| | 174.136.231.90 | 200 OK | 16 kB |
URL User Request GET HTTP/1.1IP174.136.231.90:80 ASN#396362 LEASEWEB-USA-NYC
File typeHTML document, ASCII text Hashb476ce761c1500c31c50362aa2e2b001 4ccbcf65215adebbf1a736063a50269085c648f6 4221242c1db13887821ed4600a955addd90c5ae57c8a770a628f0ff96976d597
Analyzer | Verdict | Alert | urlquery | suspicious | Suspicious - DynDNS domain |
NIDS | Severity | Alert | suricata | medium | ET INFO DYNAMIC_DNS HTTP Request to a *.work .gd Domain |
GET / HTTP/1.1
Host: colcdwteres.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 09:55:10 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
X-Powered-By: PHP/7.1.33
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
|
|
| code.ionicframework.com/ionicons/2.0.1/css/ionicons.min.css | 104.26.7.173 | 200 OK | 8.3 kB |
URL GET HTTP/1.1code.ionicframework.com/ionicons/2.0.1/css/ionicons.min.css IP104.26.7.173:80
Requested byhttp://colcdwteres.work.gd/
File typeUnicode text, UTF-8 text, with very long lines (50806) Hash1690997909aae14b023a6580d4a2f33f a4fd9551382a3b5c9c43e14adb8c4c4149cd2352 92ac508220f5bb60ec94e07650528eb66625f82a4740ada068cde05365781286
GET /ionicons/2.0.1/css/ionicons.min.css HTTP/1.1
Host: code.ionicframework.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://colcdwteres.work.gd/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 09:55:11 GMT
Content-Type: text/css; charset=utf-8
Content-Length: 8313
Connection: keep-alive
Last-Modified: Thu, 13 Apr 2023 16:20:19 GMT
Access-Control-Allow-Origin: *
ETag: W/"64382bc3-c854"
expires: Wed, 17 Apr 2024 18:18:00 GMT
Cache-Control: max-age=31536000
Content-Encoding: gzip
x-proxy-cache: MISS
X-GitHub-Request-Id: 27BA:156FBE:258D251:2663C48:66201000
Age: 35425
Via: 1.1 varnish
X-Served-By: cache-osl6522-OSL
X-Cache: HIT
X-Cache-Hits: 0
X-Timer: S1713398687.862260,VS0,VE103
Vary: Accept-Encoding
X-Fastly-Request-ID: f32d1d848740b85122f843cefa29a29f408997c9
CF-Cache-Status: HIT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ligmABE3aPUpWjZzLQQpJ4EMbm%2BcKa6lUoJs5d9hlJfC3KjEdtynpUdQidrjheBmA8XQ6RINYF61w%2BuUt1bNnepy4MvYCEemGR62V%2FGT1Co1F8QtB3oPdtiwjSoPwziBH3mvrYlFt%2BxY"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8763c71c79420b51-OSL
alt-svc: h2=":443"; ma=60
|
|
| fonts.googleapis.com/css?family=Lato:400,300,700 | 142.250.74.106 | 200 OK | 399 B |
URL GET HTTP/1.1fonts.googleapis.com/css?family=Lato:400,300,700 IP142.250.74.106:80
Requested byhttp://colcdwteres.work.gd/
Hashb766e478e64b94a7dff13ca53bc12ad1 d0062e05b168c666eb4f47462ebd1c5129075e79 d071d93b24c71f2c3535ba20557f8ce14a5cdd2accd1c3e99423c23120d5ecbe
GET /css?family=Lato:400,300,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://colcdwteres.work.gd/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Thu, 18 Apr 2024 09:55:11 GMT
Date: Thu, 18 Apr 2024 09:55:11 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Opener-Policy: same-origin-allow-popups
Cross-Origin-Resource-Policy: cross-origin
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
|
|
| colcdwteres.work.gd/css/responsive.css | 174.136.231.90 | 200 OK | 2.1 kB |
URL GET HTTP/1.1colcdwteres.work.gd/css/responsive.css IP174.136.231.90:80 ASN#396362 LEASEWEB-USA-NYC
Requested byhttp://colcdwteres.work.gd/
Hashe1d0cd3c8d6d29d24aef915cb4da5b29 0dd2140da190e7f9ca4bf9eec42cf6af9e268484 a6c274f085ba8d281e715ae0dfcdddee04f76196cdc71d9dc1403e91fa5c0123
Analyzer | Verdict | Alert | urlquery | suspicious | Suspicious - DynDNS domain |
NIDS | Severity | Alert | suricata | medium | ET INFO DYNAMIC_DNS HTTP Request to a *.work .gd Domain |
GET /css/responsive.css HTTP/1.1
Host: colcdwteres.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://colcdwteres.work.gd/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 09:55:11 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
Last-Modified: Thu, 11 Aug 2016 10:38:52 GMT
ETag: "80f-539c95f33e700"
Accept-Ranges: bytes
Content-Length: 2063
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
|
|
| colcdwteres.work.gd/css/owl.carousel.css | 174.136.231.90 | 200 OK | 4.6 kB |
URL GET HTTP/1.1colcdwteres.work.gd/css/owl.carousel.css IP174.136.231.90:80 ASN#396362 LEASEWEB-USA-NYC
Requested byhttp://colcdwteres.work.gd/
Hashb51416af9e8adbe3d16f5f2526aba221 097c8d67412f44534449ed4cadc6dd22b025801d dd7b97c7ad9d7b3eb79bdc728bcbc6a7ab8e3d5db0421fb0dd16d34f3dc88277
Analyzer | Verdict | Alert | urlquery | suspicious | Suspicious - DynDNS domain |
NIDS | Severity | Alert | suricata | medium | ET INFO DYNAMIC_DNS HTTP Request to a *.work .gd Domain |
GET /css/owl.carousel.css HTTP/1.1
Host: colcdwteres.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://colcdwteres.work.gd/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 09:55:11 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
