urlscan.io logo urlscan.io
SecurityTrails logo

expatonline.hrblock.com Open in urlscan Pro
51.136.84.69  Public Scan

Go To Rescan Add Verdict Report
URL: https://expatonline.hrblock.com/faq
Submission Tags: phishing
Submission: On June 09 via api from US — Scanned from NL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 10 IPs in 4 countries across 12 domains to perform 42 HTTP transactions. The main IP is 51.136.84.69, located in Amsterdam, Netherlands and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is expatonline.hrblock.com.
TLS certificate: Issued by Entrust Certification Authority - L1K on December 7th 2022. Valid for: a year.
This is the only time expatonline.hrblock.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
18 51.136.84.69 8075 (MICROSOFT...)
11 2606:4700::68... 13335 (CLOUDFLAR...)
2 2a02:26f0:480... 20940 (AKAMAI-ASN1)
1 6 52.208.93.119 16509 (AMAZON-02)
1 13.225.78.100 16509 (AMAZON-02)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 34.255.19.86 16509 (AMAZON-02)
1 52.208.156.123 16509 (AMAZON-02)
1 63.140.62.160 16509 (AMAZON-02)
2 2 35.244.174.68 15169 (GOOGLE)
2 2 142.250.186.34 15169 (GOOGLE)
1 52.223.40.198 16509 (AMAZON-02)
1 1 2620:116:800d... 16509 (AMAZON-02)
2 2 2606:4700::68... 13335 (CLOUDFLAR...)
42 10
18    51.136.84.69 (Amsterdam, Netherlands)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
expatonline.hrblock.com
11    2606:4700::6812:aa72 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.cookielaw.org
2    2a02:26f0:480:99e::1e80 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
assets.adobedtm.com
6    52.208.93.119 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-208-93-119.eu-west-1.compute.amazonaws.com
dpm.demdex.net
1    13.225.78.100 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-78-100.fra2.r.cloudfront.net
sdk.hrb.magicpixel.io
1    2606:4700::6812:1d26 (United States)

ASN13335 (CLOUDFLARENET, US)
geolocation.onetrust.com
1    34.255.19.86 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-255-19-86.eu-west-1.compute.amazonaws.com
services.xg4ken.com
1    52.208.156.123 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-208-156-123.eu-west-1.compute.amazonaws.com
hrblock.demdex.net
1    63.140.62.160 (United States)

ASN16509 (AMAZON-02, US)
PTR: ip-63-140-62-160.data.adobedc.net
smetrics.hrblock.com
2    35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com
idsync.rlcdn.com
2    142.250.186.34 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f2.1e100.net
cm.g.doubleclick.net
1    52.223.40.198 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com
match.adsrvr.org
1    2620:116:800d:21:93ca:31d8:d86e:38f6 (United States)

ASN16509 (AMAZON-02, US)
cms.quantserve.com
2    2606:4700::6812:19ad (United States)

ASN13335 (CLOUDFLARENET, US)
a.tribalfusion.com
s.tribalfusion.com
Apex Domain
Subdomains		 Transfer
19 hrblock.com
expatonline.hrblock.com
smetrics.hrblock.com — Cisco Umbrella Rank: 182236
444 KB
11 cookielaw.org
cdn.cookielaw.org — Cisco Umbrella Rank: 412
156 KB
7 demdex.net
dpm.demdex.net — Cisco Umbrella Rank: 219
hrblock.demdex.net — Cisco Umbrella Rank: 228240
9 KB
2 tribalfusion.com
a.tribalfusion.com — Cisco Umbrella Rank: 851
s.tribalfusion.com — Cisco Umbrella Rank: 1995
932 B
2 doubleclick.net
cm.g.doubleclick.net — Cisco Umbrella Rank: 248
958 B
2 rlcdn.com
idsync.rlcdn.com — Cisco Umbrella Rank: 433
834 B
2 adobedtm.com
assets.adobedtm.com — Cisco Umbrella Rank: 408
55 KB
1 quantserve.com
cms.quantserve.com — Cisco Umbrella Rank: 817
427 B
1 adsrvr.org
match.adsrvr.org — Cisco Umbrella Rank: 385
265 B
1 xg4ken.com
services.xg4ken.com — Cisco Umbrella Rank: 19152
4 KB
1 onetrust.com
geolocation.onetrust.com — Cisco Umbrella Rank: 671
313 B
1 magicpixel.io
sdk.hrb.magicpixel.io
28 KB
42 12
Domain Requested by
18 expatonline.hrblock.com expatonline.hrblock.com
11 cdn.cookielaw.org expatonline.hrblock.com
cdn.cookielaw.org
6 dpm.demdex.net 1 redirects expatonline.hrblock.com
2 cm.g.doubleclick.net 2 redirects
2 idsync.rlcdn.com 2 redirects
2 assets.adobedtm.com expatonline.hrblock.com
assets.adobedtm.com
1 s.tribalfusion.com 1 redirects
1 a.tribalfusion.com 1 redirects
1 cms.quantserve.com 1 redirects
1 match.adsrvr.org
1 smetrics.hrblock.com assets.adobedtm.com
1 hrblock.demdex.net assets.adobedtm.com
1 services.xg4ken.com assets.adobedtm.com
1 geolocation.onetrust.com cdn.cookielaw.org
1 sdk.hrb.magicpixel.io expatonline.hrblock.com
42 15

This site contains links to these domains. Also see Links.

Domain
www.irs.gov
www.hrblock.com
www.onetrust.com
Subject Issuer Validity Valid
expatonline.hrblock.com
Entrust Certification Authority - L1K		 2022-12-07 -
2023-12-07		 a year crt.sh
cookielaw.org
Cloudflare Inc ECC CA-3		 2023-04-01 -
2024-03-31		 a year crt.sh
assets.adobedtm.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-07-19 -
2023-08-19		 a year crt.sh
*.hrb.magicpixel.io
Amazon RSA 2048 M02		 2023-06-04 -
2024-07-02		 a year crt.sh
onetrust.com
Cloudflare Inc ECC CA-3		 2022-12-13 -
2023-12-13		 a year crt.sh
*.xg4ken.com
Go Daddy Secure Certificate Authority - G2		 2022-10-18 -
2023-11-19		 a year crt.sh
*.demdex.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-09-26 -
2023-10-27		 a year crt.sh
smetrics.hrblock.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-04-03 -
2024-05-03		 a year crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020		 2023-04-12 -
2024-05-13		 a year crt.sh

This page contains 2 frames:

Primary Page: https://expatonline.hrblock.com/faq
Frame ID: 24DBBDB94AF9FE3DE3905FA0730EAC45
Requests: 36 HTTP requests in this frame

Frame: https://hrblock.demdex.net/dest5.html?d_nsid=0
Frame ID: D5736BC245DE2806A56B315021C876E2
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

H&R Block Expat Tax Services | Affordable Expat Tax Filing for US Americans abroadBack ButtonSearch IconFilter Icon

Detected technologies

Overall confidence: 100%
Detected patterns
  • cdn\.cookielaw\.org
  • otSDKStub\.js

