urlscan.io logo urlscan.io
SecurityTrails logo

w2payrollcreditrefund.com Open in urlscan Pro
2a06:98c1:3121::7  Public Scan

Go To Rescan Add Verdict Report
URL: https://w2payrollcreditrefund.com/
Submission: On February 24 via automatic, source certstream-suspicious — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 9 IPs in 2 countries across 10 domains to perform 47 HTTP transactions. The main IP is 2a06:98c1:3121::7, located in United States and belongs to CLOUDFLARENET, US. The main domain is w2payrollcreditrefund.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on February 24th 2022. Valid for: a year.
This is the only time w2payrollcreditrefund.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
13 2a06:98c1:312... 13335 (CLOUDFLAR...)
2 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
15 2606:4700::68... 13335 (CLOUDFLAR...)
1 2600:9000:223... 16509 (AMAZON-02)
8 44.194.91.8 14618 (AMAZON-AES)
3 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
3 2a00:1450:400... 15169 (GOOGLE)
47 9
13    2a06:98c1:3121::7 (United States)

ASN13335 (CLOUDFLARENET, US)
w2payrollcreditrefund.com
app.groove.cm
ka-f.fontawesome.com
matomo.groovetech.io
2    2a00:1450:4001:82a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2606:4700::6812:1734 (United States)

ASN13335 (CLOUDFLARENET, US)
kit.fontawesome.com
15    2606:4700::6812:15b4 (United States)

ASN13335 (CLOUDFLARENET, US)
assets.grooveapps.com
1    2600:9000:223d:1a00:b:d801:7900:93a1 (United States)

ASN16509 (AMAZON-02, US)
widget.groovevideo.com
8    44.194.91.8 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-194-91-8.compute-1.amazonaws.com
fs22.formsite.com
3    2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
1    2606:4700::6810:5914 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.jsdelivr.net
3    2a00:1450:4001:827::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
Apex Domain
Subdomains		 Transfer
15 grooveapps.com
assets.grooveapps.com — Cisco Umbrella Rank: 269110
3 MB
8 formsite.com
fs22.formsite.com — Cisco Umbrella Rank: 474168
30 KB
6 fontawesome.com
kit.fontawesome.com — Cisco Umbrella Rank: 1582
ka-f.fontawesome.com — Cisco Umbrella Rank: 2933
114 KB
5 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 35
ajax.googleapis.com — Cisco Umbrella Rank: 250
406 KB
4 groove.cm
app.groove.cm — Cisco Umbrella Rank: 268770
84 KB
3 gstatic.com
fonts.gstatic.com
94 KB
2 groovetech.io
matomo.groovetech.io — Cisco Umbrella Rank: 371601
22 KB
2 w2payrollcreditrefund.com
w2payrollcreditrefund.com
60 KB
1 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 401
9 KB
1 groovevideo.com
widget.groovevideo.com
308 KB
47 10
Domain Requested by
15 assets.grooveapps.com w2payrollcreditrefund.com
8 fs22.formsite.com w2payrollcreditrefund.com
fs22.formsite.com
5 ka-f.fontawesome.com kit.fontawesome.com
w2payrollcreditrefund.com
4 app.groove.cm w2payrollcreditrefund.com
3 ajax.googleapis.com fs22.formsite.com
3 fonts.gstatic.com fonts.googleapis.com
fs22.formsite.com
2 matomo.groovetech.io w2payrollcreditrefund.com
matomo.groovetech.io
2 fonts.googleapis.com w2payrollcreditrefund.com
app.groove.cm
2 w2payrollcreditrefund.com w2payrollcreditrefund.com
1 cdn.jsdelivr.net w2payrollcreditrefund.com
1 widget.groovevideo.com w2payrollcreditrefund.com
1 kit.fontawesome.com w2payrollcreditrefund.com
47 12

This site contains links to these domains. Also see Links.

Domain
www.irs.gov
Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-02-24 -
2023-02-24		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2022-02-07 -
2022-05-02		 3 months crt.sh
*.fontawesome.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-12-01 -
2023-01-01		 a year crt.sh
videos.groovevideo.com
Amazon		 2021-07-05 -
2022-08-03		 a year crt.sh
*.formsite.com
Go Daddy Secure Certificate Authority - G2		 2021-03-01 -
2022-04-02		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2022-02-17 -
2022-05-12		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://w2payrollcreditrefund.com/
Frame ID: 38D32E4BA482732364A50F53550C5340
Requests: 35 HTTP requests in this frame

Frame: https://fs22.formsite.com/res/showFormEmbed?EParam=m_OmK8apOTBq9zAPECUmc4YvBMmXmdLwdgTYVfxeOgg&1300974183&EmbedId=1300974183
Frame ID: 1E5CD4EB35919775C2B8AEC21DDC9147
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

ERTC Fund - Employee Retention Tax Credit

Detected technologies

Overall confidence: 100%
Detected patterns
  • /alpine(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • kit\.fontawesome\.com/([0-9a-z]+).js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • ([\d.]+)/jquery-ui(?:\.min)?\.js
  • jquery-ui.*\.js
Overall confidence: 100%
Detected patterns
  • //cdn\.jsdelivr\.net/

Page Statistics

47
Requests

100 %
HTTPS

89 %
IPv6

10
Domains

12
Subdomains

9
IPs

2
Countries

4223 kB
Transfer

7043 kB
Size

5
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

47 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
w2payrollcreditrefund.com/ 		906 KB
59 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://w2payrollcreditrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
47f8db68b4f9247e17826d55ecd182b3d659290217bb72c915fe41cb13008438

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

date
Thu, 24 Feb 2022 12:37:33 GMT
content-type
text/html
last-modified
Thu, 24 Feb 2022 07:25:11 GMT
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hisH74y1w9bw53m91nWobx17KPbua86aPBihgs6Lc8jWYCtGl5fzCrncE6%2FqawpUKf1eZXrDxU57ihZpWctV768NPeJp3gBHzncaNOBQqYpY4Vlha2rdBJRvKokgW%2F1h0o5%2Bsvbi7QvyZLvwspp12zG3k6LHxtWD"}],"group":"cf-nel","max_age":604800}
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
6e28bef40a5c0e26-MXP
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
css2
fonts.googleapis.com/ 		714 KB
137 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Abril+Fatface&family=Amatic+SC:wght@400;700&family=Architects+Daughter&family=Asap:wght@400;700&family=Balsamiq+Sans:wght@400;700&family=Barlow:wght@400;700;900&family=Bebas+Neue&family=Bitter:wght@400;700;900&family=Cabin:wght@400;700&family=Cairo:wght@400;700&family=Cormorant+Garamond:wght@400;700&family=Crimson+Text:wght@400;700&family=Dancing+Script:wght@400;700&family=Fira+Sans:wght@400;700;900&family=Fjalla+One&family=Indie+Flower&family=Josefin+Sans:wght@400;700&family=Lato:wght@400;700;900&family=Libre+Baskerville:wght@400;700&family=Libre+Franklin:wght@400;700;900&family=Lobster&family=Lora:wght@400;700&family=Martel:wght@400;700;900&family=Merriweather:wght@400;700;900&family=Montserrat:wght@400;700;900&family=Mukta:wght@400;700&family=Noto+Sans+JP:wght@400;700&family=Noto+Sans+KR:wght@400;700;900&family=Noto+Sans:wght@400;700&family=Noto+Serif:wght@400;700&family=Nunito+Sans:wght@200;300;400;700;900&family=Nunito:wght@300;400;700;900&family=Old+Standard+TT:wght@400;700&family=Open+Sans+Condensed:wght@300;700&family=Open+Sans:wght@300;400;700&family=Oswald:wght@400;700&family=Overpass:wght@400;700;900&family=Oxygen:wght@300;400;700&family=PT+Sans+Narrow:wght@400;700&family=PT+Sans:wght@400;700&family=PT+Serif:wght@400;700&family=Pacifico&family=Playfair+Display:wght@400;700;900&family=Poppins:ital,wght@0,400;0,700;1,900&family=Raleway:wght@400;700;900&family=Roboto+Condensed:wght@400;700&family=Roboto+Slab:wght@400;700;900&family=Roboto:ital,wght@0,100;0,300;0,400;0,500;0,700;0,900;1,100;1,300;1,400;1,500;1,700;1,900&family=Rubik:ital,wght@0,400;0,700;1,900&family=Shadows+Into+Light&family=Signika:wght@400;700&family=Slabo+27px&family=Source+Code+Pro:wght@400;700;900&family=Source+Sans+Pro:wght@400;700;900&family=Source+Serif+Pro:wght@400;700;900&family=Tajawal:wght@400;700;900&family=Titillium+Web:wght@400;700;900&family=Ubuntu:wght@400;700&family=Work+Sans:wght@400;700;900&display=swap
Requested by
Host: w2payrollcreditrefund.com
URL: https://w2payrollcreditrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
64ed16fb5adc4d3e168cf43066195e1e4737befa2e8f57a0f3653bbbac7ec1df
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://w2payrollcreditrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 24 Feb 2022 12:37:33 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Thu, 24 Feb 2022 12:37:33 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 24 Feb 2022 12:37:33 GMT
inpage_published.css
app.groove.cm/groovepages/css/ 		377 KB
54 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://app.groove.cm/groovepages/css/inpage_published.css
Requested by
Host: w2payrollcreditrefund.com
URL: https://w2payrollcreditrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b618174bba540a0b80130a805618fb6417602e4119495cb7b8df5826a0aa1ddc

