storage.googleapis.com Open in urlscan Pro
2a00:1450:4001:829::2010 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://taxprotdsreactivationsystem.com/3wPvSMP
Effective URL:
https://storage.googleapis.com/gr4ih4.appspot.com/ytujyhtgbvfdcsx.html
Submission: On November 16 via manual (November 16th 2021, 5:24:28 pm UTC) from US — Scanned from DE

Summary HTTP 34 Redirects Behaviour Indicators

Summary

This website contacted 7 IPs in 2 countries across 6 domains to perform 34 HTTP transactions. The main IP is 2a00:1450:4001:829::2010, located in Frankfurt am Main, Germany and belongs to GOOGLE, US. The main domain is storage.googleapis.com.
TLS certificate: Issued by GTS CA 1C3 on October 18th 2021. Valid for: 3 months.

This is the only time storage.googleapis.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: IRS (Government)

Domain & IP information

	IP Address	AS Autonomous System
1 1	67.199.248.12 67.199.248.12	396982 (GOOGLE-PR...) (GOOGLE-PRIVATE-CLOUD)
1	2a00:1450:400... 2a00:1450:4001:829::2010	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:813::200a	15169 (GOOGLE) (GOOGLE)
1 6	103.153.183.32 103.153.183.32	140947 (SNTHOSTIN...) (SNTHOSTINGS-AS-AP SnTHostings)
17	2600:1401:400... 2600:1401:4000:19e::1301	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 1	2600:1401:400... 2600:1401:4000:1a9::f50	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4	2600:1f12:6fd... 2600:1f12:6fd:f500:b83e:bc16:40b7:efe9	8987 (AMAZON EX...) (AMAZON EXPANSION)
4	2a02:26f0:710... 2a02:26f0:7100::687e:2588	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a00:1450:400... 2a00:1450:4001:831::200e	15169 (GOOGLE) (GOOGLE)
34	7

1 67.199.248.12 (United States) 1 redirects

ASN396982 (GOOGLE-PRIVATE-CLOUD, US)
PTR: cname.bitly.com

taxprotdsreactivationsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2010 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

storage.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 103.153.183.32 (Los Angeles, United States) 1 redirects

ASN140947 (SNTHOSTINGS-AS-AP SnTHostings, IN)
PTR: 103.153.183.32.static.snthostings.com

autodoc345kwru.gb.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2600:1401:4000:19e::1301 (Boston, United States)

ASN20940 (AKAMAI-ASN1, NL)

sa.www4.irs.gov	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1401:4000:1a9::f50 (Boston, United States) 1 redirects

ASN20940 (AKAMAI-ASN1, NL)

www.irs.gov	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:1f12:6fd:f500:b83e:bc16:40b7:efe9 (Boardman, United States)

ASN8987 (AMAZON EXPANSION, IE)

connect.irs.gov	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:26f0:7100::687e:2588 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

p11.techlab-cdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
22	irs.gov 1 redirects sa.www4.irs.gov www.irs.gov connect.irs.gov	225 KB
6	gb.net 1 redirects autodoc345kwru.gb.net	12 KB
4	techlab-cdn.com p11.techlab-cdn.com	58 KB
2	google-analytics.com www.google-analytics.com	21 KB
2	googleapis.com storage.googleapis.com ajax.googleapis.com	35 KB
1	taxprotdsreactivationsystem.com 1 redirects taxprotdsreactivationsystem.com	289 B
34	6

	Domain	Requested by
17	sa.www4.irs.gov	autodoc345kwru.gb.net
6	autodoc345kwru.gb.net	1 redirects storage.googleapis.com autodoc345kwru.gb.net sa.www4.irs.gov
4	p11.techlab-cdn.com	sa.www4.irs.gov
4	connect.irs.gov	autodoc345kwru.gb.net sa.www4.irs.gov
2	www.google-analytics.com	sa.www4.irs.gov
1	www.irs.gov	1 redirects
1	ajax.googleapis.com	storage.googleapis.com
1	storage.googleapis.com
1	taxprotdsreactivationsystem.com	1 redirects
34	9

This site contains no links.

Subject Issuer	Validity	Valid
*.storage.googleapis.com GTS CA 1C3	`2021-10-18` - `2022-01-10`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2021-10-18` - `2022-01-10`	3 months	crt.sh
*.autodoc345kwru.gb.net R3	`2021-10-01` - `2021-12-30`	3 months	crt.sh
sa.www4.irs.gov Entrust Certification Authority - L1K	`2021-09-29` - `2022-10-28`	a year	crt.sh
go.chameleonx.com DigiCert SHA2 Secure Server CA	`2021-11-08` - `2022-11-08`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
connect.irs.gov Entrust Certification Authority - L1K	`2020-12-08` - `2021-12-14`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://storage.googleapis.com/gr4ih4.appspot.com/ytujyhtgbvfdcsx.html
Frame ID: 47D260661DD811F9080AF5799D8BCE49
Requests: 2 HTTP requests in this frame

Frame: https://autodoc345kwru.gb.net/yuiujytgrfeds/IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm/?Key=IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm&2021lnboxLightesapncrosoversuvsnowinallovertheworld_IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm_SWRSOTYyZEcybVRW-&3eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45b
Frame ID: 7F3B0BE0DF5AE896ACAE71854357EEF6
Requests: 32 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://taxprotdsreactivationsystem.com/3wPvSMP HTTP 301
https://storage.googleapis.com/gr4ih4.appspot.com/ytujyhtgbvfdcsx.html Page URL

Page Statistics

34
Requests

97 %
HTTPS

78 %
IPv6

6
Domains

9
Subdomains

7
IPs

2
Countries

351 kB
Transfer

905 kB
Size

5
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://taxprotdsreactivationsystem.com/3wPvSMP HTTP 301
https://storage.googleapis.com/gr4ih4.appspot.com/ytujyhtgbvfdcsx.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 2

https://autodoc345kwru.gb.net/yuiujytgrfeds/IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm?Key=IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm&2021lnboxLightesapncrosoversuvsnowinallovertheworld_IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm_SWRSOTYyZEcybVRW-&3eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45b HTTP 301
https://autodoc345kwru.gb.net/yuiujytgrfeds/IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm/?Key=IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm&2021lnboxLightesapncrosoversuvsnowinallovertheworld_IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm_SWRSOTYyZEcybVRW-&3eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45b

