Report - tr.ee/robertn

Report Overview

Visited public
2023-12-11 12:13:30
Tags
aramex logistics phishing
URL
tr.ee/robertn
Finishing URL
notice-study.dk/wpcontent/kww/morows/clients/cc.php?verification#_
IP / ASN
151.101.66.133
#54113 FASTLY
Title
Aramex
Phishing - Aramex

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17 22:46:33	2023-12-11 07:16:37	909 B	367 kB	104.17.24.14
notice-study.dk	unknown	unknown	No data	No data	10 kB	154 kB	46.183.138.100
code.jquery.com	634	2005-12-10	2012-05-21 19:28:02	2023-12-11 07:13:18	421 B	32 kB	151.101.130.137
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-12-11 10:04:41	2.2 kB	197 kB	216.58.207.227
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2023-12-11 08:59:17	478 B	12 kB	142.250.74.106
tr.ee	unknown	2010-07-04	2015-09-02 14:25:53	2023-12-02 00:53:23	479 B	406 B	151.101.66.133
vrps.univ-oran2.dz	unknown	unknown	No data	No data	2.1 kB	14 kB	41.111.172.48
cdn.jsdelivr.net	439	2012-05-16	2012-09-30 02:15:09	2023-12-11 05:09:28	1.4 kB	56 kB	151.101.1.229

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (6)

	URL	From	Size	First Seen	Last Seen
	cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.1/js/all.min.js	ScriptElement	1.2 MB	2023-03-07	2025-05-08
Pretty URL cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.1/js/all.min.js IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:15 Last Seen2025-05-08 07:39 Times Seen847 Hash 5e1e1bd25a94741b7828800b758b88df c4198f8a39a892ba4dfd85b7a228e03b77e36a04 20a3ef6979bbe5e4de1afaecc703e1d34cbc5e3ceab36d378539506327692d72 Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery.payment/3.0.0/jquery.payment.min.js	ScriptElement	8.5 kB	2023-03-07	2025-05-07
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery.payment/3.0.0/jquery.payment.min.js IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-07 11:08 Times Seen876 Hash ae3f52c2166f5c09f5f3ceeda2c15f01 7d5b0613ee02bc0f39f546443f338c806634c5f6 6c4ba1c662b440b3aefe5e5147ea2df72f80e510e4979c65485a7b0fff894e37 Loading...

	cdn.jsdelivr.net/npm/jquery-simple-upload@1.1.0/simpleUpload.min.js	ScriptElement	13 kB	2023-03-07	2025-02-19
Pretty URL cdn.jsdelivr.net/npm/jquery-simple-upload@1.1.0/simpleUpload.min.js IP 151.101.1.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07 Last Seen2025-02-19 10:39 Times Seen89 Hash 3a064faa5d36d3c72328d35e572aaecc 473040b608b8f212e8fedd314e1855b038b38263 c94328682edabda584a8380131d5cabb0c7dea7a7ae74d18cd0f6e577421c55c Loading...

	notice-study.dk/wpcontent/kww/morows/assets/js/script.js	ScriptElement	154 B	2023-03-07	2025-02-19
Pretty URL notice-study.dk/wpcontent/kww/morows/assets/js/script.js IP 46.183.138.100 ASN #16245 Sentia Denmark A/S Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-02-19 10:39 Times Seen579 Hash 6a88d53561e8acbb4afe27307d3d4fb9 f1922e8889b32f2c5af762bed4c596687ef28cbb 01066344ed84a8cfc6518af2398dead9ce515b86e710c4ad301049541722ddd9 Loading...

	code.jquery.com/jquery-3.5.1.min.js	ScriptElement	90 kB	2023-03-07	2025-05-12
Pretty URL code.jquery.com/jquery-3.5.1.min.js IP 151.101.130.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-12 22:19 Times Seen109062 Hash dc5e7f18c8d36ac1d3d4753a87c98d0a c8e1c8b386dc5b7a9184c763c88d19a346eb3342 f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Loading...

	cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/js/bootstrap.bundle.min.js	ScriptElement	84 kB	2023-03-07	2025-05-12
Pretty URL cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/js/bootstrap.bundle.min.js IP 151.101.1.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-12 18:12 Times Seen6150 Hash 7f389f5d2622ce2090eca7c36bcb90bc ab27031159724e2421f6ff5c70f48e657abe9d39 8d7089253dca29c9cd8d9deb7ec69b0a3d445f88f6a26478c719be1f90adcb01 Loading...

HTTP Transactions (34)

URL IP Response Size

tr.ee/robertn

151.101.66.133

302 Found

0 B

URL User Request GET HTTP/2
tr.ee/robertn
IP
151.101.66.133:443
ASN
#54113 FASTLY

Certificate
IssuerLet's Encrypt
Subjecttr.ee
FingerprintFE:25:CD:37:F8:E7:A1:BE:49:81:39:35:9A:4B:3D:0B:26:B3:56:D7
ValidityMon, 16 Oct 2023 17:18:49 GMT - Sun, 14 Jan 2024 17:18:48 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /robertn HTTP/1.1
Host: tr.ee
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
apigw-requestid: PxbkIixYPHcEJcA=
cache-control: max-age=3600
location: https://vrps.univ-oran2.dz/pemll/
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 11 Dec 2023 12:13:05 GMT
age: 9091
x-served-by: cache-bfi-krnt7300090-BFI, cache-bma1645-BMA
x-cache: HIT, MISS
x-cache-hits: 24, 0
x-timer: S1702296785.993865,VS0,VE145
content-length: 0
X-Firefox-Spdy: h2

vrps.univ-oran2.dz/pemll/27af99033857567eb1a4a7e3decc6c76

41.111.172.48

301 Moved Permanently

162 B

URL User Request GET HTTP/2
vrps.univ-oran2.dz/pemll/27af99033857567eb1a4a7e3decc6c76
IP
41.111.172.48:443
ASN
#36947 Telecom Algeria

Certificate
IssuerSectigo Limited
Subject*.univ-oran2.dz
Fingerprint2F:77:3E:52:3E:67:5B:B7:9A:D6:E5:2A:9F:1E:1F:FE:93:75:CF:41
ValidityMon, 05 Dec 2022 00:00:00 GMT - Fri, 05 Jan 2024 23:59:59 GMT

File type
HTML document text - HTML document text - HTML document, ASCII text, with CRLF line terminators
Size
162 B (162 bytes)
Hash
4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Aramex

