irs-return_taxtopics-irfofgetstatus_tc1203help-64de980129632.alysiagonzalez.com Open in urlscan Pro
104.21.83.43 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://irs-return_taxtopics-irfofgetstatus_tc1203help-64de980129632.alysiagonzalez.com/refund-getstatus_IRServlet-form2_irfof-en_lang/personal.html
Submission: On August 18 via api (August 18th 2023, 8:33:14 pm UTC) from JP — Scanned from JP

Summary HTTP 14 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 14 HTTP transactions. The main IP is 104.21.83.43, located in and belongs to CLOUDFLARENET, US. The main domain is irs-return_taxtopics-irfofgetstatus_tc1203help-64de980129632.alysiagonzalez.com.
TLS certificate: Issued by E1 on June 24th 2023. Valid for: 3 months.

This is the only time irs-return_taxtopics-irfofgetstatus_tc1203help-64de980129632.alysiagonzalez.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: IRS (Government)

Domain & IP information

	IP Address		AS Autonomous System
14	104.21.83.43 104.21.83.43		13335 (CLOUDFLAR...) (CLOUDFLARENET)
14	1

14 104.21.83.43 (None, )

ASN13335 (CLOUDFLARENET, US)

irs-return_taxtopics-irfofgetstatus_tc1203help-64de980129632.alysiagonzalez.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	alysiagonzalez.com irs-return_taxtopics-irfofgetstatus_tc1203help-64de980129632.alysiagonzalez.com	107 KB
14	1

	Domain	Requested by
14	irs-return_taxtopics-irfofgetstatus_tc1203help-64de980129632.alysiagonzalez.com	irs-return_taxtopics-irfofgetstatus_tc1203help-64de980129632.alysiagonzalez.com
14	1

This site contains links to these domains. Also see Links.

Domain
www.irs.gov

Subject Issuer	Validity	Valid
alysiagonzalez.com E1	`2023-06-24` - `2023-09-22`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://irs-return_taxtopics-irfofgetstatus_tc1203help-64de980129632.alysiagonzalez.com/refund-getstatus_IRServlet-form2_irfof-en_lang/personal.html
Frame ID: D13B106C5DFF74507A9256F8926B45E9
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Get My Payment

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

14
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

107 kB
Transfer

358 kB
Size

0
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://www.irs.gov/covid-app-faq-1
Title: Frequently Asked Questions

