www.perimeterx.com Open in urlscan Pro
2a03:b0c0:3:d0::d23:e001 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://t.co/Ov5x7kp10L
Effective URL:
https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=tw...
Submission: On June 28 via api (June 28th 2021, 5:58:58 pm UTC) from US

Summary HTTP 135 Redirects Links 13 Behaviour Indicators

Summary

This website contacted 35 IPs in 4 countries across 31 domains to perform 135 HTTP transactions. The main IP is 2a03:b0c0:3:d0::d23:e001, located in Frankfurt am Main, Germany and belongs to DIGITALOCEAN-ASN, US. The main domain is www.perimeterx.com.
TLS certificate: Issued by R3 on May 23rd 2021. Valid for: 3 months.

This is the only time www.perimeterx.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	104.244.42.197 104.244.42.197	13414 (TWITTER) (TWITTER)
1 1	67.199.248.11 67.199.248.11	396982 (GOOGLE-PR...) (GOOGLE-PRIVATE-CLOUD)
56	2a03:b0c0:3:d... 2a03:b0c0:3:d0::d23:e001	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
6	104.16.94.80 104.16.94.80	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	13.224.193.59 13.224.193.59	16509 (AMAZON-02) (AMAZON-02)
4	68.232.35.12 68.232.35.12	15133 (EDGECAST) (EDGECAST)
2	2a00:1450:400... 2a00:1450:4001:828::200a	15169 (GOOGLE) (GOOGLE)
9 9	75.2.60.5 75.2.60.5	16509 (AMAZON-02) (AMAZON-02)
3	65.9.84.15 65.9.84.15	16509 (AMAZON-02) (AMAZON-02)
1	35.198.187.166 35.198.187.166	15169 (GOOGLE) (GOOGLE)
1	151.101.193.40 151.101.193.40	54113 (FASTLY) (FASTLY)
1	2a00:1450:400... 2a00:1450:4001:812::2008	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:829::2003	15169 (GOOGLE) (GOOGLE)
5	35.186.220.184 35.186.220.184	15169 (GOOGLE) (GOOGLE)
1	2a02:26f0:6c0... 2a02:26f0:6c00:296::25ea	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	104.111.234.67 104.111.234.67	16625 (AKAMAI-AS) (AKAMAI-AS)
10	2606:4700::68... 2606:4700::6810:9440	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:810::200e	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6812:1bbe	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 2	2620:119:50e1... 2620:119:50e1:101::6cae:b25	14413 (LINKEDIN) (LINKEDIN)
1 1	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	108.174.10.14 108.174.10.14	14413 (LINKEDIN) (LINKEDIN)
1	2a00:1450:400... 2a00:1450:4001:801::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82f::2008	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:811::200e	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6810:a852	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	18.169.30.171 18.169.30.171	16509 (AMAZON-02) (AMAZON-02)
3	2a00:1450:400... 2a00:1450:4001:830::200e	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	65.9.84.20 65.9.84.20	16509 (AMAZON-02) (AMAZON-02)
1	13.224.193.6 13.224.193.6	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:400c:c0c::9d	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:808::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82a::2003	15169 (GOOGLE) (GOOGLE)
12	35.170.150.33 35.170.150.33	14618 (AMAZON-AES) (AMAZON-AES)
1	2606:4700::68... 2606:4700::6812:bcf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	2600:9000:214... 2600:9000:214f:fc00:f:7ae2:7780:93a1	16509 (AMAZON-02) (AMAZON-02)
135	35

1 104.244.42.197 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 67.199.248.11 (United States) 1 redirects

ASN396982 (GOOGLE-PRIVATE-CLOUD, US)
PTR: bit.ly

bit.ly	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

56 2a03:b0c0:3:d0::d23:e001 (Frankfurt am Main, Germany)

ASN14061 (DIGITALOCEAN-ASN, US)

www.perimeterx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.16.94.80 (United States)

ASN13335 (CLOUDFLARENET, US)

app-sj13.marketo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.224.193.59 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-193-59.fra2.r.cloudfront.net

app.cdn.lookbookhq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 68.232.35.12 (United States)

ASN15133 (EDGECAST, US)

cdn.bizible.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.bizibly.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:828::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 75.2.60.5 (United States) 9 redirects

ASN16509 (AMAZON-02, US)

perimeterx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 65.9.84.15 (United States)

ASN16509 (AMAZON-02, US)

d33wubrfki0l68.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.198.187.166 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

widget.stackbit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.193.40 (United States)

ASN54113 (FASTLY, US)

client.botchk.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 35.186.220.184 (Kansas City, United States)

ASN15169 (GOOGLE, US)

sapi2003.botchk.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00:296::25ea (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.111.234.67 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-234-67.deploy.static.akamaitechnologies.com

munchkin.marketo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2606:4700::6810:9440 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:810::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:1bbe (United States)

ASN13335 (CLOUDFLARENET, US)

tracking.g2crowd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:119:50e1:101::6cae:b25 (San Jose, United States) 2 redirects

ASN14413 (LINKEDIN, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:21::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.174.10.14 (United States)

ASN14413 (LINKEDIN, US)
PTR: 108-174-10-14.fwd.linkedin.com

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:801::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:a852 (United States)

ASN13335 (CLOUDFLARENET, US)

ws.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.169.30.171 (London, United Kingdom)

ASN16509 (AMAZON-02, US)

marketo.clearbit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:830::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:8012:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.84.20 (United States)

ASN16509 (AMAZON-02, US)

d10lpsik1i8c69.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.193.6 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-193-6.fra2.r.cloudfront.net

lftracker.leadfeeder.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0c::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 35.170.150.33 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

jukebox.pathfactory.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:bcf (United States)

ASN13335 (CLOUDFLARENET, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f11c:8183:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:214f:fc00:f:7ae2:7780:93a1 (United States)

ASN16509 (AMAZON-02, US)

perimeterx.widget.insent.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
65	perimeterx.com 9 redirects www.perimeterx.com perimeterx.com	648 KB
12	pathfactory.com jukebox.pathfactory.com	7 KB
10	cookielaw.org cdn.cookielaw.org	143 KB
6	botchk.net client.botchk.net sapi2003.botchk.net	86 KB
6	marketo.com app-sj13.marketo.com	142 KB
5	gstatic.com fonts.gstatic.com	90 KB
4	google-analytics.com www.google-analytics.com	57 KB
4	linkedin.com 3 redirects px.ads.linkedin.com www.linkedin.com px4.ads.linkedin.com	3 KB
4	cloudfront.net d33wubrfki0l68.cloudfront.net d10lpsik1i8c69.cloudfront.net	296 KB
3	bizible.com cdn.bizible.com	32 KB
3	lookbookhq.com app.cdn.lookbookhq.com	214 KB
2	facebook.com www.facebook.com	229 B
2	facebook.net connect.facebook.net	98 KB
2	youtube.com www.youtube.com	42 KB
2	marketo.net munchkin.marketo.net	6 KB
2	googletagmanager.com www.googletagmanager.com	118 KB
2	googleapis.com fonts.googleapis.com	2 KB
1	insent.ai perimeterx.widget.insent.ai	19 KB
1	bootstrapcdn.com maxcdn.bootstrapcdn.com	6 KB
1	google.de www.google.de	107 B
1	google.com www.google.com	119 B
1	doubleclick.net stats.g.doubleclick.net	90 B
1	leadfeeder.com lftracker.leadfeeder.com	8 KB
1	clearbit.com marketo.clearbit.com	28 KB
1	zoominfo.com ws.zoominfo.com	527 B
1	g2crowd.com tracking.g2crowd.com	1 KB
1	licdn.com snap.licdn.com	2 KB
1	bizibly.com cdn.bizibly.com	204 B
1	stackbit.com widget.stackbit.com	1 KB
1	bit.ly 1 redirects bit.ly	341 B
1	t.co t.co	493 B
135	31

	Domain	Requested by
56	www.perimeterx.com	t.co www.perimeterx.com d33wubrfki0l68.cloudfront.net cdn.bizible.com
12	jukebox.pathfactory.com	cdn.bizible.com
10	cdn.cookielaw.org	www.googletagmanager.com cdn.bizible.com cdn.cookielaw.org
9	perimeterx.com	9 redirects
6	app-sj13.marketo.com	www.perimeterx.com app-sj13.marketo.com
5	sapi2003.botchk.net	cdn.bizible.com
5	fonts.gstatic.com	fonts.googleapis.com
4	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com cdn.bizible.com
3	d33wubrfki0l68.cloudfront.net	www.perimeterx.com
3	cdn.bizible.com	www.perimeterx.com cdn.bizible.com
3	app.cdn.lookbookhq.com	www.perimeterx.com t.co
2	www.facebook.com	www.perimeterx.com connect.facebook.net
2	connect.facebook.net	t.co connect.facebook.net
2	px.ads.linkedin.com	2 redirects
2	www.youtube.com	t.co www.youtube.com
2	munchkin.marketo.net	t.co munchkin.marketo.net
2	www.googletagmanager.com	www.perimeterx.com www.googletagmanager.com
2	fonts.googleapis.com	www.perimeterx.com app.cdn.lookbookhq.com
1	perimeterx.widget.insent.ai	client.botchk.net
1	maxcdn.bootstrapcdn.com	app.cdn.lookbookhq.com
1	www.google.de	www.perimeterx.com
1	www.google.com	www.perimeterx.com
1	stats.g.doubleclick.net	cdn.bizible.com
1	lftracker.leadfeeder.com	t.co
1	d10lpsik1i8c69.cloudfront.net	t.co
1	marketo.clearbit.com	t.co
1	ws.zoominfo.com	t.co
1	px4.ads.linkedin.com	www.perimeterx.com
1	www.linkedin.com	1 redirects
1	tracking.g2crowd.com	t.co
1	snap.licdn.com	www.googletagmanager.com
1	cdn.bizibly.com	www.perimeterx.com
1	client.botchk.net	www.perimeterx.com
1	widget.stackbit.com	www.perimeterx.com
1	bit.ly	1 redirects
1	t.co
135	36

This site contains links to these domains. Also see Links.

Domain
console.perimeterx.com
twitter.com
www.linkedin.com
www.facebook.com
resources.perimeterx.com
onetrust.com

Subject Issuer	Validity	Valid
t.co DigiCert TLS RSA SHA256 2020 CA1	`2021-02-05` - `2022-02-04`	a year	crt.sh
beat.bot R3	`2021-05-23` - `2021-08-21`	3 months	crt.sh
app-sj13.marketo.com Cloudflare Inc ECC CA-3	`2021-05-30` - `2022-05-29`	a year	crt.sh
cdn.lookbookhq.com Amazon	`2020-11-08` - `2021-12-07`	a year	crt.sh
io.bizible.com DigiCert SHA2 Secure Server CA	`2020-12-14` - `2021-11-15`	a year	crt.sh
upload.video.google.com GTS CA 1O1	`2021-05-31` - `2021-08-23`	3 months	crt.sh
*.cloudfront.net Amazon	`2021-03-19` - `2022-03-17`	a year	crt.sh
*.stackbit.com R3	`2021-05-11` - `2021-08-09`	3 months	crt.sh
*.perimeterx.net GlobalSign Atlas R3 DV TLS CA 2020	`2021-05-16` - `2022-06-17`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-05-31` - `2021-08-23`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-05-31` - `2021-08-23`	3 months	crt.sh
*.px-cloud.net Sectigo RSA Domain Validation Secure Server CA	`2020-09-24` - `2021-09-21`	a year	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2021-04-30` - `2022-05-11`	a year	crt.sh
*.marketo.net DigiCert SHA2 Secure Server CA	`2021-03-29` - `2022-04-06`	a year	crt.sh
cookielaw.org Cloudflare Inc ECC CA-3	`2021-06-01` - `2022-05-31`	a year	crt.sh
*.google.com GTS CA 1C3	`2021-05-31` - `2021-08-23`	3 months	crt.sh
*.g2crowd.com Sectigo ECC Domain Validation Secure Server CA	`2020-08-30` - `2021-09-28`	a year	crt.sh
px.ads.linkedin.com DigiCert SHA2 Secure Server CA	`2021-04-15` - `2021-10-15`	6 months	crt.sh
zoominfo.com Cloudflare Inc ECC CA-3	`2021-06-04` - `2022-06-03`	a year	crt.sh
clearbit.com Amazon	`2020-09-25` - `2021-10-25`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-05-26` - `2021-08-24`	3 months	crt.sh
*.leadfeeder.com Amazon	`2021-02-13` - `2022-03-14`	a year	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2021-05-31` - `2021-08-23`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-05-31` - `2021-08-23`	3 months	crt.sh
www.google.de GTS CA 1C3	`2021-05-31` - `2021-08-23`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-03-01` - `2022-02-28`	a year	crt.sh
*.pathfactory.com Amazon	`2021-03-22` - `2022-04-20`	a year	crt.sh
*.widget.insent.ai Amazon	`2021-04-30` - `2022-05-29`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
Frame ID: D245E94A926F19511074A6F0E0E4B5C2
Requests: 128 HTTP requests in this frame

Frame: https://app-sj13.marketo.com/index.php/form/XDFrame
Frame ID: 96CA94DA809604140780CDA7654457D1
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://t.co/Ov5x7kp10L Page URL
https://bit.ly/3zDF7AW HTTP 301
https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-... Page URL

Detected technologies

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Page Statistics

135
Requests

100 %
HTTPS

58 %
IPv6

31
Domains

36
Subdomains

35
IPs

4
Countries

2048 kB
Transfer

5873 kB
Size

27
Cookies

13 Outgoing links

These are links going to different origins than the main page.

URL: https://console.perimeterx.com/
Title: Login

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?url=https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/&text=Another%20serious%20account%20takeover%20attack%20has%20hit%20Intuit,%20one%20of%20the%20world%E2%80%99s%20largest%20online%20finance%20and%20accounting%20software%20companies,%20via%20their%20TurboTax%20service.

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/shareArticle?url=https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/&title=TurboTax%20ATO%20Attack%20Foretells%20Serious%20Wave%20of%20Financial%20Fraud

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/&quote=Another%20serious%20account%20takeover%20attack%20has%20hit%20Intuit,%20one%20of%20the%20world%E2%80%99s%20largest%20online%20finance%20and%20accounting%20software%20companies,%20via%20their%20TurboTax%20service.

Search URL Search Domain Scan URL

URL: https://twitter.com/kim_DeCarlis

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/in/kim-decarlis

Search URL Search Domain Scan URL

URL: https://resources.perimeterx.com/c/perimeter-x-e-book-b?x=1gHWs2&utm_source=twitter&utm_medium=organic-social&lb_referrer=https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
Title: Beat Bad Bots E-book

Search URL Search Domain Scan URL

URL: https://resources.perimeterx.com/c/wp-wild-world-of-sne?x=1gHWs2&utm_source=twitter&utm_medium=organic-social&lb_referrer=https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
Title: Inside the Wild World of Sneaker Bots

Search URL Search Domain Scan URL

URL: https://resources.perimeterx.com/c/perimeter-x-case-stu-6?x=1gHWs2&utm_source=twitter&utm_medium=organic-social&lb_referrer=https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
Title: Sally Beauty Protects E-Commerce Against Bot and Magecart Attacks

Search URL Search Domain Scan URL

URL: https://www.linkedin.com//company/perimeterx/

Search URL Search Domain Scan URL

URL: https://twitter.com//perimeterx

Search URL Search Domain Scan URL

URL: https://www.facebook.com//PerimeterX

Search URL Search Domain Scan URL

URL: https://onetrust.com/poweredbyonetrust

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://t.co/Ov5x7kp10L Page URL
https://bit.ly/3zDF7AW HTTP 301
https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 33

https://perimeterx.com/assets-redirect/image/upload/dpr_auto,f_auto,w_820//v1623886219/blog/2021/turbotax-ato-attack/turbotax-ato_rmlhvv.jpg HTTP 301
https://www.perimeterx.com/assets-redirect/image/upload/dpr_auto,f_auto,w_820//v1623886219/blog/2021/turbotax-ato-attack/turbotax-ato_rmlhvv.jpg

Request Chain 34

https://perimeterx.com/assets-redirect/image/upload/dpr_auto,f_auto,w_90,r_max//v1579641687/author-portraits/kim_qorlh3.jpg HTTP 301
https://www.perimeterx.com/assets-redirect/image/upload/dpr_auto,f_auto,w_90,r_max//v1579641687/author-portraits/kim_qorlh3.jpg

Request Chain 35

https://perimeterx.com/assets-redirect/image/upload/dpr_auto,f_auto/v1580340770/general-promos/TN-forresterwave-commercial_jq6u3r.jpg HTTP 301
https://www.perimeterx.com/assets-redirect/image/upload/dpr_auto,f_auto/v1580340770/general-promos/TN-forresterwave-commercial_jq6u3r.jpg

Request Chain 41

https://perimeterx.com/assets-redirect/image/upload/v1583454619/general-promos/email-signup-bg_t7f3kn.png HTTP 301
https://www.perimeterx.com/assets-redirect/image/upload/v1583454619/general-promos/email-signup-bg_t7f3kn.png

Request Chain 43

https://perimeterx.com/assets-redirect/image/upload/dpr_auto,f_auto,w_auto:100:400//v1623340666/amazonprime-day_fhrvwb.jpg HTTP 301
https://www.perimeterx.com/assets-redirect/image/upload/dpr_auto,f_auto,w_auto:100:400//v1623340666/amazonprime-day_fhrvwb.jpg

Request Chain 44

https://perimeterx.com/assets-redirect/image/upload/dpr_auto,f_auto,w_auto:100:400//v1619429887/blog/2021/blog-retailers-navigate-unpredictability-risks/blog-retailers-navigate-unpredictability-risks_mx9psd.jpg HTTP 301
https://www.perimeterx.com/assets-redirect/image/upload/dpr_auto,f_auto,w_auto:100:400//v1619429887/blog/2021/blog-retailers-navigate-unpredictability-risks/blog-retailers-navigate-unpredictability-risks_mx9psd.jpg

Request Chain 45

https://perimeterx.com/assets-redirect/image/upload/dpr_auto,f_auto,w_auto:100:400//v1621854293/blog/2021/what-banks-need-to-know/RC_Decarlis_credential_stuffing_TILE_uqtaoz.jpg HTTP 301
https://www.perimeterx.com/assets-redirect/image/upload/dpr_auto,f_auto,w_auto:100:400//v1621854293/blog/2021/what-banks-need-to-know/RC_Decarlis_credential_stuffing_TILE_uqtaoz.jpg

Request Chain 59

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=48062&time=1624903118136&url=https%3A%2F%2Fwww.perimeterx.com%2Fresources%2Fblog%2F2021%2Fturbotax-ato-attack-foretells-serious-wave-of-financial-fraud%2F%3Futm_source%3Dtwitter%26utm_medium%3Dorganic-social HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D48062%26time%3D1624903118136%26url%3Dhttps%253A%252F%252Fwww.perimeterx.com%252Fresources%252Fblog%252F2021%252Fturbotax-ato-attack-foretells-serious-wave-of-financial-fraud%252F%253Futm_source%253Dtwitter%2526utm_medium%253Dorganic-social%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=48062&time=1624903118136&url=https%3A%2F%2Fwww.perimeterx.com%2Fresources%2Fblog%2F2021%2Fturbotax-ato-attack-foretells-serious-wave-of-financial-fraud%2F%3Futm_source%3Dtwitter%26utm_medium%3Dorganic-social&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=48062&time=1624903118136&url=https%3A%2F%2Fwww.perimeterx.com%2Fresources%2Fblog%2F2021%2Fturbotax-ato-attack-foretells-serious-wave-of-financial-fraud%2F%3Futm_source%3Dtwitter%26utm_medium%3Dorganic-social&liSync=true&e_ipv6=AQLmB9Sh6qj7LgAAAXpTxe9RHscVAXHqwMINQjHsE09xx0DSWxymh9uTID5RXSWMPNBRnnq5

Request Chain 63

https://perimeterx.com/assets-redirect/image/upload/fl_strip_profile,q_auto,w_180,f_auto//v1623887303/blog/2021/turbotax-ato-attack/how-to-balance-digital-innovation-and-automated-fraud-risk_vmorrc.png HTTP 301
https://www.perimeterx.com/assets-redirect/image/upload/fl_strip_profile,q_auto,w_180,f_auto//v1623887303/blog/2021/turbotax-ato-attack/how-to-balance-digital-innovation-and-automated-fraud-risk_vmorrc.png

Request Chain 107

https://perimeterx.com/assets-redirect/image/upload/fl_strip_profile,q_auto,f_auto,c_scale/main-menu-promos/nav-promo_j8j9rp HTTP 301
https://www.perimeterx.com/assets-redirect/image/upload/fl_strip_profile,q_auto,f_auto,c_scale/main-menu-promos/nav-promo_j8j9rp

135 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Ov5x7kp10L Show response
t.co/ 221 B
493 B 201ms
141ms Document
text/html 104.244.42.197
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://t.co/Ov5x7kp10L

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.197 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

075a50cd5e6970430df3d82a77814c2af2a35da429ac042e0ffd7b647848dbe2

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Xss-Protection	0

Request headers

:method: GET
:authority: t.co
:scheme: https
:path: /Ov5x7kp10L
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 28 Jun 2021 17:58:37 GMT
vary: Origin
server: tsa_o
expires: Mon, 28 Jun 2021 18:03:37 GMT
set-cookie: muc=70668923-cf31-45bd-9dcd-67505ec59531; Max-Age=63072000; Expires=Wed, 28 Jun 2023 17:58:37 GMT; Domain=t.co; Secure; SameSite=None
content-type: text/html; charset=utf-8
cache-control: private,max-age=300
content-length: 176
content-encoding: gzip
x-xss-protection: 0
strict-transport-security: max-age=0
x-connection-hash: 763dd96cf19059d92b3ecb27de7578c064d910d80e8e5a33f3ed0d87aa307383

GET
H2

200

Primary Request / Show response
www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/
Redirect Chain

https://bit.ly/3zDF7AW
https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social

106 KB
26 KB

77ms
7ms

Document
text/html

2a03:b0c0:3:d0::d23:e001
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social

Requested by

Host: t.co
URL: https://t.co/Ov5x7kp10L

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:d0::d23:e001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Netlify /

Resource Hash

306645d30c4467b91a311348faf66ce110eb6e2a689ac7c4836f15da83159330

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' *.perimeterx.com
Strict-Transport-Security	max-age=31536000
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.perimeterx.com
:scheme: https
:path: /resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://t.co/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://t.co/Ov5x7kp10L

Response headers

cache-control: public, max-age=0, must-revalidate
content-security-policy: frame-ancestors 'self' *.perimeterx.com
content-type: text/html; charset=UTF-8
date: Mon, 28 Jun 2021 17:39:50 GMT
etag: "ae6ade87e0ea7f7130c78fc454f73780-ssl-df"
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block
server: Netlify
age: 1128
content-encoding: br
vary: Accept-Encoding
x-frame-options: DENY
x-nf-request-id: 01F99WBTXP9D5WCRBGVJJEMCT8
content-length: 26511

Redirect headers

server: nginx
date: Mon, 28 Jun 2021 17:58:37 GMT
content-type: text/html; charset=utf-8
content-length: 245
cache-control: private, max-age=90
content-security-policy: referrer always;
location: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
referrer-policy: unsafe-url
set-cookie: _bit=l5shWB-2aec65aff519d6e4a8-00U; Domain=bit.ly; Expires=Sat, 25 Dec 2021 17:58:37 GMT
via: 1.1 google
alt-svc: clear

GET
H2 200 forms2.min.js Show response
app-sj13.marketo.com/js/forms2/js/ 204 KB
68 KB 114ms
44ms Script
application/x-javascript 104.16.94.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app-sj13.marketo.com/js/forms2/js/forms2.min.js

Requested by

Host: www.perimeterx.com
URL: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.94.80 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

014de295141a456ceda8e3c4762085e53dca50f91ddf65906d227f70cf0b1a55

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.perimeterx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 28 Jun 2021 17:58:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1311
strict-transport-security: max-age=63113904
cf-request-id: 0af55f0413000068c453194000000001
last-modified: Fri, 18 Jun 2021 20:07:07 GMT
server: cloudflare
etag: "2080b79-33187-5c50fde38d0c0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=14400
cf-ray: 6668cde68fe568c4-CDG
expires: Mon, 28 Jun 2021 21:58:37 GMT

GET
H2 200 overlay.css
app.cdn.lookbookhq.com/libraries/overlay/ 632 B
965 B 96ms
27ms Stylesheet
text/css 13.224.193.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://app.cdn.lookbookhq.com/libraries/overlay/overlay.css
Requested by: Host: www.perimeterx.com
URL: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.193.59 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-193-59.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 19a299c21eda40ac6ccd1d311b72bd8b781c69457badcfbb8d046ce9b856fa91

Request headers

Referer: https://www.perimeterx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 e86025dac63232624d2273c5fd256ce4.cloudfront.net (CloudFront)
last-modified: Fri, 07 Aug 2020 13:53:51 GMT
server: AmazonS3
age: 87654
etag: "6f1a49aa92489534fe143cc98cf2d3f0"
x-cache: Hit from cloudfront
content-type: text/css
date: Mon, 28 Jun 2021 01:53:01 GMT
x-amz-cf-pop: FRA2-C1
accept-ranges: bytes
content-length: 632
x-amz-cf-id: oo7ME0XSC1SEXLIZq03HkHzmNaZMOONqj6cSBdbik7kliUIKwIObFQ==

GET
H2 200 overlay.js Show response
app.cdn.lookbookhq.com/libraries/overlay/ 4 KB
2 KB 96ms
27ms Script
application/javascript 13.224.193.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://app.cdn.lookbookhq.com/libraries/overlay/overlay.js
Requested by: Host: www.perimeterx.com
URL: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.193.59 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-193-59.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b3f187f345fd1fcb61a6e62e813655dad81a4d1f0a093ac53e6bc7b2c5ad70c5

Request headers

Referer: https://www.perimeterx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: null
content-encoding: gzip
last-modified: Fri, 07 Aug 2020 13:53:50 GMT
server: AmazonS3
age: 64075
etag: W/"a31bfe025c4d20585edfb2d6b5670638"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 e86025dac63232624d2273c5fd256ce4.cloudfront.net (CloudFront)
date: Mon, 28 Jun 2021 00:14:05 GMT
x-amz-cf-pop: FRA2-C1
x-amz-cf-id: P59wJYf53BsRrO4EGNTG_PDTj7PAGBMXCSnrTnpE0yJgW7hh9kVjhQ==

GET
H2 200 bizible.js Show response
cdn.bizible.com/scripts/ 83 KB
32 KB 108ms
22ms Script
application/x-javascript 68.232.35.12
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.bizible.com/scripts/bizible.js
Requested by: Host: www.perimeterx.com
URL: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 68.232.35.12 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (lcy/1D3F) /
Resource Hash: cbd211affe55e09db45f35c705167002bf33043aa4ac51241291d688cd2a1666

Request headers

Referer: https://www.perimeterx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 28 Jun 2021 17:58:37 GMT
content-encoding: gzip
last-modified: Fri, 25 Jun 2021 18:36:08 GMT
server: ECS (lcy/1D3F)
age: 55980
etag: "d2e5c8f6f069d71:0"
vary: Accept-Encoding
x-cache: HIT
content-type: application/x-javascript
cache-control: max-age=86400
accept-ranges: bytes
content-length: 32234

GET
H2 200 css
fonts.googleapis.com/ 10 KB
969 B 21ms
14ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Barlow:400,500,700|Barlow+Condensed:300,600|Open+Sans:400,500,700&display=swap

Requested by

Host: www.perimeterx.com
URL: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

b64ca77cdc0e0bf8fc903165020ac7f17f05bcc4c1d45a51dfc8e3f8bf4b116f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.perimeterx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 28 Jun 2021 17:58:37 GMT
server: ESF
date: Mon, 28 Jun 2021 17:58:37 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 28 Jun 2021 17:58:37 GMT

GET
H2 200 webpack-runtime-6204b51702ecc7f8edb3.js Show response
www.perimeterx.com/ 13 KB
4 KB 12ms
5ms Script
application/javascript 2a03:b0c0:3:d0::d23:e001
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://www.perimeterx.com/webpack-runtime-6204b51702ecc7f8edb3.js

Requested by

Host: www.perimeterx.com
URL: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:d0::d23:e001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Netlify /

Resource Hash

0ed21dc875fae1fa3ce2f086df55663af0ad6c87469d895bc06d5482fd7c2452

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' *.perimeterx.com
Strict-Transport-Security	max-age=31536000
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: no-cors
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: script
dpr: 1
:path: /webpack-runtime-6204b51702ecc7f8edb3.js
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
viewport-width: 1600
accept: */*
cache-control: no-cache
:authority: www.perimeterx.com
referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
DPR: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Viewport-Width: 1600

Response headers

x-nf-request-id: 01F99WBTYBMK591E1HGXGN9SY6
content-security-policy: frame-ancestors 'self' *.perimeterx.com
content-encoding: br
server: Netlify
age: 4644
x-frame-options: DENY
etag: "1392d5c0ea67c21f3c5f36ebb4a75e5b-ssl"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=0, must-revalidate
date: Mon, 28 Jun 2021 16:41:13 GMT
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 3438
x-xss-protection: 1; mode=block

GET
H2 200 framework-159c9cb7d033700d5935.js Show response
www.perimeterx.com/ 131 KB
41 KB 32ms
25ms Script
application/javascript 2a03:b0c0:3:d0::d23:e001
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://www.perimeterx.com/framework-159c9cb7d033700d5935.js

Requested by

Host: www.perimeterx.com
URL: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:d0::d23:e001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Netlify /

Resource Hash

bb4e4361bb9aedeac2b5e9c83880299d3ec7f8379eff421f556ec083cd7f4fbc

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' *.perimeterx.com
Strict-Transport-Security	max-age=31536000
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: no-cors
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: script
dpr: 1
:path: /framework-159c9cb7d033700d5935.js
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
viewport-width: 1600
accept: */*
cache-control: no-cache
:authority: www.perimeterx.com
referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
DPR: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Viewport-Width: 1600

Response headers

x-nf-request-id: 01F99WBTYC72NQ8B7BVH17D1N7
content-security-policy: frame-ancestors 'self' *.perimeterx.com
content-encoding: gzip
server: Netlify
age: 9483
x-frame-options: DENY
etag: "16e2915dfd9a9073a92b3af33e215def-ssl"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=0, must-revalidate
date: Mon, 28 Jun 2021 15:20:35 GMT
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 41788
x-xss-protection: 1; mode=block

GET
H2 200 styles-84a9bc99193fe5828ffe.js Show response
www.perimeterx.com/ 118 B
221 B 15ms
8ms Script
application/javascript 2a03:b0c0:3:d0::d23:e001
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://www.perimeterx.com/styles-84a9bc99193fe5828ffe.js

Requested by

Host: www.perimeterx.com
URL: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:d0::d23:e001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Netlify /

Resource Hash

38c08303bd5a371b305829b5f0c83d29d574460285b79e0796c24298fe2e50fe

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' *.perimeterx.com
Strict-Transport-Security	max-age=31536000
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: no-cors
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: script
dpr: 1
:path: /styles-84a9bc99193fe5828ffe.js
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
viewport-width: 1600
accept: */*
cache-control: no-cache
:authority: www.perimeterx.com
referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
DPR: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Viewport-Width: 1600

Response headers

x-nf-request-id: 01F99WBTYCKJ902095DR7EX2GR
content-security-policy: frame-ancestors 'self' *.perimeterx.com
server: Netlify
age: 4644
etag: "1b128f8df8c582ed1040f26c2f9aa322-ssl"
x-frame-options: DENY
content-type: application/javascript
cache-control: public, max-age=0, must-revalidate
date: Mon, 28 Jun 2021 16:41:13 GMT
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 118
x-xss-protection: 1; mode=block