HTTP Headers

GET /pemll/27af99033857567eb1a4a7e3decc6c76 HTTP/1.1
Host: vrps.univ-oran2.dz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=bb3ri8bolq6r9s4bj3fja7dru5
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 301 Moved Permanently
server: nginx
date: Mon, 11 Dec 2023 12:13:06 GMT
content-type: text/html
content-length: 162
location: http://vrps.univ-oran2.dz/pemll/27af99033857567eb1a4a7e3decc6c76/
vary: Accept-Encoding
x-frame-options: SAMEORIGIN, SAMEORIGIN
x-content-type-options: nosniff, nosniff
x-xss-protection: 1; mode=block, 1; mode=block
x-permitted-cross-domain-policies: master-only, master-only
referrer-policy: same-origin, same-origin
X-Firefox-Spdy: h2

vrps.univ-oran2.dz/pemll/27af99033857567eb1a4a7e3decc6c76/

41.111.172.48

302 Found

162 B

URL User Request GET HTTP/2
vrps.univ-oran2.dz/pemll/27af99033857567eb1a4a7e3decc6c76/
IP
41.111.172.48:443
ASN
#36947 Telecom Algeria

Certificate
IssuerSectigo Limited
Subject*.univ-oran2.dz
Fingerprint2F:77:3E:52:3E:67:5B:B7:9A:D6:E5:2A:9F:1E:1F:FE:93:75:CF:41
ValidityMon, 05 Dec 2022 00:00:00 GMT - Fri, 05 Jan 2024 23:59:59 GMT

File type
HTML document text - HTML document text - HTML document, ASCII text, with CRLF line terminators
Size
162 B (162 bytes)
Hash
4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Aramex

HTTP Headers

GET /pemll/27af99033857567eb1a4a7e3decc6c76/ HTTP/1.1
Host: vrps.univ-oran2.dz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=bb3ri8bolq6r9s4bj3fja7dru5
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 11 Dec 2023 12:13:07 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://vrps.univ-oran2.dz/pemll/27af99033857567eb1a4a7e3decc6c76/
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Permitted-Cross-Domain-Policies: master-only
Referrer-Policy: same-origin

vrps.univ-oran2.dz/pemll/27af99033857567eb1a4a7e3decc6c76/

41.111.172.48

302 Found

0 B

URL User Request GET HTTP/2
vrps.univ-oran2.dz/pemll/27af99033857567eb1a4a7e3decc6c76/
IP
41.111.172.48:443
ASN
#36947 Telecom Algeria

Certificate
IssuerSectigo Limited
Subject*.univ-oran2.dz
Fingerprint2F:77:3E:52:3E:67:5B:B7:9A:D6:E5:2A:9F:1E:1F:FE:93:75:CF:41
ValidityMon, 05 Dec 2022 00:00:00 GMT - Fri, 05 Jan 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /pemll/27af99033857567eb1a4a7e3decc6c76/ HTTP/1.1
Host: vrps.univ-oran2.dz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=bb3ri8bolq6r9s4bj3fja7dru5
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
server: nginx
date: Mon, 11 Dec 2023 12:13:07 GMT
content-type: text/html; charset=UTF-8
location: https://notice-study.dk/wpcontent/kww/morows/?pwd=aramex
x-frame-options: SAMEORIGIN, SAMEORIGIN
x-content-type-options: nosniff, nosniff
x-xss-protection: 1; mode=block, 1; mode=block
x-permitted-cross-domain-policies: master-only, master-only
referrer-policy: same-origin, same-origin
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/css/bootstrap.min.css

151.101.1.229

200 OK

26 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/css/bootstrap.min.css
IP
151.101.1.229:443
ASN
#54113 FASTLY

Requested by
https://notice-study.dk/wpcontent/kww/morows/clients/cc.php?verification#_
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
ASCII text, with very long lines (65326)
Size
26 kB (26099 bytes)
Hash
023b3876bb73aa541367fc40a193d2b7
8ed2d6350d23f857d92805737d0f97c675de666b
f77c0d1739b618edc4a01ca3f6b2990b01a3009030af49ee8cf68e83052df194

HTTP Headers

GET /npm/bootstrap@4.5.3/dist/css/bootstrap.min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://notice-study.dk/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 4.5.3
x-jsd-version-type: version
etag: W/"27288-jtLWNQ0j+FfZKAVzfQ+XxnXeZms"
content-encoding: br
accept-ranges: bytes
date: Mon, 11 Dec 2023 12:13:08 GMT
age: 22610499
x-served-by: cache-fra-eddf8230071-FRA, cache-bma1636-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 26099
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/js/bootstrap.bundle.min.js

151.101.1.229

200 OK

23 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/js/bootstrap.bundle.min.js
IP
151.101.1.229:443
ASN
#54113 FASTLY

Requested by
https://notice-study.dk/wpcontent/kww/morows/clients/cc.php?verification#_
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
ASCII text, with very long lines (65299)
Size
23 kB (23383 bytes)
Hash
7f389f5d2622ce2090eca7c36bcb90bc
ab27031159724e2421f6ff5c70f48e657abe9d39
8d7089253dca29c9cd8d9deb7ec69b0a3d445f88f6a26478c719be1f90adcb01

HTTP Headers

GET /npm/bootstrap@4.5.3/dist/js/bootstrap.bundle.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://notice-study.dk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 4.5.3
x-jsd-version-type: version
etag: W/"148b8-qycDEVlyTiQh9v9ccPSOZXq+nTk"
content-encoding: br
accept-ranges: bytes
date: Mon, 11 Dec 2023 12:13:08 GMT
age: 20439019
x-served-by: cache-fra-eddf8230067-FRA, cache-bma1636-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 23383
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/jquery-simple-upload@1.1.0/simpleUpload.min.js

151.101.1.229

200 OK

4.4 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/jquery-simple-upload@1.1.0/simpleUpload.min.js
IP
151.101.1.229:443
ASN
#54113 FASTLY

Requested by
https://notice-study.dk/wpcontent/kww/morows/clients/cc.php?verification#_
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
ASCII text, with very long lines (12586)
Size
4.4 kB (4392 bytes)
Hash
3a064faa5d36d3c72328d35e572aaecc
473040b608b8f212e8fedd314e1855b038b38263
c94328682edabda584a8380131d5cabb0c7dea7a7ae74d18cd0f6e577421c55c

HTTP Headers

GET /npm/jquery-simple-upload@1.1.0/simpleUpload.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://notice-study.dk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 1.1.0
x-jsd-version-type: version
etag: W/"329c-RzBAtgi48hLo/t0xThhVsDizgmM"
content-encoding: br
accept-ranges: bytes
date: Mon, 11 Dec 2023 12:13:08 GMT
age: 2889446
x-served-by: cache-fra-etou8220035-FRA, cache-bma1636-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 4392
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/jquery.payment/3.0.0/jquery.payment.min.js

104.17.24.14

200 OK

2.4 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/jquery.payment/3.0.0/jquery.payment.min.js
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://notice-study.dk/wpcontent/kww/morows/clients/cc.php?verification#_
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (8392)
Size
2.4 kB (2420 bytes)
Hash
ae3f52c2166f5c09f5f3ceeda2c15f01
7d5b0613ee02bc0f39f546443f338c806634c5f6
6c4ba1c662b440b3aefe5e5147ea2df72f80e510e4979c65485a7b0fff894e37

