id-meuscom.cyou
Open in
urlscan Pro
195.10.205.163
Malicious Activity!
Public Scan
Submitted URL: https://idme-app01.surge.sh/?TSe=QCRSMmTqZ2
Effective URL: https://id-meuscom.cyou/V9DDth4BI1dBvQwWVJ/
Submission: On July 25 via automatic, source phishtank — Scanned from IT
Effective URL: https://id-meuscom.cyou/V9DDth4BI1dBvQwWVJ/
Submission: On July 25 via automatic, source phishtank — Scanned from IT
Summary
This website contacted 3 IPs
in 2 countries
across 3 domains to perform 32 HTTP transactions.
The main IP is 195.10.205.163, located in
Amsterdam, Netherlands and
belongs to PARTNER-HOSTING-LTD, GB.
The main domain is id-meuscom.cyou.
TLS certificate: Issued by R10 on July 23rd 2024. Valid for: 3 months.
This is the only time id-meuscom.cyou was scanned on urlscan.io!
TLS certificate: Issued by R10 on July 23rd 2024. Valid for: 3 months.
This is the only time id-meuscom.cyou was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: IRS (Government)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 2 | 188.166.132.94 188.166.132.94 | 14061 (DIGITALOC...) (DIGITALOCEAN-ASN) | |
| 1 | 192.0.78.26 192.0.78.26 | 2635 (AUTOMATTIC) (AUTOMATTIC) | |
| 1 30 | 195.10.205.163 195.10.205.163 | 215826 (PARTNER-H...) (PARTNER-HOSTING-LTD) | |
| 32 | 3 |
30
195.10.205.163
(Amsterdam, Netherlands)
ASN215826 (PARTNER-HOSTING-LTD, GB)
PTR: hosted-by.yeezyhost.net
ASN215826 (PARTNER-HOSTING-LTD, GB)
PTR: hosted-by.yeezyhost.net
| id-meuscom.cyou |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 30 |
id-meuscom.cyou
1 redirects
id-meuscom.cyou |
368 KB |
| 2 |
surge.sh
idme-app01.surge.sh |
9 KB |
| 1 |
href.li
href.li — Cisco Umbrella Rank: 112181 |
402 B |
| 32 | 3 |
| Domain | Requested by | |
|---|---|---|
| 30 | id-meuscom.cyou |
1 redirects
href.li
id-meuscom.cyou |
| 2 | idme-app01.surge.sh | |
| 1 | href.li | |
| 32 | 3 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| sa.www4.irs.gov |
| www.irs.gov |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| *.surge.sh Sectigo RSA Domain Validation Secure Server CA |
2024-04-19 - 2025-05-18 |
a year | crt.sh |
| tls.automattic.com E6 |
2024-07-07 - 2024-10-05 |
3 months | crt.sh |
| id-meuscom.cyou R10 |
2024-07-23 - 2024-10-21 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://id-meuscom.cyou/V9DDth4BI1dBvQwWVJ/
Frame ID: 1936EDB48AB1CDC0EBCF8511842F8365
Requests: 32 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://idme-app01.surge.sh/?TSe=QCRSMmTqZ2 Page URL
- https://href.li/?https://id-meuscom.cyou/V9DDth4BI1dBvQwWVJ Page URL
-
https://id-meuscom.cyou/V9DDth4BI1dBvQwWVJ
HTTP 301
https://id-meuscom.cyou/V9DDth4BI1dBvQwWVJ/ Page URL
Detected technologies
Socket.io
(JavaScript Frameworks)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- socket\.io.*\.js
Vue.js
(JavaScript Frameworks)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- <[^>]+\sdata-v(?:ue)?-
Page Statistics
5 Outgoing links
These are links going to different origins than the main page.
