URL: https://www2.taxbackinternational.com/newsletter-subscription
Submission: On May 20 via manual from IN — Scanned from DE

Summary

This website contacted 17 IPs in 5 countries across 13 domains to perform 45 HTTP transactions. The main IP is 52.54.96.194, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is www2.taxbackinternational.com.
TLS certificate: Issued by R3 on April 25th 2024. Valid for: 3 months.
This is the only time www2.taxbackinternational.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 8 52.54.96.194 14618 (AMAZON-AES)
2 2a02:26f0:480... 20940 (AKAMAI-ASN1)
1 104.18.10.207 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
9 9 3.215.172.219 14618 (AMAZON-AES)
10 2600:9000:235... 16509 (AMAZON-02)
4 142.250.185.164 15169 (GOOGLE)
2 34.90.85.97 396982 (GOOGLE-CL...)
3 2a02:26f0:480... 20940 (AKAMAI-ASN1)
2 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 18.66.102.51 16509 (AMAZON-02)
2 2a00:1450:400... 15169 (GOOGLE)
2 51.11.20.152 8075 (MICROSOFT...)
1 104.16.117.43 13335 (CLOUDFLAR...)
1 13.33.187.19 16509 (AMAZON-02)
45 17
Apex Domain
Subdomains
Transfer
21 pardot.com
go.pardot.com — Cisco Umbrella Rank: 21960
storage.pardot.com — Cisco Umbrella Rank: 11284
pi.pardot.com — Cisco Umbrella Rank: 5415
27 KB
8 taxbackinternational.com
www2.taxbackinternational.com
taxbackinternational.com
119 KB
5 cookiebot.com
consent.cookiebot.com — Cisco Umbrella Rank: 4164
consentcdn.cookiebot.com — Cisco Umbrella Rank: 4847
imgsct.cookiebot.com — Cisco Umbrella Rank: 4914
117 KB
4 google.com
www.google.com — Cisco Umbrella Rank: 2
946 B
3 gstatic.com
fonts.gstatic.com
www.gstatic.com
255 KB
2 text6film.com
secure.text6film.com
903 B
2 youtube.com
www.youtube.com — Cisco Umbrella Rank: 64
16 KB
2 hotjar.com
static.hotjar.com — Cisco Umbrella Rank: 742
script.hotjar.com — Cisco Umbrella Rank: 988
59 KB
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 39
200 KB
1 zoominfo.com
ws.zoominfo.com — Cisco Umbrella Rank: 4715
2 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 33
1 KB
1 bootstrapcdn.com
maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 1103
20 KB
0 googlesyndication.com Failed
pagead2.googlesyndication.com Failed
45 13
Domain Requested by
10 storage.pardot.com www2.taxbackinternational.com
9 go.pardot.com 9 redirects
6 www2.taxbackinternational.com 1 redirects www2.taxbackinternational.com
consent.cookiebot.com
pi.pardot.com
4 www.google.com www2.taxbackinternational.com
consent.cookiebot.com
www.gstatic.com
2 pi.pardot.com www2.taxbackinternational.com
pi.pardot.com
2 secure.text6film.com www.googletagmanager.com
secure.text6film.com
2 www.youtube.com www.googletagmanager.com
www.youtube.com
2 www.googletagmanager.com www2.taxbackinternational.com
www.googletagmanager.com
2 fonts.gstatic.com fonts.googleapis.com
2 consentcdn.cookiebot.com consent.cookiebot.com
2 taxbackinternational.com www2.taxbackinternational.com
2 consent.cookiebot.com www2.taxbackinternational.com
consent.cookiebot.com
1 script.hotjar.com static.hotjar.com
1 ws.zoominfo.com www2.taxbackinternational.com
1 static.hotjar.com www.googletagmanager.com
1 www.gstatic.com www.google.com
1 imgsct.cookiebot.com
1 fonts.googleapis.com www2.taxbackinternational.com
1 maxcdn.bootstrapcdn.com www2.taxbackinternational.com
0 pagead2.googlesyndication.com Failed www.googletagmanager.com
45 20
Subject Issuer Validity Valid
www2.taxbackinternational.com
R3
2024-04-25 -
2024-07-24
3 months crt.sh
consent.cookiebot.com
DigiCert TLS RSA SHA256 2020 CA1
2024-02-28 -
2025-02-27
a year crt.sh
bootstrapcdn.com
GTS CA 1P5
2024-03-27 -
2024-06-25
3 months crt.sh
upload.video.google.com
WR2
2024-05-06 -
2024-07-29
3 months crt.sh
*.google.com
WR2
2024-05-06 -
2024-07-29
3 months crt.sh
www.taxbackinternational.com
GeoTrust TLS RSA CA G1
2023-10-24 -
2024-10-27
a year crt.sh
*.cookiebot.com
DigiCert TLS RSA SHA256 2020 CA1
2024-02-26 -
2025-02-26
a year crt.sh
*.gstatic.com
WR2
2024-05-06 -
2024-07-29
3 months crt.sh
*.google-analytics.com
WR2
2024-05-06 -
2024-07-29
3 months crt.sh
*.hotjar.com
Amazon ECDSA 256 M03
2024-02-07 -
2025-03-08
a year crt.sh
secure.norm0care.com
Sectigo RSA Domain Validation Secure Server CA
2023-12-10 -
2024-07-06
7 months crt.sh
zoominfo.com
E1
2024-05-20 -
2024-08-18
3 months crt.sh
pi.pardot.com
DigiCert TLS RSA SHA256 2020 CA1
2023-07-25 -
2024-07-23
a year crt.sh

This page contains 4 frames:

Primary Page: https://www2.taxbackinternational.com/newsletter-subscription
Frame ID: 362D08CD7A4F983B3CCF28EFDB78180C
Requests: 44 HTTP requests in this frame

Frame: https://consentcdn.cookiebot.com/sdk/bc-v4.min.html
Frame ID: 2A33DFF6ECD1E7AECF404CBEC2085EC4
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&co=aHR0cHM6Ly93d3cyLnRheGJhY2tpbnRlcm5hdGlvbmFsLmNvbTo0NDM.&hl=de&v=8k85QBI-qzxmenDv318AZH30&size=normal&cb=nhqv9ondaxau
Frame ID: D88F6C369ACDEF14A2915068935985EB
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=de&v=8k85QBI-qzxmenDv318AZH30&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ
Frame ID: CE193FADB21035DCDFAB7FFA3CE5A1C5
Requests: 1 HTTP requests in this frame

Screenshot

Page Title

Join our newsletter list

Detected technologies

Overall confidence: 100%
Detected patterns
  • /wp-(?:content|includes)/

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Overall confidence: 100%
Detected patterns
  • consent\.cookiebot\.com

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Overall confidence: 100%
Detected patterns
  • <!-- (?:End )?Google Tag Manager -->
  • googletagmanager\.com/gtm\.js

Overall confidence: 100%
Detected patterns
  • //static\.hotjar\.com/

Overall confidence: 100%
Detected patterns
  • /recaptcha/api\.js

Page Statistics

45
Requests

71 %
HTTPS

47 %
IPv6

13
Domains

20
Subdomains

17
IPs

5
Countries

813 kB
Transfer

2747 kB
Size

14
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 5
  • https://go.pardot.com/l/822463/2019-12-02/4gg/822463/879/Taxback_International_Logo_RGB_small.png HTTP 302
  • https://storage.pardot.com/822463/879/Taxback_International_Logo_RGB_small.png
Request Chain 7
  • https://go.pardot.com/l/822463/2019-11-20/37v/822463/593/Twitter_icon.png HTTP 302
  • https://storage.pardot.com/822463/593/Twitter_icon.png
Request Chain 8
  • https://go.pardot.com/l/822463/2019-11-20/37x/822463/595/Facebook_icon.png HTTP 302
  • https://storage.pardot.com/822463/595/Facebook_icon.png
Request Chain 9
  • https://go.pardot.com/l/822463/2019-11-20/374i/822463/581/Linkedin_icon.png%3E HTTP 302
  • https://storage.pardot.com/822463/581/Linkedin_icon.png
Request Chain 14
  • https://go.pardot.com/l/822463/2019-12-03/4m2/822463/943/required_icon.png HTTP 302
  • https://storage.pardot.com/822463/943/required_icon.png
Request Chain 21
  • https://go.pardot.com/l/822463/2019-12-02/4gg/822463/879/Taxback_International_Logo_RGB_small.png HTTP 302
  • https://storage.pardot.com/822463/879/Taxback_International_Logo_RGB_small.png
Request Chain 22
  • https://go.pardot.com/l/822463/2019-11-20/37v/822463/593/Twitter_icon.png HTTP 302
  • https://storage.pardot.com/822463/593/Twitter_icon.png
Request Chain 23
  • https://go.pardot.com/l/822463/2019-11-20/37x/822463/595/Facebook_icon.png HTTP 302
  • https://storage.pardot.com/822463/595/Facebook_icon.png
Request Chain 24
  • https://go.pardot.com/l/822463/2019-11-20/374i/822463/581/Linkedin_icon.png%3E HTTP 302
  • https://storage.pardot.com/822463/581/Linkedin_icon.png
Request Chain 29
  • https://www2.taxbackinternational.com/favicon HTTP 302
  • https://storage.pardot.com/822463/1625588444yh4zGQSa/cropped_favicon_1_1_192x192.png

