urlscan.io logo urlscan.io
SecurityTrails logo

offers.hrcovered.com Open in urlscan Pro
104.16.15.194  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://u23167153.ct.sendgrid.net/ls/click?upn=egIyMckUw95BnddVXANb1ThD0ocuzRBnfhLWCLsZ5myugo44ONlGoLIsC-2BEqRJLP6m1h_iRTqjR6UGrmJ...
Effective URL: https://offers.hrcovered.com/optin1681221154759
Submission: On October 27 via manual from CA — Scanned from CA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 16 IPs in 2 countries across 15 domains to perform 48 HTTP transactions. The main IP is 104.16.15.194, located in and belongs to CLOUDFLARENET, US. The main domain is offers.hrcovered.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on July 28th 2023. Valid for: a year.
This is the only time offers.hrcovered.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 167.89.123.147 11377 (SENDGRID)
1 14 104.16.15.194 13335 (CLOUDFLAR...)
3 172.64.103.11 13335 (CLOUDFLAR...)
2 142.251.16.95 15169 (GOOGLE)
4 172.253.63.97 15169 (GOOGLE)
5 104.16.16.194 13335 (CLOUDFLAR...)
3 151.101.1.229 54113 (FASTLY)
1 104.16.56.101 13335 (CLOUDFLAR...)
3 142.251.16.94 15169 (GOOGLE)
2 172.253.63.113 15169 (GOOGLE)
1 142.251.111.154 15169 (GOOGLE)
1 34.117.59.81 396982 (GOOGLE-CL...)
2 172.253.122.102 15169 (GOOGLE)
2 172.253.115.155 15169 (GOOGLE)
3 142.251.163.94 15169 (GOOGLE)
2 172.253.62.147 15169 (GOOGLE)
48 16
1    167.89.123.147 (Chicago, United States)

ASN11377 (SENDGRID, US)
PTR: o16789123x147.outbound-mail.sendgrid.net
u23167153.ct.sendgrid.net
14    104.16.15.194 (None, )

ASN13335 (CLOUDFLARENET, US)
offers.hrcovered.com
3    172.64.103.11 (United States)

ASN13335 (CLOUDFLARENET, US)
use.fontawesome.com
2    142.251.16.95 (United States)

ASN15169 (GOOGLE, US)
PTR: bl-in-f95.1e100.net
fonts.googleapis.com
4    172.253.63.97 (United States)

ASN15169 (GOOGLE, US)
PTR: bi-in-f97.1e100.net
www.googletagmanager.com
5    104.16.16.194 (None, )

ASN13335 (CLOUDFLARENET, US)
app.clickfunnels.com
3    151.101.1.229 (United States)

ASN54113 (FASTLY, US)
cdn.jsdelivr.net
1    104.16.56.101 (None, )

ASN13335 (CLOUDFLARENET, US)
static.cloudflareinsights.com
3    142.251.16.94 (United States)

ASN15169 (GOOGLE, US)
PTR: bl-in-f94.1e100.net
fonts.gstatic.com
2    172.253.63.113 (United States)

ASN15169 (GOOGLE, US)
PTR: bi-in-f113.1e100.net
www.google-analytics.com
1    142.251.111.154 (United States)

ASN15169 (GOOGLE, US)
PTR: bk-in-f154.1e100.net
googleads.g.doubleclick.net
1    34.117.59.81 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 81.59.117.34.bc.googleusercontent.com
ipinfo.io
2    172.253.122.102 (United States)

ASN15169 (GOOGLE, US)
PTR: bh-in-f102.1e100.net
analytics.google.com
2    172.253.115.155 (United States)

ASN15169 (GOOGLE, US)
PTR: bg-in-f155.1e100.net
stats.g.doubleclick.net
3    142.251.163.94 (United States)

ASN15169 (GOOGLE, US)
PTR: wv-in-f94.1e100.net
www.google.ca
2    172.253.62.147 (United States)

ASN15169 (GOOGLE, US)
PTR: bc-in-f147.1e100.net
www.google.com
Apex Domain
Subdomains		 Transfer
14 hrcovered.com
offers.hrcovered.com
2 MB
5 clickfunnels.com
app.clickfunnels.com — Cisco Umbrella Rank: 56820
4 KB
4 google.com
analytics.google.com — Cisco Umbrella Rank: 157
www.google.com — Cisco Umbrella Rank: 2
855 B
4 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 35
316 KB
3 google.ca
www.google.ca — Cisco Umbrella Rank: 9133
669 B
3 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 33
stats.g.doubleclick.net — Cisco Umbrella Rank: 78
2 KB
3 gstatic.com
fonts.gstatic.com
82 KB
3 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 335
137 KB
3 fontawesome.com
use.fontawesome.com — Cisco Umbrella Rank: 1002
91 KB
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 27
21 KB
2 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 31
4 KB
1 ipinfo.io
ipinfo.io — Cisco Umbrella Rank: 7097
653 B
1 cloudflareinsights.com
static.cloudflareinsights.com — Cisco Umbrella Rank: 899
7 KB
1 sendgrid.net
u23167153.ct.sendgrid.net
239 B
0 addevent.com Failed
track.addevent.com Failed
48 15
Domain Requested by
14 offers.hrcovered.com 1 redirects offers.hrcovered.com
static.cloudflareinsights.com
5 app.clickfunnels.com offers.hrcovered.com
4 www.googletagmanager.com offers.hrcovered.com
www.googletagmanager.com
3 www.google.ca offers.hrcovered.com
3 fonts.gstatic.com fonts.googleapis.com
3 cdn.jsdelivr.net offers.hrcovered.com
cdn.jsdelivr.net
3 use.fontawesome.com offers.hrcovered.com
use.fontawesome.com
2 www.google.com offers.hrcovered.com
2 stats.g.doubleclick.net www.googletagmanager.com
www.google-analytics.com
2 analytics.google.com www.googletagmanager.com
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
2 fonts.googleapis.com offers.hrcovered.com
1 ipinfo.io offers.hrcovered.com
1 googleads.g.doubleclick.net www.googletagmanager.com
1 static.cloudflareinsights.com offers.hrcovered.com
1 u23167153.ct.sendgrid.net 1 redirects
0 track.addevent.com Failed offers.hrcovered.com
48 17

This site contains no links.

Subject Issuer Validity Valid
offers.hrcovered.com
Cloudflare Inc ECC CA-3		 2023-07-28 -
2024-07-26		 a year crt.sh
use.fontawesome.com
Cloudflare Inc ECC CA-3		 2023-10-12 -
2024-10-10		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2023-10-09 -
2024-01-01		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-10-09 -
2024-01-01		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-06-23 -
2024-06-22		 a year crt.sh
jsdelivr.net
GlobalSign Atlas R3 DV TLS CA 2023 Q3		 2023-09-27 -
2024-10-28		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2023-10-09 -
2024-01-01		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2023-10-09 -
2024-01-01		 3 months crt.sh
ipinfo.io
R3		 2023-09-23 -
2023-12-22		 3 months crt.sh
*.google.com
GTS CA 1C3		 2023-10-09 -
2024-01-01		 3 months crt.sh
*.google.ca
GTS CA 1C3		 2023-10-09 -
2024-01-01		 3 months crt.sh
www.google.com
GTS CA 1C3		 2023-10-09 -
2024-01-01		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://offers.hrcovered.com/optin1681221154759
Frame ID: 159DC371ADB892683A834E4A8E675CF7
Requests: 49 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

EMPLOYMENT AGREEMENT CHECKLIST

Page URL History Show full URLs

  1. https://u23167153.ct.sendgrid.net/ls/click?upn=egIyMckUw95BnddVXANb1ThD0ocuzRBnfhLWCLsZ5myugo44ONlGoLIsC-2BEqR... HTTP 302
    https://offers.hrcovered.com/6lmzfd3 HTTP 302
    https://offers.hrcovered.com/optin1681221154759 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <meta property="cf:app_domain" content="app\.clickfunnels\.com"
Overall confidence: 100%
Detected patterns
  • static\.cloudflareinsights\.com/beacon(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • //cdn\.jsdelivr\.net/

