probrandingusa.com Open in urlscan Pro
2606:4700:3031::ac43:94fe Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://ronzanisamuele.it/irsmeimrs.html
Effective URL:
https://probrandingusa.com/irsus/home.html?resource_url=https://sa.www4.irs.gov/irfof/lang/en/irfofgetstatus.jsp=23235&sess...
Submission: On October 31 via api (October 31st 2023, 6:06:19 pm UTC) from NL — Scanned from US

Summary HTTP 16 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 16 HTTP transactions. The main IP is 2606:4700:3031::ac43:94fe, located in United States and belongs to CLOUDFLARENET, US. The main domain is probrandingusa.com.
TLS certificate: Issued by GTS CA 1P5 on October 24th 2023. Valid for: 3 months.

This is the only time probrandingusa.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: IRS (Government)

Domain & IP information

	IP Address	AS Autonomous System
1	2606:4700:303... 2606:4700:3030::ac43:84cb	13335 (CLOUDFLAR...) (CLOUDFLARENET)
15	2606:4700:303... 2606:4700:3031::ac43:94fe	13335 (CLOUDFLAR...) (CLOUDFLARENET)
16	2

1 2606:4700:3030::ac43:84cb (United States)

ASN13335 (CLOUDFLARENET, US)

ronzanisamuele.it	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2606:4700:3031::ac43:94fe (United States)

ASN13335 (CLOUDFLARENET, US)

probrandingusa.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
15	probrandingusa.com probrandingusa.com	60 KB
1	ronzanisamuele.it ronzanisamuele.it	558 B
16	2

	Domain	Requested by
15	probrandingusa.com	probrandingusa.com
1	ronzanisamuele.it
16	2

This site contains no links.

Subject Issuer	Validity	Valid
ronzanisamuele.it GTS CA 1P5	`2023-09-24` - `2023-12-23`	3 months	crt.sh
probrandingusa.com GTS CA 1P5	`2023-10-24` - `2024-01-22`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://probrandingusa.com/irsus/home.html?resource_url=https://sa.www4.irs.gov/irfof/lang/en/irfofgetstatus.jsp=23235&session=959
Frame ID: 17762F805909C09648A517FB4BD30D39
Requests: 15 HTTP requests in this frame

Frame: https://probrandingusa.com/irsus/home_files/saved_resource.htm
Frame ID: E12CEE7FC7FF1A16CA7863D9D8EE94B0
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Get Refund Status

Page URL History Show full URLs

https://ronzanisamuele.it/irsmeimrs.html Page URL
https://probrandingusa.com/irsus/ Page URL
https://probrandingusa.com/irsus/home.html?resource_url=https://sa.www4.irs.gov/irfof/lang/en/irfofgets... Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css

