urlscan.io logo urlscan.io
SecurityTrails logo

sa.www4.irs-gov.uc.r.appspot.com Open in urlscan Pro
2a00:1450:4001:818::2014  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://sa.www4.irs-gov.uc.r.appspot.com/
Effective URL: https://sa.www4.irs-gov.uc.r.appspot.com/irs.php?irs.gov/coronavirus-tax-relief-and-economic-impact-payments
Submission Tags: @ipnigh
Submission: On May 14 via api from GB
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 2 countries across 4 domains to perform 21 HTTP transactions. The main IP is 2a00:1450:4001:818::2014, located in Frankfurt am Main, Germany and belongs to GOOGLE, US. The main domain is sa.www4.irs-gov.uc.r.appspot.com.
TLS certificate: Issued by GTS CA 1O1 on April 15th 2020. Valid for: 3 months.
This is the only time sa.www4.irs-gov.uc.r.appspot.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: IRS (Government)

Domain & IP information

IP Address AS Autonomous System
1 2 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
14 2600:1400:d:3... 20940 (AKAMAI-ASN1)
2 3.121.51.57 16509 (AMAZON-02)
21 5
Domain Requested by
14 rpr.irs.gov sa.www4.irs-gov.uc.r.appspot.com
rpr.irs.gov
2 statse.webtrendslive.com sa.www4.irs-gov.uc.r.appspot.com
2 sa.www4.irs-gov.uc.r.appspot.com 1 redirects
1 ssl.google-analytics.com sa.www4.irs-gov.uc.r.appspot.com
21 4

This site contains links to these domains. Also see Links.

Domain
www.irs.gov
Subject Issuer Validity Valid
*.appspot-preview.com
GTS CA 1O1		 2020-04-15 -
2020-07-08		 3 months crt.sh
*.google-analytics.com
GTS CA 1O1		 2020-04-28 -
2020-07-21		 3 months crt.sh
rpr.irs.gov
DigiCert ECC Secure Server CA		 2019-01-11 -
2020-07-11		 a year crt.sh
statse.webtrendslive.com
Entrust Certification Authority - L1K		 2018-10-09 -
2020-10-09		 2 years crt.sh

This page contains 1 frames:

Primary Page: https://sa.www4.irs-gov.uc.r.appspot.com/irs.php?irs.gov/coronavirus-tax-relief-and-economic-impact-payments
Frame ID: F026FFD3E4690912593E490689C43918
Requests: 21 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://sa.www4.irs-gov.uc.r.appspot.com/ HTTP 302
    https://sa.www4.irs-gov.uc.r.appspot.com/irs.php?irs.gov/coronavirus-tax-relief-and-economic-impact-payments Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i
Overall confidence: 100%
Detected patterns
  • headers via /^1\.1 google$/i
Overall confidence: 100%
Detected patterns
  • script /jquery[.-]([\d.]*\d)[^/]*\.js/i
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
  • script /jquery-ui[.-]([\d.]*\d)[^/]*\.js/i
  • script /jquery-ui.*\.js/i
Overall confidence: 100%
Detected patterns
  • script /jquery-ui[.-]([\d.]*\d)[^/]*\.js/i
  • script /jquery-ui.*\.js/i

Page Statistics

21
Requests

81 %
HTTPS

75 %
IPv6

4
Domains

4
Subdomains

5
IPs

2
Countries

213 kB
Transfer

522 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://sa.www4.irs-gov.uc.r.appspot.com/ HTTP 302
    https://sa.www4.irs-gov.uc.r.appspot.com/irs.php?irs.gov/coronavirus-tax-relief-and-economic-impact-payments Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

21 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request irs.php
sa.www4.irs-gov.uc.r.appspot.com/
Redirect Chain
  • https://sa.www4.irs-gov.uc.r.appspot.com/
  • https://sa.www4.irs-gov.uc.r.appspot.com/irs.php?irs.gov/coronavirus-tax-relief-and-economic-impact-payments
24 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://sa.www4.irs-gov.uc.r.appspot.com/irs.php?irs.gov/coronavirus-tax-relief-and-economic-impact-payments
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:818::2014 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
nginx /
Resource Hash
d75a92d2cb03b78e8a6e381833a32154c6a6f596206935291a9c072372ea7538

