return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com Open in urlscan Pro
2606:4700:3034::6815:4183 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com/refunds_getstatus-forms1-irfof_IRServlet-en_lang/index.php?resource_url=https://sa.www4.irs.gov/...
Effective URL:
https://return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com/refunds_getstatus-forms1-irfof_IRServlet-en_lang/home.html?resource_url=https://sa.www4.irs.gov/...
Submission: On May 14 via automatic, source phishtank (May 14th 2024, 6:34:10 pm UTC) — Scanned from DE

Summary HTTP 17 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 17 HTTP transactions. The main IP is 2606:4700:3034::6815:4183, located in United States and belongs to CLOUDFLARENET, US. The main domain is return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com.
TLS certificate: Issued by E1 on April 4th 2024. Valid for: 3 months.

This is the only time return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: IRS (Government)

Domain & IP information

	IP Address		AS Autonomous System
17	2606:4700:303... 2606:4700:3034::6815:4183		13335 (CLOUDFLAR...) (CLOUDFLARENET)
17	1

17 2606:4700:3034::6815:4183 (United States)

ASN13335 (CLOUDFLARENET, US)

return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
17	arizonagirlsreport.com return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com	77 KB
17	1

	Domain	Requested by
17	return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com	return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com
17	1

This site contains no links.

Subject Issuer	Validity	Valid
arizonagirlsreport.com E1	`2024-04-04` - `2024-07-03`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com/refunds_getstatus-forms1-irfof_IRServlet-en_lang/home.html?resource_url=https://sa.www4.irs.gov/irfof/lang/en/irfofgetstatus.jsp=BiOqUMyNHaCxDUPM&clmID=eZvGZHTXxHtFMUlWwBwkxtAwOfWLVim
Frame ID: 3460A3C81E06F3C7E77C8E8CE7C01138
Requests: 16 HTTP requests in this frame

Frame: https://return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com/refunds_getstatus-forms1-irfof_IRServlet-en_lang/home_files/saved_resource.htm
Frame ID: AD92CB63E9DFE0841FE56093C16CE1FD
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com/refunds_getstatus-forms1-irfof_IRServlet-en_lang/index.php?resource_url=http... Page URL
https://return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com/refunds_getstatus-forms1-irfof_IRServlet-en_lang/home.html?resource_url=http... Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css

