masalik.ae Open in urlscan Pro
209.182.213.214 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://tg.pe/xRwK
Effective URL:
https://masalik.ae/temp/GetMyPayment.html?IRSStimulusOnline&bn=3a87f6b7JKASHGD871236871KAJSJHGAJKjhsghdgsjkc2088874...
Submission Tags: 7588445
Submission: On July 11 via api (July 11th 2022, 6:59:55 pm UTC) from NL — Scanned from NL

Summary HTTP 17 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 2 countries across 4 domains to perform 17 HTTP transactions. The main IP is 209.182.213.214, located in United States and belongs to IMH-IAD, US. The main domain is masalik.ae.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on December 9th 2021. Valid for: a year.

This is the only time masalik.ae was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: IRS (Government)

Domain & IP information

	IP Address	AS Autonomous System
2	2606:4700:303... 2606:4700:3030::ac43:ca09	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:82a::2008	15169 (GOOGLE) (GOOGLE)
1 11	209.182.213.214 209.182.213.214	54641 (IMH-IAD) (IMH-IAD)
2	2a00:1450:400... 2a00:1450:4001:808::200e	15169 (GOOGLE) (GOOGLE)
17	5

2 2606:4700:3030::ac43:ca09 (United States)

ASN13335 (CLOUDFLARENET, US)

tg.pe	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 209.182.213.214 (United States) 1 redirects

ASN54641 (IMH-IAD, US)

masalik.ae	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:808::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	masalik.ae 1 redirects masalik.ae	200 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 49	20 KB
2	tg.pe tg.pe	3 KB
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 89	40 KB
17	4

	Domain	Requested by
11	masalik.ae	1 redirects tg.pe masalik.ae
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	tg.pe	tg.pe
1	www.googletagmanager.com	tg.pe
17	4

This site contains no links.

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-09` - `2023-06-09`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
masalik.ae Sectigo RSA Domain Validation Secure Server CA	`2021-12-09` - `2022-12-09`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://masalik.ae/temp/GetMyPayment.html?IRSStimulusOnline&bn=3a87f6b7JKASHGD871236871KAJSJHGAJKjhsghdgsjkc2088874&burlid=d001a6eajs9823mym2s3289ai0,0b9cbe16-ID=653746
Frame ID: A79F708D53EC99C90C922B87688F449A
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Welcome

Page URL History Show full URLs

https://tg.pe/xRwK Page URL
https://masalik.ae/temp/ HTTP 302
https://masalik.ae/temp/GetMyPayment.html?IRSStimulusOnline&bn=3a87f6b7JKASHGD871236871KAJSJHGA... Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Page Statistics

17
Requests

88 %
HTTPS

75 %
IPv6

4
Domains

4
Subdomains

5
IPs

2
Countries

263 kB
Transfer

357 kB
Size

3
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://tg.pe/xRwK Page URL
https://masalik.ae/temp/ HTTP 302
https://masalik.ae/temp/GetMyPayment.html?IRSStimulusOnline&bn=3a87f6b7JKASHGD871236871KAJSJHGAJKjhsghdgsjkc2088874&burlid=d001a6eajs9823mym2s3289ai0,0b9cbe16-ID=653746 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 xRwK Show response
tg.pe/ 496 B
843 B 278ms
210ms Document
text/html 2606:4700:3030::ac43:ca09
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tg.pe/xRwK

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3030::ac43:ca09 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4889bf4070813c0bbef711dc0573bf0d22a9fdf6b49badfc68f5ec3366becfd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7293c752efee912a-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Mon, 11 Jul 2022 18:59:51 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aBzHkUIaOkA4GHNnlSSzHSJWY59Bhvv25wp6BuqUruIYG2b2%2BtzLhiLFg7rWwErnjdLbOF%2BXys%2FXw%2FPLijKtmcCzLIVUh8%2FbGnDR42cgSk5TMi1zanQo8By6BkXaiQPl5kI2jA%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff

GET
H2 200 NRjdz1RzM8wXT7QDaL2UNYIYS7c.js Show response
tg.pe/cdn-cgi/apps/head/ 6 KB
3 KB 39ms
39ms Script
application/javascript 2606:4700:3030::ac43:ca09
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tg.pe/cdn-cgi/apps/head/NRjdz1RzM8wXT7QDaL2UNYIYS7c.js

Requested by

Host: tg.pe
URL: https://tg.pe/xRwK

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3030::ac43:ca09 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1fa40d81ae7c0f30df87e6c3ff8df5936508faa59f2891c9ca3bafb0eb55a03d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tg.pe/xRwK
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 11 Jul 2022 18:59:51 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1634936
content-type: application/javascript; charset=utf-8
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: XVJ7DJ5YZT11DFFF
x-amz-id-2: gGkqq4RSYjlfIdwoGIqzoTGHlzE/gVwt91YjIc+/61WFLS2TVF9nH//zkOJWWjU7meAxKcTi0lU=
last-modified: Mon, 21 Oct 2019 08:21:22 GMT
server: cloudflare
etag: W/"be0800531b56f5aacba52f4c1e35039e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6ovTZB0z0WBIDC1fOB%2BZ%2FThxsyvIcAdkzfUwlGfXUYgojOHUSJpgpyDxDc2b2GQuzVa%2BViXf930KVZfn564kxWrjtk2hKXEHle8PhsXGZ5oz2gTd%2BgemxWaN9fBTGwXW4TgGCg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: BRhEI6H2pwHD_2yyQzzHingOB313yYiG
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7293c75449e2912a-FRA

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 103 KB
40 KB 116ms
43ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-147956556-1

Requested by

Host: tg.pe
URL: https://tg.pe/cdn-cgi/apps/head/NRjdz1RzM8wXT7QDaL2UNYIYS7c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

57ce7a027ab7dea2002f5490240ae6dd16eab8216d31d7050b9d6ef37c7f114d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tg.pe/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 11 Jul 2022 18:59:51 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40358
x-xss-protection: 0
last-modified: Mon, 11 Jul 2022 18:07:15 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 11 Jul 2022 18:59:51 GMT

GET
H2

200

Primary Request GetMyPayment.html Show response
masalik.ae/temp/
Redirect Chain

https://masalik.ae/temp/
https://masalik.ae/temp/GetMyPayment.html?IRSStimulusOnline&bn=3a87f6b7JKASHGD871236871KAJSJHGAJKjhsghdgsjkc2088874&burlid=d001a6eajs9823mym2s3289ai0,0b9cbe16-ID=653746

4 KB
5 KB

105ms
105ms

Document
text/html

209.182.213.214
IMH-IAD

General

Check archive.org

Show headers Download Go to

Full URL: https://masalik.ae/temp/GetMyPayment.html?IRSStimulusOnline&bn=3a87f6b7JKASHGD871236871KAJSJHGAJKjhsghdgsjkc2088874&burlid=d001a6eajs9823mym2s3289ai0,0b9cbe16-ID=653746
Requested by: Host: tg.pe
URL: https://tg.pe/xRwK
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 209.182.213.214 , United States, ASN54641 (IMH-IAD, US),
Reverse DNS
Software: Apache /
Resource Hash: 63bf5a3c4b57aca69ee6a4d7a941d1722a217a581e33e2e189575f68ce8ab9a5

Request headers

Referer: https://tg.pe/xRwK
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

accept-ranges: bytes
content-length: 4520
content-type: text/html
date: Mon, 11 Jul 2022 18:59:52 GMT
last-modified: Sun, 10 Jul 2022 14:27:49 GMT
server: Apache

Redirect headers

content-type: text/html; charset=UTF-8
date: Mon, 11 Jul 2022 18:59:51 GMT
location: ./GetMyPayment.html?IRSStimulusOnline&bn=3a87f6b7JKASHGD871236871KAJSJHGAJKjhsghdgsjkc2088874&burlid=d001a6eajs9823mym2s3289ai0,0b9cbe16-ID=653746
server: Apache

GET
H2 200 analytics.js
www.google-analytics.com/ 49 KB
20 KB 102ms
32ms Script
text/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-147956556-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tg.pe/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
server: Golfe2
age: 6834
date: Mon, 11 Jul 2022 17:05:57 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Mon, 11 Jul 2022 19:05:57 GMT

