urlscan.io logo urlscan.io
SecurityTrails logo

www.getyourrefund.org Open in urlscan Pro
35.173.27.75  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://rmagnet.usu.edu/link.cfm?r=8cVg5wPgA2_yaUK_6Ca0pw~~&pe=tfIRmrtibKchpoW0J2eF6Hyq_PApmJO-5vNEfN6BTzXrZ4iJOSLc_qLSy...
Effective URL: https://www.getyourrefund.org/eip?s=cbpp
Submission: On September 23 via api from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 11 IPs in 3 countries across 11 domains to perform 25 HTTP transactions. The main IP is 35.173.27.75, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is www.getyourrefund.org.
TLS certificate: Issued by Let's Encrypt Authority X3 on August 29th 2020. Valid for: 3 months.
This is the only time www.getyourrefund.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 209.18.70.182 14492 (DATAPIPE)
5 35.173.27.75 14618 (AMAZON-AES)
1 2a00:1450:400... 15169 (GOOGLE)
7 104.18.71.113 13335 (CLOUDFLAR...)
2 2620:1ec:c11:... 8068 (MICROSOFT...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
4 104.16.53.111 13335 (CLOUDFLAR...)
1 3.123.119.171 16509 (AMAZON-02)
25 11
1    209.18.70.182 (United States)

ASN14492 (DATAPIPE, US)
PTR: mail182.magnetmail.net
rmagnet.usu.edu
5    35.173.27.75 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-173-27-75.compute-1.amazonaws.com
www.getyourrefund.org
1    2a00:1450:4001:81a::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
7    104.18.71.113 (United States)

ASN13335 (CLOUDFLARENET, US)
static.zdassets.com
ekr.zdassets.com
2    2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
bat.bing.com
1    2a00:1450:4001:821::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    2a00:1450:4001:820::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    2a00:1450:400c:c0c::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
1    2a00:1450:4001:819::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
1    2a00:1450:4001:808::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
4    104.16.53.111 (United States)

ASN13335 (CLOUDFLARENET, US)
eitc.zendesk.com
1    3.123.119.171 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-123-119-171.eu-central-1.compute.amazonaws.com
widget-mediator.zopim.com
Domain Requested by
6 static.zdassets.com www.getyourrefund.org
static.zdassets.com
5 www.getyourrefund.org www.getyourrefund.org
4 eitc.zendesk.com static.zdassets.com
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
2 bat.bing.com www.getyourrefund.org
1 widget-mediator.zopim.com static.zdassets.com
1 www.google.de
1 www.google.com
1 stats.g.doubleclick.net www.google-analytics.com
1 ekr.zdassets.com static.zdassets.com
1 www.googletagmanager.com www.getyourrefund.org
1 rmagnet.usu.edu 1 redirects
25 12

This site contains links to these domains. Also see Links.

Domain
www.codeforamerica.org
www.irs.gov
Subject Issuer Validity Valid
www.getyourrefund.org
Let's Encrypt Authority X3		 2020-08-29 -
2020-11-27		 3 months crt.sh
*.google-analytics.com
GTS CA 1O1		 2020-08-26 -
2020-11-18		 3 months crt.sh
ssl911790.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2		 2020-05-20 -
2020-11-26		 6 months crt.sh
www.bing.com
Microsoft IT TLS CA 2		 2019-04-30 -
2021-04-30		 2 years crt.sh
*.g.doubleclick.net
GTS CA 1O1		 2020-08-26 -
2020-11-18		 3 months crt.sh
www.google.com
GTS CA 1O1		 2020-08-26 -
2020-11-18		 3 months crt.sh
www.google.de
GTS CA 1O1		 2020-08-26 -
2020-11-18		 3 months crt.sh
eitc.zendesk.com
Cloudflare Inc ECC CA-3		 2020-07-15 -
2021-07-15		 a year crt.sh
*.zopim.com
Sectigo RSA Domain Validation Secure Server CA		 2020-05-30 -
2021-05-30		 a year crt.sh

This page contains 2 frames:

Primary Page: https://www.getyourrefund.org/eip?s=cbpp
Frame ID: 40EF6F7BCF59AAB044E8E94A1FC02948
Requests: 16 HTTP requests in this frame

Frame: https://static.zdassets.com/web_widget/latest/preload.55392e8c9a3b8090a3f2.js
Frame ID: D452E3BE6D7ED6A266D2BB874F20AB90
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://rmagnet.usu.edu/link.cfm?r=8cVg5wPgA2_yaUK_6Ca0pw~~&pe=tfIRmrtibKchpoW0J2eF6Hyq_PApmJO-5vNEf... HTTP 302
    https://www.getyourrefund.org/eip?s=cbpp Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • url /\.cfm(?:$|\?)/i
Overall confidence: 100%
Detected patterns
  • url /\.cfm(?:$|\?)/i
Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

