ziro.si
Open in
urlscan Pro
152.89.234.10
Malicious Activity!
Public Scan
Submission: On July 02 via manual from NO — Scanned from NO
Summary
TLS certificate: Issued by R10 on June 11th 2024. Valid for: 3 months.
This is the only time ziro.si was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: BankID (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
10 | 152.89.234.10 152.89.234.10 | 48894 (OPTIMUS-AS) (OPTIMUS-AS) | |
10 | 1 |
Domain | Requested by | |
---|---|---|
10 | ziro.si |
ziro.si
|
10 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.ziro.si R10 |
2024-06-11 - 2024-09-09 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://ziro.si/skatteetaten-minside/AUTORISERE/index.html
Frame ID: 9CF395B306ABA73ACE5ADD583E355EE7
Requests: 10 HTTP requests in this frame
Screenshot
Page Title
GodkjennDetected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
10 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
index.html
ziro.si/skatteetaten-minside/AUTORISERE/ |
3 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
ziro.si/skatteetaten-minside/AUTORISERE/assets/bootstrap/css/ |
156 KB 156 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Login-Form-Clean.css
ziro.si/skatteetaten-minside/AUTORISERE/assets/css/ |
1 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
styles.css
ziro.si/skatteetaten-minside/AUTORISERE/assets/css/ |
213 B 242 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
95f3a80b-ceb5-4afb-9e0a-d1611744ba4d-w_960_h_960.jpg
ziro.si/skatteetaten-minside/AUTORISERE/assets/img/ |
17 KB 17 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
BNID.svg
ziro.si/skatteetaten-minside/AUTORISERE/assets/img/ |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
369c26_b396f2977e5a40839e2fc77a6f9aac2b~mv2.gif
ziro.si/skatteetaten-minside/AUTORISERE/assets/img/ |
45 KB 45 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ziro.si/skatteetaten-minside/AUTORISERE/assets/js/ |
86 KB 86 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js
ziro.si/skatteetaten-minside/AUTORISERE/assets/bootstrap/js/ |
79 KB 79 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon-32x32.png
ziro.si/skatteetaten-minside/AUTORISERE/assets/img/ |
662 B 723 B |
Other
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: BankID (Banking)6 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
undefined| event object| fence object| sharedStorage function| $ function| jQuery object| bootstrap0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ziro.si
152.89.234.10
03a2ac27ba5805b363000395f1192b83bd1bfe72858d0c90cd3d9dd5526679f5
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
2fbbbda646f6c6004b2f3670d40a1ad4d5df6c8a0089943845aa5fe55a749e92
394156ee114ed3faf968419340ecfd17f69740eb7e4f0a88d59e1f6d5bf0c34e
406e5f75aa05e02a0d3bde82469661e9bd6e770fcdddf5e1659bec30e25a60b3
81431d7e78cbe7d8ff0b386d95d73a0d2a1a4128cabf49b9aafa06cfd0f61755
88f7110ceee5618fe59660d48211eee569130180cedc6be47d106bc357b9c9aa
b23a5e62bb16bd36bfa1555d3f741821201496ac4b6d2cc974549568adadec88
be09957b988dd42f4fe1655f4869cb79027e5e70a6c211db9a3caa0ac48806ff
c0c1fca804bcf79a4564b545fc719f69653e15c16f71e7c988584cc06c5e0a73