storage.googleapis.com Open in urlscan Pro
2a00:1450:4001:828::2010 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://storage.googleapis.com/gr4ih4.appspot.com/ytujyhtgbvfdcsx.html
Submission: On November 17 via automatic, source openphish (November 17th 2021, 1:05:55 am UTC) — Scanned from DE

Summary HTTP 33 Redirects Behaviour Indicators

Summary

This website contacted 7 IPs in 2 countries across 5 domains to perform 33 HTTP transactions. The main IP is 2a00:1450:4001:828::2010, located in Frankfurt am Main, Germany and belongs to GOOGLE, US. The main domain is storage.googleapis.com.
TLS certificate: Issued by GTS CA 1C3 on October 18th 2021. Valid for: 3 months.

This is the only time storage.googleapis.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: IRS (Government)

Domain & IP information

	IP Address	AS Autonomous System
1	2a00:1450:400... 2a00:1450:4001:828::2010	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:810::200a	15169 (GOOGLE) (GOOGLE)
1 5	103.153.183.32 103.153.183.32	140947 (SNTHOSTIN...) (SNTHOSTINGS-AS-AP SnTHostings)
17	2600:141b:f00... 2600:141b:f000:9b1::1301	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 1	2600:141b:f00... 2600:141b:f000:981::f50	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4	2600:1f12:6fd... 2600:1f12:6fd:f500:b83e:bc16:40b7:efe9	8987 (AMAZON EX...) (AMAZON EXPANSION)
4	2a02:26f0:6c0... 2a02:26f0:6c00::210:ba81	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a00:1450:400... 2a00:1450:4001:82a::200e	15169 (GOOGLE) (GOOGLE)
33	7

1 2a00:1450:4001:828::2010 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

storage.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 103.153.183.32 (Los Angeles, United States) 1 redirects

ASN140947 (SNTHOSTINGS-AS-AP SnTHostings, IN)
PTR: 103.153.183.32.static.snthostings.com

autodoc345kwru.gb.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2600:141b:f000:9b1::1301 (Edison, United States)

ASN20940 (AKAMAI-ASN1, NL)

sa.www4.irs.gov	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:141b:f000:981::f50 (Edison, United States) 1 redirects

ASN20940 (AKAMAI-ASN1, NL)

www.irs.gov	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:1f12:6fd:f500:b83e:bc16:40b7:efe9 (Boardman, United States)

ASN8987 (AMAZON EXPANSION, IE)

connect.irs.gov	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:26f0:6c00::210:ba81 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

p11.techlab-cdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
22	irs.gov 1 redirects sa.www4.irs.gov www.irs.gov connect.irs.gov	225 KB
5	gb.net 1 redirects autodoc345kwru.gb.net	12 KB
4	techlab-cdn.com p11.techlab-cdn.com	58 KB
2	google-analytics.com www.google-analytics.com	21 KB
2	googleapis.com storage.googleapis.com ajax.googleapis.com	35 KB
33	5

	Domain	Requested by
17	sa.www4.irs.gov	autodoc345kwru.gb.net
5	autodoc345kwru.gb.net	1 redirects storage.googleapis.com autodoc345kwru.gb.net sa.www4.irs.gov
4	p11.techlab-cdn.com	sa.www4.irs.gov
4	connect.irs.gov	autodoc345kwru.gb.net sa.www4.irs.gov
2	www.google-analytics.com	sa.www4.irs.gov
1	www.irs.gov	1 redirects
1	ajax.googleapis.com	storage.googleapis.com
1	storage.googleapis.com
33	8

This site contains no links.

Subject Issuer	Validity	Valid
*.storage.googleapis.com GTS CA 1C3	`2021-10-18` - `2022-01-10`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2021-10-18` - `2022-01-10`	3 months	crt.sh
*.autodoc345kwru.gb.net R3	`2021-10-01` - `2021-12-30`	3 months	crt.sh
sa.www4.irs.gov Entrust Certification Authority - L1K	`2021-09-29` - `2022-10-28`	a year	crt.sh
go.chameleonx.com DigiCert SHA2 Secure Server CA	`2021-11-08` - `2022-11-08`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-10-18` - `2022-01-10`	3 months	crt.sh
connect.irs.gov Entrust Certification Authority - L1K	`2020-12-08` - `2021-12-14`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://storage.googleapis.com/gr4ih4.appspot.com/ytujyhtgbvfdcsx.html
Frame ID: 5DB2B024F1955F4F06DC3E0247B02959
Requests: 2 HTTP requests in this frame

Frame: https://autodoc345kwru.gb.net/yuiujytgrfeds/NE53xElZQblg39.32.60.2346ee39d5c3305019bb4e8b06f9a8e5b02ec4b592d15ef91d942c9d8d6d0e9c009PakistanAsiaPKAS17-11-202101-05-51am/?Key=NE53xElZQblg39.32.60.2346ee39d5c3305019bb4e8b06f9a8e5b02ec4b592d15ef91d942c9d8d6d0e9c009PakistanAsiaPKAS17-11-202101-05-51am&2021lnboxLightesapncrosoversuvsnowinallovertheworld_NE53xElZQblg39.32.60.2346ee39d5c3305019bb4e8b06f9a8e5b02ec4b592d15ef91d942c9d8d6d0e9c009PakistanAsiaPKAS17-11-202101-05-51am_TkU1M3hFbFpRYmxn-&6ee39d5c3305019bb4e8b06f9a8e5b02ec4b592d15ef91d942c9d8d6d0e9c009
Frame ID: 156D34B236AAD1277EC9468D78E1A855
Requests: 31 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Statistics

33
Requests

97 %
HTTPS

88 %
IPv6

5
Domains

8
Subdomains

7
IPs

2
Countries

351 kB
Transfer

905 kB
Size

3
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 2

https://autodoc345kwru.gb.net/yuiujytgrfeds/NE53xElZQblg39.32.60.2346ee39d5c3305019bb4e8b06f9a8e5b02ec4b592d15ef91d942c9d8d6d0e9c009PakistanAsiaPKAS17-11-202101-05-51am?Key=NE53xElZQblg39.32.60.2346ee39d5c3305019bb4e8b06f9a8e5b02ec4b592d15ef91d942c9d8d6d0e9c009PakistanAsiaPKAS17-11-202101-05-51am&2021lnboxLightesapncrosoversuvsnowinallovertheworld_NE53xElZQblg39.32.60.2346ee39d5c3305019bb4e8b06f9a8e5b02ec4b592d15ef91d942c9d8d6d0e9c009PakistanAsiaPKAS17-11-202101-05-51am_TkU1M3hFbFpRYmxn-&6ee39d5c3305019bb4e8b06f9a8e5b02ec4b592d15ef91d942c9d8d6d0e9c009 HTTP 301
https://autodoc345kwru.gb.net/yuiujytgrfeds/NE53xElZQblg39.32.60.2346ee39d5c3305019bb4e8b06f9a8e5b02ec4b592d15ef91d942c9d8d6d0e9c009PakistanAsiaPKAS17-11-202101-05-51am/?Key=NE53xElZQblg39.32.60.2346ee39d5c3305019bb4e8b06f9a8e5b02ec4b592d15ef91d942c9d8d6d0e9c009PakistanAsiaPKAS17-11-202101-05-51am&2021lnboxLightesapncrosoversuvsnowinallovertheworld_NE53xElZQblg39.32.60.2346ee39d5c3305019bb4e8b06f9a8e5b02ec4b592d15ef91d942c9d8d6d0e9c009PakistanAsiaPKAS17-11-202101-05-51am_TkU1M3hFbFpRYmxn-&6ee39d5c3305019bb4e8b06f9a8e5b02ec4b592d15ef91d942c9d8d6d0e9c009

