irs.treasury.gov
Open in
urlscan Pro
2600:141b:b000:291::22f2
Malicious Activity!
Public Scan
Effective URL: https://irs.treasury.gov/freetaxprep/
Submission: On February 06 via api from US — Scanned from DE
Summary
TLS certificate: Issued by GeoTrust RSA CA 2018 on April 6th 2023. Valid for: a year.
This is the only time irs.treasury.gov was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: IRS (Government)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 208.95.153.33 208.95.153.33 | 14492 (DATAPIPE) (DATAPIPE) | |
5 | 2600:141b:b00... 2600:141b:b000:291::22f2 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 2a00:1450:400... 2a00:1450:4001:828::200a | 15169 (GOOGLE) (GOOGLE) | |
2 | 2a00:1450:400... 2a00:1450:4001:80b::200a | 15169 (GOOGLE) (GOOGLE) | |
8 | 4 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
treasury.gov
irs.treasury.gov — Cisco Umbrella Rank: 936731 |
17 KB |
3 |
googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 369 maps.googleapis.com — Cisco Umbrella Rank: 362 |
221 KB |
1 |
senate.gov
1 redirects
outreach.senate.gov — Cisco Umbrella Rank: 412200 |
722 B |
8 | 3 |
Domain | Requested by | |
---|---|---|
5 | irs.treasury.gov |
irs.treasury.gov
|
2 | maps.googleapis.com |
irs.treasury.gov
maps.googleapis.com |
1 | ajax.googleapis.com |
irs.treasury.gov
|
1 | outreach.senate.gov | 1 redirects |
8 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.irs.gov |
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.treasury.gov GeoTrust RSA CA 2018 |
2023-04-06 - 2024-04-06 |
a year | crt.sh |
upload.video.google.com GTS CA 1C3 |
2024-01-09 - 2024-04-02 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://irs.treasury.gov/freetaxprep/
Frame ID: 2A991C7BBDEF0EE5FDFF86D93EC58706
Requests: 10 HTTP requests in this frame
Screenshot
Page Title
Get Free Tax Prep HelpPage URL History Show full URLs
-
https://outreach.senate.gov/iqextranet/iqClickTrk.aspx?&cid=SenManchin&crop=19707.238390656.19747730.155...
HTTP 302
https://irs.treasury.gov/freetaxprep/ Page URL
Detected technologies
Google Maps (Maps) ExpandDetected patterns
- //maps\.google(?:apis)?\.com/maps/api/js
Akamai Bot Manager (Security) Expand
Detected patterns
jQuery (JavaScript Libraries) Expand
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
2 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Title: Program Info
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://outreach.senate.gov/iqextranet/iqClickTrk.aspx?&cid=SenManchin&crop=19707.238390656.19747730.15590367&report_id=&redirect=https%3a%2f%2firs.treasury.gov%2ffreetaxprep%2f&redir_log=508033901077264
HTTP 302
https://irs.treasury.gov/freetaxprep/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
8 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
irs.treasury.gov/freetaxprep/ Redirect Chain
|
7 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vitaCSS.css
irs.treasury.gov/freetaxprep/css/ |
3 KB 799 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.js
ajax.googleapis.com/ajax/libs/jquery/1.4.2/ |
160 KB 161 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
maps.googleapis.com/maps/api/ |
175 KB 60 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
4b377eec
irs.treasury.gov/akam/13/ |
26 KB 9 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo.png
irs.treasury.gov/freetaxprep/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
gen_204
maps.googleapis.com/maps/api/mapsjs/ |
3 B 45 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
9 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
157 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
pixel_4b377eec
irs.treasury.gov/akam/13/ |
0 627 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: IRS (Government)9 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery object| google object| module$exports$mapsapi$geometry$spherical object| reactiveElementVersions object| module$contents$mapsapi$overlay$overlayView_OverlayView function| searchLocations string| bazadebezolkohpepadr string| urhehlevkedkilrobacf2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
outreach.senate.gov/ | Name: LMDSI_KSI Value: xsnllni4japv4mjvqsyrrp5a |
|
.treasury.gov/ | Name: ak_bmsc Value: 88FA5AAC8C0F631E6C93CBAC7C191C28~000000000000000000000000000000~YAAQJ/o7F90HDWGNAQAAVbi7fhYbofEe0f7WTDRGwiNP3ndmAQIHaeOR2R+DZt9Hf4MGmt0+SgDUxo8LpM0OOuKdF+4yQZG/tZlbjosIQBfof2S/Ro9BkVqaHroZ8dP6HMtea5TPpn9jxULrg5nhWQr2GmhFe/ZMWzon48NzDcVsT5yZd/0c/p40DGkUzVha1NJcHteZPXhJL9tGL51J4w/SYK0ouFeuy14Qh+hcSxvfyIaejGoC5BXrNJ6pQTNnIjJXFAI51UQLlQnxETU8Is0rqaGEZOeSPSMxHYYAN0giU1ZzChAjskHttsre/Rodb+/8h9gaRPYHlC8HngeLUSIudtvtUyo1gAkpTp7VHvJFmJ0hJhl5ILRMn1TCbDvos5CzRHJX7dcE5z9IQ4C+qkNUUOpfli0I+K0NI+YnZbEZD4mE1Qee5y37T1SSndTTqP4yZbweTFHC5furNdtxtfz/gHJr3hfOtY4+ExwJNtXG4KQ8kvWOBnEPSQUrUn90/qOHhGwlafy1 |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31536000 |
X-Content-Type-Options | nosniff |
X-Frame-Options | SAMEORIGIN |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
irs.treasury.gov
maps.googleapis.com
outreach.senate.gov
208.95.153.33
2600:141b:b000:291::22f2
2a00:1450:4001:80b::200a
2a00:1450:4001:828::200a
00d10246e31af5f25bb882a75a74306ae4e4f4020c011921e2c21c4145beae36
80d54533f80e8233621f965ae0a7713928bdb4d491ed0eb5e90434550f1894cb
95c023c80dfe0d30304c58244878995061f87801a66daa5d6bf4f2512be0e6f9
b831fccf6dfafa26d4eb3d51369ed026b733dbfd7850217b15511e1266d96115
bf1cd0e63026be91e27a8c464864f67b3192e82d0b1a3d4854fc330dbb5dfd83
c5936671f7bb383733233582dda955aa139c3a1c338167ecd312ec4e30292d22
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
d554361630709572f4c9e33d02ca5ae56275756099a62195513017a0421f73c2
d99c316cf6d80d54eedbeceb2ab66d71718b718ae1d145defeca3eeecc5701cd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855