Page Statistics

17
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

77 kB
Transfer

265 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com/refunds_getstatus-forms1-irfof_IRServlet-en_lang/index.php?resource_url=https://sa.www4.irs.gov/refunds/wheres-my-refund/get-your-refund-faster-wmr Page URL
https://return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com/refunds_getstatus-forms1-irfof_IRServlet-en_lang/home.html?resource_url=https://sa.www4.irs.gov/irfof/lang/en/irfofgetstatus.jsp=BiOqUMyNHaCxDUPM&clmID=eZvGZHTXxHtFMUlWwBwkxtAwOfWLVim Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	index.php Show response return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com/refunds_getstatus-forms1-irfof_IRServlet-en_lang/	297 B 857 B	529ms 491ms	Document text/html	2606:4700:3034::6815:4183 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com/refunds_getstatus-forms1-irfof_IRServlet-en_lang/index.php?resource_url=https://sa.www4.irs.gov/refunds/wheres-my-refund/get-your-refund-faster-wmr Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3034::6815:4183 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `6e36cbaf3540e440c09b3446686b42c434295b52d258ed9e89dfc7c25a90b982` Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers alt-svc h3=":443"; ma=86400 cache-control no-store, no-cache, must-revalidate cf-cache-status DYNAMIC cf-ray 883cfaf58dd53660-FRA content-encoding br content-type text/html; charset=UTF-8 date Tue, 14 May 2024 18:34:05 GMT expires Thu, 19 Nov 1981 08:52:00 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} pragma no-cache report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CtUzx0ef715FNjUu7rmqXAkyIXgGca8X0V2rX4LemmtVhrRy3oE6l6i35cyy1%2Fif2CwWJ98yjJ2Awu2EvXDCT6PCDN1up5hWPhjehgP39RhIQSXitkb398o4zSPRMYMMAvwY2BGvrdlkrmwPlArSO%2ByMig7AFO6DTyjP1x%2FAmz4%2FK4pqaB%2FKBGdI8NRWNFrHdPsi7BV1F29Fjw8ib9SxEgr72gOez0jU0Ku9BhiVuA%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding
GET H3	200	Primary Request home.html Show response return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com/refunds_getstatus-forms1-irfof_IRServlet-en_lang/	12 KB 4 KB	69ms 69ms	Document text/html	2606:4700:3034::6815:4183 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com/refunds_getstatus-forms1-irfof_IRServlet-en_lang/home.html?resource_url=https://sa.www4.irs.gov/irfof/lang/en/irfofgetstatus.jsp=BiOqUMyNHaCxDUPM&clmID=eZvGZHTXxHtFMUlWwBwkxtAwOfWLVim Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::6815:4183 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `bec0021229acb826efda32e78841a7b97ffb73d3b922bd1bd98823a4377a5374` Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer https://return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com/refunds_getstatus-forms1-irfof_IRServlet-en_lang/index.php?resource_url=https://sa.www4.irs.gov/refunds/wheres-my-refund/get-your-refund-faster-wmr Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 883cfaf8c8e20473-CDG content-encoding br content-type text/html date Tue, 14 May 2024 18:34:05 GMT last-modified Tue, 25 Apr 2023 15:40:36 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oMyaOd3T0oUDrVkTfUuTC9V8QihNhCVrf9uIk5BRV7rcBHK7XTvdyxVsJCg3FmIegwtJi1GzkkEKFAwiSAhh7%2FQr4b6dnCmutIOhzxOYpraeHkRmtbPWE9TKj9tFZbAhDYWLnraEaDpxcJu1LF3FnWvuyz6VkfDbZtvuICkjZPqc4xwnAxVVV0ihWnfxoos%2F7tz3eIEhv%2FmLBQPOuo%2FmrDkT0Esdido3cIcaU7kFqg%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding
GET H3	404	favicon.ico return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com/	342 B 820 B	59ms 59ms	Other text/html	2606:4700:3034::6815:4183 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com/favicon.ico Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::6815:4183 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com/refunds_getstatus-forms1-irfof_IRServlet-en_lang/index.php?resource_url=https://sa.www4.irs.gov/refunds/wheres-my-refund/get-your-refund-faster-wmr Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 14 May 2024 18:34:05 GMT content-encoding br cf-cache-status MISS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KGfOIp4NjEvp%2F0naDOZFMH0E2Fmp5bd06FzUdr2v3g4NLO1Cx32ZnQ3lriMoLfuqg3ovP3b%2BAxujuNv7M7%2BlMtsjSA%2B8Vic6VoVdZlvQ8hpw3OhErUmAWB9xC1Dn%2Fkq9rQA9pN%2FnNEWZriQZD6KS1EZ1fWURPjLE0KxBmTa1OBAb2okdTutiFXTYLDTcg839sXkqNn0x1tC9481Qtv%2BcTVH9F%2B9sDLLtzJSGIpWTBQ%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=iso-8859-1 cache-control max-age=14400 cf-ray 883cfaf8c8dc0473-CDG alt-svc h3=":443"; ma=86400
