irsrefundclaims.com Open in urlscan Pro
101.99.94.9 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://irsrefundclaims.com/
Submission: On July 03 via api (July 3rd 2023, 12:33:32 pm UTC) from JP — Scanned from JP

Summary HTTP 16 Redirects Behaviour Indicators

Summary

This website contacted 8 IPs in 3 countries across 8 domains to perform 16 HTTP transactions. The main IP is 101.99.94.9, located in Kuala Lumpur, Malaysia and belongs to SHINJIRU-MY-AS-AP Shinjiru Technology Sdn Bhd, MY. The main domain is irsrefundclaims.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on July 1st 2023. Valid for: 3 months.

This is the only time irsrefundclaims.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: IRS (Government)

Domain & IP information

	IP Address	AS Autonomous System
2	101.99.94.9 101.99.94.9	45839 (SHINJIRU-...) (SHINJIRU-MY-AS-AP Shinjiru Technology Sdn Bhd)
1	2a04:4e42:600... 2a04:4e42:600::485	54113 (FASTLY) (FASTLY)
3	2606:4700:20:... 2606:4700:20::681a:e3e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:acf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2600:141a:800... 2600:141a:8000:192::f50	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2606:4700:310... 2606:4700:3108::ac42:2b54	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2001:4de0:ac1... 2001:4de0:ac18::1:a:2a	20446 (STACKPATH...) (STACKPATH-CDN)
4	2606:4700:e2:... 2606:4700:e2::ac40:840f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
16	8

2 101.99.94.9 (Kuala Lumpur, Malaysia)

ASN45839 (SHINJIRU-MY-AS-AP Shinjiru Technology Sdn Bhd, MY)

irsrefundclaims.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:600::485 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:20::681a:e3e (United States)

ASN13335 (CLOUDFLARENET, US)

fonts.cdnfonts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:acf (United States)

ASN13335 (CLOUDFLARENET, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:141a:8000:192::f50 (Honolulu, United States)

ASN20940 (AKAMAI-ASN1, NL)

www.irs.gov	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3108::ac42:2b54 (United States)

ASN13335 (CLOUDFLARENET, US)

svgsilh.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac18::1:a:2a (Netherlands)

ASN20446 (STACKPATH-CDN, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:e2::ac40:840f (United States)

ASN13335 (CLOUDFLARENET, US)

use.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	fontawesome.com use.fontawesome.com — Cisco Umbrella Rank: 1196	88 KB
3	irs.gov www.irs.gov — Cisco Umbrella Rank: 20373	37 KB
3	cdnfonts.com fonts.cdnfonts.com — Cisco Umbrella Rank: 11926	148 KB
2	irsrefundclaims.com irsrefundclaims.com	34 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 749	29 KB
1	svgsilh.com svgsilh.com — Cisco Umbrella Rank: 349390	22 KB
1	bootstrapcdn.com maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 1032	25 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 368	23 KB
16	8

	Domain	Requested by
4	use.fontawesome.com	irsrefundclaims.com use.fontawesome.com
3	www.irs.gov	irsrefundclaims.com
3	fonts.cdnfonts.com	irsrefundclaims.com fonts.cdnfonts.com
2	irsrefundclaims.com	irsrefundclaims.com
1	code.jquery.com	irsrefundclaims.com
1	svgsilh.com	irsrefundclaims.com
1	maxcdn.bootstrapcdn.com	irsrefundclaims.com
1	cdn.jsdelivr.net	irsrefundclaims.com
16	8

This site contains no links.

Subject Issuer	Validity	Valid
irsrefundclaims.com cPanel, Inc. Certification Authority	`2023-07-01` - `2023-09-29`	3 months	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2022 Q4	`2022-12-23` - `2024-01-24`	a year	crt.sh
cdnfonts.com GTS CA 1P5	`2023-06-05` - `2023-09-03`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-12-30` - `2023-12-30`	a year	crt.sh
www.irs.gov Entrust Certification Authority - L1F	`2022-10-04` - `2023-11-04`	a year	crt.sh
svgsilh.com E1	`2023-06-26` - `2023-09-24`	3 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2022-08-03` - `2023-07-14`	a year	crt.sh
use.fontawesome.com GTS CA 1P5	`2023-05-06` - `2023-08-04`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://irsrefundclaims.com/
Frame ID: 028BD3FCAB28CA79EDF9885930058BE3
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

IRS

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
//cdn\.jsdelivr\.net/

Page Statistics

16
Requests

100 %
HTTPS

88 %
IPv6

8
Domains

8
Subdomains

8
IPs

3
Countries

406 kB
Transfer

738 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
irsrefundclaims.com/ 32 KB
32 KB 1610ms
251ms Document
text/html 101.99.94.9
SHINJIRU-MY-AS-AP...