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request personal.html Show response irs-return_taxtopics-irfofgetstatus_tc1203help-64de980129632.alysiagonzalez.com/refund-getstatus_IRServlet-form2_irfof-en_lang/	16 KB 5 KB	1077ms 698ms	Document text/html	104.21.83.43 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://irs-return_taxtopics-irfofgetstatus_tc1203help-64de980129632.alysiagonzalez.com/refund-getstatus_IRServlet-form2_irfof-en_lang/personal.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.21.83.43 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `ca70fa47bc2ccfc01f1a5c6974186ccff442c4842b9866ae4f1d38a1b9b5011b` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 accept-language jp-jp,jp;q=0.9 Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 7f8cee107b9d8cfb-KIX content-encoding br content-type text/html date Fri, 18 Aug 2023 20:33:07 GMT last-modified Mon, 14 Aug 2023 10:06:01 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9XVePpiP6lUkJscP5FDuO3Xeis3PbEb9hzfmps8%2FpnNRoqLoXcaCPxm5qkvrxmsZWi2Z4HPrPp2yv21%2B2jjCwHESnb6GIxCzHIxS1Cfl%2FrJCE74qnlP5aPty%2Bfgts%2B%2BDbHwLYgC9nLeX1keShiMAddpv%2BxotkDi2eXU957AGYBKUlDDwRsIf4%2BwWKCxlkRPq%2BvzLVwAdeOAfpj6IiDgEWdSw"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding
GET H2	200	jquery.js Show response irs-return_taxtopics-irfofgetstatus_tc1203help-64de980129632.alysiagonzalez.com/refund-getstatus_IRServlet-form2_irfof-en_lang/personal_files/	94 KB 34 KB	1049ms 1042ms	Script application/javascript	104.21.83.43 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://irs-return_taxtopics-irfofgetstatus_tc1203help-64de980129632.alysiagonzalez.com/refund-getstatus_IRServlet-form2_irfof-en_lang/personal_files/jquery.js Requested by Host: irs-return_taxtopics-irfofgetstatus_tc1203help-64de980129632.alysiagonzalez.com URL: https://irs-return_taxtopics-irfofgetstatus_tc1203help-64de980129632.alysiagonzalez.com/refund-getstatus_IRServlet-form2_irfof-en_lang/personal.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.21.83.43 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441` Request headers accept-language jp-jp,jp;q=0.9 Referer https://irs-return_taxtopics-irfofgetstatus_tc1203help-64de980129632.alysiagonzalez.com/refund-getstatus_IRServlet-form2_irfof-en_lang/personal.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers date Fri, 18 Aug 2023 20:33:08 GMT content-encoding br cf-cache-status MISS last-modified Wed, 08 Jun 2022 21:11:33 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"1762a-5e0f626516b40-gzip" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4wtM%2FmPBA6dtiwir%2BsN7J4OBYdxlA8riC%2FznXRA%2FjOTsnHzwqEx7IxNOm%2BAlbuV2JEvUrcAIaHav7yLvJqGJX6OabDZtpLuToKwrkBNivzfYB1H2ko0CumrfPY0CtQncVfkYbOOLe6x%2ByvbOUbch6RYUzDTHYbv3Hx6cj3SrxpbSs3AY3mxlXX%2F2SVCE6NxSFm4nGrjocH2IMKqVi6Pw%2BOrM"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 cf-ray 7f8cee14eece8cfb-KIX alt-svc h3=":443"; ma=86400
GET H2	200	bootstrap.css irs-return_taxtopics-irfofgetstatus_tc1203help-64de980129632.alysiagonzalez.com/refund-getstatus_IRServlet-form2_irfof-en_lang/personal_files/	152 KB 24 KB	1040ms 1034ms	Stylesheet text/css	104.21.83.43 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://irs-return_taxtopics-irfofgetstatus_tc1203help-64de980129632.alysiagonzalez.com/refund-getstatus_IRServlet-form2_irfof-en_lang/personal_files/bootstrap.css Requested by Host: irs-return_taxtopics-irfofgetstatus_tc1203help-64de980129632.alysiagonzalez.com URL: https://irs-return_taxtopics-irfofgetstatus_tc1203help-64de980129632.alysiagonzalez.com/refund-getstatus_IRServlet-form2_irfof-en_lang/personal.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.21.83.43 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36` Request headers accept-language jp-jp,jp;q=0.9 Referer https://irs-return_taxtopics-irfofgetstatus_tc1203help-64de980129632.alysiagonzalez.com/refund-getstatus_IRServlet-form2_irfof-en_lang/personal.