ziro.si Open in urlscan Pro
152.89.234.10  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request index.php Show response ziro.si/skatteetaten-minside/	4 KB 4 KB	392ms 84ms	Document text/html	152.89.234.10 OPTIMUS-AS
General Check archive.org Show headers Download Go to Full URL https://ziro.si/skatteetaten-minside/index.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 152.89.234.10 , Slovenia, ASN48894 (OPTIMUS-AS, SI), Reverse DNS sh9.neoserv.si Software Apache / PHP/5.5.38 Resource Hash fff6ebe11f4c5b671f703ffa658dccf80854dcbe37d962673f7b7d1e78b408c8 Request headers Accept-Language no-NO,no;q=0.9;q=0.9 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers content-type text/html date Tue, 02 Jul 2024 18:02:08 GMT server Apache x-powered-by PHP/5.5.38
GET H2	200	bootstrap.min.css ziro.si/skatteetaten-minside/assets/bootstrap/css/	156 KB 156 KB	153ms 152ms	Stylesheet text/css	152.89.234.10 OPTIMUS-AS
General Check archive.org Show headers Download Go to Full URL https://ziro.si/skatteetaten-minside/assets/bootstrap/css/bootstrap.min.css Requested by Host: ziro.si URL: https://ziro.si/skatteetaten-minside/index.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 152.89.234.10 , Slovenia, ASN48894 (OPTIMUS-AS, SI), Reverse DNS sh9.neoserv.si Software Apache / Resource Hash b23a5e62bb16bd36bfa1555d3f741821201496ac4b6d2cc974549568adadec88 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://ziro.si/skatteetaten-minside/index.php Accept-Language no-NO,no;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 02 Jul 2024 18:02:08 GMT last-modified Sun, 23 Jun 2024 04:16:24 GMT server Apache accept-ranges bytes content-length 159470 content-type text/css
GET H2	200	Login-Form-Clean.css ziro.si/skatteetaten-minside/assets/css/	1 KB 1 KB	152ms 151ms	Stylesheet text/css	152.89.234.10 OPTIMUS-AS
General Check archive.org Show headers Download Go to Full URL https://ziro.si/skatteetaten-minside/assets/css/Login-Form-Clean.css Requested by Host: ziro.si URL: https://ziro.si/skatteetaten-minside/index.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 152.89.234.10 , Slovenia, ASN48894 (OPTIMUS-AS, SI), Reverse DNS sh9.neoserv.si Software Apache / Resource Hash c0c1fca804bcf79a4564b545fc719f69653e15c16f71e7c988584cc06c5e0a73 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://ziro.si/skatteetaten-minside/index.php Accept-Language no-NO,no;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 02 Jul 2024 18:02:08 GMT last-modified Sun, 23 Jun 2024 04:16:24 GMT server Apache accept-ranges bytes content-length 1247 content-type text/css
GET H2	200	styles.css ziro.si/skatteetaten-minside/assets/css/	213 B 249 B	151ms 151ms	Stylesheet text/css	152.89.234.10 OPTIMUS-AS
General Check archive.org Show headers Download Go to Full URL https://ziro.si/skatteetaten-minside/assets/css/styles.css Requested by Host: ziro.si URL: https://ziro.si/skatteetaten-minside/index.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 152.89.234.10 , Slovenia, ASN48894 (OPTIMUS-AS, SI), Reverse DNS sh9.neoserv.si Software Apache / Resource Hash 406e5f75aa05e02a0d3bde82469661e9bd6e770fcdddf5e1659bec30e25a60b3 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://ziro.si/skatteetaten-minside/index.php Accept-Language no-NO,no;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 02 Jul 2024 18:02:08 GMT last-modified Sun, 23 Jun 2024 04:16:24 GMT server Apache accept-ranges bytes content-length 213 content-type text/css
GET H2	200	95f3a80b-ceb5-4afb-9e0a-d1611744ba4d-w_960_h_960.jpg ziro.si/skatteetaten-minside/assets/img/	17 KB 17 KB	77ms 76ms	Image image/jpeg	152.89.234.10 OPTIMUS-AS
General Check archive.org Show headers Download Go to Show image Full URL https://ziro.si/skatteetaten-minside/assets/img/95f3a80b-ceb5-4afb-9e0a-d1611744ba4d-w_960_h_960.jpg Requested by Host: ziro.si URL: https://ziro.si/skatteetaten-minside/index.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 152.89.234.10 , Slovenia, ASN48894 (OPTIMUS-AS, SI), Reverse DNS sh9.neoserv.si Software Apache / Resource Hash 81431d7e78cbe7d8ff0b386d95d73a0d2a1a4128cabf49b9aafa06cfd0f61755 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://ziro.si/skatteetaten-minside/index.php Accept-Language no-NO,no;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 02 Jul 2024 18:02:08 GMT last-modified Sun, 23 Jun 2024 04:16:24 GMT server Apache accept-ranges bytes content-length 17716 content-type image/jpeg
GET H2	200	BNID.svg ziro.si/skatteetaten-minside/assets/img/	2 KB 2 KB	77ms 77ms	Image image/svg+xml	152.89.234.10 OPTIMUS-AS
General Check archive.org Show headers Download Go to Show image Full URL https://ziro.si/skatteetaten-minside/assets/img/BNID.svg Requested by Host: ziro.si URL: https://ziro.si/skatteetaten-minside/index.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 152.89.234.10 , Slovenia, ASN48894 (OPTIMUS-AS, SI), Reverse DNS sh9.neoserv.si Software Apache / Resource Hash 2fbbbda646f6c6004b2f3670d40a1ad4d5df6c8a0089943845aa5fe55a749e92 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://ziro.si/skatteetaten-minside/index.php Accept-Language no-NO,no;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 02 Jul 2024 18:02:08 GMT last-modified Sun, 23 Jun 2024 04:16:24 GMT server Apache accept-ranges bytes content-length 2075 content-type image/svg+xml
GET H2	200	jquery.min.js Show response ziro.si/skatteetaten-minside/assets/js/	86 KB 86 KB	287ms 286ms	Script application/javascript	152.89.234.10 OPTIMUS-AS
General Check archive.org Show headers Download Go to Full URL https://ziro.si/skatteetaten-minside/assets/js/jquery.min.js Requested by Host: ziro.si URL: https://ziro.si/skatteetaten-minside/index.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 152.89.234.10 , Slovenia, ASN48894 (OPTIMUS-AS, SI), Reverse DNS sh9.neoserv.si Software Apache / Resource Hash 0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://ziro.si/skatteetaten-minside/index.php Accept-Language no-NO,no;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 02 Jul 2024 18:02:08 GMT last-modified Sun, 23 Jun 2024 04:16:24 GMT server Apache accept-ranges bytes content-length 88145 content-type application/javascript
GET H2	200	bootstrap.min.js Show response ziro.si/skatteetaten-minside/assets/bootstrap/js/	79 KB 79 KB	287ms 287ms	Script application/javascript	152.89.234.10 OPTIMUS-AS
General Check archive.org Show headers Download Go to Full URL https://ziro.si/skatteetaten-minside/assets/bootstrap/js/bootstrap.min.js Requested by Host: ziro.si URL: https://ziro.si/skatteetaten-minside/index.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 152.89.234.10 , Slovenia, ASN48894 (OPTIMUS-AS, SI), Reverse DNS sh9.neoserv.si Software Apache / Resource Hash 394156ee114ed3faf968419340ecfd17f69740eb7e4f0a88d59e1f6d5bf0c34e Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://ziro.si/skatteetaten-minside/index.php Accept-Language no-NO,no;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 02 Jul 2024 18:02:08 GMT last-modified Sun, 23 Jun 2024 04:16:24 GMT server Apache accept-ranges bytes content-length 80698 content-type application/javascript
POST H2	200	sendMessage Show response api.telegram.org/bot6127875008:AAEjzMwnrA_k0V2hYph6lc2eFU_WzoWPJyM/	629 B 876 B	307ms 177ms	XHR application/json	2001:67c:4e8:f004::9 TELEGRAM
General Check archive.org Show headers Download Go to Full URL https://api.telegram.org/bot6127875008:AAEjzMwnrA_k0V2hYph6lc2eFU_WzoWPJyM/sendMessage Requested by Host: ziro.si URL: https://ziro.si/skatteetaten-minside/assets/js/jquery.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2001:67c:4e8:f004::9 Amsterdam, Netherlands, ASN62041 (TELEGRAM, VG), Reverse DNS Software nginx/1.18.0 / Resource Hash d51c19534d74c0332462655ff7292528188df140ef022a748e3249f420cf6dbf Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Accept-Language no-NO,no;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Content-Type application/x-www-form-urlencoded; charset=UTF-8 Accept */* Referer https://ziro.si/ sec-ch-ua-platform "Win32" Response headers date Tue, 02 Jul 2024 18:02:08 GMT strict-transport-security max-age=31536000; includeSubDomains; preload server nginx/1.18.0 access-control-allow-methods GET, POST, OPTIONS content-type application/json access-control-allow-origin * access-control-expose-headers Content-Length,Content-Type,Date,Server,Connection content-length 629
GET H2	200	favicon-32x32.png ziro.si/skatteetaten-minside/assets/img/	662 B 700 B	76ms 76ms	Other image/png	152.89.234.10 OPTIMUS-AS
General Check archive.org Show headers Download Go to Full URL https://ziro.si/skatteetaten-minside/assets/img/favicon-32x32.png Protocol H2 Security TLS 1.3, , AES_128_GCM Server 152.89.234.10 , Slovenia, ASN48894 (OPTIMUS-AS, SI), Reverse DNS sh9.neoserv.si Software Apache / Resource Hash 88f7110ceee5618fe59660d48211eee569130180cedc6be47d106bc357b9c9aa Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://ziro.si/skatteetaten-minside/index.php Accept-Language no-NO,no;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 02 Jul 2024 18:02:08 GMT last-modified Sun, 23 Jun 2024 04:16:24 GMT server Apache accept-ranges bytes content-length 662 content-type image/png

