www.benefits-mortgage.com Open in urlscan Pro
159.45.14.243  Malicious Activity! Public Scan

Submitted URL: http://hmc-ecard.wf.com/dean.bounougias/Tab_1.php
Effective URL: https://www.benefits-mortgage.com/affinity/mortgage-prequalification.page?suffix=constantine-bounougias&dm=DMIDRBIZCO
Submission: On December 06 via manual from IN

Summary

This website contacted 10 IPs in 4 countries across 11 domains to perform 34 HTTP transactions. The main IP is 159.45.14.243, located in United States and belongs to WELLSFARGO-10837 - Wells Fargo & Company, US. The main domain is www.benefits-mortgage.com.
TLS certificate: Issued by Wells Fargo Public Trust Certificatio... on November 20th 2019. Valid for: 2 years.
This is the only time www.benefits-mortgage.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Wells Fargo (Banking)

Domain & IP information

IP Address AS Autonomous System
1 1 184.154.24.90 32475 (SINGLEHOP...)
20 159.45.14.243 10837 (WELLSFARG...)
2 159.45.14.249 10837 (WELLSFARG...)
2 159.45.2.178 10837 (WELLSFARG...)
1 159.45.14.246 10837 (WELLSFARG...)
2 2 172.217.22.6 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a03:2880:f11... 32934 (FACEBOOK)
1 2 72.21.206.140 16509 (AMAZON-02)
1 34.247.192.223 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
34 10
Domain Requested by
20 www.benefits-mortgage.com www.benefits-mortgage.com
2 s.amazon-adsystem.com 1 redirects www.benefits-mortgage.com
2 ad.doubleclick.net 2 redirects
2 static.wellsfargo.com www.benefits-mortgage.com
static.wellsfargo.com
2 www.wfhm.com www.benefits-mortgage.com
1 www.google-analytics.com www.benefits-mortgage.com
1 wellsfargobankna.demdex.net www.benefits-mortgage.com
1 www.facebook.com www.benefits-mortgage.com
1 adservice.google.com www.benefits-mortgage.com
1 mortgage.wellsfargo.com www.benefits-mortgage.com
1 hmc-ecard.wf.com 1 redirects
0 www.google.de Failed www.benefits-mortgage.com
0 www.google.com Failed www.benefits-mortgage.com
34 13

This site contains links to these domains. Also see Links.

Domain
www.wfhm.com
www.wellsfargo.com
Subject Issuer Validity Valid
www.benefits-mortgage.com
Wells Fargo Public Trust Certification Authority 01 G2
2019-11-20 -
2022-02-12
2 years crt.sh
wfhm.wellsfargo.com
Wells Fargo Public Trust Certification Authority 01 G2
2019-09-24 -
2021-12-11
2 years crt.sh
static.wellsfargo.com
DigiCert Global CA G2
2019-02-07 -
2021-02-07
2 years crt.sh
mortgage.wellsfargo.com
Wells Fargo Public Trust Certification Authority 01 G2
2019-12-02 -
2022-02-06
2 years crt.sh
*.google.com
GTS CA 1O1
2019-11-05 -
2020-01-28
3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2019-11-06 -
2020-02-04
3 months crt.sh
s.amazon-adsystem.com
Amazon
2019-12-03 -
2020-11-06
a year crt.sh
*.demdex.net
DigiCert SHA2 High Assurance Server CA
2018-01-09 -
2021-02-12
3 years crt.sh
*.google-analytics.com
GTS CA 1O1
2019-11-05 -
2020-01-28
3 months crt.sh

This page contains 1 frames:

Primary Page: https://www.benefits-mortgage.com/affinity/mortgage-prequalification.page?suffix=constantine-bounougias&dm=DMIDRBIZCO
Frame ID: 3FA48D492289AD312C6885033D496B38
Requests: 34 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. http://hmc-ecard.wf.com/dean.bounougias/Tab_1.php HTTP 302
    https://www.benefits-mortgage.com/affinity/mortgage-prequalification.page?suffix=constantine-bounougias&dm=DMI... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • url /\.php(?:$|\?)/i

Overall confidence: 100%
Detected patterns
  • script /jquery[.-]([\d.]*\d)[^\/]*\.js/i
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

34
Requests

88 %
HTTPS

27 %
IPv6

11
Domains

13
Subdomains

10
IPs

4
Countries

762 kB
Transfer

924 kB
Size

16
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://hmc-ecard.wf.com/dean.bounougias/Tab_1.php HTTP 302
    https://www.benefits-mortgage.com/affinity/mortgage-prequalification.page?suffix=constantine-bounougias&dm=DMIDRBIZCO Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 24
  • https://ad.doubleclick.net/ddm/activity/src=2549153;type=mtgxt0;cat=mtg_h00h;u4=Prequalification_input;u8=ResidentialLendingForms;u9=DMIDRBIZCO;ord=8761313101562.099 HTTP 302
  • https://ad.doubleclick.net/ddm/activity/src=2549153;dc_pre=CLLd44uqoOYCFQYEiwodrBkBEg;type=mtgxt0;cat=mtg_h00h;u4=Prequalification_input;u8=ResidentialLendingForms;u9=DMIDRBIZCO;ord=8761313101562.099 HTTP 302
  • https://adservice.google.com/ddm/fls/z/src=2549153;dc_pre=CLLd44uqoOYCFQYEiwodrBkBEg;type=mtgxt0;cat=mtg_h00h;u4=Prequalification_input;u8=ResidentialLendingForms;u9=DMIDRBIZCO;ord=8761313101562.099
Request Chain 26
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/984436569/?value=0&guid=ON&script=0&data.prod=Prequalification&data.subprod=HMC&data.pageid=Prequalification_input HTTP 302
  • https://www.google.com/pagead/1p-user-list/984436569/?value=0&guid=ON&script=0&data.prod=Prequalification&data.subprod=HMC&data.pageid=Prequalification_input&is_vtc=1&random=1084136008
Request Chain 27
  • https://s.amazon-adsystem.com/iui3?d=forester-did&ex-fargs=%3Fid%3Da07ee1ba-96c5-7025-008f-cbbd79a45df2%26type%3D31%26m%3D1&ex-fch=416613&ex-src=https%3A%2F%2Fwww.benefits-mortgage.com%2Faffinity%2Fmortgage-prequalification.page%3Fsuffix%3Dconstantine-bounougias%26dm%3DDMIDRBIZCO&ex-hargs=v%3D1.0%3Bc%3D2079708751398%3Bp%3DA07EE1BA-96C5-7025-008F-CBBD79A45DF2 HTTP 302
  • https://s.amazon-adsystem.com/iui3?d=forester-did&ex-fargs=%3Fid%3Da07ee1ba-96c5-7025-008f-cbbd79a45df2%26type%3D31%26m%3D1&ex-fch=416613&ex-src=https%3A%2F%2Fwww.benefits-mortgage.com%2Faffinity%2Fmortgage-prequalification.page%3Fsuffix%3Dconstantine-bounougias%26dm%3DDMIDRBIZCO&ex-hargs=v%3D1.0%3Bc%3D2079708751398%3Bp%3DA07EE1BA-96C5-7025-008F-CBBD79A45DF2&dcc=t
Request Chain 31
  • https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&v=1&_v=j68&tid=UA-107148943-1&cid=1264431924.1575611462&jid=2106160390&gjid=2137647649&_gid=1619302296.1575611462&_u=YGBAiAABB~&z=147797268 HTTP 302
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-107148943-1&cid=1264431924.1575611462&jid=2106160390&_v=j68&z=147797268