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers date Fri, 18 Aug 2023 20:33:08 GMT content-encoding br cf-cache-status MISS last-modified Wed, 08 Jun 2022 21:11:33 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"2606e-5e0f626516b40-gzip" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T%2BUxmGsNI34ai2OR4zAcaFUvSXN3tThS5rN43R%2F37ACZHGatPyyfYoymyW2Ut4tn8U0IpXvARM5YocAV9RDf2yeeN1DMaQEmf51hKSQLLHXUeI%2FjRORe6wLRQQ607GtFzrxRNNmCHtKAVxOFA%2BVNnmV%2FebfL%2FbRu0F9wgVU6fCc2E4l8gmak%2BRoDSF0TdRVbCHSYtl6NEeJVCLVqTbdb4f4h"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 7f8cee14fedc8cfb-KIX alt-svc h3=":443"; ma=86400
GET H2	200	jquery-ui.css irs-return_taxtopics-irfofgetstatus_tc1203help-64de980129632.alysiagonzalez.com/refund-getstatus_IRServlet-form2_irfof-en_lang/personal_files/	31 KB 8 KB	2414ms 2409ms	Stylesheet text/css	104.21.83.43 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://irs-return_taxtopics-irfofgetstatus_tc1203help-64de980129632.alysiagonzalez.com/refund-getstatus_IRServlet-form2_irfof-en_lang/personal_files/jquery-ui.css Requested by Host: irs-return_taxtopics-irfofgetstatus_tc1203help-64de980129632.alysiagonzalez.com URL: https://irs-return_taxtopics-irfofgetstatus_tc1203help-64de980129632.alysiagonzalez.com/refund-getstatus_IRServlet-form2_irfof-en_lang/personal.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.21.83.43 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `ca4df2bf400a42d8752e115f03366a90b2b4ed06b2da9ef429d41fda5f15705e` Request headers accept-language jp-jp,jp;q=0.9 Referer https://irs-return_taxtopics-irfofgetstatus_tc1203help-64de980129632.alysiagonzalez.com/refund-getstatus_IRServlet-form2_irfof-en_lang/personal.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers date Fri, 18 Aug 2023 20:33:09 GMT content-encoding br cf-cache-status MISS last-modified Wed, 08 Jun 2022 21:11:33 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"7d52-5e0f626516b40-gzip" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QZJF4l4bx0u9KlAz%2FD014JjDdjnQtxmFf8c4Y5iA4nOfN1yV6f8m9sZ6QLGjk9x18QM%2FeMxwl%2B7dZgk0cx%2BgeAifnIH8MfrugrQzB6YfT6Q8gnKuNiuiJOCr1zLBR4XfuNVp7ldW8ccaF9E7f23lBNg5xkiNcG81sEcq1hDpHnsFnRh4iiqQYNzlAYcnA0vZLPBQpnY%2FeUhiWHvcrVi3AA1h"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 7f8cee14fedd8cfb-KIX alt-svc h3=":443"; ma=86400
GET H2	200	irs.css irs-return_taxtopics-irfofgetstatus_tc1203help-64de980129632.alysiagonzalez.com/refund-getstatus_IRServlet-form2_irfof-en_lang/personal_files/	6 KB 2 KB	697ms 692ms	Stylesheet text/css	104.21.83.43 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://irs-return_taxtopics-irfofgetstatus_tc1203help-64de980129632.alysiagonzalez.com/refund-getstatus_IRServlet-form2_irfof-en_lang/personal_files/irs.css Requested by Host: irs-return_taxtopics-irfofgetstatus_tc1203help-64de980129632.alysiagonzalez.com URL: https://irs-return_taxtopics-irfofgetstatus_tc1203help-64de980129632.alysiagonzalez.com/refund-getstatus_IRServlet-form2_irfof-en_lang/personal.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.21.83.43 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `c091629a45d384695d3aa0fcea2210eab8edff323d8ecbf81e3a04fda820d7f4` Request headers accept-language jp-jp,jp;q=0.9 Referer https://irs-return_taxtopics-irfofgetstatus_tc1203help-64de980129632.alysiagonzalez.com/refund-getstatus_IRServlet-form2_irfof-en_lang/personal.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers date Fri, 18 Aug 2023 20:33:08 GMT content-encoding br cf-cache-status MISS last-modified Wed, 08 Jun 2022 21:11:33 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"16ae-5e0f626516b40-gzip" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LayjsTWw2lNS7UoG88l8I09Yek8PLnPbX%2BkJtNhAPW8YK%2Fw%2FELWQ8OL2kUkB%2FiIGorncOzdfsSFcJ2zlBuPJpPRabMgv0hs1BdLOmARg3C3nvBSU4L6AYU4W%2B6BOQj%2Bazt4znswoofwoNEwz5U35oE53llARRoAMBt%2BbRO7M7zFCnHTWi8cPsrEyy4nw7BO2psoSYnB2q%2B9rRlTzJir58y31"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 7f8cee14fedf8cfb-KIX alt-svc h3=":443"; ma=86400
