storage.googleapis.com Open in urlscan Pro
2a00:1450:4001:829::2010  Malicious Activity! Public Scan

Submitted URL: https://taxprotdsreactivationsystem.com/3wPvSMP
Effective URL: https://storage.googleapis.com/gr4ih4.appspot.com/ytujyhtgbvfdcsx.html
Submission: On November 16 via manual from US — Scanned from DE

Summary

This website contacted 7 IPs in 2 countries across 6 domains to perform 34 HTTP transactions. The main IP is 2a00:1450:4001:829::2010, located in Frankfurt am Main, Germany and belongs to GOOGLE, US. The main domain is storage.googleapis.com.
TLS certificate: Issued by GTS CA 1C3 on October 18th 2021. Valid for: 3 months.
This is the only time storage.googleapis.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: IRS (Government)

Domain & IP information

IP Address AS Autonomous System
1 1 67.199.248.12 396982 (GOOGLE-PR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 6 103.153.183.32 140947 (SNTHOSTIN...)
17 2600:1401:400... 20940 (AKAMAI-ASN1)
1 1 2600:1401:400... 20940 (AKAMAI-ASN1)
4 2600:1f12:6fd... 8987 (AMAZON EX...)
4 2a02:26f0:710... 20940 (AKAMAI-ASN1)
2 2a00:1450:400... 15169 (GOOGLE)
34 7
Domain Requested by
17 sa.www4.irs.gov autodoc345kwru.gb.net
6 autodoc345kwru.gb.net 1 redirects storage.googleapis.com
autodoc345kwru.gb.net
sa.www4.irs.gov
4 p11.techlab-cdn.com sa.www4.irs.gov
4 connect.irs.gov autodoc345kwru.gb.net
sa.www4.irs.gov
2 www.google-analytics.com sa.www4.irs.gov
1 www.irs.gov 1 redirects
1 ajax.googleapis.com storage.googleapis.com
1 storage.googleapis.com
1 taxprotdsreactivationsystem.com 1 redirects
34 9

This site contains no links.

Subject Issuer Validity Valid
*.storage.googleapis.com
GTS CA 1C3
2021-10-18 -
2022-01-10
3 months crt.sh
upload.video.google.com
GTS CA 1C3
2021-10-18 -
2022-01-10
3 months crt.sh
*.autodoc345kwru.gb.net
R3
2021-10-01 -
2021-12-30
3 months crt.sh
sa.www4.irs.gov
Entrust Certification Authority - L1K
2021-09-29 -
2022-10-28
a year crt.sh
go.chameleonx.com
DigiCert SHA2 Secure Server CA
2021-11-08 -
2022-11-08
a year crt.sh
*.google-analytics.com
GTS CA 1C3
2021-11-01 -
2022-01-24
3 months crt.sh
connect.irs.gov
Entrust Certification Authority - L1K
2020-12-08 -
2021-12-14
a year crt.sh

This page contains 2 frames:

Primary Page: https://storage.googleapis.com/gr4ih4.appspot.com/ytujyhtgbvfdcsx.html
Frame ID: 47D260661DD811F9080AF5799D8BCE49
Requests: 2 HTTP requests in this frame

Frame: https://autodoc345kwru.gb.net/yuiujytgrfeds/IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm/?Key=IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm&2021lnboxLightesapncrosoversuvsnowinallovertheworld_IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm_SWRSOTYyZEcybVRW-&3eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45b
Frame ID: 7F3B0BE0DF5AE896ACAE71854357EEF6
Requests: 32 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. https://taxprotdsreactivationsystem.com/3wPvSMP HTTP 301
    https://storage.googleapis.com/gr4ih4.appspot.com/ytujyhtgbvfdcsx.html Page URL

Page Statistics

34
Requests

97 %
HTTPS

78 %
IPv6

6
Domains

9
Subdomains

7
IPs

2
Countries

351 kB
Transfer

905 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://taxprotdsreactivationsystem.com/3wPvSMP HTTP 301
    https://storage.googleapis.com/gr4ih4.appspot.com/ytujyhtgbvfdcsx.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 2
  • https://autodoc345kwru.gb.net/yuiujytgrfeds/IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm?Key=IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm&2021lnboxLightesapncrosoversuvsnowinallovertheworld_IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm_SWRSOTYyZEcybVRW-&3eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45b HTTP 301
  • https://autodoc345kwru.gb.net/yuiujytgrfeds/IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm/?Key=IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm&2021lnboxLightesapncrosoversuvsnowinallovertheworld_IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm_SWRSOTYyZEcybVRW-&3eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45b
Request Chain 8
  • https://www.irs.gov/tdcoffers.js HTTP 302
  • https://connect.irs.gov/system/web/custom/offers/custoffers.js

34 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request ytujyhtgbvfdcsx.html
storage.googleapis.com/gr4ih4.appspot.com/
Redirect Chain
  • https://taxprotdsreactivationsystem.com/3wPvSMP
  • https://storage.googleapis.com/gr4ih4.appspot.com/ytujyhtgbvfdcsx.html
1 KB
2 KB
Document
General
Full URL
https://storage.googleapis.com/gr4ih4.appspot.com/ytujyhtgbvfdcsx.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2010 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
UploadServer /
Resource Hash
4cd6979b455fcbd956fda9de08eca1d4e1f67d11e19678af20c27e69c9a0866f

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

x-guploader-uploadid
ADPycdv8nNtBWeKQRw6pMa8JvYY8YL8Ecb8ZdraeTUSfsi96p2Tv2sSIqVhx9homtIYzu9-B8ZlGOyJBcVrjwoxU2p4
expires
Tue, 16 Nov 2021 18:24:23 GMT
date
Tue, 16 Nov 2021 17:24:23 GMT
last-modified
Fri, 12 Nov 2021 00:39:07 GMT
etag
"64db5769b3dc5b239d2c9a4999a0f7cd"
x-goog-generation
1636677547029007
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
x-goog-stored-content-length
1480
x-goog-meta-firebasestoragedownloadtokens
5f037fe0-32ea-44c5-951a-9f35c0a15a94
content-type
text/html
content-disposition
inline; filename*=utf-8''ytujyhtgbvfdcsx.html
x-goog-hash
crc32c=XeTSQw== md5=ZNtXabPcWyOdLJpJmaD3zQ==
x-goog-storage-class
STANDARD
accept-ranges
bytes
content-length
1480
server
UploadServer
cache-control
public, max-age=3600
age
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