25
Requests

100 %
HTTPS

58 %
IPv6

11
Domains

12
Subdomains

11
IPs

3
Countries

732 kB
Transfer

2739 kB
Size

7
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://rmagnet.usu.edu/link.cfm?r=8cVg5wPgA2_yaUK_6Ca0pw~~&pe=tfIRmrtibKchpoW0J2eF6Hyq_PApmJO-5vNEfN6BTzXrZ4iJOSLc_qLSyJMhPqgBIdjyGjHRNHKT-x3E4PeAGQ~~&t=JxRtd4NsSsqFFTCB8j6T9w~~ HTTP 302
    https://www.getyourrefund.org/eip?s=cbpp Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

25 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request eip
www.getyourrefund.org/
Redirect Chain
  • http://rmagnet.usu.edu/link.cfm?r=8cVg5wPgA2_yaUK_6Ca0pw~~&pe=tfIRmrtibKchpoW0J2eF6Hyq_PApmJO-5vNEfN6BTzXrZ4iJOSLc_qLSyJMhPqgBIdjyGjHRNHKT-x3E4PeAGQ~~&t=JxRtd4NsSsqFFTCB8j6T9w~~
  • https://www.getyourrefund.org/eip?s=cbpp
7 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.getyourrefund.org/eip?s=cbpp
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.173.27.75 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-27-75.compute-1.amazonaws.com
Software
nginx /
Resource Hash
e18a55f02a6f88d8c657864e3a8323062b57f0319b186f6e80c6934dfbf06b49
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.getyourrefund.org
:scheme
https
:path
/eip?s=cbpp
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
200
date
Wed, 23 Sep 2020 14:30:49 GMT
content-type
text/html; charset=utf-8
server
nginx
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
x-content-type-options
nosniff
x-download-options
noopen
x-permitted-cross-domain-policies
none
referrer-policy
strict-origin-when-cross-origin
etag
W/"e18a55f02a6f88d8c657864e3a832306"
cache-control
max-age=0, private, must-revalidate
set-cookie
visitor_id=a3c6bf60f53976e0e6405128059bd11dd1a83efd015ebdf4096a; path=/; expires=Sun, 23 Sep 2040 14:30:49 GMT; HttpOnly; secure _vita_min_session=n1%2FrxBrrhiTVMYtC1IahlybOrmTLvG%2BQdksPkKEwW5aPyMAxJaM6PACMu0oOmGZuqcJc9qWjpRA3ghnrFoaKX7AQPr5IYyZc%2F%2BVHW7YubSXO%2FcHoXGgV7lQE6ukgyA0o4zw3k1XAtjq5gAJdHAhWafe%2BqAav3QOXOO9tSLo9zKrv27qg0laLqTyPhNQPar6Q--Dk3mH%2B4Kr2zkAwaE--7LQmv9b13GgWEXeXxbxPGg%3D%3D; path=/; secure; HttpOnly
x-request-id
5a2ae702-c658-4b08-b777-39de536c82c9
x-runtime
0.074491
strict-transport-security
max-age=31536000; includeSubDomains max-age=31536000
content-encoding
gzip

Redirect headers

Cache-Control
no-cache
Pragma
no-cache
Content-Type
text/html;charset=UTF-8
Location
https://www.getyourrefund.org/eip?s=cbpp
Server
Microsoft-IIS/8.5
Set-Cookie
CFID=1482062783; Expires=Thu, 24-Sep-2020 14:30:48 GMT; Path=/; HttpOnly CFTOKEN=eaf8e0957d511fd2-51BC5EF9-5056-A16C-FA3973103FAC2EF1; Expires=Thu, 24-Sep-2020 14:30:48 GMT; Path=/; HttpOnly JSESSIONID=D7E1759FAF76D6C9BA6F6420736431D2.cfusion; Path=/; HttpOnly CFID=1482062783; Path=/ CFTOKEN=eaf8e0957d511fd2%2D51BC5EF9%2D5056%2DA16C%2DFA3973103FAC2EF1; Path=/
X-Powered-By
ASP.NET
Date
Wed, 23 Sep 2020 14:30:47 GMT
Content-Length
0
js
www.googletagmanager.com/gtag/ 		90 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-156157414-1
Requested by
Host: www.getyourrefund.org
URL: https://www.getyourrefund.org/eip?s=cbpp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
c4209410da99a8057f1843decafe474fa5b1c6fda37e04f90d1c250433f05e99
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.getyourrefund.org/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 23 Sep 2020 14:30:49 GMT
content-encoding
br
vary
Accept-Encoding
status
200
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36407
x-xss-protection
0
last-modified
Wed, 23 Sep 2020 12:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 23 Sep 2020 14:30:49 GMT
application-b560e2d42b845c98f6fbbc9db9dee68feea878d85ab217263b77d83f726ae719.css
www.getyourrefund.org/assets/ 		108 KB
23 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.getyourrefund.org/assets/application-b560e2d42b845c98f6fbbc9db9dee68feea878d85ab217263b77d83f726ae719.css
Requested by
Host: www.getyourrefund.org
URL: https://www.getyourrefund.org/eip?s=cbpp
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.173.27.75 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-27-75.compute-1.amazonaws.com
Software
nginx /
Resource Hash
02a047539c12143ace6b8d568ded787229952c94e02ad83454b0cb4d6fcb6875
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000