URL: https://sa.www4.irs.gov/sadiapi/oidc/init/req?cspSelect=idmeprod&TYPE=33554433&REALMOID=06-0006b18e-628e-1187-a229-7c2b0ad00000&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=-SM-u0ktItgVFneUJDzkQ7tjvLYXyclDooCJJ7%2bjXGjg3YC5id2x9riHE98hoVgd1BBv&TARGET=-SM-https%3a%2f%2fsa%2ewww4%2eirs%2egov%2fola%2f&op=signin
Search URL Search Domain Scan URL
URL: https://sa.www4.irs.gov/sadiapi/oidc/init/req?cspSelect=idmeprod&TYPE=33554433&REALMOID=06-0006b18e-628e-1187-a229-7c2b0ad00000&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=-SM-u0ktItgVFneUJDzkQ7tjvLYXyclDooCJJ7%2bjXGjg3YC5id2x9riHE98hoVgd1BBv&TARGET=-SM-https%3a%2f%2fsa%2ewww4%2eirs%2egov%2fola%2f&op=signup
Search URL Search Domain Scan URL
URL: https://www.irs.gov/
Search URL Search Domain Scan URL
URL: https://www.irs.gov/privacy-disclosure/irs-privacy-policy
Search URL Search Domain Scan URL
URL: https://www.irs.gov/sadiaccessibility
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://idme-app01.surge.sh/?TSe=QCRSMmTqZ2 Page URL
- https://href.li/?https://id-meuscom.cyou/V9DDth4BI1dBvQwWVJ Page URL
-
https://id-meuscom.cyou/V9DDth4BI1dBvQwWVJ
HTTP 301
https://id-meuscom.cyou/V9DDth4BI1dBvQwWVJ/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
32 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
/
idme-app01.surge.sh/ |
259 B 697 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
/
href.li/ |
509 B 402 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
favicon.ico
idme-app01.surge.sh/ |
8 KB 8 KB |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Primary Request
/
id-meuscom.cyou/V9DDth4BI1dBvQwWVJ/ Redirect Chain
|
2 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
index-e1366ad5.js
id-meuscom.cyou/V9DDth4BI1dBvQwWVJ/assets/ |
491 KB 146 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
f6170fbbhX3mb.css
id-meuscom.cyou/V9DDth4BI1dBvQwWVJ/assets/ |
952 B 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
0325f0d1HCBrR.js
id-meuscom.cyou/V9DDth4BI1dBvQwWVJ/assets/ |
8 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
25b2ce65HCBrR.js
id-meuscom.cyou/V9DDth4BI1dBvQwWVJ/assets/ |
52 KB 17 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
favicon.ico
id-meuscom.cyou/ |
4 KB 4 KB |
Other
image/vnd.microsoft.icon |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
8c13f96eHCBrR.js
id-meuscom.cyou/V9DDth4BI1dBvQwWVJ/assets/ |
34 KB 11 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
09bf01f8HCBrR.js
id-meuscom.cyou/V9DDth4BI1dBvQwWVJ/assets/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
634adfb4HCBrR.js
id-meuscom.cyou/V9DDth4BI1dBvQwWVJ/assets/ |
3 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
b6f1762cHCBrR.js
id-meuscom.cyou/V9DDth4BI1dBvQwWVJ/assets/ |
24 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
c27b6911HCBrR.js
id-meuscom.cyou/V9DDth4BI1dBvQwWVJ/assets/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
17dd76f5hX3mb.css
id-meuscom.cyou/V9DDth4BI1dBvQwWVJ/assets/ |
207 KB 27 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H/1.1 |
MC45MjUwMzMzNTM1NjY2NDQ4
id-meuscom.cyou/api/ |
544 B 789 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
87f19276HCBrR.js
id-meuscom.cyou/V9DDth4BI1dBvQwWVJ/assets/ |
111 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
/
id-meuscom.cyou/socket.io/ |
118 B 339 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
cbe4ff2eHCBrR.js
id-meuscom.cyou/V9DDth4BI1dBvQwWVJ/assets/ |
114 KB 36 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
f4397cedhX3mb.css
id-meuscom.cyou/V9DDth4BI1dBvQwWVJ/assets/ |
