urlscan.io logo urlscan.io
SecurityTrails logo

tax.ryan.com Open in urlscan Pro
52.54.96.194  Public Scan

Go To Rescan Add Verdict Report
URL: https://tax.ryan.com/preference-center?ehash=676bf82420b4c98046539ffc0b0465fa0674d5df5d7fc103c186a78cf1290ff0&email_i...
Submission: On October 21 via manual from IN — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 12 IPs in 3 countries across 9 domains to perform 26 HTTP transactions. The main IP is 52.54.96.194, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is tax.ryan.com.
TLS certificate: Issued by R3 on August 25th 2022. Valid for: 3 months.
This is the only time tax.ryan.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

4    52.54.96.194 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-54-96-194.compute-1.amazonaws.com
tax.ryan.com
1    2a00:1450:4001:80f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
2    2600:9000:214f:200:d:7e9b:1200:93a1 (United States)

ASN16509 (AMAZON-02, US)
storage.pardot.com
2    2a00:1450:4001:802::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
2    2a00:1450:4001:801::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
9    2606:4700:4400::6812:2962 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn-ukwest.onetrust.com
geolocation.onetrust.com
2    3.92.120.28 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-92-120-28.compute-1.amazonaws.com
pi.pardot.com
2    2001:4860:4802:38::178 (United States)

ASN15169 (GOOGLE, US)
www.google-analytics.com
2    209.128.119.150 (San Jose, United States)

ASN7151 (BAYAREA-AS, US)
PTR: 209-128-119-150.bayarea.net
stats.sa-as.com
1    2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)
region1.google-analytics.com
1    2a00:1450:400c:c00::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
Apex Domain
Subdomains		 Transfer
9 onetrust.com
cdn-ukwest.onetrust.com — Cisco Umbrella Rank: 6315
geolocation.onetrust.com — Cisco Umbrella Rank: 678
134 KB
4 pardot.com
storage.pardot.com — Cisco Umbrella Rank: 8855
pi.pardot.com — Cisco Umbrella Rank: 3646
37 KB
4 ryan.com
tax.ryan.com
6 KB
3 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 32
region1.google-analytics.com — Cisco Umbrella Rank: 2668
20 KB
2 sa-as.com
stats.sa-as.com — Cisco Umbrella Rank: 57290
1 KB
2 gstatic.com
fonts.gstatic.com
46 KB
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 61
144 KB
1 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 84
437 B
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 44
909 B
26 9
Domain Requested by
8 cdn-ukwest.onetrust.com www.googletagmanager.com
cdn-ukwest.onetrust.com
4 tax.ryan.com 2 redirects pi.pardot.com
2 stats.sa-as.com www.googletagmanager.com
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
2 pi.pardot.com tax.ryan.com
pi.pardot.com
2 fonts.gstatic.com fonts.googleapis.com
2 www.googletagmanager.com tax.ryan.com
www.googletagmanager.com
2 storage.pardot.com tax.ryan.com
1 stats.g.doubleclick.net www.google-analytics.com
1 region1.google-analytics.com www.googletagmanager.com
1 geolocation.onetrust.com cdn-ukwest.onetrust.com
1 fonts.googleapis.com tax.ryan.com
26 12

This site contains links to these domains. Also see Links.

Domain
cookiepedia.co.uk
www.onetrust.com
Subject Issuer Validity Valid
tax.ryan.com
R3		 2022-08-25 -
2022-11-23		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2022-09-26 -
2022-12-19		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2022-09-12 -
2022-12-05		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2022-09-12 -
2022-12-05		 3 months crt.sh
onetrust.com
Cloudflare Inc ECC CA-3		 2022-07-18 -
2023-07-18		 a year crt.sh
pi.pardot.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-09-13 -
2023-09-12		 a year crt.sh
stats.sa-as.com
Sectigo RSA Domain Validation Secure Server CA		 2022-02-14 -
2023-02-14		 a year crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2022-09-26 -
2022-12-19		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://tax.ryan.com/preference-center?ehash=676bf82420b4c98046539ffc0b0465fa0674d5df5d7fc103c186a78cf1290ff0&email_id=321122086&epc_hash=NJxPodEgYYOYtSAPUNWRi7R1M4JK4EXgyTNSAANRoWQ
Frame ID: DC6B47B0C6FFE97C852A51548E0A60C0
Requests: 27 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Email Preference CenterBack ButtonSearch IconFilter Icon

Detected technologies

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • <!-- (?:End )?Google Tag Manager -->
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • otSDKStub\.js

Page Statistics

26
Requests

92 %
HTTPS

73 %
IPv6

9
Domains

12
Subdomains

12
IPs

3
Countries

390 kB
Transfer

1119 kB
Size

11
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1
  • https://tax.ryan.com/general-form-style HTTP 302
  • https://storage.pardot.com/862781/1646846630a2TwMzPz/general_form.css
Request Chain 2
  • https://tax.ryan.com/l/862781/2020-04-13/6g56/862781/10531/ryan_logo_450x164.png HTTP 302
  • https://storage.pardot.com/862781/10531/ryan_logo_450x164.png

