dashboard.myir.ird.nz.1l0.cloudns.ph
Open in
urlscan Pro
108.165.237.187
Malicious Activity!
Public Scan
Effective URL: https://dashboard.myir.ird.nz.1l0.cloudns.ph/kia-col/home.php?&lpjlAZ24rRCMnNiDcnLET405MUPJ9uaPy6N8V8Kb5x1LbG6Azdc0gzzqWBLKDYqRrA7AD6sjsW0qON...
Submission: On December 14 via manual from NZ — Scanned from NZ
Summary
TLS certificate: Issued by ZeroSSL RSA Domain Secure Site CA on December 11th 2023. Valid for: 3 months.
This is the only time dashboard.myir.ird.nz.1l0.cloudns.ph was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: NZ Government (Government)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 6 | 108.165.237.187 108.165.237.187 | 23470 (RELIABLESITE) (RELIABLESITE) | |
15 | 138.235.20.11 138.235.20.11 | 136990 (IRD-NZ-AS...) (IRD-NZ-AS-CLOUD-AP Inland Revenue Department) | |
1 | 2606:4700::68... 2606:4700::6811:190e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 2a04:4e42:200... 2a04:4e42:200::485 | 54113 (FASTLY) (FASTLY) | |
24 | 5 |
ASN23470 (RELIABLESITE, US)
108.165.237.187 | |
dashboard.myir.ird.nz.1l0.cloudns.ph |
ASN136990 (IRD-NZ-AS-CLOUD-AP Inland Revenue Department, NZ)
myir.ird.govt.nz |
Apex Domain Subdomains |
Transfer | |
---|---|---|
15 |
ird.govt.nz
myir.ird.govt.nz |
827 KB |
5 |
cloudns.ph
2 redirects
dashboard.myir.ird.nz.1l0.cloudns.ph |
33 KB |
2 |
jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 313 |
100 KB |
1 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 204 |
6 KB |
24 | 4 |
Domain | Requested by | |
---|---|---|
15 | myir.ird.govt.nz |
dashboard.myir.ird.nz.1l0.cloudns.ph
myir.ird.govt.nz |
5 | dashboard.myir.ird.nz.1l0.cloudns.ph |
2 redirects
dashboard.myir.ird.nz.1l0.cloudns.ph
|
2 | cdn.jsdelivr.net |
dashboard.myir.ird.nz.1l0.cloudns.ph
cdn.jsdelivr.net |
1 | cdnjs.cloudflare.com |
dashboard.myir.ird.nz.1l0.cloudns.ph
|
24 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.ird.govt.nz |
www.govt.nz |
Subject Issuer | Validity | Valid | |
---|---|---|---|
dashboard.myir.ird.nz.1l0.cloudns.ph ZeroSSL RSA Domain Secure Site CA |
2023-12-11 - 2024-03-10 |
3 months | crt.sh |
services.ird.govt.nz DigiCert Global G2 TLS RSA SHA256 2020 CA1 |
2023-11-14 - 2024-11-14 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-07-03 - 2024-07-02 |
a year | crt.sh |
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2023 Q3 |
2023-09-27 - 2024-10-28 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://dashboard.myir.ird.nz.1l0.cloudns.ph/kia-col/home.php?&lpjlAZ24rRCMnNiDcnLET405MUPJ9uaPy6N8V8Kb5x1LbG6Azdc0gzzqWBLKDYqRrA7AD6sjsW0qONX9D3O95SHK96j2MipsDefxXSmwNPnoAzcz9BW1s7LQrJ98Z4N3qkCQ26ZJWn840v9VMdooC0YQ16ERvsfbtyp4z6yNjQuaYrhHTAhOA46eJo27OFDIgsG4iK4A
Frame ID: DCD2A5004EE6FE9A135E6DADE63325AE
Requests: 24 HTTP requests in this frame
Screenshot
Page Title
Home - Home - myIRPage URL History Show full URLs
-
http://108.165.237.187/
HTTP 302
https://dashboard.myir.ird.nz.1l0.cloudns.ph/kia-col HTTP 301
https://dashboard.myir.ird.nz.1l0.cloudns.ph/kia-col/ HTTP 302
https://dashboard.myir.ird.nz.1l0.cloudns.ph/kia-col/home.php?&lpjlAZ24rRCMnNiDcnLET405MUPJ9uaPy6N8V8Kb5x1LbG6Azdc0gzzqWB... Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
Bootstrap (Web Frameworks) Expand
Detected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Font Awesome (Font Scripts) Expand
Detected patterns
- <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
jQuery UI (JavaScript Libraries) Expand
Detected patterns
- jquery-ui[.-]([\d.]*\d)[^/]*\.js
- jquery-ui.*\.js
jsDelivr (CDN) Expand
Detected patterns
- <link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
- //cdn\.jsdelivr\.net/
Page Statistics
5 Outgoing links
These are links going to different origins than the main page.