400 B 727 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H/1.1 |
/
id-meuscom.cyou/socket.io/ |
2 B 205 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
/
id-meuscom.cyou/socket.io/ |
32 B 252 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
/
id-meuscom.cyou/socket.io/ |
58 B 278 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H/1.1 |
/
id-meuscom.cyou/socket.io/ |
2 B 205 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
9.svg
id-meuscom.cyou/V9DDth4BI1dBvQwWVJ/home-page/images/ |
7 KB 7 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
10.svg
id-meuscom.cyou/V9DDth4BI1dBvQwWVJ/home-page/images/ |
5 KB 6 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
11.svg
id-meuscom.cyou/V9DDth4BI1dBvQwWVJ/home-page/images/ |
7 KB 7 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
06260a7ehX3mb.woff2
id-meuscom.cyou/V9DDth4BI1dBvQwWVJ/assets/ |
27 KB 28 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
a89d71a6hX3mb.woff2
id-meuscom.cyou/V9DDth4BI1dBvQwWVJ/assets/ |
28 KB 29 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
/
id-meuscom.cyou/socket.io/ |
98 B 318 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
/
id-meuscom.cyou/socket.io/ |
1 B 220 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H/1.1 |
MC43ODIyOTk5MDY2MjI1MTY=
id-meuscom.cyou/api/ |
36 B 279 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: IRS (Government)3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| IMask boolean| __vite_is_modern_browser boolean| __VUE__0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
| Source | Level | URL Text |
|---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
href.li
id-meuscom.cyou
idme-app01.surge.sh
188.166.132.94
192.0.78.26
195.10.205.163
06260a7ebb41ffc4efd721701579515654716d23c2e32e04f0d5c50761ca742d
137580136db2a01b4e78f87b270d1c65f85a178196a49bac5a36266359678a50
15c2abb5283e074f37261d630dd1ac60723fa11ac589c6343ae850bd0d0b2cf9
17dd76f5516d0a0b3272940f2e03ccbc5e106edbdffc92c704173c311e5001c7
18aea242c77e9ee409f20b5dbba9b135b82caef05f405b0bf04303b282f04f84
20ac8b29124872be36e2e8881232577a10f679d85f0c4a728ef21e43b67376c5
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
295fe649c1dc43388a3589e3a23ba6903c602bb1f124966d57194798058b7c83
3bc2f099ad16f805fb6f413d746083c263752193ff449198b5b74deef53464ce
453d328603fede19c5c3c65c44497ad19f5663a43899fe8efb9e038ce293e56e
4861cd8aac076a0933b21f6d5e1fb81c96aad211e716ee0186c73fd0a7d3a5c0
60eaef2f71a6ad91dda7ecd1f1ca64cf640eb4058d9e23b1798bce8d8487710f
6d63881e43e08ef385e6c809b43b2b289a459fb2f30d5159000e2477d776b456
756afd02cd82d4a20ad5927a0d0901f7cfc04b5c4defb8b4d8ffb7036221c34a
9061285e1931313ac9120683ca1c8285ef6f9551cf1bffa4f4fb7a20ff1f9a84
91e51e8b673e53818eca51bca3fb5f3bd342a2ed6b352faea979f6529f78949f
932075773584b739bbf13f8a08cff1d7f0d5ba1b43d3811ebfbb837867a5504b
9bd0178f06d48b95157a1706abfcd20347eaf3a16dbd138cb2399c06217b130d
a24919644df115f348adce4f78489bbe34e50d4fd6eb1bb8e9f79a876a979861
a89d71a6914bfce4c00f7a0c48c327634b87109c66713425f4eb275b9f1ef722
ca433c93491d3c562538d3d7f99a2e27c9fb2cf929f7cc99383dbe22c6303008
d3bc7d33d124072e3f388980c02e2e6eb50c0134ce070655e50a6b598489a8f8
d7ef89a288effa58de8d815c083ebb61313cefa5b91cefb50df2241e34498a86
e6991238a2ffe8ad96987682d9c1859d49ebfb5ab71d3d2203b16f3eed2961e9
e7f6c011776e8db7cd330b54174fd76f7d0216b612387a5ffcfb81e6f0919683
f2b3dace42dbb5a1f5718499d86b728a185ef1e8ef0bc638d7a664dd3f962b37
f4397ced557e01524d17b5d0988131cbf8b4c9cb5af39749e74e3671b8eb1917
f6170fbbee0af98d737510b5689b31d78cf4e9a152590e594175b79212210911