34 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request Cookie set mortgage-prequalification.page
www.benefits-mortgage.com/affinity/
Redirect Chain
  • http://hmc-ecard.wf.com/dean.bounougias/Tab_1.php
  • https://www.benefits-mortgage.com/affinity/mortgage-prequalification.page?suffix=constantine-bounougias&dm=DMIDRBIZCO
18 KB
21 KB
Document
General
Full URL
https://www.benefits-mortgage.com/affinity/mortgage-prequalification.page?suffix=constantine-bounougias&dm=DMIDRBIZCO
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
159.45.14.243 , United States, ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US),
Reverse DNS
benefits-mortgage.com
Software
/
Resource Hash
6c5ff9e9cf60feedf249e8152a08ca0addf694ca356d9604f09ee534d6cdf102
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Host
www.benefits-mortgage.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 06 Dec 2019 05:51:00 GMT
Set-Cookie
TLTSID=611D33EA17EC10171AECB77F29F28BB5; Path=/; Domain=.benefits-mortgage.com TLTUID=611D33EA17EC10171AECB77F29F28BB5; Path=/; Domain=.benefits-mortgage.com; Expires=Fri, 06-Dec-2029 05:50:59 GMT JSESSIONID=4226FBEC6C838FF259EC13CF015DC6E1.JVM; Path=/affinity; Secure; HttpOnly suffix=constantine-bounougias; Max-Age=5184000; SameSite=strict; Secure; HttpOnly dm=DMIDRBIZCO; Max-Age=5184000; SameSite=strict; Secure; HttpOnly wfacookie=212019120600505931897; Max-Age=315360000; SameSite=strict; Secure; HttpOnly ROUTEID=."jvm2"; path=/ benefits-mortgage_443_infra_2=!RIMgJQ+WF8F5URsm3DtQGulPM9KoKEq4qYY/oZVLlZqOXVRxvsIslp75W9EIE/iE24BaTRNBfSFT6ag=; path=/; Httponly; Secure TS01ccfc32=011a85ef9b961fdeaa5e885a88f6130adf326eff0ba61d09a3f4f9e913f6a5f355721490608f44436ddadc35794e3e580d61fa4a13a99ca09a699c8757e8b15cd30f2731e5aec183055233bc34ebcc8217be85cbf5060c1cc904bea77c950d4200564be437bb3ec8a1d202257128235a10af59641dfe8ba9c5677f9c3689e30550cd2b4a8d; Path=/ TS013aa3d0=011a85ef9b6aa4062458e7d042a2e46055458fe745a61d09a3f4f9e913f6a5f3557214906057324e2d20afe3f7c324d016f5a9095c3114f619fab354daaea562f8e3d534176a4169e1c1c11c54cc24e547a374fd6e; path=/; domain=.benefits-mortgage.com TS0139c89a=011a85ef9bcc941b13b86085933911245b696cb727a61d09a3f4f9e913f6a5f3557214906086620a3c8b51da9f03737ccc45604291bd27220f3316205bc996a5a551efc163; path=/affinity benefits-mortgage_443_infra_1=!PCpGcM84DjVJEXIm3DtQGulPM9KoKGd9+ciQXanYCH1BOwdZ/ySXkdotMMYRPAm60rz7JlbFJ5dAVHY=; path=/; Httponly; Secure
Cache-Control
no-cache no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Vary
*
Pragma
no-cache
Expires
-1
wfacookie
212019120600505931897
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Frame-Options
SAMEORIGIN
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
Content-Type
text/html;charset=ISO-8859-1
Content-Language
en-US
Keep-Alive
timeout=15, max=100
Connection
Keep-Alive
Transfer-Encoding
chunked

