www.lillefrekke.no
Open in
urlscan Pro
213.162.241.36
Malicious Activity!
Public Scan
Effective URL: https://www.lillefrekke.no/xtt/index.php?u=tf3lwfhmqmg2Ajp6wjfztyl9266ydxw4g06w73d1n8jzcxs17grjm7qAvs5x6cAk7w5qqs590dwkvtw9...
Submission: On December 02 via manual from IS
Summary
TLS certificate: Issued by Symantec Basic DV SSL CA - G2 on January 25th 2017. Valid for: a year.
This is the only time www.lillefrekke.no was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Google (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 2a00:1450:400... 2a00:1450:4001:806::200e | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
9 | 213.162.241.36 213.162.241.36 | 28824 (ASN-HIPERCOM) (ASN-HIPERCOM) | |
9 | 1 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
lillefrekke.no
www.lillefrekke.no |
40 KB |
1 |
goo.gl
1 redirects
goo.gl |
856 B |
9 | 2 |
Domain | Requested by | |
---|---|---|
9 | www.lillefrekke.no |
www.lillefrekke.no
|
1 | goo.gl | 1 redirects |
9 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.lillefrekke.no Symantec Basic DV SSL CA - G2 |
2017-01-25 - 2018-01-25 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.lillefrekke.no/xtt/index.php?u=tf3lwfhmqmg2Ajp6wjfztyl9266ydxw4g06w73d1n8jzcxs17grjm7qAvs5x6cAk7w5qqs590dwkvtw9mv1fl66x9t78d5x0l5gmty85Awzdv07xbn7z07h7A6x2b96kfpcwkxhx1d83584A3jb8syb6s2
Frame ID: 29350.1
Requests: 9 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://goo.gl/mZCPFW
HTTP 301
https://www.lillefrekke.no/xtt/index.php?u=tf3lwfhmqmg2Ajp6wjfztyl9266ydxw4g06w73d1n8jzcxs17grjm7qAvs5x... Page URL
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://goo.gl/mZCPFW
HTTP 301
https://www.lillefrekke.no/xtt/index.php?u=tf3lwfhmqmg2Ajp6wjfztyl9266ydxw4g06w73d1n8jzcxs17grjm7qAvs5x6cAk7w5qqs590dwkvtw9mv1fl66x9t78d5x0l5gmty85Awzdv07xbn7z07h7A6x2b96kfpcwkxhx1d83584A3jb8syb6s2 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
9 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
Cookie set
index.php
www.lillefrekke.no/xtt/ Redirect Chain
|
61 KB 16 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index.php
www.lillefrekke.no/xtt/ |
115 B 131 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index.php
www.lillefrekke.no/xtt/ |
199 B 220 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index.php
www.lillefrekke.no/xtt/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index.php
www.lillefrekke.no/xtt/ |
9 KB 9 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index.php
www.lillefrekke.no/xtt/ |
9 KB 9 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index.php
www.lillefrekke.no/xtt/ |
626 B 599 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index.php
www.lillefrekke.no/xtt/ |
2 KB 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index.php
www.lillefrekke.no/xtt/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Google (Online)0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.www.lillefrekke.no/ | Name: COOKIE%253BGAPS%253B%252F%253Baccounts.google.com Value: 1%253AGCsW6LmzLWKq1f2FM71qYIKqCyKV8g%253Al6PQp0t8D-XGfVPm%253BSecure |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31536000; includeSubDomains max-age=15768000 |
X-Content-Type-Options | nosniff |
X-Frame-Options | DENY |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
goo.gl
www.lillefrekke.no
213.162.241.36
2a00:1450:4001:806::200e
05cdc120325f04f53e3ec7dbba877500d94db5a47e38fb6a2cc96fa3d1d7664c
21c7180c568bf115a0784629a8e5575103007f66ab2b964ab1d7f3290f5ab370
35a21333c81302e934ee42b7b85b2c6a731bfffb418fe52fe795cb1974186976
59404af2d92c53ad1ee9e21b252c07c77dcba810b248a79d6ae989b1ff63c7d6
6abe2f2c9ef6237827bc11dcc4d9b75cbbead33da6781230d4ca9737259ee431
8868d2a2f803ea6802d54a11564b5b96c7d8be56117a328c8f605539d6dee167
8cd94fff15b76f8d3ac1dbe058f14e2e091f34360f3d3d184e03a5dc030839c7
9ecd5e18216a965021f794cc1fd255767f8437ce1dd6c6c2ff4ceea7ccc0073d
cdcc6d6dcda827a694dce8bfa9a1ab41113b629ef1cc11f886866af9194c81d0