Last-Modified: Thu, 11 Aug 2016 10:38:52 GMT
ETag: "1206-539c95f33e700"
Accept-Ranges: bytes
Content-Length: 4614
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
|
|
| maps.googleapis.com/maps/api/js?sensor=false | 142.250.74.170 | 200 OK | 66 kB |
URL GET HTTP/2maps.googleapis.com/maps/api/js?sensor=false IP142.250.74.170:443
Requested byhttp://colcdwteres.work.gd/ CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint47:5A:64:7D:9F:47:34:07:31:91:97:F7:04:42:7A:D5:EA:AD:07:4E ValidityMon, 04 Mar 2024 07:16:44 GMT - Mon, 27 May 2024 07:16:43 GMT
File typeJavaScript source, ASCII text, with very long lines (10289) Hash4789fc168b49b808088b96902b75d656 759234214ea384bd65685229e8a51796a70b88c4 83bfe2426367b22d5f5a2e1e2ac0836246c105417501a3681fb175a1e235ecb3
GET /maps/api/js?sensor=false HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://colcdwteres.work.gd/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
cache-control: public, max-age=1800
content-type: text/javascript; charset=UTF-8
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Language, Origin, X-Origin, Referer
content-encoding: gzip
date: Thu, 18 Apr 2024 09:55:11 GMT
server: scaffolding on HTTPServer2
content-length: 65981
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| colcdwteres.work.gd/css/font-awesome.min.css | 174.136.231.90 | 200 OK | 22 kB |
URL GET HTTP/1.1colcdwteres.work.gd/css/font-awesome.min.css IP174.136.231.90:80 ASN#396362 LEASEWEB-USA-NYC
Requested byhttp://colcdwteres.work.gd/
File typeASCII text, with very long lines (21822) Hashfeda974a77ea5783b8be673f142b7c88 b71d1c7c315b67c614563382d1c2a868ac14d729 0fb1bbca73646e8e2b93c82e8d8b219647b13d4b440c48e338290b9a685b8de1
Analyzer | Verdict | Alert | urlquery | suspicious | Suspicious - DynDNS domain |
NIDS | Severity | Alert | suricata | medium | ET INFO DYNAMIC_DNS HTTP Request to a *.work .gd Domain |
GET /css/font-awesome.min.css HTTP/1.1
Host: colcdwteres.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://colcdwteres.work.gd/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 09:55:11 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
Last-Modified: Thu, 11 Aug 2016 10:38:52 GMT
ETag: "55e0-539c95f33e700"
Accept-Ranges: bytes
Content-Length: 21984
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
|
|
| colcdwteres.work.gd/css/bootstrap.min.css | 174.136.231.90 | 200 OK | 114 kB |
URL GET HTTP/1.1colcdwteres.work.gd/css/bootstrap.min.css IP174.136.231.90:80 ASN#396362 LEASEWEB-USA-NYC
Requested byhttp://colcdwteres.work.gd/
File typeASCII text, with very long lines (65371) Size114 kB (114011 bytes) Hash78e7f91c0c4cca415e0683626aa23925 35e0b4e5ac71901d9919b1a32b5ae69cc660d470 96b126417447a9c5d415f06e00e2e6372248c9857f5ff60b6477f8c6f55c449a
Analyzer | Verdict | Alert | urlquery | suspicious | Suspicious - DynDNS domain |
NIDS | Severity | Alert | suricata | medium | ET INFO DYNAMIC_DNS HTTP Request to a *.work .gd Domain |
GET /css/bootstrap.min.css HTTP/1.1
Host: colcdwteres.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://colcdwteres.work.gd/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 09:55:10 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
Last-Modified: Thu, 11 Aug 2016 10:38:52 GMT
ETag: "1bd5b-539c95f33e700"
Accept-Ranges: bytes
Content-Length: 114011
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
|
|
| colcdwteres.work.gd/css/main.css | 174.136.231.90 | 200 OK | 18 kB |
URL GET HTTP/1.1colcdwteres.work.gd/css/main.css IP174.136.231.90:80 ASN#396362 LEASEWEB-USA-NYC
Requested byhttp://colcdwteres.work.gd/
Hash976a85850fd9c2dc8b9f67c975ee08b0 ecd2dfde1e7c5b90ddc116b8d38f14cf0c361c64 b218230494c356941b5afcb3e1f2fb8d03950b02bd79d76a935276503a53ab5e
Analyzer | Verdict | Alert | urlquery | suspicious | Suspicious - DynDNS domain |
NIDS | Severity | Alert | suricata | medium | ET INFO DYNAMIC_DNS HTTP Request to a *.work .gd Domain |
GET /css/main.css HTTP/1.1
Host: colcdwteres.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://colcdwteres.work.gd/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 09:55:11 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
Last-Modified: Thu, 11 Aug 2016 10:38:52 GMT
ETag: "4452-539c95f33e700"
Accept-Ranges: bytes
Content-Length: 17490
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
|
|
| colcdwteres.work.gd/js/jquery.lwtCountdown-1.0.js | 174.136.231.90 | 200 OK | 5.2 kB |
URL GET HTTP/1.1colcdwteres.work.gd/js/jquery.lwtCountdown-1.0.js IP174.136.231.90:80 ASN#396362 LEASEWEB-USA-NYC
Requested byhttp://colcdwteres.work.gd/
File typeJavaScript source, ASCII text, with CRLF line terminators Hash2356a2380e099ee017e2800dc1448509 e2ff5607657bd0a45c0b7765d87d502cb16bd141 47ab023691eeed8f1eff1479fb882b115dd905ca3dabd01171f0896c6a2e52dc