GET
H2 200 c9c6fe98-993af7fc98563244dca7.js Show response
www.perimeterx.com/ 90 KB
22 KB 31ms
25ms Script
application/javascript 2a03:b0c0:3:d0::d23:e001
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://www.perimeterx.com/c9c6fe98-993af7fc98563244dca7.js

Requested by

Host: www.perimeterx.com
URL: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:d0::d23:e001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Netlify /

Resource Hash

02ddaf43f5581575f14b7a3df900d5ae4d195526af1da0f971582f708944b4e0

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' *.perimeterx.com
Strict-Transport-Security	max-age=31536000
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: no-cors
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: script
dpr: 1
:path: /c9c6fe98-993af7fc98563244dca7.js
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
viewport-width: 1600
accept: */*
cache-control: no-cache
:authority: www.perimeterx.com
referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
DPR: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Viewport-Width: 1600

Response headers

x-nf-request-id: 01F99WBTYC2CPTM0QEG1VA3FJQ
content-security-policy: frame-ancestors 'self' *.perimeterx.com
content-encoding: gzip
server: Netlify
age: 9483
x-frame-options: DENY
etag: "c2f04c64743a5352fe0c5287df1f386b-ssl"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=0, must-revalidate
date: Mon, 28 Jun 2021 15:20:35 GMT
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 22880
x-xss-protection: 1; mode=block

GET
H2 200 1bfc9850-3f9caaf563b29130cfd3.js Show response
www.perimeterx.com/ 5 KB
2 KB 132ms
125ms Script
application/javascript 2a03:b0c0:3:d0::d23:e001
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://www.perimeterx.com/1bfc9850-3f9caaf563b29130cfd3.js

Requested by

Host: www.perimeterx.com
URL: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:d0::d23:e001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Netlify /

Resource Hash

1e684b29a964c9dabb99a959c1bd61bb87afc3428257c8a63ba7ac6c818bc760

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' *.perimeterx.com
Strict-Transport-Security	max-age=31536000
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: no-cors
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: script
dpr: 1
:path: /1bfc9850-3f9caaf563b29130cfd3.js
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
viewport-width: 1600
accept: */*
cache-control: no-cache
:authority: www.perimeterx.com
referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
DPR: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Viewport-Width: 1600

Response headers

x-nf-request-id: 01F99WBTYC74SXFWTCWANYHRX2
content-security-policy: frame-ancestors 'self' *.perimeterx.com
content-encoding: br
etag: "60275bc010be79d8fd00c47f8b5fe03e-ssl"
server: Netlify
age: 2263
x-frame-options: DENY
date: Mon, 28 Jun 2021 17:20:54 GMT
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=0, must-revalidate
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 2037
x-xss-protection: 1; mode=block

GET
H2 200 5e2a4920-ec6611c697e62ae98e6b.js Show response
www.perimeterx.com/ 2 KB
627 B 30ms
24ms Script
application/javascript 2a03:b0c0:3:d0::d23:e001
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://www.perimeterx.com/5e2a4920-ec6611c697e62ae98e6b.js

Requested by

Host: www.perimeterx.com
URL: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:d0::d23:e001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Netlify /

Resource Hash

1d3ca61b724266c0a7c4e341710e9e53509d6c02e5dc28eb33bbaae8beae7a5f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' *.perimeterx.com
Strict-Transport-Security	max-age=31536000
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: no-cors
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: script
dpr: 1
:path: /5e2a4920-ec6611c697e62ae98e6b.js
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
viewport-width: 1600
accept: */*
cache-control: no-cache
:authority: www.perimeterx.com
referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
DPR: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Viewport-Width: 1600

Response headers

x-nf-request-id: 01F99WBTYCF13W4WRVXPXVGKX3
content-security-policy: frame-ancestors 'self' *.perimeterx.com
content-encoding: br
etag: "d7eb20420d5bf06ebb98a88ec90e24de-ssl"
server: Netlify
age: 2263
x-frame-options: DENY
date: Mon, 28 Jun 2021 17:20:54 GMT
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=0, must-revalidate
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 497
x-xss-protection: 1; mode=block

GET
H2 200 95b64a6e-32bf71a43dd533c97155.js Show response
www.perimeterx.com/ 855 B
959 B 13ms
8ms Script
application/javascript 2a03:b0c0:3:d0::d23:e001
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://www.perimeterx.com/95b64a6e-32bf71a43dd533c97155.js

Requested by

Host: www.perimeterx.com
URL: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:d0::d23:e001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Netlify /

Resource Hash

a4bac9daae0662ebb93c15edada89b10d2e791a972cc2259aadac11a0ff2c181

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' *.perimeterx.com
Strict-Transport-Security	max-age=31536000
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: no-cors
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: script
dpr: 1
:path: /95b64a6e-32bf71a43dd533c97155.js
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
viewport-width: 1600
accept: */*
cache-control: no-cache
:authority: www.perimeterx.com
referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
DPR: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Viewport-Width: 1600

Response headers

x-nf-request-id: 01F99WBTYCV3W1J3QFZJDQE5FP
content-security-policy: frame-ancestors 'self' *.perimeterx.com
server: Netlify
age: 4645
etag: "3d030cb70c9c73b33cbbc179a6babb6a-ssl"
x-frame-options: DENY
content-type: application/javascript
cache-control: public, max-age=0, must-revalidate
date: Mon, 28 Jun 2021 16:41:13 GMT
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 855
x-xss-protection: 1; mode=block

GET
H2 200 app-4c343ff50f9485a968cf.js Show response
www.perimeterx.com/ 666 KB
193 KB 16ms
11ms Script
application/javascript 2a03:b0c0:3:d0::d23:e001
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://www.perimeterx.com/app-4c343ff50f9485a968cf.js

Requested by

Host: www.perimeterx.com
URL: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:d0::d23:e001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Netlify /

Resource Hash

295a6f34cca151fb571334f47d3d09aab60091e4ecd7e7c94a515e04eccf0433

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' *.perimeterx.com
Strict-Transport-Security	max-age=31536000
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: no-cors
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: script
dpr: 1
:path: /app-4c343ff50f9485a968cf.js
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
viewport-width: 1600
accept: */*
cache-control: no-cache
:authority: www.perimeterx.com
referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
DPR: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Viewport-Width: 1600

Response headers

x-nf-request-id: 01F99WBTYC7VK8AEPSZGEA68T2
content-security-policy: frame-ancestors 'self' *.perimeterx.com
content-encoding: br
server: Netlify
age: 4644
x-frame-options: DENY
etag: "37e630f867301ff93d41621190e6fdbd-ssl"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=0, must-revalidate
date: Mon, 28 Jun 2021 16:41:13 GMT
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 197114
x-xss-protection: 1; mode=block

GET
H2 200 4e5d4b2e90d0e1dbee54386e627d58b6f200024a-441bf0e3f892be967aa2.js Show response
www.perimeterx.com/ 6 KB
2 KB 13ms
8ms Script
application/javascript 2a03:b0c0:3:d0::d23:e001
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://www.perimeterx.com/4e5d4b2e90d0e1dbee54386e627d58b6f200024a-441bf0e3f892be967aa2.js

Requested by

Host: www.perimeterx.com
URL: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:d0::d23:e001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Netlify /

Resource Hash

ea3403647721183ec2482fafca2c93a1d57d28964fc3c71669c5db4f4ed4203a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' *.perimeterx.com
Strict-Transport-Security	max-age=31536000
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: no-cors
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: script
dpr: 1
:path: /4e5d4b2e90d0e1dbee54386e627d58b6f200024a-441bf0e3f892be967aa2.js
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
viewport-width: 1600
accept: */*
cache-control: no-cache
:authority: www.perimeterx.com
referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
DPR: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Viewport-Width: 1600

Response headers

x-nf-request-id: 01F99WBTYD3VS98TC96XDE89GT
content-security-policy: frame-ancestors 'self' *.perimeterx.com
content-encoding: gzip
server: Netlify
age: 8824
x-frame-options: DENY
etag: "3de62b9931e78f94173bdd9cb4ec3eb3-ssl"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=0, must-revalidate
date: Mon, 28 Jun 2021 15:31:33 GMT
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 2329
x-xss-protection: 1; mode=block

GET
H2 200 9815f04a81c9d7b5d54b3cfd1cb9f97e68eecb8a-a355f09a4afc1034414f.js Show response
www.perimeterx.com/ 3 KB
1 KB 14ms
8ms Script
application/javascript 2a03:b0c0:3:d0::d23:e001
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://www.perimeterx.com/9815f04a81c9d7b5d54b3cfd1cb9f97e68eecb8a-a355f09a4afc1034414f.js

Requested by

Host: www.perimeterx.com
URL: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:d0::d23:e001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Netlify /

Resource Hash

b4b2e637e8e48456c992fe2bcda10c486ec76e87633efe0209c1a1115dc1cd30

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' *.perimeterx.com
Strict-Transport-Security	max-age=31536000
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: no-cors
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: script
dpr: 1
:path: /9815f04a81c9d7b5d54b3cfd1cb9f97e68eecb8a-a355f09a4afc1034414f.js
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
viewport-width: 1600
accept: */*
cache-control: no-cache
:authority: www.perimeterx.com
referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
DPR: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Viewport-Width: 1600

Response headers

x-nf-request-id: 01F99WBTYD2JGWJG9W8PXX3CKW
content-security-policy: frame-ancestors 'self' *.perimeterx.com
content-encoding: gzip
etag: "4c2147b544336c28ef6627c96753529f-ssl"
server: Netlify
age: 4644
x-frame-options: DENY
date: Mon, 28 Jun 2021 16:41:13 GMT
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=0, must-revalidate
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 1076
x-xss-protection: 1; mode=block

GET
H2 200 7bdd45f0edf7ab069f793bd54a3764f09be3b3b3-a05d93431fd73cb3aafa.js Show response
www.perimeterx.com/ 9 KB
3 KB 47ms
42ms Script
application/javascript 2a03:b0c0:3:d0::d23:e001
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://www.perimeterx.com/7bdd45f0edf7ab069f793bd54a3764f09be3b3b3-a05d93431fd73cb3aafa.js

Requested by

Host: www.perimeterx.com
URL: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:d0::d23:e001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Netlify /

Resource Hash

3727ed44450db8aad7c9c7b0a7f34348022ca4fa0faea2b250ace30766c2ba4f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' *.perimeterx.com
Strict-Transport-Security	max-age=31536000
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: no-cors
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: script
dpr: 1
:path: /7bdd45f0edf7ab069f793bd54a3764f09be3b3b3-a05d93431fd73cb3aafa.js
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
viewport-width: 1600
accept: */*
cache-control: no-cache
:authority: www.perimeterx.com
referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
DPR: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Viewport-Width: 1600

Response headers

x-nf-request-id: 01F99WBTYD120C0MC3FJ48R6D8
content-security-policy: frame-ancestors 'self' *.perimeterx.com
content-encoding: br
server: Netlify
age: 1737
x-frame-options: DENY
etag: "dbe1f55c8c8b6e2e15339054c896140b-ssl"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=0, must-revalidate
date: Mon, 28 Jun 2021 17:29:40 GMT
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 2808
x-xss-protection: 1; mode=block

GET
H2 200 7569254f8129f1eff5120b182675712184ee829e-2cb1f1aed12f8db3fca7.js Show response
www.perimeterx.com/ 4 KB
2 KB 52ms
48ms Script
application/javascript 2a03:b0c0:3:d0::d23:e001
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://www.perimeterx.com/7569254f8129f1eff5120b182675712184ee829e-2cb1f1aed12f8db3fca7.js

Requested by

Host: www.perimeterx.com
URL: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:d0::d23:e001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Netlify /

Resource Hash

8b928cc01c0d285480c24a9b43ddc219ece2971028a5f634d41f69a0882ff0d5

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' *.perimeterx.com
Strict-Transport-Security	max-age=31536000
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: no-cors
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: script
dpr: 1
:path: /7569254f8129f1eff5120b182675712184ee829e-2cb1f1aed12f8db3fca7.js
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
viewport-width: 1600
accept: */*
cache-control: no-cache
:authority: www.perimeterx.com
referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
DPR: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Viewport-Width: 1600

Response headers

x-nf-request-id: 01F99WBTYD8A00MEY10ABEWPKS
content-security-policy: frame-ancestors 'self' *.perimeterx.com
content-encoding: br
server: Netlify
age: 1517
x-frame-options: DENY
etag: "dd90fbb91dc951240732106b5d64786b-ssl"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=0, must-revalidate
date: Mon, 28 Jun 2021 17:33:20 GMT
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 1569
x-xss-protection: 1; mode=block

GET
H2 200 component---src-layouts-templates-blog-blog-post-js-8dbd14731d85dc9045f5.js Show response
www.perimeterx.com/ 16 KB
5 KB 46ms
42ms Script
application/javascript 2a03:b0c0:3:d0::d23:e001
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://www.perimeterx.com/component---src-layouts-templates-blog-blog-post-js-8dbd14731d85dc9045f5.js

Requested by

Host: www.perimeterx.com
URL: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:d0::d23:e001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Netlify /

Resource Hash

681d1e8c9561c7e9c9f01ec5333d798a77dc4de9a8494a028300c233f3c87eda

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' *.perimeterx.com
Strict-Transport-Security	max-age=31536000
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: no-cors
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: script
dpr: 1
:path: /component---src-layouts-templates-blog-blog-post-js-8dbd14731d85dc9045f5.js
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
viewport-width: 1600
accept: */*
cache-control: no-cache
:authority: www.perimeterx.com
referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
DPR: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Viewport-Width: 1600

Response headers

x-nf-request-id: 01F99WBTYDPMBF77R4Y9B23B7E
content-security-policy: frame-ancestors 'self' *.perimeterx.com
content-encoding: gzip
etag: "94e35fe2156e78306ed51cfb05b5d694-ssl"
server: Netlify
age: 7682
x-frame-options: DENY
date: Mon, 28 Jun 2021 15:50:35 GMT
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=0, must-revalidate
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 4991
x-xss-protection: 1; mode=block

GET
H2 200 page-data.json
www.perimeterx.com/page-data/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/ 17 KB
6 KB 46ms
41ms Other
application/json 2a03:b0c0:3:d0::d23:e001
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://www.perimeterx.com/page-data/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/page-data.json

Requested by

Host: www.perimeterx.com
URL: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:d0::d23:e001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Netlify /

Resource Hash

a1606dc3219b3e444dbb90ac8124a1a272f9f5a34a9a095f7960dc88054e865b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' *.perimeterx.com
Strict-Transport-Security	max-age=31536000
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
origin: https://www.perimeterx.com
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
dpr: 1
:path: /page-data/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/page-data.json
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
viewport-width: 1600
accept: */*
cache-control: no-cache
:authority: www.perimeterx.com
referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
Origin: https://www.perimeterx.com
DPR: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Viewport-Width: 1600

Response headers

x-nf-request-id: 01F99WBTYDCHTGK4EPSKC5S9E0
content-security-policy: frame-ancestors 'self' *.perimeterx.com
content-encoding: br
server: Netlify
age: 1398
x-frame-options: DENY
etag: "90d07dad0a275892c8728b6ca3a742ad-ssl"
vary: Accept-Encoding
content-type: application/json
cache-control: public, max-age=0, must-revalidate
date: Mon, 28 Jun 2021 17:35:19 GMT
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 6340
x-xss-protection: 1; mode=block

GET
H2 200 105486388.json
www.perimeterx.com/page-data/sq/d/ 446 B
550 B 45ms
41ms Other
application/json 2a03:b0c0:3:d0::d23:e001
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://www.perimeterx.com/page-data/sq/d/105486388.json

Requested by

Host: www.perimeterx.com
URL: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:d0::d23:e001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Netlify /

Resource Hash

9643ad4251cb0b5eac75b7141f9f2109fb2997b3ccfcbbab7ad11c8619adc0b8

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' *.perimeterx.com
Strict-Transport-Security	max-age=31536000
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
origin: https://www.perimeterx.com
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
dpr: 1
:path: /page-data/sq/d/105486388.json
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
viewport-width: 1600
accept: */*
cache-control: no-cache
:authority: www.perimeterx.com
referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
Origin: https://www.perimeterx.com
DPR: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Viewport-Width: 1600

Response headers

x-nf-request-id: 01F99WBTYDAGKS1T06TVEQ1TCA
content-security-policy: frame-ancestors 'self' *.perimeterx.com
server: Netlify
age: 4645
etag: "b32bd9bb97763739e71b834721191066-ssl"
x-frame-options: DENY
content-type: application/json
cache-control: public, max-age=0, must-revalidate
date: Mon, 28 Jun 2021 16:41:13 GMT
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 446
x-xss-protection: 1; mode=block

GET
H2 200 1081851012.json
www.perimeterx.com/page-data/sq/d/ 356 B
461 B 30ms
26ms Other
application/json 2a03:b0c0:3:d0::d23:e001
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://www.perimeterx.com/page-data/sq/d/1081851012.json

Requested by

Host: www.perimeterx.com
URL: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:d0::d23:e001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Netlify /

Resource Hash

3467093da21cc8d6cb66f57b48e20c8a360a2d10c69921bbfebff85b238d1ede

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' *.perimeterx.com
Strict-Transport-Security	max-age=31536000
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
origin: https://www.perimeterx.com
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
dpr: 1
:path: /page-data/sq/d/1081851012.json
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
viewport-width: 1600
accept: */*
cache-control: no-cache
:authority: www.perimeterx.com
referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
Origin: https://www.perimeterx.com
DPR: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Viewport-Width: 1600

Response headers

x-nf-request-id: 01F99WBTYDTPGKHD046SJ42JWV
content-security-policy: frame-ancestors 'self' *.perimeterx.com
server: Netlify
age: 4557
etag: "5a6036d4c431ad7274a45116d97d3977-ssl"
x-frame-options: DENY
content-type: application/json
cache-control: public, max-age=0, must-revalidate
date: Mon, 28 Jun 2021 16:42:40 GMT
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 356
x-xss-protection: 1; mode=block

GET
H2 200 1351792449.json
www.perimeterx.com/page-data/sq/d/ 300 B
440 B 13ms
9ms Other
application/json 2a03:b0c0:3:d0::d23:e001
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://www.perimeterx.com/page-data/sq/d/1351792449.json

Requested by

Host: www.perimeterx.com
URL: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:d0::d23:e001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Netlify /

Resource Hash

04fac4a0b1ae3f61cbddf6c63d60ad3b419dba7cfd817352c7dc1d2a00e8e48e

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' *.perimeterx.com
Strict-Transport-Security	max-age=31536000
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
origin: https://www.perimeterx.com
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
dpr: 1
:path: /page-data/sq/d/1351792449.json
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
viewport-width: 1600
accept: */*
cache-control: no-cache
:authority: www.perimeterx.com
referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
Origin: https://www.perimeterx.com
DPR: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Viewport-Width: 1600

Response headers

x-nf-request-id: 01F99WBTYD0ZJ08KN2ZHYZNG87
content-security-policy: frame-ancestors 'self' *.perimeterx.com
server: Netlify
age: 8851
etag: "b22fd81913f5ff32008867bd74536ab9-ssl"
x-frame-options: DENY
content-type: application/json
cache-control: public, max-age=0, must-revalidate
date: Mon, 28 Jun 2021 15:31:06 GMT
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 300
x-xss-protection: 1; mode=block

GET
H2 200 1423242311.json
www.perimeterx.com/page-data/sq/d/ 184 B
288 B 29ms
25ms Other
application/json 2a03:b0c0:3:d0::d23:e001
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://www.perimeterx.com/page-data/sq/d/1423242311.json

Requested by

Host: www.perimeterx.com
URL: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:d0::d23:e001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Netlify /

Resource Hash

7777858e85646ef5fb3a61d3862af526216ae6f199db4bf1c6ad6b2fcde3bf47

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' *.perimeterx.com
Strict-Transport-Security	max-age=31536000
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
origin: https://www.perimeterx.com
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
dpr: 1
:path: /page-data/sq/d/1423242311.json
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
viewport-width: 1600
accept: */*
cache-control: no-cache
:authority: www.perimeterx.com
referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
Origin: https://www.perimeterx.com
DPR: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Viewport-Width: 1600

Response headers

x-nf-request-id: 01F99WBTYDVBVT3E6F3B0HWG3P
content-security-policy: frame-ancestors 'self' *.perimeterx.com
server: Netlify
age: 4644
etag: "c04a0bb67eaf3de2450e45362fc25695-ssl"
x-frame-options: DENY
content-type: application/json
cache-control: public, max-age=0, must-revalidate
date: Mon, 28 Jun 2021 16:41:13 GMT
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 184
x-xss-protection: 1; mode=block

GET
H2 200 1883141102.json
www.perimeterx.com/page-data/sq/d/ 9 KB
1 KB 13ms
9ms Other
application/json 2a03:b0c0:3:d0::d23:e001
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://www.perimeterx.com/page-data/sq/d/1883141102.json

Requested by

Host: www.perimeterx.com
URL: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:d0::d23:e001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Netlify /

Resource Hash

f21dbb292fc97aec4d2e84c9d7ff3ddd1a9c74381d46a8aaa696db0ff997dfd3

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' *.perimeterx.com
Strict-Transport-Security	max-age=31536000
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
origin: https://www.perimeterx.com
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
dpr: 1
:path: /page-data/sq/d/1883141102.json
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
viewport-width: 1600
accept: */*
cache-control: no-cache
:authority: www.perimeterx.com
referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
Origin: https://www.perimeterx.com
DPR: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Viewport-Width: 1600

Response headers

x-nf-request-id: 01F99WBTYDS6053HG319P7MNVW
content-security-policy: frame-ancestors 'self' *.perimeterx.com
content-encoding: br
server: Netlify
age: 4940
x-frame-options: DENY
etag: "b5d622be0773f3fc9cb8b3232bd3f57b-ssl"
vary: Accept-Encoding
content-type: application/json
cache-control: public, max-age=0, must-revalidate
date: Mon, 28 Jun 2021 16:36:17 GMT
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 1208
x-xss-protection: 1; mode=block

GET
H2 200 2363503153.json
www.perimeterx.com/page-data/sq/d/ 20 KB
4 KB 28ms
25ms Other
application/json 2a03:b0c0:3:d0::d23:e001
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://www.perimeterx.com/page-data/sq/d/2363503153.json

Requested by

Host: www.perimeterx.com
URL: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:d0::d23:e001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Netlify /

Resource Hash

31a6e3323dbe93c110e3c98bb11e690e440d7b939197614e415ca3611ca6c847

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' *.perimeterx.com
Strict-Transport-Security	max-age=31536000
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
origin: https://www.perimeterx.com
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
dpr: 1
:path: /page-data/sq/d/2363503153.json
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
viewport-width: 1600
accept: */*
cache-control: no-cache
:authority: www.perimeterx.com
referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
Origin: https://www.perimeterx.com
DPR: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Viewport-Width: 1600

Response headers

x-nf-request-id: 01F99WBTYD3VF0CH1H1ZAVGNGA
content-security-policy: frame-ancestors 'self' *.perimeterx.com
content-encoding: br
server: Netlify
age: 4740
x-frame-options: DENY
etag: "7c60ea81c44edd4f6fcb929fcc8d4457-ssl"
vary: Accept-Encoding
content-type: application/json
cache-control: public, max-age=0, must-revalidate
date: Mon, 28 Jun 2021 16:39:37 GMT
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 3769
x-xss-protection: 1; mode=block

GET
H2 200 3302762179.json
www.perimeterx.com/page-data/sq/d/ 448 B
551 B 29ms
25ms Other
application/json 2a03:b0c0:3:d0::d23:e001
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://www.perimeterx.com/page-data/sq/d/3302762179.json

Requested by

Host: www.perimeterx.com
URL: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:d0::d23:e001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Netlify /

Resource Hash

bb1d421bd5586b719f13757ede8730c0f1346fc3e7335717449fc7e6c2361e42

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' *.perimeterx.com
Strict-Transport-Security	max-age=31536000
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
origin: https://www.perimeterx.com
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
dpr: 1
:path: /page-data/sq/d/3302762179.json
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
viewport-width: 1600
accept: */*
cache-control: no-cache
:authority: www.perimeterx.com
referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
Origin: https://www.perimeterx.com
DPR: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Viewport-Width: 1600

Response headers

x-nf-request-id: 01F99WBTYE9A82JZPHX0YYB8E1
content-security-policy: frame-ancestors 'self' *.perimeterx.com
server: Netlify
age: 4644
etag: "c3b77071f94698e585f9afe0ce35cad1-ssl"
x-frame-options: DENY
content-type: application/json
cache-control: public, max-age=0, must-revalidate
date: Mon, 28 Jun 2021 16:41:13 GMT
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 448
x-xss-protection: 1; mode=block

GET
H2 200 3462628496.json
www.perimeterx.com/page-data/sq/d/ 778 B
882 B 13ms
10ms Other
application/json 2a03:b0c0:3:d0::d23:e001
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://www.perimeterx.com/page-data/sq/d/3462628496.json

Requested by

Host: www.perimeterx.com
URL: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:d0::d23:e001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Netlify /

Resource Hash

e025dd3bce02f191bc97fca49b22204e5f3a62b3823aeea7a9b3e57e500f02db

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' *.perimeterx.com
Strict-Transport-Security	max-age=31536000
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
origin: https://www.perimeterx.com
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
dpr: 1
:path: /page-data/sq/d/3462628496.json
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
viewport-width: 1600
accept: */*
cache-control: no-cache
:authority: www.perimeterx.com
referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
Origin: https://www.perimeterx.com
DPR: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Viewport-Width: 1600

Response headers

x-nf-request-id: 01F99WBTYEB95KT2YR11HYT6M5
content-security-policy: frame-ancestors 'self' *.perimeterx.com
server: Netlify
age: 4644
etag: "aeb6faa8ac78f8f78c39b64e07bff9bd-ssl"
x-frame-options: DENY
content-type: application/json
cache-control: public, max-age=0, must-revalidate
date: Mon, 28 Jun 2021 16:41:13 GMT
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 778
x-xss-protection: 1; mode=block

GET
H2 200 3662110850.json
www.perimeterx.com/page-data/sq/d/ 514 B
642 B 13ms
10ms Other
application/json 2a03:b0c0:3:d0::d23:e001
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://www.perimeterx.com/page-data/sq/d/3662110850.json

Requested by

Host: www.perimeterx.com
URL: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:d0::d23:e001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Netlify /

Resource Hash

756ce5cbeb4877d57748c6d6c51dc27ccbcc7d5bbafbd784471a77733749004b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' *.perimeterx.com
Strict-Transport-Security	max-age=31536000
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
origin: https://www.perimeterx.com
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
dpr: 1
:path: /page-data/sq/d/3662110850.json
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
viewport-width: 1600
accept: */*
cache-control: no-cache
:authority: www.perimeterx.com
referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
Origin: https://www.perimeterx.com
DPR: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Viewport-Width: 1600

Response headers

x-nf-request-id: 01F99WBTYE7EMZH4Q3RFJ6NAMR
content-security-policy: frame-ancestors 'self' *.perimeterx.com
server: Netlify
age: 4557
etag: "f7ab84b3bb8c04de9a3770aa514bc026-ssl"
x-frame-options: DENY
content-type: application/json
cache-control: public, max-age=0, must-revalidate
date: Mon, 28 Jun 2021 16:42:40 GMT
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 514
x-xss-protection: 1; mode=block

GET
H2 200 3700775727.json
www.perimeterx.com/page-data/sq/d/ 121 KB
28 KB 40ms
36ms Other
application/json 2a03:b0c0:3:d0::d23:e001
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://www.perimeterx.com/page-data/sq/d/3700775727.json

Requested by

Host: www.perimeterx.com
URL: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:d0::d23:e001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Netlify /

Resource Hash

e9e78f908bdf3f9be0722426619806a106eeeaf4aa1135772142d532d9b5190d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' *.perimeterx.com
Strict-Transport-Security	max-age=31536000
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
origin: https://www.perimeterx.com
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
dpr: 1
:path: /page-data/sq/d/3700775727.json
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
viewport-width: 1600
accept: */*
cache-control: no-cache
:authority: www.perimeterx.com
referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
Origin: https://www.perimeterx.com
DPR: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Viewport-Width: 1600

Response headers

x-nf-request-id: 01F99WBTYEE0AAQG9219NKQ813
content-security-policy: frame-ancestors 'self' *.perimeterx.com
content-encoding: gzip
server: Netlify
age: 3493
x-frame-options: DENY
etag: "603392f66f3befea71b2f23b62342095-ssl"
vary: Accept-Encoding
content-type: application/json
cache-control: public, max-age=0, must-revalidate
date: Mon, 28 Jun 2021 17:00:24 GMT
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 28319
x-xss-protection: 1; mode=block

GET
H2 200 3826888336.json
www.perimeterx.com/page-data/sq/d/ 301 B
404 B 44ms
41ms Other
application/json 2a03:b0c0:3:d0::d23:e001
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://www.perimeterx.com/page-data/sq/d/3826888336.json

Requested by

Host: www.perimeterx.com
URL: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:d0::d23:e001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Netlify /

Resource Hash

dbc2a7f895d05be1b17ed8eb1eb609589ff3b3f9b3e2ee97f9a9e530f9026b75

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' *.perimeterx.com
Strict-Transport-Security	max-age=31536000
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
origin: https://www.perimeterx.com
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
dpr: 1
:path: /page-data/sq/d/3826888336.json
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
viewport-width: 1600
accept: */*
cache-control: no-cache
:authority: www.perimeterx.com
referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
Origin: https://www.perimeterx.com
DPR: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Viewport-Width: 1600

Response headers

x-nf-request-id: 01F99WBTYEB08A64V9YDHBVNGW
content-security-policy: frame-ancestors 'self' *.perimeterx.com
server: Netlify
age: 4644
etag: "ea4b239ea7c9b1bc36c1d0c56c3abe16-ssl"
x-frame-options: DENY
content-type: application/json
cache-control: public, max-age=0, must-revalidate
date: Mon, 28 Jun 2021 16:41:13 GMT
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 301
x-xss-protection: 1; mode=block

GET
H2 200 56453587.json
www.perimeterx.com/page-data/sq/d/ 36 KB
8 KB 11ms
9ms Other
application/json 2a03:b0c0:3:d0::d23:e001
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://www.perimeterx.com/page-data/sq/d/56453587.json

Requested by

Host: www.perimeterx.com
URL: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:d0::d23:e001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Netlify /

Resource Hash

ccbc95bd199c56a211771182f1eecc5ee0e73c6ae3c78115de8a42ad5a51f33e

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' *.perimeterx.com
Strict-Transport-Security	max-age=31536000
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
origin: https://www.perimeterx.com
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
dpr: 1
:path: /page-data/sq/d/56453587.json
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
viewport-width: 1600
accept: */*
cache-control: no-cache
:authority: www.perimeterx.com
referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
Origin: https://www.perimeterx.com
DPR: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Viewport-Width: 1600

Response headers

x-nf-request-id: 01F99WBTYEN9SBE9SRWMT6CV0K
content-security-policy: frame-ancestors 'self' *.perimeterx.com
content-encoding: br
server: Netlify
age: 8978
x-frame-options: DENY
etag: "e3b8cf69a6dc697cec9671bfe975cf07-ssl"
vary: Accept-Encoding
content-type: application/json
cache-control: public, max-age=0, must-revalidate
date: Mon, 28 Jun 2021 15:28:59 GMT
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 7839
x-xss-protection: 1; mode=block

GET
H2 200 app-data.json
www.perimeterx.com/page-data/ 50 B
177 B 11ms
9ms Other
application/json 2a03:b0c0:3:d0::d23:e001
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://www.perimeterx.com/page-data/app-data.json

Requested by

Host: www.perimeterx.com
URL: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:d0::d23:e001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Netlify /

Resource Hash

f0b95e8950b81fa655c524058049ef623f22ca34eb0bbda248c3859c2404f0f6

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' *.perimeterx.com
Strict-Transport-Security	max-age=31536000
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
origin: https://www.perimeterx.com
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
dpr: 1
:path: /page-data/app-data.json
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
viewport-width: 1600
accept: */*
cache-control: no-cache
:authority: www.perimeterx.com
referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
Origin: https://www.perimeterx.com
DPR: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Viewport-Width: 1600

