mygov-refund-au.com Open in urlscan Pro
2606:4700:3034::ac43:ab61 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://mygov-refund-au.com/
Effective URL:
https://mygov-refund-au.com/signin.php?execution=e11s1&lang=en-AU&session_id=QNG9aoIHtScdo8S73lRV7P8SLDVn8NKl3Wui820fvPVfkbE...
Submission: On July 01 via manual (July 1st 2020, 4:38:15 am UTC) from AU

Summary HTTP 9 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 9 HTTP transactions. The main IP is 2606:4700:3034::ac43:ab61, located in United States and belongs to CLOUDFLARENET, US. The main domain is mygov-refund-au.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on June 26th 2020. Valid for: a year.

This is the only time mygov-refund-au.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Australian Government (Government)

Domain & IP information

	IP Address		AS Autonomous System
1 10	2606:4700:303... 2606:4700:3034::ac43:ab61		13335 (CLOUDFLAR...) (CLOUDFLARENET)
9	1

10 2606:4700:3034::ac43:ab61 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

mygov-refund-au.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	mygov-refund-au.com 1 redirects mygov-refund-au.com	89 KB
9	1

	Domain	Requested by
10	mygov-refund-au.com	1 redirects mygov-refund-au.com
9	1

This site contains no links.

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-06-26` - `2021-06-26`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://mygov-refund-au.com/signin.php?execution=e11s1&lang=en-AU&session_id=QNG9aoIHtScdo8S73lRV7P8SLDVn8NKl3Wui820fvPVfkbETkJaXCMVJy6mHn4N1N7baWAgClDTf8Lbc
Frame ID: B0A6CCE120660E10199B1EC9163C2F5F
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://mygov-refund-au.com/ HTTP 301
https://mygov-refund-au.com/ Page URL
https://mygov-refund-au.com/signin.php?execution=e11s1&lang=en-AU&session_id=QNG9aoIHtScdo8S73lRV7P8SLDV... Page URL

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Page Statistics

9
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

89 kB
Transfer

330 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://mygov-refund-au.com/ HTTP 301
https://mygov-refund-au.com/ Page URL
https://mygov-refund-au.com/signin.php?execution=e11s1&lang=en-AU&session_id=QNG9aoIHtScdo8S73lRV7P8SLDVn8NKl3Wui820fvPVfkbETkJaXCMVJy6mHn4N1N7baWAgClDTf8Lbc Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://mygov-refund-au.com/ HTTP 301
https://mygov-refund-au.com/

9 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	/ Show response mygov-refund-au.com/ Redirect Chain http://mygov-refund-au.com/ https://mygov-refund-au.com/	217 B 700 B	578ms 558ms	Document text/html	2606:4700:3034::ac43:ab61 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://mygov-refund-au.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3034::ac43:ab61 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/7.3.15 Resource Hash `057784808d95dca4095598690d57eeeb681b214b384614533151e17800df6072` Request headers :method GET :authority mygov-refund-au.com :scheme https :path / pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers status 200 date Wed, 01 Jul 2020 04:37:41 GMT content-type text/html; charset=UTF-8 set-cookie __cfduid=d63e7ae0d7ea78d929c1970e3bd9693b41593578261; expires=Fri, 31-Jul-20 04:37:41 GMT; path=/; domain=.mygov-refund-au.com; HttpOnly; SameSite=Lax; Secure PHPSESSID=a40725ffc818e44e736e4119efa60638; path=/ x-powered-by PHP/7.3.15 expires Thu, 19 Nov 1981 08:52:00 GMT cache-control no-store, no-cache, must-revalidate pragma no-cache vary Accept-Encoding x-turbo-charged-by LiteSpeed cf-cache-status DYNAMIC cf-request-id 03aa43a25c00001f15d9bca200000001 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" server cloudflare cf-ray 5abd6ee3ca1c1f15-FRA content-encoding br Redirect headers Date Wed, 01 Jul 2020 04:37:41 GMT Transfer-Encoding chunked Connection keep-alive Cache-Control max-age=3600 Expires Wed, 01 Jul 2020 05:37:41 GMT Location https://mygov-refund-au.com/ cf-request-id 03aa43a23900000eafdb320200000001 Vary Accept-Encoding Server cloudflare CF-RAY 5abd6ee38b410eaf-FRA
GET H2	200	Primary Request signin.php Show response mygov-refund-au.com/	7 KB 2 KB	487ms 486ms	Document text/html	2606:4700:3034::ac43:ab61 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://mygov-refund-au.com/signin.php?execution=e11s1&lang=en-AU&session_id=QNG9aoIHtScdo8S73lRV7P8SLDVn8NKl3Wui820fvPVfkbETkJaXCMVJy6mHn4N1N7baWAgClDTf8Lbc Requested by Host: mygov-refund-au.com URL: https://mygov-refund-au.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3034::ac43:ab61 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/7.3.15 Resource Hash `7f3397b68d54824c56cd66d22c4a2ec86ca688374631c1c681ebe4246cc5d901` Request headers :method GET :authority mygov-refund-au.com :scheme https :path /signin.php?execution=e11s1&lang=en-AU&session_id=QNG9aoIHtScdo8S73lRV7P8SLDVn8NKl3Wui820fvPVfkbETkJaXCMVJy6mHn4N1N7baWAgClDTf8Lbc pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site same-origin sec-fetch-mode navigate sec-fetch-dest document referer https://mygov-refund-au.com/ accept-encoding gzip, deflate, br accept-language en-US cookie __cfduid=d63e7ae0d7ea78d929c1970e3bd9693b41593578261; PHPSESSID=a40725ffc818e44e736e4119efa60638 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer https://mygov-refund-au.com/ Response headers status 200 date Wed, 01 Jul 2020 04:37:42 GMT content-type text/html; charset=UTF-8 x-powered-by PHP/7.3.15 vary Accept-Encoding x-turbo-charged-by LiteSpeed cf-cache-status DYNAMIC cf-request-id 03aa43a49400001f15d9be1200000001 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" server cloudflare cf-ray 5abd6ee75f1c1f15-FRA content-encoding br
GET H2	200	mgv2-application.css mygov-refund-au.com/media/	91 KB 16 KB	15ms 14ms	Stylesheet text/css	2606:4700:3034::ac43:ab61 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://mygov-refund-au.com/media/mgv2-application.css Requested by Host: mygov-refund-au.com URL: https://mygov-refund-au.com/signin.php?execution=e11s1&lang=en-AU&session_id=QNG9aoIHtScdo8S73lRV7P8SLDVn8NKl3Wui820fvPVfkbETkJaXCMVJy6mHn4N1N7baWAgClDTf8Lbc Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3034::ac43:ab61 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `c685f135d7f7d92e049475dffaf571c90b73fb732368bcf895e777250fa32bb3` Request headers Referer https://mygov-refund-au.com/signin.php?execution=e11s1&lang=en-AU&session_id=QNG9aoIHtScdo8S73lRV7P8SLDVn8NKl3Wui820fvPVfkbETkJaXCMVJy6mHn4N1N7baWAgClDTf8Lbc User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 01 Jul 2020 04:37:42 GMT content-encoding br cf-cache-status HIT last-modified Mon, 01 Jun 2020 12:38:50 GMT server cloudflare age 87236 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type text/css status 200 cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed cf-ray 5abd6eea6bfe1f15-FRA cf-request-id 03aa43a68200001f15d9bf5200000001
GET H2	200	inline-white.svg mygov-refund-au.com/media/	113 KB 33 KB	20ms 19ms	Image image/svg+xml	2606:4700:3034::ac43:ab61 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://mygov-refund-au.com/media/inline-white.svg Requested by Host: mygov-refund-au.com URL: https://mygov-refund-au.com/signin.php?execution=e11s1&lang=en-AU&session_id=QNG9aoIHtScdo8S73lRV7P8SLDVn8NKl3Wui820fvPVfkbETkJaXCMVJy6mHn4N1N7baWAgClDTf8Lbc Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3034::ac43:ab61 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `42ded01e719714429c120fcb2076b685587196056c7e75306c7ba0da5fd91721` Request headers Referer https://mygov-refund-au.com/signin.php?execution=e11s1&lang=en-AU&session_id=QNG9aoIHtScdo8S73lRV7P8SLDVn8NKl3Wui820fvPVfkbETkJaXCMVJy6mHn4N1N7baWAgClDTf8Lbc User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 01 Jul 2020 04:37:42 GMT content-encoding br cf-cache-status HIT last-modified Sat, 02 May 2020 00:38:38 GMT server cloudflare age 87235 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/svg+xml status 200 cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed cf-ray 5abd6eea6bff1f15-FRA cf-request-id 03aa43a68200001f15d9bf6200000001 expires Tue, 07 Jul 2020 04:23:45 GMT
