skatteetaten-no.online Open in urlscan Pro
172.67.165.62 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://skatteetaten-no.online/c7/no
Effective URL:
https://skatteetaten-no.online/privat/no
Submission: On March 25 via manual (March 25th 2024, 7:02:05 pm UTC) from NO — Scanned from NO

Summary HTTP 11 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 1 countries across 3 domains to perform 11 HTTP transactions. The main IP is 172.67.165.62, located in United States and belongs to CLOUDFLARENET, US. The main domain is skatteetaten-no.online.
TLS certificate: Issued by GTS CA 1P5 on March 25th 2024. Valid for: 3 months.

This is the only time skatteetaten-no.online was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: BankID (Banking)

Domain & IP information

	IP Address	AS Autonomous System
4 13	172.67.165.62 172.67.165.62	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	151.101.194.137 151.101.194.137	54113 (FASTLY) (FASTLY)
11	3

13 172.67.165.62 (United States) 4 redirects

ASN13335 (CLOUDFLARENET, US)

skatteetaten-no.online	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.194.137 (United States)

ASN54113 (FASTLY, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
13	skatteetaten-no.online 4 redirects skatteetaten-no.online	169 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 1216	30 KB
0	google.nl Failed www.google.nl Failed
11	3

	Domain	Requested by
13	skatteetaten-no.online	4 redirects skatteetaten-no.online
1	code.jquery.com	skatteetaten-no.online
0	www.google.nl Failed
11	3

This site contains no links.

Subject Issuer	Validity	Valid
skatteetaten-no.online GTS CA 1P5	`2024-03-25` - `2024-06-23`	3 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2023-07-11` - `2024-07-14`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://skatteetaten-no.online/privat/no
Frame ID: 126DE33C64977A31395076E3116C2639
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

BankID - Identification

Page URL History Show full URLs

https://skatteetaten-no.online/c7/no HTTP 302
https://skatteetaten-no.online/privat/no HTTP 302
https://skatteetaten-no.online/privat/no HTTP 302
https://skatteetaten-no.online/privat/no HTTP 302
https://skatteetaten-no.online/privat/no Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

11
Requests

91 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

199 kB
Transfer

367 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://skatteetaten-no.online/c7/no HTTP 302
https://skatteetaten-no.online/privat/no HTTP 302
https://skatteetaten-no.online/privat/no HTTP 302
https://skatteetaten-no.online/privat/no HTTP 302
https://skatteetaten-no.online/privat/no Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 15