Response headers

x-nf-request-id: 01F99WBTYE67WGEY5G3AVSSGKH
content-security-policy: frame-ancestors 'self' *.perimeterx.com
server: Netlify
age: 4681
etag: "e7dfaa4b2f18c3c42b4f47fc5a538fe6-ssl"
x-frame-options: DENY
content-type: application/json
cache-control: public, max-age=0, must-revalidate
date: Mon, 28 Jun 2021 16:40:36 GMT
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 50
x-xss-protection: 1; mode=block

GET
H2

200

turbotax-ato_rmlhvv.jpg
www.perimeterx.com/assets-redirect/image/upload/dpr_auto,f_auto,w_820//v1623886219/blog/2021/turbotax-ato-attack/
Redirect Chain

https://perimeterx.com/assets-redirect/image/upload/dpr_auto,f_auto,w_820//v1623886219/blog/2021/turbotax-ato-attack/turbotax-ato_rmlhvv.jpg
https://www.perimeterx.com/assets-redirect/image/upload/dpr_auto,f_auto,w_820//v1623886219/blog/2021/turbotax-ato-attack/turbotax-ato_rmlhvv.jpg

127 KB
128 KB

628ms
627ms

Image
image/webp

2a03:b0c0:3:d0::d23:e001
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.perimeterx.com/assets-redirect/image/upload/dpr_auto,f_auto,w_820//v1623886219/blog/2021/turbotax-ato-attack/turbotax-ato_rmlhvv.jpg

Requested by

Host: www.perimeterx.com
URL: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:d0::d23:e001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Netlify /

Resource Hash

e3b4c3d15bf626b8a3f3ea137844dc70ccfc1f88db77272082826d8a0c7e8b47

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

:path: /assets-redirect/image/upload/dpr_auto,f_auto,w_820//v1623886219/blog/2021/turbotax-ato-attack/turbotax-ato_rmlhvv.jpg
pragma: no-cache
cookie: _biz_uid=20b96ace993e4d51c87af4a898fa63b0; _biz_sid=97e1ea; _biz_nA=1; _px_uAB=MTMzN3x0cnVl; _biz_pendingA=%5B%5D; _px=5VynSmj4nNAha/HZAb6ecrIkyuyLgZ9CbkyKMj60UsbzkN/aAjgefCNXplxSsD2158v87hbQ71kGHiOu5K25Sw==:1000:S8QKHeqQICctTeVKshpVd3F9eygnMSMZC/Rn2otVGKuUor87dM4CXh4tiB8mTNGWCGd86jSUvKdUubpggM3fMFSCHTu6AyQobxisji2AF0CoCPPlsq6UzJN5JwiWABXMzc91aGFohugqYnCVMjhra0kQsKDoe9zxzF+fy9uSK1ot0cRrz+yz6WmBeSyZM0r6+ojm5i0gIPkSUzOHiIjasHOoqDYBLZCfgwQUB5L3b9WZsK5fTz7MhJloybGZouRgW9QFvEV6QI7Wy8X/+Yq8Og==; _pxvid=77068391-d83a-11eb-b5a0-0242ac12001a; _pxff_bdd=1000; _pxff_idp_p=1; _pxff_cl=888; _pxff_scs=1,WOWMAN; _pxff_wow=1; _pxff_ww=1; _pxff_af_wp=1; _pxff_af_sp=1; _pxff_af_cd=1; _pxff_af_rf=1; _pxff_af_se=1; _pxff_rid=6905385671275758357; _biz_flagsA=%7B%22Version%22%3A1%2C%22ViewThrough%22%3A%221%22%2C%22XDomain%22%3A%221%22%7D; _gid=GA1.2.699729854.1624903118; _ga_S5CWZF51H2=GS1.1.1624903118.1.0.1624903118.0; _ga=GA1.2.577416843.1624903118; _gat_UA-57261032-1=1; OptanonConsent=isIABGlobal=false&datestamp=Mon+Jun+28+2021+19%3A58%3A38+GMT%2B0200+(Central+European+Summer+Time)&version=6.14.0&hosts=&consentId=a3e683d0-0eba-459d-9c3a-13815c009c75&interactionCount=0&landingPath=https%3A%2F%2Fwww.perimeterx.com%2Fresources%2Fblog%2F2021%2Fturbotax-ato-attack-foretells-serious-wave-of-financial-fraud%2F%3Futm_source%3Dtwitter%26utm_medium%3Dorganic-social&groups=C0004%3A1%2CC0003%3A1%2CBG4%3A1%2CC0001%3A1%2CC0002%3A1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.perimeterx.com
referer: https://www.perimeterx.com/
:scheme: https
sec-fetch-site: same-site
:method: GET
Referer: https://www.perimeterx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nf-request-id: 01F99WBVPW3S1BYGQFT8CFF7A4
date: Mon, 28 Jun 2021 17:58:39 GMT
x-content-type-options: nosniff
age: 1
content-disposition: inline; filename="turbotax-ato_rmlhvv.webp"
server-timing: fastly;dur=3;cpu=1;start=2021-06-28T17:58:39.174Z;desc=hit,rtt;dur=0
content-length: 130380
last-modified: Wed, 16 Jun 2021 23:45:45 GMT
server: Netlify
etag: "dc5a4764046ada415f8f6c619946aa2f"
strict-transport-security: max-age=604800
content-type: image/webp
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Disposition,ETag,Server-Timing,Vary,X-Content-Type-Options
cache-control: private, no-transform, immutable, max-age=2592000
content-dpr: 1
accept-ranges: bytes
timing-allow-origin: *

Redirect headers

x-nf-request-id: bfb5983a-cfd1-437d-8020-d97687c3b457-284522078
content-security-policy: frame-ancestors 'self' *.perimeterx.com
server: Netlify
age: 0
date: Mon, 28 Jun 2021 17:58:38 GMT
x-frame-options: DENY
content-type: text/plain; charset=utf-8
location: https://www.perimeterx.com/assets-redirect/image/upload/dpr_auto,f_auto,w_820//v1623886219/blog/2021/turbotax-ato-attack/turbotax-ato_rmlhvv.jpg
cache-control: public, max-age=0, must-revalidate
content-length: 160
x-xss-protection: 1; mode=block

GET
H2

200

kim_qorlh3.jpg
www.perimeterx.com/assets-redirect/image/upload/dpr_auto,f_auto,w_90,r_max//v1579641687/author-portraits/
Redirect Chain

https://perimeterx.com/assets-redirect/image/upload/dpr_auto,f_auto,w_90,r_max//v1579641687/author-portraits/kim_qorlh3.jpg
https://www.perimeterx.com/assets-redirect/image/upload/dpr_auto,f_auto,w_90,r_max//v1579641687/author-portraits/kim_qorlh3.jpg

2 KB
2 KB

499ms
498ms

Image
image/webp

2a03:b0c0:3:d0::d23:e001
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.perimeterx.com/assets-redirect/image/upload/dpr_auto,f_auto,w_90,r_max//v1579641687/author-portraits/kim_qorlh3.jpg

Requested by

Host: www.perimeterx.com
URL: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:d0::d23:e001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Netlify /

Resource Hash

c8d0b81a57181cf2eae9008f8e29bc677929e08c4b0a7103402e2969cfb78dc2

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

:path: /assets-redirect/image/upload/dpr_auto,f_auto,w_90,r_max//v1579641687/author-portraits/kim_qorlh3.jpg
pragma: no-cache
cookie: _biz_uid=20b96ace993e4d51c87af4a898fa63b0; _biz_sid=97e1ea; _biz_nA=1; _px_uAB=MTMzN3x0cnVl; _biz_pendingA=%5B%5D; _px=5VynSmj4nNAha/HZAb6ecrIkyuyLgZ9CbkyKMj60UsbzkN/aAjgefCNXplxSsD2158v87hbQ71kGHiOu5K25Sw==:1000:S8QKHeqQICctTeVKshpVd3F9eygnMSMZC/Rn2otVGKuUor87dM4CXh4tiB8mTNGWCGd86jSUvKdUubpggM3fMFSCHTu6AyQobxisji2AF0CoCPPlsq6UzJN5JwiWABXMzc91aGFohugqYnCVMjhra0kQsKDoe9zxzF+fy9uSK1ot0cRrz+yz6WmBeSyZM0r6+ojm5i0gIPkSUzOHiIjasHOoqDYBLZCfgwQUB5L3b9WZsK5fTz7MhJloybGZouRgW9QFvEV6QI7Wy8X/+Yq8Og==; _pxvid=77068391-d83a-11eb-b5a0-0242ac12001a; _pxff_bdd=1000; _pxff_idp_p=1; _pxff_cl=888; _pxff_scs=1,WOWMAN; _pxff_wow=1; _pxff_ww=1; _pxff_af_wp=1; _pxff_af_sp=1; _pxff_af_cd=1; _pxff_af_rf=1; _pxff_af_se=1; _pxff_rid=6905385671275758357; _biz_flagsA=%7B%22Version%22%3A1%2C%22ViewThrough%22%3A%221%22%2C%22XDomain%22%3A%221%22%7D; _gid=GA1.2.699729854.1624903118; _ga_S5CWZF51H2=GS1.1.1624903118.1.0.1624903118.0; _ga=GA1.2.577416843.1624903118; _gat_UA-57261032-1=1; OptanonConsent=isIABGlobal=false&datestamp=Mon+Jun+28+2021+19%3A58%3A38+GMT%2B0200+(Central+European+Summer+Time)&version=6.14.0&hosts=&consentId=a3e683d0-0eba-459d-9c3a-13815c009c75&interactionCount=0&landingPath=https%3A%2F%2Fwww.perimeterx.com%2Fresources%2Fblog%2F2021%2Fturbotax-ato-attack-foretells-serious-wave-of-financial-fraud%2F%3Futm_source%3Dtwitter%26utm_medium%3Dorganic-social&groups=C0004%3A1%2CC0003%3A1%2CBG4%3A1%2CC0001%3A1%2CC0002%3A1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.perimeterx.com
referer: https://www.perimeterx.com/
:scheme: https
sec-fetch-site: same-site
:method: GET
Referer: https://www.perimeterx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nf-request-id: 01F99WBVPWY8G6XMSQ4V2FCPX5
date: Mon, 28 Jun 2021 17:58:39 GMT
x-content-type-options: nosniff
age: 1
content-disposition: inline; filename="kim_qorlh3.webp"
server-timing: fastly;dur=2;cpu=1;start=2021-06-28T17:58:39.046Z;desc=hit,rtt;dur=0
content-length: 1850
last-modified: Wed, 04 Mar 2020 16:35:08 GMT
server: Netlify
etag: "c5ff6638398e3a361397b5283b8bbe06"
strict-transport-security: max-age=604800
content-type: image/webp
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Disposition,ETag,Server-Timing,Vary,X-Content-Type-Options
cache-control: private, no-transform, immutable, max-age=2592000
content-dpr: 1
accept-ranges: bytes
timing-allow-origin: *

Redirect headers

x-nf-request-id: bfb5983a-cfd1-437d-8020-d97687c3b457-284522080
content-security-policy: frame-ancestors 'self' *.perimeterx.com
server: Netlify
age: 0
date: Mon, 28 Jun 2021 17:58:38 GMT
x-frame-options: DENY
content-type: text/plain; charset=utf-8
location: https://www.perimeterx.com/assets-redirect/image/upload/dpr_auto,f_auto,w_90,r_max//v1579641687/author-portraits/kim_qorlh3.jpg
cache-control: public, max-age=0, must-revalidate
content-length: 143
x-xss-protection: 1; mode=block

GET
H2

200

TN-forresterwave-commercial_jq6u3r.jpg
www.perimeterx.com/assets-redirect/image/upload/dpr_auto,f_auto/v1580340770/general-promos/
Redirect Chain

https://perimeterx.com/assets-redirect/image/upload/dpr_auto,f_auto/v1580340770/general-promos/TN-forresterwave-commercial_jq6u3r.jpg
https://www.perimeterx.com/assets-redirect/image/upload/dpr_auto,f_auto/v1580340770/general-promos/TN-forresterwave-commercial_jq6u3r.jpg

2 KB
3 KB

557ms
556ms

Image
image/webp

2a03:b0c0:3:d0::d23:e001
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.perimeterx.com/assets-redirect/image/upload/dpr_auto,f_auto/v1580340770/general-promos/TN-forresterwave-commercial_jq6u3r.jpg

Requested by

Host: www.perimeterx.com
URL: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:d0::d23:e001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Netlify /

Resource Hash

3f93e577cb3050e9e2b1058685b0459709fc083f15302ae4d88a1dc2a73d4c16

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

:path: /assets-redirect/image/upload/dpr_auto,f_auto/v1580340770/general-promos/TN-forresterwave-commercial_jq6u3r.jpg
pragma: no-cache
cookie: _biz_uid=20b96ace993e4d51c87af4a898fa63b0; _biz_sid=97e1ea; _biz_nA=1; _px_uAB=MTMzN3x0cnVl; _biz_pendingA=%5B%5D; _px=5VynSmj4nNAha/HZAb6ecrIkyuyLgZ9CbkyKMj60UsbzkN/aAjgefCNXplxSsD2158v87hbQ71kGHiOu5K25Sw==:1000:S8QKHeqQICctTeVKshpVd3F9eygnMSMZC/Rn2otVGKuUor87dM4CXh4tiB8mTNGWCGd86jSUvKdUubpggM3fMFSCHTu6AyQobxisji2AF0CoCPPlsq6UzJN5JwiWABXMzc91aGFohugqYnCVMjhra0kQsKDoe9zxzF+fy9uSK1ot0cRrz+yz6WmBeSyZM0r6+ojm5i0gIPkSUzOHiIjasHOoqDYBLZCfgwQUB5L3b9WZsK5fTz7MhJloybGZouRgW9QFvEV6QI7Wy8X/+Yq8Og==; _pxvid=77068391-d83a-11eb-b5a0-0242ac12001a; _pxff_bdd=1000; _pxff_idp_p=1; _pxff_cl=888; _pxff_scs=1,WOWMAN; _pxff_wow=1; _pxff_ww=1; _pxff_af_wp=1; _pxff_af_sp=1; _pxff_af_cd=1; _pxff_af_rf=1; _pxff_af_se=1; _pxff_rid=6905385671275758357; _biz_flagsA=%7B%22Version%22%3A1%2C%22ViewThrough%22%3A%221%22%2C%22XDomain%22%3A%221%22%7D; _gid=GA1.2.699729854.1624903118; _ga_S5CWZF51H2=GS1.1.1624903118.1.0.1624903118.0; _ga=GA1.1.577416843.1624903118; OptanonConsent=isIABGlobal=false&datestamp=Mon+Jun+28+2021+19%3A58%3A38+GMT%2B0200+(Central+European+Summer+Time)&version=6.14.0&hosts=&consentId=a3e683d0-0eba-459d-9c3a-13815c009c75&interactionCount=0&landingPath=https%3A%2F%2Fwww.perimeterx.com%2Fresources%2Fblog%2F2021%2Fturbotax-ato-attack-foretells-serious-wave-of-financial-fraud%2F%3Futm_source%3Dtwitter%26utm_medium%3Dorganic-social
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.perimeterx.com
referer: https://www.perimeterx.com/
:scheme: https
sec-fetch-site: same-site
:method: GET
Referer: https://www.perimeterx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nf-request-id: 01F99WBVJJR4GZCGWT14ZABSNV
date: Mon, 28 Jun 2021 17:58:38 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline; filename="TN-forresterwave-commercial_jq6u3r.webp"
server-timing: fastly;dur=2;cpu=1;start=2021-06-28T17:58:38.966Z;desc=hit,rtt;dur=0
content-length: 2558
last-modified: Thu, 05 Mar 2020 01:00:21 GMT
server: Netlify
etag: "4c214cd5ce68fcf76fd31bfa5120cf71"
strict-transport-security: max-age=604800
content-type: image/webp
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Disposition,ETag,Server-Timing,Vary,X-Content-Type-Options
cache-control: private, no-transform, immutable, max-age=2592000
content-dpr: 1
accept-ranges: bytes
timing-allow-origin: *

Redirect headers

x-nf-request-id: bfb5983a-cfd1-437d-8020-d97687c3b457-284522081
content-security-policy: frame-ancestors 'self' *.perimeterx.com
server: Netlify
age: 3434
date: Mon, 28 Jun 2021 17:01:24 GMT
x-frame-options: DENY
content-type: text/plain; charset=utf-8
location: https://www.perimeterx.com/assets-redirect/image/upload/dpr_auto,f_auto/v1580340770/general-promos/TN-forresterwave-commercial_jq6u3r.jpg
cache-control: public, max-age=0, must-revalidate
content-length: 153
x-xss-protection: 1; mode=block

GET
H2 200 perimeterx-9904ab6b300f684218f7f36990777d0a.svg
d33wubrfki0l68.cloudfront.net/99cf0e0b949094a808050e46a67e5183ec97f615/7ba5e/static/ 21 KB
8 KB 110ms
30ms Image
image/svg+xml 65.9.84.15
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d33wubrfki0l68.cloudfront.net/99cf0e0b949094a808050e46a67e5183ec97f615/7ba5e/static/perimeterx-9904ab6b300f684218f7f36990777d0a.svg
Requested by: Host: www.perimeterx.com
URL: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.84.15 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Netlify /
Resource Hash: 87371b95c57ff63cc90819bd366c6be2633d07357cc59ba8bc1c6b9d6c0be1c6

Request headers

Referer: https://www.perimeterx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nf-request-id: ff64b586-cf15-4831-a6c9-25ae4a0644b3-16126193
date: Sat, 20 Mar 2021 14:53:53 GMT
content-encoding: gzip
server: Netlify
age: 8651085
etag: 2f6d4a892cd07fb8f913ad4440bfb86b5d45aa53-df
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31556926
x-amz-cf-pop: AMS1-C1
accept-ranges: bytes
x-amz-cf-id: LKk5tJCwGXMGnv5cYsZk3pVnLo5uRgQ3X3CHN6XqoYNK1DI2ARPlMQ==
via: 1.1 3ffec0ecfde687fb371812ad42f5cfc2.cloudfront.net (CloudFront)

GET
H2 200 84f9e545ec53b716eda7ebd4b09d6bd96bb47dec.js Show response
d33wubrfki0l68.cloudfront.net/bundles/ 943 KB
284 KB 110ms
31ms Script
application/javascript 65.9.84.15
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d33wubrfki0l68.cloudfront.net/bundles/84f9e545ec53b716eda7ebd4b09d6bd96bb47dec.js
Requested by: Host: www.perimeterx.com
URL: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.84.15 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Netlify /
Resource Hash: f944df72552773bac4497ca649211db14de1f01f43fbf9992cbdfa4056d5196b

Request headers

Referer: https://www.perimeterx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nf-request-id: 01F99JMVVJ22GQ8MY02NQJND0A
date: Mon, 28 Jun 2021 15:08:48 GMT
content-encoding: gzip
server: Netlify
age: 10191
etag: ab13b17fb082df1c8f66447a737728df39d95433-df
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31556926
x-amz-cf-pop: AMS1-C1
accept-ranges: bytes
x-amz-cf-id: jC13g4BOwpJdtY0C2BnakOoqDEIXyXf4RTbRbuuCbys1TYIiuj_jew==
via: 1.1 3ffec0ecfde687fb371812ad42f5cfc2.cloudfront.net (CloudFront)

GET
H2 200 init.js Show response
widget.stackbit.com/ 2 KB
1 KB 89ms
26ms Script
application/javascript 35.198.187.166
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://widget.stackbit.com/init.js

Requested by

Host: www.perimeterx.com
URL: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

35.198.187.166 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Netlify /

Resource Hash

d57457ad6cbb585b9446283dfe53d43fc330ee07ec2daa6fe39138adec5e766b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.perimeterx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nf-request-id: b8186f71-a6cd-4964-8aa0-dc00e67e6050-115818493
date: Sun, 27 Jun 2021 11:29:34 GMT
content-encoding: br
server: Netlify
age: 109743
etag: "3f8116e5833b68689252b0eff215b430-ssl-df"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=0, must-revalidate
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 1007

GET
H2 200 main.min.js Show response
client.botchk.net/PX2003/ 200 KB
83 KB 71ms
16ms Script
application/javascript 151.101.193.40
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://client.botchk.net/PX2003/main.min.js
Requested by: Host: www.perimeterx.com
URL: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.40 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: d735ca871781b477a291882d01129f846bcc1cf629041e7e8a18cad1484851bd

Request headers

Referer: https://www.perimeterx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 28 Jun 2021 17:58:38 GMT
content-encoding: gzip
age: 900
x-cache: HIT
content-length: 84448
x-served-by: cache-cdg20767-CDG
access-control-allow-origin: *
x-timer: S1624903118.003602,VS0,VE1
active-cdn: fastly
etag: W/"31ff9-fM+83p8b2NOyLKu56U0SXg45yKc"
x-px-hash: NDNmNWY5YjZjMDIzOGM4NDVjN2I3MjYwY2Y2N2QwMTcwYjRjODE0NDI1YjllZThiMWNmODA4NmI4NDE4MDMzZQ==
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
via: 1.1 varnish
access-control-expose-headers: active-cdn,x-served-by
cache-control: max-age=900,stale-while-revalidate=60,stale-if-error=3600
accept-ranges: bytes
x-cache-hits: 1

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 252 KB
72 KB 31ms
30ms Script
application/javascript 2a00:1450:4001:812::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-NQ65KGZ

Requested by

Host: www.perimeterx.com
URL: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

d74408db4108893e66447943fc51da1d89eaddee748a44c0be5c4625deabd901

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.perimeterx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 28 Jun 2021 17:58:37 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 73777
x-xss-protection: 0
last-modified: Mon, 28 Jun 2021 17:18:33 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 28 Jun 2021 17:58:37 GMT

GET
H2

200

email-signup-bg_t7f3kn.png
www.perimeterx.com/assets-redirect/image/upload/v1583454619/general-promos/
Redirect Chain

https://perimeterx.com/assets-redirect/image/upload/v1583454619/general-promos/email-signup-bg_t7f3kn.png
https://www.perimeterx.com/assets-redirect/image/upload/v1583454619/general-promos/email-signup-bg_t7f3kn.png

6 KB
6 KB

8ms
6ms

Image
image/png

2a03:b0c0:3:d0::d23:e001
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.perimeterx.com/assets-redirect/image/upload/v1583454619/general-promos/email-signup-bg_t7f3kn.png

Requested by

Host: www.perimeterx.com
URL: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:d0::d23:e001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Netlify /

Resource Hash

7c054a75c73f2d7d2ae0aeeeb931348c257ad3238410d1a173d237cf27b6c0ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

:path: /assets-redirect/image/upload/v1583454619/general-promos/email-signup-bg_t7f3kn.png
pragma: no-cache
cookie: _biz_uid=20b96ace993e4d51c87af4a898fa63b0; _biz_sid=97e1ea; _biz_nA=1; _px_uAB=MTMzN3x0cnVl; _biz_pendingA=%5B%5D; _px=5VynSmj4nNAha/HZAb6ecrIkyuyLgZ9CbkyKMj60UsbzkN/aAjgefCNXplxSsD2158v87hbQ71kGHiOu5K25Sw==:1000:S8QKHeqQICctTeVKshpVd3F9eygnMSMZC/Rn2otVGKuUor87dM4CXh4tiB8mTNGWCGd86jSUvKdUubpggM3fMFSCHTu6AyQobxisji2AF0CoCPPlsq6UzJN5JwiWABXMzc91aGFohugqYnCVMjhra0kQsKDoe9zxzF+fy9uSK1ot0cRrz+yz6WmBeSyZM0r6+ojm5i0gIPkSUzOHiIjasHOoqDYBLZCfgwQUB5L3b9WZsK5fTz7MhJloybGZouRgW9QFvEV6QI7Wy8X/+Yq8Og==; _pxvid=77068391-d83a-11eb-b5a0-0242ac12001a; _pxff_bdd=1000; _pxff_idp_p=1; _pxff_cl=888; _pxff_scs=1,WOWMAN; _pxff_wow=1; _pxff_ww=1; _pxff_af_wp=1; _pxff_af_sp=1; _pxff_af_cd=1; _pxff_af_rf=1; _pxff_af_se=1; _pxff_rid=6905385671275758357; _biz_flagsA=%7B%22Version%22%3A1%2C%22ViewThrough%22%3A%221%22%2C%22XDomain%22%3A%221%22%7D; _gid=GA1.2.699729854.1624903118; _ga_S5CWZF51H2=GS1.1.1624903118.1.0.1624903118.0; _ga=GA1.2.577416843.1624903118; _gat_UA-57261032-1=1; OptanonConsent=isIABGlobal=false&datestamp=Mon+Jun+28+2021+19%3A58%3A38+GMT%2B0200+(Central+European+Summer+Time)&version=6.14.0&hosts=&consentId=a3e683d0-0eba-459d-9c3a-13815c009c75&interactionCount=0&landingPath=https%3A%2F%2Fwww.perimeterx.com%2Fresources%2Fblog%2F2021%2Fturbotax-ato-attack-foretells-serious-wave-of-financial-fraud%2F%3Futm_source%3Dtwitter%26utm_medium%3Dorganic-social&groups=C0004%3A1%2CC0003%3A1%2CBG4%3A1%2CC0001%3A1%2CC0002%3A1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.perimeterx.com
referer: https://www.perimeterx.com/
:scheme: https
sec-fetch-site: same-site
:method: GET
Referer: https://www.perimeterx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nf-request-id: 01F99WBVPVN0A6MTX50473KB9K
date: Sun, 27 Jun 2021 19:08:18 GMT
x-content-type-options: nosniff
age: 82221
server-timing: fastly;dur=2;cpu=1;start=2021-06-27T19:08:18.108Z;desc=hit,rtt;dur=0
content-length: 5817
last-modified: Fri, 06 Mar 2020 00:30:20 GMT
server: Netlify
etag: "b38918c247e8ef521883067002d026f3"
strict-transport-security: max-age=604800
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length,ETag,Server-Timing,X-Content-Type-Options
cache-control: public, no-transform, immutable, max-age=2592000
accept-ranges: bytes
timing-allow-origin: *

Redirect headers

x-nf-request-id: bfb5983a-cfd1-437d-8020-d97687c3b457-284522082
content-security-policy: frame-ancestors 'self' *.perimeterx.com
server: Netlify
age: 3434
date: Mon, 28 Jun 2021 17:01:24 GMT
x-frame-options: DENY
content-type: text/plain; charset=utf-8
location: https://www.perimeterx.com/assets-redirect/image/upload/v1583454619/general-promos/email-signup-bg_t7f3kn.png
cache-control: public, max-age=0, must-revalidate
content-length: 125
x-xss-protection: 1; mode=block

GET
H2 200 link-arrow.svg
d33wubrfki0l68.cloudfront.net/25989c27cb9af33a5d7c4724e2e4a792eae54f44/92274/icons/ 672 B
1 KB 105ms
31ms Image
image/svg+xml 65.9.84.15
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d33wubrfki0l68.cloudfront.net/25989c27cb9af33a5d7c4724e2e4a792eae54f44/92274/icons/link-arrow.svg
Requested by: Host: www.perimeterx.com
URL: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.84.15 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Netlify /
Resource Hash: eb5587a924cd997ae5ab4896d812257c47dae81e2b9b7a0a049b78cf32793968

Request headers

Referer: https://www.perimeterx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nf-request-id: cbd12ff1-a2a5-47a0-bb27-e34bfdf56fd9
date: Fri, 25 Jun 2021 02:09:23 GMT
via: 1.1 3ffec0ecfde687fb371812ad42f5cfc2.cloudfront.net (CloudFront)
server: Netlify
age: 316155
etag: 59d8b67ba0445b4d74ac97fd4c4278d1c3fbac16
x-cache: Hit from cloudfront
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31556926
x-amz-cf-pop: AMS1-C1
accept-ranges: bytes
content-length: 672
x-amz-cf-id: IrEgwkWg_ZuzbTskxToBbscT4GvgTv_Vto3fW0aWqU1gOfYMjdKvrw==

GET
H2

200

amazonprime-day_fhrvwb.jpg
www.perimeterx.com/assets-redirect/image/upload/dpr_auto,f_auto,w_auto:100:400//v1623340666/
Redirect Chain

https://perimeterx.com/assets-redirect/image/upload/dpr_auto,f_auto,w_auto:100:400//v1623340666/amazonprime-day_fhrvwb.jpg
https://www.perimeterx.com/assets-redirect/image/upload/dpr_auto,f_auto,w_auto:100:400//v1623340666/amazonprime-day_fhrvwb.jpg

13 KB
13 KB

650ms
650ms

Image
image/webp

2a03:b0c0:3:d0::d23:e001
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.perimeterx.com/assets-redirect/image/upload/dpr_auto,f_auto,w_auto:100:400//v1623340666/amazonprime-day_fhrvwb.jpg

Requested by

Host: www.perimeterx.com
URL: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:d0::d23:e001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Netlify /

Resource Hash

9581db374caecebc6f6646199d9aece2f7b834e70267434cf80a1733104940eb

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

:path: /assets-redirect/image/upload/dpr_auto,f_auto,w_auto:100:400//v1623340666/amazonprime-day_fhrvwb.jpg
pragma: no-cache
cookie: _biz_uid=20b96ace993e4d51c87af4a898fa63b0; _biz_sid=97e1ea; _biz_nA=1; _px_uAB=MTMzN3x0cnVl; _biz_pendingA=%5B%5D; _px=5VynSmj4nNAha/HZAb6ecrIkyuyLgZ9CbkyKMj60UsbzkN/aAjgefCNXplxSsD2158v87hbQ71kGHiOu5K25Sw==:1000:S8QKHeqQICctTeVKshpVd3F9eygnMSMZC/Rn2otVGKuUor87dM4CXh4tiB8mTNGWCGd86jSUvKdUubpggM3fMFSCHTu6AyQobxisji2AF0CoCPPlsq6UzJN5JwiWABXMzc91aGFohugqYnCVMjhra0kQsKDoe9zxzF+fy9uSK1ot0cRrz+yz6WmBeSyZM0r6+ojm5i0gIPkSUzOHiIjasHOoqDYBLZCfgwQUB5L3b9WZsK5fTz7MhJloybGZouRgW9QFvEV6QI7Wy8X/+Yq8Og==; _pxvid=77068391-d83a-11eb-b5a0-0242ac12001a; _pxff_bdd=1000; _pxff_idp_p=1; _pxff_cl=888; _pxff_scs=1,WOWMAN; _pxff_wow=1; _pxff_ww=1; _pxff_af_wp=1; _pxff_af_sp=1; _pxff_af_cd=1; _pxff_af_rf=1; _pxff_af_se=1; _pxff_rid=6905385671275758357; _biz_flagsA=%7B%22Version%22%3A1%2C%22ViewThrough%22%3A%221%22%2C%22XDomain%22%3A%221%22%7D; _gid=GA1.2.699729854.1624903118; _ga_S5CWZF51H2=GS1.1.1624903118.1.0.1624903118.0; _ga=GA1.1.577416843.1624903118; OptanonConsent=isIABGlobal=false&datestamp=Mon+Jun+28+2021+19%3A58%3A38+GMT%2B0200+(Central+European+Summer+Time)&version=6.14.0&hosts=&consentId=a3e683d0-0eba-459d-9c3a-13815c009c75&interactionCount=0&landingPath=https%3A%2F%2Fwww.perimeterx.com%2Fresources%2Fblog%2F2021%2Fturbotax-ato-attack-foretells-serious-wave-of-financial-fraud%2F%3Futm_source%3Dtwitter%26utm_medium%3Dorganic-social
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.perimeterx.com
referer: https://www.perimeterx.com/
:scheme: https
sec-fetch-site: same-site
:method: GET
Referer: https://www.perimeterx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nf-request-id: 01F99WBVJJ0WVJWPB7XT56422T
date: Mon, 28 Jun 2021 17:58:39 GMT
x-content-type-options: nosniff
age: 1
content-disposition: inline; filename="amazonprime-day_fhrvwb.webp"
server-timing: fastly;dur=2;cpu=1;start=2021-06-28T17:58:39.061Z;desc=hit,rtt;dur=0
content-length: 12806
last-modified: Mon, 14 Jun 2021 16:24:16 GMT
server: Netlify
etag: "7772734d8eea593f922cc6a036287ff0"
strict-transport-security: max-age=604800
content-type: image/webp
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Disposition,ETag,Server-Timing,Vary,X-Content-Type-Options
cache-control: private, no-transform, immutable, max-age=2592000
content-dpr: 1
accept-ranges: bytes
timing-allow-origin: *

Redirect headers

x-nf-request-id: bfb5983a-cfd1-437d-8020-d97687c3b457-284522079
content-security-policy: frame-ancestors 'self' *.perimeterx.com
server: Netlify
age: 3432
date: Mon, 28 Jun 2021 17:01:26 GMT
x-frame-options: DENY
content-type: text/plain; charset=utf-8
location: https://www.perimeterx.com/assets-redirect/image/upload/dpr_auto,f_auto,w_auto:100:400//v1623340666/amazonprime-day_fhrvwb.jpg
cache-control: public, max-age=0, must-revalidate
content-length: 142
x-xss-protection: 1; mode=block

GET
H2

200

blog-retailers-navigate-unpredictability-risks_mx9psd.jpg
www.perimeterx.com/assets-redirect/image/upload/dpr_auto,f_auto,w_auto:100:400//v1619429887/blog/2021/blog-retailers-navigate-unpredictability-risks/
Redirect Chain

https://perimeterx.com/assets-redirect/image/upload/dpr_auto,f_auto,w_auto:100:400//v1619429887/blog/2021/blog-retailers-navigate-unpredictability-risks/blog-retailers-navigate-unpredictability-ris...
https://www.perimeterx.com/assets-redirect/image/upload/dpr_auto,f_auto,w_auto:100:400//v1619429887/blog/2021/blog-retailers-navigate-unpredictability-risks/blog-retailers-navigate-unpredictability...