26 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request preference-center
tax.ryan.com/ 		9 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tax.ryan.com/preference-center?ehash=676bf82420b4c98046539ffc0b0465fa0674d5df5d7fc103c186a78cf1290ff0&email_id=321122086&epc_hash=NJxPodEgYYOYtSAPUNWRi7R1M4JK4EXgyTNSAANRoWQ
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.54.96.194 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-54-96-194.compute-1.amazonaws.com
Software
PardotServer /
Resource Hash
9678bd0b5db95004ffc9fd6174dc13ac4b1faab849965f5a05868369f22713e7

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
keep-alive
Content-Length
3237
Content-Type
text/html; charset=utf-8
Date
Fri, 21 Oct 2022 18:45:32 GMT
Server
PardotServer
X-Pardot-Route
e8229a0ff18ebffc83a98010d2521dd5
cache-control
no-store, no-cache, must-revalidate
content-encoding
gzip
expires
Thu, 19 Nov 1981 08:52:00 GMT
p3p
CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
pragma
no-cache
referrer-policy
no-referrer
status
404 Not Found
vary
Accept-Encoding,User-Agent
x-pardot-rsp
0/0/1
x-robots-tag
nofollow, noindex
css2
fonts.googleapis.com/ 		1 KB
909 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Lato:wght@400;700&display=swap
Requested by
Host: tax.ryan.com
URL: https://tax.ryan.com/preference-center?ehash=676bf82420b4c98046539ffc0b0465fa0674d5df5d7fc103c186a78cf1290ff0&email_id=321122086&epc_hash=NJxPodEgYYOYtSAPUNWRi7R1M4JK4EXgyTNSAANRoWQ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
aee1e4e4dfaa2c0f96dcaf744f7f30e2cacd831eed9aae5266189216fa13a06a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Fri, 21 Oct 2022 18:45:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Fri, 21 Oct 2022 18:21:25 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 21 Oct 2022 18:45:32 GMT
general_form.css
storage.pardot.com/862781/1646846630a2TwMzPz/
Redirect Chain
  • https://tax.ryan.com/general-form-style
  • https://storage.pardot.com/862781/1646846630a2TwMzPz/general_form.css
3 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://storage.pardot.com/862781/1646846630a2TwMzPz/general_form.css
Requested by
Host: tax.ryan.com
URL: https://tax.ryan.com/preference-center?ehash=676bf82420b4c98046539ffc0b0465fa0674d5df5d7fc103c186a78cf1290ff0&email_id=321122086&epc_hash=NJxPodEgYYOYtSAPUNWRi7R1M4JK4EXgyTNSAANRoWQ
Protocol
H2
Server
2600:9000:214f:200:d:7e9b:1200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
54adaa54b44e3bc930b800b1ff004183223aaa51ecf73c08f8df3ad1ddd8bfdb

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 18:45:33 GMT
x-amz-version-id
Z_Ou6R7EaCahTsBerm7Lcbybp7mL0H8q
via
1.1 3f6fbf009bb5cf969f92ba2e59576614.cloudfront.net (CloudFront)
last-modified
Wed, 09 Mar 2022 17:23:51 GMT
server
AmazonS3
x-amz-cf-pop
FRA53-C1
etag
"77d1ddadab580811c685c6753641e7d2"
x-cache
Miss from cloudfront
content-type
text/css
x-amz-replication-status
COMPLETED
accept-ranges
bytes
x-robots-tag
none
content-length
3410
x-amz-cf-id
SCbwDPE0tQisWdvxTqeOz7x36VBypXpBA-_8OyptTz4UaXATgQONig==

Redirect headers

Date
Fri, 21 Oct 2022 18:45:32 GMT
content-encoding
gzip
X-Pardot-Route
e8229a0ff18ebffc83a98010d2521dd5
Server
PardotServer
vary
Accept-Encoding,User-Agent
p3p
CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
location
https://storage.pardot.com/862781/1646846630a2TwMzPz/general_form.css
Content-Type
text/html; charset=UTF-8
cache-control
max-age=600
Connection
keep-alive
x-robots-tag
none
Content-Length
143
expires
Fri, 21 Oct 2022 18:55:32 GMT
ryan_logo_450x164.png
storage.pardot.com/862781/10531/
Redirect Chain
  • https://tax.ryan.com/l/862781/2020-04-13/6g56/862781/10531/ryan_logo_450x164.png
  • https://storage.pardot.com/862781/10531/ryan_logo_450x164.png
28 KB
29 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://storage.pardot.com/862781/10531/ryan_logo_450x164.png
Requested by
Host: tax.ryan.com
URL: https://tax.ryan.com/preference-center?ehash=676bf82420b4c98046539ffc0b0465fa0674d5df5d7fc103c186a78cf1290ff0&email_id=321122086&epc_hash=NJxPodEgYYOYtSAPUNWRi7R1M4JK4EXgyTNSAANRoWQ
Protocol
H2
Server
2600:9000:214f:200:d:7e9b:1200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
853e9a850be1b9dc7e64ff6ef13cba2171435bd7c6c25c4661c1d4af9e5fbfe4