cache-control
private, max-age=90
content-security-policy
referrer always;
content-type
text/html; charset=utf-8
date
Tue, 16 Nov 2021 17:24:23 GMT
location
https://storage.googleapis.com/gr4ih4.appspot.com/ytujyhtgbvfdcsx.html
referrer-policy
unsafe-url
server
nginx
strict-transport-security
max-age=1209600
content-length
157
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.10.2/
91 KB
33 KB
Script
General
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js
Requested by
Host: storage.googleapis.com
URL: https://storage.googleapis.com/gr4ih4.appspot.com/ytujyhtgbvfdcsx.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
89a15e9c40bc6b14809f236ee8cd3ed1ea42393c1f6ca55c7855cd779b3f922e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://storage.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Tue, 16 Nov 2021 17:00:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1461
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
32954
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 16 Nov 2022 17:00:02 GMT
/
autodoc345kwru.gb.net/yuiujytgrfeds/ Frame 7F3B
1 KB
2 KB
Document
General
Full URL
https://autodoc345kwru.gb.net/yuiujytgrfeds/?bigdreamice=gbf34rfejkf
Requested by
Host: storage.googleapis.com
URL: https://storage.googleapis.com/gr4ih4.appspot.com/ytujyhtgbvfdcsx.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.153.183.32 Los Angeles, United States, ASN140947 (SNTHOSTINGS-AS-AP SnTHostings, IN),
Reverse DNS
103.153.183.32.static.snthostings.com
Software
Apache /
Resource Hash
29da6cc572fcdd9a04cdab31c52de1a1c235a457a01c1e0c3a6fadf1a4154cae

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://storage.googleapis.com/

Response headers

Date
Tue, 16 Nov 2021 17:24:24 GMT
Server
Apache
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate
Pragma
no-cache
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
/
autodoc345kwru.gb.net/yuiujytgrfeds/IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm/ Frame 7F3B
Redirect Chain
  • https://autodoc345kwru.gb.net/yuiujytgrfeds/IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm?Key=IdR962dG2mTV39.32.60.234...
  • https://autodoc345kwru.gb.net/yuiujytgrfeds/IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm/?Key=IdR962dG2mTV39.32.60.23...
9 KB
9 KB
Document
General
Full URL
https://autodoc345kwru.gb.net/yuiujytgrfeds/IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm/?Key=IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm&2021lnboxLightesapncrosoversuvsnowinallovertheworld_IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm_SWRSOTYyZEcybVRW-&3eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45b
Requested by
Host: autodoc345kwru.gb.net
URL: https://autodoc345kwru.gb.net/yuiujytgrfeds/?bigdreamice=gbf34rfejkf
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.153.183.32 Los Angeles, United States, ASN140947 (SNTHOSTINGS-AS-AP SnTHostings, IN),
Reverse DNS
103.153.183.32.static.snthostings.com
Software
Apache /
Resource Hash
33c4219e0ab5afd5aecfa72b902a2a722857f752ee965a1f386cca19b313b760

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://autodoc345kwru.gb.net/yuiujytgrfeds/?bigdreamice=gbf34rfejkf

Response headers

Date
Tue, 16 Nov 2021 17:24:25 GMT
Server
Apache
Last-Modified
Tue, 16 Nov 2021 17:24:24 GMT
Accept-Ranges
bytes
Content-Length
9157
Keep-Alive
timeout=5, max=98
Connection
Keep-Alive
Content-Type
text/html

