Report - www.gwenet.org/office/

Report Overview

Visited public
2024-07-04 09:18:11
Tags
URL
www.gwenet.org/office/
Finishing URL
www.gwenet.org/office/
IP / ASN
66.175.58.9
#30447 INFB2-AS
Title
Sign in to your account

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.gwenet.org	unknown	2006-11-28	2017-01-20 14:50:56	2018-05-26 03:57:40	3.7 kB	218 kB	66.175.58.9
secure.aadcdn.microsoftonline-p.com	11744	2010-07-13	2012-09-28 18:15:01	2024-07-02 19:09:36	2.6 kB	232 kB	13.107.246.53
portal.microsoftonline.com	26424	2002-07-09	2014-01-23 12:20:42	2024-06-29 18:16:40	1.1 kB	3.6 kB	13.107.6.156
count.carrierzone.com	74556	2004-07-21	2012-06-29 22:07:04	2024-06-26 06:45:32	1.2 kB	37 kB	66.175.41.113
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-07-02 18:12:35	1.6 kB	4.4 kB	23.36.77.32

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-07-04 09:17:45	medium	66.175.58.9	Client IP	ET INFO TLS Handshake Failure
2024-07-04 09:17:56	medium	66.175.58.9	Client IP	ET PHISHING Office 365 Phishing Landing 2018-01-18

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-07-03	medium	www.gwenet.org/office/	Outlook

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-07-04	medium	gwenet.org	Sinkholed
2024-07-04	medium	gwenet.org	Sinkholed
2024-07-04	medium	gwenet.org	Sinkholed
2024-07-04	medium	gwenet.org	Sinkholed
2024-07-04	medium	gwenet.org	Sinkholed
2024-07-04	medium	gwenet.org	Sinkholed
2024-07-04	medium	gwenet.org	Sinkholed
2024-07-04	medium	gwenet.org	Sinkholed
2024-07-04	medium	gwenet.org	Sinkholed

ThreatFox

No alerts detected

JavaScript (12)

	URL	From	Size	First Seen	Last Seen
	count.carrierzone.com/app/count_server/count.js	ScriptElement	36 kB	2023-03-07	2025-06-25
Pretty URL count.carrierzone.com/app/count_server/count.js IP 66.175.41.113 ASN #30447 INFB2-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:12 Last Seen2025-06-25 05:05 Times Seen736 Hash 853f44f8a3814f75cd4556fbdcbe5d26 b3bb2ffd8dda9cf07a163a754595e57678a9f9b8 f418e6b5416f03cbc22b24f481582e2d55ee0f7ca6989c562b59f12c9229214e Loading...

	www.gwenet.org/office/	ScriptElement	2.1 kB	2023-03-12	2025-06-02
Pretty URL www.gwenet.org/office/ IP 66.175.58.9 ASN #30447 INFB2-AS Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-12 11:51 Last Seen2025-06-02 11:56 Times Seen15 Hash f47af0f815c8dcdcad584bc33834d581 97bd57e396916cd8cbb9af78c9e1b14e326445fd 719a46da7730bc699dc101eef01ffe1dc04257e98f2775790ecc3a8003c2b924 Loading...

	www.gwenet.org/office/index_files/jquery.js	ScriptElement	110 kB	2023-03-12	2025-06-02
Pretty URL www.gwenet.org/office/index_files/jquery.js IP 66.175.58.9 ASN #30447 INFB2-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 11:51 Last Seen2025-06-02 11:56 Times Seen15 Hash 2eb3a7b0a6c1851059ab42a2c56f9245 f3ad40d5e9ad9c9c851d336ffb9a6b4ec4a9d6a1 d9c500706bcdb6d8e2ba4de1a6ea3d30d87417b79aa26e51fa2b9b9f4ff37e5f Loading...

	www.gwenet.org/office/	ScriptElement	5.4 kB	2023-03-12	2025-06-02
Pretty URL www.gwenet.org/office/ IP 66.175.58.9 ASN #30447 INFB2-AS Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-12 11:51 Last Seen2025-06-02 11:56 Times Seen15 Hash d32640eede8f3800c7c3988529e5ba4e ea66932c36dff91edce89806152ff243b70580da 6cb5b61c0755bb1d0668c9dfaca6f50f9bfa6059ec90512812a54577db2b88a1 Loading...

	www.gwenet.org/office/	ScriptElement	1.9 kB	2023-03-12	2025-06-02
Pretty URL www.gwenet.org/office/ IP 66.175.58.9 ASN #30447 INFB2-AS Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-12 11:51 Last Seen2025-06-02 11:56 Times Seen15 Hash d3dacb92a72f3530216e7939e6722d92 67464f83387b2f52c3298e3f6a6d895feac6fa3b d238afaf0da58279d0b20f65313bdf8baefb2f18e2d0e77d40901eefe9869264 Loading...

	www.gwenet.org/office/	ScriptElement	177 B	2023-03-07	2025-06-02
Pretty URL www.gwenet.org/office/ IP 66.175.58.9 ASN #30447 INFB2-AS Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 13:14 Last Seen2025-06-02 11:56 Times Seen21 Hash 171689a56a95833de5d93f596d7913f9 5328ecba9a83f908a49e500f7e0a7052eaf9641a abeea754eeec5763bfe49c72f1d98b0e1e4f72d457caec81e5ffa34c3eb13955 Loading...

	www.gwenet.org/office/	ScriptElement	355 B	2023-03-07	2025-06-02
Pretty URL www.gwenet.org/office/ IP 66.175.58.9 ASN #30447 INFB2-AS Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 13:14 Last Seen2025-06-02 11:56 Times Seen17 Hash 2f827a310f7d0c03384d93c07455494e da877af9aa12c9aa7f70a7430b19f147f7c212ba 9c6c9b2f0685c66a7832626f3e79656123d25363a4ed8c8dc0478f7828e77c54 Loading...

	secure.aadcdn.microsoftonline-p.com/ests/2.1.5623.13/content/cdnbundles/watson.min.js	ScriptElement	9.6 kB	2023-03-12	2025-05-02
Pretty URL secure.aadcdn.microsoftonline-p.com/ests/2.1.5623.13/content/cdnbundles/watson.min.js IP 13.107.246.53 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 11:51 Last Seen2025-05-02 10:53 Times Seen14 Hash d445b7e1295e81edfea7a444d0815766 8749c1e1facfb05bc045fc9685343421232bd821 9b5900571285ad0f6198cbf9fe92d81e9c5ed6f49cfd816d2a762d64d6ab6e14 Loading...

	www.gwenet.org/office/	ScriptElement	1.3 kB	2023-03-12	2025-06-02
Pretty URL www.gwenet.org/office/ IP 66.175.58.9 ASN #30447 INFB2-AS Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-12 11:51 Last Seen2025-06-02 11:56 Times Seen15 Hash 61712e97963f97dd1067f4b134c37a54 81e0a9fea8ec5b8b3e4dff1046b5c130b81ce171 1bd187532dce11b10eb57350a2b47737a0a0885844331f34a328f4882147015f Loading...

	www.gwenet.org/office/	ScriptElement	273 B	2023-03-12	2025-06-02
Pretty URL www.gwenet.org/office/ IP 66.175.58.9 ASN #30447 INFB2-AS Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-12 11:51 Last Seen2025-06-02 11:56 Times Seen15 Hash 29652b793b50fd2aa511423870a5632c ec1087e6ecc5d80b381205462a493f2d1a5e2189 7e3520e20f1bdfcf564b9fbf68307d0e6518083a332d966aba7aaa0c79e06d43 Loading...

	www.gwenet.org/office/	ScriptElement	9.1 kB	2023-08-09	2025-06-02
Pretty URL www.gwenet.org/office/ IP 66.175.58.9 ASN #30447 INFB2-AS Introduced by scriptElement Embedded in HTML true Observations First Seen2023-08-09 13:06 Last Seen2025-06-02 11:56 Times Seen15 Hash 583f5806e4bc99826e37cfe578c1c0a2 ffbd1e49857df3e50b92d3f947d89e5a875e196b 8fb4492405925ae9f9079113cc23fc4471b93b9d0a94b87e44e94501d3abb951 Loading...

	www.gwenet.org/office/index_files/aad.js	ScriptElement	178 kB	2023-03-12	2025-06-02
Pretty URL www.gwenet.org/office/index_files/aad.js IP 66.175.58.9 ASN #30447 INFB2-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 11:51 Last Seen2025-06-02 11:56 Times Seen15 Hash 4fa268d5372c8376637ad7b235f3c9c5 39163b7bdac7f082f63a00fd3ced5ddccfc8cb26 d422d055fc7e99b9a2356023659180e91ee818697425f9f488a103a9c10b38e6 Loading...

HTTP Transactions (23)

URL IP Response Size

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
957cd8e6bd774045d4cab550ce76f80a
d06d4246273e9ba4fba69494038c77f5c53aadb6
e4778c960b009c229dbb555ff7679b6d245d6f7111fd66fd5c514847b06acdbb

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "E4778C960B009C229DBB555FF7679B6D245D6F7111FD66FD5C514847B06ACDBB"
Last-Modified: Wed, 03 Jul 2024 01:53:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10895
Expires: Thu, 04 Jul 2024 12:19:19 GMT
Date: Thu, 04 Jul 2024 09:17:44 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
b8ee6ca153df6819132dd5d8a6ba5c76
0ed0f0f631777272bd71ba23719e71695c9d95e1
bdca7ce7bb6febd6a6afb56a828cf4422c1a8971524484e8128cafad8e6b3367

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "BDCA7CE7BB6FEBD6A6AFB56A828CF4422C1A8971524484E8128CAFAD8E6B3367"
Last-Modified: Tue, 02 Jul 2024 11:47:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15081
Expires: Thu, 04 Jul 2024 13:29:06 GMT
Date: Thu, 04 Jul 2024 09:17:45 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
29a90370a62299ab28dd09d9bb017b64
54e136495ccb82671708b41981735ca7b384c63f
af9ff8700281064d12b8237fa5350720f4c67756063b971777a353aee916bc59

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "AF9FF8700281064D12B8237FA5350720F4C67756063B971777A353AEE916BC59"
Last-Modified: Tue, 02 Jul 2024 04:21:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20157
Expires: Thu, 04 Jul 2024 14:53:42 GMT
Date: Thu, 04 Jul 2024 09:17:45 GMT
Connection: keep-alive

GET www.gwenet.org/office/

66.175.58.9

200 OK

12 kB

URL User Request GET HTTP/1.1
www.gwenet.org/office/
IP
66.175.58.9:80
ASN
#30447 INFB2-AS

File type
HTML document, Unicode text, UTF-8 text, with very long lines (5403), with CRLF, LF line terminators
Size
12 kB (12504 bytes)
Hash
15f76c1d2bdd24c7336986dc815f535b
3b693d7e6673a694b45ec3b914729f1b582bfe37
b0db1f296444aebe3a63778e7c7ceb68d90abb4a8583538649c392479f11322e

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Outlook
Quad9 DNS	malicious	Sinkholed

NIDS	Severity	Alert
suricata	medium	ET PHISHING Office 365 Phishing Landing 2018-01-18

HTTP Headers

GET /office/ HTTP/1.1
Host: www.gwenet.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 04 Jul 2024 09:17:45 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 12 May 2020 12:04:42 GMT
Content-Encoding: gzip

GET www.gwenet.org/office/index_files/login_hover.css

66.175.58.9

200 OK

89 B

URL GET HTTP/1.1
www.gwenet.org/office/index_files/login_hover.css
IP
66.175.58.9:80
ASN
#30447 INFB2-AS

Requested by
http://www.gwenet.org/office/

File type
ASCII text, with no line terminators
Size
89 B (89 bytes)
Hash
2c957834356b9ca6570167adec33573f
0f050c79a457d9917669bd311d4f5116c3aba99b
91c2b74542e11d0278e02715a980b39582eae2e3b519ddd2d4f9ca939e58109c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /office/index_files/login_hover.css HTTP/1.1
Host: www.gwenet.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.gwenet.org/office/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 04 Jul 2024 09:17:46 GMT
Content-Type: text/css
Content-Length: 89
Connection: keep-alive
Last-Modified: Sat, 11 Mar 2017 12:45:10 GMT
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000

GET www.gwenet.org/office/index_files/login.css

66.175.58.9

200 OK

4.8 kB

URL GET HTTP/1.1
www.gwenet.org/office/index_files/login.css
IP
66.175.58.9:80
ASN
#30447 INFB2-AS

Requested by
http://www.gwenet.org/office/

File type
ASCII text, with very long lines (21545), with no line terminators
Size
4.8 kB (4774 bytes)
Hash
260a7572c25e2d1ff2775d1aa0ee94fe
34af1af4f0acbf6cb952bd596a19c5048bb0481f
b5ea0ffbe39f577651336a1aba7746881cf235b9f7ccc1c51b151162b3da4feb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /office/index_files/login.css HTTP/1.1
Host: www.gwenet.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.gwenet.org/office/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 04 Jul 2024 09:17:46 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sat, 11 Mar 2017 12:45:10 GMT
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip

GET secure.aadcdn.microsoftonline-p.com/ests/2.1.5623.13/content/cdnbundles/login_hover.min.css

13.107.246.53

200 OK

82 B

URL GET HTTP/2
secure.aadcdn.microsoftonline-p.com/ests/2.1.5623.13/content/cdnbundles/login_hover.min.css
IP
13.107.246.53:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
http://www.gwenet.org/office/
Certificate
IssuerMicrosoft Corporation
Subjectsecure.aadcdn.microsoftonline-p.com
FingerprintD0:B8:E6:E8:91:3A:47:FC:98:2A:42:06:71:2E:9D:49:C7:D3:26:35
ValidityWed, 22 May 2024 07:24:56 GMT - Sat, 17 May 2025 07:24:56 GMT

File type
ASCII text, with no line terminators
Size
82 B (82 bytes)
Hash
2c957834356b9ca6570167adec33573f
0f050c79a457d9917669bd311d4f5116c3aba99b
91c2b74542e11d0278e02715a980b39582eae2e3b519ddd2d4f9ca939e58109c

HTTP Headers

GET /ests/2.1.5623.13/content/cdnbundles/login_hover.min.css HTTP/1.1
Host: secure.aadcdn.microsoftonline-p.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://www.gwenet.org/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 04 Jul 2024 09:17:46 GMT
content-type: text/css
content-length: 82
cache-control: public, max-age=604800
content-encoding: gzip
last-modified: Sat, 18 May 2019 08:00:57 GMT
etag: 0x8D6DB66F5ECA244
x-ms-request-id: 2cf032a8-d01e-0056-5ef1-cd6054000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
x-azure-ref: 20240704T091746Z-17d85d5877cjvpjf5dfvzzcpa80000000ew0000000009a6d
x-fd-int-roxy-purgeid: 50755578
x-cache-info: L1_T2
x-cache: TCP_HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

GET www.gwenet.org/office/index_files/aad.js

66.175.58.9

200 OK

43 kB

URL GET HTTP/1.1
www.gwenet.org/office/index_files/aad.js
IP
66.175.58.9:80
ASN
#30447 INFB2-AS

Requested by
http://www.gwenet.org/office/

File type
JavaScript source, ASCII text, with very long lines (32464)
Size
43 kB (43369 bytes)
Hash
4fa268d5372c8376637ad7b235f3c9c5
39163b7bdac7f082f63a00fd3ced5ddccfc8cb26
d422d055fc7e99b9a2356023659180e91ee818697425f9f488a103a9c10b38e6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /office/index_files/aad.js HTTP/1.1
Host: www.gwenet.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.gwenet.org/office/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 04 Jul 2024 09:17:46 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sat, 11 Mar 2017 12:45:10 GMT
ETag: W/"2b87f-54a73d93e8180"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip

GET www.gwenet.org/office/index_files/jquery.js

66.175.58.9

200 OK

39 kB

URL GET HTTP/1.1
www.gwenet.org/office/index_files/jquery.js
IP
66.175.58.9:80
ASN
#30447 INFB2-AS

Requested by
http://www.gwenet.org/office/

File type
JavaScript source, ASCII text, with very long lines (32083)
Size
39 kB (38681 bytes)
Hash
2eb3a7b0a6c1851059ab42a2c56f9245
f3ad40d5e9ad9c9c851d336ffb9a6b4ec4a9d6a1
d9c500706bcdb6d8e2ba4de1a6ea3d30d87417b79aa26e51fa2b9b9f4ff37e5f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /office/index_files/jquery.js HTTP/1.1
Host: www.gwenet.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.gwenet.org/office/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 04 Jul 2024 09:17:46 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sat, 11 Mar 2017 12:45:10 GMT
ETag: W/"1ae50-54a73d93e8180"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip

GET www.gwenet.org/office/index_files/bannerlogo.png

66.175.58.9

200 OK

4.6 kB

URL GET HTTP/1.1
www.gwenet.org/office/index_files/bannerlogo.png
IP
66.175.58.9:80
ASN
#30447 INFB2-AS

Requested by
http://www.gwenet.org/office/

File type
PNG image data, 159 x 35, 8-bit/color RGBA, non-interlaced
Size
4.6 kB (4585 bytes)
Hash
9f09a27d4f69b3557c7433574a29d726
a3097972d16e6d5768086f3f126e8d07edcc5976
fc5c3d7d2b298a42ec44dad2d8cd227b734db966b4afa68c0254a497e805f603

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /office/index_files/bannerlogo.png HTTP/1.1
Host: www.gwenet.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.gwenet.org/office/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 04 Jul 2024 09:17:46 GMT
Content-Type: image/png
Content-Length: 4585
Connection: keep-alive
Last-Modified: Sat, 11 Mar 2017 12:45:10 GMT
ETag: "11e9-54a73d93e8180"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes

GET www.gwenet.org/office/index_files/microsoft_logo.png

66.175.58.9

200 OK

1.0 kB

URL GET HTTP/1.1
www.gwenet.org/office/index_files/microsoft_logo.png
IP
66.175.58.9:80
ASN
#30447 INFB2-AS

Requested by
http://www.gwenet.org/office/

File type
PNG image data, 100 x 22, 8-bit/color RGBA, non-interlaced
Size
1.0 kB (1040 bytes)
Hash
e4b675007dc6492ee590131d1f7dfbb3
9397e98e13074c09072f6a50e7267c612738c455
988e349f2bf4e87154738c7b2c1fa86618713a8cfa0cef60a046f5add89bd9de

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /office/index_files/microsoft_logo.png HTTP/1.1
Host: www.gwenet.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.gwenet.org/office/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 04 Jul 2024 09:17:46 GMT
Content-Type: image/png
Content-Length: 1040
Connection: keep-alive
Last-Modified: Sat, 11 Mar 2017 12:45:10 GMT
ETag: "410-54a73d93e8180"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes

GET secure.aadcdn.microsoftonline-p.com/ests/2.1.5623.13/content/cdnbundles/watson.min.js

13.107.246.53

200 OK

4.1 kB

URL GET HTTP/2
secure.aadcdn.microsoftonline-p.com/ests/2.1.5623.13/content/cdnbundles/watson.min.js
IP
13.107.246.53:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
http://www.gwenet.org/office/
Certificate
IssuerMicrosoft Corporation
Subjectsecure.aadcdn.microsoftonline-p.com
FingerprintD0:B8:E6:E8:91:3A:47:FC:98:2A:42:06:71:2E:9D:49:C7:D3:26:35
ValidityWed, 22 May 2024 07:24:56 GMT - Sat, 17 May 2025 07:24:56 GMT

File type
JavaScript source, ASCII text, with very long lines (9634), with no line terminators
Size
4.1 kB (4076 bytes)
Hash
d445b7e1295e81edfea7a444d0815766
8749c1e1facfb05bc045fc9685343421232bd821
9b5900571285ad0f6198cbf9fe92d81e9c5ed6f49cfd816d2a762d64d6ab6e14

HTTP Headers

GET /ests/2.1.5623.13/content/cdnbundles/watson.min.js HTTP/1.1
Host: secure.aadcdn.microsoftonline-p.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://www.gwenet.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 04 Jul 2024 09:17:46 GMT
content-type: application/x-javascript
content-length: 4076
cache-control: public, max-age=604800
content-encoding: gzip
last-modified: Sat, 18 May 2019 08:00:43 GMT
etag: 0x8D6DB66ED4BE3DF
x-ms-request-id: 3f95b449-001e-007a-1974-cd8cfb000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
x-azure-ref: 20240704T091746Z-17d85d5877cjvpjf5dfvzzcpa80000000ew0000000009a6m
x-fd-int-roxy-purgeid: 50755578
x-cache-info: L1_T2
x-cache: TCP_HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

GET portal.microsoftonline.com/Prefetch/Prefetch.aspx

13.107.6.156

404 Not Found

1.2 kB

URL GET HTTP/2
portal.microsoftonline.com/Prefetch/Prefetch.aspx
IP
13.107.6.156:443
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
http://www.gwenet.org/office/
Certificate
IssuerMicrosoft Corporation
Subjectportal.office.com
FingerprintAB:C2:75:0E:D8:2C:59:BE:F2:90:3E:68:81:D5:BE:3F:02:76:63:F4
ValidityMon, 03 Jun 2024 22:21:51 GMT - Thu, 29 May 2025 22:21:51 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
1.2 kB (1245 bytes)
Hash
5343c1a8b203c162a3bf3870d9f50fd4
04b5b886c20d88b57eea6d8ff882624a4ac1e51d
dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f

HTTP Headers

GET /Prefetch/Prefetch.aspx HTTP/1.1
Host: portal.microsoftonline.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://www.gwenet.org/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
cache-control: no-store, no-cache
content-length: 1245
content-type: text/html
set-cookie: s.SessID=985d8a78-1de4-4317-b935-d6f0cd24d5be; path=/; secure; HttpOnly; SameSite=None
s.SessID=985d8a78-1de4-4317-b935-d6f0cd24d5be; path=/; secure; HttpOnly; SameSite=None
x-portal-routekey=weu; path=/; secure; HttpOnly
x-ms-correlation-id: b4f480a5-9c84-4813-8c27-921ca16dfdc1
x-content-type-options: nosniff
x-ua-compatible: IE=Edge
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 71E69D6F90B7469EA4F1FB85C2DB0C99 Ref B: SVG20EDGE0210 Ref C: 2024-07-04T09:17:46Z
date: Thu, 04 Jul 2024 09:17:46 GMT
X-Firefox-Spdy: h2

POST www.gwenet.org/common/handlers/watson

66.175.58.9

404 Not Found

21 B

URL POST HTTP/1.1
www.gwenet.org/common/handlers/watson
IP
66.175.58.9:80
ASN
#30447 INFB2-AS

Requested by
http://www.gwenet.org/office/

File type
ASCII text, with no line terminators
Size
21 B (21 bytes)
Hash
8d1946e385d1203f7d9f628ebf028c6a
18c4ae00ebc0556510ccbcd53c9733b75c733caa
d6a6e3533a3a8f1ca99259152a54a7ace6f0f0f6a8ba53e0a5443f05ce55d47a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /common/handlers/watson HTTP/1.1
Host: www.gwenet.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json; charset=utf-8
canary: AQABAAAAAADRNYRQ3dhRSrm-4K-adpCJqrp2-UHGX2Lav-bHusaZ5AWWTdpMRUb6WocX9TLNhQwBk_0iNrtuwCrdt7DiLezMPnSIbNGbDIVPTeZzHsTx9GAdgn_VF2NwmgeHegX7RaA-AccDhDt23Hl5ZTS_97J9oeNq86xMW2AzcX_-Cm4cWOZl4aibxruDwg5ZFhx5yRTjDReCNscp5KufKphAjgxuOmIM4UUA_BIQbrO1FxDqziAA
hpgid: 1002
hpgact: 2101
client-request-id: 0786de24-8d9f-4b28-a873-b34d27a67ddd
X-Requested-With: XMLHttpRequest
Content-Length: 2043
Origin: http://www.gwenet.org
DNT: 1
Connection: keep-alive
Referer: http://www.gwenet.org/office/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Thu, 04 Jul 2024 09:17:47 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 21
Connection: keep-alive

GET count.carrierzone.com/app/count_server/count.js

66.175.41.113

200 OK

36 kB

URL GET HTTP/1.1
count.carrierzone.com/app/count_server/count.js
IP
66.175.41.113:443
ASN
#30447 INFB2-AS

Requested by
http://www.gwenet.org/office/
Certificate
IssuerSectigo Limited
Subject*.carrierzone.com
Fingerprint95:B6:82:4A:5C:0E:46:39:66:C5:BA:CB:8B:50:70:4A:4F:69:34:11
ValidityThu, 13 Jun 2024 00:00:00 GMT - Fri, 13 Jun 2025 23:59:59 GMT

File type
JavaScript source, ASCII text
Size
36 kB (36029 bytes)
Hash
853f44f8a3814f75cd4556fbdcbe5d26
b3bb2ffd8dda9cf07a163a754595e57678a9f9b8
f418e6b5416f03cbc22b24f481582e2d55ee0f7ca6989c562b59f12c9229214e

HTTP Headers

GET /app/count_server/count.js HTTP/1.1
Host: count.carrierzone.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://www.gwenet.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 04 Jul 2024 09:17:44 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Fri, 08 Jun 2012 10:17:02 GMT
Accept-Ranges: bytes
Content-Length: 36029
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Content-Type: text/javascript

GET secure.aadcdn.microsoftonline-p.com/dbd5a2dd-6ybrougjmflxqw910ieyohr7wb4x4-yvoixrlaidmz4/appbranding/askzfdsqe20i-bcjwporaywega7vbt4acqnn1hiliiw/0/bannerlogo?ts=635974776182591704

13.107.246.53

200 OK

4.6 kB

URL GET HTTP/2
secure.aadcdn.microsoftonline-p.com/dbd5a2dd-6ybrougjmflxqw910ieyohr7wb4x4-yvoixrlaidmz4/appbranding/askzfdsqe20i-bcjwporaywega7vbt4acqnn1hiliiw/0/bannerlogo?ts=635974776182591704
IP
13.107.246.53:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
http://www.gwenet.org/office/
Certificate
IssuerMicrosoft Corporation
Subjectsecure.aadcdn.microsoftonline-p.com
FingerprintD0:B8:E6:E8:91:3A:47:FC:98:2A:42:06:71:2E:9D:49:C7:D3:26:35
ValidityWed, 22 May 2024 07:24:56 GMT - Sat, 17 May 2025 07:24:56 GMT

File type
PNG image data, 159 x 35, 8-bit/color RGBA, non-interlaced
Size
4.6 kB (4585 bytes)
Hash
9f09a27d4f69b3557c7433574a29d726
a3097972d16e6d5768086f3f126e8d07edcc5976
fc5c3d7d2b298a42ec44dad2d8cd227b734db966b4afa68c0254a497e805f603

HTTP Headers

GET /dbd5a2dd-6ybrougjmflxqw910ieyohr7wb4x4-yvoixrlaidmz4/appbranding/askzfdsqe20i-bcjwporaywega7vbt4acqnn1hiliiw/0/bannerlogo?ts=635974776182591704 HTTP/1.1
Host: secure.aadcdn.microsoftonline-p.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://www.gwenet.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 04 Jul 2024 09:17:47 GMT
content-type: image\jpeg
content-length: 4585
cache-control: public, max-age=86400
last-modified: Wed, 03 Apr 2019 22:28:44 GMT
etag: 0x8D6B883BBB9ACF7
x-ms-request-id: e244b4a6-701e-0000-6da2-cd0753000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20240704T091747Z-17d85d5877cjvpjf5dfvzzcpa80000000ew0000000009a6x
x-fd-int-roxy-purgeid: 50755578
x-cache-info: L1_T2
x-cache: TCP_HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
20f6da3946882ea83e1d78dfaedbf953
1a8f214ff6a98dae0e57244bac88b6721452a40c
a6ad831046e57007e12f62b75b6fc71963f13823e799a3e25e618ee09a3c9d27

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "A6AD831046E57007E12F62B75B6FC71963F13823E799A3E25E618EE09A3C9D27"
Last-Modified: Wed, 03 Jul 2024 05:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2427
Expires: Thu, 04 Jul 2024 09:58:14 GMT
Date: Thu, 04 Jul 2024 09:17:47 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
20f6da3946882ea83e1d78dfaedbf953
1a8f214ff6a98dae0e57244bac88b6721452a40c
a6ad831046e57007e12f62b75b6fc71963f13823e799a3e25e618ee09a3c9d27

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "A6AD831046E57007E12F62B75B6FC71963F13823E799A3E25E618EE09A3C9D27"
Last-Modified: Wed, 03 Jul 2024 05:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2427
Expires: Thu, 04 Jul 2024 09:58:14 GMT
Date: Thu, 04 Jul 2024 09:17:47 GMT
Connection: keep-alive

GET secure.aadcdn.microsoftonline-p.com/dbd5a2dd-6ybrougjmflxqw910ieyohr7wb4x4-yvoixrlaidmz4/appbranding/askzfdsqe20i-bcjwporaywega7vbt4acqnn1hiliiw/0/heroillustration?ts=635974776187911809

13.107.246.53

200 OK

203 kB

URL GET HTTP/2
secure.aadcdn.microsoftonline-p.com/dbd5a2dd-6ybrougjmflxqw910ieyohr7wb4x4-yvoixrlaidmz4/appbranding/askzfdsqe20i-bcjwporaywega7vbt4acqnn1hiliiw/0/heroillustration?ts=635974776187911809
IP
13.107.246.53:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
http://www.gwenet.org/office/
Certificate
IssuerMicrosoft Corporation
Subjectsecure.aadcdn.microsoftonline-p.com
FingerprintD0:B8:E6:E8:91:3A:47:FC:98:2A:42:06:71:2E:9D:49:C7:D3:26:35
ValidityWed, 22 May 2024 07:24:56 GMT - Sat, 17 May 2025 07:24:56 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1420x1080, components 3
Size
203 kB (203294 bytes)
Hash
65283b123eb235e6176ae98c02ac5b1c
c50ca32b13a2dcbde0cb6eb2d4f72c252f14ac3f
7e50e406688bd898803f653058d14ca384734cb9b39ba900bc5e2734b59c073b

HTTP Headers

GET /dbd5a2dd-6ybrougjmflxqw910ieyohr7wb4x4-yvoixrlaidmz4/appbranding/askzfdsqe20i-bcjwporaywega7vbt4acqnn1hiliiw/0/heroillustration?ts=635974776187911809 HTTP/1.1
Host: secure.aadcdn.microsoftonline-p.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://www.gwenet.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 04 Jul 2024 09:17:47 GMT
content-type: image\jpeg
content-length: 203294
cache-control: public, max-age=86400
last-modified: Wed, 03 Apr 2019 22:28:45 GMT
etag: 0x8D6B883BC0FF82B
x-ms-request-id: 2331c8ce-a01e-002c-4e88-cdebfc000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20240704T091747Z-17d85d5877cjvpjf5dfvzzcpa80000000ew0000000009a6z
x-fd-int-roxy-purgeid: 50755578
x-cache-info: L1_T2
x-cache: TCP_HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

GET count.carrierzone.com/track/ctin.php?t=1720084667135&custnum=88d8c7091eaea901&sname=www.gwenet.org&pagename=index.html&group=%2Fservices%2Fwebpages%2Fg%2Fw%2Fgwenet.org%2Fpublic%2Foffice&version=%24Rev%3A%207840%20%24&js=1&jv=0&resolution=1280x1024&color_depth=24&campaign=&referrer=&page_url=http%253A%252F%252Fwww.gwenet.org%252Foffice%252F&plugins=PDF%20Viewer%3BChrome%20PDF%20Viewer%3BChromium%20PDF%20Viewer%3BMicrosoft%20Edge%20PDF%20Viewer%3BWebKit%20built-in%20PDF%3B

66.175.41.113

200 OK

42 B

URL GET HTTP/1.1
count.carrierzone.com/track/ctin.php?t=1720084667135&custnum=88d8c7091eaea901&sname=www.gwenet.org&pagename=index.html&group=%2Fservices%2Fwebpages%2Fg%2Fw%2Fgwenet.org%2Fpublic%2Foffice&version=%24Rev%3A%207840%20%24&js=1&jv=0&resolution=1280x1024&color_depth=24&campaign=&referrer=&page_url=http%253A%252F%252Fwww.gwenet.org%252Foffice%252F&plugins=PDF%20Viewer%3BChrome%20PDF%20Viewer%3BChromium%20PDF%20Viewer%3BMicrosoft%20Edge%20PDF%20Viewer%3BWebKit%20built-in%20PDF%3B
IP
66.175.41.113:80
ASN
#30447 INFB2-AS

Requested by
http://www.gwenet.org/office/

File type
GIF image data, version 89a, 1 x 1
Size
42 B (42 bytes)
Hash
bae3474ef15712706e514d9c40c3d1d5
b93948c072d6fd3dd9a2720cd837784a9c9ca337
5b27cb8a843da7b4f70f68d669798596541491654185df0bd45867d951a31947

HTTP Headers

GET /track/ctin.php?t=1720084667135&custnum=88d8c7091eaea901&sname=www.gwenet.org&pagename=index.html&group=%2Fservices%2Fwebpages%2Fg%2Fw%2Fgwenet.org%2Fpublic%2Foffice&version=%24Rev%3A%207840%20%24&js=1&jv=0&resolution=1280x1024&color_depth=24&campaign=&referrer=&page_url=http%253A%252F%252Fwww.gwenet.org%252Foffice%252F&plugins=PDF%20Viewer%3BChrome%20PDF%20Viewer%3BChromium%20PDF%20Viewer%3BMicrosoft%20Edge%20PDF%20Viewer%3BWebKit%20built-in%20PDF%3B HTTP/1.1
Host: count.carrierzone.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.gwenet.org/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 04 Jul 2024 09:17:45 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.2.17
Set-Cookie: CTCNTNM_88d8c7091eaea901=4a77b7db6f9a8b19eea2ce0dcfbbd1d5; expires=Wed, 02-Oct-2024 09:17:45 GMT
Content-Length: 42
P3P: CP="NOI NID ADMa OUR IND UNI COM NAV"
Expires: Thu, 01 Jan 1970 01:23:45 GMT
Last-Modified: Thu, 04 Jul 2024 09:17:45 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Content-Type: image/gif

GET portal.microsoftonline.com/Prefetch/Prefetch.aspx

13.107.6.156

404 Not Found

1.2 kB

URL GET HTTP/2
portal.microsoftonline.com/Prefetch/Prefetch.aspx
IP
13.107.6.156:443
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
http://www.gwenet.org/office/
Certificate
IssuerMicrosoft Corporation
Subjectportal.office.com
FingerprintAB:C2:75:0E:D8:2C:59:BE:F2:90:3E:68:81:D5:BE:3F:02:76:63:F4
ValidityMon, 03 Jun 2024 22:21:51 GMT - Thu, 29 May 2025 22:21:51 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
1.2 kB (1245 bytes)
Hash
5343c1a8b203c162a3bf3870d9f50fd4
04b5b886c20d88b57eea6d8ff882624a4ac1e51d
dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f

HTTP Headers

GET /Prefetch/Prefetch.aspx HTTP/1.1
Host: portal.microsoftonline.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://www.gwenet.org/
Cookie: s.SessID=985d8a78-1de4-4317-b935-d6f0cd24d5be
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
cache-control: no-store, no-cache
content-length: 1245
content-type: text/html
set-cookie: x-portal-routekey=weu; path=/; secure; HttpOnly
x-ms-correlation-id: 53f68aca-c61c-422f-9e4e-766d5c07abd6
x-content-type-options: nosniff
x-ua-compatible: IE=Edge
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 9B9FB6B2A1EB4ECE8D4FC178D4F71BE5 Ref B: SVG20EDGE0210 Ref C: 2024-07-04T09:17:48Z
date: Thu, 04 Jul 2024 09:17:47 GMT
X-Firefox-Spdy: h2

GET www.gwenet.org/office/index_files/heroillustration.jpg

66.175.58.9

200 OK

111 kB

URL GET HTTP/1.1
www.gwenet.org/office/index_files/heroillustration.jpg
IP
66.175.58.9:80
ASN
#30447 INFB2-AS

Requested by
http://www.gwenet.org/office/

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1420x1080, components 3
Size
111 kB (111065 bytes)
Hash
3d5f742df3002f3253f3226dbe03a996
7cc361e05845444258dcec3d5bcc962dca190814
1e23c310cbb0ba62da8de440cfc330c98ec530087e0359a5c04c7cbc8b94b936

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /office/index_files/heroillustration.jpg HTTP/1.1
Host: www.gwenet.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.gwenet.org/office/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 04 Jul 2024 09:17:46 GMT
Content-Type: image/jpeg
Content-Length: 203294
Connection: keep-alive
Last-Modified: Sat, 11 Mar 2017 12:45:10 GMT
ETag: "31a1e-54a73d93e8180"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes

GET secure.aadcdn.microsoftonline-p.com/ests/2.1.5623.13/content/images/favicon_a.ico

13.107.246.53

200 OK

17 kB

URL GET HTTP/2
secure.aadcdn.microsoftonline-p.com/ests/2.1.5623.13/content/images/favicon_a.ico
IP
13.107.246.53:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
http://www.gwenet.org/office/
Certificate
IssuerMicrosoft Corporation
Subjectsecure.aadcdn.microsoftonline-p.com
FingerprintD0:B8:E6:E8:91:3A:47:FC:98:2A:42:06:71:2E:9D:49:C7:D3:26:35
ValidityWed, 22 May 2024 07:24:56 GMT - Sat, 17 May 2025 07:24:56 GMT

File type
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
Size
17 kB (17174 bytes)
Hash
12e3dac858061d088023b2bd48e2fa96
e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21

HTTP Headers

GET /ests/2.1.5623.13/content/images/favicon_a.ico HTTP/1.1
Host: secure.aadcdn.microsoftonline-p.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://www.gwenet.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 04 Jul 2024 09:17:48 GMT
content-type: image/x-icon
content-length: 17174
cache-control: public, max-age=604800
last-modified: Sat, 18 May 2019 08:01:02 GMT
etag: 0x8D6DB66F8F4DC56
x-ms-request-id: 16b16209-201e-000f-08f3-cde7d7000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
x-azure-ref: 20240704T091747Z-17d85d5877cjvpjf5dfvzzcpa80000000ew0000000009a7k
x-fd-int-roxy-purgeid: 50755578
x-cache: TCP_MISS
accept-ranges: bytes
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (12)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by