Report - amgl.co.tz/wp-includes/ID3/ink/295431035-ut_svcs-4310/bWRlYW5AdGFzbWFuLWdlby5jb20=

Report Overview

Visited public
2023-10-23 05:48:39
Tags
phishing microsoft outlook
URL
amgl.co.tz/wp-includes/ID3/ink/295431035-ut_svcs-4310/bWRlYW5AdGFzbWFuLWdlby5jb20=
Finishing URL
relasjonsselskapet.no/Mmdean@tasman-geo.com
IP / ASN
192.254.236.110
#46606 UNIFIEDLAYER-AS-1
Title
Just a moment...
Phishing - Microsoft Outlook

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
challenges.cloudflare.com	unknown	2009-02-17	2021-10-20 07:02:03	2023-10-22 20:10:38	8.7 kB	789 kB	104.17.3.184
relasjonsselskapet.no	unknown	2015-09-25	2017-02-02 16:26:07	2023-10-20 17:52:45	3.2 kB	212 kB	104.21.69.248
oogjen.be	unknown	2012-12-28	2019-07-11 17:33:45	2023-10-23 01:12:08	895 B	2.8 kB	188.114.96.1
amgl.co.tz	unknown	2009-07-27	2020-12-16 20:02:25	2023-10-23 01:11:46	538 B	238 B	192.254.236.110
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17 22:46:33	2023-10-23 00:36:16	451 B	29 kB	104.17.25.14

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-10-20	medium	relasjonsselskapet.no/	Generic/Spear Phishing
2023-10-20	medium	relasjonsselskapet.no/	Generic/Spear Phishing
2023-10-20	medium	relasjonsselskapet.no/	Generic/Spear Phishing
2023-10-20	medium	relasjonsselskapet.no/	Generic/Spear Phishing
2023-10-20	medium	relasjonsselskapet.no/	Generic/Spear Phishing
2023-10-20	medium	relasjonsselskapet.no/	Generic/Spear Phishing

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-10-22	medium	relasjonsselskapet.no	Sinkholed
2023-10-22	medium	relasjonsselskapet.no	Sinkholed
2023-10-22	medium	relasjonsselskapet.no	Sinkholed
2023-10-22	medium	relasjonsselskapet.no	Sinkholed
2023-10-22	medium	relasjonsselskapet.no	Sinkholed

ThreatFox

No alerts detected

JavaScript (7)

	URL	From	Size	First Seen	Last Seen
	challenges.cloudflare.com/turnstile/v0/b/7ff8d35b/api.js?onload=CeHd9&render=explicit	ScriptElement	34 kB	2023-10-12	2023-10-24
Pretty URL challenges.cloudflare.com/turnstile/v0/b/7ff8d35b/api.js?onload=CeHd9&render=explicit IP 104.17.2.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-12 19:01 Last Seen2023-10-24 16:16 Times Seen7437 Hash a65b6a0168a66b4f0db4dd65c60d8e3a fe403c2a8c9ce0f11185940892ad3479c3355c93 7e0b26f08c9a0d0a70e887541e8165472579233b92950835dd2bdde9963d1b8a Loading...

	relasjonsselskapet.no/Mmdean@tasman-geo.com	ScriptElement	6.0 kB	2024-08-21	2024-08-21
Pretty URL relasjonsselskapet.no/Mmdean@tasman-geo.com IP 104.21.69.248 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-21 03:47 Last Seen2024-08-21 03:47 Times Seen1 Hash f19b73882702ab4fc9d745b7e5e06002 080844ae21fd1d69254726594b4d4bf417ad799d 79ce2e2bd343609adab77e451b61b60c1a30531dd5aea71893e5f8e54c0c8660 Loading...

	relasjonsselskapet.no/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=81a7b0ed39deb4f9	ScriptElement	171 kB	2023-10-23	2023-10-23
Pretty URL relasjonsselskapet.no/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=81a7b0ed39deb4f9 IP 104.21.69.248 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-23 07:48 Last Seen2023-10-23 07:49 Times Seen2 Hash fe7f24b008c60acced158ac58c67785f c5c2e0b9471121300720cdbf6cdc62cc50cc22b5 052860108c50b9e43c6ccb2885c932779f45621cf542e33b103ee34cf7240a58 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 626fa5ff6acd84d6b023f5235ff2735d	142 B	2023-10-12 20:20	2024-08-21 04:58
Pretty Observations First Seen2023-10-12 20:20 Last Seen2024-08-21 04:58 Times Seen2564 Hash 626fa5ff6acd84d6b023f5235ff2735d ea0678c559c58bda90387dec055c03a986e1d1dd 2ff7be104c698f19c52544709bf5993c09bd85d24921ba2e559b86a5a92ca362 Loading...

	#2 Eval - 9e925e9341b490bfd3b4c4ca3b0c1ef2	4 B	2023-03-07 01:03	2025-05-09 11:48
Pretty Observations First Seen2023-03-07 01:03 Last Seen2025-05-09 11:48 Times Seen368770 Hash 9e925e9341b490bfd3b4c4ca3b0c1ef2 c2543fff3bfa6f144c2f06a7de6cd10c0b650cae 1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408 Loading...