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://w2payrollcreditrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Thu, 24 Feb 2022 12:37:33 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Thu, 24 Feb 2022 08:45:09 GMT
server
cloudflare
age
5195
etag
W/"62174595-5e2b7"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L5wy2aJ%2Fz5OwUPAG7lg8YHbQIpXRPj16VMOherrOJDOMKuN61MIvQwd32svLZejqCTIT1O732ZnYTQOBbEgDomxfNXpt0%2FzSHAEiH%2FeoT74iFJ%2FJ1EhTA7BMWETBbXXLihLPnUAOvvYvlFC5"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
6e28bef68f433751-MXP
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
chunk-vendors.css
app.groove.cm/groovepages/css/ 		0
0 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://app.groove.cm/groovepages/css/chunk-vendors.css
Requested by
Host: w2payrollcreditrefund.com
URL: https://w2payrollcreditrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://w2payrollcreditrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers
e7647a48d4.js
kit.fontawesome.com/ 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://kit.fontawesome.com/e7647a48d4.js
Requested by
Host: w2payrollcreditrefund.com
URL: https://w2payrollcreditrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7a7249a1f634a0ecfc772e774a158a0ab74c354609558c382b130bf37a91b346
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload

Request headers

Referer
https://w2payrollcreditrefund.com/
Origin
https://w2payrollcreditrefund.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Thu, 24 Feb 2022 12:37:33 GMT
content-encoding
gzip
cf-cache-status
MISS
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
origin, accept-encoding, access-control-request-headers, access-control-request-method
access-control-allow-methods
GET, OPTIONS
content-type
text/javascript
access-control-allow-origin
*
access-control-max-age
3000
cache-control
max-age=60, public, must-revalidate
strict-transport-security
max-age=31536000; preload
cf-ray
6e28bef67a130f66-MXP
access-control-allow-headers
accept, accept-langauge, content-language, content-type, fa-kit-token
x-request-id
Fta5Hlp68sVHU6g0jd1h
css2
fonts.googleapis.com/ 		695 KB
136 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Abril+Fatface&family=Amatic+SC:wght@400;700&family=Architects+Daughter&family=Asap:wght@400;700&family=Balsamiq+Sans:wght@400;700&family=Barlow:wght@400;700;900&family=Bebas+Neue&family=Bitter:wght@400;700;900&family=Cabin:wght@400;700&family=Cairo:wght@400;700&family=Cormorant+Garamond:wght@400;700&family=Crimson+Text:wght@400;700&family=Dancing+Script:wght@400;700&family=Fira+Sans:wght@400;700;900&family=Fjalla+One&family=Indie+Flower&family=Josefin+Sans:wght@400;700&family=Lato:wght@400;700;900&family=Libre+Baskerville:wght@400;700&family=Libre+Franklin:wght@400;700;900&family=Lobster&family=Lora:wght@400;700&family=Martel:wght@400;700;900&family=Merriweather:wght@400;700;900&family=Montserrat:wght@400;700;900&family=Mukta:wght@400;700&family=Noto+Sans+JP:wght@400;700&family=Noto+Sans+KR:wght@400;700;900&family=Noto+Sans:wght@400;700&family=Noto+Serif:wght@400;700&family=Nunito+Sans:wght@200;300;400;700;900&family=Nunito:wght@300;400;700;900&family=Old+Standard+TT:wght@400;700&family=Open+Sans+Condensed:wght@300;700&family=Open+Sans:wght@300;400;700&family=Oswald:wght@400;700&family=Overpass:wght@400;700;900&family=Oxygen:wght@300;400;700&family=PT+Sans+Narrow:wght@400;700&family=PT+Sans:wght@400;700&family=PT+Serif:wght@400;700&family=Pacifico&family=Playfair+Display:wght@400;700;900&family=Poppins:ital,wght@0,400;0,700;1,900&family=Raleway:wght@400;700;900&family=Roboto+Condensed:wght@400;700&family=Roboto+Slab:wght@400;700;900&family=Roboto:ital,wght@0,700;0,900;1,400&family=Rubik:ital,wght@0,400;0,700;1,900&family=Shadows+Into+Light&family=Signika:wght@400;700&family=Slabo+27px&family=Source+Code+Pro:wght@400;700;900&family=Source+Sans+Pro:wght@400;700;900&family=Source+Serif+Pro:wght@400;700;900&family=Tajawal:wght@400;700;900&family=Titillium+Web:wght@400;700;900&family=Ubuntu:wght@400;700&family=Work+Sans:wght@400;700;900&display=swap
Requested by
Host: app.groove.cm
URL: https://app.groove.cm/groovepages/css/inpage_published.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
ee96ad42c85f62358253b6382ed995d14fccc53700a86dbb2981f140508520ca
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://app.groove.cm/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 24 Feb 2022 12:37:33 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Thu, 24 Feb 2022 12:37:33 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 24 Feb 2022 12:37:33 GMT
free.min.css
ka-f.fontawesome.com/releases/v5.15.4/css/ 		59 KB
13 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ka-f.fontawesome.com/releases/v5.15.4/css/free.min.css?token=e7647a48d4
Requested by
Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/e7647a48d4.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fc5128dfdcdfa0c3a9967a6d2f19399d7bf1aaae6ad7571b96b03915a1f30dda

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://w2payrollcreditrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Thu, 24 Feb 2022 12:37:34 GMT
via
1.1 c2015c52d38ccde0fdca03737208f710.cloudfront.net (CloudFront)
vary
Accept-Encoding
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
MXP64-C1
x-cache
Hit from cloudfront
access-control-allow-methods
GET
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Wed, 04 Aug 2021 18:53:09 GMT
server
cloudflare
etag
W/"a12ec7ebe75a4d59a5dd6b79e2ba2e16"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
3000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LmjCzgRgmIVZnJqOsbXKDjPr3znaL2UWRcAYhmT9lgkzehezq0xV0Ju0Z6XS5tyG9KnjsVo4w7iihJGEhVFrgHtWJLxuqomm4Rv66Ww6Ri7Dm1zMBBbyncSChWF8OlOoHhMAGcU2UUyO%2FSjqxRA199i7dw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31556926
cf-ray
6e28bef7f9fb5a1f-MXP
access-control-allow-headers
fa-kit-token
x-amz-cf-id
OACkdDkYdOG9wZEyzplFiSJl8Z1TltKe9HyNGFEivw-fbcZg0n6EZA==
free-v4-shims.min.css
ka-f.fontawesome.com/releases/v5.15.4/css/ 		26 KB
4 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ka-f.fontawesome.com/releases/v5.15.4/css/free-v4-shims.min.css?token=e7647a48d4
Requested by
Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/e7647a48d4.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6dea47458a4cd7cd7312cc780a53c62e0c8b3ccc8d0b13c1ac0ea6e3dfcecea8

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://w2payrollcreditrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Thu, 24 Feb 2022 12:37:34 GMT
via
1.1 04ef40fa4057e9f4ef2012df984a2c74.cloudfront.net (CloudFront)
vary
Accept-Encoding
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
MXP64-C1
x-cache
Hit from cloudfront
access-control-allow-methods
GET
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Wed, 04 Aug 2021 18:53:09 GMT
server
cloudflare
etag
W/"76f34b71fc9fb641507ff6a822cc07f5"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
3000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ELRJ%2Ff87Q%2F%2FPVR9mWkNTBrRmrcn3bpCPB0hNf56xnvE%2FYPvLiknrNSr1wSGSoXQxKejpVOEb3llVpQZalnBewuLskyfbu9KpU5INJpjxj8gJlOtnjr%2FXOT1XQPouv5J5GcvdLsTb5w2enEwMh%2Fv34dhzrA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31556926
cf-ray
6e28bef7fa075a1f-MXP
access-control-allow-headers
fa-kit-token
x-amz-cf-id
LbeNUNWezsoJ4-pMbCScOACz8hMKpAb39pYg23EeRKqN68yKnOOCoA==
free-v4-font-face.min.css
ka-f.fontawesome.com/releases/v5.15.4/css/ 		3 KB
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ka-f.fontawesome.com/releases/v5.15.4/css/free-v4-font-face.min.css?token=e7647a48d4
Requested by
Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/e7647a48d4.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7f8b63bff49fba3c5bae30f4eb39f2fd6d088fbe9d7292bdf37b0ef4a1ec68d6

