Report - www.hs2.wheresmystaterefund.com

Report Overview

Visitedpublic

2025-08-04 08:51:50

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
euob.youseasky.com	unknown	2022-08-01	2025-06-17	2025-07-29	495 B	116 kB	3.164.68.57
d38psrni17bvxu.cloudfront.net	unknown	2008-04-25	2022-09-22	2025-07-30	537 B	12 kB	3.167.7.19
obseu.youseasky.com	unknown	2022-08-01	2025-06-17	2025-07-29	10 kB	6.0 kB	3.248.162.96
www.hs2.wheresmystaterefund.com	unknown	unknown	No data	No data	3.0 kB	20 kB	185.53.177.52
www.google.com	7	1997-09-15	2015-05-10	2025-07-30	491 B	158 kB	142.250.178.36
syndicatedsearch.goog	unknown	2023-04-14	2023-09-25	2025-07-30	4.1 kB	176 kB	216.58.207.238
afs.googleusercontent.com	12123	2008-11-17	2013-05-06	2025-07-30	1.1 kB	2.2 kB	142.250.74.33

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2025-08-04 08:51:30	low	3.248.162.96	Client IP	ET INFO Observed ZeroSSL SSL/TLS Certificate

Threat Detection Systems

No alerts detected

JavaScript (0)

HTTP Transactions (21)

	URL	IP	Response	Size
	GET euob.youseasky.com/sxp/i/224f85302aa2b6ec30aac9a85da2cbf9.js	3.164.68.57	200 OK	116 kB
URL GET HTTPS euob.youseasky.com/sxp/i/224f85302aa2b6ec30aac9a85da2cbf9.js IP / ASN 3.164.68.57 #16509 AMAZON-02 Requested byhttps://www.hs2.wheresmystaterefund.com/ Resource Info File typedata First Seen2025-08-03 Last Seen2025-08-08 Times Seen19289 Size116 kB (115811 bytes) MD5a12a860d91016923a22175688d1609dc SHA16b9f0aa5775e6891e3b2302d90f3abc4e965c149 SHA256ab89c74340c8bcbad0098552d3ec484f387ed562e3d9158d1aaaec8d9535bae6 Certificate Info IssuerAmazon Subject.youseasky.com FingerprintF4:E4:C6:70:2D:8F:86:68:CF:5D:7A:6C:62:4B:B8:0B:CC:F2:4A:30 ValiditySun, 18 May 2025 00:00:00 GMT - Tue, 16 Jun 2026 23:59:59 GMT Technology Fingerprints Amazon CloudFront (CDN) Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds. Amazon Web Services (PaaS) Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality. Caddy (Web servers) N/A HTTP Headers `GET /sxp/i/224f85302aa2b6ec30aac9a85da2cbf9.js HTTP/1.1 Host: euob.youseasky.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://www.hs2.wheresmystaterefund.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK content-type: text/javascript; charset=utf-8 content-length: 42496 content-encoding: gzip server: Caddy date: Mon, 04 Aug 2025 05:27:38 GMT cache-control: max-age=43200 expires: Mon, 04 Aug 2025 17:27:38 GMT etag: "1c463-a58KpXdeaJHjsjAtkPOrxOllwUk" vary: accept-encoding x-cache: Hit from cloudfront via: 1.1 8e83ffcea906745255dd96fad91bf456.cloudfront.net (CloudFront) x-amz-cf-pop: HEL51-P4 x-amz-cf-id: rKOQxTgR48kICCzXLDhUxOmSL9T-2Fbbktd9f8Bm9rOWKClHobG6jw== age: 12231 X-Firefox-Spdy: h2

	GET d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/img/arrows.png	3.167.7.19	200 OK	11 kB
URL GET HTTPS d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/img/arrows.png IP / ASN 3.167.7.19 #0 Requested byhttps://www.hs2.wheresmystaterefund.com/ Resource Info File typePNG image data, 1500 x 600, 8-bit colormap, non-interlaced First Seen2023-04-05 Last Seen2025-08-08 Times Seen135114 Size11 kB (11375 bytes) MD50cb2e5165dc9324eb462199f04e1ffa9 SHA19e0f89847ec8a98d98a6020bc5c4ed32b7a48bf8 SHA25667dff0aad873050f12609885f2264417ccdd0d438311000a704c89f0865f7865 Certificate Info IssuerAmazon Subject.cloudfront.net Fingerprint8F:00:F1:34:A7:1E:27:1C:CF:CD:A6:53:8B:C4:82:B0:68:BC:C8:72 ValidityMon, 05 May 2025 00:00:00 GMT - Thu, 23 Apr 2026 23:59:59 GMT Technology Fingerprints Nginx (Web servers, Reverse proxies) Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache. Amazon CloudFront (CDN) Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds. Amazon Web Services (PaaS) Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality. HTTP Headers GET /themes/cleanPeppermintBlack_657d9013/img/arrows.png HTTP/1.1 Host: d38psrni17bvxu.cloudfront.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 Accept: image/avif,image/webp,/* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://www.hs2.wheresmystaterefund.com/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/2 200 OK content-type: image/png content-length: 11375 server: nginx date: Mon, 04 Aug 2025 05:29:31 GMT accept-ranges: bytes last-modified: Thu, 21 Mar 2024 11:48:11 GMT etag: "czzekhpxmtxd8rz" vary: Accept-Encoding x-cache: Hit from cloudfront via: 1.1 50a19afbefe1a01ca6a87078a2b119c2.cloudfront.net (CloudFront) x-amz-cf-pop: OSL50-P2 x-amz-cf-id: pc2QRD0hTexg-7PtE-MVcuFFAikyoNd2QXBk_AwQg2uVB3TC9ZlBrQ== age: 12118 X-Firefox-Spdy: h2`