Page Statistics

48
Requests

98 %
HTTPS

0 %
IPv6

15
Domains

17
Subdomains

16
IPs

2
Countries

2262 kB
Transfer

5263 kB
Size

26
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://u23167153.ct.sendgrid.net/ls/click?upn=egIyMckUw95BnddVXANb1ThD0ocuzRBnfhLWCLsZ5myugo44ONlGoLIsC-2BEqRJLP6m1h_iRTqjR6UGrmJAMibGk9QK97byC0hzPZUpu8CxfQcFRlgeWDoJ65GLkVWxFeRrf8vIBm-2FalZ8kZJfFL8vxcHs6F8FahiR8G6oqycS-2FK1I16vrYcQ60CbyocFKoWPVle013P5-2F33hubFfRFtbLSu29J-2B68Hgjrkb3XhsKHIwSg1k4JmLHgyzh9Vhu4fIwv27d02yClif4ZsxXSw01-2BdP5gunAXYeD9pHYlMT3BTFWKjysm-2B9m-2Bea-2B3-2Bnfnk9ccsyMKUH7P5V8iIb3lce8n-2BVFVJ1zJpadDbRwUmwL6R2Qd75E0hmBU-2BECxlbSXLrTpAsIX9tqA73CmFO7l2PA815JlCfGYwdHT9giLc0aW5yeyFyZkLfSRFWTvf5O5QG5-2FoKq11kzPSlWBMot0DTg8d6SWyPpblIumE2xXetVwbeX5r6SU393Opv85lv4Ly-2BCtI0nvZZ-2F48IrFVINEGrt3mnEAkZ36y52bk-2F8jZ10PULMoiJGhmErn4meisgt4uJy46idTYZ8kKRUMFaVflPOmzQKsB295uk9NwL02fF0cgsNi4DUwrZxiWyntHPx-2FjLpRI9DTfoECIgdT93dk2sPjZArHuBlbzotXDRgxB6iMn1I4-2FLuJ-2BjFAprMIMcKII9SZytqjN3-2FdGDUVXmFc1jwu88-2FxnSUv0HhBJLumSE5M7oG7nFc-2Frznp0qvEqlIdAo5DLNysL6uUnupHlqOPbJQ1fJuNkpDs5af-2FFPXe31uwcdyS7Dt8qLJKZ0F2EBP2wAACEZAyO1gqS-2BQRuwK-2FSKtG-2BHP37U7EqSU5IMkLvQYcX7E89IoLVN5IANz8DXqG28AdBJH5Dq2oFE6JP84-2BuEHjJYfnvWQDJrRwjrHQt6rr413g9-2BvugqYBGHptRBK0IOsrkXsvpVvW4Dz4p6EAMdxKxN07SMzVbvu4ZdFhmhmA90zB59z73-2F-2B5ifXnh-2FpDps1RroTC8UGLkEYe-2FsHhCoK94D8bnDjXRRkjVRXJQIIstmSi18mBEiD-2Ba-2Bg8hfQau3BfCp4QxAsTqBi9XNR0dZ6AuCVCR4MjuWMQ0zK69wkzWZa4cNcDS89bSv-2FJcOJA7cwGaLbTQLdrMw-2BV1xoYYQOmhC6gJzg7s7Iz0QLYqeFTT6jpgKk-3D HTTP 302
    https://offers.hrcovered.com/6lmzfd3 HTTP 302
    https://offers.hrcovered.com/optin1681221154759 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

48 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request optin1681221154759
offers.hrcovered.com/
Redirect Chain
  • https://u23167153.ct.sendgrid.net/ls/click?upn=egIyMckUw95BnddVXANb1ThD0ocuzRBnfhLWCLsZ5myugo44ONlGoLIsC-2BEqRJLP6m1h_iRTqjR6UGrmJAMibGk9QK97byC0hzPZUpu8CxfQcFRlgeWDoJ65GLkVWxFeRrf8vIBm-2FalZ8kZJfF...
  • https://offers.hrcovered.com/6lmzfd3
  • https://offers.hrcovered.com/optin1681221154759
117 KB
19 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://offers.hrcovered.com/optin1681221154759
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.16.15.194 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Phusion Passenger Enterprise 6.0.7
Resource Hash
145bc243f55bd0df2777579ee61db171aa71880adc9a3fac7c2cd9b573e3fdeb

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

cache-control
max-age=60, public, s-maxage=600, r-maxage=10
cf-cache-status
REVALIDATED
cf-ray
81cd563e3c06a1fc-YYZ
content-encoding
br
content-type
text/html; charset=utf-8
date
Fri, 27 Oct 2023 19:27:31 GMT
last-modified
Thu, 27 Jul 2023 17:58:58 GMT
server
cloudflare
status
200 OK
vary
Accept-Encoding
x-content-digest
fe66f88743cb86fac8f4988c990fc7bb7733ed04
x-powered-by
Phusion Passenger Enterprise 6.0.7
x-rack-cache
miss, store
x-request-id
8e5bdcb946ae8511bf7f33368671ea26
x-runtime
0.336986

Redirect headers

cache-control
no-cache
cf-cache-status
EXPIRED
cf-ray
81cd563c99f0a1fc-YYZ
content-type
text/html; charset=utf-8
date
Fri, 27 Oct 2023 19:27:31 GMT
location
https://offers.hrcovered.com/optin1681221154759
server
cloudflare
status
302 Found
vary
Accept-Encoding
x-powered-by
Phusion Passenger Enterprise 6.0.7
x-rack-cache
miss
x-request-id
61f22f9c8bd05783811e510490580b02
x-runtime
0.089442
lander.css
offers.hrcovered.com/assets/ 		425 KB
70 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://offers.hrcovered.com/assets/lander.css
Requested by
Host: offers.hrcovered.com
URL: https://offers.hrcovered.com/optin1681221154759
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.16.15.194 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
caec52356d28a445e7ad10d92d410b52fa537697b3b453ef1c01c65ec01ff86d

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://offers.hrcovered.com/optin1681221154759
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date
Fri, 27 Oct 2023 19:27:31 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 25 Oct 2023 16:02:58 GMT
server
cloudflare
age
576
etag
W/"65393c32-6a514"
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=1200
cf-ray
81cd563f5d97a1fc-YYZ
expires
Fri, 27 Oct 2023 19:47:31 GMT
all.css
use.fontawesome.com/releases/v5.9.0/css/ 		55 KB
13 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://use.fontawesome.com/releases/v5.9.0/css/all.css
Requested by
Host: offers.hrcovered.com
URL: https://offers.hrcovered.com/optin1681221154759
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.103.11 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
533143d96607d94d5d4292838e364aef656d3de58fe74368263776eab9c07542

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://offers.hrcovered.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date
Fri, 27 Oct 2023 19:27:32 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id
4V1BD31J8X2KX0WM
age
2358654
alt-svc
h3=":443"; ma=86400
x-amz-id-2
e2U9mvxuHLYLtO87usYSxnQjWZCkKTb8ffBhbuIGmuLZS3q/zTqN0YtFgELGHtu5sfxf2m3BbWQ=
last-modified
Wed, 30 Jun 2021 15:48:06 GMT
server
cloudflare
etag
W/"dbf9d822cefe851ba6f66e1ad57e8987"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FWHgmO3U%2BKfy3LaXCEHAr2J55kWYedIXteUVz7KosGOeCQSPER3gHbvsMB8KgmskXNj3fYKbkoAQQO%2BZ5sLY%2FTqGm%2BWGRYLYSLVBwztySMj0irfLDmRBVHV76uatlt9uDVJDUeMA"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=31556926
cf-ray
81cd56462ee5c338-EWR
v4-shims.css
use.fontawesome.com/releases/v5.9.0/css/ 		26 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://use.fontawesome.com/releases/v5.9.0/css/v4-shims.css
Requested by
Host: offers.hrcovered.com
URL: https://offers.hrcovered.com/optin1681221154759
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.103.11 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0d1c5ba4b29db42dadf61f9e7304331fa835fe732bbb02822ada17a9a63c215f

