es.getyourrefundtulsa.org Open in urlscan Pro
151.139.128.11 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://reembolsotulsa.org/
Effective URL:
https://es.getyourrefundtulsa.org/?utm_source=reembolso
Submission: On January 03 via automatic, source certstream-suspicious (January 3rd 2022, 12:31:18 am UTC) — Scanned from DE

Summary HTTP 56 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 22 IPs in 3 countries across 22 domains to perform 56 HTTP transactions. The main IP is 151.139.128.11, located in United States and belongs to HIGHWINDS3, US. The main domain is es.getyourrefundtulsa.org.
TLS certificate: Issued by R3 on November 22nd 2021. Valid for: 3 months.

This is the only time es.getyourrefundtulsa.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700:303... 2606:4700:3034::ac43:9d40	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	151.139.128.11 151.139.128.11	20446 (HIGHWINDS3) (HIGHWINDS3)
22	2600:9000:223... 2600:9000:223f:800:11:3b84:d200:93a1	16509 (AMAZON-02) (AMAZON-02)
3	2600:9000:225... 2600:9000:225e:ee00:1:28b3:b280:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2606:4700::68... 2606:4700::6811:b749	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	52.222.232.39 52.222.232.39	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6811:d5cc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:80f::2008	15169 (GOOGLE) (GOOGLE)
3	2a03:2880:f02... 2a03:2880:f02d:12:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	2606:4700::68... 2606:4700::6810:5805	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:7fab	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:47b0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:14bf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:830::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:831::200e	15169 (GOOGLE) (GOOGLE)
4	2a03:2880:f12... 2a03:2880:f12d:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	2a00:1450:400... 2a00:1450:400c:c07::9d	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:828::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:829::2003	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6813:9b53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:830::200a	15169 (GOOGLE) (GOOGLE)
2	2606:4700::68... 2606:4700::6813:9a53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:812::2003	15169 (GOOGLE) (GOOGLE)
56	22

1 2606:4700:3034::ac43:9d40 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

reembolsotulsa.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.139.128.11 (United States)

ASN20446 (HIGHWINDS3, US)

es.getyourrefundtulsa.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 2600:9000:223f:800:11:3b84:d200:93a1 (United States)

ASN16509 (AMAZON-02, US)

assets.website-files.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:225e:ee00:1:28b3:b280:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.weglot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:b749 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.222.232.39 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-232-39.fra56.r.cloudfront.net

d3e54v103j8qbb.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:d5cc (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f02d:12:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:5805 (United States)

ASN13335 (CLOUDFLARENET, US)

forms.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:7fab (United States)

ASN13335 (CLOUDFLARENET, US)

js.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:47b0 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:14bf (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:830::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f12d:83:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c07::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6813:9b53 (United States)

ASN13335 (CLOUDFLARENET, US)

forms.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6813:9a53 (United States)

ASN13335 (CLOUDFLARENET, US)

track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
22	website-files.com assets.website-files.com	2 MB
4	facebook.com www.facebook.com	562 B
3	hubspot.com forms.hubspot.com track.hubspot.com	3 KB
3	google-analytics.com www.google-analytics.com	20 KB
3	facebook.net connect.facebook.net	200 KB
3	weglot.com cdn.weglot.com	30 KB
2	youtube.com www.youtube.com	50 KB
2	hsforms.com forms.hsforms.com	4 KB
2	hsforms.net js.hsforms.net	287 KB
1	gstatic.com fonts.gstatic.com	20 KB
1	googleapis.com fonts.googleapis.com	1012 B
1	google.de www.google.de	501 B
1	google.com www.google.com	501 B
1	doubleclick.net stats.g.doubleclick.net	449 B
1	hs-banner.com js.hs-banner.com	16 KB
1	hs-analytics.net js.hs-analytics.net	20 KB
1	hscollectedforms.net js.hscollectedforms.net	26 KB
1	googletagmanager.com www.googletagmanager.com	47 KB
1	hs-scripts.com js.hs-scripts.com	971 B
1	cloudfront.net d3e54v103j8qbb.cloudfront.net	31 KB
1	getyourrefundtulsa.org es.getyourrefundtulsa.org	13 KB
1	reembolsotulsa.org 1 redirects reembolsotulsa.org	604 B
56	22

	Domain	Requested by
22	assets.website-files.com	es.getyourrefundtulsa.org assets.website-files.com
4	www.facebook.com	es.getyourrefundtulsa.org
3	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com es.getyourrefundtulsa.org
3	connect.facebook.net	es.getyourrefundtulsa.org connect.facebook.net
3	cdn.weglot.com	es.getyourrefundtulsa.org cdn.weglot.com
2	track.hubspot.com
2	www.youtube.com	es.getyourrefundtulsa.org www.youtube.com
2	forms.hsforms.com	js.hsforms.net es.getyourrefundtulsa.org
2	js.hsforms.net	es.getyourrefundtulsa.org js.hsforms.net
1	fonts.gstatic.com	fonts.googleapis.com
1	fonts.googleapis.com	js.hsforms.net
1	forms.hubspot.com	js.hscollectedforms.net
1	www.google.de	es.getyourrefundtulsa.org
1	www.google.com	es.getyourrefundtulsa.org
1	stats.g.doubleclick.net	www.google-analytics.com
1	js.hs-banner.com	js.hs-scripts.com
1	js.hs-analytics.net	js.hs-scripts.com
1	js.hscollectedforms.net	js.hs-scripts.com
1	www.googletagmanager.com	es.getyourrefundtulsa.org
1	js.hs-scripts.com	es.getyourrefundtulsa.org
1	d3e54v103j8qbb.cloudfront.net	es.getyourrefundtulsa.org
1	es.getyourrefundtulsa.org
1	reembolsotulsa.org	1 redirects
56	23

This site contains links to these domains. Also see Links.

Domain
getyourrefund.org
www.irs.gov
www.getyourrefundtulsa.org

Subject Issuer	Validity	Valid
es.getyourrefundtulsa.org R3	`2021-11-22` - `2022-02-20`	3 months	crt.sh
*.website-files.com Amazon	`2021-11-12` - `2022-12-10`	a year	crt.sh
*.weglot.com Sectigo RSA Domain Validation Secure Server CA	`2020-01-06` - `2022-01-25`	2 years	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-16` - `2022-07-15`	a year	crt.sh
*.cloudfront.net Amazon	`2021-03-19` - `2022-03-17`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-10-12` - `2022-01-10`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
www.google.de GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2021-06-26` - `2022-06-25`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://es.getyourrefundtulsa.org/?utm_source=reembolso
Frame ID: A267FEB7A9D82E33C44686D75D658EAB
Requests: 53 HTTP requests in this frame

Frame: https://js.hsforms.net/forms/shell.js
Frame ID: F5CB8E9B6E9F77EA46F093E1C1165212
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Get Your Refund Tulsa

Page URL History Show full URLs

https://reembolsotulsa.org/ HTTP 301
https://es.getyourrefundtulsa.org/?utm_source=reembolso Page URL

Detected technologies

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Weglot (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

cdn\.weglot\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

56
Requests

100 %
HTTPS

91 %
IPv6

22
Domains

23
Subdomains

22
IPs

3
Countries

3027 kB
Transfer

5141 kB
Size

11
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: http://getyourrefund.org/tulsa
Title: Estoy listo para presentar la declaración! →

Search URL Search Domain Scan URL

URL: https://www.irs.gov/credits-deductions/individuals/earned-income-tax-credit/earned-income-and-earned-income-tax-credit-eitc-tables
Title: Servicio de Impuestos Internos

Search URL Search Domain Scan URL

URL: https://www.irs.gov/pub/irs-pdf/p4299.pdf
Title: https://www.irs.gov/pub/irs-pdf/p4299.pdf

Search URL Search Domain Scan URL

URL: https://www.getyourrefundtulsa.org/?utm_source=reembolso

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://reembolsotulsa.org/ HTTP 301
https://es.getyourrefundtulsa.org/?utm_source=reembolso Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

56 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
es.getyourrefundtulsa.org/
Redirect Chain

https://reembolsotulsa.org/
https://es.getyourrefundtulsa.org/?utm_source=reembolso

38 KB
13 KB

625ms
566ms

Document
text/html

151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://es.getyourrefundtulsa.org/?utm_source=reembolso
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: /
Resource Hash: 270fcd351d712dcb784ab35d8e55c5a0071133702c740f61550c545906dd0c9f

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

content-type: text/html
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
age: 102
x-served-by: cache-iad-kjyo7100140-IAD, cache-dub4326-DUB
x-cache: MISS, HIT
x-cache-hits: 0, 1
x-timer: S1641169874.788787,VS0,VE1
vary: Accept-Encoding
x-cluster-name: eu-west-1-prod-eks-15
x-request-id: b04730c9-8b72-4d00-bd75-858a606ab424
processed-by: Weglot
weglot-cached-translations: true
weglot-translated: true
content-language: es
content-encoding: gzip
date: Mon, 03 Jan 2022 00:31:13 GMT
x-hw: 1641169873.cds158.fr8.hn,1641169873.cds158.fr8.sl

Redirect headers

date: Mon, 03 Jan 2022 00:31:13 GMT
location: https://es.getyourrefundtulsa.org/?utm_source=reembolso
cache-control: max-age=3600
expires: Mon, 03 Jan 2022 01:31:13 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0TiiKQ2ZOrK%2F3FbBcS0KNhg1gibvvR1ZmAK2CBLLJOG3dDjDQU8xaB8nC4hrVom72uPgDhTCJYjBeNgr6T%2BSrm5ZOAylbiCBLJylwkIWG7SFex93fHR22UYyV6TGaHrs8pl9A7W6Jd9wNeJTVeIoMJo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 6c781f7c4f34f91f-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 getyourrefundtulsa.f3e853695.css
assets.website-files.com/600b4da8ffd9679fcdd2964b/css/ 60 KB
13 KB 60ms
9ms Stylesheet
text/css 2600:9000:223f:800:11:3b84:d200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.website-files.com/600b4da8ffd9679fcdd2964b/css/getyourrefundtulsa.f3e853695.css
Requested by: Host: es.getyourrefundtulsa.org
URL: https://es.getyourrefundtulsa.org/?utm_source=reembolso
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:800:11:3b84:d200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d1b885d9d630f7e61c0d988e28c44205276579edd5a2c6a6cd4f239559007175

