mygov-refund-au.com Open in urlscan Pro
2606:4700:3031::681f:55cf Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://mygov-refund-au.com/
Effective URL:
https://mygov-refund-au.com/signin.php?execution=e11s1&lang=en-AU&session_id=mqsYq2iQw6E9jACd0mWe6mvktN8NOHw4a7E3qsuycxzZVyt...
Submission: On July 01 via manual (July 1st 2020, 5:10:56 am UTC) from AU

Summary HTTP 9 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 9 HTTP transactions. The main IP is 2606:4700:3031::681f:55cf, located in United States and belongs to CLOUDFLARENET, US. The main domain is mygov-refund-au.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on June 26th 2020. Valid for: a year.

This is the only time mygov-refund-au.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Australian Government (Government)

Domain & IP information

	IP Address		AS Autonomous System
1 10	2606:4700:303... 2606:4700:3031::681f:55cf		13335 (CLOUDFLAR...) (CLOUDFLARENET)
9	1

10 2606:4700:3031::681f:55cf (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

mygov-refund-au.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	mygov-refund-au.com 1 redirects mygov-refund-au.com	89 KB
9	1

	Domain	Requested by
10	mygov-refund-au.com	1 redirects mygov-refund-au.com
9	1

This site contains no links.

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-06-26` - `2021-06-26`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://mygov-refund-au.com/signin.php?execution=e11s1&lang=en-AU&session_id=mqsYq2iQw6E9jACd0mWe6mvktN8NOHw4a7E3qsuycxzZVytNmi54CbtoURPKgKrRRqmcCQaMW7VlQ78A
Frame ID: 129263AE6AC9A7B074E4B803A9FC28B8
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://mygov-refund-au.com/ HTTP 301
https://mygov-refund-au.com/ Page URL
https://mygov-refund-au.com/signin.php?execution=e11s1&lang=en-AU&session_id=mqsYq2iQw6E9jACd0mWe6mvktN8... Page URL

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Page Statistics

9
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

89 kB
Transfer

330 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://mygov-refund-au.com/ HTTP 301
https://mygov-refund-au.com/ Page URL
https://mygov-refund-au.com/signin.php?execution=e11s1&lang=en-AU&session_id=mqsYq2iQw6E9jACd0mWe6mvktN8NOHw4a7E3qsuycxzZVytNmi54CbtoURPKgKrRRqmcCQaMW7VlQ78A Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://mygov-refund-au.com/ HTTP 301
https://mygov-refund-au.com/