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 18:45:33 GMT
x-amz-version-id
MiGUl8DdRH6ERSadBu.xJwioCexixHZk
via
1.1 3f6fbf009bb5cf969f92ba2e59576614.cloudfront.net (CloudFront)
last-modified
Mon, 20 Apr 2020 19:20:03 GMT
server
AmazonS3
x-amz-cf-pop
FRA53-C1
etag
"4a40e5401bc7d135b19689694919cd9f"
x-cache
Miss from cloudfront
content-type
image/png; charset=binary
x-amz-replication-status
COMPLETED
accept-ranges
bytes
x-robots-tag
none
content-length
28784
x-amz-cf-id
1nnAfxsbjh0jajPH0XQ2hgjLZs66mGPmFDedLms8735ni5U4shIt2A==

Redirect headers

Date
Fri, 21 Oct 2022 18:45:32 GMT
content-encoding
gzip
X-Pardot-Route
e8229a0ff18ebffc83a98010d2521dd5
Server
PardotServer
vary
Accept-Encoding,User-Agent
p3p
CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
location
https://storage.pardot.com/862781/10531/ryan_logo_450x164.png
Content-Type
text/html; charset=UTF-8
cache-control
max-age=600
Connection
keep-alive
x-robots-tag
none
Content-Length
132
expires
Fri, 21 Oct 2022 18:55:32 GMT
gtm.js
www.googletagmanager.com/ 		196 KB
69 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-MPN4766
Requested by
Host: tax.ryan.com
URL: https://tax.ryan.com/preference-center?ehash=676bf82420b4c98046539ffc0b0465fa0674d5df5d7fc103c186a78cf1290ff0&email_id=321122086&epc_hash=NJxPodEgYYOYtSAPUNWRi7R1M4JK4EXgyTNSAANRoWQ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
4a8561e101553978075bc68df872a3c74fb7642f71a92e489a16253b9677ba70
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 18:45:33 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
69952
x-xss-protection
0
last-modified
Fri, 21 Oct 2022 18:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 21 Oct 2022 18:45:33 GMT
S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v23/ 		23 KB
23 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Lato:wght@400;700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://tax.ryan.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Tue, 18 Oct 2022 17:08:09 GMT
x-content-type-options
nosniff
age
265043
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
23580
x-xss-protection
0
last-modified
Tue, 26 Apr 2022 15:48:56 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 18 Oct 2023 17:08:09 GMT
S6u9w4BMUTPHh6UVSwiPGQ.woff2
fonts.gstatic.com/s/lato/v23/ 		23 KB
23 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Lato:wght@400;700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://tax.ryan.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 09:59:57 GMT
x-content-type-options
nosniff
age
31535
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
23040
x-xss-protection
0
last-modified
Tue, 26 Apr 2022 15:56:42 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 21 Oct 2023 09:59:57 GMT
otSDKStub.js
cdn-ukwest.onetrust.com/scripttemplates/ 		21 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-ukwest.onetrust.com/scripttemplates/otSDKStub.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MPN4766
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2962 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bbc4456bca95006683a8f081d0d2ed645eef5b14c62eca12c70f7e1cec26c1a0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 21 Oct 2022 18:45:33 GMT
content-encoding
gzip
cf-cache-status
HIT
content-md5
zvDmpz9S9y5z1XhncmOZ/w==
age
1037
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
7151
x-ms-lease-status
unlocked
last-modified
Thu, 06 Oct 2022 15:11:23 GMT
server
cloudflare
etag
0x8DAA7AD07E77BB9
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
1146e4e6-b01e-003f-5c59-e59347000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
75dc26a1dda5bb9b-FRA
expires
Fri, 21 Oct 2022 22:45:33 GMT
ebaf2b4d-8421-4d75-95ef-44dd7a2a9b01.json
cdn-ukwest.onetrust.com/consent/ebaf2b4d-8421-4d75-95ef-44dd7a2a9b01/ 		4 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn-ukwest.onetrust.com/consent/ebaf2b4d-8421-4d75-95ef-44dd7a2a9b01/ebaf2b4d-8421-4d75-95ef-44dd7a2a9b01.json
Requested by
Host: cdn-ukwest.onetrust.com
URL: https://cdn-ukwest.onetrust.com/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2962 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
db79892bec1a5b314af20ab2defee5f126f9f064239748ac9cac1cdef2a37b79
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 21 Oct 2022 18:45:33 GMT
content-encoding
gzip
cf-cache-status
REVALIDATED
content-md5
EAqk1vZcAseIIfrdvWQqcA==
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
1880
x-ms-lease-status
unlocked
last-modified
Wed, 05 Oct 2022 22:11:56 GMT
server
cloudflare
etag
0x8DAA71E9DB2CFD7
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
92c7ca46-501e-0017-1a59-e5e4f8000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
75dc26a25b455c1a-FRA
pd.js
pi.pardot.com/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pi.pardot.com/pd.js
Requested by
Host: tax.ryan.com
URL: https://tax.ryan.com/preference-center?ehash=676bf82420b4c98046539ffc0b0465fa0674d5df5d7fc103c186a78cf1290ff0&email_id=321122086&epc_hash=NJxPodEgYYOYtSAPUNWRi7R1M4JK4EXgyTNSAANRoWQ
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
3.92.120.28 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-92-120-28.compute-1.amazonaws.com
Software
PardotServer /
Resource Hash
3b91e6a4b14493d67f9660e6d4a2e27c1eea54d97ccb7c30acf3b89998b3be99