	#3 Eval - 89365f75cf21d561f4f41897c8792225	1.8 kB	2024-08-21 03:47	2024-08-21 03:47
Pretty Observations First Seen2024-08-21 03:47 Last Seen2024-08-21 03:47 Times Seen2 Hash 89365f75cf21d561f4f41897c8792225 050595fe414c600cc41074b610b34e3be6d5f91e 5ff5ccaf19ccfc44abcad27db0ca7975391492e46d4a1398dece105e2709372e Loading...

		Size	First Seen	Last Seen
	#1 Write - e81199c8f011ea55bd1993f56d057ecf	3.6 kB	2023-10-12 19:01	2024-08-21 04:58
Pretty Observations First Seen2023-10-12 19:01 Last Seen2024-08-21 04:58 Times Seen14250 Hash e81199c8f011ea55bd1993f56d057ecf 94d8d4eca02b39294321ccb082fcd9a3e8c6a3c5 be3ce6b53b4c0030ff52fe4528fc2df52ca66931b5282b24b9b3a4823c0455c2 Loading...

HTTP Transactions (24)

URL IP Response Size

amgl.co.tz/wp-includes/ID3/ink/295431035-ut_svcs-4310/bWRlYW5AdGFzbWFuLWdlby5jb20=

192.254.236.110

0 B

URL
amgl.co.tz/wp-includes/ID3/ink/295431035-ut_svcs-4310/bWRlYW5AdGFzbWFuLWdlby5jb20=
IP
192.254.236.110:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /wp-includes/ID3/ink/295431035-ut_svcs-4310/bWRlYW5AdGFzbWFuLWdlby5jb20= HTTP/1.1
Host: amgl.co.tz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 23 Oct 2023 05:48:15 GMT
server: nginx/1.21.6
content-type: text/html; charset=UTF-8
content-length: 0
refresh: 0;url=https://oogjen.be/floor/#mdean@tasman-geo.com
x-server-cache: false
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js

104.17.25.14

200 OK

28 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://oogjen.be/floor/#mdean@tasman-geo.com
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65451)
Size
28 kB (28007 bytes)
Hash
dc5e7f18c8d36ac1d3d4753a87c98d0a
c8e1c8b386dc5b7a9184c763c88d19a346eb3342
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

HTTP Headers

GET /ajax/libs/jquery/3.5.1/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://oogjen.be
DNT: 1
Connection: keep-alive
Referer: https://oogjen.be/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 23 Oct 2023 05:48:24 GMT
content-type: application/javascript; charset=utf-8
content-length: 28007
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "64942b1e-6d67"
last-modified: Thu, 22 Jun 2023 11:06:06 GMT
cf-cdnjs-via: cfworker/r2
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 4009567
expires: Sat, 12 Oct 2024 05:48:24 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7mq0aVUWIMzRAl5sHc3%2FNw%2Bu4xda37BKR7EZm4pkIIVNq2HUzM98jpGnnJBEys0qEETXCSFlb8lB9m1b76GpmZEIJqYpN4b7u%2FgVk2cLKoNiFO5inS431oNxB%2BjpT6fHU0731Jwe"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 81a7b0db9c53b515-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/81a7b0dd0cc356ca/1698040105178/5171ac86fc27a66e1d17b42ee8cf6227e2b0d65d818c577c1e7557aebd6b12ae/IfekFy_zNnB8izL

104.17.3.184

401 Unauthorized

1 B

URL GET HTTP/3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/81a7b0dd0cc356ca/1698040105178/5171ac86fc27a66e1d17b42ee8cf6227e2b0d65d818c577c1e7557aebd6b12ae/IfekFy_zNnB8izL
IP
104.17.3.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/t9b09/0x4AAAAAAAL2Hh0BZ8NIn_7o/light/normal
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
ff44570aca8241914870afbc310cdb85
58668e7669fd564d99db5d581fcdb6a5618440b5
6da43b944e494e885e69af021f93c6d9331c78aa228084711429160a5bbd15b5

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/pat/81a7b0dd0cc356ca/1698040105178/5171ac86fc27a66e1d17b42ee8cf6227e2b0d65d818c577c1e7557aebd6b12ae/IfekFy_zNnB8izL HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/t9b09/0x4AAAAAAAL2Hh0BZ8NIn_7o/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 401 Unauthorized
date: Mon, 23 Oct 2023 05:48:26 GMT
content-type: text/plain; charset=UTF-8
www-authenticate: PrivateToken challenge=AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20gUXGshvwnpm4dF7Qu6M9iJ-Kw1l2BjFd8HnVXrr1rEq4AGWNoYWxsZW5nZXMuY2xvdWRmbGFyZS5jb20=, token-key=MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEA39AZ7kyBk8Q0lEWS5oPUMtpOMymrZsxrNXH50259GmZdj74DLOimsMTtYbtBNdkDYju3CqV2KufOBo69GBDcQ-uqHrPRuwdDLt7XSepPh6Ks8IjJgS_mcNxk30412yCMeKsWqKdHm9aTKrC-moEdC1PzNfXskY25RJqFQXXOO85VlztTgqGJEdmgRDl5zztez_9r4x7g9uMu7KIunaTV_BaoVaApkyWxRGk_5hJfO1zybrAqOEMZMvCXHViLAkpr0fPIYYWgtW33GwdNf793wD-uig3k0kdlyuv1FZVYRSVTh9DgjMLQJ1Eyb-skIVxYiX9Mo0IHrG8CWGTD3Zrv1wIDAQAB, max-age=20
server: cloudflare
cf-ray: 81a7b0eafcb956ca-OSL
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=81a7b0f0adaab4f3