GET H2	200	app.css irs-return_taxtopics-irfofgetstatus_tc1203help-64de980129632.alysiagonzalez.com/refund-getstatus_IRServlet-form2_irfof-en_lang/personal_files/	9 KB 3 KB	705ms 700ms	Stylesheet text/css	104.21.83.43 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://irs-return_taxtopics-irfofgetstatus_tc1203help-64de980129632.alysiagonzalez.com/refund-getstatus_IRServlet-form2_irfof-en_lang/personal_files/app.css Requested by Host: irs-return_taxtopics-irfofgetstatus_tc1203help-64de980129632.alysiagonzalez.com URL: https://irs-return_taxtopics-irfofgetstatus_tc1203help-64de980129632.alysiagonzalez.com/refund-getstatus_IRServlet-form2_irfof-en_lang/personal.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.21.83.43 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `ce9771403b1bbc5611a4d7774f88876ad19600a4172073b24be19348d91c7d89` Request headers accept-language jp-jp,jp;q=0.9 Referer https://irs-return_taxtopics-irfofgetstatus_tc1203help-64de980129632.alysiagonzalez.com/refund-getstatus_IRServlet-form2_irfof-en_lang/personal.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers date Fri, 18 Aug 2023 20:33:08 GMT content-encoding br cf-cache-status MISS last-modified Mon, 14 Aug 2023 09:58:11 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"225b-602df199dd2c0-gzip" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c6z37Zkd2cRPlx43HxbTQelvdBFQgv05sJgLGRUSIxVPo3Gi6YxzqFVtFzxDHc730uTDsJ20MGmHcYJslMwTtjcFNWLvZwZdugcJiZIPkFS9TUHNpJh1NAMIFu%2FvNlDx%2BmXMJuD%2FSGTXys1moTy07E7DMfQrehN%2BFgABd3JUg%2FFESpKOgxIQj%2BJYUy4MPhdrVOqhCxatBBG2rliraJeYuMAy"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 7f8cee14fee18cfb-KIX alt-svc h3=":443"; ma=86400
GET H2	200	app-error.css irs-return_taxtopics-irfofgetstatus_tc1203help-64de980129632.alysiagonzalez.com/refund-getstatus_IRServlet-form2_irfof-en_lang/personal_files/	786 B 644 B	698ms 694ms	Stylesheet text/css	104.21.83.43 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://irs-return_taxtopics-irfofgetstatus_tc1203help-64de980129632.alysiagonzalez.com/refund-getstatus_IRServlet-form2_irfof-en_lang/personal_files/app-error.css Requested by Host: irs-return_taxtopics-irfofgetstatus_tc1203help-64de980129632.alysiagonzalez.com URL: https://irs-return_taxtopics-irfofgetstatus_tc1203help-64de980129632.alysiagonzalez.com/refund-getstatus_IRServlet-form2_irfof-en_lang/personal.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.21.83.43 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `c4abb35ccb93590308661b4dafacfe380c89aef07e2d94499d23f1637137bd1c` Request headers accept-language jp-jp,jp;q=0.9 Referer https://irs-return_taxtopics-irfofgetstatus_tc1203help-64de980129632.alysiagonzalez.com/refund-getstatus_IRServlet-form2_irfof-en_lang/personal.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers date Fri, 18 Aug 2023 20:33:08 GMT content-encoding br cf-cache-status MISS last-modified Wed, 08 Jun 2022 21:11:33 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"312-5e0f626516b40-gzip" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IR98mLjZSZQSt35IsdIaRA2LfHZrqDviyo6k7dvuJIEg8uGbSV5%2FR95OZnwIhCCl6B35D%2BLF6T4Pgjnfatw75pGevkS4LjZBDx7tYfWxIsiYvSSBV%2FUYc%2FEL%2F2GnpVnWaEHOSBSbrd7tycBXsc80%2BNKtdwAaf2Q476vzzGn61yvgyxoEbhYZ0U57Dpg05UHZOvYYJwCFbIOwAYuWxA16kRPg"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 7f8cee14fee28cfb-KIX alt-svc h3=":443"; ma=86400
