isdzoop09.uk.r.appspot.com Open in urlscan Pro
2a00:1450:4001:803::2014  Malicious Activity! Public Scan

5 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

21 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request irs.php Show response isdzoop09.uk.r.appspot.com/	24 KB 4 KB	156ms 98ms	Document text/html	2a00:1450:4001:803::2014 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://isdzoop09.uk.r.appspot.com/irs.php?sa.www4.irs.gov/irfof-wmsp/notice;jsessionid=TmJE2NIaELcKxKd31U2CotBv.7c Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:803::2014 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software nginx / Resource Hash 42df9a2fd37f78076cf87a6b1e36f1993c4041257d724f879490b223555bdc14 Request headers :method GET :authority isdzoop09.uk.r.appspot.com :scheme https :path /irs.php?sa.www4.irs.gov/irfof-wmsp/notice;jsessionid=TmJE2NIaELcKxKd31U2CotBv.7c pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers status 200 date Mon, 16 Nov 2020 16:48:02 GMT content-type text/html; charset=UTF-8 server nginx vary Accept-Encoding content-encoding gzip via 1.1 google alt-svc h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H2	200	ga.js Show response ssl.google-analytics.com/	45 KB 17 KB	8ms 6ms	Script text/javascript	2a00:1450:4001:81d::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://ssl.google-analytics.com/ga.js Requested by Host: isdzoop09.uk.r.appspot.com URL: https://isdzoop09.uk.r.appspot.com/irs.php?sa.www4.irs.gov/irfof-wmsp/notice;jsessionid=TmJE2NIaELcKxKd31U2CotBv.7c Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:81d::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://isdzoop09.uk.r.appspot.com/irs.php?sa.www4.irs.gov/irfof-wmsp/notice;jsessionid=TmJE2NIaELcKxKd31U2CotBv.7c User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers strict-transport-security max-age=10886400; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff last-modified Fri, 23 Oct 2020 03:00:57 GMT server Golfe2 age 3234 date Mon, 16 Nov 2020 15:54:08 GMT vary Accept-Encoding content-type text/javascript status 200 cache-control public, max-age=7200 cross-origin-resource-policy cross-origin alt-svc h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 17168 expires Mon, 16 Nov 2020 17:54:08 GMT
GET H2	200	common.js Show response rpr.irs.gov/datamart/js/	21 KB 5 KB	563ms 194ms	Script application/javascript	2600:1400:d:395::3340 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://rpr.irs.gov/datamart/js/common.js Requested by Host: isdzoop09.uk.r.appspot.com URL: https://isdzoop09.uk.r.appspot.com/irs.php?sa.www4.irs.gov/irfof-wmsp/notice;jsessionid=TmJE2NIaELcKxKd31U2CotBv.7c Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2600:1400:d:395::3340 , United States, ASN20940 (AKAMAI-ASN1, EU), Reverse DNS Software / Resource Hash a220fecb147d92b992846511c68f1fb5a0e2a7bbbb295e4728ee154e12be1dde Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN, DENY X-Xss-Protection 1 Request headers Referer https://isdzoop09.uk.r.appspot.com/irs.php?sa.www4.irs.gov/irfof-wmsp/notice;jsessionid=TmJE2NIaELcKxKd31U2CotBv.7c User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers pragma no-cache date Mon, 16 Nov 2020 16:48:03 GMT content-encoding gzip x-content-type-options nosniff last-modified Fri, 03 Jan 2020 22:23:08 GMT x-frame-options SAMEORIGIN, DENY content-type application/javascript status 200 cache-control no-store server-timing cdn-cache; desc=HIT, edge; dur=1 strict-transport-security max-age=31536000 accept-ranges bytes vary Accept-Encoding content-length 4309 x-xss-protection 1
GET H2	200	global.css rpr.irs.gov/css/	47 KB 48 KB	458ms 90ms	Stylesheet text/css	2600:1400:d:395::3340 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://rpr.irs.gov/css/global.css Requested by Host: isdzoop09.uk.r.appspot.com URL: https://isdzoop09.uk.r.appspot.com/irs.php?sa.www4.irs.gov/irfof-wmsp/notice;jsessionid=TmJE2NIaELcKxKd31U2CotBv.7c Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2600:1400:d:395::3340 , United States, ASN20940 (AKAMAI-ASN1, EU), Reverse DNS Software / Resource Hash d5d2ba315982ec17faa82d35ae6079bf747e03c89fcff4a669dc74c5d8888124 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Frame-Options SAMEORIGIN Request headers Referer https://isdzoop09.uk.r.appspot.com/irs.php?sa.www4.irs.gov/irfof-wmsp/notice;jsessionid=TmJE2NIaELcKxKd31U2CotBv.7c User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Mon, 16 Nov 2020 16:48:03 GMT last-modified Thu, 08 Oct 2020 22:33:33 GMT x-frame-options SAMEORIGIN strict-transport-security max-age=31536000 content-type text/css status 200 server-timing cdn-cache; desc=HIT, edge; dur=1 accept-ranges bytes content-length 48415
GET H2	404	jquery-1.6.2.min.js rpr.irs.gov/datamart/js/jquery/js/	0 0	768ms 399ms	Script text/html	2600:1400:d:395::3340 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://rpr.irs.gov/datamart/js/jquery/js/jquery-1.6.2.min.js Requested by Host: isdzoop09.uk.r.appspot.com URL: https://isdzoop09.uk.r.appspot.com/irs.php?sa.www4.irs.gov/irfof-wmsp/notice;jsessionid=TmJE2NIaELcKxKd31U2CotBv.7c Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2600:1400:d:395::3340 , United States, ASN20940 (AKAMAI-ASN1, EU), Reverse DNS Software / Resource Hash Request headers Referer https://isdzoop09.uk.r.appspot.com/irs.php?sa.www4.irs.gov/irfof-wmsp/notice;jsessionid=TmJE2NIaELcKxKd31U2CotBv.7c User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers
GET H2	200	jquery-corner.js Show response rpr.irs.gov/datamart/js/jquery/js/	11 KB 4 KB	563ms 195ms	Script application/javascript	2600:1400:d:395::3340 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://rpr.irs.gov/datamart/js/jquery/js/jquery-corner.js Requested by Host: isdzoop09.uk.r.appspot.com URL: https://isdzoop09.uk.r.appspot.com/irs.php?sa.www4.irs.gov/irfof-wmsp/notice;jsessionid=TmJE2NIaELcKxKd31U2CotBv.7c Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2600:1400:d:395::3340 , United States, ASN20940 (AKAMAI-ASN1, EU), Reverse DNS Software / Resource Hash a93519707a81cb28a022f528cc738ddf15d0d8aada113a00e89770875d07da14 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN, DENY X-Xss-Protection 1 Request headers Referer https://isdzoop09.uk.r.appspot.com/irs.php?sa.www4.irs.gov/irfof-wmsp/notice;jsessionid=TmJE2NIaELcKxKd31U2CotBv.7c User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers pragma no-cache date Mon, 16 Nov 2020 16:48:03 GMT content-encoding gzip x-content-type-options nosniff last-modified Thu, 07 May 2020 06:44:00 GMT x-frame-options SAMEORIGIN, DENY content-type application/javascript status 200 cache-control no-store server-timing cdn-cache; desc=HIT, edge; dur=1 strict-transport-security max-age=31536000 accept-ranges bytes vary Accept-Encoding content-length 3421 x-xss-protection 1
GET H2	404	jquery-ui-1.8.14.custom.min.js rpr.irs.gov/datamart/js/jquery/js/	0 0	777ms 409ms	Script text/html	2600:1400:d:395::3340 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://rpr.irs.gov/datamart/js/jquery/js/jquery-ui-1.8.14.custom.min.js Requested by Host: isdzoop09.uk.r.appspot.com URL: https://isdzoop09.uk.r.appspot.com/irs.php?sa.www4.irs.gov/irfof-wmsp/notice;jsessionid=TmJE2NIaELcKxKd31U2CotBv.7c Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2600:1400:d:395::3340 , United States, ASN20940 (AKAMAI-ASN1, EU), Reverse DNS Software / Resource Hash Request headers Referer https://isdzoop09.uk.r.appspot.com/irs.php?sa.www4.irs.gov/irfof-wmsp/notice;jsessionid=TmJE2NIaELcKxKd31U2CotBv.7c User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers
GET H2	200	tooltip.js Show response rpr.irs.gov/datamart/js/jquery/js/	2 KB 885 B	569ms 201ms	Script application/javascript	2600:1400:d:395::3340 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://rpr.irs.gov/datamart/js/jquery/js/tooltip.js Requested by Host: isdzoop09.uk.r.appspot.com URL: https://isdzoop09.uk.r.appspot.com/irs.php?sa.www4.irs.gov/irfof-wmsp/notice;jsessionid=TmJE2NIaELcKxKd31U2CotBv.7c Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2600:1400:d:395::3340 , United States, ASN20940 (AKAMAI-ASN1, EU), Reverse DNS Software / Resource Hash b8ff231944517c9c153af98107a10283a19d49c73ef2559de3e34f2a3973b954 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN, DENY X-Xss-Protection 1 Request headers Referer https://isdzoop09.uk.r.appspot.com/irs.php?sa.www4.irs.gov/irfof-wmsp/notice;jsessionid=TmJE2NIaELcKxKd31U2CotBv.7c User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers pragma no-cache date Mon, 16 Nov 2020 16:48:03 GMT content-encoding gzip x-content-type-options nosniff last-modified Thu, 07 May 2020 06:44:00 GMT x-frame-options SAMEORIGIN, DENY content-type application/javascript status 200 cache-control no-store server-timing cdn-cache; desc=HIT, edge; dur=1 strict-transport-security max-age=31536000 accept-ranges bytes vary Accept-Encoding content-length 584 x-xss-protection 1
GET H2	200	sessionTimeoutMain.js Show response rpr.irs.gov/datamart/js/	2 KB 1010 B	576ms 208ms	Script application/javascript	2600:1400:d:395::3340 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://rpr.irs.gov/datamart/js/sessionTimeoutMain.js Requested by Host: isdzoop09.uk.r.appspot.com URL: https://isdzoop09.uk.r.appspot.com/irs.php?sa.www4.irs.gov/irfof-wmsp/notice;jsessionid=TmJE2NIaELcKxKd31U2CotBv.7c Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2600:1400:d:395::3340 , United States, ASN20940 (AKAMAI-ASN1, EU), Reverse DNS Software / Resource Hash 1053e407fd5265e90f9ae78696b90225653e38997144c4ae6d1ae3345126e2be Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN, DENY X-Xss-Protection 1 Request headers Referer https://isdzoop09.uk.r.appspot.com/irs.php?sa.www4.irs.gov/irfof-wmsp/notice;jsessionid=TmJE2NIaELcKxKd31U2CotBv.7c User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers pragma no-cache date Mon, 16 Nov 2020 16:48:03 GMT content-encoding gzip x-content-type-options nosniff last-modified Fri, 03 Jan 2020 22:23:08 GMT x-frame-options SAMEORIGIN, DENY content-type application/javascript status 200 cache-control no-store server-timing cdn-cache; desc=HIT, edge; dur=1 strict-transport-security max-age=31536000 accept-ranges bytes vary Accept-Encoding content-length 710 x-xss-protection 1
GET H2	404	jquery-ui-1.8.14.custom.css rpr.irs.gov/datamart/js/jquery/css/ui-lightness/	0 0	799ms 431ms	Stylesheet text/html	2600:1400:d:395::3340 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://rpr.irs.gov/datamart/js/jquery/css/ui-lightness/jquery-ui-1.8.14.custom.css Requested by Host: isdzoop09.uk.r.appspot.com URL: https://isdzoop09.uk.r.appspot.com/irs.php?sa.www4.irs.gov/irfof-wmsp/notice;jsessionid=TmJE2NIaELcKxKd31U2CotBv.7c Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2600:1400:d:395::3340 , United States, ASN20940 (AKAMAI-ASN1, EU), Reverse DNS Software / Resource Hash Request headers Referer https://isdzoop09.uk.r.appspot.com/irs.php?sa.www4.irs.gov/irfof-wmsp/notice;jsessionid=TmJE2NIaELcKxKd31U2CotBv.7c User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers
GET H2	200	navigation-gecko.css rpr.irs.gov/common/styleSheet/	3 KB 806 B	562ms 195ms	Stylesheet text/css	2600:1400:d:395::3340 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://rpr.irs.gov/common/styleSheet/navigation-gecko.css Requested by Host: isdzoop09.uk.r.appspot.com URL: https://isdzoop09.uk.r.appspot.com/irs.php?sa.www4.irs.gov/irfof-wmsp/notice;jsessionid=TmJE2NIaELcKxKd31U2CotBv.7c Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2600:1400:d:395::3340 , United States, ASN20940 (AKAMAI-ASN1, EU), Reverse DNS Software / Resource Hash 2c69269961a56643c7135cf7d4d978ee5441261c5c5c1a19a001093d9167d17a Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Frame-Options SAMEORIGIN Request headers Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Mon, 16 Nov 2020 16:48:03 GMT content-encoding gzip vary Accept-Encoding last-modified Thu, 10 Oct 2013 14:50:16 GMT x-frame-options SAMEORIGIN content-type text/css status 200 server-timing cdn-cache; desc=HIT, edge; dur=1 strict-transport-security max-age=31536000 accept-ranges bytes content-length 596
GET H2	200	irsHomepageLogo.gif rpr.irs.gov/images/	3 KB 3 KB	110ms 109ms	Image image/gif	2600:1400:d:395::3340 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://rpr.irs.gov/images/irsHomepageLogo.gif Requested by Host: isdzoop09.uk.r.appspot.com URL: https://isdzoop09.uk.r.appspot.com/irs.php?sa.www4.irs.gov/irfof-wmsp/notice;jsessionid=TmJE2NIaELcKxKd31U2CotBv.7c Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2600:1400:d:395::3340 , United States, ASN20940 (AKAMAI-ASN1, EU), Reverse DNS Software / Resource Hash c93759b72d6cd8568a1f2edabc672c939e7996b707b6cd378161164b249d95bf Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Frame-Options SAMEORIGIN Request headers Referer https://isdzoop09.uk.r.appspot.com/irs.php?sa.www4.irs.gov/irfof-wmsp/notice;jsessionid=TmJE2NIaELcKxKd31U2CotBv.7c User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Mon, 16 Nov 2020 16:48:03 GMT last-modified Fri, 06 Jul 2012 14:08:47 GMT x-frame-options SAMEORIGIN strict-transport-security max-age=31536000 content-type image/gif status 200 server-timing cdn-cache; desc=HIT, edge; dur=8 accept-ranges bytes content-length 3112
GET H2	200	blank.gif rpr.irs.gov/images/	43 B 233 B	110ms 109ms	Image image/gif	2600:1400:d:395::3340 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://rpr.irs.gov/images/blank.gif Requested by Host: isdzoop09.uk.r.appspot.com URL: https://isdzoop09.uk.r.appspot.com/irs.php?sa.www4.irs.gov/irfof-wmsp/notice;jsessionid=TmJE2NIaELcKxKd31U2CotBv.7c Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2600:1400:d:395::3340 , United States, ASN20940 (AKAMAI-ASN1, EU), Reverse DNS Software / Resource Hash 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Frame-Options SAMEORIGIN Request headers Referer https://isdzoop09.uk.r.appspot.com/irs.php?sa.www4.irs.gov/irfof-wmsp/notice;jsessionid=TmJE2NIaELcKxKd31U2CotBv.7c User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Mon, 16 Nov 2020 16:48:03 GMT last-modified Wed, 25 Jul 2012 15:40:57 GMT x-frame-options SAMEORIGIN strict-transport-security max-age=31536000 content-type image/gif status 200 server-timing cdn-cache; desc=HIT, edge; dur=1 accept-ranges bytes content-length 43
GET H2	200	navigation.js Show response rpr.irs.gov/datamart/js/	23 KB 7 KB	93ms 92ms	Script application/javascript	2600:1400:d:395::3340 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://rpr.irs.gov/datamart/js/navigation.js Requested by Host: isdzoop09.uk.r.appspot.com URL: https://isdzoop09.uk.r.appspot.com/irs.php?sa.www4.irs.gov/irfof-wmsp/notice;jsessionid=TmJE2NIaELcKxKd31U2CotBv.7c Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2600:1400:d:395::3340 , United States, ASN20940 (AKAMAI-ASN1, EU), Reverse DNS Software / Resource Hash 9ad9136a5330bd4c0f2974aca3dbd0de63502c215a9493930dd6b661353ea545 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN, DENY X-Xss-Protection 1 Request headers Referer https://isdzoop09.uk.r.appspot.com/irs.php?sa.www4.irs.gov/irfof-wmsp/notice;jsessionid=TmJE2NIaELcKxKd31U2CotBv.7c User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers pragma no-cache date Mon, 16 Nov 2020 16:48:03 GMT content-encoding gzip x-content-type-options nosniff last-modified Fri, 03 Jan 2020 22:23:08 GMT x-frame-options SAMEORIGIN, DENY content-type application/javascript status 200 cache-control no-store server-timing cdn-cache; desc=HIT, edge; dur=1 strict-transport-security max-age=31536000 accept-ranges bytes vary Accept-Encoding content-length 7219 x-xss-protection 1
GET H2	200	irs_tpps_reporting.js Show response rpr.irs.gov/webTrends/	13 KB 5 KB	97ms 97ms	Script application/javascript	2600:1400:d:395::3340 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://rpr.irs.gov/webTrends/irs_tpps_reporting.js Requested by Host: isdzoop09.uk.r.appspot.com URL: https://isdzoop09.uk.r.appspot.com/irs.php?sa.www4.irs.gov/irfof-wmsp/notice;jsessionid=TmJE2NIaELcKxKd31U2CotBv.7c Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2600:1400:d:395::3340 , United States, ASN20940 (AKAMAI-ASN1, EU), Reverse DNS Software / Resource Hash bba1e16886c809ff45922c11420e8cb00224028b8f83d7f058f34c82763ec84b Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Frame-Options SAMEORIGIN Request headers Referer https://isdzoop09.uk.r.appspot.com/irs.php?sa.www4.irs.gov/irfof-wmsp/notice;jsessionid=TmJE2NIaELcKxKd31U2CotBv.7c User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Mon, 16 Nov 2020 16:48:03 GMT content-encoding gzip vary Accept-Encoding last-modified Wed, 29 Jul 2020 21:17:01 GMT x-frame-options SAMEORIGIN content-type application/javascript status 200 server-timing cdn-cache; desc=HIT, edge; dur=1 strict-transport-security max-age=31536000 accept-ranges bytes content-length 4496
