mail.myirstaxpayerreturn.com

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 7 HTTP transactions. The main IP is 101.99.94.9, located in Kuala Lumpur, Malaysia and belongs to SHINJIRU-MY-AS-AP Shinjiru Technology Sdn Bhd, MY. The main domain is mail.myirstaxpayerreturn.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on June 22nd 2023. Valid for: 3 months.

This is the only time mail.myirstaxpayerreturn.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: IRS (Government)

Domain & IP information

	IP Address	AS Autonomous System
6	101.99.94.9 101.99.94.9	45839 (SHINJIRU-...) (SHINJIRU-MY-AS-AP Shinjiru Technology Sdn Bhd)
1	2600:1400:d:5... 2600:1400:d:590::f50	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
7	2

6 101.99.94.9 (Kuala Lumpur, Malaysia)

ASN45839 (SHINJIRU-MY-AS-AP Shinjiru Technology Sdn Bhd, MY)

mail.myirstaxpayerreturn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1400:d:590::f50 (New York, United States)

ASN20940 (AKAMAI-ASN1, NL)

www.irs.gov	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	myirstaxpayerreturn.com mail.myirstaxpayerreturn.com	424 KB
1	irs.gov www.irs.gov — Cisco Umbrella Rank: 20058	2 KB
7	2

	Domain	Requested by
6	mail.myirstaxpayerreturn.com	mail.myirstaxpayerreturn.com
1	www.irs.gov	mail.myirstaxpayerreturn.com
7	2

This site contains no links.

Subject Issuer	Validity	Valid
myirstaxpayerreturn.com cPanel, Inc. Certification Authority	`2023-06-22` - `2023-09-20`	3 months	crt.sh
www.irs.gov Entrust Certification Authority - L1F	`2022-10-04` - `2023-11-04`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://mail.myirstaxpayerreturn.com/
Frame ID: CB95666BD0A8EFA082AA45748245A04F
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

IRS

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

7
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

426 kB
Transfer

427 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
mail.myirstaxpayerreturn.com/ 7 KB
7 KB 1085ms
197ms Document
text/html 101.99.94.9
SHINJIRU-MY-AS-AP...

General

Check archive.org

Show headers Download Go to

Full URL: https://mail.myirstaxpayerreturn.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 101.99.94.9 Kuala Lumpur, Malaysia, ASN45839 (SHINJIRU-MY-AS-AP Shinjiru Technology Sdn Bhd, MY),
Reverse DNS
Software: Apache /
Resource Hash: abe7b15228ed7a68e1e7b6fa666087fd9eb3ace803f87d7dbe156d0beef9d235

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Date: Fri, 23 Jun 2023 14:51:26 GMT
Keep-Alive: timeout=5, max=100
Server: Apache
Transfer-Encoding: chunked

GET
H/1.1 200
OK bootstrap.min.css
mail.myirstaxpayerreturn.com/cdn.jsdelivr.net/npm/bootstrap%404.0.0/dist/css/ 141 KB
142 KB 170ms
169ms Stylesheet
text/css 101.99.94.9
SHINJIRU-MY-AS-AP...

General

Check archive.org

Show headers Download Go to

Full URL: https://mail.myirstaxpayerreturn.com/cdn.jsdelivr.net/npm/bootstrap%404.0.0/dist/css/bootstrap.min.css
Requested by: Host: mail.myirstaxpayerreturn.com
URL: https://mail.myirstaxpayerreturn.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 101.99.94.9 Kuala Lumpur, Malaysia, ASN45839 (SHINJIRU-MY-AS-AP Shinjiru Technology Sdn Bhd, MY),
Reverse DNS
Software: Apache /
Resource Hash: 2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d

Request headers

Referer: https://mail.myirstaxpayerreturn.com/
Origin: https://mail.myirstaxpayerreturn.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Fri, 23 Jun 2023 14:51:27 GMT
Last-Modified: Sat, 17 Jun 2023 08:48:30 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 144877

GET
H/1.1 200
OK bootstrap.min.css
mail.myirstaxpayerreturn.com/maxcdn.bootstrapcdn.com/bootstrap/4.5.0/css/ 157 KB
157 KB 171ms
170ms Stylesheet
text/css 101.99.94.9
SHINJIRU-MY-AS-AP...

General

Check archive.org

Show headers Download Go to

Full URL: https://mail.myirstaxpayerreturn.com/maxcdn.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css
Requested by: Host: mail.myirstaxpayerreturn.com
URL: https://mail.myirstaxpayerreturn.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 101.99.94.9 Kuala Lumpur, Malaysia, ASN45839 (SHINJIRU-MY-AS-AP Shinjiru Technology Sdn Bhd, MY),
Reverse DNS
Software: Apache /
Resource Hash: 680af6669abc319f9803f0fa26d443df1b6bc29133d88a8e4bea560ffed7288c

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.myirstaxpayerreturn.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Fri, 23 Jun 2023 14:51:27 GMT
Last-Modified: Mon, 25 Jan 2021 22:04:10 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 160403

GET
H/1.1 200
OK jquery-2.2.4.min.js Show response
mail.myirstaxpayerreturn.com/code.jquery.com/ 84 KB
84 KB 679ms
172ms Script
application/javascript 101.99.94.9
SHINJIRU-MY-AS-AP...