21 KB
22 KB

664ms
663ms

Image
image/webp

2a03:b0c0:3:d0::d23:e001
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.perimeterx.com/assets-redirect/image/upload/dpr_auto,f_auto,w_auto:100:400//v1619429887/blog/2021/blog-retailers-navigate-unpredictability-risks/blog-retailers-navigate-unpredictability-risks_mx9psd.jpg

Requested by

Host: www.perimeterx.com
URL: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:d0::d23:e001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Netlify /

Resource Hash

f4db3f261db5eddcd389fdc4815799b8b5b9ab0892b47467968d3faa3c35a4e1

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

:path: /assets-redirect/image/upload/dpr_auto,f_auto,w_auto:100:400//v1619429887/blog/2021/blog-retailers-navigate-unpredictability-risks/blog-retailers-navigate-unpredictability-risks_mx9psd.jpg
pragma: no-cache
cookie: _biz_uid=20b96ace993e4d51c87af4a898fa63b0; _biz_sid=97e1ea; _biz_nA=1; _px_uAB=MTMzN3x0cnVl; _biz_pendingA=%5B%5D; _px=5VynSmj4nNAha/HZAb6ecrIkyuyLgZ9CbkyKMj60UsbzkN/aAjgefCNXplxSsD2158v87hbQ71kGHiOu5K25Sw==:1000:S8QKHeqQICctTeVKshpVd3F9eygnMSMZC/Rn2otVGKuUor87dM4CXh4tiB8mTNGWCGd86jSUvKdUubpggM3fMFSCHTu6AyQobxisji2AF0CoCPPlsq6UzJN5JwiWABXMzc91aGFohugqYnCVMjhra0kQsKDoe9zxzF+fy9uSK1ot0cRrz+yz6WmBeSyZM0r6+ojm5i0gIPkSUzOHiIjasHOoqDYBLZCfgwQUB5L3b9WZsK5fTz7MhJloybGZouRgW9QFvEV6QI7Wy8X/+Yq8Og==; _pxvid=77068391-d83a-11eb-b5a0-0242ac12001a; _pxff_bdd=1000; _pxff_idp_p=1; _pxff_cl=888; _pxff_scs=1,WOWMAN; _pxff_wow=1; _pxff_ww=1; _pxff_af_wp=1; _pxff_af_sp=1; _pxff_af_cd=1; _pxff_af_rf=1; _pxff_af_se=1; _pxff_rid=6905385671275758357; _biz_flagsA=%7B%22Version%22%3A1%2C%22ViewThrough%22%3A%221%22%2C%22XDomain%22%3A%221%22%7D; _gid=GA1.2.699729854.1624903118; _ga_S5CWZF51H2=GS1.1.1624903118.1.0.1624903118.0; _ga=GA1.2.577416843.1624903118; _gat_UA-57261032-1=1; OptanonConsent=isIABGlobal=false&datestamp=Mon+Jun+28+2021+19%3A58%3A38+GMT%2B0200+(Central+European+Summer+Time)&version=6.14.0&hosts=&consentId=a3e683d0-0eba-459d-9c3a-13815c009c75&interactionCount=0&landingPath=https%3A%2F%2Fwww.perimeterx.com%2Fresources%2Fblog%2F2021%2Fturbotax-ato-attack-foretells-serious-wave-of-financial-fraud%2F%3Futm_source%3Dtwitter%26utm_medium%3Dorganic-social&groups=C0004%3A1%2CC0003%3A1%2CBG4%3A1%2CC0001%3A1%2CC0002%3A1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.perimeterx.com
referer: https://www.perimeterx.com/
:scheme: https
sec-fetch-site: same-site
:method: GET
Referer: https://www.perimeterx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nf-request-id: 01F99WBVPVY4R9Z0S681VX0T9S
date: Mon, 28 Jun 2021 17:58:39 GMT
x-content-type-options: nosniff
age: 1
content-disposition: inline; filename="blog-retailers-navigate-unpredictability-risks_mx9psd.webp"
server-timing: fastly;dur=2;cpu=1;start=2021-06-28T17:58:39.211Z;desc=hit,rtt;dur=0
content-length: 21886
last-modified: Mon, 26 Apr 2021 14:39:11 GMT
server: Netlify
etag: "9f587d69a80e427edc412b5e18863392"
strict-transport-security: max-age=604800
content-type: image/webp
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Disposition,ETag,Server-Timing,Vary,X-Content-Type-Options
cache-control: private, no-transform, immutable, max-age=2592000
content-dpr: 1
accept-ranges: bytes
timing-allow-origin: *

Redirect headers

x-nf-request-id: bfb5983a-cfd1-437d-8020-d97687c3b457-284522083
content-security-policy: frame-ancestors 'self' *.perimeterx.com
server: Netlify
age: 3431
date: Mon, 28 Jun 2021 17:01:27 GMT
x-frame-options: DENY
content-type: text/plain; charset=utf-8
location: https://www.perimeterx.com/assets-redirect/image/upload/dpr_auto,f_auto,w_auto:100:400//v1619429887/blog/2021/blog-retailers-navigate-unpredictability-risks/blog-retailers-navigate-unpredictability-risks_mx9psd.jpg
cache-control: public, max-age=0, must-revalidate
content-length: 230
x-xss-protection: 1; mode=block

GET
H2

200

RC_Decarlis_credential_stuffing_TILE_uqtaoz.jpg
www.perimeterx.com/assets-redirect/image/upload/dpr_auto,f_auto,w_auto:100:400//v1621854293/blog/2021/what-banks-need-to-know/
Redirect Chain

https://perimeterx.com/assets-redirect/image/upload/dpr_auto,f_auto,w_auto:100:400//v1621854293/blog/2021/what-banks-need-to-know/RC_Decarlis_credential_stuffing_TILE_uqtaoz.jpg
https://www.perimeterx.com/assets-redirect/image/upload/dpr_auto,f_auto,w_auto:100:400//v1621854293/blog/2021/what-banks-need-to-know/RC_Decarlis_credential_stuffing_TILE_uqtaoz.jpg

9 KB
9 KB

706ms
705ms

Image
image/webp

2a03:b0c0:3:d0::d23:e001
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.perimeterx.com/assets-redirect/image/upload/dpr_auto,f_auto,w_auto:100:400//v1621854293/blog/2021/what-banks-need-to-know/RC_Decarlis_credential_stuffing_TILE_uqtaoz.jpg

Requested by

Host: www.perimeterx.com
URL: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:d0::d23:e001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Netlify /

Resource Hash

d05da3cd5744a4cdaf9ef7fb24dbb363728b34b52e0f49e4893642b47a440901

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

:path: /assets-redirect/image/upload/dpr_auto,f_auto,w_auto:100:400//v1621854293/blog/2021/what-banks-need-to-know/RC_Decarlis_credential_stuffing_TILE_uqtaoz.jpg
pragma: no-cache
cookie: _biz_uid=20b96ace993e4d51c87af4a898fa63b0; _biz_sid=97e1ea; _biz_nA=1; _px_uAB=MTMzN3x0cnVl; _biz_pendingA=%5B%5D; _px=5VynSmj4nNAha/HZAb6ecrIkyuyLgZ9CbkyKMj60UsbzkN/aAjgefCNXplxSsD2158v87hbQ71kGHiOu5K25Sw==:1000:S8QKHeqQICctTeVKshpVd3F9eygnMSMZC/Rn2otVGKuUor87dM4CXh4tiB8mTNGWCGd86jSUvKdUubpggM3fMFSCHTu6AyQobxisji2AF0CoCPPlsq6UzJN5JwiWABXMzc91aGFohugqYnCVMjhra0kQsKDoe9zxzF+fy9uSK1ot0cRrz+yz6WmBeSyZM0r6+ojm5i0gIPkSUzOHiIjasHOoqDYBLZCfgwQUB5L3b9WZsK5fTz7MhJloybGZouRgW9QFvEV6QI7Wy8X/+Yq8Og==; _pxvid=77068391-d83a-11eb-b5a0-0242ac12001a; _pxff_bdd=1000; _pxff_idp_p=1; _pxff_cl=888; _pxff_scs=1,WOWMAN; _pxff_wow=1; _pxff_ww=1; _pxff_af_wp=1; _pxff_af_sp=1; _pxff_af_cd=1; _pxff_af_rf=1; _pxff_af_se=1; _pxff_rid=6905385671275758357; _biz_flagsA=%7B%22Version%22%3A1%2C%22ViewThrough%22%3A%221%22%2C%22XDomain%22%3A%221%22%7D; _gid=GA1.2.699729854.1624903118; _ga_S5CWZF51H2=GS1.1.1624903118.1.0.1624903118.0; _ga=GA1.2.577416843.1624903118; _gat_UA-57261032-1=1; OptanonConsent=isIABGlobal=false&datestamp=Mon+Jun+28+2021+19%3A58%3A38+GMT%2B0200+(Central+European+Summer+Time)&version=6.14.0&hosts=&consentId=a3e683d0-0eba-459d-9c3a-13815c009c75&interactionCount=0&landingPath=https%3A%2F%2Fwww.perimeterx.com%2Fresources%2Fblog%2F2021%2Fturbotax-ato-attack-foretells-serious-wave-of-financial-fraud%2F%3Futm_source%3Dtwitter%26utm_medium%3Dorganic-social&groups=C0004%3A1%2CC0003%3A1%2CBG4%3A1%2CC0001%3A1%2CC0002%3A1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.perimeterx.com
referer: https://www.perimeterx.com/
:scheme: https
sec-fetch-site: same-site
:method: GET
Referer: https://www.perimeterx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nf-request-id: 01F99WBVPWYXKY3VKKYBSFB94Q
date: Mon, 28 Jun 2021 17:58:39 GMT
x-content-type-options: nosniff
age: 1
content-disposition: inline; filename="RC_Decarlis_credential_stuffing_TILE_uqtaoz.webp"
server-timing: fastly;dur=1;start=2021-06-28T17:58:39.250Z;desc=hit,rtt;dur=0
content-length: 8946
last-modified: Tue, 01 Jun 2021 17:17:03 GMT
server: Netlify
etag: "3918858e886d4a0b146763d80ca8a8f8"
strict-transport-security: max-age=604800
content-type: image/webp
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Disposition,ETag,Server-Timing,Vary,X-Content-Type-Options
cache-control: private, no-transform, immutable, max-age=2592000
content-dpr: 1
accept-ranges: bytes
timing-allow-origin: *

Redirect headers

x-nf-request-id: bfb5983a-cfd1-437d-8020-d97687c3b457-284522084
content-security-policy: frame-ancestors 'self' *.perimeterx.com
server: Netlify
age: 2645
date: Mon, 28 Jun 2021 17:14:33 GMT
x-frame-options: DENY
content-type: text/plain; charset=utf-8
location: https://www.perimeterx.com/assets-redirect/image/upload/dpr_auto,f_auto,w_auto:100:400//v1621854293/blog/2021/what-banks-need-to-know/RC_Decarlis_credential_stuffing_TILE_uqtaoz.jpg
cache-control: public, max-age=0, must-revalidate
content-length: 197
x-xss-protection: 1; mode=block

GET
H2 200 mem8YaGs126MiZpBA-UFVZ0b.woff2
fonts.gstatic.com/s/opensans/v20/ 14 KB
14 KB 8ms
6ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v20/mem8YaGs126MiZpBA-UFVZ0b.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Barlow:400,500,700|Barlow+Condensed:300,600|Open+Sans:400,500,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a42f2ec73409f2753ef17d737714c86303fa45fc3a3d484a9b0c8ed28ef0fd6b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.perimeterx.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 23 Jun 2021 13:09:35 GMT
x-content-type-options: nosniff
age: 449342
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14440
x-xss-protection: 0
last-modified: Tue, 18 May 2021 21:21:19 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 23 Jun 2022 13:09:35 GMT

GET
H2 200 7cHqv4kjgoGqM7E3_-gs51os.woff2
fonts.gstatic.com/s/barlow/v5/ 20 KB
20 KB 11ms
10ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/barlow/v5/7cHqv4kjgoGqM7E3_-gs51os.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Barlow:400,500,700|Barlow+Condensed:300,600|Open+Sans:400,500,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bf6c1e2f8c250b7efeb5d250181599880b1c17efc3c94466aa5d847454bf14ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.perimeterx.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 23 Jun 2021 08:10:04 GMT
x-content-type-options: nosniff
age: 467313
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20348
x-xss-protection: 0
last-modified: Thu, 10 Sep 2020 17:07:49 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 23 Jun 2022 08:10:04 GMT

GET
H2 200 mem5YaGs126MiZpBA-UN7rgOUuhp.woff2
fonts.gstatic.com/s/opensans/v20/ 15 KB
15 KB 9ms
8ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v20/mem5YaGs126MiZpBA-UN7rgOUuhp.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Barlow:400,500,700|Barlow+Condensed:300,600|Open+Sans:400,500,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c73575543a5c99018f842960f9882edaa0918965ea856e91de9717a0d58d3f1c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.perimeterx.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 22 Jun 2021 16:31:16 GMT
x-content-type-options: nosniff
age: 523641
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15112
x-xss-protection: 0
last-modified: Tue, 18 May 2021 21:21:50 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 22 Jun 2022 16:31:16 GMT

GET
H2 200 7cHqv4kjgoGqM7E3t-4s51os.woff2
fonts.gstatic.com/s/barlow/v5/ 21 KB
21 KB 9ms
9ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/barlow/v5/7cHqv4kjgoGqM7E3t-4s51os.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Barlow:400,500,700|Barlow+Condensed:300,600|Open+Sans:400,500,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4c52e4274ebdbe29cd5b4983d888c247496b6d3bb55e05d4c0769d1b946d14f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.perimeterx.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 23 Jun 2021 09:59:54 GMT
x-content-type-options: nosniff
age: 460723
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21080
x-xss-protection: 0
last-modified: Thu, 10 Sep 2020 17:05:19 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 23 Jun 2022 09:59:54 GMT

GET
H2 200 ipv
cdn.bizible.com/m/ 43 B
327 B 23ms
23ms Image
image/gif 68.232.35.12
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.bizible.com/m/ipv?_biz_r=https%3A%2F%2Ft.co%2F&_biz_h=-1906410348&_biz_u=20b96ace993e4d51c87af4a898fa63b0&_biz_s=97e1ea&_biz_l=https%3A%2F%2Fwww.perimeterx.com%2Fresources%2Fblog%2F2021%2Fturbotax-ato-attack-foretells-serious-wave-of-financial-fraud%2F%3Futm_source%3Dtwitter%26utm_medium%3Dorganic-social&_biz_t=1624903117936&_biz_i=TurboTax%20ATO%20Attack%20Foretells%20Serious%20Wave%20of%20Financial%20Fraud&_biz_n=0&rnd=982167&cdn_o=a&_biz_z=1624903118039
Requested by: Host: www.perimeterx.com
URL: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 68.232.35.12 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (lcy/1D2F) /
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

Referer: https://www.perimeterx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 28 Jun 2021 17:58:38 GMT
last-modified: Wed, 23 Jun 2021 15:57:52 GMT
server: ECS (lcy/1D2F)
age: 439246
x-cache: HIT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
cache-control: no-cache, no-store
accept-ranges: bytes
content-type: Image/GIF
content-length: 43
expires: -1

GET
H2 200 u
cdn.bizibly.com/ 43 B
204 B 24ms
23ms Image
image/gif 68.232.35.12
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.bizibly.com/u?_biz_u=20b96ace993e4d51c87af4a898fa63b0&_biz_s=97e1ea&_biz_l=https%3A%2F%2Fwww.perimeterx.com%2Fresources%2Fblog%2F2021%2Fturbotax-ato-attack-foretells-serious-wave-of-financial-fraud%2F%3Futm_source%3Dtwitter%26utm_medium%3Dorganic-social&_biz_t=1624903118045&_biz_i=TurboTax%20ATO%20Attack%20Foretells%20Serious%20Wave%20of%20Financial%20Fraud&rnd=368702&cdn_o=a&_biz_z=1624903118045
Requested by: Host: www.perimeterx.com
URL: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 68.232.35.12 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (lcy/1D26) /
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

Referer: https://www.perimeterx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 28 Jun 2021 17:58:38 GMT
last-modified: Thu, 24 Jun 2021 04:25:18 GMT
server: ECS (lcy/1D26)
age: 394400
x-cache: HIT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
cache-control: no-cache, no-store
accept-ranges: bytes
content-type: Image/GIF
content-length: 43
expires: -1

POST
H2 200 collector Show response
sapi2003.botchk.net/api/v2/ 900 B
1 KB 97ms
64ms XHR
application/json 35.186.220.184
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://sapi2003.botchk.net/api/v2/collector
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.220.184 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: d90155832f9bddcd52fafc3af700a524044ef181ac6438aa9b169cd697568be7

Request headers

Referer: https://www.perimeterx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Mon, 28 Jun 2021 17:58:37 GMT
via: 1.1 google
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.perimeterx.com
access-control-allow-credentials: true
timing-allow-origin: *
alt-svc: clear
content-length: 900

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 5 KB
2 KB 12ms
12ms Script
application/x-javascript 2a02:26f0:6c00:296::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NQ65KGZ
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:296::25ea Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 6e6e6a03e72a528c28884b50bf296425667f38dd0aaf1dd17ce89199ffc85271

Request headers

Referer: https://www.perimeterx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 28 Jun 2021 17:58:38 GMT
Content-Encoding: gzip
Last-Modified: Tue, 15 Jun 2021 01:25:13 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=10163
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2079

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/ 1 KB
1 KB 30ms
29ms Script
application/x-javascript 104.111.234.67
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/munchkin.js
Requested by: Host: t.co
URL: https://t.co/Ov5x7kp10L
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.234.67 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-234-67.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 026c5db877da222d2316bf1197b8947a96c7623d51a4d462c91bf927dece3429

Request headers

Referer: https://www.perimeterx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 28 Jun 2021 17:58:38 GMT
Content-Encoding: gzip
Last-Modified: Fri, 28 May 2021 01:40:41 GMT
Server: AkamaiNetStorage
ETag: "5379c4a40ff8ae9d2fc6484dd1c57349:1622166041.794746"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 753

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ 17 KB
6 KB 38ms
19ms Script
application/javascript 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NQ65KGZ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

20e51cc8fa0f52b2b6153113a2bfb1d39b01709057d3cccff2bd5603fd828513

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.perimeterx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 28 Jun 2021 17:58:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: 9CH7M63ILfh8MB6VTJcGFA==
age: 3161
vary: Accept-Encoding
content-length: 5811
cf-request-id: 0af55f054500004e19c8afc000000001
x-ms-lease-status: unlocked
last-modified: Thu, 24 Jun 2021 12:22:23 GMT
server: cloudflare
etag: 0x8D9370AB87C9CD8
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 52e614a7-401e-00f0-18ec-6b0888000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 6668cde869464e19-FRA

GET
H2 200 iframe_api Show response
www.youtube.com/ 980 B
825 B 24ms
23ms Script
text/javascript 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/iframe_api

Requested by

Host: t.co
URL: https://t.co/Ov5x7kp10L

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

1c979e1a7ccd5dfb380d99b6190410a869f2341fd916d1cf78b72c48a227c34d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.perimeterx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 28 Jun 2021 17:58:38 GMT
content-encoding: br
x-content-type-options: nosniff
server: ESF
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
cache-control: private, max-age=0
permissions-policy: ch-ua-full-version=*, ch-ua-platform=*, ch-ua-platform-version=*, ch-ua-arch=*, ch-ua-model=*
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000
content-type: text/javascript; charset=utf-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
expires: Mon, 28 Jun 2021 17:58:38 GMT

GET
H2 200 4607.js Show response
tracking.g2crowd.com/attribution_tracking/conversions/ 16 B
1 KB 206ms
173ms Script
text/javascript 2606:4700::6812:1bbe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking.g2crowd.com/attribution_tracking/conversions/4607.js?p=https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social&e=

Requested by

Host: t.co
URL: https://t.co/Ov5x7kp10L

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1bbe , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3dae93a05edd9dcfc1864b87178a31e0bfa93e1a9b1c486c6e9cbf73cae87862

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .g2crowd.com .g2.com; connect-src 'self' .g2crowd.com .g2.com; font-src 'self' .g2crowd.com .g2.com; form-action 'self' .g2crowd.com .g2.com; frame-src 'self' .g2crowd.com .g2.com; img-src 'self' .g2crowd.com .g2.com; manifest-src 'self' .g2crowd.com .g2.com; media-src 'self' .g2crowd.com .g2.com; object-src 'self' .g2crowd.com .g2.com; script-src 'self' .g2crowd.com .g2.com; style-src 'self' .g2crowd.com .g2.com; worker-src 'self' .g2crowd.com .g2.com
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.perimeterx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 28 Jun 2021 17:58:38 GMT
via: 1.1 vegur
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
content-encoding: br
x-xss-protection: 1; mode=block
x-request-id: 58469349-ec30-4381-8538-77bf184b2db3
x-runtime: 0.014126
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"3dae93a05edd9dcfc1864b87178a31e0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=604800
x-download-options: noopen
content-type: text/javascript; charset=utf-8
cache-control: max-age=600, public
content-security-policy: default-src 'self' *.g2crowd.com *.g2.com; connect-src 'self' *.g2crowd.com *.g2.com; font-src 'self' *.g2crowd.com *.g2.com; form-action 'self' *.g2crowd.com *.g2.com; frame-src 'self' *.g2crowd.com *.g2.com; img-src 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src 'self' *.g2crowd.com *.g2.com; style-src 'self' *.g2crowd.com *.g2.com; worker-src 'self' *.g2crowd.com *.g2.com
cf-request-id: 0af55f055400004ab610af9000000001
cf-ray: 6668cde88c164ab6-FRA

GET
H2 200 xdc.js Show response
cdn.bizible.com/ 116 B
417 B 120ms
119ms Script
text/javascript 68.232.35.12
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.bizible.com/xdc.js?_biz_u=20b96ace993e4d51c87af4a898fa63b0&_biz_h=-1906410348&cdn_o=a&jsVer=4.21.05.19
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 68.232.35.12 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (lcy/1D3D) /
Resource Hash: 0449b35a7ee255e878af76c830b004eb41f1102a4ab3ad02641b9313f9bc7920

Request headers

Referer: https://www.perimeterx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 28 Jun 2021 17:58:37 GMT
cache-control: private, must-revalidate, max-age=21600
server: ECS (lcy/1D3D)
content-type: text/javascript; charset=utf-8
etag: 42968A2C
content-length: 116
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=48062&time=1624903118136&url=https%3A%2F%2Fwww.perimeterx.com%2Fresources%2Fblog%2F2021%2Fturbotax-ato-attack-foretells-serious-wave-of-financial-...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D48062%26time%3D1624903118136%26url%3Dhttps%253A%252F%252Fwww.perimeterx.com%252Fr...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=48062&time=1624903118136&url=https%3A%2F%2Fwww.perimeterx.com%2Fresources%2Fblog%2F2021%2Fturbotax-ato-attack-foretells-serious-wave-of-financial-...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=48062&time=1624903118136&url=https%3A%2F%2Fwww.perimeterx.com%2Fresources%2Fblog%2F2021%2Fturbotax-ato-attack-foretells-serious-wave-of-financial...

0
156 B

582ms
390ms

Image
application/javascript

108.174.10.14
LINKEDIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=48062&time=1624903118136&url=https%3A%2F%2Fwww.perimeterx.com%2Fresources%2Fblog%2F2021%2Fturbotax-ato-attack-foretells-serious-wave-of-financial-fraud%2F%3Futm_source%3Dtwitter%26utm_medium%3Dorganic-social&liSync=true&e_ipv6=AQLmB9Sh6qj7LgAAAXpTxe9RHscVAXHqwMINQjHsE09xx0DSWxymh9uTID5RXSWMPNBRnnq5
Requested by: Host: www.perimeterx.com
URL: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 108.174.10.14 , United States, ASN14413 (LINKEDIN, US),
Reverse DNS: 108-174-10-14.fwd.linkedin.com
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.perimeterx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 28 Jun 2021 17:58:39 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-lor1
x-li-proto: http/2
x-li-pop: prod-lva1
content-type: application/javascript
content-length: 0
x-li-uuid: wJL3F8fQjBZwKeSJoisAAA==

Redirect headers

date: Mon, 28 Jun 2021 17:58:38 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-lor1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=48062&time=1624903118136&url=https%3A%2F%2Fwww.perimeterx.com%2Fresources%2Fblog%2F2021%2Fturbotax-ato-attack-foretells-serious-wave-of-financial-fraud%2F%3Futm_source%3Dtwitter%26utm_medium%3Dorganic-social&liSync=true&e_ipv6=AQLmB9Sh6qj7LgAAAXpTxe9RHscVAXHqwMINQjHsE09xx0DSWxymh9uTID5RXSWMPNBRnnq5
x-li-proto: http/2
x-li-pop: prod-esv5
content-length: 0
x-li-uuid: mTgk/cbQjBZgNAoulSsAAA==

GET
H3-29 200 www-widgetapi.js Show response
www.youtube.com/s/player/11aba956/www-widgetapi.vflset/ 125 KB
42 KB 16ms
13ms Script
text/javascript 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/11aba956/www-widgetapi.vflset/www-widgetapi.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/iframe_api

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ff4c7f78fabf46226b298888938c85635d5f07d8a81b71a2ee4facde2c7619fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.perimeterx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 28 Jun 2021 14:42:16 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Thu, 24 Jun 2021 00:19:22 GMT
server: sffe
age: 11782
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42588
x-xss-protection: 0
expires: Tue, 28 Jun 2022 14:42:16 GMT

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/160/ 11 KB
5 KB 30ms
30ms Script
application/x-javascript 104.111.234.67
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/160/munchkin.js
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.234.67 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-234-67.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 99fa5a280296b5fc7b63433ee121a359fc68c4a37f04a87d363e751164b96ff1

Request headers

Referer: https://www.perimeterx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 28 Jun 2021 17:58:38 GMT
Content-Encoding: gzip
Last-Modified: Fri, 19 Feb 2021 02:54:38 GMT
Server: AkamaiNetStorage
ETag: "19a9335fd71267d56e65bc19390f3100:1613703278.138281"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control: max-age=8640000
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 4811
Expires: Wed, 06 Oct 2021 17:58:38 GMT

GET
H2 200 740a51be-bd50-4765-b76c-0ee7167b128c.json Show response
cdn.cookielaw.org/consent/740a51be-bd50-4765-b76c-0ee7167b128c/ 3 KB
2 KB 41ms
25ms XHR
application/x-javascript 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/740a51be-bd50-4765-b76c-0ee7167b128c/740a51be-bd50-4765-b76c-0ee7167b128c.json

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0e4ee2659ff5bd50e75e13eecb867d12cd461815d07c0b130df662c9047077b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.perimeterx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 28 Jun 2021 17:58:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: 0btHGyHYgX957R6VqVn39g==
age: 1652
vary: Accept-Encoding
content-length: 1129
cf-request-id: 0af55f05910000972a7521a000000001
x-ms-lease-status: unlocked
last-modified: Thu, 11 Mar 2021 22:47:00 GMT
server: cloudflare
etag: 0x8D8E4DF95376E37
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 3a780089-801e-0003-4801-38dbe1000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 6668cde8ec59972a-FRA

GET
H2

200

how-to-balance-digital-innovation-and-automated-fraud-risk_vmorrc.png
www.perimeterx.com/assets-redirect/image/upload/fl_strip_profile,q_auto,w_180,f_auto//v1623887303/blog/2021/turbotax-ato-attack/
Redirect Chain

https://perimeterx.com/assets-redirect/image/upload/fl_strip_profile,q_auto,w_180,f_auto//v1623887303/blog/2021/turbotax-ato-attack/how-to-balance-digital-innovation-and-automated-fraud-risk_vmorrc...
https://www.perimeterx.com/assets-redirect/image/upload/fl_strip_profile,q_auto,w_180,f_auto//v1623887303/blog/2021/turbotax-ato-attack/how-to-balance-digital-innovation-and-automated-fraud-risk_vm...