Request headers

:method
GET
:authority
sa.www4.irs-gov.uc.r.appspot.com
:scheme
https
:path
/irs.php?irs.gov/coronavirus-tax-relief-and-economic-impact-payments
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
200
date
Thu, 14 May 2020 04:45:05 GMT
content-type
text/html; charset=UTF-8
server
nginx
vary
Accept-Encoding
content-encoding
gzip
via
1.1 google
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

status
302
date
Thu, 14 May 2020 04:45:05 GMT
content-type
text/html; charset=UTF-8
server
nginx
location
irs.php?irs.gov/coronavirus-tax-relief-and-economic-impact-payments
via
1.1 google
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
ga.js
ssl.google-analytics.com/ 		45 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ssl.google-analytics.com/ga.js
Requested by
Host: sa.www4.irs-gov.uc.r.appspot.com
URL: https://sa.www4.irs-gov.uc.r.appspot.com/irs.php?irs.gov/coronavirus-tax-relief-and-economic-impact-payments
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://sa.www4.irs-gov.uc.r.appspot.com/irs.php?irs.gov/coronavirus-tax-relief-and-economic-impact-payments
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 30 Apr 2020 21:54:13 GMT
server
Golfe2
age
1338
date
Thu, 14 May 2020 04:22:48 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
17168
expires
Thu, 14 May 2020 06:22:48 GMT
common.js
rpr.irs.gov/datamart/js/ 		21 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://rpr.irs.gov/datamart/js/common.js
Requested by
Host: sa.www4.irs-gov.uc.r.appspot.com
URL: https://sa.www4.irs-gov.uc.r.appspot.com/irs.php?irs.gov/coronavirus-tax-relief-and-economic-impact-payments
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:d:397::3340 , United States, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
/
Resource Hash
a220fecb147d92b992846511c68f1fb5a0e2a7bbbb295e4728ee154e12be1dde
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, DENY
X-Xss-Protection 1

Request headers

Referer
https://sa.www4.irs-gov.uc.r.appspot.com/irs.php?irs.gov/coronavirus-tax-relief-and-economic-impact-payments
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 14 May 2020 04:45:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 03 Jan 2020 22:23:08 GMT
x-frame-options
SAMEORIGIN, DENY
content-type
application/javascript
status
200
cache-control
no-store
server-timing
cdn-cache; desc=HIT, edge; dur=31
strict-transport-security
max-age=31536000
accept-ranges
bytes
vary
Accept-Encoding
content-length
4309
x-xss-protection
1
global.css
rpr.irs.gov/css/ 		46 KB
47 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://rpr.irs.gov/css/global.css
Requested by
Host: sa.www4.irs-gov.uc.r.appspot.com
URL: https://sa.www4.irs-gov.uc.r.appspot.com/irs.php?irs.gov/coronavirus-tax-relief-and-economic-impact-payments
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:d:397::3340 , United States, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
/
Resource Hash
c90ed26b8ddde43b2403e692a2dff034e6cb42ab9cef61940af831a7e8612529
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://sa.www4.irs-gov.uc.r.appspot.com/irs.php?irs.gov/coronavirus-tax-relief-and-economic-impact-payments
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 14 May 2020 04:45:06 GMT
last-modified
Sat, 30 Nov 2019 14:52:41 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
content-type
text/css
status
200
server-timing
cdn-cache; desc=HIT, edge; dur=27
accept-ranges
bytes
content-length
47572
jquery-1.6.2.min.js
rpr.irs.gov/datamart/js/jquery/js/ 		89 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://rpr.irs.gov/datamart/js/jquery/js/jquery-1.6.2.min.js
Requested by
Host: sa.www4.irs-gov.uc.r.appspot.com
URL: https://sa.www4.irs-gov.uc.r.appspot.com/irs.php?irs.gov/coronavirus-tax-relief-and-economic-impact-payments
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:d:397::3340 , United States, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
/
Resource Hash
d16d07a0353405fcec95f7efc50a2621bc7425f9a5e8895078396fb0dc460c4f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, DENY
X-Xss-Protection 1