General

Check archive.org

Show headers Download Go to

Full URL: https://mail.myirstaxpayerreturn.com/code.jquery.com/jquery-2.2.4.min.js
Requested by: Host: mail.myirstaxpayerreturn.com
URL: https://mail.myirstaxpayerreturn.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 101.99.94.9 Kuala Lumpur, Malaysia, ASN45839 (SHINJIRU-MY-AS-AP Shinjiru Technology Sdn Bhd, MY),
Reverse DNS
Software: Apache /
Resource Hash: 05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.myirstaxpayerreturn.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Fri, 23 Jun 2023 14:51:27 GMT
Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 85578

GET
H/1.1 200
OK official-site-flag.png
mail.myirstaxpayerreturn.com/www.irs.gov/themes/custom/pup_base/images/ 4 KB
4 KB 170ms
169ms Image
image/png 101.99.94.9
SHINJIRU-MY-AS-AP...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mail.myirstaxpayerreturn.com/www.irs.gov/themes/custom/pup_base/images/official-site-flag.png
Requested by: Host: mail.myirstaxpayerreturn.com
URL: https://mail.myirstaxpayerreturn.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 101.99.94.9 Kuala Lumpur, Malaysia, ASN45839 (SHINJIRU-MY-AS-AP Shinjiru Technology Sdn Bhd, MY),
Reverse DNS
Software: Apache /
Resource Hash: 2aed0559ebb58b74e1ae783ef624dbbc9f70390a2648dc1787af6c68122ec510

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.myirstaxpayerreturn.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Fri, 23 Jun 2023 14:51:27 GMT
Last-Modified: Sat, 02 Jul 2022 04:50:44 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 4029

GET
H2 200 IRS-Logo.svg
www.irs.gov/pub/image/ 5 KB
2 KB 634ms
212ms Image
image/svg+xml 2600:1400:d:590::f50
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.irs.gov/pub/image/IRS-Logo.svg

Requested by

Host: mail.myirstaxpayerreturn.com
URL: https://mail.myirstaxpayerreturn.com/

Protocol

H2

Security

TLS 1.3, , AES_256_GCM

Server

2600:1400:d:590::f50 New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

/

Resource Hash

0f43618580dd31a8096effd969ca2af7e26ba8555ab8d732e5b32fe2ef8e8cf6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.myirstaxpayerreturn.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Sat, 24 Jun 2023 14:51:29 GMT
x-edgeconnect-origin-mex-latency: 68
date: Fri, 23 Jun 2023 14:51:29 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
x-edgeconnect-midmile-rtt: 0
x-age: 56
x-ah-environment: prod
server-timing: cdn-cache; desc=HIT, edge; dur=125, origin; dur=0, ak_p; desc="468758_388099621_43139654_12524_15830_76_0_-";dur=1
content-length: 1941
x-request-id: v-be16704e-b6da-11ed-a5fa-d789f7d0c72c
last-modified: Wed, 21 Jun 2023 09:38:09 GMT
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
cache-control: max-age=86400
accept-ranges: bytes
x-cache-hits: 5

GET
H/1.1 200
OK hero-1-optimized.jpg
mail.myirstaxpayerreturn.com/www.irs.gov/pub/2021-10/ 30 KB
30 KB 171ms
171ms Image
image/jpeg 101.99.94.9
SHINJIRU-MY-AS-AP...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mail.myirstaxpayerreturn.com/www.irs.gov/pub/2021-10/hero-1-optimized.jpg
Requested by: Host: mail.myirstaxpayerreturn.com
URL: https://mail.myirstaxpayerreturn.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 101.99.94.9 Kuala Lumpur, Malaysia, ASN45839 (SHINJIRU-MY-AS-AP Shinjiru Technology Sdn Bhd, MY),
Reverse DNS
Software: Apache /
Resource Hash: 9ee545f8c50031535751e547b30cb89491089e64c05a2ea6db057b767db08ae8

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.myirstaxpayerreturn.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Fri, 23 Jun 2023 14:51:28 GMT
Last-Modified: Sat, 30 Oct 2021 01:42:50 GMT
Server: Apache
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 30267

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: IRS (Government)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

mail.myirstaxpayerreturn.com
www.irs.gov
101.99.94.9
2600:1400:d:590::f50
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
0f43618580dd31a8096effd969ca2af7e26ba8555ab8d732e5b32fe2ef8e8cf6
2aed0559ebb58b74e1ae783ef624dbbc9f70390a2648dc1787af6c68122ec510
2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d
680af6669abc319f9803f0fa26d443df1b6bc29133d88a8e4bea560ffed7288c
9ee545f8c50031535751e547b30cb89491089e64c05a2ea6db057b767db08ae8
abe7b15228ed7a68e1e7b6fa666087fd9eb3ace803f87d7dbe156d0beef9d235

mail.myirstaxpayerreturn.com Open in urlscan Pro 101.99.94.9 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

7 Requests

100 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

426 kBTransfer

427 kBSize

0 Cookies

0 Outgoing links

Redirected requests

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

6 JavaScript Global Variables

0 Cookies

Indicators

mail.myirstaxpayerreturn.com Open in urlscan Pro
101.99.94.9 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

7
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

426 kB
Transfer

427 kB
Size

0
Cookies

7 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!