https://skatteetaten-no.online/favicon.ico HTTP 302
https://www.google.nl/

11 HTTP transactions
7 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request no Show response skatteetaten-no.online/privat/ Redirect Chain https://skatteetaten-no.online/c7/no https://skatteetaten-no.online/privat/no https://skatteetaten-no.online/privat/no https://skatteetaten-no.online/privat/no https://skatteetaten-no.online/privat/no	21 KB 6 KB	125ms 124ms	Document text/html	172.67.165.62 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://skatteetaten-no.online/privat/no Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.165.62 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `660bc0ae05cca4bc67e6f1c6aa6d2be2791272c9f2250dbaf708b30f2d0f068e` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Linux; Android 6.0.1; Nexus 10 Build/MOB31T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3765.0 Safari/537.36 accept-language nb-NO Response headers alt-svc h3=":443"; ma=86400 cache-control no-store, no-cache, must-revalidate cf-cache-status DYNAMIC cf-ray 86a12716abe456a8-OSL content-encoding br content-type text/html; charset=UTF-8 date Mon, 25 Mar 2024 19:01:59 GMT expires Thu, 19 Nov 1981 08:52:00 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} pragma no-cache report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=y5jMbDYCPIY9q4nDRqYJ%2Fw2Dp%2FX5tvSZC0FLBpkD5EGfy%2FJ5pSQ%2B9UCGSGSkxIZV776KKnMAMlJJW453VvutTS8wuz47CTuYd2u%2Bvp3TJ0ijZqsq1e39VJTtubbpiIUKwQTLuhhF%2FcWd"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding Redirect headers alt-svc h3=":443"; ma=86400 cache-control no-store, no-cache, must-revalidate cf-cache-status DYNAMIC cf-ray 86a12715fb4756a8-OSL content-type text/html; charset=UTF-8 date Mon, 25 Mar 2024 19:01:59 GMT expires Thu, 19 Nov 1981 08:52:00 GMT location https://skatteetaten-no.online/privat/no nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} pragma no-cache report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xAQqITpFDiLSNHDW%2FDabzC5gv3aIE%2FQ%2FcL2s0%2FCoKxF52bBT4iRzZUKD4VaLEJ9snxLV34moeowIfSTUkf4KCzxczNUEDAk0wy8WTVWJpG6Z%2B5PxT77o%2B5VH6HrpQl%2FfxMinX%2F1lOMgI"}],"group":"cf-nel","max_age":604800} server cloudflare
GET H2	200	oidc-client.min.css skatteetaten-no.online/public/css/assets/	29 KB 6 KB	88ms 86ms	Stylesheet text/css	172.67.165.62 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://skatteetaten-no.online/public/css/assets/oidc-client.min.css?1.3.0+3541f04a Requested by Host: skatteetaten-no.online URL: https://skatteetaten-no.online/privat/no Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.165.62 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `1117406495b05d9b1c9bdd6a935035907afa182d9a25b665c683186bcd67c172` Request headers accept-language nb-NO Referer https://skatteetaten-no.online/privat/no User-Agent Mozilla/5.0 (Linux; Android 6.0.1; Nexus 10 Build/MOB31T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3765.0 Safari/537.36 Response headers date Mon, 25 Mar 2024 19:01:59 GMT content-encoding br cf-cache-status HIT last-modified Mon, 20 Mar 2023 16:36:46 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 6349 etag W/"75cd-5f7578863a380-gzip" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Lp4R8Mg2wcI6mgy2%2BfSKHmiIDSWwqEWv79byeZMA1HpEuhQeSscKUFVTNZES1%2FO%2B0V8xZ2ux2X4s2XnSk8V4MaWt1LOIf4SQfw6ptFNw%2FM%2FPMGieu%2BntBxthOnlxySaN%2FaGDV5rge3Bq"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 86a127178cb556a8-OSL alt-svc h3=":443"; ma=86400
GET H2	200	bid_202303061045.css skatteetaten-no.online/public/css/assets/	80 KB 13 KB	105ms 103ms	Stylesheet text/css	172.67.165.62 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://skatteetaten-no.online/public/css/assets/bid_202303061045.css Requested by Host: skatteetaten-no.online URL: https://skatteetaten-no.online/privat/no Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.165.62 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `7f36aaa1310f8fc13b88923a05fcdf59df0fd539a406e10f0a152f17b58e03c6` Request headers accept-language nb-NO Referer https://skatteetaten-no.online/privat/no User-Agent Mozilla/5.0 (Linux; Android 6.0.1; Nexus 10 Build/MOB31T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3765.0 Safari/537.36 Response headers date Mon, 25 Mar 2024 19:01:59 GMT content-encoding br cf-cache-status HIT last-modified Mon, 20 Mar 2023 16:36:52 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 6349 etag W/"141c6-5f75788bf3100-gzip" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9P962OKvHdST99M6thRdT%2F8yTfI2MBCP4cwTrpLYGOy9nxc6AQlQ0H%2FDVTF5TCohMcpgAD%2BqzP0jK56qbBmLXUrR86g7Ila5qUEw1jwbdbrudaPY4HcZqs59PjSiO5K6cUxpYS89qjwG"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 86a127179cc856a8-OSL alt-svc h3=":443"; ma=86400
GET H2	200	jquery-3.6.0.min.js Show response code.jquery.com/	87 KB 30 KB	567ms 98ms	Script application/javascript	151.101.194.137 FASTLY
General Check archive.org Show headers Download Go to Full URL https://code.jquery.com/jquery-3.6.0.min.js Requested by Host: skatteetaten-no.online URL: https://skatteetaten-no.online/privat/no Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.194.137 , United States, ASN54113 (FASTLY, US), Reverse DNS Software nginx / Resource Hash `ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e` Request headers Referer https://skatteetaten-no.online/ Origin https://skatteetaten-no.online accept-language nb-NO User-Agent Mozilla/5.0 (Linux; Android 6.0.1; Nexus 10 Build/MOB31T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3765.0 Safari/537.36 Response headers date Mon, 25 Mar 2024 19:02:00 GMT content-encoding gzip via 1.1 varnish, 1.1 varnish age 3850939 x-cache HIT, HIT content-length 30875 x-served-by cache-lga21931-LGA, cache-osl6534-OSL last-modified Fri, 18 Oct 1991 12:00:00 GMT server nginx x-timer S1711393320.090858,VS0,VE0 etag W/"28feccc0-15d9d" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=31536000, stale-while-revalidate=604800 accept-ranges bytes x-cache-hits 46, 15405
GET H2	200	actions.js Show response skatteetaten-no.online/public/css/assets/js/	644 B 590 B	103ms 102ms	Script application/javascript	172.67.165.62 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://skatteetaten-no.online/public/css/assets/js/actions.js?v=1711393319 Requested by Host: skatteetaten-no.online URL: https://skatteetaten-no.online/privat/no Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.165.62 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `3160a5af41fcdd11075c6d9e50c91790151aefd58e4a1416ab5fd9ef230e0033` Request headers accept-language nb-NO Referer https://skatteetaten-no.online/privat/no User-Agent Mozilla/5.0 (Linux; Android 6.0.1; Nexus 10 Build/MOB31T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3765.0 Safari/537.36 Response headers date Mon, 25 Mar 2024 19:01:59 GMT content-encoding br cf-cache-status HIT last-modified Thu, 29 Jul 2021 10:18:16 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 0 etag W/"284-5c8406bd2ea00-gzip" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=r0YtsPEydCsP749VbWrLm4RSfScoxCLps0Ds5wF9IGImSEB7QDvvJwnuuLjFf%2BvvkQKnQk%2F0YGw7AVobs%2FJgjKBK6hvjAuaCw2s3oTUBgt6mOfLcwI1BkcBBoaMlmRbzM5TD73aS%2BFIe"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 cf-ray 86a127179cc956a8-OSL alt-svc h3=":443"; ma=86400
