b4759e46b3

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.work .gd Domain

HTTP Headers

GET /js/jquery.form.js HTTP/1.1
Host: colcdwteres.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://colcdwteres.work.gd/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 09:55:11 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
Last-Modified: Thu, 11 Aug 2016 10:38:52 GMT
ETag: "9944-539c95f33e700"
Accept-Ranges: bytes
Content-Length: 39236
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript

code.ionicframework.com/ionicons/2.0.1/fonts/ionicons.ttf?v=2.0.1

104.26.7.173

200 OK

110 kB

URL GET HTTP/1.1
code.ionicframework.com/ionicons/2.0.1/fonts/ionicons.ttf?v=2.0.1
IP
104.26.7.173:80
ASN
#13335 CLOUDFLARENET

Requested by
http://colcdwteres.work.gd/

File type
TrueType Font data, 15 tables, 1st "FFTM", 14 names, Macintosh
Size
110 kB (110019 bytes)
Hash
dd4781d1acc57ba4c4808d1b44301201
956116ebe4b3a315b1a43009567e6f8ad0a9a720
5e700835ec05293a3d0f9e354e7d038319d34521cd279e782198dff6d1dd58f2

HTTP Headers

GET /ionicons/2.0.1/fonts/ionicons.ttf?v=2.0.1 HTTP/1.1
Host: code.ionicframework.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://colcdwteres.work.gd
DNT: 1
Connection: keep-alive
Referer: http://code.ionicframework.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 09:55:12 GMT
Content-Type: font/ttf
Content-Length: 110019
Connection: keep-alive
Last-Modified: Thu, 13 Apr 2023 16:20:19 GMT
Access-Control-Allow-Origin: *
ETag: W/"64382bc3-2e05c"
expires: Thu, 18 Apr 2024 05:27:58 GMT
Cache-Control: max-age=31536000
Content-Encoding: gzip
x-proxy-cache: HIT
X-GitHub-Request-Id: EE36:2C0AE3:4FB3E47:5181D53:6620ADF1
Via: 1.1 varnish
X-Served-By: cache-osl6524-OSL
X-Cache: HIT
X-Cache-Hits: 0
X-Timer: S1713434112.900894,VS0,VE101
Vary: Accept-Encoding
X-Fastly-Request-ID: f8d8024bd38ef9a4a25498ffd7a47c5c7188f729
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tbYOKQt4Pma7kqXJS5ffVgymEXcfaDDEWU0L2rVmxZq%2FDLf5s2Ld%2FfgLMzjGyMXWKJ2SUEQBrGWn5eziIKLz86CXSyDk6CyVYYAvF213qO0PQ5V6OSkFUyVCCbj9wO8VAcLOKRlTjWQ%2B"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8763c71f4c2356bf-OSL
alt-svc: h2=":443"; ma=60

colcdwteres.work.gd/js/wow.min.js

174.136.231.90

200 OK

8.2 kB

URL GET HTTP/1.1
colcdwteres.work.gd/js/wow.min.js
IP
174.136.231.90:80
ASN
#396362 LEASEWEB-USA-NYC

Requested by
http://colcdwteres.work.gd/

File type
JavaScript source, ASCII text, with very long lines (8152), with CRLF line terminators
Size
8.2 kB (8183 bytes)
Hash
ed4b12ef0f7e4bf5d5ff3555d18718cb
258fa26dec8fcf4769d49eaca6712ef56923673e
3162b6468674133d7b6c903e4b8a06f7faf51216d1e7f8b3edc8f326b1bfe461

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.work .gd Domain

HTTP Headers

GET /js/wow.min.js HTTP/1.1
Host: colcdwteres.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://colcdwteres.work.gd/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 09:55:11 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
Last-Modified: Thu, 11 Aug 2016 10:38:52 GMT
ETag: "1ff7-539c95f33e700"
Accept-Ranges: bytes
Content-Length: 8183
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript

colcdwteres.work.gd/js/main.js

174.136.231.90

200 OK

4.9 kB

URL GET HTTP/1.1
colcdwteres.work.gd/js/main.js
IP
174.136.231.90:80
ASN
#396362 LEASEWEB-USA-NYC