GET H2	200	wtid.js Show response statse.webtrendslive.com/dcsry2tyh10000s96h2x6oxgy_5t6k/	10 B 102 B	80ms 24ms	Script application/x-javascript	18.156.98.77 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://statse.webtrendslive.com/dcsry2tyh10000s96h2x6oxgy_5t6k/wtid.js Requested by Host: isdzoop09.uk.r.appspot.com URL: https://isdzoop09.uk.r.appspot.com/irs.php?sa.www4.irs.gov/irfof-wmsp/notice;jsessionid=TmJE2NIaELcKxKd31U2CotBv.7c Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 18.156.98.77 , United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-18-156-98-77.eu-central-1.compute.amazonaws.com Software / Resource Hash d3f45949797ac9329127b9e128b0e0656aa48d5dbd8d5e8e42c8b451780c34f2 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Referer https://isdzoop09.uk.r.appspot.com/irs.php?sa.www4.irs.gov/irfof-wmsp/notice;jsessionid=TmJE2NIaELcKxKd31U2CotBv.7c User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers status 200 strict-transport-security max-age=31536000 date Mon, 16 Nov 2020 16:48:03 GMT content-length 10 content-type application/x-javascript
GET H2	200	help.gif rpr.irs.gov/images/	1 KB 1 KB	108ms 107ms	Image image/gif	2600:1400:d:395::3340 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://rpr.irs.gov/images/help.gif Requested by Host: rpr.irs.gov URL: https://rpr.irs.gov/css/global.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2600:1400:d:395::3340 , United States, ASN20940 (AKAMAI-ASN1, EU), Reverse DNS Software / Resource Hash 6d1f2cd11a95b4c376bd8770adeff1f56a00993cc7f85479c4732b41518175b0 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Frame-Options SAMEORIGIN Request headers Referer https://rpr.irs.gov/css/global.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Mon, 16 Nov 2020 16:48:03 GMT last-modified Thu, 09 Aug 2012 03:24:28 GMT x-frame-options SAMEORIGIN strict-transport-security max-age=31536000 content-type image/gif status 200 server-timing cdn-cache; desc=HIT, edge; dur=1 accept-ranges bytes content-length 1024
GET		source-sans-pro-regular.woff2 rpr.irs.gov/fonts/source-sans-pro/	0 0
GET H2	200	dcs.gif statse.webtrendslive.com/dcsry2tyh10000s96h2x6oxgy_5t6k/	67 B 136 B	27ms 25ms	Image image/gif	18.156.98.77 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://statse.webtrendslive.com/dcsry2tyh10000s96h2x6oxgy_5t6k/dcs.gif?&dcsdat=1605545283794&dcssip=isdzoop09.uk.r.appspot.com&dcsuri=/irs.php&dcsqry=%3Fsa.www4.irs.gov/irfof-wmsp/notice;jsessionid=TmJE2NIaELcKxKd31U2CotBv.7c&dcscfg=4&WT.tz=1&WT.bh=17&WT.ul=en-US&WT.cd=24&WT.sr=1600x1200&WT.jo=No&WT.ti=Internal%20Revenue%20Service&WT.js=Yes&WT.jv=1.5&WT.ct=unknown&WT.bs=1600x1200&WT.fv=Not%20enabled&WT.slv=Not%20enabled&WT.tv=8.5.0&WT.dl=0&WT.ssl=1&WT.es=isdzoop09.uk.r.appspot.com/irs.php&WT.vt_f_a=2&WT.vt_f=2 Requested by Host: isdzoop09.uk.r.appspot.com URL: https://isdzoop09.uk.r.appspot.com/irs.php?sa.www4.irs.gov/irfof-wmsp/notice;jsessionid=TmJE2NIaELcKxKd31U2CotBv.7c Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 18.156.98.77 , United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-18-156-98-77.eu-central-1.compute.amazonaws.com Software / Resource Hash 09d46019c7a75b96187202c3c8412182f27c413a9c3661857923dc8e94e91b7b Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Referer https://isdzoop09.uk.r.appspot.com/irs.php?sa.www4.irs.gov/irfof-wmsp/notice;jsessionid=TmJE2NIaELcKxKd31U2CotBv.7c User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers pragma no-cache date Mon, 16 Nov 2020 16:48:03 GMT strict-transport-security max-age=31536000 content-type image/gif status 200 cache-control no-cache content-length 67 expires -1
GET		source-sans-pro-regular.woff rpr.irs.gov/fonts/source-sans-pro/	0 0
GET		source-sans-pro-regular.ttf rpr.irs.gov/fonts/source-sans-pro/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