Page Statistics

16
Requests

100 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

60 kB
Transfer

242 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://ronzanisamuele.it/irsmeimrs.html Page URL
https://probrandingusa.com/irsus/ Page URL
https://probrandingusa.com/irsus/home.html?resource_url=https://sa.www4.irs.gov/irfof/lang/en/irfofgetstatus.jsp=23235&session=959 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	irsmeimrs.html Show response ronzanisamuele.it/	97 B 558 B	561ms 470ms	Document text/html	2606:4700:3030::ac43:84cb CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ronzanisamuele.it/irsmeimrs.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3030::ac43:84cb , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `f79b985fbaf903202d36f145cc06a48b624f951394e0f1c2cd0dc1df2b6b96ed` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 accept-language en-US,en;q=0.9 Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 81edd4ab2e8e6de3-MIA content-encoding br content-type text/html date Tue, 31 Oct 2023 18:06:14 GMT last-modified Tue, 31 Oct 2023 17:02:06 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yVCgfuytlmIlrR3%2BQdiVtgQkOTOfjwy1fwsdVbAmEe49NFQD6VdVsNhydRnEnqJEKf%2BRQUhMSqpoZsa%2FImEGCbEsxzSuEIHMV4FWgmb1XNkSVaZE3nlWHdki1%2FtKO0mK6cODjCqOXEilE3sFYv1zcA%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding,User-Agent
GET H2	200	/ Show response probrandingusa.com/irsus/	276 B 603 B	359ms 283ms	Document text/html	2606:4700:3031::ac43:94fe CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://probrandingusa.com/irsus/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3031::ac43:94fe , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `330284dfe3b88031e715920dacf0f112cf57a9abaa4ff8c1354c4fbc29c62abd` Request headers Referer https://ronzanisamuele.it/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 accept-language en-US,en;q=0.9 Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 81edd4b4d94a099e-MIA content-encoding br content-type text/html; charset=UTF-8 date Tue, 31 Oct 2023 18:06:16 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Rz2XkN6CS0ovxdKRORFTnHaBEpThuuXIqKQaWAY70tlFX62M3Ij1qREdte3dLvqwwInebeJH7kASCXRzvLsgp2iK%2BKvOxNKs7%2FhyfqGolDpJLtoDhIujkkCg1kduKihGq6uMIQc7OHZ7FQBl8KOzmxg%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding
GET H2	200	Primary Request home.html Show response probrandingusa.com/irsus/	12 KB 3 KB	159ms 159ms	Document text/html	2606:4700:3031::ac43:94fe CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://probrandingusa.com/irsus/home.html?resource_url=https://sa.www4.irs.gov/irfof/lang/en/irfofgetstatus.jsp=23235&session=959 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3031::ac43:94fe , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `bec0021229acb826efda32e78841a7b97ffb73d3b922bd1bd98823a4377a5374` Request headers Referer https://probrandingusa.com/irsus/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 accept-language en-US,en;q=0.9 Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 81edd4b6cc13099e-MIA content-encoding br content-type text/html date Tue, 31 Oct 2023 18:06:16 GMT last-modified Tue, 25 Apr 2023 06:40:36 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HeZDuFUzszMoRBOmTL9il6vuOiW4gJeulfg30L822dSDYAGWvEiTn2pCmno4qNCzSTHIzmu85tfE6FaVe31tJwbODtdWcAv1G428fGx0j6jU71zdsRVwQ90tu57Vvv27abFTK5sfWc8wZCaRU2TvTDQ%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding
GET H3	200	bootstrap.css probrandingusa.com/irsus/home_files/	152 KB 25 KB	73ms 71ms	Stylesheet text/css	2606:4700:3031::ac43:94fe CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://probrandingusa.com/irsus/home_files/bootstrap.css Requested by Host: probrandingusa.com URL: https://probrandingusa.com/irsus/home.html?resource_url=https://sa.www4.irs.gov/irfof/lang/en/irfofgetstatus.jsp=23235&session=959 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::ac43:94fe , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `4f52f329c18914acde937ef708d127632bfcbbd8f4d5b02ab9d074699e00afa3` Request headers accept-language en-US,en;q=0.9 Referer https://probrandingusa.com/irsus/home.html?resource_url=https://sa.www4.irs.gov/irfof/lang/en/irfofgetstatus.jsp=23235&session=959 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers date Tue, 31 Oct 2023 18:06:16 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 4610 alt-svc h3=":443"; ma=86400 cf-bgj minify last-modified Wed, 08 Jun 2022 12:09:34 GMT server cloudflare etag W/"2606e-62a0917e-285b5a;gz" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BfLCYu2IjNhw5FAzhIsnTxVECuLia7RF2ugbZS4W4%2FNZB0A19ItckI7ySwOXb7t%2FB51L6zFgXtJahL8nriqkJmnhEiV33vg7iVzrIjKsbJB0g9v1ZthZvaInOTFsdlIO6Y625JcvnbiOry%2Ba1Dvtbr8%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control public, max-age=604800 cf-ray 81edd4b7cb258bff-MIA expires Tue, 07 Nov 2023 16:49:26 GMT