Request headers

Referer
https://sa.www4.irs-gov.uc.r.appspot.com/irs.php?irs.gov/coronavirus-tax-relief-and-economic-impact-payments
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 14 May 2020 04:45:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 03 Jan 2020 22:23:08 GMT
x-frame-options
SAMEORIGIN, DENY
content-type
application/javascript
status
200
cache-control
no-store
server-timing
cdn-cache; desc=HIT, edge; dur=1
strict-transport-security
max-age=31536000
accept-ranges
bytes
vary
Accept-Encoding
content-length
32111
x-xss-protection
1
jquery-corner.js
rpr.irs.gov/datamart/js/jquery/js/ 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://rpr.irs.gov/datamart/js/jquery/js/jquery-corner.js
Requested by
Host: sa.www4.irs-gov.uc.r.appspot.com
URL: https://sa.www4.irs-gov.uc.r.appspot.com/irs.php?irs.gov/coronavirus-tax-relief-and-economic-impact-payments
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:d:397::3340 , United States, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
/
Resource Hash
f117af00d6c64e8b3131c23918f6d60fd6138c4f3dfc11c26f51c4917e2281f6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, DENY
X-Xss-Protection 1

Request headers

Referer
https://sa.www4.irs-gov.uc.r.appspot.com/irs.php?irs.gov/coronavirus-tax-relief-and-economic-impact-payments
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 14 May 2020 04:45:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 03 Jan 2020 22:23:08 GMT
x-frame-options
SAMEORIGIN, DENY
content-type
application/javascript
status
200
cache-control
no-store
server-timing
cdn-cache; desc=HIT, edge; dur=1
strict-transport-security
max-age=31536000
accept-ranges
bytes
vary
Accept-Encoding
content-length
3418
x-xss-protection
1
jquery-ui-1.8.14.custom.min.js
rpr.irs.gov/datamart/js/jquery/js/ 		205 KB
52 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://rpr.irs.gov/datamart/js/jquery/js/jquery-ui-1.8.14.custom.min.js
Requested by
Host: sa.www4.irs-gov.uc.r.appspot.com
URL: https://sa.www4.irs-gov.uc.r.appspot.com/irs.php?irs.gov/coronavirus-tax-relief-and-economic-impact-payments
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:d:397::3340 , United States, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
/
Resource Hash
bf4b4e698282d6248aced4f883656de33d64e79b79d9dec9e53afd45afb7b487
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, DENY
X-Xss-Protection 1

Request headers

Referer
https://sa.www4.irs-gov.uc.r.appspot.com/irs.php?irs.gov/coronavirus-tax-relief-and-economic-impact-payments
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 14 May 2020 04:45:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 03 Jan 2020 22:23:08 GMT
x-frame-options
SAMEORIGIN, DENY
content-type
application/javascript
status
200
cache-control
no-store
server-timing
cdn-cache; desc=HIT, edge; dur=1
strict-transport-security
max-age=31536000
accept-ranges
bytes
vary
Accept-Encoding
content-length
52883
x-xss-protection
1
tooltip.js
rpr.irs.gov/datamart/js/jquery/js/ 		2 KB
881 B 		Script
General
Check archive.org
Download Go to
Full URL
https://rpr.irs.gov/datamart/js/jquery/js/tooltip.js
Requested by
Host: sa.www4.irs-gov.uc.r.appspot.com
URL: https://sa.www4.irs-gov.uc.r.appspot.com/irs.php?irs.gov/coronavirus-tax-relief-and-economic-impact-payments
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:d:397::3340 , United States, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
/
Resource Hash
f74f8d93f7eadcc4b26b5a801093de6828997cd4fea6d7a99c95cc238ce80943
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, DENY
X-Xss-Protection 1