5 KB
5 KB

577ms
576ms

Image
image/webp

2a03:b0c0:3:d0::d23:e001
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.perimeterx.com/assets-redirect/image/upload/fl_strip_profile,q_auto,w_180,f_auto//v1623887303/blog/2021/turbotax-ato-attack/how-to-balance-digital-innovation-and-automated-fraud-risk_vmorrc.png

Requested by

Host: www.perimeterx.com
URL: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:d0::d23:e001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Netlify /

Resource Hash

0b66d3dc0ce53ef65d4b2c64c9fa31078da3dd315e9f0e9b9c26f86fc5a344e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

:path: /assets-redirect/image/upload/fl_strip_profile,q_auto,w_180,f_auto//v1623887303/blog/2021/turbotax-ato-attack/how-to-balance-digital-innovation-and-automated-fraud-risk_vmorrc.png
pragma: no-cache
cookie: _biz_uid=20b96ace993e4d51c87af4a898fa63b0; _biz_sid=97e1ea; _biz_nA=1; _px_uAB=MTMzN3x0cnVl; _biz_pendingA=%5B%5D; _px=5VynSmj4nNAha/HZAb6ecrIkyuyLgZ9CbkyKMj60UsbzkN/aAjgefCNXplxSsD2158v87hbQ71kGHiOu5K25Sw==:1000:S8QKHeqQICctTeVKshpVd3F9eygnMSMZC/Rn2otVGKuUor87dM4CXh4tiB8mTNGWCGd86jSUvKdUubpggM3fMFSCHTu6AyQobxisji2AF0CoCPPlsq6UzJN5JwiWABXMzc91aGFohugqYnCVMjhra0kQsKDoe9zxzF+fy9uSK1ot0cRrz+yz6WmBeSyZM0r6+ojm5i0gIPkSUzOHiIjasHOoqDYBLZCfgwQUB5L3b9WZsK5fTz7MhJloybGZouRgW9QFvEV6QI7Wy8X/+Yq8Og==; _pxvid=77068391-d83a-11eb-b5a0-0242ac12001a; _pxff_bdd=1000; _pxff_idp_p=1; _pxff_cl=888; _pxff_scs=1,WOWMAN; _pxff_wow=1; _pxff_ww=1; _pxff_af_wp=1; _pxff_af_sp=1; _pxff_af_cd=1; _pxff_af_rf=1; _pxff_af_se=1; _pxff_rid=6905385671275758357; _biz_flagsA=%7B%22Version%22%3A1%2C%22ViewThrough%22%3A%221%22%2C%22XDomain%22%3A%221%22%7D; _gid=GA1.2.699729854.1624903118; _ga_S5CWZF51H2=GS1.1.1624903118.1.0.1624903118.0; _ga=GA1.2.577416843.1624903118; _gat_UA-57261032-1=1; OptanonConsent=isIABGlobal=false&datestamp=Mon+Jun+28+2021+19%3A58%3A38+GMT%2B0200+(Central+European+Summer+Time)&version=6.14.0&hosts=&consentId=a3e683d0-0eba-459d-9c3a-13815c009c75&interactionCount=0&landingPath=https%3A%2F%2Fwww.perimeterx.com%2Fresources%2Fblog%2F2021%2Fturbotax-ato-attack-foretells-serious-wave-of-financial-fraud%2F%3Futm_source%3Dtwitter%26utm_medium%3Dorganic-social&groups=C0004%3A1%2CC0003%3A1%2CBG4%3A1%2CC0001%3A1%2CC0002%3A1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.perimeterx.com
referer: https://www.perimeterx.com/
:scheme: https
sec-fetch-site: same-site
:method: GET
Referer: https://www.perimeterx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nf-request-id: 01F99WBVPWGSNQWJBWPBCN11H4
date: Mon, 28 Jun 2021 17:58:39 GMT
x-content-type-options: nosniff
age: 1
content-disposition: inline; filename="how-to-balance-digital-innovation-and-automated-fraud-risk_vmorrc.webp"
server-timing: fastly;dur=2;cpu=1;start=2021-06-28T17:58:39.124Z;desc=hit,rtt;dur=0
content-length: 4826
last-modified: Wed, 16 Jun 2021 23:48:55 GMT
server: Netlify
etag: "82323ad373392bb438d3a64ba9a73917"
strict-transport-security: max-age=604800
content-type: image/webp
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Disposition,ETag,Server-Timing,Vary,X-Content-Type-Options
cache-control: private, no-transform, immutable, max-age=2592000
accept-ranges: bytes
timing-allow-origin: *

Redirect headers

x-nf-request-id: bfb5983a-cfd1-437d-8020-d97687c3b457-284522085
content-security-policy: frame-ancestors 'self' *.perimeterx.com
server: Netlify
age: 0
date: Mon, 28 Jun 2021 17:58:38 GMT
x-frame-options: DENY
content-type: text/plain; charset=utf-8
location: https://www.perimeterx.com/assets-redirect/image/upload/fl_strip_profile,q_auto,w_180,f_auto//v1623887303/blog/2021/turbotax-ato-attack/how-to-balance-digital-innovation-and-automated-fraud-risk_vmorrc.png
cache-control: public, max-age=0, must-revalidate
content-length: 221
x-xss-protection: 1; mode=block

GET
H2 200 link-arrow.svg
www.perimeterx.com/icons/ 672 B
811 B 8ms
7ms Image
image/svg+xml 2a03:b0c0:3:d0::d23:e001
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.perimeterx.com/icons/link-arrow.svg

Requested by

Host: www.perimeterx.com
URL: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:d0::d23:e001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Netlify /

Resource Hash

eb5587a924cd997ae5ab4896d812257c47dae81e2b9b7a0a049b78cf32793968

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' *.perimeterx.com
Strict-Transport-Security	max-age=31536000
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: no-cors
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: image
cookie: _biz_uid=20b96ace993e4d51c87af4a898fa63b0; _biz_sid=97e1ea; _biz_nA=1; _px_uAB=MTMzN3x0cnVl; _biz_pendingA=%5B%5D; _biz_flagsA=%7B%22Version%22%3A1%2C%22ViewThrough%22%3A%221%22%7D; _px=5VynSmj4nNAha/HZAb6ecrIkyuyLgZ9CbkyKMj60UsbzkN/aAjgefCNXplxSsD2158v87hbQ71kGHiOu5K25Sw==:1000:S8QKHeqQICctTeVKshpVd3F9eygnMSMZC/Rn2otVGKuUor87dM4CXh4tiB8mTNGWCGd86jSUvKdUubpggM3fMFSCHTu6AyQobxisji2AF0CoCPPlsq6UzJN5JwiWABXMzc91aGFohugqYnCVMjhra0kQsKDoe9zxzF+fy9uSK1ot0cRrz+yz6WmBeSyZM0r6+ojm5i0gIPkSUzOHiIjasHOoqDYBLZCfgwQUB5L3b9WZsK5fTz7MhJloybGZouRgW9QFvEV6QI7Wy8X/+Yq8Og==; _pxvid=77068391-d83a-11eb-b5a0-0242ac12001a; _pxff_bdd=1000; _pxff_idp_p=1; _pxff_cl=888; _pxff_scs=1,WOWMAN; _pxff_wow=1; _pxff_ww=1; _pxff_af_wp=1; _pxff_af_sp=1; _pxff_af_cd=1; _pxff_af_rf=1; _pxff_af_se=1; _pxff_rid=6905385671275758357
dpr: 1
:path: /icons/link-arrow.svg
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
viewport-width: 1600
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
:authority: www.perimeterx.com
referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
DPR: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Viewport-Width: 1600

Response headers

x-nf-request-id: 01F99WBVDHA01A5CJ4XF0QJYZN
content-security-policy: frame-ancestors 'self' *.perimeterx.com
server: Netlify
age: 3923
etag: "400ebb76df262c1d4cf9e8b4a98ae4a7-ssl"
x-frame-options: DENY
content-type: image/svg+xml
cache-control: public, max-age=0, must-revalidate
date: Mon, 28 Jun 2021 16:53:15 GMT
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 672
x-xss-protection: 1; mode=block

GET
H3-29 200 7cHpv4kjgoGqM7E_DMs5.woff2
fonts.gstatic.com/s/barlow/v5/ 20 KB
20 KB 16ms
11ms Font
font/woff2 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/barlow/v5/7cHpv4kjgoGqM7E_DMs5.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Barlow:400,500,700|Barlow+Condensed:300,600|Open+Sans:400,500,700&display=swap

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

023694a0472dde38c6600bf88e6330765839e53f64f94edb63714aeab3de7e51

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.perimeterx.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 22 Jun 2021 16:47:47 GMT
x-content-type-options: nosniff
age: 522651
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20444
x-xss-protection: 0
last-modified: Thu, 10 Sep 2020 17:04:46 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 22 Jun 2022 16:47:47 GMT

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/6.14.0/ 369 KB
82 KB 13ms
13ms Script
application/javascript 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.14.0/otBannerSdk.js

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e7c129ee5de51a2692632d98e0e18cbc092fb758635921e4ecc404293495fafa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.perimeterx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 28 Jun 2021 17:58:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: bk+c/8JAdlTEAluR1Sm6dw==
age: 8456555
vary: Accept-Encoding
content-length: 83472
cf-request-id: 0af55f05b600004e194d1b6000000001
x-ms-lease-status: unlocked
last-modified: Wed, 24 Feb 2021 17:18:15 GMT
server: cloudflare
etag: 0x8D8D8E82BC311EE
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: a7aaa36c-101e-0164-705d-1f2e13000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=691200
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 6668cde92ba14e19-FRA
expires: Tue, 06 Jul 2021 17:58:38 GMT

GET
H2 200 page-data.json
www.perimeterx.com/page-data/resources/blog/ 0
2 KB 8ms
6ms Other
application/json 2a03:b0c0:3:d0::d23:e001
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://www.perimeterx.com/page-data/resources/blog/page-data.json

Requested by

Host: d33wubrfki0l68.cloudfront.net
URL: https://d33wubrfki0l68.cloudfront.net/bundles/84f9e545ec53b716eda7ebd4b09d6bd96bb47dec.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:d0::d23:e001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Netlify /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' *.perimeterx.com
Strict-Transport-Security	max-age=31536000
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
origin: https://www.perimeterx.com
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
cookie: _biz_uid=20b96ace993e4d51c87af4a898fa63b0; _biz_sid=97e1ea; _biz_nA=1; _px_uAB=MTMzN3x0cnVl; _biz_pendingA=%5B%5D; _biz_flagsA=%7B%22Version%22%3A1%2C%22ViewThrough%22%3A%221%22%7D; _px=5VynSmj4nNAha/HZAb6ecrIkyuyLgZ9CbkyKMj60UsbzkN/aAjgefCNXplxSsD2158v87hbQ71kGHiOu5K25Sw==:1000:S8QKHeqQICctTeVKshpVd3F9eygnMSMZC/Rn2otVGKuUor87dM4CXh4tiB8mTNGWCGd86jSUvKdUubpggM3fMFSCHTu6AyQobxisji2AF0CoCPPlsq6UzJN5JwiWABXMzc91aGFohugqYnCVMjhra0kQsKDoe9zxzF+fy9uSK1ot0cRrz+yz6WmBeSyZM0r6+ojm5i0gIPkSUzOHiIjasHOoqDYBLZCfgwQUB5L3b9WZsK5fTz7MhJloybGZouRgW9QFvEV6QI7Wy8X/+Yq8Og==; _pxvid=77068391-d83a-11eb-b5a0-0242ac12001a; _pxff_bdd=1000; _pxff_idp_p=1; _pxff_cl=888; _pxff_scs=1,WOWMAN; _pxff_wow=1; _pxff_ww=1; _pxff_af_wp=1; _pxff_af_sp=1; _pxff_af_cd=1; _pxff_af_rf=1; _pxff_af_se=1; _pxff_rid=6905385671275758357
dpr: 1
:path: /page-data/resources/blog/page-data.json
pragma: no-cache
purpose: prefetch
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
viewport-width: 1600
accept: application/signed-exchange;v=b3;q=0.9,*/*;q=0.8
cache-control: no-cache
:authority: www.perimeterx.com
referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
Origin: https://www.perimeterx.com
DPR: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Viewport-Width: 1600

Response headers

x-nf-request-id: 01F99WBVDXD5E3TGT5E791C5FQ
content-security-policy: frame-ancestors 'self' *.perimeterx.com
content-encoding: br
etag: "2079c171bb92c8e1e5d32f51d234916f-ssl"
server: Netlify
age: 7766
x-frame-options: DENY
date: Mon, 28 Jun 2021 15:49:12 GMT
vary: Accept-Encoding
content-type: application/json
cache-control: public, max-age=0, must-revalidate
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 2178
x-xss-protection: 1; mode=block

GET
H2 200 page-data.json
www.perimeterx.com/page-data/resources/blog/kim-decarlis/ 0
3 KB 28ms
26ms Other
application/json 2a03:b0c0:3:d0::d23:e001
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://www.perimeterx.com/page-data/resources/blog/kim-decarlis/page-data.json

Requested by

Host: d33wubrfki0l68.cloudfront.net
URL: https://d33wubrfki0l68.cloudfront.net/bundles/84f9e545ec53b716eda7ebd4b09d6bd96bb47dec.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:d0::d23:e001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Netlify /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' *.perimeterx.com
Strict-Transport-Security	max-age=31536000
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
origin: https://www.perimeterx.com
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
cookie: _biz_uid=20b96ace993e4d51c87af4a898fa63b0; _biz_sid=97e1ea; _biz_nA=1; _px_uAB=MTMzN3x0cnVl; _biz_pendingA=%5B%5D; _biz_flagsA=%7B%22Version%22%3A1%2C%22ViewThrough%22%3A%221%22%7D; _px=5VynSmj4nNAha/HZAb6ecrIkyuyLgZ9CbkyKMj60UsbzkN/aAjgefCNXplxSsD2158v87hbQ71kGHiOu5K25Sw==:1000:S8QKHeqQICctTeVKshpVd3F9eygnMSMZC/Rn2otVGKuUor87dM4CXh4tiB8mTNGWCGd86jSUvKdUubpggM3fMFSCHTu6AyQobxisji2AF0CoCPPlsq6UzJN5JwiWABXMzc91aGFohugqYnCVMjhra0kQsKDoe9zxzF+fy9uSK1ot0cRrz+yz6WmBeSyZM0r6+ojm5i0gIPkSUzOHiIjasHOoqDYBLZCfgwQUB5L3b9WZsK5fTz7MhJloybGZouRgW9QFvEV6QI7Wy8X/+Yq8Og==; _pxvid=77068391-d83a-11eb-b5a0-0242ac12001a; _pxff_bdd=1000; _pxff_idp_p=1; _pxff_cl=888; _pxff_scs=1,WOWMAN; _pxff_wow=1; _pxff_ww=1; _pxff_af_wp=1; _pxff_af_sp=1; _pxff_af_cd=1; _pxff_af_rf=1; _pxff_af_se=1; _pxff_rid=6905385671275758357
dpr: 1
:path: /page-data/resources/blog/kim-decarlis/page-data.json
pragma: no-cache
purpose: prefetch
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
viewport-width: 1600
accept: application/signed-exchange;v=b3;q=0.9,*/*;q=0.8
cache-control: no-cache
:authority: www.perimeterx.com
referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
Origin: https://www.perimeterx.com
DPR: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Viewport-Width: 1600

Response headers

x-nf-request-id: 01F99WBVDX8DDPAFVJVS0BW8WP
content-security-policy: frame-ancestors 'self' *.perimeterx.com
content-encoding: br
server: Netlify
age: 5450
x-frame-options: DENY
etag: "a3d02aede02be6ce2c6c71b832cec1b6-ssl"
vary: Accept-Encoding
content-type: application/json
cache-control: public, max-age=0, must-revalidate
date: Mon, 28 Jun 2021 16:27:48 GMT
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 3121
x-xss-protection: 1; mode=block

GET
H2 200 page-data.json
www.perimeterx.com/page-data/request-demo/ 0
1 KB 9ms
7ms Other
application/json 2a03:b0c0:3:d0::d23:e001
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://www.perimeterx.com/page-data/request-demo/page-data.json

Requested by

Host: d33wubrfki0l68.cloudfront.net
URL: https://d33wubrfki0l68.cloudfront.net/bundles/84f9e545ec53b716eda7ebd4b09d6bd96bb47dec.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:d0::d23:e001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Netlify /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' *.perimeterx.com
Strict-Transport-Security	max-age=31536000
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
origin: https://www.perimeterx.com
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
cookie: _biz_uid=20b96ace993e4d51c87af4a898fa63b0; _biz_sid=97e1ea; _biz_nA=1; _px_uAB=MTMzN3x0cnVl; _biz_pendingA=%5B%5D; _biz_flagsA=%7B%22Version%22%3A1%2C%22ViewThrough%22%3A%221%22%7D; _px=5VynSmj4nNAha/HZAb6ecrIkyuyLgZ9CbkyKMj60UsbzkN/aAjgefCNXplxSsD2158v87hbQ71kGHiOu5K25Sw==:1000:S8QKHeqQICctTeVKshpVd3F9eygnMSMZC/Rn2otVGKuUor87dM4CXh4tiB8mTNGWCGd86jSUvKdUubpggM3fMFSCHTu6AyQobxisji2AF0CoCPPlsq6UzJN5JwiWABXMzc91aGFohugqYnCVMjhra0kQsKDoe9zxzF+fy9uSK1ot0cRrz+yz6WmBeSyZM0r6+ojm5i0gIPkSUzOHiIjasHOoqDYBLZCfgwQUB5L3b9WZsK5fTz7MhJloybGZouRgW9QFvEV6QI7Wy8X/+Yq8Og==; _pxvid=77068391-d83a-11eb-b5a0-0242ac12001a; _pxff_bdd=1000; _pxff_idp_p=1; _pxff_cl=888; _pxff_scs=1,WOWMAN; _pxff_wow=1; _pxff_ww=1; _pxff_af_wp=1; _pxff_af_sp=1; _pxff_af_cd=1; _pxff_af_rf=1; _pxff_af_se=1; _pxff_rid=6905385671275758357
dpr: 1
:path: /page-data/request-demo/page-data.json
pragma: no-cache
purpose: prefetch
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
viewport-width: 1600
accept: application/signed-exchange;v=b3;q=0.9,*/*;q=0.8
cache-control: no-cache
:authority: www.perimeterx.com
referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
Origin: https://www.perimeterx.com
DPR: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Viewport-Width: 1600

Response headers

x-nf-request-id: 01F99WBVDXH5YXQZZ52AT5RA8R
content-security-policy: frame-ancestors 'self' *.perimeterx.com
content-encoding: br
etag: "df32df67415c2c4cb425ea7c376acd2a-ssl"
server: Netlify
age: 6350
x-frame-options: DENY
date: Mon, 28 Jun 2021 16:12:48 GMT
vary: Accept-Encoding
content-type: application/json
cache-control: public, max-age=0, must-revalidate
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 1399
x-xss-protection: 1; mode=block

GET
H2 200 page-data.json
www.perimeterx.com/page-data/contact-us/ 0
1 KB 9ms
7ms Other
application/json 2a03:b0c0:3:d0::d23:e001
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://www.perimeterx.com/page-data/contact-us/page-data.json

Requested by

Host: d33wubrfki0l68.cloudfront.net
URL: https://d33wubrfki0l68.cloudfront.net/bundles/84f9e545ec53b716eda7ebd4b09d6bd96bb47dec.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:d0::d23:e001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Netlify /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' *.perimeterx.com
Strict-Transport-Security	max-age=31536000
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
origin: https://www.perimeterx.com
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
cookie: _biz_uid=20b96ace993e4d51c87af4a898fa63b0; _biz_sid=97e1ea; _biz_nA=1; _px_uAB=MTMzN3x0cnVl; _biz_pendingA=%5B%5D; _biz_flagsA=%7B%22Version%22%3A1%2C%22ViewThrough%22%3A%221%22%7D; _px=5VynSmj4nNAha/HZAb6ecrIkyuyLgZ9CbkyKMj60UsbzkN/aAjgefCNXplxSsD2158v87hbQ71kGHiOu5K25Sw==:1000:S8QKHeqQICctTeVKshpVd3F9eygnMSMZC/Rn2otVGKuUor87dM4CXh4tiB8mTNGWCGd86jSUvKdUubpggM3fMFSCHTu6AyQobxisji2AF0CoCPPlsq6UzJN5JwiWABXMzc91aGFohugqYnCVMjhra0kQsKDoe9zxzF+fy9uSK1ot0cRrz+yz6WmBeSyZM0r6+ojm5i0gIPkSUzOHiIjasHOoqDYBLZCfgwQUB5L3b9WZsK5fTz7MhJloybGZouRgW9QFvEV6QI7Wy8X/+Yq8Og==; _pxvid=77068391-d83a-11eb-b5a0-0242ac12001a; _pxff_bdd=1000; _pxff_idp_p=1; _pxff_cl=888; _pxff_scs=1,WOWMAN; _pxff_wow=1; _pxff_ww=1; _pxff_af_wp=1; _pxff_af_sp=1; _pxff_af_cd=1; _pxff_af_rf=1; _pxff_af_se=1; _pxff_rid=6905385671275758357
dpr: 1
:path: /page-data/contact-us/page-data.json
pragma: no-cache
purpose: prefetch
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
viewport-width: 1600
accept: application/signed-exchange;v=b3;q=0.9,*/*;q=0.8
cache-control: no-cache
:authority: www.perimeterx.com
referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
Origin: https://www.perimeterx.com
DPR: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Viewport-Width: 1600

Response headers

x-nf-request-id: 01F99WBVDYAPJTEAGETRDE8YP6
content-security-policy: frame-ancestors 'self' *.perimeterx.com
content-encoding: br
etag: "1bdc7aeba91385835bb18247370fcf27-ssl"
server: Netlify
age: 8807
x-frame-options: DENY
date: Mon, 28 Jun 2021 15:31:51 GMT
vary: Accept-Encoding
content-type: application/json
cache-control: public, max-age=0, must-revalidate
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 1242
x-xss-protection: 1; mode=block

GET
H2 200 page-data.json
www.perimeterx.com/page-data/resources/ 0
788 B 9ms
8ms Other
application/json 2a03:b0c0:3:d0::d23:e001
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://www.perimeterx.com/page-data/resources/page-data.json

Requested by

Host: d33wubrfki0l68.cloudfront.net
URL: https://d33wubrfki0l68.cloudfront.net/bundles/84f9e545ec53b716eda7ebd4b09d6bd96bb47dec.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:d0::d23:e001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Netlify /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' *.perimeterx.com
Strict-Transport-Security	max-age=31536000
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
origin: https://www.perimeterx.com
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
cookie: _biz_uid=20b96ace993e4d51c87af4a898fa63b0; _biz_sid=97e1ea; _biz_nA=1; _px_uAB=MTMzN3x0cnVl; _biz_pendingA=%5B%5D; _biz_flagsA=%7B%22Version%22%3A1%2C%22ViewThrough%22%3A%221%22%7D; _px=5VynSmj4nNAha/HZAb6ecrIkyuyLgZ9CbkyKMj60UsbzkN/aAjgefCNXplxSsD2158v87hbQ71kGHiOu5K25Sw==:1000:S8QKHeqQICctTeVKshpVd3F9eygnMSMZC/Rn2otVGKuUor87dM4CXh4tiB8mTNGWCGd86jSUvKdUubpggM3fMFSCHTu6AyQobxisji2AF0CoCPPlsq6UzJN5JwiWABXMzc91aGFohugqYnCVMjhra0kQsKDoe9zxzF+fy9uSK1ot0cRrz+yz6WmBeSyZM0r6+ojm5i0gIPkSUzOHiIjasHOoqDYBLZCfgwQUB5L3b9WZsK5fTz7MhJloybGZouRgW9QFvEV6QI7Wy8X/+Yq8Og==; _pxvid=77068391-d83a-11eb-b5a0-0242ac12001a; _pxff_bdd=1000; _pxff_idp_p=1; _pxff_cl=888; _pxff_scs=1,WOWMAN; _pxff_wow=1; _pxff_ww=1; _pxff_af_wp=1; _pxff_af_sp=1; _pxff_af_cd=1; _pxff_af_rf=1; _pxff_af_se=1; _pxff_rid=6905385671275758357
dpr: 1
:path: /page-data/resources/page-data.json
pragma: no-cache
purpose: prefetch
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
viewport-width: 1600
accept: application/signed-exchange;v=b3;q=0.9,*/*;q=0.8
cache-control: no-cache
:authority: www.perimeterx.com
referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
Origin: https://www.perimeterx.com
DPR: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Viewport-Width: 1600

Response headers

x-nf-request-id: 01F99WBVDY43JG0HMY38Q3ZP54
content-security-policy: frame-ancestors 'self' *.perimeterx.com
content-encoding: br
etag: "8de34173b7e73bcf40d30f92ddf1aeb3-ssl"
server: Netlify
age: 1547
x-frame-options: DENY
date: Mon, 28 Jun 2021 17:32:51 GMT
vary: Accept-Encoding
content-type: application/json
cache-control: public, max-age=0, must-revalidate
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 657
x-xss-protection: 1; mode=block

GET
H2 200 page-data.json
www.perimeterx.com/page-data/index/ 0
4 KB 8ms
7ms Other
application/json 2a03:b0c0:3:d0::d23:e001
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://www.perimeterx.com/page-data/index/page-data.json

Requested by

Host: d33wubrfki0l68.cloudfront.net
URL: https://d33wubrfki0l68.cloudfront.net/bundles/84f9e545ec53b716eda7ebd4b09d6bd96bb47dec.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:d0::d23:e001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Netlify /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' *.perimeterx.com
Strict-Transport-Security	max-age=31536000
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
origin: https://www.perimeterx.com
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
cookie: _biz_uid=20b96ace993e4d51c87af4a898fa63b0; _biz_sid=97e1ea; _biz_nA=1; _px_uAB=MTMzN3x0cnVl; _biz_pendingA=%5B%5D; _biz_flagsA=%7B%22Version%22%3A1%2C%22ViewThrough%22%3A%221%22%7D; _px=5VynSmj4nNAha/HZAb6ecrIkyuyLgZ9CbkyKMj60UsbzkN/aAjgefCNXplxSsD2158v87hbQ71kGHiOu5K25Sw==:1000:S8QKHeqQICctTeVKshpVd3F9eygnMSMZC/Rn2otVGKuUor87dM4CXh4tiB8mTNGWCGd86jSUvKdUubpggM3fMFSCHTu6AyQobxisji2AF0CoCPPlsq6UzJN5JwiWABXMzc91aGFohugqYnCVMjhra0kQsKDoe9zxzF+fy9uSK1ot0cRrz+yz6WmBeSyZM0r6+ojm5i0gIPkSUzOHiIjasHOoqDYBLZCfgwQUB5L3b9WZsK5fTz7MhJloybGZouRgW9QFvEV6QI7Wy8X/+Yq8Og==; _pxvid=77068391-d83a-11eb-b5a0-0242ac12001a; _pxff_bdd=1000; _pxff_idp_p=1; _pxff_cl=888; _pxff_scs=1,WOWMAN; _pxff_wow=1; _pxff_ww=1; _pxff_af_wp=1; _pxff_af_sp=1; _pxff_af_cd=1; _pxff_af_rf=1; _pxff_af_se=1; _pxff_rid=6905385671275758357
dpr: 1
:path: /page-data/index/page-data.json
pragma: no-cache
purpose: prefetch
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
viewport-width: 1600
accept: application/signed-exchange;v=b3;q=0.9,*/*;q=0.8
cache-control: no-cache
:authority: www.perimeterx.com
referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
Origin: https://www.perimeterx.com
DPR: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Viewport-Width: 1600

Response headers

x-nf-request-id: 01F99WBVDYRG771BCN4TGBGPQJ
content-security-policy: frame-ancestors 'self' *.perimeterx.com
content-encoding: br
server: Netlify
age: 4643
x-frame-options: DENY
etag: "a2437a8dd2f39468b67e0400cf350fa4-ssl"
vary: Accept-Encoding
content-type: application/json
cache-control: public, max-age=0, must-revalidate
date: Mon, 28 Jun 2021 16:41:15 GMT
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 3704
x-xss-protection: 1; mode=block

GET
H2 200 page-data.json Show response
www.perimeterx.com/page-data/resources/blog/ 6 KB
2 KB 7ms
6ms XHR
application/json 2a03:b0c0:3:d0::d23:e001
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://www.perimeterx.com/page-data/resources/blog/page-data.json

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:d0::d23:e001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Netlify /

Resource Hash

8c60af1ea3be3e55bfae38aba5c80bfdd6b773c3b95e0562f742fba861febeed

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' *.perimeterx.com
Strict-Transport-Security	max-age=31536000
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
cookie: _biz_uid=20b96ace993e4d51c87af4a898fa63b0; _biz_sid=97e1ea; _biz_nA=1; _px_uAB=MTMzN3x0cnVl; _biz_pendingA=%5B%5D; _px=5VynSmj4nNAha/HZAb6ecrIkyuyLgZ9CbkyKMj60UsbzkN/aAjgefCNXplxSsD2158v87hbQ71kGHiOu5K25Sw==:1000:S8QKHeqQICctTeVKshpVd3F9eygnMSMZC/Rn2otVGKuUor87dM4CXh4tiB8mTNGWCGd86jSUvKdUubpggM3fMFSCHTu6AyQobxisji2AF0CoCPPlsq6UzJN5JwiWABXMzc91aGFohugqYnCVMjhra0kQsKDoe9zxzF+fy9uSK1ot0cRrz+yz6WmBeSyZM0r6+ojm5i0gIPkSUzOHiIjasHOoqDYBLZCfgwQUB5L3b9WZsK5fTz7MhJloybGZouRgW9QFvEV6QI7Wy8X/+Yq8Og==; _pxvid=77068391-d83a-11eb-b5a0-0242ac12001a; _pxff_bdd=1000; _pxff_idp_p=1; _pxff_cl=888; _pxff_scs=1,WOWMAN; _pxff_wow=1; _pxff_ww=1; _pxff_af_wp=1; _pxff_af_sp=1; _pxff_af_cd=1; _pxff_af_rf=1; _pxff_af_se=1; _pxff_rid=6905385671275758357; _biz_flagsA=%7B%22Version%22%3A1%2C%22ViewThrough%22%3A%221%22%2C%22XDomain%22%3A%221%22%7D
dpr: 1
:path: /page-data/resources/blog/page-data.json
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
viewport-width: 1600
accept: */*
cache-control: no-cache
:authority: www.perimeterx.com
referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
DPR: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Viewport-Width: 1600

Response headers

x-nf-request-id: 01F99WBVF19NKF5FV1EK37ZZAE
content-security-policy: frame-ancestors 'self' *.perimeterx.com
content-encoding: br
etag: "2079c171bb92c8e1e5d32f51d234916f-ssl"
server: Netlify
age: 7766
x-frame-options: DENY
date: Mon, 28 Jun 2021 15:49:12 GMT
vary: Accept-Encoding
content-type: application/json
cache-control: public, max-age=0, must-revalidate
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 2178
x-xss-protection: 1; mode=block

GET
H3-29 200 js Show response
www.googletagmanager.com/gtag/ 120 KB
46 KB 41ms
38ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-S5CWZF51H2&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NQ65KGZ

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

42233da550b73a304d3f7fcbbe364c5665981a11e17df901014ee20c8ec1bea9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.perimeterx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 28 Jun 2021 17:58:38 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47360
x-xss-protection: 0
expires: Mon, 28 Jun 2021 17:58:38 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NQ65KGZ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

73d6a5ea11fb7bf6e6a6ccd44b1635d52c79b0a00623d0387c9dddd4b7c68e89

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.perimeterx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 09 Jun 2021 17:36:57 GMT
server: Golfe2
age: 1613
date: Mon, 28 Jun 2021 17:31:45 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19661
expires: Mon, 28 Jun 2021 19:31:45 GMT

GET
H2 200 k1S0pNhzdwg3y5l6uOk0 Show response
ws.zoominfo.com/pixel/ 0
527 B 240ms
208ms Script
text/javascript 2606:4700::6810:a852
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/k1S0pNhzdwg3y5l6uOk0

Requested by

Host: t.co
URL: https://t.co/Ov5x7kp10L

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:a852 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.perimeterx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 28 Jun 2021 17:58:38 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
x-powered-by: Express
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
access-control-allow-credentials: true
cf-ray: 6668cde9a8952b22-FRA
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for
content-length: 0
cf-request-id: 0af55f060600002b22030d7000000001

GET
H2 200 page-data.json Show response
www.perimeterx.com/page-data/request-demo/ 3 KB
1 KB 9ms
9ms XHR
application/json 2a03:b0c0:3:d0::d23:e001
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://www.perimeterx.com/page-data/request-demo/page-data.json

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:d0::d23:e001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Netlify /

