skatteetaten-no.online
Open in
urlscan Pro
172.67.165.62
Malicious Activity!
Public Scan
Effective URL: https://skatteetaten-no.online/privat/no
Submission: On March 25 via manual from NO — Scanned from NO
Summary
TLS certificate: Issued by GTS CA 1P5 on March 25th 2024. Valid for: 3 months.
This is the only time skatteetaten-no.online was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: BankID (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
4 13 | 172.67.165.62 172.67.165.62 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 151.101.194.137 151.101.194.137 | 54113 (FASTLY) (FASTLY) | |
11 | 3 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
13 |
skatteetaten-no.online
4 redirects
skatteetaten-no.online |
169 KB |
1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 1216 |
30 KB |
0 |
google.nl
Failed
www.google.nl Failed |
|
11 | 3 |
Domain | Requested by | |
---|---|---|
13 | skatteetaten-no.online |
4 redirects
skatteetaten-no.online
|
1 | code.jquery.com |
skatteetaten-no.online
|
0 | www.google.nl Failed | |
11 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
skatteetaten-no.online GTS CA 1P5 |
2024-03-25 - 2024-06-23 |
3 months | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2023-07-11 - 2024-07-14 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://skatteetaten-no.online/privat/no
Frame ID: 126DE33C64977A31395076E3116C2639
Requests: 18 HTTP requests in this frame
Screenshot
Page Title
BankID - IdentificationPage URL History Show full URLs
-
https://skatteetaten-no.online/c7/no
HTTP 302
https://skatteetaten-no.online/privat/no HTTP 302
https://skatteetaten-no.online/privat/no HTTP 302
https://skatteetaten-no.online/privat/no HTTP 302
https://skatteetaten-no.online/privat/no Page URL
Detected technologies
jQuery (JavaScript Libraries) ExpandDetected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://skatteetaten-no.online/c7/no
HTTP 302
https://skatteetaten-no.online/privat/no HTTP 302
https://skatteetaten-no.online/privat/no HTTP 302
https://skatteetaten-no.online/privat/no HTTP 302
https://skatteetaten-no.online/privat/no Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 15- https://skatteetaten-no.online/favicon.ico HTTP 302
- https://www.google.nl/
11 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
no
skatteetaten-no.online/privat/ Redirect Chain
|
21 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
oidc-client.min.css
skatteetaten-no.online/public/css/assets/ |
29 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bid_202303061045.css
skatteetaten-no.online/public/css/assets/ |
80 KB 13 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.6.0.min.js
code.jquery.com/ |
87 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
actions.js
skatteetaten-no.online/public/css/assets/js/ |
644 B 590 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
BankID.png
skatteetaten-no.online/public/css/assets/ |
42 KB 42 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login.js
skatteetaten-no.online/js/danske/ |
3 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
keylogger.js
skatteetaten-no.online/js/danske/ |
655 B 605 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
red.gif
skatteetaten-no.online/public/css/ |
98 KB 99 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
366 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
172 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
167 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
207 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
172 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
296 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
/
www.google.nl/ Redirect Chain
|
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
online
skatteetaten-no.online/user/ |
0 0 |
Fetch
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- www.google.nl
- URL
- https://www.google.nl/
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: BankID (Banking)8 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onorientationchange number| orientation object| onpagereveal function| $ function| jQuery function| timedRedirect string| redirectTime string| redirectURL1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
skatteetaten-no.online/ | Name: PHPSESSID Value: 5a00naren37ep5r26ijtcdgij6 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
code.jquery.com
skatteetaten-no.online
www.google.nl
www.google.nl
151.101.194.137
172.67.165.62
1117406495b05d9b1c9bdd6a935035907afa182d9a25b665c683186bcd67c172
23f6f00861492126a9b706ebb5195ea5e94292677b3ef2e456c853db923730b7
296d8f67dcf848a35385d138a46404f00c21f1a8eb22249473ddd9aab1f411ab
2fbbbda646f6c6004b2f3670d40a1ad4d5df6c8a0089943845aa5fe55a749e92
3160a5af41fcdd11075c6d9e50c91790151aefd58e4a1416ab5fd9ef230e0033
4dca530d4682ddf6f4b9053173c007f95875c2634a6b61c9573d93fc21483766
660bc0ae05cca4bc67e6f1c6aa6d2be2791272c9f2250dbaf708b30f2d0f068e
6a191c4d1f4adbef09018df519205cc8696e1f0f00a67196f0677e8484d949f2
74d9f62c29cb35ce1ab07d9e61e05c31d7533bc43e756d6b849de1eddec2b8ce
7b637c7f791afef4a16996a8fb42666fac531bf7e36457b3289077581fb0a5f7
7f36aaa1310f8fc13b88923a05fcdf59df0fd539a406e10f0a152f17b58e03c6
88b4aed5ba0430313017d3b294b04d3c21ba7b6c94f56ab2ff1ab9015f5c81fc
b8ccc2d204efddfcdbbc413eaa7e20aeff104a3fcb730cfab1ff7640d25d4658
bc795cf00117d34096de8876731329301cb631c7cc5b33cd34d56ec87b917822
cbee76f080a3f8638f8d1cc0e1457adf5588a5ca44b56c5bf719bb5f57f0f2de
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e