Analyzer | Verdict | Alert | urlquery | suspicious | Suspicious - DynDNS domain |
NIDS | Severity | Alert | suricata | medium | ET INFO DYNAMIC_DNS HTTP Request to a *.work .gd Domain |
GET /js/jquery.lwtCountdown-1.0.js HTTP/1.1
Host: colcdwteres.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://colcdwteres.work.gd/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 09:55:11 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
Last-Modified: Thu, 11 Aug 2016 10:38:52 GMT
ETag: "1444-539c95f33e700"
Accept-Ranges: bytes
Content-Length: 5188
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
|
|
| colcdwteres.work.gd/js/vendor/modernizr-2.6.2.min.js | 174.136.231.90 | 200 OK | 15 kB |
URL GET HTTP/1.1colcdwteres.work.gd/js/vendor/modernizr-2.6.2.min.js IP174.136.231.90:80 ASN#396362 LEASEWEB-USA-NYC
Requested byhttp://colcdwteres.work.gd/
File typeJavaScript source, ASCII text, with very long lines (14756) Hash42306a279a9e831515347ae319181cd1 d069641242e4fe1beb6de8f53a77dd964c98bce0 cf25ec18f223f4c51ce1128a42e644cdc2244d88f89d1a51440d9dbe51f4efe8
Analyzer | Verdict | Alert | urlquery | suspicious | Suspicious - DynDNS domain |
NIDS | Severity | Alert | suricata | medium | ET INFO DYNAMIC_DNS HTTP Request to a *.work .gd Domain |
GET /js/vendor/modernizr-2.6.2.min.js HTTP/1.1
Host: colcdwteres.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://colcdwteres.work.gd/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 09:55:11 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
Last-Modified: Thu, 11 Aug 2016 10:38:52 GMT
ETag: "3c36-539c95f33e700"
Accept-Ranges: bytes
Content-Length: 15414
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
|
|
| colcdwteres.work.gd/css/animate.css | 174.136.231.90 | 200 OK | 74 kB |
URL GET HTTP/1.1colcdwteres.work.gd/css/animate.css IP174.136.231.90:80 ASN#396362 LEASEWEB-USA-NYC
Requested byhttp://colcdwteres.work.gd/
File typeASCII text, with CRLF line terminators Hash3a5e1fcbbef53d830e580efc7b32d0b1 619625d017eadd7f30156ae2237f23ae7cc3b68d 668b90c3bed422fa7ce2453a294ceb2fd81419d2ad13813d53e8501072d79f16
Analyzer | Verdict | Alert | urlquery | suspicious | Suspicious - DynDNS domain |
NIDS | Severity | Alert | suricata | medium | ET INFO DYNAMIC_DNS HTTP Request to a *.work .gd Domain |
GET /css/animate.css HTTP/1.1
Host: colcdwteres.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://colcdwteres.work.gd/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 09:55:11 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
Last-Modified: Thu, 11 Aug 2016 10:38:52 GMT
ETag: "12279-539c95f33e700"
Accept-Ranges: bytes
Content-Length: 74361
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
|
|
| colcdwteres.work.gd/js/bootstrap.min.js | 174.136.231.90 | 200 OK | 29 kB |
URL GET HTTP/1.1colcdwteres.work.gd/js/bootstrap.min.js IP174.136.231.90:80 ASN#396362 LEASEWEB-USA-NYC
Requested byhttp://colcdwteres.work.gd/
File typeJavaScript source, ASCII text, with very long lines (28928) Hashe1d08589ec26bec3a81625ce274d76d9 c6a8a0f02ee0ecd975226ae4b38e9660750d1f93 03bf371e3ca4739cfe6bea61f0126b7cbb94e4713e970651f9acd5acb3d9e399
Analyzer | Verdict | Alert | urlquery | suspicious | Suspicious - DynDNS domain |
NIDS | Severity | Alert | suricata | medium | ET INFO DYNAMIC_DNS HTTP Request to a *.work .gd Domain |
GET /js/bootstrap.min.js HTTP/1.1
Host: colcdwteres.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://colcdwteres.work.gd/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 09:55:11 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
Last-Modified: Thu, 11 Aug 2016 10:38:52 GMT
ETag: "71a9-539c95f33e700"
Accept-Ranges: bytes
Content-Length: 29097
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
|
|
| colcdwteres.work.gd/js/jquery.validate.min.js | 174.136.231.90 | 200 OK | 22 kB |
URL GET HTTP/1.1colcdwteres.work.gd/js/jquery.validate.min.js IP174.136.231.90:80 ASN#396362 LEASEWEB-USA-NYC
Requested byhttp://colcdwteres.work.gd/
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (21445) Hashd7342d64b483db4cdc836047765c07f3 e1085fb6185d0c47ccd1f202d197ba626f017e15 f0f5373ad203101ea91bf826c5a7ef8f7cd74887f06bad2cb9277a504503b9e2
Analyzer | Verdict | Alert | urlquery | suspicious | Suspicious - DynDNS domain |
NIDS | Severity | Alert | suricata | medium | ET INFO DYNAMIC_DNS HTTP Request to a *.work .gd Domain |
GET /js/jquery.validate.min.js HTTP/1.1
Host: colcdwteres.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://colcdwteres.work.gd/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 09:55:11 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
Last-Modified: Thu, 11 Aug 2016 10:38:52 GMT
ETag: "5450-539c95f33e700"
Accept-Ranges: bytes
Content-Length: 21584
