Submitted URL: https://soo.gd/1RqA?Rs1083
Effective URL: https://odetoariver.com/cqi-bin/f2021/GetMyPayment.html?IRSStimulusOnline&bn=3a87f6b7c2088874&burlid=d001a6ea0b9cbe16
Submission Tags: 6961134
Submission: On February 10 via api from NL

Summary

This website contacted 11 IPs in 2 countries across 10 domains to perform 41 HTTP transactions. The main IP is 23.235.204.82, located in El Segundo, United States and belongs to IMH-IAD, US. The main domain is odetoariver.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on January 4th 2021. Valid for: 3 months.
This is the only time odetoariver.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: IRS (Government)

Domain & IP information

Domain Requested by
24 odetoariver.com 1 redirects soo.gd
odetoariver.com
4 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
odetoariver.com
3 tpc.googlesyndication.com securepubads.g.doubleclick.net
tpc.googlesyndication.com
2 pagead2.googlesyndication.com securepubads.g.doubleclick.net
2 securepubads.g.doubleclick.net www.googletagservices.com
securepubads.g.doubleclick.net
1 dap.digitalgov.gov odetoariver.com
1 fc8f41647a8a11ee58eb5b6d445d3096.safeframe.googlesyndication.com securepubads.g.doubleclick.net
1 adservice.google.com securepubads.g.doubleclick.net
1 adservice.google.de securepubads.g.doubleclick.net
1 www.googletagmanager.com soo.gd
1 www.googletagservices.com soo.gd
1 soo.gd
41 12

This site contains no links.

Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2020-09-19 -
2021-09-19
a year crt.sh
*.g.doubleclick.net
GTS CA 1O1
2021-01-19 -
2021-04-13
3 months crt.sh
*.google-analytics.com
GTS CA 1O1
2021-01-19 -
2021-04-13
3 months crt.sh
*.google.de
GTS CA 1O1
2021-01-19 -
2021-04-13
3 months crt.sh
*.google.com
GTS CA 1O1
2021-01-19 -
2021-04-13
3 months crt.sh
tpc.googlesyndication.com
GTS CA 1O1
2021-01-26 -
2021-04-20
3 months crt.sh
odetoariver.com
cPanel, Inc. Certification Authority
2021-01-04 -
2021-04-04
3 months crt.sh
dap.digitalgov.gov
Amazon
2020-10-02 -
2021-11-03
a year crt.sh

This page contains 2 frames:

Primary Page: https://odetoariver.com/cqi-bin/f2021/GetMyPayment.html?IRSStimulusOnline&bn=3a87f6b7c2088874&burlid=d001a6ea0b9cbe16
Frame ID: 009082AE51F96369C53D3D26D10A1F6B
Requests: 40 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html
Frame ID: 6995335E3F1F23CC94F644BDE32D1886
Requests: 1 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. https://soo.gd/1RqA?Rs1083 Page URL
  2. https://odetoariver.com/cqi-bin/f2021/ HTTP 302
    https://odetoariver.com/cqi-bin/f2021/GetMyPayment.html?IRSStimulusOnline&bn=3a87f6b7c2088874&burlid... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
  • script /(?:\/([\d.]+))?(?:\/js)?\/bootstrap(?:\.min)?\.js/i

Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i

Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Overall confidence: 100%
Detected patterns
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
  • script /jquery-ui.*\.js/i

Overall confidence: 100%
Detected patterns
  • script /jquery-ui.*\.js/i

Page Statistics

41
Requests

100 %
HTTPS

82 %
IPv6

10
Domains

12
Subdomains

11
IPs

2
Countries

998 kB
Transfer

1340 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://soo.gd/1RqA?Rs1083 Page URL
  2. https://odetoariver.com/cqi-bin/f2021/ HTTP 302
    https://odetoariver.com/cqi-bin/f2021/GetMyPayment.html?IRSStimulusOnline&bn=3a87f6b7c2088874&burlid=d001a6ea0b9cbe16 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

41 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
1RqA
soo.gd/
3 KB
2 KB
Document
General
Full URL
https://soo.gd/1RqA?Rs1083
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::6815:2bd6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fd62f8e3a8cf275d828ac5a34aa22d093c70f37c0da0637b0c7bf513af9c3905
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains;