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: BankID (Banking)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

undefined| event object| fence object| sharedStorage function| $ function| jQuery object| bootstrap function| sendTelegramNotification function| validateForm

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	verbose	URL: https://ziro.si/skatteetaten-minside/index.php Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.telegram.org
ziro.si
152.89.234.10
2001:67c:4e8:f004::9
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
2fbbbda646f6c6004b2f3670d40a1ad4d5df6c8a0089943845aa5fe55a749e92
394156ee114ed3faf968419340ecfd17f69740eb7e4f0a88d59e1f6d5bf0c34e
406e5f75aa05e02a0d3bde82469661e9bd6e770fcdddf5e1659bec30e25a60b3
81431d7e78cbe7d8ff0b386d95d73a0d2a1a4128cabf49b9aafa06cfd0f61755
88f7110ceee5618fe59660d48211eee569130180cedc6be47d106bc357b9c9aa
b23a5e62bb16bd36bfa1555d3f741821201496ac4b6d2cc974549568adadec88
c0c1fca804bcf79a4564b545fc719f69653e15c16f71e7c988584cc06c5e0a73
d51c19534d74c0332462655ff7292528188df140ef022a748e3249f420cf6dbf
fff6ebe11f4c5b671f703ffa658dccf80854dcbe37d962673f7b7d1e78b408c8