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://w2payrollcreditrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Thu, 24 Feb 2022 12:37:34 GMT
via
1.1 b6c77de995859d945c2d7fed268670b2.cloudfront.net (CloudFront)
vary
Accept-Encoding
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
MXP64-C1
x-cache
Hit from cloudfront
access-control-allow-methods
GET
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Wed, 04 Aug 2021 18:53:09 GMT
server
cloudflare
etag
W/"f2e0b2680d9b0bcb6e0039c4424e5a59"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
3000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N7zUiunQ9EyghpjpGZhKHiyyi89rNwt%2FtSkLYkuhTYxfHGWEXk2320cHEQA5HqC3f9lZiG3omxVyup2I5NZLTkzWqlP%2FyzDGgaje50n1dRJq8kZGuKCmgC2YLhdFAJcK2MVZ1VkEPSCx%2FGB%2FckK%2BmobBnQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31556926
cf-ray
6e28bef7fa035a1f-MXP
access-control-allow-headers
fa-kit-token
x-amz-cf-id
Q-lEErFV6InBWS4ZtK1E_QQgZ23sE-sslCn5bPfFkK1-BxonieCS5g==
matomo.js
matomo.groovetech.io/ 		62 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://matomo.groovetech.io/matomo.js
Requested by
Host: w2payrollcreditrefund.com
URL: https://w2payrollcreditrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
43af579102b8c4adff968a3a00280fc2061cc33538c7bbad1d8d6ec775f0807b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://w2payrollcreditrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Thu, 24 Feb 2022 12:37:34 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Fri, 14 Jan 2022 17:08:21 GMT
server
cloudflare
age
6650
etag
W/"f93c-5d58dd993cb40-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DxxwYjP61JG22LR7Sh9ygQvwcYcCO3d5Nb%2BGX0W7lWeih6EKIWZDSQ2WeWAPzJb2vH97uaK%2BZFwm7avnprBNiSXrbofm903L%2Bz7smtGwLOPl6FqcSbyh1z6cOZNLVo39AoiouaZ617YFrXJf9Ee7tkJj9A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
6e28bef8ffb08397-MXP
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
1645686531_ertcexpressfav.png
assets.grooveapps.com/images/b74bcb79-9ef6-49ef-ad82-77dd488027b6/ 		83 KB
83 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.grooveapps.com/images/b74bcb79-9ef6-49ef-ad82-77dd488027b6/1645686531_ertcexpressfav.png
Requested by
Host: w2payrollcreditrefund.com
URL: https://w2payrollcreditrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:15b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bfa7207f906f16335cb1847200dcf1d0b0e219787a20951f8237e553f049b3e1

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://w2payrollcreditrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Thu, 24 Feb 2022 12:37:34 GMT
cf-cache-status
MISS
x-guploader-uploadid
ADPycdtJiYseefh7BOYber648ZM8Yv8k8L4D-9F395UQwEwBrH9Vbrc4kghlmT2ClMsPEU5XVkek-IRIRQVDEpjQVqs
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-type
image/png
content-length
84687
last-modified
Thu, 24 Feb 2022 07:08:52 GMT
server
cloudflare
etag
"2d4bbad48cb8df81cacdb4886704c6a1"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=QiV26g==, md5=LUu61Iy434HKzbSIZwTGoQ==
x-goog-generation
1645686532142940
access-control-allow-origin
*
access-control-expose-headers
Content-Type
cache-control
public, max-age=14400
x-goog-stored-content-length
84687
accept-ranges
bytes
cf-ray
6e28bef9795a3747-MXP
expires
Thu, 24 Feb 2022 16:37:34 GMT
navmenu-lib.web.js
assets.grooveapps.com/plugins/ 		67 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.grooveapps.com/plugins/navmenu-lib.web.js
Requested by
Host: w2payrollcreditrefund.com
URL: https://w2payrollcreditrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:15b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
98604d0054239be392f6fcd294ca934f6a16dc5dcaf06ba1e6c8b587cbd4f9aa

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://w2payrollcreditrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Thu, 24 Feb 2022 12:37:34 GMT
content-encoding
br
cf-cache-status
MISS
x-guploader-uploadid
ADPycduM9Ql8pNyrqYmvP6AFnPvdJXGjxsgqqfldpqWi94-bIWTzFfF8CB3AFBhXGTMqiwPmRY8etNSVStxGfnSGj7o
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-type
application/javascript
last-modified
Thu, 24 Feb 2022 03:43:55 GMT
server
cloudflare
etag
W/"80a0a9161b234b3502b6c78c897f80cc"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=x4Qn5Q==, md5=gKCpFhsjSzUCtseMiX+AzA==
content-language
en
access-control-allow-origin
*
x-goog-generation
1645674235834674
access-control-expose-headers
Content-Type
cache-control
public, max-age=31536000
x-goog-stored-content-length
68781
cf-ray
6e28bef9794b3747-MXP
expires
Fri, 24 Feb 2023 12:37:34 GMT
1644637810_ERTCAid-Website-Final-720p.png
assets.grooveapps.com/images/5dd590f1c586100f1285ee7a/ 		703 KB
704 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.grooveapps.com/images/5dd590f1c586100f1285ee7a/1644637810_ERTCAid-Website-Final-720p.png
Requested by
Host: w2payrollcreditrefund.com
URL: https://w2payrollcreditrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:15b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
558156faa0f698195670c3dbde3988438153348273597da1913a0b540da7e0c7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://w2payrollcreditrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Thu, 24 Feb 2022 12:37:34 GMT
cf-cache-status
MISS
x-guploader-uploadid
ADPycdsvohWfLX2372-Ekol_-R-oZy07TqGWlU1mS8GHK23UhFEauwn0EFGWMhYHNhtcu1nb3NDPUG5fgPJW95RP2yA
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-type
image/png
content-length
720106
last-modified
Sat, 12 Feb 2022 03:50:10 GMT
server
cloudflare
etag
"8b63f555d793d33f4ab5a882c06ce042"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=LWhKAA==, md5=i2P1VdeT0z9KtaiCwGzgQg==
x-goog-generation
1644637810673507
access-control-allow-origin
*
access-control-expose-headers
Content-Type
cache-control
public, max-age=14400
x-goog-stored-content-length
720106
accept-ranges
bytes
cf-ray
6e28bef9795e3747-MXP
expires
Thu, 24 Feb 2022 16:37:34 GMT
app.js
widget.groovevideo.com/widget/ 		308 KB
308 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://widget.groovevideo.com/widget/app.js
Requested by
Host: w2payrollcreditrefund.com
URL: https://w2payrollcreditrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:1a00:b:d801:7900:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
85a2384595926a0d1306834e955dceff74b539d22f78e06a276c3c6c5d8a09cc

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://w2payrollcreditrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Thu, 24 Feb 2022 04:36:03 GMT
via
1.1 bfad099b4e1fa2ec7d21876e0293dc20.cloudfront.net (CloudFront)
last-modified
Tue, 23 Nov 2021 13:48:27 GMT
server
AmazonS3
age
28891
etag
"c720b112e41afb0ce50f2715cd52d83b"
x-cache
Hit from cloudfront
content-type
application/javascript
x-amz-cf-pop
FRA56-P3
accept-ranges
bytes
content-length
315185
x-amz-cf-id
O95vRcF8q7xweLw_I2Ysj9I2h9qUUSnBf8m53HV0QCX06DiFPhY1TA==
1642992378_bizcons-firm-300x200.jpeg
assets.grooveapps.com/images/5ec1beec3df0ea0c586b63e7/ 		11 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.grooveapps.com/images/5ec1beec3df0ea0c586b63e7/1642992378_bizcons-firm-300x200.jpeg
Requested by
Host: w2payrollcreditrefund.com
URL: https://w2payrollcreditrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:15b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3d95841bd5ae6655a3c5ebe534fae99d5cb088aaf0b0916bbe62c7bbf1bb0388

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://w2payrollcreditrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Thu, 24 Feb 2022 12:37:34 GMT
cf-cache-status
MISS
x-guploader-uploadid
ADPycdt43XTUeZ3k70itKfYHqTB-a4_UW4VOGoeo0qLRvGjf_mrmzcd0fMw7_eJbfIYgySAh_Z0-OaEJmynQkj-ZxF0
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-type
image/jpeg
content-length
10906
last-modified
Mon, 24 Jan 2022 02:46:19 GMT
server
cloudflare
etag
"285a03d6e5ceaf4b274c6353d047dba0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=CD9DjQ==, md5=KFoD1uXOr0snTGNT0EfboA==
x-goog-generation
1642992379002558
access-control-allow-origin
*
access-control-expose-headers
Content-Type
cache-control
public, max-age=14400
x-goog-stored-content-length
10906
accept-ranges
bytes
cf-ray
6e28bef9795f3747-MXP
expires
Thu, 24 Feb 2022 16:37:34 GMT
1642992779_design-firm-300x200.jpeg
assets.grooveapps.com/images/5ec1beec3df0ea0c586b63e7/ 		9 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.grooveapps.com/images/5ec1beec3df0ea0c586b63e7/1642992779_design-firm-300x200.jpeg
Requested by
Host: w2payrollcreditrefund.com
URL: https://w2payrollcreditrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:15b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d5255ecbcd3d1b59a62b8cfff6255833a74b36ca93977b796ee19e40a95bf2b4