Title: Privacy and Security Policy
Search URL Search Domain Scan URL
Title: Contact us
Search URL Search Domain Scan URL
Title: © Copyright 2021
Search URL Search Domain Scan URL
Title: Conditions of use
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://108.165.237.187/
HTTP 302
https://dashboard.myir.ird.nz.1l0.cloudns.ph/kia-col HTTP 301
https://dashboard.myir.ird.nz.1l0.cloudns.ph/kia-col/ HTTP 302
https://dashboard.myir.ird.nz.1l0.cloudns.ph/kia-col/home.php?&lpjlAZ24rRCMnNiDcnLET405MUPJ9uaPy6N8V8Kb5x1LbG6Azdc0gzzqWBLKDYqRrA7AD6sjsW0qONX9D3O95SHK96j2MipsDefxXSmwNPnoAzcz9BW1s7LQrJ98Z4N3qkCQ26ZJWn840v9VMdooC0YQ16ERvsfbtyp4z6yNjQuaYrhHTAhOA46eJo27OFDIgsG4iK4A Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
24 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
home.php
dashboard.myir.ird.nz.1l0.cloudns.ph/kia-col/ Redirect Chain
|
31 KB 32 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.qtip.min.css.v.387595267
myir.ird.govt.nz/Resource/ |
2 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
WDC.External.DefaultExternal.min.css.v.764223592
myir.ird.govt.nz/Resource/ |
538 KB 62 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Controls.External.DefaultExternal.min.css.v.152399424
myir.ird.govt.nz/Resource/ |
46 KB 8 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
eServices.v.min.238837649
myir.ird.govt.nz/Theme/ |
183 KB 23 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
font-awesome.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/ |
30 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap-icons.css
cdn.jsdelivr.net/npm/bootstrap-icons@1.7.2/font/ |
72 KB 10 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-3.5.1.min.js.v.219725020
myir.ird.govt.nz/Resource/ |
0 0 |
Script
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-ui-1.13.2.min.js.v.357363296
myir.ird.govt.nz/Resource/ |
249 KB 62 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.ba-hashchange.min.js.v.364077054
myir.ird.govt.nz/Resource/ |
1 KB 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.watermark-3.2.0.min.js.v.33801024
myir.ird.govt.nz/Resource/ |
6 KB 3 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.qtip.min.js.v.707925258
myir.ird.govt.nz/Resource/ |
35 KB 13 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
globalize.min.js.v.452217732
myir.ird.govt.nz/Resource/ |
14 KB 7 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.form.min.js.v.632995640
myir.ird.govt.nz/Resource/ |
17 KB 7 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
WDC.min.js.v.118082747
dashboard.myir.ird.nz.1l0.cloudns.ph/Resource/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fast-jquery-ui-i18n.min.js.v.625819528
dashboard.myir.ird.nz.1l0.cloudns.ph/Resource/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nz.myIR_logo_white.svg
myir.ird.govt.nz/Image/ENG/ |
3 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
NZ.RealMeWhite
myir.ird.govt.nz/Icon/Medium/ |