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
|
|
| colcdwteres.work.gd/js/jquery.nav.js | 174.136.231.90 | 200 OK | 5.1 kB |
URL GET HTTP/1.1colcdwteres.work.gd/js/jquery.nav.js IP174.136.231.90:80 ASN#396362 LEASEWEB-USA-NYC
Requested byhttp://colcdwteres.work.gd/
File typeJavaScript source, ASCII text Hasha33571eb2591514e45765696e5d92c9f e680863a86670bf2d8e0b1f5b33c267f0ddc5cd1 707a967916ff7ca8411b995ff078ee44fcbb627bbb11f067643f7a6ab7f99806
Analyzer | Verdict | Alert | urlquery | suspicious | Suspicious - DynDNS domain |
NIDS | Severity | Alert | suricata | medium | ET INFO DYNAMIC_DNS HTTP Request to a *.work .gd Domain |
GET /js/jquery.nav.js HTTP/1.1
Host: colcdwteres.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://colcdwteres.work.gd/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 09:55:11 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
Last-Modified: Thu, 11 Aug 2016 10:38:52 GMT
ETag: "1412-539c95f33e700"
Accept-Ranges: bytes
Content-Length: 5138
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
|
|
| colcdwteres.work.gd/js/vendor/jquery-1.10.2.min.js | 174.136.231.90 | 200 OK | 93 kB |
URL GET HTTP/1.1colcdwteres.work.gd/js/vendor/jquery-1.10.2.min.js IP174.136.231.90:80 ASN#396362 LEASEWEB-USA-NYC
Requested byhttp://colcdwteres.work.gd/
File typeJavaScript source, ASCII text, with very long lines (32072) Hash628072e7212db1e8cdacb22b21752cda 0511abe9863c2ea7084efa7e24d1d86c5b3974f1 0ba081f546084bd5097aa8a73c75931d5aa1fc4d6e846e53c21f98e6a1509988
Analyzer | Verdict | Alert | urlquery | suspicious | Suspicious - DynDNS domain |
NIDS | Severity | Alert | suricata | medium | ET INFO DYNAMIC_DNS HTTP Request to a *.work .gd Domain |
GET /js/vendor/jquery-1.10.2.min.js HTTP/1.1
Host: colcdwteres.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://colcdwteres.work.gd/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 09:55:11 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
Last-Modified: Thu, 11 Aug 2016 10:38:52 GMT
ETag: "16bb3-539c95f33e700"
Accept-Ranges: bytes
Content-Length: 93107
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
|
|
| fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh7USSwiPGQ.woff2 | 216.58.207.227 | 200 OK | 23 kB |
URL GET HTTP/1.1fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh7USSwiPGQ.woff2 IP216.58.207.227:80
Requested byhttp://colcdwteres.work.gd/
File typeWeb Open Font Format (Version 2), TrueType, length 23236, version 1.0 Hash716309aab2bca045f9627f63ad79d0bf 38804233a29aaf975d557fe14e762c627bef76e0 115f6a626ca115d4ad5581b59275327e0e860b30330a52b0f785561332dd2429
GET /s/lato/v24/S6u9w4BMUTPHh7USSwiPGQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://colcdwteres.work.gd
DNT: 1
Connection: keep-alive
Referer: http://fonts.googleapis.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 23236
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 13 Apr 2024 07:04:29 GMT
Expires: Sun, 13 Apr 2025 07:04:29 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Tue, 02 May 2023 15:08:26 GMT
Content-Type: font/woff2
Age: 442242
|
|
| colcdwteres.work.gd/js/owl.carousel.min.js | 174.136.231.90 | 200 OK | 40 kB |
URL GET HTTP/1.1colcdwteres.work.gd/js/owl.carousel.min.js IP174.136.231.90:80 ASN#396362 LEASEWEB-USA-NYC
Requested byhttp://colcdwteres.work.gd/
File typeJavaScript source, ASCII text, with very long lines (32068) Hashffaa3c82ad2c6e216e68aca44746e1be 2fa7c468110fa68f1f3df6718daf971871623ee9 83553d22ccd56e5576d544f6ba93475c712b3c02d312893eea2acc16de5fcf91
Analyzer | Verdict | Alert | urlquery | suspicious | Suspicious - DynDNS domain |
NIDS | Severity | Alert | suricata | medium | ET INFO DYNAMIC_DNS HTTP Request to a *.work .gd Domain |
GET /js/owl.carousel.min.js HTTP/1.1
Host: colcdwteres.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://colcdwteres.work.gd/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 09:55:11 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
Last-Modified: Thu, 11 Aug 2016 10:38:52 GMT
ETag: "9dd1-539c95f33e700"
Accept-Ranges: bytes
Content-Length: 40401
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
|
|
| fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2 | 216.58.207.227 | 200 OK | 24 kB |
URL GET HTTP/1.1fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2 IP216.58.207.227:80
Requested byhttp://colcdwteres.work.gd/
File typeWeb Open Font Format (Version 2), TrueType, length 23580, version 1.0 Hashe1b3b5908c9cf23dfb2b9c52b9a023ab fcd4136085f2a03481d9958cc6793a5ed98e714c 918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
GET /s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://colcdwteres.work.gd
DNT: 1
Connection: keep-alive
Referer: http://fonts.googleapis.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 23580