General

Check archive.org

Show headers Download Go to

Full URL: https://irsrefundclaims.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 101.99.94.9 Kuala Lumpur, Malaysia, ASN45839 (SHINJIRU-MY-AS-AP Shinjiru Technology Sdn Bhd, MY),
Reverse DNS
Software: Apache /
Resource Hash: 4697cad961eeda443f0ac6043ada0f620d53d4bd2cf2b7bddc17e9f26ef7b880

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: jp-JP,jp;q=0.9

Response headers

Accept-Ranges: bytes
Connection: Keep-Alive
Content-Length: 32782
Content-Type: text/html
Date: Mon, 03 Jul 2023 12:33:24 GMT
Keep-Alive: timeout=5, max=100
Last-Modified: Mon, 26 Jun 2023 04:32:02 GMT
Server: Apache

GET
H2 200 bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@4.0.0/dist/css/ 141 KB
23 KB 66ms
12ms Stylesheet
text/css 2a04:4e42:600::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/bootstrap@4.0.0/dist/css/bootstrap.min.css

Requested by

Host: irsrefundclaims.com
URL: https://irsrefundclaims.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://irsrefundclaims.com/
Origin: https://irsrefundclaims.com
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 03 Jul 2023 12:33:26 GMT
x-content-type-options: nosniff
content-encoding: br
age: 7182301
x-jsd-version: 4.0.0
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 23140
x-served-by: cache-fra-eddf8230117-FRA, cache-tyo11982-TYO
x-jsd-version-type: version
etag: W/"235ed-iVElpFIqOxDuetoG7mUDWHy/lcU"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 source-sans-pro
fonts.cdnfonts.com/css/ 2 KB
743 B 40ms
17ms Stylesheet
text/css 2606:4700:20::681a:e3e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://fonts.cdnfonts.com/css/source-sans-pro
Requested by: Host: irsrefundclaims.com
URL: https://irsrefundclaims.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:e3e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3403dd4c6b0825baa19dbd7b8fdfbb92cd1988d97d54389a55e0fe3662fb3adc

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://irsrefundclaims.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 12:33:26 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Mon, 03 Apr 2023 01:48:55 GMT
server: cloudflare
age: 7901071
cf-polished: origSize=2605
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QUbFufKMtVLcwDv41szkPmjSgr5YjeDfizYrtdrR69HItK%2B4Diy4KmqXoK1Z7ZA8IbYvvI3IVZMaHIJK6smc2XXIViBxqhgdHCDxdQ4EJtivs%2BiRd%2Fzq51ExZhgWgGKEjkfxg1OJqHkfL8SWJeEFdg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css;charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=2678400
cf-ray: 7e0f282e197b34e1-NRT

GET
H2 200 bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/4.5.0/css/ 157 KB
25 KB 33ms
20ms Stylesheet
text/css 2606:4700::6812:acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css

Requested by

Host: irsrefundclaims.com
URL: https://irsrefundclaims.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

680af6669abc319f9803f0fa26d443df1b6bc29133d88a8e4bea560ffed7288c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://irsrefundclaims.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 12:33:26 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
cdn-edgestorageid: 470, 617, 617
age: 210036
cdn-cachedat: 2021-06-08 12:19:25
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 25 Jan 2021 22:04:10 GMT
server: cloudflare
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: 4be8e732795ac6050265fa78d68607d6
timing-allow-origin: *
cdn-requestcountrycode: AU
cf-ray: 7e0f282e1f603bf9-NRT
cdn-requestpullsuccess: True

GET
H2 200 official-site-flag.png
www.irs.gov/themes/custom/pup_base/images/ 4 KB
4 KB 512ms
126ms Image
image/png 2600:141a:8000:192::f50
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.irs.gov/themes/custom/pup_base/images/official-site-flag.png