Request headers

Referer
https://sa.www4.irs-gov.uc.r.appspot.com/irs.php?irs.gov/coronavirus-tax-relief-and-economic-impact-payments
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 14 May 2020 04:45:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 03 Jan 2020 22:23:08 GMT
x-frame-options
SAMEORIGIN, DENY
content-type
application/javascript
status
200
cache-control
no-store
server-timing
cdn-cache; desc=HIT, edge; dur=1
strict-transport-security
max-age=31536000
accept-ranges
bytes
vary
Accept-Encoding
content-length
580
x-xss-protection
1
sessionTimeoutMain.js
rpr.irs.gov/datamart/js/ 		2 KB
1010 B 		Script
General
Check archive.org
Download Go to
Full URL
https://rpr.irs.gov/datamart/js/sessionTimeoutMain.js
Requested by
Host: sa.www4.irs-gov.uc.r.appspot.com
URL: https://sa.www4.irs-gov.uc.r.appspot.com/irs.php?irs.gov/coronavirus-tax-relief-and-economic-impact-payments
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:d:397::3340 , United States, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
/
Resource Hash
1053e407fd5265e90f9ae78696b90225653e38997144c4ae6d1ae3345126e2be
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, DENY
X-Xss-Protection 1

Request headers

Referer
https://sa.www4.irs-gov.uc.r.appspot.com/irs.php?irs.gov/coronavirus-tax-relief-and-economic-impact-payments
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 14 May 2020 04:45:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 03 Jan 2020 22:23:08 GMT
x-frame-options
SAMEORIGIN, DENY
content-type
application/javascript
status
200
cache-control
no-store
server-timing
cdn-cache; desc=HIT, edge; dur=1
strict-transport-security
max-age=31536000
accept-ranges
bytes
vary
Accept-Encoding
content-length
710
x-xss-protection
1
jquery-ui-1.8.14.custom.css
rpr.irs.gov/datamart/js/jquery/css/ui-lightness/ 		33 KB
33 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://rpr.irs.gov/datamart/js/jquery/css/ui-lightness/jquery-ui-1.8.14.custom.css
Requested by
Host: sa.www4.irs-gov.uc.r.appspot.com
URL: https://sa.www4.irs-gov.uc.r.appspot.com/irs.php?irs.gov/coronavirus-tax-relief-and-economic-impact-payments
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:d:397::3340 , United States, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
/
Resource Hash
663d1d6466893f22b04fe03bfe1046b1b194c0acb5bbb0f7e781e3b07d5b2700
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, DENY
X-Xss-Protection 1