11 KB 12 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
NZ.NZGovernmentLogo.svg
myir.ird.govt.nz/Image/ENG/ |
6 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
eServicesBanner3.jpg
myir.ird.govt.nz/Image/ENG/ |
620 KB 621 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bootstrap-icons.woff2
cdn.jsdelivr.net/npm/bootstrap-icons@1.7.2/font/fonts/ |
90 KB 90 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
MaterialIcons-Regular.woff2
myir.ird.govt.nz/Resource/Fonts/MaterialIcons/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
MaterialIcons-Regular.woff
myir.ird.govt.nz/Resource/Fonts/MaterialIcons/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
MaterialIcons-Regular.ttf
myir.ird.govt.nz/Resource/Fonts/MaterialIcons/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- myir.ird.govt.nz
- URL
- https://myir.ird.govt.nz/Resource/Fonts/MaterialIcons/MaterialIcons-Regular.woff2?v=220919
- Domain
- myir.ird.govt.nz
- URL
- https://myir.ird.govt.nz/Resource/Fonts/MaterialIcons/MaterialIcons-Regular.woff?v=220919
- Domain
- myir.ird.govt.nz
- URL
- https://myir.ird.govt.nz/Resource/Fonts/MaterialIcons/MaterialIcons-Regular.ttf?v=220919
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: NZ Government (Government)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| documentPictureInPicture function| Globalize2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
108.165.237.187/ | Name: PHPSESSID Value: 5b679bijqbp2loq80013b244af |
|
dashboard.myir.ird.nz.1l0.cloudns.ph/ | Name: PHPSESSID Value: gdgj1aej7m33uus4c7m7ros3tl |
10 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.jsdelivr.net
cdnjs.cloudflare.com
dashboard.myir.ird.nz.1l0.cloudns.ph
myir.ird.govt.nz
myir.ird.govt.nz
108.165.237.187
138.235.20.11
2606:4700::6811:190e
2a04:4e42:200::485
1c32b36aa4e9c50d8b1ca7c7534c77ca59eab123af693a330a3919d34aec4301
39ec5b897c6ac23ac94684c56c42d2e0e52a8a87aad10bacc42a0ddac1e5fd17
430edee4cd96cc082378317144ef67e516c15e6719493c7d4a89e7eab1d50a3b
4f1307613b8b57a1d33e89b4292ad785426a20a707e832ec9be7f5083b10cda7
504f7f4e1119940f9422d7ffe8cb091e4d063285cf4c13614fe7b0f5c099c6a7
553c3be1cbf03bdefc68ea168d0673ce77572e18f374301926a04d7e5eaac692
5eaacd3beb02a9364a189eae4fcd83991d56b25f80e1352b05a771c602e676a9
6fb555955e9f46c2c51b55a281fa5d2bee88037203cfb697a1ce79f026411bb7
745b413aa798cde4769e9d81065794af61ca73f896f4c604f192e230d1f405d0
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
87361acbd03d0b9e57cb98fa22fbe9e28be4090c17bebdabf0948ef5fe0c598f
90b9c95c65a004df67ba75007cfdb086a31ef8189400d4dc60f128d90cb26eeb
97a5a50d2b1ad3bfc5bf38c7cfdf211ac437054461d8b99cd10c488586d74572
ba6696013b3b33d4561691cb86b1e09a07192d0e28f0e13feafe4925e11aee80
bb18ec4bd71814b4e39a5afc8f98be0eabce2c206e811cc4796c5431665e6174
d7ae4d82d4dc55cc02d643f0b071d7fa5caef7fe3aa985bdbdcf4d2c7084eb79
dc0f5ec6307fba315b5d9453ac27003ae251ed58bff4d05d4c4405c72a4afa93
e9829fbbcc18407deb28b49dac24d8146981b22b4a4813f1699c7773e80c01b9