urlscan.io logo urlscan.io
SecurityTrails logo

refundirs-surplus.icu Open in urlscan Pro
2606:4700:3033::ac43:aa53  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://refundirs-surplus.icu/tax/
Submission: On June 28 via api from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 2 countries across 4 domains to perform 35 HTTP transactions. The main IP is 2606:4700:3033::ac43:aa53, located in United States and belongs to CLOUDFLARENET, US. The main domain is refundirs-surplus.icu.
TLS certificate: Issued by GTS CA 1P5 on June 28th 2023. Valid for: 3 months.
This is the only time refundirs-surplus.icu was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: IRS (Government)

Domain & IP information

IP Address AS Autonomous System
7 2606:4700:303... 13335 (CLOUDFLAR...)
23 2600:1400:d:5... 20940 (AKAMAI-ASN1)
3 2606:4700:10:... 13335 (CLOUDFLAR...)
2 2607:f8b0:402... 15169 (GOOGLE)
35 5
Apex Domain
Subdomains		 Transfer
23 irs.gov
www.irs.gov — Cisco Umbrella Rank: 20373
394 KB
7 refundirs-surplus.icu
refundirs-surplus.icu
14 KB
3 addtoany.com
static.addtoany.com — Cisco Umbrella Rank: 4009
27 KB
2 youtube.com
www.youtube.com — Cisco Umbrella Rank: 91
63 KB
35 4
Domain Requested by
23 www.irs.gov refundirs-surplus.icu
www.irs.gov
7 refundirs-surplus.icu refundirs-surplus.icu
www.irs.gov
3 static.addtoany.com refundirs-surplus.icu
static.addtoany.com
2 www.youtube.com www.irs.gov
www.youtube.com
35 4
Subject Issuer Validity Valid
refundirs-surplus.icu
GTS CA 1P5		 2023-06-28 -
2023-09-26		 3 months crt.sh
www.irs.gov
Entrust Certification Authority - L1F		 2022-10-04 -
2023-11-04		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-05-04 -
2024-05-03		 a year crt.sh
*.google.com
GTS CA 1C3		 2023-05-29 -
2023-08-21		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://refundirs-surplus.icu/tax/
Frame ID: EE042F37FC4F13D89FB23839E4D708BD
Requests: 35 HTTP requests in this frame

Frame: https://static.addtoany.com/menu/sm.24.html
Frame ID: 8F1D8D8599891ED730BC41543C3CAF70
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Internal Revenue Service | An official website of the United States government

Detected technologies

Overall confidence: 100%
Detected patterns
  • addtoany\.com/menu/page\.js
Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/ns\.html[^>]+></iframe>
Overall confidence: 100%
Detected patterns
  • tracker\.js
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

35
Requests

100 %
HTTPS

100 %
IPv6

4
Domains

4
Subdomains

5
IPs

2
Countries

498 kB
Transfer

1723 kB
Size

2
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

35 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
refundirs-surplus.icu/tax/ 		98 KB
13 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://refundirs-surplus.icu/tax/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:aa53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3f6784263d3bb200872c0a76d1219710f9b20049ab43e1863409350856f9b548

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
accept-language
en-US,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
7de6e5bdcd540f78-EWR
content-encoding
br
content-type
text/html
date
Wed, 28 Jun 2023 15:17:35 GMT
last-modified
Wed, 31 May 2023 22:17:24 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EtBKXgd%2BMJw4tLg%2FMI7K4%2FVCych%2BLJTyqcmDrcvm7cQDy7TQot99%2FqJojrBotmDPlzQiTZ4hNuc0sJoYoiFErxm%2FFvuFEFT8OCi0tUQ5eTy8G%2FGEwiwoZeSHaMr3TpVY1Du3xEOU6TjkT7I3z1js8L9fZ8s%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
css_U2v4WEavInYzpx9Vc8-sltDGf2A9zL0_l1Gzbu72pnU.css
www.irs.gov/pub/css/ 		33 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.irs.gov/pub/css/css_U2v4WEavInYzpx9Vc8-sltDGf2A9zL0_l1Gzbu72pnU.css
Requested by
Host: refundirs-surplus.icu
URL: https://refundirs-surplus.icu/tax/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:d:590::f50 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
536bf85846af227633a71f5573cfac96d0c67f603dccbd3f9751b36eeef6a675
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
en-US,en;q=0.9
Referer
https://refundirs-surplus.icu/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

expires
Thu, 29 Jun 2023 15:17:35 GMT
x-edgeconnect-origin-mex-latency
7
date
Wed, 28 Jun 2023 15:17:35 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
x-edgeconnect-midmile-rtt
65
x-age
21
x-ah-environment
prod
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="468879_388099620_377107313_1158_17203_23_0_-";dur=1
content-length
5452
x-request-id
v-daff7c72-ebc4-11ed-a3e2-bfdf5fa302be
last-modified
Sat, 06 May 2023 04:18:55 GMT
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
max-age=86400
accept-ranges
bytes
x-cache-hits
4
css_aSrQriLwkXCEbxc2T695F6rNjbwEusxP9HhCLUUsGKE.css
www.irs.gov/pub/css/ 		326 KB
39 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.irs.gov/pub/css/css_aSrQriLwkXCEbxc2T695F6rNjbwEusxP9HhCLUUsGKE.css
Requested by
Host: refundirs-surplus.icu
URL: https://refundirs-surplus.icu/tax/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:d:590::f50 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
692ad0ae22f09170846f17364faf7917aacd8dbc04bacc4ff478422d452c18a1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
en-US,en;q=0.9
Referer
https://refundirs-surplus.icu/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