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://offers.hrcovered.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date
Fri, 27 Oct 2023 19:27:32 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id
2884BS70W6N46VMK
age
780849
alt-svc
h3=":443"; ma=86400
x-amz-id-2
pcwSkRihIggDk97A5F1imGJsuutdJ7jp2OAH6v5puu/a/zbn/V+0krIQJhtL0w1qTZ6KDD8s4y0=
last-modified
Wed, 30 Jun 2021 15:48:06 GMT
server
cloudflare
etag
W/"e140a7d32f343530f016095df3cc2ae4"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gVGprGr4d8MpMGtY7U3JbR6K%2BhIngdqQc8kMrKuplqsJF1p7l4kW8PsPNbny2Qp164GTYPwxpbiv8LfwBA3wT0MBWFbnjprcj0wMfJAcFWZFfop1vL0CBSn%2FyhFgIbB0RzLund1Y"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=31556926
cf-ray
81cd56462ee8c338-EWR
css
fonts.googleapis.com/ 		47 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Open+Sans:400,700%7COswald:400,700%7CDroid+Sans:400,700%7CRoboto:400,700%7CLato:400,700%7CPT+Sans:400,700%7CSource+Sans+Pro:400,600,700%7CNoto+Sans:400,700%7CPT+Sans:400,700%7CUbuntu:400,700%7CBitter:400,700%7CPT+Serif:400,700%7CRokkitt:400,700%7CDroid+Serif:400,700%7CRaleway:400,700%7CInconsolata:400,700
Requested by
Host: offers.hrcovered.com
URL: https://offers.hrcovered.com/optin1681221154759
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.16.95 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bl-in-f95.1e100.net
Software
ESF /
Resource Hash
7dbb39ee6e87085cbbe32d363a4776b9b696e903226fddfc695b48e6b111691c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://offers.hrcovered.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Fri, 27 Oct 2023 19:27:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Fri, 27 Oct 2023 19:19:28 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 27 Oct 2023 19:27:31 GMT
application.js
offers.hrcovered.com/assets/userevents/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://offers.hrcovered.com/assets/userevents/application.js
Requested by
Host: offers.hrcovered.com
URL: https://offers.hrcovered.com/optin1681221154759
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.16.15.194 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a696b734193371073510c87df68430499c2f424ad3f7be42f586dc6aff78567b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://offers.hrcovered.com/optin1681221154759
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date
Fri, 27 Oct 2023 19:27:32 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 25 Oct 2023 16:02:58 GMT
server
cloudflare
age
560
etag
W/"65393c32-147c"
vary
Accept-Encoding
access-control-allow-methods
POST, GET, OPTIONS
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
public, max-age=1200
cf-ray
81cd564678bfa1fc-YYZ
expires
Fri, 27 Oct 2023 19:47:32 GMT
js
www.googletagmanager.com/gtag/ 		231 KB
80 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-588950505
Requested by
Host: offers.hrcovered.com
URL: https://offers.hrcovered.com/optin1681221154759
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.63.97 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bi-in-f97.1e100.net
Software
Google Tag Manager /
Resource Hash
ace9258026e08eae768f92aa1e8c354b69570a7f8fae374100e674592bdd5b0f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://offers.hrcovered.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date
Fri, 27 Oct 2023 19:27:32 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
81542
x-xss-protection
0
last-modified
Fri, 27 Oct 2023 18:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 27 Oct 2023 19:27:32 GMT
js
www.googletagmanager.com/gtag/ 		186 KB
67 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-180959918-1
Requested by
Host: offers.hrcovered.com
URL: https://offers.hrcovered.com/optin1681221154759
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.63.97 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bi-in-f97.1e100.net
Software
Google Tag Manager /
Resource Hash
260cb8cbced2deaef97c95772df569d849ca5157ed56496b06c693507bdd6a78
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://offers.hrcovered.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date
Fri, 27 Oct 2023 19:27:32 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
68704
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Fri, 27 Oct 2023 19:27:32 GMT
logo-1-.png
offers.hrcovered.com/hosted/images/5f/20298b01f748c8b02e7dbe56408498/ 		14 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://offers.hrcovered.com/hosted/images/5f/20298b01f748c8b02e7dbe56408498/logo-1-.png
Requested by
Host: offers.hrcovered.com
URL: https://offers.hrcovered.com/optin1681221154759
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.16.15.194 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
73decdb341d66c8feecd11170a2fd8c97082c0a14dcb18e9c1b94f905bfd5a92

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://offers.hrcovered.com/optin1681221154759
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date
Fri, 27 Oct 2023 19:27:31 GMT
cf-cache-status
HIT
last-modified
Wed, 13 Apr 2022 23:04:56 GMT
cf-bgj
imgq:85,h2pri
server
cloudflare
age
4830
x-amz-cf-pop
YTO50-C3
etag
"c052a8f88dcdba4f5ad977f7e2b9abf4"
cf-polished
origSize=14095
vary
Accept, Accept-Encoding
content-type
image/png
cache-control
max-age=31536000
accept-ranges
bytes
cf-ray
81cd563f5d99a1fc-YYZ
content-length
14039
HRC-law-png-min.png
offers.hrcovered.com/hosted/images/74/7961f307d64edcafdf22213f3b6b5e/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://offers.hrcovered.com/hosted/images/74/7961f307d64edcafdf22213f3b6b5e/HRC-law-png-min.png
Requested by
Host: offers.hrcovered.com
URL: https://offers.hrcovered.com/optin1681221154759
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.16.15.194 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6fae23c47930adc7b567d95e3b2780d6d9026ada0604bff4a9facb62c7f38fa9

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://offers.hrcovered.com/optin1681221154759
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date
Fri, 27 Oct 2023 19:27:31 GMT
cf-cache-status
REVALIDATED
last-modified
Fri, 05 Aug 2022 19:59:00 GMT
cf-bgj
imgq:85,h2pri
server
cloudflare
x-amz-cf-pop
YUL62-P2
etag
"b0629957db01b6eda88f563feae6226d"
cf-polished
origSize=5390
vary
Accept, Accept-Encoding
content-type
image/png
cache-control
max-age=31536000
accept-ranges
bytes
cf-ray
81cd563f5d9aa1fc-YYZ
content-length
4719
css
fonts.googleapis.com/ 		3 KB
720 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=sans-serif%7CJosefin+Sans%7CRaleway%7CHelvetica+Neue+Helvetica+Arial+sans-serif%7CRaleway%7CJosefin+Sans%7CRaleway%7Csans-serif%7CRaleway%7Csans-serif%7CRaleway%7C%7C
Requested by
Host: offers.hrcovered.com
URL: https://offers.hrcovered.com/optin1681221154759
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.16.95 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bl-in-f95.1e100.net
Software
ESF /
Resource Hash
1da788dcb3f8c86118398903b6f60067718a8c83a0338929769ad1f98195aa3d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://offers.hrcovered.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Fri, 27 Oct 2023 19:27:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Fri, 27 Oct 2023 19:27:31 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 27 Oct 2023 19:27:31 GMT
lander.js
offers.hrcovered.com/assets/ 		2 MB
661 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://offers.hrcovered.com/assets/lander.js
Requested by
Host: offers.hrcovered.com
URL: https://offers.hrcovered.com/optin1681221154759
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.16.15.194 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4fd12163a6c4e05aa48cb4197de1f0dc8bcf81545c5eb26fcc49fc2cd922fedb

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://offers.hrcovered.com/optin1681221154759
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date
Fri, 27 Oct 2023 19:27:31 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 25 Oct 2023 16:04:17 GMT
server
cloudflare
age
614
etag
W/"65393c81-2372af"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
public, max-age=1200
cf-ray
81cd56401ea7a1fc-YYZ
expires
Fri, 27 Oct 2023 19:47:31 GMT
mailcheck.min.js
app.clickfunnels.com/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.clickfunnels.com/mailcheck.min.js
Requested by
Host: offers.hrcovered.com
URL: https://offers.hrcovered.com/optin1681221154759
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.16.16.194 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e0189e16cf01f8149342c9f2de872cfa73571f2a145a830f18b16154bf1d2982

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://offers.hrcovered.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date
Fri, 27 Oct 2023 19:27:34 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 25 Oct 2023 16:02:58 GMT
server
cloudflare
age
1539
etag
W/"65393c32-a8d"
vary
Accept-Encoding
content-type
application/x-javascript
cf-ray
81cd564efe6c39fb-YYZ
pushcrew.js
offers.hrcovered.com/assets/ 		637 B
455 B 		Script
General
Check archive.org
Download Go to
Full URL
https://offers.hrcovered.com/assets/pushcrew.js
Requested by
Host: offers.hrcovered.com
URL: https://offers.hrcovered.com/optin1681221154759
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.16.15.194 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f7464960133d530dfa52ce0ab9a5c33f0a709a946ad16298b000a7560738f422

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://offers.hrcovered.com/optin1681221154759
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date
Fri, 27 Oct 2023 19:27:33 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 25 Oct 2023 16:02:57 GMT
server
cloudflare
age
273
etag
W/"65393c31-27d"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
public, max-age=1200
cf-ray
81cd564688d5a1fc-YYZ
expires
Fri, 27 Oct 2023 19:47:32 GMT
intlTelInput.min.js
cdn.jsdelivr.net/npm/intl-tel-input@14.0.3/build/js/ 		27 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/intl-tel-input@14.0.3/build/js/intlTelInput.min.js
Requested by
Host: offers.hrcovered.com
URL: https://offers.hrcovered.com/optin1681221154759
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.229 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
c215038a14d244d806fd8a1a5a99a036b1731bedf06f5de97bd71390323dd59c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://offers.hrcovered.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Fri, 27 Oct 2023 19:27:31 GMT
x-content-type-options
nosniff
content-encoding
br
age
2128978
x-jsd-version
14.0.3
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
10860
x-served-by
cache-fra-eddf8230021-FRA, cache-yyz4551-YYZ
x-jsd-version-type
version
etag
W/"6bdf-S3jDntgtUhwGP7oRikDS86vdLpw"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges
bytes
timing-allow-origin
*
v84a3a4012de94ce1a686ba8c167c359c1696973893317
static.cloudflareinsights.com/beacon.min.js/ 		20 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317
Requested by
Host: offers.hrcovered.com
URL: https://offers.hrcovered.com/optin1681221154759
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.56.101 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6153d13804862b0fc1c016cf1129f34cb7c6185f2cf4bf1a3a862eecdab50101

Request headers

Referer
https://offers.hrcovered.com/
Origin
https://offers.hrcovered.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date
Fri, 27 Oct 2023 19:27:33 GMT
content-encoding
gzip
last-modified
Tue, 10 Oct 2023 21:38:13 GMT
server
cloudflare
etag
W/"2023.10.0"
vary
Accept-Encoding
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
cf-ray
81cd56485f14a22c-YYZ
truncated
/ 		26 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Content-Type
image/png
Green-Clean-Travel-Landscape-Banner-4-.png
offers.hrcovered.com/hosted/images/74/cc8cc70463406b9b205231a4edf4a5/ 		31 KB
31 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://offers.hrcovered.com/hosted/images/74/cc8cc70463406b9b205231a4edf4a5/Green-Clean-Travel-Landscape-Banner-4-.png
Requested by
Host: offers.hrcovered.com
URL: https://offers.hrcovered.com/optin1681221154759
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.16.15.194 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e14cc2c71259032119ed6b1f7ffa70c775d9c35a2af970f5aaa8ced2bdab825f

