www.lillefrekke.no Open in urlscan Pro
213.162.241.36 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://goo.gl/mZCPFW
Effective URL:
https://www.lillefrekke.no/xtt/index.php?u=tf3lwfhmqmg2Ajp6wjfztyl9266ydxw4g06w73d1n8jzcxs17grjm7qAvs5x6cAk7w5qqs590dwkvtw9...
Submission: On December 02 via manual (December 2nd 2017, 5:48:42 pm UTC) from IS

Summary HTTP 9 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 2 countries across 2 domains to perform 9 HTTP transactions. The main IP is 213.162.241.36, located in Tau, Norway and belongs to ASN-HIPERCOM, NO. The main domain is www.lillefrekke.no.
TLS certificate: Issued by Symantec Basic DV SSL CA - G2 on January 25th 2017. Valid for: a year.

This is the only time www.lillefrekke.no was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Google (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 1	2a00:1450:400... 2a00:1450:4001:806::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
9	213.162.241.36 213.162.241.36	28824 (ASN-HIPERCOM) (ASN-HIPERCOM)
9	1

1 2a00:1450:4001:806::200e (Ireland) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)

goo.gl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 213.162.241.36 (Tau, Norway)

ASN28824 (ASN-HIPERCOM, NO)
PTR: cachetur.no

www.lillefrekke.no	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	lillefrekke.no www.lillefrekke.no	40 KB
1	goo.gl 1 redirects goo.gl	856 B
9	2

	Domain	Requested by
9	www.lillefrekke.no	www.lillefrekke.no
1	goo.gl	1 redirects
9	2

This site contains no links.

Subject Issuer	Validity	Valid
www.lillefrekke.no Symantec Basic DV SSL CA - G2	`2017-01-25` - `2018-01-25`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://www.lillefrekke.no/xtt/index.php?u=tf3lwfhmqmg2Ajp6wjfztyl9266ydxw4g06w73d1n8jzcxs17grjm7qAvs5x6cAk7w5qqs590dwkvtw9mv1fl66x9t78d5x0l5gmty85Awzdv07xbn7z07h7A6x2b96kfpcwkxhx1d83584A3jb8syb6s2
Frame ID: 29350.1
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://goo.gl/mZCPFW HTTP 301
https://www.lillefrekke.no/xtt/index.php?u=tf3lwfhmqmg2Ajp6wjfztyl9266ydxw4g06w73d1n8jzcxs17grjm7qAvs5x... Page URL

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

Page Statistics

9
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

1
IPs

2
Countries

40 kB
Transfer

88 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://goo.gl/mZCPFW HTTP 301
https://www.lillefrekke.no/xtt/index.php?u=tf3lwfhmqmg2Ajp6wjfztyl9266ydxw4g06w73d1n8jzcxs17grjm7qAvs5x6cAk7w5qqs590dwkvtw9mv1fl66x9t78d5x0l5gmty85Awzdv07xbn7z07h7A6x2b96kfpcwkxhx1d83584A3jb8syb6s2 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request

Cookie set index.php Show response
www.lillefrekke.no/xtt/
Redirect Chain

https://goo.gl/mZCPFW
https://www.lillefrekke.no/xtt/index.php?u=tf3lwfhmqmg2Ajp6wjfztyl9266ydxw4g06w73d1n8jzcxs17grjm7qAvs5x6cAk7w5qqs590dwkvtw9mv1fl66x9t78d5x0l5gmty85Awzdv07xbn7z07h7A6x2b96kfpcwkxhx1d83584A3jb8syb6s2

61 KB
16 KB

589ms
347ms

Document
text/html

213.162.241.36
ASN-HIPERCOM

General

Check archive.org

Show headers Download Go to

Full URL

https://www.lillefrekke.no/xtt/index.php?u=tf3lwfhmqmg2Ajp6wjfztyl9266ydxw4g06w73d1n8jzcxs17grjm7qAvs5x6cAk7w5qqs590dwkvtw9mv1fl66x9t78d5x0l5gmty85Awzdv07xbn7z07h7A6x2b96kfpcwkxhx1d83584A3jb8syb6s2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