Requested by
http://colcdwteres.work.gd/

File type
JavaScript source, ASCII text, with very long lines (624)
Size
4.9 kB (4851 bytes)
Hash
8a7f1358e65bad790f1f1c24da310aea
aa44e2bb61cdbc57271759d77d4b7803e1ef95a0
bd6808f1443357a7c2208297567f99f4a8ba54a538d0283e105721e42b40ddbc

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.work .gd Domain

HTTP Headers

GET /js/main.js HTTP/1.1
Host: colcdwteres.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://colcdwteres.work.gd/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 09:55:11 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
Last-Modified: Thu, 08 Aug 2019 14:49:46 GMT
ETag: "12f3-58f9c2b333680"
Accept-Ranges: bytes
Content-Length: 4851
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript

colcdwteres.work.gd/images/logo.png

174.136.231.90

200 OK

2.9 kB

URL GET HTTP/1.1
colcdwteres.work.gd/images/logo.png
IP
174.136.231.90:80
ASN
#396362 LEASEWEB-USA-NYC

Requested by
http://colcdwteres.work.gd/

File type
PNG image data, 120 x 41, 8-bit/color RGBA, non-interlaced
Size
2.9 kB (2919 bytes)
Hash
f1cedb063e892e4a6fc28debab3991d3
7aaa53e578ee41eaa3386f4ba46d1b743cac33a7
cafcc94334619aa80a69e0f636d141a077a6637baa5d1c91a1c69754e103ad29

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.work .gd Domain

HTTP Headers

GET /images/logo.png HTTP/1.1
Host: colcdwteres.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://colcdwteres.work.gd/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 09:55:11 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
Last-Modified: Thu, 11 Aug 2016 10:38:52 GMT
ETag: "b67-539c95f33e700"
Accept-Ranges: bytes
Content-Length: 2919
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png

colcdwteres.work.gd/images/about/1.jpg

174.136.231.90

200 OK

51 kB

URL GET HTTP/1.1
colcdwteres.work.gd/images/about/1.jpg
IP
174.136.231.90:80
ASN
#396362 LEASEWEB-USA-NYC

Requested by
http://colcdwteres.work.gd/

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 677x448, components 3
Size
51 kB (51399 bytes)
Hash
2665cd813006e24a2a6ae8c2f712cd54
da891a3ffd405924b416c0baddaa8ba120f87fb8
7b648a032b5291681b1c74bf00403374e6954f08ef8e1e691c5d26bcd950dc3e

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.work .gd Domain

HTTP Headers

GET /images/about/1.jpg HTTP/1.1
Host: colcdwteres.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://colcdwteres.work.gd/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 09:55:11 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
Last-Modified: Thu, 11 Aug 2016 10:38:52 GMT
ETag: "c8c7-539c95f33e700"
Accept-Ranges: bytes
Content-Length: 51399
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/jpeg

colcdwteres.work.gd/images/call-to-action.jpg

174.136.231.90

200 OK

43 kB

URL GET HTTP/1.1
colcdwteres.work.gd/images/call-to-action.jpg
IP
174.136.231.90:80
ASN
#396362 LEASEWEB-USA-NYC

Requested by
http://colcdwteres.work.gd/

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1300x244, components 3
Size
43 kB (42561 bytes)
Hash
1e9c6392580fd69806cb33c660db4400
4390b6bb6ef3defa933440bfb724154fd3a86736
38095634a28976784e0261cb081847145b97c910b510b86ead6e46c7abf71435

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.work .gd Domain

HTTP Headers

GET /images/call-to-action.jpg HTTP/1.1
Host: colcdwteres.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://colcdwteres.work.gd/css/main.css
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 09:55:11 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
Last-Modified: Thu, 11 Aug 2016 10:38:52 GMT
ETag: "a641-539c95f33e700"
Accept-Ranges: bytes
Content-Length: 42561
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/jpeg

colcdwteres.work.gd/images/about/2.jpg

174.136.231.90

200 OK

35 kB

URL GET HTTP/1.1
colcdwteres.work.gd/images/about/2.jpg
IP
174.136.231.90:80
ASN
#396362 LEASEWEB-USA-NYC