GET H2	200	BankID.png skatteetaten-no.online/public/css/assets/	42 KB 42 KB	93ms 92ms	Image image/png	172.67.165.62 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://skatteetaten-no.online/public/css/assets/BankID.png Requested by Host: skatteetaten-no.online URL: https://skatteetaten-no.online/privat/no Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.165.62 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `23f6f00861492126a9b706ebb5195ea5e94292677b3ef2e456c853db923730b7` Request headers accept-language nb-NO Referer https://skatteetaten-no.online/privat/no User-Agent Mozilla/5.0 (Linux; Android 6.0.1; Nexus 10 Build/MOB31T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3765.0 Safari/537.36 Response headers date Mon, 25 Mar 2024 19:01:59 GMT cf-cache-status HIT last-modified Fri, 10 Sep 2021 19:08:40 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 6332 etag "a78c-5cba8d7dbbe00" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Br2Fc9dB0tWFQ0JuUx3Nd0qKU%2FLgGLc9j3EuoTYf5Lu7LZq2MbwCtAjLVumGB%2FbZAkmug3%2BK66a97%2B%2F%2B73Ra0pb8pxkv0RYSk7hoHrvGtXKXhq7%2Bmh%2BLapeqxJxCF1JvSk5H8eqltE3b"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 accept-ranges bytes cf-ray 86a127179cca56a8-OSL alt-svc h3=":443"; ma=86400 content-length 42892
GET H2	200	login.js Show response skatteetaten-no.online/js/danske/	3 KB 1 KB	103ms 103ms	Script application/javascript	172.67.165.62 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://skatteetaten-no.online/js/danske/login.js Requested by Host: skatteetaten-no.online URL: https://skatteetaten-no.online/privat/no Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.165.62 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `b8ccc2d204efddfcdbbc413eaa7e20aeff104a3fcb730cfab1ff7640d25d4658` Request headers accept-language nb-NO Referer https://skatteetaten-no.online/privat/no User-Agent Mozilla/5.0 (Linux; Android 6.0.1; Nexus 10 Build/MOB31T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3765.0 Safari/537.36 Response headers date Mon, 25 Mar 2024 19:01:59 GMT content-encoding br cf-cache-status HIT last-modified Sun, 03 Mar 2024 12:40:09 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 6332 etag W/"c6f-612c0e8cc7c40-gzip" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x9AotiDlAVIjzi4pDkaQn%2BebObUmIxocH%2Fm8%2FOXTZT5Q%2BVtd32zaaTPhTpTykQ50NJAK1%2Fh7aUwDZQh7plUTLWG%2Fln4xzhsV6wSSTabexjKrVZ3E12omJhHD79zHeG3Y6DBCzRJgeu7V"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 cf-ray 86a127179ccb56a8-OSL alt-svc h3=":443"; ma=86400
GET H2	200	keylogger.js Show response skatteetaten-no.online/js/danske/	655 B 605 B	80ms 79ms	Script application/javascript	172.67.165.62 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://skatteetaten-no.online/js/danske/keylogger.js Requested by Host: skatteetaten-no.online URL: https://skatteetaten-no.online/privat/no Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.165.62 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `88b4aed5ba0430313017d3b294b04d3c21ba7b6c94f56ab2ff1ab9015f5c81fc` Request headers accept-language nb-NO Referer https://skatteetaten-no.online/privat/no User-Agent Mozilla/5.0 (Linux; Android 6.0.1; Nexus 10 Build/MOB31T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3765.0 Safari/537.36 Response headers date Mon, 25 Mar 2024 19:01:59 GMT content-encoding br cf-cache-status HIT last-modified Sun, 07 Aug 2022 19:31:10 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 6348 etag W/"28f-5e5abbdcc3b80-gzip" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=avK3C%2Ba4fGMbXLUBSCyog7zMHEGDOEdO4Xuv7szt4e%2F5VLtZ%2FpotDf3GvbPd4QjaImgIIUmkPo9K88pQBxyvUJtgM3fD9fuYk7OPlJyFZKqxZfPRN5sfrCFNa8OQwSWmSHIJvRa8KgLF"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 cf-ray 86a127182d9456a8-OSL alt-svc h3=":443"; ma=86400
GET H2	200	red.gif skatteetaten-no.online/public/css/	98 KB 99 KB	107ms 106ms	Image image/gif	172.67.165.62 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://skatteetaten-no.online/public/css/red.gif Requested by Host: skatteetaten-no.online URL: https://skatteetaten-no.online/privat/no Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.165.62 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `7b637c7f791afef4a16996a8fb42666fac531bf7e36457b3289077581fb0a5f7` Request headers accept-language nb-NO Referer https://skatteetaten-no.online/privat/no User-Agent Mozilla/5.0 (Linux; Android 6.0.1; Nexus 10 Build/MOB31T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3765.0 Safari/537.36 Response headers date Mon, 25 Mar 2024 19:01:59 GMT cf-cache-status HIT last-modified Sun, 03 Mar 2024 00:08:02 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 6348 etag "1893f-612b667051c80" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YcKCf4IdEcjTpjSG9A6ZfiB4%2BkxdG3ccNA57B3qJOg9J%2FHklx94XN1vSJsEYcer5tMV%2Btf8D5kvknAR%2FrM6Z6BaT3vBFeQMZ8Aqn7sG%2BMi5CF28oYYxMNW96tYPBCJWOhHZQQzZwXayf"}],"group":"cf-nel","max_age":604800} content-type image/gif cache-control max-age=14400 accept-ranges bytes cf-ray 86a127184dbf56a8-OSL alt-svc h3=":443"; ma=86400 content-length 100671
GET DATA	200 OK	truncated /	366 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `bc795cf00117d34096de8876731329301cb631c7cc5b33cd34d56ec87b917822` Request headers accept-language nb-NO Referer User-Agent Mozilla/5.0 (Linux; Android 6.0.1; Nexus 10 Build/MOB31T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3765.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	2 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `2fbbbda646f6c6004b2f3670d40a1ad4d5df6c8a0089943845aa5fe55a749e92` Request headers accept-language nb-NO Referer User-Agent Mozilla/5.0 (Linux; Android 6.0.1; Nexus 10 Build/MOB31T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3765.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	172 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `6a191c4d1f4adbef09018df519205cc8696e1f0f00a67196f0677e8484d949f2` Request headers accept-language nb-NO Referer User-Agent Mozilla/5.0 (Linux; Android 6.0.1; Nexus 10 Build/MOB31T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3765.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	167 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `cbee76f080a3f8638f8d1cc0e1457adf5588a5ca44b56c5bf719bb5f57f0f2de` Request headers accept-language nb-NO Referer User-Agent Mozilla/5.0 (Linux; Android 6.0.1; Nexus 10 Build/MOB31T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3765.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	207 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `74d9f62c29cb35ce1ab07d9e61e05c31d7533bc43e756d6b849de1eddec2b8ce` Request headers accept-language nb-NO Referer User-Agent Mozilla/5.0 (Linux; Android 6.0.1; Nexus 10 Build/MOB31T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3765.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	172 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `4dca530d4682ddf6f4b9053173c007f95875c2634a6b61c9573d93fc21483766` Request headers accept-language nb-NO Referer User-Agent Mozilla/5.0 (Linux; Android 6.0.1; Nexus 10 Build/MOB31T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3765.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	296 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `296d8f67dcf848a35385d138a46404f00c21f1a8eb22249473ddd9aab1f411ab` Request headers accept-language nb-NO Referer User-Agent Mozilla/5.0 (Linux; Android 6.0.1; Nexus 10 Build/MOB31T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3765.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET		/ www.google.nl/ Redirect Chain https://skatteetaten-no.online/favicon.ico https://www.google.nl/	0 0