Redirect headers

Date
Tue, 16 Nov 2021 17:24:25 GMT
Server
Apache
Location
https://autodoc345kwru.gb.net/yuiujytgrfeds/IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm/?Key=IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm&2021lnboxLightesapncrosoversuvsnowinallovertheworld_IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm_SWRSOTYyZEcybVRW-&3eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45b
Content-Length
774
Keep-Alive
timeout=5, max=99
Connection
Keep-Alive
Content-Type
text/html; charset=iso-8859-1
styles-nonie-1024.css
sa.www4.irs.gov/eauth/pub/common/styleSheets/ Frame 7F3B
34 KB
8 KB
Stylesheet
General
Full URL
https://sa.www4.irs.gov/eauth/pub/common/styleSheets/styles-nonie-1024.css
Requested by
Host: autodoc345kwru.gb.net
URL: https://autodoc345kwru.gb.net/yuiujytgrfeds/IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm/?Key=IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm&2021lnboxLightesapncrosoversuvsnowinallovertheworld_IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm_SWRSOTYyZEcybVRW-&3eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45b
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1401:4000:19e::1301 Boston, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
7fbe8e0b4701e7f4aaa9c47499a17862dcec2d93c55b1231f6646c667ed194aa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Tue, 16 Nov 2021 17:24:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 12 Oct 2021 14:00:32 GMT
etag
"88e6-5ce2844cf4000"
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
max-age=21600
strict-transport-security
max-age=31536000
accept-ranges
bytes
vary
Accept-Encoding
content-length
7870
x-xss-protection
1; mode=block
expires
Tue, 16 Nov 2021 23:24:25 GMT
password-feedback-styles-nonie-1024.css
sa.www4.irs.gov/eauth/pub/common/styleSheets/ Frame 7F3B
5 KB
1 KB
Stylesheet
General
Full URL
https://sa.www4.irs.gov/eauth/pub/common/styleSheets/password-feedback-styles-nonie-1024.css
Requested by
Host: autodoc345kwru.gb.net
URL: https://autodoc345kwru.gb.net/yuiujytgrfeds/IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm/?Key=IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm&2021lnboxLightesapncrosoversuvsnowinallovertheworld_IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm_SWRSOTYyZEcybVRW-&3eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45b
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1401:4000:19e::1301 Boston, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
2be3b38d08ee42e465df6f396db597546f9ab8d8c334e326d8a6d66a18f5a046
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Tue, 16 Nov 2021 17:24:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 12 Oct 2021 14:00:32 GMT
etag
"13e1-5ce2844cf4000"
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
max-age=21600
strict-transport-security
max-age=31536000
accept-ranges
bytes
vary
Accept-Encoding
content-length
925
x-xss-protection
1; mode=block
expires
Tue, 16 Nov 2021 23:24:25 GMT
table.css
sa.www4.irs.gov/eauth/pub/common/styleSheets/ Frame 7F3B
9 KB
2 KB
Stylesheet
General
Full URL
https://sa.www4.irs.gov/eauth/pub/common/styleSheets/table.css
Requested by
Host: autodoc345kwru.gb.net
URL: https://autodoc345kwru.gb.net/yuiujytgrfeds/IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm/?Key=IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm&2021lnboxLightesapncrosoversuvsnowinallovertheworld_IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm_SWRSOTYyZEcybVRW-&3eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45b
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1401:4000:19e::1301 Boston, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
27ad5be4102ef88add12d3ed9fcd75d69102343ed22f9538ea6d7b19ad9f7f5d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Tue, 16 Nov 2021 17:24:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 12 Oct 2021 14:00:32 GMT
etag
"236d-5ce2844cf4000"
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
max-age=21600
strict-transport-security
max-age=31536000
accept-ranges
bytes
vary
Accept-Encoding
content-length
1336
x-xss-protection
1; mode=block
expires
Tue, 16 Nov 2021 23:24:25 GMT
32cdc9d4acaceaaa7f245fa2cebd5a11630011008c0e
sa.www4.irs.gov/public/ Frame 7F3B
139 KB
50 KB
Script
General
Full URL
https://sa.www4.irs.gov/public/32cdc9d4acaceaaa7f245fa2cebd5a11630011008c0e
Requested by
Host: autodoc345kwru.gb.net
URL: https://autodoc345kwru.gb.net/yuiujytgrfeds/IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm/?Key=IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm&2021lnboxLightesapncrosoversuvsnowinallovertheworld_IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm_SWRSOTYyZEcybVRW-&3eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45b
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1401:4000:19e::1301 Boston, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
29837a520cb34c9eb9a4b198d68842f370995c4fa1b3415b625c3737bb8cbbc6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://autodoc345kwru.gb.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Tue, 16 Nov 2021 17:24:25 GMT
content-encoding
gzip
vary
Accept-Encoding
content-md5
MaPeDjsD57BLIaEPxKblqg==
content-length
50416
last-modified
Mon, 24 May 2021 22:03:27 GMT
etag
"0x8D91EFFC217171A"
strict-transport-security
max-age=31536000
access-control-allow-methods
GET, POST, HEAD
content-type
application/javascript
access-control-allow-origin
*
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-lease-state,x-ms-blob-type,Accept-Ranges,Content-Length,Date,Transfer-Encoding
cache-control
max-age=600
accept-ranges
bytes
timing-allow-origin
*
expires
Mon, 24 May 2021 22:14:01 GMT
ga6.js
sa.www4.irs.gov//eauth/pub/common/scripts/ Frame 7F3B
1 KB
1 KB
Script
General
Full URL
https://sa.www4.irs.gov//eauth/pub/common/scripts/ga6.js
Requested by
Host: autodoc345kwru.gb.net
URL: https://autodoc345kwru.gb.net/yuiujytgrfeds/IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm/?Key=IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm&2021lnboxLightesapncrosoversuvsnowinallovertheworld_IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm_SWRSOTYyZEcybVRW-&3eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45b
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1401:4000:19e::1301 Boston, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
82c54fc0f123e80a4791ea2a8348812e073cbda81f8f45ea4ebcd4c381fe2827
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://autodoc345kwru.gb.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Tue, 16 Nov 2021 17:24:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 12 Oct 2021 14:00:24 GMT
etag
"500-5ce2844552e00"
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
max-age=21600
strict-transport-security
max-age=31536000
accept-ranges
bytes
vary
Accept-Encoding
content-length
598
x-xss-protection
1; mode=block
expires
Tue, 16 Nov 2021 23:24:25 GMT
custoffers.js
connect.irs.gov/system/web/custom/offers/ Frame 7F3B
Redirect Chain
  • https://www.irs.gov/tdcoffers.js
  • https://connect.irs.gov/system/web/custom/offers/custoffers.js
642 B
1 KB
Script
General
Full URL
https://connect.irs.gov/system/web/custom/offers/custoffers.js
Requested by
Host: autodoc345kwru.gb.net
URL: https://autodoc345kwru.gb.net/yuiujytgrfeds/IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm/?Key=IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm&2021lnboxLightesapncrosoversuvsnowinallovertheworld_IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm_SWRSOTYyZEcybVRW-&3eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45b
Protocol
H2
Server
2600:1f12:6fd:f500:b83e:bc16:40b7:efe9 Boardman, United States, ASN8987 (AMAZON EXPANSION, IE),
Reverse DNS
Software
/
Resource Hash
01fc73cda1cfec585350c5192d95a79c978f6489474ae13782696f164b578310
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://autodoc345kwru.gb.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Tue, 16 Nov 2021 17:24:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Sat, 07 Aug 2021 00:35:07 GMT
server
etag
"eb562c12248bd71:0"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=7200
strict-transport-security
max-age=31536000; includeSubDomains; preload
accept-ranges
bytes
content-length
393
x-ua-compatible
IE=EmulateIE9