	GET obseu.youseasky.com/ct?id=80705&url=https%3A%2F%2Fwww.hs2.wheresmystaterefund.com%2F&sf=0&tpi=&ch=AdsDeli%20-%20domain%20-%20landingpage&uvid=e6c98e00973d998bdf523c4dee432bb6f012f70d&tsf=0&tsfmi=&tsfu=&cb=1754297490022&hl=2&op=0&ag=637386554&rand=9421220127255575980910265690101500181110050005821727618857252572612099820090263705906126&fs=1280x1024&fst=1280x1024&np=win32&nv=&ref=&ss=1280x1024&nc=0&at=&di=W1siZWYiLDgyNTddLFsiYWJuY2giLDIxXSxbLTUsIi0iXSxbLTE3LCI0OCJdLFstMjAsIi0iXSxbLTM2LCJbXCI1LzRcIixcIjUvNFwiXSJdLFstNTIsIi0iXSxbLTMwLCJbXCJ2XCIsMF0iXSxbLTMzLCItIl0sWy0zNCwiLSJdLFstNDIsIjg4MzM5OTAxNiJdLFstNDMsIjAwMDAwMDAxMDAwMDAwMDAwMDExMTAwMTAwMDAwMTAwMDAwMDAwMDAwIl0sWy01MywiMDAxIl0sWy02NywiLSJdLFstMiwiOSxJc045bkduV2JBWUFJeE5mUWFPcUdFMENGQVFzY0cwMEluaE9iWUJBS1lVT3pRTzZFWDAyMEltR0xjdTYydXJkUC9jMmQycE5tVlpBd2YzLy84ejc5R3JIYTFXdTNPbVhQUHZlIl0sWy02LCJ7XCJ3XCI6W1wiMFwiLFwidGNibG9ja1wiLFwic2VhcmNoYm94QmxvY2tcIixcImdldFhNTGh0dHBcIixcImFqYXhRdWVyeVwiLFwiYWpheEJhY2tmaWxsXCIsXCJsb2FkRmVlZFwiLFwieG1sSHR0cFwiLFwibHNcIixcImdldExvYWRGZWVkQXJndW1lbnRzXCIsXCJOb3RpZnlQYWludEV2ZW50XCIsXCJfX2N0Y2dfY3RfODA3MDVfZXhlY1wiXSxcIm5cIjpbXSxcImRcIjpbXX0iXSxbLTgsIi0iXSxbLTksIi0iXSxbLTE1LCItIl0sWy0yOCwiZW4tVVMsZW4iXSxbLTMxLCJmYWxzZSJdLFstNDAsIjM3Il0sWy01MCwiLSJdLFstNjgsIi0iXSxbLTcwLCItIl0sWy0xNiwiMCJdLFstMjMsIisiXSxbLTM4LCJpLC0xLC0xLDI1LDAsMSwwLDI4LDExMiw1NSwtMSwwLCw1NzcsODQyLDg0MiJdLFstNDYsIjAiXSxbLTQ4LCJbXCItXCIsXCItXCIsXCItXCIsXCItXCIsXCItXCJdIl0sWy0zMiwiMCJdLFstNDEsIi0iXSxbLTUxLCItIl0sWy01NSwiMCJdLFstMSwiTGludXggeDg2XzY0Il0sWzEyLCJ7XCJjdHhcIjpcIndlYmdsXCIsXCJ2XCI6XCJtZXNhXCIsXCJyXCI6XCJsbHZtcGlwZVwiLFwic2x2XCI6XCJ3ZWJnbCBnbHNsIGVzIDEuMFwiLFwiZ3ZlclwiOlwid2ViZ2wgMS4wXCIsXCJndmVuXCI6XCJtb3ppbGxhXCIsXCJiZW5cIjo5MixcIndnbFwiOjEsXCJncmVuXCI6XCJsbHZtcGlwZVwiLFwic2VmXCI6NDk0MTk1MDQzLFwic2VjXCI6XCJcIn0iXSxbLTExLCJ7XCJ0XCI6XCJcIixcIm1cIjpbXX0iXSxbLTQ1LCI3NTIsMCwwLDcxOSwwLDAsNzYxLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAiXSxbLTQ5LCItIl0sWy01OSwiLSJdLFstMywiW1wiaW50ZXJuYWwtcGRmLXZpZXdlclwiLFwiaW50ZXJuYWwtcGRmLXZpZXdlclwiLFwiaW50ZXJuYWwtcGRmLXZpZXdlclwiLFwiaW50ZXJuYWwtcGRmLXZpZXdlclwiLFwiaW50ZXJuYWwtcGRmLXZpZXdlclwiXSJdLFstNCwiLSJdLFstMTIsIlwiMVwiIl0sWy0yNSwiLSJdLFstNTgsIi0iXSxbLTYxLCItIl0sWy02MiwiNTgiXSxbLTY1LCItIl0sWy03MywiRWhRPSJdLFstMTAsIi0iXSxbLTE5LCJbMCwwLDAsMCwwLDAsMSwyNCwyNCxcIi1cIiwxMjgwLDEwMjQsMTI4MCwxMDI0LDEyODAsMTAyNCwxMjgwLDEwMjQsMCwwLDAsMCxcIi1cIixcIi1cIiwxMjgwLDEwMjQsbnVsbF0iXSxbLTI0LCJbXSJdLFstMjYsIi0iXSxbLTU0LCJ7XCJoXCI6W1wiMzI5OTcyODQ1MlwiLFwiODIyODIzMTE5XCIsXCJfM1wiLFwiMjYzOTIyMjQ2OFwiXSxcImRcIjpbXSxcImJcIjpbXCJfMFwiLFwiMjY0NjAzODgyXCJdLFwic1wiOjF9Il0sWy01NiwibGFuZHNjYXBlLXByaW1hcnkiXSxbLTU3LCJTM2xSVFUxSlNnTVdGbHhNVmxzWFFGWk1TbHhZU2xKQUYxcFdWQlpLUVVrV1VCWUxDdzFmQVF3S0NRdFlXQXRiRDF4YUNnbFlXRm9BV0FFTVhWZ0xXbHRmQUJkVFNnTUlBdzhNQ1FrS0ZRNElBQlpORjF4QlNWWkxUVW9XQlhsUlRVMUpTZ01XRmx4TVZsc1hRRlpNU2x4WVNsSkFGMXBXVkJaS1FVa1dVQllMQ3cxZkFRd0tDUXRZV0F0YkQxeGFDZ2xZV0ZvQVdBRU1YVmdMV2x0ZkFCZFRTZ01JQXc4TUNBQUFGVXBjVFcxUVZGeFdURTBaVVZoWFhWVmNTeE1PQ0FBV1RSZGNRVWxXUzAxS0ZnVjVVVTFOU1VvREZoWmNURlpiRjBCV1RFcGNXRXBTUUJkYVZsUVdTa0ZKRmxBV0N3c05Yd0VNQ2drTFdGZ0xXdzljV2c9PSJdLFstNjksIldpbjMyfHx8NDh8LXwtIl0sWy03MSwiYTAxMDAxMDExMDAxMDAxMDEwMDAxMDEwMDExMDExMDAwMDAwMTAiXSxbLTcyLCJFeFU9Il0sWy03LCItIl0sWy0yNywiLSJdLFstMzUsIlsxNzU0Mjk3NDg5OTY5LDBdIl0sWyJibmNoIiwzODddLFstMTQsIi0iXSxbLTIyLCJbXCJuXCIsXCJuXCJdIl0sWy0yOSwiLSJdLFstNDQsIjAsNSwwLDUiXSxbLTQ3LCJVVEMsZW4tVVMsbGF0bixncmVnb3J5Il0sWy02NiwiLSJdLFstMTMsIi0iXSxbLTE4LCJbMSwwLDAsMF0iXSxbLTIxLCItIl0sWy0zNywiLSJdLFstMzksIltcIjIwMTAwMTAxXCIsMixcIkdlY2tvXCIsXCJOZXRzY2FwZVwiLFwiTW96aWxsYVwiLFwiMjAxODEwMDEwMDAwMDBcIixudWxsLGZhbHNlLG51bGwsZmFsc2UsbnVsbCw1LHRydWUsZmFsc2UsbnVsbCwwLGZhbHNlLGZhbHNlLGZhbHNlLGZhbHNlXSJdLFstNjAsIi0iXSxbLTYzLCItIl0sWy02NCwiLSJdLFstNzQsIi0iXSxbImRkYiIsIjEsOCwwLDAsMSwzLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDEsMCwwLDAsMywwLDAsMCwzLDAsMCwwLDAsMCwxLDIsMSw1MiwwLDE5LDAsMCwwLDAsMCwxLDIsMCwwLDEsMSwwLDAsMCwwLDAsMCwwLDAsMSwwLDAsMSwwLDAsMCwwIl0sWyJjYiIsIjAsMCwwLDAsMCwwLDAsMSwxLDUsNiwwLDk1LDAsMCwxLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDEsMCwwLDAsMCwwLDAsMCwyLDAsMCwwLDAsMCwwLDAsMSwwLDAsMCwxLDAsMSwwLDEsMSwwLDEsMSwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDEsMCwwLDAsMCwwLDAsMCwwLDAsMSwwIl1d&dep=0&pre=0&sdd=&cri=rvWYWz92A2&pto=1108&ver=65&gac=-&mei=&ap=&fe=1&duid=1.1754297490.K9w7P2hAzJRLZCpk&suid=1.1754297490.eH5DTQICV7vxgjG9&tuid=1.1754297490.7Z47oqPSugAz56zZ&fbc=-&gtm=-&it=9%2C473%2C124&fbcl=-&gacl=-&gacsd=-&rtic=-&rtict=-&bgc=-&spa=1&urid=0&ab=&sck=-&io=aGA2Og%3D%3D	3.248.162.96	200 OK	3.8 kB
URL GET HTTPS obseu.youseasky.com/ct?id=80705&url=https%3A%2F%2Fwww.hs2.wheresmystaterefund.com%2F&sf=0&tpi=&ch=AdsDeli%20-%20domain%20-%20landingpage&uvid=e6c98e00973d998bdf523c4dee432bb6f012f70d&tsf=0&tsfmi=&tsfu=&cb=1754297490022&hl=2&op=0&ag=637386554&rand=9421220127255575980910265690101500181110050005821727618857252572612099820090263705906126&fs=1280x1024&fst=1280x1024&np=win32&nv=&ref=&ss=1280x1024&nc=0&at=&di=W1siZWYiLDgyNTddLFsiYWJuY2giLDIxXSxbLTUsIi0iXSxbLTE3LCI0OCJdLFstMjAsIi0iXSxbLTM2LCJbXCI1LzRcIixcIjUvNFwiXSJdLFstNTIsIi0iXSxbLTMwLCJbXCJ2XCIsMF0iXSxbLTMzLCItIl0sWy0zNCwiLSJdLFstNDIsIjg4MzM5OTAxNiJdLFstNDMsIjAwMDAwMDAxMDAwMDAwMDAwMDExMTAwMTAwMDAwMTAwMDAwMDAwMDAwIl0sWy01MywiMDAxIl0sWy02NywiLSJdLFstMiwiOSxJc045bkduV2JBWUFJeE5mUWFPcUdFMENGQVFzY0cwMEluaE9iWUJBS1lVT3pRTzZFWDAyMEltR0xjdTYydXJkUC9jMmQycE5tVlpBd2YzLy84ejc5R3JIYTFXdTNPbVhQUHZlIl0sWy02LCJ7XCJ3XCI6W1wiMFwiLFwidGNibG9ja1wiLFwic2VhcmNoYm94QmxvY2tcIixcImdldFhNTGh0dHBcIixcImFqYXhRdWVyeVwiLFwiYWpheEJhY2tmaWxsXCIsXCJsb2FkRmVlZFwiLFwieG1sSHR0cFwiLFwibHNcIixcImdldExvYWRGZWVkQXJndW1lbnRzXCIsXCJOb3RpZnlQYWludEV2ZW50XCIsXCJfX2N0Y2dfY3RfODA3MDVfZXhlY1wiXSxcIm5cIjpbXSxcImRcIjpbXX0iXSxbLTgsIi0iXSxbLTksIi0iXSxbLTE1LCItIl0sWy0yOCwiZW4tVVMsZW4iXSxbLTMxLCJmYWxzZSJdLFstNDAsIjM3Il0sWy01MCwiLSJdLFstNjgsIi0iXSxbLTcwLCItIl0sWy0xNiwiMCJdLFstMjMsIisiXSxbLTM4LCJpLC0xLC0xLDI1LDAsMSwwLDI4LDExMiw1NSwtMSwwLCw1NzcsODQyLDg0MiJdLFstNDYsIjAiXSxbLTQ4LCJbXCItXCIsXCItXCIsXCItXCIsXCItXCIsXCItXCJdIl0sWy0zMiwiMCJdLFstNDEsIi0iXSxbLTUxLCItIl0sWy01NSwiMCJdLFstMSwiTGludXggeDg2XzY0Il0sWzEyLCJ7XCJjdHhcIjpcIndlYmdsXCIsXCJ2XCI6XCJtZXNhXCIsXCJyXCI6XCJsbHZtcGlwZVwiLFwic2x2XCI6XCJ3ZWJnbCBnbHNsIGVzIDEuMFwiLFwiZ3ZlclwiOlwid2ViZ2wgMS4wXCIsXCJndmVuXCI6XCJtb3ppbGxhXCIsXCJiZW5cIjo5MixcIndnbFwiOjEsXCJncmVuXCI6XCJsbHZtcGlwZVwiLFwic2VmXCI6NDk0MTk1MDQzLFwic2VjXCI6XCJcIn0iXSxbLTExLCJ7XCJ0XCI6XCJcIixcIm1cIjpbXX0iXSxbLTQ1LCI3NTIsMCwwLDcxOSwwLDAsNzYxLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAiXSxbLTQ5LCItIl0sWy01OSwiLSJdLFstMywiW1wiaW50ZXJuYWwtcGRmLXZpZXdlclwiLFwiaW50ZXJuYWwtcGRmLXZpZXdlclwiLFwiaW50ZXJuYWwtcGRmLXZpZXdlclwiLFwiaW50ZXJuYWwtcGRmLXZpZXdlclwiLFwiaW50ZXJuYWwtcGRmLXZpZXdlclwiXSJdLFstNCwiLSJdLFstMTIsIlwiMVwiIl0sWy0yNSwiLSJdLFstNTgsIi0iXSxbLTYxLCItIl0sWy02MiwiNTgiXSxbLTY1LCItIl0sWy03MywiRWhRPSJdLFstMTAsIi0iXSxbLTE5LCJbMCwwLDAsMCwwLDAsMSwyNCwyNCxcIi1cIiwxMjgwLDEwMjQsMTI4MCwxMDI0LDEyODAsMTAyNCwxMjgwLDEwMjQsMCwwLDAsMCxcIi1cIixcIi1cIiwxMjgwLDEwMjQsbnVsbF0iXSxbLTI0LCJbXSJdLFstMjYsIi0iXSxbLTU0LCJ7XCJoXCI6W1wiMzI5OTcyODQ1MlwiLFwiODIyODIzMTE5XCIsXCJfM1wiLFwiMjYzOTIyMjQ2OFwiXSxcImRcIjpbXSxcImJcIjpbXCJfMFwiLFwiMjY0NjAzODgyXCJdLFwic1wiOjF9Il0sWy01NiwibGFuZHNjYXBlLXByaW1hcnkiXSxbLTU3LCJTM2xSVFUxSlNnTVdGbHhNVmxzWFFGWk1TbHhZU2xKQUYxcFdWQlpLUVVrV1VCWUxDdzFmQVF3S0NRdFlXQXRiRDF4YUNnbFlXRm9BV0FFTVhWZ0xXbHRmQUJkVFNnTUlBdzhNQ1FrS0ZRNElBQlpORjF4QlNWWkxUVW9XQlhsUlRVMUpTZ01XRmx4TVZsc1hRRlpNU2x4WVNsSkFGMXBXVkJaS1FVa1dVQllMQ3cxZkFRd0tDUXRZV0F0YkQxeGFDZ2xZV0ZvQVdBRU1YVmdMV2x0ZkFCZFRTZ01JQXc4TUNBQUFGVXBjVFcxUVZGeFdURTBaVVZoWFhWVmNTeE1PQ0FBV1RSZGNRVWxXUzAxS0ZnVjVVVTFOU1VvREZoWmNURlpiRjBCV1RFcGNXRXBTUUJkYVZsUVdTa0ZKRmxBV0N3c05Yd0VNQ2drTFdGZ0xXdzljV2c9PSJdLFstNjksIldpbjMyfHx8NDh8LXwtIl0sWy03MSwiYTAxMDAxMDExMDAxMDAxMDEwMDAxMDEwMDExMDExMDAwMDAwMTAiXSxbLTcyLCJFeFU9Il0sWy03LCItIl0sWy0yNywiLSJdLFstMzUsIlsxNzU0Mjk3NDg5OTY5LDBdIl0sWyJibmNoIiwzODddLFstMTQsIi0iXSxbLTIyLCJbXCJuXCIsXCJuXCJdIl0sWy0yOSwiLSJdLFstNDQsIjAsNSwwLDUiXSxbLTQ3LCJVVEMsZW4tVVMsbGF0bixncmVnb3J5Il0sWy02NiwiLSJdLFstMTMsIi0iXSxbLTE4LCJbMSwwLDAsMF0iXSxbLTIxLCItIl0sWy0zNywiLSJdLFstMzksIltcIjIwMTAwMTAxXCIsMixcIkdlY2tvXCIsXCJOZXRzY2FwZVwiLFwiTW96aWxsYVwiLFwiMjAxODEwMDEwMDAwMDBcIixudWxsLGZhbHNlLG51bGwsZmFsc2UsbnVsbCw1LHRydWUsZmFsc2UsbnVsbCwwLGZhbHNlLGZhbHNlLGZhbHNlLGZhbHNlXSJdLFstNjAsIi0iXSxbLTYzLCItIl0sWy02NCwiLSJdLFstNzQsIi0iXSxbImRkYiIsIjEsOCwwLDAsMSwzLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDEsMCwwLDAsMywwLDAsMCwzLDAsMCwwLDAsMCwxLDIsMSw1MiwwLDE5LDAsMCwwLDAsMCwxLDIsMCwwLDEsMSwwLDAsMCwwLDAsMCwwLDAsMSwwLDAsMSwwLDAsMCwwIl0sWyJjYiIsIjAsMCwwLDAsMCwwLDAsMSwxLDUsNiwwLDk1LDAsMCwxLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDEsMCwwLDAsMCwwLDAsMCwyLDAsMCwwLDAsMCwwLDAsMSwwLDAsMCwxLDAsMSwwLDEsMSwwLDEsMSwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDEsMCwwLDAsMCwwLDAsMCwwLDAsMSwwIl1d&dep=0&pre=0&sdd=&cri=rvWYWz92A2&pto=1108&ver=65&gac=-&mei=&ap=&fe=1&duid=1.1754297490.K9w7P2hAzJRLZCpk&suid=1.1754297490.eH5DTQICV7vxgjG9&tuid=1.1754297490.7Z47oqPSugAz56zZ&fbc=-&gtm=-&it=9%2C473%2C124&fbcl=-&gacl=-&gacsd=-&rtic=-&rtict=-&bgc=-&spa=1&urid=0&ab=&sck=-&io=aGA2Og%3D%3D IP / ASN 3.248.162.96 #16509 AMAZON-02 Requested byhttps://www.hs2.wheresmystaterefund.com/ Resource Info File typeJavaScript source, ASCII text, with very long lines (3773), with no line terminators First Seen2025-08-04 Last Seen2025-08-04 Times Seen1 Size3.8 kB (3773 bytes) MD5f2cae531de82ff4af1923b6988c00fdb SHA127f1b40dd67ae025b253072c1501d9a4a6bcd7df SHA25694b35022a5ee46fab6da98c22fdf26db834c1ac4d3d5681529ee098f5409674a Certificate Info IssuerZeroSSL Subject.youseasky.com Fingerprint8D:AA:00:E1:90:E8:D3:F6:92:1B:91:14:B1:97:FC:21:E4:51:04:AC ValiditySun, 06 Jul 2025 00:00:00 GMT - Sat, 04 Oct 2025 23:59:59 GMT HTTP Headers GET /ct?id=80705&url=https%3A%2F%2Fwww.hs2.wheresmystaterefund.com%2F&sf=0&tpi=&ch=AdsDeli%20-%20domain%20-%20landingpage&uvid=e6c98e00973d998bdf523c4dee432bb6f012f70d&tsf=0&tsfmi=&tsfu=&cb=1754297490022&hl=2&op=0&ag=637386554&rand=9421220127255575980910265690101500181110050005821727618857252572612099820090263705906126&fs=1280x1024&fst=1280x1024&np=win32&nv=&ref=&ss=1280x1024&nc=0&at=&di=W1siZWYiLDgyNTddLFsiYWJuY2giLDIxXSxbLTUsIi0iXSxbLTE3LCI0OCJdLFstMjAsIi0iXSxbLTM2LCJbXCI1LzRcIixcIjUvNFwiXSJdLFstNTIsIi0iXSxbLTMwLCJbXCJ2XCIsMF0iXSxbLTMzLCItIl0sWy0zNCwiLSJdLFstNDIsIjg4MzM5OTAxNiJdLFstNDMsIjAwMDAwMDAxMDAwMDAwMDAwMDExMTAwMTAwMDAwMTAwMDAwMDAwMDAwIl0sWy01MywiMDAxIl0sWy02NywiLSJdLFstMiwiOSxJc045bkduV2JBWUFJeE5mUWFPcUdFMENGQVFzY0cwMEluaE9iWUJBS1lVT3pRTzZFWDAyMEltR0xjdTYydXJkUC9jMmQycE5tVlpBd2YzLy84ejc5R3JIYTFXdTNPbVhQUHZlIl0sWy02LCJ7XCJ3XCI6W1wiMFwiLFwidGNibG9ja1wiLFwic2VhcmNoYm94QmxvY2tcIixcImdldFhNTGh0dHBcIixcImFqYXhRdWVyeVwiLFwiYWpheEJhY2tmaWxsXCIsXCJsb2FkRmVlZFwiLFwieG1sSHR0cFwiLFwibHNcIixcImdldExvYWRGZWVkQXJndW1lbnRzXCIsXCJOb3RpZnlQYWludEV2ZW50XCIsXCJfX2N0Y2dfY3RfODA3MDVfZXhlY1wiXSxcIm5cIjpbXSxcImRcIjpbXX0iXSxbLTgsIi0iXSxbLTksIi0iXSxbLTE1LCItIl0sWy0yOCwiZW4tVVMsZW4iXSxbLTMxLCJmYWxzZSJdLFstNDAsIjM3Il0sWy01MCwiLSJdLFstNjgsIi0iXSxbLTcwLCItIl0sWy0xNiwiMCJdLFstMjMsIisiXSxbLTM4LCJpLC0xLC0xLDI1LDAsMSwwLDI4LDExMiw1NSwtMSwwLCw1NzcsODQyLDg0MiJdLFstNDYsIjAiXSxbLTQ4LCJbXCItXCIsXCItXCIsXCItXCIsXCItXCIsXCItXCJdIl0sWy0zMiwiMCJdLFstNDEsIi0iXSxbLTUxLCItIl0sWy01NSwiMCJdLFstMSwiTGludXggeDg2XzY0Il0sWzEyLCJ7XCJjdHhcIjpcIndlYmdsXCIsXCJ2XCI6XCJtZXNhXCIsXCJyXCI6XCJsbHZtcGlwZVwiLFwic2x2XCI6XCJ3ZWJnbCBnbHNsIGVzIDEuMFwiLFwiZ3ZlclwiOlwid2ViZ2wgMS4wXCIsXCJndmVuXCI6XCJtb3ppbGxhXCIsXCJiZW5cIjo5MixcIndnbFwiOjEsXCJncmVuXCI6XCJsbHZtcGlwZVwiLFwic2VmXCI6NDk0MTk1MDQzLFwic2VjXCI6XCJcIn0iXSxbLTExLCJ7XCJ0XCI6XCJcIixcIm1cIjpbXX0iXSxbLTQ1LCI3NTIsMCwwLDcxOSwwLDAsNzYxLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAiXSxbLTQ5LCItIl0sWy01OSwiLSJdLFstMywiW1wiaW50ZXJuYWwtcGRmLXZpZXdlclwiLFwiaW50ZXJuYWwtcGRmLXZpZXdlclwiLFwiaW50ZXJuYWwtcGRmLXZpZXdlclwiLFwiaW50ZXJuYWwtcGRmLXZpZXdlclwiLFwiaW50ZXJuYWwtcGRmLXZpZXdlclwiXSJdLFstNCwiLSJdLFstMTIsIlwiMVwiIl0sWy0yNSwiLSJdLFstNTgsIi0iXSxbLTYxLCItIl0sWy02MiwiNTgiXSxbLTY1LCItIl0sWy03MywiRWhRPSJdLFstMTAsIi0iXSxbLTE5LCJbMCwwLDAsMCwwLDAsMSwyNCwyNCxcIi1cIiwxMjgwLDEwMjQsMTI4MCwxMDI0LDEyODAsMTAyNCwxMjgwLDEwMjQsMCwwLDAsMCxcIi1cIixcIi1cIiwxMjgwLDEwMjQsbnVsbF0iXSxbLTI0LCJbXSJdLFstMjYsIi0iXSxbLTU0LCJ7XCJoXCI6W1wiMzI5OTcyODQ1MlwiLFwiODIyODIzMTE5XCIsXCJfM1wiLFwiMjYzOTIyMjQ2OFwiXSxcImRcIjpbXSxcImJcIjpbXCJfMFwiLFwiMjY0NjAzODgyXCJdLFwic1wiOjF9Il0sWy01NiwibGFuZHNjYXBlLXByaW1hcnkiXSxbLTU3LCJTM2xSVFUxSlNnTVdGbHhNVmxzWFFGWk1TbHhZU2xKQUYxcFdWQlpLUVVrV1VCWUxDdzFmQVF3S0NRdFlXQXRiRDF4YUNnbFlXRm9BV0FFTVhWZ0xXbHRmQUJkVFNnTUlBdzhNQ1FrS0ZRNElBQlpORjF4QlNWWkxUVW9XQlhsUlRVMUpTZ01XRmx4TVZsc1hRRlpNU2x4WVNsSkFGMXBXVkJaS1FVa1dVQllMQ3cxZkFRd0tDUXRZV0F0YkQxeGFDZ2xZV0ZvQVdBRU1YVmdMV2x0ZkFCZFRTZ01JQXc4TUNBQUFGVXBjVFcxUVZGeFdURTBaVVZoWFhWVmNTeE1PQ0FBV1RSZGNRVWxXUzAxS0ZnVjVVVTFOU1VvREZoWmNURlpiRjBCV1RFcGNXRXBTUUJkYVZsUVdTa0ZKRmxBV0N3c05Yd0VNQ2drTFdGZ0xXdzljV2c9PSJdLFstNjksIldpbjMyfHx8NDh8LXwtIl0sWy03MSwiYTAxMDAxMDExMDAxMDAxMDEwMDAxMDEwMDExMDExMDAwMDAwMTAiXSxbLTcyLCJFeFU9Il0sWy03LCItIl0sWy0yNywiLSJdLFstMzUsIlsxNzU0Mjk3NDg5OTY5LDBdIl0sWyJibmNoIiwzODddLFstMTQsIi0iXSxbLTIyLCJbXCJuXCIsXCJuXCJdIl0sWy0yOSwiLSJdLFstNDQsIjAsNSwwLDUiXSxbLTQ3LCJVVEMsZW4tVVMsbGF0bixncmVnb3J5Il0sWy02NiwiLSJdLFstMTMsIi0iXSxbLTE4LCJbMSwwLDAsMF0iXSxbLTIxLCItIl0sWy0zNywiLSJdLFstMzksIltcIjIwMTAwMTAxXCIsMixcIkdlY2tvXCIsXCJOZXRzY2FwZVwiLFwiTW96aWxsYVwiLFwiMjAxODEwMDEwMDAwMDBcIixudWxsLGZhbHNlLG51bGwsZmFsc2UsbnVsbCw1LHRydWUsZmFsc2UsbnVsbCwwLGZhbHNlLGZhbHNlLGZhbHNlLGZhbHNlXSJdLFstNjAsIi0iXSxbLTYzLCItIl0sWy02NCwiLSJdLFstNzQsIi0iXSxbImRkYiIsIjEsOCwwLDAsMSwzLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDEsMCwwLDAsMywwLDAsMCwzLDAsMCwwLDAsMCwxLDIsMSw1MiwwLDE5LDAsMCwwLDAsMCwxLDIsMCwwLDEsMSwwLDAsMCwwLDAsMCwwLDAsMSwwLDAsMSwwLDAsMCwwIl0sWyJjYiIsIjAsMCwwLDAsMCwwLDAsMSwxLDUsNiwwLDk1LDAsMCwxLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDEsMCwwLDAsMCwwLDAsMCwyLDAsMCwwLDAsMCwwLDAsMSwwLDAsMCwxLDAsMSwwLDEsMSwwLDEsMSwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDEsMCwwLDAsMCwwLDAsMCwwLDAsMSwwIl1d&dep=0&pre=0&sdd=&cri=rvWYWz92A2&pto=1108&ver=65&gac=-&mei=&ap=&fe=1&duid=1.1754297490.K9w7P2hAzJRLZCpk&suid=1.1754297490.eH5DTQICV7vxgjG9&tuid=1.1754297490.7Z47oqPSugAz56zZ&fbc=-&gtm=-&it=9%2C473%2C124&fbcl=-&gacl=-&gacsd=-&rtic=-&rtict=-&bgc=-&spa=1&urid=0&ab=&sck=-&io=aGA2Og%3D%3D HTTP/1.1 Host: obseu.youseasky.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://www.hs2.wheresmystaterefund.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/2 200 OK cache-control: no-cache, no-store, must-revalidate content-encoding: gzip content-type: text/javascript date: Mon, 04 Aug 2025 08:51:30 GMT expires: Fri, 01 Jan 1990 00:00:00 GMT pragma: no-cache set-cookie: cg_uuid=fa4ec46e4f1a00c04785a25385d99c60; Max-Age=29030400; Path=/; Expires=Mon, 06 Jul 2026 08:51:30 GMT; HttpOnly; Secure; SameSite=None timing-allow-origin: https://www.hs2.wheresmystaterefund.com content-length: 1291 X-Firefox-Spdy: h2`