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://offers.hrcovered.com/optin1681221154759
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date
Fri, 27 Oct 2023 19:27:32 GMT
cf-cache-status
HIT
last-modified
Thu, 21 Jul 2022 18:46:51 GMT
cf-bgj
imgq:85,h2pri
server
cloudflare
age
6535
x-amz-cf-pop
YTO50-C3
etag
"6e47112ed1e6b403df8525040232372c"
cf-polished
origSize=32005, status=webp_bigger
vary
Accept-Encoding
content-type
image/png
cache-control
max-age=31536000
accept-ranges
bytes
cf-ray
81cd5646b919a1fc-YYZ
content-length
31795
Green-Clean-Travel-Landscape-Banner-3-.png
offers.hrcovered.com/hosted/images/26/245dbb28d54859ad6dd15a83bf865f/ 		91 KB
91 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://offers.hrcovered.com/hosted/images/26/245dbb28d54859ad6dd15a83bf865f/Green-Clean-Travel-Landscape-Banner-3-.png
Requested by
Host: offers.hrcovered.com
URL: https://offers.hrcovered.com/optin1681221154759
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.16.15.194 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
53de26395c2ad3e7c6a703bafb6e66bf991f2cb3fe74c9f296233e88eb2eef54

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://offers.hrcovered.com/optin1681221154759
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date
Fri, 27 Oct 2023 19:27:33 GMT
cf-cache-status
REVALIDATED
last-modified
Wed, 20 Jul 2022 21:24:35 GMT
cf-bgj
imgq:85,h2pri
server
cloudflare
x-amz-cf-pop
YUL62-P2
etag
"c3cf753571db36de4f2507951a543885"
cf-polished
origSize=93011, status=webp_bigger
vary
Accept-Encoding
content-type
image/png
cache-control
max-age=31536000
accept-ranges
bytes
cf-ray
81cd5646c91ea1fc-YYZ
content-length
92917
Qw3PZQNVED7rKGKxtqIqX5E-AVSJrOCfjY46_DjQbMZhLw.woff2
fonts.gstatic.com/s/josefinsans/v32/ 		12 KB
12 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/josefinsans/v32/Qw3PZQNVED7rKGKxtqIqX5E-AVSJrOCfjY46_DjQbMZhLw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=sans-serif%7CJosefin+Sans%7CRaleway%7CHelvetica+Neue+Helvetica+Arial+sans-serif%7CRaleway%7CJosefin+Sans%7CRaleway%7Csans-serif%7CRaleway%7Csans-serif%7CRaleway%7C%7C
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.16.94 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bl-in-f94.1e100.net
Software
sffe /
Resource Hash
24a6ddc71f3d94fd9bcd29b7540b49f299a1ca78986464aeb47291fdea955e35
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://offers.hrcovered.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date
Fri, 27 Oct 2023 13:37:04 GMT
x-content-type-options
nosniff
age
21030
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
12388
x-xss-protection
0
last-modified
Thu, 24 Aug 2023 20:50:19 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 26 Oct 2024 13:37:04 GMT
1Ptug8zYS_SKggPNyC0ITw.woff2
fonts.gstatic.com/s/raleway/v29/ 		47 KB
47 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/raleway/v29/1Ptug8zYS_SKggPNyC0ITw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400,700%7COswald:400,700%7CDroid+Sans:400,700%7CRoboto:400,700%7CLato:400,700%7CPT+Sans:400,700%7CSource+Sans+Pro:400,600,700%7CNoto+Sans:400,700%7CPT+Sans:400,700%7CUbuntu:400,700%7CBitter:400,700%7CPT+Serif:400,700%7CRokkitt:400,700%7CDroid+Serif:400,700%7CRaleway:400,700%7CInconsolata:400,700
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.16.94 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bl-in-f94.1e100.net
Software
sffe /
Resource Hash
8cbc049ddbd7ca67068451ce754401833499959c4c6ed7b98f664d42e0597808
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://offers.hrcovered.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date
Fri, 27 Oct 2023 03:24:37 GMT
x-content-type-options
nosniff
age
57777
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
48208
x-xss-protection
0
last-modified
Wed, 13 Sep 2023 23:24:45 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 26 Oct 2024 03:24:37 GMT
1Ptxg8zYS_SKggPN4iEgvnHyvveLxVvaorCIPrE.woff2
fonts.gstatic.com/s/raleway/v29/ 		22 KB
22 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/raleway/v29/1Ptxg8zYS_SKggPN4iEgvnHyvveLxVvaorCIPrE.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=sans-serif%7CJosefin+Sans%7CRaleway%7CHelvetica+Neue+Helvetica+Arial+sans-serif%7CRaleway%7CJosefin+Sans%7CRaleway%7Csans-serif%7CRaleway%7Csans-serif%7CRaleway%7C%7C
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.16.94 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bl-in-f94.1e100.net
Software
sffe /
Resource Hash
5ec1e2ebe080ec8fbfbdc7dd9c0c25449e1d98e4e947c11a00fd770d8841698b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://offers.hrcovered.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date
Fri, 27 Oct 2023 13:52:56 GMT
x-content-type-options
nosniff
age
20078
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
22420
x-xss-protection
0
last-modified
Thu, 14 Sep 2023 00:56:44 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 26 Oct 2024 13:52:56 GMT
fa-solid-900.woff2
use.fontawesome.com/releases/v5.9.0/webfonts/ 		74 KB
74 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.fontawesome.com/releases/v5.9.0/webfonts/fa-solid-900.woff2
Requested by
Host: use.fontawesome.com
URL: https://use.fontawesome.com/releases/v5.9.0/css/all.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.103.11 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cd398be1a91817126cef10224738e624358edf6f08043abad7e60c1aaeccc8d0

Request headers

Referer
https://use.fontawesome.com/releases/v5.9.0/css/all.css
Origin
https://offers.hrcovered.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date
Fri, 27 Oct 2023 19:27:34 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id
5Y3R66HEQNGM53T2
age
1403308
alt-svc
h3=":443"; ma=86400
content-length
75440
x-amz-id-2
sgwKq30x8WdwJkgkVSylSbvQ8yAtcvh1Sg2CaB75ZOA7TW20a+Gd6yo09SJNBHfrWHwPdXtvwWK6VnnnvZHQpA==
last-modified
Wed, 30 Jun 2021 15:48:27 GMT
server
cloudflare
etag
"b5cf8ae26748570d8fb95a47f46b69e1"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
font/woff2
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x9ZlYkBl%2FWmMs7wjSogQMHwinXfMQyNkqb19VjglFi9huen%2FJpuOmrfuf8w45gwFRa%2FVDvuR7ErID6FYCUjru1uqFBiowpmFyyD1CkbMx8hGhtq9MX50ib5CwsN7%2FfYGg%2Fp3z5o4"}],"group":"cf-nel","max_age":604800}
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control
max-age=31556926
accept-ranges
bytes
cf-ray
81cd564f2b045e77-EWR
vendor.js
offers.hrcovered.com/ 		18 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://offers.hrcovered.com/vendor.js
Requested by
Host: offers.hrcovered.com
URL: https://offers.hrcovered.com/optin1681221154759
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.16.15.194 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Phusion Passenger Enterprise 6.0.7
Resource Hash
7422e50efbaea439fda7ef3b0eb54ee1a9fe73ea2f919d78a33bf6fb9e3e059d