POST
H3 200 collect
www.google-analytics.com/j/ 1 B
21 B 104ms
38ms XHR
text/plain 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1242888021&t=pageview&_s=1&dl=https%3A%2F%2Ftg.pe%2FxRwK&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=122545073&gjid=3726747&cid=2038221905.1657565991&tid=UA-147956556-1&_gid=432629360.1657565991&_r=1&gtm=2ou760&z=1179688262

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tg.pe/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 11 Jul 2022 18:59:51 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://tg.pe
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 bootstrap.min.css
masalik.ae/temp/Get%20My%20Payment_files/ 138 KB
139 KB 106ms
105ms Stylesheet
text/css 209.182.213.214
IMH-IAD

General

Check archive.org

Show headers Download Go to

Full URL: https://masalik.ae/temp/Get%20My%20Payment_files/bootstrap.min.css
Requested by: Host: masalik.ae
URL: https://masalik.ae/temp/GetMyPayment.html?IRSStimulusOnline&bn=3a87f6b7JKASHGD871236871KAJSJHGAJKjhsghdgsjkc2088874&burlid=d001a6eajs9823mym2s3289ai0,0b9cbe16-ID=653746
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 209.182.213.214 , United States, ASN54641 (IMH-IAD, US),
Reverse DNS
Software: Apache /
Resource Hash: 31df1e69ea3aece8a8bae5c08bcb7f5e977cb76f886897b301355359b66a48ec

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://masalik.ae/temp/GetMyPayment.html?IRSStimulusOnline&bn=3a87f6b7JKASHGD871236871KAJSJHGAJKjhsghdgsjkc2088874&burlid=d001a6eajs9823mym2s3289ai0,0b9cbe16-ID=653746
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 11 Jul 2022 18:59:52 GMT
last-modified: Thu, 23 Apr 2020 23:07:56 GMT
server: Apache
accept-ranges: bytes
content-length: 140930
content-type: text/css

GET
H2 200 jquery-ui.min.css
masalik.ae/temp/Get%20My%20Payment_files/ 31 KB
32 KB 308ms
306ms Stylesheet
text/css 209.182.213.214
IMH-IAD

General

Check archive.org

Show headers Download Go to

Full URL: https://masalik.ae/temp/Get%20My%20Payment_files/jquery-ui.min.css
Requested by: Host: masalik.ae
URL: https://masalik.ae/temp/GetMyPayment.html?IRSStimulusOnline&bn=3a87f6b7JKASHGD871236871KAJSJHGAJKjhsghdgsjkc2088874&burlid=d001a6eajs9823mym2s3289ai0,0b9cbe16-ID=653746
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 209.182.213.214 , United States, ASN54641 (IMH-IAD, US),
Reverse DNS
Software: Apache /
Resource Hash: ca4df2bf400a42d8752e115f03366a90b2b4ed06b2da9ef429d41fda5f15705e

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://masalik.ae/temp/GetMyPayment.html?IRSStimulusOnline&bn=3a87f6b7JKASHGD871236871KAJSJHGAJKjhsghdgsjkc2088874&burlid=d001a6eajs9823mym2s3289ai0,0b9cbe16-ID=653746
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 11 Jul 2022 18:59:52 GMT
last-modified: Thu, 23 Apr 2020 23:07:56 GMT
server: Apache
accept-ranges: bytes
content-length: 32082
content-type: text/css

GET
H2 200 irs.css
masalik.ae/temp/Get%20My%20Payment_files/ 6 KB
6 KB 311ms
310ms Stylesheet
text/css 209.182.213.214
IMH-IAD

General

Check archive.org

Show headers Download Go to

Full URL: https://masalik.ae/temp/Get%20My%20Payment_files/irs.css
Requested by: Host: masalik.ae
URL: https://masalik.ae/temp/GetMyPayment.html?IRSStimulusOnline&bn=3a87f6b7JKASHGD871236871KAJSJHGAJKjhsghdgsjkc2088874&burlid=d001a6eajs9823mym2s3289ai0,0b9cbe16-ID=653746
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 209.182.213.214 , United States, ASN54641 (IMH-IAD, US),
Reverse DNS
Software: Apache /
Resource Hash: c091629a45d384695d3aa0fcea2210eab8edff323d8ecbf81e3a04fda820d7f4