Redirect headers

location
https://connect.irs.gov/system/web/custom/offers/custoffers.js
date
Tue, 16 Nov 2021 17:24:25 GMT
cache-control
max-age=0
server-timing
cdn-cache; desc=HIT, edge; dur=1
content-length
0
strict-transport-security
max-age=31536000
expires
Tue, 16 Nov 2021 17:24:25 GMT
alerts.jsp
sa.www4.irs.gov/eauth/pub/common/scripts/ Frame 7F3B
27 KB
28 KB
Script
General
Full URL
https://sa.www4.irs.gov/eauth/pub/common/scripts/alerts.jsp
Requested by
Host: autodoc345kwru.gb.net
URL: https://autodoc345kwru.gb.net/yuiujytgrfeds/IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm/?Key=IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm&2021lnboxLightesapncrosoversuvsnowinallovertheworld_IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm_SWRSOTYyZEcybVRW-&3eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45b
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1401:4000:19e::1301 Boston, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
140b35e1111d615e355652a2da6e1d62212c9ea6734d0e78e3fc9b0f3d2b92ea
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://autodoc345kwru.gb.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
x-content-type-options
nosniff
date
Tue, 16 Nov 2021 17:24:25 GMT
x-frame-options
SAMEORIGIN
content-language
en-
content-type
text/javascript;charset=UTF-8
content-length
27370
x-xss-protection
1; mode=block
constants.js
sa.www4.irs.gov/eauth/pub/common/scripts/ Frame 7F3B
24 KB
7 KB
Script
General
Full URL
https://sa.www4.irs.gov/eauth/pub/common/scripts/constants.js
Requested by
Host: autodoc345kwru.gb.net
URL: https://autodoc345kwru.gb.net/yuiujytgrfeds/IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm/?Key=IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm&2021lnboxLightesapncrosoversuvsnowinallovertheworld_IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm_SWRSOTYyZEcybVRW-&3eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45b
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1401:4000:19e::1301 Boston, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
30e2a68237bb95c4873a3edcc6c0ec402dd1e025e29755bd30629d88b06323ca
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://autodoc345kwru.gb.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Tue, 16 Nov 2021 17:24:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 12 Oct 2021 14:00:22 GMT
etag
"6107-5ce284436a980"
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
max-age=21600
strict-transport-security
max-age=31536000
accept-ranges
bytes
vary
Accept-Encoding
content-length
7161
x-xss-protection
1; mode=block
expires
Tue, 16 Nov 2021 23:24:25 GMT
tools.js
sa.www4.irs.gov/eauth/pub/common/scripts/ Frame 7F3B
97 KB
24 KB
Script
General
Full URL
https://sa.www4.irs.gov/eauth/pub/common/scripts/tools.js
Requested by
Host: autodoc345kwru.gb.net
URL: https://autodoc345kwru.gb.net/yuiujytgrfeds/IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm/?Key=IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm&2021lnboxLightesapncrosoversuvsnowinallovertheworld_IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm_SWRSOTYyZEcybVRW-&3eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45b
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1401:4000:19e::1301 Boston, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
74c161b1713fc0fec6f54f1d5d6d7ffc73b8b22dba20eed4d05329985f44fb11
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://autodoc345kwru.gb.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Tue, 16 Nov 2021 17:24:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 12 Oct 2021 14:00:26 GMT
etag
"185ba-5ce284473b280"
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
max-age=21600
strict-transport-security
max-age=31536000
accept-ranges
bytes
vary
Accept-Encoding
content-length
24517
x-xss-protection
1; mode=block
expires
Tue, 16 Nov 2021 23:24:25 GMT
login_display.js
sa.www4.irs.gov/eauth/pub/common/scripts/ Frame 7F3B
3 KB
1 KB
Script
General
Full URL
https://sa.www4.irs.gov/eauth/pub/common/scripts/login_display.js
Requested by
Host: autodoc345kwru.gb.net
URL: https://autodoc345kwru.gb.net/yuiujytgrfeds/IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm/?Key=IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm&2021lnboxLightesapncrosoversuvsnowinallovertheworld_IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm_SWRSOTYyZEcybVRW-&3eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45b
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1401:4000:19e::1301 Boston, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
2899294e858822fb49f31663d040b1e0eb1c000acec4408145467896b4679253
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://autodoc345kwru.gb.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Tue, 16 Nov 2021 17:24:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 12 Oct 2021 14:00:24 GMT
etag
"abb-5ce2844552e00"
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
max-age=21600
strict-transport-security
max-age=31536000
accept-ranges
bytes
vary
Accept-Encoding
content-length
1001
x-xss-protection
1; mode=block
expires
Tue, 16 Nov 2021 23:24:25 GMT
login_validation.js
sa.www4.irs.gov/eauth/pub/common/scripts/ Frame 7F3B
2 KB
1 KB
Script
General
Full URL
https://sa.www4.irs.gov/eauth/pub/common/scripts/login_validation.js
Requested by
Host: autodoc345kwru.gb.net
URL: https://autodoc345kwru.gb.net/yuiujytgrfeds/IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm/?Key=IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm&2021lnboxLightesapncrosoversuvsnowinallovertheworld_IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm_SWRSOTYyZEcybVRW-&3eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45b
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1401:4000:19e::1301 Boston, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