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date
Fri, 21 Oct 2022 18:45:33 GMT
content-encoding
gzip
X-Pardot-Route
16b0ab393667a33fe86adedc3141e88c
last-modified
Thu, 20 Oct 2022 18:46:41 GMT
Server
PardotServer
etag
"1547-gzip"
vary
Accept-Encoding,User-Agent
Content-Type
application/javascript
cache-control
max-age=63072000
Connection
keep-alive
accept-ranges
bytes
Content-Length
1946
expires
Sun, 20 Oct 2024 18:45:33 GMT
location
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 		51 B
208 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
Requested by
Host: cdn-ukwest.onetrust.com
URL: https://cdn-ukwest.onetrust.com/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2962 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a89322a678186c5957a42f45dcc88293de6ba0888c9726a0c574fc0b2e002754
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept
application/json
Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 18:45:33 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
server
cloudflare
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS
content-type
application/json
access-control-allow-origin
*
cf-ray
75dc26a2ec8f5c1a-FRA
access-control-allow-headers
Content-Type
otBannerSdk.js
cdn-ukwest.onetrust.com/scripttemplates/6.34.0/ 		348 KB
83 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-ukwest.onetrust.com/scripttemplates/6.34.0/otBannerSdk.js
Requested by
Host: cdn-ukwest.onetrust.com
URL: https://cdn-ukwest.onetrust.com/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2962 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e88dafe889a514ea8b9b07747f53d08b66a473b7caa78645b4aa2167563651e7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 21 Oct 2022 18:45:33 GMT
content-encoding
gzip
cf-cache-status
HIT
content-md5
ywzctmjVIapkx83Pz3a+AQ==
age
1014
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
84671
x-ms-lease-status
unlocked
last-modified
Tue, 19 Apr 2022 19:33:12 GMT
server
cloudflare
etag
0x8DA223B717D394F
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
17c05300-d01e-0024-2959-e5bdd5000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
75dc26a31915bb9b-FRA
expires
Fri, 21 Oct 2022 22:45:33 GMT
en-us.json
cdn-ukwest.onetrust.com/consent/ebaf2b4d-8421-4d75-95ef-44dd7a2a9b01/58cf8a65-4b9e-4d71-b072-f0dbd930415d/ 		99 KB
20 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn-ukwest.onetrust.com/consent/ebaf2b4d-8421-4d75-95ef-44dd7a2a9b01/58cf8a65-4b9e-4d71-b072-f0dbd930415d/en-us.json
Requested by
Host: cdn-ukwest.onetrust.com
URL: https://cdn-ukwest.onetrust.com/scripttemplates/6.34.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2962 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
752e036d1a3b5055fa36b64bccd43f85cc59cfbbbac43d12a321c3865b6afcfc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 21 Oct 2022 18:45:33 GMT
content-encoding
gzip
cf-cache-status
REVALIDATED
content-md5
DMwTVAlh7U3aZKMd/wjpGQ==
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
19801
x-ms-lease-status
unlocked
last-modified
Wed, 05 Oct 2022 22:12:10 GMT
server
cloudflare
etag
0x8DAA71EA6405608
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
64d80e40-801e-0015-3459-e5e602000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
75dc26a3ae4f5c1a-FRA
analytics
pi.pardot.com/ 		3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pi.pardot.com/analytics?ver=3&visitor_id=425213596&visitor_id_sign=7dcf0ea1841bbe76e838be919b0f56ab96807e28def47188f6ed4c351cf83bbe5f0f724f638bc8a9cf3bcb6902a6a9acd8d98b52&pi_opt_in=&campaign_id=6280&account_id=863781&title=Email%20Preference%20Center&url=https%3A%2F%2Ftax.ryan.com%2Fpreference-center%3Fehash%3D676bf82420b4c98046539ffc0b0465fa0674d5df5d7fc103c186a78cf1290ff0%26email_id%3D321122086%26epc_hash%3DNJxPodEgYYOYtSAPUNWRi7R1M4JK4EXgyTNSAANRoWQ&referrer=
Requested by
Host: pi.pardot.com
URL: https://pi.pardot.com/pd.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
3.92.120.28 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-92-120-28.compute-1.amazonaws.com
Software
PardotServer /
Resource Hash
f51fbe641df74aacea4b80495272679a6724f1d4ad750150fb3c7b70b7efc74e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
Date
Fri, 21 Oct 2022 18:45:33 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Pardot-Route
9b06e8e2308c32c7bf9ba8adfb7be2e1
x-pardot-rsp
0/0/1
Server
PardotServer
vary
Accept-Encoding,User-Agent
Content-Type
text/javascript; charset=utf-8
p3p
CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
cache-control
no-store, no-cache, must-revalidate
Connection
keep-alive
Content-Length
1440
expires
Thu, 19 Nov 1981 08:52:00 GMT
analytics.js
www.google-analytics.com/ 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MPN4766