expires
Thu, 29 Jun 2023 15:17:35 GMT
x-edgeconnect-origin-mex-latency
8
date
Wed, 28 Jun 2023 15:17:35 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
x-edgeconnect-midmile-rtt
1
x-age
7
x-ah-environment
prod
server-timing
cdn-cache; desc=HIT, edge; dur=9, ak_p; desc="468879_388099620_377107314_3347_14888_23_0_-";dur=1
content-length
39485
x-request-id
v-daeb850a-ebc4-11ed-9e87-c75ceb2eedf9
last-modified
Tue, 30 May 2023 22:45:28 GMT
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
max-age=86400
accept-ranges
bytes
x-cache-hits
2
css_DcoweyAYuMoA29whsp8WH-9ibwtLfQ2s1U7sjCY7qbI.css
www.irs.gov/pub/css/ 		220 KB
16 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.irs.gov/pub/css/css_DcoweyAYuMoA29whsp8WH-9ibwtLfQ2s1U7sjCY7qbI.css
Requested by
Host: refundirs-surplus.icu
URL: https://refundirs-surplus.icu/tax/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:d:590::f50 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
0dca307b2018b8ca00dbdc21b29f161fef626f0b4b7d0dacd54eec8c263ba9b2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
en-US,en;q=0.9
Referer
https://refundirs-surplus.icu/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

expires
Thu, 29 Jun 2023 15:17:35 GMT
x-edgeconnect-origin-mex-latency
8, 8
date
Wed, 28 Jun 2023 15:17:35 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
x-edgeconnect-midmile-rtt
0, 0
x-age
2943
x-ah-environment
prod
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="468879_388099620_377107315_174_16128_23_0_-";dur=1
content-length
15568
x-request-id
v-e26dc4dc-0730-11ee-a660-472bd8f6fc28
last-modified
Sat, 10 Jun 2023 03:01:16 GMT
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
max-age=86400
accept-ranges
bytes
x-cache-hits
2
css_dgC5EXMZnHfezKI2xr90YBonR67TzABdJlse0NZEtJk.css
www.irs.gov/pub/css/ 		5 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.irs.gov/pub/css/css_dgC5EXMZnHfezKI2xr90YBonR67TzABdJlse0NZEtJk.css
Requested by
Host: refundirs-surplus.icu
URL: https://refundirs-surplus.icu/tax/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:d:590::f50 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
7600b91173199c77decca236c6bf74601a2747aed3cc005d265b1ed0d644b499
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
en-US,en;q=0.9
Referer
https://refundirs-surplus.icu/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

expires
Thu, 29 Jun 2023 15:17:35 GMT
date
Wed, 28 Jun 2023 15:17:35 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
x-age
17
x-ah-environment
prod
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="468879_388099620_377107316_2565_13977_23_0_-";dur=1
content-length
1155
x-request-id
v-db059076-ebc4-11ed-9ec5-0b0bb0ece833
last-modified
Sat, 06 May 2023 04:19:28 GMT
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
max-age=86400
accept-ranges
bytes
x-cache-hits
3
js_VtkcjFQQkl8LUjLRngI5dzVyEzEkDSA1slWICvqqaXw.js
www.irs.gov/pub/js/ 		941 B
752 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.irs.gov/pub/js/js_VtkcjFQQkl8LUjLRngI5dzVyEzEkDSA1slWICvqqaXw.js
Requested by
Host: refundirs-surplus.icu
URL: https://refundirs-surplus.icu/tax/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:d:590::f50 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
56d91c8c5410925f0b5232d19e02397735721331240d2035b255880afaaa697c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
en-US,en;q=0.9
Referer
https://refundirs-surplus.icu/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

expires
Thu, 29 Jun 2023 15:17:35 GMT
x-edgeconnect-origin-mex-latency
8
date
Wed, 28 Jun 2023 15:17:35 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
x-edgeconnect-midmile-rtt
4
x-age
3
x-ah-environment
prod
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="468879_388099620_377107317_43_16879_23_0_-";dur=1
content-length
306
x-request-id
v-d93f7694-ebc4-11ed-95f2-fb35c6e2fde7
last-modified
Sat, 10 Jun 2023 02:32:17 GMT
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
max-age=86400
accept-ranges
bytes
x-cache-hits
2
IRS-Logo.svg
www.irs.gov/pub/image/ 		5 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.irs.gov/pub/image/IRS-Logo.svg
Requested by
Host: refundirs-surplus.icu
URL: https://refundirs-surplus.icu/tax/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:d:590::f50 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
0f43618580dd31a8096effd969ca2af7e26ba8555ab8d732e5b32fe2ef8e8cf6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
en-US,en;q=0.9
Referer
https://refundirs-surplus.icu/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

expires
Thu, 29 Jun 2023 15:17:35 GMT
date
Wed, 28 Jun 2023 15:17:35 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
x-age
55
x-ah-environment
prod
server-timing
cdn-cache; desc=HIT, edge; dur=3, ak_p; desc="468879_388099620_377108040_1451_13604_26_0_-";dur=1
content-length
1941
x-request-id
v-be16704e-b6da-11ed-a5fa-d789f7d0c72c
last-modified
Fri, 23 Jun 2023 04:57:28 GMT
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
max-age=86400
accept-ranges
bytes
x-cache-hits
1
logo-print.svg
www.irs.gov/themes/custom/pup_irs/images/ 		5 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.irs.gov/themes/custom/pup_irs/images/logo-print.svg
Requested by
Host: refundirs-surplus.icu
URL: https://refundirs-surplus.icu/tax/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:d:590::f50 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
66466573e4c2cffdc636e13e76758dcf83f0ce235083c2098ad471cf419481d8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
en-US,en;q=0.9
Referer
https://refundirs-surplus.icu/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

x-edgeconnect-origin-mex-latency
11
date
Wed, 28 Jun 2023 15:17:35 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
x-edgeconnect-midmile-rtt
2
x-age
0
x-ah-environment
prod
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="468879_388099620_377108041_4091_15885_26_0_-";dur=1
content-length
1822
x-request-id
v-aded6efa-8d56-11ed-ad9e-abf928c9b0ad
last-modified
Sat, 06 May 2023 09:09:10 GMT
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
max-age=86400
accept-ranges
bytes
expires
Thu, 29 Jun 2023 15:17:35 GMT
IRS-Logo.svg
refundirs-surplus.icu/themes/custom/pup_base/ 		315 B
315 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://refundirs-surplus.icu/themes/custom/pup_base/IRS-Logo.svg
Requested by
Host: refundirs-surplus.icu
URL: https://refundirs-surplus.icu/tax/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:aa53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Request headers