Requested by

Host: irsrefundclaims.com
URL: https://irsrefundclaims.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141a:8000:192::f50 Honolulu, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

2aed0559ebb58b74e1ae783ef624dbbc9f70390a2648dc1787af6c68122ec510

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://irsrefundclaims.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-cache-hits: 1
date: Mon, 03 Jul 2023 12:33:27 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
last-modified: Wed, 02 Jun 2021 08:56:54 GMT
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=86400
x-age: 4
x-ah-environment: prod
accept-ranges: bytes
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="468996_386826661_577161620_20_9460_116_0_-";dur=1
content-length: 4029
x-request-id: v-a759bb9a-ebaf-11ed-9373-af35bca239a2
expires: Tue, 04 Jul 2023 12:33:27 GMT

GET
H2 200 IRS-Logo.svg
www.irs.gov/pub/image/ 5 KB
2 KB 653ms
267ms Image
image/svg+xml 2600:141a:8000:192::f50
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.irs.gov/pub/image/IRS-Logo.svg

Requested by

Host: irsrefundclaims.com
URL: https://irsrefundclaims.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141a:8000:192::f50 Honolulu, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

0f43618580dd31a8096effd969ca2af7e26ba8555ab8d732e5b32fe2ef8e8cf6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://irsrefundclaims.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

expires: Tue, 04 Jul 2023 12:33:27 GMT
date: Mon, 03 Jul 2023 12:33:27 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
x-age: 55
x-ah-environment: prod
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="468996_386826661_577161635_162_8604_116_0_-";dur=1
content-length: 1941
x-request-id: v-be16704e-b6da-11ed-a5fa-d789f7d0c72c
last-modified: Fri, 30 Jun 2023 10:27:31 GMT
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
cache-control: max-age=86400
accept-ranges: bytes
x-cache-hits: 2

GET
H2 200 hero-1-optimized.jpg
www.irs.gov/pub/2021-10/ 30 KB
30 KB 523ms
137ms Image
image/jpeg 2600:141a:8000:192::f50
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.irs.gov/pub/2021-10/hero-1-optimized.jpg

Requested by

Host: irsrefundclaims.com
URL: https://irsrefundclaims.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141a:8000:192::f50 Honolulu, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

9ee545f8c50031535751e547b30cb89491089e64c05a2ea6db057b767db08ae8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://irsrefundclaims.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

expires: Tue, 04 Jul 2023 12:33:27 GMT
x-edgeconnect-origin-mex-latency: 70
date: Mon, 03 Jul 2023 12:33:27 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-edgeconnect-midmile-rtt: 50
x-age: 1228
x-ah-environment: prod
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="468996_386826661_577161636_119_8435_116_0_-";dur=1
content-length: 30267
x-request-id: v-3288006e-3923-11ec-b508-7f3a6b837fba
last-modified: Sat, 30 Oct 2021 01:42:51 GMT
content-type: image/jpeg
cache-control: max-age=86400
accept-ranges: bytes
x-cache-hits: 7

GET
H2 200 SourceSansPro-Regular.woff
fonts.cdnfonts.com/s/12183/ 73 KB
73 KB 952ms
941ms Font
font/woff 2606:4700:20::681a:e3e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://fonts.cdnfonts.com/s/12183/SourceSansPro-Regular.woff
Requested by: Host: fonts.cdnfonts.com
URL: https://fonts.cdnfonts.com/css/source-sans-pro
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:e3e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 211a0a6ae53f7ab34ccf7ea287e8d83c1af72d8232e3f5a080f94861708f3c6e

Request headers

Referer: https://fonts.cdnfonts.com/css/source-sans-pro
Origin: https://irsrefundclaims.com
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 12:33:27 GMT
cf-cache-status: MISS
last-modified: Sat, 05 Feb 2022 02:00:36 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "12358-5d73bbbc12998"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6byzZN%2B3agnTIaV09TcR%2Fxe82Hn1cHoitIITNGG%2FX%2B5naI1rGXeLBX1L7T9XRHTlpdnxlNTa%2FC0bSnC0SALV7UtkbYE9iVLJ32CrzKryim9ZLEdXcY9WqSKMWuKn55wyeYV1g3N4jbnW9sQ3s6AGpQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: font/woff
access-control-allow-origin: *
cache-control: max-age=2678400
accept-ranges: bytes
cf-ray: 7e0f282f98cdaf5e-NRT
content-length: 74584