Resource Hash

a13ef54675158617c2c34a497fa54c0ac423899bfe5eb94d1ccad028efeea5bb

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' *.perimeterx.com
Strict-Transport-Security	max-age=31536000
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
cookie: _biz_uid=20b96ace993e4d51c87af4a898fa63b0; _biz_sid=97e1ea; _biz_nA=1; _px_uAB=MTMzN3x0cnVl; _biz_pendingA=%5B%5D; _px=5VynSmj4nNAha/HZAb6ecrIkyuyLgZ9CbkyKMj60UsbzkN/aAjgefCNXplxSsD2158v87hbQ71kGHiOu5K25Sw==:1000:S8QKHeqQICctTeVKshpVd3F9eygnMSMZC/Rn2otVGKuUor87dM4CXh4tiB8mTNGWCGd86jSUvKdUubpggM3fMFSCHTu6AyQobxisji2AF0CoCPPlsq6UzJN5JwiWABXMzc91aGFohugqYnCVMjhra0kQsKDoe9zxzF+fy9uSK1ot0cRrz+yz6WmBeSyZM0r6+ojm5i0gIPkSUzOHiIjasHOoqDYBLZCfgwQUB5L3b9WZsK5fTz7MhJloybGZouRgW9QFvEV6QI7Wy8X/+Yq8Og==; _pxvid=77068391-d83a-11eb-b5a0-0242ac12001a; _pxff_bdd=1000; _pxff_idp_p=1; _pxff_cl=888; _pxff_scs=1,WOWMAN; _pxff_wow=1; _pxff_ww=1; _pxff_af_wp=1; _pxff_af_sp=1; _pxff_af_cd=1; _pxff_af_rf=1; _pxff_af_se=1; _pxff_rid=6905385671275758357; _biz_flagsA=%7B%22Version%22%3A1%2C%22ViewThrough%22%3A%221%22%2C%22XDomain%22%3A%221%22%7D
dpr: 1
:path: /page-data/request-demo/page-data.json
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
viewport-width: 1600
accept: */*
cache-control: no-cache
:authority: www.perimeterx.com
referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
DPR: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Viewport-Width: 1600

Response headers

x-nf-request-id: 01F99WBVFA2M8DGN40MY062NEF
content-security-policy: frame-ancestors 'self' *.perimeterx.com
content-encoding: br
etag: "df32df67415c2c4cb425ea7c376acd2a-ssl"
server: Netlify
age: 6350
x-frame-options: DENY
date: Mon, 28 Jun 2021 16:12:48 GMT
vary: Accept-Encoding
content-type: application/json
cache-control: public, max-age=0, must-revalidate
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 1399
x-xss-protection: 1; mode=block

GET
H2 200 page-data.json Show response
www.perimeterx.com/page-data/contact-us/ 3 KB
1 KB 7ms
7ms XHR
application/json 2a03:b0c0:3:d0::d23:e001
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://www.perimeterx.com/page-data/contact-us/page-data.json

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:d0::d23:e001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Netlify /

Resource Hash

50da521fecbf77ed6b4c6acfc8da0ce1b5a3cf644f2967d035deedd6eabff5f8

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' *.perimeterx.com
Strict-Transport-Security	max-age=31536000
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
cookie: _biz_uid=20b96ace993e4d51c87af4a898fa63b0; _biz_sid=97e1ea; _biz_nA=1; _px_uAB=MTMzN3x0cnVl; _biz_pendingA=%5B%5D; _px=5VynSmj4nNAha/HZAb6ecrIkyuyLgZ9CbkyKMj60UsbzkN/aAjgefCNXplxSsD2158v87hbQ71kGHiOu5K25Sw==:1000:S8QKHeqQICctTeVKshpVd3F9eygnMSMZC/Rn2otVGKuUor87dM4CXh4tiB8mTNGWCGd86jSUvKdUubpggM3fMFSCHTu6AyQobxisji2AF0CoCPPlsq6UzJN5JwiWABXMzc91aGFohugqYnCVMjhra0kQsKDoe9zxzF+fy9uSK1ot0cRrz+yz6WmBeSyZM0r6+ojm5i0gIPkSUzOHiIjasHOoqDYBLZCfgwQUB5L3b9WZsK5fTz7MhJloybGZouRgW9QFvEV6QI7Wy8X/+Yq8Og==; _pxvid=77068391-d83a-11eb-b5a0-0242ac12001a; _pxff_bdd=1000; _pxff_idp_p=1; _pxff_cl=888; _pxff_scs=1,WOWMAN; _pxff_wow=1; _pxff_ww=1; _pxff_af_wp=1; _pxff_af_sp=1; _pxff_af_cd=1; _pxff_af_rf=1; _pxff_af_se=1; _pxff_rid=6905385671275758357; _biz_flagsA=%7B%22Version%22%3A1%2C%22ViewThrough%22%3A%221%22%2C%22XDomain%22%3A%221%22%7D
dpr: 1
:path: /page-data/contact-us/page-data.json
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
viewport-width: 1600
accept: */*
cache-control: no-cache
:authority: www.perimeterx.com
referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
DPR: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Viewport-Width: 1600

Response headers

x-nf-request-id: 01F99WBVFBQMDW6Q1BR0YM2NG7
content-security-policy: frame-ancestors 'self' *.perimeterx.com
content-encoding: br
etag: "1bdc7aeba91385835bb18247370fcf27-ssl"
server: Netlify
age: 8807
x-frame-options: DENY
date: Mon, 28 Jun 2021 15:31:51 GMT
vary: Accept-Encoding
content-type: application/json
cache-control: public, max-age=0, must-revalidate
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 1242
x-xss-protection: 1; mode=block

GET
H2 200 getForm Show response
app-sj13.marketo.com/index.php/form/ 4 KB
2 KB 1066ms
1066ms Script
application/javascript 104.16.94.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app-sj13.marketo.com/index.php/form/getForm?munchkinId=001-VJX-104&form=1483&url=https%3A%2F%2Fwww.perimeterx.com%2Fresources%2Fblog%2F2021%2Fturbotax-ato-attack-foretells-serious-wave-of-financial-fraud%2F&callback=jQuery1124015660659702753277_1624903117919&_=1624903117920

Requested by

Host: app-sj13.marketo.com
URL: https://app-sj13.marketo.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.94.80 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a04aca0fd034336973d150c06e9ef193a258269a0ba4430bbf2b213889f70f07

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.perimeterx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 28 Jun 2021 17:58:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cached: false
strict-transport-security: max-age=63113904
cf-ray: 6668cde9892668c4-CDG
cf-request-id: 0af55f05f3000068c43bbe8000000001

GET
H2 200 page-data.json Show response
www.perimeterx.com/page-data/index/ 20 KB
4 KB 6ms
6ms XHR
application/json 2a03:b0c0:3:d0::d23:e001
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://www.perimeterx.com/page-data/index/page-data.json

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:d0::d23:e001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Netlify /

Resource Hash

58e49c7f28694cde2e9a5927b59eab25748ab55a9055c68d4668aef6a1478529

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' *.perimeterx.com
Strict-Transport-Security	max-age=31536000
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
cookie: _biz_uid=20b96ace993e4d51c87af4a898fa63b0; _biz_sid=97e1ea; _biz_nA=1; _px_uAB=MTMzN3x0cnVl; _biz_pendingA=%5B%5D; _px=5VynSmj4nNAha/HZAb6ecrIkyuyLgZ9CbkyKMj60UsbzkN/aAjgefCNXplxSsD2158v87hbQ71kGHiOu5K25Sw==:1000:S8QKHeqQICctTeVKshpVd3F9eygnMSMZC/Rn2otVGKuUor87dM4CXh4tiB8mTNGWCGd86jSUvKdUubpggM3fMFSCHTu6AyQobxisji2AF0CoCPPlsq6UzJN5JwiWABXMzc91aGFohugqYnCVMjhra0kQsKDoe9zxzF+fy9uSK1ot0cRrz+yz6WmBeSyZM0r6+ojm5i0gIPkSUzOHiIjasHOoqDYBLZCfgwQUB5L3b9WZsK5fTz7MhJloybGZouRgW9QFvEV6QI7Wy8X/+Yq8Og==; _pxvid=77068391-d83a-11eb-b5a0-0242ac12001a; _pxff_bdd=1000; _pxff_idp_p=1; _pxff_cl=888; _pxff_scs=1,WOWMAN; _pxff_wow=1; _pxff_ww=1; _pxff_af_wp=1; _pxff_af_sp=1; _pxff_af_cd=1; _pxff_af_rf=1; _pxff_af_se=1; _pxff_rid=6905385671275758357; _biz_flagsA=%7B%22Version%22%3A1%2C%22ViewThrough%22%3A%221%22%2C%22XDomain%22%3A%221%22%7D
dpr: 1
:path: /page-data/index/page-data.json
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
viewport-width: 1600
accept: */*
cache-control: no-cache
:authority: www.perimeterx.com
referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
DPR: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Viewport-Width: 1600

Response headers

x-nf-request-id: 01F99WBVFD8G18WFZDHZ43TG9V
content-security-policy: frame-ancestors 'self' *.perimeterx.com
content-encoding: br
server: Netlify
age: 4643
x-frame-options: DENY
etag: "a2437a8dd2f39468b67e0400cf350fa4-ssl"
vary: Accept-Encoding
content-type: application/json
cache-control: public, max-age=0, must-revalidate
date: Mon, 28 Jun 2021 16:41:15 GMT
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 3704
x-xss-protection: 1; mode=block

GET
H2 200 page-data.json Show response
www.perimeterx.com/page-data/resources/ 1 KB
771 B 11ms
11ms XHR
application/json 2a03:b0c0:3:d0::d23:e001
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://www.perimeterx.com/page-data/resources/page-data.json

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:d0::d23:e001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Netlify /

Resource Hash

5dca844b419a5e65d7f9fbfe3305dda75c0abe12f683e88e67bd2c1874cc480b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' *.perimeterx.com
Strict-Transport-Security	max-age=31536000
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
cookie: _biz_uid=20b96ace993e4d51c87af4a898fa63b0; _biz_sid=97e1ea; _biz_nA=1; _px_uAB=MTMzN3x0cnVl; _biz_pendingA=%5B%5D; _px=5VynSmj4nNAha/HZAb6ecrIkyuyLgZ9CbkyKMj60UsbzkN/aAjgefCNXplxSsD2158v87hbQ71kGHiOu5K25Sw==:1000:S8QKHeqQICctTeVKshpVd3F9eygnMSMZC/Rn2otVGKuUor87dM4CXh4tiB8mTNGWCGd86jSUvKdUubpggM3fMFSCHTu6AyQobxisji2AF0CoCPPlsq6UzJN5JwiWABXMzc91aGFohugqYnCVMjhra0kQsKDoe9zxzF+fy9uSK1ot0cRrz+yz6WmBeSyZM0r6+ojm5i0gIPkSUzOHiIjasHOoqDYBLZCfgwQUB5L3b9WZsK5fTz7MhJloybGZouRgW9QFvEV6QI7Wy8X/+Yq8Og==; _pxvid=77068391-d83a-11eb-b5a0-0242ac12001a; _pxff_bdd=1000; _pxff_idp_p=1; _pxff_cl=888; _pxff_scs=1,WOWMAN; _pxff_wow=1; _pxff_ww=1; _pxff_af_wp=1; _pxff_af_sp=1; _pxff_af_cd=1; _pxff_af_rf=1; _pxff_af_se=1; _pxff_rid=6905385671275758357; _biz_flagsA=%7B%22Version%22%3A1%2C%22ViewThrough%22%3A%221%22%2C%22XDomain%22%3A%221%22%7D
dpr: 1
:path: /page-data/resources/page-data.json
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
viewport-width: 1600
accept: */*
cache-control: no-cache
:authority: www.perimeterx.com
referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
DPR: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Viewport-Width: 1600

Response headers

x-nf-request-id: 01F99WBVFDFY5EQF3V6FBHJM8Z
content-security-policy: frame-ancestors 'self' *.perimeterx.com
content-encoding: br
etag: "8de34173b7e73bcf40d30f92ddf1aeb3-ssl"
server: Netlify
age: 1547
x-frame-options: DENY
date: Mon, 28 Jun 2021 17:32:51 GMT
vary: Accept-Encoding
content-type: application/json
cache-control: public, max-age=0, must-revalidate
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 657
x-xss-protection: 1; mode=block

GET
H2 200 740a51be-bd50-4765-b76c-0ee7167b128c.json Show response
cdn.cookielaw.org/consent/740a51be-bd50-4765-b76c-0ee7167b128c/ 3 KB
1 KB 19ms
19ms XHR
application/x-javascript 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/740a51be-bd50-4765-b76c-0ee7167b128c/740a51be-bd50-4765-b76c-0ee7167b128c.json

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0e4ee2659ff5bd50e75e13eecb867d12cd461815d07c0b130df662c9047077b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.perimeterx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 28 Jun 2021 17:58:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: 0btHGyHYgX957R6VqVn39g==
age: 1652
vary: Accept-Encoding
content-length: 1129
cf-request-id: 0af55f05f00000972a60a73000000001
x-ms-lease-status: unlocked
last-modified: Thu, 11 Mar 2021 22:47:00 GMT
server: cloudflare
etag: 0x8D8E4DF95376E37
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 3a780089-801e-0003-4801-38dbe1000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 6668cde97cc0972a-FRA

GET
H2 200 forms.js Show response
marketo.clearbit.com/assets/v1/marketo/ 27 KB
28 KB 251ms
172ms Script
application/javascript 18.169.30.171
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://marketo.clearbit.com/assets/v1/marketo/forms.js

Requested by

Host: t.co
URL: https://t.co/Ov5x7kp10L

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.169.30.171 London, United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

envoy /

Resource Hash

4063e72c353fcac556ca10a2d6d26666e4b486aaefaa1872585b3f9e88b91adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.perimeterx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 28 Jun 2021 17:58:38 GMT
x-content-type-options: nosniff
last-modified: Fri, 25 Jun 2021 21:24:31 GMT
server: envoy
content-length: 28086
content-type: application/javascript;charset=utf-8

GET
H2 200 component---src-layouts-templates-blog-index-js-08e4de00596080544164.js
www.perimeterx.com/ 0
3 KB 12ms
9ms Other
application/javascript 2a03:b0c0:3:d0::d23:e001
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://www.perimeterx.com/component---src-layouts-templates-blog-index-js-08e4de00596080544164.js

Requested by

Host: d33wubrfki0l68.cloudfront.net
URL: https://d33wubrfki0l68.cloudfront.net/bundles/84f9e545ec53b716eda7ebd4b09d6bd96bb47dec.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:d0::d23:e001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Netlify /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' *.perimeterx.com
Strict-Transport-Security	max-age=31536000
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: no-cors
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
cookie: _biz_uid=20b96ace993e4d51c87af4a898fa63b0; _biz_sid=97e1ea; _biz_nA=1; _px_uAB=MTMzN3x0cnVl; _biz_pendingA=%5B%5D; _px=5VynSmj4nNAha/HZAb6ecrIkyuyLgZ9CbkyKMj60UsbzkN/aAjgefCNXplxSsD2158v87hbQ71kGHiOu5K25Sw==:1000:S8QKHeqQICctTeVKshpVd3F9eygnMSMZC/Rn2otVGKuUor87dM4CXh4tiB8mTNGWCGd86jSUvKdUubpggM3fMFSCHTu6AyQobxisji2AF0CoCPPlsq6UzJN5JwiWABXMzc91aGFohugqYnCVMjhra0kQsKDoe9zxzF+fy9uSK1ot0cRrz+yz6WmBeSyZM0r6+ojm5i0gIPkSUzOHiIjasHOoqDYBLZCfgwQUB5L3b9WZsK5fTz7MhJloybGZouRgW9QFvEV6QI7Wy8X/+Yq8Og==; _pxvid=77068391-d83a-11eb-b5a0-0242ac12001a; _pxff_bdd=1000; _pxff_idp_p=1; _pxff_cl=888; _pxff_scs=1,WOWMAN; _pxff_wow=1; _pxff_ww=1; _pxff_af_wp=1; _pxff_af_sp=1; _pxff_af_cd=1; _pxff_af_rf=1; _pxff_af_se=1; _pxff_rid=6905385671275758357; _biz_flagsA=%7B%22Version%22%3A1%2C%22ViewThrough%22%3A%221%22%2C%22XDomain%22%3A%221%22%7D
dpr: 1
:path: /component---src-layouts-templates-blog-index-js-08e4de00596080544164.js
pragma: no-cache
purpose: prefetch
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
viewport-width: 1600
accept: application/signed-exchange;v=b3;q=0.9,*/*;q=0.8
cache-control: no-cache
:authority: www.perimeterx.com
referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
DPR: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Viewport-Width: 1600

Response headers

x-nf-request-id: 01F99WBVFTY28W7DWT6S3WXVGQ
content-security-policy: frame-ancestors 'self' *.perimeterx.com
content-encoding: br
etag: "997602cf52419d58073299166ac1b690-ssl"
server: Netlify
age: 2316
x-frame-options: DENY
date: Mon, 28 Jun 2021 17:20:02 GMT
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=0, must-revalidate
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 2543
x-xss-protection: 1; mode=block

GET
H2 200 page-data.json Show response
www.perimeterx.com/page-data/resources/blog/kim-decarlis/ 11 KB
3 KB 9ms
6ms XHR
application/json 2a03:b0c0:3:d0::d23:e001
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://www.perimeterx.com/page-data/resources/blog/kim-decarlis/page-data.json

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:d0::d23:e001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Netlify /

Resource Hash

bc23c29d27bfa5246bc475469282fcc459f6a02e1ceed643be4e457582783da2

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' *.perimeterx.com
Strict-Transport-Security	max-age=31536000
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
cookie: _biz_uid=20b96ace993e4d51c87af4a898fa63b0; _biz_sid=97e1ea; _biz_nA=1; _px_uAB=MTMzN3x0cnVl; _biz_pendingA=%5B%5D; _px=5VynSmj4nNAha/HZAb6ecrIkyuyLgZ9CbkyKMj60UsbzkN/aAjgefCNXplxSsD2158v87hbQ71kGHiOu5K25Sw==:1000:S8QKHeqQICctTeVKshpVd3F9eygnMSMZC/Rn2otVGKuUor87dM4CXh4tiB8mTNGWCGd86jSUvKdUubpggM3fMFSCHTu6AyQobxisji2AF0CoCPPlsq6UzJN5JwiWABXMzc91aGFohugqYnCVMjhra0kQsKDoe9zxzF+fy9uSK1ot0cRrz+yz6WmBeSyZM0r6+ojm5i0gIPkSUzOHiIjasHOoqDYBLZCfgwQUB5L3b9WZsK5fTz7MhJloybGZouRgW9QFvEV6QI7Wy8X/+Yq8Og==; _pxvid=77068391-d83a-11eb-b5a0-0242ac12001a; _pxff_bdd=1000; _pxff_idp_p=1; _pxff_cl=888; _pxff_scs=1,WOWMAN; _pxff_wow=1; _pxff_ww=1; _pxff_af_wp=1; _pxff_af_sp=1; _pxff_af_cd=1; _pxff_af_rf=1; _pxff_af_se=1; _pxff_rid=6905385671275758357; _biz_flagsA=%7B%22Version%22%3A1%2C%22ViewThrough%22%3A%221%22%2C%22XDomain%22%3A%221%22%7D
dpr: 1
:path: /page-data/resources/blog/kim-decarlis/page-data.json
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
viewport-width: 1600
accept: */*
cache-control: no-cache
:authority: www.perimeterx.com
referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
DPR: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Viewport-Width: 1600

Response headers

x-nf-request-id: 01F99WBVFS0066QKD1JDKGX2J6
content-security-policy: frame-ancestors 'self' *.perimeterx.com
content-encoding: br
server: Netlify
age: 5450
x-frame-options: DENY
etag: "a3d02aede02be6ce2c6c71b832cec1b6-ssl"
vary: Accept-Encoding
content-type: application/json
cache-control: public, max-age=0, must-revalidate
date: Mon, 28 Jun 2021 16:27:48 GMT
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 3121
x-xss-protection: 1; mode=block

GET
H2 200 en.json Show response
cdn.cookielaw.org/consent/740a51be-bd50-4765-b76c-0ee7167b128c/7db516e1-b839-4652-9f03-4ca7c9545199/ 49 KB
12 KB 31ms
30ms Fetch
application/x-javascript 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/740a51be-bd50-4765-b76c-0ee7167b128c/7db516e1-b839-4652-9f03-4ca7c9545199/en.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.14.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d15c6bea859dda73fbc954ba5bf4ce8c5afaa8d94ae3273da10a012b0dab9174

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.perimeterx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 28 Jun 2021 17:58:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: woLH4+8lDFUD6i8/7GwjlA==
age: 1652
vary: Accept-Encoding
content-length: 11837
cf-request-id: 0af55f05fb0000972a69097000000001
x-ms-lease-status: unlocked
last-modified: Thu, 11 Mar 2021 22:47:03 GMT
server: cloudflare
etag: 0x8D8E4DF96E68149
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: dfb16d03-401e-009d-5301-38a2a6000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 6668cde98ccc972a-FRA

GET
H2 200 component---src-layouts-templates-form-page-index-js-6c26d2577861804c067c.js
www.perimeterx.com/ 0
4 KB 7ms
6ms Other
application/javascript 2a03:b0c0:3:d0::d23:e001
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://www.perimeterx.com/component---src-layouts-templates-form-page-index-js-6c26d2577861804c067c.js

Requested by

Host: d33wubrfki0l68.cloudfront.net
URL: https://d33wubrfki0l68.cloudfront.net/bundles/84f9e545ec53b716eda7ebd4b09d6bd96bb47dec.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:d0::d23:e001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Netlify /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' *.perimeterx.com
Strict-Transport-Security	max-age=31536000
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: no-cors
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
cookie: _biz_uid=20b96ace993e4d51c87af4a898fa63b0; _biz_sid=97e1ea; _biz_nA=1; _px_uAB=MTMzN3x0cnVl; _biz_pendingA=%5B%5D; _px=5VynSmj4nNAha/HZAb6ecrIkyuyLgZ9CbkyKMj60UsbzkN/aAjgefCNXplxSsD2158v87hbQ71kGHiOu5K25Sw==:1000:S8QKHeqQICctTeVKshpVd3F9eygnMSMZC/Rn2otVGKuUor87dM4CXh4tiB8mTNGWCGd86jSUvKdUubpggM3fMFSCHTu6AyQobxisji2AF0CoCPPlsq6UzJN5JwiWABXMzc91aGFohugqYnCVMjhra0kQsKDoe9zxzF+fy9uSK1ot0cRrz+yz6WmBeSyZM0r6+ojm5i0gIPkSUzOHiIjasHOoqDYBLZCfgwQUB5L3b9WZsK5fTz7MhJloybGZouRgW9QFvEV6QI7Wy8X/+Yq8Og==; _pxvid=77068391-d83a-11eb-b5a0-0242ac12001a; _pxff_bdd=1000; _pxff_idp_p=1; _pxff_cl=888; _pxff_scs=1,WOWMAN; _pxff_wow=1; _pxff_ww=1; _pxff_af_wp=1; _pxff_af_sp=1; _pxff_af_cd=1; _pxff_af_rf=1; _pxff_af_se=1; _pxff_rid=6905385671275758357; _biz_flagsA=%7B%22Version%22%3A1%2C%22ViewThrough%22%3A%221%22%2C%22XDomain%22%3A%221%22%7D
dpr: 1
:path: /component---src-layouts-templates-form-page-index-js-6c26d2577861804c067c.js
pragma: no-cache
purpose: prefetch
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
viewport-width: 1600
accept: application/signed-exchange;v=b3;q=0.9,*/*;q=0.8
cache-control: no-cache
:authority: www.perimeterx.com
referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
DPR: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Viewport-Width: 1600

Response headers

x-nf-request-id: 01F99WBVFYQCMB922TD2Z9K8C5
content-security-policy: frame-ancestors 'self' *.perimeterx.com
content-encoding: br
etag: "ee9e308ffd1377437bf3ce40a9df972e-ssl"
server: Netlify
age: 4643
x-frame-options: DENY
date: Mon, 28 Jun 2021 16:41:15 GMT
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=0, must-revalidate
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 3904
x-xss-protection: 1; mode=block

GET
H2 200 component---src-layouts-templates-sectioned-page-index-js-f17d1bba2dc860038db5.js
www.perimeterx.com/ 0
55 KB 7ms
7ms Other
application/javascript 2a03:b0c0:3:d0::d23:e001
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://www.perimeterx.com/component---src-layouts-templates-sectioned-page-index-js-f17d1bba2dc860038db5.js

Requested by

Host: d33wubrfki0l68.cloudfront.net
URL: https://d33wubrfki0l68.cloudfront.net/bundles/84f9e545ec53b716eda7ebd4b09d6bd96bb47dec.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:d0::d23:e001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Netlify /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' *.perimeterx.com
Strict-Transport-Security	max-age=31536000
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: no-cors
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
cookie: _biz_uid=20b96ace993e4d51c87af4a898fa63b0; _biz_sid=97e1ea; _biz_nA=1; _px_uAB=MTMzN3x0cnVl; _biz_pendingA=%5B%5D; _px=5VynSmj4nNAha/HZAb6ecrIkyuyLgZ9CbkyKMj60UsbzkN/aAjgefCNXplxSsD2158v87hbQ71kGHiOu5K25Sw==:1000:S8QKHeqQICctTeVKshpVd3F9eygnMSMZC/Rn2otVGKuUor87dM4CXh4tiB8mTNGWCGd86jSUvKdUubpggM3fMFSCHTu6AyQobxisji2AF0CoCPPlsq6UzJN5JwiWABXMzc91aGFohugqYnCVMjhra0kQsKDoe9zxzF+fy9uSK1ot0cRrz+yz6WmBeSyZM0r6+ojm5i0gIPkSUzOHiIjasHOoqDYBLZCfgwQUB5L3b9WZsK5fTz7MhJloybGZouRgW9QFvEV6QI7Wy8X/+Yq8Og==; _pxvid=77068391-d83a-11eb-b5a0-0242ac12001a; _pxff_bdd=1000; _pxff_idp_p=1; _pxff_cl=888; _pxff_scs=1,WOWMAN; _pxff_wow=1; _pxff_ww=1; _pxff_af_wp=1; _pxff_af_sp=1; _pxff_af_cd=1; _pxff_af_rf=1; _pxff_af_se=1; _pxff_rid=6905385671275758357; _biz_flagsA=%7B%22Version%22%3A1%2C%22ViewThrough%22%3A%221%22%2C%22XDomain%22%3A%221%22%7D
dpr: 1
:path: /component---src-layouts-templates-sectioned-page-index-js-f17d1bba2dc860038db5.js
pragma: no-cache
purpose: prefetch
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
viewport-width: 1600
accept: application/signed-exchange;v=b3;q=0.9,*/*;q=0.8
cache-control: no-cache
:authority: www.perimeterx.com
referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
DPR: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Viewport-Width: 1600

Response headers

x-nf-request-id: 01F99WBVFYPJP5RJSM7SG8MQ5H
content-security-policy: frame-ancestors 'self' *.perimeterx.com
content-encoding: br
server: Netlify
age: 4643
x-frame-options: DENY
etag: "522a3e502ce002eb8f889a76f8ad14e0-ssl"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=0, must-revalidate
date: Mon, 28 Jun 2021 16:41:15 GMT
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 55951
x-xss-protection: 1; mode=block

GET
H3-29 200 js Show response
www.google-analytics.com/gtm/ 100 KB
38 KB 31ms
29ms Script
application/javascript 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/gtm/js?id=GTM-PCDTQ25&t=gtm14&cid=577416843.1624903118

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c008477d42080c18ff7d78bd81b6ad4765c5260e921156b786c018471dc85a69

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.perimeterx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 28 Jun 2021 17:58:38 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38529
x-xss-protection: 0
expires: Mon, 28 Jun 2021 17:58:38 GMT

GET
H2 200 component---src-layouts-templates-resources-index-js-f9b544037cfd4dba11e3.js
www.perimeterx.com/ 0
4 KB 11ms
10ms Other
application/javascript 2a03:b0c0:3:d0::d23:e001
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://www.perimeterx.com/component---src-layouts-templates-resources-index-js-f9b544037cfd4dba11e3.js

Requested by

Host: d33wubrfki0l68.cloudfront.net
URL: https://d33wubrfki0l68.cloudfront.net/bundles/84f9e545ec53b716eda7ebd4b09d6bd96bb47dec.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:d0::d23:e001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Netlify /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' *.perimeterx.com
Strict-Transport-Security	max-age=31536000
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: no-cors
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
cookie: _biz_uid=20b96ace993e4d51c87af4a898fa63b0; _biz_sid=97e1ea; _biz_nA=1; _px_uAB=MTMzN3x0cnVl; _biz_pendingA=%5B%5D; _px=5VynSmj4nNAha/HZAb6ecrIkyuyLgZ9CbkyKMj60UsbzkN/aAjgefCNXplxSsD2158v87hbQ71kGHiOu5K25Sw==:1000:S8QKHeqQICctTeVKshpVd3F9eygnMSMZC/Rn2otVGKuUor87dM4CXh4tiB8mTNGWCGd86jSUvKdUubpggM3fMFSCHTu6AyQobxisji2AF0CoCPPlsq6UzJN5JwiWABXMzc91aGFohugqYnCVMjhra0kQsKDoe9zxzF+fy9uSK1ot0cRrz+yz6WmBeSyZM0r6+ojm5i0gIPkSUzOHiIjasHOoqDYBLZCfgwQUB5L3b9WZsK5fTz7MhJloybGZouRgW9QFvEV6QI7Wy8X/+Yq8Og==; _pxvid=77068391-d83a-11eb-b5a0-0242ac12001a; _pxff_bdd=1000; _pxff_idp_p=1; _pxff_cl=888; _pxff_scs=1,WOWMAN; _pxff_wow=1; _pxff_ww=1; _pxff_af_wp=1; _pxff_af_sp=1; _pxff_af_cd=1; _pxff_af_rf=1; _pxff_af_se=1; _pxff_rid=6905385671275758357; _biz_flagsA=%7B%22Version%22%3A1%2C%22ViewThrough%22%3A%221%22%2C%22XDomain%22%3A%221%22%7D; _ga=GA1.2.577416843.1624903118; _gid=GA1.2.699729854.1624903118
dpr: 1
:path: /component---src-layouts-templates-resources-index-js-f9b544037cfd4dba11e3.js
pragma: no-cache
purpose: prefetch
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
viewport-width: 1600
accept: application/signed-exchange;v=b3;q=0.9,*/*;q=0.8
cache-control: no-cache
:authority: www.perimeterx.com
referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
DPR: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Viewport-Width: 1600

Response headers

x-nf-request-id: 01F99WBVGNGH7G0XYDZ9AEJ56Z
content-security-policy: frame-ancestors 'self' *.perimeterx.com
content-encoding: br
etag: "0ef158553dc7fbf687f2bce0d3146237-ssl"
server: Netlify
age: 1546
x-frame-options: DENY
date: Mon, 28 Jun 2021 17:32:52 GMT
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=0, must-revalidate
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 3477
x-xss-protection: 1; mode=block

GET
H2 200 component---src-layouts-templates-blog-authors-js-e5731c44f44e358cfb16.js
www.perimeterx.com/ 0
3 KB 10ms
8ms Other
application/javascript 2a03:b0c0:3:d0::d23:e001
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://www.perimeterx.com/component---src-layouts-templates-blog-authors-js-e5731c44f44e358cfb16.js

Requested by

Host: d33wubrfki0l68.cloudfront.net
URL: https://d33wubrfki0l68.cloudfront.net/bundles/84f9e545ec53b716eda7ebd4b09d6bd96bb47dec.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:d0::d23:e001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Netlify /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' *.perimeterx.com
Strict-Transport-Security	max-age=31536000
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: no-cors
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
cookie: _biz_uid=20b96ace993e4d51c87af4a898fa63b0; _biz_sid=97e1ea; _biz_nA=1; _px_uAB=MTMzN3x0cnVl; _biz_pendingA=%5B%5D; _px=5VynSmj4nNAha/HZAb6ecrIkyuyLgZ9CbkyKMj60UsbzkN/aAjgefCNXplxSsD2158v87hbQ71kGHiOu5K25Sw==:1000:S8QKHeqQICctTeVKshpVd3F9eygnMSMZC/Rn2otVGKuUor87dM4CXh4tiB8mTNGWCGd86jSUvKdUubpggM3fMFSCHTu6AyQobxisji2AF0CoCPPlsq6UzJN5JwiWABXMzc91aGFohugqYnCVMjhra0kQsKDoe9zxzF+fy9uSK1ot0cRrz+yz6WmBeSyZM0r6+ojm5i0gIPkSUzOHiIjasHOoqDYBLZCfgwQUB5L3b9WZsK5fTz7MhJloybGZouRgW9QFvEV6QI7Wy8X/+Yq8Og==; _pxvid=77068391-d83a-11eb-b5a0-0242ac12001a; _pxff_bdd=1000; _pxff_idp_p=1; _pxff_cl=888; _pxff_scs=1,WOWMAN; _pxff_wow=1; _pxff_ww=1; _pxff_af_wp=1; _pxff_af_sp=1; _pxff_af_cd=1; _pxff_af_rf=1; _pxff_af_se=1; _pxff_rid=6905385671275758357; _biz_flagsA=%7B%22Version%22%3A1%2C%22ViewThrough%22%3A%221%22%2C%22XDomain%22%3A%221%22%7D; _ga=GA1.2.577416843.1624903118; _gid=GA1.2.699729854.1624903118
dpr: 1
:path: /component---src-layouts-templates-blog-authors-js-e5731c44f44e358cfb16.js
pragma: no-cache
purpose: prefetch
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
viewport-width: 1600
accept: application/signed-exchange;v=b3;q=0.9,*/*;q=0.8
cache-control: no-cache
:authority: www.perimeterx.com
referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
DPR: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Viewport-Width: 1600