Request headers

Referer
https://www.getyourrefund.org/eip?s=cbpp
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 23 Sep 2020 14:30:49 GMT
content-encoding
gzip
last-modified
Wed, 16 Sep 2020 18:19:48 GMT
server
nginx
vary
Accept-Encoding
content-type
text/css
status
200
strict-transport-security
max-age=31536000; includeSubDomains, max-age=31536000
content-length
23305
application-4d86c15e58c9df621b63b6f93625a2b456a0b0c8f82a1542f81e7aa27aea61d0.js
www.getyourrefund.org/assets/ 		140 KB
46 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.getyourrefund.org/assets/application-4d86c15e58c9df621b63b6f93625a2b456a0b0c8f82a1542f81e7aa27aea61d0.js
Requested by
Host: www.getyourrefund.org
URL: https://www.getyourrefund.org/eip?s=cbpp
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.173.27.75 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-27-75.compute-1.amazonaws.com
Software
nginx /
Resource Hash
4d86c15e58c9df621b63b6f93625a2b456a0b0c8f82a1542f81e7aa27aea61d0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000

Request headers

Referer
https://www.getyourrefund.org/eip?s=cbpp
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 23 Sep 2020 14:30:49 GMT
content-encoding
gzip
last-modified
Wed, 16 Sep 2020 18:19:48 GMT
server
nginx
vary
Accept-Encoding
content-type
application/javascript
status
200
strict-transport-security
max-age=31536000; includeSubDomains, max-age=31536000
content-length
46405
checkbox-logo--white-252f6970859e7b1ba37367e7820af3472b45415066bb501fae76813011fde48e.png
www.getyourrefund.org/assets/ 		363 B
552 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.getyourrefund.org/assets/checkbox-logo--white-252f6970859e7b1ba37367e7820af3472b45415066bb501fae76813011fde48e.png
Requested by
Host: www.getyourrefund.org
URL: https://www.getyourrefund.org/eip?s=cbpp
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.173.27.75 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-27-75.compute-1.amazonaws.com
Software
nginx /
Resource Hash
252f6970859e7b1ba37367e7820af3472b45415066bb501fae76813011fde48e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000

Request headers

Referer
https://www.getyourrefund.org/eip?s=cbpp
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
200
date
Wed, 23 Sep 2020 14:30:50 GMT
last-modified
Sat, 01 Jan 2000 00:00:00 GMT
server
nginx
content-length
363
strict-transport-security
max-age=31536000; includeSubDomains, max-age=31536000
content-type
image/png
snippet.js
static.zdassets.com/ekr/ 		24 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.zdassets.com/ekr/snippet.js?key=05866b72-a822-42e2-b72e-df1d9f6cf1bc
Requested by
Host: www.getyourrefund.org
URL: https://www.getyourrefund.org/eip?s=cbpp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.71.113 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
eb4b7a1be5f80c37ac74daa6f20b193b24414f23da856ad2560a0053e65a2cb7
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

Referer
https://www.getyourrefund.org/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 23 Sep 2020 14:30:50 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
age
52
x-amz-server-side-encryption
AES256
status
200
x-amz-replication-status
COMPLETED
x-amz-request-id
C0CA8848DCD3CEAF
x-amz-id-2
xnbzxiI4FAXHXRkL5htU6Jj+cXP9o45eoXEvsFQ+Xr1gd+M/QMGy4OaiTqT+tF74rVjE5MhAALk=
last-modified
Tue, 10 Mar 2020 23:13:51 GMT
server
cloudflare
etag
W/"f47f1934dec578b3ec2daacb7e61d9c9"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0
content-type
application/javascript
cache-control
public, max-age=3600, s-maxage=60
x-amz-version-id
QzcBmfzwuCnSPtNhWyKUV.rVnAqAKY6a
cf-request-id
055cf8ddbc00001eeba7b89200000001
cf-ray
5d74f742caf61eeb-AMS
bat.js
bat.bing.com/ 		26 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/bat.js
Requested by
Host: www.getyourrefund.org
URL: https://www.getyourrefund.org/eip?s=cbpp
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
5c622f5433cbb6ea1df5c0dd8671e55ef7d1464366074730473c453de50a579b

