probrandingusa.com
Open in
urlscan Pro
2a06:98c1:3120::3
Malicious Activity!
Public Scan
Effective URL: https://probrandingusa.com/irsus/home.html?resource_url=https://sa.www4.irs.gov/irfof/lang/en/irfofgetstatus.jsp=881213&ses...
Submission: On October 31 via api from JP — Scanned from NL
Summary
TLS certificate: Issued by GTS CA 1P5 on October 24th 2023. Valid for: 3 months.
This is the only time probrandingusa.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: IRS (Government)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
15 | 2a06:98c1:312... 2a06:98c1:3120::3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
15 | 1 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
15 |
probrandingusa.com
probrandingusa.com |
58 KB |
15 | 1 |
Domain | Requested by | |
---|---|---|
15 | probrandingusa.com |
probrandingusa.com
|
15 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
probrandingusa.com GTS CA 1P5 |
2023-10-24 - 2024-01-22 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
https://probrandingusa.com/irsus/home.html?resource_url=https://sa.www4.irs.gov/irfof/lang/en/irfofgetstatus.jsp=881213&session=8810
Frame ID: CE5DD8BB4861480369BDDCFA2D7E11B7
Requests: 14 HTTP requests in this frame
Frame:
https://probrandingusa.com/irsus/home_files/saved_resource.htm
Frame ID: 297A3B02B722AFF342BCFCF9EF534843
Requests: 1 HTTP requests in this frame
Screenshot
Page Title
Get Refund StatusPage URL History Show full URLs
- https://probrandingusa.com/irsus/ Page URL
- https://probrandingusa.com/irsus/home.html?resource_url=https://sa.www4.irs.gov/irfof/lang/en/irfofgets... Page URL
Detected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://probrandingusa.com/irsus/ Page URL
- https://probrandingusa.com/irsus/home.html?resource_url=https://sa.www4.irs.gov/irfof/lang/en/irfofgetstatus.jsp=881213&session=8810 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
15 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
probrandingusa.com/irsus/ |
278 B 611 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
home.html
probrandingusa.com/irsus/ |
12 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.css
probrandingusa.com/irsus/home_files/ |
152 KB 25 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-ui.css
probrandingusa.com/irsus/home_files/ |
31 KB 8 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
irs.css
probrandingusa.com/irsus/home_files/ |
5 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app.css
probrandingusa.com/irsus/home_files/ |
9 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app-error.css
probrandingusa.com/irsus/home_files/ |
562 B 571 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wmsp-shared-secrets.css
probrandingusa.com/irsus/home_files/ |
2 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wmsp-results.css
probrandingusa.com/irsus/home_files/ |
1 KB 795 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
datepicker.css
probrandingusa.com/irsus/home_files/ |
18 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo.png
probrandingusa.com/irsus/home_files/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
irs_horiz_white.png
probrandingusa.com/irsus/home_files/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
saved_resource.htm
probrandingusa.com/irsus/home_files/ Frame 297A |
312 B 654 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
swirl_lighter_ca6f4deb.png
probrandingusa.com/irsus/images/ |
2 KB 2 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
us.png
probrandingusa.com/assets/img/ |
2 KB 2 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: IRS (Government)7 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| documentPictureInPicture function| noBack string| message function| clickIE function| clickNS function| disableCtrlKeyCombination0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
probrandingusa.com
2a06:98c1:3120::3
02ceea374fce34ce8272bb17a67fd862c8ff49eeb05938154570701ca7a62ea7
1dcf7c6148121e9c474fbb4f32a0d43677cb0d85cc910d3faf15f6251f7ea3b0
4c97e6daa1662a21090dfb0213e13afdde1dfb05a058b0666b779633b93192e1
4f52f329c18914acde937ef708d127632bfcbbd8f4d5b02ab9d074699e00afa3
5d3238bdb8ee9440978b31fadb2af34965dca58b179a1225e13316d4c6cfd5e8
8549844c9c013d824f5b7d01079edc1cfa3cb87f5f14a347ba52391361dafc02
bec0021229acb826efda32e78841a7b97ffb73d3b922bd1bd98823a4377a5374
c1fec6422216d55e2ba3fa50bdd8f6968390bc87f8dc9f8471892c5fdefe4a72
ce7425bc051d9f94e1e7851b70dcf0685c41d61373dde0cdabf5f99a1b2ae22e
df502755dd72bb61d3fd538ef5ef5f3c144126a19bb47b312f7cc75de520f672
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f4b254c69add59c9263fc046268904bcb604aaef26626ad2dd7ba2f9b2965f52
fdb6ea3cf5dca396f0b9ead85d6a1dceb389796e06fa0ab3725eb072dc11b1b9