104.17.2.184

200 OK

178 kB

URL GET HTTP/3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=81a7b0f0adaab4f3
IP
104.17.2.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/dhgxw/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
178 kB (178375 bytes)
Hash
4deb90b37000bef4ed37eb2e4d721e2f
f5d85670654140addf3b14d7761f41ec51910a61
61d64a6cd0c87a28e76f69167a58f407b56ae59de1730af8bd6732965f4a5993

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=81a7b0f0adaab4f3 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/dhgxw/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 23 Oct 2023 05:48:31 GMT
content-type: application/javascript; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
server: cloudflare
cf-ray: 81a7b10b0fe0b4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1667558372:1698037551:4Xbo9yffeT_japy4Rt64HXHmIadqnZ_F3VxPxyuGuYg/81a7b0dd0cc356ca/3d7b3a34d11abae

104.17.3.184

200 OK

3.4 kB

URL POST HTTP/3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1667558372:1698037551:4Xbo9yffeT_japy4Rt64HXHmIadqnZ_F3VxPxyuGuYg/81a7b0dd0cc356ca/3d7b3a34d11abae
IP
104.17.3.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/t9b09/0x4AAAAAAAL2Hh0BZ8NIn_7o/light/normal
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

File type
ASCII text, with very long lines (3368), with no line terminators
Size
3.4 kB (3368 bytes)
Hash
be02eaebbe142bbb89453c903aaeda4b
80a44c19688f1ab932dc83fe4916b83b290852f4
2370402d03148c95ec35adb372c7e4f45b61976863bfb54ea9568fef77580b9a

HTTP Headers

POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1667558372:1698037551:4Xbo9yffeT_japy4Rt64HXHmIadqnZ_F3VxPxyuGuYg/81a7b0dd0cc356ca/3d7b3a34d11abae HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/t9b09/0x4AAAAAAAL2Hh0BZ8NIn_7o/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: 3d7b3a34d11abae
Content-Length: 24478
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 23 Oct 2023 05:48:26 GMT
content-type: text/html; charset=UTF-8
cf-chl-out: rgkvM2PEH1dHSUH7Z84gYuiE1VYK6/5kH3y0XtP7mQkN+UuNdNbq0jWnju+UqOi7J5qFooq/F4/wto0+qK4tul4Bs8MvLQPA0++Q1t83tYKvm5e7lVpIH94Bp9LKrtme$nr1R9ImcJ5yQo97yNM4OUA==
cf-chl-out-s: Vrkpm7qd5gUygY5jChOgVw/e+JUxnkI8IvjpxXm/Ua56h/SwkNUZYfnYKUSFS5yf5hS2uAPOrMX64jeFOwPDiD+zlzHcNHM1R4zb6pDtqWrDNfV/82FLRs4dZDoK1jGimaw6aV37OKicI7MuGW2k2NrIVZFWYrckyZ/csjTyZo4jmYsGOxd54qBVx+5KWckTQJAYm+3HV63B+w7o3hhqUqpAJU+7H+cKrI4x5a3p8cNSZCu+lMgtjQc1XcwAtwTqbaUGcckLMNQyqC2cY2C6pg==$AWq++nx8mWz98jwnvgrZ+A==
server: cloudflare
cf-ray: 81a7b0ec8dd656ca-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

relasjonsselskapet.no/favicon.ico

104.21.69.248

403 Forbidden

5.6 kB

URL GET HTTP/3
relasjonsselskapet.no/favicon.ico
IP
104.21.69.248:443
ASN
#13335 CLOUDFLARENET

Requested by
https://relasjonsselskapet.no/Mmdean@tasman-geo.com
Certificate
IssuerLet's Encrypt
Subjectrelasjonsselskapet.no
FingerprintD8:24:95:1C:56:D7:AA:48:BF:F5:E1:1E:E2:4E:2A:60:B7:85:8B:CD
ValidityFri, 06 Oct 2023 11:24:49 GMT - Thu, 04 Jan 2024 11:24:48 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (5654), with no line terminators
Size
5.6 kB (5599 bytes)
Hash
48cb2b7aa4e02d18040fdf7f0961490a
19c5f6aa694267dcbbb72c390c4c55e717a6dce2
8b7db0b101b45f94821a8441f2783e842fcf86209d0ba41a17100ee711e82fed

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Generic/Spear Phishing
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: relasjonsselskapet.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://relasjonsselskapet.no/Mmdean@tasman-geo.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 403 Forbidden
date: Mon, 23 Oct 2023 05:48:27 GMT
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-frame-options: SAMEORIGIN
cf-mitigated: challenge
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1kOiHdJa1ZXayXKx5reIglTbqSRYyXi5D26yR9FaE%2F5RzTEWx%2F32%2FchM8NVzLRju%2BK8d2NYvCNzeYWH6KduLimOXIENg9FHf%2Fd7D6r63UR22RZ9Wg%2BPwPlGUZtbVoWlfRLr7Fv42BGs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 81a7b0eedaceb4f9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/turnstile/v0/b/7ff8d35b/api.js?onload=CeHd9&render=explicit