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:38::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 21 Oct 2022 17:01:59 GMT
last-modified
Tue, 27 Sep 2022 22:01:05 GMT
server
Golfe2
age
6214
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20039
expires
Fri, 21 Oct 2022 19:01:59 GMT
live.js
stats.sa-as.com/ 		1 KB
986 B 		Script
General
Check archive.org
Download Go to
Full URL
https://stats.sa-as.com/live.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MPN4766
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
209.128.119.150 San Jose, United States, ASN7151 (BAYAREA-AS, US),
Reverse DNS
209-128-119-150.bayarea.net
Software
Apache /
Resource Hash
44b7fb6f761a2e8bf64400e3311c4c4bf343e888ee1b8bbf125881c4617ed70f
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date
Fri, 21 Oct 2022 18:45:22 GMT
Strict-Transport-Security
max-age=15552000; includeSubDomains
Content-Encoding
gzip
Last-Modified
Fri, 14 Apr 2017 20:48:27 GMT
Server
Apache
ETag
"2800c0-52e-54d2690345cc0"
Vary
Accept-Encoding
Content-Type
text/javascript
Connection
close
Accept-Ranges
bytes
Content-Length
630
js
www.googletagmanager.com/gtag/ 		217 KB
75 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-N1131SC0V5&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MPN4766
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
b31813f20a6fdbf78f5ea5dae7c8588821a0c480ce058e99386b81d97d4a3e42
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 18:45:33 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
76824
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Fri, 21 Oct 2022 18:45:33 GMT
otFloatingRoundedCorner.json
cdn-ukwest.onetrust.com/scripttemplates/6.34.0/assets/ 		10 KB
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn-ukwest.onetrust.com/scripttemplates/6.34.0/assets/otFloatingRoundedCorner.json
Requested by
Host: cdn-ukwest.onetrust.com
URL: https://cdn-ukwest.onetrust.com/scripttemplates/6.34.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2962 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
89fad8eccf058216f2489b00b6317daded6946aaed503d2795e65a7a2768e696
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 21 Oct 2022 18:45:33 GMT
content-encoding
gzip
cf-cache-status
REVALIDATED
content-md5
sc7SVcBhzQIEKZGwT+x78A==
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
2565
x-ms-lease-status
unlocked
last-modified
Tue, 19 Apr 2022 19:33:01 GMT
server
cloudflare
etag
0x8DA223B6AA75083
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
9f5f774c-701e-000b-0759-e53cef000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
75dc26a468155c1a-FRA
expires
Fri, 21 Oct 2022 22:45:33 GMT
otPcCenter.json
cdn-ukwest.onetrust.com/scripttemplates/6.34.0/assets/v2/ 		53 KB
12 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn-ukwest.onetrust.com/scripttemplates/6.34.0/assets/v2/otPcCenter.json
Requested by
Host: cdn-ukwest.onetrust.com
URL: https://cdn-ukwest.onetrust.com/scripttemplates/6.34.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2962 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ed075e6f14b250be3c4344953433b448b5bf72d3937bcf7cafc06bcab0d130ae
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 21 Oct 2022 18:45:33 GMT
content-encoding
gzip
cf-cache-status
REVALIDATED
content-md5
NS4/Ql3sVfXAVIyb20II4w==
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
12384
x-ms-lease-status
unlocked
last-modified
Tue, 19 Apr 2022 19:33:02 GMT
server
cloudflare
etag
0x8DA223B6B12654D
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
11490b20-b01e-003f-2d59-e59347000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
75dc26a468165c1a-FRA
expires
Fri, 21 Oct 2022 22:45:33 GMT
otCommonStyles.css
cdn-ukwest.onetrust.com/scripttemplates/6.34.0/assets/ 		21 KB
4 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn-ukwest.onetrust.com/scripttemplates/6.34.0/assets/otCommonStyles.css
Requested by
Host: cdn-ukwest.onetrust.com
URL: https://cdn-ukwest.onetrust.com/scripttemplates/6.34.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2962 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
74c39b5ec5a61c19ff20d81c0418fabd61d6deb6ac0c967da28761d6b895ff7d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 21 Oct 2022 18:45:33 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
cf-cache-status
REVALIDATED
content-md5
/wtHD+oYY7dZRzCx50GZrQ==
x-ms-lease-status
unlocked
last-modified
Tue, 19 Apr 2022 19:33:19 GMT
server
cloudflare
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
40e27111-e01e-0068-5559-e57aca000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=14400
x-ms-version
2009-09-19
cf-ray
75dc26a468175c1a-FRA
expires
Fri, 21 Oct 2022 22:45:33 GMT
truncated
/ 		817 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
db311174b0e3c340727b63c055cfb5b317808e909503e1bda11cc58af444f12b