Request Chain 8

https://www.irs.gov/tdcoffers.js HTTP 302
https://connect.irs.gov/system/web/custom/offers/custoffers.js

33 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request ytujyhtgbvfdcsx.html Show response
storage.googleapis.com/gr4ih4.appspot.com/ 1 KB
2 KB 29ms
7ms Document
text/html 2a00:1450:4001:828::2010
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://storage.googleapis.com/gr4ih4.appspot.com/ytujyhtgbvfdcsx.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:828::2010 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 4cd6979b455fcbd956fda9de08eca1d4e1f67d11e19678af20c27e69c9a0866f

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

x-guploader-uploadid: ADPycduSIg1hfR6OuDgIK20S7i4eN_O5WWTyIrXCYlOwiDb7UXBPAqheG8oSZaHnLMRfoki-pQhpZ4HxTZBweLxkqKU
expires: Wed, 17 Nov 2021 01:12:05 GMT
date: Wed, 17 Nov 2021 00:12:05 GMT
last-modified: Fri, 12 Nov 2021 00:39:07 GMT
etag: "64db5769b3dc5b239d2c9a4999a0f7cd"
x-goog-generation: 1636677547029007
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 1480
x-goog-meta-firebasestoragedownloadtokens: 5f037fe0-32ea-44c5-951a-9f35c0a15a94
content-type: text/html
content-disposition: inline; filename*=utf-8''ytujyhtgbvfdcsx.html
x-goog-hash: crc32c=XeTSQw== md5=ZNtXabPcWyOdLJpJmaD3zQ==
x-goog-storage-class: STANDARD
accept-ranges: bytes
content-length: 1480
server: UploadServer
age: 3225
cache-control: public, max-age=3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.10.2/ 91 KB
33 KB 29ms
7ms Script
text/javascript 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js

Requested by

Host: storage.googleapis.com
URL: https://storage.googleapis.com/gr4ih4.appspot.com/ytujyhtgbvfdcsx.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

89a15e9c40bc6b14809f236ee8cd3ed1ea42393c1f6ca55c7855cd779b3f922e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://storage.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 19:58:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 18465
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32954
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 16 Nov 2022 19:58:05 GMT

GET
H/1.1 200
OK / Show response
autodoc345kwru.gb.net/yuiujytgrfeds/ Frame 156D 1 KB
2 KB 1040ms
444ms Document
text/html 103.153.183.32
SNTHOSTINGS-AS-AP...

General

Check archive.org

Show headers Download Go to

Full URL: https://autodoc345kwru.gb.net/yuiujytgrfeds/?bigdreamice=gbf34rfejkf
Requested by: Host: storage.googleapis.com
URL: https://storage.googleapis.com/gr4ih4.appspot.com/ytujyhtgbvfdcsx.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.153.183.32 Los Angeles, United States, ASN140947 (SNTHOSTINGS-AS-AP SnTHostings, IN),
Reverse DNS: 103.153.183.32.static.snthostings.com
Software: Apache /
Resource Hash: efc55bd0bb97494120782b071ef45c5157faf810606bc12a46a4aa984586acc8

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://storage.googleapis.com/

Response headers

Date: Wed, 17 Nov 2021 01:05:51 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1

200
OK

/ Show response
autodoc345kwru.gb.net/yuiujytgrfeds/NE53xElZQblg39.32.60.2346ee39d5c3305019bb4e8b06f9a8e5b02ec4b592d15ef91d942c9d8d6d0e9c009PakistanAsiaPKAS17-11-202101-05-51am/ Frame 156D
Redirect Chain

https://autodoc345kwru.gb.net/yuiujytgrfeds/NE53xElZQblg39.32.60.2346ee39d5c3305019bb4e8b06f9a8e5b02ec4b592d15ef91d942c9d8d6d0e9c009PakistanAsiaPKAS17-11-202101-05-51am?Key=NE53xElZQblg39.32.60.234...
https://autodoc345kwru.gb.net/yuiujytgrfeds/NE53xElZQblg39.32.60.2346ee39d5c3305019bb4e8b06f9a8e5b02ec4b592d15ef91d942c9d8d6d0e9c009PakistanAsiaPKAS17-11-202101-05-51am/?Key=NE53xElZQblg39.32.60.23...

9 KB
9 KB

145ms
145ms

Document
text/html

103.153.183.32
SNTHOSTINGS-AS-AP...

General

Check archive.org

Show headers Download Go to

Full URL: https://autodoc345kwru.gb.net/yuiujytgrfeds/NE53xElZQblg39.32.60.2346ee39d5c3305019bb4e8b06f9a8e5b02ec4b592d15ef91d942c9d8d6d0e9c009PakistanAsiaPKAS17-11-202101-05-51am/?Key=NE53xElZQblg39.32.60.2346ee39d5c3305019bb4e8b06f9a8e5b02ec4b592d15ef91d942c9d8d6d0e9c009PakistanAsiaPKAS17-11-202101-05-51am&2021lnboxLightesapncrosoversuvsnowinallovertheworld_NE53xElZQblg39.32.60.2346ee39d5c3305019bb4e8b06f9a8e5b02ec4b592d15ef91d942c9d8d6d0e9c009PakistanAsiaPKAS17-11-202101-05-51am_TkU1M3hFbFpRYmxn-&6ee39d5c3305019bb4e8b06f9a8e5b02ec4b592d15ef91d942c9d8d6d0e9c009
Requested by: Host: autodoc345kwru.gb.net
URL: https://autodoc345kwru.gb.net/yuiujytgrfeds/?bigdreamice=gbf34rfejkf
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.153.183.32 Los Angeles, United States, ASN140947 (SNTHOSTINGS-AS-AP SnTHostings, IN),
Reverse DNS: 103.153.183.32.static.snthostings.com
Software: Apache /
Resource Hash: 33c4219e0ab5afd5aecfa72b902a2a722857f752ee965a1f386cca19b313b760

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://autodoc345kwru.gb.net/yuiujytgrfeds/?bigdreamice=gbf34rfejkf