Request Chain 8

https://www.irs.gov/tdcoffers.js HTTP 302
https://connect.irs.gov/system/web/custom/offers/custoffers.js

34 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request ytujyhtgbvfdcsx.html Show response
storage.googleapis.com/gr4ih4.appspot.com/
Redirect Chain

https://taxprotdsreactivationsystem.com/3wPvSMP
https://storage.googleapis.com/gr4ih4.appspot.com/ytujyhtgbvfdcsx.html

1 KB
2 KB

180ms
156ms

Document
text/html

2a00:1450:4001:829::2010
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://storage.googleapis.com/gr4ih4.appspot.com/ytujyhtgbvfdcsx.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:829::2010 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 4cd6979b455fcbd956fda9de08eca1d4e1f67d11e19678af20c27e69c9a0866f

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

x-guploader-uploadid: ADPycdv8nNtBWeKQRw6pMa8JvYY8YL8Ecb8ZdraeTUSfsi96p2Tv2sSIqVhx9homtIYzu9-B8ZlGOyJBcVrjwoxU2p4
expires: Tue, 16 Nov 2021 18:24:23 GMT
date: Tue, 16 Nov 2021 17:24:23 GMT
last-modified: Fri, 12 Nov 2021 00:39:07 GMT
etag: "64db5769b3dc5b239d2c9a4999a0f7cd"
x-goog-generation: 1636677547029007
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 1480
x-goog-meta-firebasestoragedownloadtokens: 5f037fe0-32ea-44c5-951a-9f35c0a15a94
content-type: text/html
content-disposition: inline; filename*=utf-8''ytujyhtgbvfdcsx.html
x-goog-hash: crc32c=XeTSQw== md5=ZNtXabPcWyOdLJpJmaD3zQ==
x-goog-storage-class: STANDARD
accept-ranges: bytes
content-length: 1480
server: UploadServer
cache-control: public, max-age=3600
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

cache-control: private, max-age=90
content-security-policy: referrer always;
content-type: text/html; charset=utf-8
date: Tue, 16 Nov 2021 17:24:23 GMT
location: https://storage.googleapis.com/gr4ih4.appspot.com/ytujyhtgbvfdcsx.html
referrer-policy: unsafe-url
server: nginx
strict-transport-security: max-age=1209600
content-length: 157

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.10.2/ 91 KB
33 KB 33ms
9ms Script
text/javascript 2a00:1450:4001:813::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js

Requested by

Host: storage.googleapis.com
URL: https://storage.googleapis.com/gr4ih4.appspot.com/ytujyhtgbvfdcsx.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

89a15e9c40bc6b14809f236ee8cd3ed1ea42393c1f6ca55c7855cd779b3f922e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://storage.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 17:00:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1461
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32954
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 16 Nov 2022 17:00:02 GMT

GET
H/1.1 200
OK / Show response
autodoc345kwru.gb.net/yuiujytgrfeds/ Frame 7F3B 1 KB
2 KB 1309ms
464ms Document
text/html 103.153.183.32
SNTHOSTINGS-AS-AP...

General

Check archive.org

Show headers Download Go to

Full URL: https://autodoc345kwru.gb.net/yuiujytgrfeds/?bigdreamice=gbf34rfejkf
Requested by: Host: storage.googleapis.com
URL: https://storage.googleapis.com/gr4ih4.appspot.com/ytujyhtgbvfdcsx.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.153.183.32 Los Angeles, United States, ASN140947 (SNTHOSTINGS-AS-AP SnTHostings, IN),
Reverse DNS: 103.153.183.32.static.snthostings.com
Software: Apache /
Resource Hash: 29da6cc572fcdd9a04cdab31c52de1a1c235a457a01c1e0c3a6fadf1a4154cae

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://storage.googleapis.com/

Response headers

Date: Tue, 16 Nov 2021 17:24:24 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1

200
OK

/ Show response
autodoc345kwru.gb.net/yuiujytgrfeds/IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm/ Frame 7F3B
Redirect Chain

https://autodoc345kwru.gb.net/yuiujytgrfeds/IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm?Key=IdR962dG2mTV39.32.60.234...
https://autodoc345kwru.gb.net/yuiujytgrfeds/IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm/?Key=IdR962dG2mTV39.32.60.23...

9 KB
9 KB

157ms
157ms

Document
text/html

103.153.183.32
SNTHOSTINGS-AS-AP...

General

Check archive.org

Show headers Download Go to

Full URL: https://autodoc345kwru.gb.net/yuiujytgrfeds/IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm/?Key=IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm&2021lnboxLightesapncrosoversuvsnowinallovertheworld_IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm_SWRSOTYyZEcybVRW-&3eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45b
Requested by: Host: autodoc345kwru.gb.net
URL: https://autodoc345kwru.gb.net/yuiujytgrfeds/?bigdreamice=gbf34rfejkf
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.153.183.32 Los Angeles, United States, ASN140947 (SNTHOSTINGS-AS-AP SnTHostings, IN),
Reverse DNS: 103.153.183.32.static.snthostings.com
Software: Apache /
Resource Hash: 33c4219e0ab5afd5aecfa72b902a2a722857f752ee965a1f386cca19b313b760

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://autodoc345kwru.gb.net/yuiujytgrfeds/?bigdreamice=gbf34rfejkf

Response headers

Date: Tue, 16 Nov 2021 17:24:25 GMT
Server: Apache
Last-Modified: Tue, 16 Nov 2021 17:24:24 GMT
Accept-Ranges: bytes
Content-Length: 9157
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html

Redirect headers

Date: Tue, 16 Nov 2021 17:24:25 GMT
Server: Apache
Location: https://autodoc345kwru.gb.net/yuiujytgrfeds/IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm/?Key=IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm&2021lnboxLightesapncrosoversuvsnowinallovertheworld_IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm_SWRSOTYyZEcybVRW-&3eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45b
Content-Length: 774
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

