www.tobaccotaxrefund.com Open in urlscan Pro
188.114.97.3 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.tobaccotaxrefund.com/
Submission: On November 19 via automatic, source certstream-suspicious (November 19th 2024, 2:47:11 am UTC) — Scanned from NL

Summary HTTP 36 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 13 IPs in 3 countries across 10 domains to perform 36 HTTP transactions. The main IP is 188.114.97.3, located in Amsterdam, Netherlands and belongs to CLOUDFLARENET, US. The main domain is www.tobaccotaxrefund.com.
TLS certificate: Issued by WE1 on September 22nd 2024. Valid for: 3 months.

This is the only time www.tobaccotaxrefund.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
13	188.114.97.3 188.114.97.3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a00:1450:400... 2a00:1450:4001:81c::2008	15169 (GOOGLE) (GOOGLE)
1	155.204.144.46 155.204.144.46	15830 (Equinix E...) (Equinix Equinix (EMEA) Acquisition Enterprises B.V.)
2	157.240.253.1 157.240.253.1	32934 (FACEBOOK) (FACEBOOK)
1	2a00:1450:400... 2a00:1450:4001:802::200a	15169 (GOOGLE) (GOOGLE)
1	172.217.18.4 172.217.18.4	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:802::200e	15169 (GOOGLE) (GOOGLE)
3	142.250.184.195 142.250.184.195	15169 (GOOGLE) (GOOGLE)
2	199.46.34.118 199.46.34.118	213120 (PROLEXIC-...) (PROLEXIC-IP-PROTECT Akamai International B.V.)
4	64.70.194.87 64.70.194.87	32400 (HWSERVICE...) (HWSERVICES-32400)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
2	157.240.253.35 157.240.253.35	32934 (FACEBOOK) (FACEBOOK)
36	13

13 188.114.97.3 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)

www.tobaccotaxrefund.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:81c::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 155.204.144.46 (Dallas, United States)

ASN15830 (Equinix Equinix (EMEA) Acquisition Enterprises B.V., NL)

analytics.scorpion.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 157.240.253.1 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-02-fra5.fbcdn.net

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:802::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.18.4 (United States)

ASN15169 (GOOGLE, US)
PTR: fra15s28-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:802::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.184.195 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f3.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 199.46.34.118 (United States)

ASN213120 (PROLEXIC-IP-PROTECT Akamai International B.V., NL)

www.scorpioncms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 64.70.194.87 (United States)

ASN32400 (HWSERVICES-32400, US)

sa.scorpion.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 157.240.253.35 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: edge-star-mini-shv-02-fra5.facebook.com

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
13	tobaccotaxrefund.com www.tobaccotaxrefund.com	666 KB
5	scorpion.co analytics.scorpion.co — Cisco Umbrella Rank: 70902 sa.scorpion.co — Cisco Umbrella Rank: 63439	14 KB
4	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	275 KB
3	gstatic.com fonts.gstatic.com	59 KB
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 36 region1.google-analytics.com — Cisco Umbrella Rank: 3353	22 KB
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 120	211 B
2	scorpioncms.com www.scorpioncms.com — Cisco Umbrella Rank: 96561	3 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 192	76 KB
1	google.com www.google.com — Cisco Umbrella Rank: 3
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 29	971 B
36	10

	Domain	Requested by
13	www.tobaccotaxrefund.com	www.tobaccotaxrefund.com
4	sa.scorpion.co	analytics.scorpion.co
4	www.googletagmanager.com	www.tobaccotaxrefund.com www.googletagmanager.com
3	fonts.gstatic.com	fonts.googleapis.com
2	www.facebook.com	www.tobaccotaxrefund.com
2	www.scorpioncms.com	www.tobaccotaxrefund.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	connect.facebook.net	www.tobaccotaxrefund.com connect.facebook.net
1	region1.google-analytics.com	www.googletagmanager.com
1	www.google.com	www.googletagmanager.com
1	fonts.googleapis.com	www.tobaccotaxrefund.com
1	analytics.scorpion.co	www.tobaccotaxrefund.com
36	12

This site contains links to these domains. Also see Links.

Domain
maps.google.com
www.scorpion.co

Subject Issuer	Validity	Valid
tobaccotaxrefund.com WE1	`2024-09-22` - `2024-12-21`	3 months	crt.sh
*.google-analytics.com WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh
*.scorpion.co Sectigo RSA Domain Validation Secure Server CA	`2024-01-05` - `2025-02-03`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-08-28` - `2024-11-26`	3 months	crt.sh
upload.video.google.com WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh
*.google.com WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh
*.gstatic.com WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh
scorpioncms.com ZeroSSL RSA Domain Secure Site CA	`2024-10-25` - `2025-01-23`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://www.tobaccotaxrefund.com/
Frame ID: 7A852935030A80D37A8D0B9D11C33182
Requests: 34 HTTP requests in this frame

Frame: https://www.googletagmanager.com/static/service_worker/4al0/sw_iframe.html?origin=https%3A%2F%2Fwww.tobaccotaxrefund.com
Frame ID: BC792C2725013076281B761AAFA123EE
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Tobacco Sales Tax Consultants | Tobacco Tax Refund, Inc

Detected technologies

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Page Statistics

36
Requests

100 %
HTTPS

33 %
IPv6

10
Domains

12
Subdomains

13
IPs

3
Countries

1117 kB
Transfer

2641 kB
Size

14
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://maps.google.com/maps?f=q&hl=en&z=15&q=100%20W%20Cypress%20Creek%20Road,Fort%20Lauderdale,FL,33309
Title: Map & Directions [+]

Search URL Search Domain Scan URL

URL: https://www.scorpion.co/law-firm-marketing/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

36 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3 200 Primary Request / Show response
www.tobaccotaxrefund.com/ 73 KB
17 KB 608ms
579ms Document
text/html 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tobaccotaxrefund.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

92dc27ff9785212220e0394a0f88f4e930254f9705f2080311f76d0e9f57fb7b

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data: cid:; img-src * data: blob: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline', font-src * data:
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private
cf-cache-status: DYNAMIC
cf-ray: 8e4cdf96bab1d596-AMS
content-encoding: zstd
content-security-policy: default-src * blob: data: cid:; img-src * data: blob: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline', font-src * data:
content-type: text/html; charset=utf-8
date: Tue, 19 Nov 2024 02:47:04 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: no-referrer-when-downgrade
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cWgfUTN4rFPqgDJPLYxCGMrFosD1VDW25fWG2Tk%2B11fyblOPKfMDwcMXS3KuiCYPx9%2FM%2FaPw%2B4o%2FH23pGv0Uiv45MlmZ18UE8F8i3lKnmqi4%2FBtrzqNgJAVCIsvCdGB%2B9goCzvVbex65Ys8%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
server-timing: cfL4;desc="?proto=QUIC&rtt=14771&sent=12&recv=10&lost=0&retrans=0&sent_bytes=4177&recv_bytes=4495&delivery_rate=701&cwnd=12000&unsent_bytes=0&cid=6d23bcd6fb0b8393&ts=578&x=1" cfHdrFlush;dur=0
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN

GET
H3 200 xfe68wggbgd.2404091107279.js Show response
www.tobaccotaxrefund.com/cms/includes/ 523 KB
204 KB 169ms
166ms Script
application/javascript 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tobaccotaxrefund.com/cms/includes/xfe68wggbgd.2404091107279.js

Requested by

Host: www.tobaccotaxrefund.com
URL: https://www.tobaccotaxrefund.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d84dea30ea1e86c726eea3bf60c9e3bf2d652f497d719a549eae7f83cb5fc2c8

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data: cid:; img-src * data: blob: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline', font-src * data:
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.tobaccotaxrefund.com/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "105b3fc8a88ada1:0"
age: 94769
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=APAOozzDhUUBe%2BMQVQ089jltUl0uzj58RpUUf8IxzuCCtCT4CzJoUcbYNJzspCa8IMguL%2FOzZ%2BwSAXxtLuLAyIgwpp66csWI%2BRQ98HzbDLhPBxwGNYyCpL2hT8ZrIq11Hh%2BPrnv8mxAJzhQ%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=21360&sent=35&recv=26&lost=0&retrans=0&sent_bytes=27293&recv_bytes=8380&delivery_rate=647371&cwnd=15600&unsent_bytes=0&cid=6d23bcd6fb0b8393&ts=802&x=1", cfHdrFlush;dur=0
date: Tue, 19 Nov 2024 02:47:04 GMT
content-type: application/javascript
last-modified: Tue, 09 Apr 2024 18:07:27 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src * blob: data: cid:; img-src * data: blob: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline', font-src * data:
cache-control: max-age=604800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: no-referrer-when-downgrade
cf-ray: 8e4cdf9b991fd596-AMS
server: cloudflare

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 281 KB
98 KB 248ms
43ms Script
application/javascript 2a00:1450:4001:81c::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-951936100

Requested by

Host: www.tobaccotaxrefund.com
URL: https://www.tobaccotaxrefund.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

5a95a5efac1153f6621579c3604e09a12c0d0af5fae53fb465f83c3d669e07be

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.tobaccotaxrefund.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Tue, 19 Nov 2024 02:47:04 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 19 Nov 2024 02:47:04 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Tue, 19 Nov 2024 00:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 99335
x-xss-protection: 0
server: Google Tag Manager

GET
H3 200 sjszycazw_3.2303291206316.css
www.tobaccotaxrefund.com/cms/includes/ 402 KB
58 KB 180ms
179ms Stylesheet
text/css 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tobaccotaxrefund.com/cms/includes/sjszycazw_3.2303291206316.css

Requested by

Host: www.tobaccotaxrefund.com
URL: https://www.tobaccotaxrefund.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f33a14791674c188711bf6b1e902e0e10bb2992b06e5b69fce52c01bf0c80fa8

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data: cid:; img-src * data: blob: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline', font-src * data:
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.tobaccotaxrefund.com/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "54bf927162d91:0"
age: 94769
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yw%2Bn%2F%2F1hQPmX8JLf6DbT7wnvA%2BalPeZ6CkGVMDVRy2S8o%2BcohDBM6kD5n17fQ78GK4kbILLSnrSdONNdZuLzg5T95xtXBsjWAMXdq9EDgPQk2FbolKgJlTP7wT4JNr%2BEb4laC%2BtogR%2Fxf4k%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=21360&sent=44&recv=26&lost=0&retrans=0&sent_bytes=37644&recv_bytes=8380&delivery_rate=647371&cwnd=15600&unsent_bytes=0&cid=6d23bcd6fb0b8393&ts=803&x=1", cfHdrFlush;dur=17
date: Tue, 19 Nov 2024 02:47:04 GMT
content-type: text/css
last-modified: Wed, 29 Mar 2023 19:06:31 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src * blob: data: cid:; img-src * data: blob: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline', font-src * data:
cache-control: max-age=604800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: no-referrer-when-downgrade
cf-ray: 8e4cdf9b9920d596-AMS
accept-ranges: bytes
content-length: 58710
server: cloudflare

GET
H3 200 Logo.png
www.tobaccotaxrefund.com/images/logos/ 12 KB
13 KB 672ms
669ms Image
image/png 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tobaccotaxrefund.com/images/logos/Logo.png

Requested by

Host: www.tobaccotaxrefund.com
URL: https://www.tobaccotaxrefund.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

62c16210cf3c4c00af2fc08472c697d8d2a2387c98570c37db25f720e7b27c0a

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data: cid:; img-src * data: blob: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline', font-src * data:
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.tobaccotaxrefund.com/

Response headers

cf-cache-status: MISS
etag: "354a27e5b72d51:0"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dnV3kEdeFu2Di251%2BwbEhk0hVZdt4SbL4na9utDJJxQ3zjbVOysvvPKpbK4pyOopgHycZIjvYupGVQfYLacrMTVCIPfPuHUH%2FCMQP5c6SvOnNEvlwLSJvoCNyF%2B3pCu6rlB%2BU1SqfaT2bTo%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=18334&sent=279&recv=83&lost=0&retrans=0&sent_bytes=311694&recv_bytes=10897&delivery_rate=7396213&cwnd=147600&unsent_bytes=0&cid=6d23bcd6fb0b8393&ts=1314&x=1", cfHdrFlush;dur=0
date: Tue, 19 Nov 2024 02:47:04 GMT
content-type: image/png
last-modified: Mon, 23 Sep 2019 22:08:56 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: default-src * blob: data: cid:; img-src * data: blob: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline', font-src * data:
cache-control: max-age=604800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: no-referrer-when-downgrade
cf-ray: 8e4cdf9b9921d596-AMS
accept-ranges: bytes
content-length: 12523
server: cloudflare

GET
H3 200 Logo2.png
www.tobaccotaxrefund.com/images/logos/ 8 KB
9 KB 180ms
178ms Image
image/png 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tobaccotaxrefund.com/images/logos/Logo2.png

Requested by

Host: www.tobaccotaxrefund.com
URL: https://www.tobaccotaxrefund.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

78ab587dd23884c7b297ec7666d233b5e44502d340727d167913abf1954c65f3

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data: cid:; img-src * data: blob: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline', font-src * data:
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.tobaccotaxrefund.com/

Response headers

cf-cache-status: HIT
etag: "6bdaa37e5b72d51:0"
age: 94769
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VAQp%2FU3eKQBS0dT6WdQLUyF%2BOqDEKFFvAwoqQkK%2FR3%2BBMZeG0jbH9LsRKO%2F4ZIFdKpMN7LwjuPpM7eyo0gaBiNnI2tItx5TsaoIPVra46aGiMVOVE6ayKJ4WQdcVRhPAnviN4aFuensUhoY%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=21360&sent=44&recv=26&lost=0&retrans=0&sent_bytes=37644&recv_bytes=8380&delivery_rate=647371&cwnd=15600&unsent_bytes=0&cid=6d23bcd6fb0b8393&ts=804&x=1", cfHdrFlush;dur=16
date: Tue, 19 Nov 2024 02:47:04 GMT
content-type: image/png
last-modified: Mon, 23 Sep 2019 22:08:56 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src * blob: data: cid:; img-src * data: blob: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline', font-src * data:
cache-control: max-age=604800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: no-referrer-when-downgrade
cf-ray: 8e4cdf9b9922d596-AMS
accept-ranges: bytes
content-length: 8373
server: cloudflare