Request headers

Referer
https://www.getyourrefund.org/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 23 Sep 2020 14:30:50 GMT
content-encoding
gzip
last-modified
Thu, 16 Jul 2020 20:00:00 GMT
x-msedge-ref
Ref A: 4C7F3AA448E1467AAE28A892768952DB Ref B: FRAEDGE1418 Ref C: 2020-09-23T14:30:50Z
status
200
etag
"0e0bdafab5bd61:0"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
private,max-age=1800
accept-ranges
bytes
content-length
8022
analytics.js
www.google-analytics.com/ 		45 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-156157414-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:821::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
60863e86aa7743d1ac841da7f473a05cd57fba81d661cef658e385437f80d5ef
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.getyourrefund.org/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 09 Sep 2020 01:50:37 GMT
server
Golfe2
age
4510
date
Wed, 23 Sep 2020 13:15:40 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18650
expires
Wed, 23 Sep 2020 15:15:40 GMT
stimulus-hero-f367bd7138e09be07b55b356ccfbc5a9d78d933a36a174d1fa515e5054adc751.svg
www.getyourrefund.org/assets/ 		66 KB
67 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.getyourrefund.org/assets/stimulus-hero-f367bd7138e09be07b55b356ccfbc5a9d78d933a36a174d1fa515e5054adc751.svg
Requested by
Host: www.getyourrefund.org
URL: https://www.getyourrefund.org/assets/application-b560e2d42b845c98f6fbbc9db9dee68feea878d85ab217263b77d83f726ae719.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.173.27.75 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-27-75.compute-1.amazonaws.com
Software
nginx /
Resource Hash
f367bd7138e09be07b55b356ccfbc5a9d78d933a36a174d1fa515e5054adc751
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000

Request headers

Referer
https://www.getyourrefund.org/assets/application-b560e2d42b845c98f6fbbc9db9dee68feea878d85ab217263b77d83f726ae719.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
200
date
Wed, 23 Sep 2020 14:30:50 GMT
last-modified
Sat, 01 Jan 2000 00:00:00 GMT
server
nginx
content-length
67950
strict-transport-security
max-age=31536000; includeSubDomains, max-age=31536000
content-type
image/svg+xml
05866b72-a822-42e2-b72e-df1d9f6cf1bc
ekr.zdassets.com/compose/ 		667 B
815 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ekr.zdassets.com/compose/05866b72-a822-42e2-b72e-df1d9f6cf1bc
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/ekr/snippet.js?key=05866b72-a822-42e2-b72e-df1d9f6cf1bc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.71.113 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
66feccdda5935de7fea6f92c4f89af01123c81ec486362b797024bedb873c02b
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