Response headers

Date: Wed, 17 Nov 2021 01:05:52 GMT
Server: Apache
Last-Modified: Wed, 17 Nov 2021 01:05:51 GMT
Accept-Ranges: bytes
Content-Length: 9157
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html

Redirect headers

Date: Wed, 17 Nov 2021 01:05:52 GMT
Server: Apache
Location: https://autodoc345kwru.gb.net/yuiujytgrfeds/NE53xElZQblg39.32.60.2346ee39d5c3305019bb4e8b06f9a8e5b02ec4b592d15ef91d942c9d8d6d0e9c009PakistanAsiaPKAS17-11-202101-05-51am/?Key=NE53xElZQblg39.32.60.2346ee39d5c3305019bb4e8b06f9a8e5b02ec4b592d15ef91d942c9d8d6d0e9c009PakistanAsiaPKAS17-11-202101-05-51am&2021lnboxLightesapncrosoversuvsnowinallovertheworld_NE53xElZQblg39.32.60.2346ee39d5c3305019bb4e8b06f9a8e5b02ec4b592d15ef91d942c9d8d6d0e9c009PakistanAsiaPKAS17-11-202101-05-51am_TkU1M3hFbFpRYmxn-&6ee39d5c3305019bb4e8b06f9a8e5b02ec4b592d15ef91d942c9d8d6d0e9c009
Content-Length: 774
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

GET
H2 200 styles-nonie-1024.css
sa.www4.irs.gov/eauth/pub/common/styleSheets/ Frame 156D 34 KB
8 KB 1233ms
198ms Stylesheet
text/css 2600:141b:f000:9b1::1301
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://sa.www4.irs.gov/eauth/pub/common/styleSheets/styles-nonie-1024.css

Requested by

Host: autodoc345kwru.gb.net
URL: https://autodoc345kwru.gb.net/yuiujytgrfeds/NE53xElZQblg39.32.60.2346ee39d5c3305019bb4e8b06f9a8e5b02ec4b592d15ef91d942c9d8d6d0e9c009PakistanAsiaPKAS17-11-202101-05-51am/?Key=NE53xElZQblg39.32.60.2346ee39d5c3305019bb4e8b06f9a8e5b02ec4b592d15ef91d942c9d8d6d0e9c009PakistanAsiaPKAS17-11-202101-05-51am&2021lnboxLightesapncrosoversuvsnowinallovertheworld_NE53xElZQblg39.32.60.2346ee39d5c3305019bb4e8b06f9a8e5b02ec4b592d15ef91d942c9d8d6d0e9c009PakistanAsiaPKAS17-11-202101-05-51am_TkU1M3hFbFpRYmxn-&6ee39d5c3305019bb4e8b06f9a8e5b02ec4b592d15ef91d942c9d8d6d0e9c009

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:f000:9b1::1301 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

7fbe8e0b4701e7f4aaa9c47499a17862dcec2d93c55b1231f6646c667ed194aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 17 Nov 2021 01:05:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 12 Oct 2021 14:00:32 GMT
etag: "88e6-5ce2844cf4000"
x-frame-options: SAMEORIGIN
content-type: text/css
cache-control: max-age=21600
strict-transport-security: max-age=31536000
accept-ranges: bytes
vary: Accept-Encoding
content-length: 7870
x-xss-protection: 1; mode=block
expires: Wed, 17 Nov 2021 07:05:53 GMT

GET
H2 200 password-feedback-styles-nonie-1024.css
sa.www4.irs.gov/eauth/pub/common/styleSheets/ Frame 156D 5 KB
1 KB 1236ms
201ms Stylesheet
text/css 2600:141b:f000:9b1::1301
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://sa.www4.irs.gov/eauth/pub/common/styleSheets/password-feedback-styles-nonie-1024.css

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:f000:9b1::1301 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

2be3b38d08ee42e465df6f396db597546f9ab8d8c334e326d8a6d66a18f5a046

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 17 Nov 2021 01:05:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 12 Oct 2021 14:00:32 GMT
etag: "13e1-5ce2844cf4000"
x-frame-options: SAMEORIGIN
content-type: text/css
cache-control: max-age=21600
strict-transport-security: max-age=31536000
accept-ranges: bytes
vary: Accept-Encoding
content-length: 925
x-xss-protection: 1; mode=block
expires: Wed, 17 Nov 2021 07:05:53 GMT

GET
H2 200 table.css
sa.www4.irs.gov/eauth/pub/common/styleSheets/ Frame 156D 9 KB
2 KB 1240ms
205ms Stylesheet
text/css 2600:141b:f000:9b1::1301
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://sa.www4.irs.gov/eauth/pub/common/styleSheets/table.css

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:f000:9b1::1301 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

27ad5be4102ef88add12d3ed9fcd75d69102343ed22f9538ea6d7b19ad9f7f5d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 17 Nov 2021 01:05:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 12 Oct 2021 14:00:32 GMT
etag: "236d-5ce2844cf4000"
x-frame-options: SAMEORIGIN
content-type: text/css
cache-control: max-age=21600
strict-transport-security: max-age=31536000
accept-ranges: bytes
vary: Accept-Encoding
content-length: 1336
x-xss-protection: 1; mode=block
expires: Wed, 17 Nov 2021 07:05:53 GMT

GET
H2 200 32cdc9d4acaceaaa7f245fa2cebd5a11630011008c0e Show response
sa.www4.irs.gov/public/ Frame 156D 139 KB
50 KB 1399ms
364ms Script
application/javascript 2600:141b:f000:9b1::1301
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://sa.www4.irs.gov/public/32cdc9d4acaceaaa7f245fa2cebd5a11630011008c0e

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:f000:9b1::1301 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

29837a520cb34c9eb9a4b198d68842f370995c4fa1b3415b625c3737bb8cbbc6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://autodoc345kwru.gb.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 17 Nov 2021 01:05:53 GMT
content-encoding: gzip
vary: Accept-Encoding
content-md5: MaPeDjsD57BLIaEPxKblqg==
content-length: 50416
last-modified: Mon, 24 May 2021 22:03:27 GMT
etag: "0x8D91EFFC217171A"
strict-transport-security: max-age=31536000
access-control-allow-methods: GET, POST, HEAD
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-lease-state,x-ms-blob-type,Accept-Ranges,Content-Length,Date,Transfer-Encoding
cache-control: max-age=600
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 24 May 2021 22:15:23 GMT

GET
H2 200 ga6.js Show response
sa.www4.irs.gov//eauth/pub/common/scripts/ Frame 156D 1 KB
1 KB 1356ms
321ms Script
application/javascript 2600:141b:f000:9b1::1301
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://sa.www4.irs.gov//eauth/pub/common/scripts/ga6.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:f000:9b1::1301 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

82c54fc0f123e80a4791ea2a8348812e073cbda81f8f45ea4ebcd4c381fe2827

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://autodoc345kwru.gb.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 17 Nov 2021 01:05:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 12 Oct 2021 14:00:24 GMT
etag: "500-5ce2844552e00"
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=21600
strict-transport-security: max-age=31536000
accept-ranges: bytes
vary: Accept-Encoding
content-length: 598
x-xss-protection: 1; mode=block
expires: Wed, 17 Nov 2021 07:05:53 GMT