accept-language
en-US,en;q=0.9
Referer
https://refundirs-surplus.icu/tax/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date
Wed, 28 Jun 2023 15:17:35 GMT
content-encoding
br
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eRjUiOMHYEk6lVtw6i5JkeVCaqfBUlO%2FpEx8IQP3HouA5JhylpHt9WAgQ3qAE8CLQUbmYaIX1DUhxPtmbUaWt6Mx8zDDdNZuBmOQd1RgS4TXWrZwmd766AFRDNoYF3IbTAH6a3ucnoi4S2sruTZGpFj3Us4%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=iso-8859-1
cache-control
max-age=14400
cf-ray
7de6e5c1f9ec0f78-EWR
alt-svc
h3=":443"; ma=86400
logo-print.svg
refundirs-surplus.icu/themes/custom/pup_irs/images/ 		315 B
315 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://refundirs-surplus.icu/themes/custom/pup_irs/images/logo-print.svg
Requested by
Host: refundirs-surplus.icu
URL: https://refundirs-surplus.icu/tax/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:aa53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Request headers

accept-language
en-US,en;q=0.9
Referer
https://refundirs-surplus.icu/tax/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date
Wed, 28 Jun 2023 15:17:35 GMT
content-encoding
br
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4Vn38uuhP3ufzPI48g0M5t6m6UssEuMDQbdzunlms76J1xANCs11guCgIvW814RJezSgPcXe24lM%2BEZIKh4p50WL%2B600y9R63gpwZqKj2stRS3FkejqTmI13jT9UvcZU8mOEjGuqt2a5rOGbq%2BFEOrPIPPo%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=iso-8859-1
cache-control
max-age=14400
cf-ray
7de6e5c1f9ee0f78-EWR
alt-svc
h3=":443"; ma=86400
IRS-Logo.svg
www.irs.gov/themes/custom/pup_base/ 		5 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.irs.gov/themes/custom/pup_base/IRS-Logo.svg
Requested by
Host: refundirs-surplus.icu
URL: https://refundirs-surplus.icu/tax/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:d:590::f50 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
0f43618580dd31a8096effd969ca2af7e26ba8555ab8d732e5b32fe2ef8e8cf6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
en-US,en;q=0.9
Referer
https://refundirs-surplus.icu/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

expires
Thu, 29 Jun 2023 15:17:35 GMT
date
Wed, 28 Jun 2023 15:17:35 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
x-age
364
x-ah-environment
prod
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="468879_388099620_377108042_1351_12469_26_0_-";dur=1
content-length
1941
x-request-id
v-ffc688bc-ebc3-11ed-b581-eb5c6b1345c7
last-modified
Sat, 10 Jun 2023 02:56:02 GMT
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
max-age=86400
accept-ranges
bytes
x-cache-hits
1
logo-print.svg
www.irs.gov//themes/custom/pup_irs/images/ 		5 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.irs.gov//themes/custom/pup_irs/images/logo-print.svg
Requested by
Host: refundirs-surplus.icu
URL: https://refundirs-surplus.icu/tax/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:d:590::f50 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
66466573e4c2cffdc636e13e76758dcf83f0ce235083c2098ad471cf419481d8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
en-US,en;q=0.9
Referer
https://refundirs-surplus.icu/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

x-edgeconnect-origin-mex-latency
11
date
Wed, 28 Jun 2023 15:17:35 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
x-edgeconnect-midmile-rtt
2
x-age
0
x-ah-environment
prod
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="468879_388099620_377108043_1470_11740_26_0_-";dur=1
content-length
1822
x-request-id
v-aded6efa-8d56-11ed-ad9e-abf928c9b0ad
last-modified
Sat, 06 May 2023 09:09:10 GMT
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
max-age=86400
accept-ranges
bytes
expires
Thu, 29 Jun 2023 15:17:35 GMT
css_xQTS2qQSo3cks8a_83t-RQvhqy2U9IVLK8XdwR4x2Jk.css
www.irs.gov/pub/css/ 		17 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.irs.gov/pub/css/css_xQTS2qQSo3cks8a_83t-RQvhqy2U9IVLK8XdwR4x2Jk.css
Requested by
Host: refundirs-surplus.icu
URL: https://refundirs-surplus.icu/tax/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:d:590::f50 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
c504d2daa412a37724b3c6bff37b7e450be1ab2d94f4854b2bc5ddc11e31d899
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
en-US,en;q=0.9
Referer
https://refundirs-surplus.icu/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

expires
Thu, 29 Jun 2023 15:17:35 GMT
x-edgeconnect-origin-mex-latency
9, 9
date
Wed, 28 Jun 2023 15:17:35 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
x-edgeconnect-midmile-rtt
18, 21
x-age
16
x-ah-environment
prod
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="468879_388099620_377108044_1131_13823_26_0_-";dur=1
content-length
1654
x-request-id
v-db2cdb4a-ebc4-11ed-94e8-b7d73093d8cf
last-modified
Sat, 06 May 2023 04:19:34 GMT
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
max-age=86400
accept-ranges
bytes
x-cache-hits
3
jquery.min.js
www.irs.gov/static_assets/js/libs/ 		87 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.irs.gov/static_assets/js/libs/jquery.min.js
Requested by
Host: refundirs-surplus.icu
URL: https://refundirs-surplus.icu/tax/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:d:590::f50 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
en-US,en;q=0.9
Referer
https://refundirs-surplus.icu/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