Request headers

Referer
https://sa.www4.irs-gov.uc.r.appspot.com/irs.php?irs.gov/coronavirus-tax-relief-and-economic-impact-payments
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 14 May 2020 04:45:06 GMT
x-content-type-options
nosniff
last-modified
Fri, 03 Jan 2020 22:23:08 GMT
x-frame-options
SAMEORIGIN, DENY
strict-transport-security
max-age=31536000
content-type
text/css
status
200
cache-control
no-store
server-timing
cdn-cache; desc=HIT, edge; dur=1
accept-ranges
bytes
content-length
33514
x-xss-protection
1
navigation-gecko.css
rpr.irs.gov/common/styleSheet/ 		3 KB
806 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://rpr.irs.gov/common/styleSheet/navigation-gecko.css
Requested by
Host: sa.www4.irs-gov.uc.r.appspot.com
URL: https://sa.www4.irs-gov.uc.r.appspot.com/irs.php?irs.gov/coronavirus-tax-relief-and-economic-impact-payments
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:d:397::3340 , United States, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
/
Resource Hash
2c69269961a56643c7135cf7d4d978ee5441261c5c5c1a19a001093d9167d17a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 14 May 2020 04:45:06 GMT
content-encoding
gzip
vary
Accept-Encoding
last-modified
Thu, 10 Oct 2013 14:50:16 GMT
x-frame-options
SAMEORIGIN
content-type
text/css
status
200
server-timing
cdn-cache; desc=HIT, edge; dur=14
strict-transport-security
max-age=31536000
accept-ranges
bytes
content-length
596
irsHomepageLogo.gif
rpr.irs.gov/images/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rpr.irs.gov/images/irsHomepageLogo.gif
Requested by
Host: sa.www4.irs-gov.uc.r.appspot.com
URL: https://sa.www4.irs-gov.uc.r.appspot.com/irs.php?irs.gov/coronavirus-tax-relief-and-economic-impact-payments
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:d:397::3340 , United States, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
/
Resource Hash
c93759b72d6cd8568a1f2edabc672c939e7996b707b6cd378161164b249d95bf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://sa.www4.irs-gov.uc.r.appspot.com/irs.php?irs.gov/coronavirus-tax-relief-and-economic-impact-payments
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 14 May 2020 04:45:06 GMT
last-modified
Fri, 06 Jul 2012 14:08:47 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
content-type
image/gif
status
200
server-timing
cdn-cache; desc=HIT, edge; dur=14
accept-ranges
bytes
content-length
3112
blank.gif
rpr.irs.gov/images/ 		43 B
210 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rpr.irs.gov/images/blank.gif
Requested by
Host: sa.www4.irs-gov.uc.r.appspot.com
URL: https://sa.www4.irs-gov.uc.r.appspot.com/irs.php?irs.gov/coronavirus-tax-relief-and-economic-impact-payments
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:d:397::3340 , United States, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
/
Resource Hash
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://sa.www4.irs-gov.uc.r.appspot.com/irs.php?irs.gov/coronavirus-tax-relief-and-economic-impact-payments
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 14 May 2020 04:45:06 GMT
last-modified
Wed, 25 Jul 2012 15:40:57 GMT
strict-transport-security
max-age=31536000
content-type
image/gif
status
200
server-timing
cdn-cache; desc=HIT, edge; dur=13
accept-ranges
bytes
content-length
43
navigation.js
rpr.irs.gov/datamart/js/ 		23 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://rpr.irs.gov/datamart/js/navigation.js
Requested by
Host: sa.www4.irs-gov.uc.r.appspot.com
URL: https://sa.www4.irs-gov.uc.r.appspot.com/irs.php?irs.gov/coronavirus-tax-relief-and-economic-impact-payments
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:d:397::3340 , United States, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
/
Resource Hash
9ad9136a5330bd4c0f2974aca3dbd0de63502c215a9493930dd6b661353ea545
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, DENY
X-Xss-Protection 1

Request headers

Referer
https://sa.www4.irs-gov.uc.r.appspot.com/irs.php?irs.gov/coronavirus-tax-relief-and-economic-impact-payments
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 14 May 2020 04:45:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 03 Jan 2020 22:23:08 GMT
x-frame-options
SAMEORIGIN, DENY
content-type
application/javascript
status
200
cache-control
no-store
server-timing
cdn-cache; desc=HIT, edge; dur=1
strict-transport-security
max-age=31536000
accept-ranges
bytes
vary
Accept-Encoding
content-length
7219
x-xss-protection
1
irs_tpps_reporting.js
rpr.irs.gov/webTrends/ 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://rpr.irs.gov/webTrends/irs_tpps_reporting.js
Requested by
Host: sa.www4.irs-gov.uc.r.appspot.com
URL: https://sa.www4.irs-gov.uc.r.appspot.com/irs.php?irs.gov/coronavirus-tax-relief-and-economic-impact-payments
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:d:397::3340 , United States, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
/
Resource Hash
8bfb447e4dfa4a5b5fadf6a2f4089fdfd5ac5602476dcff817ea244b752c1366
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://sa.www4.irs-gov.uc.r.appspot.com/irs.php?irs.gov/coronavirus-tax-relief-and-economic-impact-payments
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 14 May 2020 04:45:06 GMT
content-encoding
gzip
last-modified
Sun, 04 Mar 2012 02:47:44 GMT
vary
Accept-Encoding
content-type
application/javascript
status
200
server-timing
cdn-cache; desc=HIT, edge; dur=10
strict-transport-security
max-age=31536000
accept-ranges
bytes
content-length
4496
wtid.js
statse.webtrendslive.com/dcsry2tyh10000s96h2x6oxgy_5t6k/ 		10 B
88 B 		Script
General
Check archive.org
Download Go to
Full URL
https://statse.webtrendslive.com/dcsry2tyh10000s96h2x6oxgy_5t6k/wtid.js
Requested by
Host: sa.www4.irs-gov.uc.r.appspot.com
URL: https://sa.www4.irs-gov.uc.r.appspot.com/irs.php?irs.gov/coronavirus-tax-relief-and-economic-impact-payments
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
3.121.51.57 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-121-51-57.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
d3f45949797ac9329127b9e128b0e0656aa48d5dbd8d5e8e42c8b451780c34f2