9 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	/ Show response mygov-refund-au.com/ Redirect Chain http://mygov-refund-au.com/ https://mygov-refund-au.com/	217 B 704 B	619ms 603ms	Document text/html	2606:4700:3031::681f:55cf CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://mygov-refund-au.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3031::681f:55cf , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/7.3.15 Resource Hash `bc7bac56384f0d1d6d991c95ea351feed1337c54d35405e3c8c84824d4f25603` Request headers :method GET :authority mygov-refund-au.com :scheme https :path / pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers status 200 date Wed, 01 Jul 2020 05:10:27 GMT content-type text/html; charset=UTF-8 set-cookie __cfduid=d9912b8aaea7689f255242d6f32462d781593580226; expires=Fri, 31-Jul-20 05:10:26 GMT; path=/; domain=.mygov-refund-au.com; HttpOnly; SameSite=Lax; Secure PHPSESSID=98f978a597a8a2b1c011d60d4b81f616; path=/ x-powered-by PHP/7.3.15 expires Thu, 19 Nov 1981 08:52:00 GMT cache-control no-store, no-cache, must-revalidate pragma no-cache vary Accept-Encoding x-turbo-charged-by LiteSpeed cf-cache-status DYNAMIC cf-request-id 03aa61a073000005c4bb2a4200000001 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" server cloudflare cf-ray 5abd9ee0bb6e05c4-FRA content-encoding br Redirect headers Date Wed, 01 Jul 2020 05:10:26 GMT Transfer-Encoding chunked Connection keep-alive Cache-Control max-age=3600 Expires Wed, 01 Jul 2020 06:10:26 GMT Location https://mygov-refund-au.com/ cf-request-id 03aa61a0560000dff711373200000001 Vary Accept-Encoding Server cloudflare CF-RAY 5abd9ee08d51dff7-FRA
GET H2	200	Primary Request signin.php Show response mygov-refund-au.com/	7 KB 2 KB	521ms 520ms	Document text/html	2606:4700:3031::681f:55cf CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://mygov-refund-au.com/signin.php?execution=e11s1&lang=en-AU&session_id=mqsYq2iQw6E9jACd0mWe6mvktN8NOHw4a7E3qsuycxzZVytNmi54CbtoURPKgKrRRqmcCQaMW7VlQ78A Requested by Host: mygov-refund-au.com URL: https://mygov-refund-au.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3031::681f:55cf , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/7.3.15 Resource Hash `6a4847c21e38c8141606b80312caa9d06e35832192ee9adcfa82399c2d9e7105` Request headers :method GET :authority mygov-refund-au.com :scheme https :path /signin.php?execution=e11s1&lang=en-AU&session_id=mqsYq2iQw6E9jACd0mWe6mvktN8NOHw4a7E3qsuycxzZVytNmi54CbtoURPKgKrRRqmcCQaMW7VlQ78A pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site same-origin sec-fetch-mode navigate sec-fetch-dest document referer https://mygov-refund-au.com/ accept-encoding gzip, deflate, br accept-language en-US cookie __cfduid=d9912b8aaea7689f255242d6f32462d781593580226; PHPSESSID=98f978a597a8a2b1c011d60d4b81f616 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer https://mygov-refund-au.com/ Response headers status 200 date Wed, 01 Jul 2020 05:10:27 GMT content-type text/html; charset=UTF-8 x-powered-by PHP/7.3.15 vary Accept-Encoding x-turbo-charged-by LiteSpeed cf-cache-status DYNAMIC cf-request-id 03aa61a2da000005c4bb2da200000001 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" server cloudflare cf-ray 5abd9ee49a9405c4-FRA content-encoding br
GET H2	200	mgv2-application.css mygov-refund-au.com/media/	91 KB 16 KB	14ms 13ms	Stylesheet text/css	2606:4700:3031::681f:55cf CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://mygov-refund-au.com/media/mgv2-application.css Requested by Host: mygov-refund-au.com URL: https://mygov-refund-au.com/signin.php?execution=e11s1&lang=en-AU&session_id=mqsYq2iQw6E9jACd0mWe6mvktN8NOHw4a7E3qsuycxzZVytNmi54CbtoURPKgKrRRqmcCQaMW7VlQ78A Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3031::681f:55cf , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `c685f135d7f7d92e049475dffaf571c90b73fb732368bcf895e777250fa32bb3` Request headers Referer https://mygov-refund-au.com/signin.php?execution=e11s1&lang=en-AU&session_id=mqsYq2iQw6E9jACd0mWe6mvktN8NOHw4a7E3qsuycxzZVytNmi54CbtoURPKgKrRRqmcCQaMW7VlQ78A User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 01 Jul 2020 05:10:27 GMT content-encoding br cf-cache-status HIT last-modified Mon, 01 Jun 2020 12:38:50 GMT server cloudflare age 89201 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type text/css status 200 cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed cf-ray 5abd9ee7d94105c4-FRA cf-request-id 03aa61a4e8000005c4bb306200000001
GET H2	200	inline-white.svg mygov-refund-au.com/media/	113 KB 33 KB	15ms 14ms	Image image/svg+xml	2606:4700:3031::681f:55cf CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://mygov-refund-au.com/media/inline-white.svg Requested by Host: mygov-refund-au.com URL: https://mygov-refund-au.com/signin.php?execution=e11s1&lang=en-AU&session_id=mqsYq2iQw6E9jACd0mWe6mvktN8NOHw4a7E3qsuycxzZVytNmi54CbtoURPKgKrRRqmcCQaMW7VlQ78A Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3031::681f:55cf , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `42ded01e719714429c120fcb2076b685587196056c7e75306c7ba0da5fd91721` Request headers Referer https://mygov-refund-au.com/signin.php?execution=e11s1&lang=en-AU&session_id=mqsYq2iQw6E9jACd0mWe6mvktN8NOHw4a7E3qsuycxzZVytNmi54CbtoURPKgKrRRqmcCQaMW7VlQ78A User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 01 Jul 2020 05:10:27 GMT content-encoding br cf-cache-status HIT last-modified Sat, 02 May 2020 00:38:38 GMT server cloudflare age 89200 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/svg+xml status 200 cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed cf-ray 5abd9ee7d94305c4-FRA cf-request-id 03aa61a4e8000005c4bb307200000001 expires Tue, 07 Jul 2020 04:23:45 GMT