Page Statistics

42
Requests

88 %
HTTPS

36 %
IPv6

12
Domains

15
Subdomains

10
IPs

4
Countries

696 kB
Transfer

2536 kB
Size

13
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 10
  • https://dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=A78D3BC75245AD7C0A490D4D%40AdobeOrg&d_nsid=0&ts=1686343150675 HTTP 302
  • https://dpm.demdex.net/id/rd?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=A78D3BC75245AD7C0A490D4D%40AdobeOrg&d_nsid=0&ts=1686343150675
Request Chain 36
  • https://idsync.rlcdn.com/365868.gif?partner_uid=35661291370772741190258328216832923546 HTTP 307
  • https://idsync.rlcdn.com/1000.gif?memo=CKyqFhIxCi0IARCYEhomMzU2NjEyOTEzNzA3NzI3NDExOTAyNTgzMjgyMTY4MzI5MjM1NDYQABoNCO-bjqQGEgUI6AcQAEIASgA HTTP 307
  • https://dpm.demdex.net/ibs:dpid=477&dpuuid=001015596a1fecd78fdbfa0a1cca29f49c7782d34e1fad9aad978ef92a8d717fb0da87c991749652
Request Chain 37
  • https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm&gdpr=0&gdpr_consent=&google_hm=MzU2NjEyOTEzNzA3NzI3NDExOTAyNTgzMjgyMTY4MzI5MjM1NDY= HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm=&gdpr=0&gdpr_consent=&google_hm=MzU2NjEyOTEzNzA3NzI3NDExOTAyNTgzMjgyMTY4MzI5MjM1NDY=&google_tc= HTTP 302
  • https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESECnUS2Qx0427cz62UxPAqvE&google_cver=1?gdpr=0&gdpr_consent=
Request Chain 39
  • https://cms.quantserve.com/pixel/p-vj4AYjBqd6VJ2.gif?idmatch=0&gdpr=0&gdpr_consent= HTTP 302
  • https://dpm.demdex.net/ibs:dpid=1175&&dpuuid=PQQizDNUf5kmCHzKPwE3yGpTK5wmUyrMMgZWgOdA
Request Chain 40
  • https://a.tribalfusion.com/i.match?p=b13&u=35661291370772741190258328216832923546&redirect=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid=22054&dpuuid=$TF_USER_ID_ENC$ HTTP 302
  • https://s.tribalfusion.com/z/i.match?p=b13&u=35661291370772741190258328216832923546&redirect=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid=22054&dpuuid=$TF_USER_ID_ENC$ HTTP 302
  • https://dpm.demdex.net/ibs:dpid=22054

42 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request faq
expatonline.hrblock.com/ 		9 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://expatonline.hrblock.com/faq
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.136.84.69 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Jetty(11.0.15) /
Resource Hash
70e064440f39b77a9d20359a0382e295f9388ba18c898b855728b0c6e0e8f504
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Frame-Options DENY

Request headers

Upgrade-Insecure-Requests
1
User-Agent
ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)
accept-language
nl-NL,nl;q=0.9

Response headers

content-encoding
gzip
content-length
2841
content-type
text/html
date
Fri, 09 Jun 2023 20:39:10 GMT
server
Jetty(11.0.15)
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-frame-options
DENY
otSDKStub.js
cdn.cookielaw.org/scripttemplates/ 		21 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Requested by
Host: expatonline.hrblock.com
URL: https://expatonline.hrblock.com/faq
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:aa72 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0be44b8963766e88bfb1034f5cf93deb8710ec30e7a54537ff463951c5976234
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://expatonline.hrblock.com/
User-Agent
ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 09 Jun 2023 20:39:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
0mEq0pw2uQHv5iDD8WI5Bw==
age
13998
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
6759
x-ms-lease-status
unlocked
last-modified
Wed, 07 Jun 2023 16:32:56 GMT
server
cloudflare
etag
0x8DB6774D9A252AC
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
3716749f-201e-00a4-2578-99e202000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
7d4c2eb2e9a2b980-AMS
roboto-light.woff
expatonline.hrblock.com/fonts/roboto/ 		20 KB
20 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://expatonline.hrblock.com/fonts/roboto/roboto-light.woff
Requested by
Host: expatonline.hrblock.com
URL: https://expatonline.hrblock.com/faq
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.136.84.69 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Jetty(11.0.15) /
Resource Hash
76b05400fff9da5b43862e3713099e3913916a629560265ed24b19d031227cbf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Frame-Options DENY

Request headers

Referer
https://expatonline.hrblock.com/faq
Origin
https://expatonline.hrblock.com
accept-language
nl-NL,nl;q=0.9
User-Agent
ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)

Response headers

date
Fri, 09 Jun 2023 20:39:10 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains; preload
last-modified
Fri, 09 Jun 2023 11:27:31 GMT
server
Jetty(11.0.15)
etag
W/"WC6CpSZUAHIWC6DLbm9E7Y"
x-frame-options
DENY
content-type
application/font-woff
cache-control
max-age=0
accept-ranges
bytes
content-length
20337
roboto-bold.woff
expatonline.hrblock.com/fonts/roboto/ 		20 KB
20 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://expatonline.hrblock.com/fonts/roboto/roboto-bold.woff
Requested by
Host: expatonline.hrblock.com
URL: https://expatonline.hrblock.com/faq
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.136.84.69 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Jetty(11.0.15) /
Resource Hash
806ea46c426af8fc24e5cf42a210228739696933d36299eb28aee64f69fc71f1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Frame-Options DENY

Request headers

Referer
https://expatonline.hrblock.com/faq
Origin
https://expatonline.hrblock.com
accept-language
nl-NL,nl;q=0.9
User-Agent
ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)

Response headers

date
Fri, 09 Jun 2023 20:39:10 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains; preload
last-modified
Fri, 09 Jun 2023 11:27:31 GMT
server
Jetty(11.0.15)
etag
W/"jztHe+Cp+n8jztG839A6UM"
x-frame-options
DENY
content-type
application/font-woff
cache-control
max-age=0
accept-ranges
bytes
content-length
20348
roboto-medium.woff
expatonline.hrblock.com/fonts/roboto/ 		20 KB
20 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://expatonline.hrblock.com/fonts/roboto/roboto-medium.woff
Requested by
Host: expatonline.hrblock.com
URL: https://expatonline.hrblock.com/faq
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.136.84.69 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Jetty(11.0.15) /
Resource Hash
ba98f991d002c6bfaaf7b874652ffdcde9261a86925db87df3ed2861ea080adf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Frame-Options DENY

Request headers

Referer
https://expatonline.hrblock.com/faq
Origin
https://expatonline.hrblock.com
accept-language
nl-NL,nl;q=0.9
User-Agent
ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)

Response headers

date
Fri, 09 Jun 2023 20:39:10 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains; preload
last-modified
Fri, 09 Jun 2023 11:27:31 GMT
server
Jetty(11.0.15)
etag
W/"raRo9xbO+u8raRpf4kn6ac"
x-frame-options
DENY
content-type
application/font-woff
cache-control
max-age=0
accept-ranges
bytes
content-length
20452
roboto-regular.woff
expatonline.hrblock.com/fonts/roboto/ 		20 KB
20 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://expatonline.hrblock.com/fonts/roboto/roboto-regular.woff
Requested by
Host: expatonline.hrblock.com
URL: https://expatonline.hrblock.com/faq
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.136.84.69 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Jetty(11.0.15) /
Resource Hash
c1dc87f99c7ff228806117d58f085c6c573057fa237228081802b7d8d3cf7684
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Frame-Options DENY