GET
H2 200 styles-nonie-1024.css
sa.www4.irs.gov/eauth/pub/common/styleSheets/ Frame 7F3B 34 KB
8 KB 424ms
115ms Stylesheet
text/css 2600:1401:4000:19e::1301
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://sa.www4.irs.gov/eauth/pub/common/styleSheets/styles-nonie-1024.css

Requested by

Host: autodoc345kwru.gb.net
URL: https://autodoc345kwru.gb.net/yuiujytgrfeds/IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm/?Key=IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm&2021lnboxLightesapncrosoversuvsnowinallovertheworld_IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm_SWRSOTYyZEcybVRW-&3eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45b

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:1401:4000:19e::1301 Boston, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

7fbe8e0b4701e7f4aaa9c47499a17862dcec2d93c55b1231f6646c667ed194aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 17:24:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 12 Oct 2021 14:00:32 GMT
etag: "88e6-5ce2844cf4000"
x-frame-options: SAMEORIGIN
content-type: text/css
cache-control: max-age=21600
strict-transport-security: max-age=31536000
accept-ranges: bytes
vary: Accept-Encoding
content-length: 7870
x-xss-protection: 1; mode=block
expires: Tue, 16 Nov 2021 23:24:25 GMT

GET
H2 200 password-feedback-styles-nonie-1024.css
sa.www4.irs.gov/eauth/pub/common/styleSheets/ Frame 7F3B 5 KB
1 KB 424ms
116ms Stylesheet
text/css 2600:1401:4000:19e::1301
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://sa.www4.irs.gov/eauth/pub/common/styleSheets/password-feedback-styles-nonie-1024.css

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:1401:4000:19e::1301 Boston, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

2be3b38d08ee42e465df6f396db597546f9ab8d8c334e326d8a6d66a18f5a046

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 17:24:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 12 Oct 2021 14:00:32 GMT
etag: "13e1-5ce2844cf4000"
x-frame-options: SAMEORIGIN
content-type: text/css
cache-control: max-age=21600
strict-transport-security: max-age=31536000
accept-ranges: bytes
vary: Accept-Encoding
content-length: 925
x-xss-protection: 1; mode=block
expires: Tue, 16 Nov 2021 23:24:25 GMT

GET
H2 200 table.css
sa.www4.irs.gov/eauth/pub/common/styleSheets/ Frame 7F3B 9 KB
2 KB 428ms
120ms Stylesheet
text/css 2600:1401:4000:19e::1301
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://sa.www4.irs.gov/eauth/pub/common/styleSheets/table.css

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:1401:4000:19e::1301 Boston, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

27ad5be4102ef88add12d3ed9fcd75d69102343ed22f9538ea6d7b19ad9f7f5d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 17:24:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 12 Oct 2021 14:00:32 GMT
etag: "236d-5ce2844cf4000"
x-frame-options: SAMEORIGIN
content-type: text/css
cache-control: max-age=21600
strict-transport-security: max-age=31536000
accept-ranges: bytes
vary: Accept-Encoding
content-length: 1336
x-xss-protection: 1; mode=block
expires: Tue, 16 Nov 2021 23:24:25 GMT

GET
H2 200 32cdc9d4acaceaaa7f245fa2cebd5a11630011008c0e Show response
sa.www4.irs.gov/public/ Frame 7F3B 139 KB
50 KB 437ms
129ms Script
application/javascript 2600:1401:4000:19e::1301
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://sa.www4.irs.gov/public/32cdc9d4acaceaaa7f245fa2cebd5a11630011008c0e

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:1401:4000:19e::1301 Boston, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

29837a520cb34c9eb9a4b198d68842f370995c4fa1b3415b625c3737bb8cbbc6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://autodoc345kwru.gb.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 17:24:25 GMT
content-encoding: gzip
vary: Accept-Encoding
content-md5: MaPeDjsD57BLIaEPxKblqg==
content-length: 50416
last-modified: Mon, 24 May 2021 22:03:27 GMT
etag: "0x8D91EFFC217171A"
strict-transport-security: max-age=31536000
access-control-allow-methods: GET, POST, HEAD
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-lease-state,x-ms-blob-type,Accept-Ranges,Content-Length,Date,Transfer-Encoding
cache-control: max-age=600
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 24 May 2021 22:14:01 GMT

GET
H2 200 ga6.js Show response
sa.www4.irs.gov//eauth/pub/common/scripts/ Frame 7F3B 1 KB
1 KB 525ms
217ms Script
application/javascript 2600:1401:4000:19e::1301
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://sa.www4.irs.gov//eauth/pub/common/scripts/ga6.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:1401:4000:19e::1301 Boston, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

82c54fc0f123e80a4791ea2a8348812e073cbda81f8f45ea4ebcd4c381fe2827

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://autodoc345kwru.gb.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 17:24:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 12 Oct 2021 14:00:24 GMT
etag: "500-5ce2844552e00"
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=21600
strict-transport-security: max-age=31536000
accept-ranges: bytes
vary: Accept-Encoding
content-length: 598
x-xss-protection: 1; mode=block
expires: Tue, 16 Nov 2021 23:24:25 GMT

GET
H2

200

custoffers.js Show response
connect.irs.gov/system/web/custom/offers/ Frame 7F3B
Redirect Chain

https://www.irs.gov/tdcoffers.js
https://connect.irs.gov/system/web/custom/offers/custoffers.js

642 B
1 KB

795ms
173ms

Script
application/javascript

2600:1f12:6fd:f500:b83e:bc16:40b7:efe9
AMAZON EXPANSION

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.irs.gov/system/web/custom/offers/custoffers.js

Requested by

Protocol

Server

2600:1f12:6fd:f500:b83e:bc16:40b7:efe9 Boardman, United States, ASN8987 (AMAZON EXPANSION, IE),

Reverse DNS

Software

Resource Hash

01fc73cda1cfec585350c5192d95a79c978f6489474ae13782696f164b578310

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://autodoc345kwru.gb.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 17:24:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Sat, 07 Aug 2021 00:35:07 GMT
server
etag: "eb562c12248bd71:0"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=7200
strict-transport-security: max-age=31536000; includeSubDomains; preload
accept-ranges: bytes
content-length: 393
x-ua-compatible: IE=EmulateIE9