GET H2	200	logo.svg mygov-refund-au.com/media/	2 KB 1 KB	10ms 10ms	Image image/svg+xml	2606:4700:3031::681f:55cf CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://mygov-refund-au.com/media/logo.svg Requested by Host: mygov-refund-au.com URL: https://mygov-refund-au.com/signin.php?execution=e11s1&lang=en-AU&session_id=mqsYq2iQw6E9jACd0mWe6mvktN8NOHw4a7E3qsuycxzZVytNmi54CbtoURPKgKrRRqmcCQaMW7VlQ78A Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3031::681f:55cf , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `91e0d494b2136f506c63c13ebf1ac4a220a6e53a176ee4714505cf3703d0bdbb` Request headers Referer https://mygov-refund-au.com/signin.php?execution=e11s1&lang=en-AU&session_id=mqsYq2iQw6E9jACd0mWe6mvktN8NOHw4a7E3qsuycxzZVytNmi54CbtoURPKgKrRRqmcCQaMW7VlQ78A User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 01 Jul 2020 05:10:27 GMT content-encoding br cf-cache-status HIT last-modified Sat, 02 May 2020 00:38:38 GMT server cloudflare age 23477 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/svg+xml status 200 cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed cf-ray 5abd9ee7f97105c4-FRA cf-request-id 03aa61a4f9000005c4bb30b200000001 expires Tue, 07 Jul 2020 22:39:08 GMT
GET H2	404	hand-code-device.svg mygov-refund-au.com/media/	1 KB 1 KB	519ms 517ms	Image text/html	2606:4700:3031::681f:55cf CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://mygov-refund-au.com/media/hand-code-device.svg Requested by Host: mygov-refund-au.com URL: https://mygov-refund-au.com/signin.php?execution=e11s1&lang=en-AU&session_id=mqsYq2iQw6E9jACd0mWe6mvktN8NOHw4a7E3qsuycxzZVytNmi54CbtoURPKgKrRRqmcCQaMW7VlQ78A Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3031::681f:55cf , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `70c65bd0e084398a87baa298c1fafa52afff402096cb350d563d309565c07e83` Request headers Referer https://mygov-refund-au.com/signin.php?execution=e11s1&lang=en-AU&session_id=mqsYq2iQw6E9jACd0mWe6mvktN8NOHw4a7E3qsuycxzZVytNmi54CbtoURPKgKrRRqmcCQaMW7VlQ78A User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers pragma no-cache date Wed, 01 Jul 2020 05:10:28 GMT content-encoding br cf-cache-status BYPASS server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type text/html status 404 cache-control private, no-cache, no-store, must-revalidate, max-age=0 x-turbo-charged-by LiteSpeed cf-ray 5abd9ee7f97405c4-FRA cf-request-id 03aa61a4fb000005c4bb30c200000001
GET H2	200	inline.svg mygov-refund-au.com/media/	113 KB 33 KB	19ms 18ms	Image image/svg+xml	2606:4700:3031::681f:55cf CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://mygov-refund-au.com/media/inline.svg Requested by Host: mygov-refund-au.com URL: https://mygov-refund-au.com/signin.php?execution=e11s1&lang=en-AU&session_id=mqsYq2iQw6E9jACd0mWe6mvktN8NOHw4a7E3qsuycxzZVytNmi54CbtoURPKgKrRRqmcCQaMW7VlQ78A Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3031::681f:55cf , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `f123bda4af8b57bf1a683920703c7841ba38aa4a98c02ef01b92d2b1d2696132` Request headers Referer https://mygov-refund-au.com/signin.php?execution=e11s1&lang=en-AU&session_id=mqsYq2iQw6E9jACd0mWe6mvktN8NOHw4a7E3qsuycxzZVytNmi54CbtoURPKgKrRRqmcCQaMW7VlQ78A User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 01 Jul 2020 05:10:27 GMT content-encoding br cf-cache-status HIT last-modified Sat, 02 May 2020 00:38:38 GMT server cloudflare age 89200 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/svg+xml status 200 cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed cf-ray 5abd9ee7f97505c4-FRA cf-request-id 03aa61a4fc000005c4bb30d200000001 expires Tue, 07 Jul 2020 04:23:45 GMT
GET H2	404	va_resizelarge.svg mygov-refund-au.com/media/	1 KB 1 KB	483ms 483ms	Image text/html	2606:4700:3031::681f:55cf CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://mygov-refund-au.com/media/va_resizelarge.svg Requested by Host: mygov-refund-au.com URL: https://mygov-refund-au.com/signin.php?execution=e11s1&lang=en-AU&session_id=mqsYq2iQw6E9jACd0mWe6mvktN8NOHw4a7E3qsuycxzZVytNmi54CbtoURPKgKrRRqmcCQaMW7VlQ78A Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3031::681f:55cf , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `70c65bd0e084398a87baa298c1fafa52afff402096cb350d563d309565c07e83` Request headers Referer https://mygov-refund-au.com/media/mgv2-application.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers pragma no-cache date Wed, 01 Jul 2020 05:10:28 GMT content-encoding br cf-cache-status BYPASS server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type text/html status 404 cache-control private, no-cache, no-store, must-revalidate, max-age=0 x-turbo-charged-by LiteSpeed cf-ray 5abd9ee7f98705c4-FRA cf-request-id 03aa61a4fe000005c4bb30e200000001
GET H2	200	va_arrowup.svg mygov-refund-au.com/media/	736 B 576 B	12ms 11ms	Image image/svg+xml	2606:4700:3031::681f:55cf CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://mygov-refund-au.com/media/va_arrowup.svg Requested by Host: mygov-refund-au.com URL: https://mygov-refund-au.com/signin.php?execution=e11s1&lang=en-AU&session_id=mqsYq2iQw6E9jACd0mWe6mvktN8NOHw4a7E3qsuycxzZVytNmi54CbtoURPKgKrRRqmcCQaMW7VlQ78A Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3031::681f:55cf , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `8634d0634f8c4e4c3d41b1f2a655e1fe16a75e4db4e6426fc5c1a6f45368443e` Request headers Referer https://mygov-refund-au.com/media/mgv2-application.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 01 Jul 2020 05:10:27 GMT content-encoding br cf-cache-status HIT last-modified Sat, 02 May 2020 00:38:40 GMT server cloudflare age 89199 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/svg+xml status 200 cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed cf-ray 5abd9ee7f98805c4-FRA cf-request-id 03aa61a4fe000005c4bb30f200000001 expires Tue, 07 Jul 2020 04:23:46 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Australian Government (Government)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| check