GET H3	200	jquery-ui.css probrandingusa.com/irsus/home_files/	31 KB 8 KB	45ms 43ms	Stylesheet text/css	2606:4700:3031::ac43:94fe CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://probrandingusa.com/irsus/home_files/jquery-ui.css Requested by Host: probrandingusa.com URL: https://probrandingusa.com/irsus/home.html?resource_url=https://sa.www4.irs.gov/irfof/lang/en/irfofgetstatus.jsp=23235&session=959 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::ac43:94fe , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `1dcf7c6148121e9c474fbb4f32a0d43677cb0d85cc910d3faf15f6251f7ea3b0` Request headers accept-language en-US,en;q=0.9 Referer https://probrandingusa.com/irsus/home.html?resource_url=https://sa.www4.irs.gov/irfof/lang/en/irfofgetstatus.jsp=23235&session=959 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers date Tue, 31 Oct 2023 18:06:16 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 4610 cf-polished origSize=32082 alt-svc h3=":443"; ma=86400 cf-bgj minify last-modified Wed, 08 Jun 2022 12:09:34 GMT server cloudflare etag W/"7d52-62a0917e-285b5f;gz" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zGizxM9VMGShysC6ovDhoa%2Fle1FAtDaYN1Zv5MPsxjeYll%2FOeZutOy655NR9Orw5rOvs3T5l1dIqvzrDqoyvSL%2FItwQ3rGqnSGhKtBV3Wuc16NpOCShEHgcmYtaeT5T%2BBcE%2FDuCOhooIc8ik8dGJAL4%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control public, max-age=604800 cf-ray 81edd4b7cb298bff-MIA expires Tue, 07 Nov 2023 16:49:26 GMT
GET H3	200	irs.css probrandingusa.com/irsus/home_files/	5 KB 2 KB	48ms 47ms	Stylesheet text/css	2606:4700:3031::ac43:94fe CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://probrandingusa.com/irsus/home_files/irs.css Requested by Host: probrandingusa.com URL: https://probrandingusa.com/irsus/home.html?resource_url=https://sa.www4.irs.gov/irfof/lang/en/irfofgetstatus.jsp=23235&session=959 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::ac43:94fe , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `fdb6ea3cf5dca396f0b9ead85d6a1dceb389796e06fa0ab3725eb072dc11b1b9` Request headers accept-language en-US,en;q=0.9 Referer https://probrandingusa.com/irsus/home.html?resource_url=https://sa.www4.irs.gov/irfof/lang/en/irfofgetstatus.jsp=23235&session=959 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers date Tue, 31 Oct 2023 18:06:16 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 4610 cf-polished origSize=5806 alt-svc h3=":443"; ma=86400 cf-bgj minify last-modified Wed, 08 Jun 2022 12:09:34 GMT server cloudflare etag W/"16ae-62a0917e-285b5d;gz" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u2pYdn2QsoiE8vkdT3%2Fk0oeKESaLGfJYwCcV%2F0ui%2FHzCP%2FZiguPZphWZS4BRP3%2BZ8YJ%2BkN7TNOGRJ88ore2eYuFkY6hFTfRM4qWDBjOtJAFJADCCuJnpO3GR9PzWnk0hHnOQt3Xxf2oziqBPWFH3po4%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control public, max-age=604800 cf-ray 81edd4b7cb2a8bff-MIA expires Tue, 07 Nov 2023 16:49:26 GMT
GET H3	200	app.css probrandingusa.com/irsus/home_files/	9 KB 3 KB	109ms 108ms	Stylesheet text/css	2606:4700:3031::ac43:94fe CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://probrandingusa.com/irsus/home_files/app.css Requested by Host: probrandingusa.com URL: https://probrandingusa.com/irsus/home.html?resource_url=https://sa.www4.irs.gov/irfof/lang/en/irfofgetstatus.jsp=23235&session=959 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::ac43:94fe , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `f4b254c69add59c9263fc046268904bcb604aaef26626ad2dd7ba2f9b2965f52` Request headers accept-language en-US,en;q=0.9 Referer https://probrandingusa.com/irsus/home.html?resource_url=https://sa.www4.irs.gov/irfof/lang/en/irfofgetstatus.jsp=23235&session=959 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers date Tue, 31 Oct 2023 18:06:16 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 4610 cf-polished status=cannot_optimize alt-svc h3=":443"; ma=86400 cf-bgj minify last-modified Wed, 08 Jun 2022 12:09:34 GMT server cloudflare etag W/"2467-62a0917e-285b59;gz" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6zFLbnMpAiBvXDVApSiXb9gVNtCFtaj7rBwUFXWUXlB%2FBDoCZTRbOsqkP69trBcXnPAq7zQYrpn%2FpnsGi5xjSLT9kzJ6%2B7yINLzfSJJ7EjEexgthHlzjybjoOAxWXduJGOGu5UGJq6cBYxarssN6Is8%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control public, max-age=604800 cf-ray 81edd4b7cb2c8bff-MIA expires Tue, 07 Nov 2023 16:49:26 GMT