Response headers

x-nf-request-id: 01F99WBVGRQKC3287TXGF4NNTH
content-security-policy: frame-ancestors 'self' *.perimeterx.com
content-encoding: br
etag: "db571f3725c2a71c5c2c29546b4d6406-ssl"
server: Netlify
age: 4557
x-frame-options: DENY
date: Mon, 28 Jun 2021 16:42:41 GMT
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=0, must-revalidate
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 2653
x-xss-protection: 1; mode=block

GET
H2 200 en.json Show response
cdn.cookielaw.org/consent/740a51be-bd50-4765-b76c-0ee7167b128c/7db516e1-b839-4652-9f03-4ca7c9545199/ 49 KB
12 KB 16ms
14ms Fetch
application/x-javascript 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/740a51be-bd50-4765-b76c-0ee7167b128c/7db516e1-b839-4652-9f03-4ca7c9545199/en.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.14.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d15c6bea859dda73fbc954ba5bf4ce8c5afaa8d94ae3273da10a012b0dab9174

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.perimeterx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 28 Jun 2021 17:58:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: woLH4+8lDFUD6i8/7GwjlA==
age: 1652
vary: Accept-Encoding
content-length: 11837
cf-request-id: 0af55f06200000972a8b1a3000000001
x-ms-lease-status: unlocked
last-modified: Thu, 11 Mar 2021 22:47:03 GMT
server: cloudflare
etag: 0x8D8E4DF96E68149
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: dfb16d03-401e-009d-5301-38a2a6000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 6668cde9ccff972a-FRA

POST
H3-29 204 collect
www.google-analytics.com/g/ 0
17 B 15ms
15ms Ping
text/plain 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-S5CWZF51H2&gtm=2oe6n0&_p=741379408&sr=1600x1200&ul=en-us&cid=577416843.1624903118&_s=1&dl=https%3A%2F%2Fwww.perimeterx.com%2Fresources%2Fblog%2F2021%2Fturbotax-ato-attack-foretells-serious-wave-of-financial-fraud%2F%3Futm_source%3Dtwitter%26utm_medium%3Dorganic-social&dr=https%3A%2F%2Ft.co%2F&dt=TurboTax%20ATO%20Attack%20Foretells%20Serious%20Wave%20of%20Financial%20Fraud&sid=1624903118&sct=1&seg=0&en=page_view&_fv=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-S5CWZF51H2&l=dataLayer&cx=c
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.perimeterx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 28 Jun 2021 17:58:38 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.perimeterx.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 94 KB
24 KB 6ms
5ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: t.co
URL: https://t.co/Ov5x7kp10L

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

79fcef7a0549ef72c11fc65e27b2e6bb1194eab7d9717980091bc577cfb9b73f

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.perimeterx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 24631
x-xss-protection: 0
pragma: public
x-fb-debug: XEvkNNys2mdgCYTVNHTsckeRcNpo7pcTvzzLg1dZgNGZOd6cVxbb/V2Wuhp+pzd5B0ndpeqTu7PH91xt80pOjA==
x-fb-trip-id: 686109401
x-frame-options: DENY
date: Mon, 28 Jun 2021 17:58:38 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 jukebox.js Show response
app.cdn.lookbookhq.com/production/jukebox/current/ 765 KB
211 KB 59ms
59ms Script
text/javascript 13.224.193.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://app.cdn.lookbookhq.com/production/jukebox/current/jukebox.js
Requested by: Host: t.co
URL: https://t.co/Ov5x7kp10L
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.193.59 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-193-59.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4f62a641ef8d879fa59c3c8fe4b8ecd6be9b6e7f430c6c343e94005505140cbe

Request headers

Referer: https://www.perimeterx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: null
content-encoding: gzip
last-modified: Thu, 24 Jun 2021 01:28:50 GMT
server: AmazonS3
age: 713
etag: W/"932bd76dd7f6f2d0c7319965d8a41caf"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
via: 1.1 e86025dac63232624d2273c5fd256ce4.cloudfront.net (CloudFront)
cache-control: max-age=43200
date: Mon, 28 Jun 2021 17:46:50 GMT
x-amz-cf-pop: FRA2-C1
x-amz-cf-id: q-vQrg-2LBJ3z9z-PuoLYi1Hro27L5BO1ikRPo9pQd8RG7C9vAjqqw==

GET
H2 200 w.js Show response
d10lpsik1i8c69.cloudfront.net/ 5 KB
3 KB 96ms
27ms Script
application/javascript 65.9.84.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d10lpsik1i8c69.cloudfront.net/w.js
Requested by: Host: t.co
URL: https://t.co/Ov5x7kp10L
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.84.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f06150cd74f4090b6b1194c7fb227fda21f859229aa851169b8116e330ee160b

Request headers

Referer: https://www.perimeterx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 28 Jun 2021 17:30:06 GMT
content-encoding: gzip
last-modified: Wed, 16 Jun 2021 16:29:57 GMT
server: AmazonS3
age: 1713
etag: W/"6f6cd12e9b9fb6a70e03f3fc2cae03a9"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 b75b06741e5146585057681bd60737b3.cloudfront.net (CloudFront)
cache-control: max-age=3600
x-amz-cf-pop: AMS1-C1
x-amz-cf-id: p7XajGRtSQY203V67br7-Gmmndfzdp0gBxCtXj1WV3jce5unp4EbtQ==

GET
H2 200 otFlat.json Show response
cdn.cookielaw.org/scripttemplates/6.14.0/assets/ 12 KB
3 KB 16ms
15ms Fetch
application/json 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.14.0/assets/otFlat.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.14.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

868f2732413f5fcb021d726343ac249b6ca630db5fbd578f6525f279dda5c22b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.perimeterx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 28 Jun 2021 17:58:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: BkZngIV1hzEthgbkouRUbA==
age: 5747301
vary: Accept-Encoding
content-length: 2832
cf-request-id: 0af55f064b0000972a66000000000001
x-ms-lease-status: unlocked
last-modified: Wed, 24 Feb 2021 17:18:04 GMT
server: cloudflare
etag: 0x8D8D8E825563082
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: dfabf772-901e-0131-6e01-38c564000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=691200
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 6668cdea1d25972a-FRA
expires: Tue, 06 Jul 2021 17:58:38 GMT

GET
H2 200 otPcCenter.json Show response
cdn.cookielaw.org/scripttemplates/6.14.0/assets/v2/ 47 KB
11 KB 19ms
18ms Fetch
application/json 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.14.0/assets/v2/otPcCenter.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.14.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a5de3651c0aa89e6497da505565c8944039fd6480aa161b1f270d1f5953c9d5f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.perimeterx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 28 Jun 2021 17:58:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: 8jNYupXcL2bcdab+1R7CAg==
age: 5747300
vary: Accept-Encoding
content-length: 11511
cf-request-id: 0af55f064b0000972a948cb000000001
x-ms-lease-status: unlocked
last-modified: Wed, 24 Feb 2021 17:18:07 GMT
server: cloudflare
etag: 0x8D8D8E827001198
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 8cfcbdf0-301e-013c-0401-382a68000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=691200
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 6668cdea1d26972a-FRA
expires: Tue, 06 Jul 2021 17:58:38 GMT

GET
H2 200 lftracker_v1_9mDnrdyX0ng1KXMv.js Show response
lftracker.leadfeeder.com/ 20 KB
8 KB 111ms
37ms Script
application/javascript 13.224.193.6
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://lftracker.leadfeeder.com/lftracker_v1_9mDnrdyX0ng1KXMv.js
Requested by: Host: t.co
URL: https://t.co/Ov5x7kp10L
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.193.6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-193-6.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 18567ae82ca00d18071ddab02fe5cde910cecdb6266a396a784f1f6fdd9691fa

Request headers

Referer: https://www.perimeterx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: omALqGW.vRxIUe.IWsbC_CVYl90A0VN5
content-encoding: gzip
last-modified: Fri, 25 Jun 2021 09:26:42 GMT
server: AmazonS3
age: 2372
etag: W/"f505a4ccee442fbba01f71c9d5cc0293"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 cb33a7a4640adbb55df3e0d143601559.cloudfront.net (CloudFront)
cache-control: max-age=3600
date: Mon, 28 Jun 2021 17:19:07 GMT
x-amz-cf-pop: FRA2-C1
x-amz-cf-id: BrwEx9eFcqNtCwVVZfvp2T-n4EuxHF_0astsoOb85IkQtmbStzy-zA==

GET
H2 200 otFlat.json Show response
cdn.cookielaw.org/scripttemplates/6.14.0/assets/ 12 KB
3 KB 58ms
57ms Fetch
application/json 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.14.0/assets/otFlat.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.14.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

868f2732413f5fcb021d726343ac249b6ca630db5fbd578f6525f279dda5c22b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.perimeterx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 28 Jun 2021 17:58:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: BkZngIV1hzEthgbkouRUbA==
age: 5747301
vary: Accept-Encoding
content-length: 2832
cf-request-id: 0af55f06640000972a8b1a5000000001
x-ms-lease-status: unlocked
last-modified: Wed, 24 Feb 2021 17:18:04 GMT
server: cloudflare
etag: 0x8D8D8E825563082
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: dfabf772-901e-0131-6e01-38c564000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=691200
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 6668cdea3d42972a-FRA
expires: Tue, 06 Jul 2021 17:58:38 GMT

GET
H2 200 otPcCenter.json Show response
cdn.cookielaw.org/scripttemplates/6.14.0/assets/v2/ 47 KB
11 KB 17ms
16ms Fetch
application/json 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.14.0/assets/v2/otPcCenter.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.14.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a5de3651c0aa89e6497da505565c8944039fd6480aa161b1f270d1f5953c9d5f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.perimeterx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 28 Jun 2021 17:58:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: 8jNYupXcL2bcdab+1R7CAg==
age: 5747300
vary: Accept-Encoding
content-length: 11511
cf-request-id: 0af55f06650000972a7a339000000001
x-ms-lease-status: unlocked
last-modified: Wed, 24 Feb 2021 17:18:07 GMT
server: cloudflare
etag: 0x8D8D8E827001198
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 8cfcbdf0-301e-013c-0401-382a68000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=691200
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 6668cdea3d43972a-FRA
expires: Tue, 06 Jul 2021 17:58:38 GMT

GET
H3-29 200 368880343933228 Show response
connect.facebook.net/signals/config/ 260 KB
74 KB 61ms
59ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/368880343933228?v=2.9.42&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

3f660ebe99fe584c874b8833ac737d6428cfde00dae35f9a8380b0fe7dd8f414

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.perimeterx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
x-xss-protection: 0
pragma: public
x-fb-debug: zo0H9/4BtQ9ta7OSPYSJ7XJbtGEXG+OoMMJnMbLm+w2PSXPX4wFSLLoFuNCiuF0FC3syrt4er901LOqdIQFLeg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coop_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Mon, 28 Jun 2021 17:58:38 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}],"group":"coop_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 13ms
13ms XHR
text/plain 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j91&a=741379408&t=pageview&_s=1&dl=https%3A%2F%2Fwww.perimeterx.com%2Fresources%2Fblog%2F2021%2Fturbotax-ato-attack-foretells-serious-wave-of-financial-fraud%2F%3Futm_source%3Dtwitter%26utm_medium%3Dorganic-social&dr=https%3A%2F%2Ft.co%2F&ul=en-us&de=UTF-8&dt=TurboTax%20ATO%20Attack%20Foretells%20Serious%20Wave%20of%20Financial%20Fraud&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGDAAEADQAAAAC~&jid=421451681&gjid=461345647&cid=577416843.1624903118&tid=UA-57261032-1&_gid=699729854.1624903118&_r=1&gtm=2wg6n0NQ65KGZ&cd5=resources&cd6=blog&cd7=kim%20decarlis&cd8=www.perimeterx.com%2Fresources%2Fblog%2F2021%2Fturbotax-ato-attack-foretells-serious-wave-of-financial-fraud%2F%3Futm_source%3Dtwitter%26utm_medium%3Dorganic-social&cd10=bot%20defender&cd11=e-commerce%2Ctravel%20hospitality%2Cmedia%2Cfinancial%20services&cd12=account%20takeover&z=1352822882

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.perimeterx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 28 Jun 2021 17:58:38 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.perimeterx.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ 817 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: db311174b0e3c340727b63c055cfb5b317808e909503e1bda11cc58af444f12b

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 perimeterx.svg
www.perimeterx.com/logos/ 21 KB
8 KB 8ms
7ms Image
image/svg+xml 2a03:b0c0:3:d0::d23:e001
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.perimeterx.com/logos/perimeterx.svg

Requested by

Host: www.perimeterx.com
URL: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:d0::d23:e001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Netlify /

Resource Hash

87371b95c57ff63cc90819bd366c6be2633d07357cc59ba8bc1c6b9d6c0be1c6

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' *.perimeterx.com
Strict-Transport-Security	max-age=31536000
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: no-cors
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: image
cookie: _biz_uid=20b96ace993e4d51c87af4a898fa63b0; _biz_sid=97e1ea; _biz_nA=1; _px_uAB=MTMzN3x0cnVl; _biz_pendingA=%5B%5D; _px=5VynSmj4nNAha/HZAb6ecrIkyuyLgZ9CbkyKMj60UsbzkN/aAjgefCNXplxSsD2158v87hbQ71kGHiOu5K25Sw==:1000:S8QKHeqQICctTeVKshpVd3F9eygnMSMZC/Rn2otVGKuUor87dM4CXh4tiB8mTNGWCGd86jSUvKdUubpggM3fMFSCHTu6AyQobxisji2AF0CoCPPlsq6UzJN5JwiWABXMzc91aGFohugqYnCVMjhra0kQsKDoe9zxzF+fy9uSK1ot0cRrz+yz6WmBeSyZM0r6+ojm5i0gIPkSUzOHiIjasHOoqDYBLZCfgwQUB5L3b9WZsK5fTz7MhJloybGZouRgW9QFvEV6QI7Wy8X/+Yq8Og==; _pxvid=77068391-d83a-11eb-b5a0-0242ac12001a; _pxff_bdd=1000; _pxff_idp_p=1; _pxff_cl=888; _pxff_scs=1,WOWMAN; _pxff_wow=1; _pxff_ww=1; _pxff_af_wp=1; _pxff_af_sp=1; _pxff_af_cd=1; _pxff_af_rf=1; _pxff_af_se=1; _pxff_rid=6905385671275758357; _biz_flagsA=%7B%22Version%22%3A1%2C%22ViewThrough%22%3A%221%22%2C%22XDomain%22%3A%221%22%7D; _gid=GA1.2.699729854.1624903118; _ga_S5CWZF51H2=GS1.1.1624903118.1.0.1624903118.0; _ga=GA1.2.577416843.1624903118; _gat_UA-57261032-1=1; OptanonConsent=isIABGlobal=false&datestamp=Mon+Jun+28+2021+19%3A58%3A38+GMT%2B0200+(Central+European+Summer+Time)&version=6.14.0&hosts=&consentId=a3e683d0-0eba-459d-9c3a-13815c009c75&interactionCount=0&landingPath=https%3A%2F%2Fwww.perimeterx.com%2Fresources%2Fblog%2F2021%2Fturbotax-ato-attack-foretells-serious-wave-of-financial-fraud%2F%3Futm_source%3Dtwitter%26utm_medium%3Dorganic-social&groups=C0004%3A1%2CC0003%3A1%2CBG4%3A1%2CC0001%3A1%2CC0002%3A1
dpr: 1
:path: /logos/perimeterx.svg
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
viewport-width: 1600
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
:authority: www.perimeterx.com
referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social
DPR: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Viewport-Width: 1600

Response headers

x-nf-request-id: 01F99WBVP818RBP9KMQY71SJ5D
content-security-policy: frame-ancestors 'self' *.perimeterx.com
content-encoding: gzip
server: Netlify
age: 9290
x-frame-options: DENY
etag: "7e652c5fe5b21848ae4124f6a3d93bc5-ssl"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=0, must-revalidate
date: Mon, 28 Jun 2021 15:23:48 GMT
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 7907
x-xss-protection: 1; mode=block

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
90 B 15ms
14ms XHR
text/plain 2a00:1450:400c:c0c::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j91&tid=UA-57261032-1&cid=577416843.1624903118&jid=421451681&gjid=461345647&_gid=699729854.1624903118&_u=aGDAAEACQAAAAC~&z=1745665236

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.perimeterx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Mon, 28 Jun 2021 17:58:38 GMT
content-type: text/plain
access-control-allow-origin: https://www.perimeterx.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

nav-promo_j8j9rp
www.perimeterx.com/assets-redirect/image/upload/fl_strip_profile,q_auto,f_auto,c_scale/main-menu-promos/
Redirect Chain

https://perimeterx.com/assets-redirect/image/upload/fl_strip_profile,q_auto,f_auto,c_scale/main-menu-promos/nav-promo_j8j9rp
https://www.perimeterx.com/assets-redirect/image/upload/fl_strip_profile,q_auto,f_auto,c_scale/main-menu-promos/nav-promo_j8j9rp

4 KB
4 KB

540ms
539ms

Image
image/webp

2a03:b0c0:3:d0::d23:e001
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.perimeterx.com/assets-redirect/image/upload/fl_strip_profile,q_auto,f_auto,c_scale/main-menu-promos/nav-promo_j8j9rp

Requested by

Host: www.perimeterx.com
URL: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:d0::d23:e001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Netlify /

Resource Hash

1351a45d5a9c19a15b5e8861cb81b50bb082c195c92263c3d48683ce69b75264

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

:path: /assets-redirect/image/upload/fl_strip_profile,q_auto,f_auto,c_scale/main-menu-promos/nav-promo_j8j9rp
pragma: no-cache
cookie: _biz_uid=20b96ace993e4d51c87af4a898fa63b0; _biz_sid=97e1ea; _biz_nA=1; _px_uAB=MTMzN3x0cnVl; _biz_pendingA=%5B%5D; _px=5VynSmj4nNAha/HZAb6ecrIkyuyLgZ9CbkyKMj60UsbzkN/aAjgefCNXplxSsD2158v87hbQ71kGHiOu5K25Sw==:1000:S8QKHeqQICctTeVKshpVd3F9eygnMSMZC/Rn2otVGKuUor87dM4CXh4tiB8mTNGWCGd86jSUvKdUubpggM3fMFSCHTu6AyQobxisji2AF0CoCPPlsq6UzJN5JwiWABXMzc91aGFohugqYnCVMjhra0kQsKDoe9zxzF+fy9uSK1ot0cRrz+yz6WmBeSyZM0r6+ojm5i0gIPkSUzOHiIjasHOoqDYBLZCfgwQUB5L3b9WZsK5fTz7MhJloybGZouRgW9QFvEV6QI7Wy8X/+Yq8Og==; _pxvid=77068391-d83a-11eb-b5a0-0242ac12001a; _pxff_bdd=1000; _pxff_idp_p=1; _pxff_cl=888; _pxff_scs=1,WOWMAN; _pxff_wow=1; _pxff_ww=1; _pxff_af_wp=1; _pxff_af_sp=1; _pxff_af_cd=1; _pxff_af_rf=1; _pxff_af_se=1; _pxff_rid=6905385671275758357; _biz_flagsA=%7B%22Version%22%3A1%2C%22ViewThrough%22%3A%221%22%2C%22XDomain%22%3A%221%22%7D; _gid=GA1.2.699729854.1624903118; _ga_S5CWZF51H2=GS1.1.1624903118.1.0.1624903118.0; _ga=GA1.2.577416843.1624903118; _gat_UA-57261032-1=1; OptanonConsent=isIABGlobal=false&datestamp=Mon+Jun+28+2021+19%3A58%3A38+GMT%2B0200+(Central+European+Summer+Time)&version=6.14.0&hosts=&consentId=a3e683d0-0eba-459d-9c3a-13815c009c75&interactionCount=0&landingPath=https%3A%2F%2Fwww.perimeterx.com%2Fresources%2Fblog%2F2021%2Fturbotax-ato-attack-foretells-serious-wave-of-financial-fraud%2F%3Futm_source%3Dtwitter%26utm_medium%3Dorganic-social&groups=C0004%3A1%2CC0003%3A1%2CBG4%3A1%2CC0001%3A1%2CC0002%3A1; _fbp=fb.1.1624903118784.865997906
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.perimeterx.com
referer: https://www.perimeterx.com/
:scheme: https
sec-fetch-site: same-site
:method: GET
Referer: https://www.perimeterx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nf-request-id: 01F99WBW072TTKSD9VC780KGV2
date: Mon, 28 Jun 2021 17:58:39 GMT
x-content-type-options: nosniff
age: 1
content-disposition: inline; filename="nav-promo_j8j9rp.webp"
server-timing: fastly;dur=2;cpu=1;start=2021-06-28T17:58:39.383Z;desc=hit,rtt;dur=0
content-length: 3826
last-modified: Wed, 29 Jan 2020 23:11:20 GMT
server: Netlify
etag: "f81d79f1517a95d27943ac45490c0f42"
strict-transport-security: max-age=604800
content-type: image/webp
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Disposition,ETag,Server-Timing,Vary,X-Content-Type-Options
cache-control: private, no-transform, immutable, max-age=2592000
accept-ranges: bytes
timing-allow-origin: *

Redirect headers

x-nf-request-id: bfb5983a-cfd1-437d-8020-d97687c3b457-284522116
content-security-policy: frame-ancestors 'self' *.perimeterx.com
server: Netlify
age: 3932
date: Mon, 28 Jun 2021 16:53:07 GMT
x-frame-options: DENY
content-type: text/plain; charset=utf-8
location: https://www.perimeterx.com/assets-redirect/image/upload/fl_strip_profile,q_auto,f_auto,c_scale/main-menu-promos/nav-promo_j8j9rp
cache-control: public, max-age=0, must-revalidate
content-length: 144
x-xss-protection: 1; mode=block

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
119 B 32ms
31ms Image
image/gif 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j91&tid=UA-57261032-1&cid=577416843.1624903118&jid=421451681&_u=aGDAAEACQAAAAC~&z=340423374

Requested by

Host: www.perimeterx.com
URL: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.perimeterx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 28 Jun 2021 17:58:38 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 31ms
31ms Image
image/gif 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j91&tid=UA-57261032-1&cid=577416843.1624903118&jid=421451681&_u=aGDAAEACQAAAAC~&z=340423374

Requested by

Host: www.perimeterx.com
URL: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.perimeterx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 28 Jun 2021 17:58:38 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

OPTIONS
H2 200 website_experience
jukebox.pathfactory.com/api/public/v1/ Frame 0
0 302ms
97ms Preflight
text/plain 35.170.150.33
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://jukebox.pathfactory.com/api/public/v1/website_experience?clientId=LB-FE20E0D4-10557&visitorUuid=a665cbd6-6825-4506-a0d0-da0a0c8cadfb&url=https%3A%2F%2Fwww.perimeterx.com%2Fresources%2Fblog%2F2021%2Fturbotax-ato-attack-foretells-serious-wave-of-financial-fraud%2F%3Futm_source%3Dtwitter%26utm_medium%3Dorganic-social
Protocol: H2
Server: 35.170.150.33 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: https://www.perimeterx.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Mon, 28 Jun 2021 17:58:38 GMT
content-type: text/plain
access-control-allow-origin: https://www.perimeterx.com
access-control-allow-methods: GET, PUT, POST, PATCH, OPTIONS
access-control-expose-headers
access-control-max-age: 1728000
access-control-allow-credentials: true
access-control-allow-headers: content-type
content-encoding: gzip
vary: Accept-Encoding

GET
H2 200 font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.6.1/css/ 28 KB
6 KB 19ms
18ms Stylesheet
text/css 2606:4700::6812:bcf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/font-awesome/4.6.1/css/font-awesome.min.css

Requested by

Host: app.cdn.lookbookhq.com
URL: https://app.cdn.lookbookhq.com/production/jukebox/current/jukebox.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b5d7707ea8fc00aae40bf500ac7498d7f32f6b1bbff7b4fde976a40345eb5f9d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.perimeterx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 28 Jun 2021 17:58:38 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 632, 617
age: 8455339
cdn-cachedat: 2021-03-11 11:58:15
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0af55f07850000536a561e3000000001
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:04:54 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: a754e168c4f0fb62e4072354b1d05890
cf-ray: 6668cdec0815536a-FRA
cdn-requestcountrycode: DE
cdn-requestpullsuccess: True

GET
H3-29 200 css
fonts.googleapis.com/ 4 KB
618 B 15ms
14ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:400,700

Requested by

Host: app.cdn.lookbookhq.com
URL: https://app.cdn.lookbookhq.com/production/jukebox/current/jukebox.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f7bba0cc484923e9dc8eb46a451efbd2ebe40980e07195777adaa39956bc5cd5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.perimeterx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 28 Jun 2021 16:45:43 GMT
server: ESF
date: Mon, 28 Jun 2021 17:58:38 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 28 Jun 2021 17:58:38 GMT

GET
H2 200 website_experience Show response
jukebox.pathfactory.com/api/public/v1/ 30 KB
4 KB 929ms
149ms XHR
application/json 35.170.150.33
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://jukebox.pathfactory.com/api/public/v1/website_experience?clientId=LB-FE20E0D4-10557&visitorUuid=a665cbd6-6825-4506-a0d0-da0a0c8cadfb&url=https%3A%2F%2Fwww.perimeterx.com%2Fresources%2Fblog%2F2021%2Fturbotax-ato-attack-foretells-serious-wave-of-financial-fraud%2F%3Futm_source%3Dtwitter%26utm_medium%3Dorganic-social

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.170.150.33 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Resource Hash

d4f63e5ec60f49831cc9b100e3c08f0d4c10d0dceb4d24082fa0a8ca8a459e95

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept: application/json
Referer: https://www.perimeterx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 28 Jun 2021 17:58:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
vary: Origin, Accept-Encoding
x-request-id: bb7af4cc-bb52-4842-be35-5a1a7447f14e
x-runtime: 0.046277
referrer-policy: no-referrer-when-downgrade
etag: W/"d4f63e5ec60f49831cc9b100e3c08f0d"
access-control-max-age: 1728000
access-control-allow-methods: GET, PUT, POST, PATCH, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.perimeterx.com
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true

GET
H2 204 website_forms Show response
jukebox.pathfactory.com/api/public/v1/ 0
413 B 891ms
111ms XHR
text/plain 35.170.150.33
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://jukebox.pathfactory.com/api/public/v1/website_forms?clientId=LB-FE20E0D4-10557&visitorUuid=a665cbd6-6825-4506-a0d0-da0a0c8cadfb&url=https%3A%2F%2Fwww.perimeterx.com%2Fresources%2Fblog%2F2021%2Fturbotax-ato-attack-foretells-serious-wave-of-financial-fraud%2F%3Futm_source%3Dtwitter%26utm_medium%3Dorganic-social

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.170.150.33 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: application/json
Referer: https://www.perimeterx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

x-runtime: 0.010766
date: Mon, 28 Jun 2021 17:58:39 GMT
referrer-policy: no-referrer-when-downgrade
access-control-max-age: 1728000
access-control-allow-methods: GET, PUT, POST, PATCH, OPTIONS
access-control-allow-origin: https://www.perimeterx.com
access-control-expose-headers
cache-control: no-cache
access-control-allow-credentials: true
vary: Origin
x-content-type-options: nosniff
x-request-id: 8ae3cf8b-fee5-41ab-8edb-5685c612f657

GET
H2 200 init Show response
jukebox.pathfactory.com/api/public/v1/ 359 B
865 B 513ms
110ms XHR
application/json 35.170.150.33
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://jukebox.pathfactory.com/api/public/v1/init?clientId=LB-FE20E0D4-10557&image=&title=&url=https%3A%2F%2Fwww.perimeterx.com%2Fresources%2Fblog%2F2021%2Fturbotax-ato-attack-foretells-serious-wave-of-financial-fraud%2F%3Futm_source%3Dtwitter%26utm_medium%3Dorganic-social

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.170.150.33 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Resource Hash

91caf7adf186e22a68bd0c33e4d8a53da5f73225383787be1f2d4925f2a8b767

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept: application/json
Referer: https://www.perimeterx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 28 Jun 2021 17:58:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
vary: Origin, Accept-Encoding
x-request-id: c4bad2a2-eb36-47b2-9c3e-32400ab3317d
x-runtime: 0.009617
referrer-policy: no-referrer-when-downgrade
etag: W/"91caf7adf186e22a68bd0c33e4d8a53d"
access-control-max-age: 1728000
access-control-allow-methods: GET, PUT, POST, PATCH, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.perimeterx.com
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true

OPTIONS
H2 200 website_forms
jukebox.pathfactory.com/api/public/v1/ Frame 0
0 300ms
97ms Preflight
text/plain 35.170.150.33
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://jukebox.pathfactory.com/api/public/v1/website_forms?clientId=LB-FE20E0D4-10557&visitorUuid=a665cbd6-6825-4506-a0d0-da0a0c8cadfb&url=https%3A%2F%2Fwww.perimeterx.com%2Fresources%2Fblog%2F2021%2Fturbotax-ato-attack-foretells-serious-wave-of-financial-fraud%2F%3Futm_source%3Dtwitter%26utm_medium%3Dorganic-social
Protocol: H2
Server: 35.170.150.33 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: https://www.perimeterx.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Mon, 28 Jun 2021 17:58:38 GMT
content-type: text/plain
access-control-allow-origin: https://www.perimeterx.com
access-control-allow-methods: GET, PUT, POST, PATCH, OPTIONS
access-control-expose-headers
access-control-max-age: 1728000
access-control-allow-credentials: true
access-control-allow-headers: content-type
content-encoding: gzip
vary: Accept-Encoding

OPTIONS
H2 200 init
jukebox.pathfactory.com/api/public/v1/ Frame 0
0 301ms
97ms Preflight
text/plain 35.170.150.33
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://jukebox.pathfactory.com/api/public/v1/init?clientId=LB-FE20E0D4-10557&image=&title=&url=https%3A%2F%2Fwww.perimeterx.com%2Fresources%2Fblog%2F2021%2Fturbotax-ato-attack-foretells-serious-wave-of-financial-fraud%2F%3Futm_source%3Dtwitter%26utm_medium%3Dorganic-social
Protocol: H2
Server: 35.170.150.33 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: https://www.perimeterx.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Mon, 28 Jun 2021 17:58:38 GMT
content-type: text/plain
access-control-allow-origin: https://www.perimeterx.com
access-control-allow-methods: GET, PUT, POST, PATCH, OPTIONS
access-control-expose-headers
access-control-max-age: 1728000
access-control-allow-credentials: true
access-control-allow-headers: content-type
content-encoding: gzip
vary: Accept-Encoding

GET
H2 200 /
www.facebook.com/tr/ 44 B
147 B 35ms
32ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=368880343933228&ev=PageView&dl=https%3A%2F%2Fwww.perimeterx.com%2Fresources%2Fblog%2F2021%2Fturbotax-ato-attack-foretells-serious-wave-of-financial-fraud%2F%3Futm_source%3Dtwitter%26utm_medium%3Dorganic-social&rl=https%3A%2F%2Ft.co%2F&if=false&ts=1624903118786&sw=1600&sh=1200&v=2.9.42&r=stable&ec=0&o=30&fbp=fb.1.1624903118784.865997906&it=1624903118443&coo=false&rqm=GET