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Content-Type
image/svg+xml
poweredBy_ot_logo.svg
cdn-ukwest.onetrust.com/logos/static/ 		3 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn-ukwest.onetrust.com/logos/static/poweredBy_ot_logo.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2962 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
49b9b4996d1ff0a8e3de643a0c623255bf631f298f2799b949c29de93926ee7a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 21 Oct 2022 18:45:33 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
cf-cache-status
HIT
content-md5
LpuayL42jB78xRllx0vkOw==
age
1035
x-ms-lease-status
unlocked
last-modified
Thu, 06 Oct 2022 15:12:04 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
aa9cdb5e-c01e-005d-4759-e5d49f000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=14400
x-ms-version
2009-09-19
cf-ray
75dc26a55f79bb9b-FRA
expires
Fri, 21 Oct 2022 22:45:33 GMT
collect
region1.google-analytics.com/g/ 		0
345 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-N1131SC0V5&gtm=2oeaj0&_p=1549539741&gdid=dYWJhMj&cid=1370965894.1666377934&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1666377933&sct=1&seg=0&dl=https%3A%2F%2Ftax.ryan.com%2Fpreference-center%3Fehash%3D676bf82420b4c98046539ffc0b0465fa0674d5df5d7fc103c186a78cf1290ff0%26email_id%3D321122086%26epc_hash%3DNJxPodEgYYOYtSAPUNWRi7R1M4JK4EXgyTNSAANRoWQ&dt=Email%20Preference%20Center&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-N1131SC0V5&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 21 Oct 2022 18:45:33 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://tax.ryan.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/j/ 		2 B
22 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j98&a=1549539741&t=pageview&_s=1&dl=https%3A%2F%2Ftax.ryan.com%2Fpreference-center%3Fehash%3D676bf82420b4c98046539ffc0b0465fa0674d5df5d7fc103c186a78cf1290ff0%26email_id%3D321122086%26epc_hash%3DNJxPodEgYYOYtSAPUNWRi7R1M4JK4EXgyTNSAANRoWQ&ul=en-us&de=UTF-8&dt=Email%20Preference%20Center&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAEABAAAAACAAI~&jid=1524250461&gjid=1271041138&cid=1370965894.1666377934&tid=UA-83714364-1&_gid=579339217.1666377934&_r=1&gtm=2wgaj0MPN4766&z=749702993
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2001:4860:4802:38::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 21 Oct 2022 18:45:33 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://tax.ryan.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/j/ 		1 B
437 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-83714364-1&cid=1370965894.1666377934&jid=1524250461&gjid=1271041138&_gid=579339217.1666377934&_u=YADAAEAAAAAAACAAI~&z=1681283306
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c00::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
date
Fri, 21 Oct 2022 18:45:33 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://tax.ryan.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
analytics
tax.ryan.com/ 		50 B
999 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tax.ryan.com/analytics?conly=true&visitor_id=425213596&visitor_id_sign=7dcf0ea1841bbe76e838be919b0f56ab96807e28def47188f6ed4c351cf83bbe5f0f724f638bc8a9cf3bcb6902a6a9acd8d98b52&pi_opt_in=&campaign_id=6280&account_id=863781&title=Email%20Preference%20Center&url=https://tax.ryan.com/preference-center?ehash=676bf82420b4c98046539ffc0b0465fa0674d5df5d7fc103c186a78cf1290ff0&email_id=321122086&epc_hash=NJxPodEgYYOYtSAPUNWRi7R1M4JK4EXgyTNSAANRoWQ&referrer=
Requested by
Host: pi.pardot.com
URL: https://pi.pardot.com/analytics?ver=3&visitor_id=425213596&visitor_id_sign=7dcf0ea1841bbe76e838be919b0f56ab96807e28def47188f6ed4c351cf83bbe5f0f724f638bc8a9cf3bcb6902a6a9acd8d98b52&pi_opt_in=&campaign_id=6280&account_id=863781&title=Email%20Preference%20Center&url=https%3A%2F%2Ftax.ryan.com%2Fpreference-center%3Fehash%3D676bf82420b4c98046539ffc0b0465fa0674d5df5d7fc103c186a78cf1290ff0%26email_id%3D321122086%26epc_hash%3DNJxPodEgYYOYtSAPUNWRi7R1M4JK4EXgyTNSAANRoWQ&referrer=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.54.96.194 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-54-96-194.compute-1.amazonaws.com
Software
PardotServer /
Resource Hash
dcf430710cdd1359115293f45d5023b2a560aef8a2c1e59d578b8b1e10a216d3