Request headers

Referer
https://expatonline.hrblock.com/faq
Origin
https://expatonline.hrblock.com
accept-language
nl-NL,nl;q=0.9
User-Agent
ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)

Response headers

date
Fri, 09 Jun 2023 20:39:10 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains; preload
last-modified
Fri, 09 Jun 2023 11:27:31 GMT
server
Jetty(11.0.15)
etag
W/"CKxxgH9DezwCKxwCOCqaKg"
x-frame-options
DENY
content-type
application/font-woff
cache-control
max-age=0
accept-ranges
bytes
content-length
20253
focus-visible.min.8282754a.js
expatonline.hrblock.com/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://expatonline.hrblock.com/focus-visible.min.8282754a.js
Requested by
Host: expatonline.hrblock.com
URL: https://expatonline.hrblock.com/faq
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.136.84.69 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Jetty(11.0.15) /
Resource Hash
496b5d5537837043be32278887c4ea80fd349bb648dbae6cd206f37ddbbcb0cf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Frame-Options DENY

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://expatonline.hrblock.com/faq
User-Agent
ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)

Response headers

date
Fri, 09 Jun 2023 20:39:10 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains; preload
last-modified
Fri, 09 Jun 2023 11:19:59 GMT
server
Jetty(11.0.15)
etag
W/"D4GIoLGZHCcD4GJKC57ewM"
x-frame-options
DENY
content-type
text/javascript
cache-control
max-age=0
accept-ranges
bytes
content-length
1468
met.b5a1f0ad.css
expatonline.hrblock.com/ 		113 KB
19 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://expatonline.hrblock.com/met.b5a1f0ad.css
Requested by
Host: expatonline.hrblock.com
URL: https://expatonline.hrblock.com/faq
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.136.84.69 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Jetty(11.0.15) /
Resource Hash
bc6d79ffee7a83af66f182a251fe064e48d24f874db5da90a2fb2a066d72d03d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Frame-Options DENY

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://expatonline.hrblock.com/faq
User-Agent
ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)

Response headers

date
Fri, 09 Jun 2023 20:39:10 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains; preload
last-modified
Fri, 09 Jun 2023 11:20:00 GMT
server
Jetty(11.0.15)
etag
W/"+i0c8geseCM+i0dephPxyE"
x-frame-options
DENY
content-type
text/css
cache-control
max-age=0
accept-ranges
bytes
content-length
18914
launch-20e0194b91f2.min.js
assets.adobedtm.com/f6306126288b/286ab092bf8b/ 		134 KB
42 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.adobedtm.com/f6306126288b/286ab092bf8b/launch-20e0194b91f2.min.js
Requested by
Host: expatonline.hrblock.com
URL: https://expatonline.hrblock.com/faq
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:99e::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
d27b7ac73ddece3fa13c5befc85fae97fb592740311f7a519f80956235494c8f

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://expatonline.hrblock.com/
User-Agent
ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)

Response headers

date
Fri, 09 Jun 2023 20:39:10 GMT
content-encoding
gzip
last-modified
Mon, 15 May 2023 00:39:33 GMT
server
AkamaiNetStorage
etag
"d86cfc713cf03b2d8375325c3803c355:1684111173.015577"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://expatonline.hrblock.com
cache-control
max-age=3600
server-timing
ak_p; desc="1686343150539_388391874_141040302_72_558_31_65_219";dur=1
accept-ranges
bytes
timing-allow-origin
*
content-length
43042
expires
Fri, 09 Jun 2023 21:39:10 GMT
met.535aac60.js
expatonline.hrblock.com/ 		1 MB
287 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://expatonline.hrblock.com/met.535aac60.js
Requested by
Host: expatonline.hrblock.com
URL: https://expatonline.hrblock.com/faq
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.136.84.69 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Jetty(11.0.15) /
Resource Hash
c598a356e0b4c763ccc812614141e1201b21aceeba1f0f5d4a1ff3b7400997fd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://expatonline.hrblock.com/faq
Origin
https://expatonline.hrblock.com
accept-language
nl-NL,nl;q=0.9
User-Agent
ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)

Response headers

date
Fri, 09 Jun 2023 20:39:10 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains; preload
last-modified
Fri, 09 Jun 2023 11:20:00 GMT
server
Jetty(11.0.15)
etag
W/"1gI65VCyIhM1gI7bc9CJv8"
content-type
text/javascript
cache-control
max-age=0
accept-ranges
bytes
68d1a37f-2d10-4455-8ba9-25a43e6967b1.json
cdn.cookielaw.org/consent/68d1a37f-2d10-4455-8ba9-25a43e6967b1/ 		4 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/68d1a37f-2d10-4455-8ba9-25a43e6967b1/68d1a37f-2d10-4455-8ba9-25a43e6967b1.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:aa72 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c1f31d3d4abe8b3f7c50c669196a65bb7c448ecea5c85087277b022213c7ab24
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://expatonline.hrblock.com/
User-Agent
ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 09 Jun 2023 20:39:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
4L2n2mqvMQL1fwaJ1iTYEQ==
age
48369
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
1659
x-ms-lease-status
unlocked
last-modified
Thu, 25 May 2023 11:04:27 GMT
server
cloudflare
etag
0x8DB5D0FCEB0691D
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
f55132a3-001e-0152-28f9-8e8341000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
7d4c2eb39d15b8e2-AMS
expires
Sat, 10 Jun 2023 20:39:10 GMT
rd
dpm.demdex.net/id/
Redirect Chain
  • https://dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=A78D3BC75245AD7C0A490D4D%40AdobeOrg&d_nsid=0&ts=1686343150675
  • https://dpm.demdex.net/id/rd?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=A78D3BC75245AD7C0A490D4D%40AdobeOrg&d_nsid=0&ts=1686343150675
1 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://dpm.demdex.net/id/rd?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=A78D3BC75245AD7C0A490D4D%40AdobeOrg&d_nsid=0&ts=1686343150675
Requested by
Host: expatonline.hrblock.com
URL: https://expatonline.hrblock.com/faq
Protocol
HTTP/1.1
Server
52.208.93.119 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-208-93-119.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
c826f736c2e091e3b3a98014548e7d033320111ececaf17a7698731ca482b00a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://expatonline.hrblock.com/
User-Agent
ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)

Response headers

DCS
dcs-prod-irl1-1-v048-06c261c56.edge-irl1.demdex.com 2 ms
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-TID
VAPIFySaT5U=
Vary
Origin
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin
https://expatonline.hrblock.com
Content-Type
application/json;charset=utf-8
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
655
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS
dcs-prod-irl1-2-v048-0f7ff0385.edge-irl1.demdex.com 0 ms
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-TID
3eVjbaWCTKY=
Vary
Origin
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin
https://expatonline.hrblock.com
Location
https://dpm.demdex.net/id/rd?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=A78D3BC75245AD7C0A490D4D%40AdobeOrg&d_nsid=0&ts=1686343150675
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 UTC
AppMeasurement.min.js
assets.adobedtm.com/extensions/EPbde2f7ca14e540399dcc1f8208860b7b/ 		33 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.adobedtm.com/extensions/EPbde2f7ca14e540399dcc1f8208860b7b/AppMeasurement.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/f6306126288b/286ab092bf8b/launch-20e0194b91f2.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:99e::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
d6b423c91328eec9c218dd8b21ae1e676987d574e5432411a32806e5dd2bde32