Redirect headers

Date
Fri, 06 Dec 2019 05:50:58 GMT
Server
Apache
X-Powered-By
PHP/5.6.40
Location
https://www.benefits-mortgage.com/affinity/mortgage-prequalification.page?suffix=constantine-bounougias&dm=DMIDRBIZCO
Strict-Transport-Security
max-age=31536000
Keep-Alive
timeout=10
Connection
Keep-Alive
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
styles-min.css
www.benefits-mortgage.com/affinity/stylesheet/
9 KB
9 KB
Stylesheet
General
Full URL
https://www.benefits-mortgage.com/affinity/stylesheet/styles-min.css
Requested by
Host: www.benefits-mortgage.com
URL: https://www.benefits-mortgage.com/affinity/mortgage-prequalification.page?suffix=constantine-bounougias&dm=DMIDRBIZCO
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
159.45.14.243 , United States, ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US),
Reverse DNS
benefits-mortgage.com
Software
/
Resource Hash
38e2c6116101fe7241055441982c84f56ff0a7eee4542c6cd6cbaba25c3e51ea
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.benefits-mortgage.com/affinity/mortgage-prequalification.page?suffix=constantine-bounougias&dm=DMIDRBIZCO
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 06 Dec 2019 05:51:00 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Wed, 11 Sep 2019 15:54:24 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Cache-Control
no-cache
Connection
Keep-Alive
Accept-Ranges
bytes
Vary
*
Content-Length
8793
X-XSS-Protection
1; mode=block
Keep-Alive
timeout=15, max=99
Expires
Wed, 31 Dec 1969 23:59:59 GMT
jquery-1.12.1.min.js
www.benefits-mortgage.com/affinity/js/thirdparty/
95 KB
96 KB
Script
General
Full URL
https://www.benefits-mortgage.com/affinity/js/thirdparty/jquery-1.12.1.min.js
Requested by
Host: www.benefits-mortgage.com
URL: https://www.benefits-mortgage.com/affinity/mortgage-prequalification.page?suffix=constantine-bounougias&dm=DMIDRBIZCO
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
159.45.14.243 , United States, ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US),
Reverse DNS
benefits-mortgage.com
Software
/
Resource Hash
aac421b5f7c1ac04e2e2488b8e960c2368c2a28927da0b028bb7b9c6c31a5625
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.benefits-mortgage.com/affinity/mortgage-prequalification.page?suffix=constantine-bounougias&dm=DMIDRBIZCO
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 06 Dec 2019 05:51:00 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Wed, 11 Sep 2019 15:54:24 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Cache-Control
no-cache
Connection
Keep-Alive
Accept-Ranges
bytes
Vary
*
Content-Length
97406
X-XSS-Protection
1; mode=block
Keep-Alive
timeout=15, max=97
Expires
Wed, 31 Dec 1969 23:59:59 GMT
application-min.js
www.benefits-mortgage.com/affinity/js/
15 KB
16 KB
Script
General
Full URL
https://www.benefits-mortgage.com/affinity/js/application-min.js
Requested by
Host: www.benefits-mortgage.com
URL: https://www.benefits-mortgage.com/affinity/mortgage-prequalification.page?suffix=constantine-bounougias&dm=DMIDRBIZCO
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
159.45.14.243 , United States, ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US),
Reverse DNS
benefits-mortgage.com
Software
/
Resource Hash
fe4f8946fabafb8509d7361b62424a5de5cd13bc290306b8f3fa0cb66c7e502e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.benefits-mortgage.com/affinity/mortgage-prequalification.page?suffix=constantine-bounougias&dm=DMIDRBIZCO
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 06 Dec 2019 05:51:00 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Wed, 11 Sep 2019 15:54:22 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Cache-Control
no-cache
Connection
Keep-Alive
Accept-Ranges
bytes
Vary
*
Content-Length
15582
X-XSS-Protection
1; mode=block
Keep-Alive
timeout=15, max=96
Expires
Wed, 31 Dec 1969 23:59:59 GMT
common.js
www.benefits-mortgage.com/affinity/js/common/
27 KB
28 KB
Script
General
Full URL
https://www.benefits-mortgage.com/affinity/js/common/common.js
Requested by
Host: www.benefits-mortgage.com
URL: https://www.benefits-mortgage.com/affinity/mortgage-prequalification.page?suffix=constantine-bounougias&dm=DMIDRBIZCO
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
159.45.14.243 , United States, ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US),
Reverse DNS
benefits-mortgage.com
Software
/
Resource Hash
d6d8eb0c5f0939334fc8f137545dd5b2cfc9beb7cb7128f9069639d143b04e14
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.benefits-mortgage.com/affinity/mortgage-prequalification.page?suffix=constantine-bounougias&dm=DMIDRBIZCO
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 06 Dec 2019 05:51:00 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Wed, 11 Sep 2019 15:54:22 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Cache-Control
no-cache
Connection
Keep-Alive
Accept-Ranges
bytes
Vary
*
Content-Length
27851
X-XSS-Protection
1; mode=block
Keep-Alive
timeout=15, max=95
Expires
Wed, 31 Dec 1969 23:59:59 GMT
AJS.js
www.benefits-mortgage.com/affinity/js/thirdparty/greybox/
19 KB
20 KB
Script
General
Full URL
https://www.benefits-mortgage.com/affinity/js/thirdparty/greybox/AJS.js
Requested by
Host: www.benefits-mortgage.com
URL: https://www.benefits-mortgage.com/affinity/mortgage-prequalification.page?suffix=constantine-bounougias&dm=DMIDRBIZCO
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
159.45.14.243 , United States, ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US),
Reverse DNS
benefits-mortgage.com
Software
/
Resource Hash
7a80cebc7c82d342734636c864c21469a31fb714c6f8e415ac228849cdd1c8a8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.benefits-mortgage.com/affinity/mortgage-prequalification.page?suffix=constantine-bounougias&dm=DMIDRBIZCO
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 06 Dec 2019 05:51:00 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Wed, 11 Sep 2019 15:54:22 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Cache-Control
no-cache
Connection
Keep-Alive
Accept-Ranges
bytes
Vary
*
Content-Length
19831
X-XSS-Protection
1; mode=block
Keep-Alive
timeout=15, max=100
Expires
Wed, 31 Dec 1969 23:59:59 GMT
AJS_fx.js
www.benefits-mortgage.com/affinity/js/thirdparty/greybox/
3 KB
3 KB
Script
General
Full URL
https://www.benefits-mortgage.com/affinity/js/thirdparty/greybox/AJS_fx.js
Requested by
Host: www.benefits-mortgage.com
URL: https://www.benefits-mortgage.com/affinity/mortgage-prequalification.page?suffix=constantine-bounougias&dm=DMIDRBIZCO
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
159.45.14.243 , United States, ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US),
Reverse DNS
benefits-mortgage.com
Software
/
Resource Hash
5d84bf2ab5a4b97af19f598e41f3fa5daa616fb9e313bc7472e0a4ae96efb614
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.benefits-mortgage.com/affinity/mortgage-prequalification.page?suffix=constantine-bounougias&dm=DMIDRBIZCO
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 06 Dec 2019 05:51:00 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Wed, 11 Sep 2019 15:54:22 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Cache-Control
no-cache
Connection
Keep-Alive
Accept-Ranges
bytes
Vary
*
Content-Length
2877
X-XSS-Protection
1; mode=block
Keep-Alive
timeout=15, max=100
Expires
Wed, 31 Dec 1969 23:59:59 GMT
gb_scripts.js
www.benefits-mortgage.com/affinity/js/thirdparty/greybox/
11 KB
12 KB
Script
General
Full URL
https://www.benefits-mortgage.com/affinity/js/thirdparty/greybox/gb_scripts.js
Requested by
Host: www.benefits-mortgage.com
URL: https://www.benefits-mortgage.com/affinity/mortgage-prequalification.page?suffix=constantine-bounougias&dm=DMIDRBIZCO
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
159.45.14.243 , United States, ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US),
Reverse DNS
benefits-mortgage.com
Software
/
Resource Hash
a0e1de92279bb8348d8756b6fa89fd927d81943b71be5a0a88f02e3de8296834
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.benefits-mortgage.com/affinity/mortgage-prequalification.page?suffix=constantine-bounougias&dm=DMIDRBIZCO
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 06 Dec 2019 05:51:00 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Wed, 11 Sep 2019 15:54:22 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Cache-Control
no-cache
Connection
Keep-Alive
Accept-Ranges
bytes
Vary
*
Content-Length
11626
X-XSS-Protection
1; mode=block
Keep-Alive
timeout=15, max=94