GET H3	200	app-error.css probrandingusa.com/irsus/home_files/	562 B 790 B	110ms 108ms	Stylesheet text/css	2606:4700:3031::ac43:94fe CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://probrandingusa.com/irsus/home_files/app-error.css Requested by Host: probrandingusa.com URL: https://probrandingusa.com/irsus/home.html?resource_url=https://sa.www4.irs.gov/irfof/lang/en/irfofgetstatus.jsp=23235&session=959 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::ac43:94fe , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `c1fec6422216d55e2ba3fa50bdd8f6968390bc87f8dc9f8471892c5fdefe4a72` Request headers accept-language en-US,en;q=0.9 Referer https://probrandingusa.com/irsus/home.html?resource_url=https://sa.www4.irs.gov/irfof/lang/en/irfofgetstatus.jsp=23235&session=959 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers date Tue, 31 Oct 2023 18:06:16 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 4610 cf-polished origSize=786 alt-svc h3=":443"; ma=86400 cf-bgj minify last-modified Wed, 08 Jun 2022 12:09:34 GMT server cloudflare etag W/"312-62a0917e-285b58;gz" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MoTUhky%2Fj0GKGHyh39C%2BdyyfZYo0aZxpxw51%2BCkdGzSxg4icRuZn5udCBMxn4CVGq4wp69vlRnmfLEXX5dorU3zDUiZ1xbdefSxKl4XsyFs8GjtYT2gVjc8o%2B%2FyD713ka0oQEUK4giE1GnBYFV2XpwQ%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control public, max-age=604800 cf-ray 81edd4b7cb308bff-MIA expires Tue, 07 Nov 2023 16:49:26 GMT
GET H3	200	wmsp-shared-secrets.css probrandingusa.com/irsus/home_files/	2 KB 1 KB	110ms 108ms	Stylesheet text/css	2606:4700:3031::ac43:94fe CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://probrandingusa.com/irsus/home_files/wmsp-shared-secrets.css Requested by Host: probrandingusa.com URL: https://probrandingusa.com/irsus/home.html?resource_url=https://sa.www4.irs.gov/irfof/lang/en/irfofgetstatus.jsp=23235&session=959 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::ac43:94fe , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `ce7425bc051d9f94e1e7851b70dcf0685c41d61373dde0cdabf5f99a1b2ae22e` Request headers accept-language en-US,en;q=0.9 Referer https://probrandingusa.com/irsus/home.html?resource_url=https://sa.www4.irs.gov/irfof/lang/en/irfofgetstatus.jsp=23235&session=959 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers date Tue, 31 Oct 2023 18:06:16 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 4610 cf-polished origSize=3256 alt-svc h3=":443"; ma=86400 cf-bgj minify last-modified Wed, 08 Jun 2022 12:09:34 GMT server cloudflare etag W/"cb8-62a0917e-285b63;gz" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Tge%2BWpt4plMLUegqwTAWlI8V1ZcN2%2FR6medG1MR4XM1pYQRyLcoCp8rbwsx%2BKa%2B10zjn8qtRZw1HtxKQNHI8oexE0GGxLvPuTgSlPCFbrI6fOWnTgbwzPfc18eBBBy3bkWBqDs7fPuYJMeHDCQflJTA%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control public, max-age=604800 cf-ray 81edd4b7cb328bff-MIA expires Tue, 07 Nov 2023 16:49:26 GMT
GET H3	200	wmsp-results.css probrandingusa.com/irsus/home_files/	1 KB 1019 B	111ms 109ms	Stylesheet text/css	2606:4700:3031::ac43:94fe CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://probrandingusa.com/irsus/home_files/wmsp-results.css Requested by Host: probrandingusa.com URL: https://probrandingusa.com/irsus/home.html?resource_url=https://sa.www4.irs.gov/irfof/lang/en/irfofgetstatus.jsp=23235&session=959 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::ac43:94fe , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `df502755dd72bb61d3fd538ef5ef5f3c144126a19bb47b312f7cc75de520f672` Request headers accept-language en-US,en;q=0.9 Referer https://probrandingusa.com/irsus/home.html?resource_url=https://sa.www4.irs.gov/irfof/lang/en/irfofgetstatus.jsp=23235&session=959 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers date Tue, 31 Oct 2023 18:06:16 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 4610 cf-polished origSize=1651 alt-svc h3=":443"; ma=86400 cf-bgj minify last-modified Wed, 08 Jun 2022 12:09:34 GMT server cloudflare etag W/"673-62a0917e-285b62;gz" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XFOxwuOEbHtm5MddWYuwdGNsmuGuny0TiucRIQ1tXx32DEfksCNQmb%2BwtHQY%2FU%2F1yuZivCZNWQEF%2B38mUaz7C66NpbiXuyPyKibzjxnOelxZHxd%2F338orh9KYzlWddigk003Py13mYEKyvfnU8ZD8TU%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control public, max-age=604800 cf-ray 81edd4b7cb348bff-MIA expires Tue, 07 Nov 2023 16:49:26 GMT