GET H2	200	wmsp-shared-secrets.css irs-return_taxtopics-irfofgetstatus_tc1203help-64de980129632.alysiagonzalez.com/refund-getstatus_IRServlet-form2_irfof-en_lang/personal_files/	3 KB 1 KB	1570ms 1566ms	Stylesheet text/css	104.21.83.43 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://irs-return_taxtopics-irfofgetstatus_tc1203help-64de980129632.alysiagonzalez.com/refund-getstatus_IRServlet-form2_irfof-en_lang/personal_files/wmsp-shared-secrets.css Requested by Host: irs-return_taxtopics-irfofgetstatus_tc1203help-64de980129632.alysiagonzalez.com URL: https://irs-return_taxtopics-irfofgetstatus_tc1203help-64de980129632.alysiagonzalez.com/refund-getstatus_IRServlet-form2_irfof-en_lang/personal.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.21.83.43 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `fd8245e841b019e192658b02f6d510112f6793dace36c4b29cc44ab2ab6179cd` Request headers accept-language jp-jp,jp;q=0.9 Referer https://irs-return_taxtopics-irfofgetstatus_tc1203help-64de980129632.alysiagonzalez.com/refund-getstatus_IRServlet-form2_irfof-en_lang/personal.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers date Fri, 18 Aug 2023 20:33:08 GMT content-encoding br cf-cache-status MISS last-modified Wed, 08 Jun 2022 21:11:33 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"cb8-5e0f626516b40-gzip" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3YynP8KJ4yUb%2FVhhoXw%2Fz54kMcssDil2jCmSK5bMdlDKCLFrQq7nDiXYfe1d8gLsBbmRmXcS%2FCm3HJ0sHSfCAfAr0j%2BfA4otPLiK9e6B%2BCEZMoNMpFvdUaBtxo%2FiZKnxQpEAF%2Fh9%2FPjkhLwzfUcZAhXHESQPmRXXCDPZnlNumucy%2FoTWSrHLgvv%2FIniUmXdvgVl5ASCO2nwYAe0g6zZd7IjW"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 7f8cee14fee38cfb-KIX alt-svc h3=":443"; ma=86400
GET H2	200	wmsp-results.css irs-return_taxtopics-irfofgetstatus_tc1203help-64de980129632.alysiagonzalez.com/refund-getstatus_IRServlet-form2_irfof-en_lang/personal_files/	2 KB 937 B	717ms 714ms	Stylesheet text/css	104.21.83.43 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://irs-return_taxtopics-irfofgetstatus_tc1203help-64de980129632.alysiagonzalez.com/refund-getstatus_IRServlet-form2_irfof-en_lang/personal_files/wmsp-results.css Requested by Host: irs-return_taxtopics-irfofgetstatus_tc1203help-64de980129632.alysiagonzalez.com URL: https://irs-return_taxtopics-irfofgetstatus_tc1203help-64de980129632.alysiagonzalez.com/refund-getstatus_IRServlet-form2_irfof-en_lang/personal.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.21.83.43 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `c270883773a53da36d154ea13ce8ea8451489c25aabd20e60ef6eb65c4fe439d` Request headers accept-language jp-jp,jp;q=0.9 Referer https://irs-return_taxtopics-irfofgetstatus_tc1203help-64de980129632.alysiagonzalez.com/refund-getstatus_IRServlet-form2_irfof-en_lang/personal.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers date Fri, 18 Aug 2023 20:33:08 GMT content-encoding br cf-cache-status MISS last-modified Wed, 08 Jun 2022 21:11:33 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"673-5e0f626516b40-gzip" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5uNVMVGOIPGdCl96vCtmkn%2F8BwIirw2eebPKwTv9bK3MGHOxHwSMupgHv7KOztannQg5LFUfB%2BXICuDTAHJMzOQ%2B%2FPvlcRA4KswJHDWEmaSydiNy1WEct1PD%2FeHoz4Ojv%2Fhv65k4Ue9HOHau2cOJU1uJyjAmL3sbZBzIP5cjyXrF6dtjYzfXSy81ssVtEQDm%2BuxT20hnxd3UmHOigZPkS3T%2B"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 7f8cee14fee58cfb-KIX alt-svc h3=":443"; ma=86400
GET H2	200	datepicker.css irs-return_taxtopics-irfofgetstatus_tc1203help-64de980129632.alysiagonzalez.com/refund-getstatus_IRServlet-form2_irfof-en_lang/personal_files/	21 KB 3 KB	706ms 703ms	Stylesheet text/css	104.21.83.43 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://irs-return_taxtopics-irfofgetstatus_tc1203help-64de980129632.alysiagonzalez.com/refund-getstatus_IRServlet-form2_irfof-en_lang/personal_files/datepicker.css Requested by Host: irs-return_taxtopics-irfofgetstatus_tc1203help-64de980129632.alysiagonzalez.com URL: https://irs-return_taxtopics-irfofgetstatus_tc1203help-64de980129632.alysiagonzalez.com/refund-getstatus_IRServlet-form2_irfof-en_lang/personal.