GET
H2 200 146635-4caf50.png
svgsilh.com/png-512/ 21 KB
22 KB 28ms
8ms Image
image/png 2606:4700:3108::ac42:2b54
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://svgsilh.com/png-512/146635-4caf50.png
Requested by: Host: irsrefundclaims.com
URL: https://irsrefundclaims.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3108::ac42:2b54 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ca2020615efa1f3e815f550faac67707787269a3b7bda9d8fa1f4c47d728889c

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://irsrefundclaims.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 12:33:27 GMT
cf-cache-status: HIT
last-modified: Sun, 02 Jul 2023 08:57:07 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 99380
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lmUS%2F7ZMS3mfesVqSx%2BN3FfIYfpymju%2FcB9UZt3GbU%2Fz1jv1GAK95y6%2FzwajUpIaS0FyE5e4BVdEgxqJzLD7L72wA%2B0KJvbnilt7XxD0GtrYGD8PA7VIB8jXiR8gzrP68z%2FVwREHhm0ekQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=86400
cf-ray: 7e0f282fca9b8aa2-NRT
alt-svc: h3=":443"; ma=86400
expires: Sun, 02 Jul 2023 16:55:36 GMT

GET
H2 200 jquery-2.2.4.min.js Show response
code.jquery.com/ 84 KB
29 KB 351ms
112ms Script
application/javascript 2001:4de0:ac18::1:a:2a
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-2.2.4.min.js
Requested by: Host: irsrefundclaims.com
URL: https://irsrefundclaims.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:2a , Netherlands, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software: nginx /
Resource Hash: 05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://irsrefundclaims.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 12:33:27 GMT
content-encoding: gzip
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
server: nginx
etag: W/"611feac9-14e4a"
vary: Accept-Encoding
x-hw: 1688387607.dop047.sj3.t,1688387607.cds048.sj3.hn,1688387607.cds214.sj3.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 29811

GET
H2 200 9fc9420f00.js Show response
use.fontawesome.com/ 9 KB
4 KB 403ms
381ms Script
text/javascript 2606:4700:e2::ac40:840f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/9fc9420f00.js
Requested by: Host: irsrefundclaims.com
URL: https://irsrefundclaims.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:840f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 95d5e2aaed566856de67ff20bdd91e6923962c5980ef3e13a52355c5402b047b

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://irsrefundclaims.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 12:33:27 GMT
content-encoding: br
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: YKT2BDB7NG8C01Z1
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: ldnjzJye0Vwjkl65iV9tnQr4uVuFaErPWrp2RO8Rj4/TB45ls1zZzJl1U+V8Jj0fK1RKsa0i0ls=
last-modified: Thu, 22 Jun 2023 18:44:04 GMT
server: cloudflare
etag: W/"6a7eb336ce3db649c883530492848d47"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nMWp9niyGZVQdPkUqdHjXbgQEWRrMj0FOYAE0I6Gh4W%2Bx4g0VXz4KVOwS72DmDH1tYRrGQG2BGpc2xF%2FhgRK0BRyAK0CBDJU9ivJfOXX7%2BS9oio9tcqCOHL5PPflX%2FkL18JIVhPXCi40SbjEpmUlrJZx"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cache-control: max-age=1800
cf-ray: 7e0f282fdb53ded5-NRT

GET
H/1.1 200
OK index.js Show response
irsrefundclaims.com/ 2 KB
2 KB 250ms
250ms Script
application/javascript 101.99.94.9
SHINJIRU-MY-AS-AP...