213.162.241.36 Tau, Norway, ASN28824 (ASN-HIPERCOM, NO),

Reverse DNS

cachetur.no

Software

Apache /

Resource Hash

6abe2f2c9ef6237827bc11dcc4d9b75cbbead33da6781230d4ca9737259ee431

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.lillefrekke.no
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Cache-Control: no-cache
Connection: keep-alive
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains max-age=15768000
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Content-Security-Policy-Report-Only: script-src 'report-sample' 'nonce-UOMegyDUGgKPo+siW5HO7TZW1Rg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
x-auto-login: realm=com.google&args=continue%3Dhttps%253A%252F%252Faccounts.google.com%252FManageAccount
Content-Disposition: inline; filename="signin"
Connection: Keep-Alive
Alt-Svc: hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"
Content-Length: 15945
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Server: Apache
Date: Sat, 02 Dec 2017 17:48:30 GMT
X-Frame-Options: DENY
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding,User-Agent
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Set-Cookie: COOKIE%253BGAPS%253B%252F%253Baccounts.google.com=1%253AGCsW6LmzLWKq1f2FM71qYIKqCyKV8g%253Al6PQp0t8D-XGfVPm%253BSecure; expires=Mon, 02-Dec-2019 17:48:31 GMT; path=/; domain=.www.lillefrekke.no
Keep-Alive: timeout=5, max=100
Expires: Mon, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
status: 301
date: Sat, 02 Dec 2017 17:48:30 GMT
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
location: https://www.lillefrekke.no/xtt/index.php?u=tf3lwfhmqmg2Ajp6wjfztyl9266ydxw4g06w73d1n8jzcxs17grjm7qAvs5x6cAk7w5qqs590dwkvtw9mv1fl66x9t78d5x0l5gmty85Awzdv07xbn7z07h7A6x2b96kfpcwkxhx1d83584A3jb8syb6s2
cache-control: no-cache, no-store, max-age=0, must-revalidate
alt-svc: hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"
content-length: 310
x-xss-protection: 1; mode=block
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK index.php
www.lillefrekke.no/xtt/ 115 B
131 B 207ms
207ms Image
image/png 213.162.241.36
ASN-HIPERCOM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.lillefrekke.no/xtt/index.php?u=sln3z1cjyds1ct02bdmwc2kj8vy6xcm8btyAy6j13ywl8f3c72f5pn5pwg2hsh1k6A7z1tjx6c4wn79fpffl086dlbpyrd8v8v99rhmpr1z4p0j0xAhbn7rhpwytg6w0y41kktb4t59yfsmy2wmmrwqp99bdv8ttwfs3AwwqsjAnyrrbkA61

Requested by

Host: www.lillefrekke.no
URL: https://www.lillefrekke.no/xtt/index.php?u=tf3lwfhmqmg2Ajp6wjfztyl9266ydxw4g06w73d1n8jzcxs17grjm7qAvs5x6cAk7w5qqs590dwkvtw9mv1fl66x9t78d5x0l5gmty85Awzdv07xbn7z07h7A6x2b96kfpcwkxhx1d83584A3jb8syb6s2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

213.162.241.36 Tau, Norway, ASN28824 (ASN-HIPERCOM, NO),

Reverse DNS

cachetur.no

Software

Apache /

Resource Hash

21c7180c568bf115a0784629a8e5575103007f66ab2b964ab1d7f3290f5ab370

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.lillefrekke.no
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://www.lillefrekke.no/xtt/index.php?u=tf3lwfhmqmg2Ajp6wjfztyl9266ydxw4g06w73d1n8jzcxs17grjm7qAvs5x6cAk7w5qqs590dwkvtw9mv1fl66x9t78d5x0l5gmty85Awzdv07xbn7z07h7A6x2b96kfpcwkxhx1d83584A3jb8syb6s2
Cookie: COOKIE%253BGAPS%253B%252F%253Baccounts.google.com=1%253AGCsW6LmzLWKq1f2FM71qYIKqCyKV8g%253Al6PQp0t8D-XGfVPm%253BSecure
Connection: keep-alive
Cache-Control: no-cache
Referer: https://www.lillefrekke.no/xtt/index.php?u=tf3lwfhmqmg2Ajp6wjfztyl9266ydxw4g06w73d1n8jzcxs17grjm7qAvs5x6cAk7w5qqs590dwkvtw9mv1fl66x9t78d5x0l5gmty85Awzdv07xbn7z07h7A6x2b96kfpcwkxhx1d83584A3jb8syb6s2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36