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://expatonline.hrblock.com/
User-Agent
ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)

Response headers

date
Fri, 09 Jun 2023 20:39:10 GMT
content-encoding
gzip
last-modified
Wed, 12 Aug 2020 22:09:52 GMT
server
AkamaiNetStorage
etag
"f259ee6445c19c2ce3c64a1b117a4f35:1597270192.577101"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://expatonline.hrblock.com
cache-control
no-cache
server-timing
ak_p; desc="1686343150695_388391874_141040373_12_389_31_0_146";dur=1
accept-ranges
bytes
timing-allow-origin
*
content-length
12184
expires
Fri, 09 Jun 2023 21:39:10 GMT
MPatu0vi0cpqfjrjwgep24t.js
sdk.hrb.magicpixel.io/ 		123 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sdk.hrb.magicpixel.io/MPatu0vi0cpqfjrjwgep24t.js
Requested by
Host: expatonline.hrblock.com
URL: https://expatonline.hrblock.com/faq
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.78.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-78-100.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
0c16dbfe5541eaa15366268c82347580b3c52b0f808c2dee15ee3d7b21951da6

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://expatonline.hrblock.com/
User-Agent
ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)

Response headers

date
Fri, 09 Jun 2023 04:23:28 GMT
content-encoding
br
via
1.1 f99b5b46e77cfe9c3413f99dc8a4088c.cloudfront.net (CloudFront)
last-modified
Tue, 09 May 2023 20:06:45 GMT
server
AmazonS3
x-amz-cf-pop
FRA2-C2
age
58543
x-amz-server-side-encryption
AES256
etag
W/"72e9d08baa641f2571c5bd8bd27958c8"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
x-amz-cf-id
hgWpTI3njTkGtcBvjOnFGUsxpWS6XDnOvjsKZ309k9TrACCgAl0wGA==
hrbLogo.5d7db968.js
expatonline.hrblock.com/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://expatonline.hrblock.com/hrbLogo.5d7db968.js
Requested by
Host: expatonline.hrblock.com
URL: https://expatonline.hrblock.com/met.535aac60.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.136.84.69 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Jetty(11.0.15) /
Resource Hash
af5d51f047d18c9c7bab83ae954b4c1e16693a29334b8705f4c6cb20022623ce
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Frame-Options DENY

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://expatonline.hrblock.com/faq
User-Agent
ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)

Response headers

date
Fri, 09 Jun 2023 20:39:10 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains; preload
last-modified
Fri, 09 Jun 2023 11:19:59 GMT
server
Jetty(11.0.15)
etag
W/"CovEW+ZQ/9MCovF03mymm8"
x-frame-options
DENY
content-type
text/javascript
cache-control
max-age=0
accept-ranges
bytes
content-length
2381
react-popper-tooltip.6b25caa2.js
expatonline.hrblock.com/ 		18 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://expatonline.hrblock.com/react-popper-tooltip.6b25caa2.js
Requested by
Host: expatonline.hrblock.com
URL: https://expatonline.hrblock.com/met.535aac60.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.136.84.69 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Jetty(11.0.15) /
Resource Hash
da5b71805b772edc067652055e509a60bb48c39da1c374662a500f7bab322967
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Frame-Options DENY

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://expatonline.hrblock.com/faq
User-Agent
ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)

Response headers

date
Fri, 09 Jun 2023 20:39:10 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains; preload
last-modified
Fri, 09 Jun 2023 11:20:00 GMT
server
Jetty(11.0.15)
etag
W/"CF4ViZNsl4cCF4UAQyOq0k"
x-frame-options
DENY
content-type
text/javascript
cache-control
max-age=0
accept-ranges
bytes
content-length
5020
menuGuide.5cf3e0a1.js
expatonline.hrblock.com/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://expatonline.hrblock.com/menuGuide.5cf3e0a1.js
Requested by
Host: expatonline.hrblock.com
URL: https://expatonline.hrblock.com/met.535aac60.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.136.84.69 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Jetty(11.0.15) /
Resource Hash
c4796f5d762fd7311e45732ee76f6e4717180b2d9c84294107b82fa7c8a115c1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Frame-Options DENY

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://expatonline.hrblock.com/faq
User-Agent
ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)

Response headers

date
Fri, 09 Jun 2023 20:39:10 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains; preload
last-modified
Fri, 09 Jun 2023 11:19:59 GMT
server
Jetty(11.0.15)
etag
W/"J+xPD6Blu/wJ+xOhz+HxR4"
x-frame-options
DENY
content-type
text/javascript
cache-control
max-age=0
accept-ranges
bytes
content-length
1265
menuReferral.ae32e8f8.js
expatonline.hrblock.com/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://expatonline.hrblock.com/menuReferral.ae32e8f8.js
Requested by
Host: expatonline.hrblock.com
URL: https://expatonline.hrblock.com/met.535aac60.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.136.84.69 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Jetty(11.0.15) /
Resource Hash
876e8d30908470622def6752c7f9fac97762336375af0bb4b969223f05179b8c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Frame-Options DENY

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://expatonline.hrblock.com/faq
User-Agent
ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)

Response headers

date
Fri, 09 Jun 2023 20:39:10 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains; preload
last-modified
Fri, 09 Jun 2023 11:19:59 GMT
server
Jetty(11.0.15)
etag
W/"eH03BNP/YjEeH02jEwdHNk"
x-frame-options
DENY
content-type
text/javascript
cache-control
max-age=0
accept-ranges
bytes
content-length
1181
menuBookmark.5237bd7f.js
expatonline.hrblock.com/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://expatonline.hrblock.com/menuBookmark.5237bd7f.js
Requested by
Host: expatonline.hrblock.com
URL: https://expatonline.hrblock.com/met.535aac60.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.136.84.69 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Jetty(11.0.15) /
Resource Hash
f78484985d9d44e49e48493b62037809aa419e7bdbe390b696d38ee658cf70db
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Frame-Options DENY

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://expatonline.hrblock.com/faq
User-Agent
ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)

Response headers

date
Fri, 09 Jun 2023 20:39:10 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains; preload
last-modified
Fri, 09 Jun 2023 11:19:59 GMT
server
Jetty(11.0.15)
etag
W/"/EqKiVcEFiA/EqLAcjmaZ0"
x-frame-options
DENY
content-type
text/javascript
cache-control
max-age=0
accept-ranges
bytes
content-length
1089
chat.bc5f2bc9.js
expatonline.hrblock.com/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://expatonline.hrblock.com/chat.bc5f2bc9.js
Requested by
Host: expatonline.hrblock.com
URL: https://expatonline.hrblock.com/met.535aac60.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.136.84.69 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Jetty(11.0.15) /
Resource Hash
8531639989526f25a93b2079165ed21e3d658b7b3b4e0a4bbfa3ceb200a88307
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Frame-Options DENY