GET H3	200	datepicker.css probrandingusa.com/irsus/home_files/	18 KB 3 KB	47ms 45ms	Stylesheet text/css	2606:4700:3031::ac43:94fe CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://probrandingusa.com/irsus/home_files/datepicker.css Requested by Host: probrandingusa.com URL: https://probrandingusa.com/irsus/home.html?resource_url=https://sa.www4.irs.gov/irfof/lang/en/irfofgetstatus.jsp=23235&session=959 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::ac43:94fe , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `4c97e6daa1662a21090dfb0213e13afdde1dfb05a058b0666b779633b93192e1` Request headers accept-language en-US,en;q=0.9 Referer https://probrandingusa.com/irsus/home.html?resource_url=https://sa.www4.irs.gov/irfof/lang/en/irfofgetstatus.jsp=23235&session=959 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers date Tue, 31 Oct 2023 18:06:16 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 4610 cf-polished origSize=21244 alt-svc h3=":443"; ma=86400 cf-bgj minify last-modified Wed, 08 Jun 2022 12:09:34 GMT server cloudflare etag W/"52fc-62a0917e-285b5b;gz" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QEK7RHbgUKe%2B%2BRsuDa%2BrTcXFvmj6J2Z%2FwevGGX8NN5YQXFICW%2Bc3EWs4kPx617%2F%2ByazLJZCbBRrgwDLYTayrKuBiVI2enKRL1GnMFEtXoGXrK5anv59RRL8ego2rIeNvcYvWKZTiIiq68dwUZyk3%2BQE%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control public, max-age=604800 cf-ray 81edd4b7cb358bff-MIA expires Tue, 07 Nov 2023 16:49:26 GMT
GET H3	200	logo.png probrandingusa.com/irsus/home_files/	5 KB 5 KB	111ms 109ms	Image image/png	2606:4700:3031::ac43:94fe CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://probrandingusa.com/irsus/home_files/logo.png Requested by Host: probrandingusa.com URL: https://probrandingusa.com/irsus/home.html?resource_url=https://sa.www4.irs.gov/irfof/lang/en/irfofgetstatus.jsp=23235&session=959 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::ac43:94fe , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `02ceea374fce34ce8272bb17a67fd862c8ff49eeb05938154570701ca7a62ea7` Request headers accept-language en-US,en;q=0.9 Referer https://probrandingusa.com/irsus/home.html?resource_url=https://sa.www4.irs.gov/irfof/lang/en/irfofgetstatus.jsp=23235&session=959 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers date Tue, 31 Oct 2023 18:06:16 GMT cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 4609 alt-svc h3=":443"; ma=86400 content-length 4640 last-modified Wed, 08 Jun 2022 12:09:34 GMT server cloudflare etag "1220-62a0917e-285b60;;;" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yygxQy6oRIpLfglO2mFcNlcfDfyOy74iEtMD%2FmC5eYfOE49Zwgsd0nrxG38eWJTm2iInWSuR10Glvh4k7fTKA5q9npaEE1vfqhqTAspWxZ%2FyUx49ZqW2t%2F2eVwFlLrtRNg63M%2B58aR6DiC6%2Bxk%2BNjEo%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control public, max-age=604800 accept-ranges bytes cf-ray 81edd4b7cb378bff-MIA expires Tue, 07 Nov 2023 16:49:27 GMT
GET H3	200	irs_horiz_white.png probrandingusa.com/irsus/home_files/	1 KB 2 KB	111ms 110ms	Image image/png	2606:4700:3031::ac43:94fe CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://probrandingusa.com/irsus/home_files/irs_horiz_white.png Requested by Host: probrandingusa.com URL: https://probrandingusa.com/irsus/home.html?resource_url=https://sa.www4.irs.gov/irfof/lang/en/irfofgetstatus.jsp=23235&session=959 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::ac43:94fe , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `5d3238bdb8ee9440978b31fadb2af34965dca58b179a1225e13316d4c6cfd5e8` Request headers accept-language en-US,en;q=0.9 Referer https://probrandingusa.com/irsus/home.html?resource_url=https://sa.www4.irs.gov/irfof/lang/en/irfofgetstatus.jsp=23235&session=959 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers date Tue, 31 Oct 2023 18:06:16 GMT cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 4609 alt-svc h3=":443"; ma=86400 content-length 1498 last-modified Wed, 08 Jun 2022 12:09:34 GMT server cloudflare etag "5da-62a0917e-285b5e;;;" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=APx4DzAJt2LJajKPhg9%2BFkYD%2BY2fcgy8YMJEPtc4YwuUhhb5QROB6ORcfr4zNH94t1BV8KJt%2BqY4KqNfEnCKREj5dwLQv6bGLJ%2FmkbEeVlSfAZzX0v%2Fpy42nf97%2BYfC7dx3hTMNbj52vx72lEwHbRv8%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control public, max-age=604800 accept-ranges bytes cf-ray 81edd4b7cb388bff-MIA expires Tue, 07 Nov 2023 16:49:27 GMT