Response headers

Date: Sat, 02 Dec 2017 17:48:30 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Age: 2100248
Content-Disposition: inline; filename="arrow_back_grey600_24dp.png"
Connection: Keep-Alive
Alt-Svc: hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"
Content-Length: 131
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 29 Jul 2016 16:45:00 GMT
Server: Apache
Strict-Transport-Security: max-age=15768000
Content-Type: image/png
Vary: Origin,Accept-Encoding,User-Agent
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Expires: Thu, 08 Nov 2018 10:24:23 GMT

GET
H/1.1 200
OK index.php
www.lillefrekke.no/xtt/ 199 B
220 B 641ms
552ms Image
image/png 213.162.241.36
ASN-HIPERCOM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.lillefrekke.no/xtt/index.php?u=Azzl0j89v15gfrjAdk3kx4A3cygzctwdp1m0g8dw3bghszd2qw52A136Ad7d2k0c0ntk86rc3zx4vfnq8g76ftgzzvk0skxzrtm9l0Akk97hqgbpv7pAfh8sl59yz2ldlhczfgfld5w0r23mhxr7lll2jAAbyc5xt4lhkkk7fdr5j2zky3pq

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

213.162.241.36 Tau, Norway, ASN28824 (ASN-HIPERCOM, NO),

Reverse DNS

cachetur.no

Software

Apache /

Resource Hash

59404af2d92c53ad1ee9e21b252c07c77dcba810b248a79d6ae989b1ff63c7d6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.lillefrekke.no
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://www.lillefrekke.no/xtt/index.php?u=tf3lwfhmqmg2Ajp6wjfztyl9266ydxw4g06w73d1n8jzcxs17grjm7qAvs5x6cAk7w5qqs590dwkvtw9mv1fl66x9t78d5x0l5gmty85Awzdv07xbn7z07h7A6x2b96kfpcwkxhx1d83584A3jb8syb6s2
Cookie: COOKIE%253BGAPS%253B%252F%253Baccounts.google.com=1%253AGCsW6LmzLWKq1f2FM71qYIKqCyKV8g%253Al6PQp0t8D-XGfVPm%253BSecure
Connection: keep-alive
Cache-Control: no-cache
Referer: https://www.lillefrekke.no/xtt/index.php?u=tf3lwfhmqmg2Ajp6wjfztyl9266ydxw4g06w73d1n8jzcxs17grjm7qAvs5x6cAk7w5qqs590dwkvtw9mv1fl66x9t78d5x0l5gmty85Awzdv07xbn7z07h7A6x2b96kfpcwkxhx1d83584A3jb8syb6s2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36

Response headers

Date: Sat, 02 Dec 2017 17:48:30 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Age: 1281383
Content-Disposition: inline; filename="universal_language_settings-21.png"
Connection: Keep-Alive
Alt-Svc: hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"
Content-Length: 220
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 21 Apr 2016 03:17:22 GMT
Server: Apache
Strict-Transport-Security: max-age=15768000
Content-Type: image/png
Vary: Accept-Encoding,User-Agent
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Expires: Sat, 17 Nov 2018 21:52:08 GMT

GET
H/1.1 200
OK index.php
www.lillefrekke.no/xtt/ 2 KB
2 KB 413ms
208ms Image
image/png 213.162.241.36
ASN-HIPERCOM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.lillefrekke.no/xtt/index.php?u=m197dc91ncn0sjmf1svnwxtkz1g2023cx90s3tck7Awqvgt90zq0gfxf6cjtjA8jz6mtnn7twrmhnkccns4g4x11mthh33sp3s8p06l7940zA2ry413g51545jrf5gsgq20hrxwhhAy0bljspr53zfv87ldp8jsw0v1ryxxwsg647zfxqt0q

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

213.162.241.36 Tau, Norway, ASN28824 (ASN-HIPERCOM, NO),

Reverse DNS

cachetur.no

Software

Apache /

Resource Hash

9ecd5e18216a965021f794cc1fd255767f8437ce1dd6c6c2ff4ceea7ccc0073d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.lillefrekke.no
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://www.lillefrekke.no/xtt/index.php?u=tf3lwfhmqmg2Ajp6wjfztyl9266ydxw4g06w73d1n8jzcxs17grjm7qAvs5x6cAk7w5qqs590dwkvtw9mv1fl66x9t78d5x0l5gmty85Awzdv07xbn7z07h7A6x2b96kfpcwkxhx1d83584A3jb8syb6s2
Cookie: COOKIE%253BGAPS%253B%252F%253Baccounts.google.com=1%253AGCsW6LmzLWKq1f2FM71qYIKqCyKV8g%253Al6PQp0t8D-XGfVPm%253BSecure
Connection: keep-alive
Cache-Control: no-cache
Referer: https://www.lillefrekke.no/xtt/index.php?u=tf3lwfhmqmg2Ajp6wjfztyl9266ydxw4g06w73d1n8jzcxs17grjm7qAvs5x6cAk7w5qqs590dwkvtw9mv1fl66x9t78d5x0l5gmty85Awzdv07xbn7z07h7A6x2b96kfpcwkxhx1d83584A3jb8syb6s2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36