HTTP Headers

GET /ajax/libs/jquery.payment/3.0.0/jquery.payment.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://notice-study.dk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 11 Dec 2023 12:13:08 GMT
content-type: application/javascript; charset=utf-8
content-length: 2420
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec3-210b"
last-modified: Mon, 04 May 2020 16:11:47 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1587423
expires: Sat, 30 Nov 2024 12:13:08 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dOy9GN04NaegZeLAmvTmdA09%2FuJKVrCrV%2FN29S6JQ6qR3u2ctdyua8YBXs%2FdxpkXyoqMeImdv9Ysc6IECVoEhD2qaOQE6cra6bpZRbzpWswFGAm4iMC8vki0lMjF%2BVqTSQ2qaM6M"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 833da3ce1979b4ed-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.1/js/all.min.js

104.17.24.14

200 OK

362 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.1/js/all.min.js
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://notice-study.dk/wpcontent/kww/morows/clients/cc.php?verification#_
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65350)
Size
362 kB (362308 bytes)
Hash
5e1e1bd25a94741b7828800b758b88df
c4198f8a39a892ba4dfd85b7a228e03b77e36a04
20a3ef6979bbe5e4de1afaecc703e1d34cbc5e3ceab36d378539506327692d72

HTTP Headers

GET /ajax/libs/font-awesome/5.15.1/js/all.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://notice-study.dk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 11 Dec 2023 12:13:08 GMT
content-type: application/javascript; charset=utf-8
content-length: 362308
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5f7b5b5f-123bd0"
last-modified: Mon, 05 Oct 2020 17:43:59 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1585577
expires: Sat, 30 Nov 2024 12:13:08 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=596z%2FC4tRbtT%2F%2BlN2ViTkeQr4F%2FMa67nxFRyvTwGi412Sm3aykwsWEyEO%2BCaq2Hl8rgyMn1UieCnSyy5f%2Fsj7OzIzEnWxdY5LJv01L2df1XEPvUtK0ZvwCSljPKawPgaefIfUjop"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 833da3ce1977b4ed-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

notice-study.dk/wpcontent/kww/morows/assets/imgs/phone.png

46.183.138.100

200 OK

1.3 kB

URL GET HTTP/3
notice-study.dk/wpcontent/kww/morows/assets/imgs/phone.png
IP
46.183.138.100:443
ASN
#16245 Sentia Denmark A/S

Requested by
https://notice-study.dk/wpcontent/kww/morows/clients/cc.php?verification#_
Certificate
IssuerLet's Encrypt
Subjectnotice-study.dk
Fingerprint49:EF:36:CD:77:87:F4:32:67:9A:D5:4A:2E:73:7A:90:75:3B:03:52
ValidityWed, 18 Oct 2023 06:03:13 GMT - Tue, 16 Jan 2024 06:03:12 GMT

File type
PNG image data, 34 x 32, 8-bit/color RGB, non-interlaced - data
Size
1.3 kB (1321 bytes)
Hash
7964408e598865be67b2956fff074fee
97617244b54f4676a400ab2e4e2c5de3b612940b
2b86d8e4382ccf265ba1868a89cdc559e41468d9c501d56691e4b88bf90d2f0d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Aramex

HTTP Headers

GET /wpcontent/kww/morows/assets/imgs/phone.png HTTP/1.1
Host: notice-study.dk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://notice-study.dk/wpcontent/kww/morows/clients/cc.php?verification
Cookie: PHPSESSID=e9e6993739deb4b387e2fa0e3d457836
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: image/png
date: Mon, 11 Dec 2023 12:13:08 GMT
server: Caddy, Apache
etag: "529-60c38aad8fb3c"
content-length: 1321
x-gigahost-proxy: App Router 4
last-modified: Mon, 11 Dec 2023 09:36:24 GMT
accept-ranges: bytes

notice-study.dk/wpcontent/kww/morows/assets/imgs/a.png

46.183.138.100

200 OK

677 B

URL GET HTTP/3
notice-study.dk/wpcontent/kww/morows/assets/imgs/a.png
IP
46.183.138.100:443
ASN
#16245 Sentia Denmark A/S

Requested by
https://notice-study.dk/wpcontent/kww/morows/clients/cc.php?verification#_
Certificate
IssuerLet's Encrypt
Subjectnotice-study.dk
Fingerprint49:EF:36:CD:77:87:F4:32:67:9A:D5:4A:2E:73:7A:90:75:3B:03:52
ValidityWed, 18 Oct 2023 06:03:13 GMT - Tue, 16 Jan 2024 06:03:12 GMT

File type
PNG image data, 42 x 25, 8-bit/color RGBA, non-interlaced - data
Size
677 B (677 bytes)
Hash
9f6f7e9e5648010f14d43d89b8119767
a98ce94f89f151b331b7a7a244ed63ce99199e8b
f1e8231c6f3bf3a4cbfc92a5f8beaff846a3014c21fe8396ed212bb0d0244db9

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Aramex

HTTP Headers

GET /wpcontent/kww/morows/assets/imgs/a.png HTTP/1.1
Host: notice-study.dk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://notice-study.dk/wpcontent/kww/morows/clients/cc.php?verification
Cookie: PHPSESSID=e9e6993739deb4b387e2fa0e3d457836
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
date: Mon, 11 Dec 2023 12:13:08 GMT
content-length: 677
content-type: image/png
x-gigahost-proxy: App Router 4
server: Caddy, Apache
last-modified: Mon, 11 Dec 2023 09:36:24 GMT
etag: "2a5-60c38aad8eb9c"

notice-study.dk/wpcontent/kww/morows/assets/imgs/search.png

46.183.138.100

200 OK

797 B

URL GET HTTP/3
notice-study.dk/wpcontent/kww/morows/assets/imgs/search.png
IP
46.183.138.100:443
ASN
#16245 Sentia Denmark A/S

Requested by
https://notice-study.dk/wpcontent/kww/morows/clients/cc.php?verification#_
Certificate
IssuerLet's Encrypt
Subjectnotice-study.dk
Fingerprint49:EF:36:CD:77:87:F4:32:67:9A:D5:4A:2E:73:7A:90:75:3B:03:52
ValidityWed, 18 Oct 2023 06:03:13 GMT - Tue, 16 Jan 2024 06:03:12 GMT

File type
PNG image data, 192 x 48, 8-bit/color RGB, non-interlaced - data
Size
797 B (797 bytes)
Hash
ed8818b1da63299fa85d652952749ca2
9b8a7e28d1f5b1289951a712a754dd719b463772
26672ffc5edf4c733fafc6988864f8ad7c85ecf1bb296ac493ce1928e15f682f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Aramex