expires
Thu, 29 Jun 2023 15:17:35 GMT
x-edgeconnect-origin-mex-latency
44, 44
date
Wed, 28 Jun 2023 15:17:35 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
x-edgeconnect-midmile-rtt
29, 29
x-age
3001
x-ah-environment
prod
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="468879_388099620_377107647_42_15990_26_0_-";dur=1
content-length
27943
x-request-id
v-8e8ae9fc-72b2-11ed-bead-97824ba87b14
last-modified
Thu, 20 Apr 2023 17:50:48 GMT
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
max-age=86400
accept-ranges
bytes
x-cache-hits
9
autotracker.js
www.irs.gov/static_assets/js/reporting/ 		15 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.irs.gov/static_assets/js/reporting/autotracker.js
Requested by
Host: refundirs-surplus.icu
URL: https://refundirs-surplus.icu/tax/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:d:590::f50 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
b82d4e13ea6e0a629a94dc8d8d674b3754038820f64ea15a92072df1d555f0ab
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
en-US,en;q=0.9
Referer
https://refundirs-surplus.icu/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date
Wed, 28 Jun 2023 15:17:35 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
last-modified
Tue, 30 May 2023 14:09:58 GMT
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
max-age=86400
x-age
0
accept-ranges
bytes
x-ah-environment
prod
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="468879_388099620_377107806_2333_16564_24_0_-";dur=1
content-length
3094
x-request-id
v-adef8a28-8d56-11ed-a3c9-0bb4e869fd39
expires
Thu, 29 Jun 2023 15:17:35 GMT
js_c0CjupBxNDrP3O9COHMc5JBxLnqmnoknxSH8NGyIe20.js
www.irs.gov/pub/js/ 		141 KB
43 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.irs.gov/pub/js/js_c0CjupBxNDrP3O9COHMc5JBxLnqmnoknxSH8NGyIe20.js
Requested by
Host: refundirs-surplus.icu
URL: https://refundirs-surplus.icu/tax/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:d:590::f50 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
7340a3ba9071343acfdcef4238731ce490712e7aa69e8927c521fc346c887b6d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
en-US,en;q=0.9
Referer
https://refundirs-surplus.icu/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

expires
Thu, 29 Jun 2023 15:17:35 GMT
date
Wed, 28 Jun 2023 15:17:35 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
x-age
0
x-ah-environment
prod
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="468879_388099620_377108037_1604_10821_26_0_-";dur=1
content-length
43277
x-request-id
v-626f1992-ebbb-11ed-9778-ab3d549e9ed7
last-modified
Sat, 06 May 2023 03:24:48 GMT
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
max-age=86400
accept-ranges
bytes
x-cache-hits
1
page.js
static.addtoany.com/menu/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.addtoany.com/menu/page.js
Requested by
Host: refundirs-surplus.icu
URL: https://refundirs-surplus.icu/tax/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:46c5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1881d41c12961ae92cc80d73abed82c537d3b64b8cb46dab759cd5b62bbb83c0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://refundirs-surplus.icu/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date
Wed, 28 Jun 2023 15:17:35 GMT
via
e4s
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
114106
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Fri, 23 Jun 2023 07:34:08 GMT
server
cloudflare
etag
W/"c09-5fec706bb5a82"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=172800
cf-ray
7de6e5c2bec8c346-EWR
js_kAUGG7xBi4169FJTE_-MXHiDRHwqPJEqiaM20BWrcGM.js
www.irs.gov/pub/js/ 		306 KB
60 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.irs.gov/pub/js/js_kAUGG7xBi4169FJTE_-MXHiDRHwqPJEqiaM20BWrcGM.js
Requested by
Host: refundirs-surplus.icu
URL: https://refundirs-surplus.icu/tax/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:d:590::f50 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
9005061bbc418b8d7af4525313ff8c5c7883447c2a3c912a89a336d015ab7063
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
en-US,en;q=0.9
Referer
https://refundirs-surplus.icu/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

expires
Thu, 29 Jun 2023 15:17:35 GMT
date
Wed, 28 Jun 2023 15:17:35 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
x-age
132
x-ah-environment
prod
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="468879_388099620_377108039_5690_17267_24_0_-";dur=1
content-length
61084
x-request-id
v-62e1e63e-ebbb-11ed-bcc0-c7eebe2cab10
last-modified
Sat, 06 May 2023 03:31:19 GMT
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
max-age=86400
accept-ranges
bytes
x-cache-hits
2
google-analytics.js
refundirs-surplus.icu/static_assets/js/reporting/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://refundirs-surplus.icu/static_assets/js/reporting/google-analytics.js
Requested by
Host: www.irs.gov
URL: https://www.irs.gov/pub/js/js_VtkcjFQQkl8LUjLRngI5dzVyEzEkDSA1slWICvqqaXw.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:aa53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

accept-language
en-US,en;q=0.9
Referer
https://refundirs-surplus.icu/tax/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date
Wed, 28 Jun 2023 15:17:35 GMT
content-encoding
br
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WpKc9KmGUGxypTcsi%2FRKNGMoeOLj9b4k1gR8CXA7CBx9HDKdFGruK4zd%2BrO7KRxHtlOAKZmbit2%2BTxcsQXdA%2Ba1OEz0W4pO3hiGZ3Xor71ve8VFLu%2FFfcatI%2BsUXshpjABYMfFJk7kIdO%2BDEqZ9V7lQ8ENI%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=iso-8859-1
cache-control
max-age=14400
cf-ray
7de6e5c1f9f20f78-EWR
alt-svc
h3=":443"; ma=86400
height.js
refundirs-surplus.icu/static_assets/js/leftnav/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://refundirs-surplus.icu/static_assets/js/leftnav/height.js
Requested by
Host: www.irs.gov
URL: https://www.irs.gov/pub/js/js_VtkcjFQQkl8LUjLRngI5dzVyEzEkDSA1slWICvqqaXw.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:aa53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