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://es.getyourrefundtulsa.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id: EXiHZlFd9AbuJXaTL65MTnIrtKJGgWpW
content-encoding: gzip
etag: "bbf36e3add7d50eb222f6d32b89e1127"
age: 100
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 12487
last-modified: Thu, 28 Oct 2021 16:23:08 GMT
server: AmazonS3
date: Mon, 03 Jan 2022 00:29:34 GMT
content-type: text/css
via: 1.1 342054511f9732c450e11bade76323dd.cloudfront.net (CloudFront)
cache-control: max-age=84600, must-revalidate
x-amz-cf-pop: FRA56-P5
accept-ranges: bytes
x-amz-cf-id: Wt42QX4WMnOwD-X6e6MsYe1cY1jwBXqo02dgspY50Ib4KFozf_SNxw==

GET
H2 200 weglot.min.js Show response
cdn.weglot.com/ 70 KB
25 KB 53ms
13ms Script
application/javascript 2600:9000:225e:ee00:1:28b3:b280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.weglot.com/weglot.min.js
Requested by: Host: es.getyourrefundtulsa.org
URL: https://es.getyourrefundtulsa.org/?utm_source=reembolso
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225e:ee00:1:28b3:b280:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 18c77ac8912e0709f63415298fd066b8eb24f2eb031d69dc93697d14dba3c5a8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://es.getyourrefundtulsa.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id: null
content-encoding: gzip
last-modified: Tue, 21 Dec 2021 13:09:46 GMT
server: AmazonS3
age: 1769
etag: W/"e67f0876e31c8a01dcda651cdae4f26c"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
via: 1.1 a3c1615d6bdfc01a05a0b3a742d10d39.cloudfront.net (CloudFront)
cache-control: max-age=1800
date: Mon, 03 Jan 2022 00:01:45 GMT
x-amz-cf-pop: FRA60-P4
x-amz-cf-id: l0dAjv3tBsibDIzdvNzC5yK9UbdLir_VZENnvXksDDA6O6sffgTuig==

GET
H2 200 shell.js Show response
js.hsforms.net/forms/ 565 KB
144 KB 63ms
34ms Script
application/javascript 2606:4700::6811:b749
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsforms.net/forms/shell.js

Requested by

Host: es.getyourrefundtulsa.org
URL: https://es.getyourrefundtulsa.org/?utm_source=reembolso

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:b749 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1de48ca333e7ed7ea263055100dad7bb8ced7fe44d59831ccd49fe8b7155d0b6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://es.getyourrefundtulsa.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 03 Jan 2022 00:31:14 GMT
via: 1.1 4ee1745ee3cece0fab563f5a32ba165b.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 411
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
x-amz-replication-status: COMPLETED
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Fri, 17 Dec 2021 10:24:31 UTC
server: cloudflare
etag: W/"4a09092143104bbd73d83353e3de8f45"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3I2roM2t6f%2BNwnGaZxck%2B9UV9ZKwKbh%2BGQN0jInzFxiPIEOR7PHiKOYcpiZs%2BUwv%2F6sbALvxEDJnEqdPwB6NW4qRokejCLCtgDy2zLBesaYU7SbRuvOmCtyObUXgy4NDwBG37EDnSQTnl6cc"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: XQgMPDVWVhxA2fBXXk7Bfu.xqq3CrItk
access-control-allow-origin: *
cache-control: s-maxage=600, max-age=0
x-hs-cache-status: HIT
x-amz-cf-pop: IAD89-P1
cf-ray: 6c781f80eaa1695b-FRA
x-amz-cf-id: TA1F68qWDLKWf8L2F0s2lQN3zajveAhum0AfDZr2oWN4XnXzUD-VRA==
x-hs-target-asset: FormsNext/static-5.429/bundles/project_with_deps.js

GET
H2 200 jquery-3.5.1.min.dc5e7f18c8.js Show response
d3e54v103j8qbb.cloudfront.net/js/ 87 KB
31 KB 41ms
12ms Script
application/javascript 52.222.232.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d3e54v103j8qbb.cloudfront.net/js/jquery-3.5.1.min.dc5e7f18c8.js?site=600b4da8ffd9679fcdd2964b
Requested by: Host: es.getyourrefundtulsa.org
URL: https://es.getyourrefundtulsa.org/?utm_source=reembolso
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.232.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-232-39.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Request headers

Referer: https://es.getyourrefundtulsa.org/
Origin: https://es.getyourrefundtulsa.org
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 03 Jan 2022 00:31:14 GMT
content-encoding: gzip
last-modified: Mon, 20 Jul 2020 17:53:02 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P4
etag: W/"dc5e7f18c8d36ac1d3d4753a87c98d0a"
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
access-control-max-age: 3000
cache-control: max-age=84600, must-revalidate
x-cache: Hit from cloudfront
x-amz-cf-id: Au_FWdn8utjEhw7j4TCL0VEjt4_A1mpdRDk0HbCdO95wuBjIvBjuRA==
via: 1.1 34fdfb7c7c11559df7e622af2b62f5cb.cloudfront.net (CloudFront)

GET
H2 200 getyourrefundtulsa.03ed4ce6e.js Show response
assets.website-files.com/600b4da8ffd9679fcdd2964b/js/ 196 KB
57 KB 64ms
16ms Script
text/javascript 2600:9000:223f:800:11:3b84:d200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.website-files.com/600b4da8ffd9679fcdd2964b/js/getyourrefundtulsa.03ed4ce6e.js
Requested by: Host: es.getyourrefundtulsa.org
URL: https://es.getyourrefundtulsa.org/?utm_source=reembolso
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:800:11:3b84:d200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c3baa9da083322e307e9e8c25676f5027966f3f988ac49b25abfac47b9f75255

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://es.getyourrefundtulsa.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id: r_Fp15EDCikkzt1OpAisCiUSN.ckUowR
content-encoding: gzip
etag: "9a01bb7c7b2a644d39d8e6d076ef9856"
age: 100
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 57977
last-modified: Thu, 28 Oct 2021 16:23:08 GMT
server: AmazonS3
date: Mon, 03 Jan 2022 00:29:34 GMT
content-type: text/javascript
via: 1.1 342054511f9732c450e11bade76323dd.cloudfront.net (CloudFront)
cache-control: max-age=84600, must-revalidate
x-amz-cf-pop: FRA56-P5
accept-ranges: bytes
x-amz-cf-id: WZ795qyc3L6MoIbf2krN7k4DIhPp3ph0zPPdeOzP66lJ9AODxJagRw==

GET
H2 200 9162411.js Show response
js.hs-scripts.com/ 1 KB
971 B 148ms
124ms Script
application/javascript 2606:4700::6811:d5cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-scripts.com/9162411.js
Requested by: Host: es.getyourrefundtulsa.org
URL: https://es.getyourrefundtulsa.org/?utm_source=reembolso
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:d5cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 30dd2490797e830a4278395e336bcd8d7fcfd443a03fbb73183c93cd43681b2e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://es.getyourrefundtulsa.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 03 Jan 2022 00:31:14 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: EXPIRED
x-hubspot-correlation-id: e9f0f59d-0630-4bc8-9192-9d0316f0cb16
last-modified: Mon, 03 Jan 2022 00:29:34 GMT
server: cloudflare
x-trace: 2B7BA3CB3D39AFDDD2EA5F79A1C03CF815A5008CA1000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://es.getyourrefundtulsa.org
cache-control: public, max-age=60
access-control-allow-credentials: true
cf-ray: 6c781f814865694c-FRA
expires: Mon, 03 Jan 2022 00:32:14 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 128 KB
47 KB 50ms
25ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5KL632H

Requested by

Host: es.getyourrefundtulsa.org
URL: https://es.getyourrefundtulsa.org/?utm_source=reembolso

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

33f2a6c5d2e85d264c6a225c57e0cb6dfcd25613ab66933262a49fe5179e1655

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://es.getyourrefundtulsa.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 03 Jan 2022 00:31:14 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47539
x-xss-protection: 0
last-modified: Mon, 03 Jan 2022 00:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 03 Jan 2022 00:31:14 GMT

GET
H2 200 0c0007b6dce5b127d7e92c28a09d37ff0.json Show response
cdn.weglot.com/projects-settings/ 1 KB
946 B 43ms
24ms Fetch
application/json 2600:9000:225e:ee00:1:28b3:b280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.weglot.com/projects-settings/0c0007b6dce5b127d7e92c28a09d37ff0.json
Requested by: Host: cdn.weglot.com
URL: https://cdn.weglot.com/weglot.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225e:ee00:1:28b3:b280:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 77cb9e594378e9b5da38730f7630e9d37c60189f4ea35556bcb4b6fcbe0b0008

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://es.getyourrefundtulsa.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 03 Jan 2022 00:29:35 GMT
content-encoding: gzip
last-modified: Thu, 23 Sep 2021 19:47:44 GMT
server: AmazonS3
age: 100
etag: W/"bd5602a580fa6895423633f9f8724807"
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods: GET
x-amz-version-id: null
access-control-allow-origin: *
x-cache: Hit from cloudfront
x-amz-cf-pop: FRA60-P4
content-type: application/json
x-amz-cf-id: iMpZd_bkFzpLThQCEcvNd3JN4ziE01IquV7qq9X1qa8c5i16p6E31Q==
via: 1.1 b1c64361268fcbad3c03abbe37eb5cfb.cloudfront.net (CloudFront)

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 98 KB
26 KB 37ms
8ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: es.getyourrefundtulsa.org
URL: https://es.getyourrefundtulsa.org/?utm_source=reembolso

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

b23807a4c5d90afca0dc47d688c0a05302779429dab75f5e6182562dcc2970f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://es.getyourrefundtulsa.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 25965
x-xss-protection: 0
pragma: public
x-fb-debug: f7q03VJY+9sWrP+GWjWwr2F4zAioVdHZkL71MmVmELFpEJkgNgVbSj4pQrYR694Y2aN9j4Iu2EhcznBSysb4jw==
x-fb-trip-id: 917726464
x-frame-options: DENY
date: Mon, 03 Jan 2022 00:31:14 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
x-fb-rlafr: 0
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 60107975d93c7324be3e7343_family.png
assets.website-files.com/600b4da8ffd9679fcdd2964b/ 2 MB
2 MB 11ms
10ms Image
image/png 2600:9000:223f:800:11:3b84:d200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.website-files.com/600b4da8ffd9679fcdd2964b/60107975d93c7324be3e7343_family.png
Requested by: Host: assets.website-files.com
URL: https://assets.website-files.com/600b4da8ffd9679fcdd2964b/css/getyourrefundtulsa.f3e853695.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:800:11:3b84:d200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8df717c990d48419be90cd97eb33329a803f211b44ceff173b530a424f943281

