myir.ird.govt.nz.nzb.cloudns.be
Open in
urlscan Pro
3.27.204.127
Malicious Activity!
Public Scan
Submission: On June 24 via api from IE — Scanned from NZ
Summary
TLS certificate: Issued by ZeroSSL RSA Domain Secure Site CA on June 23rd 2024. Valid for: 3 months.
This is the only time myir.ird.govt.nz.nzb.cloudns.be was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: NZ Government (Government)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
22 | 3.27.204.127 3.27.204.127 | 16509 (AMAZON-02) (AMAZON-02) | |
3 | 2404:6800:400... 2404:6800:4006:80b::2008 | 15169 (GOOGLE) (GOOGLE) | |
4 | 2404:6800:400... 2404:6800:4006:811::200e | 15169 (GOOGLE) (GOOGLE) | |
2 | 138.235.20.10 138.235.20.10 | 136990 (IRD-NZ-AS...) (IRD-NZ-AS-CLOUD-AP Inland Revenue Department) | |
2 | 138.235.20.11 138.235.20.11 | 136990 (IRD-NZ-AS...) (IRD-NZ-AS-CLOUD-AP Inland Revenue Department) | |
33 | 5 |
ASN16509 (AMAZON-02, US)
PTR: ec2-3-27-204-127.ap-southeast-2.compute.amazonaws.com
myir.ird.govt.nz.nzb.cloudns.be |
ASN136990 (IRD-NZ-AS-CLOUD-AP Inland Revenue Department, NZ)
services.ird.govt.nz |
ASN136990 (IRD-NZ-AS-CLOUD-AP Inland Revenue Department, NZ)
myir.ird.govt.nz |
Apex Domain Subdomains |
Transfer | |
---|---|---|
22 |
cloudns.be
myir.ird.govt.nz.nzb.cloudns.be |
223 KB |
4 |
ird.govt.nz
services.ird.govt.nz myir.ird.govt.nz — Cisco Umbrella Rank: 929424 |
19 KB |
4 |
google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 71 |
21 KB |
3 |
googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 81 |
307 KB |
33 | 4 |
Domain | Requested by | |
---|---|---|
22 | myir.ird.govt.nz.nzb.cloudns.be |
myir.ird.govt.nz.nzb.cloudns.be
|
4 | www.google-analytics.com |
www.googletagmanager.com
www.google-analytics.com |
3 | www.googletagmanager.com |
myir.ird.govt.nz.nzb.cloudns.be
www.googletagmanager.com |
2 | myir.ird.govt.nz | |
2 | services.ird.govt.nz | |
33 | 5 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.ird.govt.nz |
myir.ird.govt.nz |
www.govt.nz |
Subject Issuer | Validity | Valid | |
---|---|---|---|
myir.ird.govt.nz.nzb.cloudns.be ZeroSSL RSA Domain Secure Site CA |
2024-06-23 - 2024-09-21 |
3 months | crt.sh |
*.google-analytics.com WR2 |
2024-06-03 - 2024-08-26 |
3 months | crt.sh |
services.ird.govt.nz DigiCert Global G2 TLS RSA SHA256 2020 CA1 |
2023-11-14 - 2024-11-14 |
a year | crt.sh |
myir.ird.govt.nz DigiCert Global G3 TLS ECC SHA384 2020 CA1 |
2024-02-19 - 2025-02-18 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://myir.ird.govt.nz.nzb.cloudns.be/kia-oe/home.php?&JzxLZ5xKcpj8XUswXmaePmeIX7Vdyf6aer8QXb264CUcG9s5ww9J59RiuGT4IybZVAeF6CZNqL4XS7FjXRsZGXSY7TkVD4AmNv2xu9mptPVUStUYyf6jl7P0RcbY2jG4xxpTF1Gm7kxvrS2HcKGAF8zf1oiODVRceCzfKXUIiT1zUaxx6uNyUXzmoJl0ztDn9gga08Oc
Frame ID: 8AD05D1BC8266147A7110BE44BFA1784
Requests: 33 HTTP requests in this frame
Screenshot
Page Title
Inland Revenue - Te Tari Taake, New ZealandDetected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
Bootstrap (Web Frameworks) Expand
Detected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Google Analytics (Analytics) Expand
Detected patterns
- google-analytics\.com/(?:ga|urchin|analytics)\.js
Google Tag Manager (Tag Managers) Expand
Detected patterns
- googletagmanager\.com/gtm\.js
- googletagmanager\.com/gtag/js
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
8 Outgoing links
These are links going to different origins than the main page.
Title: Inland Revenue homepage
Search URL Search Domain Scan URL
Title: Contact us
Search URL Search Domain Scan URL
Title: Forgot user ID?
Search URL Search Domain Scan URL
Title: Forgot password?
Search URL Search Domain Scan URL
Title: Not yet registered?