	GET www.hs2.wheresmystaterefund.com/munin/a/tr/answercheck/yes?domain=wheresmystaterefund.com&caf=1&toggle=answercheck&answer=yes&uid=MTc1NDI5NzQ4OS4xMDU6ZTFlMmVmY2I4OTQyMTIwOTgwNzJjMTNmNzM3YzE5OTY2OWIzOTZkNjVjNjM0ZmM3OGI1Yjk1OGVmODQ1ZDA3MDo2ODkwNzQ5MTE5YTU1	185.53.177.52	200 OK	0 B
URL GET HTTPS www.hs2.wheresmystaterefund.com/munin/a/tr/answercheck/yes?domain=wheresmystaterefund.com&caf=1&toggle=answercheck&answer=yes&uid=MTc1NDI5NzQ4OS4xMDU6ZTFlMmVmY2I4OTQyMTIwOTgwNzJjMTNmNzM3YzE5OTY2OWIzOTZkNjVjNjM0ZmM3OGI1Yjk1OGVmODQ1ZDA3MDo2ODkwNzQ5MTE5YTU1 IP / ASN 185.53.177.52 #61969 Team Internet AG Requested byhttps://www.hs2.wheresmystaterefund.com/ Resource Info File typeN/A First Seen0001-01-01 Last Seen2025-08-08 Times Seen5720982 Size0 B (0 bytes) MD5d41d8cd98f00b204e9800998ecf8427e SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Certificate Info IssuerLet's Encrypt Subjectwww.hs2.wheresmystaterefund.com FingerprintA7:9C:95:FB:D6:EF:6F:8E:7C:81:76:A0:4B:62:D6:F8:B2:17:35:3D ValidityMon, 04 Aug 2025 07:32:31 GMT - Sun, 02 Nov 2025 07:32:30 GMT HTTP Headers GET /munin/a/tr/answercheck/yes?domain=wheresmystaterefund.com&caf=1&toggle=answercheck&answer=yes&uid=MTc1NDI5NzQ4OS4xMDU6ZTFlMmVmY2I4OTQyMTIwOTgwNzJjMTNmNzM3YzE5OTY2OWIzOTZkNjVjNjM0ZmM3OGI1Yjk1OGVmODQ1ZDA3MDo2ODkwNzQ5MTE5YTU1 HTTP/1.1 Host: www.hs2.wheresmystaterefund.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://www.hs2.wheresmystaterefund.com/ Cookie: _cq_duid=1.1754297490.K9w7P2hAzJRLZCpk; _cq_suid=1.1754297490.eH5DTQICV7vxgjG9 Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache `HTTP/2 200 OK accept-ch: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile accept-ch-lifetime: 30 access-control-allow-origin: * alt-svc: h3=":8443"; ma=2592000 content-type: text/html; charset=UTF-8 date: Mon, 04 Aug 2025 08:51:30 GMT via: 1.1 Caddy, 0.0 Caddy x-custom-track: answercheck content-length: 0 X-Firefox-Spdy: h2`