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://assets.website-files.com/600b4da8ffd9679fcdd2964b/css/getyourrefundtulsa.f3e853695.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Tue, 21 Dec 2021 01:31:34 GMT
via: 1.1 342054511f9732c450e11bade76323dd.cloudfront.net (CloudFront)
last-modified: Tue, 26 Jan 2021 20:20:06 GMT
server: AmazonS3
age: 1119581
etag: "410db74844ae643ea38dacc93665a7cd"
x-cache: Hit from cloudfront
x-amz-version-id: EYauf0sdvGOWZdWfsGasAR8GiNzgnWOV
cache-control: max-age=31536000, must-revalidate
x-amz-cf-pop: FRA56-P5
accept-ranges: bytes
content-type: image/png
content-length: 2045458
x-amz-cf-id: yXQ-fVtPzjrN0syXml-9tmBFz8ea3DkzsopFluPccs-HAiBiypx6gQ==

GET
H2 200 600c4b48f296c057c0c4f687_Purple%20Bg%20small.svg
assets.website-files.com/600b4da8ffd9679fcdd2964b/ 3 KB
1 KB 22ms
21ms Image
image/svg+xml 2600:9000:223f:800:11:3b84:d200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.website-files.com/600b4da8ffd9679fcdd2964b/600c4b48f296c057c0c4f687_Purple%20Bg%20small.svg
Requested by: Host: assets.website-files.com
URL: https://assets.website-files.com/600b4da8ffd9679fcdd2964b/css/getyourrefundtulsa.f3e853695.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:800:11:3b84:d200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1ba81e466f3a758f8923cba69fc562041c774b55fc3e0ed6c8cd8d1f6b99dfc2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://assets.website-files.com/600b4da8ffd9679fcdd2964b/css/getyourrefundtulsa.f3e853695.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Tue, 21 Dec 2021 01:31:34 GMT
content-encoding: gzip
last-modified: Sat, 23 Jan 2021 16:14:01 GMT
server: AmazonS3
age: 1119581
etag: W/"a778fa218fb87e3da19f3d68428e859f"
vary: Accept-Encoding
x-cache: Hit from cloudfront
x-amz-version-id: 468O3jTgGQUtYDsPDguGA362E44GWeBR
via: 1.1 342054511f9732c450e11bade76323dd.cloudfront.net (CloudFront)
cache-control: max-age=31536000, must-revalidate
x-amz-cf-pop: FRA56-P5
content-type: image/svg+xml
x-amz-cf-id: RPZ10y4WPyWVsbqJoCK--W_06fy7gCHObtQmhIq2L67YKTAUu0LGGg==

GET
H2 200 600ef6f5a952a62b80319acb_gyrt.svg
assets.website-files.com/600b4da8ffd9679fcdd2964b/ 27 KB
11 KB 8ms
8ms Image
image/svg+xml 2600:9000:223f:800:11:3b84:d200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.website-files.com/600b4da8ffd9679fcdd2964b/600ef6f5a952a62b80319acb_gyrt.svg
Requested by: Host: es.getyourrefundtulsa.org
URL: https://es.getyourrefundtulsa.org/?utm_source=reembolso
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:800:11:3b84:d200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 888739724425bb83620ecd329f1bd419b627ee65f5f1ac20c1dc291a6835a88b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://es.getyourrefundtulsa.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Tue, 21 Dec 2021 01:31:35 GMT
content-encoding: gzip
last-modified: Mon, 25 Jan 2021 16:51:02 GMT
server: AmazonS3
age: 1119580
etag: W/"6062b4a61f875b85af917dbda78144a4"
vary: Accept-Encoding
x-cache: Hit from cloudfront
x-amz-version-id: Fi44eJQgCt_dzmZUDKhq1Mru8gr6xNC4
via: 1.1 342054511f9732c450e11bade76323dd.cloudfront.net (CloudFront)
cache-control: max-age=31536000, must-revalidate
x-amz-cf-pop: FRA56-P5
content-type: image/svg+xml
x-amz-cf-id: b9XF9582j7WEGn6EHkSw-enngBRv6dOxVL18pR-OB0yvVOXs4EYT8A==

GET
H2 200 600c5038ce22ee147294842e_Family%20of%203%20.svg
assets.website-files.com/600b4da8ffd9679fcdd2964b/ 20 KB
8 KB 9ms
8ms Image
image/svg+xml 2600:9000:223f:800:11:3b84:d200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.website-files.com/600b4da8ffd9679fcdd2964b/600c5038ce22ee147294842e_Family%20of%203%20.svg
Requested by: Host: es.getyourrefundtulsa.org
URL: https://es.getyourrefundtulsa.org/?utm_source=reembolso
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:800:11:3b84:d200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ae40ab167163cd15dbfbaeb1b159d29678039f51060781cb42e5da2a1b6ba0a2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://es.getyourrefundtulsa.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Tue, 21 Dec 2021 01:31:35 GMT
content-encoding: gzip
last-modified: Sat, 23 Jan 2021 16:35:06 GMT
server: AmazonS3
age: 1119580
etag: W/"4fdcebfd644b5242677b462524b0f7dd"
vary: Accept-Encoding
x-cache: Hit from cloudfront
x-amz-version-id: 7bNQpnqhRB3sN0hLLGbvGZt6nRZ4qmRe
via: 1.1 342054511f9732c450e11bade76323dd.cloudfront.net (CloudFront)
cache-control: max-age=31536000, must-revalidate
x-amz-cf-pop: FRA56-P5
content-type: image/svg+xml
x-amz-cf-id: JOphumGZVnZZJYfWEEQCbx8uxKZ6O-1wz8QTD7q1EpFe0COT4EGlOQ==

GET
H2 200 600c55dddeb2b0ddac11ebc0_Purple%20BG%20large.svg
assets.website-files.com/600b4da8ffd9679fcdd2964b/ 4 KB
2 KB 7ms
7ms Image
image/svg+xml 2600:9000:223f:800:11:3b84:d200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.website-files.com/600b4da8ffd9679fcdd2964b/600c55dddeb2b0ddac11ebc0_Purple%20BG%20large.svg
Requested by: Host: assets.website-files.com
URL: https://assets.website-files.com/600b4da8ffd9679fcdd2964b/css/getyourrefundtulsa.f3e853695.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:800:11:3b84:d200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 092c7b971bb288b339a3087539eba2a235cbdce400a15620af86153f93837308

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://assets.website-files.com/600b4da8ffd9679fcdd2964b/css/getyourrefundtulsa.f3e853695.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Tue, 21 Dec 2021 01:31:35 GMT
content-encoding: gzip
last-modified: Sat, 23 Jan 2021 16:59:11 GMT
server: AmazonS3
age: 1119579
etag: W/"1f43c631a54ddaee8bdab5d3ba81b5d5"
vary: Accept-Encoding
x-cache: Hit from cloudfront
x-amz-version-id: oMDNVYGhKpkO1P96QGgnMMgFvjpMSXXQ
via: 1.1 342054511f9732c450e11bade76323dd.cloudfront.net (CloudFront)
cache-control: max-age=31536000, must-revalidate
x-amz-cf-pop: FRA56-P5
content-type: image/svg+xml
x-amz-cf-id: LL0GZoKAE-ZyJcYTC-EPqO-B-hMnbZZ_103I_0aphvOKfov4VRnURA==

GET
H2 200 600f5c336634caaa05b844ca_NEW%20NEW%20NEW-05.svg
assets.website-files.com/600b4da8ffd9679fcdd2964b/ 3 KB
1 KB 7ms
7ms Image
image/svg+xml 2600:9000:223f:800:11:3b84:d200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.website-files.com/600b4da8ffd9679fcdd2964b/600f5c336634caaa05b844ca_NEW%20NEW%20NEW-05.svg
Requested by: Host: assets.website-files.com
URL: https://assets.website-files.com/600b4da8ffd9679fcdd2964b/css/getyourrefundtulsa.f3e853695.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:800:11:3b84:d200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bfae4df96f421149a3f38217e6062efde4cde5443b77a10c3b1b588433388797

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://assets.website-files.com/600b4da8ffd9679fcdd2964b/css/getyourrefundtulsa.f3e853695.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Sat, 01 Jan 2022 20:48:33 GMT
content-encoding: gzip
last-modified: Tue, 26 Jan 2021 00:03:01 GMT
server: AmazonS3
age: 99762
etag: W/"6dae34851e47e459d832d957357d04e2"
vary: Accept-Encoding
x-cache: Hit from cloudfront
x-amz-version-id: hHUP7GBKbTPzetAznBnOXYWm__KkyJM7
via: 1.1 342054511f9732c450e11bade76323dd.cloudfront.net (CloudFront)
cache-control: max-age=31536000, must-revalidate
x-amz-cf-pop: FRA56-P5
content-type: image/svg+xml
x-amz-cf-id: dPfuNmU2RgYr4lG1zLhEyQNVD_Vovkzvgpvt78V8Mc9RItW3nsvCEQ==

GET
H2 200 600c6edcd1a2445ebee4c5c3_Orange%20Bg.svg
assets.website-files.com/600b4da8ffd9679fcdd2964b/ 4 KB
1 KB 8ms
8ms Image
image/svg+xml 2600:9000:223f:800:11:3b84:d200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.website-files.com/600b4da8ffd9679fcdd2964b/600c6edcd1a2445ebee4c5c3_Orange%20Bg.svg
Requested by: Host: assets.website-files.com
URL: https://assets.website-files.com/600b4da8ffd9679fcdd2964b/css/getyourrefundtulsa.f3e853695.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:800:11:3b84:d200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 62dd7689afbeb87abef2960e51c1e58c75be5fd0e88525fc74ab6d6fffc006f1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://assets.website-files.com/600b4da8ffd9679fcdd2964b/css/getyourrefundtulsa.f3e853695.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Tue, 21 Dec 2021 01:31:35 GMT
content-encoding: gzip
last-modified: Sat, 23 Jan 2021 18:45:49 GMT
server: AmazonS3
age: 1119579
etag: W/"30c4d476fea26c2ead058fce755a8cd6"
vary: Accept-Encoding
x-cache: Hit from cloudfront
x-amz-version-id: .7B.bmqV0TXDU9._N9pUz4UAfykVVrE6
via: 1.1 342054511f9732c450e11bade76323dd.cloudfront.net (CloudFront)
cache-control: max-age=31536000, must-revalidate
x-amz-cf-pop: FRA56-P5
content-type: image/svg+xml
x-amz-cf-id: Fh4-3a3mIVZPx0rRUbi71FHmrDC04fWW2AKaovfGi0orUZt7QyHiQQ==

GET
H2 200 600c56b97e43ed19e3d41e7f_bils%20icon.svg
assets.website-files.com/600b4da8ffd9679fcdd2964b/ 3 KB
1 KB 8ms
7ms Image
image/svg+xml 2600:9000:223f:800:11:3b84:d200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.website-files.com/600b4da8ffd9679fcdd2964b/600c56b97e43ed19e3d41e7f_bils%20icon.svg
Requested by: Host: es.getyourrefundtulsa.org
URL: https://es.getyourrefundtulsa.org/?utm_source=reembolso
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:800:11:3b84:d200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1d0595eccd743a52cefbffbcbe4ada7d68dd344d2c87aeffb449fc110c42907c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://es.getyourrefundtulsa.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Tue, 21 Dec 2021 01:31:38 GMT
content-encoding: gzip
last-modified: Sat, 23 Jan 2021 17:02:51 GMT
server: AmazonS3
age: 1119577
etag: W/"10a7fbb538fc387b87984138b4f85884"
vary: Accept-Encoding
x-cache: Hit from cloudfront
x-amz-version-id: R111O4fQRZWtx2F8_uKp38nLZKuf_D.Z
via: 1.1 342054511f9732c450e11bade76323dd.cloudfront.net (CloudFront)
cache-control: max-age=31536000, must-revalidate
x-amz-cf-pop: FRA56-P5
content-type: image/svg+xml
x-amz-cf-id: 0tu4VVwk2Xf17m7Hfb1XXWYhRZ6v-4f1E3W8mYhr6209v-BUv0_pyA==

GET
H2 200 600c56b9deb2b00ea211f1a1_Home%20Icon.svg
assets.website-files.com/600b4da8ffd9679fcdd2964b/ 3 KB
1 KB 9ms
7ms Image
image/svg+xml 2600:9000:223f:800:11:3b84:d200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.website-files.com/600b4da8ffd9679fcdd2964b/600c56b9deb2b00ea211f1a1_Home%20Icon.svg
Requested by: Host: es.getyourrefundtulsa.org
URL: https://es.getyourrefundtulsa.org/?utm_source=reembolso
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:800:11:3b84:d200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2a0da1505888379ba5ae1bbdd0b0a17acd98817fafd6978b3c5e51ef5a1bd750

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://es.getyourrefundtulsa.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Tue, 21 Dec 2021 01:31:38 GMT
content-encoding: gzip
last-modified: Sat, 23 Jan 2021 17:02:51 GMT
server: AmazonS3
age: 1119577
etag: W/"a59da7e3663a6431fc6d77cf188877d1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
x-amz-version-id: 8pqmFk5PdoG6oq1SNrIsHsR_jv3WRKpe
via: 1.1 342054511f9732c450e11bade76323dd.cloudfront.net (CloudFront)
cache-control: max-age=31536000, must-revalidate
x-amz-cf-pop: FRA56-P5
content-type: image/svg+xml
x-amz-cf-id: Fgd9MM6B6j3CNg362ZD_W7vT8f03VwaqRWkAdNdTcF_Ha2ld_B3MOQ==

GET
H2 200 600c56b9e4b1d838e1a1ddfb_car%20repair%20icon%27.svg
assets.website-files.com/600b4da8ffd9679fcdd2964b/ 3 KB
1 KB 9ms
7ms Image
image/svg+xml 2600:9000:223f:800:11:3b84:d200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.website-files.com/600b4da8ffd9679fcdd2964b/600c56b9e4b1d838e1a1ddfb_car%20repair%20icon%27.svg
Requested by: Host: es.getyourrefundtulsa.org
URL: https://es.getyourrefundtulsa.org/?utm_source=reembolso
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:800:11:3b84:d200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: afeacc57b2412e3de8fb05015e417c6e670171261d0adaf9ce242a4f3a31c63a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://es.getyourrefundtulsa.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Tue, 21 Dec 2021 01:31:38 GMT
content-encoding: gzip
last-modified: Sat, 23 Jan 2021 17:02:51 GMT
server: AmazonS3
age: 1119577
etag: W/"fab0a9dbd5184a85044710f3d5425877"
vary: Accept-Encoding
x-cache: Hit from cloudfront
x-amz-version-id: 0BuNB3HNEUxL2ANB_wiIgJXt7AsWibul
via: 1.1 342054511f9732c450e11bade76323dd.cloudfront.net (CloudFront)
cache-control: max-age=31536000, must-revalidate
x-amz-cf-pop: FRA56-P5
content-type: image/svg+xml
x-amz-cf-id: OCw7DzOl9ei0DMqQBm1mo1DNftCAPx6BxP13Z7rSrsi3_OgRbPsgiA==

GET
H2 200 600c56b9ac65b29521f18583_school%20supplies%20icon.svg
assets.website-files.com/600b4da8ffd9679fcdd2964b/ 5 KB
2 KB 9ms
7ms Image
image/svg+xml 2600:9000:223f:800:11:3b84:d200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.website-files.com/600b4da8ffd9679fcdd2964b/600c56b9ac65b29521f18583_school%20supplies%20icon.svg
Requested by: Host: es.getyourrefundtulsa.org
URL: https://es.getyourrefundtulsa.org/?utm_source=reembolso
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:800:11:3b84:d200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ae822b99e9ee9138e5b9a5d250adb49c5b22d63dd1d364bdf2c0b062915e46cd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://es.getyourrefundtulsa.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Tue, 21 Dec 2021 01:31:37 GMT
content-encoding: gzip
last-modified: Sat, 23 Jan 2021 17:02:51 GMT
server: AmazonS3
age: 1119577
etag: W/"78302ac68cd6a4a8ee8797a63408f601"
vary: Accept-Encoding
x-cache: Hit from cloudfront
x-amz-version-id: 2vWfNIjfxrEOPButW.tDmc6T7CJSH6vu
via: 1.1 342054511f9732c450e11bade76323dd.cloudfront.net (CloudFront)
cache-control: max-age=31536000, must-revalidate
x-amz-cf-pop: FRA56-P5
content-type: image/svg+xml
x-amz-cf-id: Z_OeTh9sY15A8-MpeQuU0rY7RbDKGstW_rp86GathwqWybVSEmx5ZQ==

GET
H2 200 600c56b9eba1460b636dbf5d_special%20occasion%20icon.svg
assets.website-files.com/600b4da8ffd9679fcdd2964b/ 5 KB
2 KB 10ms
8ms Image
image/svg+xml 2600:9000:223f:800:11:3b84:d200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.website-files.com/600b4da8ffd9679fcdd2964b/600c56b9eba1460b636dbf5d_special%20occasion%20icon.svg
Requested by: Host: es.getyourrefundtulsa.org
URL: https://es.getyourrefundtulsa.org/?utm_source=reembolso
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:800:11:3b84:d200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 9ab769fb0a896e6bf3d2bc8fbf9a79605e5d0af91533235b1ceb7c4fba4d135a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://es.getyourrefundtulsa.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Tue, 21 Dec 2021 01:31:38 GMT
content-encoding: gzip
last-modified: Sat, 23 Jan 2021 17:02:51 GMT
server: AmazonS3
age: 1119577
etag: W/"36843cd88243003bda0a5470bd166f23"
vary: Accept-Encoding
x-cache: Hit from cloudfront
x-amz-version-id: OHrUlXCfkzXBQaUtJJhz.P4cWfaAOS5J
via: 1.1 342054511f9732c450e11bade76323dd.cloudfront.net (CloudFront)
cache-control: max-age=31536000, must-revalidate
x-amz-cf-pop: FRA56-P5
content-type: image/svg+xml
x-amz-cf-id: R-0SPK2y86jCDhbLQXsT1poouhGhzjaaycyuqjau_G0DaoNJpcNyiw==

GET
H2 200 600c555fb789538ed7ba3cdb_Tom.png
assets.website-files.com/600b4da8ffd9679fcdd2964b/ 47 KB
48 KB 11ms
9ms Image
image/png 2600:9000:223f:800:11:3b84:d200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.website-files.com/600b4da8ffd9679fcdd2964b/600c555fb789538ed7ba3cdb_Tom.png
Requested by: Host: es.getyourrefundtulsa.org
URL: https://es.getyourrefundtulsa.org/?utm_source=reembolso
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:800:11:3b84:d200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 7afecd8aa9981d91871fe5dca3a0756ee33edd1c094bcfa8d8c09840a92f7825

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://es.getyourrefundtulsa.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Tue, 21 Dec 2021 01:31:38 GMT
via: 1.1 342054511f9732c450e11bade76323dd.cloudfront.net (CloudFront)
last-modified: Sat, 23 Jan 2021 16:57:05 GMT
server: AmazonS3
age: 1119577
etag: "a9a34938fa55b4c4a8a74c301c1ad884"
x-cache: Hit from cloudfront
x-amz-version-id: aKAwdoVO_wjWzDY6GVu649yLIC6SVl4F
cache-control: max-age=31536000, must-revalidate
x-amz-cf-pop: FRA56-P5
accept-ranges: bytes
content-type: image/png
content-length: 48174
x-amz-cf-id: b1parysRwFB1bIdYYAV1FgPJMkM4O2GGdI8aRMLEjVYepjY1ohsTzw==