HTTP Headers

GET /wpcontent/kww/morows/assets/imgs/search.png HTTP/1.1
Host: notice-study.dk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://notice-study.dk/wpcontent/kww/morows/clients/cc.php?verification
Cookie: PHPSESSID=e9e6993739deb4b387e2fa0e3d457836
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 11 Dec 2023 12:13:08 GMT
etag: "31d-60c38aad8fb3c"
accept-ranges: bytes
content-type: image/png
last-modified: Mon, 11 Dec 2023 09:36:24 GMT
content-length: 797
x-gigahost-proxy: App Router 4
server: Caddy, Apache

notice-study.dk/wpcontent/kww/morows/assets/imgs/b.png

46.183.138.100

200 OK

643 B

URL GET HTTP/3
notice-study.dk/wpcontent/kww/morows/assets/imgs/b.png
IP
46.183.138.100:443
ASN
#16245 Sentia Denmark A/S

Requested by
https://notice-study.dk/wpcontent/kww/morows/clients/cc.php?verification#_
Certificate
IssuerLet's Encrypt
Subjectnotice-study.dk
Fingerprint49:EF:36:CD:77:87:F4:32:67:9A:D5:4A:2E:73:7A:90:75:3B:03:52
ValidityWed, 18 Oct 2023 06:03:13 GMT - Tue, 16 Jan 2024 06:03:12 GMT

File type
PNG image data, 42 x 25, 8-bit/color RGBA, non-interlaced - data
Size
643 B (643 bytes)
Hash
0b26f7938650cb2a84556610eaf87937
f3cacc72714c070c36ae4326ec861116418c2915
58ead390cc509331a0ef667a2ed6df336c32af6d03f3c4342d84412f776188ef

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Aramex

HTTP Headers

GET /wpcontent/kww/morows/assets/imgs/b.png HTTP/1.1
Host: notice-study.dk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://notice-study.dk/wpcontent/kww/morows/clients/cc.php?verification
Cookie: PHPSESSID=e9e6993739deb4b387e2fa0e3d457836
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
x-gigahost-proxy: App Router 4
server: Caddy, Apache
date: Mon, 11 Dec 2023 12:13:08 GMT
last-modified: Mon, 11 Dec 2023 09:36:24 GMT
content-type: image/png
etag: "283-60c38aad8eb9c"
accept-ranges: bytes
content-length: 643

notice-study.dk/wpcontent/kww/morows/assets/imgs/logo.svg

46.183.138.100

200 OK

7.3 kB

URL GET HTTP/3
notice-study.dk/wpcontent/kww/morows/assets/imgs/logo.svg
IP
46.183.138.100:443
ASN
#16245 Sentia Denmark A/S

Requested by
https://notice-study.dk/wpcontent/kww/morows/clients/cc.php?verification#_
Certificate
IssuerLet's Encrypt
Subjectnotice-study.dk
Fingerprint49:EF:36:CD:77:87:F4:32:67:9A:D5:4A:2E:73:7A:90:75:3B:03:52
ValidityWed, 18 Oct 2023 06:03:13 GMT - Tue, 16 Jan 2024 06:03:12 GMT

File type
SVG Scalable Vector Graphics image - SVG XML document - XML 1.0 document text - SVG XML document - XML document text - exported SGML document text - exported SGML document, ASCII text
Size
7.3 kB (7280 bytes)
Hash
f484b593c2387746a054f521e313ec93
8448e96f9e03ed3a82de4ac698f1fe78e37ff638
e0447aa04943d0d047baf922ce6f286da4e50d62113aa19505f75705a9a46773

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Aramex

HTTP Headers

GET /wpcontent/kww/morows/assets/imgs/logo.svg HTTP/1.1
Host: notice-study.dk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://notice-study.dk/wpcontent/kww/morows/clients/cc.php?verification
Cookie: PHPSESSID=e9e6993739deb4b387e2fa0e3d457836
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
last-modified: Mon, 11 Dec 2023 09:36:24 GMT
etag: "1c70-60c38aad8eb9c"
server: Caddy, Apache
accept-ranges: bytes
content-type: image/svg+xml
x-gigahost-proxy: App Router 4
date: Mon, 11 Dec 2023 12:13:08 GMT
content-length: 7280

code.jquery.com/jquery-3.5.1.min.js

151.101.130.137

200 OK

31 kB

URL GET HTTP/2
code.jquery.com/jquery-3.5.1.min.js
IP
151.101.130.137:443
ASN
#54113 FASTLY

Requested by
https://notice-study.dk/wpcontent/kww/morows/clients/cc.php?verification#_
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65451)
Size
31 kB (30879 bytes)
Hash
dc5e7f18c8d36ac1d3d4753a87c98d0a
c8e1c8b386dc5b7a9184c763c88d19a346eb3342
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

HTTP Headers

GET /jquery-3.5.1.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://notice-study.dk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d84"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 11 Dec 2023 12:13:08 GMT
age: 3842100
x-served-by: cache-lga13628-LGA, cache-bma1642-BMA
x-cache: HIT, HIT
x-cache-hits: 20, 475278
x-timer: S1702296788.182201,VS0,VE0
vary: Accept-Encoding
content-length: 30879
X-Firefox-Spdy: h2

notice-study.dk/wpcontent/kww/morows/assets/imgs/network.png

46.183.138.100

200 OK

1.6 kB

URL GET HTTP/3
notice-study.dk/wpcontent/kww/morows/assets/imgs/network.png
IP
46.183.138.100:443
ASN
#16245 Sentia Denmark A/S

Requested by
https://notice-study.dk/wpcontent/kww/morows/clients/cc.php?verification#_
Certificate
IssuerLet's Encrypt
Subjectnotice-study.dk
Fingerprint49:EF:36:CD:77:87:F4:32:67:9A:D5:4A:2E:73:7A:90:75:3B:03:52
ValidityWed, 18 Oct 2023 06:03:13 GMT - Tue, 16 Jan 2024 06:03:12 GMT

File type
PNG image data, 32 x 32, 8-bit/color RGB, non-interlaced - data
Size
1.6 kB (1602 bytes)
Hash
c7c5c44612b5193951c42ead1f686cd4
eba3e12a93320c4751bdf8db1f01b2b9aaed6d98
2827052ff2f39ff8dc865661f7ed2a528636e3c10cbd39a819716214ffb0dfa7

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Aramex

HTTP Headers

GET /wpcontent/kww/morows/assets/imgs/network.png HTTP/1.1
Host: notice-study.dk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://notice-study.dk/wpcontent/kww/morows/clients/cc.php?verification
Cookie: PHPSESSID=e9e6993739deb4b387e2fa0e3d457836
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
x-gigahost-proxy: App Router 4
accept-ranges: bytes
content-length: 1602
server: Caddy, Apache
date: Mon, 11 Dec 2023 12:13:08 GMT
last-modified: Mon, 11 Dec 2023 09:36:24 GMT
etag: "642-60c38aad8fb3c"
content-type: image/png

notice-study.dk/wpcontent/kww/morows/assets/imgs/mainmenu.png

46.183.138.100

200 OK

6.2 kB

URL GET HTTP/3
notice-study.dk/wpcontent/kww/morows/assets/imgs/mainmenu.png
IP
46.183.138.100:443
ASN
#16245 Sentia Denmark A/S