accept-language
en-US,en;q=0.9
Referer
https://refundirs-surplus.icu/tax/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date
Wed, 28 Jun 2023 15:17:35 GMT
content-encoding
br
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ry3pOYJ2HDAiadWrk2HoQqTuRj6nAtZcyo%2BJAYRsDFzOvddRxAcBq3wwMsOiuXVu4bNVdO28wifDo8TIlhihqr2FxpOFRQ0h0HR2WCgMcLwcMhrH%2BL1chprLrWRkCGhtvVzragnjwBlCR19yR0WU0uVMe40%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=iso-8859-1
cache-control
max-age=14400
cf-ray
7de6e5c1f9f30f78-EWR
alt-svc
h3=":443"; ma=86400
https.js
refundirs-surplus.icu/static_assets/js/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://refundirs-surplus.icu/static_assets/js/https.js
Requested by
Host: www.irs.gov
URL: https://www.irs.gov/pub/js/js_VtkcjFQQkl8LUjLRngI5dzVyEzEkDSA1slWICvqqaXw.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:aa53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

accept-language
en-US,en;q=0.9
Referer
https://refundirs-surplus.icu/tax/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date
Wed, 28 Jun 2023 15:17:35 GMT
content-encoding
br
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fsh5oFcZGD9afIeA7gwLc5c2iIM4iI70MYjM8BlbyTDBnRR2PDPVAiXRVu9iqVMgVuNpkZjlgKj4nbrAN9kZW80RHfCCYGuprn97KjfEPRMsXW5EgnF4iNPVsxmdp%2F0aFZGAQ5hYO6ohsy7Efn%2Bv3sKMAPo%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=iso-8859-1
cache-control
max-age=14400
cf-ray
7de6e5c1f9f40f78-EWR
alt-svc
h3=":443"; ma=86400
federated-analytics.js
refundirs-surplus.icu/static_assets/js/reporting/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://refundirs-surplus.icu/static_assets/js/reporting/federated-analytics.js?agency=Treasury&subagency=IRS&sdor=true
Requested by
Host: www.irs.gov
URL: https://www.irs.gov/pub/js/js_VtkcjFQQkl8LUjLRngI5dzVyEzEkDSA1slWICvqqaXw.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:aa53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

accept-language
en-US,en;q=0.9
Referer
https://refundirs-surplus.icu/tax/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date
Wed, 28 Jun 2023 15:17:35 GMT
content-encoding
br
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n%2Ff5KlxauXGFlMURvMtxACtf72lZ6Fa%2BQ%2FWTcoSU5O6nbJK36czqkrpNUXhyWY%2BrOj4RtafsYJdyqQ6%2FaqatUdwtHrESuw8IalPJq%2F8wndG8jw91LgaxTTpTLlKDQh4QRTuK9fGlgsmt%2FYTIa1tqZsqlYIQ%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=iso-8859-1
cache-control
max-age=14400
cf-ray
7de6e5c1f9f60f78-EWR
alt-svc
h3=":443"; ma=86400
hero-1-optimized.jpg
www.irs.gov/pub/2021-10/ 		30 KB
30 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.irs.gov/pub/2021-10/hero-1-optimized.jpg
Requested by
Host: refundirs-surplus.icu
URL: https://refundirs-surplus.icu/tax/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:d:590::f50 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
9ee545f8c50031535751e547b30cb89491089e64c05a2ea6db057b767db08ae8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://refundirs-surplus.icu/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

expires
Thu, 29 Jun 2023 15:17:35 GMT
x-edgeconnect-origin-mex-latency
8
date
Wed, 28 Jun 2023 15:17:35 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
x-edgeconnect-midmile-rtt
1
x-age
163
x-ah-environment
prod
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="468879_388099620_377108045_1133_13903_26_0_-";dur=1
content-length
30267
x-request-id
v-3288006e-3923-11ec-b508-7f3a6b837fba
last-modified
Sat, 30 Oct 2021 01:42:51 GMT
content-type
image/jpeg
cache-control
max-age=86400
accept-ranges
bytes
x-cache-hits
1
official-site-flag.png
www.irs.gov/themes/custom/pup_base/images/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.irs.gov/themes/custom/pup_base/images/official-site-flag.png
Requested by
Host: www.irs.gov
URL: https://www.irs.gov/pub/css/css_aSrQriLwkXCEbxc2T695F6rNjbwEusxP9HhCLUUsGKE.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:d:590::f50 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
2aed0559ebb58b74e1ae783ef624dbbc9f70390a2648dc1787af6c68122ec510
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.irs.gov/pub/css/css_aSrQriLwkXCEbxc2T695F6rNjbwEusxP9HhCLUUsGKE.css
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

x-cache-hits
8
date
Wed, 28 Jun 2023 15:17:35 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
last-modified
Sat, 02 Jul 2022 04:50:45 GMT
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
max-age=86400
x-age
940509
x-ah-environment
prod
accept-ranges
bytes
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="468879_388099620_377108274_977_13307_26_0_-";dur=1
content-length
4029
x-request-id
v-a794fc34-5981-11ed-aa7e-1fff184ae064
expires
Thu, 29 Jun 2023 15:17:35 GMT
fa5-hands-helping.png
www.irs.gov/themes/custom/pup_base/images/ 		976 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.irs.gov/themes/custom/pup_base/images/fa5-hands-helping.png
Requested by
Host: www.irs.gov
URL: https://www.irs.gov/pub/css/css_aSrQriLwkXCEbxc2T695F6rNjbwEusxP9HhCLUUsGKE.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:d:590::f50 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
493d68e8f237b05f962056bd60a80aa816f0a7adddd1e2e944f0ad688b2af09e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.irs.gov/pub/css/css_aSrQriLwkXCEbxc2T695F6rNjbwEusxP9HhCLUUsGKE.css
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