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://offers.hrcovered.com/optin1681221154759
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date
Fri, 27 Oct 2023 19:27:33 GMT
content-encoding
br
cf-cache-status
HIT
age
384
x-powered-by
Phusion Passenger Enterprise 6.0.7
status
200 OK
x-request-id
196badb0986cf0e2458c85c01c4b4851
x-runtime
0.011019
x-content-digest
581e49c9b7bdd06dab54c00931f4256b223e620e
server
cloudflare
etag
W/"7422e50efbaea439fda7ef3b0eb54ee1"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=900, public
cf-ray
81cd5647fadea1fc-YYZ
x-rack-cache
stale, valid, store
/
track.addevent.com/atc/ 		0
0
js
www.googletagmanager.com/gtag/ 		269 KB
89 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-023V1BF3EQ&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-180959918-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.63.97 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bi-in-f97.1e100.net
Software
Google Tag Manager /
Resource Hash
35ff2f031a0ace9fc1e81dd5534b677d189d6d0e2d1807194bbf09aef5b738bf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://offers.hrcovered.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date
Fri, 27 Oct 2023 19:27:33 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
91174
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Fri, 27 Oct 2023 19:27:33 GMT
js
www.googletagmanager.com/gtag/ 		231 KB
80 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-588950505&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-180959918-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.63.97 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bi-in-f97.1e100.net
Software
Google Tag Manager /
Resource Hash
e335888a5e174da203034eb036e054bba814045e39971cca267e6176fb8723ba
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://offers.hrcovered.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date
Fri, 27 Oct 2023 19:27:33 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
81528
x-xss-protection
0
last-modified
Fri, 27 Oct 2023 18:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 27 Oct 2023 19:27:33 GMT
analytics.js
www.google-analytics.com/ 		52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-180959918-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.63.113 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bi-in-f113.1e100.net
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://offers.hrcovered.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 27 Oct 2023 18:17:05 GMT
last-modified
Mon, 12 Jun 2023 18:23:07 GMT
server
Golfe2
age
4229
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Fri, 27 Oct 2023 20:17:05 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/588950505/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/588950505/?random=1698434853239&cv=11&fst=1698434853239&bg=ffffff&guid=ON&async=1&gtm=45be3ap0v889838607&gcd=11l1l1l1l1&u_w=1600&u_h=1200&url=https%3A%2F%2Foffers.hrcovered.com%2Foptin1681221154759&hn=www.googleadservices.com&frm=0&tiba=EMPLOYMENT%20AGREEMENT%20CHECKLIST&auid=1618852775.1698434853&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-588950505
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.111.154 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bk-in-f154.1e100.net
Software
cafe /
Resource Hash
dee26c0218b657bc97b46d010efa7ac2c93af1445b8ee1f3cff9571551fa7baa
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://offers.hrcovered.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 27 Oct 2023 19:27:33 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1355
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
ipinfo.io/ 		616 B
653 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ipinfo.io/?callback=jQuery18109888411612942154_1698434852890&_=1698434853334
Requested by
Host: offers.hrcovered.com
URL: https://offers.hrcovered.com/assets/lander.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.117.59.81 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
81.59.117.34.bc.googleusercontent.com
Software
/
Resource Hash
f0ed0b84a28425f9bed1a5456cf02d8fa05c2bb2ce62488cbfc3107b92299219
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://offers.hrcovered.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date
Fri, 27 Oct 2023 19:27:34 GMT
strict-transport-security
max-age=2592000; includeSubDomains
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
content-encoding
gzip
via
1.1 google
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
x-envoy-upstream-service-time
2
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
flags.png
cdn.jsdelivr.net/npm/intl-tel-input@14.0.3/build/img/ 		69 KB
69 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.jsdelivr.net/npm/intl-tel-input@14.0.3/build/img/flags.png
Requested by
Host: offers.hrcovered.com
URL: https://offers.hrcovered.com/optin1681221154759
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.229 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
0a012cf808a24573168308916092d2d4bd3f2b4af8e16b59167013cc77acee55
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://offers.hrcovered.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Fri, 27 Oct 2023 19:27:33 GMT
x-content-type-options
nosniff
age
1516440
x-jsd-version
14.0.3
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
70857
x-served-by
cache-fra-eddf8230123-FRA, cache-yyz4551-YYZ
x-jsd-version-type
version
etag
W/"114c9-IVcsl1Hlo9wgOVvvoPyzScMsSBE"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges
bytes
timing-allow-origin
*
/
app.clickfunnels.com/userevents/ 		0
413 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.clickfunnels.com/userevents/?funnel_id=UEFaREk1N0kwSG1MbkN1anV4ZmxyZz09LS1zZGFaK3pwS1J2Zldnb3ZUejRZczJBPT0%3D--0ac2164c1363ed68c6dcbe552651f4b039506f76&page_id=VHI3cmxZdnBPOGp1Q25iL2NBSmxadz09LS1QOGk2WGhSY29RTHhRL2cxMG1uRElnPT0%3D--626f45708c58e563471baeddb58fab9ff8ef29d6&funnel_step_id=V0RiK0t3V2hISHhIQU9KdExlMHJ6UT09LS1YMGl3MXpDSHp5WklEODFPaVp4ZzV3PT0%3D--b94f0366ccdbef3a5d5cc26d533c2a9a6208a164&user_id=UU1nU1ZNbVIxTnlGMlc5NkJKSy91Zz09LS1sWCsyWXRoRWN3anV5c2pkUThaZWR3PT0%3D--c8128bcb92abaa82df3921c4aa8bfce3f9e85490&account_id=TTh2eUhjSjJjamFFNTA4QWxUSElZQT09LS1ZS0Q4bm4vQnBnL2NoSkxWN0owQllnPT0%3D--ae5930bc2980008916f7578e0817264acba9bb3a&page_code=NTg5Mjc0ODk%3D&mode_id=1&time_zone=Eastern%20Time%20(US%20%26%20Canada)&app_domain=app.clickfunnels.com&aff_sub2=&aff_sub3=&aff_sub=&affiliate_id=&cf_affiliate_id=&content=&medium=&name=&source=&term=&client_width=1600&type=Userevents::PageviewsCreatedSummary&nonce=9eddaa6a-417a-4cdf-87cc-6fd4b7d14a3e&url=https%3A%2F%2Foffers.hrcovered.com%2Foptin1681221154759
Requested by
Host: offers.hrcovered.com
URL: https://offers.hrcovered.com/assets/userevents/application.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.16.16.194 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Phusion Passenger Enterprise 6.0.7
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://offers.hrcovered.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 27 Oct 2023 19:27:33 GMT
access-control-request-method
*
x-runtime
0.024272
cf-cache-status
BYPASS
server
cloudflare
x-powered-by
Phusion Passenger Enterprise 6.0.7
vary
Accept-Encoding
content-type
text/html
access-control-allow-origin
*
status
202 Accepted
cache-control
no-cache, no-store
cf-ray
81cd5649ec2a3a03-YYZ
x-rack-cache
miss
x-request-id
476343f5d1e529a50be26a636f35cba7
/
app.clickfunnels.com/userevents/ 		0
414 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.clickfunnels.com/userevents/?funnel_id=UEFaREk1N0kwSG1MbkN1anV4ZmxyZz09LS1zZGFaK3pwS1J2Zldnb3ZUejRZczJBPT0%3D--0ac2164c1363ed68c6dcbe552651f4b039506f76&page_id=VHI3cmxZdnBPOGp1Q25iL2NBSmxadz09LS1QOGk2WGhSY29RTHhRL2cxMG1uRElnPT0%3D--626f45708c58e563471baeddb58fab9ff8ef29d6&funnel_step_id=V0RiK0t3V2hISHhIQU9KdExlMHJ6UT09LS1YMGl3MXpDSHp5WklEODFPaVp4ZzV3PT0%3D--b94f0366ccdbef3a5d5cc26d533c2a9a6208a164&user_id=UU1nU1ZNbVIxTnlGMlc5NkJKSy91Zz09LS1sWCsyWXRoRWN3anV5c2pkUThaZWR3PT0%3D--c8128bcb92abaa82df3921c4aa8bfce3f9e85490&account_id=TTh2eUhjSjJjamFFNTA4QWxUSElZQT09LS1ZS0Q4bm4vQnBnL2NoSkxWN0owQllnPT0%3D--ae5930bc2980008916f7578e0817264acba9bb3a&page_code=NTg5Mjc0ODk%3D&mode_id=1&time_zone=Eastern%20Time%20(US%20%26%20Canada)&app_domain=app.clickfunnels.com&aff_sub2=&aff_sub3=&aff_sub=&affiliate_id=&cf_affiliate_id=&content=&medium=&name=&source=&term=&client_width=1600&type=Userevents::UniquePageviewsCreatedSummary&nonce=3baedb2f-269e-436d-bf82-8a5ecbf79129&url=https%3A%2F%2Foffers.hrcovered.com%2Foptin1681221154759
Requested by
Host: offers.hrcovered.com
URL: https://offers.hrcovered.com/assets/userevents/application.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.16.16.194 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Phusion Passenger Enterprise 6.0.7
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://offers.hrcovered.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 27 Oct 2023 19:27:33 GMT
access-control-request-method
*
x-runtime
0.032568
cf-cache-status
BYPASS
server
cloudflare
x-powered-by
Phusion Passenger Enterprise 6.0.7
vary
Accept-Encoding
content-type
text/html
access-control-allow-origin
*
status
202 Accepted
cache-control
no-cache, no-store
cf-ray
81cd5649ec2e3a03-YYZ
x-rack-cache
miss
x-request-id
1d222b691f5ffe4daa10fe6168e7a01d
/
app.clickfunnels.com/userevents/ 		0
627 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.clickfunnels.com/userevents/?funnel_id=UEFaREk1N0kwSG1MbkN1anV4ZmxyZz09LS1zZGFaK3pwS1J2Zldnb3ZUejRZczJBPT0%3D--0ac2164c1363ed68c6dcbe552651f4b039506f76&page_id=VHI3cmxZdnBPOGp1Q25iL2NBSmxadz09LS1QOGk2WGhSY29RTHhRL2cxMG1uRElnPT0%3D--626f45708c58e563471baeddb58fab9ff8ef29d6&funnel_step_id=V0RiK0t3V2hISHhIQU9KdExlMHJ6UT09LS1YMGl3MXpDSHp5WklEODFPaVp4ZzV3PT0%3D--b94f0366ccdbef3a5d5cc26d533c2a9a6208a164&user_id=UU1nU1ZNbVIxTnlGMlc5NkJKSy91Zz09LS1sWCsyWXRoRWN3anV5c2pkUThaZWR3PT0%3D--c8128bcb92abaa82df3921c4aa8bfce3f9e85490&account_id=TTh2eUhjSjJjamFFNTA4QWxUSElZQT09LS1ZS0Q4bm4vQnBnL2NoSkxWN0owQllnPT0%3D--ae5930bc2980008916f7578e0817264acba9bb3a&page_code=NTg5Mjc0ODk%3D&mode_id=1&time_zone=Eastern%20Time%20(US%20%26%20Canada)&app_domain=app.clickfunnels.com&aff_sub2=&aff_sub3=&aff_sub=&affiliate_id=&cf_affiliate_id=&content=&medium=&name=&source=&term=&client_width=1600&type=Userevents::UniqueVisitorsCreatedSummary&nonce=647d836c-d058-4b88-b681-0c5b04072e23&url=https%3A%2F%2Foffers.hrcovered.com%2Foptin1681221154759
Requested by
Host: offers.hrcovered.com
URL: https://offers.hrcovered.com/assets/userevents/application.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.16.16.194 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Phusion Passenger Enterprise 6.0.7
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://offers.hrcovered.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 27 Oct 2023 19:27:33 GMT
access-control-request-method
*
x-runtime
0.020545
cf-cache-status
BYPASS
server
cloudflare
x-powered-by
Phusion Passenger Enterprise 6.0.7
vary
Accept-Encoding
content-type
text/html
access-control-allow-origin
*
status
202 Accepted
cache-control
no-cache, no-store
cf-ray
81cd5649ec2f3a03-YYZ
x-rack-cache
miss
x-request-id
aee4ef0b6306f79603e167799a3cb916
collect
analytics.google.com/g/ 		0
248 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.google.com/g/collect?v=2&tid=G-023V1BF3EQ&gtm=45je3ap0v878958468&_p=1936333113&_gaz=1&gcd=11l1l1l1l1&cid=855861402.1698434853&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AAAI&_s=1&sid=1698434853&sct=1&seg=0&dl=https%3A%2F%2Foffers.hrcovered.com%2Foptin1681221154759&dt=EMPLOYMENT%20AGREEMENT%20CHECKLIST&en=page_view&_fv=2&_nsi=1&_ss=2&_c=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-023V1BF3EQ&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.122.102 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bh-in-f102.1e100.net
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://offers.hrcovered.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 27 Oct 2023 19:27:34 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://offers.hrcovered.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/ 		0
257 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-023V1BF3EQ&cid=855861402.1698434853&gtm=45je3ap0v878958468&aip=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-023V1BF3EQ&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.115.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bg-in-f155.1e100.net
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://offers.hrcovered.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 27 Oct 2023 19:27:34 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://offers.hrcovered.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.ca/ads/ 		42 B
408 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.ca/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-023V1BF3EQ&cid=855861402.1698434853&gtm=45je3ap0v878958468&aip=1&z=514678205
Requested by
Host: offers.hrcovered.com
URL: https://offers.hrcovered.com/optin1681221154759
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.163.94 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
wv-in-f94.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://offers.hrcovered.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 27 Oct 2023 19:27:34 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
analytics.google.com/g/ 		0
45 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.google.com/g/collect?v=2&tid=G-023V1BF3EQ&gtm=45je3ap0v878958468&_p=1936333113&gcd=11l1l1l1l1&cid=855861402.1698434853&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AEAI&_s=2&sid=1698434853&sct=1&seg=0&dl=https%3A%2F%2Foffers.hrcovered.com%2Foptin1681221154759&dt=EMPLOYMENT%20AGREEMENT%20CHECKLIST&en=scroll&_c=1&epn.percent_scrolled=90&_et=27
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-023V1BF3EQ&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.122.102 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bh-in-f102.1e100.net
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://offers.hrcovered.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 27 Oct 2023 19:27:34 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://offers.hrcovered.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/588950505/ 		42 B
455 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/588950505/?random=1698434853239&cv=11&fst=1698433200000&bg=ffffff&guid=ON&async=1&gtm=45be3ap0v889838607&u_w=1600&u_h=1200&url=https%3A%2F%2Foffers.hrcovered.com%2Foptin1681221154759&frm=0&tiba=EMPLOYMENT%20AGREEMENT%20CHECKLIST&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1754444159&rmt_tld=0&ipr=y
Requested by
Host: offers.hrcovered.com
URL: https://offers.hrcovered.com/optin1681221154759
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.62.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bc-in-f147.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://offers.hrcovered.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 27 Oct 2023 19:27:34 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.ca/pagead/1p-user-list/588950505/ 		42 B
154 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.ca/pagead/1p-user-list/588950505/?random=1698434853239&cv=11&fst=1698433200000&bg=ffffff&guid=ON&async=1&gtm=45be3ap0v889838607&u_w=1600&u_h=1200&url=https%3A%2F%2Foffers.hrcovered.com%2Foptin1681221154759&frm=0&tiba=EMPLOYMENT%20AGREEMENT%20CHECKLIST&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1754444159&rmt_tld=1&ipr=y
Requested by
Host: offers.hrcovered.com
URL: https://offers.hrcovered.com/optin1681221154759
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.163.94 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
wv-in-f94.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://offers.hrcovered.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 27 Oct 2023 19:27:34 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/j/ 		2 B
210 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1936333113&t=pageview&_s=1&dl=https%3A%2F%2Foffers.hrcovered.com%2Foptin1681221154759&ul=en-us&de=UTF-8&dt=EMPLOYMENT%20AGREEMENT%20CHECKLIST&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAUABAAAAACAAI~&jid=1224662182&gjid=761745601&cid=855861402.1698434853&tid=UA-180959918-1&_gid=266524361.1698434854&_r=1&gtm=457e3ap0&gcd=11l1l1l1l1&jsscut=1&z=184331456
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.63.113 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bi-in-f113.1e100.net
Software
Golfe2 /
Resource Hash
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://offers.hrcovered.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 27 Oct 2023 19:27:34 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://offers.hrcovered.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
closemodal.png
app.clickfunnels.com/images/ 		672 B
920 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://app.clickfunnels.com/images/closemodal.png
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.16.16.194 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5216f197f782f4bb872e02a677986af90a488015910f8d3864b796ad68dbd389