Requested by
https://notice-study.dk/wpcontent/kww/morows/clients/cc.php?verification#_
Certificate
IssuerLet's Encrypt
Subjectnotice-study.dk
Fingerprint49:EF:36:CD:77:87:F4:32:67:9A:D5:4A:2E:73:7A:90:75:3B:03:52
ValidityWed, 18 Oct 2023 06:03:13 GMT - Tue, 16 Jan 2024 06:03:12 GMT

File type
PNG image data, 567 x 55, 8-bit/color RGB, non-interlaced - data
Size
6.2 kB (6241 bytes)
Hash
446925ebc565c88f3c939eeb9ef8ac69
d9d06c83a0cb24a01eeb1cd80b2a5c1d24fbb1f5
e68c19ff1d9a5a8afd8484c3f1cfb97cb69afd7f11078bc500d6f8e761f9f66f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Aramex

HTTP Headers

GET /wpcontent/kww/morows/assets/imgs/mainmenu.png HTTP/1.1
Host: notice-study.dk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://notice-study.dk/wpcontent/kww/morows/clients/cc.php?verification
Cookie: PHPSESSID=e9e6993739deb4b387e2fa0e3d457836
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
x-gigahost-proxy: App Router 4
accept-ranges: bytes
server: Caddy, Apache
date: Mon, 11 Dec 2023 12:13:08 GMT
last-modified: Mon, 11 Dec 2023 09:36:24 GMT
etag: "1861-60c38aad8eb9c"
content-length: 6241
content-type: image/png

notice-study.dk/wpcontent/kww/morows/assets/css/style.css

46.183.138.100

200 OK

1.8 kB

URL GET HTTP/3
notice-study.dk/wpcontent/kww/morows/assets/css/style.css
IP
46.183.138.100:443
ASN
#16245 Sentia Denmark A/S

Requested by
https://notice-study.dk/wpcontent/kww/morows/clients/cc.php?verification#_
Certificate
IssuerLet's Encrypt
Subjectnotice-study.dk
Fingerprint49:EF:36:CD:77:87:F4:32:67:9A:D5:4A:2E:73:7A:90:75:3B:03:52
ValidityWed, 18 Oct 2023 06:03:13 GMT - Tue, 16 Jan 2024 06:03:12 GMT

File type
ASCII text, with very long lines (7289), with CRLF line terminators
Size
1.8 kB (1794 bytes)
Hash
f95c289a283a592e2d0fc1950b34c1f6
4d28f8212a5f3bfd83c1422b98c4419a9b6e3ecc
9a16ff329ed6f99367ec8e2a1c39dda00337d4db1e2c6ef07d522b38304026c2

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Aramex

HTTP Headers

GET /wpcontent/kww/morows/assets/css/style.css HTTP/1.1
Host: notice-study.dk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://notice-study.dk/wpcontent/kww/morows/clients/cc.php?verification
Cookie: PHPSESSID=e9e6993739deb4b387e2fa0e3d457836
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
last-modified: Mon, 11 Dec 2023 09:36:24 GMT
vary: Accept-Encoding
content-length: 1794
accept-ranges: bytes
x-gigahost-proxy: App Router 4
server: Caddy, Apache
date: Mon, 11 Dec 2023 12:13:08 GMT
etag: "1c7b-60c38aad8eb9c-gzip"
content-encoding: gzip
content-type: text/css

notice-study.dk/wpcontent/kww/morows/assets/js/script.js

46.183.138.100

200 OK

109 B

URL GET HTTP/3
notice-study.dk/wpcontent/kww/morows/assets/js/script.js
IP
46.183.138.100:443
ASN
#16245 Sentia Denmark A/S

Requested by
https://notice-study.dk/wpcontent/kww/morows/clients/cc.php?verification#_
Certificate
IssuerLet's Encrypt
Subjectnotice-study.dk
Fingerprint49:EF:36:CD:77:87:F4:32:67:9A:D5:4A:2E:73:7A:90:75:3B:03:52
ValidityWed, 18 Oct 2023 06:03:13 GMT - Tue, 16 Jan 2024 06:03:12 GMT

File type
ASCII text, with CRLF line terminators
Size
109 B (109 bytes)
Hash
6a88d53561e8acbb4afe27307d3d4fb9
f1922e8889b32f2c5af762bed4c596687ef28cbb
01066344ed84a8cfc6518af2398dead9ce515b86e710c4ad301049541722ddd9

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Aramex

HTTP Headers

GET /wpcontent/kww/morows/assets/js/script.js HTTP/1.1
Host: notice-study.dk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://notice-study.dk/wpcontent/kww/morows/clients/cc.php?verification
Cookie: PHPSESSID=e9e6993739deb4b387e2fa0e3d457836
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
last-modified: Mon, 11 Dec 2023 09:36:24 GMT
accept-ranges: bytes
content-length: 109
etag: "9a-60c38aad8fb3c-gzip"
content-encoding: gzip
server: Caddy, Apache
vary: Accept-Encoding
content-type: application/javascript
x-gigahost-proxy: App Router 4
date: Mon, 11 Dec 2023 12:13:08 GMT

notice-study.dk/wpcontent/kww/morows/assets/css/helpers.css

46.183.138.100

200 OK

4.7 kB

URL GET HTTP/3
notice-study.dk/wpcontent/kww/morows/assets/css/helpers.css
IP
46.183.138.100:443
ASN
#16245 Sentia Denmark A/S

Requested by
https://notice-study.dk/wpcontent/kww/morows/clients/cc.php?verification#_
Certificate
IssuerLet's Encrypt
Subjectnotice-study.dk
Fingerprint49:EF:36:CD:77:87:F4:32:67:9A:D5:4A:2E:73:7A:90:75:3B:03:52
ValidityWed, 18 Oct 2023 06:03:13 GMT - Tue, 16 Jan 2024 06:03:12 GMT

File type
ASCII text, with very long lines (41750), with CRLF line terminators
Size
4.7 kB (4669 bytes)
Hash
fd877f138d23d5a790645eb95167aec3
ee2f01ca01c5f7e6f674ad79a9fea30f78a66f2c
f839760d1621714efedeb3eb08b25e619812dcc33d77aceb0daf405ac727a765