4bb869815ae1769db30845928b106809b8f2b3af05b862810adeafee9796a92c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://autodoc345kwru.gb.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Tue, 16 Nov 2021 17:24:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 12 Oct 2021 14:00:24 GMT
etag
"621-5ce2844552e00"
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
max-age=21600
strict-transport-security
max-age=31536000
accept-ranges
bytes
vary
Accept-Encoding
content-length
706
x-xss-protection
1; mode=block
expires
Tue, 16 Nov 2021 23:24:25 GMT
cookies.js
sa.www4.irs.gov/eauth/pub/common/scripts/ Frame 7F3B
1 KB
949 B
Script
General
Full URL
https://sa.www4.irs.gov/eauth/pub/common/scripts/cookies.js
Requested by
Host: autodoc345kwru.gb.net
URL: https://autodoc345kwru.gb.net/yuiujytgrfeds/IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm/?Key=IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm&2021lnboxLightesapncrosoversuvsnowinallovertheworld_IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm_SWRSOTYyZEcybVRW-&3eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45b
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1401:4000:19e::1301 Boston, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
fc469373428729fb31a143825bf37f5a27ac655aef497f58eb428de45e637789
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://autodoc345kwru.gb.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Tue, 16 Nov 2021 17:24:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 12 Oct 2021 14:00:22 GMT
etag
"45f-5ce284436a980"
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
max-age=21600
strict-transport-security
max-age=31536000
accept-ranges
bytes
vary
Accept-Encoding
content-length
470
x-xss-protection
1; mode=block
expires
Tue, 16 Nov 2021 23:24:25 GMT
jquery-2.1.4.js
sa.www4.irs.gov/eauth/pub/common/scripts/ Frame 7F3B
242 KB
72 KB
Script
General
Full URL
https://sa.www4.irs.gov/eauth/pub/common/scripts/jquery-2.1.4.js
Requested by
Host: autodoc345kwru.gb.net
URL: https://autodoc345kwru.gb.net/yuiujytgrfeds/IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm/?Key=IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm&2021lnboxLightesapncrosoversuvsnowinallovertheworld_IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm_SWRSOTYyZEcybVRW-&3eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45b
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1401:4000:19e::1301 Boston, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
b2215cce5830e2350b9d420271d9bd82340f664c3f60f0ea850f7e9c0392704e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://autodoc345kwru.gb.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Tue, 16 Nov 2021 17:24:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 12 Oct 2021 14:00:24 GMT
etag
"3c72d-5ce2844552e00"
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
max-age=21600
strict-transport-security
max-age=31536000
accept-ranges
bytes
vary
Accept-Encoding
content-length
73508
x-xss-protection
1; mode=block
expires
Tue, 16 Nov 2021 23:24:25 GMT
login_display.jsp
sa.www4.irs.gov/eauth/pub/common/scripts/ Frame 7F3B
1 KB
2 KB
Script
General
Full URL
https://sa.www4.irs.gov/eauth/pub/common/scripts/login_display.jsp
Requested by
Host: autodoc345kwru.gb.net
URL: https://autodoc345kwru.gb.net/yuiujytgrfeds/IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm/?Key=IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm&2021lnboxLightesapncrosoversuvsnowinallovertheworld_IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm_SWRSOTYyZEcybVRW-&3eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45b
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1401:4000:19e::1301 Boston, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
14513209b152a76c3b70a29038886c96bd67eaadb32a45787f91ad5ad607b9a2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://autodoc345kwru.gb.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
date
Tue, 16 Nov 2021 17:24:25 GMT
content-length
1125
x-xss-protection
1; mode=block
content-type
text/javascript;charset=UTF-8
session_expired_warning_js.jsp
sa.www4.irs.gov/eauth/pub/common/scripts/ Frame 7F3B
3 KB
4 KB
Script
General
Full URL
https://sa.www4.irs.gov/eauth/pub/common/scripts/session_expired_warning_js.jsp
Requested by
Host: autodoc345kwru.gb.net
URL: https://autodoc345kwru.gb.net/yuiujytgrfeds/IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm/?Key=IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm&2021lnboxLightesapncrosoversuvsnowinallovertheworld_IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm_SWRSOTYyZEcybVRW-&3eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45b
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1401:4000:19e::1301 Boston, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
323a0bec2e299d1f255f8e871f93f34fae119a1d16ced8444bda6df1e4045818
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://autodoc345kwru.gb.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
date
Tue, 16 Nov 2021 17:24:25 GMT
content-length
2973
x-xss-protection
1; mode=block
content-type
text/javascript;charset=ISO-8859-1
logo.png
sa.www4.irs.gov//eauth/pub/common/images/ Frame 7F3B
3 KB
3 KB
Image
General
Full URL
https://sa.www4.irs.gov//eauth/pub/common/images/logo.png
Requested by
Host: autodoc345kwru.gb.net
URL: https://autodoc345kwru.gb.net/yuiujytgrfeds/IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm/?Key=IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm&2021lnboxLightesapncrosoversuvsnowinallovertheworld_IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm_SWRSOTYyZEcybVRW-&3eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45b
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1401:4000:19e::1301 Boston, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
b831fccf6dfafa26d4eb3d51369ed026b733dbfd7850217b15511e1266d96115