x-cache-hits
7
date
Wed, 28 Jun 2023 15:17:35 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
last-modified
Thu, 18 Nov 2021 07:04:03 GMT
content-type
image/png
cache-control
max-age=86400
x-age
562137
x-ah-environment
prod
accept-ranges
bytes
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="468879_388099620_377108275_1396_15871_26_0_-";dur=1
content-length
976
x-request-id
v-cf576468-94cf-11ec-95b7-474b3d24b51c
expires
Thu, 29 Jun 2023 15:17:35 GMT
fa5-book.png
www.irs.gov/themes/custom/pup_base/images/ 		583 B
949 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.irs.gov/themes/custom/pup_base/images/fa5-book.png
Requested by
Host: www.irs.gov
URL: https://www.irs.gov/pub/css/css_aSrQriLwkXCEbxc2T695F6rNjbwEusxP9HhCLUUsGKE.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:d:590::f50 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
a1f9b6b76c5af10cdeb8108bc10487112c9b521bff9c71b67bbd7ed2e583b346
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.irs.gov/pub/css/css_aSrQriLwkXCEbxc2T695F6rNjbwEusxP9HhCLUUsGKE.css
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

x-cache-hits
15
date
Wed, 28 Jun 2023 15:17:35 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
last-modified
Thu, 18 Nov 2021 07:43:03 GMT
content-type
image/png
cache-control
max-age=86400
x-age
1010900
x-ah-environment
prod
accept-ranges
bytes
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="468879_388099620_377108277_992_13153_26_0_-";dur=1
content-length
583
x-request-id
v-0666a944-664c-11ec-b3c2-4784894bf382
expires
Thu, 29 Jun 2023 15:17:35 GMT
Icon-Search.png
www.irs.gov/themes/custom/pup_base/images/ 		487 B
923 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.irs.gov/themes/custom/pup_base/images/Icon-Search.png
Requested by
Host: www.irs.gov
URL: https://www.irs.gov/pub/css/css_aSrQriLwkXCEbxc2T695F6rNjbwEusxP9HhCLUUsGKE.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:d:590::f50 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
c840d01437bf3c461a9d8b4676974124b62ff0f88db085c6a38aaf14e32199d0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.irs.gov/pub/css/css_aSrQriLwkXCEbxc2T695F6rNjbwEusxP9HhCLUUsGKE.css
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

expires
Thu, 29 Jun 2023 15:17:35 GMT
x-edgeconnect-origin-mex-latency
8
date
Wed, 28 Jun 2023 15:17:35 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
x-edgeconnect-midmile-rtt
4
x-age
256745
x-ah-environment
prod
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="468879_388099620_377108278_983_13207_26_0_-";dur=1
content-length
487
x-request-id
v-6148d662-a038-11ed-9d8e-af46ced93c14
last-modified
Sat, 02 Jul 2022 04:50:45 GMT
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
max-age=86400
accept-ranges
bytes
x-cache-hits
4
sourcesanspro-regular-webfont.woff
www.irs.gov/themes/custom/pup_base/fonts/source-sans-pro/fonts/ 		29 KB
30 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.irs.gov/themes/custom/pup_base/fonts/source-sans-pro/fonts/sourcesanspro-regular-webfont.woff
Requested by
Host: www.irs.gov
URL: https://www.irs.gov/pub/css/css_aSrQriLwkXCEbxc2T695F6rNjbwEusxP9HhCLUUsGKE.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:d:590::f50 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
561baf0bcf9ffa0205461ca95da4a23889403e237e88bea07da997db6aaf6662
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://www.irs.gov/pub/css/css_aSrQriLwkXCEbxc2T695F6rNjbwEusxP9HhCLUUsGKE.css
Origin
https://refundirs-surplus.icu
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

x-edgeconnect-origin-mex-latency
12, 12
date
Wed, 28 Jun 2023 15:17:35 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
last-modified
Sat, 02 Jul 2022 04:50:45 GMT
x-edgeconnect-midmile-rtt
0, 1
access-control-allow-origin
*
cache-control
max-age=86400
x-age
0
x-ah-environment
prod
accept-ranges
bytes
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="468879_388099620_377108709_40_13306_23_0_-";dur=1
content-length
29840
x-request-id
v-024e6dd6-1ab2-11ed-ae12-eb291e6055a7
expires
Thu, 29 Jun 2023 15:17:35 GMT
truncated
/ 		266 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
662294921ca6240beb0f2aecb7f7ac23dd085b782bbe52a369b20226d26afe33

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Content-Type
image/svg+xml
sourcesanspro-bold-webfont.woff
www.irs.gov/themes/custom/pup_base/fonts/source-sans-pro/fonts/ 		29 KB
29 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.irs.gov/themes/custom/pup_base/fonts/source-sans-pro/fonts/sourcesanspro-bold-webfont.woff
Requested by
Host: www.irs.gov
URL: https://www.irs.gov/pub/css/css_aSrQriLwkXCEbxc2T695F6rNjbwEusxP9HhCLUUsGKE.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:d:590::f50 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
69238a5125d41f5a81da26e3d7cb9c6d266d2497afc18e8c56e44420cdad4877
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://www.irs.gov/pub/css/css_aSrQriLwkXCEbxc2T695F6rNjbwEusxP9HhCLUUsGKE.css
Origin
https://refundirs-surplus.icu
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