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Aramex

HTTP Headers

GET /wpcontent/kww/morows/assets/css/helpers.css HTTP/1.1
Host: notice-study.dk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://notice-study.dk/wpcontent/kww/morows/clients/cc.php?verification
Cookie: PHPSESSID=e9e6993739deb4b387e2fa0e3d457836
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
etag: "a318-60c38aad8eb9c-gzip"
x-gigahost-proxy: App Router 4
vary: Accept-Encoding
date: Mon, 11 Dec 2023 12:13:08 GMT
last-modified: Mon, 11 Dec 2023 09:36:24 GMT
content-length: 4669
content-type: text/css
accept-ranges: bytes
content-encoding: gzip
server: Caddy, Apache

fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

216.58.207.227

200 OK

48 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://notice-study.dk/wpcontent/kww/morows/clients/cc.php?verification#_
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint5F:60:69:C9:59:6D:F1:B5:87:82:8D:B0:57:3C:D9:24:10:FD:74:D1
ValidityMon, 20 Nov 2023 08:08:49 GMT - Mon, 12 Feb 2024 08:08:48 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48432, version 1.0 - data
Size
48 kB (48432 bytes)
Hash
e2d74c5e631bc53a7240bbfe4be99c8f
eb513857bb01cc4f7249067fc7e969bef415fc90
9b1b9d7cb74a9923d83f36f0026f421940b861fd6e1a51b8f79af45492ed4ed5

HTTP Headers

GET /s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://notice-study.dk
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48432
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 07 Dec 2023 05:00:58 GMT
expires: Fri, 06 Dec 2024 05:00:58 GMT
cache-control: public, max-age=31536000
age: 371530
last-modified: Thu, 14 Sep 2023 00:40:31 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

216.58.207.227

200 OK

48 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://notice-study.dk/wpcontent/kww/morows/clients/cc.php?verification#_
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint5F:60:69:C9:59:6D:F1:B5:87:82:8D:B0:57:3C:D9:24:10:FD:74:D1
ValidityMon, 20 Nov 2023 08:08:49 GMT - Mon, 12 Feb 2024 08:08:48 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48432, version 1.0 - data
Size
48 kB (48432 bytes)
Hash
e2d74c5e631bc53a7240bbfe4be99c8f
eb513857bb01cc4f7249067fc7e969bef415fc90
9b1b9d7cb74a9923d83f36f0026f421940b861fd6e1a51b8f79af45492ed4ed5

HTTP Headers

GET /s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://notice-study.dk
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48432
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 07 Dec 2023 05:00:58 GMT
expires: Fri, 06 Dec 2024 05:00:58 GMT
cache-control: public, max-age=31536000
age: 371530
last-modified: Thu, 14 Sep 2023 00:40:31 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

216.58.207.227

200 OK

48 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://notice-study.dk/wpcontent/kww/morows/clients/cc.php?verification#_
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint5F:60:69:C9:59:6D:F1:B5:87:82:8D:B0:57:3C:D9:24:10:FD:74:D1
ValidityMon, 20 Nov 2023 08:08:49 GMT - Mon, 12 Feb 2024 08:08:48 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48432, version 1.0 - data
Size
48 kB (48432 bytes)
Hash
e2d74c5e631bc53a7240bbfe4be99c8f
eb513857bb01cc4f7249067fc7e969bef415fc90
9b1b9d7cb74a9923d83f36f0026f421940b861fd6e1a51b8f79af45492ed4ed5

HTTP Headers

GET /s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://notice-study.dk
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48432
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 07 Dec 2023 05:00:58 GMT
expires: Fri, 06 Dec 2024 05:00:58 GMT
cache-control: public, max-age=31536000
age: 371530
last-modified: Thu, 14 Sep 2023 00:40:31 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

216.58.207.227

200 OK

48 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://notice-study.dk/wpcontent/kww/morows/clients/cc.php?verification#_
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint5F:60:69:C9:59:6D:F1:B5:87:82:8D:B0:57:3C:D9:24:10:FD:74:D1
ValidityMon, 20 Nov 2023 08:08:49 GMT - Mon, 12 Feb 2024 08:08:48 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48432, version 1.0 - data
Size
48 kB (48432 bytes)
Hash
e2d74c5e631bc53a7240bbfe4be99c8f
eb513857bb01cc4f7249067fc7e969bef415fc90
9b1b9d7cb74a9923d83f36f0026f421940b861fd6e1a51b8f79af45492ed4ed5

HTTP Headers

GET /s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://notice-study.dk
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48432
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 07 Dec 2023 05:00:58 GMT
expires: Fri, 06 Dec 2024 05:00:58 GMT
cache-control: public, max-age=31536000
age: 371530
last-modified: Thu, 14 Sep 2023 00:40:31 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

notice-study.dk/wpcontent/kww/morows/assets/imgs/map.png

46.183.138.100

200 OK

94 kB

URL GET HTTP/3
notice-study.dk/wpcontent/kww/morows/assets/imgs/map.png
IP
46.183.138.100:443
ASN
#16245 Sentia Denmark A/S

Requested by
https://notice-study.dk/wpcontent/kww/morows/clients/cc.php?verification#_
Certificate
IssuerLet's Encrypt
Subjectnotice-study.dk
Fingerprint49:EF:36:CD:77:87:F4:32:67:9A:D5:4A:2E:73:7A:90:75:3B:03:52
ValidityWed, 18 Oct 2023 06:03:13 GMT - Tue, 16 Jan 2024 06:03:12 GMT

File type
PNG image data, 1169 x 637, 8-bit grayscale, non-interlaced - data
Size
94 kB (93866 bytes)
Hash
38aaa3e2ec305c8ab2933bfcf0221be0
e0e3e79d9f9b51bea13bd81f5f712a4cf662a86b
e5d820987db3c395fa069e88ddaec100f7ad679ea9d425a9c0f24ad1a01d8bee

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Aramex

HTTP Headers

GET /wpcontent/kww/morows/assets/imgs/map.png HTTP/1.1
Host: notice-study.dk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://notice-study.dk/wpcontent/kww/morows/assets/css/style.css
Cookie: PHPSESSID=e9e6993739deb4b387e2fa0e3d457836
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
x-gigahost-proxy: App Router 4
date: Mon, 11 Dec 2023 12:13:08 GMT
etag: "16eaa-60c38aad8eb9c"
content-length: 93866
last-modified: Mon, 11 Dec 2023 09:36:24 GMT
accept-ranges: bytes
server: Caddy, Apache
content-type: image/png

notice-study.dk/wpcontent/kww/morows/assets/imgs/mainmenu2.png

46.183.138.100

200 OK

1.3 kB

URL GET HTTP/3
notice-study.dk/wpcontent/kww/morows/assets/imgs/mainmenu2.png
IP
46.183.138.100:443
ASN
#16245 Sentia Denmark A/S