Response headers

Date: Sat, 02 Dec 2017 17:48:30 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Age: 2100300
Content-Disposition: inline; filename="googlelogo_color_112x36dp.png"
Connection: Keep-Alive
Alt-Svc: hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"
Content-Length: 2472
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 21 Apr 2016 03:17:22 GMT
Server: Apache
Strict-Transport-Security: max-age=15768000
Content-Type: image/png
Vary: Accept-Encoding,User-Agent
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Expires: Thu, 08 Nov 2018 10:23:31 GMT

GET
H/1.1 200
OK index.php
www.lillefrekke.no/xtt/ 9 KB
9 KB 331ms
248ms Font
font/woff2 213.162.241.36
ASN-HIPERCOM

General

Check archive.org

Show headers Download Go to

Full URL

https://www.lillefrekke.no/xtt/index.php?u=k048h6kcqpjAAzrcqrk0y0jmh54pkdcdd0wqtc2wj4w30vmt058f3A1zw3z9vz6f00bkqwfcby4nw9fczm7lrbyAhn9863s8tjdhmxk7xrwvzfch6qwfylzr2w93yhwcw7A93s5ywmhjkvjtdkrm3qjkp5v9c6p509qw5r5vzjvAy2z5smr1

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

213.162.241.36 Tau, Norway, ASN28824 (ASN-HIPERCOM, NO),

Reverse DNS

cachetur.no

Software

Apache /

Resource Hash

35a21333c81302e934ee42b7b85b2c6a731bfffb418fe52fe795cb1974186976

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Origin: https://www.lillefrekke.no
Accept-Encoding: gzip, deflate
Host: www.lillefrekke.no
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
Accept: */*
Referer: https://www.lillefrekke.no/xtt/index.php?u=tf3lwfhmqmg2Ajp6wjfztyl9266ydxw4g06w73d1n8jzcxs17grjm7qAvs5x6cAk7w5qqs590dwkvtw9mv1fl66x9t78d5x0l5gmty85Awzdv07xbn7z07h7A6x2b96kfpcwkxhx1d83584A3jb8syb6s2
Cookie: COOKIE%253BGAPS%253B%252F%253Baccounts.google.com=1%253AGCsW6LmzLWKq1f2FM71qYIKqCyKV8g%253Al6PQp0t8D-XGfVPm%253BSecure
Connection: keep-alive
Cache-Control: no-cache
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
Referer: https://www.lillefrekke.no/xtt/index.php?u=tf3lwfhmqmg2Ajp6wjfztyl9266ydxw4g06w73d1n8jzcxs17grjm7qAvs5x6cAk7w5qqs590dwkvtw9mv1fl66x9t78d5x0l5gmty85Awzdv07xbn7z07h7A6x2b96kfpcwkxhx1d83584A3jb8syb6s2
Origin: https://www.lillefrekke.no

Response headers

Date: Sat, 02 Dec 2017 17:48:30 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Age: 100515
Content-Disposition: inline; filename="DXI1ORHCpsQm3Vp6mXoaTRampu5_7CjHW5spxoeN3Vs.woff2"
Connection: Keep-Alive
Alt-Svc: hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"
Content-Length: 8755
X-XSS-Protection: 1; mode=block
Last-Modified: Wed, 11 Oct 2017 21:49:40 GMT
Server: Apache
Strict-Transport-Security: max-age=15768000
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Vary: Accept-Encoding,User-Agent
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Timing-Allow-Origin: *
Keep-Alive: timeout=5, max=100
Expires: Sat, 01 Dec 2018 13:53:16 GMT

GET
H/1.1 200
OK index.php
www.lillefrekke.no/xtt/ 9 KB
9 KB 340ms
256ms Font
font/woff2 213.162.241.36
ASN-HIPERCOM