GET
H3 200 65ogsyzgjz6.2011170926456.js Show response
www.tobaccotaxrefund.com/cms/includes/ 7 KB
4 KB 160ms
157ms Script
application/javascript 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tobaccotaxrefund.com/cms/includes/65ogsyzgjz6.2011170926456.js

Requested by

Host: www.tobaccotaxrefund.com
URL: https://www.tobaccotaxrefund.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0bb6934e664392a487b6844c0c88250c3e2e97b336e4f403409f683abf7656e2

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data: cid:; img-src * data: blob: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline', font-src * data:
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.tobaccotaxrefund.com/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "8ca2b4d26bdd61:0"
age: 94768
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Qze2uH6Qa8w7CPM4eZn%2Fag763qNkzS1K4gJJsK9nINUw5H8ZcsQdxzoumWInCyBMMWVLfWvf2yVbkhcHbjyI61sUfLizertxslS%2B564kOb9dNFJO1idcISR2kVPH5TLYyax%2FTuj2jzpCkuQ%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=21360&sent=31&recv=26&lost=0&retrans=0&sent_bytes=23598&recv_bytes=8380&delivery_rate=647371&cwnd=15600&unsent_bytes=0&cid=6d23bcd6fb0b8393&ts=802&x=1", cfHdrFlush;dur=0
date: Tue, 19 Nov 2024 02:47:04 GMT
content-type: application/javascript
last-modified: Tue, 17 Nov 2020 17:26:45 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src * blob: data: cid:; img-src * data: blob: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline', font-src * data:
cache-control: max-age=604800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: no-referrer-when-downgrade
cf-ray: 8e4cdf9b9924d596-AMS
accept-ranges: bytes
content-length: 2695
server: cloudflare

GET
H2 200 sa.js Show response
analytics.scorpion.co/ 12 KB
12 KB 639ms
253ms Script
application/javascript 155.204.144.46
Equinix Equinix (...

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.scorpion.co/sa.js

Requested by

Host: www.tobaccotaxrefund.com
URL: https://www.tobaccotaxrefund.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

155.204.144.46 Dallas, United States, ASN15830 (Equinix Equinix (EMEA) Acquisition Enterprises B.V., NL),

Reverse DNS

Software

nginx /

Resource Hash

b4fd16c35673fee0315a50832658a04e38eb58f6eacb2f438b8c2fc72d37fd09

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.tobaccotaxrefund.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
etag: "66ca80fe-30be"
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 12478
date: Tue, 19 Nov 2024 02:47:04 GMT
content-type: application/javascript
last-modified: Sun, 25 Aug 2024 00:55:26 GMT
server: nginx

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 227 KB
81 KB 290ms
94ms Script
application/javascript 2a00:1450:4001:81c::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-KBR2P94

Requested by

Host: www.tobaccotaxrefund.com
URL: https://www.tobaccotaxrefund.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f9e6fa8e411f8330ee51527fa8322eb9cbe2fbe18fc41decdfca341cc00552b2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.tobaccotaxrefund.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
expires: Tue, 19 Nov 2024 02:47:04 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 19 Nov 2024 02:47:04 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Tue, 19 Nov 2024 00:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 82342
x-xss-protection: 0
server: Google Tag Manager

GET
H3 200 fbevents.js Show response
connect.facebook.net/en_US/ 239 KB
61 KB 210ms
24ms Script
application/x-javascript 157.240.253.1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.tobaccotaxrefund.com
URL: https://www.tobaccotaxrefund.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.253.1 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-02-fra5.fbcdn.net

Software

Resource Hash

43a683165a27224ef2d2717bd57c8c203aa570ce39140504d086562eefbb0f1f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src 'nonce-CyjgIZIa' .fbcdn.net .facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.tobaccotaxrefund.com/

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Tue, 19 Nov 2024 02:47:04 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src 'nonce-CyjgIZIa' *.fbcdn.net *.facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=26, rtx=0, c=23, mss=1232, tbw=4466, tp=9, tpl=0, uplat=0, ullat=-1
pragma: public
x-fb-debug: h4USXQgLQCuQ4NgF8eJlfhMMrd3IckL7iSZJWE1nOgg6TQ5F+k8Hz9fWhskmUrGovqQxt7VBVw05iJbcLI3UnA==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top
content-length: 62152
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H3 200 flair.svg
www.tobaccotaxrefund.com/includes/ 1 KB
1 KB 158ms
157ms Other
image/svg+xml 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tobaccotaxrefund.com/includes/flair.svg

Requested by

Host: www.tobaccotaxrefund.com
URL: https://www.tobaccotaxrefund.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

37758ec098ad025f303f3f423897902d07bcf0a091a186cf774706b3d3d57a11

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data: cid:; img-src * data: blob: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline', font-src * data:
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.tobaccotaxrefund.com/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "257fb1e5ad6cd51:0"
age: 94767
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=t79x2jLLk%2BmF1xGhKwpFf0wUblgofOsEJT8P13yR1Xi5NM7iqsgfKcpz2MpiYK1iLzh1bf6woAYKK%2F4CD%2FONaGIf04spopUp88attY0XPZpY0rEOjlnilxhxVZYYi9wkveSjrwP3cClLa2s%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=21360&sent=29&recv=26&lost=0&retrans=0&sent_bytes=22044&recv_bytes=8380&delivery_rate=647371&cwnd=15600&unsent_bytes=0&cid=6d23bcd6fb0b8393&ts=802&x=1", cfHdrFlush;dur=0
date: Tue, 19 Nov 2024 02:47:04 GMT
content-type: image/svg+xml
last-modified: Mon, 16 Sep 2019 16:43:41 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src * blob: data: cid:; img-src * data: blob: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline', font-src * data:
cache-control: max-age=604800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: no-referrer-when-downgrade
cf-ray: 8e4cdf9b9925d596-AMS
accept-ranges: bytes
content-length: 591
server: cloudflare

GET
DATA 200
OK truncated
/ 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/gif

GET
H2 200 css
fonts.googleapis.com/ 2 KB
971 B 176ms
62ms Stylesheet
text/css 2a00:1450:4001:802::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lato:400,700|Pathway+Gothic+One&display=block

Requested by

Host: www.tobaccotaxrefund.com
URL: https://www.tobaccotaxrefund.com/cms/includes/sjszycazw_3.2303291206316.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

aacf5c80340fd560176be18c518c90f2253403cfda1e6e7ac52a34e11ca034f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.tobaccotaxrefund.com/cms/includes/sjszycazw_3.2303291206316.css