Redirect headers

location: https://connect.irs.gov/system/web/custom/offers/custoffers.js
date: Tue, 16 Nov 2021 17:24:25 GMT
cache-control: max-age=0
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 0
strict-transport-security: max-age=31536000
expires: Tue, 16 Nov 2021 17:24:25 GMT

GET
H2 200 alerts.jsp Show response
sa.www4.irs.gov/eauth/pub/common/scripts/ Frame 7F3B 27 KB
28 KB 591ms
284ms Script
text/javascript 2600:1401:4000:19e::1301
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://sa.www4.irs.gov/eauth/pub/common/scripts/alerts.jsp

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:1401:4000:19e::1301 Boston, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

140b35e1111d615e355652a2da6e1d62212c9ea6734d0e78e3fc9b0f3d2b92ea

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://autodoc345kwru.gb.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
x-content-type-options: nosniff
date: Tue, 16 Nov 2021 17:24:25 GMT
x-frame-options: SAMEORIGIN
content-language: en-
content-type: text/javascript;charset=UTF-8
content-length: 27370
x-xss-protection: 1; mode=block

GET
H2 200 constants.js Show response
sa.www4.irs.gov/eauth/pub/common/scripts/ Frame 7F3B 24 KB
7 KB 588ms
281ms Script
application/javascript 2600:1401:4000:19e::1301
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://sa.www4.irs.gov/eauth/pub/common/scripts/constants.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:1401:4000:19e::1301 Boston, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

30e2a68237bb95c4873a3edcc6c0ec402dd1e025e29755bd30629d88b06323ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://autodoc345kwru.gb.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 17:24:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 12 Oct 2021 14:00:22 GMT
etag: "6107-5ce284436a980"
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=21600
strict-transport-security: max-age=31536000
accept-ranges: bytes
vary: Accept-Encoding
content-length: 7161
x-xss-protection: 1; mode=block
expires: Tue, 16 Nov 2021 23:24:25 GMT

GET
H2 200 tools.js Show response
sa.www4.irs.gov/eauth/pub/common/scripts/ Frame 7F3B 97 KB
24 KB 588ms
281ms Script
application/javascript 2600:1401:4000:19e::1301
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://sa.www4.irs.gov/eauth/pub/common/scripts/tools.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:1401:4000:19e::1301 Boston, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

74c161b1713fc0fec6f54f1d5d6d7ffc73b8b22dba20eed4d05329985f44fb11

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://autodoc345kwru.gb.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 17:24:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 12 Oct 2021 14:00:26 GMT
etag: "185ba-5ce284473b280"
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=21600
strict-transport-security: max-age=31536000
accept-ranges: bytes
vary: Accept-Encoding
content-length: 24517
x-xss-protection: 1; mode=block
expires: Tue, 16 Nov 2021 23:24:25 GMT

GET
H2 200 login_display.js Show response
sa.www4.irs.gov/eauth/pub/common/scripts/ Frame 7F3B 3 KB
1 KB 583ms
276ms Script
application/javascript 2600:1401:4000:19e::1301
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://sa.www4.irs.gov/eauth/pub/common/scripts/login_display.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:1401:4000:19e::1301 Boston, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

2899294e858822fb49f31663d040b1e0eb1c000acec4408145467896b4679253

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://autodoc345kwru.gb.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 17:24:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 12 Oct 2021 14:00:24 GMT
etag: "abb-5ce2844552e00"
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=21600
strict-transport-security: max-age=31536000
accept-ranges: bytes
vary: Accept-Encoding
content-length: 1001
x-xss-protection: 1; mode=block
expires: Tue, 16 Nov 2021 23:24:25 GMT

GET
H2 200 login_validation.js Show response
sa.www4.irs.gov/eauth/pub/common/scripts/ Frame 7F3B 2 KB
1 KB 585ms
278ms Script
application/javascript 2600:1401:4000:19e::1301
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://sa.www4.irs.gov/eauth/pub/common/scripts/login_validation.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:1401:4000:19e::1301 Boston, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

4bb869815ae1769db30845928b106809b8f2b3af05b862810adeafee9796a92c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://autodoc345kwru.gb.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 17:24:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 12 Oct 2021 14:00:24 GMT
etag: "621-5ce2844552e00"
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=21600
strict-transport-security: max-age=31536000
accept-ranges: bytes
vary: Accept-Encoding
content-length: 706
x-xss-protection: 1; mode=block
expires: Tue, 16 Nov 2021 23:24:25 GMT

GET
H2 200 cookies.js Show response
sa.www4.irs.gov/eauth/pub/common/scripts/ Frame 7F3B 1 KB
949 B 584ms
277ms Script
application/javascript 2600:1401:4000:19e::1301
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://sa.www4.irs.gov/eauth/pub/common/scripts/cookies.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:1401:4000:19e::1301 Boston, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

fc469373428729fb31a143825bf37f5a27ac655aef497f58eb428de45e637789

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://autodoc345kwru.gb.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 17:24:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 12 Oct 2021 14:00:22 GMT
etag: "45f-5ce284436a980"
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=21600
strict-transport-security: max-age=31536000
accept-ranges: bytes
vary: Accept-Encoding
content-length: 470
x-xss-protection: 1; mode=block
expires: Tue, 16 Nov 2021 23:24:25 GMT

GET
H2 200 jquery-2.1.4.js Show response
sa.www4.irs.gov/eauth/pub/common/scripts/ Frame 7F3B 242 KB
72 KB 587ms
281ms Script
application/javascript 2600:1401:4000:19e::1301
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://sa.www4.irs.gov/eauth/pub/common/scripts/jquery-2.1.4.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:1401:4000:19e::1301 Boston, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

b2215cce5830e2350b9d420271d9bd82340f664c3f60f0ea850f7e9c0392704e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://autodoc345kwru.gb.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 17:24:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 12 Oct 2021 14:00:24 GMT
etag: "3c72d-5ce2844552e00"
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=21600
strict-transport-security: max-age=31536000
accept-ranges: bytes
vary: Accept-Encoding
content-length: 73508
x-xss-protection: 1; mode=block
expires: Tue, 16 Nov 2021 23:24:25 GMT