45 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request newsletter-subscription
www2.taxbackinternational.com/
22 KB
8 KB
Document
General
Full URL
https://www2.taxbackinternational.com/newsletter-subscription
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.54.96.194 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-54-96-194.compute-1.amazonaws.com
Software
/
Resource Hash
b16e1681199451f1696dc383551a188bce501c1e28654f7eeba8d8a6961729dd

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

Connection
keep-alive
Content-Length
7070
Content-Type
text/html; charset=utf-8
Date
Mon, 20 May 2024 04:49:29 GMT
X-Pardot-Route
e8229a0ff18ebffc83a98010d2521dd5
cache-control
no-store, no-cache, must-revalidate
content-encoding
gzip
expires
Thu, 19 Nov 1981 08:52:00 GMT
p3p
CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
pragma
no-cache
status
404 Not Found
vary
Accept-Encoding,User-Agent
x-pardot-rsp
0/0/1
uc.js
consent.cookiebot.com/
109 KB
34 KB
Script
General
Full URL
https://consent.cookiebot.com/uc.js
Requested by
Host: www2.taxbackinternational.com
URL: https://www2.taxbackinternational.com/newsletter-subscription
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f150 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
88c87349d2bf113f3589ef89169acec4a0dde633f817506189bd0c2f7a68b892

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www2.taxbackinternational.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

request-context
appId=cid-v1:89f47f4b-bed0-4db8-956b-d6e6dfac3fef
date
Mon, 20 May 2024 04:49:30 GMT
content-encoding
gzip
last-modified
Wed, 15 May 2024 08:37:48 GMT
etag
"32674b2aa3a6da1:0"
vary
Accept-Encoding
content-type
application/javascript
access-control-expose-headers
Request-Context
cache-control
public, max-age=128
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
34250
expires
Mon, 20 May 2024 04:51:38 GMT
bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/
118 KB
20 KB
Stylesheet
General
Full URL
https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css
Requested by
Host: www2.taxbackinternational.com
URL: https://www2.taxbackinternational.com/newsletter-subscription
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.10.207 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www2.taxbackinternational.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 20 May 2024 04:49:30 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
cdn-edgestorageid
940
age
308082
cdn-cachedat
10/31/2023 19:15:06
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
last-modified
Mon, 25 Jan 2021 22:03:59 GMT
cdn-proxyver
1.04
cdn-requestpullcode
200
server
cloudflare
etag
W/"ec3bb52a00e176a7181d454dffaea219"
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cache-control
public, max-age=31919000
cdn-requestid
c83fee2ffb8cb55535eaeb2520d7c34a
timing-allow-origin
*
cdn-requestcountrycode
US
cdn-status
200
cf-ray
8869b353499a4daa-FRA
cdn-requestpullsuccess
True
css
fonts.googleapis.com/
5 KB
1 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Fira+Sans:400,600&display=swap
Requested by
Host: www2.taxbackinternational.com
URL: https://www2.taxbackinternational.com/newsletter-subscription
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
ce71f16cf595b24b5c6dca41f10a624b7258d31e680288fb1e491157704f3182
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www2.taxbackinternational.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
date
Mon, 20 May 2024 04:49:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Mon, 20 May 2024 04:49:30 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 20 May 2024 04:49:30 GMT
form.css
www2.taxbackinternational.com/css/
31 KB
8 KB
Stylesheet
General
Full URL
https://www2.taxbackinternational.com/css/form.css?ver=2021-09-20
Requested by
Host: www2.taxbackinternational.com
URL: https://www2.taxbackinternational.com/newsletter-subscription
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.54.96.194 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-54-96-194.compute-1.amazonaws.com
Software
/
Resource Hash
6dbd1967a8963d2eead020be31031ed12df79148acfea8cb787fa1358d5b4559

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www2.taxbackinternational.com/newsletter-subscription
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Mon, 20 May 2024 04:49:30 GMT
content-encoding
gzip
X-Pardot-Route
e8229a0ff18ebffc83a98010d2521dd5
last-modified
Fri, 17 May 2024 05:29:04 GMT
etag
"7be2-gzip"
vary
Accept-Encoding,User-Agent
Content-Type
text/css
cache-control
max-age=63072000
Connection
keep-alive
accept-ranges
bytes
Content-Length
7660
expires
Wed, 20 May 2026 04:49:30 GMT
piUtils.js
www2.taxbackinternational.com/js/
343 KB
100 KB
Script
General
Full URL
https://www2.taxbackinternational.com/js/piUtils.js?ver=2021-09-20
Requested by
Host: www2.taxbackinternational.com
URL: https://www2.taxbackinternational.com/newsletter-subscription
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.54.96.194 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-54-96-194.compute-1.amazonaws.com
Software
/
Resource Hash
87fbc6477d07c0b9eb56d8839da504fcaf1cdbb8bec3e7f6581cfe92f4abdfce

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www2.taxbackinternational.com/newsletter-subscription
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Mon, 20 May 2024 04:49:30 GMT
content-encoding
gzip
X-Pardot-Route
e8229a0ff18ebffc83a98010d2521dd5
last-modified
Fri, 17 May 2024 05:29:04 GMT
etag
"55cc5-gzip"
Transfer-Encoding
chunked
vary
Accept-Encoding,User-Agent
Content-Type
application/javascript
cache-control
max-age=63072000
Connection
keep-alive
accept-ranges
bytes
expires
Wed, 20 May 2026 04:49:30 GMT
Taxback_International_Logo_RGB_small.png
storage.pardot.com/822463/879/
Redirect Chain
  • https://go.pardot.com/l/822463/2019-12-02/4gg/822463/879/Taxback_International_Logo_RGB_small.png
  • https://storage.pardot.com/822463/879/Taxback_International_Logo_RGB_small.png
9 KB
10 KB
Image
General
Full URL
https://storage.pardot.com/822463/879/Taxback_International_Logo_RGB_small.png
Requested by
Host: www2.taxbackinternational.com
URL: https://www2.taxbackinternational.com/newsletter-subscription
Protocol
H2
Server
2600:9000:2359:c00:d:7e9b:1200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c3c02e5dfb2c63801a01bbea7057bad3b35fd21aa69e64f3486278dfd0bb2fc2

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://www2.taxbackinternational.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

date
Sun, 19 May 2024 22:08:38 GMT
x-amz-version-id
BxMMXixbJR1KxR2_2nbBi_lBHpsGPu2r
via
1.1 3c07e6ef6fe5c74a2c43590885d64f70.cloudfront.net (CloudFront)
last-modified
Mon, 02 Dec 2019 14:58:31 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P10
age
24053
etag
"6f9773e23ffb394c4f341088ab1c32ab"
x-cache
Hit from cloudfront
content-type
image/png; charset=binary
accept-ranges
bytes
x-robots-tag
none
content-length
9672
x-amz-cf-id
DLsQeW9OAQxaTlr6mcPstcM66WG4awik-6KHcBsN0A3Z7JVBOrlIKg==

Redirect headers

Date
Mon, 20 May 2024 04:49:30 GMT
content-security-policy
sandbox allow-downloads allow-forms allow-modals allow-orientation-lock allow-pointer-lock allow-popups allow-popups-to-escape-sandbox allow-presentation allow-scripts allow-top-navigation allow-top-navigation-by-user-activation
content-encoding
gzip
X-Pardot-Route
e8229a0ff18ebffc83a98010d2521dd5
vary
Accept-Encoding,User-Agent
p3p
CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
location
https://storage.pardot.com/822463/879/Taxback_International_Logo_RGB_small.png
Content-Type
text/html; charset=UTF-8
cache-control
max-age=600
Connection
keep-alive
x-robots-tag
none
Content-Length
150
expires
Mon, 20 May 2024 04:59:30 GMT
api.js
www.google.com/recaptcha/
1 KB
946 B
Script
General
Full URL
https://www.google.com/recaptcha/api.js
Requested by
Host: www2.taxbackinternational.com
URL: https://www2.taxbackinternational.com/newsletter-subscription
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.164 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s51-in-f4.1e100.net
Software
GSE /
Resource Hash
6fc1c99f6d9a1a516f7be4a6a7242d988bcb73a9274e66eb9cc30772c2261c81
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www2.taxbackinternational.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 20 May 2024 04:49:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=utf-8
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
expires
Mon, 20 May 2024 04:49:30 GMT
Twitter_icon.png
storage.pardot.com/822463/593/
Redirect Chain
  • https://go.pardot.com/l/822463/2019-11-20/37v/822463/593/Twitter_icon.png
  • https://storage.pardot.com/822463/593/Twitter_icon.png
1 KB
2 KB
Image
General
Full URL
https://storage.pardot.com/822463/593/Twitter_icon.png
Requested by
Host: www2.taxbackinternational.com
URL: https://www2.taxbackinternational.com/newsletter-subscription
Protocol
H2
Server
2600:9000:2359:c00:d:7e9b:1200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
71337de3ca81da24e76332d34f783e2b65529db81d259481b88f9b2b810adf0f