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://expatonline.hrblock.com/faq
User-Agent
ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)

Response headers

date
Fri, 09 Jun 2023 20:39:10 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains; preload
last-modified
Fri, 09 Jun 2023 11:19:59 GMT
server
Jetty(11.0.15)
etag
W/"TgJi+xQnPS0TgJjc4vFR7k"
x-frame-options
DENY
content-type
text/javascript
cache-control
max-age=0
accept-ranges
bytes
content-length
1528
faq.fc3b91bc.js
expatonline.hrblock.com/ 		20 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://expatonline.hrblock.com/faq.fc3b91bc.js
Requested by
Host: expatonline.hrblock.com
URL: https://expatonline.hrblock.com/met.535aac60.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.136.84.69 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Jetty(11.0.15) /
Resource Hash
8eda50ff742126c6844de16468de00b9f20d6e1f28d671aaff1fab535916a35d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Frame-Options DENY

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://expatonline.hrblock.com/faq
User-Agent
ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)

Response headers

date
Fri, 09 Jun 2023 20:39:10 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains; preload
last-modified
Fri, 09 Jun 2023 11:19:59 GMT
server
Jetty(11.0.15)
etag
W/"LWSu0GKJ7dYLWSvWP1ryiM"
x-frame-options
DENY
content-type
text/javascript
cache-control
max-age=0
accept-ranges
bytes
content-length
6674
all.21f33da9.js
expatonline.hrblock.com/ 		75 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://expatonline.hrblock.com/all.21f33da9.js
Requested by
Host: expatonline.hrblock.com
URL: https://expatonline.hrblock.com/met.535aac60.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.136.84.69 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Jetty(11.0.15) /
Resource Hash
fc36381fcb7e53b2c8ea2d081a06334c7163538434887842f15124f6448e1ad1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Frame-Options DENY

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://expatonline.hrblock.com/faq
User-Agent
ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)

Response headers

date
Fri, 09 Jun 2023 20:39:10 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains; preload
last-modified
Fri, 09 Jun 2023 11:20:00 GMT
server
Jetty(11.0.15)
etag
W/"WhG3snv4ZekWhG2OuQbNCY"
x-frame-options
DENY
content-type
text/javascript
cache-control
max-age=0
accept-ranges
bytes
content-length
17793
location
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 		74 B
313 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d26 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
498b9857c51790a045b6b127fe4f95ef72e86dffd41b71f1d14d149a33e11b28
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept
application/json
Referer
https://expatonline.hrblock.com/
accept-language
nl-NL,nl;q=0.9
User-Agent
ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)

Response headers

date
Fri, 09 Jun 2023 20:39:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
server
cloudflare
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS
content-type
application/json
access-control-allow-origin
*
cf-ray
7d4c2eb50f4a1c87-AMS
access-control-allow-headers
Content-Type
kenshoo.js
services.xg4ken.com/js/ 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://services.xg4ken.com/js/kenshoo.js?cid=351be85f-c67c-4b18-a439-fdefb711e85e
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/f6306126288b/286ab092bf8b/launch-20e0194b91f2.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.255.19.86 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-255-19-86.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
14b2fe3e03bf2fcd05e23ec7ce91738b78d95ed68ada64cc1fb0846b11a2ba66

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://expatonline.hrblock.com/
User-Agent
ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)

Response headers

date
Fri, 09 Jun 2023 20:39:11 GMT
content-encoding
gzip
last-modified
Thu, 11 May 2023 12:40:22 GMT
x-debug-kenshoo-server
ip-10-174-85-239
etag
"dacb00bafccd96597eb348f71e6898c1--gzip"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=86400
welcome.78d43bd3.js
expatonline.hrblock.com/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://expatonline.hrblock.com/welcome.78d43bd3.js
Requested by
Host: expatonline.hrblock.com
URL: https://expatonline.hrblock.com/met.535aac60.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.136.84.69 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Jetty(11.0.15) /
Resource Hash
9143cc476872dd50b1d34ecc81b2e5c7c6e64e76c1a3e9a467d484128f82e322
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Frame-Options DENY

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://expatonline.hrblock.com/faq
User-Agent
ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)

Response headers

date
Fri, 09 Jun 2023 20:39:10 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains; preload
last-modified
Fri, 09 Jun 2023 11:19:59 GMT
server
Jetty(11.0.15)
etag
W/"JkQipdqq26gJkQjLUVIvDI"
x-frame-options
DENY
content-type
text/javascript
cache-control
max-age=0
accept-ranges
bytes
content-length
1680
manualSupport.dfefa32c.js
expatonline.hrblock.com/ 		40 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://expatonline.hrblock.com/manualSupport.dfefa32c.js
Requested by
Host: expatonline.hrblock.com
URL: https://expatonline.hrblock.com/met.535aac60.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.136.84.69 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Jetty(11.0.15) /
Resource Hash
2a2498a36e1672d24f34f5ef005c58d0a42264d0bb052d46a3553aebed3114ee
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Frame-Options DENY

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://expatonline.hrblock.com/faq
User-Agent
ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)

Response headers

date
Fri, 09 Jun 2023 20:39:10 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains; preload
last-modified
Fri, 09 Jun 2023 11:19:59 GMT
server
Jetty(11.0.15)
etag
W/"pw+Y7JeDDTgpw+ZZAhh2gc"
x-frame-options
DENY
content-type
text/javascript
cache-control
max-age=0
accept-ranges
bytes
content-length
15969
otBannerSdk.js
cdn.cookielaw.org/scripttemplates/202304.1.0/ 		401 KB
97 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202304.1.0/otBannerSdk.js
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:aa72 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1114132a79b42ce8e5064f57a1560a3b3f0e1659afc33e4698bab53e1301fbfd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://expatonline.hrblock.com/
User-Agent
ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 09 Jun 2023 20:39:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
f9AvZgohx9TU9t078cCRXA==
age
36158
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
99020
x-ms-lease-status
unlocked
last-modified
Thu, 11 May 2023 06:31:14 GMT
server
cloudflare
etag
0x8DB51E951BA9202
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
c1394cd4-d01e-015b-13d8-8399cf000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
7d4c2eb55c65b980-AMS
dest5.html
hrblock.demdex.net/ Frame D573 		7 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://hrblock.demdex.net/dest5.html?d_nsid=0
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/f6306126288b/286ab092bf8b/launch-20e0194b91f2.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.208.156.123 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-208-156-123.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://expatonline.hrblock.com/
Upgrade-Insecure-Requests
1
User-Agent
ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)
accept-language
nl-NL,nl;q=0.9