	POST obseu.youseasky.com/mon	3.248.162.96	200 OK	0 B
URL POST HTTPS obseu.youseasky.com/mon IP / ASN 3.248.162.96 #16509 AMAZON-02 Requested byhttps://www.hs2.wheresmystaterefund.com/ Resource Info File typeN/A First Seen0001-01-01 Last Seen2025-08-08 Times Seen5720982 Size0 B (0 bytes) MD5d41d8cd98f00b204e9800998ecf8427e SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Certificate Info IssuerZeroSSL Subject.youseasky.com Fingerprint8D:AA:00:E1:90:E8:D3:F6:92:1B:91:14:B1:97:FC:21:E4:51:04:AC ValiditySun, 06 Jul 2025 00:00:00 GMT - Sat, 04 Oct 2025 23:59:59 GMT HTTP Headers POST /mon HTTP/1.1 Host: obseu.youseasky.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Content-Length: 1917 Origin: https://www.hs2.wheresmystaterefund.com DNT: 1 Connection: keep-alive Referer: https://www.hs2.wheresmystaterefund.com/ Cookie: cg_uuid=fa4ec46e4f1a00c04785a25385d99c60 Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/2 200 OK access-control-allow-credentials: true access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE access-control-allow-origin: https://www.hs2.wheresmystaterefund.com content-type: application/json date: Mon, 04 Aug 2025 08:51:33 GMT content-length: 0 X-Firefox-Spdy: h2`

	POST obseu.youseasky.com/mon	3.248.162.96	200 OK	0 B
URL POST HTTPS obseu.youseasky.com/mon IP / ASN 3.248.162.96 #16509 AMAZON-02 Requested byhttps://www.hs2.wheresmystaterefund.com/ Resource Info File typeN/A First Seen0001-01-01 Last Seen2025-08-08 Times Seen5720982 Size0 B (0 bytes) MD5d41d8cd98f00b204e9800998ecf8427e SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Certificate Info IssuerZeroSSL Subject.youseasky.com Fingerprint8D:AA:00:E1:90:E8:D3:F6:92:1B:91:14:B1:97:FC:21:E4:51:04:AC ValiditySun, 06 Jul 2025 00:00:00 GMT - Sat, 04 Oct 2025 23:59:59 GMT HTTP Headers POST /mon HTTP/1.1 Host: obseu.youseasky.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Content-Length: 1920 Origin: https://www.hs2.wheresmystaterefund.com DNT: 1 Connection: keep-alive Referer: https://www.hs2.wheresmystaterefund.com/ Cookie: cg_uuid=fa4ec46e4f1a00c04785a25385d99c60 Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/2 200 OK access-control-allow-credentials: true access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE access-control-allow-origin: https://www.hs2.wheresmystaterefund.com content-type: application/json date: Mon, 04 Aug 2025 08:51:45 GMT content-length: 0 X-Firefox-Spdy: h2`

	GET www.hs2.wheresmystaterefund.com/munin/a/tr/browserjs?domain=wheresmystaterefund.com&toggle=browserjs&uid=MTc1NDI5NzQ4OS4xMDU6ZTFlMmVmY2I4OTQyMTIwOTgwNzJjMTNmNzM3YzE5OTY2OWIzOTZkNjVjNjM0ZmM3OGI1Yjk1OGVmODQ1ZDA3MDo2ODkwNzQ5MTE5YTU1	185.53.177.52	200 OK	0 B
URL GET HTTPS www.hs2.wheresmystaterefund.com/munin/a/tr/browserjs?domain=wheresmystaterefund.com&toggle=browserjs&uid=MTc1NDI5NzQ4OS4xMDU6ZTFlMmVmY2I4OTQyMTIwOTgwNzJjMTNmNzM3YzE5OTY2OWIzOTZkNjVjNjM0ZmM3OGI1Yjk1OGVmODQ1ZDA3MDo2ODkwNzQ5MTE5YTU1 IP / ASN 185.53.177.52 #61969 Team Internet AG Requested byhttps://www.hs2.wheresmystaterefund.com/ Resource Info File typeN/A First Seen0001-01-01 Last Seen2025-08-08 Times Seen5720982 Size0 B (0 bytes) MD5d41d8cd98f00b204e9800998ecf8427e SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Certificate Info IssuerLet's Encrypt Subjectwww.hs2.wheresmystaterefund.com FingerprintA7:9C:95:FB:D6:EF:6F:8E:7C:81:76:A0:4B:62:D6:F8:B2:17:35:3D ValidityMon, 04 Aug 2025 07:32:31 GMT - Sun, 02 Nov 2025 07:32:30 GMT HTTP Headers GET /munin/a/tr/browserjs?domain=wheresmystaterefund.com&toggle=browserjs&uid=MTc1NDI5NzQ4OS4xMDU6ZTFlMmVmY2I4OTQyMTIwOTgwNzJjMTNmNzM3YzE5OTY2OWIzOTZkNjVjNjM0ZmM3OGI1Yjk1OGVmODQ1ZDA3MDo2ODkwNzQ5MTE5YTU1 HTTP/1.1 Host: www.hs2.wheresmystaterefund.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://www.hs2.wheresmystaterefund.com/ Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache `HTTP/2 200 OK accept-ch: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile accept-ch-lifetime: 30 access-control-allow-origin: * alt-svc: h3=":8443"; ma=2592000 content-type: text/html; charset=UTF-8 date: Mon, 04 Aug 2025 08:51:29 GMT via: 1.1 Caddy, 0.0 Caddy x-custom-track: browserjs content-length: 0 X-Firefox-Spdy: h2`

	GET www.hs2.wheresmystaterefund.com/munin/a/ls?t=68907491&token=e6c98e00973d998bdf523c4dee432bb6f012f70d	185.53.177.52	201 Created	0 B
URL GET HTTPS www.hs2.wheresmystaterefund.com/munin/a/ls?t=68907491&token=e6c98e00973d998bdf523c4dee432bb6f012f70d IP / ASN 185.53.177.52 #61969 Team Internet AG Requested byhttps://www.hs2.wheresmystaterefund.com/ Resource Info File typeN/A First Seen0001-01-01 Last Seen2025-08-08 Times Seen5720982 Size0 B (0 bytes) MD5d41d8cd98f00b204e9800998ecf8427e SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Certificate Info IssuerLet's Encrypt Subjectwww.hs2.wheresmystaterefund.com FingerprintA7:9C:95:FB:D6:EF:6F:8E:7C:81:76:A0:4B:62:D6:F8:B2:17:35:3D ValidityMon, 04 Aug 2025 07:32:31 GMT - Sun, 02 Nov 2025 07:32:30 GMT Technology Fingerprints Caddy (Web servers) N/A HTTP Headers GET /munin/a/ls?t=68907491&token=e6c98e00973d998bdf523c4dee432bb6f012f70d HTTP/1.1 Host: www.hs2.wheresmystaterefund.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://www.hs2.wheresmystaterefund.com/ Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache `HTTP/2 201 Created access-control-allow-methods: GET, POST, OPTIONS access-control-allow-origin: * access-control-max-age: 86400 alt-svc: h3=":8443"; ma=2592000 date: Mon, 04 Aug 2025 08:51:29 GMT server: Caddy via: 1.1 Caddy x-log-success: 68907491644d6186439beabb content-length: 0 X-Firefox-Spdy: h2`