GET H2	200	logo.svg mygov-refund-au.com/media/	2 KB 1 KB	12ms 12ms	Image image/svg+xml	2606:4700:3034::ac43:ab61 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://mygov-refund-au.com/media/logo.svg Requested by Host: mygov-refund-au.com URL: https://mygov-refund-au.com/signin.php?execution=e11s1&lang=en-AU&session_id=QNG9aoIHtScdo8S73lRV7P8SLDVn8NKl3Wui820fvPVfkbETkJaXCMVJy6mHn4N1N7baWAgClDTf8Lbc Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3034::ac43:ab61 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `91e0d494b2136f506c63c13ebf1ac4a220a6e53a176ee4714505cf3703d0bdbb` Request headers Referer https://mygov-refund-au.com/signin.php?execution=e11s1&lang=en-AU&session_id=QNG9aoIHtScdo8S73lRV7P8SLDVn8NKl3Wui820fvPVfkbETkJaXCMVJy6mHn4N1N7baWAgClDTf8Lbc User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 01 Jul 2020 04:37:42 GMT content-encoding br cf-cache-status HIT last-modified Sat, 02 May 2020 00:38:38 GMT server cloudflare age 21512 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/svg+xml status 200 cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed cf-ray 5abd6eea8c361f15-FRA cf-request-id 03aa43a69500001f15d9bf8200000001 expires Tue, 07 Jul 2020 22:39:08 GMT
GET H2	404	hand-code-device.svg mygov-refund-au.com/media/	1 KB 1 KB	507ms 506ms	Image text/html	2606:4700:3034::ac43:ab61 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://mygov-refund-au.com/media/hand-code-device.svg Requested by Host: mygov-refund-au.com URL: https://mygov-refund-au.com/signin.php?execution=e11s1&lang=en-AU&session_id=QNG9aoIHtScdo8S73lRV7P8SLDVn8NKl3Wui820fvPVfkbETkJaXCMVJy6mHn4N1N7baWAgClDTf8Lbc Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3034::ac43:ab61 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `70c65bd0e084398a87baa298c1fafa52afff402096cb350d563d309565c07e83` Request headers Referer https://mygov-refund-au.com/signin.php?execution=e11s1&lang=en-AU&session_id=QNG9aoIHtScdo8S73lRV7P8SLDVn8NKl3Wui820fvPVfkbETkJaXCMVJy6mHn4N1N7baWAgClDTf8Lbc User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers pragma no-cache date Wed, 01 Jul 2020 04:37:42 GMT content-encoding br cf-cache-status BYPASS server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type text/html status 404 cache-control private, no-cache, no-store, must-revalidate, max-age=0 x-turbo-charged-by LiteSpeed cf-ray 5abd6eea9c451f15-FRA cf-request-id 03aa43a69b00001f15d9bf9200000001
GET H2	200	inline.svg mygov-refund-au.com/media/	113 KB 33 KB	22ms 22ms	Image image/svg+xml	2606:4700:3034::ac43:ab61 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://mygov-refund-au.com/media/inline.svg Requested by Host: mygov-refund-au.com URL: https://mygov-refund-au.com/signin.php?execution=e11s1&lang=en-AU&session_id=QNG9aoIHtScdo8S73lRV7P8SLDVn8NKl3Wui820fvPVfkbETkJaXCMVJy6mHn4N1N7baWAgClDTf8Lbc Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3034::ac43:ab61 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `f123bda4af8b57bf1a683920703c7841ba38aa4a98c02ef01b92d2b1d2696132` Request headers Referer https://mygov-refund-au.com/signin.php?execution=e11s1&lang=en-AU&session_id=QNG9aoIHtScdo8S73lRV7P8SLDVn8NKl3Wui820fvPVfkbETkJaXCMVJy6mHn4N1N7baWAgClDTf8Lbc User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 01 Jul 2020 04:37:42 GMT content-encoding br cf-cache-status HIT last-modified Sat, 02 May 2020 00:38:38 GMT server cloudflare age 87235 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/svg+xml status 200 cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed cf-ray 5abd6eea9c491f15-FRA cf-request-id 03aa43a69b00001f15d9bfa200000001 expires Tue, 07 Jul 2020 04:23:45 GMT
GET H2	404	va_resizelarge.svg mygov-refund-au.com/media/	1 KB 1 KB	517ms 517ms	Image text/html	2606:4700:3034::ac43:ab61 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://mygov-refund-au.com/media/va_resizelarge.svg Requested by Host: mygov-refund-au.com URL: https://mygov-refund-au.com/signin.php?execution=e11s1&lang=en-AU&session_id=QNG9aoIHtScdo8S73lRV7P8SLDVn8NKl3Wui820fvPVfkbETkJaXCMVJy6mHn4N1N7baWAgClDTf8Lbc Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3034::ac43:ab61 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `70c65bd0e084398a87baa298c1fafa52afff402096cb350d563d309565c07e83` Request headers Referer https://mygov-refund-au.com/media/mgv2-application.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers pragma no-cache date Wed, 01 Jul 2020 04:37:42 GMT content-encoding br cf-cache-status BYPASS server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type text/html status 404 cache-control private, no-cache, no-store, must-revalidate, max-age=0 x-turbo-charged-by LiteSpeed cf-ray 5abd6eea9c531f15-FRA cf-request-id 03aa43a69f00001f15d9bfc200000001
GET H2	200	va_arrowup.svg mygov-refund-au.com/media/	736 B 576 B	12ms 12ms	Image image/svg+xml	2606:4700:3034::ac43:ab61 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://mygov-refund-au.com/media/va_arrowup.svg Requested by Host: mygov-refund-au.com URL: https://mygov-refund-au.com/signin.php?execution=e11s1&lang=en-AU&session_id=QNG9aoIHtScdo8S73lRV7P8SLDVn8NKl3Wui820fvPVfkbETkJaXCMVJy6mHn4N1N7baWAgClDTf8Lbc Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3034::ac43:ab61 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `8634d0634f8c4e4c3d41b1f2a655e1fe16a75e4db4e6426fc5c1a6f45368443e` Request headers Referer https://mygov-refund-au.com/media/mgv2-application.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 01 Jul 2020 04:37:42 GMT content-encoding br cf-cache-status HIT last-modified Sat, 02 May 2020 00:38:40 GMT server cloudflare age 87234 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/svg+xml status 200 cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed cf-ray 5abd6eea9c571f15-FRA cf-request-id 03aa43a69f00001f15d9bfe200000001 expires Tue, 07 Jul 2020 04:23:46 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Australian Government (Government)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| check

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			mygov-refund-au.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: a40725ffc818e44e736e4119efa60638
			.mygov-refund-au.com/	1970-01-19 11:22:50	Name: __cfduid Value: d63e7ae0d7ea78d929c1970e3bd9693b41593578261

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

mygov-refund-au.com
2606:4700:3034::ac43:ab61
057784808d95dca4095598690d57eeeb681b214b384614533151e17800df6072
42ded01e719714429c120fcb2076b685587196056c7e75306c7ba0da5fd91721
70c65bd0e084398a87baa298c1fafa52afff402096cb350d563d309565c07e83
7f3397b68d54824c56cd66d22c4a2ec86ca688374631c1c681ebe4246cc5d901
8634d0634f8c4e4c3d41b1f2a655e1fe16a75e4db4e6426fc5c1a6f45368443e
91e0d494b2136f506c63c13ebf1ac4a220a6e53a176ee4714505cf3703d0bdbb
c685f135d7f7d92e049475dffaf571c90b73fb732368bcf895e777250fa32bb3
f123bda4af8b57bf1a683920703c7841ba38aa4a98c02ef01b92d2b1d2696132

mygov-refund-au.com Open in urlscan Pro 2606:4700:3034::ac43:ab61 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

9 Requests

100 %HTTPS

100 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

89 kBTransfer

330 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

2 Cookies

Indicators

mygov-refund-au.com Open in urlscan Pro
2606:4700:3034::ac43:ab61 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

89 kB
Transfer

330 kB
Size

2
Cookies

9 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!