Response headers

Accept-Ranges
bytes
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Length
2791
Content-Type
text/html;charset=UTF-8
DCS
dcs-prod-irl1-1-v048-076c78125.edge-irl1.demdex.com 0 ms
Expires
Thu, 01 Jan 1970 00:00:00 UTC
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-TID
YWPm+VgjRH8=
content-encoding
gzip
date
Fri, 9 Jun 2023 20:39:11 GMT
last-modified
Wed, 10 May 2023 10:46:46 GMT
vary
accept-encoding
id
smetrics.hrblock.com/ 		48 B
464 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://smetrics.hrblock.com/id?d_visid_ver=5.2.0&d_fieldgroup=A&mcorgid=A78D3BC75245AD7C0A490D4D%40AdobeOrg&mid=43191712099138018660655393585878895895&ts=1686343150955
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/f6306126288b/286ab092bf8b/launch-20e0194b91f2.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
63.140.62.160 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-63-140-62-160.data.adobedc.net
Software
jag /
Resource Hash
a96801a273e4bcb3e04b142b778a1a5ee7be77a8013a3b22389244c5c2eea1b5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://expatonline.hrblock.com/
accept-language
nl-NL,nl;q=0.9
User-Agent
ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)
Content-Type
application/x-www-form-urlencoded

Response headers

date
Fri, 09 Jun 2023 20:39:11 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
server
jag
vary
Origin
content-type
application/x-javascript;charset=utf-8
access-control-allow-origin
https://expatonline.hrblock.com
p3p
CP="This is not a P3P policy"
cache-control
no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials
true
content-length
48
x-xss-protection
1; mode=block
en.json
cdn.cookielaw.org/consent/68d1a37f-2d10-4455-8ba9-25a43e6967b1/0380915f-d41e-45f7-973f-be8c2d52d66e/ 		137 KB
25 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/68d1a37f-2d10-4455-8ba9-25a43e6967b1/0380915f-d41e-45f7-973f-be8c2d52d66e/en.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202304.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:aa72 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3c61688b390b78743530d4b6665a1f3f1281dd40f6463468038d864258ac50d3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://expatonline.hrblock.com/
User-Agent
ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 09 Jun 2023 20:39:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
yEchfuYzrvbyIAp3NclWfQ==
age
17117
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
25203
x-ms-lease-status
unlocked
last-modified
Thu, 25 May 2023 11:04:30 GMT
server
cloudflare
etag
0x8DB5D0FD018532C
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
ab38a328-a01e-00b5-39f9-8ed519000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
7d4c2eb5de92b8e2-AMS
expires
Sat, 10 Jun 2023 20:39:11 GMT
otFlat.json
cdn.cookielaw.org/scripttemplates/202304.1.0/assets/ 		13 KB
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202304.1.0/assets/otFlat.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202304.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:aa72 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aa355c393e03f831dbdbcc678ba16396aab95930b1bc5b0549695d40cc955ca1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://expatonline.hrblock.com/
User-Agent
ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 09 Jun 2023 20:39:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
VwzPf/atFGVLVHgPLKsA5g==
age
17116
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
3019
x-ms-lease-status
unlocked
last-modified
Thu, 11 May 2023 06:31:08 GMT
server
cloudflare
etag
0x8DB51E94E2F9DF3
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
23d10b00-001e-0056-08f9-8e3096000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
7d4c2eb62ed0b8e2-AMS
otPcCenter.json
cdn.cookielaw.org/scripttemplates/202304.1.0/assets/v2/ 		61 KB
13 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202304.1.0/assets/v2/otPcCenter.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202304.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:aa72 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d55ad3bc35664e6ce9dc3e6a71bb6d3a4c8fddeb6af1a195727c0361ddd92a2e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://expatonline.hrblock.com/
User-Agent
ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 09 Jun 2023 20:39:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
U0I+ien3T2GIYJcFxPdemQ==
age
17116
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
12544
x-ms-lease-status
unlocked
last-modified
Thu, 11 May 2023 06:31:10 GMT
server
cloudflare
etag
0x8DB51E94F811CDE
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
25c3a15b-201e-014e-48f9-8e5b56000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
7d4c2eb62ed1b8e2-AMS
otCommonStyles.css
cdn.cookielaw.org/scripttemplates/202304.1.0/assets/ 		21 KB
4 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202304.1.0/assets/otCommonStyles.css
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202304.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:aa72 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d0c233d327541d2961f1cde9e53a6166279655f4d4041c1bc458ac1701827719
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://expatonline.hrblock.com/
User-Agent
ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 09 Jun 2023 20:39:11 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
oWkBTLgDDXvrUsd93y/Zxg==
age
17116
x-ms-lease-status
unlocked
last-modified
Thu, 11 May 2023 06:31:18 GMT
server
cloudflare
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
e376c980-801e-0080-38f9-8e7b4c000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
7d4c2eb62ed2b8e2-AMS
ot_close.svg
cdn.cookielaw.org/logos/static/ 		651 B
623 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.cookielaw.org/logos/static/ot_close.svg
Requested by
Host: expatonline.hrblock.com
URL: https://expatonline.hrblock.com/faq
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:aa72 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://expatonline.hrblock.com/
User-Agent
ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 09 Jun 2023 20:39:11 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
pcXWFGpuVeSg/jVnYCseRg==
age
84766
x-ms-lease-status
unlocked
last-modified
Wed, 07 Jun 2023 16:32:58 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
0ed017ac-301e-0038-56c4-9999bf000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
7d4c2eb67e14b980-AMS
ot_guard_logo.svg
cdn.cookielaw.org/logos/static/ 		497 B
489 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/logos/static/ot_guard_logo.svg
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202304.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:aa72 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://expatonline.hrblock.com/
User-Agent
ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 09 Jun 2023 20:39:11 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
tXyZydHjxQshFMbbBT1/8A==
age
17116
x-ms-lease-status
unlocked
last-modified
Thu, 08 Jun 2023 20:17:38 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
745a3fa8-e01e-00f6-777b-9afff0000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
7d4c2eb69f1fb8e2-AMS
hrb_square.png
cdn.cookielaw.org/logos/b902db79-9da9-4f08-a43f-eb154781b9cc/43c8fef6-3a6d-42e9-a82c-281d3bc8f3da/e330f7b8-e785-4d4a-a14b-5564fb29c753/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.cookielaw.org/logos/b902db79-9da9-4f08-a43f-eb154781b9cc/43c8fef6-3a6d-42e9-a82c-281d3bc8f3da/e330f7b8-e785-4d4a-a14b-5564fb29c753/hrb_square.png
Requested by
Host: expatonline.hrblock.com
URL: https://expatonline.hrblock.com/faq
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:aa72 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
920881668b03e2ae97d7873e5f669c6ecde63f4cbd085c9e0441271c32cc03db
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://expatonline.hrblock.com/
User-Agent
ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 09 Jun 2023 20:39:11 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
CtBGljTzw4rND/uB7zfpnQ==
content-length
1749
x-ms-lease-status
unlocked
last-modified
Tue, 29 Nov 2022 20:53:00 GMT
server
cloudflare
etag
0x8DAD24BB3799634
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
x-ms-request-id
fb824e09-501e-00c6-51e1-5aa5da000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
7d4c2eb6ae66b980-AMS
powered_by_logo.svg
cdn.cookielaw.org/logos/static/ 		5 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.cookielaw.org/logos/static/powered_by_logo.svg
Requested by
Host: expatonline.hrblock.com
URL: https://expatonline.hrblock.com/faq
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:aa72 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://expatonline.hrblock.com/
User-Agent
ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 09 Jun 2023 20:39:11 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
Y+c301RBZNK39PvKQWrIBw==
age
6297
x-ms-lease-status
unlocked
last-modified
Fri, 09 Jun 2023 12:41:11 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
d4a78e71-a01e-00d8-0efc-9a7f37000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
7d4c2eb6ae68b980-AMS
ibs:dpid=477&dpuuid=001015596a1fecd78fdbfa0a1cca29f49c7782d34e1fad9aad978ef92a8d717fb0da87c991749652
dpm.demdex.net/ Frame D573
Redirect Chain
  • https://idsync.rlcdn.com/365868.gif?partner_uid=35661291370772741190258328216832923546
  • https://idsync.rlcdn.com/1000.gif?memo=CKyqFhIxCi0IARCYEhomMzU2NjEyOTEzNzA3NzI3NDExOTAyNTgzMjgyMTY4MzI5MjM1NDYQABoNCO-bjqQGEgUI6AcQAEIASgA
  • https://dpm.demdex.net/ibs:dpid=477&dpuuid=001015596a1fecd78fdbfa0a1cca29f49c7782d34e1fad9aad978ef92a8d717fb0da87c991749652
42 B
942 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=477&dpuuid=001015596a1fecd78fdbfa0a1cca29f49c7782d34e1fad9aad978ef92a8d717fb0da87c991749652
Protocol
HTTP/1.1
Server
52.208.93.119 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-208-93-119.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://hrblock.demdex.net/
User-Agent
ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)