Request headers

Referer
https://sa.www4.irs-gov.uc.r.appspot.com/irs.php?irs.gov/coronavirus-tax-relief-and-economic-impact-payments
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
200
date
Thu, 14 May 2020 04:45:05 GMT
content-length
10
content-type
application/x-javascript
source-sans-pro-regular.woff2
rpr.irs.gov/fonts/source-sans-pro/ 		0
0
help.gif
rpr.irs.gov/images/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rpr.irs.gov/images/help.gif
Requested by
Host: sa.www4.irs-gov.uc.r.appspot.com
URL: https://sa.www4.irs-gov.uc.r.appspot.com/irs.php?irs.gov/coronavirus-tax-relief-and-economic-impact-payments
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:d:397::3340 , United States, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
/
Resource Hash
6d1f2cd11a95b4c376bd8770adeff1f56a00993cc7f85479c4732b41518175b0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://rpr.irs.gov/css/global.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 14 May 2020 04:45:06 GMT
last-modified
Thu, 09 Aug 2012 03:24:28 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
content-type
image/gif
status
200
server-timing
cdn-cache; desc=HIT, edge; dur=23
accept-ranges
bytes
content-length
1024
dcs.gif
statse.webtrendslive.com/dcsry2tyh10000s96h2x6oxgy_5t6k/ 		67 B
158 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://statse.webtrendslive.com/dcsry2tyh10000s96h2x6oxgy_5t6k/dcs.gif?&dcsdat=1589431507005&dcssip=sa.www4.irs-gov.uc.r.appspot.com&dcsuri=/irs.php&dcsqry=%3Firs.gov/coronavirus-tax-relief-and-economic-impact-payments&dcscfg=4&WT.tz=2&WT.bh=6&WT.ul=en-US&WT.cd=24&WT.sr=1600x1200&WT.jo=No&WT.ti=Coronavirus%20Tax%20Relief%20and%20Economic%20Impact%20Payments%20|%20Internal%20Revenue%20Service&WT.js=Yes&WT.jv=1.5&WT.ct=unknown&WT.bs=1600x1200&WT.fv=Not%20enabled&WT.slv=Not%20enabled&WT.tv=8.5.0&WT.dl=0&WT.ssl=1&WT.es=sa.www4.irs-gov.uc.r.appspot.com/irs.php&WT.vt_f_a=2&WT.vt_f=2
Requested by
Host: sa.www4.irs-gov.uc.r.appspot.com
URL: https://sa.www4.irs-gov.uc.r.appspot.com/irs.php?irs.gov/coronavirus-tax-relief-and-economic-impact-payments
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
3.121.51.57 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-121-51-57.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
09d46019c7a75b96187202c3c8412182f27c413a9c3661857923dc8e94e91b7b