Requested by
https://notice-study.dk/wpcontent/kww/morows/clients/cc.php?verification#_
Certificate
IssuerLet's Encrypt
Subjectnotice-study.dk
Fingerprint49:EF:36:CD:77:87:F4:32:67:9A:D5:4A:2E:73:7A:90:75:3B:03:52
ValidityWed, 18 Oct 2023 06:03:13 GMT - Tue, 16 Jan 2024 06:03:12 GMT

File type
PNG image data, 121 x 27, 8-bit/color RGB, non-interlaced - data
Size
1.3 kB (1314 bytes)
Hash
e7f1e571847355ec1e022ab1823c447f
12e6454be808dfeb0625af7a88f1381bc4ebdb80
83ba66cd40ebbd3beb61d6e95dfefa745903e5eda8da8134cec74b57f981f498

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Aramex

HTTP Headers

GET /wpcontent/kww/morows/assets/imgs/mainmenu2.png HTTP/1.1
Host: notice-study.dk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://notice-study.dk/wpcontent/kww/morows/clients/cc.php?verification
Cookie: PHPSESSID=e9e6993739deb4b387e2fa0e3d457836
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: image/png
x-gigahost-proxy: App Router 4
etag: "522-60c38aad8eb9c"
content-length: 1314
date: Mon, 11 Dec 2023 12:13:08 GMT
last-modified: Mon, 11 Dec 2023 09:36:24 GMT
accept-ranges: bytes
server: Caddy, Apache

notice-study.dk/wpcontent/kww/morows/assets/imgs/topmenu.png

46.183.138.100

200 OK

4.5 kB

URL GET HTTP/3
notice-study.dk/wpcontent/kww/morows/assets/imgs/topmenu.png
IP
46.183.138.100:443
ASN
#16245 Sentia Denmark A/S

Requested by
https://notice-study.dk/wpcontent/kww/morows/clients/cc.php?verification#_
Certificate
IssuerLet's Encrypt
Subjectnotice-study.dk
Fingerprint49:EF:36:CD:77:87:F4:32:67:9A:D5:4A:2E:73:7A:90:75:3B:03:52
ValidityWed, 18 Oct 2023 06:03:13 GMT - Tue, 16 Jan 2024 06:03:12 GMT

File type
PNG image data, 554 x 22, 8-bit/color RGB, non-interlaced - data
Size
4.5 kB (4468 bytes)
Hash
3ef70a29009acd2c53025faf48fdb87f
dea281fdd8d0f1dd0b84ccc5bf9b37f5e6831ed2
8c3d3b6bfcc139819e992b2aadd3b66a38003d7a64a4817e4b252c12730d745e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Aramex

HTTP Headers

GET /wpcontent/kww/morows/assets/imgs/topmenu.png HTTP/1.1
Host: notice-study.dk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://notice-study.dk/wpcontent/kww/morows/clients/cc.php?verification
Cookie: PHPSESSID=e9e6993739deb4b387e2fa0e3d457836
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-length: 4468
date: Mon, 11 Dec 2023 12:13:08 GMT
last-modified: Mon, 11 Dec 2023 09:36:24 GMT
x-gigahost-proxy: App Router 4
content-type: image/png
server: Caddy, Apache
etag: "1174-60c38aad8fb3c"
accept-ranges: bytes

notice-study.dk/wpcontent/kww/morows/assets/imgs/email.png

46.183.138.100

200 OK

424 B

URL GET HTTP/3
notice-study.dk/wpcontent/kww/morows/assets/imgs/email.png
IP
46.183.138.100:443
ASN
#16245 Sentia Denmark A/S

Requested by
https://notice-study.dk/wpcontent/kww/morows/clients/cc.php?verification#_
Certificate
IssuerLet's Encrypt
Subjectnotice-study.dk
Fingerprint49:EF:36:CD:77:87:F4:32:67:9A:D5:4A:2E:73:7A:90:75:3B:03:52
ValidityWed, 18 Oct 2023 06:03:13 GMT - Tue, 16 Jan 2024 06:03:12 GMT

File type
PNG image data, 20 x 15, 8-bit/color RGB, non-interlaced - data
Size
424 B (424 bytes)
Hash
b2245712114ee87eeefa6de2438809cc
615c626ab84d3aecb1862540ddce141d8db4ef9b
559a944338db2f3adee6be15854629b7d9042928ab9034f48438385a4d70018a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Aramex

HTTP Headers

GET /wpcontent/kww/morows/assets/imgs/email.png HTTP/1.1
Host: notice-study.dk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://notice-study.dk/wpcontent/kww/morows/clients/cc.php?verification
Cookie: PHPSESSID=e9e6993739deb4b387e2fa0e3d457836
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-length: 424
x-gigahost-proxy: App Router 4
etag: "1a8-60c38aad8eb9c"
accept-ranges: bytes
content-type: image/png
server: Caddy, Apache
date: Mon, 11 Dec 2023 12:13:09 GMT
last-modified: Mon, 11 Dec 2023 09:36:24 GMT

notice-study.dk/wpcontent/kww/morows/assets/imgs/favicon.png

46.183.138.100

200 OK

718 B

URL GET HTTP/3
notice-study.dk/wpcontent/kww/morows/assets/imgs/favicon.png
IP
46.183.138.100:443
ASN
#16245 Sentia Denmark A/S

Requested by
https://notice-study.dk/wpcontent/kww/morows/clients/cc.php?verification#_
Certificate
IssuerLet's Encrypt
Subjectnotice-study.dk
Fingerprint49:EF:36:CD:77:87:F4:32:67:9A:D5:4A:2E:73:7A:90:75:3B:03:52
ValidityWed, 18 Oct 2023 06:03:13 GMT - Tue, 16 Jan 2024 06:03:12 GMT

File type
PNG image data, 16 x 16, 8-bit/color RGB, non-interlaced - data
Size
718 B (718 bytes)
Hash
2dc777904165e907c02ab1e8fa3c42d6
6b513d18501ba24de29260bed510d7d6afd78c95
5fa76f1ba64ba48d615506cbf91f9134a2b4c53914d30f9d79aca3244df528e3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Aramex

HTTP Headers

GET /wpcontent/kww/morows/assets/imgs/favicon.png HTTP/1.1
Host: notice-study.dk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://notice-study.dk/wpcontent/kww/morows/clients/cc.php?verification
Cookie: PHPSESSID=e9e6993739deb4b387e2fa0e3d457836
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
last-modified: Mon, 11 Dec 2023 09:36:24 GMT
etag: "2ce-60c38aad8eb9c"
content-type: image/png
x-gigahost-proxy: App Router 4
server: Caddy, Apache
date: Mon, 11 Dec 2023 12:13:09 GMT
accept-ranges: bytes
content-length: 718

notice-study.dk/wpcontent/kww/morows/assets/imgs/mainmenu3.png

46.183.138.100

200 OK

555 B

URL GET HTTP/3
notice-study.dk/wpcontent/kww/morows/assets/imgs/mainmenu3.png
IP
46.183.138.100:443
ASN
#16245 Sentia Denmark A/S