GET
H2

200

custoffers.js Show response
connect.irs.gov/system/web/custom/offers/ Frame 156D
Redirect Chain

https://www.irs.gov/tdcoffers.js
https://connect.irs.gov/system/web/custom/offers/custoffers.js

642 B
1 KB

723ms
189ms

Script
application/javascript

2600:1f12:6fd:f500:b83e:bc16:40b7:efe9
AMAZON EXPANSION

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.irs.gov/system/web/custom/offers/custoffers.js

Requested by

Protocol

Server

2600:1f12:6fd:f500:b83e:bc16:40b7:efe9 Boardman, United States, ASN8987 (AMAZON EXPANSION, IE),

Reverse DNS

Software

Resource Hash

01fc73cda1cfec585350c5192d95a79c978f6489474ae13782696f164b578310

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://autodoc345kwru.gb.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 17 Nov 2021 01:05:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Sat, 07 Aug 2021 00:41:07 GMT
server
etag: "febad7e8248bd71:0"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=7200
strict-transport-security: max-age=31536000; includeSubDomains; preload
accept-ranges: bytes
content-length: 393
x-ua-compatible: IE=EmulateIE9

Redirect headers

location: https://connect.irs.gov/system/web/custom/offers/custoffers.js
date: Wed, 17 Nov 2021 01:05:52 GMT
cache-control: max-age=0
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 0
strict-transport-security: max-age=31536000
expires: Wed, 17 Nov 2021 01:05:52 GMT

GET
H2 200 alerts.jsp Show response
sa.www4.irs.gov/eauth/pub/common/scripts/ Frame 156D 27 KB
28 KB 1440ms
406ms Script
text/javascript 2600:141b:f000:9b1::1301
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://sa.www4.irs.gov/eauth/pub/common/scripts/alerts.jsp

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:f000:9b1::1301 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

140b35e1111d615e355652a2da6e1d62212c9ea6734d0e78e3fc9b0f3d2b92ea

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://autodoc345kwru.gb.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
x-content-type-options: nosniff
date: Wed, 17 Nov 2021 01:05:53 GMT
x-frame-options: SAMEORIGIN
content-language: en-
content-type: text/javascript;charset=UTF-8
content-length: 27370
x-xss-protection: 1; mode=block

GET
H2 200 constants.js Show response
sa.www4.irs.gov/eauth/pub/common/scripts/ Frame 156D 24 KB
7 KB 1243ms
209ms Script
application/javascript 2600:141b:f000:9b1::1301
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://sa.www4.irs.gov/eauth/pub/common/scripts/constants.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:f000:9b1::1301 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

30e2a68237bb95c4873a3edcc6c0ec402dd1e025e29755bd30629d88b06323ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://autodoc345kwru.gb.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 17 Nov 2021 01:05:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 12 Oct 2021 14:00:22 GMT
etag: "6107-5ce284436a980"
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=21600
strict-transport-security: max-age=31536000
accept-ranges: bytes
vary: Accept-Encoding
content-length: 7161
x-xss-protection: 1; mode=block
expires: Wed, 17 Nov 2021 07:05:53 GMT

GET
H2 200 tools.js Show response
sa.www4.irs.gov/eauth/pub/common/scripts/ Frame 156D 97 KB
24 KB 1335ms
301ms Script
application/javascript 2600:141b:f000:9b1::1301
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://sa.www4.irs.gov/eauth/pub/common/scripts/tools.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:f000:9b1::1301 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

74c161b1713fc0fec6f54f1d5d6d7ffc73b8b22dba20eed4d05329985f44fb11

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://autodoc345kwru.gb.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 17 Nov 2021 01:05:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 12 Oct 2021 14:00:26 GMT
etag: "185ba-5ce284473b280"
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=21600
strict-transport-security: max-age=31536000
accept-ranges: bytes
vary: Accept-Encoding
content-length: 24517
x-xss-protection: 1; mode=block
expires: Wed, 17 Nov 2021 07:05:53 GMT

GET
H2 200 login_display.js Show response
sa.www4.irs.gov/eauth/pub/common/scripts/ Frame 156D 3 KB
1 KB 1324ms
290ms Script
application/javascript 2600:141b:f000:9b1::1301
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://sa.www4.irs.gov/eauth/pub/common/scripts/login_display.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:f000:9b1::1301 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

2899294e858822fb49f31663d040b1e0eb1c000acec4408145467896b4679253

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://autodoc345kwru.gb.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 17 Nov 2021 01:05:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 12 Oct 2021 14:00:24 GMT
etag: "abb-5ce2844552e00"
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=21600
strict-transport-security: max-age=31536000
accept-ranges: bytes
vary: Accept-Encoding
content-length: 1001
x-xss-protection: 1; mode=block
expires: Wed, 17 Nov 2021 07:05:53 GMT

GET
H2 200 login_validation.js Show response
sa.www4.irs.gov/eauth/pub/common/scripts/ Frame 156D 2 KB
1 KB 1344ms
310ms Script
application/javascript 2600:141b:f000:9b1::1301
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://sa.www4.irs.gov/eauth/pub/common/scripts/login_validation.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:f000:9b1::1301 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

4bb869815ae1769db30845928b106809b8f2b3af05b862810adeafee9796a92c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://autodoc345kwru.gb.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 17 Nov 2021 01:05:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 12 Oct 2021 14:00:24 GMT
etag: "621-5ce2844552e00"
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=21600
strict-transport-security: max-age=31536000
accept-ranges: bytes
vary: Accept-Encoding
content-length: 706
x-xss-protection: 1; mode=block
expires: Wed, 17 Nov 2021 07:05:53 GMT

GET
H2 200 cookies.js Show response
sa.www4.irs.gov/eauth/pub/common/scripts/ Frame 156D 1 KB
949 B 1315ms
282ms Script
application/javascript 2600:141b:f000:9b1::1301
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://sa.www4.irs.gov/eauth/pub/common/scripts/cookies.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:f000:9b1::1301 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

fc469373428729fb31a143825bf37f5a27ac655aef497f58eb428de45e637789

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://autodoc345kwru.gb.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 17 Nov 2021 01:05:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 12 Oct 2021 14:00:22 GMT
etag: "45f-5ce284436a980"
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=21600
strict-transport-security: max-age=31536000
accept-ranges: bytes
vary: Accept-Encoding
content-length: 470
x-xss-protection: 1; mode=block
expires: Wed, 17 Nov 2021 07:05:53 GMT