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://offers.hrcovered.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date
Fri, 27 Oct 2023 19:27:34 GMT
cf-cache-status
HIT
last-modified
Thu, 05 Oct 2023 14:30:48 GMT
cf-bgj
imgq:100,h2pri
server
cloudflare
age
77627
etag
"651ec898-314"
cf-polished
origFmt=png, origSize=788
vary
Accept, Accept-Encoding
content-type
image/webp
cache-control
public, max-age=2678400
content-disposition
inline; filename="closemodal.webp"
accept-ranges
bytes
cf-ray
81cd564ff80939fb-YYZ
expires
Mon, 27 Nov 2023 19:27:34 GMT
hiring_hrc_lawyers_person_img.png
offers.hrcovered.com/hosted/images/ab/eb2e699de549af9e00071eccc10c53/ 		695 KB
696 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://offers.hrcovered.com/hosted/images/ab/eb2e699de549af9e00071eccc10c53/hiring_hrc_lawyers_person_img.png
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.16.15.194 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
47f2432132e0d6d5c2ec381b23c431e0a1837fbb3db96050b3e37300dc26143b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://offers.hrcovered.com/optin1681221154759
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date
Fri, 27 Oct 2023 19:27:34 GMT
cf-cache-status
REVALIDATED
last-modified
Fri, 10 Jun 2022 00:30:45 GMT
cf-bgj
imgq:85,h2pri
server
cloudflare
x-amz-cf-pop
YUL62-P2
etag
"f5394cc4a79eab1b474f38031ae9a45c"
cf-polished
origSize=711903
vary
Accept, Accept-Encoding
content-type
image/png
cache-control
max-age=31536000
accept-ranges
bytes
cf-ray
81cd564ffe51a1fc-YYZ
content-length
711882
background.png
offers.hrcovered.com/images/ 		119 B
387 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://offers.hrcovered.com/images/background.png?_unique=0.7615504363953756&_uniqueVisitorID=null&_type=WINDOW&_location=ttps%3A//offers.hrcovered.com/optin1681221154759&_title=EMPLOYMENT%20AGREEMENT%20CHECKLIST&_key=27gs04tf&_page_key=slgd83gozxdols5o&_fid=12916322&_fspos=1&_fvrs=1&_funnel_stat=1&_location=https://offers.hrcovered.com/optin1681221154759&_referrer=
Requested by
Host: offers.hrcovered.com
URL: https://offers.hrcovered.com/vendor.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.16.15.194 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Phusion Passenger Enterprise 6.0.7
Resource Hash
7254b2b22860abc47822352cd6fdf18650ea852e399dec81eed273a409a998f6