	GET www.google.com/adsense/domains/caf.js?abp=1&adsdeli=true	142.250.178.36	200 OK	157 kB
URL GET HTTPS www.google.com/adsense/domains/caf.js?abp=1&adsdeli=true IP / ASN 142.250.178.36 #15169 GOOGLE Requested byhttps://www.hs2.wheresmystaterefund.com/ Resource Info File typeJavaScript source, ASCII text, with very long lines (2943) First Seen2025-07-31 Last Seen2025-08-07 Times Seen3193 Size157 kB (157153 bytes) MD54cf2196ef2b2f3b45cb37bfaf1405e8c SHA13b2091a401d4971f3250e8fa6be23ef71a66d9c2 SHA25625801c3567f335187f3de7faf70958d4a9faf7b74afc2ef6086a9d1b22ce5b9a Certificate Info IssuerGoogle Trust Services Subjectwww.google.com FingerprintF3:96:6E:68:01:34:12:AD:6A:03:D8:EF:BD:47:E1:FD:A4:AA:FB:C5 ValidityMon, 07 Jul 2025 08:35:54 GMT - Mon, 29 Sep 2025 08:35:53 GMT HTTP Headers `GET /adsense/domains/caf.js?abp=1&adsdeli=true HTTP/1.1 Host: www.google.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://www.hs2.wheresmystaterefund.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK accept-ranges: bytes vary: Accept-Encoding content-type: text/javascript; charset=UTF-8 cross-origin-resource-policy: cross-origin cross-origin-opener-policy: same-origin; report-to="ads-afs-ui" report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]} date: Mon, 04 Aug 2025 08:51:29 GMT expires: Mon, 04 Aug 2025 08:51:29 GMT cache-control: private, max-age=3600 etag: "15828379506924220754" x-content-type-options: nosniff link: <https://syndicatedsearch.goog>; rel="preconnect" content-encoding: gzip server: sffe x-xss-protection: 0 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	GET syndicatedsearch.goog/afs/ads?adtest=off&psid=5837883959&pcsa=false&channel=000001%2Cbucket003%2Cbucket077&client=dp-teaminternet04_3ph&r=m&hl=no&ivt=0&rpbu=https%3A%2F%2Fwww.hs2.wheresmystaterefund.com%2F%3Fts%3DeyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.9lGis30Vi94etbnn9NUasWAJtvY6s0Gpx14E4IEzyHANIeZryoUBYg.thePuptIhYSZ1Pvz7sLcMg.4Bn-UKlcu4R8QZR_fv19joYhIDUvS2LNNzq37OTPwztPL7WyIp1sHksovKz8hYOdxBn_jKuBDp1CJkOsQrPx2C-DYif7phS6qpVuCtZJR4BRlulMz4hKdNx0_6RmAypAep9PAICZ3ECPaSER9lSE2QJRBW-itWeV7CSR0GPBQ7AVf7RmwLmX-1yJkG7YW_Q0A9Q-5SPtFhjJgBgoAXOgJpW3AqRwcFkjRAJdb_15k5JrG6znEkvkeVtm6K_zRceNXyceFYnh_ccXcK9ARGikxMvuMR6w7Vq81lL48RYDUPZblyQ1UjWVoZ1A4lg5nwm2YeSyqQ_ZfWksK3bVnALo8vyh1EcNPF6vwjedxQQfzObUv7_e3U1R5UGcW-q0ZV_H5XB0HKwAWoj4UshzaSagnWWYWgf0n1Z6onp7kPoSagLxhV4aVmmBDAP8zWk4eWYxzH4SZIXztDufO8OmonCh8_Hys4iRzAVkxQ_GEJGD_HIWkPF_iehx1cHd7ikc5jYgi7--lf3eZtpZBVcv8-R4QkX86hSoLSOzHXed8L9VTkH32NAbLQOPidhtOTyc12mGv0LXfuoJpxnuF7aaDK7wZBFZ9Vl-dIyaZ4snw54baNu5ZNlnE2NFJZ4yzhhGyMsZOkx52zQcZjvefcrkT9C6Pw.WTv7kKe-VeqgXdTJVqRjIw&max_radlink_len=40&type=3&swp=as-drid-2995986513634288&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301431%2C17301433%2C17301436%2C17301548%2C17301266%2C72717108%2C17301544&format=r3%7Cs&nocache=651754297489924&num=0&output=afd_ads&domain_name=www.hs2.wheresmystaterefund.com&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1754297489925&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=760&frm=0&uio=--&cont=tc&drt=0&jsid=caf&jsv=788436323&rurl=https%3A%2F%2Fwww.hs2.wheresmystaterefund.com%2F	216.58.207.238	200 OK	16 kB
URL GET HTTPS syndicatedsearch.goog/afs/ads?adtest=off&psid=5837883959&pcsa=false&channel=000001%2Cbucket003%2Cbucket077&client=dp-teaminternet04_3ph&r=m&hl=no&ivt=0&rpbu=https%3A%2F%2Fwww.hs2.wheresmystaterefund.com%2F%3Fts%3DeyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.9lGis30Vi94etbnn9NUasWAJtvY6s0Gpx14E4IEzyHANIeZryoUBYg.thePuptIhYSZ1Pvz7sLcMg.4Bn-UKlcu4R8QZR_fv19joYhIDUvS2LNNzq37OTPwztPL7WyIp1sHksovKz8hYOdxBn_jKuBDp1CJkOsQrPx2C-DYif7phS6qpVuCtZJR4BRlulMz4hKdNx0_6RmAypAep9PAICZ3ECPaSER9lSE2QJRBW-itWeV7CSR0GPBQ7AVf7RmwLmX-1yJkG7YW_Q0A9Q-5SPtFhjJgBgoAXOgJpW3AqRwcFkjRAJdb_15k5JrG6znEkvkeVtm6K_zRceNXyceFYnh_ccXcK9ARGikxMvuMR6w7Vq81lL48RYDUPZblyQ1UjWVoZ1A4lg5nwm2YeSyqQ_ZfWksK3bVnALo8vyh1EcNPF6vwjedxQQfzObUv7_e3U1R5UGcW-q0ZV_H5XB0HKwAWoj4UshzaSagnWWYWgf0n1Z6onp7kPoSagLxhV4aVmmBDAP8zWk4eWYxzH4SZIXztDufO8OmonCh8_Hys4iRzAVkxQ_GEJGD_HIWkPF_iehx1cHd7ikc5jYgi7--lf3eZtpZBVcv8-R4QkX86hSoLSOzHXed8L9VTkH32NAbLQOPidhtOTyc12mGv0LXfuoJpxnuF7aaDK7wZBFZ9Vl-dIyaZ4snw54baNu5ZNlnE2NFJZ4yzhhGyMsZOkx52zQcZjvefcrkT9C6Pw.WTv7kKe-VeqgXdTJVqRjIw&max_radlink_len=40&type=3&swp=as-drid-2995986513634288&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301431%2C17301433%2C17301436%2C17301548%2C17301266%2C72717108%2C17301544&format=r3%7Cs&nocache=651754297489924&num=0&output=afd_ads&domain_name=www.hs2.wheresmystaterefund.com&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1754297489925&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=760&frm=0&uio=--&cont=tc&drt=0&jsid=caf&jsv=788436323&rurl=https%3A%2F%2Fwww.hs2.wheresmystaterefund.com%2F IP / ASN 216.58.207.238 #15169 GOOGLE Requested byhttps://www.hs2.wheresmystaterefund.com/ Resource Info File typeHTML document, Unicode text, UTF-8 text, with very long lines (15526) First Seen2025-08-04 Last Seen2025-08-04 Times Seen1 Size16 kB (16252 bytes) MD5db694ca50d393fbeafbbef476f235d87 SHA1bc2af5c5f8f902ba8f796fabdd78f8b0eb9e9de6 SHA2567c7ffae53c86994c75fa4e5899c4aa884b799d72c7806f4abc40d75e3b5290c8 Certificate Info IssuerGoogle Trust Services Subjectsyndicatedsearch.goog Fingerprint22:92:CD:9F:75:6A:23:71:D7:AF:2B:DB:BF:8F:B3:9E:37:15:38:6D ValidityMon, 07 Jul 2025 08:37:07 GMT - Mon, 29 Sep 2025 08:37:06 GMT Technology Fingerprints Google Web Server (Web servers) N/A HTTP Headers GET /afs/ads?adtest=off&psid=5837883959&pcsa=false&channel=000001%2Cbucket003%2Cbucket077&client=dp-teaminternet04_3ph&r=m&hl=no&ivt=0&rpbu=https%3A%2F%2Fwww.hs2.wheresmystaterefund.com%2F%3Fts%3DeyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.9lGis30Vi94etbnn9NUasWAJtvY6s0Gpx14E4IEzyHANIeZryoUBYg.thePuptIhYSZ1Pvz7sLcMg.4Bn-UKlcu4R8QZR_fv19joYhIDUvS2LNNzq37OTPwztPL7WyIp1sHksovKz8hYOdxBn_jKuBDp1CJkOsQrPx2C-DYif7phS6qpVuCtZJR4BRlulMz4hKdNx0_6RmAypAep9PAICZ3ECPaSER9lSE2QJRBW-itWeV7CSR0GPBQ7AVf7RmwLmX-1yJkG7YW_Q0A9Q-5SPtFhjJgBgoAXOgJpW3AqRwcFkjRAJdb_15k5JrG6znEkvkeVtm6K_zRceNXyceFYnh_ccXcK9ARGikxMvuMR6w7Vq81lL48RYDUPZblyQ1UjWVoZ1A4lg5nwm2YeSyqQ_ZfWksK3bVnALo8vyh1EcNPF6vwjedxQQfzObUv7_e3U1R5UGcW-q0ZV_H5XB0HKwAWoj4UshzaSagnWWYWgf0n1Z6onp7kPoSagLxhV4aVmmBDAP8zWk4eWYxzH4SZIXztDufO8OmonCh8_Hys4iRzAVkxQ_GEJGD_HIWkPF_iehx1cHd7ikc5jYgi7--lf3eZtpZBVcv8-R4QkX86hSoLSOzHXed8L9VTkH32NAbLQOPidhtOTyc12mGv0LXfuoJpxnuF7aaDK7wZBFZ9Vl-dIyaZ4snw54baNu5ZNlnE2NFJZ4yzhhGyMsZOkx52zQcZjvefcrkT9C6Pw.WTv7kKe-VeqgXdTJVqRjIw&max_radlink_len=40&type=3&swp=as-drid-2995986513634288&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301431%2C17301433%2C17301436%2C17301548%2C17301266%2C72717108%2C17301544&format=r3%7Cs&nocache=651754297489924&num=0&output=afd_ads&domain_name=www.hs2.wheresmystaterefund.com&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1754297489925&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=760&frm=0&uio=--&cont=tc&drt=0&jsid=caf&jsv=788436323&rurl=https%3A%2F%2Fwww.hs2.wheresmystaterefund.com%2F HTTP/1.1 Host: syndicatedsearch.goog User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://www.hs2.wheresmystaterefund.com/ Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: iframe Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK content-type: text/html; charset=UTF-8 content-disposition: inline date: Mon, 04 Aug 2025 08:51:30 GMT expires: Mon, 04 Aug 2025 08:51:30 GMT cache-control: private, max-age=3600 content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-IKNRAu7JUnYUKdQHhnzArA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other cross-origin-opener-policy: same-origin-allow-popups; report-to="gws" report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]} accept-ch: Downlink, RTT content-encoding: br server: gws content-length: 3468 x-xss-protection: 0 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	POST obseu.youseasky.com/mon	3.248.162.96	200 OK	0 B
URL POST HTTPS obseu.youseasky.com/mon IP / ASN 3.248.162.96 #16509 AMAZON-02 Requested byhttps://www.hs2.wheresmystaterefund.com/ Resource Info File typeN/A First Seen0001-01-01 Last Seen2025-08-08 Times Seen5720982 Size0 B (0 bytes) MD5d41d8cd98f00b204e9800998ecf8427e SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Certificate Info IssuerZeroSSL Subject.youseasky.com Fingerprint8D:AA:00:E1:90:E8:D3:F6:92:1B:91:14:B1:97:FC:21:E4:51:04:AC ValiditySun, 06 Jul 2025 00:00:00 GMT - Sat, 04 Oct 2025 23:59:59 GMT HTTP Headers POST /mon HTTP/1.1 Host: obseu.youseasky.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Content-Length: 2685 Origin: https://www.hs2.wheresmystaterefund.com DNT: 1 Connection: keep-alive Referer: https://www.hs2.wheresmystaterefund.com/ Cookie: cg_uuid=fa4ec46e4f1a00c04785a25385d99c60 Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/2 200 OK access-control-allow-credentials: true access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE access-control-allow-origin: https://www.hs2.wheresmystaterefund.com content-type: application/json date: Mon, 04 Aug 2025 08:51:31 GMT content-length: 0 X-Firefox-Spdy: h2`