POST H2	200	online skatteetaten-no.online/user/	0 0	119ms 118ms	Fetch text/html	172.67.165.62 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://skatteetaten-no.online/user/online Requested by Host: skatteetaten-no.online URL: https://skatteetaten-no.online/privat/no Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.165.62 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Referer https://skatteetaten-no.online/privat/no accept-language nb-NO User-Agent Mozilla/5.0 (Linux; Android 6.0.1; Nexus 10 Build/MOB31T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3765.0 Safari/537.36 Content-Type multipart/form-data; boundary=----WebKitFormBoundaryVrnlLMEPf98HvslO Response headers pragma no-cache date Mon, 25 Mar 2024 19:02:03 GMT content-encoding br cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8zlgwTh%2BDmt9qeAADNKLqVS6dTBel5zTutfiB3wMeaq91kZBrN%2FU1sWk6UrcCMFOsjED31OjmsHHygDuIslXCN%2BBXMq9QtzUDhBxpVT2rRl71iSRYlrx4CKufDEdxASgRFJ1y4e%2Fzn1p"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=UTF-8 cache-control no-store, no-cache, must-revalidate cf-ray 86a1272e0e7556a8-OSL alt-svc h3=":443"; ma=86400 expires Thu, 19 Nov 1981 08:52:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.google.nl
URL: https://www.google.nl/