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Tue, 19 Nov 2024 02:47:04 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 19 Nov 2024 02:47:04 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Tue, 19 Nov 2024 02:47:04 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H3 200 1191857475053914 Show response
connect.facebook.net/signals/config/ 75 KB
15 KB 504ms
504ms Script
application/x-javascript 157.240.253.1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1191857475053914?v=2.9.177&r=stable&domain=www.tobaccotaxrefund.com&hme=c3e4904c1dde42d643265ef909b9e193c41cedcd6f559a3ff5e1b178e36647fa&ex_m=70%2C121%2C107%2C111%2C61%2C4%2C100%2C69%2C16%2C97%2C89%2C51%2C54%2C172%2C175%2C187%2C183%2C184%2C186%2C29%2C101%2C53%2C77%2C185%2C167%2C170%2C180%2C181%2C188%2C131%2C41%2C189%2C190%2C34%2C143%2C15%2C50%2C195%2C194%2C133%2C18%2C40%2C1%2C43%2C65%2C66%2C67%2C71%2C93%2C17%2C14%2C96%2C92%2C91%2C108%2C52%2C110%2C39%2C109%2C30%2C94%2C26%2C168%2C171%2C140%2C86%2C56%2C84%2C33%2C73%2C0%2C95%2C32%2C28%2C82%2C83%2C88%2C47%2C46%2C87%2C37%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C57%2C62%2C64%2C75%2C102%2C27%2C76%2C9%2C8%2C80%2C48%2C21%2C104%2C103%2C105%2C98%2C10%2C20%2C3%2C38%2C74%2C19%2C5%2C90%2C81%2C44%2C35%2C85%2C2%2C36%2C63%2C42%2C106%2C45%2C79%2C68%2C112%2C60%2C59%2C31%2C99%2C58%2C55%2C49%2C78%2C72%2C24%2C113

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.253.1 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-02-fra5.fbcdn.net

Software

Resource Hash

f5686e52eb0ab06cefa21434c34b1f6aebd77d78ef00ccc93e9b024da354ba12

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src 'nonce-DAo4r15S' .fbcdn.net .facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.tobaccotaxrefund.com/

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Tue, 19 Nov 2024 02:47:04 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src 'nonce-DAo4r15S' *.fbcdn.net *.facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=25, rtx=0, c=71, mss=1232, tbw=70354, tp=65, tpl=0, uplat=477, ullat=0
pragma: public
x-fb-debug: N5QBHJYT2Bf6p5v1b63LzYbERb99L0fDS+WslUBVhKgwCoV9PzrKIfHJXKRINpMomLYtkEWgYKHqXGfXQ1K6Zw==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top
x-xss-protection: 0
origin-agent-cluster: ?1

POST
H3 200 collect
www.google.com/ccm/ 0
0 82ms
32ms Ping
text/plain 172.217.18.4
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google.com/ccm/collect?en=page_view&dl=https%3A%2F%2Fwww.tobaccotaxrefund.com%2F&scrsrc=www.googletagmanager.com&frm=0&rnd=1252376373.1731984424&auid=6430949.1731984424&npa=1&gtm=45be4be0za200&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101925629~102067555~102067808~102077855&tft=1731984424450&tfd=1010&apve=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-951936100
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.217.18.4 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra15s28-in-f4.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.tobaccotaxrefund.com/

Response headers

GET
H2 200 sw_iframe.html
www.googletagmanager.com/static/service_worker/4al0/ Frame BC79 0
0 81ms
29ms Document
text/html 2a00:1450:4001:81c::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/static/service_worker/4al0/sw_iframe.html?origin=https%3A%2F%2Fwww.tobaccotaxrefund.com

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-951936100

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 1476
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="analytics-container-tag-serving"
cross-origin-resource-policy: cross-origin
date: Tue, 19 Nov 2024 02:47:04 GMT
expires: Wed, 19 Nov 2025 02:47:04 GMT
last-modified: Mon, 21 Oct 2024 16:58:00 GMT
report-to: {"group":"analytics-container-tag-serving","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/analytics-container-tag-serving"}]}
server: sffe
service-worker-allowed: /static/service_worker
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 276 KB
96 KB 43ms
43ms Script
application/javascript 2a00:1450:4001:81c::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-GHTKR7N68G&l=dataLayer&cx=c&gtm=45He4be0v9123584622za200

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KBR2P94

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

4580eeff076cc9f059cfa6d60f5c2619d1798d9618be831ddcd5f0bf88a6188d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.tobaccotaxrefund.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Tue, 19 Nov 2024 02:47:04 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 19 Nov 2024 02:47:04 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 98530
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 166ms
33ms Script
text/javascript 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KBR2P94

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.tobaccotaxrefund.com/

Response headers

content-encoding: gzip
age: 340
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:225:0"}],}
x-content-type-options: nosniff
expires: Tue, 19 Nov 2024 04:41:24 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 19 Nov 2024 02:41:24 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
content-type: text/javascript
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:225:0
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 20994
server: Golfe2

GET
H3 200 S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v24/ 23 KB
23 KB 147ms
38ms Font
font/woff2 142.250.184.195
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:400,700|Pathway+Gothic+One&display=block

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.195 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f3.1e100.net

Software

sffe /

Resource Hash

918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.tobaccotaxrefund.com
Referer: https://fonts.googleapis.com/

Response headers

age: 472970
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Thu, 13 Nov 2025 15:24:14 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 13 Nov 2024 15:24:14 GMT
last-modified: Tue, 02 May 2023 15:17:22 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 23580
x-xss-protection: 0
server: sffe

GET
H3 200 MwQrbgD32-KAvjkYGNUUxAtW7pEBwx-tS1Zf.woff2
fonts.gstatic.com/s/pathwaygothicone/v15/ 14 KB
14 KB 153ms
44ms Font
font/woff2 142.250.184.195
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/pathwaygothicone/v15/MwQrbgD32-KAvjkYGNUUxAtW7pEBwx-tS1Zf.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:400,700|Pathway+Gothic+One&display=block

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.195 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f3.1e100.net

Software

sffe /

Resource Hash

021641f5d569e5139c323e6b304146005220ffb45dfc9381ea010324f729c8d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.tobaccotaxrefund.com
Referer: https://fonts.googleapis.com/

Response headers

age: 34979
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Tue, 18 Nov 2025 17:04:05 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 18 Nov 2024 17:04:05 GMT
last-modified: Thu, 27 Apr 2023 00:01:41 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 13968
x-xss-protection: 0
server: sffe

GET
H2 200 site-header.js Show response
www.scorpioncms.com/common/js/m/ 4 KB
2 KB 654ms
144ms Script
application/x-javascript 199.46.34.118
PROLEXIC-IP-PROTE...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.scorpioncms.com/common/js/m/site-header.js

Requested by

Host: www.tobaccotaxrefund.com
URL: https://www.tobaccotaxrefund.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