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.21.83.43 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `a2538e625a9042c2cd54e13cf52221fce1831dd12c5ca4cdac23137ac22e3010` Request headers accept-language jp-jp,jp;q=0.9 Referer https://irs-return_taxtopics-irfofgetstatus_tc1203help-64de980129632.alysiagonzalez.com/refund-getstatus_IRServlet-form2_irfof-en_lang/personal.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers date Fri, 18 Aug 2023 20:33:08 GMT content-encoding br cf-cache-status MISS last-modified Wed, 08 Jun 2022 21:11:33 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"52fc-5e0f626516b40-gzip" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=otHwDsoYH1RFrjFULSr40gCGLKgGO2noMhb2nWDIqYPrDis7UQlcYJQAZnxT7N6HLJv7k7rKUI3fkC81du5Nm2il0Ezvnb6ktw7%2BIRdlJ4%2BBv3LOX4XM9zJd2pbh3q6P4JXtgv6DZpbPWoxzCkEq35gpgvT6V3n%2Bqn2f585jlzJ0qjIiP6u4kBN%2BPTBpi0vP3eJrtoXYTOknic39IuUsDjm4"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 7f8cee14fee68cfb-KIX alt-svc h3=":443"; ma=86400
GET H2	200	logo.png irs-return_taxtopics-irfofgetstatus_tc1203help-64de980129632.alysiagonzalez.com/refund-getstatus_IRServlet-form2_irfof-en_lang/personal_files/	5 KB 5 KB	699ms 698ms	Image image/png	104.21.83.43 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://irs-return_taxtopics-irfofgetstatus_tc1203help-64de980129632.alysiagonzalez.com/refund-getstatus_IRServlet-form2_irfof-en_lang/personal_files/logo.png Requested by Host: irs-return_taxtopics-irfofgetstatus_tc1203help-64de980129632.alysiagonzalez.com URL: https://irs-return_taxtopics-irfofgetstatus_tc1203help-64de980129632.alysiagonzalez.com/refund-getstatus_IRServlet-form2_irfof-en_lang/personal.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.21.83.43 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `02ceea374fce34ce8272bb17a67fd862c8ff49eeb05938154570701ca7a62ea7` Request headers accept-language jp-jp,jp;q=0.9 Referer https://irs-return_taxtopics-irfofgetstatus_tc1203help-64de980129632.alysiagonzalez.com/refund-getstatus_IRServlet-form2_irfof-en_lang/personal.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers date Fri, 18 Aug 2023 20:33:09 GMT cf-cache-status MISS last-modified Wed, 08 Jun 2022 21:11:33 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "1220-5e0f626516b40" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dMr5s4Ru0XfEuo65i5C8t4UuP%2Fdnog8Gqh1sU1S9y1ADUFHSRHEZbaRDG79QYl7NIAxw%2BRscy7dpDumBEQTN5UrbeYet9V3UFFnGT54KSQXTtTMpjZcfxhpyPb9lp0fVzWR6VNndWmOASr6Hh3AQ4Lis8C3SnPgTCFTFXIaEE%2FQV6ix8Mex5rmQzY1gzxc2KhYX4t6MXDJLjcwNs%2BtkdjUIq"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 accept-ranges bytes cf-ray 7f8cee1ebf188cfb-KIX alt-svc h3=":443"; ma=86400 content-length 4640
GET H2	200	irs_horiz_white.png irs-return_taxtopics-irfofgetstatus_tc1203help-64de980129632.alysiagonzalez.com/refund-getstatus_IRServlet-form2_irfof-en_lang/personal_files/	1 KB 2 KB	2017ms 2017ms	Image image/png	104.21.83.43 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://irs-return_taxtopics-irfofgetstatus_tc1203help-64de980129632.alysiagonzalez.com/refund-getstatus_IRServlet-form2_irfof-en_lang/personal_files/irs_horiz_white.png Requested by Host: irs-return_taxtopics-irfofgetstatus_tc1203help-64de980129632.alysiagonzalez.com URL: https://irs-return_taxtopics-irfofgetstatus_tc1203help-64de980129632.alysiagonzalez.com/refund-getstatus_IRServlet-form2_irfof-en_lang/personal.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.21.83.43 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `5d3238bdb8ee9440978b31fadb2af34965dca58b179a1225e13316d4c6cfd5e8` Request headers accept-language jp-jp,jp;q=0.9 Referer https://irs-return_taxtopics-irfofgetstatus_tc1203help-64de980129632.alysiagonzalez.com/refund-getstatus_IRServlet-form2_irfof-en_lang/personal.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers date Fri, 18 Aug 2023 20:33:11 GMT cf-cache-status MISS last-modified Wed, 08 Jun 2022 21:11:33 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "5da-5e0f626516b40" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XbvFe6WHOeUsbhx8W1M94loVJRZd9u8YuERtts8jTnzb%2Fizt6KnVcCNJFrJx00A5xqaNJm66%2F%2FwCzQq3wE%2BTAFIkxZDXBQ3hTaD0mT%2BS95TfQftNYgzK%2Fzd0rqSFuhA2vfeoWdUVG6pScYvPu%2FDGVMEIbV7iyc0eOUS%2BcOasaeHSwV97LxS4TQq2am9VeX8eii3VNBj4pmIZOkgameDSVvLy"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 accept-ranges bytes cf-ray 7f8cee231bbb8cfb-KIX alt-svc h3=":443"; ma=86400 content-length 1498