GET H3	200	bootstrap.css return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com/refunds_getstatus-forms1-irfof_IRServlet-en_lang/home_files/	152 KB 23 KB	94ms 93ms	Stylesheet text/css	2606:4700:3034::6815:4183 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com/refunds_getstatus-forms1-irfof_IRServlet-en_lang/home_files/bootstrap.css Requested by Host: return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com URL: https://return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com/refunds_getstatus-forms1-irfof_IRServlet-en_lang/home.html?resource_url=https://sa.www4.irs.gov/irfof/lang/en/irfofgetstatus.jsp=BiOqUMyNHaCxDUPM&clmID=eZvGZHTXxHtFMUlWwBwkxtAwOfWLVim Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::6815:4183 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com/refunds_getstatus-forms1-irfof_IRServlet-en_lang/home.html?resource_url=https://sa.www4.irs.gov/irfof/lang/en/irfofgetstatus.jsp=BiOqUMyNHaCxDUPM&clmID=eZvGZHTXxHtFMUlWwBwkxtAwOfWLVim Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 14 May 2024 18:34:05 GMT content-encoding gzip cf-cache-status MISS last-modified Wed, 08 Jun 2022 21:09:34 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "2606e-5e0f61f399f80-gzip" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pjcugoROZ%2FOtgCOOXno9CfAhePm5V%2B7re3d4ZLptCVhIlcav8bzIlcsEP7alfcRAkTGQw9OFZT4OLh0jTd5o4boMzpqsu1R4TZUO0bOZsTU97sYgHPqqc8ateujQsmYtCw0eCxKxH60NdeLEZb1JR1PYviZps%2FMdsJnGwaMXR%2Fti84925oEZxxtoxYTsr%2FmTkLTGl%2FdLX6dUkc6GXDh%2BpubfUePy6N6E00GaJvmoDg%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 accept-ranges bytes cf-ray 883cfaf939b90473-CDG alt-svc h3=":443"; ma=86400 content-length 23238
GET H3	200	jquery-ui.css return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com/refunds_getstatus-forms1-irfof_IRServlet-en_lang/home_files/	31 KB 8 KB	66ms 65ms	Stylesheet text/css	2606:4700:3034::6815:4183 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com/refunds_getstatus-forms1-irfof_IRServlet-en_lang/home_files/jquery-ui.css Requested by Host: return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com URL: https://return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com/refunds_getstatus-forms1-irfof_IRServlet-en_lang/home.html?resource_url=https://sa.www4.irs.gov/irfof/lang/en/irfofgetstatus.jsp=BiOqUMyNHaCxDUPM&clmID=eZvGZHTXxHtFMUlWwBwkxtAwOfWLVim Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::6815:4183 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `ca4df2bf400a42d8752e115f03366a90b2b4ed06b2da9ef429d41fda5f15705e` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com/refunds_getstatus-forms1-irfof_IRServlet-en_lang/home.html?resource_url=https://sa.www4.irs.gov/irfof/lang/en/irfofgetstatus.jsp=BiOqUMyNHaCxDUPM&clmID=eZvGZHTXxHtFMUlWwBwkxtAwOfWLVim Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 14 May 2024 18:34:05 GMT content-encoding gzip cf-cache-status MISS last-modified Wed, 08 Jun 2022 21:09:34 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "7d52-5e0f61f399f80-gzip" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=t%2B6ssmgYflU7gFlpYgCRAQ%2F4DO9bHJDz1Piup3emMshh0PNuHjowVDkn6t1I1PCcy9fS8ZccBzcdQZncwuNHSinfDcF8o%2B4%2B19uMjpNNnIpQyB0QddIzpBzk%2BhMBvI0jlKZJ7LHONR4%2FV1d5KM%2Brw1fky7SdtLQ7MFXo%2F5Cv6SGRjVQDhIJObZuSSIatjBNfMSf3ZmkL%2Fo%2Fut43Qj403qpfi4SKfsz78tP4fcDI%2FZw%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 accept-ranges bytes cf-ray 883cfaf939bd0473-CDG alt-svc h3=":443"; ma=86400 content-length 7901
GET H3	200	irs.css return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com/refunds_getstatus-forms1-irfof_IRServlet-en_lang/home_files/	6 KB 2 KB	63ms 61ms	Stylesheet text/css	2606:4700:3034::6815:4183 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com/refunds_getstatus-forms1-irfof_IRServlet-en_lang/home_files/irs.css Requested by Host: return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com URL: https://return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com/refunds_getstatus-forms1-irfof_IRServlet-en_lang/home.html?resource_url=https://sa.www4.irs.gov/irfof/lang/en/irfofgetstatus.jsp=BiOqUMyNHaCxDUPM&clmID=eZvGZHTXxHtFMUlWwBwkxtAwOfWLVim Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::6815:4183 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `c091629a45d384695d3aa0fcea2210eab8edff323d8ecbf81e3a04fda820d7f4` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com/refunds_getstatus-forms1-irfof_IRServlet-en_lang/home.html?resource_url=https://sa.www4.irs.gov/irfof/lang/en/irfofgetstatus.jsp=BiOqUMyNHaCxDUPM&clmID=eZvGZHTXxHtFMUlWwBwkxtAwOfWLVim Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 14 May 2024 18:34:05 GMT content-encoding gzip cf-cache-status MISS last-modified Wed, 08 Jun 2022 21:09:34 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "16ae-5e0f61f399f80-gzip" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Jq0s%2BrCFTu9KbK3AwzrivTTGnpE35J3DOw1Mu8gx%2BBTd22fFDfflR3Ew5NYUhlD8t5EGAei1wvAh5uTMMlOLrhExXZtyt6ehS24NsLp6SbnJmilUZgJs3iqik5NYR9iATHERF5eJTGOU%2FlJh3Wgd4KkfnwbowJoo04hqLEsweFRVt3JZi1c%2BEWOrUNS3DQ1I6KuSXrNFiA%2BdmEoAYqsholNtiG0TopuBLUOa0GLFiA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 accept-ranges bytes cf-ray 883cfaf939be0473-CDG alt-svc h3=":443"; ma=86400 content-length 1289
