irs_returns_taxtopics-irfofgetstatus_tc1203help-6508247eda733.blottedinq.com Open in urlscan Pro
2606:4700:3036::ac43:a1ce Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://irs_returns_taxtopics-irfofgetstatus_tc1203help-6508247eda733.blottedinq.com/refunds-getstatus_form2_irfof-IRServlet-en_lang/home.html?resource_url=https
Submission: On September 18 via api (September 18th 2023, 3:29:34 pm UTC) from US — Scanned from US

Summary HTTP 14 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 14 HTTP transactions. The main IP is 2606:4700:3036::ac43:a1ce, located in United States and belongs to CLOUDFLARENET, US. The main domain is irs_returns_taxtopics-irfofgetstatus_tc1203help-6508247eda733.blottedinq.com.
TLS certificate: Issued by GTS CA 1P5 on August 16th 2023. Valid for: 3 months.

This is the only time irs_returns_taxtopics-irfofgetstatus_tc1203help-6508247eda733.blottedinq.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: IRS (Government)

Domain & IP information

	IP Address		AS Autonomous System
14	2606:4700:303... 2606:4700:3036::ac43:a1ce		13335 (CLOUDFLAR...) (CLOUDFLARENET)
14	1

14 2606:4700:3036::ac43:a1ce (United States)

ASN13335 (CLOUDFLARENET, US)

irs_returns_taxtopics-irfofgetstatus_tc1203help-6508247eda733.blottedinq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	blottedinq.com irs_returns_taxtopics-irfofgetstatus_tc1203help-6508247eda733.blottedinq.com	55 KB
14	1

	Domain	Requested by
14	irs_returns_taxtopics-irfofgetstatus_tc1203help-6508247eda733.blottedinq.com	irs_returns_taxtopics-irfofgetstatus_tc1203help-6508247eda733.blottedinq.com
14	1

This site contains no links.

Subject Issuer	Validity	Valid
blottedinq.com GTS CA 1P5	`2023-08-16` - `2023-11-14`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://irs_returns_taxtopics-irfofgetstatus_tc1203help-6508247eda733.blottedinq.com/refunds-getstatus_form2_irfof-IRServlet-en_lang/home.html?resource_url=https
Frame ID: 622854B68AB94D79C25869A907488E3F
Requests: 13 HTTP requests in this frame

Frame: https://irs_returns_taxtopics-irfofgetstatus_tc1203help-6508247eda733.blottedinq.com/refunds-getstatus_form2_irfof-IRServlet-en_lang/home_files/saved_resource.htm
Frame ID: CCE15F228E05EAAA9D7BBDBE73508888
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Get Refund Status

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css

Page Statistics

14
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

55 kB
Transfer

244 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request home.html Show response irs_returns_taxtopics-irfofgetstatus_tc1203help-6508247eda733.blottedinq.com/refunds-getstatus_form2_irfof-IRServlet-en_lang/	12 KB 4 KB	429ms 209ms	Document text/html	2606:4700:3036::ac43:a1ce CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://irs_returns_taxtopics-irfofgetstatus_tc1203help-6508247eda733.blottedinq.com/refunds-getstatus_form2_irfof-IRServlet-en_lang/home.html?resource_url=https Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3036::ac43:a1ce , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `ad2f435f42c01c935af717382851192b5d51ff23b18ca31ee19bf605a01f3446` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 accept-language en-US,en;q=0.9 Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 808a9fe1cf2e4bcc-BUF content-encoding br content-type text/html date Mon, 18 Sep 2023 15:29:27 GMT last-modified Tue, 25 Apr 2023 15:40:36 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SXw%2FfvaRIBOr1MkLXPiuf7EpzJimc1pShFIz0SK%2BDxMAT7sPKcpRwhd0azJ4QChP%2B5ErwtsCjZhrlOHkDIe0%2BlJDYlMecV%2BcT7mkkqI4yXeArhhlcwTieiaGzjfNTeOjkMihbTL7sIhsnRr91x44dW0AC%2BauFNcd%2FMDN4vzBEiY5w3mAiDErVEX04idYMkCNF0jOI%2BOiKUsPQnri%2BXAyC4YuA%2FQGvr3zxKiu"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding
GET H2	200	bootstrap.css irs_returns_taxtopics-irfofgetstatus_tc1203help-6508247eda733.blottedinq.com/refunds-getstatus_form2_irfof-IRServlet-en_lang/home_files/	152 KB 24 KB	315ms 313ms	Stylesheet text/css	2606:4700:3036::ac43:a1ce CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://irs_returns_taxtopics-irfofgetstatus_tc1203help-6508247eda733.blottedinq.com/refunds-getstatus_form2_irfof-IRServlet-en_lang/home_files/bootstrap.css Requested by Host: irs_returns_taxtopics-irfofgetstatus_tc1203help-6508247eda733.blottedinq.com URL: https://irs_returns_taxtopics-irfofgetstatus_tc1203help-6508247eda733.blottedinq.com/refunds-getstatus_form2_irfof-IRServlet-en_lang/home.html?resource_url=https Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3036::ac43:a1ce , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36` Request headers accept-language en-US,en;q=0.9 Referer https://irs_returns_taxtopics-irfofgetstatus_tc1203help-6508247eda733.blottedinq.com/refunds-getstatus_form2_irfof-IRServlet-en_lang/home.html?resource_url=https User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers date Mon, 18 Sep 2023 15:29:27 GMT content-encoding br cf-cache-status EXPIRED last-modified Wed, 08 Jun 2022 21:09:34 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"2606e-5e0f61f399f80-gzip" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DGiZh9Rf1lovszXgMj%2BGkteE5n6WiPJnftuEOA2Smy46ASrlNBiwAvwdZ5y%2BnORWo6rZIAEiryDica18SctzhR3H9jcEd2eaHcEw66HOFBPXfEXVXFHqkbFJfZP%2Fm2bBI3IHWYa6f%2FgZie%2BaFpOGEyqZfh%2BGZ%2FDaiDgeOlv8e6apxA9kaV%2BWSU1mGeBU8pEkM8%2Bs3873NXoerZ2V0Xtx7vFBKI0iCF5BS14v"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 808a9fe32f394bcc-BUF alt-svc h3=":443"; ma=86400
GET H2	200	jquery-ui.css irs_returns_taxtopics-irfofgetstatus_tc1203help-6508247eda733.blottedinq.com/refunds-getstatus_form2_irfof-IRServlet-en_lang/home_files/	31 KB 8 KB	221ms 219ms	Stylesheet text/css	2606:4700:3036::ac43:a1ce CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://irs_returns_taxtopics-irfofgetstatus_tc1203help-6508247eda733.blottedinq.com/refunds-getstatus_form2_irfof-IRServlet-en_lang/home_files/jquery-ui.css Requested by Host: irs_returns_taxtopics-irfofgetstatus_tc1203help-6508247eda733.blottedinq.com URL: https://irs_returns_taxtopics-irfofgetstatus_tc1203help-6508247eda733.blottedinq.com/refunds-getstatus_form2_irfof-IRServlet-en_lang/home.html?resource_url=https Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3036::ac43:a1ce , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `ca4df2bf400a42d8752e115f03366a90b2b4ed06b2da9ef429d41fda5f15705e` Request headers accept-language en-US,en;q=0.9 Referer https://irs_returns_taxtopics-irfofgetstatus_tc1203help-6508247eda733.blottedinq.com/refunds-getstatus_form2_irfof-IRServlet-en_lang/home.html?resource_url=https User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers date Mon, 18 Sep 2023 15:29:27 GMT content-encoding br cf-cache-status EXPIRED last-modified Wed, 08 Jun 2022 21:09:34 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"7d52-5e0f61f399f80-gzip" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=avW0iVNaE5IFFVp64zlYV2Im4PztLqysXKE8%2FYKf0JHZfHG6A9XM8%2BfkwWWyBJfACZOE9H7GQ0iuIiUCTJaogey8pHbgyB2AZPGK6bAYGSXS62aVKbCMcpTYYsdQj0Jk5B%2Bn2T3tVPtVAB0fXyHw4kGQ%2BwslIInIdOdII3OFMn%2Bs%2FxZRBJm7zuv52SeTlHTtavDhXlAL4LZwy%2F7JREzvLp6dExgv0xR0A3F9"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 808a9fe32f3a4bcc-BUF alt-svc h3=":443"; ma=86400
GET H2	200	irs.css irs_returns_taxtopics-irfofgetstatus_tc1203help-6508247eda733.blottedinq.com/refunds-getstatus_form2_irfof-IRServlet-en_lang/home_files/	6 KB 2 KB	217ms 216ms	Stylesheet text/css	2606:4700:3036::ac43:a1ce CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://irs_returns_taxtopics-irfofgetstatus_tc1203help-6508247eda733.blottedinq.com/refunds-getstatus_form2_irfof-IRServlet-en_lang/home_files/irs.css Requested by Host: irs_returns_taxtopics-irfofgetstatus_tc1203help-6508247eda733.blottedinq.com URL: https://irs_returns_taxtopics-irfofgetstatus_tc1203help-6508247eda733.blottedinq.com/refunds-getstatus_form2_irfof-IRServlet-en_lang/home.html?resource_url=https Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3036::ac43:a1ce , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `c091629a45d384695d3aa0fcea2210eab8edff323d8ecbf81e3a04fda820d7f4` Request headers accept-language en-US,en;q=0.9 Referer https://irs_returns_taxtopics-irfofgetstatus_tc1203help-6508247eda733.blottedinq.com/refunds-getstatus_form2_irfof-IRServlet-en_lang/home.html?resource_url=https User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers date Mon, 18 Sep 2023 15:29:27 GMT content-encoding br cf-cache-status EXPIRED last-modified Wed, 08 Jun 2022 21:09:34 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"16ae-5e0f61f399f80-gzip" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Dw8hZfzuHVCPhPYOTenvUkTuICcxvLKf%2BA%2Fqu9JZkB0A78ruptB96wtRqz66HJaPBTxsrVWSWq5ijwi1APQ%2BDWkjm2x7HUjz4g4cmPZgiY5Oi171nhWXmFfR8CCnKlzhZ2bBx0MNLCfuIZTfDXqE%2F8RAEEbxwfoXy5Yj%2B4E3LZq6gv%2BD3cBpcBnj9o8d7UGBkynF9S1VoEupsY29lLLCpCLzGxFykR%2BRiyb0"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 808a9fe32f3b4bcc-BUF alt-svc h3=":443"; ma=86400
GET H2	200	app.css irs_returns_taxtopics-irfofgetstatus_tc1203help-6508247eda733.blottedinq.com/refunds-getstatus_form2_irfof-IRServlet-en_lang/home_files/	9 KB 3 KB	218ms 216ms	Stylesheet text/css	2606:4700:3036::ac43:a1ce CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://irs_returns_taxtopics-irfofgetstatus_tc1203help-6508247eda733.blottedinq.com/refunds-getstatus_form2_irfof-IRServlet-en_lang/home_files/app.css Requested by Host: irs_returns_taxtopics-irfofgetstatus_tc1203help-6508247eda733.blottedinq.com URL: https://irs_returns_taxtopics-irfofgetstatus_tc1203help-6508247eda733.blottedinq.com/refunds-getstatus_form2_irfof-IRServlet-en_lang/home.html?resource_url=https Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3036::ac43:a1ce , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `f4b254c69add59c9263fc046268904bcb604aaef26626ad2dd7ba2f9b2965f52` Request headers accept-language en-US,en;q=0.9 Referer https://irs_returns_taxtopics-irfofgetstatus_tc1203help-6508247eda733.blottedinq.com/refunds-getstatus_form2_irfof-IRServlet-en_lang/home.html?resource_url=https User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers date Mon, 18 Sep 2023 15:29:27 GMT content-encoding br cf-cache-status EXPIRED last-modified Wed, 08 Jun 2022 21:09:34 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"2467-5e0f61f399f80-gzip" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8Q3XuLFYQkgEDfA8e2pV0A3G9QCfThNdHQUN09wXFgEhleKpp6Xrya7DovLYWtjEf2bBNVOgUUobYPk9VlQkQmvKwtJY9ERSS380f1BeOY8E99YhQxP4oVD2%2B%2FYMDo7Z2qzs%2B2COXdbfLnPC8rWw91HQw0d4aX7uMqd8Axs%2FfsljhPxpS4PACs3q6%2Fto0%2FLMgnyw0%2FNxnVn4vq93L5qVh1R2zIBUsfsHvoFC"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 808a9fe32f3c4bcc-BUF alt-svc h3=":443"; ma=86400
GET H2	200	app-error.css irs_returns_taxtopics-irfofgetstatus_tc1203help-6508247eda733.blottedinq.com/refunds-getstatus_form2_irfof-IRServlet-en_lang/home_files/	786 B 654 B	216ms 215ms	Stylesheet text/css	2606:4700:3036::ac43:a1ce CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://irs_returns_taxtopics-irfofgetstatus_tc1203help-6508247eda733.blottedinq.com/refunds-getstatus_form2_irfof-IRServlet-en_lang/home_files/app-error.css Requested by Host: irs_returns_taxtopics-irfofgetstatus_tc1203help-6508247eda733.blottedinq.com URL: https://irs_returns_taxtopics-irfofgetstatus_tc1203help-6508247eda733.blottedinq.com/refunds-getstatus_form2_irfof-IRServlet-en_lang/home.html?resource_url=https Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3036::ac43:a1ce , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `c4abb35ccb93590308661b4dafacfe380c89aef07e2d94499d23f1637137bd1c` Request headers accept-language en-US,en;q=0.9 Referer https://irs_returns_taxtopics-irfofgetstatus_tc1203help-6508247eda733.blottedinq.com/refunds-getstatus_form2_irfof-IRServlet-en_lang/home.html?resource_url=https User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers date Mon, 18 Sep 2023 15:29:27 GMT content-encoding br cf-cache-status EXPIRED last-modified Wed, 08 Jun 2022 21:09:34 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"312-5e0f61f399f80-gzip" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Oa4hMQEPkD%2F5GcasHwnonxTqgaTydjgr3xtp9nIy7y4T6FBhdyiF3FtnFma7M%2Bb7QFBxyAMGJhIvIlC42OGJOCeBcSt7Uy8M%2BEqUisVFpiReqZH91aWVQrDE4jSXm4kqf3HjfhLIKXlLgr6mmWLkmmtHSNFT8vsJMHFdM0jMM65PjvsF%2FqZ4%2Bnj9NXg72Ak%2BftHnVhuujHDbgKN5iS5XdLdTcfj%2Bs3r7Kll4"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 808a9fe32f3d4bcc-BUF alt-svc h3=":443"; ma=86400
GET H2	200	wmsp-shared-secrets.css irs_returns_taxtopics-irfofgetstatus_tc1203help-6508247eda733.blottedinq.com/refunds-getstatus_form2_irfof-IRServlet-en_lang/home_files/	3 KB 1 KB	215ms 214ms	Stylesheet text/css	2606:4700:3036::ac43:a1ce CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://irs_returns_taxtopics-irfofgetstatus_tc1203help-6508247eda733.blottedinq.com/refunds-getstatus_form2_irfof-IRServlet-en_lang/home_files/wmsp-shared-secrets.css Requested by Host: irs_returns_taxtopics-irfofgetstatus_tc1203help-6508247eda733.blottedinq.com URL: https://irs_returns_taxtopics-irfofgetstatus_tc1203help-6508247eda733.blottedinq.com/refunds-getstatus_form2_irfof-IRServlet-en_lang/home.html?resource_url=https Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3036::ac43:a1ce , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `fd8245e841b019e192658b02f6d510112f6793dace36c4b29cc44ab2ab6179cd` Request headers accept-language en-US,en;q=0.9 Referer https://irs_returns_taxtopics-irfofgetstatus_tc1203help-6508247eda733.blottedinq.com/refunds-getstatus_form2_irfof-IRServlet-en_lang/home.html?resource_url=https User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers date Mon, 18 Sep 2023 15:29:27 GMT content-encoding br cf-cache-status EXPIRED last-modified Wed, 08 Jun 2022 21:09:34 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"cb8-5e0f61f399f80-gzip" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KgtD2%2FbVmKnuAoWFbhthUAUraycXxjaoo1zVBMdIFt4b4LuLohRwsvHSWkIhGa7Co5b%2FAQoqfuLvlmHo%2Bnb1FY3fNvIKtgHiPSvnhsbvFr5mWtYxPqxh9FqeIvSFsz9vU%2FqeelJDyyw8k7RSX%2Bl8U7GQ0%2FI2Zkl9OC5yAAhIvzZ1khAumdZNqRpM1glCCZJNftBnCf0kKI%2BvVuyiJz36tFQVwIpBZUfT21Er"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 808a9fe32f3e4bcc-BUF alt-svc h3=":443"; ma=86400