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://www2.taxbackinternational.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

x-amz-version-id
Ljow9FxwKPzoGOqRjr21WTQ5ItVTvNB3
date
Sun, 19 May 2024 22:08:39 GMT
via
1.1 3c07e6ef6fe5c74a2c43590885d64f70.cloudfront.net (CloudFront)
last-modified
Wed, 20 Nov 2019 17:00:55 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P10
age
24052
etag
"3b2ae863e84233586dd349511ced303a"
x-cache
Hit from cloudfront
content-type
image/png; charset=binary
accept-ranges
bytes
x-robots-tag
none
content-length
1181
x-amz-cf-id
jCaYAm0OTtLEhc_Zn1QuY4g8SS1pLQQZDxHfIwr17XbydItWMO4L9Q==

Redirect headers

Date
Mon, 20 May 2024 04:49:30 GMT
content-security-policy
sandbox allow-downloads allow-forms allow-modals allow-orientation-lock allow-pointer-lock allow-popups allow-popups-to-escape-sandbox allow-presentation allow-scripts allow-top-navigation allow-top-navigation-by-user-activation
content-encoding
gzip
X-Pardot-Route
e8229a0ff18ebffc83a98010d2521dd5
vary
Accept-Encoding,User-Agent
p3p
CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
location
https://storage.pardot.com/822463/593/Twitter_icon.png
Content-Type
text/html; charset=UTF-8
cache-control
max-age=600
Connection
keep-alive
x-robots-tag
none
Content-Length
128
expires
Mon, 20 May 2024 04:59:30 GMT
Facebook_icon.png
storage.pardot.com/822463/595/
Redirect Chain
  • https://go.pardot.com/l/822463/2019-11-20/37x/822463/595/Facebook_icon.png
  • https://storage.pardot.com/822463/595/Facebook_icon.png
437 B
830 B
Image
General
Full URL
https://storage.pardot.com/822463/595/Facebook_icon.png
Requested by
Host: www2.taxbackinternational.com
URL: https://www2.taxbackinternational.com/newsletter-subscription
Protocol
H2
Server
2600:9000:2359:c00:d:7e9b:1200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0fefbfbdaeddd6622b5cc3dadf2dbb7534cc31f5e7fb1079a657afc4884920c6

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://www2.taxbackinternational.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

x-amz-version-id
oXoF2XMGqiWSDprFbOFiEp2ZzaUU_xI_
date
Sun, 19 May 2024 22:08:39 GMT
via
1.1 3c07e6ef6fe5c74a2c43590885d64f70.cloudfront.net (CloudFront)
last-modified
Wed, 20 Nov 2019 17:01:13 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P10
age
24052
etag
"18ed000aaecd19a0d19dd3ba3339bab5"
x-cache
Hit from cloudfront
content-type
image/png; charset=binary
accept-ranges
bytes
x-robots-tag
none
content-length
437
x-amz-cf-id
K7IOEtzjIiJRCGUR8fw2DVGYiahXkoPC1JD07PtVTFS-X5N0QgSXbg==

Redirect headers

Date
Mon, 20 May 2024 04:49:30 GMT
content-security-policy
sandbox allow-downloads allow-forms allow-modals allow-orientation-lock allow-pointer-lock allow-popups allow-popups-to-escape-sandbox allow-presentation allow-scripts allow-top-navigation allow-top-navigation-by-user-activation
content-encoding
gzip
X-Pardot-Route
e8229a0ff18ebffc83a98010d2521dd5
vary
Accept-Encoding,User-Agent
p3p
CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
location
https://storage.pardot.com/822463/595/Facebook_icon.png
Content-Type
text/html; charset=UTF-8
cache-control
max-age=600
Connection
keep-alive
x-robots-tag
none
Content-Length
129
expires
Mon, 20 May 2024 04:59:30 GMT
Linkedin_icon.png
storage.pardot.com/822463/581/
Redirect Chain
  • https://go.pardot.com/l/822463/2019-11-20/374i/822463/581/Linkedin_icon.png%3E
  • https://storage.pardot.com/822463/581/Linkedin_icon.png
611 B
1003 B
Image
General
Full URL
https://storage.pardot.com/822463/581/Linkedin_icon.png
Requested by
Host: www2.taxbackinternational.com
URL: https://www2.taxbackinternational.com/newsletter-subscription
Protocol
H2
Server
2600:9000:2359:c00:d:7e9b:1200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
db62e680732ec6047436c89bc876fdc3946caa18639b73d6bff5d61e672b0252

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://www2.taxbackinternational.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

date
Sun, 19 May 2024 22:08:39 GMT
x-amz-version-id
o3EP5Cz0giYmLFnm8i4w8Su2Bpym5KQ5
via
1.1 3c07e6ef6fe5c74a2c43590885d64f70.cloudfront.net (CloudFront)
last-modified
Wed, 20 Nov 2019 12:23:24 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P10
age
24052
etag
"9b062b2fec0be7f6e7d9f8b49c1e36f6"
x-cache
Hit from cloudfront
content-type
image/png; charset=binary
accept-ranges
bytes
x-robots-tag
none
content-length
611
x-amz-cf-id
m5d98f-xIGkmgBdjJsLbfwj5G0d1iCWVVaZraBGNY42rU15IdIhzfQ==

Redirect headers

Date
Mon, 20 May 2024 04:49:30 GMT
content-security-policy
sandbox allow-downloads allow-forms allow-modals allow-orientation-lock allow-pointer-lock allow-popups allow-popups-to-escape-sandbox allow-presentation allow-scripts allow-top-navigation allow-top-navigation-by-user-activation
content-encoding
gzip
X-Pardot-Route
e8229a0ff18ebffc83a98010d2521dd5
vary
Accept-Encoding,User-Agent
p3p
CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
location
https://storage.pardot.com/822463/581/Linkedin_icon.png
Content-Type
text/html; charset=UTF-8
cache-control
max-age=600
Connection
keep-alive
x-robots-tag
none
x-pardot-canary
true
Content-Length
129
expires
Mon, 20 May 2024 04:59:30 GMT
ISO_27001.png
taxbackinternational.com/wp-content/uploads/2021/01/
2 KB
2 KB
Image
General
Full URL
https://taxbackinternational.com/wp-content/uploads/2021/01/ISO_27001.png
Requested by
Host: www2.taxbackinternational.com
URL: https://www2.taxbackinternational.com/newsletter-subscription
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.90.85.97 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
97.85.90.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
5aaa0ffeb9539ef00510e5d7fe7b943dcf689291c358e11d17a591784681ee5f

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www2.taxbackinternational.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 20 May 2024 04:49:30 GMT
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 23 Apr 2021 15:12:07 GMT
server
nginx
etag
"6082e3c7-69e"
vary
Accept
content-type
image/webp
accept-ranges
bytes
content-length
1694
configuration.js
consentcdn.cookiebot.com/consentconfig/247b7231-59de-491c-89b8-3a23e81358ac/www2.taxbackinternational.com/
0
365 B
Script
General
Full URL
https://consentcdn.cookiebot.com/consentconfig/247b7231-59de-491c-89b8-3a23e81358ac/www2.taxbackinternational.com/configuration.js
Requested by
Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:594::f09 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www2.taxbackinternational.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 20 May 2024 04:49:30 GMT
last-modified
Fri, 09 Jun 2023 13:54:41 GMT
server
AkamaiNetStorage
etag
"d41d8cd98f00b204e9800998ecf8427e:1686318881.020928"
content-type
application/x-javascript
cache-control
max-age=62404
cross-origin-resource-policy
cross-origin
server-timing
cdn-cache; desc=HIT, edge; dur=4, origin; dur=0, ak_p; desc="1716180570291_35115158_530099725_357_947_19_26_146";dur=1
accept-ranges
bytes
content-length
0
expires
Mon, 20 May 2024 22:09:34 GMT
cc.js
consent.cookiebot.com/247b7231-59de-491c-89b8-3a23e81358ac/
306 KB
82 KB
Script
General
Full URL
https://consent.cookiebot.com/247b7231-59de-491c-89b8-3a23e81358ac/cc.js?renew=false&referer=www2.taxbackinternational.com&dnt=false&init=false
Requested by
Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f150 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
7140260d6e5eb3d959230c5a6e10219cea497286d3abc77c56c5a3058c778b19

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www2.taxbackinternational.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 20 May 2024 04:49:30 GMT
content-encoding
gzip
last-modified
Mon, 20 May 2024 04:49:30 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-expose-headers
Request-Context
cache-control
private, max-age=1200
cross-origin-resource-policy
cross-origin
request-context
appId=cid-v1:89f47f4b-bed0-4db8-956b-d6e6dfac3fef
font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.2.0/css/
0
0

required_icon.png
storage.pardot.com/822463/943/
Redirect Chain
  • https://go.pardot.com/l/822463/2019-12-03/4m2/822463/943/required_icon.png
  • https://storage.pardot.com/822463/943/required_icon.png
322 B
717 B
Image
General
Full URL
https://storage.pardot.com/822463/943/required_icon.png
Requested by
Host: www2.taxbackinternational.com
URL: https://www2.taxbackinternational.com/newsletter-subscription
Protocol
H2
Server
2600:9000:2359:c00:d:7e9b:1200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
985a5d156a0674cbd5de840bdd4f838fb1148bacea368c1c599117279c8549d1

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://www2.taxbackinternational.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

date
Sun, 19 May 2024 22:08:40 GMT
x-amz-version-id
Vml3GiECmxKoGBhtAt3lIZZO5AcUZlyD
via
1.1 3c07e6ef6fe5c74a2c43590885d64f70.cloudfront.net (CloudFront)
last-modified
Tue, 03 Dec 2019 12:39:46 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P10
age
24051
etag
"52032d254b753c43f603573d6a46a12d"
x-cache
Hit from cloudfront
content-type
image/png; charset=binary
accept-ranges
bytes
x-robots-tag
none
content-length
322
x-amz-cf-id
OS0xqW5ZWrjByoUv4aTwzW8I3Ar2BZO9VBay6TaIFjKXBoiS2fwfgw==

Redirect headers

Date
Mon, 20 May 2024 04:49:30 GMT
content-security-policy
sandbox allow-downloads allow-forms allow-modals allow-orientation-lock allow-pointer-lock allow-popups allow-popups-to-escape-sandbox allow-presentation allow-scripts allow-top-navigation allow-top-navigation-by-user-activation
content-encoding
gzip
X-Pardot-Route
e8229a0ff18ebffc83a98010d2521dd5
vary
Accept-Encoding,User-Agent
p3p
CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
location
https://storage.pardot.com/822463/943/required_icon.png
Content-Type
text/html; charset=UTF-8
cache-control
max-age=600
Connection
keep-alive
x-robots-tag
none
Content-Length
123
expires
Mon, 20 May 2024 04:59:30 GMT
va9B4kDNxMZdWfMOD5VnSKzeRhf6.woff2
fonts.gstatic.com/s/firasans/v17/
24 KB
25 KB
Font
General
Full URL
https://fonts.gstatic.com/s/firasans/v17/va9B4kDNxMZdWfMOD5VnSKzeRhf6.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Fira+Sans:400,600&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3bdc29109b621ad2c793d86fdc3f61e810d4aeafc3b8419f8f2aeb9c7ce0d364
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://fonts.googleapis.com/
Origin
https://www2.taxbackinternational.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 18 May 2024 10:28:26 GMT
x-content-type-options
nosniff
age
152464
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
24868
x-xss-protection
0
last-modified
Tue, 02 May 2023 14:50:11 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 18 May 2025 10:28:26 GMT
va9E4kDNxMZdWfMOD5Vvl4jL.woff2
fonts.gstatic.com/s/firasans/v17/
23 KB
23 KB
Font
General
Full URL
https://fonts.gstatic.com/s/firasans/v17/va9E4kDNxMZdWfMOD5Vvl4jL.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Fira+Sans:400,600&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
89ae1743656b75948be30cc4909efd3c61771b7bd9f6d53eb14cd9731d486b57
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://fonts.googleapis.com/
Origin
https://www2.taxbackinternational.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 18 May 2024 01:17:26 GMT
x-content-type-options
nosniff
age
185524
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
23880
x-xss-protection
0
last-modified
Tue, 02 May 2023 14:50:07 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 18 May 2025 01:17:26 GMT
bg-footer.png
taxbackinternational.com/wp-content/themes/taxback/assets/images/footer/
0
0

bc-v4.min.html
consentcdn.cookiebot.com/sdk/ Frame 2A33
0
0
Document
General
Full URL
https://consentcdn.cookiebot.com/sdk/bc-v4.min.html
Requested by
Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:594::f09 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://www2.taxbackinternational.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

accept-ranges
bytes
cache-control
max-age=30398160
content-encoding
gzip
content-length
392
content-type
text/html
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Mon, 20 May 2024 04:49:30 GMT
etag
"3d08665fa4c7bcf9fa2dcbbc7efe1d0f:1649057029.895163"
expires
Wed, 07 May 2025 00:45:30 GMT
last-modified
Mon, 04 Apr 2022 07:23:49 GMT
server
AkamaiNetStorage
server-timing
cdn-cache; desc=HIT edge; dur=1 ak_p; desc="1716180570339_35115158_530099757_34_1156_19_23_255";dur=1
vary
Accept-Encoding
x-akamai-transformed
9 - 0 pmb=mRUM,1
truncated
/
2 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6df437963b6a8761c4e9a7afd955dcbee038e35eabf1ebd723dc7d44e9c33b2d

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
293 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8181a739bd0ed0fd64624c4aa15b7847bc9d4fd0660bff56c8c9192c4ef75979

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
Taxback_International_Logo_RGB_small.png
storage.pardot.com/822463/879/
Redirect Chain
  • https://go.pardot.com/l/822463/2019-12-02/4gg/822463/879/Taxback_International_Logo_RGB_small.png
  • https://storage.pardot.com/822463/879/Taxback_International_Logo_RGB_small.png
9 KB
0
Image
General
Full URL
https://storage.pardot.com/822463/879/Taxback_International_Logo_RGB_small.png
Requested by
Host: www2.taxbackinternational.com
URL: https://www2.taxbackinternational.com/newsletter-subscription
Protocol
H2
Server
2600:9000:2359:c00:d:7e9b:1200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c3c02e5dfb2c63801a01bbea7057bad3b35fd21aa69e64f3486278dfd0bb2fc2

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://www2.taxbackinternational.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

date
Sun, 19 May 2024 22:08:38 GMT
x-amz-version-id
BxMMXixbJR1KxR2_2nbBi_lBHpsGPu2r
via
1.1 3c07e6ef6fe5c74a2c43590885d64f70.cloudfront.net (CloudFront)
last-modified
Mon, 02 Dec 2019 14:58:31 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P10
age
24053
etag
"6f9773e23ffb394c4f341088ab1c32ab"
x-cache
Hit from cloudfront
content-type
image/png; charset=binary
accept-ranges
bytes
x-robots-tag
none
content-length
9672
x-amz-cf-id
DLsQeW9OAQxaTlr6mcPstcM66WG4awik-6KHcBsN0A3Z7JVBOrlIKg==

Redirect headers

Date
Mon, 20 May 2024 04:49:30 GMT
content-security-policy
sandbox allow-downloads allow-forms allow-modals allow-orientation-lock allow-pointer-lock allow-popups allow-popups-to-escape-sandbox allow-presentation allow-scripts allow-top-navigation allow-top-navigation-by-user-activation
content-encoding
gzip
X-Pardot-Route
e8229a0ff18ebffc83a98010d2521dd5
vary
Accept-Encoding,User-Agent
p3p
CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
location
https://storage.pardot.com/822463/879/Taxback_International_Logo_RGB_small.png
Content-Type
text/html; charset=UTF-8
cache-control
max-age=600
x-robots-tag
none
Content-Length
150
expires
Mon, 20 May 2024 04:59:30 GMT
Twitter_icon.png
storage.pardot.com/822463/593/
Redirect Chain
  • https://go.pardot.com/l/822463/2019-11-20/37v/822463/593/Twitter_icon.png
  • https://storage.pardot.com/822463/593/Twitter_icon.png
1 KB
0
Image
General
Full URL
https://storage.pardot.com/822463/593/Twitter_icon.png
Requested by
Host: www2.taxbackinternational.com
URL: https://www2.taxbackinternational.com/newsletter-subscription
Protocol
H2
Server
2600:9000:2359:c00:d:7e9b:1200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
71337de3ca81da24e76332d34f783e2b65529db81d259481b88f9b2b810adf0f

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://www2.taxbackinternational.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

x-amz-version-id
Ljow9FxwKPzoGOqRjr21WTQ5ItVTvNB3
date
Sun, 19 May 2024 22:08:39 GMT
via
1.1 3c07e6ef6fe5c74a2c43590885d64f70.cloudfront.net (CloudFront)
last-modified
Wed, 20 Nov 2019 17:00:55 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P10
age
24052
etag
"3b2ae863e84233586dd349511ced303a"
x-cache
Hit from cloudfront
content-type
image/png; charset=binary
accept-ranges
bytes
x-robots-tag
none
content-length
1181
x-amz-cf-id
jCaYAm0OTtLEhc_Zn1QuY4g8SS1pLQQZDxHfIwr17XbydItWMO4L9Q==

Redirect headers

Date
Mon, 20 May 2024 04:49:30 GMT
content-security-policy
sandbox allow-downloads allow-forms allow-modals allow-orientation-lock allow-pointer-lock allow-popups allow-popups-to-escape-sandbox allow-presentation allow-scripts allow-top-navigation allow-top-navigation-by-user-activation
content-encoding
gzip
X-Pardot-Route
e8229a0ff18ebffc83a98010d2521dd5
vary
Accept-Encoding,User-Agent
p3p
CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
location
https://storage.pardot.com/822463/593/Twitter_icon.png
Content-Type
text/html; charset=UTF-8
cache-control
max-age=600
x-robots-tag
none
Content-Length
128
expires
Mon, 20 May 2024 04:59:30 GMT
Facebook_icon.png
storage.pardot.com/822463/595/
Redirect Chain
  • https://go.pardot.com/l/822463/2019-11-20/37x/822463/595/Facebook_icon.png
  • https://storage.pardot.com/822463/595/Facebook_icon.png
437 B
0
Image
General
Full URL
https://storage.pardot.com/822463/595/Facebook_icon.png
Requested by
Host: www2.taxbackinternational.com
URL: https://www2.taxbackinternational.com/newsletter-subscription
Protocol
H2
Server
2600:9000:2359:c00:d:7e9b:1200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0fefbfbdaeddd6622b5cc3dadf2dbb7534cc31f5e7fb1079a657afc4884920c6

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://www2.taxbackinternational.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

x-amz-version-id
oXoF2XMGqiWSDprFbOFiEp2ZzaUU_xI_
date
Sun, 19 May 2024 22:08:39 GMT
via
1.1 3c07e6ef6fe5c74a2c43590885d64f70.cloudfront.net (CloudFront)
last-modified
Wed, 20 Nov 2019 17:01:13 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P10
age
24052
etag
"18ed000aaecd19a0d19dd3ba3339bab5"
x-cache
Hit from cloudfront
content-type
image/png; charset=binary
accept-ranges
bytes
x-robots-tag
none
content-length
437
x-amz-cf-id
K7IOEtzjIiJRCGUR8fw2DVGYiahXkoPC1JD07PtVTFS-X5N0QgSXbg==

Redirect headers

Date
Mon, 20 May 2024 04:49:30 GMT
content-security-policy
sandbox allow-downloads allow-forms allow-modals allow-orientation-lock allow-pointer-lock allow-popups allow-popups-to-escape-sandbox allow-presentation allow-scripts allow-top-navigation allow-top-navigation-by-user-activation
content-encoding
gzip
X-Pardot-Route
e8229a0ff18ebffc83a98010d2521dd5
vary
Accept-Encoding,User-Agent
p3p
CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
location
https://storage.pardot.com/822463/595/Facebook_icon.png
Content-Type
text/html; charset=UTF-8
cache-control
max-age=600
x-robots-tag
none
Content-Length
129
expires
Mon, 20 May 2024 04:59:30 GMT
Linkedin_icon.png
storage.pardot.com/822463/581/
Redirect Chain
  • https://go.pardot.com/l/822463/2019-11-20/374i/822463/581/Linkedin_icon.png%3E
  • https://storage.pardot.com/822463/581/Linkedin_icon.png
611 B
0
Image
General
Full URL
https://storage.pardot.com/822463/581/Linkedin_icon.png
Requested by
Host: www2.taxbackinternational.com
URL: https://www2.taxbackinternational.com/newsletter-subscription
Protocol
H2
Server
2600:9000:2359:c00:d:7e9b:1200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
db62e680732ec6047436c89bc876fdc3946caa18639b73d6bff5d61e672b0252

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://www2.taxbackinternational.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

date
Sun, 19 May 2024 22:08:39 GMT
x-amz-version-id
o3EP5Cz0giYmLFnm8i4w8Su2Bpym5KQ5
via
1.1 3c07e6ef6fe5c74a2c43590885d64f70.cloudfront.net (CloudFront)
last-modified
Wed, 20 Nov 2019 12:23:24 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P10
age
24052
etag
"9b062b2fec0be7f6e7d9f8b49c1e36f6"
x-cache
Hit from cloudfront
content-type
image/png; charset=binary
accept-ranges
bytes
x-robots-tag
none
content-length
611
x-amz-cf-id
m5d98f-xIGkmgBdjJsLbfwj5G0d1iCWVVaZraBGNY42rU15IdIhzfQ==

Redirect headers

Date
Mon, 20 May 2024 04:49:30 GMT
content-security-policy
sandbox allow-downloads allow-forms allow-modals allow-orientation-lock allow-pointer-lock allow-popups allow-popups-to-escape-sandbox allow-presentation allow-scripts allow-top-navigation allow-top-navigation-by-user-activation
content-encoding
gzip
X-Pardot-Route
e8229a0ff18ebffc83a98010d2521dd5
vary
Accept-Encoding,User-Agent
p3p
CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
location
https://storage.pardot.com/822463/581/Linkedin_icon.png
Content-Type
text/html; charset=UTF-8
cache-control
max-age=600
x-robots-tag
none
x-pardot-canary
true
Content-Length
129
expires
Mon, 20 May 2024 04:59:30 GMT
ISO_27001.png
taxbackinternational.com/wp-content/uploads/2021/01/
2 KB
0
Image
General
Full URL
https://taxbackinternational.com/wp-content/uploads/2021/01/ISO_27001.png
Requested by
Host: www2.taxbackinternational.com
URL: https://www2.taxbackinternational.com/newsletter-subscription
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.90.85.97 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
97.85.90.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
5aaa0ffeb9539ef00510e5d7fe7b943dcf689291c358e11d17a591784681ee5f

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www2.taxbackinternational.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 20 May 2024 04:49:30 GMT
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 23 Apr 2021 15:12:07 GMT
server
nginx
etag
"6082e3c7-69e"
vary
Accept
content-type
image/webp
accept-ranges
bytes
content-length
1694
gtm.js
www.googletagmanager.com/
328 KB
111 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-PFNWVX3
Requested by
Host: www2.taxbackinternational.com
URL: https://www2.taxbackinternational.com/newsletter-subscription
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
d1d49b7f3d264ee0db6db8b376c13e29a3962bf6cd5343bbb653f9c10e5ad25d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www2.taxbackinternational.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 20 May 2024 04:49:30 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
113702
x-xss-protection
0
last-modified
Mon, 20 May 2024 03:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Mon, 20 May 2024 04:49:30 GMT
piUtils.js
www2.taxbackinternational.com/js/
343 KB
0
Script
General
Full URL
https://www2.taxbackinternational.com/js/piUtils.js?ver=2021-09-20
Requested by
Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.54.96.194 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-54-96-194.compute-1.amazonaws.com
Software
/
Resource Hash
87fbc6477d07c0b9eb56d8839da504fcaf1cdbb8bec3e7f6581cfe92f4abdfce

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www2.taxbackinternational.com/newsletter-subscription
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Mon, 20 May 2024 04:49:30 GMT
content-encoding
gzip
X-Pardot-Route
e8229a0ff18ebffc83a98010d2521dd5
last-modified
Fri, 17 May 2024 05:29:04 GMT
etag
"55cc5-gzip"
vary
Accept-Encoding,User-Agent
Content-Type
application/javascript
cache-control
max-age=63072000
accept-ranges
bytes
expires
Wed, 20 May 2026 04:49:30 GMT
1.gif
imgsct.cookiebot.com/
35 B
479 B
Image
General
Full URL
https://imgsct.cookiebot.com/1.gif?dgi=247b7231-59de-491c-89b8-3a23e81358ac
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:594::f09 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
UploadServer /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www2.taxbackinternational.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 20 May 2024 04:49:30 GMT
x-guploader-uploadid
ABPtcPrPVbBrcPPyszcywrbvCisqZK2Ulg_iRqJzqeIKVXW_dIf9hMNvs8aLefPVNdSZWldxrk9rYnGv5Q
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-length
35
last-modified
Mon, 23 Oct 2023 11:39:32 GMT
server
UploadServer
etag
"c2196de8ba412c60c22ab491af7b1409"
x-goog-generation
1698061172769999
x-goog-hash
crc32c=rX4K2g==, md5=whlt6LpBLGDCKrSRr3sUCQ==
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public,max-age=1800
x-goog-stored-content-length
35
accept-ranges
bytes
content-type
image/gif
cropped_favicon_1_1_192x192.png
storage.pardot.com/822463/1625588444yh4zGQSa/
Redirect Chain
  • https://www2.taxbackinternational.com/favicon
  • https://storage.pardot.com/822463/1625588444yh4zGQSa/cropped_favicon_1_1_192x192.png
5 KB
5 KB
Other
General
Full URL
https://storage.pardot.com/822463/1625588444yh4zGQSa/cropped_favicon_1_1_192x192.png
Protocol
H2
Server
2600:9000:2359:c00:d:7e9b:1200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e02dc38172e7e5b5ff2e02c16476a2165e2c866f79e96db266fd69ea6d2f48a0

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://www2.taxbackinternational.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

date
Sun, 19 May 2024 22:08:41 GMT
x-amz-version-id
ENnAfvJGCgMPrme4_WdFiUBz9HyXwZ5p
via
1.1 3c07e6ef6fe5c74a2c43590885d64f70.cloudfront.net (CloudFront)
last-modified
Tue, 06 Jul 2021 16:20:46 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P10
age
24050
etag
"28a45de47bdc66b5ad5ece01e67bee52"
x-cache
Hit from cloudfront
content-type
image/png; charset=binary
x-amz-replication-status
COMPLETED
accept-ranges
bytes
x-robots-tag
none
content-length
4825
x-amz-cf-id
KwRtV1YX8462556dHgNx62jaXVu52Se8a5-mMM_4K2YYDUs23jeIWg==