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://w2payrollcreditrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Thu, 24 Feb 2022 12:37:34 GMT
cf-cache-status
MISS
x-guploader-uploadid
ADPycduc60LxZmO2R6nonL9WKtf8RzVkXzWJpdOrMOoYKCwJTgfsyVpgIFGBaHAJK0xXixtYtfB-GzZkZ8olBTga6oE
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-type
image/jpeg
content-length
9569
last-modified
Mon, 24 Jan 2022 02:52:59 GMT
server
cloudflare
etag
"e790d077b008cfe0e15045da5ba36d93"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=pNhkuw==, md5=55DQd7AIz+DhUEXaW6Ntkw==
x-goog-generation
1642992779707474
access-control-allow-origin
*
access-control-expose-headers
Content-Type
cache-control
public, max-age=14400
x-goog-stored-content-length
9569
accept-ranges
bytes
cf-ray
6e28bef979603747-MXP
expires
Thu, 24 Feb 2022 16:37:34 GMT
1643784403_ownership-group-300x200.jpg
assets.grooveapps.com/images/5ec1beec3df0ea0c586b63e7/ 		6 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.grooveapps.com/images/5ec1beec3df0ea0c586b63e7/1643784403_ownership-group-300x200.jpg
Requested by
Host: w2payrollcreditrefund.com
URL: https://w2payrollcreditrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:15b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1d0279475831ba535ccf63fcd47e1298213f296b4f7601b800b00a8738888c39

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://w2payrollcreditrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Thu, 24 Feb 2022 12:37:34 GMT
cf-cache-status
MISS
x-guploader-uploadid
ADPycdsrCAE2pi6VNHwNxdt7sAHz8kWYvck8FVXhLIMAsOo7xbZ3Izmvzd50ALLwO6WehJXhhTR8Lq58mJ0RwPN_W_Q
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-type
image/jpeg
content-length
6478
last-modified
Wed, 02 Feb 2022 06:46:44 GMT
server
cloudflare
etag
"3a3e12af3ecddb5fa9ed28c7cdfbd9d4"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=hiWiVw==, md5=Oj4Srz7N21+p7SjHzfvZ1A==
x-goog-generation
1643784404037160
access-control-allow-origin
*
access-control-expose-headers
Content-Type
cache-control
public, max-age=14400
x-goog-stored-content-length
6478
accept-ranges
bytes
cf-ray
6e28bef979613747-MXP
expires
Thu, 24 Feb 2022 16:37:34 GMT
1643784451_smallrestaurant-300x200.jpg
assets.grooveapps.com/images/5ec1beec3df0ea0c586b63e7/ 		10 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.grooveapps.com/images/5ec1beec3df0ea0c586b63e7/1643784451_smallrestaurant-300x200.jpg
Requested by
Host: w2payrollcreditrefund.com
URL: https://w2payrollcreditrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:15b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c55a148df10773ef97156c4ec52f459e83080758c5f70d62a2109bdf8beea2ef

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://w2payrollcreditrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Thu, 24 Feb 2022 12:37:34 GMT
cf-cache-status
MISS
x-guploader-uploadid
ADPycdv0jlv84h40r39qavGDG5AjiuUdmUah2rXCMAZ9hYGjTr1lOQHpiysGErbxI96jxaqBJx2cbOAvOTqw3ekdu9o
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-type
image/jpeg
content-length
10318
last-modified
Wed, 02 Feb 2022 06:47:31 GMT
server
cloudflare
etag
"4e7eed4f1e46e5a8b5cc7bbfe384633e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=+n1VaQ==, md5=Tn7tTx5G5ai1zHu/44RjPg==
x-goog-generation
1643784451341775
access-control-allow-origin
*
access-control-expose-headers
Content-Type
cache-control
public, max-age=14400
x-goog-stored-content-length
10318
accept-ranges
bytes
cf-ray
6e28bef9da473747-MXP
expires
Thu, 24 Feb 2022 16:37:34 GMT
1643784467_educational-300x200.jpg
assets.grooveapps.com/images/5ec1beec3df0ea0c586b63e7/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.grooveapps.com/images/5ec1beec3df0ea0c586b63e7/1643784467_educational-300x200.jpg
Requested by
Host: w2payrollcreditrefund.com
URL: https://w2payrollcreditrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:15b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2cb7e9bcc14cd1ed7311c482d2f39f9dfb3b29c94dd9397d160d42eceec3f320

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://w2payrollcreditrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Thu, 24 Feb 2022 12:37:34 GMT
cf-cache-status
MISS
x-guploader-uploadid
ADPycdspvcmsJdK6ZgiDr403m3ANpje9NyzmSLsDKjOoL6QIibIBiHwo0GsidzfoJf-vXMA9dGNPoM_uwwcqGcjAMIU
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-type
image/jpeg
content-length
8208
last-modified
Wed, 02 Feb 2022 06:47:48 GMT
server
cloudflare
etag
"0f1575264f6378cf7361f8673572b7be"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=gXsA9w==, md5=DxV1Jk9jeM9zYfhnNXK3vg==
x-goog-generation
1643784468185696
access-control-allow-origin
*
access-control-expose-headers
Content-Type
cache-control
public, max-age=14400
x-goog-stored-content-length
8208
accept-ranges
bytes
cf-ray
6e28bef9da4b3747-MXP
expires
Thu, 24 Feb 2022 16:37:34 GMT
embedManager.js
fs22.formsite.com/include/form/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fs22.formsite.com/include/form/embedManager.js?1300974183
Requested by
Host: w2payrollcreditrefund.com
URL: https://w2payrollcreditrefund.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.194.91.8 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-194-91-8.compute-1.amazonaws.com
Software
Apache /
Resource Hash
9c8d64cbf085d79f198e754889157afbab4bb16da50777158bba9c0070cf2baf

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://w2payrollcreditrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Thu, 24 Feb 2022 12:37:34 GMT
content-encoding
gzip
last-modified
Tue, 14 Sep 2021 14:48:34 GMT
server
Apache
etag
"ec1-gzip"
vary
Accept-Encoding,User-Agent
content-type
application/javascript
cache-control
max-age=604800
accept-ranges
bytes
content-length
1455
expires
Thu, 03 Mar 2022 12:37:34 GMT
matomo.php
matomo.groovetech.io/ 		0
570 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://matomo.groovetech.io/matomo.php?action_name=w2payrollcreditrefund.com%2FERTC%20Fund%20-%20Employee%20Retention%20Tax%20Credit&idsite=4&rec=1&r=079119&h=12&m=37&s=34&url=https%3A%2F%2Fw2payrollcreditrefund.com%2F&_id=bfa677bc4ae412b8&_idn=1&_refts=0&send_image=0&pdf=1&qt=0&realp=0&wma=0&fla=0&java=0&ag=0&cookie=1&res=1600x1200&dimension1=62172ebd39336d47ac1ce662&dimension2=soQTsViQ5&pv_id=oHgJdy&pf_net=56&pf_srv=327
Requested by
Host: matomo.groovetech.io
URL: https://matomo.groovetech.io/matomo.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/8.0.15
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://w2payrollcreditrefund.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=utf-8

Response headers

date
Thu, 24 Feb 2022 12:37:34 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
PHP/8.0.15
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=D4KBsI0wB9I5aC8B3WgFhcZY17C1WegZylSU3CLLWn8COJcUPIVXd4w4xdklLfxj3q41EmUvHiZVfS0hFZ9wF%2F7holDmab%2B3F6DCm%2B%2BgDhf0ohy9V0NtN3BWxjqOzwcTCy7gwoTPn2CthdAdkOwKrZej9Q%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
https://w2payrollcreditrefund.com
access-control-allow-credentials
true
cf-ray
6e28bef97bc659bf-MXP
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
email-decode.min.js
w2payrollcreditrefund.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://w2payrollcreditrefund.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
Requested by
Host: w2payrollcreditrefund.com
URL: https://w2payrollcreditrefund.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://w2payrollcreditrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Thu, 24 Feb 2022 12:37:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 16 Feb 2022 13:46:32 GMT
server
cloudflare
etag
W/"620d0038-4d7"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options
DENY
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8dgbyI5rmAyUda9NESM0FPHj0REIuioA7pSW0kgomrkv7tYHnW%2F4NNvC5uCwZVszssXO%2FMWBWtj5eIBu3ldB7yR2yoDrV70aIWoHL6MFUrpTkAe6rgBzCmFg2Pe1%2B5mwSEvDQG3LYNRQRia4DhlyYuGhHLMWtOwC"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=172800, public
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
6e28bef9df735a1f-MXP
vary
Accept-Encoding
expires
Sat, 26 Feb 2022 12:37:34 GMT
inpage_published.js
app.groove.cm/groovepages/js/ 		81 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.groove.cm/groovepages/js/inpage_published.js
Requested by
Host: w2payrollcreditrefund.com
URL: https://w2payrollcreditrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f027ea063eee0d6e52cca300261c8769a933de84ffdb7e6a2214d447793444db