x-cache-hits
1
x-edgeconnect-origin-mex-latency
31, 31
date
Wed, 28 Jun 2023 15:17:35 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
x-check-cacheable
YES
x-akamai-pragma-client-ip
10.28.190.31, 152.216.7.5
x-edgeconnect-midmile-rtt
1, 1
x-age
0
x-ah-environment
prod
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="468879_388099620_377108749_2340_12769_23_0_-";dur=1
content-length
29396
x-request-id
v-b60d04aa-ff2c-11ec-b798-83480e1d5b26
last-modified
Sat, 02 Jul 2022 04:50:45 GMT
x-serial
3920
access-control-allow-origin
*
cache-control
max-age=86400
x-akamai-ssl-client-sid
rbpPS3SwExqKrJfCh49GNw==
accept-ranges
bytes
expires
Thu, 29 Jun 2023 15:17:35 GMT
sourcesanspro-bolditalic.woff
www.irs.gov/themes/custom/pup_base/fonts/source-sans-pro/fonts/ 		14 KB
14 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.irs.gov/themes/custom/pup_base/fonts/source-sans-pro/fonts/sourcesanspro-bolditalic.woff
Requested by
Host: www.irs.gov
URL: https://www.irs.gov/pub/css/css_aSrQriLwkXCEbxc2T695F6rNjbwEusxP9HhCLUUsGKE.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:d:590::f50 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
87800dc5b6b1994924ba5ca6b42125c4d7be4f4eb5e2c73a75c8e8069c676711
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://www.irs.gov/pub/css/css_aSrQriLwkXCEbxc2T695F6rNjbwEusxP9HhCLUUsGKE.css
Origin
https://refundirs-surplus.icu
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

expires
Thu, 29 Jun 2023 15:17:35 GMT
x-edgeconnect-origin-mex-latency
8
date
Wed, 28 Jun 2023 15:17:35 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
x-edgeconnect-midmile-rtt
0
x-age
441537
x-ah-environment
prod
server-timing
cdn-cache; desc=HIT, edge; dur=5, ak_p; desc="468879_388099620_377108748_2818_12754_23_0_-";dur=1
content-length
13852
x-request-id
v-74cdc89a-2be5-11ed-8d3c-f369f276abd3
last-modified
Thu, 18 Nov 2021 07:04:03 GMT
access-control-allow-origin
*
cache-control
max-age=86400
accept-ranges
bytes
x-cache-hits
2
fontawesome-webfont.woff2
www.irs.gov/themes/custom/pup_base/fonts/ 		75 KB
76 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.irs.gov/themes/custom/pup_base/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by
Host: www.irs.gov
URL: https://www.irs.gov/pub/css/css_aSrQriLwkXCEbxc2T695F6rNjbwEusxP9HhCLUUsGKE.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:d:590::f50 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
42736c7de60dfab94b3cc902b8692f80cfeb0a5989d1d51db1d25fd7d18dc45b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://www.irs.gov/pub/css/css_aSrQriLwkXCEbxc2T695F6rNjbwEusxP9HhCLUUsGKE.css
Origin
https://refundirs-surplus.icu
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

x-cache-hits
8
date
Wed, 28 Jun 2023 15:17:35 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
last-modified
Thu, 18 Nov 2021 07:43:03 GMT
access-control-allow-origin
*
cache-control
max-age=86400
x-age
42
x-ah-environment
prod
accept-ranges
bytes
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="468879_388099620_377108747_2524_11666_23_0_-";dur=1
content-length
77160
x-request-id
v-423b005c-eec1-11ec-b069-636ca1b9ab2a
expires
Thu, 29 Jun 2023 15:17:35 GMT
iframe_api
www.youtube.com/ 		1 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/iframe_api
Requested by
Host: www.irs.gov
URL: https://www.irs.gov/static_assets/js/reporting/autotracker.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4020:807::200e Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
fbc87c3511ceaa4446838dc206f765c70af8e7f2a97617ddaa5e7743ed637b34
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://refundirs-surplus.icu/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date
Wed, 28 Jun 2023 15:17:36 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
content-encoding
br
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
server
ESF
x-frame-options
SAMEORIGIN
report-to
{"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
content-type
text/javascript; charset=utf-8
cache-control
private, max-age=0
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
origin-trial
AvC9UlR6RDk2crliDsFl66RWLnTbHrDbp+DiY6AYz/PNQ4G4tdUTjrHYr2sghbkhGQAVxb7jaPTHpEVBz0uzQwkAAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTcxOTUzMjc5OSwiaXNTdWJkb21haW4iOnRydWV9
expires
Wed, 28 Jun 2023 15:17:36 GMT
sm.24.html
static.addtoany.com/menu/ Frame 8F1D 		677 B
561 B 		Document
General
Check archive.org
Download Go to
Full URL
https://static.addtoany.com/menu/sm.24.html
Requested by
Host: static.addtoany.com
URL: https://static.addtoany.com/menu/page.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:46c5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5a4192e762a449dfd6e63bee835e0941627223c9159e8219acdd01881a1ac175
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://refundirs-surplus.icu/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
accept-language
en-US,en;q=0.9

Response headers

age
1373114
alt-svc
h3=":443"; ma=86400
cache-control
max-age=315360000, immutable
cf-cache-status
HIT
cf-ray
7de6e5c65ad1c346-EWR
content-encoding
br
content-type
text/html; charset=utf-8
date
Wed, 28 Jun 2023 15:17:36 GMT
etag
W/"2a5-5edb40e6d10d8"
last-modified
Fri, 18 Nov 2022 00:47:55 GMT
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Accept-Encoding
via
e4s
x-content-type-options
nosniff
core.6f073af7.js
static.addtoany.com/menu/modules/ 		69 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.addtoany.com/menu/modules/core.6f073af7.js
Requested by
Host: static.addtoany.com
URL: https://static.addtoany.com/menu/page.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:46c5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a6d6d4a886842ef22b5b1034c0a6f34466a030026befb59b60c5511748487bd0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://refundirs-surplus.icu/
Origin
https://refundirs-surplus.icu
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date
Wed, 28 Jun 2023 15:17:36 GMT
via
e3s
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains; preload
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Fri, 23 Jun 2023 07:34:07 GMT
server
cloudflare
etag
W/"1128f-5fec706af44c2"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=315360000, immutable
cf-ray
7de6e5c61a61c413-EWR
www-widgetapi.js
www.youtube.com/s/player/71547d26/www-widgetapi.vflset/ 		198 KB
62 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/71547d26/www-widgetapi.vflset/www-widgetapi.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/iframe_api
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4020:807::200e Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0cb7f94890a40fe2b874754ffe3afcab8d783fc9ce0e45debf510c1eeee6c2e8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://refundirs-surplus.icu/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date
Mon, 26 Jun 2023 07:38:42 GMT
content-encoding
br
x-content-type-options
nosniff
age
200334
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
62878
x-xss-protection
0
last-modified
Mon, 26 Jun 2023 01:48:25 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Tue, 25 Jun 2024 07:38:42 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: IRS (Government)

