![](/screenshots/4270bc33-6f70-4f81-9b1b-642881efd2af.png)
ziro.si
Open in
urlscan Pro
152.89.234.10
Malicious Activity!
Public Scan
Submission: On July 02 via manual from NO — Scanned from NO
Summary
TLS certificate: Issued by R10 on June 11th 2024. Valid for: 3 months.
This is the only time ziro.si was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: BankID (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
9 | 152.89.234.10 152.89.234.10 | 48894 (OPTIMUS-AS) (OPTIMUS-AS) | |
1 | 2001:67c:4e8:... 2001:67c:4e8:f004::9 | 62041 (TELEGRAM) (TELEGRAM) | |
10 | 2 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
ziro.si
ziro.si |
346 KB |
1 |
telegram.org
api.telegram.org — Cisco Umbrella Rank: 31736 |
876 B |
10 | 2 |
Domain | Requested by | |
---|---|---|
9 | ziro.si |
ziro.si
|
1 | api.telegram.org |
ziro.si
|
10 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.ziro.si R10 |
2024-06-11 - 2024-09-09 |
3 months | crt.sh |
api.telegram.org Go Daddy Secure Certificate Authority - G2 |
2024-03-24 - 2025-04-25 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://ziro.si/skatteetaten-minside/index.php
Frame ID: E0CF9DF948E013277FEF7F50F2A028DC
Requests: 10 HTTP requests in this frame
Screenshot
![](/screenshots/4270bc33-6f70-4f81-9b1b-642881efd2af.png)
Page Title
ID-portenDetected technologies
Detected patterns
- \.php(?:$|\?)
![](/vendor/wappa/icons/Bootstrap.png)
Detected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
10 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
index.php
ziro.si/skatteetaten-minside/ |
4 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
ziro.si/skatteetaten-minside/assets/bootstrap/css/ |
156 KB 156 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Login-Form-Clean.css
ziro.si/skatteetaten-minside/assets/css/ |
1 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
styles.css
ziro.si/skatteetaten-minside/assets/css/ |
213 B 249 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
95f3a80b-ceb5-4afb-9e0a-d1611744ba4d-w_960_h_960.jpg
ziro.si/skatteetaten-minside/assets/img/ |
17 KB 17 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
BNID.svg
ziro.si/skatteetaten-minside/assets/img/ |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ziro.si/skatteetaten-minside/assets/js/ |
86 KB 86 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js
ziro.si/skatteetaten-minside/assets/bootstrap/js/ |
79 KB 79 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
sendMessage
api.telegram.org/bot6127875008:AAEjzMwnrA_k0V2hYph6lc2eFU_WzoWPJyM/ |
629 B 876 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon-32x32.png
ziro.si/skatteetaten-minside/assets/img/ |
662 B 700 B |
Other
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: BankID (Banking)8 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
undefined| event object| fence object| sharedStorage function| $ function| jQuery object| bootstrap function| sendTelegramNotification function| validateForm0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
api.telegram.org
ziro.si
152.89.234.10
2001:67c:4e8:f004::9
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
2fbbbda646f6c6004b2f3670d40a1ad4d5df6c8a0089943845aa5fe55a749e92
394156ee114ed3faf968419340ecfd17f69740eb7e4f0a88d59e1f6d5bf0c34e
406e5f75aa05e02a0d3bde82469661e9bd6e770fcdddf5e1659bec30e25a60b3
81431d7e78cbe7d8ff0b386d95d73a0d2a1a4128cabf49b9aafa06cfd0f61755
88f7110ceee5618fe59660d48211eee569130180cedc6be47d106bc357b9c9aa
b23a5e62bb16bd36bfa1555d3f741821201496ac4b6d2cc974549568adadec88
c0c1fca804bcf79a4564b545fc719f69653e15c16f71e7c988584cc06c5e0a73
d51c19534d74c0332462655ff7292528188df140ef022a748e3249f420cf6dbf
fff6ebe11f4c5b671f703ffa658dccf80854dcbe37d962673f7b7d1e78b408c8