	GET syndicatedsearch.goog/afs/gen_204?client=dp-teaminternet04_3ph&output=uds_ads_only&zx=3nxit1p05kep&cd_fexp=72717108%2C17301544&aqid=knSQaPbcBYqfxdwPqMXmsAw&psid=5837883959&pbt=bs&adbx=375&adby=132&adbh=498&adbw=530&adbah=160%2C160%2C160&adbn=master-1&eawp=partner-dp-teaminternet04_3ph&errv=788436323&csala=6%7C0%7C332%7C111%7C139&lle=0&ifv=1&hpt=1	216.58.207.238	204 No Content	0 B
URL GET HTTPS syndicatedsearch.goog/afs/gen_204?client=dp-teaminternet04_3ph&output=uds_ads_only&zx=3nxit1p05kep&cd_fexp=72717108%2C17301544&aqid=knSQaPbcBYqfxdwPqMXmsAw&psid=5837883959&pbt=bs&adbx=375&adby=132&adbh=498&adbw=530&adbah=160%2C160%2C160&adbn=master-1&eawp=partner-dp-teaminternet04_3ph&errv=788436323&csala=6%7C0%7C332%7C111%7C139&lle=0&ifv=1&hpt=1 IP / ASN 216.58.207.238 #15169 GOOGLE Requested byhttps://www.hs2.wheresmystaterefund.com/ Resource Info File typeN/A First Seen0001-01-01 Last Seen2025-08-08 Times Seen5720982 Size0 B (0 bytes) MD5d41d8cd98f00b204e9800998ecf8427e SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Certificate Info IssuerGoogle Trust Services Subjectsyndicatedsearch.goog Fingerprint22:92:CD:9F:75:6A:23:71:D7:AF:2B:DB:BF:8F:B3:9E:37:15:38:6D ValidityMon, 07 Jul 2025 08:37:07 GMT - Mon, 29 Sep 2025 08:37:06 GMT Technology Fingerprints Google Web Server (Web servers) N/A HTTP Headers GET /afs/gen_204?client=dp-teaminternet04_3ph&output=uds_ads_only&zx=3nxit1p05kep&cd_fexp=72717108%2C17301544&aqid=knSQaPbcBYqfxdwPqMXmsAw&psid=5837883959&pbt=bs&adbx=375&adby=132&adbh=498&adbw=530&adbah=160%2C160%2C160&adbn=master-1&eawp=partner-dp-teaminternet04_3ph&errv=788436323&csala=6%7C0%7C332%7C111%7C139&lle=0&ifv=1&hpt=1 HTTP/1.1 Host: syndicatedsearch.goog User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://www.hs2.wheresmystaterefund.com/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/3 204 No Content content-type: text/html; charset=UTF-8 content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-nJp5ZesecmonePKl7jocVw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other cross-origin-opener-policy: same-origin-allow-popups; report-to="gws" report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]} permissions-policy: unload=() date: Mon, 04 Aug 2025 08:51:32 GMT server: gws content-length: 0 x-xss-protection: 0 x-frame-options: SAMEORIGIN alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

	POST obseu.youseasky.com/mon	3.248.162.96	200 OK	0 B
URL POST HTTPS obseu.youseasky.com/mon IP / ASN 3.248.162.96 #16509 AMAZON-02 Requested byhttps://www.hs2.wheresmystaterefund.com/ Resource Info File typeN/A First Seen0001-01-01 Last Seen2025-08-08 Times Seen5720982 Size0 B (0 bytes) MD5d41d8cd98f00b204e9800998ecf8427e SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Certificate Info IssuerZeroSSL Subject.youseasky.com Fingerprint8D:AA:00:E1:90:E8:D3:F6:92:1B:91:14:B1:97:FC:21:E4:51:04:AC ValiditySun, 06 Jul 2025 00:00:00 GMT - Sat, 04 Oct 2025 23:59:59 GMT HTTP Headers POST /mon HTTP/1.1 Host: obseu.youseasky.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Content-Length: 1920 Origin: https://www.hs2.wheresmystaterefund.com DNT: 1 Connection: keep-alive Referer: https://www.hs2.wheresmystaterefund.com/ Cookie: cg_uuid=fa4ec46e4f1a00c04785a25385d99c60 Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/2 200 OK access-control-allow-credentials: true access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE access-control-allow-origin: https://www.hs2.wheresmystaterefund.com content-type: application/json date: Mon, 04 Aug 2025 08:51:40 GMT content-length: 0 X-Firefox-Spdy: h2`

	GET syndicatedsearch.goog/adsense/domains/caf.js?pac=0	216.58.207.238	200 OK	157 kB
URL GET HTTPS syndicatedsearch.goog/adsense/domains/caf.js?pac=0 IP / ASN 216.58.207.238 #15169 GOOGLE Requested byhttps://syndicatedsearch.goog/afs/ads?adtest=off&psid=5837883959&pcsa=false&channel=000001%2Cbucket003%2Cbucket077&client=dp-teaminternet04_3ph&r=m&hl=no&ivt=0&rpbu=https%3A%2F%2Fwww.hs2.wheresmystaterefund.com%2F%3Fts%3DeyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.9lGis30Vi94etbnn9NUasWAJtvY6s0Gpx14E4IEzyHANIeZryoUBYg.thePuptIhYSZ1Pvz7sLcMg.4Bn-UKlcu4R8QZR_fv19joYhIDUvS2LNNzq37OTPwztPL7WyIp1sHksovKz8hYOdxBn_jKuBDp1CJkOsQrPx2C-DYif7phS6qpVuCtZJR4BRlulMz4hKdNx0_6RmAypAep9PAICZ3ECPaSER9lSE2QJRBW-itWeV7CSR0GPBQ7AVf7RmwLmX-1yJkG7YW_Q0A9Q-5SPtFhjJgBgoAXOgJpW3AqRwcFkjRAJdb_15k5JrG6znEkvkeVtm6K_zRceNXyceFYnh_ccXcK9ARGikxMvuMR6w7Vq81lL48RYDUPZblyQ1UjWVoZ1A4lg5nwm2YeSyqQ_ZfWksK3bVnALo8vyh1EcNPF6vwjedxQQfzObUv7_e3U1R5UGcW-q0ZV_H5XB0HKwAWoj4UshzaSagnWWYWgf0n1Z6onp7kPoSagLxhV4aVmmBDAP8zWk4eWYxzH4SZIXztDufO8OmonCh8_Hys4iRzAVkxQ_GEJGD_HIWkPF_iehx1cHd7ikc5jYgi7--lf3eZtpZBVcv8-R4QkX86hSoLSOzHXed8L9VTkH32NAbLQOPidhtOTyc12mGv0LXfuoJpxnuF7aaDK7wZBFZ9Vl-dIyaZ4snw54baNu5ZNlnE2NFJZ4yzhhGyMsZOkx52zQcZjvefcrkT9C6Pw.WTv7kKe-VeqgXdTJVqRjIw&max_radlink_len=40&type=3&swp=as-drid-2995986513634288&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301431%2C17301433%2C17301436%2C17301548%2C17301266%2C72717108%2C17301544&format=r3%7Cs&nocache=651754297489924&num=0&output=afd_ads&domain_name=www.hs2.wheresmystaterefund.com&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1754297489925&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=760&frm=0&uio=--&cont=tc&drt=0&jsid=caf&jsv=788436323&rurl=https%3A%2F%2Fwww.hs2.wheresmystaterefund.com%2F Resource Info File typeJavaScript source, ASCII text, with very long lines (2943) First Seen2025-07-31 Last Seen2025-08-07 Times Seen2973 Size157 kB (157160 bytes) MD5d891d6c1494b48a164876cbef24e07fa SHA1a19de38e381cc2b712dc42d79a671c9b04c849b3 SHA2569b8ba092b07b022e87574a57a792c71c7330e3edc0e4251c91289f2690d3da51 Certificate Info IssuerGoogle Trust Services Subjectsyndicatedsearch.goog Fingerprint22:92:CD:9F:75:6A:23:71:D7:AF:2B:DB:BF:8F:B3:9E:37:15:38:6D ValidityMon, 07 Jul 2025 08:37:07 GMT - Mon, 29 Sep 2025 08:37:06 GMT HTTP Headers `GET /adsense/domains/caf.js?pac=0 HTTP/1.1 Host: syndicatedsearch.goog User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://syndicatedsearch.goog/ DNT: 1 Connection: keep-alive Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache` HTTP/3 200 OK accept-ranges: bytes vary: Accept-Encoding content-type: text/javascript; charset=UTF-8 cross-origin-resource-policy: cross-origin cross-origin-opener-policy: same-origin; report-to="ads-afs-ui" report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]} date: Mon, 04 Aug 2025 08:51:30 GMT expires: Mon, 04 Aug 2025 08:51:30 GMT cache-control: private, max-age=3600 etag: "13613409647395789916" x-content-type-options: nosniff link: <https://syndicatedsearch.goog>; rel="preconnect" content-encoding: gzip server: sffe x-xss-protection: 0 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