GET H2	404	swirl_lighter_ca6f4deb.png irs-return_taxtopics-irfofgetstatus_tc1203help-64de980129632.alysiagonzalez.com/refund-getstatus_IRServlet-form2_irfof-en_lang/images/	341 B 341 B	701ms 699ms	Image text/html	104.21.83.43 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://irs-return_taxtopics-irfofgetstatus_tc1203help-64de980129632.alysiagonzalez.com/refund-getstatus_IRServlet-form2_irfof-en_lang/images/swirl_lighter_ca6f4deb.png Requested by Host: irs-return_taxtopics-irfofgetstatus_tc1203help-64de980129632.alysiagonzalez.com URL: https://irs-return_taxtopics-irfofgetstatus_tc1203help-64de980129632.alysiagonzalez.com/refund-getstatus_IRServlet-form2_irfof-en_lang/personal_files/app.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.21.83.43 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `71e24079c60d2c3eb6a250b1c1b50257563cc07e46f51205abbab330de473c99` Request headers accept-language jp-jp,jp;q=0.9 Referer https://irs-return_taxtopics-irfofgetstatus_tc1203help-64de980129632.alysiagonzalez.com/refund-getstatus_IRServlet-form2_irfof-en_lang/personal_files/app.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers date Fri, 18 Aug 2023 20:33:10 GMT content-encoding br cf-cache-status MISS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Omk8WzSJOn02vH60ZrbTHENL82S04Xf614fz0rgn3elZstCR5JhUHPKRKaGBM4oYingVlJeybp674BvACDhRJbdVDcjK8Q%2BtYPU87eCDhnm29uuwpjH8D527c8JQmR%2BpfFkCqPs8LoXJn7JDpAVwgOoPrPEradav1tFydWvTGdhn5uiKQLsVYRIES0wJVqBzbIleFLsKJd9VrP20wQNH%2BjXF"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=iso-8859-1 cache-control max-age=14400 cf-ray 7f8cee241c8f8cfb-KIX alt-svc h3=":443"; ma=86400
GET H2	200	us.png irs-return_taxtopics-irfofgetstatus_tc1203help-64de980129632.alysiagonzalez.com/refund-getstatus_IRServlet-form2_irfof-en_lang/personal_files/	19 KB 19 KB	2615ms 2614ms	Image image/png	104.21.83.43 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://irs-return_taxtopics-irfofgetstatus_tc1203help-64de980129632.alysiagonzalez.com/refund-getstatus_IRServlet-form2_irfof-en_lang/personal_files/us.png Requested by Host: irs-return_taxtopics-irfofgetstatus_tc1203help-64de980129632.alysiagonzalez.com URL: https://irs-return_taxtopics-irfofgetstatus_tc1203help-64de980129632.alysiagonzalez.com/refund-getstatus_IRServlet-form2_irfof-en_lang/personal_files/app.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.21.83.43 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `e2a82173e0e65eefeb0ad04c62d3c8fe8d6d2ddd8cf7d40bb4fafeeaa6be7631` Request headers accept-language jp-jp,jp;q=0.9 Referer https://irs-return_taxtopics-irfofgetstatus_tc1203help-64de980129632.alysiagonzalez.com/refund-getstatus_IRServlet-form2_irfof-en_lang/personal_files/app.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers date Fri, 18 Aug 2023 20:33:12 GMT cf-cache-status MISS last-modified Wed, 08 Jun 2022 21:11:51 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "4b82-5e0f6276413c0" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JGJntw2fONoDn95iprcYROwlZI0boDPdKqgIOnqnaYbAZuvxLdlTvZ3PemTMQNOhNRZPFa1jMSJ1w1bfrnhVc%2Fj3df3OXLkxcG9u4dBTsYA20p9DNBV%2FPS4rtGYJh9rrNkMF7DnRlL%2BQ%2BNmi4dRTSch13iK6VQfr23FVH%2BGnW3mEBAqN5bCWHi2NiHvchHiX7hw5V29%2B%2Fp%2FViE2xYHEw2bjg"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 accept-ranges bytes cf-ray 7f8cee242c998cfb-KIX alt-svc h3=":443"; ma=86400 content-length 19330