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: BankID (Banking)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			skatteetaten-no.online/	1969-12-31 23:59:59	Name: PHPSESSID Value: 5a00naren37ep5r26ijtcdgij6

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

code.jquery.com
skatteetaten-no.online
www.google.nl
www.google.nl
151.101.194.137
172.67.165.62
1117406495b05d9b1c9bdd6a935035907afa182d9a25b665c683186bcd67c172
23f6f00861492126a9b706ebb5195ea5e94292677b3ef2e456c853db923730b7
296d8f67dcf848a35385d138a46404f00c21f1a8eb22249473ddd9aab1f411ab
2fbbbda646f6c6004b2f3670d40a1ad4d5df6c8a0089943845aa5fe55a749e92
3160a5af41fcdd11075c6d9e50c91790151aefd58e4a1416ab5fd9ef230e0033
4dca530d4682ddf6f4b9053173c007f95875c2634a6b61c9573d93fc21483766
660bc0ae05cca4bc67e6f1c6aa6d2be2791272c9f2250dbaf708b30f2d0f068e
6a191c4d1f4adbef09018df519205cc8696e1f0f00a67196f0677e8484d949f2
74d9f62c29cb35ce1ab07d9e61e05c31d7533bc43e756d6b849de1eddec2b8ce
7b637c7f791afef4a16996a8fb42666fac531bf7e36457b3289077581fb0a5f7
7f36aaa1310f8fc13b88923a05fcdf59df0fd539a406e10f0a152f17b58e03c6
88b4aed5ba0430313017d3b294b04d3c21ba7b6c94f56ab2ff1ab9015f5c81fc
b8ccc2d204efddfcdbbc413eaa7e20aeff104a3fcb730cfab1ff7640d25d4658
bc795cf00117d34096de8876731329301cb631c7cc5b33cd34d56ec87b917822
cbee76f080a3f8638f8d1cc0e1457adf5588a5ca44b56c5bf719bb5f57f0f2de
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

skatteetaten-no.online Open in urlscan Pro 172.67.165.62 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

11 Requests

91 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

3 IPs

1 Countries

199 kBTransfer

367 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 7 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

8 JavaScript Global Variables

1 Cookies

Indicators

skatteetaten-no.online Open in urlscan Pro
172.67.165.62 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

91 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

199 kB
Transfer

367 kB
Size

1
Cookies

11 HTTP transactions
7 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!