Referer
https://www.getyourrefund.org/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 23 Sep 2020 14:30:51 GMT
content-encoding
br
vary
Origin, Accept-Encoding
cf-cache-status
REVALIDATED
status
200, 200 OK
strict-transport-security
max-age=0
cf-request-id
055cf8e0480000fa3c7a92a200000001
x-request-id
60392d78-5f6b-4d1e-9b59-2951d354841f
x-runtime
0.003034
server
cloudflare
etag
W/"66feccdda5935de7fea6f92c4f89af01"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
7200
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
cache-control
max-age=600, public, s-maxage=60, stale-while-revalidate=600, stale-if-error=3600
cf-ray
5d74f746df59fa3c-AMS
0
bat.bing.com/action/ 		0
148 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bat.bing.com/action/0?ti=27009625&Ver=2&mid=114e5f00-363f-b168-c5d0-caea627ed7ca&sid=b6790d6ab2273570bd93a82817640fd0&vid=fb7e1f19abe62d0574da76882da2acc2&vids=1&pi=0&lg=en-US&sw=1600&sh=1200&sc=24&tl=Get%20help%20claiming%20your%20stimulus%20check%20for%20free!%20%7C%20GetYourRefund.org&p=https%3A%2F%2Fwww.getyourrefund.org%2Feip%3Fs%3Dcbpp&r=&lt=2099&evt=pageLoad&msclkid=N&sv=1&rn=213066
Requested by
Host: www.getyourrefund.org
URL: https://www.getyourrefund.org/eip?s=cbpp
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.getyourrefund.org/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
204
pragma
no-cache
date
Wed, 23 Sep 2020 14:30:50 GMT
cache-control
no-cache, must-revalidate
x-msedge-ref
Ref A: 60C0E99CF3244A15B2BFFD6C0308D6FD Ref B: FRAEDGE1418 Ref C: 2020-09-23T14:30:50Z
access-control-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/j/ 		2 B
401 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j86&a=1102704469&t=pageview&_s=1&dl=https%3A%2F%2Fwww.getyourrefund.org%2Feip%3Fs%3Dcbpp&ul=en-us&de=UTF-8&dt=Get%20help%20claiming%20your%20stimulus%20check%20for%20free!%20%7C%20GetYourRefund.org&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAUABAAAAAC~&jid=97440624&gjid=1435163171&cid=332215043.1600871451&tid=UA-156157414-1&_gid=2026391369.1600871451&_r=1&gtm=2ou9g1&z=1060596483
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:820::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.getyourrefund.org/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 23 Sep 2020 14:30:50 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
status
200
content-type
text/plain
access-control-allow-origin
https://www.getyourrefund.org
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/j/ 		4 B
92 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j86&tid=UA-156157414-1&cid=332215043.1600871451&jid=97440624&gjid=1435163171&_gid=2026391369.1600871451&_u=IEBAAUAAAAAAAC~&z=1450889228
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c0c::9c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.getyourrefund.org/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Wed, 23 Sep 2020 14:30:50 GMT
status
200
content-type
text/plain
access-control-allow-origin
https://www.getyourrefund.org
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.com/ads/ 		42 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j86&tid=UA-156157414-1&cid=332215043.1600871451&jid=97440624&_u=IEBAAUAAAAAAAC~&z=198947856
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.getyourrefund.org/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 23 Sep 2020 14:30:50 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j86&tid=UA-156157414-1&cid=332215043.1600871451&jid=97440624&_u=IEBAAUAAAAAAAC~&z=198947856
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.getyourrefund.org/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 23 Sep 2020 14:30:50 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
preload.55392e8c9a3b8090a3f2.js
static.zdassets.com/web_widget/latest/ Frame D452 		61 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.zdassets.com/web_widget/latest/preload.55392e8c9a3b8090a3f2.js
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/ekr/snippet.js?key=05866b72-a822-42e2-b72e-df1d9f6cf1bc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.71.113 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d7f4cfa38acd5b443b4b6f910f9f991b864b4e848305a4c7f4d19b9478fcc9a5
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 23 Sep 2020 14:30:51 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
age
209959
x-amz-server-side-encryption
AES256
status
200
x-amz-replication-status
COMPLETED
x-amz-request-id
29CA1ABCEBE1549D
x-amz-id-2
2dZF+SnXTfgh1Iv2EyKnFuqlQyjsAA5ulawygmzvVBFpkYI3s9K5xEUoViE8WZ+ogXsepuOG5h8=
last-modified
Thu, 17 Sep 2020 07:48:16 GMT
server
cloudflare
etag
W/"49eb01e63d1841b01ce04cf2b2b2f84f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
x-amz-version-id
9T3paqgKSB.1TGni3fi3uEDegCYRKNYv
cf-request-id
055cf8e35c00001eeba7822200000001
cf-ray
5d74f74bca871eeb-AMS
expires
Fri, 17 Sep 2021 07:48:15 GMT
vendors~web_widget.af1f4c14418f7f4d7688.chunk.js
static.zdassets.com/web_widget/latest/ Frame D452 		1 MB
282 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.zdassets.com/web_widget/latest/vendors~web_widget.af1f4c14418f7f4d7688.chunk.js
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/ekr/snippet.js?key=05866b72-a822-42e2-b72e-df1d9f6cf1bc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.71.113 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
39e728574e3c99e4633a84fff1ca0df9d61021667f0627a3522f849c3eb468a9
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 23 Sep 2020 14:30:51 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
age
430791
x-amz-server-side-encryption
AES256
status
200
x-amz-replication-status
COMPLETED
x-amz-request-id
D077FD10882D93D9
x-amz-id-2
pqObBjDn8+g5A9grEPwcB/ug2EiNi11ozDGC4fi6NEFWSesUa8QVqvskVLk3JzWYqooJ0DJ0WP4=
last-modified
Tue, 15 Sep 2020 05:35:38 GMT
server
cloudflare
etag
W/"ff02a002dde49d70e6fa9965cd35be6a"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
x-amz-version-id
57O7oNwGalES29Sw0Hj9MUR4QBdDcloG
cf-request-id
055cf8e35c00001eeba7823200000001
cf-ray
5d74f74bca881eeb-AMS
expires
Tue, 14 Sep 2021 09:12:27 GMT
web_widget.e223f11f955c574d1b79.chunk.js
static.zdassets.com/web_widget/latest/ Frame D452 		851 KB
164 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.zdassets.com/web_widget/latest/web_widget.e223f11f955c574d1b79.chunk.js
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/ekr/snippet.js?key=05866b72-a822-42e2-b72e-df1d9f6cf1bc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.71.113 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3c9341a2a75c9949a441e6be45f38f24761f4b6af7fb6ea277e4e4b2f4ee8cc5
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 23 Sep 2020 14:30:51 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
age
118
x-amz-server-side-encryption
AES256
status
200