Response headers

DCS
dcs-prod-irl1-1-v048-0d8a0b8fe.edge-irl1.demdex.com 2 ms
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
DTmEeNI+Szs=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type
image/gif
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

date
Fri, 09 Jun 2023 20:39:11 GMT
via
1.1 google
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://dpm.demdex.net/ibs:dpid=477&dpuuid=001015596a1fecd78fdbfa0a1cca29f49c7782d34e1fad9aad978ef92a8d717fb0da87c991749652
cache-control
no-cache, no-store
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
ibs:dpid=771&dpuuid=CAESECnUS2Qx0427cz62UxPAqvE&google_cver=1
dpm.demdex.net/ Frame D573
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm&gdpr=0&gdpr_consent=&google_hm=MzU2NjEyOTEzNzA3NzI3NDExOTAyNTgzMjgyMTY4MzI5MjM1NDY=
  • https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm=&gdpr=0&gdpr_consent=&google_hm=MzU2NjEyOTEzNzA3NzI3NDExOTAyNTgzMjgyMTY4MzI5MjM1NDY=&google_tc=
  • https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESECnUS2Qx0427cz62UxPAqvE&google_cver=1?gdpr=0&gdpr_consent=
42 B
942 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESECnUS2Qx0427cz62UxPAqvE&google_cver=1?gdpr=0&gdpr_consent=
Protocol
HTTP/1.1
Server
52.208.93.119 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-208-93-119.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://hrblock.demdex.net/
User-Agent
ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)

Response headers

DCS
dcs-prod-irl1-2-v048-04f30eb4e.edge-irl1.demdex.com 2 ms
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
IO+gZggDR68=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type
image/gif
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma
no-cache
date
Fri, 09 Jun 2023 20:39:11 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESECnUS2Qx0427cz62UxPAqvE&google_cver=1?gdpr=0&gdpr_consent=
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
314
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
generic
match.adsrvr.org/track/cmf/ Frame D573 		70 B
265 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/generic?ttd_pid=aam&gdpr=0&gdpr_consent=&domain=expatonline.hrblock.com&ttd_tpi=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://hrblock.demdex.net/
User-Agent
ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)

Response headers

content-type
image/gif
pragma
no-cache
date
Fri, 09 Jun 2023 20:39:11 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
ibs:dpid=1175&&dpuuid=PQQizDNUf5kmCHzKPwE3yGpTK5wmUyrMMgZWgOdA
dpm.demdex.net/ Frame D573
Redirect Chain
  • https://cms.quantserve.com/pixel/p-vj4AYjBqd6VJ2.gif?idmatch=0&gdpr=0&gdpr_consent=
  • https://dpm.demdex.net/ibs:dpid=1175&&dpuuid=PQQizDNUf5kmCHzKPwE3yGpTK5wmUyrMMgZWgOdA
42 B
942 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=1175&&dpuuid=PQQizDNUf5kmCHzKPwE3yGpTK5wmUyrMMgZWgOdA
Protocol
HTTP/1.1
Server
52.208.93.119 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-208-93-119.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://hrblock.demdex.net/
User-Agent
ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)

Response headers

DCS
dcs-prod-irl1-1-v048-07532cfea.edge-irl1.demdex.com 2 ms
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
SK8DpRboRpI=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type
image/gif
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

location
https://dpm.demdex.net/ibs:dpid=1175&&dpuuid=PQQizDNUf5kmCHzKPwE3yGpTK5wmUyrMMgZWgOdA
pragma
no-cache
date
Fri, 09 Jun 2023 20:39:11 GMT
cache-control
private, no-cache, no-store, proxy-revalidate
expires
Fri, 04 Aug 1978 12:00:00 GMT
content-length
0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
ibs:dpid=22054
dpm.demdex.net/ Frame D573
Redirect Chain
  • https://a.tribalfusion.com/i.match?p=b13&u=35661291370772741190258328216832923546&redirect=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid=22054&dpuuid=$TF_USER_ID_ENC$
  • https://s.tribalfusion.com/z/i.match?p=b13&u=35661291370772741190258328216832923546&redirect=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid=22054&dpuuid=$TF_USER_ID_ENC$
  • https://dpm.demdex.net/ibs:dpid=22054
42 B
956 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=22054
Protocol
HTTP/1.1
Server
52.208.93.119 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-208-93-119.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://hrblock.demdex.net/
User-Agent
ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)

Response headers

DCS
dcs-prod-irl1-1-v048-0370685eb.edge-irl1.demdex.com 0 ms
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
PhhvEEsVSRo=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type
image/gif
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
X-Error
300
Connection
keep-alive
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma
no-cache
date
Fri, 09 Jun 2023 20:39:12 GMT
cf-cache-status
DYNAMIC
x-function
209
server
cloudflare
x-reuse-index
41
content-type
text/html
location
https://dpm.demdex.net/ibs:dpid=22054
p3p
CP="NOI DEVo TAIa OUR BUS"
cache-control
no-cache, private
cf-ray
7d4c2ebae9220a73-AMS
alt-svc
h3=":443"; ma=86400
expires
Thu, 01 Jan 1970 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

49 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 boolean| credentialless object| onbeforetoggle object| onscrollend object| OneTrustStub function| OptanonWrapper object| HRBData object| staticSettings object| metGlobals function| applyFocusVisiblePolyfill function| parcelRequire object| _satellite boolean| __satelliteLoaded object| adobe function| Visitor object| s_c_il number| s_c_in object| mpDl function| eedl object| _mp boolean| browserIsSupported function| setImmediate function| clearImmediate object| FontAwesomeConfig object| ___FONT_AWESOME___ function| AppMeasurement function| s_gi function| s_pgicq number| s_objectID number| s_giq object| s string| OnetrustActiveGroups string| OptanonActiveGroups object| dataLayer object| otStubData function| ___tmr function| MpDataDataLayer object| mpDlHelperInstance object| ___mprReport object| Ken_Infinity_Tag_Consts object| Kenshoo_Helpers object| kenshoo object| LP_Pixel object| Uds_Pixel object| User_Match object| User_Sync object| Optanon object| OneTrust