General

Check archive.org

Show headers Download Go to

Full URL: https://irsrefundclaims.com/index.js
Requested by: Host: irsrefundclaims.com
URL: https://irsrefundclaims.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 101.99.94.9 Kuala Lumpur, Malaysia, ASN45839 (SHINJIRU-MY-AS-AP Shinjiru Technology Sdn Bhd, MY),
Reverse DNS
Software: Apache /
Resource Hash: 7870d82a70d462417341cc48fac3485ff0bdf937bfa8debc48c05a8c81c0ba93

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://irsrefundclaims.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Mon, 03 Jul 2023 12:33:24 GMT
Last-Modified: Mon, 26 Jun 2023 05:22:42 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 1620

GET
H2 200 9fc9420f00.css
use.fontawesome.com/ 1 KB
764 B 413ms
413ms Stylesheet
text/css 2606:4700:e2::ac40:840f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/9fc9420f00.css
Requested by: Host: use.fontawesome.com
URL: https://use.fontawesome.com/9fc9420f00.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:840f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e0b24295cc8e9a18497224385f39e5192e2736358dceaeb69d64821d96b27390

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://irsrefundclaims.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 12:33:27 GMT
content-encoding: br
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: YKTC8HBXS9980DPC
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: BO31tMKmt6ZpCI8qZZbdgtLLndHzfBv4Dod1+r8654VxIbaFAWM2854Ez/+ZNRYzYFftSfSUlhM=
last-modified: Thu, 22 Jun 2023 18:44:04 GMT
server: cloudflare
etag: W/"5f4128af6902249ed8a6cec2ac0485cb"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UChu4SMQPGIO%2FQDyARh5WhbJ%2Be9KtGzYtis5AFggqelnWI9pXBVrWszhGydxeQ7XXgKNAShv8hf7fF4d5wGcrM9p0CTNFm1H9u6OnJK6Gz%2Fgn6bgjdYN02349kdf%2BUGshv1azpWXUWmjZpTkSU5d8DRe"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=1800
cf-ray: 7e0f2832bd9bded5-NRT

GET
H3 200 font-awesome-css.min.css
use.fontawesome.com/releases/v4.7.0/css/ 30 KB
7 KB 10ms
10ms Stylesheet
text/css 2606:4700:e2::ac40:840f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v4.7.0/css/font-awesome-css.min.css
Requested by: Host: use.fontawesome.com
URL: https://use.fontawesome.com/9fc9420f00.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:e2::ac40:840f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5b9573e1023da775390e9284ec0eb1c606df9b468a28980055b4a6aa804f4350

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://use.fontawesome.com/9fc9420f00.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 12:33:27 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: C7W2AGXHCZF82QGX
age: 1449375
alt-svc: h3=":443"; ma=86400
x-amz-id-2: QRlSpjEHQUOpb4ooDaKrw5+6iHZ1inOiGcV8DajVykctovdiIDXD6jldKIUu+HAPCnxZTWWe9IQ=
last-modified: Wed, 30 Jun 2021 15:26:48 GMT
server: cloudflare
etag: W/"36082410df2ef7f83932219089dc1443"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QH98BaSJy3nsYNv3vrxGphV39V8NIshDkk7mW1hb4AsknQ62Icf9spB%2BnUsisGZQvRuC4OVuKyv6fr8TTre7nB5ldAUEuFwvIeNs%2BMF4eXF0G6MUMcorRfgu9CC9STLb2%2BmpAod7d%2BlpkcOPvcwVTOx4"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31556926
cf-ray: 7e0f28355805af37-NRT

GET
H3 200 fontawesome-webfont.woff2
use.fontawesome.com/releases/v4.7.0/fonts/ 75 KB
76 KB 14ms
8ms Font
application/font-woff2 2606:4700:e2::ac40:840f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v4.7.0/fonts/fontawesome-webfont.woff2
Requested by: Host: use.fontawesome.com
URL: https://use.fontawesome.com/9fc9420f00.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:e2::ac40:840f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Request headers

Referer: https://use.fontawesome.com/9fc9420f00.css
Origin: https://irsrefundclaims.com
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 12:33:27 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: EZ47H18FEHGAQGT0
age: 2504
alt-svc: h3=":443"; ma=86400
content-length: 77160
x-amz-id-2: dLDYlf4ULQaJGPGhwwOC2eyiERKa7oTdN56qu4qhuqscVmouP+kYImcJiZtrB/tcWaBVYlY+CwQ=
last-modified: Wed, 30 Jun 2021 15:26:48 GMT
server: cloudflare
etag: "af7ae505a9eed503f8b8e6982036873e"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/font-woff2
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dtig6DHgnFRWe4ftzsmmKAXN0XRb9K%2B0p76A7fNgSEZhnSfoh2ile9vDsWqyswSZPFsPYp5nH5%2FYhOneve85MmcWWKmilESzkBpEW2f0XdOseJvIzdl0OJIc7ZVNB9bgupVexyS%2BJcKC%2BGvNs6NB1WCZ"}],"group":"cf-nel","max_age":604800}
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 7e0f28357f66264a-NRT