x-amz-replication-status
COMPLETED
x-amz-request-id
CF6A66764494AF65
x-amz-id-2
uuS9tnf/gxqwZe+0QPz/WCLQ+K3d1oX2RmrP8NtOq29sMQXO1Ya+RuNLMP3EcxgnuQ49ORaTfzE=
last-modified
Thu, 17 Sep 2020 07:48:18 GMT
server
cloudflare
etag
W/"10d4898e9861af73588f9eefa5dc9e04"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
x-amz-version-id
ji8C2T61EK_IbJ_wuANFTvPvOt4eTc85
cf-request-id
055cf8e35c00001eeba7824200000001
cf-ray
5d74f74bca891eeb-AMS
expires
Fri, 17 Sep 2021 07:48:17 GMT
chat-sdk.cec40ba63b2a85de0a9c.chunk.js
static.zdassets.com/web_widget/latest/ Frame D452 		257 KB
50 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.zdassets.com/web_widget/latest/chat-sdk.cec40ba63b2a85de0a9c.chunk.js
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/ekr/snippet.js?key=05866b72-a822-42e2-b72e-df1d9f6cf1bc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.71.113 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8231103d519b2db6114b40807697ff8a7443f6ec6e939c8cb9cb4f5dee7348b2
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 23 Sep 2020 14:30:51 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
age
3148143
x-amz-server-side-encryption
AES256
status
200
x-amz-replication-status
COMPLETED
x-amz-request-id
87A9D4B3DC3F0ADF
x-amz-id-2
brKjlUvrxP3u56FMt74TDFrccRPzTPolejrgElV0jFDzYN3ENmit3/dECZWSfE7Y2uUhya6W0Vc=
last-modified
Tue, 18 Aug 2020 02:33:45 GMT
server
cloudflare
etag
W/"c7b786c485c50d3373906fb0a543389a"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
x-amz-version-id
gFHPAMAugKmIKeMV9L0CtnaefbzoECil
cf-request-id
055cf8e35c00001eeba7825200000001
cf-ray
5d74f74bca8a1eeb-AMS
expires
Wed, 18 Aug 2021 02:33:44 GMT
config
eitc.zendesk.com/embeddable/ 		593 B
1020 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://eitc.zendesk.com/embeddable/config
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/ekr/snippet.js?key=05866b72-a822-42e2-b72e-df1d9f6cf1bc
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.16.53.111 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
088e61eb148f84a8036fda284b8ca99b67f08e9e192ed5599442bf7a1e11904e
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.getyourrefund.org/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 23 Sep 2020 14:30:51 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
EXPIRED
status
200
vary
Origin, Accept-Encoding
cf-request-id
055cf8e44d0000c8470e0a9200000001
x-request-id
5d74f74d4fc2c847-IAD
x-runtime
0.001495
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
1728000
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
cache-control
public, max-age=60, stale-while-revalidate=600, stale-if-error=3600
x-zendesk-origin-server
embeddable-app-server-58f8b67b64-t7zg7
cf-ray
5d74f74d4fc2c847-AMS
en-us-json.cc8e73e5fe307bb27426.chunk.js
static.zdassets.com/web_widget/latest/locales/ Frame D452 		25 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.zdassets.com/web_widget/latest/locales/en-us-json.cc8e73e5fe307bb27426.chunk.js
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/latest/preload.55392e8c9a3b8090a3f2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.71.113 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b8882e31b1407e6da2e2dda44ffa9f1c1a9298059f7203c5fa7d50bee4899783
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 23 Sep 2020 14:30:52 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
age
5478808
x-amz-server-side-encryption
AES256
status
200
x-amz-replication-status
COMPLETED
x-amz-request-id
AEFE79F66C7EBC1F
x-amz-id-2
zpwv65XFe49wftw1PecBmuA4sM32FIZ0WF0xzhWGFJx4v8F7g4WWCsLyd/Cyco/YGs/dsfWFyM4=
last-modified
Wed, 22 Jul 2020 04:05:08 GMT
server
cloudflare
etag
W/"c94e458331968060067c4539f118fd54"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
x-amz-version-id
5EVM6Ae5ZeloER_IP_K91Z5iUqcAli8n
cf-request-id
055cf8e55f00001eeba785a200000001
cf-ray
5d74f74ef8411eeb-AMS
expires
Thu, 22 Jul 2021 04:05:07 GMT
embeddable_blip
eitc.zendesk.com/ Frame D452 		0
555 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://eitc.zendesk.com/embeddable_blip?type=userAction&data=eyJjaGFubmVsIjoid2ViX3dpZGdldCIsInVzZXJBY3Rpb24iOnsiY2F0ZWdvcnkiOiJhcGkiLCJhY3Rpb24iOiJ3ZWJXaWRnZXQuc2V0TG9jYWxlIiwibGFiZWwiOm51bGwsInZhbHVlIjp7ImFyZ3MiOiJlbiJ9fSwiYnVpZCI6IjNmN2Y1NGMwZWViYTgzOGY3ODlhNzllOTZmY2QxMjZlIiwic3VpZCI6IjRjMDYxYjI2ZjgxNDFiNjlhYTgxMmQxYmMyNWUwZGMxIiwidmVyc2lvbiI6ImZmNjg2OTNhZiIsInRpbWVzdGFtcCI6IjIwMjAtMDktMjNUMTQ6MzA6NTEuOTcwWiIsInVybCI6Imh0dHBzOi8vd3d3LmdldHlvdXJyZWZ1bmQub3JnL2VpcD9zPWNicHAifQ%3D%3D
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/latest/vendors~web_widget.af1f4c14418f7f4d7688.chunk.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.16.53.111 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 23 Sep 2020 14:30:52 GMT
content-encoding
br
cf-cache-status
MISS
server
cloudflare
status
200
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/html; charset=utf-8
access-control-allow-origin
https://www.getyourrefund.org
cache-control
no-store, no-cache, must-revalidate
cf-ray
5d74f74f0a59c847-AMS
cf-request-id
055cf8e5650000c8470e0ae200000001
embeddable_blip
eitc.zendesk.com/ Frame D452 		0
245 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://eitc.zendesk.com/embeddable_blip?type=settings&data=eyJzZXR0aW5ncyI6eyJ3ZWJXaWRnZXQiOnsiY2hhdCI6eyJjb25uZWN0T25QYWdlTG9hZCI6ZmFsc2V9fX0sImJ1aWQiOiIzZjdmNTRjMGVlYmE4MzhmNzg5YTc5ZTk2ZmNkMTI2ZSIsInN1aWQiOiI0YzA2MWIyNmY4MTQxYjY5YWE4MTJkMWJjMjVlMGRjMSIsInZlcnNpb24iOiJmZjY4NjkzYWYiLCJ0aW1lc3RhbXAiOiIyMDIwLTA5LTIzVDE0OjMwOjUxLjk3N1oiLCJ1cmwiOiJodHRwczovL3d3dy5nZXR5b3VycmVmdW5kLm9yZy9laXA%2Fcz1jYnBwIn0%3D
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/latest/vendors~web_widget.af1f4c14418f7f4d7688.chunk.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.16.53.111 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 23 Sep 2020 14:30:52 GMT
content-encoding
br
cf-cache-status
MISS
server
cloudflare
status
200
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/html; charset=utf-8
access-control-allow-origin
https://www.getyourrefund.org
cache-control
no-store, no-cache, must-revalidate
cf-ray
5d74f74f0a5cc847-AMS
cf-request-id
055cf8e5670000c8470e0af200000001
status
widget-mediator.zopim.com/client/widget/account/ Frame D452 		20 B
619 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://widget-mediator.zopim.com/client/widget/account/status?embed_key=96uV4WkN3C5fsEaOIR1OBoFSwVIb4ugh
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/latest/vendors~web_widget.af1f4c14418f7f4d7688.chunk.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.123.119.171 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-123-119-171.eu-central-1.compute.amazonaws.com
Software
/ Express
Resource Hash
87407b6db5abf75a753ca1a8f01a6d96d30ac002d8e0d6ca4a1052e994ef9529