GET
H2 200 login_display.jsp Show response
sa.www4.irs.gov/eauth/pub/common/scripts/ Frame 7F3B 1 KB
2 KB 683ms
377ms Script
text/javascript 2600:1401:4000:19e::1301
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://sa.www4.irs.gov/eauth/pub/common/scripts/login_display.jsp

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:1401:4000:19e::1301 Boston, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

14513209b152a76c3b70a29038886c96bd67eaadb32a45787f91ad5ad607b9a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://autodoc345kwru.gb.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
date: Tue, 16 Nov 2021 17:24:25 GMT
content-length: 1125
x-xss-protection: 1; mode=block
content-type: text/javascript;charset=UTF-8

GET
H2 200 session_expired_warning_js.jsp Show response
sa.www4.irs.gov/eauth/pub/common/scripts/ Frame 7F3B 3 KB
4 KB 711ms
405ms Script
text/javascript 2600:1401:4000:19e::1301
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://sa.www4.irs.gov/eauth/pub/common/scripts/session_expired_warning_js.jsp

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:1401:4000:19e::1301 Boston, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

323a0bec2e299d1f255f8e871f93f34fae119a1d16ced8444bda6df1e4045818

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://autodoc345kwru.gb.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
date: Tue, 16 Nov 2021 17:24:25 GMT
content-length: 2973
x-xss-protection: 1; mode=block
content-type: text/javascript;charset=ISO-8859-1

GET
H2 200 logo.png
sa.www4.irs.gov//eauth/pub/common/images/ Frame 7F3B 3 KB
3 KB 103ms
103ms Image
image/png 2600:1401:4000:19e::1301
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sa.www4.irs.gov//eauth/pub/common/images/logo.png

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:1401:4000:19e::1301 Boston, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

b831fccf6dfafa26d4eb3d51369ed026b733dbfd7850217b15511e1266d96115

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://autodoc345kwru.gb.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 17:24:26 GMT
x-content-type-options: nosniff
last-modified: Tue, 12 Oct 2021 14:00:18 GMT
etag: "a9c-5ce2843f9a080"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=21600
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 2716
x-xss-protection: 1; mode=block
expires: Tue, 16 Nov 2021 23:24:26 GMT

GET
H2 200 button_create_account.jpg
sa.www4.irs.gov//eauth/pub/common/images/ Frame 7F3B 6 KB
6 KB 105ms
105ms Image
image/jpeg 2600:1401:4000:19e::1301
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sa.www4.irs.gov//eauth/pub/common/images/button_create_account.jpg

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:1401:4000:19e::1301 Boston, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

3a8059b83c8b9e467ac61b5956ff68d862839c8ef9bbf6b0969257ebb8085f4f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://autodoc345kwru.gb.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 17:24:26 GMT
x-content-type-options: nosniff
last-modified: Tue, 12 Oct 2021 14:00:14 GMT
etag: "1635-5ce2843bc9780"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
cache-control: max-age=21600
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 5685
x-xss-protection: 1; mode=block
expires: Tue, 16 Nov 2021 23:24:26 GMT

GET
H2 200 button_login.jpg
sa.www4.irs.gov//eauth/pub/common/images/ Frame 7F3B 4 KB
4 KB 101ms
101ms Image
image/jpeg 2600:1401:4000:19e::1301
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sa.www4.irs.gov//eauth/pub/common/images/button_login.jpg

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:1401:4000:19e::1301 Boston, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

9e491119135916d14c8f73c1106ce3b1fbb0cd671987e05af9f9bf270bae5b5b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://autodoc345kwru.gb.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 17:24:26 GMT
x-content-type-options: nosniff
last-modified: Tue, 12 Oct 2021 14:00:14 GMT
etag: "eb3-5ce2843bc9780"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
cache-control: max-age=21600
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 3763
x-xss-protection: 1; mode=block
expires: Tue, 16 Nov 2021 23:24:26 GMT

GET
H/1.1 404
Not Found ONDQB
autodoc345kwru.gb.net/_O8RSOyVhKtcHpOih5iC/SE7X2ffNm5/fQUZPAE/VD4_U3c/ Frame 7F3B 0
0 152ms
152ms Script
text/html 103.153.183.32
SNTHOSTINGS-AS-AP...

General

Check archive.org

Show headers Download Go to

Full URL: https://autodoc345kwru.gb.net/_O8RSOyVhKtcHpOih5iC/SE7X2ffNm5/fQUZPAE/VD4_U3c/ONDQB
Requested by: Host: autodoc345kwru.gb.net
URL: https://autodoc345kwru.gb.net/yuiujytgrfeds/IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm/?Key=IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm&2021lnboxLightesapncrosoversuvsnowinallovertheworld_IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm_SWRSOTYyZEcybVRW-&3eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45b
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.153.183.32 Los Angeles, United States, ASN140947 (SNTHOSTINGS-AS-AP SnTHostings, IN),
Reverse DNS: 103.153.183.32.static.snthostings.com
Software: Apache /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://autodoc345kwru.gb.net/yuiujytgrfeds/IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm/?Key=IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm&2021lnboxLightesapncrosoversuvsnowinallovertheworld_IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm_SWRSOTYyZEcybVRW-&3eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Tue, 16 Nov 2021 17:24:26 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=97
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H2 200 65319_1825232221.js Show response
p11.techlab-cdn.com/e/ Frame 7F3B 56 KB
19 KB 49ms
13ms Fetch
application/javascript 2a02:26f0:7100::687e:2588
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://p11.techlab-cdn.com/e/65319_1825232221.js
Requested by: Host: sa.www4.irs.gov
URL: https://sa.www4.irs.gov/public/32cdc9d4acaceaaa7f245fa2cebd5a11630011008c0e
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:7100::687e:2588 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: e0916afbe5f8291168214915bcea9bc411678257222ea7c7ea0d075fc9eb8c4b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://autodoc345kwru.gb.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 17:24:26 GMT
content-encoding: gzip
last-modified: Mon, 29 Mar 2021 14:50:47 GMT
content-md5: 8uL8P6st2u5Ul6/yMgHEBA==
etag: "0x8D8F2C209B74786"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, HEAD
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-lease-state,x-ms-blob-type,Accept-Ranges,Content-Length,Date,Transfer-Encoding
cache-control: max-age=600
accept-ranges: bytes
timing-allow-origin: *
content-length: 18645
expires: Tue, 16 Nov 2021 17:34:26 GMT