Request headers

:method
GET
:authority
soo.gd
:scheme
https
:path
/1RqA?Rs1083
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 10 Feb 2021 03:47:29 GMT
content-type
text/html; Charset=UTF-8;charset=UTF-8
set-cookie
__cfduid=d0ae40f202cf7e212e966ddcfed0c1f261612928848; expires=Fri, 12-Mar-21 03:47:28 GMT; path=/; domain=.soo.gd; HttpOnly; SameSite=Lax; Secure
vary
Accept-Encoding
cache-control
no-cache, must-revalidate, max-age=0
pragma
no-cache
x-robots-tag
noindex, nofollow
i-am
Alpha
strict-transport-security
max-age=31536000; includeSubdomains;
cf-cache-status
DYNAMIC
cf-request-id
082ba62b040000c77566206000000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=C8MtfTOpBW43Fuev6XiHIxviJ72yWH4cfLYN%2BxuYcBalkc6tjThuvsPtE%2B%2BEcZPIQZpwQRkV04LzVe6LeyCKApvPYZwthkdkF%2BKY74q96LTNIc8%3D"}],"max_age":604800}
nel
{"max_age":604800,"report_to":"cf-nel"}
server
cloudflare
cf-ray
61f2d9580a0dc775-AMS
content-encoding
br
gpt.js
www.googletagservices.com/tag/js/
55 KB
19 KB
Script
General
Full URL
https://www.googletagservices.com/tag/js/gpt.js
Requested by
Host: soo.gd
URL: https://soo.gd/1RqA?Rs1083
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c9f4018323e82fdd5659d19fcba2b2c25e2dd67164d48a6a26d74f70b191d662
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://soo.gd/1RqA?Rs1083
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 10 Feb 2021 03:47:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"779 / 120 of 1000 / last-modified: 1612912442"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
19031
x-xss-protection
0
expires
Wed, 10 Feb 2021 03:47:29 GMT
js
www.googletagmanager.com/gtag/
97 KB
38 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-31510493-2
Requested by
Host: soo.gd
URL: https://soo.gd/1RqA?Rs1083
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
a7f9257a4b5c81c3986f8c32daa17f635b25a1efca79507c2de9e713016b9695
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://soo.gd/1RqA?Rs1083
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 10 Feb 2021 03:47:29 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
39004
x-xss-protection
0
last-modified
Wed, 10 Feb 2021 03:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 10 Feb 2021 03:47:29 GMT
pubads_impl_2021020401.js
securepubads.g.doubleclick.net/gpt/
288 KB
101 KB
Script
General
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021020401.js?31060077
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
sffe /
Resource Hash
6f6a7567f47eb32ec69d095bdfa4e0a4d841ce95a01a40836a028d8a31d44821
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://soo.gd/1RqA?Rs1083
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 10 Feb 2021 03:47:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 04 Feb 2021 09:37:11 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, immutable, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
103372
x-xss-protection
0
expires
Wed, 10 Feb 2021 03:47:29 GMT
analytics.js
www.google-analytics.com/
46 KB
18 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-31510493-2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://soo.gd/1RqA?Rs1083
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 23 Oct 2020 03:00:57 GMT
server
Golfe2
age
1342
date
Wed, 10 Feb 2021 03:25:07 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18817
expires
Wed, 10 Feb 2021 05:25:07 GMT
collect
www.google-analytics.com/j/
1 B
380 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j87&a=712268684&t=pageview&_s=1&dl=https%3A%2F%2Fsoo.gd%2F1RqA%3FRs1083&ul=en-us&de=UTF-8&dt=1RqA&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAUABAAAAAC~&jid=1513918583&gjid=1455290189&cid=704351171.1612928849&tid=UA-31510493-2&_gid=1168116701.1612928849&_r=1&gtm=2ou1r0&z=574732590
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://soo.gd/1RqA?Rs1083
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 10 Feb 2021 03:47:29 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://soo.gd
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
integrator.js
adservice.google.de/adsid/
109 B
803 B
Script
General
Full URL
https://adservice.google.de/adsid/integrator.js?domain=soo.gd
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021020401.js?31060077
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://soo.gd/1RqA?Rs1083
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 10 Feb 2021 03:47:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
104
x-xss-protection
0
integrator.js
adservice.google.com/adsid/
109 B
803 B
Script
General
Full URL
https://adservice.google.com/adsid/integrator.js?domain=soo.gd
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021020401.js?31060077
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://soo.gd/1RqA?Rs1083
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 10 Feb 2021 03:47:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
104
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/
435 B
939 B
XHR
General
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3030185871119772&correlator=2891671331273521&output=ldjh&impl=fif&eid=21068773%2C21068891%2C31060077%2C21068031&vrg=2021020401&ptt=17&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20210210&iu_parts=5837603%2CSGD_360&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x360&cookie_enabled=1&bc=31&abxe=1&lmt=1612928849&dt=1612928849351&dlt=1612928849126&idt=207&frm=20&biw=1600&bih=1200&oid=3&adxs=-12245933&adys=-12245933&adks=1216140633&ucis=1&ifi=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsoo.gd%2F1RqA%3FRs1083&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x423&msz=0x0&ga_vid=704351171.1612928849&ga_sid=1612928849&ga_hid=712268684&fws=128&ohw=0
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021020401.js?31060077
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://soo.gd/1RqA?Rs1083
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 10 Feb 2021 03:47:29 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
231
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://soo.gd
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
container.html
fc8f41647a8a11ee58eb5b6d445d3096.safeframe.googlesyndication.com/safeframe/1-0-37/html/
0
0
Other
General
Full URL
https://fc8f41647a8a11ee58eb5b6d445d3096.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021020401.js?31060077
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://soo.gd/1RqA?Rs1083
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

container.html
tpc.googlesyndication.com/safeframe/1-0-37/html/
0
0
Other
General
Full URL
https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021020401.js?31060077
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://soo.gd/1RqA?Rs1083
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Primary Request GetMyPayment.html
odetoariver.com/cqi-bin/f2021/
Redirect Chain
  • https://odetoariver.com/cqi-bin/f2021/
  • https://odetoariver.com/cqi-bin/f2021/GetMyPayment.html?IRSStimulusOnline&bn=3a87f6b7c2088874&burlid=d001a6ea0b9cbe16
16 KB
16 KB
Document
General
Full URL
https://odetoariver.com/cqi-bin/f2021/GetMyPayment.html?IRSStimulusOnline&bn=3a87f6b7c2088874&burlid=d001a6ea0b9cbe16
Requested by
Host: soo.gd
URL: https://soo.gd/1RqA?Rs1083
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
23.235.204.82 El Segundo, United States, ASN54641 (IMH-IAD, US),
Reverse DNS
vps60291.inmotionhosting.com
Software
Apache /
Resource Hash
8f6658f581e3bfaa0e91e310e5e876d98ebfc02f99695e39e7e8c78941aef8aa

Request headers

Host
odetoariver.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
document
Referer
https://soo.gd/1RqA?Rs1083
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://soo.gd/1RqA?Rs1083

Response headers

Date
Wed, 10 Feb 2021 03:47:29 GMT
Server
Apache
Last-Modified
Fri, 24 Apr 2020 16:47:46 GMT
Accept-Ranges
bytes
Content-Length
16619
Keep-Alive
timeout=5, max=99
Connection
Keep-Alive
Content-Type
text/html

Redirect headers

Date
Wed, 10 Feb 2021 03:47:29 GMT
Server
Apache
Location
./GetMyPayment.html?IRSStimulusOnline&bn=3a87f6b7c2088874&burlid=d001a6ea0b9cbe16
Content-Length
0
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
sodar
pagead2.googlesyndication.com/getconfig/
9 KB
7 KB
XHR
General
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021020401&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021020401.js?31060077
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://soo.gd/1RqA?Rs1083
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 10 Feb 2021 03:47:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
6767
x-xss-protection
0
sodar2.js
tpc.googlesyndication.com/sodar/
17 KB
7 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021020401.js?31060077
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://soo.gd/1RqA?Rs1083
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 10 Feb 2021 03:47:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1611170586013198"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6403
x-xss-protection
0
expires
Wed, 10 Feb 2021 03:47:29 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/221/ Frame 6995
0
0
Document
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/sodar2/221/runner.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://soo.gd/1RqA?Rs1083
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://soo.gd/1RqA?Rs1083