Expires
Wed, 31 Dec 1969 23:59:59 GMT
gb_styles.css
www.benefits-mortgage.com/affinity/js/thirdparty/greybox/
2 KB
3 KB
Stylesheet
General
Full URL
https://www.benefits-mortgage.com/affinity/js/thirdparty/greybox/gb_styles.css
Requested by
Host: www.benefits-mortgage.com
URL: https://www.benefits-mortgage.com/affinity/mortgage-prequalification.page?suffix=constantine-bounougias&dm=DMIDRBIZCO
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
159.45.14.243 , United States, ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US),
Reverse DNS
benefits-mortgage.com
Software
/
Resource Hash
715df77389e6b1cb4aa5beb6e62cf245ae0169c1f481920a34f4ce877897fd06
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.benefits-mortgage.com/affinity/mortgage-prequalification.page?suffix=constantine-bounougias&dm=DMIDRBIZCO
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 06 Dec 2019 05:51:00 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Wed, 11 Sep 2019 15:54:22 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Cache-Control
no-cache
Connection
Keep-Alive
Accept-Ranges
bytes
Vary
*
Content-Length
2324
X-XSS-Protection
1; mode=block
Keep-Alive
timeout=15, max=98
Expires
Wed, 31 Dec 1969 23:59:59 GMT
WFHMStandard.gif
www.wfhm.com/loans/mc/published/dynamicContent/CompanyLogo/
2 KB
4 KB
Image
General
Full URL
https://www.wfhm.com/loans/mc/published/dynamicContent/CompanyLogo/WFHMStandard.gif
Requested by
Host: www.benefits-mortgage.com
URL: https://www.benefits-mortgage.com/affinity/mortgage-prequalification.page?suffix=constantine-bounougias&dm=DMIDRBIZCO
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
159.45.14.249 , United States, ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US),
Reverse DNS
Software
/
Resource Hash
1d75c1532073401f90f2c4a3135126be6b2cfcd7d24af3da75e393a3c2269a81
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.bing.com/ https://t0.ssl.ak.dynamic.tiles.virtualearth.net/ https://t1.ssl.ak.dynamic.tiles.virtualearth.net/ https://dev.virtualearth.net https://spatial.virtualearth.net/; font-src 'self' data: fonts.gstatic.com; img-src 'self' data: https://www.bing.com/ https://t0.ssl.ak.dynamic.tiles.virtualearth.net/ https://t1.ssl.ak.dynamic.tiles.virtualearth.net/; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.bing.com/; connect-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.bing.com/ https://t0.ssl.ak.dynamic.tiles.virtualearth.net https://t0.ssl.ak.tiles.virtualearth.net https://t1.ssl.ak.tiles.virtualearth.net/;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.benefits-mortgage.com/affinity/mortgage-prequalification.page?suffix=constantine-bounougias&dm=DMIDRBIZCO
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 06 Dec 2019 05:51:00 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Thu, 05 Dec 2019 21:06:28 GMT
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
image/gif
Cache-Control
no-cache
Content-Security-Policy
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.bing.com/ https://t0.ssl.ak.dynamic.tiles.virtualearth.net/ https://t1.ssl.ak.dynamic.tiles.virtualearth.net/ https://dev.virtualearth.net https://spatial.virtualearth.net/; font-src 'self' data: fonts.gstatic.com; img-src 'self' data: https://www.bing.com/ https://t0.ssl.ak.dynamic.tiles.virtualearth.net/ https://t1.ssl.ak.dynamic.tiles.virtualearth.net/; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.bing.com/; connect-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.bing.com/ https://t0.ssl.ak.dynamic.tiles.virtualearth.net https://t0.ssl.ak.tiles.virtualearth.net https://t1.ssl.ak.tiles.virtualearth.net/;
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=100
Content-Length
1824
X-XSS-Protection
1; mode=block
print.css
www.benefits-mortgage.com/affinity/stylesheet/desktop/common/
302 B
777 B
Stylesheet
General
Full URL
https://www.benefits-mortgage.com/affinity/stylesheet/desktop/common/print.css
Requested by
Host: www.benefits-mortgage.com
URL: https://www.benefits-mortgage.com/affinity/mortgage-prequalification.page?suffix=constantine-bounougias&dm=DMIDRBIZCO
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
159.45.14.243 , United States, ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US),
Reverse DNS
benefits-mortgage.com
Software
/
Resource Hash
ae516ff917750f1574ac585c708b73f5a969baecb5f1ff4d114a92358db5d250
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.benefits-mortgage.com/affinity/mortgage-prequalification.page?suffix=constantine-bounougias&dm=DMIDRBIZCO
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 06 Dec 2019 05:51:00 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Wed, 11 Sep 2019 15:54:24 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Cache-Control
no-cache
Connection
Keep-Alive
Accept-Ranges
bytes
Vary
*
Content-Length
302
X-XSS-Protection
1; mode=block
Keep-Alive
timeout=15, max=100
Expires
Wed, 31 Dec 1969 23:59:59 GMT
scpPhoto_775489.jpg
www.wfhm.com/loans/mc/published/scpPhotos/
32 KB
34 KB
Image
General
Full URL
https://www.wfhm.com/loans/mc/published/scpPhotos/scpPhoto_775489.jpg
Requested by
Host: www.benefits-mortgage.com
URL: https://www.benefits-mortgage.com/affinity/mortgage-prequalification.page?suffix=constantine-bounougias&dm=DMIDRBIZCO
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
159.45.14.249 , United States, ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US),
Reverse DNS
Software
/
Resource Hash
69cb464241504894bdeb19ada09c5527b65b734b2362a33dd946381629373058
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.bing.com/ https://t0.ssl.ak.dynamic.tiles.virtualearth.net/ https://t1.ssl.ak.dynamic.tiles.virtualearth.net/ https://dev.virtualearth.net https://spatial.virtualearth.net/; font-src 'self' data: fonts.gstatic.com; img-src 'self' data: https://www.bing.com/ https://t0.ssl.ak.dynamic.tiles.virtualearth.net/ https://t1.ssl.ak.dynamic.tiles.virtualearth.net/; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.bing.com/; connect-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.bing.com/ https://t0.ssl.ak.dynamic.tiles.virtualearth.net https://t0.ssl.ak.tiles.virtualearth.net https://t1.ssl.ak.tiles.virtualearth.net/;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.benefits-mortgage.com/affinity/mortgage-prequalification.page?suffix=constantine-bounougias&dm=DMIDRBIZCO
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 06 Dec 2019 05:51:00 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Thu, 05 Dec 2019 21:09:11 GMT
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
image/jpeg
Cache-Control
no-cache
Content-Security-Policy
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.bing.com/ https://t0.ssl.ak.dynamic.tiles.virtualearth.net/ https://t1.ssl.ak.dynamic.tiles.virtualearth.net/ https://dev.virtualearth.net https://spatial.virtualearth.net/; font-src 'self' data: fonts.gstatic.com; img-src 'self' data: https://www.bing.com/ https://t0.ssl.ak.dynamic.tiles.virtualearth.net/ https://t1.ssl.ak.dynamic.tiles.virtualearth.net/; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.bing.com/; connect-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.bing.com/ https://t0.ssl.ak.dynamic.tiles.virtualearth.net https://t0.ssl.ak.tiles.virtualearth.net https://t1.ssl.ak.tiles.virtualearth.net/;
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=100
Content-Length
32435
X-XSS-Protection
1; mode=block
phone_28x22.jpg
www.benefits-mortgage.com/affinity/images/
2 KB
2 KB
Image
General
Full URL
https://www.benefits-mortgage.com/affinity/images/phone_28x22.jpg
Requested by
Host: www.benefits-mortgage.com
URL: https://www.benefits-mortgage.com/affinity/mortgage-prequalification.page?suffix=constantine-bounougias&dm=DMIDRBIZCO
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
159.45.14.243 , United States, ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US),
Reverse DNS
benefits-mortgage.com
Software
/
Resource Hash
c644df4b951b7bb95666d0e565c11a0f052b7f2a281a06e2fdb22409a26ed60e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.benefits-mortgage.com/affinity/mortgage-prequalification.page?suffix=constantine-bounougias&dm=DMIDRBIZCO
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 06 Dec 2019 05:51:00 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Wed, 11 Sep 2019 15:54:26 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
image/jpeg
Cache-Control
no-cache
Connection
Keep-Alive
Accept-Ranges
bytes
Vary
*
Content-Length
1637
X-XSS-Protection