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Thu, 11 Apr 2024 17:34:47 GMT
Expires: Fri, 11 Apr 2025 17:34:47 GMT
Cache-Control: public, max-age=31536000
Age: 577224
Last-Modified: Tue, 02 May 2023 15:17:22 GMT
Content-Type: font/woff2
|
|
| fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ.woff2 | 216.58.207.227 | 200 OK | 23 kB |
URL GET HTTP/1.1fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ.woff2 IP216.58.207.227:80
Requested byhttp://colcdwteres.work.gd/
File typeWeb Open Font Format (Version 2), TrueType, length 23040, version 1.0 Hashde69cf9e514df447d1b0bb16f49d2457 2ac78601179c3a63ba3f3f3081556b12ddcaf655 c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49
GET /s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://colcdwteres.work.gd
DNT: 1
Connection: keep-alive
Referer: http://fonts.googleapis.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 23040
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Thu, 18 Apr 2024 03:02:53 GMT
Expires: Fri, 18 Apr 2025 03:02:53 GMT
Cache-Control: public, max-age=31536000
Age: 24738
Last-Modified: Tue, 02 May 2023 15:07:25 GMT
Content-Type: font/woff2
|
|
| colcdwteres.work.gd/js/jquery.sticky.js | 174.136.231.90 | 200 OK | 5.7 kB |
URL GET HTTP/1.1colcdwteres.work.gd/js/jquery.sticky.js IP174.136.231.90:80 ASN#396362 LEASEWEB-USA-NYC
Requested byhttp://colcdwteres.work.gd/
File typeJavaScript source, ASCII text Hash1207f10dca0217442912cb14dfcac518 341a3c047fbb6916ef9f27026c239682286acea4 e2625c28848cbca930c42cf94c85201372302f87978932e468d75466addc23e6
Analyzer | Verdict | Alert | urlquery | suspicious | Suspicious - DynDNS domain |
NIDS | Severity | Alert | suricata | medium | ET INFO DYNAMIC_DNS HTTP Request to a *.work .gd Domain |
GET /js/jquery.sticky.js HTTP/1.1
Host: colcdwteres.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://colcdwteres.work.gd/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 09:55:11 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
Last-Modified: Thu, 11 Aug 2016 10:38:52 GMT
ETag: "1616-539c95f33e700"
Accept-Ranges: bytes
Content-Length: 5654
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
|
|
| colcdwteres.work.gd/js/plugins.js | 174.136.231.90 | 200 OK | 733 B |
URL GET HTTP/1.1colcdwteres.work.gd/js/plugins.js IP174.136.231.90:80 ASN#396362 LEASEWEB-USA-NYC
Requested byhttp://colcdwteres.work.gd/
File typeJavaScript source, ASCII text Hashe2679049e95a7201b815c3cf004aefc4 ea250a66815d0665a9b5677991eaaba789bfc125 267f86b986829cb9a3c46b9fcdbc56783bb923005ba5ef5b27efce504e72ecfa
Analyzer | Verdict | Alert | urlquery | suspicious | Suspicious - DynDNS domain |
NIDS | Severity | Alert | suricata | medium | ET INFO DYNAMIC_DNS HTTP Request to a *.work .gd Domain |
GET /js/plugins.js HTTP/1.1
Host: colcdwteres.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://colcdwteres.work.gd/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 09:55:11 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
Last-Modified: Thu, 11 Aug 2016 10:38:52 GMT
ETag: "2dd-539c95f33e700"
Accept-Ranges: bytes
Content-Length: 733
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
|
|
| colcdwteres.work.gd/js/jquery.form.js | 174.136.231.90 | 200 OK | 39 kB |
URL GET HTTP/1.1colcdwteres.work.gd/js/jquery.form.js IP174.136.231.90:80 ASN#396362 LEASEWEB-USA-NYC
Requested byhttp://colcdwteres.work.gd/
File typeJavaScript source, ASCII text Hash529b65010afdc2aac6389b647908f5b8 96828fd4ab8a75a96338df88f986b36c7e754fef 800c1c83a86f7fe665ac6d49c6370e2f045f70f5c7859ef4a0e686b4759e46b3
Analyzer | Verdict | Alert | urlquery | suspicious | Suspicious - DynDNS domain |
NIDS | Severity | Alert | suricata | medium | ET INFO DYNAMIC_DNS HTTP Request to a *.work .gd Domain |
GET /js/jquery.form.js HTTP/1.1
Host: colcdwteres.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://colcdwteres.work.gd/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 09:55:11 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
Last-Modified: Thu, 11 Aug 2016 10:38:52 GMT
ETag: "9944-539c95f33e700"
Accept-Ranges: bytes
Content-Length: 39236
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
|
|
| code.ionicframework.com/ionicons/2.0.1/fonts/ionicons.ttf?v=2.0.1 | 104.26.7.173 | 200 OK | 110 kB |
URL GET HTTP/1.1code.ionicframework.com/ionicons/2.0.1/fonts/ionicons.ttf?v=2.0.1 IP104.26.7.173:80
Requested byhttp://colcdwteres.work.gd/
File typeTrueType Font data, 15 tables, 1st "FFTM", 14 names, Macintosh Size110 kB (110019 bytes) Hashdd4781d1acc57ba4c4808d1b44301201 956116ebe4b3a315b1a43009567e6f8ad0a9a720 5e700835ec05293a3d0f9e354e7d038319d34521cd279e782198dff6d1dd58f2
GET /ionicons/2.0.1/fonts/ionicons.ttf?v=2.0.1 HTTP/1.1
Host: code.ionicframework.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://colcdwteres.work.gd
