![](/screenshots/1e32a3c7-33e2-4c15-9c4e-6d7c9b3d6494.png)
oneretritement-lrs.com
Open in
urlscan Pro
20.3.132.61
Malicious Activity!
Public Scan
Effective URL: https://oneretritement-lrs.com/home
Submission: On June 11 via manual from US — Scanned from US
Summary
TLS certificate: Issued by R3 on June 6th 2024. Valid for: 3 months.
This is the only time oneretritement-lrs.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: IRS (Government)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 2 | 2606:4700:10:... 2606:4700:10::6816:3a71 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 1 | 205.251.153.85 205.251.153.85 | 11042 (NTHL) (NTHL) | |
1 20 | 20.3.132.61 20.3.132.61 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
1 | 2607:f8b0:400... 2607:f8b0:400d:c0e::5f | 15169 (GOOGLE) (GOOGLE) | |
20 | 3 |
ASN11042 (NTHL, US)
PTR: server.jnwebsolution.com
rxinfocard.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
20 |
oneretritement-lrs.com
1 redirects
oneretritement-lrs.com |
481 KB |
2 |
tergar.org
2 redirects
url9871.tergar.org |
225 B |
1 |
googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 461 |
33 KB |
1 |
rxinfocard.com
1 redirects
rxinfocard.com |
423 B |
20 | 4 |
Domain | Requested by | |
---|---|---|
20 | oneretritement-lrs.com |
1 redirects
oneretritement-lrs.com
|
2 | url9871.tergar.org | 2 redirects |
1 | ajax.googleapis.com |
oneretritement-lrs.com
|
1 | rxinfocard.com | 1 redirects |
20 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
oneretritement-lrs.com R3 |
2024-06-06 - 2024-09-04 |
3 months | crt.sh |
upload.video.google.com GTS CA 1C3 |
2024-05-21 - 2024-08-13 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://oneretritement-lrs.com/home
Frame ID: 00C4BF8CA8024D09A1A0C74658F70925
Requests: 21 HTTP requests in this frame
Screenshot
![](/screenshots/1e32a3c7-33e2-4c15-9c4e-6d7c9b3d6494.png)
Page Title
Tax Return FormPage URL History Show full URLs
-
http://url9871.tergar.org/ls/click?upn=u001.ifgLEbP3K7d1DGPOdA-2FXdumnn2ARNgTL3ePLOSGXmRRQFRqe2mDqSDZ5...
HTTP 307
https://url9871.tergar.org/ls/click?upn=u001.ifgLEbP3K7d1DGPOdA-2FXdumnn2ARNgTL3ePLOSGXmRRQFRqe2mDqSDZ5... HTTP 302
https://rxinfocard.com/configure/eJDXbyj HTTP 307
http://url9871.tergar.org/ls/click?upn=u001.ifgLEbP3K7d1DGPOdA-2FXdumnn2ARNgTL3ePLOSGXmRRQFRqe2mDqSDZ5... HTTP 307
https://url9871.tergar.org/ls/click?upn=u001.ifgLEbP3K7d1DGPOdA-2FXdumnn2ARNgTL3ePLOSGXmRRQFRqe2mDqSDZ5... HTTP 302
https://rxinfocard.com/configure/eJDXbyj HTTP 302
https://oneretritement-lrs.com/?access HTTP 302
https://oneretritement-lrs.com/home Page URL
Detected technologies
![](/vendor/wappa/icons/Bootstrap.png)
Detected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://url9871.tergar.org/ls/click?upn=u001.ifgLEbP3K7d1DGPOdA-2FXdumnn2ARNgTL3ePLOSGXmRRQFRqe2mDqSDZ5fIGMrB7-2BBCuL-2Fhu80yfPBa4-2FiuAMSQ-3D-3D9mdH_5B9vHIbYOZuIjrGvYv6nWV-2FsNShGNkJ-2FddzUnX1DOaC4nhBVzz7FsY-2FmwV-2FSR7rid1YcuQYpGDD-2Fqnw4VgO95-2F-2F10xpHFMDTgA654KyP3rT2rJyGAKAiWMXmwppkSRgZisM6C2NsJjxSezH80jYnQvtunEGnPz1gi828k4BuHV2eI39BS8sB6QjKijCZt02CVUFpEuap5Q5wTWQLtuSIXg-3D-3D
HTTP 307
https://url9871.tergar.org/ls/click?upn=u001.ifgLEbP3K7d1DGPOdA-2FXdumnn2ARNgTL3ePLOSGXmRRQFRqe2mDqSDZ5fIGMrB7-2BBCuL-2Fhu80yfPBa4-2FiuAMSQ-3D-3D9mdH_5B9vHIbYOZuIjrGvYv6nWV-2FsNShGNkJ-2FddzUnX1DOaC4nhBVzz7FsY-2FmwV-2FSR7rid1YcuQYpGDD-2Fqnw4VgO95-2F-2F10xpHFMDTgA654KyP3rT2rJyGAKAiWMXmwppkSRgZisM6C2NsJjxSezH80jYnQvtunEGnPz1gi828k4BuHV2eI39BS8sB6QjKijCZt02CVUFpEuap5Q5wTWQLtuSIXg-3D-3D HTTP 302
https://rxinfocard.com/configure/eJDXbyj HTTP 307
http://url9871.tergar.org/ls/click?upn=u001.ifgLEbP3K7d1DGPOdA-2FXdumnn2ARNgTL3ePLOSGXmRRQFRqe2mDqSDZ5fIGMrB7-2BBCuL-2Fhu80yfPBa4-2FiuAMSQ-3D-3D9mdH_5B9vHIbYOZuIjrGvYv6nWV-2FsNShGNkJ-2FddzUnX1DOaC4nhBVzz7FsY-2FmwV-2FSR7rid1YcuQYpGDD-2Fqnw4VgO95-2F-2F10xpHFMDTgA654KyP3rT2rJyGAKAiWMXmwppkSRgZisM6C2NsJjxSezH80jYnQvtunEGnPz1gi828k4BuHV2eI39BS8sB6QjKijCZt02CVUFpEuap5Q5wTWQLtuSIXg-3D-3D HTTP 307
https://url9871.tergar.org/ls/click?upn=u001.ifgLEbP3K7d1DGPOdA-2FXdumnn2ARNgTL3ePLOSGXmRRQFRqe2mDqSDZ5fIGMrB7-2BBCuL-2Fhu80yfPBa4-2FiuAMSQ-3D-3D9mdH_5B9vHIbYOZuIjrGvYv6nWV-2FsNShGNkJ-2FddzUnX1DOaC4nhBVzz7FsY-2FmwV-2FSR7rid1YcuQYpGDD-2Fqnw4VgO95-2F-2F10xpHFMDTgA654KyP3rT2rJyGAKAiWMXmwppkSRgZisM6C2NsJjxSezH80jYnQvtunEGnPz1gi828k4BuHV2eI39BS8sB6QjKijCZt02CVUFpEuap5Q5wTWQLtuSIXg-3D-3D HTTP 302