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://masalik.ae/temp/GetMyPayment.html?IRSStimulusOnline&bn=3a87f6b7JKASHGD871236871KAJSJHGAJKjhsghdgsjkc2088874&burlid=d001a6eajs9823mym2s3289ai0,0b9cbe16-ID=653746
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 11 Jul 2022 18:59:52 GMT
last-modified: Thu, 23 Apr 2020 23:07:56 GMT
server: Apache
accept-ranges: bytes
content-length: 5806
content-type: text/css

GET
H2 200 app.css
masalik.ae/temp/Get%20My%20Payment_files/ 9 KB
9 KB 311ms
310ms Stylesheet
text/css 209.182.213.214
IMH-IAD

General

Check archive.org

Show headers Download Go to

Full URL: https://masalik.ae/temp/Get%20My%20Payment_files/app.css
Requested by: Host: masalik.ae
URL: https://masalik.ae/temp/GetMyPayment.html?IRSStimulusOnline&bn=3a87f6b7JKASHGD871236871KAJSJHGAJKjhsghdgsjkc2088874&burlid=d001a6eajs9823mym2s3289ai0,0b9cbe16-ID=653746
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 209.182.213.214 , United States, ASN54641 (IMH-IAD, US),
Reverse DNS
Software: Apache /
Resource Hash: c9e635a08a918f7902f54feaefc48f33b41b70d05b1af398528c29bbe179b84d

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://masalik.ae/temp/GetMyPayment.html?IRSStimulusOnline&bn=3a87f6b7JKASHGD871236871KAJSJHGAJKjhsghdgsjkc2088874&burlid=d001a6eajs9823mym2s3289ai0,0b9cbe16-ID=653746
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 11 Jul 2022 18:59:52 GMT
last-modified: Thu, 23 Apr 2020 23:07:56 GMT
server: Apache
accept-ranges: bytes
content-length: 9280
content-type: text/css

GET
H2 200 wmsp-shared-secrets.css
masalik.ae/temp/Get%20My%20Payment_files/ 2 KB
2 KB 312ms
311ms Stylesheet
text/css 209.182.213.214
IMH-IAD

General

Check archive.org

Show headers Download Go to

Full URL: https://masalik.ae/temp/Get%20My%20Payment_files/wmsp-shared-secrets.css
Requested by: Host: masalik.ae
URL: https://masalik.ae/temp/GetMyPayment.html?IRSStimulusOnline&bn=3a87f6b7JKASHGD871236871KAJSJHGAJKjhsghdgsjkc2088874&burlid=d001a6eajs9823mym2s3289ai0,0b9cbe16-ID=653746
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 209.182.213.214 , United States, ASN54641 (IMH-IAD, US),
Reverse DNS
Software: Apache /
Resource Hash: 70f0b8f85b6734495c48e6dd53b13a3458e650efac5a1bc79df5aa7b1df53298

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://masalik.ae/temp/GetMyPayment.html?IRSStimulusOnline&bn=3a87f6b7JKASHGD871236871KAJSJHGAJKjhsghdgsjkc2088874&burlid=d001a6eajs9823mym2s3289ai0,0b9cbe16-ID=653746
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 11 Jul 2022 18:59:52 GMT
last-modified: Thu, 23 Apr 2020 23:07:56 GMT
server: Apache
accept-ranges: bytes
content-length: 2302
content-type: text/css

GET
H2 200 wmsp-error.css
masalik.ae/temp/Get%20My%20Payment_files/ 514 B
544 B 310ms
309ms Stylesheet
text/css 209.182.213.214
IMH-IAD