Requested by
https://notice-study.dk/wpcontent/kww/morows/clients/cc.php?verification#_
Certificate
IssuerLet's Encrypt
Subjectnotice-study.dk
Fingerprint49:EF:36:CD:77:87:F4:32:67:9A:D5:4A:2E:73:7A:90:75:3B:03:52
ValidityWed, 18 Oct 2023 06:03:13 GMT - Tue, 16 Jan 2024 06:03:12 GMT

File type
PNG image data, 59 x 27, 8-bit/color RGB, non-interlaced - data
Size
555 B (555 bytes)
Hash
ecb62a581aa254b40678909053bf6605
5dba8a58bae8d2c57632308cc65ce7a16ed6375d
37b9f4c09ef8153cbcfe9e4e65df5eefba1fd1274d700af4e33370b4a2b7cbec

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Aramex

HTTP Headers

GET /wpcontent/kww/morows/assets/imgs/mainmenu3.png HTTP/1.1
Host: notice-study.dk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://notice-study.dk/wpcontent/kww/morows/clients/cc.php?verification
Cookie: PHPSESSID=e9e6993739deb4b387e2fa0e3d457836
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
x-gigahost-proxy: App Router 4
content-length: 555
content-type: image/png
server: Caddy, Apache
date: Mon, 11 Dec 2023 12:13:11 GMT
last-modified: Mon, 11 Dec 2023 09:36:24 GMT
etag: "22b-60c38aad8eb9c"
accept-ranges: bytes

vrps.univ-oran2.dz/pemll/

41.111.172.48

302 Found

12 kB

URL User Request GET HTTP/2
vrps.univ-oran2.dz/pemll/
IP
41.111.172.48:443
ASN
#36947 Telecom Algeria

Certificate
IssuerSectigo Limited
Subject*.univ-oran2.dz
Fingerprint2F:77:3E:52:3E:67:5B:B7:9A:D6:E5:2A:9F:1E:1F:FE:93:75:CF:41
ValidityMon, 05 Dec 2022 00:00:00 GMT - Fri, 05 Jan 2024 23:59:59 GMT

File type

Size
12 kB (11515 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /pemll/ HTTP/1.1
Host: vrps.univ-oran2.dz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: nginx
date: Mon, 11 Dec 2023 12:13:06 GMT
content-type: text/html; charset=UTF-8
location: 27af99033857567eb1a4a7e3decc6c76
set-cookie: PHPSESSID=bb3ri8bolq6r9s4bj3fja7dru5; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-frame-options: SAMEORIGIN, SAMEORIGIN
x-content-type-options: nosniff, nosniff
x-xss-protection: 1; mode=block, 1; mode=block
x-permitted-cross-domain-policies: master-only, master-only
referrer-policy: same-origin, same-origin
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Open+Sans:wght@300;400;600;700&display=swap

142.250.74.106

200 OK

12 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Open+Sans:wght@300;400;600;700&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://notice-study.dk/wpcontent/kww/morows/clients/cc.php?verification#_
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint10:D0:ED:9A:F4:53:C8:99:DE:B6:5E:5C:04:E6:20:0B:68:7D:46:EC
ValidityMon, 20 Nov 2023 08:08:50 GMT - Mon, 12 Feb 2024 08:08:49 GMT

File type
ASCII text
Size
12 kB (11712 bytes)
Hash
c3301cebf09285630473c46ea4916bec
6077e68f072cf6e61bb6bd898aecf5f0fca99d78
a14d71c9fa9719eae556f9589eaa64b6e9e2b9c89a7f0784f1c9f06ff4fbf2d5

HTTP Headers

GET /css2?family=Open+Sans:wght@300;400;600;700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://notice-study.dk/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 11 Dec 2023 12:13:08 GMT
date: Mon, 11 Dec 2023 12:13:08 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

notice-study.dk/wpcontent/kww/morows/clients/cc.php?verification

46.183.138.100

200 OK

12 kB

URL User Request GET HTTP/2
notice-study.dk/wpcontent/kww/morows/clients/cc.php?verification
IP
46.183.138.100:443
ASN
#16245 Sentia Denmark A/S

Certificate
IssuerLet's Encrypt
Subjectnotice-study.dk
Fingerprint49:EF:36:CD:77:87:F4:32:67:9A:D5:4A:2E:73:7A:90:75:3B:03:52
ValidityWed, 18 Oct 2023 06:03:13 GMT - Tue, 16 Jan 2024 06:03:12 GMT

File type
HTML document text - HTML document text - HTML document text - HTML document text - exported SGML document text - exported SGML document, ASCII text
Size
12 kB (11515 bytes)
Hash
b2a30c0d9fcc6253365fe8d6e4b0db4e
3268203ad7521a3a3293009c854b379a014f0454
7655e59ccdea83ccc0d913017b8d65fb34d76e41a82571cdae4a0cd12709c9f7

HTTP Headers

GET /wpcontent/kww/morows/clients/cc.php?verification HTTP/1.1
Host: notice-study.dk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=e9e6993739deb4b387e2fa0e3d457836
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
alt-svc: h3=":443"; ma=2592000
cache-control: no-store, no-cache, must-revalidate
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Mon, 11 Dec 2023 12:13:07 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
server: Caddy, Apache
vary: Accept-Encoding
x-gigahost-proxy: App Router 4
x-powered-by: PHP/7.4.33
X-Firefox-Spdy: h2

notice-study.dk/wpcontent/kww/morows/?pwd=aramex

46.183.138.100

302 Found

12 kB

URL User Request GET HTTP/2
notice-study.dk/wpcontent/kww/morows/?pwd=aramex
IP
46.183.138.100:443
ASN
#16245 Sentia Denmark A/S

Certificate
IssuerLet's Encrypt
Subjectnotice-study.dk
Fingerprint49:EF:36:CD:77:87:F4:32:67:9A:D5:4A:2E:73:7A:90:75:3B:03:52
ValidityWed, 18 Oct 2023 06:03:13 GMT - Tue, 16 Jan 2024 06:03:12 GMT

File type

Size
12 kB (11515 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /wpcontent/kww/morows/?pwd=aramex HTTP/1.1
Host: notice-study.dk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
alt-svc: h3=":443"; ma=2592000
cache-control: no-store, no-cache, must-revalidate
content-type: text/html; charset=UTF-8
date: Mon, 11 Dec 2023 12:13:07 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
location: clients/cc.php?verification#_
pragma: no-cache
server: Caddy, Apache
set-cookie: PHPSESSID=e9e6993739deb4b387e2fa0e3d457836; path=/
x-gigahost-proxy: App Router 4
x-powered-by: PHP/7.4.33
content-length: 0
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (6)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (34)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash