urlscan.io logo urlscan.io
SecurityTrails logo

portal.helloworks.com Open in urlscan Pro
34.196.148.186  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://info.kingdomtrust.com/e3t/Ctc/DM+113/cSqtb04/VW6pYH84RgXlW8HDzGK3lpsM0W6wcfC_5c7q52N3V8l9C3qgyTW7Y8-PT6lZ3kTW2mNYLS5Jd...
Effective URL: https://portal.helloworks.com/link/HuzHJRAgjdiZivu0?utm_campaign=Tax%20Day%202024&utm_medium=email&_hsmi=299962062&_hsenc=p2AN...
Submission: On March 26 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 8 IPs in 2 countries across 5 domains to perform 19 HTTP transactions. The main IP is 34.196.148.186, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is portal.helloworks.com.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on June 21st 2023. Valid for: a year.
This is the only time portal.helloworks.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2 199.60.103.28 209242 (CLOUDFLAR...)
1 34.196.148.186 14618 (AMAZON-AES)
4 2600:9000:26d... 16509 (AMAZON-02)
9 2a02:26f0:350... 20940 (AKAMAI-ASN1)
1 18.173.154.122 16509 (AMAZON-02)
1 162.125.1.20 19679 (DROPBOX)
1 54.175.180.65 14618 (AMAZON-AES)
1 2a02:26f0:350... 20940 (AKAMAI-ASN1)
19 8
2    199.60.103.28 (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)
info.kingdomtrust.com
1    34.196.148.186 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-196-148-186.compute-1.amazonaws.com
portal.helloworks.com
4    2600:9000:26da:3600:16:299:2240:93a1 (United States)

ASN16509 (AMAZON-02, US)
cdn.helloworks.com
9    2a02:26f0:3500:16::215:1484 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
use.typekit.net
1    18.173.154.122 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-173-154-122.muc50.r.cloudfront.net
cdn.heapanalytics.com
1    162.125.1.20 (Seattle, United States)

ASN19679 (DROPBOX, US)
d.dropbox.com
1    54.175.180.65 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-175-180-65.compute-1.amazonaws.com
heapanalytics.com
1    2a02:26f0:3500:16::215:1495 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
p.typekit.net
Apex Domain
Subdomains		 Transfer
10 typekit.net
use.typekit.net — Cisco Umbrella Rank: 1024
p.typekit.net — Cisco Umbrella Rank: 1445
139 KB
5 helloworks.com
portal.helloworks.com
cdn.helloworks.com
748 KB
2 heapanalytics.com
cdn.heapanalytics.com — Cisco Umbrella Rank: 3510
heapanalytics.com — Cisco Umbrella Rank: 3092
38 KB
2 kingdomtrust.com
info.kingdomtrust.com
5 KB
1 dropbox.com
d.dropbox.com — Cisco Umbrella Rank: 2181
291 B
19 5
Domain Requested by
9 use.typekit.net portal.helloworks.com
4 cdn.helloworks.com portal.helloworks.com
2 info.kingdomtrust.com 1 redirects
1 p.typekit.net portal.helloworks.com
1 heapanalytics.com portal.helloworks.com
1 d.dropbox.com cdn.helloworks.com
1 cdn.heapanalytics.com portal.helloworks.com
1 portal.helloworks.com info.kingdomtrust.com
19 8

This site contains links to these domains. Also see Links.

Domain
www.hellosign.com
Subject Issuer Validity Valid
info.kingdomtrust.com
GTS CA 1P5		 2024-03-18 -
2024-06-16		 3 months crt.sh
*.helloworks.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-06-21 -
2024-07-16		 a year crt.sh
cdn.helloworks.com
Amazon RSA 2048 M03		 2023-08-23 -
2024-09-20		 a year crt.sh
use.typekit.net
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-02-01 -
2025-03-03		 a year crt.sh
cdn.heapanalytics.com
Amazon RSA 2048 M01		 2023-06-29 -
2024-07-27		 a year crt.sh
*.dropbox.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-10-31 -
2024-11-30		 a year crt.sh
heapanalytics.com
Amazon RSA 2048 M02		 2023-11-09 -
2024-12-08		 a year crt.sh

This page contains 1 frames:

Primary Page: https://portal.helloworks.com/link/HuzHJRAgjdiZivu0?utm_campaign=Tax%20Day%202024&utm_medium=email&_hsmi=299962062&_hsenc=p2ANqtz-8CC0EWr2kxkL-1ZwYYlZXGpmfpWfLEVNO8Ip2y4CojKOVdB7VBYMSl3C11wZmnUW8DU_3Jl4HwbjpqvLSFKOJafW-ADH8HcgV_D0pLy0d8YHlrIiU&utm_content=299962062&utm_source=hs_email
Frame ID: 7B0B35FADDB512C9C0DF410F5B19E4E8
Requests: 19 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Choice by KT Account Transfer

Page URL History Show full URLs

  1. https://info.kingdomtrust.com/e3t/Ctc/DM+113/cSqtb04/VW6pYH84RgXlW8HDzGK3lpsM0W6wcfC_5c7q52N3V8l9C3qgyTW7Y... Page URL
  2. https://info.kingdomtrust.com/events/public/v1/encoded/track/tc/DM+113/cSqtb04/VW6pYH84RgXlW8HDzGK3lpsM0W6... HTTP 307
    https://portal.helloworks.com/link/HuzHJRAgjdiZivu0?utm_campaign=Tax%20Day%202024&utm_medium=email&_hsmi=2... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • heap-\d+\.js

Page Statistics

19
Requests

100 %
HTTPS

38 %
IPv6

5
Domains

8
Subdomains

8
IPs

2
Countries

929 kB
Transfer

3088 kB
Size

7
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://info.kingdomtrust.com/e3t/Ctc/DM+113/cSqtb04/VW6pYH84RgXlW8HDzGK3lpsM0W6wcfC_5c7q52N3V8l9C3qgyTW7Y8-PT6lZ3kTW2mNYLS5Jd7-PW8tw7NJ7_FrlzW7zf9Gz8qllhvW2S83Ck2WSnyjW7xnvD410Q1ccW6hsVw-3j5TvlW99YYWz4fRvT7W6gZwpQ7TNS8cW3x_1yj79P_n0N58xqd5CJLpFW12gyJM3vsJ2vW3PDXPc30ZrKjW5-v_qf25rRXgW8WrDVv3lk7xNW5MlSlH6t8VRKW3nDhB_4qjX3RW4XyG9V6s0_jPW2wD1jv1qr_LCW7lMB7n9jM8S3W2sTwqb2fcmWwVb-CQ23Xhh-2F3zg5SDHH-HW5F0q_Z217V4vN7t5p7Dx6PSvW1syYdF1HXvCtW5j3fJ_25_gJPf5RQ69v04 Page URL
  2. https://info.kingdomtrust.com/events/public/v1/encoded/track/tc/DM+113/cSqtb04/VW6pYH84RgXlW8HDzGK3lpsM0W6wcfC_5c7q52N3V8l9C3qgyTW7Y8-PT6lZ3kTW2mNYLS5Jd7-PW8tw7NJ7_FrlzW7zf9Gz8qllhvW2S83Ck2WSnyjW7xnvD410Q1ccW6hsVw-3j5TvlW99YYWz4fRvT7W6gZwpQ7TNS8cW3x_1yj79P_n0N58xqd5CJLpFW12gyJM3vsJ2vW3PDXPc30ZrKjW5-v_qf25rRXgW8WrDVv3lk7xNW5MlSlH6t8VRKW3nDhB_4qjX3RW4XyG9V6s0_jPW2wD1jv1qr_LCW7lMB7n9jM8S3W2sTwqb2fcmWwVb-CQ23Xhh-2F3zg5SDHH-HW5F0q_Z217V4vN7t5p7Dx6PSvW1syYdF1HXvCtW5j3fJ_25_gJPf5RQ69v04?_ud=3d7ba616-b98b-424b-8614-2c0fe202d452&_jss=1&_fl=8&_pl=5&_hc=14&_lg=en-US,en&_plt=Win32&_scr=800,600 HTTP 307
    https://portal.helloworks.com/link/HuzHJRAgjdiZivu0?utm_campaign=Tax%20Day%202024&utm_medium=email&_hsmi=299962062&_hsenc=p2ANqtz-8CC0EWr2kxkL-1ZwYYlZXGpmfpWfLEVNO8Ip2y4CojKOVdB7VBYMSl3C11wZmnUW8DU_3Jl4HwbjpqvLSFKOJafW-ADH8HcgV_D0pLy0d8YHlrIiU&utm_content=299962062&utm_source=hs_email Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

19 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
VW6pYH84RgXlW8HDzGK3lpsM0W6wcfC_5c7q52N3V8l9C3qgyTW7Y8-PT6lZ3kTW2mNYLS5Jd7-PW8tw7NJ7_FrlzW7zf9Gz8qllhvW2S83Ck2WSnyjW7xnvD410Q1ccW6hsVw-3j5TvlW99YYWz4fRvT7W6gZwpQ7TNS8cW3x_1yj79P_n0N58xqd5CJLpFW12gy...
info.kingdomtrust.com/e3t/Ctc/DM+113/cSqtb04/ 		8 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://info.kingdomtrust.com/e3t/Ctc/DM+113/cSqtb04/VW6pYH84RgXlW8HDzGK3lpsM0W6wcfC_5c7q52N3V8l9C3qgyTW7Y8-PT6lZ3kTW2mNYLS5Jd7-PW8tw7NJ7_FrlzW7zf9Gz8qllhvW2S83Ck2WSnyjW7xnvD410Q1ccW6hsVw-3j5TvlW99YYWz4fRvT7W6gZwpQ7TNS8cW3x_1yj79P_n0N58xqd5CJLpFW12gyJM3vsJ2vW3PDXPc30ZrKjW5-v_qf25rRXgW8WrDVv3lk7xNW5MlSlH6t8VRKW3nDhB_4qjX3RW4XyG9V6s0_jPW2wD1jv1qr_LCW7lMB7n9jM8S3W2sTwqb2fcmWwVb-CQ23Xhh-2F3zg5SDHH-HW5F0q_Z217V4vN7t5p7Dx6PSvW1syYdF1HXvCtW5j3fJ_25_gJPf5RQ69v04
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.28 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
5a0b095c216d6efbe9f3d0858643d4818e76679030b6acb95368cdad85bb3b03
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language
de-DE,de;q=0.9
sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

access-control-allow-credentials
false
alt-svc
h3=":443"; ma=86400
cf-cache-status
MISS
cf-ray
86aa6944cd368ff8-FRA
content-encoding
br
content-security-policy
upgrade-insecure-requests
content-type
text/html;charset=utf-8
date
Tue, 26 Mar 2024 22:00:02 GMT
last-modified
Tue, 26 Mar 2024 22:00:02 GMT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
referrer-policy
no-referrer
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=q%2BXHFCPPGes62mTQyovs57uiSr7CcnEpH29A2bRuscRyqCX9z2lDX2YcZMRirpQFdl87Uw3a8vXR1GFmomTSJBWJbtc5h5TEaPy14HsX2TBCReWx4ZVlCEQ36LeQoNMIXZ08SdG4hw%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
origin, Accept-Encoding
x-content-type-options
nosniff
x-envoy-upstream-service-time
18
x-evy-trace-listener
listener_https
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-route-service-name
envoyset-translator
x-evy-trace-served-by-pod
iad02/event-tracking-td/envoy-proxy-766c7548f4-g9rjn
x-evy-trace-virtual-host
all
x-hubspot-correlation-id
b6412be9-d736-4afc-b4d2-413d4d2c887a
x-request-id
b6412be9-d736-4afc-b4d2-413d4d2c887a
x-robots-tag
none
Primary Request HuzHJRAgjdiZivu0
portal.helloworks.com/link/
Redirect Chain
  • https://info.kingdomtrust.com/events/public/v1/encoded/track/tc/DM+113/cSqtb04/VW6pYH84RgXlW8HDzGK3lpsM0W6wcfC_5c7q52N3V8l9C3qgyTW7Y8-PT6lZ3kTW2mNYLS5Jd7-PW8tw7NJ7_FrlzW7zf9Gz8qllhvW2S83Ck2WSnyjW7x...
  • https://portal.helloworks.com/link/HuzHJRAgjdiZivu0?utm_campaign=Tax%20Day%202024&utm_medium=email&_hsmi=299962062&_hsenc=p2ANqtz-8CC0EWr2kxkL-1ZwYYlZXGpmfpWfLEVNO8Ip2y4CojKOVdB7VBYMSl3C11wZmnUW8DU...
3 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://portal.helloworks.com/link/HuzHJRAgjdiZivu0?utm_campaign=Tax%20Day%202024&utm_medium=email&_hsmi=299962062&_hsenc=p2ANqtz-8CC0EWr2kxkL-1ZwYYlZXGpmfpWfLEVNO8Ip2y4CojKOVdB7VBYMSl3C11wZmnUW8DU_3Jl4HwbjpqvLSFKOJafW-ADH8HcgV_D0pLy0d8YHlrIiU&utm_content=299962062&utm_source=hs_email
Requested by
Host: info.kingdomtrust.com
URL: https://info.kingdomtrust.com/e3t/Ctc/DM+113/cSqtb04/VW6pYH84RgXlW8HDzGK3lpsM0W6wcfC_5c7q52N3V8l9C3qgyTW7Y8-PT6lZ3kTW2mNYLS5Jd7-PW8tw7NJ7_FrlzW7zf9Gz8qllhvW2S83Ck2WSnyjW7xnvD410Q1ccW6hsVw-3j5TvlW99YYWz4fRvT7W6gZwpQ7TNS8cW3x_1yj79P_n0N58xqd5CJLpFW12gyJM3vsJ2vW3PDXPc30ZrKjW5-v_qf25rRXgW8WrDVv3lk7xNW5MlSlH6t8VRKW3nDhB_4qjX3RW4XyG9V6s0_jPW2wD1jv1qr_LCW7lMB7n9jM8S3W2sTwqb2fcmWwVb-CQ23Xhh-2F3zg5SDHH-HW5F0q_Z217V4vN7t5p7Dx6PSvW1syYdF1HXvCtW5j3fJ_25_gJPf5RQ69v04
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.196.148.186 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-196-148-186.compute-1.amazonaws.com
Software
nginx /
Resource Hash
746bab1aa798109898dffae38779b757633e76d323a5d135a087535d6552fd33
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains;
X-Content-Type-Options nosniff
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://info.kingdomtrust.com/e3t/Ctc/DM+113/cSqtb04/VW6pYH84RgXlW8HDzGK3lpsM0W6wcfC_5c7q52N3V8l9C3qgyTW7Y8-PT6lZ3kTW2mNYLS5Jd7-PW8tw7NJ7_FrlzW7zf9Gz8qllhvW2S83Ck2WSnyjW7xnvD410Q1ccW6hsVw-3j5TvlW99YYWz4fRvT7W6gZwpQ7TNS8cW3x_1yj79P_n0N58xqd5CJLpFW12gyJM3vsJ2vW3PDXPc30ZrKjW5-v_qf25rRXgW8WrDVv3lk7xNW5MlSlH6t8VRKW3nDhB_4qjX3RW4XyG9V6s0_jPW2wD1jv1qr_LCW7lMB7n9jM8S3W2sTwqb2fcmWwVb-CQ23Xhh-2F3zg5SDHH-HW5F0q_Z217V4vN7t5p7Dx6PSvW1syYdF1HXvCtW5j3fJ_25_gJPf5RQ69v04
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language
de-DE,de;q=0.9
sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

Connection
keep-alive
Content-Length
3068
Content-Type
text/html; charset=utf-8
Date
Tue, 26 Mar 2024 22:00:02 GMT
Server
nginx
Strict-Transport-Security
max-age=31536000; includeSubDomains;
X-Content-Type-Options
nosniff
cache-control
max-age=0, private, must-revalidate
cross-origin-window-policy
deny
x-content-type-options
nosniff
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-request-id
F8BvdBi8sl5cUisI8AJi
x-xss-protection
1; mode=block