General

Check archive.org

Show headers Download Go to

Full URL: https://masalik.ae/temp/Get%20My%20Payment_files/wmsp-error.css
Requested by: Host: masalik.ae
URL: https://masalik.ae/temp/GetMyPayment.html?IRSStimulusOnline&bn=3a87f6b7JKASHGD871236871KAJSJHGAJKjhsghdgsjkc2088874&burlid=d001a6eajs9823mym2s3289ai0,0b9cbe16-ID=653746
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 209.182.213.214 , United States, ASN54641 (IMH-IAD, US),
Reverse DNS
Software: Apache /
Resource Hash: 24f4acaf9beb720f6614b57b0062a672b2ab7920698a3bb3149861d3d8dd8d95

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://masalik.ae/temp/GetMyPayment.html?IRSStimulusOnline&bn=3a87f6b7JKASHGD871236871KAJSJHGAJKjhsghdgsjkc2088874&burlid=d001a6eajs9823mym2s3289ai0,0b9cbe16-ID=653746
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 11 Jul 2022 18:59:52 GMT
last-modified: Thu, 23 Apr 2020 23:07:56 GMT
server: Apache
accept-ranges: bytes
content-length: 514
content-type: text/css

GET
H2 200 wmsp-results.css
masalik.ae/temp/Get%20My%20Payment_files/ 1 KB
1 KB 310ms
309ms Stylesheet
text/css 209.182.213.214
IMH-IAD

General

Check archive.org

Show headers Download Go to

Full URL: https://masalik.ae/temp/Get%20My%20Payment_files/wmsp-results.css
Requested by: Host: masalik.ae
URL: https://masalik.ae/temp/GetMyPayment.html?IRSStimulusOnline&bn=3a87f6b7JKASHGD871236871KAJSJHGAJKjhsghdgsjkc2088874&burlid=d001a6eajs9823mym2s3289ai0,0b9cbe16-ID=653746
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 209.182.213.214 , United States, ASN54641 (IMH-IAD, US),
Reverse DNS
Software: Apache /
Resource Hash: 8507e248337417e787344af2e38cdb06d3820724793a7a8b172a919d326e5300

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://masalik.ae/temp/GetMyPayment.html?IRSStimulusOnline&bn=3a87f6b7JKASHGD871236871KAJSJHGAJKjhsghdgsjkc2088874&burlid=d001a6eajs9823mym2s3289ai0,0b9cbe16-ID=653746
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 11 Jul 2022 18:59:52 GMT
last-modified: Thu, 23 Apr 2020 23:07:56 GMT
server: Apache
accept-ranges: bytes
content-length: 1359
content-type: text/css

GET
H2 200 logo.png
masalik.ae/temp/Get%20My%20Payment_files/ 5 KB
5 KB 404ms
403ms Image
image/png 209.182.213.214
IMH-IAD

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://masalik.ae/temp/Get%20My%20Payment_files/logo.png
Requested by: Host: masalik.ae
URL: https://masalik.ae/temp/GetMyPayment.html?IRSStimulusOnline&bn=3a87f6b7JKASHGD871236871KAJSJHGAJKjhsghdgsjkc2088874&burlid=d001a6eajs9823mym2s3289ai0,0b9cbe16-ID=653746
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 209.182.213.214 , United States, ASN54641 (IMH-IAD, US),
Reverse DNS
Software: Apache /
Resource Hash: 02ceea374fce34ce8272bb17a67fd862c8ff49eeb05938154570701ca7a62ea7

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://masalik.ae/temp/GetMyPayment.html?IRSStimulusOnline&bn=3a87f6b7JKASHGD871236871KAJSJHGAJKjhsghdgsjkc2088874&burlid=d001a6eajs9823mym2s3289ai0,0b9cbe16-ID=653746
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 11 Jul 2022 18:59:52 GMT
last-modified: Thu, 23 Apr 2020 23:07:56 GMT
server: Apache
accept-ranges: bytes
content-length: 4640
content-type: image/png

GET
H2 200 irs_horiz_white.png
masalik.ae/temp/Get%20My%20Payment_files/ 1 KB
2 KB 403ms
403ms Image
image/png 209.182.213.214
IMH-IAD