Requested by
http://colcdwteres.work.gd/

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 677x448, components 3
Size
35 kB (34974 bytes)
Hash
0469883b7145c611a0c8e6b35c36c47a
5968d37e9b010abce7310ea7f1269f5a86a3bb8b
ac159666c682b3bb62b42ef7c40e5a8d4cac710023c8fa9cef3a2904ad21e0ae

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.work .gd Domain

HTTP Headers

GET /images/about/2.jpg HTTP/1.1
Host: colcdwteres.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://colcdwteres.work.gd/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 09:55:11 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
Last-Modified: Thu, 11 Aug 2016 10:38:52 GMT
ETag: "889e-539c95f33e700"
Accept-Ranges: bytes
Content-Length: 34974
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/jpeg

colcdwteres.work.gd/images/about/3.jpg

174.136.231.90

200 OK

20 kB

URL GET HTTP/1.1
colcdwteres.work.gd/images/about/3.jpg
IP
174.136.231.90:80
ASN
#396362 LEASEWEB-USA-NYC

Requested by
http://colcdwteres.work.gd/

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 677x448, components 3
Size
20 kB (19536 bytes)
Hash
013f04fd325d58987e2c4e08e932520d
b0a8fce45b78e22ec107795c8d17d201330c10c6
c949f61bddcf29f511f03c50ec73191ff88b9349ede7a1439aaaa98488d535ba

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.work .gd Domain

HTTP Headers

GET /images/about/3.jpg HTTP/1.1
Host: colcdwteres.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://colcdwteres.work.gd/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 09:55:11 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
Last-Modified: Thu, 11 Aug 2016 10:38:52 GMT
ETag: "4c50-539c95f33e700"
Accept-Ranges: bytes
Content-Length: 19536
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/jpeg

colcdwteres.work.gd/images/logo-2.png

174.136.231.90

200 OK

3.1 kB

URL GET HTTP/1.1
colcdwteres.work.gd/images/logo-2.png
IP
174.136.231.90:80
ASN
#396362 LEASEWEB-USA-NYC

Requested by
http://colcdwteres.work.gd/

File type
PNG image data, 120 x 41, 8-bit/color RGBA, non-interlaced
Size
3.1 kB (3120 bytes)
Hash
34313a55d45b5d3dc82e66375ba40959
4c069abfa6830afc1f3bdcac91a578305bf724ff
1d852dd760d6559755a02a425f4c04eb324c5527aa7399a5caebdcbdc440fe63

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.work .gd Domain

HTTP Headers

GET /images/logo-2.png HTTP/1.1
Host: colcdwteres.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://colcdwteres.work.gd/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 09:55:11 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
Last-Modified: Thu, 11 Aug 2016 10:38:52 GMT
ETag: "c30-539c95f33e700"
Accept-Ranges: bytes
Content-Length: 3120
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png

maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true

142.250.74.170

200 OK

23 B

URL GET HTTP/3
maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true
IP
142.250.74.170:443
ASN
#15169 GOOGLE

Requested by
http://colcdwteres.work.gd/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint47:5A:64:7D:9F:47:34:07:31:91:97:F7:04:42:7A:D5:EA:AD:07:4E
ValidityMon, 04 Mar 2024 07:16:44 GMT - Mon, 27 May 2024 07:16:43 GMT

File type
JSON text data
Size
23 B (23 bytes)
Hash
8a80554c91d9fca8acb82f023de02f11
5f36b2ea290645ee34d943220a14b54ee5ea5be5
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

HTTP Headers

GET /maps/api/mapsjs/gen_204?csp_test=true HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://colcdwteres.work.gd
DNT: 1
Connection: keep-alive
Referer: http://colcdwteres.work.gd/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/json; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Thu, 18 Apr 2024 09:55:12 GMT
server: scaffolding on HTTPServer2
cache-control: private
content-length: 23
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: http://colcdwteres.work.gd
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

colcdwteres.work.gd/favicon.ico

174.136.231.90

200 OK

766 B

URL GET HTTP/1.1
colcdwteres.work.gd/favicon.ico
IP
174.136.231.90:80
ASN
#396362 LEASEWEB-USA-NYC