GET H3	200	saved_resource.htm Show response probrandingusa.com/irsus/home_files/ Frame E12C	312 B 617 B	285ms 284ms	Document text/html	2606:4700:3031::ac43:94fe CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://probrandingusa.com/irsus/home_files/saved_resource.htm Requested by Host: probrandingusa.com URL: https://probrandingusa.com/irsus/home.html?resource_url=https://sa.www4.irs.gov/irfof/lang/en/irfofgetstatus.jsp=23235&session=959 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::ac43:94fe , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `8549844c9c013d824f5b7d01079edc1cfa3cb87f5f14a347ba52391361dafc02` Request headers Referer https://probrandingusa.com/irsus/home.html?resource_url=https://sa.www4.irs.gov/irfof/lang/en/irfofgetstatus.jsp=23235&session=959 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 accept-language en-US,en;q=0.9 Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 81edd4b89c638bff-MIA content-encoding br content-type text/html date Tue, 31 Oct 2023 18:06:16 GMT last-modified Wed, 08 Jun 2022 12:09:34 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ChsBp26%2FrE%2Fp92z24vhmGUFPudrnUU%2F5DpHk1EHWUl3EO4zNE7pSFesrTPtA0fRSM1vzdA%2BHbyeg9KIo7Ep1L0V92BEa22V%2FcVvoBNff4n0e6sUOskPvNW9i6MNWowbzGHHb6Rmqwl3Se0Xs3u05ExY%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding
GET H3	200	swirl_lighter_ca6f4deb.png probrandingusa.com/irsus/images/	2 KB 2 KB	38ms 38ms	Image text/html	2606:4700:3031::ac43:94fe CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://probrandingusa.com/irsus/images/swirl_lighter_ca6f4deb.png Requested by Host: probrandingusa.com URL: https://probrandingusa.com/irsus/home_files/app.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::ac43:94fe , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers accept-language en-US,en;q=0.9 Referer https://probrandingusa.com/irsus/home_files/app.css User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers date Tue, 31 Oct 2023 18:06:16 GMT content-encoding br cf-cache-status HIT last-modified Tue, 31 Oct 2023 16:49:27 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 4609 vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eyqgOpUcC4CBZenE7j%2F%2BfVswyiLNxLhFrlkOp7Z%2B%2Frq4dE%2FPZI6ych%2FeeV8Je00fA1GEYW24mv%2By9jdxPYb2zQM2mf64unxh%2B58ykWBT4xI%2BY%2BykvvIOcckR4Cmdr15TeWkSb%2FhvQKEW57ymSPrMpRo%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=UTF-8 cache-control max-age=14400 cf-ray 81edd4b89c748bff-MIA alt-svc h3=":443"; ma=86400
GET H3	200	us.png probrandingusa.com/assets/img/	2 KB 2 KB	39ms 39ms	Image text/html	2606:4700:3031::ac43:94fe CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://probrandingusa.com/assets/img/us.png Requested by Host: probrandingusa.com URL: https://probrandingusa.com/irsus/home_files/app.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::ac43:94fe , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers accept-language en-US,en;q=0.9 Referer https://probrandingusa.com/irsus/home_files/app.css User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers date Tue, 31 Oct 2023 18:06:16 GMT content-encoding br cf-cache-status HIT last-modified Tue, 31 Oct 2023 16:49:27 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 4609 vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YEjWfGaWM6HhL4QGFd%2FFb7qKjLKD7IotrziCfzpchWGBJxMvHbN%2FpuSfAtYY29In7bJ6fQklclEjzAXM%2BpmM2mq5BEBe3QEmLJAv15EAkJWoyl2g6pDJAmBDIsErOkwqjUYd9joKqmy7oWxlxmg7Ji8%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=UTF-8 cache-control max-age=14400 cf-ray 81edd4b89c788bff-MIA alt-svc h3=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: IRS (Government)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