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://w2payrollcreditrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Thu, 24 Feb 2022 12:37:34 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Thu, 24 Feb 2022 08:45:09 GMT
server
cloudflare
age
5178
etag
W/"62174595-145c6"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NCSn1xBl4dEFXAAvcRGOGy7AIJWbtjoNObieLYmoTyukbAmzaX4iD8xU593K9xj%2FVEBXM2itg0ZI%2Fv6jS30Osl0mns5%2FuphHjDAJOL%2FTfuPJNyyYmnqdxuW5qdHHUBC3jVSKoiDN0BLV%2B52O"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
6e28bef9d85f3751-MXP
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
chunk-vendors.js
app.groove.cm/groovepages/js/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://app.groove.cm/groovepages/js/chunk-vendors.js
Requested by
Host: w2payrollcreditrefund.com
URL: https://w2payrollcreditrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://w2payrollcreditrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers
1643784040_Boardroom-header.jpg
assets.grooveapps.com/images/5ec1beec3df0ea0c586b63e7/ 		57 KB
58 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.grooveapps.com/images/5ec1beec3df0ea0c586b63e7/1643784040_Boardroom-header.jpg
Requested by
Host: w2payrollcreditrefund.com
URL: https://w2payrollcreditrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:15b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bff8c4e7c45be1885adb89fb134721995d8c0c82701ed91a54684f3c998269e1

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://w2payrollcreditrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Thu, 24 Feb 2022 12:37:34 GMT
cf-cache-status
MISS
x-guploader-uploadid
ADPycds_76GV062siVcTdwnr0jn8SvghTHdhZfCbRUysAtRHbSReY-QdMpTz6QnoQjrwTO3LkOttmmHdPleg-jZBAVk
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-type
image/jpeg
content-length
58876
last-modified
Wed, 02 Feb 2022 06:40:40 GMT
server
cloudflare
etag
"15a6fe7135dfa2c6c21d5fa60120f462"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=EqpnlA==, md5=Fab+cTXfosbCHV+mASD0Yg==
x-goog-generation
1643784040571847
access-control-allow-origin
*
access-control-expose-headers
Content-Type
cache-control
public, max-age=14400
x-goog-stored-content-length
58876
accept-ranges
bytes
cf-ray
6e28befaac6b3747-MXP
expires
Thu, 24 Feb 2022 16:37:34 GMT
1643787879_Capitol.jpeg
assets.grooveapps.com/images/5ec1beec3df0ea0c586b63e7/ 		190 KB
190 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.grooveapps.com/images/5ec1beec3df0ea0c586b63e7/1643787879_Capitol.jpeg
Requested by
Host: w2payrollcreditrefund.com
URL: https://w2payrollcreditrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:15b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2ea6220dd8a0ab082f82d13cbcb0166658001bd983ec96ae67092448ec17d3d7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://w2payrollcreditrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Thu, 24 Feb 2022 12:37:35 GMT
cf-cache-status
MISS
x-guploader-uploadid
ADPycdvY5sf57HigdLSv-2admiefEzrfu_4mdaQ9lnarVVBPCgRiZq7r8UL2tcQFsrGKHSCNrmVNmV-E3TmrxZ_-PSc
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-type
image/jpeg
content-length
194457
last-modified
Wed, 02 Feb 2022 07:44:40 GMT
server
cloudflare
etag
"2c19ce0347437f083eabea631e3f2779"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=Cr1vrQ==, md5=LBnOA0dDfwg+q+pjHj8neQ==
x-goog-generation
1643787879974419
access-control-allow-origin
*
access-control-expose-headers
Content-Type
cache-control
public, max-age=14400
x-goog-stored-content-length
194457
accept-ranges
bytes
cf-ray
6e28befaed0b3747-MXP
expires
Thu, 24 Feb 2022 16:37:35 GMT
1643784142_Money.jpeg
assets.grooveapps.com/images/5ec1beec3df0ea0c586b63e7/ 		712 KB
713 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.grooveapps.com/images/5ec1beec3df0ea0c586b63e7/1643784142_Money.jpeg
Requested by
Host: w2payrollcreditrefund.com
URL: https://w2payrollcreditrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:15b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
54fc107c3868e6216c4f944c1583ea3d32b70e8c7c019f49f3f7229f85e8d908

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://w2payrollcreditrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Thu, 24 Feb 2022 12:37:35 GMT
cf-cache-status
MISS
x-guploader-uploadid
ADPycdsbnIFtaFRLpTHrpXfAdSUHNV4QdQHD9Beo1d9ADNLqC5JNnOL-f46eUjRqz2pKmU3UJNNOdykB1lFCVEbbeiY
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-type
image/jpeg
content-length
728823
last-modified
Wed, 02 Feb 2022 06:42:23 GMT
server
cloudflare
etag
"5b953b726e9a3820c97e7aa74d763859"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=Ilm77Q==, md5=W5U7cm6aOCDJfnqnTXY4WQ==
x-goog-generation
1643784143246989
access-control-allow-origin
*
access-control-expose-headers
Content-Type
cache-control
public, max-age=14400
x-goog-stored-content-length
728823
accept-ranges
bytes
cf-ray
6e28befaed0d3747-MXP
expires
Thu, 24 Feb 2022 16:37:35 GMT
1643784204_Employees.jpg
assets.grooveapps.com/images/5ec1beec3df0ea0c586b63e7/ 		43 KB
44 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.grooveapps.com/images/5ec1beec3df0ea0c586b63e7/1643784204_Employees.jpg
Requested by
Host: w2payrollcreditrefund.com
URL: https://w2payrollcreditrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:15b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
da27c05eb715cddfc3bddb51b42095c9257eabe1fe46ad69fca9d352a193520a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://w2payrollcreditrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Thu, 24 Feb 2022 12:37:34 GMT
cf-cache-status
MISS
x-guploader-uploadid
ADPycduCwzk86brLf2g_gdJRB43gu5G443nzlzIppKFm_07jchoC0Yh668HXRZVAzaw8lUiv5yQK3igQRJ8xdrafFO4
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-type
image/jpeg
content-length
44260
last-modified
Wed, 02 Feb 2022 06:43:25 GMT
server
cloudflare
etag
"9ea5da4ef4e912ae87392915fbebec3a"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=uTQv8Q==, md5=nqXaTvTpEq6HOSkV++vsOg==
x-goog-generation
1643784205084691
access-control-allow-origin
*
access-control-expose-headers
Content-Type
cache-control
public, max-age=14400
x-goog-stored-content-length
44260
accept-ranges
bytes
cf-ray
6e28befaed173747-MXP
expires
Thu, 24 Feb 2022 16:37:34 GMT
1643618309npxXWgQ33ZQ.jpg
assets.grooveapps.com/images/5ec1beec3df0ea0c586b63e7/ 		698 KB
699 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.grooveapps.com/images/5ec1beec3df0ea0c586b63e7/1643618309npxXWgQ33ZQ.jpg
Requested by
Host: w2payrollcreditrefund.com
URL: https://w2payrollcreditrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:15b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fdcb220d2ac9660c2bb74a00a94cc555fe77c3a0335973dab8bf5ab2018aeb32

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://w2payrollcreditrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Thu, 24 Feb 2022 12:37:35 GMT
cf-cache-status
MISS
x-guploader-uploadid
ADPycdt2Ww76dftd4LmYtLJWoEHoD57gonwqL5jJnaWpPtwjLXUPZPdgjpYJ9as2Lh2OxosqFuBwafl1YxDC4qrsvMA
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-type
image/jpeg
content-length
714990
last-modified
Mon, 31 Jan 2022 08:38:29 GMT
server
cloudflare
etag
"c6a1f1328bae61e9b00f8f345a2e69a6"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=ww/H0g==, md5=xqHxMouuYemwD480Wi5ppg==
x-goog-generation
1643618309898322
access-control-allow-origin
*
access-control-expose-headers
Content-Type
cache-control
public, max-age=14400
x-goog-stored-content-length
714990
accept-ranges
bytes
cf-ray
6e28befaed1c3747-MXP
expires
Thu, 24 Feb 2022 16:37:34 GMT
1642833384_easyertc-scaled-1.jpeg
assets.grooveapps.com/images/5ec1beec3df0ea0c586b63e7/ 		271 KB
271 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.grooveapps.com/images/5ec1beec3df0ea0c586b63e7/1642833384_easyertc-scaled-1.jpeg
Requested by
Host: w2payrollcreditrefund.com
URL: https://w2payrollcreditrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:15b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
48eaa291203e5809dd4cc90c9391c2bd10855cacb7631dbd545e157fae57fb03

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://w2payrollcreditrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Thu, 24 Feb 2022 12:37:34 GMT
cf-cache-status
MISS
x-guploader-uploadid
ADPycdvGdefGQJQ22mknusBzl2n6Wk0LrtI0EO3aO73Zjyr1NeZF1PfhxedNi0VPQ89SMUMX2BAiLtzbjFFC2mD2BaU
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-type
image/jpeg
content-length
277062
last-modified
Sat, 22 Jan 2022 06:36:41 GMT
server
cloudflare
etag
"c3cd993991728af1c54c2a39fb4258d1"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=1rcr8A==, md5=w82ZOZFyivHFTCo5+0JY0Q==
x-goog-generation
1642833401670735
access-control-allow-origin
*
access-control-expose-headers
Content-Type
cache-control
public, max-age=14400
x-goog-stored-content-length
277062
accept-ranges
bytes
cf-ray
6e28befaed203747-MXP
expires
Thu, 24 Feb 2022 16:37:34 GMT
1643785038_Blue%20wave%20gradient.jpeg
assets.grooveapps.com/images/5ec1beec3df0ea0c586b63e7/ 		265 KB
266 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.grooveapps.com/images/5ec1beec3df0ea0c586b63e7/1643785038_Blue%20wave%20gradient.jpeg
Requested by
Host: w2payrollcreditrefund.com
URL: https://w2payrollcreditrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:15b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5c33ec265d30d92bea7ff6464a5f8e120c81056bab2a1c2928d2fb80f75cfbc6