Redirect headers

access-control-allow-credentials
false
alt-svc
h3=":443"; ma=86400
cf-cache-status
MISS
cf-ray
86aa69460e5c8ff8-FRA
content-security-policy
upgrade-insecure-requests
date
Tue, 26 Mar 2024 22:00:02 GMT
link
<https://portal.helloworks.com/link/HuzHJRAgjdiZivu0?utm_campaign=Tax%20Day%202024&utm_medium=email&_hsmi=299962062&_hsenc=p2ANqtz-8CC0EWr2kxkL-1ZwYYlZXGpmfpWfLEVNO8Ip2y4CojKOVdB7VBYMSl3C11wZmnUW8DU_3Jl4HwbjpqvLSFKOJafW-ADH8HcgV_D0pLy0d8YHlrIiU&utm_content=299962062&utm_source=hs_email>; rel="canonical"
location
https://portal.helloworks.com/link/HuzHJRAgjdiZivu0?utm_campaign=Tax%20Day%202024&utm_medium=email&_hsmi=299962062&_hsenc=p2ANqtz-8CC0EWr2kxkL-1ZwYYlZXGpmfpWfLEVNO8Ip2y4CojKOVdB7VBYMSl3C11wZmnUW8DU_3Jl4HwbjpqvLSFKOJafW-ADH8HcgV_D0pLy0d8YHlrIiU&utm_content=299962062&utm_source=hs_email
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
referrer-policy
no-referrer
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CiUIxQHKDOWtorcHESyfiKHYXR2qfPdwZ%2B2IXtmZc6pnD2PNy5lUC92koZ3%2FQMmrIhSii5Rr2Ki96a9A35XCeEfIhuNXZOYrVHwEz6Ov2uJKSRCHntd3hlHrC3NbySG37KXJu7ns1A%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
origin, Accept-Encoding
x-content-type-options
nosniff
x-envoy-upstream-service-time
30
x-evy-trace-listener
listener_https
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-route-service-name
envoyset-translator
x-evy-trace-served-by-pod
iad02/event-tracking-td/envoy-proxy-766c7548f4-w9x2j
x-evy-trace-virtual-host
all
x-hubspot-correlation-id
72c41680-6f09-4029-882e-e88aa42a6731
x-request-id
72c41680-6f09-4029-882e-e88aa42a6731
x-robots-tag
none
style.css
cdn.helloworks.com/2024-03-21-120832-66e58a2/portal_web/shareable-link/ 		41 KB
9 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.helloworks.com/2024-03-21-120832-66e58a2/portal_web/shareable-link/style.css
Requested by
Host: portal.helloworks.com
URL: https://portal.helloworks.com/link/HuzHJRAgjdiZivu0?utm_campaign=Tax%20Day%202024&utm_medium=email&_hsmi=299962062&_hsenc=p2ANqtz-8CC0EWr2kxkL-1ZwYYlZXGpmfpWfLEVNO8Ip2y4CojKOVdB7VBYMSl3C11wZmnUW8DU_3Jl4HwbjpqvLSFKOJafW-ADH8HcgV_D0pLy0d8YHlrIiU&utm_content=299962062&utm_source=hs_email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26da:3600:16:299:2240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
3eebcd30eeddf1f51e2abbccc29e950d158c5f5ae03a73444ae41bc456ac122a

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
cdwiQJNiqzy4GGM4SN5x01KhJq147M_H
content-encoding
gzip
via
1.1 b25ea630a0bc5820a6901f77047718fe.cloudfront.net (CloudFront)
date
Tue, 26 Mar 2024 21:58:26 GMT
last-modified
Thu, 21 Mar 2024 16:37:44 GMT
server
AmazonS3
x-amz-cf-pop
MUC50-P4
age
27828
x-amz-server-side-encryption
AES256
etag
W/"b997d439976d508e1367e7f32aa0cca8"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/css
x-amz-cf-id
v0FTKCLAlTRVu1oDKjQsxZYRnFzhLQ0iwStSIsGLzYBOldnvt-Et4Q==
bao2zud.js
use.typekit.net/ 		19 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/bao2zud.js
Requested by
Host: portal.helloworks.com
URL: https://portal.helloworks.com/link/HuzHJRAgjdiZivu0?utm_campaign=Tax%20Day%202024&utm_medium=email&_hsmi=299962062&_hsenc=p2ANqtz-8CC0EWr2kxkL-1ZwYYlZXGpmfpWfLEVNO8Ip2y4CojKOVdB7VBYMSl3C11wZmnUW8DU_3Jl4HwbjpqvLSFKOJafW-ADH8HcgV_D0pLy0d8YHlrIiU&utm_content=299962062&utm_source=hs_email
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:16::215:1484 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
da4ac3ec53065c24de29aa7e327fab97fcdfe6370a050714df4df6980ed6076f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains;

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains;
content-encoding
gzip
date
Tue, 26 Mar 2024 22:00:02 GMT
server
nginx
vary
Accept-Encoding
content-type
text/javascript;charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=600, stale-while-revalidate=604800
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
6858
app.js
cdn.helloworks.com/2024-03-21-120832-66e58a2/portal_web/shareable-link/ 		3 MB
730 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.helloworks.com/2024-03-21-120832-66e58a2/portal_web/shareable-link/app.js
Requested by
Host: portal.helloworks.com
URL: https://portal.helloworks.com/link/HuzHJRAgjdiZivu0?utm_campaign=Tax%20Day%202024&utm_medium=email&_hsmi=299962062&_hsenc=p2ANqtz-8CC0EWr2kxkL-1ZwYYlZXGpmfpWfLEVNO8Ip2y4CojKOVdB7VBYMSl3C11wZmnUW8DU_3Jl4HwbjpqvLSFKOJafW-ADH8HcgV_D0pLy0d8YHlrIiU&utm_content=299962062&utm_source=hs_email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26da:3600:16:299:2240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
1cb417cae438fdbd2f60ae3b03d00e682ea638b9d2d689df54bbd3e2f68cf9c1

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
uu2K4.C8qjjiMS54I_V8E63CTsCE0tAw
content-encoding
gzip
via
1.1 b25ea630a0bc5820a6901f77047718fe.cloudfront.net (CloudFront)
date
Tue, 26 Mar 2024 21:58:26 GMT
last-modified
Thu, 21 Mar 2024 16:37:44 GMT
server
AmazonS3
x-amz-cf-pop
MUC50-P4
age
54824
x-amz-server-side-encryption
AES256
etag
W/"eddac9b8173f1dfc07289fe6a7d4da98"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
x-amz-cf-id
4GfGLwRRKGwDqI9uRY4nUHoe0zfpig6sf7eaZTGYRCFFHhDPWbgwow==
heap-344848527.js
cdn.heapanalytics.com/js/ 		117 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.heapanalytics.com/js/heap-344848527.js
Requested by
Host: portal.helloworks.com
URL: https://portal.helloworks.com/link/HuzHJRAgjdiZivu0?utm_campaign=Tax%20Day%202024&utm_medium=email&_hsmi=299962062&_hsenc=p2ANqtz-8CC0EWr2kxkL-1ZwYYlZXGpmfpWfLEVNO8Ip2y4CojKOVdB7VBYMSl3C11wZmnUW8DU_3Jl4HwbjpqvLSFKOJafW-ADH8HcgV_D0pLy0d8YHlrIiU&utm_content=299962062&utm_source=hs_email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.154.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-154-122.muc50.r.cloudfront.net
Software
nginx / Express
Resource Hash
39f5dc12ea75c0103849a0b5cd372b4ba04a3237ebbe63bc2e6b66433af46345
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 26 Mar 2024 21:58:36 GMT
content-encoding
br
via
1.1 2dd902cd86ee8f22d66046533880d3e8.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
server
nginx
x-amz-cf-pop
MUC50-P3
age
87
x-powered-by
Express
etag
W/"1d253-yyks7e4DIarCH7I1suhokAb26S4"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=120
alt-svc
h3=":443"; ma=86400
x-amz-cf-id
GwSHY3xaCBrrxOqlpJKUlpyTQMrwliq1EfTJ1-LLGyznPPb0NUZCEQ==
/
d.dropbox.com/api/4506933255602176/envelope/ 		2 B
291 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://d.dropbox.com/api/4506933255602176/envelope/?sentry_key=a98ac2d6a5498da34a1f36837b6b4837&sentry_version=7&sentry_client=sentry.javascript.browser%2F7.16.0
Requested by
Host: cdn.helloworks.com
URL: https://cdn.helloworks.com/2024-03-21-120832-66e58a2/portal_web/shareable-link/app.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
162.125.1.20 Seattle, United States, ASN19679 (DROPBOX, US),
Reverse DNS
Software
envoy /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform
"Win32"
Referer
https://portal.helloworks.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Tue, 26 Mar 2024 22:00:02 GMT
server
envoy
vary
origin,access-control-request-method,access-control-request-headers
content-type
application/json
access-control-allow-origin
*
x-dropbox-request-id
f3f56535852140d994fe9d3e35add84f
access-control-expose-headers
x-sentry-error,x-sentry-rate-limits,retry-after
cross-origin-resource-policy
cross-origin
x-dropbox-response-origin
far_remote
content-length
2
logo-lockup-backdrop.svg
cdn.helloworks.com/2024-03-21-120832-66e58a2/assets/ 		7 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.helloworks.com/2024-03-21-120832-66e58a2/assets/logo-lockup-backdrop.svg
Requested by
Host: portal.helloworks.com
URL: https://portal.helloworks.com/link/HuzHJRAgjdiZivu0?utm_campaign=Tax%20Day%202024&utm_medium=email&_hsmi=299962062&_hsenc=p2ANqtz-8CC0EWr2kxkL-1ZwYYlZXGpmfpWfLEVNO8Ip2y4CojKOVdB7VBYMSl3C11wZmnUW8DU_3Jl4HwbjpqvLSFKOJafW-ADH8HcgV_D0pLy0d8YHlrIiU&utm_content=299962062&utm_source=hs_email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26da:3600:16:299:2240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
513e9d1d08449390cbf98926f66dda2f20e13ef48078610ace960a6dd822b4de

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
wKlJl4zKsHPMjWUnKpEwLFJsIAaLVElA
content-encoding
gzip
via
1.1 b25ea630a0bc5820a6901f77047718fe.cloudfront.net (CloudFront)
date
Tue, 26 Mar 2024 17:27:52 GMT
last-modified
Thu, 21 Mar 2024 16:37:43 GMT
server
AmazonS3
x-amz-cf-pop
MUC50-P4
age
16332
x-amz-server-side-encryption
AES256
etag
W/"a7ba6194f56ac3eb36fd2a6345778fae"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/svg+xml
x-amz-cf-id
J-eOKIHMYFCvBIGTgi1xd7YYcRAJJUlk8UsAEOUDEstLgObE0W323w==
l
use.typekit.net/af/efe4a5/00000000000000007735e609/30/ 		16 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/efe4a5/00000000000000007735e609/30/l?primer=7fa3915bdafdf03041871920a205bef951d72bf64dd4c4460fb992e3ecc3a862&fvd=n4&v=3
Requested by
Host: portal.helloworks.com
URL: https://portal.helloworks.com/link/HuzHJRAgjdiZivu0?utm_campaign=Tax%20Day%202024&utm_medium=email&_hsmi=299962062&_hsenc=p2ANqtz-8CC0EWr2kxkL-1ZwYYlZXGpmfpWfLEVNO8Ip2y4CojKOVdB7VBYMSl3C11wZmnUW8DU_3Jl4HwbjpqvLSFKOJafW-ADH8HcgV_D0pLy0d8YHlrIiU&utm_content=299962062&utm_source=hs_email
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:16::215:1484 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
b4096925f34c85d0c0e934ad77c44165dcd66fecc354c153784d246f00911da5

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://portal.helloworks.com/
Origin
https://portal.helloworks.com
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 26 Mar 2024 22:00:03 GMT
server
nginx
etag
"ef52ad3657e4d4a42c21db6c00d5c7ccc649bc94"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
16560
l
use.typekit.net/af/78aca8/00000000000000007735e60d/30/ 		16 KB
17 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/78aca8/00000000000000007735e60d/30/l?primer=7fa3915bdafdf03041871920a205bef951d72bf64dd4c4460fb992e3ecc3a862&fvd=n6&v=3
Requested by
Host: portal.helloworks.com
URL: https://portal.helloworks.com/link/HuzHJRAgjdiZivu0?utm_campaign=Tax%20Day%202024&utm_medium=email&_hsmi=299962062&_hsenc=p2ANqtz-8CC0EWr2kxkL-1ZwYYlZXGpmfpWfLEVNO8Ip2y4CojKOVdB7VBYMSl3C11wZmnUW8DU_3Jl4HwbjpqvLSFKOJafW-ADH8HcgV_D0pLy0d8YHlrIiU&utm_content=299962062&utm_source=hs_email
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:16::215:1484 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
5c9f600b175a870a39e534669ba425e642b0e3b79946273b04f36278fb14c89d

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://portal.helloworks.com/
Origin
https://portal.helloworks.com
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 26 Mar 2024 22:00:03 GMT
server
nginx
etag
"e054ee68ef06f627cc7e34fb951cfa3a80cc5aa0"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
16744
l
use.typekit.net/af/2555e1/00000000000000007735e603/30/ 		16 KB
17 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/2555e1/00000000000000007735e603/30/l?primer=7fa3915bdafdf03041871920a205bef951d72bf64dd4c4460fb992e3ecc3a862&fvd=n7&v=3
Requested by
Host: portal.helloworks.com
URL: https://portal.helloworks.com/link/HuzHJRAgjdiZivu0?utm_campaign=Tax%20Day%202024&utm_medium=email&_hsmi=299962062&_hsenc=p2ANqtz-8CC0EWr2kxkL-1ZwYYlZXGpmfpWfLEVNO8Ip2y4CojKOVdB7VBYMSl3C11wZmnUW8DU_3Jl4HwbjpqvLSFKOJafW-ADH8HcgV_D0pLy0d8YHlrIiU&utm_content=299962062&utm_source=hs_email
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:16::215:1484 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
81a6361b1f6ff5f9f6ca05b773fb993d7b7b3f668635ccba4379fa3ecb9a7e3e

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://portal.helloworks.com/
Origin
https://portal.helloworks.com
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 26 Mar 2024 22:00:03 GMT
server
nginx
etag
"96c7595dad6bb306bf9cc4c7a3b3d28654c7d636"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
16832
l
use.typekit.net/af/4de20a/00000000000000007735e604/30/ 		17 KB
17 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/4de20a/00000000000000007735e604/30/l?primer=7fa3915bdafdf03041871920a205bef951d72bf64dd4c4460fb992e3ecc3a862&fvd=i7&v=3
Requested by
Host: portal.helloworks.com
URL: https://portal.helloworks.com/link/HuzHJRAgjdiZivu0?utm_campaign=Tax%20Day%202024&utm_medium=email&_hsmi=299962062&_hsenc=p2ANqtz-8CC0EWr2kxkL-1ZwYYlZXGpmfpWfLEVNO8Ip2y4CojKOVdB7VBYMSl3C11wZmnUW8DU_3Jl4HwbjpqvLSFKOJafW-ADH8HcgV_D0pLy0d8YHlrIiU&utm_content=299962062&utm_source=hs_email
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:16::215:1484 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
5aa4d710eb97e7dc65d20f8a3b814646481b69ad60a513bfd95fa8bdcdc71eb6

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://portal.helloworks.com/
Origin
https://portal.helloworks.com
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 26 Mar 2024 22:00:03 GMT
server
nginx
etag
"15e9c2a298cf592dcd5ccf5d7e8a9f660e7dd432"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
17284
l
use.typekit.net/af/154cda/00000000000000007735e601/30/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/154cda/00000000000000007735e601/30/l?primer=7fa3915bdafdf03041871920a205bef951d72bf64dd4c4460fb992e3ecc3a862&fvd=n1&v=3
Requested by
Host: portal.helloworks.com
URL: https://portal.helloworks.com/link/HuzHJRAgjdiZivu0?utm_campaign=Tax%20Day%202024&utm_medium=email&_hsmi=299962062&_hsenc=p2ANqtz-8CC0EWr2kxkL-1ZwYYlZXGpmfpWfLEVNO8Ip2y4CojKOVdB7VBYMSl3C11wZmnUW8DU_3Jl4HwbjpqvLSFKOJafW-ADH8HcgV_D0pLy0d8YHlrIiU&utm_content=299962062&utm_source=hs_email
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:16::215:1484 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
44d7a5c49f4c4b498fdc4132ebd37abc1a990440f6d11f6003a022dee8659428

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://portal.helloworks.com/
Origin
https://portal.helloworks.com
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 26 Mar 2024 22:00:03 GMT
server
nginx
etag
"06335f51db1a9ca0d513d9d05d23c44aa353a69b"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
15752
l
use.typekit.net/af/3322cc/00000000000000007735e616/30/ 		17 KB
17 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/3322cc/00000000000000007735e616/30/l?primer=7fa3915bdafdf03041871920a205bef951d72bf64dd4c4460fb992e3ecc3a862&fvd=i4&v=3
Requested by
Host: portal.helloworks.com
URL: https://portal.helloworks.com/link/HuzHJRAgjdiZivu0?utm_campaign=Tax%20Day%202024&utm_medium=email&_hsmi=299962062&_hsenc=p2ANqtz-8CC0EWr2kxkL-1ZwYYlZXGpmfpWfLEVNO8Ip2y4CojKOVdB7VBYMSl3C11wZmnUW8DU_3Jl4HwbjpqvLSFKOJafW-ADH8HcgV_D0pLy0d8YHlrIiU&utm_content=299962062&utm_source=hs_email
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:16::215:1484 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
fdcb74f626ef8f1059c0e3bd503017b8fdda4a54afcc26a4da734f5fd5c7a87a

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://portal.helloworks.com/
Origin
https://portal.helloworks.com
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 26 Mar 2024 22:00:03 GMT
server
nginx
etag
"71f986ad2b4d0b6a0e5a056380e0c8c577137ae8"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
17212
l
use.typekit.net/af/1be3c2/00000000000000007735e606/30/ 		16 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/1be3c2/00000000000000007735e606/30/l?primer=7fa3915bdafdf03041871920a205bef951d72bf64dd4c4460fb992e3ecc3a862&fvd=n3&v=3
Requested by
Host: portal.helloworks.com
URL: https://portal.helloworks.com/link/HuzHJRAgjdiZivu0?utm_campaign=Tax%20Day%202024&utm_medium=email&_hsmi=299962062&_hsenc=p2ANqtz-8CC0EWr2kxkL-1ZwYYlZXGpmfpWfLEVNO8Ip2y4CojKOVdB7VBYMSl3C11wZmnUW8DU_3Jl4HwbjpqvLSFKOJafW-ADH8HcgV_D0pLy0d8YHlrIiU&utm_content=299962062&utm_source=hs_email
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:16::215:1484 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
f1096de525ecd4549a0dea1507686fd365db607cddc697686b0f7ce81a9bdbab

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://portal.helloworks.com/
Origin
https://portal.helloworks.com
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 26 Mar 2024 22:00:03 GMT
server
nginx
etag
"f72012c08a11a2b44b8e4fe91c5042bc39decdd0"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
16488
l
use.typekit.net/af/40d372/00000000000000007735e607/30/ 		17 KB
17 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/40d372/00000000000000007735e607/30/l?primer=7fa3915bdafdf03041871920a205bef951d72bf64dd4c4460fb992e3ecc3a862&fvd=i3&v=3
Requested by
Host: portal.helloworks.com
URL: https://portal.helloworks.com/link/HuzHJRAgjdiZivu0?utm_campaign=Tax%20Day%202024&utm_medium=email&_hsmi=299962062&_hsenc=p2ANqtz-8CC0EWr2kxkL-1ZwYYlZXGpmfpWfLEVNO8Ip2y4CojKOVdB7VBYMSl3C11wZmnUW8DU_3Jl4HwbjpqvLSFKOJafW-ADH8HcgV_D0pLy0d8YHlrIiU&utm_content=299962062&utm_source=hs_email
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:16::215:1484 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
0ac75b515902d4a9c871724d8da779aaf77108660db9987a1fe1ab789ac95d4b

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://portal.helloworks.com/
Origin
https://portal.helloworks.com
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 26 Mar 2024 22:00:03 GMT
server
nginx
etag
"916ef3d33f48ba3f0537bae74184b159347fff5f"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
16988
h
heapanalytics.com/ 		37 B
261 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://heapanalytics.com/h?a=344848527&u=2618863496236374&v=1704924353085040&s=1888181958175639&b=web&tv=4.0&z=0&h=%2Flink%2FHuzHJRAgjdiZivu0&q=%3Futm_campaign%3DTax%2520Day%25202024%26utm_medium%3Demail%26_hsmi%3D299962062%26_hsenc%3Dp2ANqtz-8CC0EWr2kxkL-1ZwYYlZXGpmfpWfLEVNO8Ip2y4CojKOVdB7VBYMSl3C11wZmnUW8DU_3Jl4HwbjpqvLSFKOJafW-ADH8HcgV_D0pLy0d8YHlrIiU%26utm_content%3D299962062%26utm_source%3Dhs_email&d=portal.helloworks.com&t=Choice%20by%20KT%20Account%20Transfer&us=hs_email&um=email&uc=299962062&ua=Tax%20Day%202024&ts=1711490403179&ubv=123.0.6312.58&upv=10.0.0&st=1711490403181
Requested by
Host: portal.helloworks.com
URL: https://portal.helloworks.com/link/HuzHJRAgjdiZivu0?utm_campaign=Tax%20Day%202024&utm_medium=email&_hsmi=299962062&_hsenc=p2ANqtz-8CC0EWr2kxkL-1ZwYYlZXGpmfpWfLEVNO8Ip2y4CojKOVdB7VBYMSl3C11wZmnUW8DU_3Jl4HwbjpqvLSFKOJafW-ADH8HcgV_D0pLy0d8YHlrIiU&utm_content=299962062&utm_source=hs_email
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.175.180.65 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-175-180-65.compute-1.amazonaws.com
Software
nginx /
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Tue, 26 Mar 2024 22:00:03 GMT
strict-transport-security
max-age=31536000; includeSubDomains
server
nginx
etag
W/"25-4iFqfptz9csCeTUceM5hwzR1zqc"
content-type
image/gif
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
content-length
37
p.gif
p.typekit.net/ 		35 B
205 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://p.typekit.net/p.gif?s=1&k=bao2zud&ht=tk&h=portal.helloworks.com&f=139.140.171.173.175.176.5474.5475&a=971683&js=1.21.0&app=typekit&e=js&_=1711490403207
Requested by
Host: portal.helloworks.com
URL: https://portal.helloworks.com/link/HuzHJRAgjdiZivu0?utm_campaign=Tax%20Day%202024&utm_medium=email&_hsmi=299962062&_hsenc=p2ANqtz-8CC0EWr2kxkL-1ZwYYlZXGpmfpWfLEVNO8Ip2y4CojKOVdB7VBYMSl3C11wZmnUW8DU_3Jl4HwbjpqvLSFKOJafW-ADH8HcgV_D0pLy0d8YHlrIiU&utm_content=299962062&utm_source=hs_email
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:16::215:1495 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
9b9265c69a5cc295d1ab0d04e0273b3677db1a6216ce2ccf4efc8c277ed84b39

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 26 Mar 2024 22:00:03 GMT
last-modified
Fri, 28 Jul 2023 12:40:18 GMT
server
nginx
etag
"64c3b732-23"
content-type
image/gif
access-control-allow-origin
*
cache-control
public, max-age=604800
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
35
favicon-backdrop.png
cdn.helloworks.com/2024-03-21-120832-66e58a2/assets/ 		823 B
1 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://cdn.helloworks.com/2024-03-21-120832-66e58a2/assets/favicon-backdrop.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26da:3600:16:299:2240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
dc0004ed090ac0859a234e7ca1481a60da41edf9c5be90c4f8af49955c2d7dd5

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
NLpK0fcCu_px8DNrCK5fkhI0pUZPuJvz
date
Tue, 26 Mar 2024 20:00:39 GMT
via
1.1 b25ea630a0bc5820a6901f77047718fe.cloudfront.net (CloudFront)
last-modified
Thu, 21 Mar 2024 16:37:42 GMT
server
AmazonS3
x-amz-cf-pop
MUC50-P4
age
7164
x-amz-server-side-encryption
AES256
etag
"de345f6d3129feba2ae2e51cacbaf349"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
823
x-amz-cf-id
bnL5V37qRBADJsiyBaj_7RcKWaMjKJQst2ZSfe4HcWYD3_XS1ecMDQ==

Verdicts & Comments Add Verdict or Comment

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onpagereveal object| Typekit object| heap object| webpackJsonp object| SENTRY_RELEASE object| __SENTRY__ object| core boolean| _pdfjsCompatibilityChecked object| regeneratorRuntime object| ace object| __sentry_instrumentation_handlers__

7 Cookies

Domain/Path Name / Value
.info.kingdomtrust.com/ Name: __cf_bm
Value: lORSJOTWBdd9HB.MYftm3EDw3n_2vFgQ3vMQUTXpfHU-1711490402-1.0.1.1-ti.tO.f138f1oXV3.Qpd0EtgZglv.agY5ldAn2ipFx.hnazh8bFbKhG2Q87_q3HjPXQeW5dVeksuIO6s2Gg2gQ
.info.kingdomtrust.com/ Name: __cfruid
Value: ea2e72e7346f1e7a56b5a89d1e32a9ebb2fed82f-1711490402
portal.helloworks.com/ Name: AWSALB
Value: YBXpqEOOc+IQKb7X1Z1odUwwh/MZW5injDr1jI5tBo8fz8VefFLtcIhBIwAEMCzNxqj9DAlspnc6uBNhU572Ytrye7K7L0ICb1DpJcd5CEl4etO5A5LqncorlJ70
portal.helloworks.com/ Name: AWSALBCORS
Value: YBXpqEOOc+IQKb7X1Z1odUwwh/MZW5injDr1jI5tBo8fz8VefFLtcIhBIwAEMCzNxqj9DAlspnc6uBNhU572Ytrye7K7L0ICb1DpJcd5CEl4etO5A5LqncorlJ70
portal.helloworks.com/ Name: jwt
Value: gOSvSDkAlb7cIHg0C+W3rvyxn1YxeFdpCy9AhNOXSDk6gCJw+aANLrVWBJpboo3s4bvUoDfU8j81hr+lXCnvGN1jfUw/EgD2wlq2QOs3p1kyJ+/a8SfmBOT3Va0iFhr/
.helloworks.com/ Name: _hp2_id.344848527
Value: %7B%22userId%22%3A%222618863496236374%22%2C%22pageviewId%22%3A%221704924353085040%22%2C%22sessionId%22%3A%221888181958175639%22%2C%22identity%22%3Anull%2C%22trackerVersion%22%3A%224.0%22%7D
.helloworks.com/ Name: _hp2_ses_props.344848527
Value: %7B%22us%22%3A%22hs_email%22%2C%22um%22%3A%22email%22%2C%22uc%22%3A%22299962062%22%2C%22ua%22%3A%22Tax%20Day%202024%22%2C%22ts%22%3A1711490403179%2C%22d%22%3A%22portal.helloworks.com%22%2C%22h%22%3A%22%2Flink%2FHuzHJRAgjdiZivu0%22%2C%22q%22%3A%22%3Futm_campaign%3DTax%2520Day%25202024%26utm_medium%3Demail%26_hsmi%3D299962062%26_hsenc%3Dp2ANqtz-8CC0EWr2kxkL-1ZwYYlZXGpmfpWfLEVNO8Ip2y4CojKOVdB7VBYMSl3C11wZmnUW8DU_3Jl4HwbjpqvLSFKOJafW-ADH8HcgV_D0pLy0d8YHlrIiU%26utm_content%3D299962062%26utm_source%3Dhs_email%22%7D

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.heapanalytics.com
cdn.helloworks.com
d.dropbox.com
heapanalytics.com
info.kingdomtrust.com
p.typekit.net
portal.helloworks.com
use.typekit.net
162.125.1.20
18.173.154.122
199.60.103.28
2600:9000:26da:3600:16:299:2240:93a1
2a02:26f0:3500:16::215:1484
2a02:26f0:3500:16::215:1495
34.196.148.186
54.175.180.65
0ac75b515902d4a9c871724d8da779aaf77108660db9987a1fe1ab789ac95d4b
1cb417cae438fdbd2f60ae3b03d00e682ea638b9d2d689df54bbd3e2f68cf9c1
39f5dc12ea75c0103849a0b5cd372b4ba04a3237ebbe63bc2e6b66433af46345
3eebcd30eeddf1f51e2abbccc29e950d158c5f5ae03a73444ae41bc456ac122a
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
44d7a5c49f4c4b498fdc4132ebd37abc1a990440f6d11f6003a022dee8659428
513e9d1d08449390cbf98926f66dda2f20e13ef48078610ace960a6dd822b4de
5a0b095c216d6efbe9f3d0858643d4818e76679030b6acb95368cdad85bb3b03
5aa4d710eb97e7dc65d20f8a3b814646481b69ad60a513bfd95fa8bdcdc71eb6
5c9f600b175a870a39e534669ba425e642b0e3b79946273b04f36278fb14c89d
746bab1aa798109898dffae38779b757633e76d323a5d135a087535d6552fd33
81a6361b1f6ff5f9f6ca05b773fb993d7b7b3f668635ccba4379fa3ecb9a7e3e
9b9265c69a5cc295d1ab0d04e0273b3677db1a6216ce2ccf4efc8c277ed84b39
b4096925f34c85d0c0e934ad77c44165dcd66fecc354c153784d246f00911da5
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
da4ac3ec53065c24de29aa7e327fab97fcdfe6370a050714df4df6980ed6076f
dc0004ed090ac0859a234e7ca1481a60da41edf9c5be90c4f8af49955c2d7dd5
f1096de525ecd4549a0dea1507686fd365db607cddc697686b0f7ce81a9bdbab
fdcb74f626ef8f1059c0e3bd503017b8fdda4a54afcc26a4da734f5fd5c7a87a