104.17.2.184

200 OK

34 kB

URL GET HTTP/2
challenges.cloudflare.com/turnstile/v0/b/7ff8d35b/api.js?onload=CeHd9&render=explicit
IP
104.17.2.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://relasjonsselskapet.no/Mmdean@tasman-geo.com
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

File type
ASCII text, with very long lines (34169)
Size
34 kB (34170 bytes)
Hash
a65b6a0168a66b4f0db4dd65c60d8e3a
fe403c2a8c9ce0f11185940892ad3479c3355c93
7e0b26f08c9a0d0a70e887541e8165472579233b92950835dd2bdde9963d1b8a

HTTP Headers

GET /turnstile/v0/b/7ff8d35b/api.js?onload=CeHd9&render=explicit HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://relasjonsselskapet.no
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 23 Oct 2023 05:48:27 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31536000
vary: Accept-Encoding
server: cloudflare
cf-ray: 81a7b0ef88fcb517-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

relasjonsselskapet.no/cdn-cgi/challenge-platform/h/b/flow/ov1/167753281:1698037696:42BsWydJaTxTJPtQyfJdMyr2qF30ieOuBx-mHtz2dcU/81a7b0ed39deb4f9/e0f23afca8daf7c

104.21.69.248

200 OK

11 kB

URL POST HTTP/3
relasjonsselskapet.no/cdn-cgi/challenge-platform/h/b/flow/ov1/167753281:1698037696:42BsWydJaTxTJPtQyfJdMyr2qF30ieOuBx-mHtz2dcU/81a7b0ed39deb4f9/e0f23afca8daf7c
IP
104.21.69.248:443
ASN
#13335 CLOUDFLARENET

Requested by
https://relasjonsselskapet.no/Mmdean@tasman-geo.com
Certificate
IssuerLet's Encrypt
Subjectrelasjonsselskapet.no
FingerprintD8:24:95:1C:56:D7:AA:48:BF:F5:E1:1E:E2:4E:2A:60:B7:85:8B:CD
ValidityFri, 06 Oct 2023 11:24:49 GMT - Thu, 04 Jan 2024 11:24:48 GMT

File type
ASCII text, with very long lines (11016), with no line terminators
Size
11 kB (11016 bytes)
Hash
9ec06d72513cbd05a5dde1d0b7d2a259
d6bd4c18bc0e68bc3c4bd9eb3b2fc3c247c30505
ad8540349ae2b0debb29d9c624c3f948966ef4645f227971ffa5ca8bcebd7ad5

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Generic/Spear Phishing
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /cdn-cgi/challenge-platform/h/b/flow/ov1/167753281:1698037696:42BsWydJaTxTJPtQyfJdMyr2qF30ieOuBx-mHtz2dcU/81a7b0ed39deb4f9/e0f23afca8daf7c HTTP/1.1
Host: relasjonsselskapet.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://relasjonsselskapet.no/Mmdean@tasman-geo.com
Content-type: application/x-www-form-urlencoded
CF-Challenge: e0f23afca8daf7c
Content-Length: 1798
Origin: https://relasjonsselskapet.no
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 23 Oct 2023 05:48:27 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: lNMVlJoRtIOn9c9d+WgmiZ0YR95RKJmxdy5cQDA2lYSVnJ0wNXdobC9N072HcrV7$ROarsWfaFTA1oIfgwk6f0g==
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iL9xoKfyiatOZfXZ5iSbjb7dXUjKur0ZFVaTYdslv4LzU%2FGEmSonEYuc5pJtj3xZ8%2FAsIlfVVtQdbYSNanDhPYxlHupDZXON5Kk04EakUZzhbqPJ8JSpdcV%2FBiVZaoSGM4xccg77Y80%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 81a7b0f01bb4b4f9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/391069154:1698037753:6mePzBFLbEx5qd7yzugcI050LQWmZPKOtcHbhDjgr8Y/81a7b0f0adaab4f3/6ae1a560d14519c

104.17.2.184

200 OK

90 kB

URL POST HTTP/3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/391069154:1698037753:6mePzBFLbEx5qd7yzugcI050LQWmZPKOtcHbhDjgr8Y/81a7b0f0adaab4f3/6ae1a560d14519c
IP
104.17.2.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/dhgxw/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
90 kB (89712 bytes)
Hash
634b6402b95894c1fa5c82eb0c252d7c
80db340d5b057f24d2b1635a30aba6c8acedc182
cc74ce94e1206385ad6ff3b0701dcb4d7d3c856e253130722f2841adde1db582