57 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 boolean| credentialless object| onbeforetoggle object| onscrollend function| include_js function| include_fed function| addDashes function| $ function| jQuery function| addLinkerEvents object| tag object| firstScriptTag object| videoArray object| playerArray string| Settings_HitType function| _sendYouTubeProgressEvent function| onYouTubeIframeAPIReady function| onPlayerReady function| onPlayerStateChange function| youtube_parser function| IsYouTube function| YTUrlHandler number| cCi function| once function| _ object| drupalSettings object| Drupal object| tabbable function| Attributes object| a2a object| a2a_config function| a2a_init object| NREUM object| scriptUrl object| ttPolicy object| YT object| YTConfig boolean| yt_embedsEnableHouseBrandAndYtCoexistence function| onYTReady object| yt function| ytDomDomGetNextId object| ytEventsEventsListeners object| ytEventsEventsCounter object| ytglobal object| ytPubsub2Pubsub2Instance object| ytPubsub2Pubsub2SubscribedKeys object| ytPubsub2Pubsub2TopicToKeys object| ytPubsub2Pubsub2IsAsync object| ytPubsub2Pubsub2SkipSubKey object| ytNetworklessLoggingInitializationOptions object| ytPubsubPubsubInstance object| ytPubsubPubsubTopicToKeys object| ytPubsubPubsubIsSynchronous object| ytPubsubPubsubSubscribedKeys object| ytLoggingTransportTokensToCttTargetIds_ object| ytLoggingTransportTokensToJspbCttTargetIds_ object| ytLoggingGelSequenceIdObj_

2 Cookies

Domain/Path Name / Value
.youtube.com/ Name: YSC
Value: zn5Vi70kfn4
.youtube.com/ Name: VISITOR_INFO1_LIVE
Value: cblpMSRKUao

6 Console Messages

Source Level URL
Text
network error URL: https://refundirs-surplus.icu/themes/custom/pup_base/IRS-Logo.svg
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://refundirs-surplus.icu/themes/custom/pup_irs/images/logo-print.svg
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://refundirs-surplus.icu/static_assets/js/reporting/federated-analytics.js?agency=Treasury&subagency=IRS&sdor=true
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://refundirs-surplus.icu/static_assets/js/leftnav/height.js
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://refundirs-surplus.icu/static_assets/js/https.js
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://refundirs-surplus.icu/static_assets/js/reporting/google-analytics.js
Message:
Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

refundirs-surplus.icu
static.addtoany.com
www.irs.gov
www.youtube.com
2600:1400:d:590::f50
2606:4700:10::6816:46c5
2606:4700:3033::ac43:aa53
2607:f8b0:4020:807::200e
0cb7f94890a40fe2b874754ffe3afcab8d783fc9ce0e45debf510c1eeee6c2e8
0dca307b2018b8ca00dbdc21b29f161fef626f0b4b7d0dacd54eec8c263ba9b2
0f43618580dd31a8096effd969ca2af7e26ba8555ab8d732e5b32fe2ef8e8cf6
1881d41c12961ae92cc80d73abed82c537d3b64b8cb46dab759cd5b62bbb83c0
2aed0559ebb58b74e1ae783ef624dbbc9f70390a2648dc1787af6c68122ec510
3f6784263d3bb200872c0a76d1219710f9b20049ab43e1863409350856f9b548
42736c7de60dfab94b3cc902b8692f80cfeb0a5989d1d51db1d25fd7d18dc45b
493d68e8f237b05f962056bd60a80aa816f0a7adddd1e2e944f0ad688b2af09e
536bf85846af227633a71f5573cfac96d0c67f603dccbd3f9751b36eeef6a675
561baf0bcf9ffa0205461ca95da4a23889403e237e88bea07da997db6aaf6662
56d91c8c5410925f0b5232d19e02397735721331240d2035b255880afaaa697c
5a4192e762a449dfd6e63bee835e0941627223c9159e8219acdd01881a1ac175
662294921ca6240beb0f2aecb7f7ac23dd085b782bbe52a369b20226d26afe33
66466573e4c2cffdc636e13e76758dcf83f0ce235083c2098ad471cf419481d8
69238a5125d41f5a81da26e3d7cb9c6d266d2497afc18e8c56e44420cdad4877
692ad0ae22f09170846f17364faf7917aacd8dbc04bacc4ff478422d452c18a1
7340a3ba9071343acfdcef4238731ce490712e7aa69e8927c521fc346c887b6d
7600b91173199c77decca236c6bf74601a2747aed3cc005d265b1ed0d644b499
87800dc5b6b1994924ba5ca6b42125c4d7be4f4eb5e2c73a75c8e8069c676711
9005061bbc418b8d7af4525313ff8c5c7883447c2a3c912a89a336d015ab7063
9ee545f8c50031535751e547b30cb89491089e64c05a2ea6db057b767db08ae8
a1f9b6b76c5af10cdeb8108bc10487112c9b521bff9c71b67bbd7ed2e583b346
a6d6d4a886842ef22b5b1034c0a6f34466a030026befb59b60c5511748487bd0
b82d4e13ea6e0a629a94dc8d8d674b3754038820f64ea15a92072df1d555f0ab
c504d2daa412a37724b3c6bff37b7e450be1ab2d94f4854b2bc5ddc11e31d899
c840d01437bf3c461a9d8b4676974124b62ff0f88db085c6a38aaf14e32199d0
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
fbc87c3511ceaa4446838dc206f765c70af8e7f2a97617ddaa5e7743ed637b34
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e