DNT: 1
Connection: keep-alive
Referer: http://code.ionicframework.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 09:55:12 GMT
Content-Type: font/ttf
Content-Length: 110019
Connection: keep-alive
Last-Modified: Thu, 13 Apr 2023 16:20:19 GMT
Access-Control-Allow-Origin: *
ETag: W/"64382bc3-2e05c"
expires: Thu, 18 Apr 2024 05:27:58 GMT
Cache-Control: max-age=31536000
Content-Encoding: gzip
x-proxy-cache: HIT
X-GitHub-Request-Id: EE36:2C0AE3:4FB3E47:5181D53:6620ADF1
Via: 1.1 varnish
X-Served-By: cache-osl6524-OSL
X-Cache: HIT
X-Cache-Hits: 0
X-Timer: S1713434112.900894,VS0,VE101
Vary: Accept-Encoding
X-Fastly-Request-ID: f8d8024bd38ef9a4a25498ffd7a47c5c7188f729
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tbYOKQt4Pma7kqXJS5ffVgymEXcfaDDEWU0L2rVmxZq%2FDLf5s2Ld%2FfgLMzjGyMXWKJ2SUEQBrGWn5eziIKLz86CXSyDk6CyVYYAvF213qO0PQ5V6OSkFUyVCCbj9wO8VAcLOKRlTjWQ%2B"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8763c71f4c2356bf-OSL
alt-svc: h2=":443"; ma=60
|
|
| colcdwteres.work.gd/js/wow.min.js | 174.136.231.90 | 200 OK | 8.2 kB |
URL GET HTTP/1.1colcdwteres.work.gd/js/wow.min.js IP174.136.231.90:80 ASN#396362 LEASEWEB-USA-NYC
Requested byhttp://colcdwteres.work.gd/
File typeJavaScript source, ASCII text, with very long lines (8152), with CRLF line terminators Hashed4b12ef0f7e4bf5d5ff3555d18718cb 258fa26dec8fcf4769d49eaca6712ef56923673e 3162b6468674133d7b6c903e4b8a06f7faf51216d1e7f8b3edc8f326b1bfe461
Analyzer | Verdict | Alert | urlquery | suspicious | Suspicious - DynDNS domain |
NIDS | Severity | Alert | suricata | medium | ET INFO DYNAMIC_DNS HTTP Request to a *.work .gd Domain |
GET /js/wow.min.js HTTP/1.1
Host: colcdwteres.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://colcdwteres.work.gd/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 09:55:11 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
Last-Modified: Thu, 11 Aug 2016 10:38:52 GMT
ETag: "1ff7-539c95f33e700"
Accept-Ranges: bytes
Content-Length: 8183
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
|
|
| colcdwteres.work.gd/js/main.js | 174.136.231.90 | 200 OK | 4.9 kB |
URL GET HTTP/1.1colcdwteres.work.gd/js/main.js IP174.136.231.90:80 ASN#396362 LEASEWEB-USA-NYC
Requested byhttp://colcdwteres.work.gd/
File typeJavaScript source, ASCII text, with very long lines (624) Hash8a7f1358e65bad790f1f1c24da310aea aa44e2bb61cdbc57271759d77d4b7803e1ef95a0 bd6808f1443357a7c2208297567f99f4a8ba54a538d0283e105721e42b40ddbc
Analyzer | Verdict | Alert | urlquery | suspicious | Suspicious - DynDNS domain |
NIDS | Severity | Alert | suricata | medium | ET INFO DYNAMIC_DNS HTTP Request to a *.work .gd Domain |
GET /js/main.js HTTP/1.1
Host: colcdwteres.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://colcdwteres.work.gd/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 09:55:11 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
Last-Modified: Thu, 08 Aug 2019 14:49:46 GMT
ETag: "12f3-58f9c2b333680"
Accept-Ranges: bytes
Content-Length: 4851
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
|
|
| colcdwteres.work.gd/images/logo.png | 174.136.231.90 | 200 OK | 2.9 kB |
URL GET HTTP/1.1colcdwteres.work.gd/images/logo.png IP174.136.231.90:80 ASN#396362 LEASEWEB-USA-NYC
Requested byhttp://colcdwteres.work.gd/
File typePNG image data, 120 x 41, 8-bit/color RGBA, non-interlaced Hashf1cedb063e892e4a6fc28debab3991d3 7aaa53e578ee41eaa3386f4ba46d1b743cac33a7 cafcc94334619aa80a69e0f636d141a077a6637baa5d1c91a1c69754e103ad29
Analyzer | Verdict | Alert | urlquery | suspicious | Suspicious - DynDNS domain |
NIDS | Severity | Alert | suricata | medium | ET INFO DYNAMIC_DNS HTTP Request to a *.work .gd Domain |
GET /images/logo.png HTTP/1.1
Host: colcdwteres.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://colcdwteres.work.gd/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 09:55:11 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
Last-Modified: Thu, 11 Aug 2016 10:38:52 GMT
ETag: "b67-539c95f33e700"
Accept-Ranges: bytes
Content-Length: 2919
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png
|
|
| colcdwteres.work.gd/images/about/1.jpg | 174.136.231.90 | 200 OK | 51 kB |
URL GET HTTP/1.1colcdwteres.work.gd/images/about/1.jpg IP174.136.231.90:80 ASN#396362 LEASEWEB-USA-NYC
Requested byhttp://colcdwteres.work.gd/
File typeJPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 677x448, components 3 Hash2665cd813006e24a2a6ae8c2f712cd54 da891a3ffd405924b416c0baddaa8ba120f87fb8 7b648a032b5291681b1c74bf00403374e6954f08ef8e1e691c5d26bcd950dc3e
Analyzer | Verdict | Alert | urlquery | suspicious | Suspicious - DynDNS domain |
NIDS | Severity | Alert | suricata | medium | ET INFO DYNAMIC_DNS HTTP Request to a *.work .gd Domain |
GET /images/about/1.jpg HTTP/1.1