	GET obseu.youseasky.com/tracker/tc_imp.gif?e=37dfbd8ee84e00126feac53ced43839d9225c24f567d43d6da1908be6245cad7bd70a976750ef80ed89373bfe70e9c20c1e53e8d56118a6d2217071a10acf9f29f671fd387dc5428394efa2e7655873b8c62c30338007291570357305056cfed6d4f77be26bb25cb43e29a3aee5b6fb2092f6410df57fe5aecd2948a7fe07f52a13ad2a24710d14e681f2d1586d31c64e56ac8bf88b71208fe59f1d329e921c46bcf40e25c7ea8290ee95c400035db386ee683e99332bd06b442c316f0496f70bfc72f02431e24f97999c140ab51258fc6e279126332a5de6c7fd6d5431f294c6f0715a7902c701e56f2ab0b2093aef6298ee35d60013ee9f3e4869265e8d8d809e8559d0d3664cebd9cb2f062c4d4e23fc63508d6fdcf7d1814f0643cba8c063abbcaf1778807fc4eae965d8013d9c56d9c7c71d6da2dc77ad795afedd7ace1076dae7af4eeb9741877f88227c5f617e5001855c90e05d8cfc38681fa827090799edea58f7bff717774dc297dc2dad14f6788a85f8641a9d34dd62ffc33025c578c6ee9439cd7a97bbf9728c00ca7d79c9b29ce584e2da51e37556f6f79c9a721fb07d2c18827ae9227b2d222d98eeff5718aa2e45a613ec6a95247cfbc0c5914ffe1ee74ae28c4f840fdb77fc120f964cb17ad40c5a22eda083bf6f8c0156366355d6e720805a0f3917ece10f5195c4942fbb04bc39b1c0be2b9dfbabc6cdeece4fc86fbb3f04b4f3cff5b87b6596e8b5f641bd761556d6df67bac7405c3ebc160827cd33996a824cea4109879073d3d037f1180dde7d33b6748991e4189cedabdb0d64e029fb5a16091ce7b67c5d4103c75e496d8573daa20845b8307e53f9a0ec6ce13fcd72ef0cfcd8bcc5568fde125628573a28fb9ac12956c2a6d0cd36f2352e9d215f58e68a0eadb9346d195c476576355b42faa1bab52b7856b9f35472841242807e42eeae04a26df6886efa26faec65f906637ea48283e95fad0145be974f18c19dd03380054bb512885f09608a81269ebcf16a795b7ed9c50981d03301f991a3940ded4554eb03cfbec957ccb8290510e2de6337f56669a4009b9c7fc12138c702586d5954bcad0bed34b62e761a90d6b4ade0e7e2a97c20e428fd2ffc4a2ef51f330a672c77a82dc53d6e7f93725b0c51397dcacb8c7f7d2d1261dcfb56747913f8e18c408b4f621a9d3df8432a08cd0f8f8467f88f3a4ba1a8746820c533e4e74d8c97a4f9c17b60286d16ff3403ae83b0f9273e6c3&cri=rvWYWz92A2&ts=243&cb=1754297490265	3.248.162.96	200 OK	43 B
URL GET HTTPS obseu.youseasky.com/tracker/tc_imp.gif?e=37dfbd8ee84e00126feac53ced43839d9225c24f567d43d6da1908be6245cad7bd70a976750ef80ed89373bfe70e9c20c1e53e8d56118a6d2217071a10acf9f29f671fd387dc5428394efa2e7655873b8c62c30338007291570357305056cfed6d4f77be26bb25cb43e29a3aee5b6fb2092f6410df57fe5aecd2948a7fe07f52a13ad2a24710d14e681f2d1586d31c64e56ac8bf88b71208fe59f1d329e921c46bcf40e25c7ea8290ee95c400035db386ee683e99332bd06b442c316f0496f70bfc72f02431e24f97999c140ab51258fc6e279126332a5de6c7fd6d5431f294c6f0715a7902c701e56f2ab0b2093aef6298ee35d60013ee9f3e4869265e8d8d809e8559d0d3664cebd9cb2f062c4d4e23fc63508d6fdcf7d1814f0643cba8c063abbcaf1778807fc4eae965d8013d9c56d9c7c71d6da2dc77ad795afedd7ace1076dae7af4eeb9741877f88227c5f617e5001855c90e05d8cfc38681fa827090799edea58f7bff717774dc297dc2dad14f6788a85f8641a9d34dd62ffc33025c578c6ee9439cd7a97bbf9728c00ca7d79c9b29ce584e2da51e37556f6f79c9a721fb07d2c18827ae9227b2d222d98eeff5718aa2e45a613ec6a95247cfbc0c5914ffe1ee74ae28c4f840fdb77fc120f964cb17ad40c5a22eda083bf6f8c0156366355d6e720805a0f3917ece10f5195c4942fbb04bc39b1c0be2b9dfbabc6cdeece4fc86fbb3f04b4f3cff5b87b6596e8b5f641bd761556d6df67bac7405c3ebc160827cd33996a824cea4109879073d3d037f1180dde7d33b6748991e4189cedabdb0d64e029fb5a16091ce7b67c5d4103c75e496d8573daa20845b8307e53f9a0ec6ce13fcd72ef0cfcd8bcc5568fde125628573a28fb9ac12956c2a6d0cd36f2352e9d215f58e68a0eadb9346d195c476576355b42faa1bab52b7856b9f35472841242807e42eeae04a26df6886efa26faec65f906637ea48283e95fad0145be974f18c19dd03380054bb512885f09608a81269ebcf16a795b7ed9c50981d03301f991a3940ded4554eb03cfbec957ccb8290510e2de6337f56669a4009b9c7fc12138c702586d5954bcad0bed34b62e761a90d6b4ade0e7e2a97c20e428fd2ffc4a2ef51f330a672c77a82dc53d6e7f93725b0c51397dcacb8c7f7d2d1261dcfb56747913f8e18c408b4f621a9d3df8432a08cd0f8f8467f88f3a4ba1a8746820c533e4e74d8c97a4f9c17b60286d16ff3403ae83b0f9273e6c3&cri=rvWYWz92A2&ts=243&cb=1754297490265 IP / ASN 3.248.162.96 #16509 AMAZON-02 Requested byhttps://www.hs2.wheresmystaterefund.com/ Resource Info File typeGIF image data, version 89a, 1 x 1 First Seen2023-04-05 Last Seen2025-08-08 Times Seen157950 Size43 B (43 bytes) MD5db04c7b378cb2db912c3ba8a5a774ee3 SHA1dee34bd86c3484d31002182aa2b7caa4699126b8 SHA25698b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a Certificate Info IssuerZeroSSL Subject.youseasky.com Fingerprint8D:AA:00:E1:90:E8:D3:F6:92:1B:91:14:B1:97:FC:21:E4:51:04:AC ValiditySun, 06 Jul 2025 00:00:00 GMT - Sat, 04 Oct 2025 23:59:59 GMT HTTP Headers GET /tracker/tc_imp.gif?e=37dfbd8ee84e00126feac53ced43839d9225c24f567d43d6da1908be6245cad7bd70a976750ef80ed89373bfe70e9c20c1e53e8d56118a6d2217071a10acf9f29f671fd387dc5428394efa2e7655873b8c62c30338007291570357305056cfed6d4f77be26bb25cb43e29a3aee5b6fb2092f6410df57fe5aecd2948a7fe07f52a13ad2a24710d14e681f2d1586d31c64e56ac8bf88b71208fe59f1d329e921c46bcf40e25c7ea8290ee95c400035db386ee683e99332bd06b442c316f0496f70bfc72f02431e24f97999c140ab51258fc6e279126332a5de6c7fd6d5431f294c6f0715a7902c701e56f2ab0b2093aef6298ee35d60013ee9f3e4869265e8d8d809e8559d0d3664cebd9cb2f062c4d4e23fc63508d6fdcf7d1814f0643cba8c063abbcaf1778807fc4eae965d8013d9c56d9c7c71d6da2dc77ad795afedd7ace1076dae7af4eeb9741877f88227c5f617e5001855c90e05d8cfc38681fa827090799edea58f7bff717774dc297dc2dad14f6788a85f8641a9d34dd62ffc33025c578c6ee9439cd7a97bbf9728c00ca7d79c9b29ce584e2da51e37556f6f79c9a721fb07d2c18827ae9227b2d222d98eeff5718aa2e45a613ec6a95247cfbc0c5914ffe1ee74ae28c4f840fdb77fc120f964cb17ad40c5a22eda083bf6f8c0156366355d6e720805a0f3917ece10f5195c4942fbb04bc39b1c0be2b9dfbabc6cdeece4fc86fbb3f04b4f3cff5b87b6596e8b5f641bd761556d6df67bac7405c3ebc160827cd33996a824cea4109879073d3d037f1180dde7d33b6748991e4189cedabdb0d64e029fb5a16091ce7b67c5d4103c75e496d8573daa20845b8307e53f9a0ec6ce13fcd72ef0cfcd8bcc5568fde125628573a28fb9ac12956c2a6d0cd36f2352e9d215f58e68a0eadb9346d195c476576355b42faa1bab52b7856b9f35472841242807e42eeae04a26df6886efa26faec65f906637ea48283e95fad0145be974f18c19dd03380054bb512885f09608a81269ebcf16a795b7ed9c50981d03301f991a3940ded4554eb03cfbec957ccb8290510e2de6337f56669a4009b9c7fc12138c702586d5954bcad0bed34b62e761a90d6b4ade0e7e2a97c20e428fd2ffc4a2ef51f330a672c77a82dc53d6e7f93725b0c51397dcacb8c7f7d2d1261dcfb56747913f8e18c408b4f621a9d3df8432a08cd0f8f8467f88f3a4ba1a8746820c533e4e74d8c97a4f9c17b60286d16ff3403ae83b0f9273e6c3&cri=rvWYWz92A2&ts=243&cb=1754297490265 HTTP/1.1 Host: obseu.youseasky.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 Accept: image/avif,image/webp,/* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://www.hs2.wheresmystaterefund.com/ Cookie: cg_uuid=fa4ec46e4f1a00c04785a25385d99c60 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/2 200 OK cache-control: no-cache, no-store, must-revalidate content-type: image/gif date: Mon, 04 Aug 2025 08:51:30 GMT expires: Fri, 01 Jan 1990 00:00:00 GMT pragma: no-cache content-length: 43 X-Firefox-Spdy: h2`

	GET afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/search.svg?c=%23ffffff	142.250.74.33	200 OK	391 B
URL GET HTTPS afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/search.svg?c=%23ffffff IP / ASN 142.250.74.33 #15169 GOOGLE Requested byhttps://syndicatedsearch.goog/afs/ads?adtest=off&psid=5837883959&pcsa=false&channel=000001%2Cbucket003%2Cbucket077&client=dp-teaminternet04_3ph&r=m&hl=no&ivt=0&rpbu=https%3A%2F%2Fwww.hs2.wheresmystaterefund.com%2F%3Fts%3DeyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.9lGis30Vi94etbnn9NUasWAJtvY6s0Gpx14E4IEzyHANIeZryoUBYg.thePuptIhYSZ1Pvz7sLcMg.4Bn-UKlcu4R8QZR_fv19joYhIDUvS2LNNzq37OTPwztPL7WyIp1sHksovKz8hYOdxBn_jKuBDp1CJkOsQrPx2C-DYif7phS6qpVuCtZJR4BRlulMz4hKdNx0_6RmAypAep9PAICZ3ECPaSER9lSE2QJRBW-itWeV7CSR0GPBQ7AVf7RmwLmX-1yJkG7YW_Q0A9Q-5SPtFhjJgBgoAXOgJpW3AqRwcFkjRAJdb_15k5JrG6znEkvkeVtm6K_zRceNXyceFYnh_ccXcK9ARGikxMvuMR6w7Vq81lL48RYDUPZblyQ1UjWVoZ1A4lg5nwm2YeSyqQ_ZfWksK3bVnALo8vyh1EcNPF6vwjedxQQfzObUv7_e3U1R5UGcW-q0ZV_H5XB0HKwAWoj4UshzaSagnWWYWgf0n1Z6onp7kPoSagLxhV4aVmmBDAP8zWk4eWYxzH4SZIXztDufO8OmonCh8_Hys4iRzAVkxQ_GEJGD_HIWkPF_iehx1cHd7ikc5jYgi7--lf3eZtpZBVcv8-R4QkX86hSoLSOzHXed8L9VTkH32NAbLQOPidhtOTyc12mGv0LXfuoJpxnuF7aaDK7wZBFZ9Vl-dIyaZ4snw54baNu5ZNlnE2NFJZ4yzhhGyMsZOkx52zQcZjvefcrkT9C6Pw.WTv7kKe-VeqgXdTJVqRjIw&max_radlink_len=40&type=3&swp=as-drid-2995986513634288&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301431%2C17301433%2C17301436%2C17301548%2C17301266%2C72717108%2C17301544&format=r3%7Cs&nocache=651754297489924&num=0&output=afd_ads&domain_name=www.hs2.wheresmystaterefund.com&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1754297489925&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=760&frm=0&uio=--&cont=tc&drt=0&jsid=caf&jsv=788436323&rurl=https%3A%2F%2Fwww.hs2.wheresmystaterefund.com%2F Resource Info File typeSVG Scalable Vector Graphics image First Seen2023-04-08 Last Seen2025-08-08 Times Seen149833 Size391 B (391 bytes) MD58959ddcd9712196961d93f58064ed655 SHA162ab1e38e7e9fbf58a04381b76c2d96a9c829f24 SHA25617c7a89bf169c2ee400e31b042cea68513f06b9cd7d1e8990dbec800f0d771c7 Certificate Info IssuerGoogle Trust Services Subject.googleusercontent.com Fingerprint63:78:72:6F:FA:74:62:BB:8E:62:97:12:1D:27:37:96:37:81:92:E4 ValidityMon, 07 Jul 2025 08:35:06 GMT - Mon, 29 Sep 2025 08:35:05 GMT HTTP Headers GET /ad_icons/standard/publisher_icon_image/search.svg?c=%23ffffff HTTP/1.1 Host: afs.googleusercontent.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 Accept: image/avif,image/webp,/* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://syndicatedsearch.goog/ DNT: 1 Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK accept-ranges: bytes content-encoding: gzip content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers" report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]} content-length: 270 x-content-type-options: nosniff server: sffe x-xss-protection: 0 date: Sun, 03 Aug 2025 11:59:49 GMT expires: Mon, 04 Aug 2025 10:59:49 GMT cache-control: public, max-age=82800 age: 75101 last-modified: Thu, 20 Jul 2023 22:48:00 GMT content-type: image/svg+xml vary: Accept-Encoding alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	POST obseu.youseasky.com/mon	3.248.162.96	200 OK	0 B
URL POST HTTPS obseu.youseasky.com/mon IP / ASN 3.248.162.96 #16509 AMAZON-02 Requested byhttps://www.hs2.wheresmystaterefund.com/ Resource Info File typeN/A First Seen0001-01-01 Last Seen2025-08-08 Times Seen5720982 Size0 B (0 bytes) MD5d41d8cd98f00b204e9800998ecf8427e SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Certificate Info IssuerZeroSSL Subject.youseasky.com Fingerprint8D:AA:00:E1:90:E8:D3:F6:92:1B:91:14:B1:97:FC:21:E4:51:04:AC ValiditySun, 06 Jul 2025 00:00:00 GMT - Sat, 04 Oct 2025 23:59:59 GMT HTTP Headers POST /mon HTTP/1.1 Host: obseu.youseasky.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Content-Length: 1917 Origin: https://www.hs2.wheresmystaterefund.com DNT: 1 Connection: keep-alive Referer: https://www.hs2.wheresmystaterefund.com/ Cookie: cg_uuid=fa4ec46e4f1a00c04785a25385d99c60 Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/2 200 OK access-control-allow-credentials: true access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE access-control-allow-origin: https://www.hs2.wheresmystaterefund.com content-type: application/json date: Mon, 04 Aug 2025 08:51:35 GMT content-length: 0 X-Firefox-Spdy: h2`