GET H2	200	wmsp-results.css irs_returns_taxtopics-irfofgetstatus_tc1203help-6508247eda733.blottedinq.com/refunds-getstatus_form2_irfof-IRServlet-en_lang/home_files/	2 KB 943 B	218ms 217ms	Stylesheet text/css	2606:4700:3036::ac43:a1ce CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://irs_returns_taxtopics-irfofgetstatus_tc1203help-6508247eda733.blottedinq.com/refunds-getstatus_form2_irfof-IRServlet-en_lang/home_files/wmsp-results.css Requested by Host: irs_returns_taxtopics-irfofgetstatus_tc1203help-6508247eda733.blottedinq.com URL: https://irs_returns_taxtopics-irfofgetstatus_tc1203help-6508247eda733.blottedinq.com/refunds-getstatus_form2_irfof-IRServlet-en_lang/home.html?resource_url=https Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3036::ac43:a1ce , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `c270883773a53da36d154ea13ce8ea8451489c25aabd20e60ef6eb65c4fe439d` Request headers accept-language en-US,en;q=0.9 Referer https://irs_returns_taxtopics-irfofgetstatus_tc1203help-6508247eda733.blottedinq.com/refunds-getstatus_form2_irfof-IRServlet-en_lang/home.html?resource_url=https User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers date Mon, 18 Sep 2023 15:29:27 GMT content-encoding br cf-cache-status EXPIRED last-modified Wed, 08 Jun 2022 21:09:34 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"673-5e0f61f399f80-gzip" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dbeh39J%2FabLRmY4dAF0C1ZhJreDetKWMQ5LGziQyY4ZsicD9KPYWfXkix%2F89gdww%2FxLH7vMeSZ0mKPdds6mDouyqZRCEGCp9vksXjnrfWfeguSqWDSU8kNnpQCyHiG%2F3AKdI18pscwkqO8VQaYtmaRcr6k0dLa9FRO1MMQNC7lBbBWTPCdOnE5rKfUj9KH2Yyey%2FJ5RAFm14AJ8uXqGRjsYaMLy9cP06mkuF"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 808a9fe32f3f4bcc-BUF alt-svc h3=":443"; ma=86400
GET H2	200	datepicker.css irs_returns_taxtopics-irfofgetstatus_tc1203help-6508247eda733.blottedinq.com/refunds-getstatus_form2_irfof-IRServlet-en_lang/home_files/	21 KB 3 KB	219ms 218ms	Stylesheet text/css	2606:4700:3036::ac43:a1ce CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://irs_returns_taxtopics-irfofgetstatus_tc1203help-6508247eda733.blottedinq.com/refunds-getstatus_form2_irfof-IRServlet-en_lang/home_files/datepicker.css Requested by Host: irs_returns_taxtopics-irfofgetstatus_tc1203help-6508247eda733.blottedinq.com URL: https://irs_returns_taxtopics-irfofgetstatus_tc1203help-6508247eda733.blottedinq.com/refunds-getstatus_form2_irfof-IRServlet-en_lang/home.html?resource_url=https Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3036::ac43:a1ce , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `a2538e625a9042c2cd54e13cf52221fce1831dd12c5ca4cdac23137ac22e3010` Request headers accept-language en-US,en;q=0.9 Referer https://irs_returns_taxtopics-irfofgetstatus_tc1203help-6508247eda733.blottedinq.com/refunds-getstatus_form2_irfof-IRServlet-en_lang/home.html?resource_url=https User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers date Mon, 18 Sep 2023 15:29:27 GMT content-encoding br cf-cache-status EXPIRED last-modified Wed, 08 Jun 2022 21:09:34 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"52fc-5e0f61f399f80-gzip" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n%2Fn%2FkgtSiOogk9V61UKVjTbAdyn3NxWm8wwvIGRxbRWkJDNHyEW5jAJgyQ9xzZwLo2LprJIG3eAct%2B6eIyZhjzAiK015gzptCQZq8aV8prrnUaoTqC%2FveVGh4scPoh1PtE9RvqSpyZMmXufL1ZB7pA64CdZuSf1xKxmUCnqXUKkrry%2BV19hN3h15e%2FhrFxs0MIbFbanHbLoBE%2BrPfrw42lKx7D5bD5dwPgTa"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 808a9fe32f404bcc-BUF alt-svc h3=":443"; ma=86400
GET H3	200	logo.png irs_returns_taxtopics-irfofgetstatus_tc1203help-6508247eda733.blottedinq.com/refunds-getstatus_form2_irfof-IRServlet-en_lang/home_files/	5 KB 5 KB	220ms 220ms	Image image/png	2606:4700:3036::ac43:a1ce CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://irs_returns_taxtopics-irfofgetstatus_tc1203help-6508247eda733.blottedinq.com/refunds-getstatus_form2_irfof-IRServlet-en_lang/home_files/logo.png Requested by Host: irs_returns_taxtopics-irfofgetstatus_tc1203help-6508247eda733.blottedinq.com URL: https://irs_returns_taxtopics-irfofgetstatus_tc1203help-6508247eda733.blottedinq.com/refunds-getstatus_form2_irfof-IRServlet-en_lang/home.html?resource_url=https Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3036::ac43:a1ce , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `02ceea374fce34ce8272bb17a67fd862c8ff49eeb05938154570701ca7a62ea7` Request