Requested by

Host: www.perimeterx.com
URL: https://www.perimeterx.com/resources/blog/2021/turbotax-ato-attack-foretells-serious-wave-of-financial-fraud/?utm_source=twitter&utm_medium=organic-social

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.perimeterx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 28 Jun 2021 17:58:38 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Mon, 28 Jun 2021 17:58:38 GMT

POST
H2 200 /
www.facebook.com/tr/ 0
82 B 307ms
6ms Ping
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.perimeterx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundarypEZXWSGY6DS7w0bM

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
server: proxygen-bolt
date: Mon, 28 Jun 2021 17:58:39 GMT
content-type: text/plain
access-control-allow-origin: https://www.perimeterx.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 0

GET
H2 200 forms2.css
app-sj13.marketo.com/js/forms2/css/ 13 KB
3 KB 44ms
44ms Stylesheet
text/css 104.16.94.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app-sj13.marketo.com/js/forms2/css/forms2.css

Requested by

Host: app-sj13.marketo.com
URL: https://app-sj13.marketo.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.94.80 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.perimeterx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 28 Jun 2021 17:58:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2357
vary: Accept-Encoding
content-length: 2623
cf-request-id: 0af55f0a21000068c444a15000000001
last-modified: Fri, 18 Jun 2021 20:07:07 GMT
server: cloudflare
etag: "2080b74-3437-5c50fde38d0c0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=63113904
content-type: text/css
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 6668cdf03c5e68c4-CDG
expires: Mon, 28 Jun 2021 21:58:39 GMT

GET
H2 200 forms2-theme-simple.css
app-sj13.marketo.com/js/forms2/css/ 826 B
355 B 54ms
54ms Stylesheet
text/css 104.16.94.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app-sj13.marketo.com/js/forms2/css/forms2-theme-simple.css

Requested by

Host: app-sj13.marketo.com
URL: https://app-sj13.marketo.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.94.80 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

14c8c62dc692fd8faa04434e3fed25e7c23d596b732f9db88f6e9f9ff5dfa61c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.perimeterx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 28 Jun 2021 17:58:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 946
content-length: 242
cf-request-id: 0af55f0a25000068c4401b6000000001
last-modified: Fri, 18 Jun 2021 20:07:07 GMT
server: cloudflare
etag: "2e20b1-33a-5c50fde38d0c0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 6668cdf03c6068c4-CDG
expires: Mon, 28 Jun 2021 21:58:39 GMT

GET
H2 200 insent Show response
perimeterx.widget.insent.ai/ 72 KB
19 KB 368ms
9ms Script
binary/octet-stream 2600:9000:214f:fc00:f:7ae2:7780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://perimeterx.widget.insent.ai/insent
Requested by: Host: client.botchk.net
URL: https://client.botchk.net/PX2003/main.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:fc00:f:7ae2:7780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 58d9af7272ebec83bda6f19d7b31d1b29b7d0502e0b732e61d22e4d1097b50af

Request headers

Referer: https://www.perimeterx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: rTenaRVjzANW9vxNs4UYI6oaOZJGSvIV
content-encoding: gzip
last-modified: Thu, 24 Jun 2021 08:27:14 GMT
server: AmazonS3
age: 72565
etag: "03812ffcfd512314267937bf3eb5c642"
x-cache: Hit from cloudfront
content-type: binary/octet-stream
via: 1.1 e8b17f734954ee4d46d26cf302323482.cloudfront.net (CloudFront)
date: Sun, 27 Jun 2021 21:50:15 GMT
x-amz-cf-pop: FRA53-C1
content-length: 18950
x-amz-cf-id: 2CMH7zngyctnuRa31q08HvkupeL7ENACU6GmvF_HJDC0kHXRMPeJTQ==

GET
H2 200 XDFrame Show response
app-sj13.marketo.com/index.php/form/ Frame 96CA 2 KB
908 B 230ms
230ms Document
text/html 104.16.94.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app-sj13.marketo.com/index.php/form/XDFrame

Requested by

Host: app-sj13.marketo.com
URL: https://app-sj13.marketo.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.94.80 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f7de86aeeaf1497ab17a830dbafdbd58f72f842ca6e2b33097e6e43fa2ac8a27

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904
X-Content-Type-Options	nosniff

Request headers

:method: GET
:authority: app-sj13.marketo.com
:scheme: https
:path: /index.php/form/XDFrame
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.perimeterx.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: __cf_bm=0405ae1ddfd44073c9d3404b80d4d0db8d17f592-1624903117-1800-AfSOOBcGeu+HIRWNHqJnLKkTLdQBI/SdoN90DMVH/ij+3QmFftIubo61M1OFl0/uQVfvjRve0noKouwdJYOcFH8=
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.perimeterx.com/

Response headers

date: Mon, 28 Jun 2021 17:58:40 GMT
content-type: text/html; charset=utf-8
content-length: 652
cache-control: max-age=3600
strict-transport-security: max-age=63113904
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
set-cookie: BIGipServersj13web-nginx-app_https=!GaCOo18lCUm7YAamfApvaf9MEhiEHXwQeNRTTWFJbEMsV2QQ79TjsRZVtFLzA3WiJ7Xjbg58lFp8G7M=;Path=/;Version=1;Secure;Httponly
cf-cache-status: DYNAMIC
cf-request-id: 0af55f0bc7000068c446bd0000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 6668cdf2ddec68c4-CDG

POST
H2 200 collector Show response
sapi2003.botchk.net/api/v2/ 444 B
509 B 73ms
73ms XHR
application/json 35.186.220.184
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://sapi2003.botchk.net/api/v2/collector
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.220.184 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: 72dd9a68437a29d5804653e9f03d6e4ef4204eadf742a7ea14c80fc18916c103

Request headers

Referer: https://www.perimeterx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Mon, 28 Jun 2021 17:58:39 GMT
via: 1.1 google
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.perimeterx.com
access-control-allow-credentials: true
timing-allow-origin: *
alt-svc: clear
content-length: 444

POST
H2 200 page_views Show response
jukebox.pathfactory.com/api/public/v1/ 153 B
739 B 144ms
144ms XHR
application/json 35.170.150.33
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://jukebox.pathfactory.com/api/public/v1/page_views

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.170.150.33 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Resource Hash

9594734459b35f4314098f2f3fc93f3b3b6c6452606ace3d3e1f0b7846ab73c6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept: application/json
Referer: https://www.perimeterx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 28 Jun 2021 17:58:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
vary: Origin, Accept-Encoding
x-request-id: 864dff7e-a7ce-4a7f-bde9-4015eab443a6
x-runtime: 0.042359
referrer-policy: no-referrer-when-downgrade
etag: W/"9594734459b35f4314098f2f3fc93f3b"
access-control-max-age: 1728000
access-control-allow-methods: GET, PUT, POST, PATCH, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.perimeterx.com
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true

OPTIONS
H2 200 page_views
jukebox.pathfactory.com/api/public/v1/ Frame 0
0 96ms
96ms Preflight
text/plain 35.170.150.33
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://jukebox.pathfactory.com/api/public/v1/page_views
Protocol: H2
Server: 35.170.150.33 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.perimeterx.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Mon, 28 Jun 2021 17:58:40 GMT
content-type: text/plain
access-control-allow-origin: https://www.perimeterx.com
access-control-allow-methods: GET, PUT, POST, PATCH, OPTIONS
access-control-expose-headers
access-control-max-age: 1728000
access-control-allow-credentials: true
access-control-allow-headers: content-type
content-encoding: gzip
vary: Accept-Encoding

GET
H2 200 forms2.min.js Show response
app-sj13.marketo.com/js/forms2/js/ Frame 96CA 204 KB
68 KB 42ms
42ms Script
application/x-javascript 104.16.94.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app-sj13.marketo.com/js/forms2/js/forms2.min.js

Requested by

Host: app-sj13.marketo.com
URL: https://app-sj13.marketo.com/index.php/form/XDFrame

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.94.80 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

014de295141a456ceda8e3c4762085e53dca50f91ddf65906d227f70cf0b1a55

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904
X-Content-Type-Options	nosniff

Request headers

Referer: https://app-sj13.marketo.com/index.php/form/XDFrame
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 28 Jun 2021 17:58:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1314
strict-transport-security: max-age=63113904
cf-request-id: 0af55f0cb0000068c446be4000000001
last-modified: Fri, 18 Jun 2021 20:07:07 GMT
server: cloudflare
etag: "2080b79-33187-5c50fde38d0c0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=14400
cf-ray: 6668cdf44ec268c4-CDG
expires: Mon, 28 Jun 2021 21:58:40 GMT

POST
H2 204 create_event Show response
jukebox.pathfactory.com/api/public/v1/page_views/ 0
459 B 111ms
111ms XHR
text/plain 35.170.150.33
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://jukebox.pathfactory.com/api/public/v1/page_views/create_event

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.170.150.33 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept: application/json
Referer: https://www.perimeterx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

x-runtime: 0.011229
date: Mon, 28 Jun 2021 17:58:40 GMT
referrer-policy: no-referrer-when-downgrade
access-control-max-age: 1728000
access-control-allow-methods: GET, PUT, POST, PATCH, OPTIONS
access-control-allow-origin: https://www.perimeterx.com
access-control-expose-headers
cache-control: no-cache
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
vary: Origin
x-content-type-options: nosniff
x-request-id: aa7f48a1-5631-4a8f-8b82-b8d4439a71c4

OPTIONS
H2 200 create_event
jukebox.pathfactory.com/api/public/v1/page_views/ Frame 0
0 96ms
96ms Preflight
text/plain 35.170.150.33
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://jukebox.pathfactory.com/api/public/v1/page_views/create_event
Protocol: H2
Server: 35.170.150.33 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.perimeterx.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Mon, 28 Jun 2021 17:58:40 GMT
content-type: text/plain
access-control-allow-origin: https://www.perimeterx.com
access-control-allow-methods: GET, PUT, POST, PATCH, OPTIONS
access-control-expose-headers
access-control-max-age: 1728000
access-control-allow-credentials: true
access-control-allow-headers: content-type
content-encoding: gzip
vary: Accept-Encoding

POST
H2 200 collector Show response
sapi2003.botchk.net/api/v2/ 432 B
497 B 65ms
65ms XHR
application/json 35.186.220.184
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://sapi2003.botchk.net/api/v2/collector
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.220.184 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: cc8f4574c52785695b297151231a75cac8465f4f69dfa4308279b57a2bddaf66

Request headers

Referer: https://www.perimeterx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Mon, 28 Jun 2021 17:58:39 GMT
via: 1.1 google
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.perimeterx.com
access-control-allow-credentials: true
timing-allow-origin: *
alt-svc: clear
content-length: 432

POST
H2 204 create_event Show response
jukebox.pathfactory.com/api/public/v1/page_views/ 0
459 B 113ms
112ms XHR
text/plain 35.170.150.33
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://jukebox.pathfactory.com/api/public/v1/page_views/create_event

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.170.150.33 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept: application/json
Referer: https://www.perimeterx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

x-runtime: 0.011536
date: Mon, 28 Jun 2021 17:58:40 GMT
referrer-policy: no-referrer-when-downgrade
access-control-max-age: 1728000
access-control-allow-methods: GET, PUT, POST, PATCH, OPTIONS
access-control-allow-origin: https://www.perimeterx.com
access-control-expose-headers
cache-control: no-cache
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
vary: Origin
x-content-type-options: nosniff
x-request-id: 88562c06-8d4f-4724-a125-6a802b092cbc

OPTIONS
H2 200 create_event
jukebox.pathfactory.com/api/public/v1/page_views/ Frame 0
0 96ms
96ms Preflight
text/plain 35.170.150.33
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://jukebox.pathfactory.com/api/public/v1/page_views/create_event
Protocol: H2
Server: 35.170.150.33 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.perimeterx.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Mon, 28 Jun 2021 17:58:40 GMT
content-type: text/plain
access-control-allow-origin: https://www.perimeterx.com
access-control-allow-methods: GET, PUT, POST, PATCH, OPTIONS
access-control-expose-headers
access-control-max-age: 1728000
access-control-allow-credentials: true
access-control-allow-headers: content-type
content-encoding: gzip
vary: Accept-Encoding

POST
H2 200 collector Show response
sapi2003.botchk.net/api/v2/ 432 B
493 B 66ms
66ms XHR
application/json 35.186.220.184
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://sapi2003.botchk.net/api/v2/collector
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.220.184 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: 0f45e5d7ca7b5737fe2b9971e53fd37fd3040c0bb08022ffde4aa5bbb316aa43

Request headers

Referer: https://www.perimeterx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Mon, 28 Jun 2021 17:58:40 GMT
via: 1.1 google
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.perimeterx.com
access-control-allow-credentials: true
timing-allow-origin: *
alt-svc: clear
content-length: 432

POST
H2 200 collector Show response
sapi2003.botchk.net/api/v2/ 432 B
493 B 57ms
56ms XHR
application/json 35.186.220.184
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://sapi2003.botchk.net/api/v2/collector
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.220.184 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: 0b93d396e60d92ecc2a43aa90a56ca61ec47ef7464f2a6180da7cb50d60c3282

Request headers

Referer: https://www.perimeterx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Mon, 28 Jun 2021 17:58:43 GMT
via: 1.1 google
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.perimeterx.com
access-control-allow-credentials: true
timing-allow-origin: *
alt-svc: clear
content-length: 432

Verdicts & Comments Add Verdict or Comment

121 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

27 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.perimeterx.com/	1970-01-19 21:31:19	Name: _fbp Value: fb.1.1624903118784.865997906
.perimeterx.com/	1970-01-20 04:07:19	Name: OptanonConsent Value: isIABGlobal=false&datestamp=Mon+Jun+28+2021+19%3A58%3A38+GMT%2B0200+(Central+European+Summer+Time)&version=6.14.0&hosts=&consentId=a3e683d0-0eba-459d-9c3a-13815c009c75&interactionCount=0&landingPath=https%3A%2F%2Fwww.perimeterx.com%2Fresources%2Fblog%2F2021%2Fturbotax-ato-attack-foretells-serious-wave-of-financial-fraud%2F%3Futm_source%3Dtwitter%26utm_medium%3Dorganic-social&groups=C0004%3A1%2CC0003%3A1%2CBG4%3A1%2CC0001%3A1%2CC0002%3A1
.perimeterx.com/	1970-01-20 12:52:55	Name: _ga_S5CWZF51H2 Value: GS1.1.1624903118.1.0.1624903118.0
.perimeterx.com/	1970-01-20 04:07:19	Name: _biz_flagsA Value: %7B%22Version%22%3A1%2C%22ViewThrough%22%3A%221%22%2C%22XDomain%22%3A%221%22%7D
www.perimeterx.com/	1970-01-19 19:21:43	Name: _pxff_af_rf Value: 1
.perimeterx.com/	1970-01-20 12:52:55	Name: _px_f394gi7Fvmc43dfg_user_id Value: NzdjYjMxNDAtZDgzYS0xMWViLTliYWMtNzM5YmVlODg3ZTk4
www.perimeterx.com/	1970-01-19 19:21:43	Name: _pxff_af_se Value: 1
.perimeterx.com/	1970-01-19 19:21:43	Name: _gat_UA-57261032-1 Value: 1
.perimeterx.com/	1970-01-20 12:52:55	Name: _ga Value: GA1.2.577416843.1624903118
www.perimeterx.com/	1970-01-19 19:21:43	Name: _pxff_af_cd Value: 1
.perimeterx.com/	1970-01-20 04:07:19	Name: _biz_uid Value: 20b96ace993e4d51c87af4a898fa63b0
www.perimeterx.com/	1970-01-19 19:21:43	Name: _pxff_rid Value: 6905385671275758357
www.perimeterx.com/	1970-01-19 19:21:43	Name: _pxff_af_sp Value: 1
www.perimeterx.com/	1970-01-19 19:21:43	Name: _pxff_scs Value: 1,WOWMAN
www.perimeterx.com/	1970-01-19 19:21:43	Name: _pxff_cl Value: 888
.perimeterx.com/	1970-01-20 04:07:19	Name: _px_uAB Value: MTMzN3x0cnVl
www.perimeterx.com/	1970-01-19 19:21:43	Name: _pxff_idp_p Value: 1
www.perimeterx.com/	1970-01-19 19:21:43	Name: _pxff_wow Value: 1
.perimeterx.com/	1970-01-20 04:07:19	Name: _biz_pendingA Value: %5B%5D
www.perimeterx.com/	1970-01-19 19:21:43	Name: _pxff_ww Value: 1
www.perimeterx.com/	1970-01-19 19:24:35	Name: _px Value: UBdxA55xL08hYSzT06s5NhGhjWPXDYQCeHTzSDlSZsmIzVxqS5rd5NFl3dHrHpjEuNYpzS+6VWr7vU73JIZ87A==:1000:tAX/cP1zSpEUhB1gHpVlYymUd7EB3epZjaaO9uIqU7Y0V+MPqZY6V4e7sFq5OVUa2t/M9tN91gEaiUEivH9xT/jeUFuGVdLwAfTMnHc/Z/LpC65Xt4y9gT+xhrwYEKfm5uvgXgUEHuMy+TX29Mh9Wt3mjIfv89pbp5vdkb/eBp5aTKLI6rlycrlqD7XlBqpMmGL0esNeFNaETCz1e1eQ0j4xcwIkIc5kPXDP6iUNWiA9eM4LS/uBXUV/wHqTxwVjMIgyrpNUeOWqUHHPDlbxHA==
www.perimeterx.com/	1970-01-19 19:21:43	Name: _pxff_bdd Value: 1000
.perimeterx.com/	1970-01-19 19:21:44	Name: _biz_sid Value: 97e1ea
www.perimeterx.com/	1970-01-20 04:07:19	Name: _pxvid Value: 77068391-d83a-11eb-b5a0-0242ac12001a
.perimeterx.com/	1970-01-20 04:07:19	Name: _biz_nA Value: 1
www.perimeterx.com/	1970-01-19 19:21:43	Name: _pxff_af_wp Value: 1
.perimeterx.com/	1970-01-19 19:23:09	Name: _gid Value: GA1.2.699729854.1624903118

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	(Line 1) Message: Loaded
console-api	warning	URL: https://app.cdn.lookbookhq.com/production/jukebox/current/jukebox.js(Line 1) Message: Multiple instances of jukebox were added to this page.
console-api	warning	URL: https://app.cdn.lookbookhq.com/production/jukebox/current/jukebox.js(Line 1) Message: Multiple instances of jukebox were added to this page.
console-api	warning	URL: https://connect.facebook.net/en_US/fbevents.js(Line 24) Message: [Facebook Pixel] - Duplicate Pixel ID: 368880343933228.
console-api	warning	URL: https://app.cdn.lookbookhq.com/production/jukebox/current/jukebox.js(Line 1) Message: Multiple instances of jukebox were added to this page.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=0
X-Xss-Protection	0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app-sj13.marketo.com
app.cdn.lookbookhq.com
bit.ly
cdn.bizible.com
cdn.bizibly.com
cdn.cookielaw.org
client.botchk.net
connect.facebook.net
d10lpsik1i8c69.cloudfront.net
d33wubrfki0l68.cloudfront.net
fonts.googleapis.com
fonts.gstatic.com
jukebox.pathfactory.com
lftracker.leadfeeder.com
marketo.clearbit.com
maxcdn.bootstrapcdn.com
munchkin.marketo.net
perimeterx.com
perimeterx.widget.insent.ai
px.ads.linkedin.com
px4.ads.linkedin.com
sapi2003.botchk.net
snap.licdn.com
stats.g.doubleclick.net
t.co
tracking.g2crowd.com
widget.stackbit.com
ws.zoominfo.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.linkedin.com
www.perimeterx.com
www.youtube.com
104.111.234.67
104.16.94.80
104.244.42.197
108.174.10.14
13.224.193.59
13.224.193.6
151.101.193.40
18.169.30.171
2600:9000:214f:fc00:f:7ae2:7780:93a1
2606:4700::6810:9440
2606:4700::6810:a852
2606:4700::6812:1bbe
2606:4700::6812:bcf
2620:119:50e1:101::6cae:b25
2620:1ec:21::14
2a00:1450:4001:801::2003
2a00:1450:4001:808::2004
2a00:1450:4001:810::200e
2a00:1450:4001:811::200e
2a00:1450:4001:812::2008
2a00:1450:4001:828::200a
2a00:1450:4001:829::2003
2a00:1450:4001:82a::2003
2a00:1450:4001:82f::2008
2a00:1450:4001:830::200e
2a00:1450:400c:c0c::9d
2a02:26f0:6c00:296::25ea
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
2a03:b0c0:3:d0::d23:e001
35.170.150.33
35.186.220.184
35.198.187.166
65.9.84.15
65.9.84.20
67.199.248.11
68.232.35.12
75.2.60.5
014de295141a456ceda8e3c4762085e53dca50f91ddf65906d227f70cf0b1a55
023694a0472dde38c6600bf88e6330765839e53f64f94edb63714aeab3de7e51
026c5db877da222d2316bf1197b8947a96c7623d51a4d462c91bf927dece3429
02ddaf43f5581575f14b7a3df900d5ae4d195526af1da0f971582f708944b4e0
0449b35a7ee255e878af76c830b004eb41f1102a4ab3ad02641b9313f9bc7920
04fac4a0b1ae3f61cbddf6c63d60ad3b419dba7cfd817352c7dc1d2a00e8e48e
075a50cd5e6970430df3d82a77814c2af2a35da429ac042e0ffd7b647848dbe2
0b66d3dc0ce53ef65d4b2c64c9fa31078da3dd315e9f0e9b9c26f86fc5a344e2
0b93d396e60d92ecc2a43aa90a56ca61ec47ef7464f2a6180da7cb50d60c3282
0e4ee2659ff5bd50e75e13eecb867d12cd461815d07c0b130df662c9047077b0
0ed21dc875fae1fa3ce2f086df55663af0ad6c87469d895bc06d5482fd7c2452
0f45e5d7ca7b5737fe2b9971e53fd37fd3040c0bb08022ffde4aa5bbb316aa43
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
1351a45d5a9c19a15b5e8861cb81b50bb082c195c92263c3d48683ce69b75264
14c8c62dc692fd8faa04434e3fed25e7c23d596b732f9db88f6e9f9ff5dfa61c
18567ae82ca00d18071ddab02fe5cde910cecdb6266a396a784f1f6fdd9691fa
19a299c21eda40ac6ccd1d311b72bd8b781c69457badcfbb8d046ce9b856fa91
1c979e1a7ccd5dfb380d99b6190410a869f2341fd916d1cf78b72c48a227c34d
1d3ca61b724266c0a7c4e341710e9e53509d6c02e5dc28eb33bbaae8beae7a5f
1e684b29a964c9dabb99a959c1bd61bb87afc3428257c8a63ba7ac6c818bc760
20e51cc8fa0f52b2b6153113a2bfb1d39b01709057d3cccff2bd5603fd828513
256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a
295a6f34cca151fb571334f47d3d09aab60091e4ecd7e7c94a515e04eccf0433
306645d30c4467b91a311348faf66ce110eb6e2a689ac7c4836f15da83159330
31a6e3323dbe93c110e3c98bb11e690e440d7b939197614e415ca3611ca6c847
3467093da21cc8d6cb66f57b48e20c8a360a2d10c69921bbfebff85b238d1ede
3727ed44450db8aad7c9c7b0a7f34348022ca4fa0faea2b250ace30766c2ba4f
38c08303bd5a371b305829b5f0c83d29d574460285b79e0796c24298fe2e50fe
3dae93a05edd9dcfc1864b87178a31e0bfa93e1a9b1c486c6e9cbf73cae87862
3f660ebe99fe584c874b8833ac737d6428cfde00dae35f9a8380b0fe7dd8f414
3f93e577cb3050e9e2b1058685b0459709fc083f15302ae4d88a1dc2a73d4c16
4063e72c353fcac556ca10a2d6d26666e4b486aaefaa1872585b3f9e88b91adb
42233da550b73a304d3f7fcbbe364c5665981a11e17df901014ee20c8ec1bea9
4c52e4274ebdbe29cd5b4983d888c247496b6d3bb55e05d4c0769d1b946d14f8
4f62a641ef8d879fa59c3c8fe4b8ecd6be9b6e7f430c6c343e94005505140cbe
50da521fecbf77ed6b4c6acfc8da0ce1b5a3cf644f2967d035deedd6eabff5f8
58d9af7272ebec83bda6f19d7b31d1b29b7d0502e0b732e61d22e4d1097b50af
58e49c7f28694cde2e9a5927b59eab25748ab55a9055c68d4668aef6a1478529
5dca844b419a5e65d7f9fbfe3305dda75c0abe12f683e88e67bd2c1874cc480b
681d1e8c9561c7e9c9f01ec5333d798a77dc4de9a8494a028300c233f3c87eda
6e6e6a03e72a528c28884b50bf296425667f38dd0aaf1dd17ce89199ffc85271
72dd9a68437a29d5804653e9f03d6e4ef4204eadf742a7ea14c80fc18916c103
73d6a5ea11fb7bf6e6a6ccd44b1635d52c79b0a00623d0387c9dddd4b7c68e89
756ce5cbeb4877d57748c6d6c51dc27ccbcc7d5bbafbd784471a77733749004b
7777858e85646ef5fb3a61d3862af526216ae6f199db4bf1c6ad6b2fcde3bf47
79fcef7a0549ef72c11fc65e27b2e6bb1194eab7d9717980091bc577cfb9b73f
7c054a75c73f2d7d2ae0aeeeb931348c257ad3238410d1a173d237cf27b6c0ae
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
868f2732413f5fcb021d726343ac249b6ca630db5fbd578f6525f279dda5c22b
87371b95c57ff63cc90819bd366c6be2633d07357cc59ba8bc1c6b9d6c0be1c6
8b928cc01c0d285480c24a9b43ddc219ece2971028a5f634d41f69a0882ff0d5
8c60af1ea3be3e55bfae38aba5c80bfdd6b773c3b95e0562f742fba861febeed
91caf7adf186e22a68bd0c33e4d8a53da5f73225383787be1f2d4925f2a8b767
9581db374caecebc6f6646199d9aece2f7b834e70267434cf80a1733104940eb
9594734459b35f4314098f2f3fc93f3b3b6c6452606ace3d3e1f0b7846ab73c6
9643ad4251cb0b5eac75b7141f9f2109fb2997b3ccfcbbab7ad11c8619adc0b8
99fa5a280296b5fc7b63433ee121a359fc68c4a37f04a87d363e751164b96ff1
a04aca0fd034336973d150c06e9ef193a258269a0ba4430bbf2b213889f70f07
a13ef54675158617c2c34a497fa54c0ac423899bfe5eb94d1ccad028efeea5bb
a1606dc3219b3e444dbb90ac8124a1a272f9f5a34a9a095f7960dc88054e865b
a42f2ec73409f2753ef17d737714c86303fa45fc3a3d484a9b0c8ed28ef0fd6b
a4bac9daae0662ebb93c15edada89b10d2e791a972cc2259aadac11a0ff2c181
a5de3651c0aa89e6497da505565c8944039fd6480aa161b1f270d1f5953c9d5f
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b3f187f345fd1fcb61a6e62e813655dad81a4d1f0a093ac53e6bc7b2c5ad70c5
b4b2e637e8e48456c992fe2bcda10c486ec76e87633efe0209c1a1115dc1cd30
b5d7707ea8fc00aae40bf500ac7498d7f32f6b1bbff7b4fde976a40345eb5f9d
b64ca77cdc0e0bf8fc903165020ac7f17f05bcc4c1d45a51dfc8e3f8bf4b116f
bb1d421bd5586b719f13757ede8730c0f1346fc3e7335717449fc7e6c2361e42
bb4e4361bb9aedeac2b5e9c83880299d3ec7f8379eff421f556ec083cd7f4fbc
bc23c29d27bfa5246bc475469282fcc459f6a02e1ceed643be4e457582783da2
bf6c1e2f8c250b7efeb5d250181599880b1c17efc3c94466aa5d847454bf14ef
c008477d42080c18ff7d78bd81b6ad4765c5260e921156b786c018471dc85a69
c73575543a5c99018f842960f9882edaa0918965ea856e91de9717a0d58d3f1c
c8d0b81a57181cf2eae9008f8e29bc677929e08c4b0a7103402e2969cfb78dc2
cbd211affe55e09db45f35c705167002bf33043aa4ac51241291d688cd2a1666
cc8f4574c52785695b297151231a75cac8465f4f69dfa4308279b57a2bddaf66
ccbc95bd199c56a211771182f1eecc5ee0e73c6ae3c78115de8a42ad5a51f33e
d05da3cd5744a4cdaf9ef7fb24dbb363728b34b52e0f49e4893642b47a440901
d15c6bea859dda73fbc954ba5bf4ce8c5afaa8d94ae3273da10a012b0dab9174
d4f63e5ec60f49831cc9b100e3c08f0d4c10d0dceb4d24082fa0a8ca8a459e95
d57457ad6cbb585b9446283dfe53d43fc330ee07ec2daa6fe39138adec5e766b
d735ca871781b477a291882d01129f846bcc1cf629041e7e8a18cad1484851bd
d74408db4108893e66447943fc51da1d89eaddee748a44c0be5c4625deabd901
d90155832f9bddcd52fafc3af700a524044ef181ac6438aa9b169cd697568be7
db311174b0e3c340727b63c055cfb5b317808e909503e1bda11cc58af444f12b
dbc2a7f895d05be1b17ed8eb1eb609589ff3b3f9b3e2ee97f9a9e530f9026b75
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e025dd3bce02f191bc97fca49b22204e5f3a62b3823aeea7a9b3e57e500f02db
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3b4c3d15bf626b8a3f3ea137844dc70ccfc1f88db77272082826d8a0c7e8b47
e7c129ee5de51a2692632d98e0e18cbc092fb758635921e4ecc404293495fafa
e9e78f908bdf3f9be0722426619806a106eeeaf4aa1135772142d532d9b5190d
ea3403647721183ec2482fafca2c93a1d57d28964fc3c71669c5db4f4ed4203a
eb5587a924cd997ae5ab4896d812257c47dae81e2b9b7a0a049b78cf32793968
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f06150cd74f4090b6b1194c7fb227fda21f859229aa851169b8116e330ee160b
f0b95e8950b81fa655c524058049ef623f22ca34eb0bbda248c3859c2404f0f6
f21dbb292fc97aec4d2e84c9d7ff3ddd1a9c74381d46a8aaa696db0ff997dfd3
f4db3f261db5eddcd389fdc4815799b8b5b9ab0892b47467968d3faa3c35a4e1
f7bba0cc484923e9dc8eb46a451efbd2ebe40980e07195777adaa39956bc5cd5
f7de86aeeaf1497ab17a830dbafdbd58f72f842ca6e2b33097e6e43fa2ac8a27
f944df72552773bac4497ca649211db14de1f01f43fbf9992cbdfa4056d5196b
ff4c7f78fabf46226b298888938c85635d5f07d8a81b71a2ee4facde2c7619fb

www.perimeterx.com Open in urlscan Pro 2a03:b0c0:3:d0::d23:e001 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

135 Requests

100 %HTTPS

58 %IPv6

31 Domains

36 Subdomains

35 IPs

4 Countries

2048 kBTransfer

5873 kBSize

27 Cookies

13 Outgoing links

Page URL History

Redirected requests

135 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.perimeterx.com Open in urlscan Pro
2a03:b0c0:3:d0::d23:e001 Public Scan

Screenshot
Live screenshot

Full Image

135
Requests

100 %
HTTPS

58 %
IPv6

31
Domains

36
Subdomains

35
IPs

4
Countries

2048 kB
Transfer

5873 kB
Size

27
Cookies

135 HTTP transactions
1 data transactions