	GET www.hs2.wheresmystaterefund.com/	185.53.177.52	200 OK	17 kB
URL User Request GET HTTPS www.hs2.wheresmystaterefund.com/ IP / ASN 185.53.177.52 #61969 Team Internet AG Requested byN/A Resource Info File typeHTML document, ASCII text, with very long lines (9222) First Seen2025-08-04 Last Seen2025-08-04 Times Seen1 Size17 kB (17159 bytes) MD5052e74069e0e0d2fb1f1fd4b257346ed SHA1aade7613ff5b5dee1d40796e3789dda1bd669172 SHA256aeda10943c870b28aa0dcf3341c9472d7b0058ce73af103a0642d9ca26c44ed0 Certificate Info IssuerLet's Encrypt Subjectwww.hs2.wheresmystaterefund.com FingerprintA7:9C:95:FB:D6:EF:6F:8E:7C:81:76:A0:4B:62:D6:F8:B2:17:35:3D ValidityMon, 04 Aug 2025 07:32:31 GMT - Sun, 02 Nov 2025 07:32:30 GMT HTTP Headers GET / HTTP/1.1 Host: www.hs2.wheresmystaterefund.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK accept-ch: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile accept-ch-lifetime: 30 alt-svc: h3=":8443"; ma=2592000 content-encoding: gzip content-type: text/html; charset=UTF-8 date: Mon, 04 Aug 2025 08:51:29 GMT vary: Accept-Encoding via: 1.1 Caddy, 0.0 Caddy x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_K6Q3OkUG4GLIQvtNV1o+BI8nbalQxmj56igKciKwx0Bw0qcxGop43w6CwJ7Jlsp+qm5ruPBmdZ4RoTOOLId3Ew== x-buckets: bucket003,bucket077 x-domain: wheresmystaterefund.com x-language: norwegian x-pcrew-blocked-reason: hosting network x-pcrew-ip-organization: Blix Solutions x-subdomain: www.hs2 x-template: tpl_CleanPeppermintBlack_twoclick X-Firefox-Spdy: h2

	GET www.hs2.wheresmystaterefund.com/favicon.ico	185.53.177.52	200 OK	0 B
URL GET HTTPS www.hs2.wheresmystaterefund.com/favicon.ico IP / ASN 185.53.177.52 #61969 Team Internet AG Requested byhttps://www.hs2.wheresmystaterefund.com/ Resource Info File typeN/A First Seen0001-01-01 Last Seen2025-08-08 Times Seen5720982 Size0 B (0 bytes) MD5d41d8cd98f00b204e9800998ecf8427e SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Certificate Info IssuerLet's Encrypt Subjectwww.hs2.wheresmystaterefund.com FingerprintA7:9C:95:FB:D6:EF:6F:8E:7C:81:76:A0:4B:62:D6:F8:B2:17:35:3D ValidityMon, 04 Aug 2025 07:32:31 GMT - Sun, 02 Nov 2025 07:32:30 GMT Technology Fingerprints Caddy (Web servers) N/A HTTP Headers `GET /favicon.ico HTTP/1.1 Host: www.hs2.wheresmystaterefund.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://www.hs2.wheresmystaterefund.com/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache` `HTTP/2 200 OK accept-ranges: bytes alt-svc: h3=":8443"; ma=2592000 content-type: image/vnd.microsoft.icon date: Mon, 04 Aug 2025 08:51:29 GMT etag: "dbq3yx0sj1pj0" last-modified: Thu, 31 Jul 2025 08:47:31 GMT server: Caddy vary: Accept-Encoding via: 1.1 Caddy content-length: 0 X-Firefox-Spdy: h2`

	GET afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff	142.250.74.33	200 OK	200 B
URL GET HTTPS afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff IP / ASN 142.250.74.33 #15169 GOOGLE Requested byhttps://syndicatedsearch.goog/afs/ads?adtest=off&psid=5837883959&pcsa=false&channel=000001%2Cbucket003%2Cbucket077&client=dp-teaminternet04_3ph&r=m&hl=no&ivt=0&rpbu=https%3A%2F%2Fwww.hs2.wheresmystaterefund.com%2F%3Fts%3DeyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.9lGis30Vi94etbnn9NUasWAJtvY6s0Gpx14E4IEzyHANIeZryoUBYg.thePuptIhYSZ1Pvz7sLcMg.4Bn-UKlcu4R8QZR_fv19joYhIDUvS2LNNzq37OTPwztPL7WyIp1sHksovKz8hYOdxBn_jKuBDp1CJkOsQrPx2C-DYif7phS6qpVuCtZJR4BRlulMz4hKdNx0_6RmAypAep9PAICZ3ECPaSER9lSE2QJRBW-itWeV7CSR0GPBQ7AVf7RmwLmX-1yJkG7YW_Q0A9Q-5SPtFhjJgBgoAXOgJpW3AqRwcFkjRAJdb_15k5JrG6znEkvkeVtm6K_zRceNXyceFYnh_ccXcK9ARGikxMvuMR6w7Vq81lL48RYDUPZblyQ1UjWVoZ1A4lg5nwm2YeSyqQ_ZfWksK3bVnALo8vyh1EcNPF6vwjedxQQfzObUv7_e3U1R5UGcW-q0ZV_H5XB0HKwAWoj4UshzaSagnWWYWgf0n1Z6onp7kPoSagLxhV4aVmmBDAP8zWk4eWYxzH4SZIXztDufO8OmonCh8_Hys4iRzAVkxQ_GEJGD_HIWkPF_iehx1cHd7ikc5jYgi7--lf3eZtpZBVcv8-R4QkX86hSoLSOzHXed8L9VTkH32NAbLQOPidhtOTyc12mGv0LXfuoJpxnuF7aaDK7wZBFZ9Vl-dIyaZ4snw54baNu5ZNlnE2NFJZ4yzhhGyMsZOkx52zQcZjvefcrkT9C6Pw.WTv7kKe-VeqgXdTJVqRjIw&max_radlink_len=40&type=3&swp=as-drid-2995986513634288&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301431%2C17301433%2C17301436%2C17301548%2C17301266%2C72717108%2C17301544&format=r3%7Cs&nocache=651754297489924&num=0&output=afd_ads&domain_name=www.hs2.wheresmystaterefund.com&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1754297489925&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=760&frm=0&uio=--&cont=tc&drt=0&jsid=caf&jsv=788436323&rurl=https%3A%2F%2Fwww.hs2.wheresmystaterefund.com%2F Resource Info File typeSVG Scalable Vector Graphics image First Seen2023-04-06 Last Seen2025-08-08 Times Seen190903 Size200 B (200 bytes) MD511b3089d616633ca6b73b57aa877eeb4 SHA107632f63e06b30d9b63c97177d3a8122629bda9b SHA256809fb4619d2a2f1a85dbda8cc69a7f1659215212d708a098d62150eee57070c1 Certificate Info IssuerGoogle Trust Services Subject.googleusercontent.com Fingerprint63:78:72:6F:FA:74:62:BB:8E:62:97:12:1D:27:37:96:37:81:92:E4 ValidityMon, 07 Jul 2025 08:35:06 GMT - Mon, 29 Sep 2025 08:35:05 GMT HTTP Headers GET /ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff HTTP/1.1 Host: afs.googleusercontent.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 Accept: image/avif,image/webp,/* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://syndicatedsearch.goog/ DNT: 1 Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK accept-ranges: bytes content-encoding: gzip content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers" report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]} content-length: 174 x-content-type-options: nosniff server: sffe x-xss-protection: 0 date: Sun, 03 Aug 2025 12:11:50 GMT expires: Mon, 04 Aug 2025 11:11:50 GMT cache-control: public, max-age=82800 age: 74380 last-modified: Thu, 02 Nov 2023 22:48:00 GMT content-type: image/svg+xml vary: Accept-Encoding alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	GET syndicatedsearch.goog/afs/gen_204?client=dp-teaminternet04_3ph&output=uds_ads_only&zx=jvlfwt4fhdi7&cd_fexp=72717108%2C17301544&aqid=knSQaPbcBYqfxdwPqMXmsAw&psid=5837883959&pbt=bv&adbx=375&adby=132&adbh=498&adbw=530&adbah=160%2C160%2C160&adbn=master-1&eawp=partner-dp-teaminternet04_3ph&errv=788436323&csala=6%7C0%7C332%7C111%7C139&lle=0&ifv=1&hpt=1	216.58.207.238	204 No Content	0 B
URL GET HTTPS syndicatedsearch.goog/afs/gen_204?client=dp-teaminternet04_3ph&output=uds_ads_only&zx=jvlfwt4fhdi7&cd_fexp=72717108%2C17301544&aqid=knSQaPbcBYqfxdwPqMXmsAw&psid=5837883959&pbt=bv&adbx=375&adby=132&adbh=498&adbw=530&adbah=160%2C160%2C160&adbn=master-1&eawp=partner-dp-teaminternet04_3ph&errv=788436323&csala=6%7C0%7C332%7C111%7C139&lle=0&ifv=1&hpt=1 IP / ASN 216.58.207.238 #15169 GOOGLE Requested byhttps://www.hs2.wheresmystaterefund.com/ Resource Info File typeN/A First Seen0001-01-01 Last Seen2025-08-08 Times Seen5720982 Size0 B (0 bytes) MD5d41d8cd98f00b204e9800998ecf8427e SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Certificate Info IssuerGoogle Trust Services Subjectsyndicatedsearch.goog Fingerprint22:92:CD:9F:75:6A:23:71:D7:AF:2B:DB:BF:8F:B3:9E:37:15:38:6D ValidityMon, 07 Jul 2025 08:37:07 GMT - Mon, 29 Sep 2025 08:37:06 GMT Technology Fingerprints Google Web Server (Web servers) N/A HTTP Headers GET /afs/gen_204?client=dp-teaminternet04_3ph&output=uds_ads_only&zx=jvlfwt4fhdi7&cd_fexp=72717108%2C17301544&aqid=knSQaPbcBYqfxdwPqMXmsAw&psid=5837883959&pbt=bv&adbx=375&adby=132&adbh=498&adbw=530&adbah=160%2C160%2C160&adbn=master-1&eawp=partner-dp-teaminternet04_3ph&errv=788436323&csala=6%7C0%7C332%7C111%7C139&lle=0&ifv=1&hpt=1 HTTP/1.1 Host: syndicatedsearch.goog User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://www.hs2.wheresmystaterefund.com/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/3 204 No Content content-type: text/html; charset=UTF-8 content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-67uncxHwckb0h5cv27uLww' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other cross-origin-opener-policy: same-origin-allow-popups; report-to="gws" report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]} permissions-policy: unload=() date: Mon, 04 Aug 2025 08:51:32 GMT server: gws content-length: 0 x-xss-protection: 0 x-frame-options: SAMEORIGIN alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

Detections

Host Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

JavaScript (0)

HTTP Transactions (21)

HTTP Headers

HTTP Headers

HTTP Headers

HTTP Headers

HTTP Headers

HTTP Headers

HTTP Headers

HTTP Headers

HTTP Headers

HTTP Headers

HTTP Headers

HTTP Headers

HTTP Headers

HTTP Headers

HTTP Headers

HTTP Headers

HTTP Headers

HTTP Headers

HTTP Headers

HTTP Headers

HTTP Headers