199.46.34.118 , United States, ASN213120 (PROLEXIC-IP-PROTECT Akamai International B.V., NL),

Reverse DNS

Software

Resource Hash

001792d8899f2ea4d9a357de2c3d7bff104c23b30cd1d2241503fa683ca6f23f

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data: cid:; img-src * data: blob: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline', font-src * data:
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.tobaccotaxrefund.com/

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: default-src * blob: data: cid:; img-src * data: blob: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline', font-src * data:
cache-control: public, max-age=604800
content-encoding: gzip
etag: 637472537387215703False
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
expires: Tue, 26 Nov 2024 02:47:05 GMT
access-control-allow-methods: *
access-control-allow-origin: *
content-length: 1686
date: Tue, 19 Nov 2024 02:47:05 GMT
content-type: application/x-javascript
last-modified: Tue, 26 Jan 2021 18:28:58 GMT
x-frame-options: SAMEORIGIN

GET
H3 200 S6u9w4BMUTPHh6UVSwiPGQ.woff2
fonts.gstatic.com/s/lato/v24/ 23 KB
23 KB 66ms
40ms Font
font/woff2 142.250.184.195
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:400,700|Pathway+Gothic+One&display=block

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.195 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f3.1e100.net

Software

sffe /

Resource Hash

c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.tobaccotaxrefund.com
Referer: https://fonts.googleapis.com/

Response headers

age: 287078
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Sat, 15 Nov 2025 19:02:26 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 15 Nov 2024 19:02:26 GMT
last-modified: Tue, 02 May 2023 15:07:25 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 23040
x-xss-protection: 0
server: sffe

GET
H2 200 masked.js Show response
www.scorpioncms.com/common/js/m/ 808 B
1 KB 276ms
140ms Script
application/x-javascript 199.46.34.118
PROLEXIC-IP-PROTE...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.scorpioncms.com/common/js/m/masked.js

Requested by

Host: www.tobaccotaxrefund.com
URL: https://www.tobaccotaxrefund.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

199.46.34.118 , United States, ASN213120 (PROLEXIC-IP-PROTECT Akamai International B.V., NL),

Reverse DNS

Software

Resource Hash

1dc0f2d9fc0a2aedbf93fb88bd9aa74146448e3c634b53ba0e026d399be4b75c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data: cid:; img-src * data: blob: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline', font-src * data:
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.tobaccotaxrefund.com/

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: default-src * blob: data: cid:; img-src * data: blob: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline', font-src * data:
cache-control: public, max-age=604800
content-encoding: gzip
etag: 637472537386965698False
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
expires: Tue, 26 Nov 2024 02:47:05 GMT
access-control-allow-methods: *
access-control-allow-origin: *
content-length: 594
date: Tue, 19 Nov 2024 02:47:05 GMT
content-type: application/x-javascript
last-modified: Tue, 26 Jan 2021 18:28:58 GMT
x-frame-options: SAMEORIGIN

GET
H3 200 site-bg-v1-bg.jpg
www.tobaccotaxrefund.com/assets/site-bgs/ 195 KB
196 KB 28ms
27ms Image
image/jpeg 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tobaccotaxrefund.com/assets/site-bgs/site-bg-v1-bg.jpg

Requested by

Host: www.tobaccotaxrefund.com
URL: https://www.tobaccotaxrefund.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f9e93286779fb58ad3e7980b78d5873523cd68ea4d1bd3c93b276ab3190bd7f8

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data: cid:; img-src * data: blob: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline', font-src * data:
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.tobaccotaxrefund.com/

Response headers

cf-cache-status: HIT
etag: "8088cb571d85d51:0"
age: 94766
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dk4Y1c2JVJ%2FQMg6wDjojr7oGCJVwgvRlWsc8o8ialTieDF7NQlmQVxSo3fiZGCyezk10husghHpyNzO93Q4OnyTUtu6aaItlY31l3ba91MbWsrDeT5wmG35%2BEBGf7EPgTLi7qJB4VXmiZf4%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=17545&sent=292&recv=87&lost=0&retrans=0&sent_bytes=325435&recv_bytes=12020&delivery_rate=917134&cwnd=147600&unsent_bytes=0&cid=6d23bcd6fb0b8393&ts=1569&x=1", cfHdrFlush;dur=0
date: Tue, 19 Nov 2024 02:47:05 GMT
content-type: image/jpeg
last-modified: Thu, 17 Oct 2019 19:01:55 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src * blob: data: cid:; img-src * data: blob: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline', font-src * data:
cache-control: max-age=604800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: no-referrer-when-downgrade
cf-ray: 8e4cdfa05851d596-AMS
accept-ranges: bytes
content-length: 199569
server: cloudflare

GET
H3 200 Logo2.png
www.tobaccotaxrefund.com/images/logos/ 8 KB
0 1ms
1ms Image
image/png 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tobaccotaxrefund.com/images/logos/Logo2.png

Requested by

Host: www.tobaccotaxrefund.com
URL: https://www.tobaccotaxrefund.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

78ab587dd23884c7b297ec7666d233b5e44502d340727d167913abf1954c65f3

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data: cid:; img-src * data: blob: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline', font-src * data:
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.tobaccotaxrefund.com/

Response headers

cf-cache-status: HIT
etag: "6bdaa37e5b72d51:0"
age: 94769
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VAQp%2FU3eKQBS0dT6WdQLUyF%2BOqDEKFFvAwoqQkK%2FR3%2BBMZeG0jbH9LsRKO%2F4ZIFdKpMN7LwjuPpM7eyo0gaBiNnI2tItx5TsaoIPVra46aGiMVOVE6ayKJ4WQdcVRhPAnviN4aFuensUhoY%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=21360&sent=44&recv=26&lost=0&retrans=0&sent_bytes=37644&recv_bytes=8380&delivery_rate=647371&cwnd=15600&unsent_bytes=0&cid=6d23bcd6fb0b8393&ts=804&x=1", cfHdrFlush;dur=16
date: Tue, 19 Nov 2024 02:47:04 GMT
content-type: image/png
last-modified: Mon, 23 Sep 2019 22:08:56 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-security-policy: default-src * blob: data: cid:; img-src * data: blob: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline', font-src * data:
cache-control: max-age=604800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: no-referrer-when-downgrade
cf-ray: 8e4cdf9b9922d596-AMS
accept-ranges: bytes
content-length: 8373
server: cloudflare

GET
H3 200 content-v1-img.jpg
www.tobaccotaxrefund.com/assets/content/ 147 KB
148 KB 46ms
45ms Image
image/jpeg 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tobaccotaxrefund.com/assets/content/content-v1-img.jpg

Requested by

Host: www.tobaccotaxrefund.com
URL: https://www.tobaccotaxrefund.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8c8c3ccea8b67ed9d5b550b5c09c99d5ce883a116cc85a162bd957369410bbdd

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data: cid:; img-src * data: blob: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline', font-src * data:
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.tobaccotaxrefund.com/