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
content-length
4984
date
Tue, 09 Feb 2021 20:55:25 GMT
expires
Wed, 09 Feb 2022 20:55:25 GMT
last-modified
Tue, 08 Dec 2020 21:41:15 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
24724
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
gen_204
pagead2.googlesyndication.com/pagead/
0
224 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=221&t=2&li=gpt_2021020401&jk=3030185871119772&bg=!ZGelZyTNAAWP4B5EjzsAKQB2-DxaUIyqzYedoicTUe3PzHl93aeM2Z5rJ1vfYYX7KZffDTKcpEZeAgAAAG1SAAAADGgBBwoA21jZI452yLuuMnnaoNPPjSBIEbxxY3US77Iy_Dg3A5TU6HKgaaj0QdS2NoGzqVylts_REPnoaVxNsR9nWzV_UnVS6kwYPzjsMTNM22kOfkfxMSwT6dgqONXFHLkZS2MUnLKLJZwbDRXx1aTUjODdLPXQRi6qp1t0iC4ezcgg8RFNrkuaNRp-q410cRKXAU6ShjL3lC8mzlJeTu069MZWc07uHQdGwIgzlenKOsFObnja1aFu0y3dYMydZphJZisR9ZJHpoSgzqUQKXAcMwi1aItb9jcP-Oo3qIvq05kByqzOpykSbSo3nhK_jLyiZLN1YDHlR-vuUbxgH1m_UowT6Vk7gTbgiDPwpjW18dn0qTVW5GIrI7zZ1v6Z7fmHTJvRgcfBIEHlfUI_fRw_y9fW7DEWcmeeYVE2JzsPvOOZlcVVUIsHDpOgvMdGbpwtczYLwjWzcoKuOGM5Rivz5VMeTY0pGhM7P1C4mc9G8VkenwrDPFcx1pXRNjks1SlL7nyUE402s1qgNpQDiMAgFquW_H7LnaF3QKK5QcWaOMqLMpnBAzDelZ9p9WsYVX3fW5PxV4c9TGG3HBHB_kjXL9w5kf_UiXWx-01COA9SZduG-homxD5tqPJIeTts1h8opbVjMQVrwKxw3feaVld40haMlhwrO8rjVWty4nMm0RBTieGgSyN6aGOL5zhK1HKyCJ8SodBqdnlGHUIsx2FTnIiEg07_Mwuv-S1H3oJxR_i-UHLwlzZqDZIiKoTEiL8Iadelh5hNGl37JN7Vx2FZAzqfiFlq3IAxI2CYd2BJQ44AL94Y4_0fdci8Kgc_D60n_ep5ImVTBcGSQWZFECYcUpCEexZGj9PYivrHcPJWLspG7KGI5C8PvvbxSC-S85G5fnVvSmUrbw32vGpL
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://soo.gd/1RqA?Rs1083
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 10 Feb 2021 03:47:29 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
bootstrap.min.css
odetoariver.com/cqi-bin/f2021/Get%20My%20Payment_files/
138 KB
138 KB
Stylesheet
General
Full URL
https://odetoariver.com/cqi-bin/f2021/Get%20My%20Payment_files/bootstrap.min.css
Requested by
Host: odetoariver.com
URL: https://odetoariver.com/cqi-bin/f2021/GetMyPayment.html?IRSStimulusOnline&bn=3a87f6b7c2088874&burlid=d001a6ea0b9cbe16
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
23.235.204.82 El Segundo, United States, ASN54641 (IMH-IAD, US),
Reverse DNS
vps60291.inmotionhosting.com
Software
Apache /
Resource Hash
31df1e69ea3aece8a8bae5c08bcb7f5e977cb76f886897b301355359b66a48ec

Request headers

Referer
https://odetoariver.com/cqi-bin/f2021/GetMyPayment.html?IRSStimulusOnline&bn=3a87f6b7c2088874&burlid=d001a6ea0b9cbe16
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 10 Feb 2021 03:47:30 GMT
Last-Modified
Thu, 23 Apr 2020 23:07:56 GMT
Server
Apache
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
140930
jquery-ui.min.css
odetoariver.com/cqi-bin/f2021/Get%20My%20Payment_files/
31 KB
32 KB
Stylesheet
General
Full URL
https://odetoariver.com/cqi-bin/f2021/Get%20My%20Payment_files/jquery-ui.min.css
Requested by
Host: odetoariver.com
URL: https://odetoariver.com/cqi-bin/f2021/GetMyPayment.html?IRSStimulusOnline&bn=3a87f6b7c2088874&burlid=d001a6ea0b9cbe16
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
23.235.204.82 El Segundo, United States, ASN54641 (IMH-IAD, US),
Reverse DNS
vps60291.inmotionhosting.com
Software
Apache /
Resource Hash
ca4df2bf400a42d8752e115f03366a90b2b4ed06b2da9ef429d41fda5f15705e

Request headers

Referer
https://odetoariver.com/cqi-bin/f2021/GetMyPayment.html?IRSStimulusOnline&bn=3a87f6b7c2088874&burlid=d001a6ea0b9cbe16
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 10 Feb 2021 03:47:30 GMT
Last-Modified
Thu, 23 Apr 2020 23:07:56 GMT
Server
Apache
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
32082
irs.css
odetoariver.com/cqi-bin/f2021/Get%20My%20Payment_files/
6 KB
6 KB
Stylesheet
General
Full URL
https://odetoariver.com/cqi-bin/f2021/Get%20My%20Payment_files/irs.css
Requested by
Host: odetoariver.com
URL: https://odetoariver.com/cqi-bin/f2021/GetMyPayment.html?IRSStimulusOnline&bn=3a87f6b7c2088874&burlid=d001a6ea0b9cbe16
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
23.235.204.82 El Segundo, United States, ASN54641 (IMH-IAD, US),
Reverse DNS
vps60291.inmotionhosting.com
Software
Apache /
Resource Hash
c091629a45d384695d3aa0fcea2210eab8edff323d8ecbf81e3a04fda820d7f4