GET
H2 200 jquery-2.1.4.js Show response
sa.www4.irs.gov/eauth/pub/common/scripts/ Frame 156D 242 KB
72 KB 1315ms
281ms Script
application/javascript 2600:141b:f000:9b1::1301
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://sa.www4.irs.gov/eauth/pub/common/scripts/jquery-2.1.4.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:f000:9b1::1301 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

b2215cce5830e2350b9d420271d9bd82340f664c3f60f0ea850f7e9c0392704e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://autodoc345kwru.gb.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 17 Nov 2021 01:05:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 12 Oct 2021 14:00:24 GMT
etag: "3c72d-5ce2844552e00"
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=21600
strict-transport-security: max-age=31536000
accept-ranges: bytes
vary: Accept-Encoding
content-length: 73508
x-xss-protection: 1; mode=block
expires: Wed, 17 Nov 2021 07:05:53 GMT

GET
H2 200 login_display.jsp Show response
sa.www4.irs.gov/eauth/pub/common/scripts/ Frame 156D 1 KB
2 KB 1338ms
304ms Script
text/javascript 2600:141b:f000:9b1::1301
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://sa.www4.irs.gov/eauth/pub/common/scripts/login_display.jsp

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:f000:9b1::1301 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

0d49993d4d4c3623f286386cdf05a0be961c085a964f8578795d314bfd661925

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://autodoc345kwru.gb.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
date: Wed, 17 Nov 2021 01:05:53 GMT
content-length: 1102
x-xss-protection: 1; mode=block
content-type: text/javascript;charset=UTF-8

GET
H2 200 session_expired_warning_js.jsp Show response
sa.www4.irs.gov/eauth/pub/common/scripts/ Frame 156D 3 KB
4 KB 1343ms
310ms Script
text/javascript 2600:141b:f000:9b1::1301
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://sa.www4.irs.gov/eauth/pub/common/scripts/session_expired_warning_js.jsp

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:f000:9b1::1301 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

323a0bec2e299d1f255f8e871f93f34fae119a1d16ced8444bda6df1e4045818

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://autodoc345kwru.gb.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
date: Wed, 17 Nov 2021 01:05:53 GMT
content-length: 2973
x-xss-protection: 1; mode=block
content-type: text/javascript;charset=ISO-8859-1

GET
H2 200 logo.png
sa.www4.irs.gov//eauth/pub/common/images/ Frame 156D 3 KB
3 KB 98ms
98ms Image
image/png 2600:141b:f000:9b1::1301
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sa.www4.irs.gov//eauth/pub/common/images/logo.png

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:f000:9b1::1301 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

b831fccf6dfafa26d4eb3d51369ed026b733dbfd7850217b15511e1266d96115

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://autodoc345kwru.gb.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 17 Nov 2021 01:05:54 GMT
x-content-type-options: nosniff
last-modified: Tue, 12 Oct 2021 14:00:18 GMT
etag: "a9c-5ce2843f9a080"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=21600
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 2716
x-xss-protection: 1; mode=block
expires: Wed, 17 Nov 2021 07:05:54 GMT

GET
H2 200 button_create_account.jpg
sa.www4.irs.gov//eauth/pub/common/images/ Frame 156D 6 KB
6 KB 112ms
112ms Image
image/jpeg 2600:141b:f000:9b1::1301
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sa.www4.irs.gov//eauth/pub/common/images/button_create_account.jpg

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:f000:9b1::1301 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

3a8059b83c8b9e467ac61b5956ff68d862839c8ef9bbf6b0969257ebb8085f4f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://autodoc345kwru.gb.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 17 Nov 2021 01:05:54 GMT
x-content-type-options: nosniff
last-modified: Tue, 12 Oct 2021 14:00:14 GMT
etag: "1635-5ce2843bc9780"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
cache-control: max-age=21600
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 5685
x-xss-protection: 1; mode=block
expires: Wed, 17 Nov 2021 07:05:54 GMT

GET
H2 200 button_login.jpg
sa.www4.irs.gov//eauth/pub/common/images/ Frame 156D 4 KB
4 KB 116ms
116ms Image
image/jpeg 2600:141b:f000:9b1::1301
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sa.www4.irs.gov//eauth/pub/common/images/button_login.jpg

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:f000:9b1::1301 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

9e491119135916d14c8f73c1106ce3b1fbb0cd671987e05af9f9bf270bae5b5b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://autodoc345kwru.gb.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 17 Nov 2021 01:05:54 GMT
x-content-type-options: nosniff
last-modified: Tue, 12 Oct 2021 14:00:14 GMT
etag: "eb3-5ce2843bc9780"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
cache-control: max-age=21600
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 3763
x-xss-protection: 1; mode=block
expires: Wed, 17 Nov 2021 07:05:54 GMT

GET
H/1.1 404
Not Found ONDQB
autodoc345kwru.gb.net/_O8RSOyVhKtcHpOih5iC/SE7X2ffNm5/fQUZPAE/VD4_U3c/ Frame 156D 0
0 142ms
142ms Script
text/html 103.153.183.32
SNTHOSTINGS-AS-AP...

General

Check archive.org

Show headers Download Go to

Full URL: https://autodoc345kwru.gb.net/_O8RSOyVhKtcHpOih5iC/SE7X2ffNm5/fQUZPAE/VD4_U3c/ONDQB
Requested by: Host: autodoc345kwru.gb.net
URL: https://autodoc345kwru.gb.net/yuiujytgrfeds/NE53xElZQblg39.32.60.2346ee39d5c3305019bb4e8b06f9a8e5b02ec4b592d15ef91d942c9d8d6d0e9c009PakistanAsiaPKAS17-11-202101-05-51am/?Key=NE53xElZQblg39.32.60.2346ee39d5c3305019bb4e8b06f9a8e5b02ec4b592d15ef91d942c9d8d6d0e9c009PakistanAsiaPKAS17-11-202101-05-51am&2021lnboxLightesapncrosoversuvsnowinallovertheworld_NE53xElZQblg39.32.60.2346ee39d5c3305019bb4e8b06f9a8e5b02ec4b592d15ef91d942c9d8d6d0e9c009PakistanAsiaPKAS17-11-202101-05-51am_TkU1M3hFbFpRYmxn-&6ee39d5c3305019bb4e8b06f9a8e5b02ec4b592d15ef91d942c9d8d6d0e9c009
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.153.183.32 Los Angeles, United States, ASN140947 (SNTHOSTINGS-AS-AP SnTHostings, IN),
Reverse DNS: 103.153.183.32.static.snthostings.com
Software: Apache /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://autodoc345kwru.gb.net/yuiujytgrfeds/NE53xElZQblg39.32.60.2346ee39d5c3305019bb4e8b06f9a8e5b02ec4b592d15ef91d942c9d8d6d0e9c009PakistanAsiaPKAS17-11-202101-05-51am/?Key=NE53xElZQblg39.32.60.2346ee39d5c3305019bb4e8b06f9a8e5b02ec4b592d15ef91d942c9d8d6d0e9c009PakistanAsiaPKAS17-11-202101-05-51am&2021lnboxLightesapncrosoversuvsnowinallovertheworld_NE53xElZQblg39.32.60.2346ee39d5c3305019bb4e8b06f9a8e5b02ec4b592d15ef91d942c9d8d6d0e9c009PakistanAsiaPKAS17-11-202101-05-51am_TkU1M3hFbFpRYmxn-&6ee39d5c3305019bb4e8b06f9a8e5b02ec4b592d15ef91d942c9d8d6d0e9c009
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Wed, 17 Nov 2021 01:05:54 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=97
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H2 200 65319_1825232221.js Show response
p11.techlab-cdn.com/e/ Frame 156D 56 KB
19 KB 52ms
15ms Fetch
application/javascript 2a02:26f0:6c00::210:ba81
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://p11.techlab-cdn.com/e/65319_1825232221.js
Requested by: Host: sa.www4.irs.gov
URL: https://sa.www4.irs.gov/public/32cdc9d4acaceaaa7f245fa2cebd5a11630011008c0e
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba81 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: e0916afbe5f8291168214915bcea9bc411678257222ea7c7ea0d075fc9eb8c4b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://autodoc345kwru.gb.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 17 Nov 2021 01:05:54 GMT
content-encoding: gzip
last-modified: Mon, 29 Mar 2021 14:50:47 GMT
content-md5: 8uL8P6st2u5Ul6/yMgHEBA==
etag: "0x8D8F2C209B74786"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, HEAD
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-lease-state,x-ms-blob-type,Accept-Ranges,Content-Length,Date,Transfer-Encoding
cache-control: max-age=600
accept-ranges: bytes
timing-allow-origin: *
content-length: 18645
expires: Wed, 17 Nov 2021 01:15:54 GMT