GET
H2 200 65257_1825232190.js Show response
p11.techlab-cdn.com/e/ Frame 7F3B 14 KB
6 KB 55ms
19ms Fetch
application/javascript 2a02:26f0:7100::687e:2588
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://p11.techlab-cdn.com/e/65257_1825232190.js
Requested by: Host: sa.www4.irs.gov
URL: https://sa.www4.irs.gov/public/32cdc9d4acaceaaa7f245fa2cebd5a11630011008c0e
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:7100::687e:2588 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 72667f8da6f63197e092832b2028a562ecfd78a599848ed873d3bd24dd3a7725

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://autodoc345kwru.gb.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 17:24:26 GMT
content-encoding: gzip
last-modified: Wed, 31 Mar 2021 11:07:05 GMT
content-md5: Dz6kDlqcMQZmScOUVuRDHA==
etag: "0x8D8F4351E4CC3B3"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, HEAD
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-lease-state,x-ms-blob-type,Accept-Ranges,Content-Length,Date,Transfer-Encoding
cache-control: max-age=600
accept-ranges: bytes
timing-allow-origin: *
content-length: 5946
expires: Tue, 16 Nov 2021 17:34:26 GMT

GET
H2 200 64885_1825232283.js Show response
p11.techlab-cdn.com/e/ Frame 7F3B 4 KB
2 KB 63ms
27ms Fetch
application/javascript 2a02:26f0:7100::687e:2588
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://p11.techlab-cdn.com/e/64885_1825232283.js
Requested by: Host: sa.www4.irs.gov
URL: https://sa.www4.irs.gov/public/32cdc9d4acaceaaa7f245fa2cebd5a11630011008c0e
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:7100::687e:2588 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 2281bceeaf3c81dc26731248960c8d210a0d461a02759c39b7a7b6c5ee1e06a0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://autodoc345kwru.gb.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 17:24:26 GMT
content-encoding: gzip
last-modified: Tue, 02 Feb 2021 20:14:20 GMT
content-md5: kYjINenfgD1AmqSEyGQZvA==
etag: "0x8D8C7B7200E6A28"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, HEAD
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-lease-state,x-ms-blob-type,Accept-Ranges,Content-Length,Date,Transfer-Encoding
cache-control: max-age=600
accept-ranges: bytes
timing-allow-origin: *
content-length: 1872
expires: Tue, 16 Nov 2021 17:34:26 GMT

GET
H2 200 65226_1825232252.js Show response
p11.techlab-cdn.com/e/ Frame 7F3B 69 KB
31 KB 68ms
33ms Fetch
application/javascript 2a02:26f0:7100::687e:2588
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://p11.techlab-cdn.com/e/65226_1825232252.js
Requested by: Host: sa.www4.irs.gov
URL: https://sa.www4.irs.gov/public/32cdc9d4acaceaaa7f245fa2cebd5a11630011008c0e
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:7100::687e:2588 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 7fe83b2a2a1ae9ad497d13e1ce081cda73dc1cedeef4aaeef70076aaa756941f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://autodoc345kwru.gb.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 17:24:26 GMT
content-encoding: gzip
last-modified: Mon, 29 Mar 2021 13:29:26 GMT
content-md5: URLoK8cyoF5H4IQzc2wXGQ==
etag: "0x8D8F2B6ACC67D2E"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, HEAD
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-lease-state,x-ms-blob-type,Accept-Ranges,Content-Length,Date,Transfer-Encoding
cache-control: max-age=600
accept-ranges: bytes
timing-allow-origin: *
content-length: 31132
expires: Tue, 16 Nov 2021 17:34:26 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ Frame 7F3B 49 KB
20 KB 33ms
7ms Script
text/javascript 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: sa.www4.irs.gov
URL: https://sa.www4.irs.gov/public/32cdc9d4acaceaaa7f245fa2cebd5a11630011008c0e

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://autodoc345kwru.gb.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 5000
date: Tue, 16 Nov 2021 16:01:06 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Tue, 16 Nov 2021 18:01:06 GMT

GET
H2 200 linkid.js Show response
www.google-analytics.com/plugins/ua/ Frame 7F3B 2 KB
1 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/linkid.js

Requested by

Host: sa.www4.irs.gov
URL: https://sa.www4.irs.gov/public/32cdc9d4acaceaaa7f245fa2cebd5a11630011008c0e

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://autodoc345kwru.gb.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 17:20:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 219
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 859
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Tue, 16 Nov 2021 18:20:47 GMT

GET
H2 200 offers.js Show response
connect.irs.gov/system/web/view/offers/ Frame 7F3B 7 KB
3 KB 174ms
173ms Script
application/javascript 2600:1f12:6fd:f500:b83e:bc16:40b7:efe9
AMAZON EXPANSION

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.irs.gov/system/web/view/offers/offers.js

Requested by

Host: sa.www4.irs.gov
URL: https://sa.www4.irs.gov/public/32cdc9d4acaceaaa7f245fa2cebd5a11630011008c0e

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2600:1f12:6fd:f500:b83e:bc16:40b7:efe9 Boardman, United States, ASN8987 (AMAZON EXPANSION, IE),

Reverse DNS

Software

Resource Hash

c90e6d0f2fc077e47949e56b0221636284c62697a133dd7fcf92ae0020e2c23b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://autodoc345kwru.gb.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: cache
date: Tue, 16 Nov 2021 17:24:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
accept-encoding: compress,gzip
last-modified: Sun, 04 Jul 2021 00:58:00 GMT
server
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
expires: Thu, 01 Jan 1970 00:00:00 GMT
cache-control: max-age=86400,private
strict-transport-security: max-age=31536000; includeSubDomains; preload
accept-ranges: bytes
content-length: 2680
x-ua-compatible: IE=EmulateIE9, IE=EmulateIE9