Request headers

Referer
https://sa.www4.irs-gov.uc.r.appspot.com/irs.php?irs.gov/coronavirus-tax-relief-and-economic-impact-payments
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
200
pragma
no-cache
date
Thu, 14 May 2020 04:45:06 GMT
cache-control
no-cache
content-type
image/gif
content-length
67
expires
-1
source-sans-pro-regular.woff
rpr.irs.gov/fonts/source-sans-pro/ 		0
0
source-sans-pro-regular.ttf
rpr.irs.gov/fonts/source-sans-pro/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
rpr.irs.gov
URL
https://rpr.irs.gov/fonts/source-sans-pro/source-sans-pro-regular.woff2
Domain
rpr.irs.gov
URL
https://rpr.irs.gov/fonts/source-sans-pro/source-sans-pro-regular.woff
Domain
rpr.irs.gov
URL
https://rpr.irs.gov/fonts/source-sans-pro/source-sans-pro-regular.ttf

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: IRS (Government)

60 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate object| _gat object| _gaq boolean| isOpera function| newWindow function| stop_doubleClick boolean| skipCheck function| checkRegExp function| checkRegExpSSN function| writeErrMsg function| checkDate function| checkNum function| checkString function| ariaLiveWrite function| doContactCopy function| copyContactClick object| contactList object| actualContactList function| setCopyFromLists function| checkZipFormat function| contactFieldHasVal string| lookupMsg function| writeZipChanges function| zipClick function| changefocustoziplookup function| changefocustocity function| changefocustostate function| changefocustocountry function| changefocustoziploading function| zipChange function| countryChange function| stateChange function| $ function| jQuery function| DP_jQuery_1589431506863 function| toolTipLink function| toolTipLinkBlur function| refreshDynamicElements undefined| dialog number| countdialogs boolean| ignoreTimeout function| sessionAboutExpireFromHeader function| sessionExpire function| dontQuit function| dialogSessionAboutExpired function| dialogSessionExpired function| readErrorBox function| adjustAriaAttrs function| getErrorText function| initNavigation function| initNavigation2 function| initFake function| initFake2 function| submitNavLink function| displayNavigation function| getLink function| WebTrends object| _tag string| blBodyLoaded

0 Cookies

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

rpr.irs.gov
sa.www4.irs-gov.uc.r.appspot.com
ssl.google-analytics.com
statse.webtrendslive.com
rpr.irs.gov
2600:1400:d:397::3340
2a00:1450:4001:809::2008
2a00:1450:4001:818::2014
3.121.51.57
09d46019c7a75b96187202c3c8412182f27c413a9c3661857923dc8e94e91b7b
1053e407fd5265e90f9ae78696b90225653e38997144c4ae6d1ae3345126e2be
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
2c69269961a56643c7135cf7d4d978ee5441261c5c5c1a19a001093d9167d17a
663d1d6466893f22b04fe03bfe1046b1b194c0acb5bbb0f7e781e3b07d5b2700
6d1f2cd11a95b4c376bd8770adeff1f56a00993cc7f85479c4732b41518175b0
8bfb447e4dfa4a5b5fadf6a2f4089fdfd5ac5602476dcff817ea244b752c1366
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
9ad9136a5330bd4c0f2974aca3dbd0de63502c215a9493930dd6b661353ea545
a220fecb147d92b992846511c68f1fb5a0e2a7bbbb295e4728ee154e12be1dde
bf4b4e698282d6248aced4f883656de33d64e79b79d9dec9e53afd45afb7b487
c90ed26b8ddde43b2403e692a2dff034e6cb42ab9cef61940af831a7e8612529
c93759b72d6cd8568a1f2edabc672c939e7996b707b6cd378161164b249d95bf
d16d07a0353405fcec95f7efc50a2621bc7425f9a5e8895078396fb0dc460c4f
d3f45949797ac9329127b9e128b0e0656aa48d5dbd8d5e8e42c8b451780c34f2
d75a92d2cb03b78e8a6e381833a32154c6a6f596206935291a9c072372ea7538
f117af00d6c64e8b3131c23918f6d60fd6138c4f3dfc11c26f51c4917e2281f6
f74f8d93f7eadcc4b26b5a801093de6828997cd4fea6d7a99c95cc238ce80943