GET
H2 200 65257_1825232190.js Show response
p11.techlab-cdn.com/e/ Frame 156D 14 KB
6 KB 62ms
25ms Fetch
application/javascript 2a02:26f0:6c00::210:ba81
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://p11.techlab-cdn.com/e/65257_1825232190.js
Requested by: Host: sa.www4.irs.gov
URL: https://sa.www4.irs.gov/public/32cdc9d4acaceaaa7f245fa2cebd5a11630011008c0e
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba81 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 72667f8da6f63197e092832b2028a562ecfd78a599848ed873d3bd24dd3a7725

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://autodoc345kwru.gb.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 17 Nov 2021 01:05:54 GMT
content-encoding: gzip
last-modified: Wed, 31 Mar 2021 11:07:05 GMT
content-md5: Dz6kDlqcMQZmScOUVuRDHA==
etag: "0x8D8F4351E4CC3B3"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, HEAD
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-lease-state,x-ms-blob-type,Accept-Ranges,Content-Length,Date,Transfer-Encoding
cache-control: max-age=600
accept-ranges: bytes
timing-allow-origin: *
content-length: 5946
expires: Wed, 17 Nov 2021 01:15:54 GMT

GET
H2 200 64885_1825232283.js Show response
p11.techlab-cdn.com/e/ Frame 156D 4 KB
2 KB 77ms
40ms Fetch
application/javascript 2a02:26f0:6c00::210:ba81
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://p11.techlab-cdn.com/e/64885_1825232283.js
Requested by: Host: sa.www4.irs.gov
URL: https://sa.www4.irs.gov/public/32cdc9d4acaceaaa7f245fa2cebd5a11630011008c0e
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba81 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 2281bceeaf3c81dc26731248960c8d210a0d461a02759c39b7a7b6c5ee1e06a0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://autodoc345kwru.gb.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 17 Nov 2021 01:05:54 GMT
content-encoding: gzip
last-modified: Tue, 02 Feb 2021 20:14:20 GMT
content-md5: kYjINenfgD1AmqSEyGQZvA==
etag: "0x8D8C7B7200E6A28"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, HEAD
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-lease-state,x-ms-blob-type,Accept-Ranges,Content-Length,Date,Transfer-Encoding
cache-control: max-age=600
accept-ranges: bytes
timing-allow-origin: *
content-length: 1872
expires: Wed, 17 Nov 2021 01:15:54 GMT

GET
H2 200 65226_1825232252.js Show response
p11.techlab-cdn.com/e/ Frame 156D 69 KB
31 KB 84ms
48ms Fetch
application/javascript 2a02:26f0:6c00::210:ba81
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://p11.techlab-cdn.com/e/65226_1825232252.js
Requested by: Host: sa.www4.irs.gov
URL: https://sa.www4.irs.gov/public/32cdc9d4acaceaaa7f245fa2cebd5a11630011008c0e
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba81 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 7fe83b2a2a1ae9ad497d13e1ce081cda73dc1cedeef4aaeef70076aaa756941f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://autodoc345kwru.gb.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 17 Nov 2021 01:05:54 GMT
content-encoding: gzip
last-modified: Mon, 29 Mar 2021 13:29:26 GMT
content-md5: URLoK8cyoF5H4IQzc2wXGQ==
etag: "0x8D8F2B6ACC67D2E"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, HEAD
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-lease-state,x-ms-blob-type,Accept-Ranges,Content-Length,Date,Transfer-Encoding
cache-control: max-age=600
accept-ranges: bytes
timing-allow-origin: *
content-length: 31132
expires: Wed, 17 Nov 2021 01:15:54 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ Frame 156D 49 KB
20 KB 28ms
6ms Script
text/javascript 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: sa.www4.irs.gov
URL: https://sa.www4.irs.gov/public/32cdc9d4acaceaaa7f245fa2cebd5a11630011008c0e

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://autodoc345kwru.gb.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 3888
date: Wed, 17 Nov 2021 00:01:06 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Wed, 17 Nov 2021 02:01:06 GMT

GET
H2 200 offers.js Show response
connect.irs.gov/system/web/view/offers/ Frame 156D 7 KB
3 KB 191ms
191ms Script
application/javascript 2600:1f12:6fd:f500:b83e:bc16:40b7:efe9
AMAZON EXPANSION

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.irs.gov/system/web/view/offers/offers.js

Requested by

Host: sa.www4.irs.gov
URL: https://sa.www4.irs.gov/public/32cdc9d4acaceaaa7f245fa2cebd5a11630011008c0e

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2600:1f12:6fd:f500:b83e:bc16:40b7:efe9 Boardman, United States, ASN8987 (AMAZON EXPANSION, IE),

Reverse DNS

Software

Resource Hash

c90e6d0f2fc077e47949e56b0221636284c62697a133dd7fcf92ae0020e2c23b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://autodoc345kwru.gb.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: cache
date: Wed, 17 Nov 2021 01:05:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
accept-encoding: compress,gzip
last-modified: Sun, 04 Jul 2021 00:58:00 GMT
server
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
expires: Thu, 01 Jan 1970 00:00:00 GMT
cache-control: max-age=86400,private
strict-transport-security: max-age=31536000; includeSubDomains; preload
accept-ranges: bytes
content-length: 2680
x-ua-compatible: IE=EmulateIE9, IE=EmulateIE9