1; mode=block
Keep-Alive
timeout=15, max=99
Expires
Wed, 31 Dec 1969 23:59:59 GMT
undefined
www.benefits-mortgage.com/affinity/
0
0
Script
General
Full URL
https://www.benefits-mortgage.com/affinity/undefined
Requested by
Host: www.benefits-mortgage.com
URL: https://www.benefits-mortgage.com/affinity/mortgage-prequalification.page?suffix=constantine-bounougias&dm=DMIDRBIZCO
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
159.45.14.243 , United States, ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US),
Reverse DNS
benefits-mortgage.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.benefits-mortgage.com/affinity/mortgage-prequalification.page?suffix=constantine-bounougias&dm=DMIDRBIZCO
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 06 Dec 2019 05:51:00 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
Content-Type
text/html;charset=ISO-8859-1
Cache-Control
no-cache
Connection
Keep-Alive
Vary
*
Content-Length
3417
X-XSS-Protection
1; mode=block
Keep-Alive
timeout=15, max=93
Expires
Wed, 31 Dec 1969 23:59:59 GMT
utag.js
static.wellsfargo.com/tracking/tog/
182 KB
22 KB
Script
General
Full URL
https://static.wellsfargo.com/tracking/tog/utag.js
Requested by
Host: www.benefits-mortgage.com
URL: https://www.benefits-mortgage.com/affinity/mortgage-prequalification.page?suffix=constantine-bounougias&dm=DMIDRBIZCO
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
159.45.2.178 Charlotte, United States, ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US),
Reverse DNS
Software
KONICHIWA/2.0 /
Resource Hash
fd15cb4f34ccd7a6a650dd3926def01c5d5099a172cdbfa6fa858a9d9f766c16
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.benefits-mortgage.com/affinity/mortgage-prequalification.page?suffix=constantine-bounougias&dm=DMIDRBIZCO
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 06 Dec 2019 05:51:01 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Connection
Keep-Alive
Vary
Accept-Encoding
Content-Length
22139
X-XSS-Protection
1; mode=block
Last-Modified
Thu, 10 Oct 2019 22:41:53 GMT
Server
KONICHIWA/2.0
ETag
"2d8d7-594961b9f8e40-gzip"
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubdomains;
Content-Type
application/x-javascript
Cache-Control
max-age=1800
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=100
icon-print.png
www.benefits-mortgage.com/affinity/images/
1016 B
1 KB
Image
General
Full URL
https://www.benefits-mortgage.com/affinity/images/icon-print.png
Requested by
Host: www.benefits-mortgage.com
URL: https://www.benefits-mortgage.com/affinity/mortgage-prequalification.page?suffix=constantine-bounougias&dm=DMIDRBIZCO
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
159.45.14.243 , United States, ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US),
Reverse DNS
benefits-mortgage.com
Software
/
Resource Hash
57d230c644b0cde4f37f92c585db85931c9963456645c077f97242bb1a616b64
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.benefits-mortgage.com/affinity/stylesheet/styles-min.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 06 Dec 2019 05:51:00 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Wed, 11 Sep 2019 15:54:26 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Cache-Control
no-cache
Connection
Keep-Alive
Accept-Ranges
bytes
Vary
*
Content-Length
1016
X-XSS-Protection
1; mode=block
Keep-Alive
timeout=15, max=99
Expires
Wed, 31 Dec 1969 23:59:59 GMT
desktop_aa-family_outside-home_smiling.jpg
mortgage.wellsfargo.com/affinity/mc/published/introImage/
451 KB
452 KB
Image
General
Full URL
https://mortgage.wellsfargo.com/affinity/mc/published/introImage/desktop_aa-family_outside-home_smiling.jpg?1575611459996
Requested by
Host: www.benefits-mortgage.com
URL: https://www.benefits-mortgage.com/affinity/mortgage-prequalification.page?suffix=constantine-bounougias&dm=DMIDRBIZCO
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
159.45.14.246 , United States, ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US),
Reverse DNS
Software
/
Resource Hash
a991fea949e620727e1f9bd58459bef40b0268fd469d744cb6a9cbd3578456db
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.benefits-mortgage.com/affinity/mortgage-prequalification.page?suffix=constantine-bounougias&dm=DMIDRBIZCO
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 06 Dec 2019 05:51:01 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Thu, 05 Dec 2019 17:21:04 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
image/jpeg
Cache-Control
no-cache, no-cache
Connection
Keep-Alive
Accept-Ranges
bytes
Vary
*
Content-Length
461453
X-XSS-Protection
1; mode=block
Keep-Alive
timeout=15, max=100
Expires
Wed, 31 Dec 1969 23:59:59 GMT
open_caret.png
www.benefits-mortgage.com/affinity/images/
3 KB
4 KB
Image
General
Full URL
https://www.benefits-mortgage.com/affinity/images/open_caret.png
Requested by
Host: www.benefits-mortgage.com
URL: https://www.benefits-mortgage.com/affinity/mortgage-prequalification.page?suffix=constantine-bounougias&dm=DMIDRBIZCO
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
159.45.14.243 , United States, ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US),
Reverse DNS
benefits-mortgage.com
Software
/
Resource Hash
e3fbf57ca8c7e4a8e72d595288620c114876f272054e6617364eca5c5e505dc5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.benefits-mortgage.com/affinity/stylesheet/styles-min.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 06 Dec 2019 05:51:00 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Wed, 11 Sep 2019 15:54:26 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Cache-Control
no-cache
Connection
Keep-Alive
Accept-Ranges
bytes
Vary
*
Content-Length
3125
X-XSS-Protection
1; mode=block
Keep-Alive
timeout=15, max=99
Expires
Wed, 31 Dec 1969 23:59:59 GMT
equal_housing_lender.png
www.benefits-mortgage.com/affinity/images/
1 KB
2 KB
Image
General
Full URL
https://www.benefits-mortgage.com/affinity/images/equal_housing_lender.png
Requested by
Host: www.benefits-mortgage.com
URL: https://www.benefits-mortgage.com/affinity/mortgage-prequalification.page?suffix=constantine-bounougias&dm=DMIDRBIZCO
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
159.45.14.243 , United States, ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US),
Reverse DNS
benefits-mortgage.com
Software
/
Resource Hash
48f9004af522f48115c3dc41362c594349764d78119c432f150bdc690f380fed
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.benefits-mortgage.com/affinity/stylesheet/styles-min.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 06 Dec 2019 05:51:00 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Wed, 11 Sep 2019 15:54:26 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Cache-Control
no-cache
Connection
Keep-Alive
Accept-Ranges
bytes
Vary
*
Content-Length
1091
X-XSS-Protection
1; mode=block
Keep-Alive
timeout=15, max=100
Expires
Wed, 31 Dec 1969 23:59:59 GMT
bg-footer.png
www.benefits-mortgage.com/affinity/images/
1 KB
2 KB
Image
General
Full URL
https://www.benefits-mortgage.com/affinity/images/bg-footer.png
Requested by
Host: www.benefits-mortgage.com
URL: https://www.benefits-mortgage.com/affinity/mortgage-prequalification.page?suffix=constantine-bounougias&dm=DMIDRBIZCO
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
159.45.14.243 , United States, ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US),
Reverse DNS
benefits-mortgage.com
Software
/
Resource Hash
1ed889a15705bc76729d29d715c64f3d7f35de2ea519e1d2704924cf40d9e30d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.benefits-mortgage.com/affinity/stylesheet/styles-min.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 06 Dec 2019 05:51:00 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Wed, 11 Sep 2019 15:54:26 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Cache-Control
no-cache
Connection
Keep-Alive
Accept-Ranges
bytes
Vary
*
Content-Length
1411
X-XSS-Protection
1; mode=block
Keep-Alive
timeout=15, max=98
Expires
Wed, 31 Dec 1969 23:59:59 GMT
indicator.gif
www.benefits-mortgage.com/affinity/js/thirdparty/greybox/
8 KB
9 KB
Image
General
Full URL
https://www.benefits-mortgage.com/affinity/js/thirdparty/greybox/indicator.gif
Requested by
Host: www.benefits-mortgage.com
URL: https://www.benefits-mortgage.com/affinity/mortgage-prequalification.page?suffix=constantine-bounougias&dm=DMIDRBIZCO
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
159.45.14.243 , United States, ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US),
Reverse DNS
benefits-mortgage.com