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 23 Sep 2020 14:30:52 GMT
status
200
x-powered-by
Express
etag
W/"14-VHc7j29ilOlP73ZUiJntvNFgjQA"
vary
Accept-Encoding
access-control-allow-methods
GET,PUT,POST,DELETE
content-type
application/json; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30
access-control-allow-headers
Content-Type
content-length
20
embeddable_blip
eitc.zendesk.com/ Frame D452 		0
246 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://eitc.zendesk.com/embeddable_blip?type=pageView&data=eyJwYWdlVmlldyI6eyJyZWZlcnJlciI6Imh0dHBzOi8vd3d3LmdldHlvdXJyZWZ1bmQub3JnL2VpcD9zPWNicHAiLCJ0aW1lIjoxMDUsImxvYWRUaW1lIjo4Mi41NTAwMDAzOTkzNTExMiwibmF2aWdhdG9yTGFuZ3VhZ2UiOiJlbi1VUyIsInBhZ2VUaXRsZSI6IkdldCBoZWxwIGNsYWltaW5nIHlvdXIgc3RpbXVsdXMgY2hlY2sgZm9yIGZyZWUhIHwgR2V0WW91clJlZnVuZC5vcmciLCJ1c2VyQWdlbnQiOiJNb3ppbGxhLzUuMCAoTWFjaW50b3NoOyBJbnRlbCBNYWMgT1MgWCAxMF8xNF81KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvODMuMC40MTAzLjYxIFNhZmFyaS81MzcuMzYiLCJpc01vYmlsZSI6ZmFsc2UsImlzUmVzcG9uc2l2ZSI6dHJ1ZSwidmlld3BvcnRNZXRhIjoid2lkdGg9ZGV2aWNlLXdpZHRoLCBpbml0aWFsLXNjYWxlPTEsIHNocmluay10by1maXQ9bm8iLCJoZWxwQ2VudGVyRGVkdXAiOmZhbHNlfSwiYnVpZCI6IjNmN2Y1NGMwZWViYTgzOGY3ODlhNzllOTZmY2QxMjZlIiwic3VpZCI6IjRjMDYxYjI2ZjgxNDFiNjlhYTgxMmQxYmMyNWUwZGMxIiwidmVyc2lvbiI6ImZmNjg2OTNhZiIsInRpbWVzdGFtcCI6IjIwMjAtMDktMjNUMTQ6MzA6NTIuMDc0WiIsInVybCI6Imh0dHBzOi8vd3d3LmdldHlvdXJyZWZ1bmQub3JnL2VpcD9zPWNicHAifQ%3D%3D
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/latest/vendors~web_widget.af1f4c14418f7f4d7688.chunk.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.16.53.111 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 23 Sep 2020 14:30:52 GMT
content-encoding
br
cf-cache-status
MISS
server
cloudflare
status
200
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/html; charset=utf-8
access-control-allow-origin
https://www.getyourrefund.org
cache-control
no-store, no-cache, must-revalidate
cf-ray
5d74f74fab19c847-AMS
cf-request-id
055cf8e5c90000c8470e0b8200000001

