skatteetaten.is-a-liberal.com
Open in
urlscan Pro
45.149.241.148
Malicious Activity!
Public Scan
URL:
https://skatteetaten.is-a-liberal.com/no/no/no/login/perso.php?unlock=code&appIdKey=&country=NO
Submission: On January 14 via manual from NO — Scanned from NO
Submission: On January 14 via manual from NO — Scanned from NO
Summary
This website contacted 4 IPs
in 2 countries
across 4 domains to perform 8 HTTP transactions.
The main IP is 45.149.241.148, located in
Ashburn, United States and
belongs to NYBULA, US.
The main domain is skatteetaten.is-a-liberal.com.
TLS certificate: Issued by R11 on January 13th 2025. Valid for: 3 months.
This is the only time skatteetaten.is-a-liberal.com was scanned on urlscan.io!
TLS certificate: Issued by R11 on January 13th 2025. Valid for: 3 months.
This is the only time skatteetaten.is-a-liberal.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: BankID (Banking)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 4 | 45.149.241.148 45.149.241.148 | 401116 (NYBULA) (NYBULA) | |
| 2 | 104.17.25.14 104.17.25.14 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 1 | 104.18.11.207 104.18.11.207 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 8 | 4 |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 4 |
is-a-liberal.com
skatteetaten.is-a-liberal.com |
20 KB |
| 2 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 225 |
35 KB |
| 1 |
bootstrapcdn.com
maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 1255 |
14 KB |
| 0 |
googleapis.com
Failed
translate.googleapis.com Failed |
|
| 8 | 4 |
| Domain | Requested by | |
|---|---|---|
| 4 | skatteetaten.is-a-liberal.com |
skatteetaten.is-a-liberal.com
|
| 2 | cdnjs.cloudflare.com |
skatteetaten.is-a-liberal.com
|
| 1 | maxcdn.bootstrapcdn.com |
skatteetaten.is-a-liberal.com
|
| 0 | translate.googleapis.com Failed |
skatteetaten.is-a-liberal.com
|
| 8 | 4 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| skatteetaten.is-a-liberal.com R11 |
2025-01-13 - 2025-04-13 |
3 months | crt.sh |
| cdnjs.cloudflare.com WE1 |
2024-11-26 - 2025-02-24 |
3 months | crt.sh |
| bootstrapcdn.com WE1 |
2024-11-18 - 2025-02-16 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://skatteetaten.is-a-liberal.com/no/no/no/login/perso.php?unlock=code&appIdKey=&country=NO
Frame ID: B1D745DA16392263439DDAA4826C65FC
Requests: 16 HTTP requests in this frame
Screenshot
Page Title
SkatteetatenDetected technologies
PHP
(Programming Languages)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- \.php(?:$|\?)
Bootstrap
(Web Frameworks)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
8 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
Primary Request
perso.php
skatteetaten.is-a-liberal.com/no/no/no/login/ |
18 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
oidc-client.min.css
skatteetaten.is-a-liberal.com/no/no/no/login/assets/ |
56 KB 9 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
translateelement.css
translate.googleapis.com/translate_static/css/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
bankid-logo.28f35de5.svg
skatteetaten.is-a-liberal.com/no/no/no/login/assets/ |
3 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/1.6.1/ |
89 KB 28 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery.validate.min.js
cdnjs.cloudflare.com/ajax/libs/jquery-validate/1.16.0/ |
23 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
bootstrap.min.js
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/ |
48 KB 14 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
997 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
167 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
760 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
366 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
172 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
296 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
240 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
favicon.b4be5517.png
skatteetaten.is-a-liberal.com/no/no/no/login/assets/ |
4 KB 4 KB |
Other
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- translate.googleapis.com
- URL
- https://translate.googleapis.com/translate_static/css/translateelement.css
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: BankID (Banking)3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery object| bootstrap1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| skatteetaten.is-a-liberal.com/ | Name: PHPSESSID Value: ap6500vhf169p6eocr9ou601a7 |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
| Header | Value |
|---|---|
| X-Content-Type-Options | nosniff nosniff |
| X-Frame-Options | SAMEORIGIN SAMEORIGIN |
| X-Xss-Protection | 1; mode=block 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdnjs.cloudflare.com
maxcdn.bootstrapcdn.com
skatteetaten.is-a-liberal.com
translate.googleapis.com
translate.googleapis.com
104.17.25.14
104.18.11.207
45.149.241.148
05963eb01688d9d70b3580fa1be7b11d99a66087656a2b6af1d80bd9670ef1e6
09279bbfd669e9974f4ff8c987417665eb32a3377a6a39182e87eda820554544
1129010d99dbbadc009c2fe07a56d8e634df144a854a328f36a30e0a5344b5b6
254868d92f9456d518064051d29f9ff0532bf9a5da291b06f8accb0900e40072
296d8f67dcf848a35385d138a46404f00c21f1a8eb22249473ddd9aab1f411ab
2fbbbda646f6c6004b2f3670d40a1ad4d5df6c8a0089943845aa5fe55a749e92
484e8282229f40d3e277f96ca4584b7d6c863f4270f5294bc52c365f5e6473fc
4dca530d4682ddf6f4b9053173c007f95875c2634a6b61c9573d93fc21483766
50e497b00818378dcffe856b994f89947b620c66163768879c9b8a63d583f898
7f766030e9de9c68acdacfc671963f8cd00ba8783fc9c25e1d3f3319ebbecbd1
990c190c7409dce422bd870d1a7ce2fcbcca732fa91ee31fa9fd0646b14ab8f3
b1a1aa45aa15c56346b1a791c05c706ed39916f2a1f9dd61265e87e9da7c1bf0
c784376960f3163dc760bc019e72e5fed78203745a5510c69992a39d1d8fe776
cbee76f080a3f8638f8d1cc0e1457adf5588a5ca44b56c5bf719bb5f57f0f2de
e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b