Software
/
Resource Hash
325c9abd3a010d95544f93d94a8ae5b9fae2a70affb4bfa260dd161cbf2e295b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.benefits-mortgage.com/affinity/mortgage-prequalification.page?suffix=constantine-bounougias&dm=DMIDRBIZCO
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 06 Dec 2019 05:51:01 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Wed, 11 Sep 2019 15:54:22 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Accept-Ranges
bytes
Vary
*
Content-Length
8238
X-XSS-Protection
1; mode=block
Keep-Alive
timeout=15, max=98
Expires
Wed, 31 Dec 1969 23:59:59 GMT
g_close.gif
www.benefits-mortgage.com/affinity/js/thirdparty/greybox/
541 B
1016 B
Image
General
Full URL
https://www.benefits-mortgage.com/affinity/js/thirdparty/greybox/g_close.gif
Requested by
Host: www.benefits-mortgage.com
URL: https://www.benefits-mortgage.com/affinity/mortgage-prequalification.page?suffix=constantine-bounougias&dm=DMIDRBIZCO
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
159.45.14.243 , United States, ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US),
Reverse DNS
benefits-mortgage.com
Software
/
Resource Hash
3e7f0e56964b201b30b49fb975290614ac8b9ed8ec7b4849b519a33f0c847aa5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.benefits-mortgage.com/affinity/mortgage-prequalification.page?suffix=constantine-bounougias&dm=DMIDRBIZCO
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 06 Dec 2019 05:51:01 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Wed, 11 Sep 2019 15:54:22 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Accept-Ranges
bytes
Vary
*
Content-Length
541
X-XSS-Protection
1; mode=block
Keep-Alive
timeout=15, max=97
Expires
Wed, 31 Dec 1969 23:59:59 GMT
close_btn.png
www.benefits-mortgage.com/affinity/js/thirdparty/greybox/
5 KB
5 KB
Image
General
Full URL
https://www.benefits-mortgage.com/affinity/js/thirdparty/greybox/close_btn.png
Requested by
Host: www.benefits-mortgage.com
URL: https://www.benefits-mortgage.com/affinity/mortgage-prequalification.page?suffix=constantine-bounougias&dm=DMIDRBIZCO
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
159.45.14.243 , United States, ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US),
Reverse DNS
benefits-mortgage.com
Software
/
Resource Hash
76f20a29227b17b4546bad88aa18484ce89ada61f07b6933e93b3a5e535b8291
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.benefits-mortgage.com/affinity/mortgage-prequalification.page?suffix=constantine-bounougias&dm=DMIDRBIZCO
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 06 Dec 2019 05:51:01 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Wed, 11 Sep 2019 15:54:22 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Cache-Control
no-cache
Connection
Keep-Alive
Accept-Ranges
bytes
Vary
*
Content-Length
5021
X-XSS-Protection
1; mode=block
Keep-Alive
timeout=15, max=98
Expires
Wed, 31 Dec 1969 23:59:59 GMT
header_bg.gif
www.benefits-mortgage.com/affinity/js/thirdparty/greybox/
1 KB
2 KB
Image
General
Full URL
https://www.benefits-mortgage.com/affinity/js/thirdparty/greybox/header_bg.gif
Requested by
Host: www.benefits-mortgage.com
URL: https://www.benefits-mortgage.com/affinity/mortgage-prequalification.page?suffix=constantine-bounougias&dm=DMIDRBIZCO
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
159.45.14.243 , United States, ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US),
Reverse DNS
benefits-mortgage.com
Software
/
Resource Hash
6f1835a06585a3cf90a0b7e85f67607fddebb9a4e7f81f534257e61b904e26cf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.benefits-mortgage.com/affinity/mortgage-prequalification.page?suffix=constantine-bounougias&dm=DMIDRBIZCO
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 06 Dec 2019 05:51:01 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Wed, 11 Sep 2019 15:54:22 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Accept-Ranges
bytes
Vary
*
Content-Length
1188
X-XSS-Protection
1; mode=block
Keep-Alive
timeout=15, max=99
Expires
Wed, 31 Dec 1969 23:59:59 GMT
analytics.js
static.wellsfargo.com/tracking/ga/
34 KB
15 KB
Script
General
Full URL
https://static.wellsfargo.com/tracking/ga/analytics.js
Requested by
Host: static.wellsfargo.com
URL: https://static.wellsfargo.com/tracking/tog/utag.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
159.45.2.178 Charlotte, United States, ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US),
Reverse DNS
Software
KONICHIWA/2.0 /
Resource Hash
9fe02658a495321edf29de87f262dfda74c89f8b7bc050a40b086b544c0a1641
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.benefits-mortgage.com/affinity/mortgage-prequalification.page?suffix=constantine-bounougias&dm=DMIDRBIZCO
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 06 Dec 2019 05:51:01 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Connection
Keep-Alive
Vary
Accept-Encoding
Content-Length
14331
X-XSS-Protection
1; mode=block
Last-Modified
Tue, 25 Jun 2019 17:30:12 GMT
Server
KONICHIWA/2.0
ETag
"89b7-58c2947efd100-gzip"
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubdomains;
Content-Type
application/x-javascript
Cache-Control
max-age=1800
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=99
src=2549153;dc_pre=CLLd44uqoOYCFQYEiwodrBkBEg;type=mtgxt0;cat=mtg_h00h;u4=Prequalification_input;u8=ResidentialLendingForms;u9=DMIDRBIZCO;ord=8761313101562.099
adservice.google.com/ddm/fls/z/
Redirect Chain
  • https://ad.doubleclick.net/ddm/activity/src=2549153;type=mtgxt0;cat=mtg_h00h;u4=Prequalification_input;u8=ResidentialLendingForms;u9=DMIDRBIZCO;ord=8761313101562.099?
  • https://ad.doubleclick.net/ddm/activity/src=2549153;dc_pre=CLLd44uqoOYCFQYEiwodrBkBEg;type=mtgxt0;cat=mtg_h00h;u4=Prequalification_input;u8=ResidentialLendingForms;u9=DMIDRBIZCO;ord=8761313101562.099?
  • https://adservice.google.com/ddm/fls/z/src=2549153;dc_pre=CLLd44uqoOYCFQYEiwodrBkBEg;type=mtgxt0;cat=mtg_h00h;u4=Prequalification_input;u8=ResidentialLendingForms;u9=DMIDRBIZCO;ord=8761313101562.099
42 B
109 B
Image
General
Full URL
https://adservice.google.com/ddm/fls/z/src=2549153;dc_pre=CLLd44uqoOYCFQYEiwodrBkBEg;type=mtgxt0;cat=mtg_h00h;u4=Prequalification_input;u8=ResidentialLendingForms;u9=DMIDRBIZCO;ord=8761313101562.099
Requested by
Host: www.benefits-mortgage.com
URL: https://www.benefits-mortgage.com/affinity/mortgage-prequalification.page?suffix=constantine-bounougias&dm=DMIDRBIZCO
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.benefits-mortgage.com/affinity/mortgage-prequalification.page?suffix=constantine-bounougias&dm=DMIDRBIZCO
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 06 Dec 2019 05:51:01 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, must-revalidate
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Fri, 06 Dec 2019 05:51:01 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
location
https://adservice.google.com/ddm/fls/z/src=2549153;dc_pre=CLLd44uqoOYCFQYEiwodrBkBEg;type=mtgxt0;cat=mtg_h00h;u4=Prequalification_input;u8=ResidentialLendingForms;u9=DMIDRBIZCO;ord=8761313101562.099
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
302
cache-control
no-cache, must-revalidate
content-type
text/html; charset=UTF-8
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
tr
www.facebook.com/
44 B
248 B
Image
General
Full URL
https://www.facebook.com/tr?id=1578146899100389&ev=PageView&cd[currency]=USD&cd[value]=0.00&cd[Product]=Prequalification&cd[Subproduct]=HMC&cd[PageID]=Prequalification_input
Requested by
Host: www.benefits-mortgage.com
URL: https://www.benefits-mortgage.com/affinity/mortgage-prequalification.page?suffix=constantine-bounougias&dm=DMIDRBIZCO
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.benefits-mortgage.com/affinity/mortgage-prequalification.page?suffix=constantine-bounougias&dm=DMIDRBIZCO
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 06 Dec 2019 05:51:01 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
status
200
cache-control
no-cache, must-revalidate, max-age=0
alt-svc
h3-24=":443"; ma=3600
content-length
44
expires
Fri, 06 Dec 2019 05:51:01 GMT
/
www.google.com/pagead/1p-user-list/984436569/
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/984436569/?value=0&guid=ON&script=0&data.prod=Prequalification&data.subprod=HMC&data.pageid=Prequalification_input
  • https://www.google.com/pagead/1p-user-list/984436569/?value=0&guid=ON&script=0&data.prod=Prequalification&data.subprod=HMC&data.pageid=Prequalification_input&is_vtc=1&random=1084136008
0
0