Response headers

cf-cache-status: HIT
etag: "8088cb571d85d51:0"
age: 94766
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BOkGnG7IemF6hGPoM9rPln9lM%2B90BJ83bqkcVvuLvD7K0W8u5e4AsFC%2BvAiF4%2BbZcSB7XLMuSrjg871mxI8WmIY8523J3YfQ0TCIN34mvIUj%2BX1Wf5XLtEqITM1Xhvnm3pDITw5%2FSv0To0k%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=17545&sent=416&recv=87&lost=0&retrans=0&sent_bytes=473035&recv_bytes=12020&delivery_rate=917134&cwnd=147600&unsent_bytes=0&cid=6d23bcd6fb0b8393&ts=1571&x=1", cfHdrFlush;dur=15
date: Tue, 19 Nov 2024 02:47:05 GMT
content-type: image/jpeg
last-modified: Thu, 17 Oct 2019 19:01:55 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src * blob: data: cid:; img-src * data: blob: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline', font-src * data:
cache-control: max-age=604800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: no-referrer-when-downgrade
cf-ray: 8e4cdfa05852d596-AMS
accept-ranges: bytes
content-length: 150262
server: cloudflare

GET
H3 200 flair.svg Show response
www.tobaccotaxrefund.com/includes/ 1 KB
0 3ms
3ms XHR
image/svg+xml 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tobaccotaxrefund.com/includes/flair.svg

Requested by

Host: www.tobaccotaxrefund.com
URL: https://www.tobaccotaxrefund.com/cms/includes/xfe68wggbgd.2404091107279.js

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

37758ec098ad025f303f3f423897902d07bcf0a091a186cf774706b3d3d57a11

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data: cid:; img-src * data: blob: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline', font-src * data:
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.tobaccotaxrefund.com/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "257fb1e5ad6cd51:0"
age: 94767
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=t79x2jLLk%2BmF1xGhKwpFf0wUblgofOsEJT8P13yR1Xi5NM7iqsgfKcpz2MpiYK1iLzh1bf6woAYKK%2F4CD%2FONaGIf04spopUp88attY0XPZpY0rEOjlnilxhxVZYYi9wkveSjrwP3cClLa2s%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=21360&sent=29&recv=26&lost=0&retrans=0&sent_bytes=22044&recv_bytes=8380&delivery_rate=647371&cwnd=15600&unsent_bytes=0&cid=6d23bcd6fb0b8393&ts=802&x=1", cfHdrFlush;dur=0
date: Tue, 19 Nov 2024 02:47:04 GMT
content-type: image/svg+xml
last-modified: Mon, 16 Sep 2019 16:43:41 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-security-policy: default-src * blob: data: cid:; img-src * data: blob: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline', font-src * data:
cache-control: max-age=604800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: no-referrer-when-downgrade
cf-ray: 8e4cdf9b9925d596-AMS
accept-ranges: bytes
content-length: 591
server: cloudflare

GET
H3 200 y72u4k8kft1.24.svg Show response
www.tobaccotaxrefund.com/cms/svg/site/ 32 KB
15 KB 38ms
36ms XHR
image/svg+xml 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tobaccotaxrefund.com/cms/svg/site/y72u4k8kft1.24.svg

Requested by

Host: www.tobaccotaxrefund.com
URL: https://www.tobaccotaxrefund.com/cms/includes/xfe68wggbgd.2404091107279.js

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ef7c9c2aa36914973e8050cfd53d599f39c96c495d048af290c6920eb9f9ef68

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data: cid:; img-src * data: blob: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline', font-src * data:
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.tobaccotaxrefund.com/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "1db35381ab3e700"
age: 94766
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BHb1mX2XYc3I0vSlbSJvx6%2BrjVDYKIOBzyu9lcywXPElRRgADbzT7J4E%2FjnTrgp5AA1fYYQLdL0F1%2BYSd8eDebtQ%2Fgk7NR11oDM9abzwYlKTSymMqV%2FIfH5MMgc1fAMce8m%2FXwZ8pQyx2vc%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Mon, 25 Nov 2024 00:27:39 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=17545&sent=417&recv=88&lost=0&retrans=0&sent_bytes=473059&recv_bytes=12492&delivery_rate=917134&cwnd=147600&unsent_bytes=0&cid=6d23bcd6fb0b8393&ts=1581&x=1", cfHdrFlush;dur=5
date: Tue, 19 Nov 2024 02:47:05 GMT
content-type: image/svg+xml; charset=utf-8
last-modified: Tue, 12 Nov 2024 19:21:42 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src * blob: data: cid:; img-src * data: blob: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline', font-src * data:
cache-control: public, max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: no-referrer-when-downgrade
cf-ray: 8e4cdfa0786dd596-AMS
accept-ranges: bytes
content-length: 14236
server: cloudflare

OPTIONS
H/1.1 204 visit
sa.scorpion.co/event/ Frame 0
0 448ms
134ms Preflight 64.70.194.87
HWSERVICES-32400

General

Check archive.org

Show headers Download Go to

Full URL: https://sa.scorpion.co/event/visit
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 64.70.194.87 , United States, ASN32400 (HWSERVICES-32400, US),
Reverse DNS
Software: istio-envoy /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.tobaccotaxrefund.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: POST
access-control-allow-origin: https://www.tobaccotaxrefund.com
access-control-max-age: 600
date: Tue, 19 Nov 2024 02:47:05 GMT
server: istio-envoy
vary: Origin
x-envoy-upstream-service-time: 0

POST
H2 204 collect
region1.google-analytics.com/g/ 0
0 62ms
20ms Fetch
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-GHTKR7N68G&gtm=45je4be0v9123608385z89123584622za200zb9123584622&_p=1731984424113&gcd=13l3l3l2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101925629~102067555~102067808~102077855&cid=80170913.1731984425&ul=nl-nl&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EA&_s=1&sid=1731984425&sct=1&seg=0&dl=https%3A%2F%2Fwww.tobaccotaxrefund.com%2F&dt=Tobacco%20Sales%20Tax%20Consultants%20%7C%20Tobacco%20Tax%20Refund%2C%20Inc&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=1643
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-GHTKR7N68G&l=dataLayer&cx=c&gtm=45He4be0v9123584622za200
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.tobaccotaxrefund.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://www.tobaccotaxrefund.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 19 Nov 2024 02:47:05 GMT
content-type: text/plain
server: Golfe2

POST
H/1.1 200 visit Show response
sa.scorpion.co/event/ 437 B
751 B 195ms
193ms Fetch
application/json 64.70.194.87
HWSERVICES-32400

General

Check archive.org

Show headers Download Go to

Full URL: https://sa.scorpion.co/event/visit
Requested by: Host: analytics.scorpion.co
URL: https://analytics.scorpion.co/sa.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 64.70.194.87 , United States, ASN32400 (HWSERVICES-32400, US),
Reverse DNS
Software: istio-envoy /
Resource Hash: ed9017b4e5ce066f9e3731c72f8f70af7b063e6b6a1d6632c7800601f91da08b