Request headers

Referer
https://odetoariver.com/cqi-bin/f2021/GetMyPayment.html?IRSStimulusOnline&bn=3a87f6b7c2088874&burlid=d001a6ea0b9cbe16
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 10 Feb 2021 03:47:30 GMT
Last-Modified
Thu, 23 Apr 2020 23:07:56 GMT
Server
Apache
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
5806
app.css
odetoariver.com/cqi-bin/f2021/Get%20My%20Payment_files/
9 KB
9 KB
Stylesheet
General
Full URL
https://odetoariver.com/cqi-bin/f2021/Get%20My%20Payment_files/app.css
Requested by
Host: odetoariver.com
URL: https://odetoariver.com/cqi-bin/f2021/GetMyPayment.html?IRSStimulusOnline&bn=3a87f6b7c2088874&burlid=d001a6ea0b9cbe16
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
23.235.204.82 El Segundo, United States, ASN54641 (IMH-IAD, US),
Reverse DNS
vps60291.inmotionhosting.com
Software
Apache /
Resource Hash
c9e635a08a918f7902f54feaefc48f33b41b70d05b1af398528c29bbe179b84d

Request headers

Referer
https://odetoariver.com/cqi-bin/f2021/GetMyPayment.html?IRSStimulusOnline&bn=3a87f6b7c2088874&burlid=d001a6ea0b9cbe16
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 10 Feb 2021 03:47:30 GMT
Last-Modified
Thu, 23 Apr 2020 23:07:56 GMT
Server
Apache
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
9280
wmsp-shared-secrets.css
odetoariver.com/cqi-bin/f2021/Get%20My%20Payment_files/
2 KB
2 KB
Stylesheet
General
Full URL
https://odetoariver.com/cqi-bin/f2021/Get%20My%20Payment_files/wmsp-shared-secrets.css
Requested by
Host: odetoariver.com
URL: https://odetoariver.com/cqi-bin/f2021/GetMyPayment.html?IRSStimulusOnline&bn=3a87f6b7c2088874&burlid=d001a6ea0b9cbe16
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
23.235.204.82 El Segundo, United States, ASN54641 (IMH-IAD, US),
Reverse DNS
vps60291.inmotionhosting.com
Software
Apache /
Resource Hash
70f0b8f85b6734495c48e6dd53b13a3458e650efac5a1bc79df5aa7b1df53298

Request headers

Referer
https://odetoariver.com/cqi-bin/f2021/GetMyPayment.html?IRSStimulusOnline&bn=3a87f6b7c2088874&burlid=d001a6ea0b9cbe16
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 10 Feb 2021 03:47:30 GMT
Last-Modified
Thu, 23 Apr 2020 23:07:56 GMT
Server
Apache
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
2302
wmsp-error.css
odetoariver.com/cqi-bin/f2021/Get%20My%20Payment_files/
514 B
755 B
Stylesheet
General
Full URL
https://odetoariver.com/cqi-bin/f2021/Get%20My%20Payment_files/wmsp-error.css
Requested by
Host: odetoariver.com
URL: https://odetoariver.com/cqi-bin/f2021/GetMyPayment.html?IRSStimulusOnline&bn=3a87f6b7c2088874&burlid=d001a6ea0b9cbe16
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
23.235.204.82 El Segundo, United States, ASN54641 (IMH-IAD, US),
Reverse DNS
vps60291.inmotionhosting.com
Software
Apache /
Resource Hash
24f4acaf9beb720f6614b57b0062a672b2ab7920698a3bb3149861d3d8dd8d95

Request headers

Referer
https://odetoariver.com/cqi-bin/f2021/GetMyPayment.html?IRSStimulusOnline&bn=3a87f6b7c2088874&burlid=d001a6ea0b9cbe16
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 10 Feb 2021 03:47:30 GMT
Last-Modified
Thu, 23 Apr 2020 23:07:56 GMT
Server
Apache
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
514
wmsp-results.css
odetoariver.com/cqi-bin/f2021/Get%20My%20Payment_files/
1 KB
2 KB
Stylesheet
General
Full URL
https://odetoariver.com/cqi-bin/f2021/Get%20My%20Payment_files/wmsp-results.css
Requested by
Host: odetoariver.com
URL: https://odetoariver.com/cqi-bin/f2021/GetMyPayment.html?IRSStimulusOnline&bn=3a87f6b7c2088874&burlid=d001a6ea0b9cbe16
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
23.235.204.82 El Segundo, United States, ASN54641 (IMH-IAD, US),
Reverse DNS
vps60291.inmotionhosting.com
Software
Apache /
Resource Hash
8507e248337417e787344af2e38cdb06d3820724793a7a8b172a919d326e5300

Request headers

Referer
https://odetoariver.com/cqi-bin/f2021/GetMyPayment.html?IRSStimulusOnline&bn=3a87f6b7c2088874&burlid=d001a6ea0b9cbe16
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 10 Feb 2021 03:47:30 GMT
Last-Modified
Thu, 23 Apr 2020 23:07:56 GMT
Server
Apache
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=97
Content-Length
1359
jquery.min.js.download
odetoariver.com/cqi-bin/f2021/Get%20My%20Payment_files/
84 KB
84 KB
Script
General
Full URL
https://odetoariver.com/cqi-bin/f2021/Get%20My%20Payment_files/jquery.min.js.download
Requested by
Host: odetoariver.com
URL: https://odetoariver.com/cqi-bin/f2021/GetMyPayment.html?IRSStimulusOnline&bn=3a87f6b7c2088874&burlid=d001a6ea0b9cbe16
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
23.235.204.82 El Segundo, United States, ASN54641 (IMH-IAD, US),
Reverse DNS
vps60291.inmotionhosting.com
Software
Apache /
Resource Hash
b393399496c96983723466f13b624f70da2d432c1493826e87e6cec3a949dc5d

Request headers

Referer
https://odetoariver.com/cqi-bin/f2021/GetMyPayment.html?IRSStimulusOnline&bn=3a87f6b7c2088874&burlid=d001a6ea0b9cbe16
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 10 Feb 2021 03:47:30 GMT
Last-Modified
Thu, 23 Apr 2020 23:07:56 GMT
Server
Apache
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
85591
jquery-ui.min.js.download
odetoariver.com/cqi-bin/f2021/Get%20My%20Payment_files/
248 KB
248 KB
Script
General
Full URL
https://odetoariver.com/cqi-bin/f2021/Get%20My%20Payment_files/jquery-ui.min.js.download
Requested by
Host: odetoariver.com
URL: https://odetoariver.com/cqi-bin/f2021/GetMyPayment.html?IRSStimulusOnline&bn=3a87f6b7c2088874&burlid=d001a6ea0b9cbe16
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
23.235.204.82 El Segundo, United States, ASN54641 (IMH-IAD, US),
Reverse DNS
vps60291.inmotionhosting.com
Software
Apache /
Resource Hash
21cacca8e9eb98f1f32702b4176685f2f941af51ab5bc7cf88ccb5435a1bb080