Host: colcdwteres.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://colcdwteres.work.gd/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 09:55:11 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
Last-Modified: Thu, 11 Aug 2016 10:38:52 GMT
ETag: "c8c7-539c95f33e700"
Accept-Ranges: bytes
Content-Length: 51399
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/jpeg
|
|
| colcdwteres.work.gd/images/call-to-action.jpg | 174.136.231.90 | 200 OK | 43 kB |
URL GET HTTP/1.1colcdwteres.work.gd/images/call-to-action.jpg IP174.136.231.90:80 ASN#396362 LEASEWEB-USA-NYC
Requested byhttp://colcdwteres.work.gd/
File typeJPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1300x244, components 3 Hash1e9c6392580fd69806cb33c660db4400 4390b6bb6ef3defa933440bfb724154fd3a86736 38095634a28976784e0261cb081847145b97c910b510b86ead6e46c7abf71435
Analyzer | Verdict | Alert | urlquery | suspicious | Suspicious - DynDNS domain |
NIDS | Severity | Alert | suricata | medium | ET INFO DYNAMIC_DNS HTTP Request to a *.work .gd Domain |
GET /images/call-to-action.jpg HTTP/1.1
Host: colcdwteres.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://colcdwteres.work.gd/css/main.css
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 09:55:11 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
Last-Modified: Thu, 11 Aug 2016 10:38:52 GMT
ETag: "a641-539c95f33e700"
Accept-Ranges: bytes
Content-Length: 42561
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/jpeg
|
|
| colcdwteres.work.gd/images/about/2.jpg | 174.136.231.90 | 200 OK | 35 kB |
URL GET HTTP/1.1colcdwteres.work.gd/images/about/2.jpg IP174.136.231.90:80 ASN#396362 LEASEWEB-USA-NYC
Requested byhttp://colcdwteres.work.gd/
File typeJPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 677x448, components 3 Hash0469883b7145c611a0c8e6b35c36c47a 5968d37e9b010abce7310ea7f1269f5a86a3bb8b ac159666c682b3bb62b42ef7c40e5a8d4cac710023c8fa9cef3a2904ad21e0ae
Analyzer | Verdict | Alert | urlquery | suspicious | Suspicious - DynDNS domain |
NIDS | Severity | Alert | suricata | medium | ET INFO DYNAMIC_DNS HTTP Request to a *.work .gd Domain |
GET /images/about/2.jpg HTTP/1.1
Host: colcdwteres.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://colcdwteres.work.gd/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 09:55:11 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
Last-Modified: Thu, 11 Aug 2016 10:38:52 GMT
ETag: "889e-539c95f33e700"
Accept-Ranges: bytes
Content-Length: 34974
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/jpeg
|
|
| colcdwteres.work.gd/images/about/3.jpg | 174.136.231.90 | 200 OK | 20 kB |
URL GET HTTP/1.1colcdwteres.work.gd/images/about/3.jpg IP174.136.231.90:80 ASN#396362 LEASEWEB-USA-NYC
Requested byhttp://colcdwteres.work.gd/
File typeJPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 677x448, components 3 Hash013f04fd325d58987e2c4e08e932520d b0a8fce45b78e22ec107795c8d17d201330c10c6 c949f61bddcf29f511f03c50ec73191ff88b9349ede7a1439aaaa98488d535ba
Analyzer | Verdict | Alert | urlquery | suspicious | Suspicious - DynDNS domain |
NIDS | Severity | Alert | suricata | medium | ET INFO DYNAMIC_DNS HTTP Request to a *.work .gd Domain |
GET /images/about/3.jpg HTTP/1.1
Host: colcdwteres.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://colcdwteres.work.gd/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 09:55:11 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
Last-Modified: Thu, 11 Aug 2016 10:38:52 GMT
ETag: "4c50-539c95f33e700"
Accept-Ranges: bytes
Content-Length: 19536
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/jpeg
|
|
| colcdwteres.work.gd/images/logo-2.png | 174.136.231.90 | 200 OK | 3.1 kB |
URL GET HTTP/1.1colcdwteres.work.gd/images/logo-2.png IP174.136.231.90:80 ASN#396362 LEASEWEB-USA-NYC
Requested byhttp://colcdwteres.work.gd/
File typePNG image data, 120 x 41, 8-bit/color RGBA, non-interlaced Hash34313a55d45b5d3dc82e66375ba40959 4c069abfa6830afc1f3bdcac91a578305bf724ff 1d852dd760d6559755a02a425f4c04eb324c5527aa7399a5caebdcbdc440fe63
Analyzer | Verdict | Alert | urlquery | suspicious | Suspicious - DynDNS domain |
NIDS | Severity | Alert | suricata | medium | ET INFO DYNAMIC_DNS HTTP Request to a *.work .gd Domain |
GET /images/logo-2.png HTTP/1.1
Host: colcdwteres.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://colcdwteres.work.gd/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 09:55:11 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
Last-Modified: Thu, 11 Aug 2016 10:38:52 GMT
ETag: "c30-539c95f33e700"
Accept-Ranges: bytes
Content-Length: 3120
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png
|
|
| maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true | 142.250.74.170 | 200 OK | 23 B |
URL GET HTTP/3maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true IP142.250.74.170:443