iui3
s.amazon-adsystem.com/
Redirect Chain
  • https://s.amazon-adsystem.com/iui3?d=forester-did&ex-fargs=%3Fid%3Da07ee1ba-96c5-7025-008f-cbbd79a45df2%26type%3D31%26m%3D1&ex-fch=416613&ex-src=https%3A%2F%2Fwww.benefits-mortgage.com%2Faffinity%2...
  • https://s.amazon-adsystem.com/iui3?d=forester-did&ex-fargs=%3Fid%3Da07ee1ba-96c5-7025-008f-cbbd79a45df2%26type%3D31%26m%3D1&ex-fch=416613&ex-src=https%3A%2F%2Fwww.benefits-mortgage.com%2Faffinity%2...
43 B
674 B
Image
General
Full URL
https://s.amazon-adsystem.com/iui3?d=forester-did&ex-fargs=%3Fid%3Da07ee1ba-96c5-7025-008f-cbbd79a45df2%26type%3D31%26m%3D1&ex-fch=416613&ex-src=https%3A%2F%2Fwww.benefits-mortgage.com%2Faffinity%2Fmortgage-prequalification.page%3Fsuffix%3Dconstantine-bounougias%26dm%3DDMIDRBIZCO&ex-hargs=v%3D1.0%3Bc%3D2079708751398%3Bp%3DA07EE1BA-96C5-7025-008F-CBBD79A45DF2&dcc=t
Requested by
Host: www.benefits-mortgage.com
URL: https://www.benefits-mortgage.com/affinity/mortgage-prequalification.page?suffix=constantine-bounougias&dm=DMIDRBIZCO
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
72.21.206.140 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
206-140.amazon.com
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Request headers