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://w2payrollcreditrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Thu, 24 Feb 2022 12:37:34 GMT
cf-cache-status
MISS
x-guploader-uploadid
ADPycdtB2wNy-qZ3Ff7-dotw5fnBHfIYYS7CTackkNZqeHIf35AnilTS_EcfYODspCTpd1h_H7kzhLNilnvv-x8L8CE
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-type
image/jpeg
content-length
271425
last-modified
Wed, 02 Feb 2022 06:57:18 GMT
server
cloudflare
etag
"ecf3157a99dbc45707475926a2f438e6"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=m0KgMQ==, md5=7PMVepnbxFcHR1kmovQ45g==
x-goog-generation
1643785038881065
access-control-allow-origin
*
access-control-expose-headers
Content-Type
cache-control
public, max-age=14400
x-goog-stored-content-length
271425
accept-ranges
bytes
cf-ray
6e28befafd443747-MXP
expires
Thu, 24 Feb 2022 16:37:34 GMT
free-fa-solid-900.woff2
ka-f.fontawesome.com/releases/v5.15.4/webfonts/ 		76 KB
77 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://ka-f.fontawesome.com/releases/v5.15.4/webfonts/free-fa-solid-900.woff2
Requested by
Host: w2payrollcreditrefund.com
URL: https://w2payrollcreditrefund.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c5dd43f53f3af822cbf17b1fb75f46192cdbd51724f277acf6cf0dacb3fd57e7

Request headers

Referer
https://w2payrollcreditrefund.com/
Origin
https://w2payrollcreditrefund.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Thu, 24 Feb 2022 12:37:34 GMT
via
1.1 5071afda1ab6f09c39c5873ced3e225c.cloudfront.net (CloudFront)
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
MXP63-P1
x-cache
Hit from cloudfront
access-control-max-age
3000
access-control-allow-methods
GET
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
78168
last-modified
Wed, 04 Aug 2021 18:58:24 GMT
server
cloudflare
etag
"a9fd1225fb2cd32320e2b931dca01089"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bWA%2Fv1PuKzAWbi%2FFp9eN9aDvgpbo2AnDvqIDWjCfdDs78y25ID4J8%2F1HmIg86ab8YaHG3mruFRfTi3x1qr5f8gUNkSKP1Vw52w5yRbzPQkJC2jqiQU51wFfXxvuUlUQURmB9laLxc2Le46HIBmPopXTwNQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31556926
accept-ranges
bytes
cf-ray
6e28befb1ee6f933-MXP
access-control-allow-headers
fa-kit-token
x-amz-cf-id
Lr8KfZL4814G5zaLHqwDrC5w6t5zfD0BCzx5lML0A25L9s3zznHu_Q==
S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v22/ 		23 KB
24 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/lato/v22/S6uyw4BMUTPHjx4wXg.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Abril+Fatface&family=Amatic+SC:wght@400;700&family=Architects+Daughter&family=Asap:wght@400;700&family=Balsamiq+Sans:wght@400;700&family=Barlow:wght@400;700;900&family=Bebas+Neue&family=Bitter:wght@400;700;900&family=Cabin:wght@400;700&family=Cairo:wght@400;700&family=Cormorant+Garamond:wght@400;700&family=Crimson+Text:wght@400;700&family=Dancing+Script:wght@400;700&family=Fira+Sans:wght@400;700;900&family=Fjalla+One&family=Indie+Flower&family=Josefin+Sans:wght@400;700&family=Lato:wght@400;700;900&family=Libre+Baskerville:wght@400;700&family=Libre+Franklin:wght@400;700;900&family=Lobster&family=Lora:wght@400;700&family=Martel:wght@400;700;900&family=Merriweather:wght@400;700;900&family=Montserrat:wght@400;700;900&family=Mukta:wght@400;700&family=Noto+Sans+JP:wght@400;700&family=Noto+Sans+KR:wght@400;700;900&family=Noto+Sans:wght@400;700&family=Noto+Serif:wght@400;700&family=Nunito+Sans:wght@200;300;400;700;900&family=Nunito:wght@300;400;700;900&family=Old+Standard+TT:wght@400;700&family=Open+Sans+Condensed:wght@300;700&family=Open+Sans:wght@300;400;700&family=Oswald:wght@400;700&family=Overpass:wght@400;700;900&family=Oxygen:wght@300;400;700&family=PT+Sans+Narrow:wght@400;700&family=PT+Sans:wght@400;700&family=PT+Serif:wght@400;700&family=Pacifico&family=Playfair+Display:wght@400;700;900&family=Poppins:ital,wght@0,400;0,700;1,900&family=Raleway:wght@400;700;900&family=Roboto+Condensed:wght@400;700&family=Roboto+Slab:wght@400;700;900&family=Roboto:ital,wght@0,100;0,300;0,400;0,500;0,700;0,900;1,100;1,300;1,400;1,500;1,700;1,900&family=Rubik:ital,wght@0,400;0,700;1,900&family=Shadows+Into+Light&family=Signika:wght@400;700&family=Slabo+27px&family=Source+Code+Pro:wght@400;700;900&family=Source+Sans+Pro:wght@400;700;900&family=Source+Serif+Pro:wght@400;700;900&family=Tajawal:wght@400;700;900&family=Titillium+Web:wght@400;700;900&family=Ubuntu:wght@400;700&family=Work+Sans:wght@400;700;900&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://w2payrollcreditrefund.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Wed, 23 Feb 2022 19:30:30 GMT
x-content-type-options
nosniff
age
61624
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
23580
x-xss-protection
0
last-modified
Wed, 26 Jan 2022 19:14:03 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 23 Feb 2023 19:30:30 GMT
free-fa-regular-400.woff2
ka-f.fontawesome.com/releases/v5.15.4/webfonts/ 		13 KB
14 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://ka-f.fontawesome.com/releases/v5.15.4/webfonts/free-fa-regular-400.woff2
Requested by
Host: w2payrollcreditrefund.com
URL: https://w2payrollcreditrefund.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
48fb6f0d8ac464d95cbc2df3ffa7bf5066950898c5581f5133d0565abb7f706b

Request headers

Referer
https://w2payrollcreditrefund.com/
Origin
https://w2payrollcreditrefund.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Thu, 24 Feb 2022 12:37:34 GMT
via
1.1 d2efc2528c9d37ec19b94a3d8dc21422.cloudfront.net (CloudFront)
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
MXP63-P1
x-cache
Hit from cloudfront
access-control-max-age
3000
access-control-allow-methods
GET
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
13216
last-modified
Wed, 04 Aug 2021 18:58:24 GMT
server
cloudflare
etag
"b8f1c6a3a94d42b082c29f0b1db8ba95"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=REastjtCaWK8K%2FyocWPLgQL%2BdmT9Xto7nRqF0bRGNwL2qsv%2FyjLybAwGrt7TZtgsOV%2BZ2x1N1Zy%2BpVWG8ZJCIRjrFNQ%2BI6EhGKe55GmW%2F5hHWewZonOqIDT2DRe%2Fpv1x4YJhG1RxD%2BOMJekFMcCtvV%2BPYw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31556926
accept-ranges
bytes
cf-ray
6e28befb1ee2f933-MXP
access-control-allow-headers
fa-kit-token
x-amz-cf-id
IrtMEW1QV5ZpFwCJoqO8C7xIr4t-kOzuMClCZdWrtwoS8AYJN8Y6ng==
showFormEmbed
fs22.formsite.com/res/ Frame 1E5C 		11 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://fs22.formsite.com/res/showFormEmbed?EParam=m_OmK8apOTBq9zAPECUmc4YvBMmXmdLwdgTYVfxeOgg&1300974183&EmbedId=1300974183
Requested by
Host: fs22.formsite.com
URL: https://fs22.formsite.com/include/form/embedManager.js?1300974183
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.194.91.8 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-194-91-8.compute-1.amazonaws.com
Software
Apache /
Resource Hash
a77eb666b60cb60e1a66e203a44146a34587ff7e591d3b477dc811f7bee5ab6a

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://w2payrollcreditrefund.com/