GET H3	200	app.css return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com/refunds_getstatus-forms1-irfof_IRServlet-en_lang/home_files/	9 KB 3 KB	64ms 62ms	Stylesheet text/css	2606:4700:3034::6815:4183 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com/refunds_getstatus-forms1-irfof_IRServlet-en_lang/home_files/app.css Requested by Host: return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com URL: https://return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com/refunds_getstatus-forms1-irfof_IRServlet-en_lang/home.html?resource_url=https://sa.www4.irs.gov/irfof/lang/en/irfofgetstatus.jsp=BiOqUMyNHaCxDUPM&clmID=eZvGZHTXxHtFMUlWwBwkxtAwOfWLVim Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::6815:4183 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `ce9771403b1bbc5611a4d7774f88876ad19600a4172073b24be19348d91c7d89` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com/refunds_getstatus-forms1-irfof_IRServlet-en_lang/home.html?resource_url=https://sa.www4.irs.gov/irfof/lang/en/irfofgetstatus.jsp=BiOqUMyNHaCxDUPM&clmID=eZvGZHTXxHtFMUlWwBwkxtAwOfWLVim Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 14 May 2024 18:34:05 GMT content-encoding gzip cf-cache-status MISS last-modified Thu, 16 Nov 2023 09:53:19 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "225b-60a41fd4b81c0-gzip" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2DLsKbRuaRiCj2bv2vW3hZvEilEnWtaPXYrc939WvzeM96q728i%2FK4fOQIjuED83hltrm9jyjxyi%2FKJ5YeIN6Nhjgh%2FfH2srx%2BpIXg%2BWdtx1gsi8X5Sg7awFjWuJg4Pw9GSRfhGBtsoWncIuNE4Z4YEuK4CVzMy0g1SuBCnM2MPy5bxq6LmZ831KUdCDr0FEcqJIs%2FZzI23Fk7i%2Bo6iXagpvOGXtmSoOywRn0Nr54w%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 accept-ranges bytes cf-ray 883cfaf939bf0473-CDG alt-svc h3=":443"; ma=86400 content-length 2417
GET H3	200	app-error.css return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com/refunds_getstatus-forms1-irfof_IRServlet-en_lang/home_files/	786 B 874 B	79ms 78ms	Stylesheet text/css	2606:4700:3034::6815:4183 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com/refunds_getstatus-forms1-irfof_IRServlet-en_lang/home_files/app-error.css Requested by Host: return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com URL: https://return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com/refunds_getstatus-forms1-irfof_IRServlet-en_lang/home.html?resource_url=https://sa.www4.irs.gov/irfof/lang/en/irfofgetstatus.jsp=BiOqUMyNHaCxDUPM&clmID=eZvGZHTXxHtFMUlWwBwkxtAwOfWLVim Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::6815:4183 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `c4abb35ccb93590308661b4dafacfe380c89aef07e2d94499d23f1637137bd1c` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com/refunds_getstatus-forms1-irfof_IRServlet-en_lang/home.html?resource_url=https://sa.www4.irs.gov/irfof/lang/en/irfofgetstatus.jsp=BiOqUMyNHaCxDUPM&clmID=eZvGZHTXxHtFMUlWwBwkxtAwOfWLVim Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 14 May 2024 18:34:05 GMT content-encoding gzip cf-cache-status MISS last-modified Wed, 08 Jun 2022 21:09:34 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "312-5e0f61f399f80-gzip" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=htfgqJYy3iVUv5aFwmlJVmwkdKERBqp968JElyULIP5Z7F7nGCw%2BJhHMTcZzPnCsNcOeUiAjC7%2FR9F%2BbjxjrSbfUDppMvkzPCJ2GL24Aw3u3gP53fBBSNvWOY%2FlXqq6jBTn214jOuilxZR6b7%2FQY%2BAGNjjh14mj2ELRFffC9ad3%2FWW3Ms7Oq0gbHHLZFYZSP%2BC0u0ESQi1FIkGH9QXr7fLz%2Fcij8eNlglDMw8e35cg%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 accept-ranges bytes cf-ray 883cfaf939c10473-CDG alt-svc h3=":443"; ma=86400 content-length 320
GET H3	200	wmsp-shared-secrets.css return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com/refunds_getstatus-forms1-irfof_IRServlet-en_lang/home_files/	3 KB 1 KB	62ms 61ms	Stylesheet text/css	2606:4700:3034::6815:4183 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com/refunds_getstatus-forms1-irfof_IRServlet-en_lang/home_files/wmsp-shared-secrets.css Requested by Host: return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com URL: https://return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com/refunds_getstatus-forms1-irfof_IRServlet-en_lang/home.html?resource_url=https://sa.www4.irs.gov/irfof/lang/en/irfofgetstatus.jsp=BiOqUMyNHaCxDUPM&clmID=eZvGZHTXxHtFMUlWwBwkxtAwOfWLVim Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::6815:4183 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `fd8245e841b019e192658b02f6d510112f6793dace36c4b29cc44ab2ab6179cd` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com/refunds_getstatus-forms1-irfof_IRServlet-en_lang/home.html?resource_url=https://sa.www4.irs.gov/irfof/lang/en/irfofgetstatus.jsp=BiOqUMyNHaCxDUPM&clmID=eZvGZHTXxHtFMUlWwBwkxtAwOfWLVim Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 