headers accept-language en-US,en;q=0.9 Referer https://irs_returns_taxtopics-irfofgetstatus_tc1203help-6508247eda733.blottedinq.com/refunds-getstatus_form2_irfof-IRServlet-en_lang/home.html?resource_url=https User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers date Mon, 18 Sep 2023 15:29:27 GMT cf-cache-status REVALIDATED last-modified Wed, 08 Jun 2022 21:09:34 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "1220-5e0f61f399f80" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mr9xK5TsfXYvi1x8ZNjvNtgA4eLMVX3O1KCD7FlAWH1UqvZQ1JOwQuxMfWZh45cqhstXQqWNk6hL9YhpKuWs0eOG7ylFim52XXpZzWih0sTgi6C0lE%2B87PbSvhYA9cw168D5aQR88kByOMQF6NfnuQfeRlBhY%2Bs4JZQPjT2sCmS1lkRva3CUAu3p1J4kN%2BJkfT73AVxRAn3uBGFuYVK6wEwwfTNlT1zisPtX"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 accept-ranges bytes cf-ray 808a9fe48b184bc7-BUF alt-svc h3=":443"; ma=86400 content-length 4640
GET H3	200	irs_horiz_white.png irs_returns_taxtopics-irfofgetstatus_tc1203help-6508247eda733.blottedinq.com/refunds-getstatus_form2_irfof-IRServlet-en_lang/home_files/	1 KB 2 KB	208ms 208ms	Image image/png	2606:4700:3036::ac43:a1ce CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://irs_returns_taxtopics-irfofgetstatus_tc1203help-6508247eda733.blottedinq.com/refunds-getstatus_form2_irfof-IRServlet-en_lang/home_files/irs_horiz_white.png Requested by Host: irs_returns_taxtopics-irfofgetstatus_tc1203help-6508247eda733.blottedinq.com URL: https://irs_returns_taxtopics-irfofgetstatus_tc1203help-6508247eda733.blottedinq.com/refunds-getstatus_form2_irfof-IRServlet-en_lang/home.html?resource_url=https Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3036::ac43:a1ce , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `5d3238bdb8ee9440978b31fadb2af34965dca58b179a1225e13316d4c6cfd5e8` Request headers accept-language en-US,en;q=0.9 Referer https://irs_returns_taxtopics-irfofgetstatus_tc1203help-6508247eda733.blottedinq.com/refunds-getstatus_form2_irfof-IRServlet-en_lang/home.html?resource_url=https User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers date Mon, 18 Sep 2023 15:29:28 GMT cf-cache-status REVALIDATED last-modified Wed, 08 Jun 2022 21:09:34 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "5da-5e0f61f399f80" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uUs4fdbaWLdc3b2UJIXzrIzE%2B2wLI7RHBInuNk%2BsVxz5a%2BuSqjthRobSZ%2F4Pe7fR9x0ONdtWmbTCj7iIQD%2B30Yh0WkDEUuGE6fT8V64O0oj%2BohOzAMR%2B8KKT32Ou3RwQ4jJqzrqZdxx7feMbzGAX41H3k5t5ZUDmrZojucVv9zTynzBCkwKpo7EXGNU9tg%2BfX9uyu7ZlXL%2BtwJ4QLQkzpdRHIiSJg8g4GZzo"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 accept-ranges bytes cf-ray 808a9fe51b1a4bc7-BUF alt-svc h3=":443"; ma=86400 content-length 1498
GET H3	200	saved_resource.htm Show response irs_returns_taxtopics-irfofgetstatus_tc1203help-6508247eda733.blottedinq.com/refunds-getstatus_form2_irfof-IRServlet-en_lang/home_files/ Frame CCE1	313 B 680 B	130ms 130ms	Document text/html	2606:4700:3036::ac43:a1ce CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://irs_returns_taxtopics-irfofgetstatus_tc1203help-6508247eda733.blottedinq.com/refunds-getstatus_form2_irfof-IRServlet-en_lang/home_files/saved_resource.htm Requested by Host: irs_returns_taxtopics-irfofgetstatus_tc1203help-6508247eda733.blottedinq.com URL: https://irs_returns_taxtopics-irfofgetstatus_tc1203help-6508247eda733.blottedinq.com/refunds-getstatus_form2_irfof-IRServlet-en_lang/home.html?resource_url=https Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3036::ac43:a1ce , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `6afaa120b93af4f452d55328c8a2e686ab93ef0e4baa5b049a808d471cb7781f` Request headers Referer https://irs_returns_taxtopics-irfofgetstatus_tc1203help-6508247eda733.blottedinq.com/refunds-getstatus_form2_irfof-IRServlet-en_lang/home.html?resource_url=https Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 accept-language en-US,en;q=0.9 Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 808a9fe52b1b4bc7-BUF content-encoding br content-type text/html date Mon, 18 Sep 2023 15:29:27 GMT last-modified Wed, 08 Jun 2022 21:09:34 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aBQ78yCQhKXkMyr%2F53aXESFq7ZveHoRd96a%2B8WzNnhkTjYjJi9bX7HjZ5Yi0x%2FtNt79O4fl405JjF61WQYzN1X0kaazV2u67bZmGi0wfndT6DHjB0jWidoNNDCm%2FElbC8UkJg1Y%2B9mPzwpwFKx4fCdtao8cxR%2BHGIvIDvY9L0r7n%2Biv69gIV7lhJiswUBUdKsPJUqdsybkEVZPzYbxdEcAxU7DyxfinqoC3o"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding
GET H3	404	swirl_lighter_ca6f4deb.png irs_returns_taxtopics-irfofgetstatus_tc1203help-6508247eda733.blottedinq.com/refunds-getstatus_form2_irfof-IRServlet-en_lang/images/	338 B 338 B	130ms 129ms	Image text/html	2606:4700:3036::ac43:a1ce CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://irs_returns_taxtopics-irfofgetstatus_tc1203help-6508247eda733.blottedinq.com/refunds-getstatus_form2_irfof-IRServlet-en_lang/images/swirl_lighter_ca6f4deb.png Requested by Host: irs_returns_taxtopics-irfofgetstatus_tc1203help-6508247eda733.blottedinq.com URL: https://irs_returns_taxtopics-irfofgetstatus_tc1203help-6508247eda733.blottedinq.com/refunds-getstatus_form2_irfof-IRServlet-en_lang/home_files/app.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3036::ac43:a1ce , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `10a8435667c449b953722143c20c6258a617c3d4afae9b07ec202f03623954f8` Request headers accept-language en-US,en;q=0.9 Referer https://irs_returns_taxtopics-irfofgetstatus_tc1203help-6508247eda733.blottedinq.com/refunds-getstatus_form2_irfof-IRServlet-en_lang/home_files/app.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers date Mon, 18 Sep 2023 15:29:27 GMT content-encoding br cf-cache-status EXPIRED nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eHRR%2FJ7Znnaa3jjWu%2BplSLl5c152OM%2FJuk3fK62gCEsAwfbzaeePLILxkYOTo9OszvQDkPWuV8qmBiPIqyrXkmew%2BMfQQNe%2Bagjgf7onsIs13y9ZfFy%2Bv%2BEtY3bOr9qBZDhvJOvIBAAS0YA9MJg9YBsTgBEsh9g1y9BVXo%2FTnMl3Tnl0EBzmd54xnezExKntsfgJjfgxQrmjut50Nn7LLWWfJX6vKyaF%2F6KC"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=iso-8859-1 cache-control max-age=14400 cf-ray 808a9fe52b1c4bc7-BUF alt-svc h3=":443"; ma=86400
GET H3	404	us.png irs_returns_taxtopics-irfofgetstatus_tc1203help-6508247eda733.blottedinq.com/assets/img/	338 B 338 B	215ms 214ms	Image text/html	2606:4700:3036::ac43:a1ce CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://irs_returns_taxtopics-irfofgetstatus_tc1203help-6508247eda733.blottedinq.com/assets/img/us.png Requested by Host: irs_returns_taxtopics-irfofgetstatus_tc1203help-6508247eda733.blottedinq.com URL: https://irs_returns_taxtopics-irfofgetstatus_tc1203help-6508247eda733.blottedinq.com/refunds-getstatus_form2_irfof-IRServlet-en_lang/home_files/app.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3036::ac43:a1ce , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `10a8435667c449b953722143c20c6258a617c3d4afae9b07ec202f03623954f8` Request headers accept-language en-US,en;q=0.9 Referer https://irs_returns_taxtopics-irfofgetstatus_tc1203help-6508247eda733.blottedinq.com/refunds-getstatus_form2_irfof-IRServlet-en_lang/home_files/app.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers date Mon, 18 Sep 2023 15:29:28 GMT content-encoding br cf-cache-status EXPIRED nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M6svXe7pQQJPHENK5BCibMw%2BkBlZG7fZZc2WQt2dxZog5vnFEU7ezkxqoU7yvLpk2yITV%2Bbsiuagm2mody3DxEywbzkgrnjpPZwx%2Fk%2FpqZ5mjnQT9g2vOYp9XFBymokoPVl6UkuFPuJESY3qAASgLt1hy2n%2FnhoApHSa81MZBd2ruof1wz2fwgNOhc2PoZkzc5r9r6BYs8VLDZqDBeQ61gT1Gmtb7ft1yw%2Fk"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=iso-8859-1 cache-control max-age=14400 cf-ray 808a9fe53b1d4bc7-BUF alt-svc h3=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: IRS (Government)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://irs_returns_taxtopics-irfofgetstatus_tc1203help-6508247eda733.blottedinq.com/refunds-getstatus_form2_irfof-IRServlet-en_lang/images/swirl_lighter_ca6f4deb.png Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://irs_returns_taxtopics-irfofgetstatus_tc1203help-6508247eda733.blottedinq.com/assets/img/us.png Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