Redirect headers

Date
Mon, 20 May 2024 04:49:30 GMT
content-encoding
gzip
X-Pardot-Route
e8229a0ff18ebffc83a98010d2521dd5
vary
Accept-Encoding,User-Agent
p3p
CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
location
https://storage.pardot.com/822463/1625588444yh4zGQSa/cropped_favicon_1_1_192x192.png
Content-Type
text/html; charset=UTF-8
cache-control
max-age=600
Connection
keep-alive
x-robots-tag
none
Content-Length
153
expires
Mon, 20 May 2024 04:59:30 GMT
api.js
www.google.com/recaptcha/
1 KB
0
Script
General
Full URL
https://www.google.com/recaptcha/api.js
Requested by
Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.164 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s51-in-f4.1e100.net
Software
GSE /
Resource Hash
6fc1c99f6d9a1a516f7be4a6a7242d988bcb73a9274e66eb9cc30772c2261c81
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www2.taxbackinternational.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 20 May 2024 04:49:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=utf-8
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
expires
Mon, 20 May 2024 04:49:30 GMT
recaptcha__de.js
www.gstatic.com/recaptcha/releases/8k85QBI-qzxmenDv318AZH30/
519 KB
207 KB
Script
General
Full URL
https://www.gstatic.com/recaptcha/releases/8k85QBI-qzxmenDv318AZH30/recaptcha__de.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e92f0b552deffbf207cee5389713056c7c3d27e4b9b9edaf29338d01a83c5962
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www2.taxbackinternational.com/
Origin
https://www2.taxbackinternational.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 19 May 2024 18:38:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
36673
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
210834
x-xss-protection
0
last-modified
Mon, 13 May 2024 17:44:43 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Mon, 19 May 2025 18:38:17 GMT
hotjar-2859846.js
static.hotjar.com/c/
9 KB
4 KB
Script
General
Full URL
https://static.hotjar.com/c/hotjar-2859846.js?sv=7
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PFNWVX3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.102.51 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-102-51.fra56.r.cloudfront.net
Software
/
Resource Hash
803c7216bc929da5081418dfea6d467950ad5eca909d86bfa58750386d68fd12
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www2.taxbackinternational.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 20 May 2024 04:49:31 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=2592000; includeSubDomains
via
1.1 6faa38f38a1fee24a829fec7c748876c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P2
etag
W/fe2d77e8f9c1350b3c8f591050bf55bd
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=60
x-cache-hit
1
cross-origin-resource-policy
cross-origin
x-amz-cf-id
0V-sGWHMaCbm6Cw6syBlqyTotozoQs6A-x4YYHOa4cQta7EGNc7z1g==
destination
www.googletagmanager.com/gtag/
255 KB
88 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/destination?id=AW-318826633&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PFNWVX3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
d40a8baf5fba8f25a2c97eab8335b013afe2f3dd20cc7646ded982f1eed31e33
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www2.taxbackinternational.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 20 May 2024 04:49:31 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
90393
x-xss-protection
0
last-modified
Mon, 20 May 2024 03:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Mon, 20 May 2024 04:49:31 GMT
iframe_api
www.youtube.com/
993 B
2 KB
Script
General
Full URL
https://www.youtube.com/iframe_api
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PFNWVX3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
96a218d076594873b054687d3d40c87ff23d2fe8e8eb32cd3129d19852257882
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www2.taxbackinternational.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 20 May 2024 04:49:31 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
content-encoding
br
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=de for more info."
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
server
ESF
x-frame-options
SAMEORIGIN
vary
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-type
text/javascript; charset=utf-8
report-to
{"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
cache-control
private, max-age=0
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
origin-trial
AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
cross-origin-opener-policy-report-only
same-origin; report-to="youtube_main"
expires
Mon, 20 May 2024 04:49:31 GMT
223733.js
secure.text6film.com/js/
829 B
719 B
Script
General
Full URL
https://secure.text6film.com/js/223733.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PFNWVX3
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
51.11.20.152 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
cc8084a696eac851802904baa107456301d90b829c1c9a2e2df7ad3385023375

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www2.taxbackinternational.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Mon, 20 May 2024 04:49:31 GMT
Content-Encoding
br
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/javascript
Cache-Control
public, max-age=86400
Connection
keep-alive
Request-Context
appId=cid-v1:abe8a76f-f1a2-4b2e-9017-0ea36ffb5c20
vJMVQdXGCkUrCrbERp5x
ws.zoominfo.com/pixel/
3 KB
2 KB
Script
General
Full URL
https://ws.zoominfo.com/pixel/vJMVQdXGCkUrCrbERp5x
Requested by
Host: www2.taxbackinternational.com
URL: https://www2.taxbackinternational.com/newsletter-subscription
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.16.117.43 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
d89db1f10348b29d4e188bae816cb4ed9e5205f168528d0c86610a7e1ad78c91
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www2.taxbackinternational.com/newsletter-subscription
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 20 May 2024 04:49:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
via
1.1 google
server
cloudflare
x-powered-by
Express
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
access-control-allow-credentials
true
x-robots-tag
noindex, nofollow
access-control-allow-headers
Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url
alt-svc
h3=":443"; ma=86400
cf-ray
8869b35a2840924a-FRA
anchor
www.google.com/recaptcha/api2/ Frame D88F
0
0
Document
General
Full URL
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&co=aHR0cHM6Ly93d3cyLnRheGJhY2tpbnRlcm5hdGlvbmFsLmNvbTo0NDM.&hl=de&v=8k85QBI-qzxmenDv318AZH30&size=normal&cb=nhqv9ondaxau
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/8k85QBI-qzxmenDv318AZH30/recaptcha__de.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.164 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s51-in-f4.1e100.net
Software
GSE /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-rxWs1KmPxJZmmFITB3k-TQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://www2.taxbackinternational.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-rxWs1KmPxJZmmFITB3k-TQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Mon, 20 May 2024 04:49:31 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
www-widgetapi.js
www.youtube.com/s/player/b05eda73/www-widgetapi.vflset/
42 KB
14 KB
Script
General
Full URL
https://www.youtube.com/s/player/b05eda73/www-widgetapi.vflset/www-widgetapi.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/iframe_api
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
727c77ec19d827a0c2e8e6f289b8031b6d753ff14b219a0e8f15d0a71e6c8bd2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www2.taxbackinternational.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 20 May 2024 04:43:15 GMT
content-encoding
br
x-content-type-options
nosniff
age
376
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
13955
x-xss-protection
0
last-modified
Thu, 16 May 2024 04:18:40 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Tue, 20 May 2025 04:43:15 GMT
modules.404c8789d11e259a4872.js
script.hotjar.com/
222 KB
55 KB
Script
General
Full URL
https://script.hotjar.com/modules.404c8789d11e259a4872.js
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2859846.js?sv=7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.187.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-187-19.fra60.r.cloudfront.net
Software
/
Resource Hash
57f0b66c0f1db01170ae013ea57f30a8224a68e0119ec2e5b9166901dc1ef42a
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www2.taxbackinternational.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 17 May 2024 10:05:07 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=2592000; includeSubDomains
via
1.1 46b6cb3d5daab7defe28d3658c3a54fe.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P9
age
240264
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
55963
last-modified
Fri, 17 May 2024 10:05:06 GMT
etag
"d2268f530894b7f5925ce33d530fc31a"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
x-robots-tag
none
x-amz-cf-id
Ztn0p8QXIynINZZF4hWov30lEDMpJzQPcLvQ7Nce5jiSCx1lQGBHWw==
Capture.aspx
secure.text6film.com/Track/
0
184 B
Script
General
Full URL
https://secure.text6film.com/Track/Capture.aspx?retType=js&trk_jshv=1&trk_uid=&trk_user=223733&trk_sw=1600&trk_sh=1200&trk_ref=&trk_tit=Join%20our%20newsletter%20list&trk_loc=https%3A%2F%2Fwww2.taxbackinternational.com%2Fnewsletter-subscription&trk_agn=Netscape&trk_agv=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F124.0.0.0%20Safari%2F537.36&trk_dom=www2.taxbackinternational.com&trk_cookie=NA
Requested by
Host: secure.text6film.com
URL: https://secure.text6film.com/js/223733.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
51.11.20.152 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www2.taxbackinternational.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Mon, 20 May 2024 04:49:31 GMT
Server
Kestrel
Connection
keep-alive
Content-Length
0
Request-Context
appId=cid-v1:abe8a76f-f1a2-4b2e-9017-0ea36ffb5c20
bframe
www.google.com/recaptcha/api2/ Frame CE19
0
0
Document
General
Full URL
https://www.google.com/recaptcha/api2/bframe?hl=de&v=8k85QBI-qzxmenDv318AZH30&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/8k85QBI-qzxmenDv318AZH30/recaptcha__de.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.164 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s51-in-f4.1e100.net
Software
GSE /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-rjMH1K5fWPMT4O9u0PJ4og' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://www2.taxbackinternational.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-rjMH1K5fWPMT4O9u0PJ4og' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Mon, 20 May 2024 04:49:31 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
/
pagead2.googlesyndication.com/pagead/conversion/318826633/
0
0

pd.js
pi.pardot.com/
5 KB
2 KB
Script
General
Full URL
https://pi.pardot.com/pd.js
Requested by
Host: www2.taxbackinternational.com
URL: https://www2.taxbackinternational.com/newsletter-subscription
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.54.96.194 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-54-96-194.compute-1.amazonaws.com
Software
/
Resource Hash
41402adfc915ad6dfd6328c06c8038763d25fe603e63beba4a2638a2bbc03136