GET
H2 200 egain-chat.js Show response
connect.irs.gov/system/templates/chat/ Frame 156D 2 KB
2 KB 190ms
190ms Script
application/javascript 2600:1f12:6fd:f500:b83e:bc16:40b7:efe9
AMAZON EXPANSION

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.irs.gov/system/templates/chat/egain-chat.js

Requested by

Host: sa.www4.irs.gov
URL: https://sa.www4.irs.gov/public/32cdc9d4acaceaaa7f245fa2cebd5a11630011008c0e

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2600:1f12:6fd:f500:b83e:bc16:40b7:efe9 Boardman, United States, ASN8987 (AMAZON EXPANSION, IE),

Reverse DNS

Software

Resource Hash

0b612f32a5ea492a7975ed975b6470c279f280a04ac4de1d027afe1c1e5923bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://autodoc345kwru.gb.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 17 Nov 2021 01:05:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Sat, 07 Aug 2021 00:40:02 GMT
server
etag: "868f8ec2248bd71:0"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=7200,private
strict-transport-security: max-age=31536000; includeSubDomains; preload
accept-ranges: bytes
content-length: 1068

GET
H2 200 linkid.js Show response
www.google-analytics.com/plugins/ua/ Frame 156D 2 KB
1 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/linkid.js

Requested by

Host: sa.www4.irs.gov
URL: https://sa.www4.irs.gov/public/32cdc9d4acaceaaa7f245fa2cebd5a11630011008c0e

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://autodoc345kwru.gb.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 17 Nov 2021 00:20:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2707
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 859
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Wed, 17 Nov 2021 01:20:47 GMT

GET
H/1.1 404
Not Found message.json Show response
autodoc345kwru.gb.net/eauth/static/ Frame 156D 315 B
515 B 142ms
142ms XHR
text/html 103.153.183.32
SNTHOSTINGS-AS-AP...

General

Check archive.org

Show headers Download Go to

Full URL: https://autodoc345kwru.gb.net/eauth/static/message.json
Requested by: Host: sa.www4.irs.gov
URL: https://sa.www4.irs.gov/public/32cdc9d4acaceaaa7f245fa2cebd5a11630011008c0e
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.153.183.32 Los Angeles, United States, ASN140947 (SNTHOSTINGS-AS-AP SnTHostings, IN),
Reverse DNS: 103.153.183.32.static.snthostings.com
Software: Apache /
Resource Hash: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://autodoc345kwru.gb.net/yuiujytgrfeds/NE53xElZQblg39.32.60.2346ee39d5c3305019bb4e8b06f9a8e5b02ec4b592d15ef91d942c9d8d6d0e9c009PakistanAsiaPKAS17-11-202101-05-51am/?Key=NE53xElZQblg39.32.60.2346ee39d5c3305019bb4e8b06f9a8e5b02ec4b592d15ef91d942c9d8d6d0e9c009PakistanAsiaPKAS17-11-202101-05-51am&2021lnboxLightesapncrosoversuvsnowinallovertheworld_NE53xElZQblg39.32.60.2346ee39d5c3305019bb4e8b06f9a8e5b02ec4b592d15ef91d942c9d8d6d0e9c009PakistanAsiaPKAS17-11-202101-05-51am_TkU1M3hFbFpRYmxn-&6ee39d5c3305019bb4e8b06f9a8e5b02ec4b592d15ef91d942c9d8d6d0e9c009
X-Requested-With: XMLHttpRequest
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Wed, 17 Nov 2021 01:05:54 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=96
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H2 200 Offers.egain Show response
connect.irs.gov/system/ Frame 156D 957 B
1 KB 196ms
195ms Script
text/javascript 2600:1f12:6fd:f500:b83e:bc16:40b7:efe9
AMAZON EXPANSION

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.irs.gov/system/Offers.egain?command=GetRulesJS&egofferpageurl=https%3A%2F%2Fautodoc345kwru.gb.net%2Fyuiujytgrfeds%2FNE53xElZQblg39.32.60.2346ee39d5c3305019bb4e8b06f9a8e5b02ec4b592d15ef91d942c9d8d6d0e9c009PakistanAsiaPKAS17-11-202101-05-51am%2F%3FKey%3DNE53xElZQblg39.32.60.2346ee39d5c3305019bb4e8b06f9a8e5b02ec4b592d15ef91d942c9d8d6d0e9c009PakistanAsiaPKAS17-11-202101-05-51am%262021lnboxLightesapncrosoversuvsnowinallovertheworld_NE53xElZQblg39.32.60.2346ee39d5c3305019bb4e8b06f9a8e5b02ec4b592d15ef91d942c9d8d6d0e9c009PakistanAsiaPKAS17-11-202101-05-51am_TkU1M3hFbFpRYmxn-%266ee39d5c3305019bb4e8b06f9a8e5b02ec4b592d15ef91d942c9d8d6d0e9c009&egofferpagetitle=Log%20In&egofferpatternchecksum=

Requested by

Host: sa.www4.irs.gov
URL: https://sa.www4.irs.gov/public/32cdc9d4acaceaaa7f245fa2cebd5a11630011008c0e

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2600:1f12:6fd:f500:b83e:bc16:40b7:efe9 Boardman, United States, ASN8987 (AMAZON EXPANSION, IE),

Reverse DNS

Software

Resource Hash

eb2f73d74c12297bbef8a05f74ef6f8ca5c33631c35eaf7ce4429ea40b8eb196

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://autodoc345kwru.gb.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Nov 2021 01:05:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
server
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
expires: Thu, 01 Jan 1970 00:00:00 GMT
cache-control: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 446
x-ua-compatible: IE=EmulateIE9

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: IRS (Government)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.sa.www4.irs.gov/	1969-12-31 23:59:59	Name: akaalb_sa_alb Value: 1637112053~op=~rv=95~m=~os=~id=08c1b26a68fbaf567e19f92d1152d67c
.sa.www4.irs.gov/	1970-01-19 22:45:12	Name: akaalb_sa_eauth_alb Value: 1637112054~op=ALB_SA_EAUTH:SA_Origin_DCD\|~rv=26~m=SA_Origin_DCD:0\|~os=850f67b9c612bad1bf84b6b3a1b0f61e~id=d87ea79a81f55bc97907b1ec5f067c5c
connect.irs.gov/	1970-01-19 22:55:15	Name: AWSALBCORS Value: DraaBgBmpvE4twz6rlxsYSO/dN6fyBeWda3hUj0amBlLFcrnwwqskVOonb0jSqQRhO9OnVNRb/ov3iJ/hfPccSRPHjHUzWVPayVqj9osluP1a9jCh60ToNcbtIiw