GET
H2 200 600c555f88abe0f0101ceacc_Ana.png
assets.website-files.com/600b4da8ffd9679fcdd2964b/ 46 KB
46 KB 13ms
11ms Image
image/png 2600:9000:223f:800:11:3b84:d200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.website-files.com/600b4da8ffd9679fcdd2964b/600c555f88abe0f0101ceacc_Ana.png
Requested by: Host: es.getyourrefundtulsa.org
URL: https://es.getyourrefundtulsa.org/?utm_source=reembolso
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:800:11:3b84:d200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: eaf775087e020fad2fb22fe8cba7e1d8a41cc59a2dd11ac5fe36c75cc2d00ed7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://es.getyourrefundtulsa.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Tue, 21 Dec 2021 01:31:38 GMT
via: 1.1 342054511f9732c450e11bade76323dd.cloudfront.net (CloudFront)
last-modified: Sat, 23 Jan 2021 16:57:05 GMT
server: AmazonS3
age: 1119577
etag: "e52943537794f364707d8faf620b0097"
x-cache: Hit from cloudfront
x-amz-version-id: gfN6AY3E9CYckhaa3h2QjtMZZsu9BDnG
cache-control: max-age=31536000, must-revalidate
x-amz-cf-pop: FRA56-P5
accept-ranges: bytes
content-type: image/png
content-length: 46635
x-amz-cf-id: rUlllFB_x57n8qRRHId5Xa7LwsxOV7JUa8TLo6gUO6tZG8sB3NPrIA==

GET
H2 200 600c59ffdeb2b043a511fb26_Goodwill%20VIta%20logo.png
assets.website-files.com/600b4da8ffd9679fcdd2964b/ 43 KB
43 KB 16ms
14ms Image
image/png 2600:9000:223f:800:11:3b84:d200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.website-files.com/600b4da8ffd9679fcdd2964b/600c59ffdeb2b043a511fb26_Goodwill%20VIta%20logo.png
Requested by: Host: es.getyourrefundtulsa.org
URL: https://es.getyourrefundtulsa.org/?utm_source=reembolso
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:800:11:3b84:d200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6a64e384c11411273215af44c377e461dce82541050bc0534d80be05c91c1b38

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://es.getyourrefundtulsa.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Mon, 03 Jan 2022 00:29:35 GMT
via: 1.1 342054511f9732c450e11bade76323dd.cloudfront.net (CloudFront)
last-modified: Sat, 23 Jan 2021 17:16:49 GMT
server: AmazonS3
age: 100
etag: "b1fe3011dad9eed8cade082ea8ee4b6e"
x-cache: Hit from cloudfront
x-amz-version-id: B8DgqEQuJC2nAszqUmUH0L6A2_1tL5wo
cache-control: max-age=31536000, must-revalidate
x-amz-cf-pop: FRA56-P5
accept-ranges: bytes
content-type: image/png
content-length: 43536
x-amz-cf-id: tg6xPc4uD7JQjxNofLf9GjV25Lxe6wOEr8os8zxiZr5ZiPJq6X-81w==

GET
H2 200 600c59ff4b72857bbec47b07_Tulsa%20Responds.svg
assets.website-files.com/600b4da8ffd9679fcdd2964b/ 10 KB
4 KB 21ms
19ms Image
image/svg+xml 2600:9000:223f:800:11:3b84:d200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.website-files.com/600b4da8ffd9679fcdd2964b/600c59ff4b72857bbec47b07_Tulsa%20Responds.svg
Requested by: Host: es.getyourrefundtulsa.org
URL: https://es.getyourrefundtulsa.org/?utm_source=reembolso
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:800:11:3b84:d200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: dbf9904149f213776c05c0f5bd8edbacfad984b03979afc7547f9a0533765f4f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://es.getyourrefundtulsa.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Thu, 30 Dec 2021 12:35:17 GMT
content-encoding: gzip
last-modified: Sat, 23 Jan 2021 17:16:49 GMT
server: AmazonS3
age: 302158
etag: W/"0d46618bd4affe4b3469caf1ace0a09c"
vary: Accept-Encoding
x-cache: Hit from cloudfront
x-amz-version-id: BY2XhlRwxfu.6hvEuusuQT0gYq0eMq2W
via: 1.1 342054511f9732c450e11bade76323dd.cloudfront.net (CloudFront)
cache-control: max-age=31536000, must-revalidate
x-amz-cf-pop: FRA56-P5
content-type: image/svg+xml
x-amz-cf-id: eG04HXqABtjF9P6Z4szwLcInAyuwYSWl3PUwVmRf0bhDPHInVXHV2Q==

GET
H2 200 600c59ffdc3c33547e11ebe8_Get%20your%20refund%20logo.svg
assets.website-files.com/600b4da8ffd9679fcdd2964b/ 26 KB
11 KB 21ms
20ms Image
image/svg+xml 2600:9000:223f:800:11:3b84:d200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.website-files.com/600b4da8ffd9679fcdd2964b/600c59ffdc3c33547e11ebe8_Get%20your%20refund%20logo.svg
Requested by: Host: es.getyourrefundtulsa.org
URL: https://es.getyourrefundtulsa.org/?utm_source=reembolso
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:800:11:3b84:d200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b5497fb6ebecc993f08f49f55f0ee23b04c636bee373a2d23046814ae1933e14

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://es.getyourrefundtulsa.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Mon, 03 Jan 2022 00:29:35 GMT
content-encoding: gzip
last-modified: Sat, 23 Jan 2021 17:16:49 GMT
server: AmazonS3
age: 100
etag: W/"21f1ed8c939ca604b06513376ab191b7"
vary: Accept-Encoding
x-cache: Hit from cloudfront
x-amz-version-id: S5UFvZKIGzesqrqK4aQUn_kJBw7XBpYL
via: 1.1 342054511f9732c450e11bade76323dd.cloudfront.net (CloudFront)
cache-control: max-age=31536000, must-revalidate
x-amz-cf-pop: FRA56-P5
content-type: image/svg+xml
x-amz-cf-id: jNH1-H3QzIu2QjiRIfDGZ1Lk8yfOIxXh2ivj4hj1mpoXkpZLPi3Xaw==

GET
H2 200 600c62b2a2f87f5d48553766_Car%20icon.svg
assets.website-files.com/600b4da8ffd9679fcdd2964b/ 3 KB
2 KB 23ms
22ms Image
image/svg+xml 2600:9000:223f:800:11:3b84:d200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.website-files.com/600b4da8ffd9679fcdd2964b/600c62b2a2f87f5d48553766_Car%20icon.svg
Requested by: Host: es.getyourrefundtulsa.org
URL: https://es.getyourrefundtulsa.org/?utm_source=reembolso
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:800:11:3b84:d200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 96f8439ce81a6b9dd564cb042d9bd84f5a127710459659defc4adbe159e79747

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://es.getyourrefundtulsa.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Mon, 03 Jan 2022 00:29:35 GMT
content-encoding: gzip
last-modified: Sat, 23 Jan 2021 17:53:55 GMT
server: AmazonS3
age: 100
etag: W/"0608b0922e69739c966cbfa9de9c8c9d"
vary: Accept-Encoding
x-cache: Hit from cloudfront
x-amz-version-id: sR5euKu_VNRT6qwj2V2UMGNCeM02OyMo
via: 1.1 342054511f9732c450e11bade76323dd.cloudfront.net (CloudFront)
cache-control: max-age=31536000, must-revalidate
x-amz-cf-pop: FRA56-P5
content-type: image/svg+xml
x-amz-cf-id: RJ7nxKHnEHSVmqr2GftPhcYdh1md8YQF12CQGCVASPXuDh6oygitmg==

GET
H2 200 600c62b2f6d548146bb36f13_File%20icon.svg
assets.website-files.com/600b4da8ffd9679fcdd2964b/ 3 KB
1 KB 22ms
21ms Image
image/svg+xml 2600:9000:223f:800:11:3b84:d200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.website-files.com/600b4da8ffd9679fcdd2964b/600c62b2f6d548146bb36f13_File%20icon.svg
Requested by: Host: es.getyourrefundtulsa.org
URL: https://es.getyourrefundtulsa.org/?utm_source=reembolso
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:800:11:3b84:d200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: fb126ee16a96340aef514f2d384c7c1f48b1b03834996648271e9698cd66710e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://es.getyourrefundtulsa.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Mon, 03 Jan 2022 00:29:35 GMT
content-encoding: gzip
last-modified: Sat, 23 Jan 2021 17:53:55 GMT
server: AmazonS3
age: 100
etag: W/"80e319040011c1228a79939329e6af08"
vary: Accept-Encoding
x-cache: Hit from cloudfront
x-amz-version-id: rwxLtsjIdtLSBznrbcw.vJJglvVlWv5y
via: 1.1 342054511f9732c450e11bade76323dd.cloudfront.net (CloudFront)
cache-control: max-age=31536000, must-revalidate
x-amz-cf-pop: FRA56-P5
content-type: image/svg+xml
x-amz-cf-id: veP_XmRqif64RbMm6_hvD2yEjVot_T04CiU4hoYjP2Yn0OCO91lgMA==

GET
H2 200 600c62b22eab062ff4fe6a56_phone%20icon.svg
assets.website-files.com/600b4da8ffd9679fcdd2964b/ 3 KB
1 KB 22ms
21ms Image
image/svg+xml 2600:9000:223f:800:11:3b84:d200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.website-files.com/600b4da8ffd9679fcdd2964b/600c62b22eab062ff4fe6a56_phone%20icon.svg
Requested by: Host: es.getyourrefundtulsa.org
URL: https://es.getyourrefundtulsa.org/?utm_source=reembolso
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:800:11:3b84:d200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 048b0106eaaa1ccf27d5151f8eede6a865ff9fc663201dfbe816e90a1a0ae2e7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://es.getyourrefundtulsa.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Mon, 03 Jan 2022 00:29:35 GMT
content-encoding: gzip
last-modified: Sat, 23 Jan 2021 17:53:55 GMT
server: AmazonS3
age: 100
etag: W/"6723b026925f84c28bbf90f67b9989fa"
vary: Accept-Encoding
x-cache: Hit from cloudfront
x-amz-version-id: M91wUDfFBPcHSKTbQQKipAd5HcZL23B6
via: 1.1 342054511f9732c450e11bade76323dd.cloudfront.net (CloudFront)
cache-control: max-age=31536000, must-revalidate
x-amz-cf-pop: FRA56-P5
content-type: image/svg+xml
x-amz-cf-id: 8gVs_6VI2EW-u75a214YYhvULDtDcSU4VQMI01Cbr7FyunFCDeo_GA==