HTTP Headers

POST /cdn-cgi/challenge-platform/h/b/flow/ov1/391069154:1698037753:6mePzBFLbEx5qd7yzugcI050LQWmZPKOtcHbhDjgr8Y/81a7b0f0adaab4f3/6ae1a560d14519c HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/dhgxw/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: 6ae1a560d14519c
Content-Length: 3161
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 23 Oct 2023 05:48:32 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: M8szgPKxQgpJ3ghXJJat/PzE0TZVwzYx4PZDwXCwU2M4CzEFerEJp5K9y9KvoTGv+VHIrQ/EV75yfzJe14qewiyBUFwyeCaQ3LlnPUp7kDRmVQ972fynVZwkOXXrKN4nrI8bIoJPbme+VhkXrjpo0FBKQWdluodUCExweA6K6ZbXPeo2vm/xcHnVMXjKSg8YPqByolXIo26LK9/igkpQEoc843twys1cu+LuC4ggtzTCN5Ztp2XDrS6NBa8KVU7B061So/T9lum8G9FOeKPaQihOB2Nz62hpoV0dkHXqZysttdZi1FwTgLtoUV8x3ugI738BCcGX6tyl0eblqKe0Ot4GPT56fqmGgicMO6NXI2+vPu6n3LRSxkrP5m0OISyomAbo34j3FuUd1mjAqL0UneCR+OyyKqB1Tpd6j3T1444vjH+qlYy16/zqsT8NVJAdjR3uS7PF//SknC4Ls38RGjtw+/RdIKAtDKv2yGQiY74=$NWHICIuWjbFTS+XWbv3ncA==
server: cloudflare
cf-ray: 81a7b10cd995b4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/t9b09/0x4AAAAAAAL2Hh0BZ8NIn_7o/light/normal

104.17.3.184

200 OK

72 kB

URL GET HTTP/3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/t9b09/0x4AAAAAAAL2Hh0BZ8NIn_7o/light/normal
IP
104.17.3.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://oogjen.be/floor/#mdean@tasman-geo.com
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (39843)
Size
72 kB (71783 bytes)
Hash
56bf5531b5e9703cabd67aedaddcf420
61cd97897385f083e97ea2ad35bf2adaf94e77f5
b226b2c0f0a5365bf9c483405e8aa75edb2308512f22a4381a0d409b9d82cff6

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/t9b09/0x4AAAAAAAL2Hh0BZ8NIn_7o/light/normal HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://oogjen.be/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 23 Oct 2023 05:48:24 GMT
content-type: text/html; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-security-policy: frame-src https://challenges.cloudflare.com/; base-uri 'self'
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
document-policy: js-profiling
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
server: cloudflare
cf-ray: 81a7b0dd0cc356ca-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1667558372:1698037551:4Xbo9yffeT_japy4Rt64HXHmIadqnZ_F3VxPxyuGuYg/81a7b0dd0cc356ca/3d7b3a34d11abae

104.17.3.184

200 OK

80 kB

URL POST HTTP/3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1667558372:1698037551:4Xbo9yffeT_japy4Rt64HXHmIadqnZ_F3VxPxyuGuYg/81a7b0dd0cc356ca/3d7b3a34d11abae
IP
104.17.3.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/t9b09/0x4AAAAAAAL2Hh0BZ8NIn_7o/light/normal
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
80 kB (79976 bytes)
Hash
04e4e3b8db29bb15a081daf659f0dd65
fd588c338723dee33e811cf0bc9298bb4c081700
273ca230e35e4325808f25abe21c0e9290f30f23cbfc44a350881b6d36794170

HTTP Headers

POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1667558372:1698037551:4Xbo9yffeT_japy4Rt64HXHmIadqnZ_F3VxPxyuGuYg/81a7b0dd0cc356ca/3d7b3a34d11abae HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/t9b09/0x4AAAAAAAL2Hh0BZ8NIn_7o/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: 3d7b3a34d11abae
Content-Length: 2268
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 23 Oct 2023 05:48:25 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: vFz+VK2TEPRBxlcjmW06cd1KsDHnA9w7zqEfEx/Jx7hgnnhDLSja3LoBJKYTm/b3VieXktPE1eNhGfTxy4PMb1aLwgnp4629rPK0OK+t17h1RAh5MQB2lklFtcFhxiLNHnCXzDyVbq7SxNODDc3ki5RlPlQWR55ZaeLCB82Nhd1ogkQ55yzx5ZIrWymSfid9Rt3IuRjcvBtoLQjGXMDrxQv2qZaglhK+pWn1JWvqO5iXK7YD85o3tu2Q8K2esMi7sLOdozdEKNsOINt36e2qWy2YL/5+kRs5yHs/KyxaTwNhZHeiQhy386sUT2PjlKXvvXGskBbtrldKmKpP271uUNeW+Sc81dVByFhnHsrrfr1OSdYOKrr43x+3cc4TbvvkaAqrGAeFb1KC+UJTKUSwRw==$fD7JLMvexVDjQIdRQrVabg==
server: cloudflare
cf-ray: 81a7b0e14f3056ca-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

oogjen.be/favicon.ico

188.114.96.1

404 Not Found

196 B

URL GET HTTP/3
oogjen.be/favicon.ico
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://oogjen.be/floor/#mdean@tasman-geo.com
Certificate
IssuerGoogle Trust Services LLC
Subjectoogjen.be
Fingerprint56:50:13:FA:7A:E8:CD:AD:40:00:D2:DA:1D:29:00:82:E2:AC:0A:6C
ValidityWed, 18 Oct 2023 13:06:23 GMT - Tue, 16 Jan 2024 13:06:22 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Size
196 B (196 bytes)
Hash
4c2721a6662ce6d1ac5be54d16d51d12
a1541245769dedbff563e4ff40a83cb8d675e6e8
d3887c1020b92158055e9155e606f4cb8bed040d5a67e7550e74e8efbe649f8b