14 May 2024 18:34:05 GMT content-encoding gzip cf-cache-status MISS last-modified Wed, 08 Jun 2022 21:09:34 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "cb8-5e0f61f399f80-gzip" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jRf6vbBP4SxWca8tJYDIIhykr6O25yhltlcZ0FqG3WmdgNCoK5CnUjqpqf6iXXmpzRtJvhpQct04V6aJcLLD6F0vB3ObTtKNMM7f21V2ZQS94MNYWWCEu1rZ9W8jyalfJYXyA9HC%2FOrFWpkxH4sIpIDIHLNJYkp3Bs7UPXZaIJmeC%2F%2BK0VFaUhALM3bU%2FSPd9t9Q9%2BVW1fpUm%2B%2FQfNF9bEF3bQ%2B48J4cjxOkpQlChw%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 accept-ranges bytes cf-ray 883cfaf939c70473-CDG alt-svc h3=":443"; ma=86400 content-length 967
GET H3	200	wmsp-results.css return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com/refunds_getstatus-forms1-irfof_IRServlet-en_lang/home_files/	2 KB 1 KB	56ms 55ms	Stylesheet text/css	2606:4700:3034::6815:4183 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com/refunds_getstatus-forms1-irfof_IRServlet-en_lang/home_files/wmsp-results.css Requested by Host: return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com URL: https://return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com/refunds_getstatus-forms1-irfof_IRServlet-en_lang/home.html?resource_url=https://sa.www4.irs.gov/irfof/lang/en/irfofgetstatus.jsp=BiOqUMyNHaCxDUPM&clmID=eZvGZHTXxHtFMUlWwBwkxtAwOfWLVim Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::6815:4183 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `c270883773a53da36d154ea13ce8ea8451489c25aabd20e60ef6eb65c4fe439d` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com/refunds_getstatus-forms1-irfof_IRServlet-en_lang/home.html?resource_url=https://sa.www4.irs.gov/irfof/lang/en/irfofgetstatus.jsp=BiOqUMyNHaCxDUPM&clmID=eZvGZHTXxHtFMUlWwBwkxtAwOfWLVim Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 14 May 2024 18:34:05 GMT content-encoding gzip cf-cache-status MISS last-modified Wed, 08 Jun 2022 21:09:34 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "673-5e0f61f399f80-gzip" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OGjC57WE0c80%2B%2BvM5Oqa2L6a7OjCzeouhxL%2BZjq5e1YtGcploevbun5854Q%2BIAvc2LDOlBCq5Ii5LkjFNdqjWOrtVR19xTHNgmcnDZBXGn%2BaojbQGPACZC2ilPmG07LL%2FGfvJNFaD12WRt8A%2FUH2pfsBoUpzsJC%2FhETYrcPbQkn9WkgYoPsfwpOG%2FLDwsmXecWeHvUK1sAGPX2BjN0e6npPICsF09b1WgN7N7MJ%2BMg%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 accept-ranges bytes cf-ray 883cfaf939c90473-CDG alt-svc h3=":443"; ma=86400 content-length 614
GET H3	200	datepicker.css return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com/refunds_getstatus-forms1-irfof_IRServlet-en_lang/home_files/	21 KB 3 KB	64ms 63ms	Stylesheet text/css	2606:4700:3034::6815:4183 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com/refunds_getstatus-forms1-irfof_IRServlet-en_lang/home_files/datepicker.css Requested by Host: return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com URL: https://return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com/refunds_getstatus-forms1-irfof_IRServlet-en_lang/home.html?resource_url=https://sa.www4.irs.gov/irfof/lang/en/irfofgetstatus.jsp=BiOqUMyNHaCxDUPM&clmID=eZvGZHTXxHtFMUlWwBwkxtAwOfWLVim Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::6815:4183 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `a2538e625a9042c2cd54e13cf52221fce1831dd12c5ca4cdac23137ac22e3010` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com/refunds_getstatus-forms1-irfof_IRServlet-en_lang/home.html?resource_url=https://sa.www4.irs.gov/irfof/lang/en/irfofgetstatus.jsp=BiOqUMyNHaCxDUPM&clmID=eZvGZHTXxHtFMUlWwBwkxtAwOfWLVim Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 14 May 2024 18:34:05 GMT content-encoding gzip cf-cache-status MISS last-modified Wed, 08 Jun 2022 21:09:34 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "52fc-5e0f61f399f80-gzip" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZamaHVabSOxsEeryRYYH40pX3MCCXZ0Oh1P408ss%2BDJKiz15DowLRfsox2FEmSKCiWK5Bbh8uC0OmEUlN01F%2BYvsuBn5hnc4%2BB%2BcNlGsymeXaMcLZLJ6aN6d%2BXXqdCnoEOAwi%2BWd1mmd%2BHH07j7dr%2Fu9OYkC0yJ0GQG2XDI9eauZQ8VfyqsXSlq97Wi%2BRaqKDIRNX0W8fw8nuSkymvk28eQCss7I5a3FMjFSvPt6BA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 accept-ranges bytes cf-ray 883cfaf939ce0473-CDG alt-svc h3=":443"; ma=86400 content-length 2441