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://autodoc345kwru.gb.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Tue, 16 Nov 2021 17:24:26 GMT
x-content-type-options
nosniff
last-modified
Tue, 12 Oct 2021 14:00:18 GMT
etag
"a9c-5ce2843f9a080"
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
max-age=21600
strict-transport-security
max-age=31536000
accept-ranges
bytes
content-length
2716
x-xss-protection
1; mode=block
expires
Tue, 16 Nov 2021 23:24:26 GMT
button_create_account.jpg
sa.www4.irs.gov//eauth/pub/common/images/ Frame 7F3B
6 KB
6 KB
Image
General
Full URL
https://sa.www4.irs.gov//eauth/pub/common/images/button_create_account.jpg
Requested by
Host: autodoc345kwru.gb.net
URL: https://autodoc345kwru.gb.net/yuiujytgrfeds/IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm/?Key=IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm&2021lnboxLightesapncrosoversuvsnowinallovertheworld_IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm_SWRSOTYyZEcybVRW-&3eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45b
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1401:4000:19e::1301 Boston, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
3a8059b83c8b9e467ac61b5956ff68d862839c8ef9bbf6b0969257ebb8085f4f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://autodoc345kwru.gb.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Tue, 16 Nov 2021 17:24:26 GMT
x-content-type-options
nosniff
last-modified
Tue, 12 Oct 2021 14:00:14 GMT
etag
"1635-5ce2843bc9780"
x-frame-options
SAMEORIGIN
content-type
image/jpeg
cache-control
max-age=21600
strict-transport-security
max-age=31536000
accept-ranges
bytes
content-length
5685
x-xss-protection
1; mode=block
expires
Tue, 16 Nov 2021 23:24:26 GMT
button_login.jpg
sa.www4.irs.gov//eauth/pub/common/images/ Frame 7F3B
4 KB
4 KB
Image
General
Full URL
https://sa.www4.irs.gov//eauth/pub/common/images/button_login.jpg
Requested by
Host: autodoc345kwru.gb.net
URL: https://autodoc345kwru.gb.net/yuiujytgrfeds/IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm/?Key=IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm&2021lnboxLightesapncrosoversuvsnowinallovertheworld_IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm_SWRSOTYyZEcybVRW-&3eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45b
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1401:4000:19e::1301 Boston, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
9e491119135916d14c8f73c1106ce3b1fbb0cd671987e05af9f9bf270bae5b5b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://autodoc345kwru.gb.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Tue, 16 Nov 2021 17:24:26 GMT
x-content-type-options
nosniff
last-modified
Tue, 12 Oct 2021 14:00:14 GMT
etag
"eb3-5ce2843bc9780"
x-frame-options
SAMEORIGIN
content-type
image/jpeg
cache-control
max-age=21600
strict-transport-security
max-age=31536000
accept-ranges
bytes
content-length
3763
x-xss-protection
1; mode=block
expires
Tue, 16 Nov 2021 23:24:26 GMT
ONDQB
autodoc345kwru.gb.net/_O8RSOyVhKtcHpOih5iC/SE7X2ffNm5/fQUZPAE/VD4_U3c/ Frame 7F3B
0
0
Script
General
Full URL
https://autodoc345kwru.gb.net/_O8RSOyVhKtcHpOih5iC/SE7X2ffNm5/fQUZPAE/VD4_U3c/ONDQB
Requested by
Host: autodoc345kwru.gb.net
URL: https://autodoc345kwru.gb.net/yuiujytgrfeds/IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm/?Key=IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm&2021lnboxLightesapncrosoversuvsnowinallovertheworld_IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm_SWRSOTYyZEcybVRW-&3eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45b
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.153.183.32 Los Angeles, United States, ASN140947 (SNTHOSTINGS-AS-AP SnTHostings, IN),
Reverse DNS
103.153.183.32.static.snthostings.com
Software
Apache /
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://autodoc345kwru.gb.net/yuiujytgrfeds/IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm/?Key=IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm&2021lnboxLightesapncrosoversuvsnowinallovertheworld_IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm_SWRSOTYyZEcybVRW-&3eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45b
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Tue, 16 Nov 2021 17:24:26 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=97
Content-Length
315
Content-Type
text/html; charset=iso-8859-1
65319_1825232221.js
p11.techlab-cdn.com/e/ Frame 7F3B
56 KB
19 KB
Fetch
General
Full URL
https://p11.techlab-cdn.com/e/65319_1825232221.js
Requested by
Host: sa.www4.irs.gov
URL: https://sa.www4.irs.gov/public/32cdc9d4acaceaaa7f245fa2cebd5a11630011008c0e
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:7100::687e:2588 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
e0916afbe5f8291168214915bcea9bc411678257222ea7c7ea0d075fc9eb8c4b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://autodoc345kwru.gb.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Tue, 16 Nov 2021 17:24:26 GMT
content-encoding
gzip
last-modified
Mon, 29 Mar 2021 14:50:47 GMT
content-md5
8uL8P6st2u5Ul6/yMgHEBA==
etag
"0x8D8F2C209B74786"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, HEAD
content-type
application/javascript
access-control-allow-origin
*
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-lease-state,x-ms-blob-type,Accept-Ranges,Content-Length,Date,Transfer-Encoding
cache-control
max-age=600
accept-ranges
bytes
timing-allow-origin
*
content-length
18645
expires
Tue, 16 Nov 2021 17:34:26 GMT
65257_1825232190.js
p11.techlab-cdn.com/e/ Frame 7F3B
14 KB
6 KB
Fetch
General
Full URL
https://p11.techlab-cdn.com/e/65257_1825232190.js
Requested by
Host: sa.www4.irs.gov
URL: https://sa.www4.irs.gov/public/32cdc9d4acaceaaa7f245fa2cebd5a11630011008c0e
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:7100::687e:2588 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
72667f8da6f63197e092832b2028a562ecfd78a599848ed873d3bd24dd3a7725