Request headers

Referer
https://odetoariver.com/cqi-bin/f2021/GetMyPayment.html?IRSStimulusOnline&bn=3a87f6b7c2088874&burlid=d001a6ea0b9cbe16
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 10 Feb 2021 03:47:30 GMT
Last-Modified
Thu, 23 Apr 2020 23:07:56 GMT
Server
Apache
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
253681
bootstrap.min.js.download
odetoariver.com/cqi-bin/f2021/Get%20My%20Payment_files/
50 KB
50 KB
Script
General
Full URL
https://odetoariver.com/cqi-bin/f2021/Get%20My%20Payment_files/bootstrap.min.js.download
Requested by
Host: odetoariver.com
URL: https://odetoariver.com/cqi-bin/f2021/GetMyPayment.html?IRSStimulusOnline&bn=3a87f6b7c2088874&burlid=d001a6ea0b9cbe16
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
23.235.204.82 El Segundo, United States, ASN54641 (IMH-IAD, US),
Reverse DNS
vps60291.inmotionhosting.com
Software
Apache /
Resource Hash
c5a17d46976d471cf060c5a0e25749a323d6ab20cf0910f40afed81047ba21ef

Request headers

Referer
https://odetoariver.com/cqi-bin/f2021/GetMyPayment.html?IRSStimulusOnline&bn=3a87f6b7c2088874&burlid=d001a6ea0b9cbe16
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 10 Feb 2021 03:47:30 GMT
Last-Modified
Thu, 23 Apr 2020 23:07:56 GMT
Server
Apache
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
50731
logo.png
odetoariver.com/cqi-bin/f2021/Get%20My%20Payment_files/
5 KB
5 KB
Image
General
Full URL
https://odetoariver.com/cqi-bin/f2021/Get%20My%20Payment_files/logo.png
Requested by
Host: odetoariver.com
URL: https://odetoariver.com/cqi-bin/f2021/GetMyPayment.html?IRSStimulusOnline&bn=3a87f6b7c2088874&burlid=d001a6ea0b9cbe16
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
23.235.204.82 El Segundo, United States, ASN54641 (IMH-IAD, US),
Reverse DNS
vps60291.inmotionhosting.com
Software
Apache /
Resource Hash
02ceea374fce34ce8272bb17a67fd862c8ff49eeb05938154570701ca7a62ea7

Request headers

Referer
https://odetoariver.com/cqi-bin/f2021/GetMyPayment.html?IRSStimulusOnline&bn=3a87f6b7c2088874&burlid=d001a6ea0b9cbe16
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 10 Feb 2021 03:47:31 GMT
Last-Modified
Thu, 23 Apr 2020 23:07:56 GMT
Server
Apache
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
4640
irs_horiz_white.png
odetoariver.com/cqi-bin/f2021/Get%20My%20Payment_files/
1 KB
2 KB
Image
General
Full URL
https://odetoariver.com/cqi-bin/f2021/Get%20My%20Payment_files/irs_horiz_white.png
Requested by
Host: odetoariver.com
URL: https://odetoariver.com/cqi-bin/f2021/GetMyPayment.html?IRSStimulusOnline&bn=3a87f6b7c2088874&burlid=d001a6ea0b9cbe16
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
23.235.204.82 El Segundo, United States, ASN54641 (IMH-IAD, US),
Reverse DNS
vps60291.inmotionhosting.com
Software
Apache /
Resource Hash
5d3238bdb8ee9440978b31fadb2af34965dca58b179a1225e13316d4c6cfd5e8

Request headers

Referer
https://odetoariver.com/cqi-bin/f2021/GetMyPayment.html?IRSStimulusOnline&bn=3a87f6b7c2088874&burlid=d001a6ea0b9cbe16
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 10 Feb 2021 03:47:31 GMT
Last-Modified
Thu, 23 Apr 2020 23:07:56 GMT
Server
Apache
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=96
Content-Length
1498
google-analytics.js.download
odetoariver.com/cqi-bin/f2021/Get%20My%20Payment_files/
845 B
1 KB
Script
General
Full URL
https://odetoariver.com/cqi-bin/f2021/Get%20My%20Payment_files/google-analytics.js.download
Requested by
Host: odetoariver.com
URL: https://odetoariver.com/cqi-bin/f2021/GetMyPayment.html?IRSStimulusOnline&bn=3a87f6b7c2088874&burlid=d001a6ea0b9cbe16
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
23.235.204.82 El Segundo, United States, ASN54641 (IMH-IAD, US),
Reverse DNS
vps60291.inmotionhosting.com
Software
Apache /
Resource Hash
3fcf51d6a45af49fcf867f9e7cfd7d0f98f05b0d4274df4f98f8e0876f5f468c

Request headers

Referer
https://odetoariver.com/cqi-bin/f2021/GetMyPayment.html?IRSStimulusOnline&bn=3a87f6b7c2088874&burlid=d001a6ea0b9cbe16
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 10 Feb 2021 03:47:30 GMT
Last-Modified
Thu, 23 Apr 2020 23:07:58 GMT
Server
Apache
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
845
expire.js.download
odetoariver.com/cqi-bin/f2021/Get%20My%20Payment_files/
3 KB
4 KB
Script
General
Full URL
https://odetoariver.com/cqi-bin/f2021/Get%20My%20Payment_files/expire.js.download
Requested by
Host: odetoariver.com
URL: https://odetoariver.com/cqi-bin/f2021/GetMyPayment.html?IRSStimulusOnline&bn=3a87f6b7c2088874&burlid=d001a6ea0b9cbe16
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
23.235.204.82 El Segundo, United States, ASN54641 (IMH-IAD, US),
Reverse DNS
vps60291.inmotionhosting.com
Software
Apache /
Resource Hash
d84d96dee8f47b0682ff6aea04bcb80d792d47d836af6cc0a5489fc24511c935