GET
H2 200 bf25179c-4320-4b4a-a246-4c159a491805 Show response
forms.hsforms.com/embed/v3/form/9162411/ 12 KB
3 KB 187ms
148ms Script
application/javascript 2606:4700::6810:5805
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hsforms.com/embed/v3/form/9162411/bf25179c-4320-4b4a-a246-4c159a491805?callback=hs_reqwest_0&hutk=

Requested by

Host: js.hsforms.net
URL: https://js.hsforms.net/forms/shell.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5805 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

80c85f375110dc149614375cb3149c6dd38edd3561a6f26bd28d5933d0c6e5ed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://es.getyourrefundtulsa.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 03 Jan 2022 00:31:14 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-hubspot-correlation-id: d4feee5a-65dd-45d3-a2d9-753c03e67f4c
cf-ray: 6c781f8288933762-MXP
content-disposition: attachment; filename=no-rfd.txt
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
server: cloudflare
x-trace: 2B2EB707451942974E05F7F48EA7D1A8B6A183C596000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript;charset=utf-8
vary: Accept-Encoding
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none

GET
H2 200 weglot.min.css
cdn.weglot.com/ 28 KB
5 KB 8ms
8ms Stylesheet
text/css 2600:9000:225e:ee00:1:28b3:b280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.weglot.com/weglot.min.css?v=4
Requested by: Host: cdn.weglot.com
URL: https://cdn.weglot.com/weglot.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225e:ee00:1:28b3:b280:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1b4fd0e91f1e3e3c84db3110561ea8d11cd01d7bc7b8a4accfe219b28107d4ec

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://es.getyourrefundtulsa.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sun, 02 Jan 2022 15:01:14 GMT
content-encoding: gzip
last-modified: Tue, 21 Dec 2021 13:12:01 GMT
server: AmazonS3
age: 34201
etag: W/"3a3117ea3025d0f6ea1200c3b9dee1a1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
x-amz-version-id: null
via: 1.1 a3c1615d6bdfc01a05a0b3a742d10d39.cloudfront.net (CloudFront)
cache-control: max-age=2592000
x-amz-cf-pop: FRA60-P4
content-type: text/css; charset=utf-8
x-amz-cf-id: _nNEun_yBisUhVsOzvsksahT1u3FpS18jK0AnbCNU5oDzzAdyd265A==

GET
H2 200 860957544521195 Show response
connect.facebook.net/signals/config/ 305 KB
88 KB 49ms
49ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/860957544521195?v=2.9.48&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

f449011e4aacbe8157f7cbd743bb438cf6f4b689a77bf02b81c179951f82932f

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://es.getyourrefundtulsa.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
x-xss-protection: 0
pragma: public
x-fb-debug: NL5mSJMQI/XMcWjYtg14g0U2ohTygTB8nwXK+XIKjgXJAxjZJBQHRybJ5nm6YSOxsJ049c94mcT+BMGMJhhnPQ==
x-fb-trip-id: 917726464
x-frame-options: DENY
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Mon, 03 Jan 2022 00:31:14 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 collectedforms.js Show response
js.hscollectedforms.net/ 82 KB
26 KB 208ms
165ms Script
application/javascript 2606:4700::6811:7fab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hscollectedforms.net/collectedforms.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/9162411.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:7fab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 23d1cb06ace0ff3e399d3c53bb02c3a8c386cd97dc01081b376c34785c92e4f3

Request headers

Referer: https://es.getyourrefundtulsa.org/
Origin: https://es.getyourrefundtulsa.org
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 03 Jan 2022 00:31:14 GMT
via: 1.1 920629f47fa586ce02a1a1af8b626579.cloudfront.net (CloudFront)
cf-cache-status: MISS
x-amz-cf-pop: IAD89-P1
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=collected-forms-embed-js/static-1.260/bundles/project.js&cfRay=6c781f834bd559ad-IAD
x-cache: Hit from cloudfront
access-control-max-age: 3000
x-amz-replication-status: COMPLETED
content-encoding: br
cf-ray: 6c781f834bd559ad-MXP
last-modified: Tue, 07 Dec 2021 01:47:22 UTC
server: cloudflare
etag: W/"6a87c3fbb201ae0e1e27682863544b27"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET
x-amz-version-id: MgiHycm2IQFcF7nscbJ1l6RorgU5R2aj
access-control-allow-origin: *
cache-control: s-maxage=86400, max-age=0
x-hs-cache-status: MISS
content-type: application/javascript; charset=utf-8
x-amz-cf-id: eozP8-Qu677g9vmq70sggOy1ZzeLG6_bB7G0dfZ2f1Y8oPa_7SZroQ==
x-hs-target-asset: collected-forms-embed-js/static-1.260/bundles/project.js

GET
H2 200 9162411.js Show response
js.hs-analytics.net/analytics/1641169800000/ 62 KB
20 KB 188ms
148ms Script
text/javascript 2606:4700::6811:47b0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1641169800000/9162411.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/9162411.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:47b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: eba134159547cfa7ca40e9b3c513518491318abd833b51b491cc678da07021ec

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://es.getyourrefundtulsa.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 03 Jan 2022 00:31:14 GMT
content-encoding: br
cf-cache-status: MISS
x-amz-request-id: XHDFNY3GNWC8PZB7
x-amz-server-side-encryption: AES256
cf-ray: 6c781f833b1583b2-MXP
x-amz-id-2: 7SkUZUGUvYU1JonhUf7lAcOLIn2akGXbKHv8AZUaPzGOPhHATXxdVu0oeh3s0hACDp6SXKfWdj4=
last-modified: Mon, 19 Jul 2021 17:28:30 GMT
server: cloudflare
etag: W/"5d6bfc9fd6aeeba1c9204c128d370227"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: null
cache-control: max-age=300, public
access-control-allow-credentials: false
content-type: text/javascript
expires: Mon, 03 Jan 2022 00:36:14 GMT

GET
H2 200 9162411.js Show response
js.hs-banner.com/ 60 KB
16 KB 604ms
566ms Script
text/javascript 2606:4700::6812:14bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/9162411.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/9162411.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:14bf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c4a6d65834fa3ed671c50e520b4941c4ca854f28998a31b8181f5f708f5084ac

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://es.getyourrefundtulsa.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 03 Jan 2022 00:31:14 GMT
content-encoding: br
cf-cache-status: MISS
x-amz-request-id: XHDCD0AQC996W4MR
x-amz-server-side-encryption: AES256
content-type: text/javascript; charset=UTF-8
access-control-max-age: 604800
x-amz-id-2: sAyYu4U5LZ3Nq2VMfrXOQp0tBp2t+bfOYUs0F2nYcI40MzAKTCSE4eG12WhpMNZHnvVsclofFzo=
timing-allow-origin: *
last-modified: Fri, 03 Sep 2021 22:10:30 GMT
server: cloudflare
etag: W/"48bb382459f9c5418dc7b34fe7d14a95"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-amz-version-id: vgZVxwjDhzaafrhTMw5z6JZhNUvtO1Ie
access-control-allow-origin: https://es.getyourrefundtulsa.org
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300, public
access-control-allow-credentials: true
cf-ray: 6c781f833f5bd600-MXP
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
expires: Mon, 03 Jan 2022 00:36:14 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 32ms
7ms Script
text/javascript 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5KL632H

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://es.getyourrefundtulsa.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 5408
date: Sun, 02 Jan 2022 23:01:06 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Mon, 03 Jan 2022 01:01:06 GMT

GET
H2 200 iframe_api Show response
www.youtube.com/ 980 B
1 KB 49ms
22ms Script
text/javascript 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/iframe_api

Requested by

Host: es.getyourrefundtulsa.org
URL: https://es.getyourrefundtulsa.org/?utm_source=reembolso

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

8002dace9aa6d2f5a60968e10897ec4b45e698b2851a22320a6cb5f7df42c67c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://es.getyourrefundtulsa.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 03 Jan 2022 00:31:14 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=de for more info."
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
server: ESF
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
report-to: {"group":"ATmXEA_aXV-idIZ-e5x1JSbJUg8hfAx2dSl3lQ","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_ATmXEA_aXV-idIZ-e5x1JSbJUg8hfAx2dSl3lQ"}]}
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=0
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin; report-to="ATmXEA_aXV-idIZ-e5x1JSbJUg8hfAx2dSl3lQ"
expires: Mon, 03 Jan 2022 00:31:14 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 29ms
14ms XHR
text/plain 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=804203797&t=pageview&_s=1&dl=https%3A%2F%2Fes.getyourrefundtulsa.org%2F%3Futm_source%3Dreembolso&ul=en-us&de=UTF-8&dt=Get%20Your%20Refund%20Tulsa&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAAC~&jid=1353211787&gjid=1872116513&cid=295423111.1641169874&tid=UA-162470163-2&_gid=885291906.1641169874&_r=1&gtm=2wgc105KL632H&z=1414592040

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://es.getyourrefundtulsa.org/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 03 Jan 2022 00:31:14 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://es.getyourrefundtulsa.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 17ms
7ms Image
image/gif 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=804203797&t=event&ni=1&_s=1&dl=https%3A%2F%2Fes.getyourrefundtulsa.org%2F%3Futm_source%3Dreembolso&ul=en-us&de=UTF-8&dt=Get%20Your%20Refund%20Tulsa&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Scroll%20Tracking&ea=818&el=10%25&ev=1&_u=YEDAAEABAAAAAC~&jid=&gjid=&cid=295423111.1641169874&tid=UA-162470163-2&_gid=885291906.1641169874&gtm=2wgc105KL632H&z=266579788

Requested by

Host: es.getyourrefundtulsa.org
URL: https://es.getyourrefundtulsa.org/?utm_source=reembolso