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://autodoc345kwru.gb.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Tue, 16 Nov 2021 17:24:26 GMT
content-encoding
gzip
last-modified
Wed, 31 Mar 2021 11:07:05 GMT
content-md5
Dz6kDlqcMQZmScOUVuRDHA==
etag
"0x8D8F4351E4CC3B3"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, HEAD
content-type
application/javascript
access-control-allow-origin
*
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-lease-state,x-ms-blob-type,Accept-Ranges,Content-Length,Date,Transfer-Encoding
cache-control
max-age=600
accept-ranges
bytes
timing-allow-origin
*
content-length
5946
expires
Tue, 16 Nov 2021 17:34:26 GMT
64885_1825232283.js
p11.techlab-cdn.com/e/ Frame 7F3B
4 KB
2 KB
Fetch
General
Full URL
https://p11.techlab-cdn.com/e/64885_1825232283.js
Requested by
Host: sa.www4.irs.gov
URL: https://sa.www4.irs.gov/public/32cdc9d4acaceaaa7f245fa2cebd5a11630011008c0e
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:7100::687e:2588 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
2281bceeaf3c81dc26731248960c8d210a0d461a02759c39b7a7b6c5ee1e06a0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://autodoc345kwru.gb.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Tue, 16 Nov 2021 17:24:26 GMT
content-encoding
gzip
last-modified
Tue, 02 Feb 2021 20:14:20 GMT
content-md5
kYjINenfgD1AmqSEyGQZvA==
etag
"0x8D8C7B7200E6A28"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, HEAD
content-type
application/javascript
access-control-allow-origin
*
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-lease-state,x-ms-blob-type,Accept-Ranges,Content-Length,Date,Transfer-Encoding
cache-control
max-age=600
accept-ranges
bytes
timing-allow-origin
*
content-length
1872
expires
Tue, 16 Nov 2021 17:34:26 GMT
65226_1825232252.js
p11.techlab-cdn.com/e/ Frame 7F3B
69 KB
31 KB
Fetch
General
Full URL
https://p11.techlab-cdn.com/e/65226_1825232252.js
Requested by
Host: sa.www4.irs.gov
URL: https://sa.www4.irs.gov/public/32cdc9d4acaceaaa7f245fa2cebd5a11630011008c0e
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:7100::687e:2588 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
7fe83b2a2a1ae9ad497d13e1ce081cda73dc1cedeef4aaeef70076aaa756941f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://autodoc345kwru.gb.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Tue, 16 Nov 2021 17:24:26 GMT
content-encoding
gzip
last-modified
Mon, 29 Mar 2021 13:29:26 GMT
content-md5
URLoK8cyoF5H4IQzc2wXGQ==
etag
"0x8D8F2B6ACC67D2E"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, HEAD
content-type
application/javascript
access-control-allow-origin
*
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-lease-state,x-ms-blob-type,Accept-Ranges,Content-Length,Date,Transfer-Encoding
cache-control
max-age=600
accept-ranges
bytes
timing-allow-origin
*
content-length
31132
expires
Tue, 16 Nov 2021 17:34:26 GMT
analytics.js
www.google-analytics.com/ Frame 7F3B
49 KB
20 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: sa.www4.irs.gov
URL: https://sa.www4.irs.gov/public/32cdc9d4acaceaaa7f245fa2cebd5a11630011008c0e
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://autodoc345kwru.gb.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 02 Nov 2021 17:39:06 GMT
server
Golfe2
age
5000
date
Tue, 16 Nov 2021 16:01:06 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Tue, 16 Nov 2021 18:01:06 GMT
linkid.js
www.google-analytics.com/plugins/ua/ Frame 7F3B
2 KB
1 KB
Script
General
Full URL
https://www.google-analytics.com/plugins/ua/linkid.js
Requested by
Host: sa.www4.irs.gov
URL: https://sa.www4.irs.gov/public/32cdc9d4acaceaaa7f245fa2cebd5a11630011008c0e
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://autodoc345kwru.gb.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Tue, 16 Nov 2021 17:20:47 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
219
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
859
x-xss-protection
0
last-modified
Tue, 22 Oct 2019 18:15:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Tue, 16 Nov 2021 18:20:47 GMT
offers.js
connect.irs.gov/system/web/view/offers/ Frame 7F3B
7 KB
3 KB
Script
General
Full URL
https://connect.irs.gov/system/web/view/offers/offers.js
Requested by
Host: sa.www4.irs.gov
URL: https://sa.www4.irs.gov/public/32cdc9d4acaceaaa7f245fa2cebd5a11630011008c0e
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f12:6fd:f500:b83e:bc16:40b7:efe9 Boardman, United States, ASN8987 (AMAZON EXPANSION, IE),
Reverse DNS
Software
/
Resource Hash
c90e6d0f2fc077e47949e56b0221636284c62697a133dd7fcf92ae0020e2c23b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://autodoc345kwru.gb.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
cache
date
Tue, 16 Nov 2021 17:24:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
accept-encoding
compress,gzip
last-modified
Sun, 04 Jul 2021 00:58:00 GMT
server
vary
Accept-Encoding
content-type
application/javascript;charset=utf-8
expires
Thu, 01 Jan 1970 00:00:00 GMT
cache-control
max-age=86400,private
strict-transport-security
max-age=31536000; includeSubDomains; preload
accept-ranges
bytes
content-length
2680
x-ua-compatible
IE=EmulateIE9, IE=EmulateIE9
egain-chat.js
connect.irs.gov/system/templates/chat/ Frame 7F3B
2 KB
2 KB
Script
General
Full URL
https://connect.irs.gov/system/templates/chat/egain-chat.js
Requested by
Host: sa.www4.irs.gov
URL: https://sa.www4.irs.gov/public/32cdc9d4acaceaaa7f245fa2cebd5a11630011008c0e
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f12:6fd:f500:b83e:bc16:40b7:efe9 Boardman, United States, ASN8987 (AMAZON EXPANSION, IE),
Reverse DNS
Software
/
Resource Hash
0b612f32a5ea492a7975ed975b6470c279f280a04ac4de1d027afe1c1e5923bb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://autodoc345kwru.gb.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Tue, 16 Nov 2021 17:24:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Sat, 07 Aug 2021 00:31:26 GMT
server
etag
"e0e66f8e238bd71:0"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=7200,private
strict-transport-security
max-age=31536000; includeSubDomains; preload
accept-ranges
bytes
content-length
1068
ONDQB
autodoc345kwru.gb.net/_O8RSOyVhKtcHpOih5iC/SE7X2ffNm5/fQUZPAE/VD4_U3c/ Frame 7F3B
0
0
Script
General
Full URL
https://autodoc345kwru.gb.net/_O8RSOyVhKtcHpOih5iC/SE7X2ffNm5/fQUZPAE/VD4_U3c/ONDQB
Requested by
Host: autodoc345kwru.gb.net
URL: https://autodoc345kwru.gb.net/yuiujytgrfeds/IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm/?Key=IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm&2021lnboxLightesapncrosoversuvsnowinallovertheworld_IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm_SWRSOTYyZEcybVRW-&3eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45b
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.153.183.32 Los Angeles, United States, ASN140947 (SNTHOSTINGS-AS-AP SnTHostings, IN),
Reverse DNS
103.153.183.32.static.snthostings.com
Software
Apache /
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://autodoc345kwru.gb.net/yuiujytgrfeds/IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm/?Key=IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm&2021lnboxLightesapncrosoversuvsnowinallovertheworld_IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm_SWRSOTYyZEcybVRW-&3eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45b
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Tue, 16 Nov 2021 17:24:26 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=96
Content-Length
315
Content-Type
text/html; charset=iso-8859-1
message.json
autodoc345kwru.gb.net/eauth/static/ Frame 7F3B
315 B
515 B
XHR
General
Full URL
https://autodoc345kwru.gb.net/eauth/static/message.json
Requested by
Host: sa.www4.irs.gov
URL: https://sa.www4.irs.gov/public/32cdc9d4acaceaaa7f245fa2cebd5a11630011008c0e
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.153.183.32 Los Angeles, United States, ASN140947 (SNTHOSTINGS-AS-AP SnTHostings, IN),
Reverse DNS
103.153.183.32.static.snthostings.com
Software
Apache /
Resource Hash
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://autodoc345kwru.gb.net/yuiujytgrfeds/IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm/?Key=IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm&2021lnboxLightesapncrosoversuvsnowinallovertheworld_IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm_SWRSOTYyZEcybVRW-&3eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45b
X-Requested-With
XMLHttpRequest
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Tue, 16 Nov 2021 17:24:26 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=95
Content-Length
315
Content-Type
text/html; charset=iso-8859-1
Offers.egain
connect.irs.gov/system/ Frame 7F3B
957 B
1 KB
Script
General
Full URL
https://connect.irs.gov/system/Offers.egain?command=GetRulesJS&egofferpageurl=https%3A%2F%2Fautodoc345kwru.gb.net%2Fyuiujytgrfeds%2FIdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm%2F%3FKey%3DIdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm%262021lnboxLightesapncrosoversuvsnowinallovertheworld_IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm_SWRSOTYyZEcybVRW-%263eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45b&egofferpagetitle=Log%20In&egofferpatternchecksum=
Requested by
Host: sa.www4.irs.gov
URL: https://sa.www4.irs.gov/public/32cdc9d4acaceaaa7f245fa2cebd5a11630011008c0e
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f12:6fd:f500:b83e:bc16:40b7:efe9 Boardman, United States, ASN8987 (AMAZON EXPANSION, IE),
Reverse DNS
Software
/
Resource Hash
eb2f73d74c12297bbef8a05f74ef6f8ca5c33631c35eaf7ce4429ea40b8eb196
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://autodoc345kwru.gb.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 16 Nov 2021 17:24:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
no-cache
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
446
x-ua-compatible
IE=EmulateIE9