Request headers

Referer: https://www.tobaccotaxrefund.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Accept: application/json
Content-Type: application/json

Response headers

transfer-encoding: chunked
x-envoy-upstream-service-time: 59
access-control-allow-credentials: true
access-control-allow-origin: https://www.tobaccotaxrefund.com
date: Tue, 19 Nov 2024 02:47:05 GMT
content-type: application/json; charset=utf-8
vary: Origin
server: istio-envoy

POST
H2 200 collect Show response
www.google-analytics.com/j/ 3 B
427 B 30ms
30ms XHR
text/plain 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1224495180&t=pageview&_s=1&dl=https%3A%2F%2Fwww.tobaccotaxrefund.com%2F&ul=nl-nl&de=UTF-8&dt=Tobacco%20Sales%20Tax%20Consultants%20%7C%20Tobacco%20Tax%20Refund%2C%20Inc&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAEABAAAAACAAI~&jid=1740443018&gjid=549539871&cid=80170913.1731984425&tid=UA-66438513-1&_gid=1790925497.1731984425&_r=1&_slc=1&gtm=45He4be0n81KBR2P94v9123584622za200&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101925629~102067555~102067808~102077855&npa=1&z=146698453

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://www.tobaccotaxrefund.com/

Response headers

report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:175:0"}],}
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 19 Nov 2024 02:47:05 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: text/plain
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:175:0
access-control-allow-origin: https://www.tobaccotaxrefund.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 3
server: Golfe2

GET
H3 200 /
www.facebook.com/tr/ 0
16 B 60ms
27ms Image
text/plain 157.240.253.35
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1191857475053914&ev=PageView&dl=https%3A%2F%2Fwww.tobaccotaxrefund.com&rl=&if=false&ts=1731984425139&sw=1600&sh=1200&v=2.9.177&r=stable&ec=0&o=12316&fbp=fb.1.1731984425137.82881259708393977&pm=1&hrl=befc69&ler=empty&cdl=API_unavailable&it=1731984424396&coo=false&dpo=LDU&dpoco=0&dpost=0&cs_cc=1&rqm=GET

Requested by

Host: www.tobaccotaxrefund.com
URL: https://www.tobaccotaxrefund.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.253.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-02-fra5.facebook.com

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.tobaccotaxrefund.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=20, rtx=0, c=23, mss=1232, tbw=4480, tp=10, tpl=0, uplat=0, ullat=0
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
date: Tue, 19 Nov 2024 02:47:05 GMT
content-type: text/plain
server: proxygen-bolt
priority: u=3,i

GET
H3 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
195 B 265ms
232ms Image
image/png 157.240.253.35
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=1191857475053914&ev=PageView&dl=https%3A%2F%2Fwww.tobaccotaxrefund.com&rl=&if=false&ts=1731984425139&sw=1600&sh=1200&v=2.9.177&r=stable&ec=0&o=12316&fbp=fb.1.1731984425137.82881259708393977&pm=1&hrl=befc69&ler=empty&cdl=API_unavailable&it=1731984424396&coo=false&dpo=LDU&dpoco=0&dpost=0&cs_cc=1&rqm=FGET

Requested by

Host: www.tobaccotaxrefund.com
URL: https://www.tobaccotaxrefund.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.253.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-02-fra5.facebook.com

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;script-src .facebook.com .fbcdn.net 'unsafe-inline' blob: data: 'self' 'wasm-unsafe-eval';style-src .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net wss://.facebook.com:* wss://.fbcdn.net attachment.fbsbx.com blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ .fbsbx.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: .oculuscdn.com https://paywithmybank.com/ https://.paywithmybank.com/;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .facebook.com .fbsbx.com fbsbx.com data: .fbcdn.net https://paywithmybank.com/ https://.paywithmybank.com/;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.tobaccotaxrefund.com/

Response headers

content-encoding: zstd
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7438816463566639204"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Tue, 19 Nov 2024 02:47:05 GMT
content-type: image/png
vary: Accept-Encoding
x-fb-debug: guoVQeqB0sJQ1aLjsf159dNnpY8J23WmM1PS9JZUWW+DuYiaphBIYNlvf47M9xvG4Aac7V/ZoiC4mBK0smrpJg==
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=15552000; preload
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7438816463566639204", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'wasm-unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com https://paywithmybank.com/ https://*.paywithmybank.com/;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
cache-control: private, no-store, no-cache, must-revalidate
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=21, rtx=0, c=23, mss=1232, tbw=4848, tp=13, tpl=0, uplat=210, ullat=0
cross-origin-opener-policy: same-origin-allow-popups
pragma: no-cache
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy: force-load-at-top
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H3 200 favicon.ico
www.tobaccotaxrefund.com/ 1 KB
1 KB 588ms
587ms Other
image/x-icon 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tobaccotaxrefund.com/favicon.ico

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

746d083b13e867064097d4895a86769ddfd8b58da11569f2ed85dcb51b4ca47b

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data: cid:; img-src * data: blob: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline', font-src * data:
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.tobaccotaxrefund.com/

Response headers

content-encoding: zstd
cf-cache-status: MISS
etag: W/"6146757ce06bd51:0"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MnP9kQ%2BCNTEi3qEOXyMbdJFMy9y8JRF0Fc%2BOee%2Fr2F4v97et9AaiOLSdUKE256prBV%2BdqveQr3Cs%2BFjKPrUjj%2BuEvSp0%2BWYwAwUkaVQQHHHwtWnBjk6Kwm3OIIVBtm9kBdympSEOfMRZclE%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=16931&sent=667&recv=125&lost=57&retrans=57&sent_bytes=767678&recv_bytes=14788&delivery_rate=8042696&cwnd=195720&unsent_bytes=0&cid=6d23bcd6fb0b8393&ts=2538&x=1", cfHdrFlush;dur=0
date: Tue, 19 Nov 2024 02:47:05 GMT
content-type: image/x-icon
last-modified: Sun, 15 Sep 2019 16:13:18 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: default-src * blob: data: cid:; img-src * data: blob: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline', font-src * data:
cache-control: max-age=604800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: no-referrer-when-downgrade
cf-ray: 8e4cdfa2fbf8d596-AMS
server: cloudflare

POST
H/1.1 200 init Show response
sa.scorpion.co/event/ 378 B
691 B 145ms
138ms Fetch
application/json 64.70.194.87
HWSERVICES-32400

General

Check archive.org

Show headers Download Go to

Full URL: https://sa.scorpion.co/event/init
Requested by: Host: analytics.scorpion.co
URL: https://analytics.scorpion.co/sa.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 64.70.194.87 , United States, ASN32400 (HWSERVICES-32400, US),
Reverse DNS
Software: istio-envoy /
Resource Hash: 7bfdd16d03757cd57323a52194448cb578f3d88713ce95c3030fc6ae7cbe8937