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://es.getyourrefundtulsa.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 02 Jan 2022 09:26:23 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 54291
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 195343328990074 Show response
connect.facebook.net/signals/config/ 305 KB
87 KB 106ms
106ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/195343328990074?v=2.9.48&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

f916b4255fb9abaeeba1aa6c74e1934fe5b1f4fcbf46b32ff8029c49258e4428

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://es.getyourrefundtulsa.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
x-xss-protection: 0
pragma: public
x-fb-debug: 0VOPvyn8gOnhOk2zJ2KQkhbZ+ICePV8fGp9mtRACMZk5dseY2CzC+cQiBMfSIhVSTYeWbgL9eFiP6k+NhPCMdA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Mon, 03 Jan 2022 00:31:14 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
295 B 40ms
7ms Image
image/gif 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=860957544521195&ev=PageView&dl=https%3A%2F%2Fes.getyourrefundtulsa.org%2F%3Futm_source%3Dreembolso&rl=&if=false&ts=1641169873874&sw=1600&sh=1200&v=2.9.48&r=stable&ec=0&o=30&fbp=fb.1.1641169873872.1056750784&it=1641169873737&coo=false&rqm=GET

Requested by

Host: es.getyourrefundtulsa.org
URL: https://es.getyourrefundtulsa.org/?utm_source=reembolso

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://es.getyourrefundtulsa.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 03 Jan 2022 00:31:14 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 44
expires: Mon, 03 Jan 2022 00:31:14 GMT

GET
H3 200 www-widgetapi.js Show response
www.youtube.com/s/player/8da38e9a/www-widgetapi.vflset/ 149 KB
48 KB 23ms
8ms Script
text/javascript 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/8da38e9a/www-widgetapi.vflset/www-widgetapi.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/iframe_api

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5071f1b82cf34198f13d9c727f4705d7a4daa61723adacfcd7123abcb4b3c4c7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://es.getyourrefundtulsa.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sun, 02 Jan 2022 23:11:24 GMT
content-encoding: br
x-content-type-options: nosniff
age: 4790
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49407
x-xss-protection: 0
last-modified: Fri, 17 Dec 2021 22:18:14 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Mon, 02 Jan 2023 23:11:24 GMT

GET
H3 200 shell.js Show response
js.hsforms.net/forms/ Frame F5CB 565 KB
144 KB 226ms
202ms Script
application/javascript 2606:4700::6811:b749
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsforms.net/forms/shell.js

Requested by

Host: js.hsforms.net
URL: https://js.hsforms.net/forms/shell.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:b749 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1de48ca333e7ed7ea263055100dad7bb8ced7fe44d59831ccd49fe8b7155d0b6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 03 Jan 2022 00:31:14 GMT
via: 1.1 2ca1a2664d288773b443dc5e52a8b5b9.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: EXPIRED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-P1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
x-amz-replication-status: COMPLETED
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Fri, 17 Dec 2021 10:24:31 UTC
server: cloudflare
etag: W/"4a09092143104bbd73d83353e3de8f45"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Opl0yAZdgsUM6UAA60rO8hodqEqv3IOkzpjMFQ8aUCj55od0f6rEKch6VWLPTTrwD3NaCjd2dm%2FKEuvsP7LxDuSkSXIZOny8Vol3ICVKnk1h9cLn7Mav4PS4ULAffnXDcOsaCEH2elf1fGg9"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: XQgMPDVWVhxA2fBXXk7Bfu.xqq3CrItk
access-control-allow-origin: *
cache-control: s-maxage=600, max-age=0
x-hs-cache-status: HIT
cf-ray: 6c781f8418b7f91b-MXP
x-amz-cf-id: KJ2cmdj4z56eYV-vDq5nHQfkp2LSjQNz4VpvPZSB-KsuXEwLCjus9g==
x-hs-target-asset: FormsNext/static-5.429/bundles/project_with_deps.js

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
449 B 62ms
21ms XHR
text/plain 2a00:1450:400c:c07::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-162470163-2&cid=295423111.1641169874&jid=1353211787&gjid=1872116513&_gid=885291906.1641169874&_u=YEBAAEAAAAAAAC~&z=1329979104

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c07::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://es.getyourrefundtulsa.org/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Mon, 03 Jan 2022 00:31:14 GMT
content-type: text/plain
access-control-allow-origin: https://es.getyourrefundtulsa.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
501 B 44ms
18ms Image
image/gif 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-162470163-2&cid=295423111.1641169874&jid=1353211787&_u=YEBAAEAAAAAAAC~&z=532894590

Requested by

Host: es.getyourrefundtulsa.org
URL: https://es.getyourrefundtulsa.org/?utm_source=reembolso

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://es.getyourrefundtulsa.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 03 Jan 2022 00:31:14 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
501 B 59ms
19ms Image
image/gif 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-162470163-2&cid=295423111.1641169874&jid=1353211787&_u=YEBAAEAAAAAAAC~&z=532894590

Requested by

Host: es.getyourrefundtulsa.org
URL: https://es.getyourrefundtulsa.org/?utm_source=reembolso

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://es.getyourrefundtulsa.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 03 Jan 2022 00:31:14 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 json Show response
forms.hubspot.com/collected-forms/v1/config/ 115 B
1 KB 179ms
141ms XHR
application/json 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hubspot.com/collected-forms/v1/config/json?portalId=9162411&utk=

Requested by

Host: js.hscollectedforms.net
URL: https://js.hscollectedforms.net/collectedforms.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c8ed68c776867e4f2fd2ceb8a0f5705ddf1c51fca5c44b3886373d02edf1c55a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept: application/json, text/plain, */*
Referer: https://es.getyourrefundtulsa.org/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 03 Jan 2022 00:31:14 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: e90e838f-c7f9-4ba8-a163-caaecd8e647f
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 180
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ADAQ76ecwxuHHCw1pHI4CqkEnEjfX0iUyRQaR0275XSWtCLcmjQit6bTR85qY4rFrXAnSvTny12cfmMKky0r0oJ3LRzYr1a9eJMsgEsCfAVtMGcExHPd1CjHf1ZauKqkcNze%2BECoK8cKqGQrZSnX"}],"group":"cf-nel","max_age":604800}
content-type: application/json;charset=utf-8
access-control-allow-origin: https://es.getyourrefundtulsa.org
x-robots-tag: none
access-control-allow-credentials: false
cf-ray: 6c781f84bac0599b-MXP
access-control-allow-headers: *

GET
H3 200 /
www.facebook.com/tr/ 44 B
91 B 17ms
7ms Image
image/gif 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=195343328990074&ev=PageView&dl=https%3A%2F%2Fes.getyourrefundtulsa.org%2F%3Futm_source%3Dreembolso&rl=&if=false&ts=1641169874006&sw=1600&sh=1200&v=2.9.48&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1641169873872.1056750784&it=1641169873737&coo=false&rqm=GET

Requested by

Host: es.getyourrefundtulsa.org
URL: https://es.getyourrefundtulsa.org/?utm_source=reembolso

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://es.getyourrefundtulsa.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 03 Jan 2022 00:31:14 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority: u=3,i
expires: Mon, 03 Jan 2022 00:31:14 GMT

GET
H3 200 counters.gif
forms.hsforms.com/embed/v3/ 35 B
496 B 172ms
143ms Image
image/gif 2606:4700::6810:5805
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms.hsforms.com/embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=1

Requested by

Host: es.getyourrefundtulsa.org
URL: https://es.getyourrefundtulsa.org/?utm_source=reembolso

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:5805 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://es.getyourrefundtulsa.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 03 Jan 2022 00:31:14 GMT
cf-cache-status: DYNAMIC
server: cloudflare
x-hubspot-correlation-id: 99a24e2c-9428-4167-94e2-c85bfbfcae17
x-trace: 2B0A82925E86C844AABB199FAD53DCE69FA0CEBE68000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 6c781f85d93483af-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 35
x-robots-tag: none

GET
H2 200 css
fonts.googleapis.com/ Frame F5CB 2 KB
1012 B 41ms
17ms Stylesheet
text/css 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Montserrat

Requested by

Host: js.hsforms.net
URL: https://js.hsforms.net/forms/shell.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

8cd48a23b5cf3b3659e12bf6eee322a1781a624117ffe71bed68503224829031

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sun, 02 Jan 2022 23:18:53 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 03 Jan 2022 00:31:14 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 03 Jan 2022 00:31:14 GMT

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
1004 B 179ms
137ms Image
image/gif 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=15&fi=bf25179c-4320-4b4a-a246-4c159a491805&fci=dee94f9e-1af8-4010-9969-b55f90d1188c&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=1433769858&v=1.1&a=9162411&rcu=https%3A%2F%2Fes.getyourrefundtulsa.org%2F%3Futm_source%3Dreembolso&pu=https%3A%2F%2Fes.getyourrefundtulsa.org%2F%3Futm_source%3Dreembolso&t=Get+Your+Refund+Tulsa&cts=1641169874368&vi=3f270a1e0750bbd82272026292cbe818&nc=true&ce=false&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://es.getyourrefundtulsa.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 03 Jan 2022 00:31:15 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: d08bd063-eb0b-4f04-a4eb-71f4ba0a9d27
cf-ray: 6c781f8738a159a1-MXP
p3p: CP="NOI CUR ADM OUR NOR STA NID"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 45
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oXnrdUhBsYK%2BqXry9pcHWTORShNlUZwZXvknV9QaDw49UfuzfqLJAOBFUhkSGJ%2BsNQoZSJ4KvZB%2FHTQNkVHcD4rcWRygyRddx%2FiiKFSaDaxxvsJTp7b5LdZg8RizikyFoIGg9B%2BMHg7gvufO35C9"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
550 B 192ms
150ms Image
image/gif 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=1433769858&v=1.1&a=9162411&rcu=https%3A%2F%2Fes.getyourrefundtulsa.org%2F%3Futm_source%3Dreembolso&pu=https%3A%2F%2Fes.getyourrefundtulsa.org%2F%3Futm_source%3Dreembolso&t=Get+Your+Refund+Tulsa&cts=1641169874370&vi=3f270a1e0750bbd82272026292cbe818&nc=true&ce=false&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://es.getyourrefundtulsa.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 03 Jan 2022 00:31:15 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 6bbd8425-8aa3-486b-ac6c-cf1a430d93b1
cf-ray: 6c781f8738a259a1-MXP
p3p: CP="NOI CUR ADM OUR NOR STA NID"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 45
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=onFAGDiy0thap4He0Acuk%2FE2vIDf4Vp%2Fm0O9KVxM9jjt4n5tQqQjcyhF02umANxhdYqmQ2uK3h5hdFCz77XxKOd75T0lgZxrhrzhn4zjfOEijk79gBvvzFpNcnquS3au2uQnaNqq6PTrseddBq1l"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
x-robots-tag: none