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://offers.hrcovered.com/optin1681221154759
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date
Fri, 27 Oct 2023 19:27:34 GMT
access-control-request-method
*
content-encoding
br
cf-cache-status
DYNAMIC
x-powered-by
Phusion Passenger Enterprise 6.0.7
status
200 OK
x-request-id
52de0df8834e05ddb3ff2c7c8e4b0a73
x-runtime
0.012184
server
cloudflare
vary
Accept-Encoding
access-control-allow-methods
POST, GET
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
no-cache, no-store, private
cf-ray
81cd56500e6ba1fc-YYZ
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization
x-rack-cache
miss
utils.min.js
cdn.jsdelivr.net/npm/intl-tel-input@14.0.3/build/js/ 		218 KB
56 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/intl-tel-input@14.0.3/build/js/utils.min.js
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/intl-tel-input@14.0.3/build/js/intlTelInput.min.js
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
151.101.1.229 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
a781acd8fe79cec5d4e79174ec57275b3b224dc757d40695d3c557e469c15fc0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://offers.hrcovered.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Fri, 27 Oct 2023 19:27:34 GMT
x-content-type-options
nosniff
content-encoding
br
age
2106948
x-jsd-version
14.0.3
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
57283
x-served-by
cache-fra-eddf8230073-FRA, cache-yyz4520-YYZ
x-jsd-version-type
version
etag
W/"366b6-gwL9uGxXxwRdLlf9eHSQWKwuXRc"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges
bytes
timing-allow-origin
*
collect
stats.g.doubleclick.net/j/ 		4 B
151 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-180959918-1&cid=855861402.1698434853&jid=1224662182&gjid=761745601&_gid=266524361.1698434854&_u=YADAAUAAAAAAACAAI~&z=419289851
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.115.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bg-in-f155.1e100.net
Software
Golfe2 /
Resource Hash
8685bca4bb29a8a8289c3effd282cb8718a7d14da65f1397481f213b15469f50
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://offers.hrcovered.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
date
Fri, 27 Oct 2023 19:27:34 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://offers.hrcovered.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
offers.hrcovered.com/cdn-cgi/ 		0
165 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://offers.hrcovered.com/cdn-cgi/rum?
Requested by
Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.16.15.194 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://offers.hrcovered.com/optin1681221154759
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
content-type
application/json

Response headers

date
Fri, 27 Oct 2023 19:27:34 GMT
x-content-type-options
nosniff
server
cloudflare
vary
Origin
access-control-max-age
86400
access-control-allow-methods
POST,OPTIONS
access-control-allow-origin
https://offers.hrcovered.com
x-frame-options
DENY
access-control-allow-credentials
true
cf-ray
81cd5650bf64a1fc-YYZ
ga-audiences
www.google.com/ads/ 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-180959918-1&cid=855861402.1698434853&jid=1224662182&_u=YADAAUAAAAAAACAAI~&z=1931687309
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.62.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bc-in-f147.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://offers.hrcovered.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 27 Oct 2023 19:27:34 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.ca/ads/ 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.ca/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-180959918-1&cid=855861402.1698434853&jid=1224662182&_u=YADAAUAAAAAAACAAI~&z=1931687309
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.163.94 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
wv-in-f94.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://offers.hrcovered.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 27 Oct 2023 19:27:34 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
track.addevent.com
URL
https://track.addevent.com/atc/?trktyp=jsinit&trkcal=&guid=53e493bf-95b5-4817-dc47-267f70121428&url=https%3A%2F%2Foffers.hrcovered.com%2Foptin1681221154759&cache=1698434853104

Verdicts & Comments Add Verdict or Comment

270 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture function| gtag object| dataLayer function| init string| CFAppDomain boolean| domainIsCFInternal function| ouibounce function| CFbuildAudioPlayer function| evsfix function| calcTax function| cfStripeTokenHandler function| cfStripePaymentIntentFormAdder function| cfCreateElements function| cfCreateiDEALSource function| cfProcessiDEALSourceRedirect function| cfSaveiDEALSourceInfo function| cfPopulateFormForiDEAL function| cfCreateStripeToken function| cfHandlePaymentUsingSetupIntent function| cfOrderErrorMessage function| cfHandlePaymentUsingPaymentIntent function| shouldUsePaymentIntentFlow function| cfCreateStripePaymentMethod function| cfTransformStripeToken function| cfElementsFindFont function| cleanupLocalStorage function| cfHandleiDEALRedirect function| AttachStripeElements function| prettyNotify function| start_firebase function| displayPageNotifier function| start_page_notifier function| start_firebase_quantity_limiter function| readCookie function| CFExtractPayPalButtonConfiguration function| CFPaySelectPaypalTransactions function| PaySelectInit function| recalcRoundUp function| addCharityToSummary function| addSaasRedirectClickHandler function| CFInfusionsoftTokenizationHandler function| webinarDelay function| cookieWebinarTime function| getWebinarLastTime function| reportWebinarTime function| periodicAutoWebinarCheck function| periodicLessonCheck function| reportLessonProgress function| CFSanitizeCountdownElement function| CFstartBPVideos function| CFprocessBPVideos function| CFcheckForVimeo function| CFhandleWistiaBPVideo function| CFhandleAllVimeoBPVideos function| CFhandleAllYouTubeBPVideos function| CFhandleVideoLabels function| CFsetupSessionStarterBP function| CFsetupMutedVideos function| CFrenameVimeoURLAttribute undefined| checkPreview undefined| cookie_variable undefined| tag undefined| firstScriptTag undefined| elVideo_one undefined| elVideo_two undefined| elVideo_three undefined| elVideo_four undefined| elVideo_type undefined| elVideo_show undefined| elVideo_hide undefined| elVideo_numberofvideos undefined| gettheType_unlocker undefined| player undefined| playVideoText undefined| pauseVideoText undefined| playingVideoText undefined| lockedVideoText boolean| cfpeorders function| recurlyDateHandler function| recurlyNameHandler function| recurlyCountryHandler number| CF_KEYCODE_ENTER number| CF_KEYCODE_SPACE undefined| checkifPreview_randomCookie undefined| elCheckVideoEndType undefined| unlockVideoDate undefined| checkifUnlockableDate undefined| checkifUnlockableEverGreenDate undefined| everGreenDates function| onYouTubeIframeAPIReady undefined| elUnlocker_startVideo undefined| onPlayerReady undefined| elvideounlockerProgress undefined| elUnlocker_changeVideo undefined| onPlayerStateChange undefined| runAnimationFade undefined| runAnimationScale undefined| runAnimationLeft undefined| runAnimationRight undefined| runAnimationTop undefined| runAnimationBottom function| getURLParameter function| cfpeRebuildOrderSummary function| formatRecurlyExpirationDate function| validateRecurlyExpirationDate function| $ function| jQuery function| moment object| jQuery18109888411612942154 function| JQClass function| tinycolor function| generateUniqueId object| CFUtils object| ClickFunnels function| _ object| mejs function| MediaElement object| HtmlMediaElement function| onYouTubePlayerAPIReady function| DefaultPlayer function| MediaElementPlayer function| videojs function| _V_ function| $d string| proc string| _image_path string| _ate_license boolean| _ate_mouse string| _ate_css string| _ate_callback string| _ate_dropdown string| _ate_lbl_outlook string| _ate_lbl_google string| _ate_lbl_yahoo string| _ate_lbl_hotmail string| _ate_lbl_ical string| _ate_lbl_fb_event boolean| _ate_show_outlook boolean| _ate_show_google boolean| _ate_show_yahoo boolean| _ate_show_hotmail boolean| _ate_show_ical boolean| _ate_show_facebook boolean| _d_rd boolean| _ate_btn_found boolean| _ate_btn_expo object| addthisevent function| postscribe object| I18n object| Clickfunnels function| calcShipping undefined| cfStripeElementsCardElement function| Firebase function| ES6Promise object| cookieconsent object| options function| track_capi object| cfFacebookInitOptions function| fbAsyncInit string| page_key string| fid string| fspos string| fvrs object| cf_tracker string| cf_key string| serverUrl function| getURLParameterExact object| intlTelInputGlobals function| intlTelInput function| createGUID function| toQueryString function| setCookie function| getCookie function| logError function| done function| recordUserEvent function| setCFMetaTagsFromCookies function| setCFMetaTagsFromQueryString function| getCFMetaTag function| writeCFMetaTag function| queryStringFromCFMetaTags function| recordPageview function| recordUniqueVisitor function| recordUniquePageview function| setClientWidth function| setForm function| CLICKFUNNELS_OLD_FORM_SUBMIT object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga function| callbackFunction object| _pcq object| GooglebQhCsO number| funnel_stat boolean| ecookie function| loadScript function| jQueryCheck function| createCookie function| formatObject function| getFormData function| filteredMatch function| changeText boolean| replied object| sender object| cfUniqueVisitorID function| cfSetUniqueVisitorID function| SendData function| wait function| sleep function| checkresponse function| answered function| postpone object| formSubmitFunctions function| formAttach function| addEvent function| filtered_string object| url_params undefined| parts undefined| nv function| cf_load function| get_XmlHttp object| __cfBeacon object| cfpe object| getVars object| $cfSurvey_outcome object| CFSurveyQueryOutcome string| target string| str undefined| checkVideoAttr undefined| showVideoBG string| $url object| $queries undefined| $utm_source string| $pID string| $rootID string| $variantcheck string| $userID undefined| $iframeCheck string| $requiredCheck object| SurveyMatcher undefined| $carContestProgress string| $localTime string| $autoWebinarDay1 string| $autoWebinarDay1_raw string| $selectText string| $autoWebinarDay0 string| $autoWebinarDay0_raw string| $replayText string| $autoWebinarDay2 string| $autoWebinarDay2_raw string| $autoWebinarDay3 string| $autoWebinarDay3_raw undefined| date undefined| time object| webinar_datetime object| webinar_datetime_offset boolean| now object| now_offset number| webinar_delay object| webinar_delay_offset boolean| $removeSelectDateOnAutoWebinar undefined| jQuery18109888411612942154_1698434852890 object| gaGlobal object| Mailcheck object| gaplugins object| gaData string| root_url number| timeout object| intlTelInputUtils