GET
H2 200 SourceSansPro-Bold.woff
fonts.cdnfonts.com/s/12183/ 74 KB
74 KB 1015ms
1015ms Font
font/woff 2606:4700:20::681a:e3e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://fonts.cdnfonts.com/s/12183/SourceSansPro-Bold.woff
Requested by: Host: fonts.cdnfonts.com
URL: https://fonts.cdnfonts.com/css/source-sans-pro
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:e3e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1ac532266cc177d5a202631c887be12d8fdb55ec2a01655750091a486b54dfa6

Request headers

Referer: https://fonts.cdnfonts.com/css/source-sans-pro
Origin: https://irsrefundclaims.com
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 12:33:28 GMT
cf-cache-status: MISS
last-modified: Sat, 05 Feb 2022 02:00:36 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "1263c-5d73bbbc121c8"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rNzOK4mJSIEFb%2BwTU9tVLKvMq1j7qxom4YQsESN7lqE6u8G6dPs4asiZ5iyG44LxELMn4FnqsMEZxq1g3L54RAOErdhHH8AXULSzGIEpPbkeUz%2BdPvw3byTML21eDNIeA4P3%2FEv0mrn0CIJnvd%2FqIA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: font/woff
access-control-allow-origin: *
cache-control: max-age=2678400
accept-ranges: bytes
cf-ray: 7e0f28359961af5e-NRT
content-length: 75324

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: IRS (Government)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.jsdelivr.net
code.jquery.com
fonts.cdnfonts.com
irsrefundclaims.com
maxcdn.bootstrapcdn.com
svgsilh.com
use.fontawesome.com
www.irs.gov
101.99.94.9
2001:4de0:ac18::1:a:2a
2600:141a:8000:192::f50
2606:4700:20::681a:e3e
2606:4700:3108::ac42:2b54
2606:4700::6812:acf
2606:4700:e2::ac40:840f
2a04:4e42:600::485
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
0f43618580dd31a8096effd969ca2af7e26ba8555ab8d732e5b32fe2ef8e8cf6
1ac532266cc177d5a202631c887be12d8fdb55ec2a01655750091a486b54dfa6
211a0a6ae53f7ab34ccf7ea287e8d83c1af72d8232e3f5a080f94861708f3c6e
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2aed0559ebb58b74e1ae783ef624dbbc9f70390a2648dc1787af6c68122ec510
2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d
3403dd4c6b0825baa19dbd7b8fdfbb92cd1988d97d54389a55e0fe3662fb3adc
4697cad961eeda443f0ac6043ada0f620d53d4bd2cf2b7bddc17e9f26ef7b880
5b9573e1023da775390e9284ec0eb1c606df9b468a28980055b4a6aa804f4350
680af6669abc319f9803f0fa26d443df1b6bc29133d88a8e4bea560ffed7288c
7870d82a70d462417341cc48fac3485ff0bdf937bfa8debc48c05a8c81c0ba93
95d5e2aaed566856de67ff20bdd91e6923962c5980ef3e13a52355c5402b047b
9ee545f8c50031535751e547b30cb89491089e64c05a2ea6db057b767db08ae8
ca2020615efa1f3e815f550faac67707787269a3b7bda9d8fa1f4c47d728889c
e0b24295cc8e9a18497224385f39e5192e2736358dceaeb69d64821d96b27390

irsrefundclaims.com Open in urlscan Pro 101.99.94.9 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

16 Requests

100 %HTTPS

88 %IPv6

8 Domains

8 Subdomains

8 IPs

3 Countries

406 kBTransfer

738 kBSize

0 Cookies

0 Outgoing links

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

7 JavaScript Global Variables

0 Cookies

Indicators

irsrefundclaims.com Open in urlscan Pro
101.99.94.9 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

100 %
HTTPS

88 %
IPv6

8
Domains

8
Subdomains

8
IPs

3
Countries

406 kB
Transfer

738 kB
Size

0
Cookies

16 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!