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: https://autodoc345kwru.gb.net/yuiujytgrfeds/NE53xElZQblg39.32.60.2346ee39d5c3305019bb4e8b06f9a8e5b02ec4b592d15ef91d942c9d8d6d0e9c009PakistanAsiaPKAS17-11-202101-05-51am/?Key=NE53xElZQblg39.32.60.2346ee39d5c3305019bb4e8b06f9a8e5b02ec4b592d15ef91d942c9d8d6d0e9c009PakistanAsiaPKAS17-11-202101-05-51am&2021lnboxLightesapncrosoversuvsnowinallovertheworld_NE53xElZQblg39.32.60.2346ee39d5c3305019bb4e8b06f9a8e5b02ec4b592d15ef91d942c9d8d6d0e9c009PakistanAsiaPKAS17-11-202101-05-51am_TkU1M3hFbFpRYmxn-&6ee39d5c3305019bb4e8b06f9a8e5b02ec4b592d15ef91d942c9d8d6d0e9c009(Line 215) Message: Unsafe attempt to initiate navigation for frame with URL 'https://storage.googleapis.com/gr4ih4.appspot.com/ytujyhtgbvfdcsx.html' from frame with URL 'https://autodoc345kwru.gb.net/yuiujytgrfeds/NE53xElZQblg39.32.60.2346ee39d5c3305019bb4e8b06f9a8e5b02ec4b592d15ef91d942c9d8d6d0e9c009PakistanAsiaPKAS17-11-202101-05-51am/?Key=NE53xElZQblg39.32.60.2346ee39d5c3305019bb4e8b06f9a8e5b02ec4b592d15ef91d942c9d8d6d0e9c009PakistanAsiaPKAS17-11-202101-05-51am&2021lnboxLightesapncrosoversuvsnowinallovertheworld_NE53xElZQblg39.32.60.2346ee39d5c3305019bb4e8b06f9a8e5b02ec4b592d15ef91d942c9d8d6d0e9c009PakistanAsiaPKAS17-11-202101-05-51am_TkU1M3hFbFpRYmxn-&6ee39d5c3305019bb4e8b06f9a8e5b02ec4b592d15ef91d942c9d8d6d0e9c009'. The frame attempting navigation is targeting its top-level window, but is neither same-origin with its target nor has it received a user gesture. See https://www.chromestatus.com/features/5851021045661696.
network	error	URL: https://autodoc345kwru.gb.net/_O8RSOyVhKtcHpOih5iC/SE7X2ffNm5/fQUZPAE/VD4_U3c/ONDQB Message: Failed to load resource: the server responded with a status of 404 (Not Found)
deprecation	warning	URL: https://sa.www4.irs.gov/eauth/pub/common/scripts/cookies.js(Line 33) Message: Triggering window.alert from cross origin iframes has been deprecated and will be removed in the future.
network	error	URL: https://autodoc345kwru.gb.net/eauth/static/message.json Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
autodoc345kwru.gb.net
connect.irs.gov
p11.techlab-cdn.com
sa.www4.irs.gov
storage.googleapis.com
www.google-analytics.com
www.irs.gov
103.153.183.32
2600:141b:f000:981::f50
2600:141b:f000:9b1::1301
2600:1f12:6fd:f500:b83e:bc16:40b7:efe9
2a00:1450:4001:810::200a
2a00:1450:4001:828::2010
2a00:1450:4001:82a::200e
2a02:26f0:6c00::210:ba81
01fc73cda1cfec585350c5192d95a79c978f6489474ae13782696f164b578310
0b612f32a5ea492a7975ed975b6470c279f280a04ac4de1d027afe1c1e5923bb
0d49993d4d4c3623f286386cdf05a0be961c085a964f8578795d314bfd661925
140b35e1111d615e355652a2da6e1d62212c9ea6734d0e78e3fc9b0f3d2b92ea
2281bceeaf3c81dc26731248960c8d210a0d461a02759c39b7a7b6c5ee1e06a0
27ad5be4102ef88add12d3ed9fcd75d69102343ed22f9538ea6d7b19ad9f7f5d
2899294e858822fb49f31663d040b1e0eb1c000acec4408145467896b4679253
29837a520cb34c9eb9a4b198d68842f370995c4fa1b3415b625c3737bb8cbbc6
2be3b38d08ee42e465df6f396db597546f9ab8d8c334e326d8a6d66a18f5a046
30e2a68237bb95c4873a3edcc6c0ec402dd1e025e29755bd30629d88b06323ca
323a0bec2e299d1f255f8e871f93f34fae119a1d16ced8444bda6df1e4045818
33c4219e0ab5afd5aecfa72b902a2a722857f752ee965a1f386cca19b313b760
3a8059b83c8b9e467ac61b5956ff68d862839c8ef9bbf6b0969257ebb8085f4f
4bb869815ae1769db30845928b106809b8f2b3af05b862810adeafee9796a92c
4cd6979b455fcbd956fda9de08eca1d4e1f67d11e19678af20c27e69c9a0866f
72667f8da6f63197e092832b2028a562ecfd78a599848ed873d3bd24dd3a7725
74c161b1713fc0fec6f54f1d5d6d7ffc73b8b22dba20eed4d05329985f44fb11
7fbe8e0b4701e7f4aaa9c47499a17862dcec2d93c55b1231f6646c667ed194aa
7fe83b2a2a1ae9ad497d13e1ce081cda73dc1cedeef4aaeef70076aaa756941f
82c54fc0f123e80a4791ea2a8348812e073cbda81f8f45ea4ebcd4c381fe2827
89a15e9c40bc6b14809f236ee8cd3ed1ea42393c1f6ca55c7855cd779b3f922e
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
9e491119135916d14c8f73c1106ce3b1fbb0cd671987e05af9f9bf270bae5b5b
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
b2215cce5830e2350b9d420271d9bd82340f664c3f60f0ea850f7e9c0392704e
b831fccf6dfafa26d4eb3d51369ed026b733dbfd7850217b15511e1266d96115
c90e6d0f2fc077e47949e56b0221636284c62697a133dd7fcf92ae0020e2c23b
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
e0916afbe5f8291168214915bcea9bc411678257222ea7c7ea0d075fc9eb8c4b
eb2f73d74c12297bbef8a05f74ef6f8ca5c33631c35eaf7ce4429ea40b8eb196
efc55bd0bb97494120782b071ef45c5157faf810606bc12a46a4aa984586acc8
fc469373428729fb31a143825bf37f5a27ac655aef497f58eb428de45e637789

storage.googleapis.com Open in urlscan Pro 2a00:1450:4001:828::2010 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Statistics

33 Requests

97 %HTTPS

88 %IPv6

5 Domains

8 Subdomains

7 IPs

2 Countries

351 kBTransfer

905 kBSize

3 Cookies

0 Outgoing links

Redirected requests

33 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

storage.googleapis.com Open in urlscan Pro
2a00:1450:4001:828::2010 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

33
Requests

97 %
HTTPS

88 %
IPv6

5
Domains

8
Subdomains

7
IPs

2
Countries

351 kB
Transfer

905 kB
Size

3
Cookies

33 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!