General

Check archive.org

Show headers Download Go to

Full URL

https://www.lillefrekke.no/xtt/index.php?u=nc7y2njpw6qfsw7p3pqgc9hdwqv6rvfhAcj22d680km9bsvzwt7p22qlxcx83gpp5lhbq7lstsmt3sA27jysmh0lq6lqkg48yAvly7c1ckwkf30rvA0zd2Axfsfjz21hr8rfbl9h8xg85h6ssmbq2ggpq7tk0qfgzcxh58hvvy8c4r7mz3fq

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

213.162.241.36 Tau, Norway, ASN28824 (ASN-HIPERCOM, NO),

Reverse DNS

cachetur.no

Software

Apache /

Resource Hash

8868d2a2f803ea6802d54a11564b5b96c7d8be56117a328c8f605539d6dee167

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Origin: https://www.lillefrekke.no
Accept-Encoding: gzip, deflate
Host: www.lillefrekke.no
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
Accept: */*
Referer: https://www.lillefrekke.no/xtt/index.php?u=tf3lwfhmqmg2Ajp6wjfztyl9266ydxw4g06w73d1n8jzcxs17grjm7qAvs5x6cAk7w5qqs590dwkvtw9mv1fl66x9t78d5x0l5gmty85Awzdv07xbn7z07h7A6x2b96kfpcwkxhx1d83584A3jb8syb6s2
Cookie: COOKIE%253BGAPS%253B%252F%253Baccounts.google.com=1%253AGCsW6LmzLWKq1f2FM71qYIKqCyKV8g%253Al6PQp0t8D-XGfVPm%253BSecure
Connection: keep-alive
Cache-Control: no-cache
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
Referer: https://www.lillefrekke.no/xtt/index.php?u=tf3lwfhmqmg2Ajp6wjfztyl9266ydxw4g06w73d1n8jzcxs17grjm7qAvs5x6cAk7w5qqs590dwkvtw9mv1fl66x9t78d5x0l5gmty85Awzdv07xbn7z07h7A6x2b96kfpcwkxhx1d83584A3jb8syb6s2
Origin: https://www.lillefrekke.no

Response headers

Date: Sat, 02 Dec 2017 17:48:30 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Age: 100512
Content-Disposition: inline; filename="cJZKeOuBrn4kERxqtaUH3ZBw1xU1rKptJj_0jans920.woff2"
Connection: Keep-Alive
Alt-Svc: hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"
Content-Length: 8915
X-XSS-Protection: 1; mode=block
Last-Modified: Wed, 11 Oct 2017 21:49:46 GMT
Server: Apache
Strict-Transport-Security: max-age=15768000
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Vary: Accept-Encoding,User-Agent
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Timing-Allow-Origin: *
Keep-Alive: timeout=5, max=100
Expires: Sat, 01 Dec 2018 13:53:19 GMT

GET
H/1.1 200
OK index.php
www.lillefrekke.no/xtt/ 626 B
599 B 527ms
204ms Image
image/png 213.162.241.36
ASN-HIPERCOM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.lillefrekke.no/xtt/index.php?u=d8hb464ry540tqmyvjypzjqth0z7ncmln94nscyrltjwnfzpyt0vf4wthsfpAAkwckyAlw6jfyn8bwjfp2Ahgzjcz6sjq034Aq7v7w5k470k3hkn5nvxwj9yrtccz102

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

213.162.241.36 Tau, Norway, ASN28824 (ASN-HIPERCOM, NO),

Reverse DNS

cachetur.no

Software

Apache /

Resource Hash

cdcc6d6dcda827a694dce8bfa9a1ab41113b629ef1cc11f886866af9194c81d0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.lillefrekke.no
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://www.lillefrekke.no/xtt/index.php?u=tf3lwfhmqmg2Ajp6wjfztyl9266ydxw4g06w73d1n8jzcxs17grjm7qAvs5x6cAk7w5qqs590dwkvtw9mv1fl66x9t78d5x0l5gmty85Awzdv07xbn7z07h7A6x2b96kfpcwkxhx1d83584A3jb8syb6s2
Cookie: COOKIE%253BGAPS%253B%252F%253Baccounts.google.com=1%253AGCsW6LmzLWKq1f2FM71qYIKqCyKV8g%253Al6PQp0t8D-XGfVPm%253BSecure
Connection: keep-alive
Cache-Control: no-cache
Referer: https://www.lillefrekke.no/xtt/index.php?u=tf3lwfhmqmg2Ajp6wjfztyl9266ydxw4g06w73d1n8jzcxs17grjm7qAvs5x6cAk7w5qqs590dwkvtw9mv1fl66x9t78d5x0l5gmty85Awzdv07xbn7z07h7A6x2b96kfpcwkxhx1d83584A3jb8syb6s2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36

Response headers

Date: Sat, 02 Dec 2017 17:48:30 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Age: 2098031
Content-Disposition: inline; filename="avatar_2x.png"
Connection: Keep-Alive
Alt-Svc: hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"
Content-Length: 599
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 21 Apr 2016 03:17:22 GMT
Server: Apache
Strict-Transport-Security: max-age=15768000
Content-Type: image/png
Vary: Accept-Encoding,User-Agent
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Expires: Thu, 08 Nov 2018 11:01:20 GMT

GET
H/1.1 404
Not Found index.php
www.lillefrekke.no/xtt/ 2 KB
0 343ms
270ms Image
text/html 213.162.241.36
ASN-HIPERCOM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.lillefrekke.no/xtt/index.php?u=6hq8ngvts6lhbr4tr4v6dwhylr3pd3lgpl3x20fk03Axkms7df74r9gffh7jg0mskpljg28cp3dkn3qbtzlvb47x0btmczr9wjflp22ld73l0t4274wy1dAcfxy6bf9db80trcskx337s9jfdvvbqt1h4pwnzb7875hp9htlhd8p009sjApbxn64631plxjswq52jp7lsb2yclb75rq7f5g5Akg7skrzr6147d6wsl2Anb7qxl3vlsx2d7fcsl0bg412t7vd4w2A35ws718gxm6d9A3zqy48kzhxA25dxs1j6923wjqhvs5n846kdAlgzvjvq3ly0v1h0h34jgxj2hcyfqrb155xAnmg5t720s8d35bncdtcdz7tk3f6v2bd264pm4hrf7yksv2snnsklt0jlx1rfhl18ddzjcdbk4kvhpx455378t5vyfbl75l3jb58tft6n0xpkvAdd0trvg0f1151y1byfp8qvq8ysbsgqcv3k9qkzmwtdAsAr0rql5c7vAjf9tk59lvAgrgpj7yl0dw0qj40qr82tsxygAm5bgh0vzl47phwvbl448k9vzjnqk6vq8gAt5d1x69v6wkz9rtwh585r975rd1dA1p2ffnbk96s23shlydl2lnxkp4rbxl2gctflt3rwcz9n00480t4k1kvf9b1p6ytt0d6122d6r9s1yggvrz37c4z46858swzrh992

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

213.162.241.36 Tau, Norway, ASN28824 (ASN-HIPERCOM, NO),

Reverse DNS

cachetur.no

Software

Apache /

Resource Hash

8cd94fff15b76f8d3ac1dbe058f14e2e091f34360f3d3d184e03a5dc030839c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.lillefrekke.no
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://www.lillefrekke.no/xtt/index.php?u=tf3lwfhmqmg2Ajp6wjfztyl9266ydxw4g06w73d1n8jzcxs17grjm7qAvs5x6cAk7w5qqs590dwkvtw9mv1fl66x9t78d5x0l5gmty85Awzdv07xbn7z07h7A6x2b96kfpcwkxhx1d83584A3jb8syb6s2
Cookie: COOKIE%253BGAPS%253B%252F%253Baccounts.google.com=1%253AGCsW6LmzLWKq1f2FM71qYIKqCyKV8g%253Al6PQp0t8D-XGfVPm%253BSecure
Connection: keep-alive
Cache-Control: no-cache
Referer: https://www.lillefrekke.no/xtt/index.php?u=tf3lwfhmqmg2Ajp6wjfztyl9266ydxw4g06w73d1n8jzcxs17grjm7qAvs5x6cAk7w5qqs590dwkvtw9mv1fl66x9t78d5x0l5gmty85Awzdv07xbn7z07h7A6x2b96kfpcwkxhx1d83584A3jb8syb6s2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36

Response headers

Date: Sat, 02 Dec 2017 17:48:30 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Content-Security-Policy-Report-Only: script-src 'report-sample' 'nonce-bTHPtWtuFF5cR45y70lExrWOuY4' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
Content-Disposition: inline; filename="ogcAAAAASUVORK5CYII="
Connection: Keep-Alive
Alt-Svc: hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"
Content-Length: 1136
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=15768000
Content-Type: text/html; charset=utf-8
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Keep-Alive: timeout=5, max=100
Expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK index.php
www.lillefrekke.no/xtt/ 4 KB
4 KB 311ms
237ms Image
image/png 213.162.241.36
ASN-HIPERCOM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.lillefrekke.no/xtt/index.php?u=n50v8np1gjt7x8y3c12c88h1A4xxs2fj4b0A2b9nxtb5m4ncs2mysAp630rl06d9wdksx32rpd0rdcrcf2rd9tAwvzp1ddnncq3dnxq2zcbbglfx8hz0Az7djwz6fbmg

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

213.162.241.36 Tau, Norway, ASN28824 (ASN-HIPERCOM, NO),

Reverse DNS

cachetur.no

Software

Apache /

Resource Hash

05cdc120325f04f53e3ec7dbba877500d94db5a47e38fb6a2cc96fa3d1d7664c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.lillefrekke.no
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://www.lillefrekke.no/xtt/index.php?u=tf3lwfhmqmg2Ajp6wjfztyl9266ydxw4g06w73d1n8jzcxs17grjm7qAvs5x6cAk7w5qqs590dwkvtw9mv1fl66x9t78d5x0l5gmty85Awzdv07xbn7z07h7A6x2b96kfpcwkxhx1d83584A3jb8syb6s2
Cookie: COOKIE%253BGAPS%253B%252F%253Baccounts.google.com=1%253AGCsW6LmzLWKq1f2FM71qYIKqCyKV8g%253Al6PQp0t8D-XGfVPm%253BSecure
Connection: keep-alive
Cache-Control: no-cache
Referer: https://www.lillefrekke.no/xtt/index.php?u=tf3lwfhmqmg2Ajp6wjfztyl9266ydxw4g06w73d1n8jzcxs17grjm7qAvs5x6cAk7w5qqs590dwkvtw9mv1fl66x9t78d5x0l5gmty85Awzdv07xbn7z07h7A6x2b96kfpcwkxhx1d83584A3jb8syb6s2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36

Response headers

Date: Sat, 02 Dec 2017 17:48:30 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Age: 2097632
Content-Disposition: inline; filename="wlogostrip_230x17_1x.png"
Connection: Keep-Alive
Alt-Svc: hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"
Content-Length: 4308
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 21 Apr 2016 03:17:22 GMT
Server: Apache
Strict-Transport-Security: max-age=15768000
Content-Type: image/png
Vary: Accept-Encoding,User-Agent
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Expires: Thu, 08 Nov 2018 11:07:59 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Google (Online)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.www.lillefrekke.no/	1970-01-19 05:35:08	Name: COOKIE%253BGAPS%253B%252F%253Baccounts.google.com Value: 1%253AGCsW6LmzLWKq1f2FM71qYIKqCyKV8g%253Al6PQp0t8D-XGfVPm%253BSecure

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

goo.gl
www.lillefrekke.no
213.162.241.36
2a00:1450:4001:806::200e
05cdc120325f04f53e3ec7dbba877500d94db5a47e38fb6a2cc96fa3d1d7664c
21c7180c568bf115a0784629a8e5575103007f66ab2b964ab1d7f3290f5ab370
35a21333c81302e934ee42b7b85b2c6a731bfffb418fe52fe795cb1974186976
59404af2d92c53ad1ee9e21b252c07c77dcba810b248a79d6ae989b1ff63c7d6
6abe2f2c9ef6237827bc11dcc4d9b75cbbead33da6781230d4ca9737259ee431
8868d2a2f803ea6802d54a11564b5b96c7d8be56117a328c8f605539d6dee167
8cd94fff15b76f8d3ac1dbe058f14e2e091f34360f3d3d184e03a5dc030839c7
9ecd5e18216a965021f794cc1fd255767f8437ce1dd6c6c2ff4ceea7ccc0073d
cdcc6d6dcda827a694dce8bfa9a1ab41113b629ef1cc11f886866af9194c81d0

www.lillefrekke.no Open in urlscan Pro 213.162.241.36 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

9 Requests

100 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

1 IPs

2 Countries

40 kBTransfer

88 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

1 Cookies

Security Headers

Indicators

www.lillefrekke.no Open in urlscan Pro
213.162.241.36 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

1
IPs

2
Countries

40 kB
Transfer

88 kB
Size

1
Cookies

9 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!