Request headers

Referer: https://www.tobaccotaxrefund.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Accept: application/json
Content-Type: application/json

Response headers

transfer-encoding: chunked
x-envoy-upstream-service-time: 8
access-control-allow-credentials: true
access-control-allow-origin: https://www.tobaccotaxrefund.com
date: Tue, 19 Nov 2024 02:47:05 GMT
content-type: application/json; charset=utf-8
vary: Origin
server: istio-envoy

OPTIONS
H/1.1 204 init
sa.scorpion.co/event/ Frame 0
0 132ms
131ms Preflight 64.70.194.87
HWSERVICES-32400

General

Check archive.org

Show headers Download Go to

Full URL: https://sa.scorpion.co/event/init
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 64.70.194.87 , United States, ASN32400 (HWSERVICES-32400, US),
Reverse DNS
Software: istio-envoy /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.tobaccotaxrefund.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: POST
access-control-allow-origin: https://www.tobaccotaxrefund.com
access-control-max-age: 600
date: Tue, 19 Nov 2024 02:47:05 GMT
server: istio-envoy
vary: Origin
x-envoy-upstream-service-time: 0

Verdicts & Comments Add Verdict or Comment

45 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

14 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.tobaccotaxrefund.com/	1970-01-21 01:48:28	Name: SEOT Value: #1
www.tobaccotaxrefund.com/	1969-12-31 23:59:59	Name: T Value: !!
www.tobaccotaxrefund.com/	1970-01-21 01:48:28	Name: SEOV Value: #1
www.tobaccotaxrefund.com/	1969-12-31 23:59:59	Name: TS013cb11d Value: 01da30794b3beb0dc8348835c7e714a28bd75802da13cc58f5b9f73e3b4c99c8082a3202d4a70a2afa82f71b930ca72c83d0789f30
.tobaccotaxrefund.com/	1970-01-21 03:16:00	Name: _gcl_au Value: 1.1.6430949.1731984424
www.tobaccotaxrefund.com/	1970-01-21 09:52:00	Name: _tz Value: Europe%2FAmsterdam
.tobaccotaxrefund.com/	1970-01-21 10:42:24	Name: _ga_GHTKR7N68G Value: GS1.1.1731984425.1.0.1731984425.0.0.0
.tobaccotaxrefund.com/	1970-01-21 10:42:24	Name: _ga Value: GA1.2.80170913.1731984425
.tobaccotaxrefund.com/	1970-01-21 01:07:50	Name: _gid Value: GA1.2.1790925497.1731984425
.tobaccotaxrefund.com/	1970-01-21 01:06:24	Name: _gat_UA-66438513-1 Value: 1
.tobaccotaxrefund.com/	1970-01-21 03:16:00	Name: _fbp Value: fb.1.1731984425137.82881259708393977
www.tobaccotaxrefund.com/	1969-12-31 23:59:59	Name: vid_ Value: 3aad6a37-54e9-4ac7-a71a-0ae5bb5ca221
www.tobaccotaxrefund.com/	1969-12-31 23:59:59	Name: sa_ Value: 5e89b006-be32-41ac-ae78-53a0f470b138
www.tobaccotaxrefund.com/	1969-12-31 23:59:59	Name: _sa Value: #2102613114

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src * blob: data: cid:; img-src * data: blob: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline', font-src * data:
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analytics.scorpion.co
connect.facebook.net
fonts.googleapis.com
fonts.gstatic.com
region1.google-analytics.com
sa.scorpion.co
www.facebook.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.scorpioncms.com
www.tobaccotaxrefund.com
142.250.184.195
155.204.144.46
157.240.253.1
157.240.253.35
172.217.18.4
188.114.97.3
199.46.34.118
2001:4860:4802:34::36
2a00:1450:4001:802::200a
2a00:1450:4001:802::200e
2a00:1450:4001:81c::2008
64.70.194.87
001792d8899f2ea4d9a357de2c3d7bff104c23b30cd1d2241503fa683ca6f23f
021641f5d569e5139c323e6b304146005220ffb45dfc9381ea010324f729c8d1
0bb6934e664392a487b6844c0c88250c3e2e97b336e4f403409f683abf7656e2
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
1dc0f2d9fc0a2aedbf93fb88bd9aa74146448e3c634b53ba0e026d399be4b75c
37758ec098ad025f303f3f423897902d07bcf0a091a186cf774706b3d3d57a11
43a683165a27224ef2d2717bd57c8c203aa570ce39140504d086562eefbb0f1f
4580eeff076cc9f059cfa6d60f5c2619d1798d9618be831ddcd5f0bf88a6188d
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
5a95a5efac1153f6621579c3604e09a12c0d0af5fae53fb465f83c3d669e07be
62c16210cf3c4c00af2fc08472c697d8d2a2387c98570c37db25f720e7b27c0a
746d083b13e867064097d4895a86769ddfd8b58da11569f2ed85dcb51b4ca47b
78ab587dd23884c7b297ec7666d233b5e44502d340727d167913abf1954c65f3
7bfdd16d03757cd57323a52194448cb578f3d88713ce95c3030fc6ae7cbe8937
8c8c3ccea8b67ed9d5b550b5c09c99d5ce883a116cc85a162bd957369410bbdd
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
92dc27ff9785212220e0394a0f88f4e930254f9705f2080311f76d0e9f57fb7b
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
aacf5c80340fd560176be18c518c90f2253403cfda1e6e7ac52a34e11ca034f6
b4fd16c35673fee0315a50832658a04e38eb58f6eacb2f438b8c2fc72d37fd09
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49
d84dea30ea1e86c726eea3bf60c9e3bf2d652f497d719a549eae7f83cb5fc2c8
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ed9017b4e5ce066f9e3731c72f8f70af7b063e6b6a1d6632c7800601f91da08b
ef7c9c2aa36914973e8050cfd53d599f39c96c495d048af290c6920eb9f9ef68
f33a14791674c188711bf6b1e902e0e10bb2992b06e5b69fce52c01bf0c80fa8
f5686e52eb0ab06cefa21434c34b1f6aebd77d78ef00ccc93e9b024da354ba12
f9e6fa8e411f8330ee51527fa8322eb9cbe2fbe18fc41decdfca341cc00552b2
f9e93286779fb58ad3e7980b78d5873523cd68ea4d1bd3c93b276ab3190bd7f8

www.tobaccotaxrefund.com Open in urlscan Pro 188.114.97.3 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

36 Requests

100 %HTTPS

33 %IPv6

10 Domains

12 Subdomains

13 IPs

3 Countries

1117 kBTransfer

2641 kBSize

14 Cookies

2 Outgoing links

Redirected requests

36 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.tobaccotaxrefund.com Open in urlscan Pro
188.114.97.3 Public Scan

Screenshot
Live screenshot

Full Image

36
Requests

100 %
HTTPS

33 %
IPv6

10
Domains

12
Subdomains

13
IPs

3
Countries

1117 kB
Transfer

2641 kB
Size

14
Cookies

36 HTTP transactions
1 data transactions