GET H3	200	logo.png return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com/refunds_getstatus-forms1-irfof_IRServlet-en_lang/home_files/	5 KB 5 KB	79ms 78ms	Image image/png	2606:4700:3034::6815:4183 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com/refunds_getstatus-forms1-irfof_IRServlet-en_lang/home_files/logo.png Requested by Host: return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com URL: https://return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com/refunds_getstatus-forms1-irfof_IRServlet-en_lang/home.html?resource_url=https://sa.www4.irs.gov/irfof/lang/en/irfofgetstatus.jsp=BiOqUMyNHaCxDUPM&clmID=eZvGZHTXxHtFMUlWwBwkxtAwOfWLVim Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::6815:4183 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `02ceea374fce34ce8272bb17a67fd862c8ff49eeb05938154570701ca7a62ea7` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com/refunds_getstatus-forms1-irfof_IRServlet-en_lang/home.html?resource_url=https://sa.www4.irs.gov/irfof/lang/en/irfofgetstatus.jsp=BiOqUMyNHaCxDUPM&clmID=eZvGZHTXxHtFMUlWwBwkxtAwOfWLVim Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 14 May 2024 18:34:05 GMT cf-cache-status MISS last-modified Wed, 08 Jun 2022 21:09:34 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "1220-5e0f61f399f80" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JfnqYvTTTvrTiHJvGQyj7vnB2eENVAWL11rBjJwzzeEyzZw3laIp3XlWk1yh8ot295EApE4gfko6ijarnwkEua55tRJmC%2BdNZxSlap6fH%2BAHmLmYBeyrcxMHMbnJFfBZgQ3WNFmaLlG2LehSfwSiDykqUxFj8m2SQXs46bQxg7c8efARPsloMco4cntCKf7%2BwZXIfvz%2BAtRPQECzKXmQ2m6G2RbO4p4ke7oXp0vdRw%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 accept-ranges bytes cf-ray 883cfaf939d10473-CDG alt-svc h3=":443"; ma=86400 content-length 4640
GET H3	200	irs_horiz_white.png return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com/refunds_getstatus-forms1-irfof_IRServlet-en_lang/home_files/	1 KB 2 KB	88ms 87ms	Image image/png	2606:4700:3034::6815:4183 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com/refunds_getstatus-forms1-irfof_IRServlet-en_lang/home_files/irs_horiz_white.png Requested by Host: return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com URL: https://return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com/refunds_getstatus-forms1-irfof_IRServlet-en_lang/home.html?resource_url=https://sa.www4.irs.gov/irfof/lang/en/irfofgetstatus.jsp=BiOqUMyNHaCxDUPM&clmID=eZvGZHTXxHtFMUlWwBwkxtAwOfWLVim Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::6815:4183 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `5d3238bdb8ee9440978b31fadb2af34965dca58b179a1225e13316d4c6cfd5e8` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com/refunds_getstatus-forms1-irfof_IRServlet-en_lang/home.html?resource_url=https://sa.www4.irs.gov/irfof/lang/en/irfofgetstatus.jsp=BiOqUMyNHaCxDUPM&clmID=eZvGZHTXxHtFMUlWwBwkxtAwOfWLVim Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 14 May 2024 18:34:05 GMT cf-cache-status MISS last-modified Wed, 08 Jun 2022 21:09:34 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "5da-5e0f61f399f80" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lCBGHf0TgJoKnsOr%2B9xbg8iW74OCOsukmumdqGdyts%2BEMT%2Fgiw%2F7V2oAvxDcrzYdie%2Foeadywd9AGdtByzVwuS4Xx3AJlY%2FNzRDzzIfU5cFCEE0o7bSoO%2BeYOrZTp91RFWjbBuwBT57mUfKGWkhiQbONZAUTiNSV6z4%2FuksEWuhzKRh5LoUH0PAicokalW%2FoG76FeBk25Wbqa%2Flkq5vaXo8Dwd0u2KVBoCZolu7V4w%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 accept-ranges bytes cf-ray 883cfaf939d50473-CDG alt-svc h3=":443"; ma=86400 content-length 1498
GET H3	200	saved_resource.htm Show response return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com/refunds_getstatus-forms1-irfof_IRServlet-en_lang/home_files/ Frame AD92	312 B 695 B	55ms 54ms	Document text/html	2606:4700:3034::6815:4183 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com/refunds_getstatus-forms1-irfof_IRServlet-en_lang/home_files/saved_resource.htm Requested by Host: return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com URL: https://return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com/refunds_getstatus-forms1-irfof_IRServlet-en_lang/home.html?resource_url=https://sa.www4.irs.gov/irfof/lang/en/irfofgetstatus.jsp=BiOqUMyNHaCxDUPM&clmID=eZvGZHTXxHtFMUlWwBwkxtAwOfWLVim Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::6815:4183 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `8549844c9c013d824f5b7d01079edc1cfa3cb87f5f14a347ba52391361dafc02` Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer https://return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com/refunds_getstatus-forms1-irfof_IRServlet-en_lang/home.html?resource_url=https://sa.www4.irs.gov/irfof/lang/en/irfofgetstatus.jsp=BiOqUMyNHaCxDUPM&clmID=eZvGZHTXxHtFMUlWwBwkxtAwOfWLVim Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 883cfaf9eb450473-CDG content-encoding br content-type text/html date Tue, 14 May 2024 18:34:05 GMT last-modified Wed, 08 Jun 2022 21:09:34 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HqzdE75kTiLzrO6BbHiShiNwUu1lqIpPqpoCjOmBzkP4ejQn2bIbAkmL7S8nubsvWBtj8KbB2Ncx1Fr0KL1pYaqosKaBYRSm6mHLnkr2tfpZOgyMHHsJutSAZy1%2F7s%2BwUyaNhy%2FiXiE4DJ%2BfWgMM7x2dF%2FzQBloFlk2MvtR%2By5QYRCqNE3zia4s%2FH73RB6uxrpjXthD%2BALGTAacgBYi9e6MfjempiLG%2BV%2FVdYGEC1Q%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding
GET H3	404	swirl_lighter_ca6f4deb.png return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com/refunds_getstatus-forms1-irfof_IRServlet-en_lang/images/	342 B 342 B	62ms 62ms	Image text/html	2606:4700:3034::6815:4183 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com/refunds_getstatus-forms1-irfof_IRServlet-en_lang/images/swirl_lighter_ca6f4deb.png Requested by Host: return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com URL: https://return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com/refunds_getstatus-forms1-irfof_IRServlet-en_lang/home_files/app.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::6815:4183 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `2450003b3f79d0d1668b023756226c39ef068d6ca81f4e495901ea7475bd8de0` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com/refunds_getstatus-forms1-irfof_IRServlet-en_lang/home_files/app.css Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 14 May 2024 18:34:05 GMT content-encoding br cf-cache-status MISS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CuTcYvDpnc80LbenT7n8L6QhL9lNJNQSzmhAkTZ7alg172EgiRTI4qZRmISRFC8cMK7pzAySMLPR1bP%2BFn9V%2FcwXsNvEFQN80g2tNwq6XmUE1mCtpvmv5GAuU%2FNNMX%2FZfGrfysqU8ct4JEElK863rkorgyn8GJD0m7iwYwMs1BvaA9HJwVkw%2Fzr9AyKynQSJIfdGQsDgvj%2BDDamLez1OV3djBK%2FJ7jM8Hrv86alRdg%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=iso-8859-1 cache-control max-age=14400 cf-ray 883cfaf9eb4b0473-CDG alt-svc h3=":443"; ma=86400
GET H3	200	us.png return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com/refunds_getstatus-forms1-irfof_IRServlet-en_lang/home_files/	19 KB 19 KB	84ms 83ms	Image image/png	2606:4700:3034::6815:4183 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com/refunds_getstatus-forms1-irfof_IRServlet-en_lang/home_files/us.png Requested by Host: return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com URL: https://return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com/refunds_getstatus-forms1-irfof_IRServlet-en_lang/home_files/app.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::6815:4183 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `e2a82173e0e65eefeb0ad04c62d3c8fe8d6d2ddd8cf7d40bb4fafeeaa6be7631` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com/refunds_getstatus-forms1-irfof_IRServlet-en_lang/home_files/app.css Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 14 May 2024 18:34:05 GMT cf-cache-status MISS last-modified Wed, 08 Jun 2022 21:11:51 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "4b82-5e0f6276413c0" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pydpqmALnDVa%2FvJHsxH1YbsK3EeNIx5lla04t5Gm2McR6MdSX5skee0jJ%2FGuIL%2BCRSIcZssmgqU%2FOHNwvsq3VUCrY4L7QhLaKjUT9PWGtRlXB0iOV1xCrMkp4SGUuPRYuVtvr7ABvmnT2m5yWKKfU7%2Bb5F1Kz2oE5aJO1U1L%2FD%2Fr4uxFQff%2Bc4lE46d9%2B18m9%2B%2BBOvl%2BJJQZ9DD7GjIpTcfT4VvmgYLpaTiQ%2Fqdb3w%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 accept-ranges bytes cf-ray 883cfaf9eb4e0473-CDG alt-svc h3=":443"; ma=86400 content-length 19330
GET H3	200	favicon.ico return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com/refunds_getstatus-forms1-irfof_IRServlet-en_lang/home_files/	4 KB 1 KB	57ms 57ms	Other image/vnd.microsoft.icon	2606:4700:3034::6815:4183 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com/refunds_getstatus-forms1-irfof_IRServlet-en_lang/home_files/favicon.ico Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::6815:4183 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `6d63881e43e08ef385e6c809b43b2b289a459fb2f30d5159000e2477d776b456` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com/refunds_getstatus-forms1-irfof_IRServlet-en_lang/home.html?resource_url=https://sa.www4.irs.gov/irfof/lang/en/irfofgetstatus.jsp=BiOqUMyNHaCxDUPM&clmID=eZvGZHTXxHtFMUlWwBwkxtAwOfWLVim Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 14 May 2024 18:34:05 GMT content-encoding br cf-cache-status MISS last-modified Wed, 08 Jun 2022 21:10:31 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"e36-5e0f6229f5fc0" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DB5G5B%2Bz7MJnSH%2FpefDGSLGRyPg2bWGuLCoWpWuGOUnGOfieJdz2XIAsa1vNISJIfAp5X1ghBdjcZuqLDf7IKTBlrzO0y7wq1oGdfNxuOiRzvD62gg3DXOtR0kUXUC%2FttmOVi9i76xXtQwll1nXWGwbScAZ%2Bmvs028NzQ6SMUmWOEYOrDEUx%2FRWoPpPKxlCpczRgpQRA4B1BroCLKWDrt%2FPQK%2BYpOWgR%2FNaocAFFnA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/vnd.microsoft.icon cache-control max-age=14400 cf-ray 883cfafa8c8f0473-CDG alt-svc h3=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: IRS (Government)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: cqhmeabjhgj4uc7pi92bs0q340