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			mygov-refund-au.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 98f978a597a8a2b1c011d60d4b81f616
			.mygov-refund-au.com/	1970-01-19 11:22:52	Name: __cfduid Value: d9912b8aaea7689f255242d6f32462d781593580226

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

mygov-refund-au.com
2606:4700:3031::681f:55cf
42ded01e719714429c120fcb2076b685587196056c7e75306c7ba0da5fd91721
6a4847c21e38c8141606b80312caa9d06e35832192ee9adcfa82399c2d9e7105
70c65bd0e084398a87baa298c1fafa52afff402096cb350d563d309565c07e83
8634d0634f8c4e4c3d41b1f2a655e1fe16a75e4db4e6426fc5c1a6f45368443e
91e0d494b2136f506c63c13ebf1ac4a220a6e53a176ee4714505cf3703d0bdbb
bc7bac56384f0d1d6d991c95ea351feed1337c54d35405e3c8c84824d4f25603
c685f135d7f7d92e049475dffaf571c90b73fb732368bcf895e777250fa32bb3
f123bda4af8b57bf1a683920703c7841ba38aa4a98c02ef01b92d2b1d2696132

mygov-refund-au.com Open in urlscan Pro 2606:4700:3031::681f:55cf Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

9 Requests

100 %HTTPS

100 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

89 kBTransfer

330 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

2 Cookies

Indicators

mygov-refund-au.com Open in urlscan Pro
2606:4700:3031::681f:55cf Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

89 kB
Transfer

330 kB
Size

2
Cookies

9 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!