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: oogjen.be
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://oogjen.be/floor/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Mon, 23 Oct 2023 05:48:24 GMT
content-type: text/html; charset=iso-8859-1
x-varnish: 1502322549 1525975926
via: 1.1 webcache2 (Varnish/trunk)
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fuWVHTxKsvozLZOiyubYwhOYMs12fLCjBudmYC%2Bi5i9Ceu%2B3XzBbtQPYIMuo9EFMWAYYvsVdEs2ATCDJ4%2Fp8dyYcGA%2Fm9%2B70o52prSNLdETwQhJqADeJw%2F9aC7U%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 81a7b0dcd81eb500-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/9DKbiDfWH6ZjHxgSNTG3KHa3ucVmP6rj9MHN3bQn2%2BU%3D

104.17.3.184

200 OK

61 B

URL GET HTTP/3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/9DKbiDfWH6ZjHxgSNTG3KHa3ucVmP6rj9MHN3bQn2%2BU%3D
IP
104.17.3.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/t9b09/0x4AAAAAAAL2Hh0BZ8NIn_7o/light/normal
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

File type
PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced\012- data
Size
61 B (61 bytes)
Hash
9246cca8fc3c00f50035f28e9f6b7f7d
3aa538440f70873b574f40cd793060f53ec17a5d
c07d7d29e3c20fa6ca4c5d20663688d52bad13e129ad82ce06b80eb187d9dc84

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/cmg/1/9DKbiDfWH6ZjHxgSNTG3KHa3ucVmP6rj9MHN3bQn2%2BU%3D HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/t9b09/0x4AAAAAAAL2Hh0BZ8NIn_7o/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 23 Oct 2023 05:48:24 GMT
content-type: image/png
cache-control: max-age=2629800, public
server: cloudflare
cf-ray: 81a7b0defddb56ca-OSL
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/81a7b0dd0cc356ca/1698040105177/1Y4U_-S1xftUK2r

104.17.3.184

200 OK

61 B

URL GET HTTP/3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/81a7b0dd0cc356ca/1698040105177/1Y4U_-S1xftUK2r
IP
104.17.3.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/t9b09/0x4AAAAAAAL2Hh0BZ8NIn_7o/light/normal
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

File type
PNG image data, 72 x 91, 8-bit/color RGB, non-interlaced\012- data
Size
61 B (61 bytes)
Hash
831498c7ad7023d2500dbd32d3e406f8
841fd73981c5da5db49d2fa0e4c696151573b9bb
da981cf415fe378797cc6098622d718b3e5d6f52f205bef1dda7569a3df60278

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/i/81a7b0dd0cc356ca/1698040105177/1Y4U_-S1xftUK2r HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/t9b09/0x4AAAAAAAL2Hh0BZ8NIn_7o/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 23 Oct 2023 05:48:25 GMT
content-type: image/png
server: cloudflare
cf-ray: 81a7b0e65a1056ca-OSL
alt-svc: h3=":443"; ma=86400

relasjonsselskapet.no/Mmdean@tasman-geo.com

104.21.69.248

403 Forbidden

6.7 kB

URL User Request GET HTTP/2
relasjonsselskapet.no/Mmdean@tasman-geo.com
IP
104.21.69.248:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectrelasjonsselskapet.no
FingerprintD8:24:95:1C:56:D7:AA:48:BF:F5:E1:1E:E2:4E:2A:60:B7:85:8B:CD
ValidityFri, 06 Oct 2023 11:24:49 GMT - Thu, 04 Jan 2024 11:24:48 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (6763), with no line terminators
Size
6.7 kB (6708 bytes)
Hash
bfbfe5f24c03941440a5db6d2e7cfc6a
054008c7ba598f8480252bc5641a20e5baae4437
a0fe2fa6b36b7ddc2929b630e827c0adb7b5b245d071d435dd713af61f12e753

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Generic/Spear Phishing

HTTP Headers

GET /Mmdean@tasman-geo.com HTTP/1.1
Host: relasjonsselskapet.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://oogjen.be/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 403 Forbidden
date: Mon, 23 Oct 2023 05:48:27 GMT
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-frame-options: SAMEORIGIN
cf-mitigated: challenge
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nJ0RgvtkoyVfpR5U%2F7Wdm4OyV8DikM6uVg8RWxrN9Ks93wjTK2rcYHiAsRTGtCCKlGmXYOH0nXyRzIlo8oL9eHpJRn5prieAQvh2FfNg0R09K5WeS6MlstaIXS%2BOv74B1Td6N2sAyNE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 81a7b0ed39deb4f9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

relasjonsselskapet.no/cdn-cgi/styles/challenges.css

104.21.69.248

200 OK

6.6 kB

URL GET HTTP/3
relasjonsselskapet.no/cdn-cgi/styles/challenges.css
IP
104.21.69.248:443
ASN
#13335 CLOUDFLARENET

Requested by
https://relasjonsselskapet.no/Mmdean@tasman-geo.com
Certificate
IssuerLet's Encrypt
Subjectrelasjonsselskapet.no
FingerprintD8:24:95:1C:56:D7:AA:48:BF:F5:E1:1E:E2:4E:2A:60:B7:85:8B:CD
ValidityFri, 06 Oct 2023 11:24:49 GMT - Thu, 04 Jan 2024 11:24:48 GMT