Response headers

date
Thu, 24 Feb 2022 12:37:35 GMT
content-type
text/html;charset=UTF-8
content-length
2786
server
Apache
vary
Accept-Encoding,User-Agent
content-encoding
gzip
alpine.min.js
cdn.jsdelivr.net/gh/alpinejs/alpine@v2.7.0/dist/ 		26 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/gh/alpinejs/alpine@v2.7.0/dist/alpine.min.js
Requested by
Host: w2payrollcreditrefund.com
URL: https://w2payrollcreditrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5914 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0418dcc7451e532116c6d25c43f5f02e9d84aeddcb8c4bbb40ae95345a7593c9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://w2payrollcreditrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Thu, 24 Feb 2022 12:37:34 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
920463
x-jsd-version
2.7.0
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains; preload
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by
cache-fra19151-FRA, cache-mxp6968-MXP
timing-allow-origin
*
x-jsd-version-type
version
server
cloudflare
etag
W/"6624-bavr+lw8nCFVjGQ5N2Zkg7TuErs"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
cf-ray
6e28befb9c3059e3-MXP
jquery-ui.css
ajax.googleapis.com/ajax/libs/jqueryui/1.12.1/themes/smoothness/ Frame 1E5C 		36 KB
36 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jqueryui/1.12.1/themes/smoothness/jquery-ui.css
Requested by
Host: fs22.formsite.com
URL: https://fs22.formsite.com/res/showFormEmbed?EParam=m_OmK8apOTBq9zAPECUmc4YvBMmXmdLwdgTYVfxeOgg&1300974183&EmbedId=1300974183
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f9b751c1cd0d2b0f91862db987fed9dda48758b15e6f42ca67796b45f4b21702
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://fs22.formsite.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Thu, 24 Feb 2022 01:53:34 GMT
x-content-type-options
nosniff
age
38641
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36536
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/css; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 24 Feb 2023 01:53:34 GMT
fonts8.css
fs22.formsite.com/include/form/ Frame 1E5C 		20 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fs22.formsite.com/include/form/fonts8.css?2305778062069
Requested by
Host: fs22.formsite.com
URL: https://fs22.formsite.com/res/showFormEmbed?EParam=m_OmK8apOTBq9zAPECUmc4YvBMmXmdLwdgTYVfxeOgg&1300974183&EmbedId=1300974183
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.194.91.8 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-194-91-8.compute-1.amazonaws.com
Software
Apache /
Resource Hash
9221b2c07e1ad6a168982f0fbb342131b2e96c0ebe5902d98653d3a546a34632

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://fs22.formsite.com/res/showFormEmbed?EParam=m_OmK8apOTBq9zAPECUmc4YvBMmXmdLwdgTYVfxeOgg&1300974183&EmbedId=1300974183
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Thu, 24 Feb 2022 12:37:35 GMT
content-encoding
gzip
last-modified
Thu, 21 Oct 2021 13:46:26 GMT
server
Apache
etag
"4e63-gzip"
vary
Accept-Encoding,User-Agent
content-type
text/css
cache-control
max-age=604800
accept-ranges
bytes
content-length
4202
expires
Thu, 03 Mar 2022 12:37:35 GMT
screen8.css
fs22.formsite.com/include/form/ Frame 1E5C 		20 KB
9 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fs22.formsite.com/include/form/screen8.css?2305778062069
Requested by
Host: fs22.formsite.com
URL: https://fs22.formsite.com/res/showFormEmbed?EParam=m_OmK8apOTBq9zAPECUmc4YvBMmXmdLwdgTYVfxeOgg&1300974183&EmbedId=1300974183
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.194.91.8 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-194-91-8.compute-1.amazonaws.com
Software
Apache /
Resource Hash
6b223bb6c3fb8210034350b25e704c74c30d87756cdda5432b4649483e366e78

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://fs22.formsite.com/res/showFormEmbed?EParam=m_OmK8apOTBq9zAPECUmc4YvBMmXmdLwdgTYVfxeOgg&1300974183&EmbedId=1300974183
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Thu, 24 Feb 2022 12:37:35 GMT
content-encoding
gzip
last-modified
Wed, 10 Nov 2021 15:07:12 GMT
server
Apache
etag
"4f2f-gzip"
vary
Accept-Encoding,User-Agent
content-type
text/css
cache-control
max-age=604800
accept-ranges
bytes
content-length
8161
expires
Thu, 03 Mar 2022 12:37:35 GMT
responsive8.css
fs22.formsite.com/include/form/ Frame 1E5C 		3 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fs22.formsite.com/include/form/responsive8.css?2305778062069
Requested by
Host: fs22.formsite.com
URL: https://fs22.formsite.com/res/showFormEmbed?EParam=m_OmK8apOTBq9zAPECUmc4YvBMmXmdLwdgTYVfxeOgg&1300974183&EmbedId=1300974183
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.194.91.8 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-194-91-8.compute-1.amazonaws.com
Software
Apache /
Resource Hash
faa7999a9bc916746448d20ba389c7360faea9bc01a9e53fc08275e565cbf399

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://fs22.formsite.com/res/showFormEmbed?EParam=m_OmK8apOTBq9zAPECUmc4YvBMmXmdLwdgTYVfxeOgg&1300974183&EmbedId=1300974183
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Thu, 24 Feb 2022 12:37:35 GMT
content-encoding
gzip
last-modified
Wed, 10 Nov 2021 15:07:12 GMT
server
Apache
etag
"bb2-gzip"
vary
Accept-Encoding,User-Agent
content-type
text/css
cache-control
max-age=604800
accept-ranges
bytes
content-length
876
expires
Thu, 03 Mar 2022 12:37:35 GMT
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.6.0/ Frame 1E5C 		87 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js
Requested by
Host: fs22.formsite.com
URL: https://fs22.formsite.com/res/showFormEmbed?EParam=m_OmK8apOTBq9zAPECUmc4YvBMmXmdLwdgTYVfxeOgg&1300974183&EmbedId=1300974183
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://fs22.formsite.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Mon, 21 Feb 2022 09:00:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
272235
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
31017
x-xss-protection
0
last-modified
Wed, 10 Mar 2021 14:28:09 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 21 Feb 2023 09:00:20 GMT
jquery-ui.min.js
ajax.googleapis.com/ajax/libs/jqueryui/1.12.1/ Frame 1E5C 		248 KB
67 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jqueryui/1.12.1/jquery-ui.min.js
Requested by
Host: fs22.formsite.com
URL: https://fs22.formsite.com/res/showFormEmbed?EParam=m_OmK8apOTBq9zAPECUmc4YvBMmXmdLwdgTYVfxeOgg&1300974183&EmbedId=1300974183
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55accff7b642c2d7a402cbe03c1494c0f14a76bc03dee9d47d219562b6a152a5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://fs22.formsite.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 18 Feb 2022 15:26:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
508274
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
67948
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 18 Feb 2023 15:26:21 GMT
form8.js
fs22.formsite.com/include/form/ Frame 1E5C 		27 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fs22.formsite.com/include/form/form8.js?2305778062069
Requested by
Host: fs22.formsite.com
URL: https://fs22.formsite.com/res/showFormEmbed?EParam=m_OmK8apOTBq9zAPECUmc4YvBMmXmdLwdgTYVfxeOgg&1300974183&EmbedId=1300974183
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.194.91.8 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-194-91-8.compute-1.amazonaws.com
Software
Apache /
Resource Hash
7b47ae80afa3203ba35b6f17e9a9c0641ac3f8f5d37b3ae9f01f06730b1e7ae6

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://fs22.formsite.com/res/showFormEmbed?EParam=m_OmK8apOTBq9zAPECUmc4YvBMmXmdLwdgTYVfxeOgg&1300974183&EmbedId=1300974183
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Thu, 24 Feb 2022 12:37:35 GMT
content-encoding
gzip
last-modified
Wed, 10 Nov 2021 15:07:12 GMT
server
Apache
etag
"6c5c-gzip"
vary
Accept-Encoding,User-Agent
content-type
application/javascript
cache-control
max-age=604800
accept-ranges
bytes
content-length
7457
expires
Thu, 03 Mar 2022 12:37:35 GMT
embed.js
fs22.formsite.com/include/form/ Frame 1E5C 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fs22.formsite.com/include/form/embed.js
Requested by
Host: fs22.formsite.com
URL: https://fs22.formsite.com/res/showFormEmbed?EParam=m_OmK8apOTBq9zAPECUmc4YvBMmXmdLwdgTYVfxeOgg&1300974183&EmbedId=1300974183
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.194.91.8 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-194-91-8.compute-1.amazonaws.com
Software
Apache /
Resource Hash
9bf76c0981f3d7cb30be16f19b1419bad27dbccc3c5c5496cd1c84982e756dd8