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
Date
Fri, 21 Oct 2022 18:45:33 GMT
X-Pardot-Route
9b06e8e2308c32c7bf9ba8adfb7be2e1
x-pardot-rsp
0/0/1
Server
PardotServer
vary
User-Agent
Content-Type
text/javascript; charset=utf-8
p3p
CP="CAO DSP AND SO ON" policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
cache-control
no-store, no-cache, must-revalidate
Connection
keep-alive
Content-Length
50
expires
Thu, 19 Nov 1981 08:52:00 GMT
index.php
stats.sa-as.com/ 		95 B
426 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://stats.sa-as.com/index.php?DID=246291&MyPage=tax.ryan.com/preference-center?ehash=676bf82420b4c98046539ffc0b0465fa0674d5df5d7fc103c186a78cf1290ff0&email_id=321122086&epc_hash=NJxPodEgYYOYtSAPUNWRi7R1M4JK4EXgyTNSAANRoWQ&MyID=undefined&MySearch=undefined&TitleTag=Email%20Preference%20Center&Hst=tax.ryan.com&width=1600&height=1200&ColDep=24&Lang=en-US&Cook=true&Page=%2Fpreference-center&Reff=&FullPage=https%3A%2F%2Ftax.ryan.com%2Fpreference-center%3Fehash%3D676bf82420b4c98046539ffc0b0465fa0674d5df5d7fc103c186a78cf1290ff0%26email_id%3D321122086%26epc_hash%3DNJxPodEgYYOYtSAPUNWRi7R1M4JK4EXgyTNSAANRoWQ&PMCD=https://tax.ryan.com/preference-center?ehash=676bf82420b4c98046539ffc0b0465fa0674d5df5d7fc103c186a78cf1290ff0&email_id=321122086&epc_hash=NJxPodEgYYOYtSAPUNWRi7R1M4JK4EXgyTNSAANRoWQ&r=0.19566491593388946
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
209.128.119.150 San Jose, United States, ASN7151 (BAYAREA-AS, US),
Reverse DNS
209-128-119-150.bayarea.net
Software
Apache /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date
Fri, 21 Oct 2022 18:45:22 GMT
Strict-Transport-Security
max-age=15552000; includeSubDomains
Content-Encoding
gzip
Server
Apache
Vary
Accept-Encoding
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Type
IMAGE/PNG
Connection
close
Content-Length
102