File type
ASCII text, with very long lines (6608), with no line terminators
Size
6.6 kB (6600 bytes)
Hash
f0fd80732479959c893cfd7380f594bd
04111102f46bc02c195561743b3f41b4d5a349ca
704e70fc0fd54cb83a1100d48093680b73e0d3c45a32dc326c38355185aaf37f

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Generic/Spear Phishing
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cdn-cgi/styles/challenges.css HTTP/1.1
Host: relasjonsselskapet.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://relasjonsselskapet.no/Mmdean@tasman-geo.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 23 Oct 2023 05:48:27 GMT
content-type: text/css
last-modified: Mon, 16 Oct 2023 11:32:23 GMT
etag: W/"652d1f47-19c8"
server: cloudflare
cf-ray: 81a7b0ee6a96b4f9-OSL
x-frame-options: DENY
x-content-type-options: nosniff
vary: Accept-Encoding
expires: Mon, 23 Oct 2023 07:48:27 GMT
cache-control: max-age=7200, public
content-encoding: gzip

relasjonsselskapet.no/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=81a7b0ed39deb4f9

104.21.69.248

200 OK

171 kB

URL GET HTTP/3
relasjonsselskapet.no/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=81a7b0ed39deb4f9
IP
104.21.69.248:443
ASN
#13335 CLOUDFLARENET

Requested by
https://relasjonsselskapet.no/Mmdean@tasman-geo.com
Certificate
IssuerLet's Encrypt
Subjectrelasjonsselskapet.no
FingerprintD8:24:95:1C:56:D7:AA:48:BF:F5:E1:1E:E2:4E:2A:60:B7:85:8B:CD
ValidityFri, 06 Oct 2023 11:24:49 GMT - Thu, 04 Jan 2024 11:24:48 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
171 kB (171191 bytes)
Hash
fe7f24b008c60acced158ac58c67785f
c5c2e0b9471121300720cdbf6cdc62cc50cc22b5
052860108c50b9e43c6ccb2885c932779f45621cf542e33b103ee34cf7240a58

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Generic/Spear Phishing
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=81a7b0ed39deb4f9 HTTP/1.1
Host: relasjonsselskapet.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://relasjonsselskapet.no/Mmdean@tasman-geo.com?__cf_chl_rt_tk=fuHpxVHifvK2sO.WIvQgFPMSfktBoAcoFnr.qyjLb.I-1698040107-0-gaNycGzNDdA
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 23 Oct 2023 05:48:27 GMT
content-type: application/javascript; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T9IsVc7HL4UOkowrqcIvgs4dbSb93xWXQciO4Nd49ttPW2lepHUpBD%2F4uxLkhA78hW%2FXQn5K4tEicM%2FJiuseYV4mttvN%2BXJR5a3n%2BJxYl0CWKqVDIkt1eO7H8rPkGqQg2kcEYQ1XJQQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 81a7b0eebabcb4f9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback

104.17.3.184

302 Found

34 kB

URL GET HTTP/2
challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback
IP
104.17.3.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://oogjen.be/floor/#mdean@tasman-geo.com
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

File type

Size
34 kB (34170 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://oogjen.be/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Mon, 23 Oct 2023 05:48:24 GMT
vary: accept-encoding
cache-control: max-age=300, public
access-control-allow-origin: *
location: /turnstile/v0/b/7ff8d35b/api.js?onload=onloadTurnstileCallback
server: cloudflare
cf-ray: 81a7b0db9a83568e-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/dhgxw/0x4AAAAAAADnPIDROrmt1Wwj/light/normal

104.17.2.184

200 OK

72 kB

URL GET HTTP/3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/dhgxw/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
IP
104.17.2.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://relasjonsselskapet.no/Mmdean@tasman-geo.com
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (39843)
Size
72 kB (71866 bytes)
Hash
93943865278a132d0efa323fa7ff97a9
83fe464d7251fbd5729a55abe14ab0d9c768461d
403502041cbcc2ec62b32c2101827048e2b77033451294b625de92433421a07f

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/dhgxw/0x4AAAAAAADnPIDROrmt1Wwj/light/normal HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 23 Oct 2023 05:48:31 GMT
content-type: text/html; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-security-policy: frame-src https://challenges.cloudflare.com/; base-uri 'self'
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
document-policy: js-profiling
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
server: cloudflare
cf-ray: 81a7b0f0adaab4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/9DKbiDfWH6ZjHxgSNTG3KHa3ucVmP6rj9MHN3bQn2%2BU%3D

104.17.2.184

200 OK

61 B

URL GET HTTP/3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/9DKbiDfWH6ZjHxgSNTG3KHa3ucVmP6rj9MHN3bQn2%2BU%3D
IP
104.17.2.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/dhgxw/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

File type
PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced\012- data
Size
61 B (61 bytes)
Hash
9246cca8fc3c00f50035f28e9f6b7f7d
3aa538440f70873b574f40cd793060f53ec17a5d
c07d7d29e3c20fa6ca4c5d20663688d52bad13e129ad82ce06b80eb187d9dc84

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/cmg/1/9DKbiDfWH6ZjHxgSNTG3KHa3ucVmP6rj9MHN3bQn2%2BU%3D HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/dhgxw/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 23 Oct 2023 05:48:31 GMT
content-type: image/png
cache-control: max-age=2629800, public
server: cloudflare
cf-ray: 81a7b10b0fdcb4f3-OSL
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=81a7b0dd0cc356ca