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://fs22.formsite.com/res/showFormEmbed?EParam=m_OmK8apOTBq9zAPECUmc4YvBMmXmdLwdgTYVfxeOgg&1300974183&EmbedId=1300974183
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Thu, 24 Feb 2022 12:37:35 GMT
content-encoding
gzip
last-modified
Mon, 30 Mar 2020 16:25:53 GMT
server
Apache
etag
"8fe-gzip"
vary
Accept-Encoding,User-Agent
content-type
application/javascript
cache-control
max-age=604800
accept-ranges
bytes
content-length
855
expires
Thu, 03 Mar 2022 12:37:35 GMT
print8.css
fs22.formsite.com/include/form/ Frame 1E5C 		375 B
766 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fs22.formsite.com/include/form/print8.css?2305778062069
Requested by
Host: fs22.formsite.com
URL: https://fs22.formsite.com/res/showFormEmbed?EParam=m_OmK8apOTBq9zAPECUmc4YvBMmXmdLwdgTYVfxeOgg&1300974183&EmbedId=1300974183
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.194.91.8 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-194-91-8.compute-1.amazonaws.com
Software
Apache /
Resource Hash
fe096c1a1b3636490559c3e3d5c51dedcfed669ef95394071a765d922937dc6d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://fs22.formsite.com/res/showFormEmbed?EParam=m_OmK8apOTBq9zAPECUmc4YvBMmXmdLwdgTYVfxeOgg&1300974183&EmbedId=1300974183
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Thu, 24 Feb 2022 12:37:35 GMT
content-encoding
gzip
last-modified
Mon, 01 Apr 2019 18:07:07 GMT
server
Apache
etag
"177-gzip"
vary
Accept-Encoding,User-Agent
content-type
text/css
cache-control
max-age=604800
accept-ranges
bytes
content-length
200
expires
Thu, 03 Mar 2022 12:37:35 GMT
0dTEPzkLWceF7z0koJaX1A.woff2
fonts.gstatic.com/s/raleway/v22/ Frame 1E5C 		46 KB
46 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/raleway/v22/0dTEPzkLWceF7z0koJaX1A.woff2
Requested by
Host: fs22.formsite.com
URL: https://fs22.formsite.com/include/form/fonts8.css?2305778062069
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2101735d43a8d486dbc5139500a78420766cc673a3610363ce9525526c3f5149
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fs22.formsite.com/
Origin
https://fs22.formsite.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Tue, 22 Feb 2022 19:47:50 GMT
x-content-type-options
nosniff
age
146985
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
47312
x-xss-protection
0
last-modified
Tue, 29 Jun 2021 19:40:31 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Wed, 22 Feb 2023 19:47:50 GMT
zOdksD_UUTk1LJF9z4tURA.woff2
fonts.gstatic.com/s/cinzel/v12/ Frame 1E5C 		24 KB
24 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/cinzel/v12/zOdksD_UUTk1LJF9z4tURA.woff2
Requested by
Host: fs22.formsite.com
URL: https://fs22.formsite.com/include/form/fonts8.css?2305778062069
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
304cbbc575c227a24f183d9800167ab06418327356f73099404136d8bb9a6c92
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fs22.formsite.com/
Origin
https://fs22.formsite.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Tue, 22 Feb 2022 21:09:11 GMT
x-content-type-options
nosniff
age
142104
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
24996
x-xss-protection
0
last-modified
Tue, 04 May 2021 22:35:55 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Wed, 22 Feb 2023 21:09:11 GMT

Verdicts & Comments Add Verdict or Comment

26 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| structuredClone object| FontAwesomeKitConfig string| websiteurl undefined| encodeSite object| _paq function| mergeContentSettings object| Piwik object| Matomo object| AnalyticsTracker function| piwik_log function| setupNavmenu function| fetchGPmegamenu function| setvIframe function| loadFrame object| thumbnailImg function| setImmediate function| clearImmediate object| regeneratorRuntime function| iFrameResize object| FontAwesomeConfig object| ___FONT_AWESOME___ object| EmbedManager object| Alpine object| site boolean| gpNavmenusReady

5 Cookies

Domain/Path Name / Value
fs22.formsite.com/res Name: JSESSIONID
Value: 16E752A2A56ABE03EA5614A692514AE6
w2payrollcreditrefund.com/ Name: _pk_id.4.90fd
Value: bfa677bc4ae412b8.1645706254.
w2payrollcreditrefund.com/ Name: _pk_ses.4.90fd
Value: 1
w2payrollcreditrefund.com/ Name: hasVisitedPopupPage
Value: true
fs22.formsite.com/ Name: AWSALBCORS
Value: SBrUBRf7EQxvRt75NNZOGE8StoRn019l/77K+1xE4LHaGV92XfCBkLsfC24ajySUrkDMjbJEQYwjbUDZf/wPgWoMLSMygBZuAcEXfFv0rOY2kOrf+sqr8hp8dguo

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
app.groove.cm
assets.grooveapps.com
cdn.jsdelivr.net
fonts.googleapis.com
fonts.gstatic.com
fs22.formsite.com
ka-f.fontawesome.com
kit.fontawesome.com
matomo.groovetech.io
w2payrollcreditrefund.com
widget.groovevideo.com
2600:9000:223d:1a00:b:d801:7900:93a1
2606:4700::6810:5914
2606:4700::6812:15b4
2606:4700::6812:1734
2a00:1450:4001:827::2003
2a00:1450:4001:827::200a
2a00:1450:4001:82a::200a
2a06:98c1:3121::7
44.194.91.8
0418dcc7451e532116c6d25c43f5f02e9d84aeddcb8c4bbb40ae95345a7593c9
1d0279475831ba535ccf63fcd47e1298213f296b4f7601b800b00a8738888c39
2101735d43a8d486dbc5139500a78420766cc673a3610363ce9525526c3f5149
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
2cb7e9bcc14cd1ed7311c482d2f39f9dfb3b29c94dd9397d160d42eceec3f320
2ea6220dd8a0ab082f82d13cbcb0166658001bd983ec96ae67092448ec17d3d7
304cbbc575c227a24f183d9800167ab06418327356f73099404136d8bb9a6c92
3d95841bd5ae6655a3c5ebe534fae99d5cb088aaf0b0916bbe62c7bbf1bb0388
43af579102b8c4adff968a3a00280fc2061cc33538c7bbad1d8d6ec775f0807b
47f8db68b4f9247e17826d55ecd182b3d659290217bb72c915fe41cb13008438
48eaa291203e5809dd4cc90c9391c2bd10855cacb7631dbd545e157fae57fb03
48fb6f0d8ac464d95cbc2df3ffa7bf5066950898c5581f5133d0565abb7f706b
54fc107c3868e6216c4f944c1583ea3d32b70e8c7c019f49f3f7229f85e8d908
558156faa0f698195670c3dbde3988438153348273597da1913a0b540da7e0c7
55accff7b642c2d7a402cbe03c1494c0f14a76bc03dee9d47d219562b6a152a5
5c33ec265d30d92bea7ff6464a5f8e120c81056bab2a1c2928d2fb80f75cfbc6
64ed16fb5adc4d3e168cf43066195e1e4737befa2e8f57a0f3653bbbac7ec1df
6b223bb6c3fb8210034350b25e704c74c30d87756cdda5432b4649483e366e78
6dea47458a4cd7cd7312cc780a53c62e0c8b3ccc8d0b13c1ac0ea6e3dfcecea8
7a7249a1f634a0ecfc772e774a158a0ab74c354609558c382b130bf37a91b346
7b47ae80afa3203ba35b6f17e9a9c0641ac3f8f5d37b3ae9f01f06730b1e7ae6
7f8b63bff49fba3c5bae30f4eb39f2fd6d088fbe9d7292bdf37b0ef4a1ec68d6
85a2384595926a0d1306834e955dceff74b539d22f78e06a276c3c6c5d8a09cc
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
9221b2c07e1ad6a168982f0fbb342131b2e96c0ebe5902d98653d3a546a34632
98604d0054239be392f6fcd294ca934f6a16dc5dcaf06ba1e6c8b587cbd4f9aa
9bf76c0981f3d7cb30be16f19b1419bad27dbccc3c5c5496cd1c84982e756dd8
9c8d64cbf085d79f198e754889157afbab4bb16da50777158bba9c0070cf2baf
a77eb666b60cb60e1a66e203a44146a34587ff7e591d3b477dc811f7bee5ab6a
b618174bba540a0b80130a805618fb6417602e4119495cb7b8df5826a0aa1ddc
bfa7207f906f16335cb1847200dcf1d0b0e219787a20951f8237e553f049b3e1
bff8c4e7c45be1885adb89fb134721995d8c0c82701ed91a54684f3c998269e1
c55a148df10773ef97156c4ec52f459e83080758c5f70d62a2109bdf8beea2ef
c5dd43f53f3af822cbf17b1fb75f46192cdbd51724f277acf6cf0dacb3fd57e7
d5255ecbcd3d1b59a62b8cfff6255833a74b36ca93977b796ee19e40a95bf2b4
da27c05eb715cddfc3bddb51b42095c9257eabe1fe46ad69fca9d352a193520a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ee96ad42c85f62358253b6382ed995d14fccc53700a86dbb2981f140508520ca
f027ea063eee0d6e52cca300261c8769a933de84ffdb7e6a2214d447793444db
f9b751c1cd0d2b0f91862db987fed9dda48758b15e6f42ca67796b45f4b21702
faa7999a9bc916746448d20ba389c7360faea9bc01a9e53fc08275e565cbf399
fc5128dfdcdfa0c3a9967a6d2f19399d7bf1aaae6ad7571b96b03915a1f30dda
fdcb220d2ac9660c2bb74a00a94cc555fe77c3a0335973dab8bf5ab2018aeb32
fe096c1a1b3636490559c3e3d5c51dedcfed669ef95394071a765d922937dc6d
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e