GET
H2 200 egain-chat.js Show response
connect.irs.gov/system/templates/chat/ Frame 7F3B 2 KB
2 KB 173ms
172ms Script
application/javascript 2600:1f12:6fd:f500:b83e:bc16:40b7:efe9
AMAZON EXPANSION

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.irs.gov/system/templates/chat/egain-chat.js

Requested by

Host: sa.www4.irs.gov
URL: https://sa.www4.irs.gov/public/32cdc9d4acaceaaa7f245fa2cebd5a11630011008c0e

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2600:1f12:6fd:f500:b83e:bc16:40b7:efe9 Boardman, United States, ASN8987 (AMAZON EXPANSION, IE),

Reverse DNS

Software

Resource Hash

0b612f32a5ea492a7975ed975b6470c279f280a04ac4de1d027afe1c1e5923bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://autodoc345kwru.gb.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 17:24:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Sat, 07 Aug 2021 00:31:26 GMT
server
etag: "e0e66f8e238bd71:0"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=7200,private
strict-transport-security: max-age=31536000; includeSubDomains; preload
accept-ranges: bytes
content-length: 1068

GET
H/1.1 404
Not Found ONDQB
autodoc345kwru.gb.net/_O8RSOyVhKtcHpOih5iC/SE7X2ffNm5/fQUZPAE/VD4_U3c/ Frame 7F3B 0
0 153ms
153ms Script
text/html 103.153.183.32
SNTHOSTINGS-AS-AP...

General

Check archive.org

Show headers Download Go to

Full URL: https://autodoc345kwru.gb.net/_O8RSOyVhKtcHpOih5iC/SE7X2ffNm5/fQUZPAE/VD4_U3c/ONDQB
Requested by: Host: autodoc345kwru.gb.net
URL: https://autodoc345kwru.gb.net/yuiujytgrfeds/IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm/?Key=IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm&2021lnboxLightesapncrosoversuvsnowinallovertheworld_IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm_SWRSOTYyZEcybVRW-&3eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45b
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.153.183.32 Los Angeles, United States, ASN140947 (SNTHOSTINGS-AS-AP SnTHostings, IN),
Reverse DNS: 103.153.183.32.static.snthostings.com
Software: Apache /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://autodoc345kwru.gb.net/yuiujytgrfeds/IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm/?Key=IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm&2021lnboxLightesapncrosoversuvsnowinallovertheworld_IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm_SWRSOTYyZEcybVRW-&3eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Tue, 16 Nov 2021 17:24:26 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=96
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 404
Not Found message.json Show response
autodoc345kwru.gb.net/eauth/static/ Frame 7F3B 315 B
515 B 152ms
152ms XHR
text/html 103.153.183.32
SNTHOSTINGS-AS-AP...

General

Check archive.org

Show headers Download Go to

Full URL: https://autodoc345kwru.gb.net/eauth/static/message.json
Requested by: Host: sa.www4.irs.gov
URL: https://sa.www4.irs.gov/public/32cdc9d4acaceaaa7f245fa2cebd5a11630011008c0e
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.153.183.32 Los Angeles, United States, ASN140947 (SNTHOSTINGS-AS-AP SnTHostings, IN),
Reverse DNS: 103.153.183.32.static.snthostings.com
Software: Apache /
Resource Hash: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://autodoc345kwru.gb.net/yuiujytgrfeds/IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm/?Key=IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm&2021lnboxLightesapncrosoversuvsnowinallovertheworld_IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm_SWRSOTYyZEcybVRW-&3eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45b
X-Requested-With: XMLHttpRequest
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Tue, 16 Nov 2021 17:24:26 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=95
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H2 200 Offers.egain Show response
connect.irs.gov/system/ Frame 7F3B 957 B
1 KB 177ms
177ms Script
text/javascript 2600:1f12:6fd:f500:b83e:bc16:40b7:efe9
AMAZON EXPANSION

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.irs.gov/system/Offers.egain?command=GetRulesJS&egofferpageurl=https%3A%2F%2Fautodoc345kwru.gb.net%2Fyuiujytgrfeds%2FIdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm%2F%3FKey%3DIdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm%262021lnboxLightesapncrosoversuvsnowinallovertheworld_IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm_SWRSOTYyZEcybVRW-%263eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45b&egofferpagetitle=Log%20In&egofferpatternchecksum=

Requested by

Host: sa.www4.irs.gov
URL: https://sa.www4.irs.gov/public/32cdc9d4acaceaaa7f245fa2cebd5a11630011008c0e

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2600:1f12:6fd:f500:b83e:bc16:40b7:efe9 Boardman, United States, ASN8987 (AMAZON EXPANSION, IE),

Reverse DNS

Software

Resource Hash

eb2f73d74c12297bbef8a05f74ef6f8ca5c33631c35eaf7ce4429ea40b8eb196

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://autodoc345kwru.gb.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Nov 2021 17:24:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
server
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 446
x-ua-compatible: IE=EmulateIE9

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: IRS (Government)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
connect.irs.gov/system	1969-12-31 23:59:59	Name: JSESSIONID Value: node03bcf4phidtz413vezqlfye490412143.node0
.taxprotdsreactivationsystem.com/	1970-01-20 03:03:55	Name: _bit Value: laghon-f51cac2b25f3926e55-00f
.sa.www4.irs.gov/	1969-12-31 23:59:59	Name: akaalb_sa_alb Value: 1637084365~op=~rv=95~m=~os=~id=4a6cebae46cc98030d8e77631cbc9b15
.sa.www4.irs.gov/	1970-01-19 22:44:44	Name: akaalb_sa_eauth_alb Value: 1637084366~op=ALB_SA_EAUTH:SA_Origin_DCS\|~rv=65~m=SA_Origin_DCS:0\|~os=850f67b9c612bad1bf84b6b3a1b0f61e~id=0cfb10b09f6d75faffac1853ace86fc9
connect.irs.gov/	1970-01-19 22:54:48	Name: AWSALBCORS Value: YGKJNq49jwtiu5kNt2cld6RpwG04VQV2AAL0GVa8p8iw3QGK/yjA0ZQ/apa1SzcSNnmBBrZwcfCBVN9MkiMV60CAzqZzD3e9wdKzLXfrYd6ARL8GQ+NUrBJZ9i3m