26 Cookies

Domain/Path Name / Value
.offers.hrcovered.com/ Name: __cf_bm
Value: XD7QU.BP.zjvbieMu9uDoCaq0knYLE4pKhcJXaFp5Es-1698434851-0-ARax8M6sMt3ZqGCDHkSbE0jPIeJjv6H8PmsIIUTeiN3bA/3UxXIGj1oQJBk9JoCuBozxWqNlzEv/P7zFOrffp/XEgcxu8+LSO0/XPbQXF3pA
.offers.hrcovered.com/ Name: _cfuvid
Value: 6SFcWjrW2kgDUejKjzddXn4EYFr1Rro1WihaZTxuHn4-1698434851534-0-604800000
offers.hrcovered.com/ Name: addevent_track_cookie
Value: 53e493bf-95b5-4817-dc47-267f70121428
.hrcovered.com/ Name: _gcl_au
Value: 1.1.1618852775.1698434853
offers.hrcovered.com/ Name: cf:aff_sub2
Value:
offers.hrcovered.com/ Name: cf:aff_sub3
Value:
offers.hrcovered.com/ Name: cf:aff_sub
Value:
offers.hrcovered.com/ Name: cf:affiliate_id
Value:
offers.hrcovered.com/ Name: cf:cf_affiliate_id
Value:
offers.hrcovered.com/ Name: cf:content
Value:
offers.hrcovered.com/ Name: cf:medium
Value:
offers.hrcovered.com/ Name: cf:name
Value:
offers.hrcovered.com/ Name: cf:source
Value:
offers.hrcovered.com/ Name: cf:term
Value:
offers.hrcovered.com/ Name: cf:NTg5Mjc0ODk
Value: :visited=true
offers.hrcovered.com/ Name: cf:visitor_id
Value: dfea54e1-bcf2-4742-a424-8e83625c4628
.doubleclick.net/ Name: test_cookie
Value: CheckForPermission
.hrcovered.com/ Name: _ga_023V1BF3EQ
Value: GS1.1.1698434853.1.0.1698434853.60.0.0
.clickfunnels.com/ Name: __cf_bm
Value: 06BJ1pGtXgzyaDoUNtsQdw_s_tjEX54c_QDlUaHjfh4-1698434854-0-Ab8UlFvT+J1pJlSoj4rK/Zn66qJUHQ7TQoD7l9/cAJKcjOBCwDTAqaungFQTn0C08UZD4FSwNfIDCiK+T3qrxDVz7XULkEHLBMLITQlVtTFN
.clickfunnels.com/ Name: _cfuvid
Value: yJta9yE2RKaQfedfjMue_7b7M44kEe9PmY9KrYMBn.Y-1698434854276-0-604800000
.hrcovered.com/ Name: _ga
Value: GA1.2.855861402.1698434853
.hrcovered.com/ Name: _gid
Value: GA1.2.266524361.1698434854
.hrcovered.com/ Name: _gat_gtag_UA_180959918_1
Value: 1
offers.hrcovered.com/ Name: is_eu
Value: false
offers.hrcovered.com/ Name: slgd83gozxdols5o
Value: true
offers.hrcovered.com/ Name: 12916322_viewed_1
Value: 1

1 Console Messages

Source Level URL
Text
network error URL: https://track.addevent.com/atc/?trktyp=jsinit&trkcal=&guid=53e493bf-95b5-4817-dc47-267f70121428&url=https%3A%2F%2Foffers.hrcovered.com%2Foptin1681221154759&cache=1698434853104
Message:
Failed to load resource: net::ERR_NAME_NOT_RESOLVED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analytics.google.com
app.clickfunnels.com
cdn.jsdelivr.net
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
ipinfo.io
offers.hrcovered.com
static.cloudflareinsights.com
stats.g.doubleclick.net
track.addevent.com
u23167153.ct.sendgrid.net
use.fontawesome.com
www.google-analytics.com
www.google.ca
www.google.com
www.googletagmanager.com
track.addevent.com
104.16.15.194
104.16.16.194
104.16.56.101
142.251.111.154
142.251.16.94
142.251.16.95
142.251.163.94
151.101.1.229
167.89.123.147
172.253.115.155
172.253.122.102
172.253.62.147
172.253.63.113
172.253.63.97
172.64.103.11
34.117.59.81
0a012cf808a24573168308916092d2d4bd3f2b4af8e16b59167013cc77acee55
0d1c5ba4b29db42dadf61f9e7304331fa835fe732bbb02822ada17a9a63c215f
145bc243f55bd0df2777579ee61db171aa71880adc9a3fac7c2cd9b573e3fdeb
1da788dcb3f8c86118398903b6f60067718a8c83a0338929769ad1f98195aa3d
24a6ddc71f3d94fd9bcd29b7540b49f299a1ca78986464aeb47291fdea955e35
260cb8cbced2deaef97c95772df569d849ca5157ed56496b06c693507bdd6a78
35ff2f031a0ace9fc1e81dd5534b677d189d6d0e2d1807194bbf09aef5b738bf
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
47f2432132e0d6d5c2ec381b23c431e0a1837fbb3db96050b3e37300dc26143b
4fd12163a6c4e05aa48cb4197de1f0dc8bcf81545c5eb26fcc49fc2cd922fedb
5216f197f782f4bb872e02a677986af90a488015910f8d3864b796ad68dbd389
533143d96607d94d5d4292838e364aef656d3de58fe74368263776eab9c07542
53de26395c2ad3e7c6a703bafb6e66bf991f2cb3fe74c9f296233e88eb2eef54
5ec1e2ebe080ec8fbfbdc7dd9c0c25449e1d98e4e947c11a00fd770d8841698b
6153d13804862b0fc1c016cf1129f34cb7c6185f2cf4bf1a3a862eecdab50101
6fae23c47930adc7b567d95e3b2780d6d9026ada0604bff4a9facb62c7f38fa9
7254b2b22860abc47822352cd6fdf18650ea852e399dec81eed273a409a998f6
73decdb341d66c8feecd11170a2fd8c97082c0a14dcb18e9c1b94f905bfd5a92
7422e50efbaea439fda7ef3b0eb54ee1a9fe73ea2f919d78a33bf6fb9e3e059d
7dbb39ee6e87085cbbe32d363a4776b9b696e903226fddfc695b48e6b111691c
8685bca4bb29a8a8289c3effd282cb8718a7d14da65f1397481f213b15469f50
8cbc049ddbd7ca67068451ce754401833499959c4c6ed7b98f664d42e0597808
a696b734193371073510c87df68430499c2f424ad3f7be42f586dc6aff78567b
a781acd8fe79cec5d4e79174ec57275b3b224dc757d40695d3c557e469c15fc0
ace9258026e08eae768f92aa1e8c354b69570a7f8fae374100e674592bdd5b0f
c215038a14d244d806fd8a1a5a99a036b1731bedf06f5de97bd71390323dd59c
caec52356d28a445e7ad10d92d410b52fa537697b3b453ef1c01c65ec01ff86d
cd398be1a91817126cef10224738e624358edf6f08043abad7e60c1aaeccc8d0
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
dee26c0218b657bc97b46d010efa7ac2c93af1445b8ee1f3cff9571551fa7baa
e0189e16cf01f8149342c9f2de872cfa73571f2a145a830f18b16154bf1d2982
e14cc2c71259032119ed6b1f7ffa70c775d9c35a2af970f5aaa8ced2bdab825f
e335888a5e174da203034eb036e054bba814045e39971cca267e6176fb8723ba
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0ed0b84a28425f9bed1a5456cf02d8fa05c2bb2ce62488cbfc3107b92299219
f7464960133d530dfa52ce0ab9a5c33f0a709a946ad16298b000a7560738f422