Search URL Search Domain Scan URL
Title: Help logging in
Search URL Search Domain Scan URL
Title: Conditions of use
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
33 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
home.php
myir.ird.govt.nz.nzb.cloudns.be/kia-oe/ |
6 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
analytics.js
myir.ird.govt.nz.nzb.cloudns.be/kia-oe/index_files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
js
myir.ird.govt.nz.nzb.cloudns.be/kia-oe/index_files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
js_002
myir.ird.govt.nz.nzb.cloudns.be/kia-oe/index_files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
gtm.js
myir.ird.govt.nz.nzb.cloudns.be/kia-oe/index_files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.css
myir.ird.govt.nz.nzb.cloudns.be/kia-oe/index_files/ |
170 KB 170 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login-base.css
myir.ird.govt.nz.nzb.cloudns.be/kia-oe/index_files/ |
16 KB 16 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login-sm.css
myir.ird.govt.nz.nzb.cloudns.be/kia-oe/index_files/ |
4 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login-md.css
myir.ird.govt.nz.nzb.cloudns.be/kia-oe/index_files/ |
4 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login-lg.css
myir.ird.govt.nz.nzb.cloudns.be/kia-oe/index_files/ |
4 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo-myir-lg.PNG
myir.ird.govt.nz.nzb.cloudns.be/kia-oe/index_files/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo-realme.png
myir.ird.govt.nz.nzb.cloudns.be/kia-oe/index_files/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon-new-window-white.png
myir.ird.govt.nz.nzb.cloudns.be/kia-oe/index_files/ |
164 B 471 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon-padlock.png
myir.ird.govt.nz.nzb.cloudns.be/kia-oe/index_files/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logout.gif
myir.ird.govt.nz.nzb.cloudns.be/kia-oe/index_files/ |
43 B 349 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
oam_logout_success.gif
myir.ird.govt.nz.nzb.cloudns.be/kia-oe/index_files/ |
318 B 318 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
New_Zealand_Government_logo.svg
myir.ird.govt.nz.nzb.cloudns.be/kia-oe/index_files/ |
6 KB 7 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-3.js
myir.ird.govt.nz.nzb.cloudns.be/kia-oe/index_files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.js
myir.ird.govt.nz.nzb.cloudns.be/kia-oe/index_files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
site.js
myir.ird.govt.nz.nzb.cloudns.be/kia-oe/index_files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login.js
myir.ird.govt.nz.nzb.cloudns.be/kia-oe/index_files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gtm.js
www.googletagmanager.com/ |
398 KB 106 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo-myir-lg.png
myir.ird.govt.nz.nzb.cloudns.be/kia-oe/img/ |
318 B 318 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
306 KB 103 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
295 KB 99 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics.js
www.google-analytics.com/ |
52 KB 21 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
www.google-analytics.com/g/ |
0 0 |
Fetch
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
www.google-analytics.com/g/ |
0 0 |
Fetch
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
www.google-analytics.com/j/ |
3 B 93 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.0 |
favicon.ico
services.ird.govt.nz/irsso/resources/img/ |
7 KB 7 KB |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.0 |
favicon.ico
services.ird.govt.nz/irsso/resources/img/ |
7 KB 7 KB |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
favicon.png
myir.ird.govt.nz/Icon/ |
829 B 2 KB |
Other
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
favicon.ico
myir.ird.govt.nz/Icon/ |
1 KB 2 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: NZ Government (Government)12 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
undefined| event object| fence object| sharedStorage object| dataLayer object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga function| onYouTubeIframeAPIReady object| gaGlobal object| gaplugins object| gaData6 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
myir.ird.govt.nz.nzb.cloudns.be/ | Name: PHPSESSID Value: v0deaa8i9tdjgj6jjao9jalufd |
|
.nzb.cloudns.be/ | Name: _ga_BZ87Q5B94Z Value: GS1.1.1719192318.1.0.1719192318.0.0.0 |
|
.nzb.cloudns.be/ | Name: _ga_M92SHK1114 Value: GS1.1.1719192318.1.0.1719192318.0.0.0 |
|
.nzb.cloudns.be/ | Name: _ga Value: GA1.3.1917613707.1719192319 |
|
.nzb.cloudns.be/ | Name: _gid Value: GA1.3.480284248.1719192319 |
|
.nzb.cloudns.be/ | Name: _gat_UA-235836-45 Value: 1 |
12 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
myir.ird.govt.nz
myir.ird.govt.nz.nzb.cloudns.be
services.ird.govt.nz
www.google-analytics.com
www.googletagmanager.com
138.235.20.10
138.235.20.11
2404:6800:4006:80b::2008
2404:6800:4006:811::200e
3.27.204.127
0b952daee426797bd11ae1c99ea21a4a876951bae5336624eefcee9782a5f567
0c2c254eca634c39634f2747eb66b9d3149be28aab183082f9b996033407e95a
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
204b74a2f85f0e7755c48f696fd18955ff4e9618d8a40df6eae22c52ef6f3f7e
3cdbdfd59038f742e5ef68f8a0b560653ffbc1edb7dd092125182689db3fff6e
409c4a66da4677ab278599ffb1eb8d98f16ad1e5a60b372b7518d419b973e93a
450e366c94a84699e79e65d3dcc3f84f966f22259d2090f16ccf74b77caa27c2
4d407be54018aec8b0377456de982568ba3e889643af298bc411a306f089562f
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
5fff28609a3d1f62a697b80c5a5517385ac7cf0767edc9eabcc25b113d5865c7
700367aa13d61559d5d279322b2eb8a1d86595b01202c6e0f256f7010331ecc7
7bce1816c1a043accc42ee2a38bf2a76db546095ccb1bb6238a2ef0c4aab5a73
80dc5c22254f0d0b96ebdd0fdba44c6a5b53c7ba44ea697e9784c038ea249f75
90872608835b71aab33c349ea4ace48c7a75d581c9caa709ac7caac62a4f646d
a322817ab899743331149fde45794dad95b777581eab584c6f6e68f4c72c40dc
a867943372f6f7a9ad62e54eef1fc0116dea05e68873c9b886cc0ba05cd0ec2b
ad76a21531ed9a54d1b3a5191f62c41470d75b631a6c867a2ebeabc185a4add9
b61b2a05332a7459306aa7c454824c03db25d36db255ff0e28bcee6e225d218e
d661431d1c3c5282bf55dd55f7c351fc403728786b99c2afcb1305accbc34752
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
eee5fbb3381b35db7e69f82e44643d1183f10c4617fa6e4666d43e0ee236b309