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://autodoc345kwru.gb.net/_O8RSOyVhKtcHpOih5iC/SE7X2ffNm5/fQUZPAE/VD4_U3c/ONDQB Message: Failed to load resource: the server responded with a status of 404 (Not Found)
javascript	error	URL: https://autodoc345kwru.gb.net/yuiujytgrfeds/IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm/?Key=IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm&2021lnboxLightesapncrosoversuvsnowinallovertheworld_IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm_SWRSOTYyZEcybVRW-&3eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45b(Line 215) Message: Unsafe attempt to initiate navigation for frame with URL 'https://storage.googleapis.com/gr4ih4.appspot.com/ytujyhtgbvfdcsx.html' from frame with URL 'https://autodoc345kwru.gb.net/yuiujytgrfeds/IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm/?Key=IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm&2021lnboxLightesapncrosoversuvsnowinallovertheworld_IdR962dG2mTV39.32.60.2343eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45bPakistanAsiaPKAS16-11-202105-24-24pm_SWRSOTYyZEcybVRW-&3eee3f7e0f5af36fa66041e9bc147e3488968b7df4417399d0f33be3ba30d45b'. The frame attempting navigation is targeting its top-level window, but is neither same-origin with its target nor has it received a user gesture. See https://www.chromestatus.com/features/5851021045661696.
network	error	URL: https://autodoc345kwru.gb.net/_O8RSOyVhKtcHpOih5iC/SE7X2ffNm5/fQUZPAE/VD4_U3c/ONDQB Message: Failed to load resource: the server responded with a status of 404 (Not Found)
deprecation	warning	URL: https://sa.www4.irs.gov/eauth/pub/common/scripts/cookies.js(Line 33) Message: Triggering window.alert from cross origin iframes has been deprecated and will be removed in the future.
network	error	URL: https://autodoc345kwru.gb.net/eauth/static/message.json Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
autodoc345kwru.gb.net
connect.irs.gov
p11.techlab-cdn.com
sa.www4.irs.gov
storage.googleapis.com
taxprotdsreactivationsystem.com
www.google-analytics.com
www.irs.gov
103.153.183.32
2600:1401:4000:19e::1301
2600:1401:4000:1a9::f50
2600:1f12:6fd:f500:b83e:bc16:40b7:efe9
2a00:1450:4001:813::200a
2a00:1450:4001:829::2010
2a00:1450:4001:831::200e
2a02:26f0:7100::687e:2588
67.199.248.12
01fc73cda1cfec585350c5192d95a79c978f6489474ae13782696f164b578310
0b612f32a5ea492a7975ed975b6470c279f280a04ac4de1d027afe1c1e5923bb
140b35e1111d615e355652a2da6e1d62212c9ea6734d0e78e3fc9b0f3d2b92ea
14513209b152a76c3b70a29038886c96bd67eaadb32a45787f91ad5ad607b9a2
2281bceeaf3c81dc26731248960c8d210a0d461a02759c39b7a7b6c5ee1e06a0
27ad5be4102ef88add12d3ed9fcd75d69102343ed22f9538ea6d7b19ad9f7f5d
2899294e858822fb49f31663d040b1e0eb1c000acec4408145467896b4679253
29837a520cb34c9eb9a4b198d68842f370995c4fa1b3415b625c3737bb8cbbc6
29da6cc572fcdd9a04cdab31c52de1a1c235a457a01c1e0c3a6fadf1a4154cae
2be3b38d08ee42e465df6f396db597546f9ab8d8c334e326d8a6d66a18f5a046
30e2a68237bb95c4873a3edcc6c0ec402dd1e025e29755bd30629d88b06323ca
323a0bec2e299d1f255f8e871f93f34fae119a1d16ced8444bda6df1e4045818
33c4219e0ab5afd5aecfa72b902a2a722857f752ee965a1f386cca19b313b760
3a8059b83c8b9e467ac61b5956ff68d862839c8ef9bbf6b0969257ebb8085f4f
4bb869815ae1769db30845928b106809b8f2b3af05b862810adeafee9796a92c
4cd6979b455fcbd956fda9de08eca1d4e1f67d11e19678af20c27e69c9a0866f
72667f8da6f63197e092832b2028a562ecfd78a599848ed873d3bd24dd3a7725
74c161b1713fc0fec6f54f1d5d6d7ffc73b8b22dba20eed4d05329985f44fb11
7fbe8e0b4701e7f4aaa9c47499a17862dcec2d93c55b1231f6646c667ed194aa
7fe83b2a2a1ae9ad497d13e1ce081cda73dc1cedeef4aaeef70076aaa756941f
82c54fc0f123e80a4791ea2a8348812e073cbda81f8f45ea4ebcd4c381fe2827
89a15e9c40bc6b14809f236ee8cd3ed1ea42393c1f6ca55c7855cd779b3f922e
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
9e491119135916d14c8f73c1106ce3b1fbb0cd671987e05af9f9bf270bae5b5b
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
b2215cce5830e2350b9d420271d9bd82340f664c3f60f0ea850f7e9c0392704e
b831fccf6dfafa26d4eb3d51369ed026b733dbfd7850217b15511e1266d96115
c90e6d0f2fc077e47949e56b0221636284c62697a133dd7fcf92ae0020e2c23b
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
e0916afbe5f8291168214915bcea9bc411678257222ea7c7ea0d075fc9eb8c4b
eb2f73d74c12297bbef8a05f74ef6f8ca5c33631c35eaf7ce4429ea40b8eb196
fc469373428729fb31a143825bf37f5a27ac655aef497f58eb428de45e637789

storage.googleapis.com Open in urlscan Pro 2a00:1450:4001:829::2010 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

34 Requests

97 %HTTPS

78 %IPv6

6 Domains

9 Subdomains

7 IPs

2 Countries

351 kBTransfer

905 kBSize

5 Cookies

0 Outgoing links

Page URL History

Redirected requests

34 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

storage.googleapis.com Open in urlscan Pro
2a00:1450:4001:829::2010 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

34
Requests

97 %
HTTPS

78 %
IPv6

6
Domains

9
Subdomains

7
IPs

2
Countries

351 kB
Transfer

905 kB
Size

5
Cookies

34 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!