https://rxinfocard.com/configure/eJDXbyj HTTP 302
https://oneretritement-lrs.com/?access HTTP 302
https://oneretritement-lrs.com/home Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
20 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
home
oneretritement-lrs.com/ Redirect Chain
|
11 KB 11 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.11.1/ |
94 KB 33 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.min.css
oneretritement-lrs.com/assets/code/ |
152 KB 152 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.bundle.min.js
oneretritement-lrs.com/assets/code/ |
77 KB 77 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-ui.min.css
oneretritement-lrs.com/assets/code/ |
31 KB 32 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
irs.css
oneretritement-lrs.com/assets/code/ |
6 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
app.css
oneretritement-lrs.com/assets/code/ |
34 KB 35 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
app-error.css
oneretritement-lrs.com/assets/code/ |
786 B 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wmsp-shared-secrets.css
oneretritement-lrs.com/assets/code/ |
3 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wmsp-results.css
oneretritement-lrs.com/assets/code/ |
2 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
datepicker.css
oneretritement-lrs.com/assets/code/ |
21 KB 21 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.png
oneretritement-lrs.com/assets/img/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
irs_horiz_white.png
oneretritement-lrs.com/assets/img/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.min.js
oneretritement-lrs.com/assets/code/ |
115 KB 116 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mask.js
oneretritement-lrs.com/assets/code/ |
11 KB 11 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
19 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cda8ce29e0e4cd23f54267d0e946054e.woff2
oneretritement-lrs.com/assets/fonts/ |
622 B 829 B |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ac93c75f139d8d6cf03fd24ddcc996ce.woff2
oneretritement-lrs.com/assets/fonts/ |
622 B 829 B |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
eef7990b30b8ede9d6a47521702ea372.woff
oneretritement-lrs.com/assets/fonts/ |
622 B 829 B |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
939d9f66e993332d8def74508fe62a33.woff
oneretritement-lrs.com/assets/fonts/ |
622 B 829 B |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
favicon.ico
oneretritement-lrs.com/assets/img/ |
4 KB 4 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: IRS (Government)5 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery number| uidEvent object| bootstrap object| $jscomp2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
rxinfocard.com/ | Name: PHPSESSID Value: a6193c4ab5150ac0f898431935b026c4 |
|
oneretritement-lrs.com/ | Name: PHPSESSID Value: 60e7ecc2b11d5af2c0e6cb2f9390b45a |
8 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
oneretritement-lrs.com
rxinfocard.com
url9871.tergar.org
20.3.132.61
205.251.153.85
2606:4700:10::6816:3a71
2607:f8b0:400d:c0e::5f
02ceea374fce34ce8272bb17a67fd862c8ff49eeb05938154570701ca7a62ea7
170dedfadc7957f790c05ff1b614db47faa76534fd00df9d47121821e04082ff
22ccbc213fa9d3ddc90b7efe45d817d3d7d9c75a16db52576cd37758577308bd
27834e89ddfae0fb6633070e44c359de78becd9a1d24503da80e59d75493cb4e
2955219abcb2f853bcbbb5f6fd16fcc8b750b36dc962686279c9523f7a5e2f64
42c987fbca7e64f4f30c4430914fd712c4a82f062159b7fa0ec42711fb25e54a
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
5c363ea35cf569178e30e9d22c24706c25e5bd470c9634bc21505e867dba7b55
5d3238bdb8ee9440978b31fadb2af34965dca58b179a1225e13316d4c6cfd5e8
6660da4d617d8e30021ad064a97b5c24abaf761c5f60f08cec4be22f88580b86
6d63881e43e08ef385e6c809b43b2b289a459fb2f30d5159000e2477d776b456
8a228232ab34899db68f550416beba8c5efbcc142e5554f41fb7793908c65243
a2538e625a9042c2cd54e13cf52221fce1831dd12c5ca4cdac23137ac22e3010
c091629a45d384695d3aa0fcea2210eab8edff323d8ecbf81e3a04fda820d7f4
c270883773a53da36d154ea13ce8ea8451489c25aabd20e60ef6eb65c4fe439d
c4abb35ccb93590308661b4dafacfe380c89aef07e2d94499d23f1637137bd1c
ca4df2bf400a42d8752e115f03366a90b2b4ed06b2da9ef429d41fda5f15705e
e2a82173e0e65eefeb0ad04c62d3c8fe8d6d2ddd8cf7d40bb4fafeeaa6be7631