Verdicts & Comments Add Verdict or Comment

42 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| trustedTypes function| gtag object| dataLayer object| uetq object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga function| toggleNav function| collapseSidebar function| openSidebar function| setSelectedState object| ajaxMixpanelEvents object| incrementer object| radioSelector object| checkboxSelector object| followUpQuestion object| revealer object| immediateUpload object| inputGroupSelector object| noneOfTheAbove object| showMore object| accordion object| Rails boolean| _rails_loaded object| ActiveStorage function| $ function| jQuery object| jQuery112404412786980440073 object| mixpanelData object| zESettings object| zEWebpackACJsonp function| setImmediate function| clearImmediate function| zE function| zEmbed function| UET object| gaplugins object| gaGlobal object| gaData boolean| zEACLoaded function| $zopim

7 Cookies

Domain/Path Name / Value
.getyourrefund.org/ Name: _gat_gtag_UA_156157414_1
Value: 1
.getyourrefund.org/ Name: _gid
Value: GA1.2.2026391369.1600871451
.getyourrefund.org/ Name: _uetvid
Value: fb7e1f19abe62d0574da76882da2acc2
.getyourrefund.org/ Name: _ga
Value: GA1.2.332215043.1600871451
.getyourrefund.org/ Name: _uetsid
Value: b6790d6ab2273570bd93a82817640fd0
www.getyourrefund.org/ Name: _vita_min_session
Value: n1%2FrxBrrhiTVMYtC1IahlybOrmTLvG%2BQdksPkKEwW5aPyMAxJaM6PACMu0oOmGZuqcJc9qWjpRA3ghnrFoaKX7AQPr5IYyZc%2F%2BVHW7YubSXO%2FcHoXGgV7lQE6ukgyA0o4zw3k1XAtjq5gAJdHAhWafe%2BqAav3QOXOO9tSLo9zKrv27qg0laLqTyPhNQPar6Q--Dk3mH%2B4Kr2zkAwaE--7LQmv9b13GgWEXeXxbxPGg%3D%3D
www.getyourrefund.org/ Name: visitor_id
Value: a3c6bf60f53976e0e6405128059bd11dd1a83efd015ebdf4096a

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubDomains max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bat.bing.com
eitc.zendesk.com
ekr.zdassets.com
rmagnet.usu.edu
static.zdassets.com
stats.g.doubleclick.net
widget-mediator.zopim.com
www.getyourrefund.org
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
104.16.53.111
104.18.71.113
209.18.70.182
2620:1ec:c11::200
2a00:1450:4001:808::2003
2a00:1450:4001:819::2004
2a00:1450:4001:81a::2008
2a00:1450:4001:820::200e
2a00:1450:4001:821::200e
2a00:1450:400c:c0c::9c
3.123.119.171
35.173.27.75
02a047539c12143ace6b8d568ded787229952c94e02ad83454b0cb4d6fcb6875
088e61eb148f84a8036fda284b8ca99b67f08e9e192ed5599442bf7a1e11904e
252f6970859e7b1ba37367e7820af3472b45415066bb501fae76813011fde48e
39e728574e3c99e4633a84fff1ca0df9d61021667f0627a3522f849c3eb468a9
3c9341a2a75c9949a441e6be45f38f24761f4b6af7fb6ea277e4e4b2f4ee8cc5
4d86c15e58c9df621b63b6f93625a2b456a0b0c8f82a1542f81e7aa27aea61d0
5c622f5433cbb6ea1df5c0dd8671e55ef7d1464366074730473c453de50a579b
60863e86aa7743d1ac841da7f473a05cd57fba81d661cef658e385437f80d5ef
66feccdda5935de7fea6f92c4f89af01123c81ec486362b797024bedb873c02b
8231103d519b2db6114b40807697ff8a7443f6ec6e939c8cb9cb4f5dee7348b2
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
87407b6db5abf75a753ca1a8f01a6d96d30ac002d8e0d6ca4a1052e994ef9529
b8882e31b1407e6da2e2dda44ffa9f1c1a9298059f7203c5fa7d50bee4899783
c4209410da99a8057f1843decafe474fa5b1c6fda37e04f90d1c250433f05e99
d7f4cfa38acd5b443b4b6f910f9f991b864b4e848305a4c7f4d19b9478fcc9a5
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e18a55f02a6f88d8c657864e3a8323062b57f0319b186f6e80c6934dfbf06b49
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eb4b7a1be5f80c37ac74daa6f20b193b24414f23da856ad2560a0053e65a2cb7
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f367bd7138e09be07b55b356ccfbc5a9d78d933a36a174d1fa515e5054adc751