rpr.irs.gov

URL

https://rpr.irs.gov/fonts/source-sans-pro/source-sans-pro-regular.woff2

Domain

rpr.irs.gov

URL

https://rpr.irs.gov/fonts/source-sans-pro/source-sans-pro-regular.woff

Domain

rpr.irs.gov

URL

https://rpr.irs.gov/fonts/source-sans-pro/source-sans-pro-regular.ttf

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: IRS (Government)

59 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes object| _gat object| _gaq boolean| isOpera function| newWindow function| stop_doubleClick boolean| skipCheck function| checkRegExp function| checkRegExpSSN function| writeErrMsg function| checkDate function| checkNum function| checkString function| ariaLiveWrite function| doContactCopy function| copyContactClick object| contactList object| actualContactList function| setCopyFromLists function| checkZipFormat function| contactFieldHasVal string| lookupMsg function| writeZipChanges function| zipClick function| changefocustoziplookup function| changefocustocity function| changefocustostate function| changefocustocountry function| changefocustoziploading function| zipChange function| countryChange function| stateChange function| toolTipLink function| toolTipLinkBlur function| refreshDynamicElements undefined| dialog number| countdialogs boolean| ignoreTimeout function| sessionAboutExpireFromHeader function| sessionExpire function| dontQuit function| dialogSessionAboutExpired function| dialogSessionExpired function| readErrorBox function| adjustAriaAttrs function| getErrorText function| initNavigation function| initNavigation2 function| initFake function| initFake2 function| submitNavLink function| displayNavigation function| getLink function| WebTrends object| _tag string| blBodyLoaded

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

isdzoop09.uk.r.appspot.com
rpr.irs.gov
ssl.google-analytics.com
statse.webtrendslive.com
rpr.irs.gov
18.156.98.77
2600:1400:d:395::3340
2a00:1450:4001:803::2014
2a00:1450:4001:81d::2008
09d46019c7a75b96187202c3c8412182f27c413a9c3661857923dc8e94e91b7b
1053e407fd5265e90f9ae78696b90225653e38997144c4ae6d1ae3345126e2be
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
2c69269961a56643c7135cf7d4d978ee5441261c5c5c1a19a001093d9167d17a
42df9a2fd37f78076cf87a6b1e36f1993c4041257d724f879490b223555bdc14
6d1f2cd11a95b4c376bd8770adeff1f56a00993cc7f85479c4732b41518175b0
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
9ad9136a5330bd4c0f2974aca3dbd0de63502c215a9493930dd6b661353ea545
a220fecb147d92b992846511c68f1fb5a0e2a7bbbb295e4728ee154e12be1dde
a93519707a81cb28a022f528cc738ddf15d0d8aada113a00e89770875d07da14
b8ff231944517c9c153af98107a10283a19d49c73ef2559de3e34f2a3973b954
bba1e16886c809ff45922c11420e8cb00224028b8f83d7f058f34c82763ec84b
c93759b72d6cd8568a1f2edabc672c939e7996b707b6cd378161164b249d95bf
d3f45949797ac9329127b9e128b0e0656aa48d5dbd8d5e8e42c8b451780c34f2
d5d2ba315982ec17faa82d35ae6079bf747e03c89fcff4a669dc74c5d8888124