104.17.3.184

200 OK

185 kB

URL GET HTTP/3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=81a7b0dd0cc356ca
IP
104.17.3.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/t9b09/0x4AAAAAAAL2Hh0BZ8NIn_7o/light/normal
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
185 kB (184812 bytes)
Hash
6ccbdb7b8b77f9f802ceeb4cda0089b8
0d233820e6f0ca2dc809309ea68d422801dc35ff
af1cb98e4d8af56f3dfa782088d69be5d1cb44e170f95fb47b46b8afb283d827

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=81a7b0dd0cc356ca HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/t9b09/0x4AAAAAAAL2Hh0BZ8NIn_7o/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 23 Oct 2023 05:48:24 GMT
content-type: application/javascript; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
server: cloudflare
cf-ray: 81a7b0df0de356ca-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

relasjonsselskapet.no/favicon.ico

104.21.69.248

403 Forbidden

5.6 kB

URL GET HTTP/3
relasjonsselskapet.no/favicon.ico
IP
104.21.69.248:443
ASN
#13335 CLOUDFLARENET

Requested by
https://relasjonsselskapet.no/Mmdean@tasman-geo.com
Certificate
IssuerLet's Encrypt
Subjectrelasjonsselskapet.no
FingerprintD8:24:95:1C:56:D7:AA:48:BF:F5:E1:1E:E2:4E:2A:60:B7:85:8B:CD
ValidityFri, 06 Oct 2023 11:24:49 GMT - Thu, 04 Jan 2024 11:24:48 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (5654), with no line terminators
Size
5.6 kB (5599 bytes)
Hash
8afe2da20322f0eca277110832555664
f0ba374ead01e16c66fe9f36582b0c1c52eee940
93a90d7e3bfca491a0d06b092753ae4ef7e6ee4c84c756e4aaec590883eebbda

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Generic/Spear Phishing
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: relasjonsselskapet.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://relasjonsselskapet.no/Mmdean@tasman-geo.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 403 Forbidden
date: Mon, 23 Oct 2023 05:48:27 GMT
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-frame-options: SAMEORIGIN
cf-mitigated: challenge
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=S1ssWv98hnazJayHgAS4%2BNDJtx%2FU4LfsJmdbJy7fjUuRhUdvGBHAyAAwBm5e8YX2copDrqSufFaXaN0R0SzfVU3aUlG%2FIy1gZwvmIkvEdrnsC%2BIonUwpp%2BTGn%2FB4oSXZO5xHTHZpVXU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 81a7b0ef5b18b4f9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

oogjen.be/floor/

188.114.96.1

200 OK

1.3 kB

URL User Request GET HTTP/2
oogjen.be/floor/
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectoogjen.be
Fingerprint56:50:13:FA:7A:E8:CD:AD:40:00:D2:DA:1D:29:00:82:E2:AC:0A:6C
ValidityWed, 18 Oct 2023 13:06:23 GMT - Tue, 16 Jan 2024 13:06:22 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1334), with no line terminators
Size
1.3 kB (1262 bytes)
Hash
3cf99f798354f1d53cb6108b1d96baa8
35bb4dee937c0791c90316e7a69d1a2b38e29814
0a1fc3345cac570eb9f8a9b9aeeba2c73bb861c401a87a3467d938d84ad24b99

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /floor/ HTTP/1.1
Host: oogjen.be
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 23 Oct 2023 05:48:24 GMT
content-type: text/html
last-modified: Wed, 18 Oct 2023 16:21:57 GMT
vary: Accept-Encoding
x-varnish: 1534494742 1518636124
age: 1209
via: 1.1 webcache2 (Varnish/trunk)
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eKg5Cy12%2BDJtD3z18KGIwL5Hm3Q5ehl6flMNfnawz5X4M%2FWimll9oQI5qCfSx%2FWVZIwaL0a2jxaOSrqm2D3EqoPOZ42G6zWh4r1nPglJLPFSdUKCIglZpnytpY4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 81a7b0da185e5699-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

challenges.cloudflare.com/turnstile/v0/b/7ff8d35b/api.js?onload=onloadTurnstileCallback

104.17.3.184

200 OK

34 kB

URL GET HTTP/2
challenges.cloudflare.com/turnstile/v0/b/7ff8d35b/api.js?onload=onloadTurnstileCallback
IP
104.17.3.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://oogjen.be/floor/#mdean@tasman-geo.com
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

File type
ASCII text, with very long lines (34169)
Size
34 kB (34170 bytes)
Hash
a65b6a0168a66b4f0db4dd65c60d8e3a
fe403c2a8c9ce0f11185940892ad3479c3355c93
7e0b26f08c9a0d0a70e887541e8165472579233b92950835dd2bdde9963d1b8a

HTTP Headers

GET /turnstile/v0/b/7ff8d35b/api.js?onload=onloadTurnstileCallback HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oogjen.be/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 23 Oct 2023 05:48:24 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31536000
vary: Accept-Encoding
server: cloudflare
cf-ray: 81a7b0dc1ac2568e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (7)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

HTTP Transactions (24)

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL POST HTTP/3

IP