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: IRS (Government)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler function| $ function| jQuery function| calcHeight object| jQuery110207483687329880224

5 Cookies

Domain/Path Name / Value
connect.irs.gov/system Name: JSESSIONID
Value: node03bcf4phidtz413vezqlfye490412143.node0
.taxprotdsreactivationsystem.com/ Name: _bit
Value: laghon-f51cac2b25f3926e55-00f
.sa.www4.irs.gov/ Name: akaalb_sa_alb
Value: 1637084365~op=~rv=95~m=~os=~id=4a6cebae46cc98030d8e77631cbc9b15
.sa.www4.irs.gov/ Name: akaalb_sa_eauth_alb
Value: 1637084366~op=ALB_SA_EAUTH:SA_Origin_DCS|~rv=65~m=SA_Origin_DCS:0|~os=850f67b9c612bad1bf84b6b3a1b0f61e~id=0cfb10b09f6d75faffac1853ace86fc9
connect.irs.gov/ Name: AWSALBCORS
Value: YGKJNq49jwtiu5kNt2cld6RpwG04VQV2AAL0GVa8p8iw3QGK/yjA0ZQ/apa1SzcSNnmBBrZwcfCBVN9MkiMV60CAzqZzD3e9wdKzLXfrYd6ARL8GQ+NUrBJZ9i3m

5 Console Messages

Source Level URL
Text
network error URL: https://autodoc345kwru.gb.net/_O8RSOyVhKtcHpOih5iC/SE7X2ffNm5/fQUZPAE/VD4_U3c/ONDQB
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
javascript error URL: https://autodoc345kwru.gb.net/yuiujytgrfeds/IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm/?Key=IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm&2021lnboxLightesapncrosoversuvsnowinallovertheworld_IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm_SWRSOTYyZEcybVRW-&3eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45b(Line 215)
Message:
Unsafe attempt to initiate navigation for frame with URL 'https://storage.googleapis.com/gr4ih4.appspot.com/ytujyhtgbvfdcsx.html' from frame with URL 'https://autodoc345kwru.gb.net/yuiujytgrfeds/IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm/?Key=IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm&2021lnboxLightesapncrosoversuvsnowinallovertheworld_IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm_SWRSOTYyZEcybVRW-&3eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45b'. The frame attempting navigation is targeting its top-level window, but is neither same-origin with its target nor has it received a user gesture. See https://www.chromestatus.com/features/5851021045661696.
network error URL: https://autodoc345kwru.gb.net/_O8RSOyVhKtcHpOih5iC/SE7X2ffNm5/fQUZPAE/VD4_U3c/ONDQB
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
deprecation warning URL: https://sa.www4.irs.gov/eauth/pub/common/scripts/cookies.js(Line 33)
Message:
Triggering window.alert from cross origin iframes has been deprecated and will be removed in the future.
network error URL: https://autodoc345kwru.gb.net/eauth/static/message.json
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
autodoc345kwru.gb.net
connect.irs.gov
p11.techlab-cdn.com
sa.www4.irs.gov
storage.googleapis.com
taxprotdsreactivationsystem.com
www.google-analytics.com
www.irs.gov
103.153.183.32
2600:1401:4000:19e::1301
2600:1401:4000:1a9::f50
2600:1f12:6fd:f500:b83e:bc16:40b7:efe9
2a00:1450:4001:813::200a
2a00:1450:4001:829::2010
2a00:1450:4001:831::200e
2a02:26f0:7100::687e:2588
67.199.248.12
01fc73cda1cfec585350c5192d95a79c978f6489474ae13782696f164b578310
0b612f32a5ea492a7975ed975b6470c279f280a04ac4de1d027afe1c1e5923bb
140b35e1111d615e355652a2da6e1d62212c9ea6734d0e78e3fc9b0f3d2b92ea
14513209b152a76c3b70a29038886c96bd67eaadb32a45787f91ad5ad607b9a2
2281bceeaf3c81dc26731248960c8d210a0d461a02759c39b7a7b6c5ee1e06a0
27ad5be4102ef88add12d3ed9fcd75d69102343ed22f9538ea6d7b19ad9f7f5d
2899294e858822fb49f31663d040b1e0eb1c000acec4408145467896b4679253
29837a520cb34c9eb9a4b198d68842f370995c4fa1b3415b625c3737bb8cbbc6
29da6cc572fcdd9a04cdab31c52de1a1c235a457a01c1e0c3a6fadf1a4154cae
2be3b38d08ee42e465df6f396db597546f9ab8d8c334e326d8a6d66a18f5a046
30e2a68237bb95c4873a3edcc6c0ec402dd1e025e29755bd30629d88b06323ca
323a0bec2e299d1f255f8e871f93f34fae119a1d16ced8444bda6df1e4045818
33c4219e0ab5afd5aecfa72b902a2a722857f752ee965a1f386cca19b313b760
3a8059b83c8b9e467ac61b5956ff68d862839c8ef9bbf6b0969257ebb8085f4f
4bb869815ae1769db30845928b106809b8f2b3af05b862810adeafee9796a92c
4cd6979b455fcbd956fda9de08eca1d4e1f67d11e19678af20c27e69c9a0866f
72667f8da6f63197e092832b2028a562ecfd78a599848ed873d3bd24dd3a7725
74c161b1713fc0fec6f54f1d5d6d7ffc73b8b22dba20eed4d05329985f44fb11
7fbe8e0b4701e7f4aaa9c47499a17862dcec2d93c55b1231f6646c667ed194aa
7fe83b2a2a1ae9ad497d13e1ce081cda73dc1cedeef4aaeef70076aaa756941f
82c54fc0f123e80a4791ea2a8348812e073cbda81f8f45ea4ebcd4c381fe2827
89a15e9c40bc6b14809f236ee8cd3ed1ea42393c1f6ca55c7855cd779b3f922e
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
9e491119135916d14c8f73c1106ce3b1fbb0cd671987e05af9f9bf270bae5b5b
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
b2215cce5830e2350b9d420271d9bd82340f664c3f60f0ea850f7e9c0392704e
b831fccf6dfafa26d4eb3d51369ed026b733dbfd7850217b15511e1266d96115
c90e6d0f2fc077e47949e56b0221636284c62697a133dd7fcf92ae0020e2c23b
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
e0916afbe5f8291168214915bcea9bc411678257222ea7c7ea0d075fc9eb8c4b
eb2f73d74c12297bbef8a05f74ef6f8ca5c33631c35eaf7ce4429ea40b8eb196
fc469373428729fb31a143825bf37f5a27ac655aef497f58eb428de45e637789