Requested by
http://colcdwteres.work.gd/

File type
MS Windows icon resource - 1 icon, 32x32, 16 colors, 4 bits/pixel
Size
766 B (766 bytes)
Hash
338abbb5ea8d80b9869555eca253d49d
63e4879d10467b4bc481a208c3a64649242a1420
36a6f4ba02692dd0d4f25aa288e598a8f36d5e1a18513f0bdbbc0ada9f5b729d

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.work .gd Domain

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: colcdwteres.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://colcdwteres.work.gd/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 09:55:11 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
Last-Modified: Thu, 11 Aug 2016 10:38:52 GMT
ETag: "2fe-539c95f33e700"
Accept-Ranges: bytes
Content-Length: 766
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/vnd.microsoft.icon

maps.googleapis.com/maps-api-v3/api/js/56/8/util.js

142.250.74.170

200 OK

57 kB

URL GET HTTP/3
maps.googleapis.com/maps-api-v3/api/js/56/8/util.js
IP
142.250.74.170:443
ASN
#15169 GOOGLE

Requested by
http://colcdwteres.work.gd/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint47:5A:64:7D:9F:47:34:07:31:91:97:F7:04:42:7A:D5:EA:AD:07:4E
ValidityMon, 04 Mar 2024 07:16:44 GMT - Mon, 27 May 2024 07:16:43 GMT

File type
JavaScript source, ASCII text, with very long lines (562)
Size
57 kB (57059 bytes)
Hash
6cc4537f5b0fb2554830940d2ef390c1
deae273e7dca2c26ffb13cd11c32280462fc351e
c2f957bdab42c74b2dfa9f67e6fb1866edb41034f319d84ca185e5c0f1985f58

HTTP Headers

GET /maps-api-v3/api/js/56/8/util.js HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://colcdwteres.work.gd/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-length: 57059
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 17 Apr 2024 17:31:06 GMT
expires: Thu, 17 Apr 2025 17:31:06 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 08 Apr 2024 17:51:59 GMT
content-type: text/javascript
vary: Accept-Encoding, Origin
age: 59051
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

maps.googleapis.com/maps-api-v3/api/js/56/8/common.js

142.250.74.170

200 OK

57 kB

URL GET HTTP/3
maps.googleapis.com/maps-api-v3/api/js/56/8/common.js
IP
142.250.74.170:443
ASN
#15169 GOOGLE

Requested by
http://colcdwteres.work.gd/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint47:5A:64:7D:9F:47:34:07:31:91:97:F7:04:42:7A:D5:EA:AD:07:4E
ValidityMon, 04 Mar 2024 07:16:44 GMT - Mon, 27 May 2024 07:16:43 GMT

File type
JavaScript source, ASCII text, with very long lines (6747)
Size
57 kB (57388 bytes)
Hash
418ecbb83c2df2a704fdec98cba736bf
0b0535ebe27dfcef7437bc75cf33648c61be3dbe
cf0c03bd0efee39705d10989e116ce08d2810c4ed1b578b6451dd26a34beede5

HTTP Headers

GET /maps-api-v3/api/js/56/8/common.js HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://colcdwteres.work.gd/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-length: 57388
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 17 Apr 2024 17:31:06 GMT
expires: Thu, 17 Apr 2025 17:31:06 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 08 Apr 2024 17:51:59 GMT
content-type: text/javascript
vary: Accept-Encoding, Origin
age: 59051
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

colcdwteres.work.gd/img/header-overlay.png

0.0.0.0

0 B

URL GET
colcdwteres.work.gd/img/header-overlay.png
IP
0.0.0.0:0
ASN
#0

Requested by
http://colcdwteres.work.gd/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.work .gd Domain

HTTP Headers

GET /img/header-overlay.png HTTP/1.1
Host: colcdwteres.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://colcdwteres.work.gd/css/main.css
Pragma: no-cache
Cache-Control: no-cache

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (16)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML