gnenews.com - urlscan.io

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 5 HTTP transactions. The main IP is 69.30.195.18, located in Kansas City, United States and belongs to WII-KC - WholeSale Internet, Inc., US. The main domain is gnenews.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on September 14th 2018. Valid for: 3 months.

This is the only time gnenews.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic (Online)

Domain & IP information

	IP Address		AS Autonomous System
5	69.30.195.18 69.30.195.18		32097 (WII-KC) (WII-KC - WholeSale Internet)
5	1

5 69.30.195.18 (Kansas City, United States)

ASN32097 (WII-KC - WholeSale Internet, Inc., US)
PTR: server11.dnsserverboot.com

gnenews.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	gnenews.com gnenews.com	251 KB
5	1

	Domain	Requested by
5	gnenews.com	gnenews.com
5	1

This site contains no links.

Subject Issuer	Validity	Valid
gnenews.com Let's Encrypt Authority X3	`2018-09-14` - `2018-12-13`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://gnenews.com/outlook.com/office-365/
Frame ID: C70A2163ED8B945E0C2A28FCFF78D5BF
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

Page Statistics

5
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

251 kB
Transfer

250 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response gnenews.com/outlook.com/office-365/	2 KB 2 KB	836ms 280ms	Document text/html	69.30.195.18 WholeSale Internet
General Check archive.org Show headers Download Go to Full URL https://gnenews.com/outlook.com/office-365/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 69.30.195.18 Kansas City, United States, ASN32097 (WII-KC - WholeSale Internet, Inc., US), Reverse DNS server11.dnsserverboot.com Software Apache / Resource Hash `7fb8ae310d2dcc85a60edca5daf524ff5f5ae0e8e253fb894e8c0d4418423006` Request headers Host gnenews.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Tue, 16 Oct 2018 21:15:17 GMT Server Apache Keep-Alive timeout=5, max=100 Connection Keep-Alive Transfer-Encoding chunked Content-Type text/html; charset=UTF-8
GET H/1.1	200 OK	style1.css gnenews.com/outlook.com/office-365/css/	2 KB 3 KB	169ms 167ms	Stylesheet text/css	69.30.195.18 WholeSale Internet
General Check archive.org Show headers Download Go to Full URL https://gnenews.com/outlook.com/office-365/css/style1.css Requested by Host: gnenews.com URL: https://gnenews.com/outlook.com/office-365/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 69.30.195.18 Kansas City, United States, ASN32097 (WII-KC - WholeSale Internet, Inc., US), Reverse DNS server11.dnsserverboot.com Software Apache / Resource Hash `f1b8d65ce07c5f4f8b5f1387ee86b14e6212bc49d92b5b163572a3d6b4f16fd2` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host gnenews.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/css,/;q=0.1 Referer https://gnenews.com/outlook.com/office-365/ Connection keep-alive Cache-Control no-cache Referer https://gnenews.com/outlook.com/office-365/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Tue, 16 Oct 2018 21:15:17 GMT Last-Modified Thu, 09 Nov 2017 19:52:58 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 2471
GET H/1.1	200 OK	himiddle.JPG gnenews.com/outlook.com/office-365/img/	14 KB 14 KB	333ms 164ms	Image image/jpeg	69.30.195.18 WholeSale Internet
General Check archive.org Show headers Download Go to Show image Full URL https://gnenews.com/outlook.com/office-365/img/himiddle.JPG Requested by Host: gnenews.com URL: https://gnenews.com/outlook.com/office-365/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 69.30.195.18 Kansas City, United States, ASN32097 (WII-KC - WholeSale Internet, Inc., US), Reverse DNS server11.dnsserverboot.com Software Apache / Resource Hash `c1e02720a11165008e5b0127faa70ee65b7595b08d4cf6c8de48c517fc93e9b0` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host gnenews.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* https://gnenews.com/outlook.com/office-365/ Connection keep-alive Cache-Control no-cache Referer https://gnenews.com/outlook.com/office-365/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Tue, 16 Oct 2018 21:15:17 GMT Last-Modified Tue, 21 Aug 2018 09:25:24 GMT Server Apache Content-Type image/jpeg Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 14290
GET H/1.1	200 OK	m1.JPG gnenews.com/outlook.com/office-365/img/	221 KB 221 KB	616ms 162ms	Image image/jpeg	69.30.195.18 WholeSale Internet
General Check archive.org Show headers Download Go to Show image Full URL https://gnenews.com/outlook.com/office-365/img/m1.JPG Requested by Host: gnenews.com URL: https://gnenews.com/outlook.com/office-365/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 69.30.195.18 Kansas City, United States, ASN32097 (WII-KC - WholeSale Internet, Inc., US), Reverse DNS server11.dnsserverboot.com Software Apache / Resource Hash `d9f2704abbcefc30b399ccb58c410d42462889af865853e0628752c8c2c8315a` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host gnenews.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* https://gnenews.com/outlook.com/office-365/ Connection keep-alive Cache-Control no-cache Referer https://gnenews.com/outlook.com/office-365/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Tue, 16 Oct 2018 21:15:17 GMT Last-Modified Tue, 21 Aug 2018 09:25:18 GMT Server Apache Content-Type image/jpeg Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 226462
GET H/1.1	404 Not Found	ymiddle.JPG gnenews.com/outlook.com/office-365/img/	10 KB 10 KB	1256ms 695ms	Image text/html	69.30.195.18 WholeSale Internet
General Check archive.org Show headers Download Go to Show image Full URL https://gnenews.com/outlook.com/office-365/img/ymiddle.JPG Requested by Host: gnenews.com URL: https://gnenews.com/outlook.com/office-365/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 69.30.195.18 Kansas City, United States, ASN32097 (WII-KC - WholeSale Internet, Inc., US), Reverse DNS server11.dnsserverboot.com Software Apache / Resource Hash `d4e12ed8125b99e8eac5c9d8fce774cf7ae04dfc601dd4d2bf7cb74c25927ecc` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host gnenews.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* https://gnenews.com/outlook.com/office-365/ Connection keep-alive Cache-Control no-cache Referer https://gnenews.com/outlook.com/office-365/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Tue, 16 Oct 2018 21:15:18 GMT Server Apache Transfer-Encoding chunked Content-Type text/html; charset=UTF-8 Cache-Control no-cache, must-revalidate, max-age=0 Connection Keep-Alive Link <https://gnenews.com/wp-json/>; rel="https://api.w.org/" Keep-Alive timeout=5, max=100 Expires Wed, 11 Jan 1984 05:00:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic (Online)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

gnenews.com
69.30.195.18
7fb8ae310d2dcc85a60edca5daf524ff5f5ae0e8e253fb894e8c0d4418423006
c1e02720a11165008e5b0127faa70ee65b7595b08d4cf6c8de48c517fc93e9b0
d4e12ed8125b99e8eac5c9d8fce774cf7ae04dfc601dd4d2bf7cb74c25927ecc
d9f2704abbcefc30b399ccb58c410d42462889af865853e0628752c8c2c8315a
f1b8d65ce07c5f4f8b5f1387ee86b14e6212bc49d92b5b163572a3d6b4f16fd2

gnenews.com Open in urlscan Pro 69.30.195.18 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

5 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

251 kBTransfer

250 kBSize

0 Cookies

0 Outgoing links

Redirected requests

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

0 Cookies

Indicators

gnenews.com Open in urlscan Pro
69.30.195.18 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

5
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

251 kB
Transfer

250 kB
Size

0
Cookies

5 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!