13 Cookies

Domain/Path Name / Value
.hrblock.com/ Name: sat_track
Value: true
.demdex.net/ Name: demdex
Value: 35661291370772741190258328216832923546
.hrblock.com/ Name: _mp_dbg
Value: NvN3dgMdEx0JxWbuRWLkb
.hrblock.com/ Name: AMCVS_A78D3BC75245AD7C0A490D4D%40AdobeOrg
Value: 1
.hrblock.com/ Name: s_ecid
Value: MCMID%7C43191712099138018660655393585878895895
.hrblock.com/ Name: OptanonConsent
Value: isGpcEnabled=0&datestamp=Fri+Jun+09+2023+20%3A39%3A11+GMT%2B0000+(GMT)&version=202304.1.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=bcd04682-9fbf-48b6-8823-9c68e17e2d1a&interactionCount=0&landingPath=https%3A%2F%2Fexpatonline.hrblock.com%2Ffaq&groups=BG36%3A1%2CC0001%3A1%2CC0003%3A1%2CC0002%3A1%2CBG37%3A0%2CC0005%3A0%2CC0004%3A0
.hrblock.com/ Name: AMCV_A78D3BC75245AD7C0A490D4D%40AdobeOrg
Value: -1124106680%7CMCIDTS%7C19518%7CMCMID%7C43191712099138018660655393585878895895%7CMCAAMLH-1686947950%7C6%7CMCAAMB-1686947950%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1686350351s%7CNONE%7CMCAID%7CNONE%7CvVersion%7C5.2.0
.rlcdn.com/ Name: rlas3
Value: 30TdHLR55SNVFn5KYvHReBuMfjEdK4BAmHneaBJctG8=
.rlcdn.com/ Name: pxrc
Value: CO+bjqQGEgUI6AcQABIGCPHrARAA
.dpm.demdex.net/ Name: dpm
Value: 35661291370772741190258328216832923546
.demdex.net/ Name: dextp
Value: 477-1-1686343151157|771-1-1686343151258|903-1-1686343151358|1175-1-1686343151459|22054-1-1686343151560
.doubleclick.net/ Name: IDE
Value: AHWqTUk6vzZ22YRKSmqvrREiOqaxCjXlYN_V2TKn_SFqedZTRDfcerhpMWGTowNkx8U
.tribalfusion.com/ Name: ANON_ID
Value: atnr6iriIthP3PTReGiX0r9sjuOxevgjvLMqsOXGBmn6AhagqJZdQj6ZaTMnYgdLXdbiaeWo6a

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Frame-Options DENY

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.tribalfusion.com
assets.adobedtm.com
cdn.cookielaw.org
cm.g.doubleclick.net
cms.quantserve.com
dpm.demdex.net
expatonline.hrblock.com
geolocation.onetrust.com
hrblock.demdex.net
idsync.rlcdn.com
match.adsrvr.org
s.tribalfusion.com
sdk.hrb.magicpixel.io
services.xg4ken.com
smetrics.hrblock.com
13.225.78.100
142.250.186.34
2606:4700::6812:19ad
2606:4700::6812:1d26
2606:4700::6812:aa72
2620:116:800d:21:93ca:31d8:d86e:38f6
2a02:26f0:480:99e::1e80
34.255.19.86
35.244.174.68
51.136.84.69
52.208.156.123
52.208.93.119
52.223.40.198
63.140.62.160
0be44b8963766e88bfb1034f5cf93deb8710ec30e7a54537ff463951c5976234
0c16dbfe5541eaa15366268c82347580b3c52b0f808c2dee15ee3d7b21951da6
1114132a79b42ce8e5064f57a1560a3b3f0e1659afc33e4698bab53e1301fbfd
14b2fe3e03bf2fcd05e23ec7ce91738b78d95ed68ada64cc1fb0846b11a2ba66
2a2498a36e1672d24f34f5ef005c58d0a42264d0bb052d46a3553aebed3114ee
3c61688b390b78743530d4b6665a1f3f1281dd40f6463468038d864258ac50d3
496b5d5537837043be32278887c4ea80fd349bb648dbae6cd206f37ddbbcb0cf
498b9857c51790a045b6b127fe4f95ef72e86dffd41b71f1d14d149a33e11b28
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
70e064440f39b77a9d20359a0382e295f9388ba18c898b855728b0c6e0e8f504
76b05400fff9da5b43862e3713099e3913916a629560265ed24b19d031227cbf
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
806ea46c426af8fc24e5cf42a210228739696933d36299eb28aee64f69fc71f1
8531639989526f25a93b2079165ed21e3d658b7b3b4e0a4bbfa3ceb200a88307
876e8d30908470622def6752c7f9fac97762336375af0bb4b969223f05179b8c
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8eda50ff742126c6844de16468de00b9f20d6e1f28d671aaff1fab535916a35d
901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc
9143cc476872dd50b1d34ecc81b2e5c7c6e64e76c1a3e9a467d484128f82e322
920881668b03e2ae97d7873e5f669c6ecde63f4cbd085c9e0441271c32cc03db
a96801a273e4bcb3e04b142b778a1a5ee7be77a8013a3b22389244c5c2eea1b5
aa355c393e03f831dbdbcc678ba16396aab95930b1bc5b0549695d40cc955ca1
af5d51f047d18c9c7bab83ae954b4c1e16693a29334b8705f4c6cb20022623ce
ba98f991d002c6bfaaf7b874652ffdcde9261a86925db87df3ed2861ea080adf
bc6d79ffee7a83af66f182a251fe064e48d24f874db5da90a2fb2a066d72d03d
c1dc87f99c7ff228806117d58f085c6c573057fa237228081802b7d8d3cf7684
c1f31d3d4abe8b3f7c50c669196a65bb7c448ecea5c85087277b022213c7ab24
c4796f5d762fd7311e45732ee76f6e4717180b2d9c84294107b82fa7c8a115c1
c598a356e0b4c763ccc812614141e1201b21aceeba1f0f5d4a1ff3b7400997fd
c826f736c2e091e3b3a98014548e7d033320111ececaf17a7698731ca482b00a
d0c233d327541d2961f1cde9e53a6166279655f4d4041c1bc458ac1701827719
d27b7ac73ddece3fa13c5befc85fae97fb592740311f7a519f80956235494c8f
d55ad3bc35664e6ce9dc3e6a71bb6d3a4c8fddeb6af1a195727c0361ddd92a2e
d6b423c91328eec9c218dd8b21ae1e676987d574e5432411a32806e5dd2bde32
da5b71805b772edc067652055e509a60bb48c39da1c374662a500f7bab322967
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f78484985d9d44e49e48493b62037809aa419e7bdbe390b696d38ee658cf70db
fc36381fcb7e53b2c8ea2d081a06334c7163538434887842f15124f6448e1ad1