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com/refunds_getstatus-forms1-irfof_IRServlet-en_lang/images/swirl_lighter_ca6f4deb.png Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com
2606:4700:3034::6815:4183
02ceea374fce34ce8272bb17a67fd862c8ff49eeb05938154570701ca7a62ea7
2450003b3f79d0d1668b023756226c39ef068d6ca81f4e495901ea7475bd8de0
5d3238bdb8ee9440978b31fadb2af34965dca58b179a1225e13316d4c6cfd5e8
60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36
6d63881e43e08ef385e6c809b43b2b289a459fb2f30d5159000e2477d776b456
6e36cbaf3540e440c09b3446686b42c434295b52d258ed9e89dfc7c25a90b982
8549844c9c013d824f5b7d01079edc1cfa3cb87f5f14a347ba52391361dafc02
a2538e625a9042c2cd54e13cf52221fce1831dd12c5ca4cdac23137ac22e3010
bec0021229acb826efda32e78841a7b97ffb73d3b922bd1bd98823a4377a5374
c091629a45d384695d3aa0fcea2210eab8edff323d8ecbf81e3a04fda820d7f4
c270883773a53da36d154ea13ce8ea8451489c25aabd20e60ef6eb65c4fe439d
c4abb35ccb93590308661b4dafacfe380c89aef07e2d94499d23f1637137bd1c
ca4df2bf400a42d8752e115f03366a90b2b4ed06b2da9ef429d41fda5f15705e
ce9771403b1bbc5611a4d7774f88876ad19600a4172073b24be19348d91c7d89
e2a82173e0e65eefeb0ad04c62d3c8fe8d6d2ddd8cf7d40bb4fafeeaa6be7631
fd8245e841b019e192658b02f6d510112f6793dace36c4b29cc44ab2ab6179cd

return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com Open in urlscan Pro 2606:4700:3034::6815:4183 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

17 Requests

100 %HTTPS

100 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

77 kBTransfer

265 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

6 JavaScript Global Variables

1 Cookies

2 Console Messages

Indicators

return-wheres-get_refund-faster-deposit_wmr-66438e3798f3d.arizonagirlsreport.com Open in urlscan Pro
2606:4700:3034::6815:4183 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

17
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

77 kB
Transfer

265 kB
Size

1
Cookies

17 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!