Request headers

Referer
https://odetoariver.com/cqi-bin/f2021/GetMyPayment.html?IRSStimulusOnline&bn=3a87f6b7c2088874&burlid=d001a6ea0b9cbe16
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 10 Feb 2021 03:47:30 GMT
Last-Modified
Thu, 23 Apr 2020 23:07:58 GMT
Server
Apache
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=97
Content-Length
3399
fluidDialog.js.download
odetoariver.com/cqi-bin/f2021/Get%20My%20Payment_files/
841 B
1 KB
Script
General
Full URL
https://odetoariver.com/cqi-bin/f2021/Get%20My%20Payment_files/fluidDialog.js.download
Requested by
Host: odetoariver.com
URL: https://odetoariver.com/cqi-bin/f2021/GetMyPayment.html?IRSStimulusOnline&bn=3a87f6b7c2088874&burlid=d001a6ea0b9cbe16
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
23.235.204.82 El Segundo, United States, ASN54641 (IMH-IAD, US),
Reverse DNS
vps60291.inmotionhosting.com
Software
Apache /
Resource Hash
9551a6fca7a5633b5d8c174b6402878a5fade1c090086f2256d10393e4ed8e15

Request headers

Referer
https://odetoariver.com/cqi-bin/f2021/GetMyPayment.html?IRSStimulusOnline&bn=3a87f6b7c2088874&burlid=d001a6ea0b9cbe16
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 10 Feb 2021 03:47:31 GMT
Last-Modified
Thu, 23 Apr 2020 23:07:58 GMT
Server
Apache
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
841
ce1384469195631a75b459127272b
odetoariver.com/cqi-bin/f2021/Get%20My%20Payment_files/
64 KB
65 KB
Script
General
Full URL
https://odetoariver.com/cqi-bin/f2021/Get%20My%20Payment_files/ce1384469195631a75b459127272b
Requested by
Host: odetoariver.com
URL: https://odetoariver.com/cqi-bin/f2021/GetMyPayment.html?IRSStimulusOnline&bn=3a87f6b7c2088874&burlid=d001a6ea0b9cbe16
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
23.235.204.82 El Segundo, United States, ASN54641 (IMH-IAD, US),
Reverse DNS
vps60291.inmotionhosting.com
Software
Apache /
Resource Hash
8bd5e5729a3fb989a0bcb99fd966df11e1c44198c447712fa4136996e2b28c0a

Request headers

Referer
https://odetoariver.com/cqi-bin/f2021/GetMyPayment.html?IRSStimulusOnline&bn=3a87f6b7c2088874&burlid=d001a6ea0b9cbe16
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 10 Feb 2021 03:47:31 GMT
Last-Modified
Thu, 23 Apr 2020 23:07:58 GMT
Server
Apache
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
66005
swirl_lighter_ca6f4deb.png
odetoariver.com/cqi-bin/f2021/images/
8 KB
8 KB
Image
General
Full URL
https://odetoariver.com/cqi-bin/f2021/images/swirl_lighter_ca6f4deb.png
Requested by
Host: odetoariver.com
URL: https://odetoariver.com/cqi-bin/f2021/Get%20My%20Payment_files/app.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
23.235.204.82 El Segundo, United States, ASN54641 (IMH-IAD, US),
Reverse DNS
vps60291.inmotionhosting.com
Software
Apache /
Resource Hash
abcea00a3797acfcd499591144327a0c27b371a0dd675d7fb9fc51280cb5d514

Request headers

Referer
https://odetoariver.com/cqi-bin/f2021/Get%20My%20Payment_files/app.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 10 Feb 2021 03:47:31 GMT
Server
Apache
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
Cache-Control
no-cache, must-revalidate, max-age=0
Connection
Keep-Alive
Link
<https://odetoariver.com/wp-json/>; rel="https://api.w.org/"
Keep-Alive
timeout=5, max=99
Expires
Wed, 11 Jan 1984 05:00:00 GMT
help-tip.svg
odetoariver.com/cqi-bin/f2021/images/
8 KB
8 KB
Image
General
Full URL
https://odetoariver.com/cqi-bin/f2021/images/help-tip.svg
Requested by
Host: odetoariver.com
URL: https://odetoariver.com/cqi-bin/f2021/Get%20My%20Payment_files/wmsp-shared-secrets.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
23.235.204.82 El Segundo, United States, ASN54641 (IMH-IAD, US),
Reverse DNS
vps60291.inmotionhosting.com
Software
Apache /
Resource Hash
abcea00a3797acfcd499591144327a0c27b371a0dd675d7fb9fc51280cb5d514

Request headers

Referer
https://odetoariver.com/cqi-bin/f2021/Get%20My%20Payment_files/wmsp-shared-secrets.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 10 Feb 2021 03:47:31 GMT
Server
Apache
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
Cache-Control
no-cache, must-revalidate, max-age=0
Connection
Keep-Alive
Link
<https://odetoariver.com/wp-json/>; rel="https://api.w.org/"
Keep-Alive
timeout=5, max=96
Expires
Wed, 11 Jan 1984 05:00:00 GMT
analytics.js
www.google-analytics.com/
46 KB
19 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: odetoariver.com
URL: https://odetoariver.com/cqi-bin/f2021/Get%20My%20Payment_files/google-analytics.js.download
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://odetoariver.com/cqi-bin/f2021/GetMyPayment.html?IRSStimulusOnline&bn=3a87f6b7c2088874&burlid=d001a6ea0b9cbe16
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 23 Oct 2020 03:00:57 GMT
server
Golfe2
age
1344
date
Wed, 10 Feb 2021 03:25:07 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18817
expires
Wed, 10 Feb 2021 05:25:07 GMT
Universal-Federated-Analytics-Min.js
dap.digitalgov.gov/
18 KB
19 KB
Script
General
Full URL
https://dap.digitalgov.gov/Universal-Federated-Analytics-Min.js?agency=Treasury&subagency=IRS
Requested by
Host: odetoariver.com
URL: https://odetoariver.com/cqi-bin/f2021/Get%20My%20Payment_files/google-analytics.js.download
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2127:7c00:5:83ea:ba80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
456e60679a0853b3c885219ac1b8ffa4becb397615e2af7c5b3d8051241f569f