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: IRS (Government)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://irs-return_taxtopics-irfofgetstatus_tc1203help-64de980129632.alysiagonzalez.com/refund-getstatus_IRServlet-form2_irfof-en_lang/images/swirl_lighter_ca6f4deb.png Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

irs-return_taxtopics-irfofgetstatus_tc1203help-64de980129632.alysiagonzalez.com
104.21.83.43
02ceea374fce34ce8272bb17a67fd862c8ff49eeb05938154570701ca7a62ea7
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
5d3238bdb8ee9440978b31fadb2af34965dca58b179a1225e13316d4c6cfd5e8
60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36
71e24079c60d2c3eb6a250b1c1b50257563cc07e46f51205abbab330de473c99
a2538e625a9042c2cd54e13cf52221fce1831dd12c5ca4cdac23137ac22e3010
c091629a45d384695d3aa0fcea2210eab8edff323d8ecbf81e3a04fda820d7f4
c270883773a53da36d154ea13ce8ea8451489c25aabd20e60ef6eb65c4fe439d
c4abb35ccb93590308661b4dafacfe380c89aef07e2d94499d23f1637137bd1c
ca4df2bf400a42d8752e115f03366a90b2b4ed06b2da9ef429d41fda5f15705e
ca70fa47bc2ccfc01f1a5c6974186ccff442c4842b9866ae4f1d38a1b9b5011b
ce9771403b1bbc5611a4d7774f88876ad19600a4172073b24be19348d91c7d89
e2a82173e0e65eefeb0ad04c62d3c8fe8d6d2ddd8cf7d40bb4fafeeaa6be7631
fd8245e841b019e192658b02f6d510112f6793dace36c4b29cc44ab2ab6179cd

irs-return_taxtopics-irfofgetstatus_tc1203help-64de980129632.alysiagonzalez.com Open in urlscan Pro 104.21.83.43 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

14 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

107 kBTransfer

358 kBSize

0 Cookies

1 Outgoing links

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

9 JavaScript Global Variables

0 Cookies

1 Console Messages

Indicators

irs-return_taxtopics-irfofgetstatus_tc1203help-64de980129632.alysiagonzalez.com Open in urlscan Pro
104.21.83.43 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

107 kB
Transfer

358 kB
Size

0
Cookies

14 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!