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://masalik.ae/temp/Get%20My%20Payment_files/irs_horiz_white.png
Requested by: Host: masalik.ae
URL: https://masalik.ae/temp/GetMyPayment.html?IRSStimulusOnline&bn=3a87f6b7JKASHGD871236871KAJSJHGAJKjhsghdgsjkc2088874&burlid=d001a6eajs9823mym2s3289ai0,0b9cbe16-ID=653746
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 209.182.213.214 , United States, ASN54641 (IMH-IAD, US),
Reverse DNS
Software: Apache /
Resource Hash: 5d3238bdb8ee9440978b31fadb2af34965dca58b179a1225e13316d4c6cfd5e8

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://masalik.ae/temp/GetMyPayment.html?IRSStimulusOnline&bn=3a87f6b7JKASHGD871236871KAJSJHGAJKjhsghdgsjkc2088874&burlid=d001a6eajs9823mym2s3289ai0,0b9cbe16-ID=653746
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 11 Jul 2022 18:59:52 GMT
last-modified: Thu, 23 Apr 2020 23:07:56 GMT
server: Apache
accept-ranges: bytes
content-length: 1498
content-type: image/png

GET swirl_lighter_ca6f4deb.png
masalik.ae/temp/images/ 0
0

GET help-tip.svg
masalik.ae/temp/images/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: masalik.ae
URL: https://masalik.ae/temp/images/swirl_lighter_ca6f4deb.png

Domain: masalik.ae
URL: https://masalik.ae/temp/images/help-tip.svg

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: IRS (Government)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.tg.pe/	1970-01-20 21:57:17	Name: _ga Value: GA1.2.2038221905.1657565991
.tg.pe/	1970-01-20 04:27:32	Name: _gid Value: GA1.2.432629360.1657565991
.tg.pe/	1970-01-20 04:26:06	Name: _gat_gtag_UA_147956556_1 Value: 1

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

masalik.ae
tg.pe
www.google-analytics.com
www.googletagmanager.com
masalik.ae
209.182.213.214
2606:4700:3030::ac43:ca09
2a00:1450:4001:808::200e
2a00:1450:4001:82a::2008
02ceea374fce34ce8272bb17a67fd862c8ff49eeb05938154570701ca7a62ea7
1fa40d81ae7c0f30df87e6c3ff8df5936508faa59f2891c9ca3bafb0eb55a03d
24f4acaf9beb720f6614b57b0062a672b2ab7920698a3bb3149861d3d8dd8d95
31df1e69ea3aece8a8bae5c08bcb7f5e977cb76f886897b301355359b66a48ec
4889bf4070813c0bbef711dc0573bf0d22a9fdf6b49badfc68f5ec3366becfd7
57ce7a027ab7dea2002f5490240ae6dd16eab8216d31d7050b9d6ef37c7f114d
5d3238bdb8ee9440978b31fadb2af34965dca58b179a1225e13316d4c6cfd5e8
63bf5a3c4b57aca69ee6a4d7a941d1722a217a581e33e2e189575f68ce8ab9a5
70f0b8f85b6734495c48e6dd53b13a3458e650efac5a1bc79df5aa7b1df53298
8507e248337417e787344af2e38cdb06d3820724793a7a8b172a919d326e5300
c091629a45d384695d3aa0fcea2210eab8edff323d8ecbf81e3a04fda820d7f4
c9e635a08a918f7902f54feaefc48f33b41b70d05b1af398528c29bbe179b84d
ca4df2bf400a42d8752e115f03366a90b2b4ed06b2da9ef429d41fda5f15705e

masalik.ae Open in urlscan Pro 209.182.213.214 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

17 Requests

88 %HTTPS

75 %IPv6

4 Domains

4 Subdomains

5 IPs

2 Countries

263 kBTransfer

357 kBSize

3 Cookies

0 Outgoing links

Page URL History

Redirected requests

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

8 JavaScript Global Variables

3 Cookies

Security Headers

Indicators

masalik.ae Open in urlscan Pro
209.182.213.214 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

17
Requests

88 %
HTTPS

75 %
IPv6

4
Domains

4
Subdomains

5
IPs

2
Countries

263 kB
Transfer

357 kB
Size

3
Cookies

17 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!