GET
H2 200 JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
fonts.gstatic.com/s/montserrat/v18/ Frame F5CB 19 KB
20 KB 33ms
8ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v18/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Montserrat

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2b26a74f3c0e529bc8fccfa6b1db8e083e738992266359fde1a5bd0aaa81cbc3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://es.getyourrefundtulsa.org
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 04:37:19 GMT
x-content-type-options: nosniff
age: 417236
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19844
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:20:10 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 29 Dec 2022 04:37:19 GMT

GET
H3 200 /
www.facebook.com/tr/ 44 B
88 B 9ms
8ms Image
image/gif 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=860957544521195&ev=Microdata&dl=https%3A%2F%2Fes.getyourrefundtulsa.org%2F%3Futm_source%3Dreembolso&rl=&if=false&ts=1641169875433&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Get%20Your%20Refund%20Tulsa%22%7D&cd[OpenGraph]=%7B%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.48&r=stable&ec=1&o=30&fbp=fb.1.1641169873872.1056750784&it=1641169873737&coo=false&es=automatic&tm=3&rqm=GET

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://es.getyourrefundtulsa.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 03 Jan 2022 00:31:16 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority: u=3,i
expires: Mon, 03 Jan 2022 00:31:16 GMT

GET
H3 200 /
www.facebook.com/tr/ 44 B
88 B 8ms
7ms Image
image/gif 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=195343328990074&ev=Microdata&dl=https%3A%2F%2Fes.getyourrefundtulsa.org%2F%3Futm_source%3Dreembolso&rl=&if=false&ts=1641169875510&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Get%20Your%20Refund%20Tulsa%22%7D&cd[OpenGraph]=%7B%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.48&r=stable&a=tmgoogletagmanager&ec=1&o=30&fbp=fb.1.1641169873872.1056750784&it=1641169873737&coo=false&es=automatic&tm=3&rqm=GET

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://es.getyourrefundtulsa.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 03 Jan 2022 00:31:16 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority: u=3,i
expires: Mon, 03 Jan 2022 00:31:16 GMT

Verdicts & Comments Add Verdict or Comment

95 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

11 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.youtube.com/	1969-12-31 23:59:59	Name: YSC Value: 3-0-Xqn3fyw
.youtube.com/	1970-01-20 04:12:01	Name: VISITOR_INFO1_LIVE Value: Bd5GIPHBVnw
.getyourrefundtulsa.org/	1970-01-20 17:24:01	Name: _ga Value: GA1.2.295423111.1641169874
.getyourrefundtulsa.org/	1970-01-19 23:54:16	Name: _gid Value: GA1.2.885291906.1641169874
.getyourrefundtulsa.org/	1970-01-19 23:52:49	Name: _gat_UA-162470163-2 Value: 1
.getyourrefundtulsa.org/	1970-01-20 02:02:25	Name: _fbp Value: fb.1.1641169873872.1056750784
es.getyourrefundtulsa.org/	1970-01-20 09:14:25	Name: __hstc Value: 55126004.3f270a1e0750bbd82272026292cbe818.1641169874363.1641169874363.1641169874363.1
es.getyourrefundtulsa.org/	1970-01-20 09:14:25	Name: hubspotutk Value: 3f270a1e0750bbd82272026292cbe818
es.getyourrefundtulsa.org/	1969-12-31 23:59:59	Name: __hssrc Value: 1
es.getyourrefundtulsa.org/	1970-01-19 23:52:51	Name: __hssc Value: 55126004.1.1641169874363
.hubspot.com/	1970-01-19 23:52:51	Name: __cf_bm Value: byf6f8kCuASX8zi5pp83miZtHlJ63lyY4VKjrNfi8Wg-1641169875-0-AVCIKyK17ktTO0FVSbt4zgcp7nBGOcNqUjbDW7mQHaebu1mZUBPbsuTdnBFqJS1KXIw0sIEx93Em1G53bKgcq/0=

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

assets.website-files.com
cdn.weglot.com
connect.facebook.net
d3e54v103j8qbb.cloudfront.net
es.getyourrefundtulsa.org
fonts.googleapis.com
fonts.gstatic.com
forms.hsforms.com
forms.hubspot.com
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
js.hscollectedforms.net
js.hsforms.net
reembolsotulsa.org
stats.g.doubleclick.net
track.hubspot.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.youtube.com
151.139.128.11
2600:9000:223f:800:11:3b84:d200:93a1
2600:9000:225e:ee00:1:28b3:b280:93a1
2606:4700:3034::ac43:9d40
2606:4700::6810:5805
2606:4700::6811:47b0
2606:4700::6811:7fab
2606:4700::6811:b749
2606:4700::6811:d5cc
2606:4700::6812:14bf
2606:4700::6813:9a53
2606:4700::6813:9b53
2a00:1450:4001:80f::2008
2a00:1450:4001:812::2003
2a00:1450:4001:828::2004
2a00:1450:4001:829::2003
2a00:1450:4001:830::200a
2a00:1450:4001:830::200e
2a00:1450:4001:831::200e
2a00:1450:400c:c07::9d
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f12d:83:face:b00c:0:25de
52.222.232.39
048b0106eaaa1ccf27d5151f8eede6a865ff9fc663201dfbe816e90a1a0ae2e7
092c7b971bb288b339a3087539eba2a235cbdce400a15620af86153f93837308
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
18c77ac8912e0709f63415298fd066b8eb24f2eb031d69dc93697d14dba3c5a8
1b4fd0e91f1e3e3c84db3110561ea8d11cd01d7bc7b8a4accfe219b28107d4ec
1ba81e466f3a758f8923cba69fc562041c774b55fc3e0ed6c8cd8d1f6b99dfc2
1d0595eccd743a52cefbffbcbe4ada7d68dd344d2c87aeffb449fc110c42907c
1de48ca333e7ed7ea263055100dad7bb8ced7fe44d59831ccd49fe8b7155d0b6
23d1cb06ace0ff3e399d3c53bb02c3a8c386cd97dc01081b376c34785c92e4f3
270fcd351d712dcb784ab35d8e55c5a0071133702c740f61550c545906dd0c9f
2a0da1505888379ba5ae1bbdd0b0a17acd98817fafd6978b3c5e51ef5a1bd750
2b26a74f3c0e529bc8fccfa6b1db8e083e738992266359fde1a5bd0aaa81cbc3
30dd2490797e830a4278395e336bcd8d7fcfd443a03fbb73183c93cd43681b2e
33f2a6c5d2e85d264c6a225c57e0cb6dfcd25613ab66933262a49fe5179e1655
5071f1b82cf34198f13d9c727f4705d7a4daa61723adacfcd7123abcb4b3c4c7
62dd7689afbeb87abef2960e51c1e58c75be5fd0e88525fc74ab6d6fffc006f1
6a64e384c11411273215af44c377e461dce82541050bc0534d80be05c91c1b38
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
77cb9e594378e9b5da38730f7630e9d37c60189f4ea35556bcb4b6fcbe0b0008
7afecd8aa9981d91871fe5dca3a0756ee33edd1c094bcfa8d8c09840a92f7825
8002dace9aa6d2f5a60968e10897ec4b45e698b2851a22320a6cb5f7df42c67c
80c85f375110dc149614375cb3149c6dd38edd3561a6f26bd28d5933d0c6e5ed
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
888739724425bb83620ecd329f1bd419b627ee65f5f1ac20c1dc291a6835a88b
8cd48a23b5cf3b3659e12bf6eee322a1781a624117ffe71bed68503224829031
8df717c990d48419be90cd97eb33329a803f211b44ceff173b530a424f943281
96f8439ce81a6b9dd564cb042d9bd84f5a127710459659defc4adbe159e79747
9ab769fb0a896e6bf3d2bc8fbf9a79605e5d0af91533235b1ceb7c4fba4d135a
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
ae40ab167163cd15dbfbaeb1b159d29678039f51060781cb42e5da2a1b6ba0a2
ae822b99e9ee9138e5b9a5d250adb49c5b22d63dd1d364bdf2c0b062915e46cd
afeacc57b2412e3de8fb05015e417c6e670171261d0adaf9ce242a4f3a31c63a
b23807a4c5d90afca0dc47d688c0a05302779429dab75f5e6182562dcc2970f6
b5497fb6ebecc993f08f49f55f0ee23b04c636bee373a2d23046814ae1933e14
bfae4df96f421149a3f38217e6062efde4cde5443b77a10c3b1b588433388797
c3baa9da083322e307e9e8c25676f5027966f3f988ac49b25abfac47b9f75255
c4a6d65834fa3ed671c50e520b4941c4ca854f28998a31b8181f5f708f5084ac
c8ed68c776867e4f2fd2ceb8a0f5705ddf1c51fca5c44b3886373d02edf1c55a
d1b885d9d630f7e61c0d988e28c44205276579edd5a2c6a6cd4f239559007175
dbf9904149f213776c05c0f5bd8edbacfad984b03979afc7547f9a0533765f4f
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
eaf775087e020fad2fb22fe8cba7e1d8a41cc59a2dd11ac5fe36c75cc2d00ed7
eba134159547cfa7ca40e9b3c513518491318abd833b51b491cc678da07021ec
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f449011e4aacbe8157f7cbd743bb438cf6f4b689a77bf02b81c179951f82932f
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
f916b4255fb9abaeeba1aa6c74e1934fe5b1f4fcbf46b32ff8029c49258e4428
fb126ee16a96340aef514f2d384c7c1f48b1b03834996648271e9698cd66710e

es.getyourrefundtulsa.org Open in urlscan Pro 151.139.128.11 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

56 Requests

100 %HTTPS

91 %IPv6

22 Domains

23 Subdomains

22 IPs

3 Countries

3027 kBTransfer

5141 kBSize

11 Cookies

4 Outgoing links

Page URL History

Redirected requests

56 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

es.getyourrefundtulsa.org Open in urlscan Pro
151.139.128.11 Public Scan

Screenshot
Live screenshot

Full Image

56
Requests

100 %
HTTPS

91 %
IPv6

22
Domains

23
Subdomains

22
IPs

3
Countries

3027 kB
Transfer

5141 kB
Size

11
Cookies

56 HTTP transactions
0 data transactions