probrandingusa.com
ronzanisamuele.it
2606:4700:3030::ac43:84cb
2606:4700:3031::ac43:94fe
02ceea374fce34ce8272bb17a67fd862c8ff49eeb05938154570701ca7a62ea7
1dcf7c6148121e9c474fbb4f32a0d43677cb0d85cc910d3faf15f6251f7ea3b0
330284dfe3b88031e715920dacf0f112cf57a9abaa4ff8c1354c4fbc29c62abd
4c97e6daa1662a21090dfb0213e13afdde1dfb05a058b0666b779633b93192e1
4f52f329c18914acde937ef708d127632bfcbbd8f4d5b02ab9d074699e00afa3
5d3238bdb8ee9440978b31fadb2af34965dca58b179a1225e13316d4c6cfd5e8
8549844c9c013d824f5b7d01079edc1cfa3cb87f5f14a347ba52391361dafc02
bec0021229acb826efda32e78841a7b97ffb73d3b922bd1bd98823a4377a5374
c1fec6422216d55e2ba3fa50bdd8f6968390bc87f8dc9f8471892c5fdefe4a72
ce7425bc051d9f94e1e7851b70dcf0685c41d61373dde0cdabf5f99a1b2ae22e
df502755dd72bb61d3fd538ef5ef5f3c144126a19bb47b312f7cc75de520f672
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f4b254c69add59c9263fc046268904bcb604aaef26626ad2dd7ba2f9b2965f52
f79b985fbaf903202d36f145cc06a48b624f951394e0f1c2cd0dc1df2b6b96ed
fdb6ea3cf5dca396f0b9ead85d6a1dceb389796e06fa0ab3725eb072dc11b1b9

probrandingusa.com Open in urlscan Pro 2606:4700:3031::ac43:94fe Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

16 Requests

100 %HTTPS

100 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

60 kBTransfer

242 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

7 JavaScript Global Variables

0 Cookies

Indicators

probrandingusa.com Open in urlscan Pro
2606:4700:3031::ac43:94fe Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

100 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

60 kB
Transfer

242 kB
Size

0
Cookies

16 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!