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www2.taxbackinternational.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Mon, 20 May 2024 04:49:32 GMT
content-encoding
gzip
X-Pardot-Route
16b0ab393667a33fe86adedc3141e88c
last-modified
Fri, 17 May 2024 05:29:05 GMT
etag
"15f4-gzip"
vary
Accept-Encoding,User-Agent
Content-Type
application/javascript
cache-control
max-age=63072000
Connection
keep-alive
accept-ranges
bytes
Content-Length
1988
expires
Wed, 20 May 2026 04:49:32 GMT
analytics
pi.pardot.com/
1 KB
2 KB
Script
General
Full URL
https://pi.pardot.com/analytics?ver=3&visitor_id=475259768&visitor_id_sign=8a5d210c2215c81963dddc46ee22b938efc4806d47e7a7a4ae9370cf4fdbb39edc5e769b0bfe7d4aaa550f8f0fadc51212de690c&pi_opt_in=&campaign_id=2771&account_id=823463&title=Join%20our%20newsletter%20list&url=https%3A%2F%2Fwww2.taxbackinternational.com%2Fnewsletter-subscription&referrer=
Requested by
Host: pi.pardot.com
URL: https://pi.pardot.com/pd.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.54.96.194 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-54-96-194.compute-1.amazonaws.com
Software
/
Resource Hash
b68b791cc627688beed01debd2603b7addff72bc19fb2c5a79e94c03a31c1878
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www2.taxbackinternational.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
Date
Mon, 20 May 2024 04:49:32 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Pardot-Route
9b06e8e2308c32c7bf9ba8adfb7be2e1
x-pardot-rsp
0/0/1
vary
Accept-Encoding,User-Agent
Content-Type
text/javascript; charset=utf-8
p3p
CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
cache-control
no-store, no-cache, must-revalidate
Connection
keep-alive
Content-Length
542
expires
Thu, 19 Nov 1981 08:52:00 GMT
analytics
www2.taxbackinternational.com/
50 B
977 B
Script
General
Full URL
https://www2.taxbackinternational.com/analytics?conly=true&visitor_id=475259768&visitor_id_sign=8a5d210c2215c81963dddc46ee22b938efc4806d47e7a7a4ae9370cf4fdbb39edc5e769b0bfe7d4aaa550f8f0fadc51212de690c&pi_opt_in=&campaign_id=2771&account_id=823463&title=Join%20our%20newsletter%20list&url=https://www2.taxbackinternational.com/newsletter-subscription&referrer=
Requested by
Host: pi.pardot.com
URL: https://pi.pardot.com/analytics?ver=3&visitor_id=475259768&visitor_id_sign=8a5d210c2215c81963dddc46ee22b938efc4806d47e7a7a4ae9370cf4fdbb39edc5e769b0bfe7d4aaa550f8f0fadc51212de690c&pi_opt_in=&campaign_id=2771&account_id=823463&title=Join%20our%20newsletter%20list&url=https%3A%2F%2Fwww2.taxbackinternational.com%2Fnewsletter-subscription&referrer=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.54.96.194 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-54-96-194.compute-1.amazonaws.com
Software
/
Resource Hash
dcf430710cdd1359115293f45d5023b2a560aef8a2c1e59d578b8b1e10a216d3

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www2.taxbackinternational.com/newsletter-subscription
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
Date
Mon, 20 May 2024 04:49:33 GMT
X-Pardot-Route
9b06e8e2308c32c7bf9ba8adfb7be2e1
x-pardot-rsp
0/0/1
vary
User-Agent
Content-Type
text/javascript; charset=utf-8
p3p
CP="CAO DSP AND SO ON" policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
cache-control
no-store, no-cache, must-revalidate
Connection
keep-alive
Content-Length
50
expires
Thu, 19 Nov 1981 08:52:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
maxcdn.bootstrapcdn.com
URL
http://maxcdn.bootstrapcdn.com/font-awesome/4.2.0/css/font-awesome.min.css
Domain
taxbackinternational.com
URL
https://taxbackinternational.com/wp-content/themes/taxback/assets/images/footer/bg-footer.png
Domain
pagead2.googlesyndication.com
URL
https://pagead2.googlesyndication.com/pagead/conversion/318826633/?random=1716180571251&cv=11&fst=1716180571251&bg=ffffff&guid=ON&async=1&gtm=45be45f0z8831168618za201&gcs=G100&gcd=13p3p3l2l5&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww2.taxbackinternational.com%2Fnewsletter-subscription&label=ztRwCOjOyZQZElnRg5gB&hn=www.googleadservices.com&frm=0&tiba=Join%20our%20newsletter%20list&value=0&did=dMWZhNz&gdid=dMWZhNz&edid=dMWZhNz&bttype=purchase&npa=1&us_privacy=1---&pscdl=denied&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.207%7CGoogle%2520Chrome%3B124.0.6367.207%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&fdr=SQ&data=ads_data_redaction%3Dtrue&rfmt=3&fmt=4

Verdicts & Comments Add Verdict or Comment

71 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 function| gtag object| dataLayer object| CookieControl function| __uspapi function| addUspapiLocatorFrame function| __handleUspapiMessage function| propagateIABStub object| Cookiebot object| CookieConsent object| CookiebotDialog object| CookieConsentDialog object| pardot object| piAjax object| piUtils undefined| $ undefined| jQuery string| piAId string| piCId string| piHostname object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client object| anchors object| anchor number| CB_OnTagsExecuted_Processed object| google_tag_manager function| postscribe object| google_tag_manager_external object| google_tag_data function| hj object| _hjSettings function| onYouTubeIframeAPIReady object| recaptcha object| closure_lm_178118 object| scriptUrl object| ttPolicy object| YT object| YTConfig function| onYTReady object| hjSiteSettings function| hjBootstrap object| hjLazyModules object| hjBootstrapCalled object| yt function| ytDomDomGetNextId object| ytEventsEventsListeners object| ytEventsEventsCounter object| ziws object| GooglebQhCsO function| checkNamespace function| getPardotUrl function| piTracker function| piGetParameter function| piGetCookie function| piSetCookie string| piVersion number| piScriptNum object| piScriptObj object| pi number| c_start number| c_end string| property function| piResponse function| addEventListenerBase

14 Cookies

Domain/Path Name / Value
www2.taxbackinternational.com/ Name: visitor_id822463
Value: 475259768
www2.taxbackinternational.com/ Name: visitor_id822463-hash
Value: 8a5d210c2215c81963dddc46ee22b938efc4806d47e7a7a4ae9370cf4fdbb39edc5e769b0bfe7d4aaa550f8f0fadc51212de690c
.taxbackinternational.com/ Name: PageCount
Value: 1
.youtube.com/ Name: YSC
Value: SMLOaeghhCY
.youtube.com/ Name: VISITOR_INFO1_LIVE
Value: 2V9fv5nk5rk
.youtube.com/ Name: VISITOR_PRIVACY_METADATA
Value: CgJERRIEEgAgWQ%3D%3D
.taxbackinternational.com/ Name: _hjSessionUser_2859846
Value: eyJpZCI6ImFmNDU2OGZhLTc5OTAtNThlMS04ZjMyLTM1NDU5ZDUyY2Y0YyIsImNyZWF0ZWQiOjE3MTYxODA1NzE0MjMsImV4aXN0aW5nIjpmYWxzZX0=
.taxbackinternational.com/ Name: _hjSession_2859846
Value: eyJpZCI6ImE5MzMzYTQ0LWYxODAtNGJiMS05OGI2LTNhN2ViYmY4OGUwMiIsImMiOjE3MTYxODA1NzE0MjUsInMiOjAsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=
.ws.zoominfo.com/ Name: visitorId
Value: 9d0b947ec5d485278e9ae68fa1b260d8d2d0a1b97c8209361cb681b1aa0a2d9e
.zoominfo.com/ Name: __cf_bm
Value: SmlYsmhzraoY8P1FUMcRUXrFnD65qZyWlmLAdjS.kHo-1716180571-1.0.1.1-9_rnaWAh3_OJuWgCgFrSph8BzkIYSUZ6XomUaWmUzjaS8T1B_.koD2gkQjcKVcpZmi_SOLp.KX0fO8Hm5h6dmA
.zoominfo.com/ Name: _cfuvid
Value: mLK7Nkg4tFveAmOXjNwDCGzu.o_GkbFvHGemMyIg9wQ-1716180571521-0.0.1.1-604800000
.pardot.com/ Name: visitor_id822463
Value: 475259768
.pardot.com/ Name: visitor_id822463-hash
Value: 8a5d210c2215c81963dddc46ee22b938efc4806d47e7a7a4ae9370cf4fdbb39edc5e769b0bfe7d4aaa550f8f0fadc51212de690c
pi.pardot.com/ Name: lpv822463
Value: aHR0cHM6Ly93d3cyLnRheGJhY2tpbnRlcm5hdGlvbmFsLmNvbS9uZXdzbGV0dGVyLXN1YnNjcmlwdGlvbg%3D%3D