Request headers

Referer
https://odetoariver.com/cqi-bin/f2021/GetMyPayment.html?IRSStimulusOnline&bn=3a87f6b7c2088874&burlid=d001a6ea0b9cbe16
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id
I0hR6H.cnrZ_sfVWlm0ZTBkdCjg4s9Sc
via
1.1 7df0d6b4ce8f8b155434dd5d830b76be.cloudfront.net (CloudFront)
etag
W/"9e1b714f83b726462a83db0033bac6db"
age
43172
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
content-length
18764
last-modified
Tue, 14 May 2019 19:41:29 GMT
server
AmazonS3
date
Wed, 10 Feb 2021 00:51:22 GMT
vary
Accept-Encoding
content-type
application/javascript
x-amz-cf-pop
PRG50-C1
accept-ranges
bytes
x-amz-cf-id
8blRDRUOU1suo7nsSkNCoYd0mFpGOdPb0GKPH7ZI2JQEjZ2oTQNSnA==
collect
www.google-analytics.com/j/
1 B
64 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j87&aip=1&a=209956016&t=pageview&_s=1&dl=https%3A%2F%2Fodetoariver.com%2Fcqi-bin%2Ff2021%2FGetMyPayment.html%3FIRSStimulusOnline%26bn%3D3a87f6b7c2088874%26burlid%3Dd001a6ea0b9cbe16&dr=https%3A%2F%2Fsoo.gd%2F1RqA%3FRs1083&dp=%2Fcqi-bin%2Ff2021%2FGetMyPayment.html%3FIRSStimulusOnline%26bn%3D3a87f6b7c2088874%26burlid%3Dd001a6ea0b9cbe16&ul=en-us&de=UTF-8&dt=Get%20My%20Payment&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aEhAAQABAAAAAC~&jid=552637532&gjid=1937434531&cid=1432871603.1612928851&tid=UA-33523145-1&_gid=210243647.1612928851&_r=1&cd1=TREASURY&cd2=TREASURY%20-%20IRS&cd3=20181010%20v4.1%20-%20Universal%20Analytics&cd4=unspecified%3Aodetoariver.com&cd5=unspecified%3Aodetoariver.com&cd6=https%3A%2F%2Fdap.digitalgov.gov%2FUniversal-Federated-Analytics-Min.js&cd7=https%3A&z=132481219
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://odetoariver.com/cqi-bin/f2021/GetMyPayment.html?IRSStimulusOnline&bn=3a87f6b7c2088874&burlid=d001a6ea0b9cbe16
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 10 Feb 2021 03:47:31 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://odetoariver.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
ac93c75f139d8d6cf03fd24ddcc996ce.woff2
odetoariver.com/cqi-bin/f2021/fonts/
0
0
Font
General
Full URL
https://odetoariver.com/cqi-bin/f2021/fonts/ac93c75f139d8d6cf03fd24ddcc996ce.woff2
Requested by
Host: odetoariver.com
URL: https://odetoariver.com/cqi-bin/f2021/Get%20My%20Payment_files/irs.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
23.235.204.82 El Segundo, United States, ASN54641 (IMH-IAD, US),
Reverse DNS
vps60291.inmotionhosting.com
Software
Apache /
Resource Hash

Request headers

Origin
https://odetoariver.com
Referer
https://odetoariver.com/cqi-bin/f2021/Get%20My%20Payment_files/irs.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 10 Feb 2021 03:47:31 GMT
Server
Apache
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
Cache-Control
no-cache, must-revalidate, max-age=0
Connection
Keep-Alive
Link
<https://odetoariver.com/wp-json/>; rel="https://api.w.org/"
Keep-Alive
timeout=5, max=97
Expires
Wed, 11 Jan 1984 05:00:00 GMT
ce1384469195631a75b459127272b
odetoariver.com/public/
42 KB
43 KB
XHR
General
Full URL
https://odetoariver.com/public/ce1384469195631a75b459127272b
Requested by
Host: odetoariver.com
URL: https://odetoariver.com/cqi-bin/f2021/Get%20My%20Payment_files/ce1384469195631a75b459127272b
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
23.235.204.82 El Segundo, United States, ASN54641 (IMH-IAD, US),
Reverse DNS
vps60291.inmotionhosting.com
Software
Apache /
Resource Hash
5a5eaafe951b04c6ec24b0b64d82f50a640c741c6489a6399bab423505413496

Request headers

Referer
https://odetoariver.com/cqi-bin/f2021/GetMyPayment.html?IRSStimulusOnline&bn=3a87f6b7c2088874&burlid=d001a6ea0b9cbe16
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Date
Wed, 10 Feb 2021 03:47:31 GMT
Server
Apache
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
Cache-Control
no-cache, must-revalidate, max-age=0
Connection
Keep-Alive
Link
<https://odetoariver.com/wp-json/>; rel="https://api.w.org/"
Keep-Alive
timeout=5, max=97
Expires
Wed, 11 Jan 1984 05:00:00 GMT
939d9f66e993332d8def74508fe62a33.woff
odetoariver.com/cqi-bin/f2021/fonts/
0
0
Font
General
Full URL
https://odetoariver.com/cqi-bin/f2021/fonts/939d9f66e993332d8def74508fe62a33.woff
Requested by
Host: odetoariver.com
URL: https://odetoariver.com/cqi-bin/f2021/Get%20My%20Payment_files/irs.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
23.235.204.82 El Segundo, United States, ASN54641 (IMH-IAD, US),
Reverse DNS
vps60291.inmotionhosting.com
Software
Apache /
Resource Hash

Request headers

Origin
https://odetoariver.com
Referer
https://odetoariver.com/cqi-bin/f2021/Get%20My%20Payment_files/irs.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 10 Feb 2021 03:47:31 GMT
Server
Apache
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
Cache-Control
no-cache, must-revalidate, max-age=0
Connection
Keep-Alive
Link
<https://odetoariver.com/wp-json/>; rel="https://api.w.org/"
Keep-Alive
timeout=5, max=95
Expires
Wed, 11 Jan 1984 05:00:00 GMT
ce1384469195631a75b459127272b
odetoariver.com/public/
42 KB
43 KB
XHR
General
Full URL
https://odetoariver.com/public/ce1384469195631a75b459127272b
Requested by
Host: odetoariver.com
URL: https://odetoariver.com/cqi-bin/f2021/Get%20My%20Payment_files/ce1384469195631a75b459127272b
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
23.235.204.82 El Segundo, United States, ASN54641 (IMH-IAD, US),
Reverse DNS
vps60291.inmotionhosting.com
Software
Apache /
Resource Hash
5a5eaafe951b04c6ec24b0b64d82f50a640c741c6489a6399bab423505413496