Verdicts & Comments Add Verdict or Comment

56 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation object| dataLayer string| piAId string| piCId string| piHostname object| anchors object| anchor function| postscribe object| google_tag_manager_external object| google_tag_manager object| google_tag_data object| OneTrustStub function| OptanonWrapper object| otStubData function| checkNamespace function| getPardotUrl function| piTracker function| piGetParameter function| piGetCookie function| piSetCookie string| piVersion number| piScriptNum object| piScriptObj object| pi number| c_start number| c_end string| property object| Optanon object| OneTrust function| gtag string| OnetrustActiveGroups string| OptanonActiveGroups string| GoogleAnalyticsObject function| ga number| DID string| MyPageName function| onYouTubeIframeAPIReady object| gaGlobal object| gaplugins object| gaData function| piResponse function| VSCapture function| VSLT undefined| pagename undefined| MyID undefined| MySearch object| sniffer

11 Cookies

Domain/Path Name / Value
tax.ryan.com/ Name: visitor_id862781
Value: 425213596
tax.ryan.com/ Name: visitor_id862781-hash
Value: 7dcf0ea1841bbe76e838be919b0f56ab96807e28def47188f6ed4c351cf83bbe5f0f724f638bc8a9cf3bcb6902a6a9acd8d98b52
.ryan.com/ Name: _gcl_au
Value: 1.1.1700944653.1666377933
.ryan.com/ Name: OptanonConsent
Value: isGpcEnabled=0&datestamp=Fri+Oct+21+2022+18%3A45%3A33+GMT%2B0000+(GMT)&version=6.34.0&isIABGlobal=false&hosts=&consentId=3dada7ba-cd9d-4fae-86e6-38a2c4758dd1&interactionCount=0&landingPath=https%3A%2F%2Ftax.ryan.com%2Fpreference-center%3Fehash%3D676bf82420b4c98046539ffc0b0465fa0674d5df5d7fc103c186a78cf1290ff0%26email_id%3D321122086%26epc_hash%3DNJxPodEgYYOYtSAPUNWRi7R1M4JK4EXgyTNSAANRoWQ&groups=C0001%3A1%2CC0002%3A1%2CC0003%3A1%2CC0004%3A1
.ryan.com/ Name: _ga_N1131SC0V5
Value: GS1.1.1666377933.1.0.1666377933.0.0.0
.ryan.com/ Name: _ga
Value: GA1.2.1370965894.1666377934
.ryan.com/ Name: _gid
Value: GA1.2.579339217.1666377934
.ryan.com/ Name: _gat_UA-83714364-1
Value: 1
.pardot.com/ Name: visitor_id862781
Value: 425213596
.pardot.com/ Name: visitor_id862781-hash
Value: 7dcf0ea1841bbe76e838be919b0f56ab96807e28def47188f6ed4c351cf83bbe5f0f724f638bc8a9cf3bcb6902a6a9acd8d98b52
pi.pardot.com/ Name: lpv862781
Value: aHR0cHM6Ly90YXgucnlhbi5jb20vcHJlZmVyZW5jZS1jZW50ZXI%2FZWhhc2g9Njc2YmY4MjQyMGI0Yzk4MDQ2NTM5ZmZjMGIwNDY1ZmEwNjc0ZDVkZjVkN2ZjMTAzYzE4NmE3OGNmMTI5MGZmMCZlbWFpbF9pZD0zMjExMjIwODYmZXBjX2hhc2g9Tkp4UG9kRWdZWU9ZdFNBUFVOV1JpN1IxTTRKSzRFWGd5VE5TQUFOUm9XUQ%3D%3D

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn-ukwest.onetrust.com
fonts.googleapis.com
fonts.gstatic.com
geolocation.onetrust.com
pi.pardot.com
region1.google-analytics.com
stats.g.doubleclick.net
stats.sa-as.com
storage.pardot.com
tax.ryan.com
www.google-analytics.com
www.googletagmanager.com
2001:4860:4802:32::36
2001:4860:4802:38::178
209.128.119.150
2600:9000:214f:200:d:7e9b:1200:93a1
2606:4700:4400::6812:2962
2a00:1450:4001:801::2003
2a00:1450:4001:802::2008
2a00:1450:4001:80f::200a
2a00:1450:400c:c00::9b
3.92.120.28
52.54.96.194
3b91e6a4b14493d67f9660e6d4a2e27c1eea54d97ccb7c30acf3b89998b3be99
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
44b7fb6f761a2e8bf64400e3311c4c4bf343e888ee1b8bbf125881c4617ed70f
49b9b4996d1ff0a8e3de643a0c623255bf631f298f2799b949c29de93926ee7a
4a8561e101553978075bc68df872a3c74fb7642f71a92e489a16253b9677ba70
54adaa54b44e3bc930b800b1ff004183223aaa51ecf73c08f8df3ad1ddd8bfdb
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
74c39b5ec5a61c19ff20d81c0418fabd61d6deb6ac0c967da28761d6b895ff7d
752e036d1a3b5055fa36b64bccd43f85cc59cfbbbac43d12a321c3865b6afcfc
853e9a850be1b9dc7e64ff6ef13cba2171435bd7c6c25c4661c1d4af9e5fbfe4
89fad8eccf058216f2489b00b6317daded6946aaed503d2795e65a7a2768e696
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
9678bd0b5db95004ffc9fd6174dc13ac4b1faab849965f5a05868369f22713e7
a89322a678186c5957a42f45dcc88293de6ba0888c9726a0c574fc0b2e002754
aee1e4e4dfaa2c0f96dcaf744f7f30e2cacd831eed9aae5266189216fa13a06a
b31813f20a6fdbf78f5ea5dae7c8588821a0c480ce058e99386b81d97d4a3e42
b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719
bbc4456bca95006683a8f081d0d2ed645eef5b14c62eca12c70f7e1cec26c1a0
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49
db311174b0e3c340727b63c055cfb5b317808e909503e1bda11cc58af444f12b
db79892bec1a5b314af20ab2defee5f126f9f064239748ac9cac1cdef2a37b79
dcf430710cdd1359115293f45d5023b2a560aef8a2c1e59d578b8b1e10a216d3
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e88dafe889a514ea8b9b07747f53d08b66a473b7caa78645b4aa2167563651e7
ed075e6f14b250be3c4344953433b448b5bf72d3937bcf7cafc06bcab0d130ae
f51fbe641df74aacea4b80495272679a6724f1d4ad750150fb3c7b70b7efc74e