18 Console Messages

Source Level URL
Text
security warning URL: https://www2.taxbackinternational.com/newsletter-subscription
Message:
Mixed Content: The page at 'https://www2.taxbackinternational.com/newsletter-subscription' was loaded over HTTPS, but requested an insecure element 'http://go.pardot.com/l/822463/2019-12-02/4gg/822463/879/Taxback_International_Logo_RGB_small.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://www2.taxbackinternational.com/newsletter-subscription
Message:
Mixed Content: The page at 'https://www2.taxbackinternational.com/newsletter-subscription' was loaded over HTTPS, but requested an insecure element 'http://go.pardot.com/l/822463/2019-12-02/4gg/822463/879/Taxback_International_Logo_RGB_small.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://www2.taxbackinternational.com/newsletter-subscription
Message:
Mixed Content: The page at 'https://www2.taxbackinternational.com/newsletter-subscription' was loaded over HTTPS, but requested an insecure element 'http://go.pardot.com/l/822463/2019-11-20/37v/822463/593/Twitter_icon.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://www2.taxbackinternational.com/newsletter-subscription
Message:
Mixed Content: The page at 'https://www2.taxbackinternational.com/newsletter-subscription' was loaded over HTTPS, but requested an insecure element 'http://go.pardot.com/l/822463/2019-11-20/37x/822463/595/Facebook_icon.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://www2.taxbackinternational.com/newsletter-subscription
Message:
Mixed Content: The page at 'https://www2.taxbackinternational.com/newsletter-subscription' was loaded over HTTPS, but requested an insecure element 'http://go.pardot.com/l/822463/2019-11-20/374i/822463/581/Linkedin_icon.png%3E'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security error URL: https://www2.taxbackinternational.com/newsletter-subscription(Line 20)
Message:
Mixed Content: The page at 'https://www2.taxbackinternational.com/newsletter-subscription' was loaded over HTTPS, but requested an insecure stylesheet 'http://maxcdn.bootstrapcdn.com/font-awesome/4.2.0/css/font-awesome.min.css'. This request has been blocked; the content must be served over HTTPS.
security warning URL: https://www2.taxbackinternational.com/newsletter-subscription(Line 550)
Message:
Mixed Content: The page at 'https://www2.taxbackinternational.com/newsletter-subscription' was loaded over HTTPS, but requested an insecure element 'http://go.pardot.com/l/822463/2019-12-03/4m2/822463/943/required_icon.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://www2.taxbackinternational.com/newsletter-subscription
Message:
Mixed Content: The page at 'https://www2.taxbackinternational.com/newsletter-subscription' was loaded over HTTPS, but requested an insecure element 'http://go.pardot.com/l/822463/2019-12-02/4gg/822463/879/Taxback_International_Logo_RGB_small.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://www2.taxbackinternational.com/newsletter-subscription
Message:
Mixed Content: The page at 'https://www2.taxbackinternational.com/newsletter-subscription' was loaded over HTTPS, but requested an insecure element 'http://go.pardot.com/l/822463/2019-12-02/4gg/822463/879/Taxback_International_Logo_RGB_small.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://www2.taxbackinternational.com/newsletter-subscription
Message:
Mixed Content: The page at 'https://www2.taxbackinternational.com/newsletter-subscription' was loaded over HTTPS, but requested an insecure element 'http://go.pardot.com/l/822463/2019-11-20/37v/822463/593/Twitter_icon.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://www2.taxbackinternational.com/newsletter-subscription
Message:
Mixed Content: The page at 'https://www2.taxbackinternational.com/newsletter-subscription' was loaded over HTTPS, but requested an insecure element 'http://go.pardot.com/l/822463/2019-11-20/37x/822463/595/Facebook_icon.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://www2.taxbackinternational.com/newsletter-subscription
Message:
Mixed Content: The page at 'https://www2.taxbackinternational.com/newsletter-subscription' was loaded over HTTPS, but requested an insecure element 'http://go.pardot.com/l/822463/2019-11-20/374i/822463/581/Linkedin_icon.png%3E'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
other warning URL: https://www2.taxbackinternational.com/newsletter-subscription
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www2.taxbackinternational.com/newsletter-subscription
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www2.taxbackinternational.com/newsletter-subscription
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www2.taxbackinternational.com/newsletter-subscription
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www2.taxbackinternational.com/newsletter-subscription
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www2.taxbackinternational.com/newsletter-subscription
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

consent.cookiebot.com
consentcdn.cookiebot.com
fonts.googleapis.com
fonts.gstatic.com
go.pardot.com
imgsct.cookiebot.com
maxcdn.bootstrapcdn.com
pagead2.googlesyndication.com
pi.pardot.com
script.hotjar.com
secure.text6film.com
static.hotjar.com
storage.pardot.com
taxbackinternational.com
ws.zoominfo.com
www.google.com
www.googletagmanager.com
www.gstatic.com
www.youtube.com
www2.taxbackinternational.com
maxcdn.bootstrapcdn.com
pagead2.googlesyndication.com
taxbackinternational.com
104.16.117.43
104.18.10.207
13.33.187.19
142.250.185.164
18.66.102.51
2600:9000:2359:c00:d:7e9b:1200:93a1
2a00:1450:4001:800::2003
2a00:1450:4001:81d::200e
2a00:1450:4001:829::2003
2a00:1450:4001:82a::200a
2a00:1450:4001:830::2008
2a02:26f0:480:594::f09
2a02:26f0:480:d::210:f150
3.215.172.219
34.90.85.97
51.11.20.152
52.54.96.194
0fefbfbdaeddd6622b5cc3dadf2dbb7534cc31f5e7fb1079a657afc4884920c6
3bdc29109b621ad2c793d86fdc3f61e810d4aeafc3b8419f8f2aeb9c7ce0d364
41402adfc915ad6dfd6328c06c8038763d25fe603e63beba4a2638a2bbc03136
57f0b66c0f1db01170ae013ea57f30a8224a68e0119ec2e5b9166901dc1ef42a
5aaa0ffeb9539ef00510e5d7fe7b943dcf689291c358e11d17a591784681ee5f
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6dbd1967a8963d2eead020be31031ed12df79148acfea8cb787fa1358d5b4559
6df437963b6a8761c4e9a7afd955dcbee038e35eabf1ebd723dc7d44e9c33b2d
6fc1c99f6d9a1a516f7be4a6a7242d988bcb73a9274e66eb9cc30772c2261c81
71337de3ca81da24e76332d34f783e2b65529db81d259481b88f9b2b810adf0f
7140260d6e5eb3d959230c5a6e10219cea497286d3abc77c56c5a3058c778b19
727c77ec19d827a0c2e8e6f289b8031b6d753ff14b219a0e8f15d0a71e6c8bd2
803c7216bc929da5081418dfea6d467950ad5eca909d86bfa58750386d68fd12
8181a739bd0ed0fd64624c4aa15b7847bc9d4fd0660bff56c8c9192c4ef75979
87fbc6477d07c0b9eb56d8839da504fcaf1cdbb8bec3e7f6581cfe92f4abdfce
88c87349d2bf113f3589ef89169acec4a0dde633f817506189bd0c2f7a68b892
89ae1743656b75948be30cc4909efd3c61771b7bd9f6d53eb14cd9731d486b57
96a218d076594873b054687d3d40c87ff23d2fe8e8eb32cd3129d19852257882
985a5d156a0674cbd5de840bdd4f838fb1148bacea368c1c599117279c8549d1
b16e1681199451f1696dc383551a188bce501c1e28654f7eeba8d8a6961729dd
b68b791cc627688beed01debd2603b7addff72bc19fb2c5a79e94c03a31c1878
c3c02e5dfb2c63801a01bbea7057bad3b35fd21aa69e64f3486278dfd0bb2fc2
cc8084a696eac851802904baa107456301d90b829c1c9a2e2df7ad3385023375
ce71f16cf595b24b5c6dca41f10a624b7258d31e680288fb1e491157704f3182
d1d49b7f3d264ee0db6db8b376c13e29a3962bf6cd5343bbb653f9c10e5ad25d
d40a8baf5fba8f25a2c97eab8335b013afe2f3dd20cc7646ded982f1eed31e33
d89db1f10348b29d4e188bae816cb4ed9e5205f168528d0c86610a7e1ad78c91
db62e680732ec6047436c89bc876fdc3946caa18639b73d6bff5d61e672b0252
dcf430710cdd1359115293f45d5023b2a560aef8a2c1e59d578b8b1e10a216d3
e02dc38172e7e5b5ff2e02c16476a2165e2c866f79e96db266fd69ea6d2f48a0
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e92f0b552deffbf207cee5389713056c7c3d27e4b9b9edaf29338d01a83c5962
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c