irs_returns_taxtopics-irfofgetstatus_tc1203help-6508247eda733.blottedinq.com
2606:4700:3036::ac43:a1ce
02ceea374fce34ce8272bb17a67fd862c8ff49eeb05938154570701ca7a62ea7
10a8435667c449b953722143c20c6258a617c3d4afae9b07ec202f03623954f8
5d3238bdb8ee9440978b31fadb2af34965dca58b179a1225e13316d4c6cfd5e8
60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36
6afaa120b93af4f452d55328c8a2e686ab93ef0e4baa5b049a808d471cb7781f
a2538e625a9042c2cd54e13cf52221fce1831dd12c5ca4cdac23137ac22e3010
ad2f435f42c01c935af717382851192b5d51ff23b18ca31ee19bf605a01f3446
c091629a45d384695d3aa0fcea2210eab8edff323d8ecbf81e3a04fda820d7f4
c270883773a53da36d154ea13ce8ea8451489c25aabd20e60ef6eb65c4fe439d
c4abb35ccb93590308661b4dafacfe380c89aef07e2d94499d23f1637137bd1c
ca4df2bf400a42d8752e115f03366a90b2b4ed06b2da9ef429d41fda5f15705e
f4b254c69add59c9263fc046268904bcb604aaef26626ad2dd7ba2f9b2965f52
fd8245e841b019e192658b02f6d510112f6793dace36c4b29cc44ab2ab6179cd

irs_returns_taxtopics-irfofgetstatus_tc1203help-6508247eda733.blottedinq.com Open in urlscan Pro 2606:4700:3036::ac43:a1ce Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

14 Requests

100 %HTTPS

100 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

55 kBTransfer

244 kBSize

0 Cookies

0 Outgoing links

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

7 JavaScript Global Variables

0 Cookies

2 Console Messages

Indicators

irs_returns_taxtopics-irfofgetstatus_tc1203help-6508247eda733.blottedinq.com Open in urlscan Pro
2606:4700:3036::ac43:a1ce Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

55 kB
Transfer

244 kB
Size

0
Cookies

14 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!