Request headers

Referer
https://odetoariver.com/cqi-bin/f2021/GetMyPayment.html?IRSStimulusOnline&bn=3a87f6b7c2088874&burlid=d001a6ea0b9cbe16
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Date
Wed, 10 Feb 2021 03:47:31 GMT
Server
Apache
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
Cache-Control
no-cache, must-revalidate, max-age=0
Connection
Keep-Alive
Link
<https://odetoariver.com/wp-json/>; rel="https://api.w.org/"
Keep-Alive
timeout=5, max=96
Expires
Wed, 11 Jan 1984 05:00:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: IRS (Government)

74 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery object| bootstrap function| openIrsPage function| openIrsAccessibility function| openIrsPrivacyPolicy function| switchLanguage string| ga_id string| GoogleAnalyticsObject function| ga object| expireManager object| google_tag_data object| gaplugins object| gaGlobal object| gaData object| oCONFIG function| _onEveryPage function| _defineCookieDomain function| _defineAgencyCDsValues function| _cleanBooleanParam function| _isValidUANum function| _cleanDimensionValue function| _updateConfig function| _sendCustomDimensions function| _sendCustomMetrics function| _sendEvent function| _sendPageview function| gas function| _URIHandler function| _isExcludedReferrer string| tObjectCheck function| createTracker function| _initAutoTracker undefined| videoArray_fed undefined| playerArray_fed undefined| _f33 undefined| _f66 undefined| _f90 undefined| tag undefined| firstScriptTag undefined| youtube_parser_fed undefined| IsYouTube_fed undefined| YTUrlHandler_fed undefined| _initYouTubeTracker undefined| onYouTubePlayerAPIReady undefined| onFedPlayerReady undefined| onFedPlayerStateChange function| _initIdAssigner function| _tagClicks function| _setUpTrackers function| _setUpTrackersIfReady string| _fullParams string| _keyValuePair string| _key string| _value function| logout function| sessionTimeout boolean| timeoutView boolean| logoutView function| onCollapsibleClicked function| onThereAreValidationErrors object| _cf object| _ac object| bmak string| _sd_trace

3 Cookies

Domain/Path Name / Value
.odetoariver.com/ Name: _gat_GSA_ENOR0
Value: 1
.odetoariver.com/ Name: _gid
Value: GA1.2.210243647.1612928851
.odetoariver.com/ Name: _ga
Value: GA1.2.1432871603.1612928851

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubdomains;

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
adservice.google.de
dap.digitalgov.gov
fc8f41647a8a11ee58eb5b6d445d3096.safeframe.googlesyndication.com
odetoariver.com
pagead2.googlesyndication.com
securepubads.g.doubleclick.net
soo.gd
tpc.googlesyndication.com
www.google-analytics.com
www.googletagmanager.com
www.googletagservices.com
142.250.185.194
23.235.204.82
2600:9000:2127:7c00:5:83ea:ba80:93a1
2606:4700:3031::6815:2bd6
2a00:1450:4001:809::2008
2a00:1450:4001:80f::2001
2a00:1450:4001:812::2001
2a00:1450:4001:812::200e
2a00:1450:4001:813::200e
2a00:1450:4001:82a::2002
2a00:1450:4001:82b::2002
02ceea374fce34ce8272bb17a67fd862c8ff49eeb05938154570701ca7a62ea7
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
21cacca8e9eb98f1f32702b4176685f2f941af51ab5bc7cf88ccb5435a1bb080
24f4acaf9beb720f6614b57b0062a672b2ab7920698a3bb3149861d3d8dd8d95
31df1e69ea3aece8a8bae5c08bcb7f5e977cb76f886897b301355359b66a48ec
3fcf51d6a45af49fcf867f9e7cfd7d0f98f05b0d4274df4f98f8e0876f5f468c
456e60679a0853b3c885219ac1b8ffa4becb397615e2af7c5b3d8051241f569f
5a5eaafe951b04c6ec24b0b64d82f50a640c741c6489a6399bab423505413496
5d3238bdb8ee9440978b31fadb2af34965dca58b179a1225e13316d4c6cfd5e8
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6f6a7567f47eb32ec69d095bdfa4e0a4d841ce95a01a40836a028d8a31d44821
70f0b8f85b6734495c48e6dd53b13a3458e650efac5a1bc79df5aa7b1df53298
8507e248337417e787344af2e38cdb06d3820724793a7a8b172a919d326e5300
8bd5e5729a3fb989a0bcb99fd966df11e1c44198c447712fa4136996e2b28c0a
8f6658f581e3bfaa0e91e310e5e876d98ebfc02f99695e39e7e8c78941aef8aa
9551a6fca7a5633b5d8c174b6402878a5fade1c090086f2256d10393e4ed8e15
a7f9257a4b5c81c3986f8c32daa17f635b25a1efca79507c2de9e713016b9695
abcea00a3797acfcd499591144327a0c27b371a0dd675d7fb9fc51280cb5d514
b393399496c96983723466f13b624f70da2d432c1493826e87e6cec3a949dc5d
c091629a45d384695d3aa0fcea2210eab8edff323d8ecbf81e3a04fda820d7f4
c5a17d46976d471cf060c5a0e25749a323d6ab20cf0910f40afed81047ba21ef
c9e635a08a918f7902f54feaefc48f33b41b70d05b1af398528c29bbe179b84d
c9f4018323e82fdd5659d19fcba2b2c25e2dd67164d48a6a26d74f70b191d662
ca4df2bf400a42d8752e115f03366a90b2b4ed06b2da9ef429d41fda5f15705e
d84d96dee8f47b0682ff6aea04bcb80d792d47d836af6cc0a5489fc24511c935
e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b
fd62f8e3a8cf275d828ac5a34aa22d093c70f37c0da0637b0c7bf513af9c3905