Requested byhttp://colcdwteres.work.gd/ CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint47:5A:64:7D:9F:47:34:07:31:91:97:F7:04:42:7A:D5:EA:AD:07:4E ValidityMon, 04 Mar 2024 07:16:44 GMT - Mon, 27 May 2024 07:16:43 GMT
Hash8a80554c91d9fca8acb82f023de02f11 5f36b2ea290645ee34d943220a14b54ee5ea5be5 ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
GET /maps/api/mapsjs/gen_204?csp_test=true HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://colcdwteres.work.gd
DNT: 1
Connection: keep-alive
Referer: http://colcdwteres.work.gd/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/json; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Thu, 18 Apr 2024 09:55:12 GMT
server: scaffolding on HTTPServer2
cache-control: private
content-length: 23
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: http://colcdwteres.work.gd
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| colcdwteres.work.gd/favicon.ico | 174.136.231.90 | 200 OK | 766 B |
URL GET HTTP/1.1colcdwteres.work.gd/favicon.ico IP174.136.231.90:80 ASN#396362 LEASEWEB-USA-NYC
Requested byhttp://colcdwteres.work.gd/
File typeMS Windows icon resource - 1 icon, 32x32, 16 colors, 4 bits/pixel Hash338abbb5ea8d80b9869555eca253d49d 63e4879d10467b4bc481a208c3a64649242a1420 36a6f4ba02692dd0d4f25aa288e598a8f36d5e1a18513f0bdbbc0ada9f5b729d
Analyzer | Verdict | Alert | urlquery | suspicious | Suspicious - DynDNS domain |
NIDS | Severity | Alert | suricata | medium | ET INFO DYNAMIC_DNS HTTP Request to a *.work .gd Domain |
GET /favicon.ico HTTP/1.1
Host: colcdwteres.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://colcdwteres.work.gd/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 09:55:11 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
Last-Modified: Thu, 11 Aug 2016 10:38:52 GMT
ETag: "2fe-539c95f33e700"
Accept-Ranges: bytes
Content-Length: 766
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/vnd.microsoft.icon
|
|
| maps.googleapis.com/maps-api-v3/api/js/56/8/util.js | 142.250.74.170 | 200 OK | 57 kB |
URL GET HTTP/3maps.googleapis.com/maps-api-v3/api/js/56/8/util.js IP142.250.74.170:443
Requested byhttp://colcdwteres.work.gd/ CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint47:5A:64:7D:9F:47:34:07:31:91:97:F7:04:42:7A:D5:EA:AD:07:4E ValidityMon, 04 Mar 2024 07:16:44 GMT - Mon, 27 May 2024 07:16:43 GMT
File typeJavaScript source, ASCII text, with very long lines (562) Hash6cc4537f5b0fb2554830940d2ef390c1 deae273e7dca2c26ffb13cd11c32280462fc351e c2f957bdab42c74b2dfa9f67e6fb1866edb41034f319d84ca185e5c0f1985f58
GET /maps-api-v3/api/js/56/8/util.js HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://colcdwteres.work.gd/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-length: 57059
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 17 Apr 2024 17:31:06 GMT
expires: Thu, 17 Apr 2025 17:31:06 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 08 Apr 2024 17:51:59 GMT
content-type: text/javascript
vary: Accept-Encoding, Origin
age: 59051
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| maps.googleapis.com/maps-api-v3/api/js/56/8/common.js | 142.250.74.170 | 200 OK | 57 kB |
URL GET HTTP/3maps.googleapis.com/maps-api-v3/api/js/56/8/common.js IP142.250.74.170:443
Requested byhttp://colcdwteres.work.gd/ CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint47:5A:64:7D:9F:47:34:07:31:91:97:F7:04:42:7A:D5:EA:AD:07:4E ValidityMon, 04 Mar 2024 07:16:44 GMT - Mon, 27 May 2024 07:16:43 GMT
File typeJavaScript source, ASCII text, with very long lines (6747) Hash418ecbb83c2df2a704fdec98cba736bf 0b0535ebe27dfcef7437bc75cf33648c61be3dbe cf0c03bd0efee39705d10989e116ce08d2810c4ed1b578b6451dd26a34beede5
GET /maps-api-v3/api/js/56/8/common.js HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://colcdwteres.work.gd/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-length: 57388
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 17 Apr 2024 17:31:06 GMT
expires: Thu, 17 Apr 2025 17:31:06 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 08 Apr 2024 17:51:59 GMT
content-type: text/javascript
vary: Accept-Encoding, Origin
age: 59051
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| colcdwteres.work.gd/img/header-overlay.png | 0.0.0.0 | | 0 B |
URL GET colcdwteres.work.gd/img/header-overlay.png IP0.0.0.0:0
Requested byhttp://colcdwteres.work.gd/
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | urlquery | suspicious | Suspicious - DynDNS domain |
NIDS | Severity | Alert | suricata | medium | ET INFO DYNAMIC_DNS HTTP Request to a *.work .gd Domain |
GET /img/header-overlay.png HTTP/1.1
Host: colcdwteres.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://colcdwteres.work.gd/css/main.css
Pragma: no-cache
Cache-Control: no-cache
|
|