Referer
https://www.benefits-mortgage.com/affinity/mortgage-prequalification.page?suffix=constantine-bounougias&dm=DMIDRBIZCO
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 06 Dec 2019 05:51:01 GMT
Server
Server
Vary
User-Agent
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Fri, 06 Dec 2019 05:51:01 GMT
Server
Server
Vary
User-Agent
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://s.amazon-adsystem.com/iui3?d=forester-did&ex-fargs=%3Fid%3Da07ee1ba-96c5-7025-008f-cbbd79a45df2%26type%3D31%26m%3D1&ex-fch=416613&ex-src=https%3A%2F%2Fwww.benefits-mortgage.com%2Faffinity%2Fmortgage-prequalification.page%3Fsuffix%3Dconstantine-bounougias%26dm%3DDMIDRBIZCO&ex-hargs=v%3D1.0%3Bc%3D2079708751398%3Bp%3DA07EE1BA-96C5-7025-008F-CBBD79A45DF2&dcc=t
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
event
wellsfargobankna.demdex.net/
42 B
614 B
Image
General
Full URL
https://wellsfargobankna.demdex.net/event?c_app_id=ResidentialLendingForms&c_page_type=Prequalification&c_page_id=Prequalification_input&c_site_type=HMC&d_cid=113287%01
Requested by
Host: www.benefits-mortgage.com
URL: https://www.benefits-mortgage.com/affinity/mortgage-prequalification.page?suffix=constantine-bounougias&dm=DMIDRBIZCO
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.247.192.223 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-34-247-192-223.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://www.benefits-mortgage.com/affinity/mortgage-prequalification.page?suffix=constantine-bounougias&dm=DMIDRBIZCO
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

DCS
dcs-prod-irl1-v055-0960af9fe.edge-irl1.demdex.com 5.64.1.20191128093837 0ms (+1ms)
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
X-TID
9FdjvmsdTrY=
Connection
keep-alive
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
X-Error
300,104,113
Content-Type
image/gif
Content-Length
42
Expires
Thu, 01 Jan 1970 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/984436569/
0
0

collect
www.google-analytics.com/
35 B
100 B
Image
General
Full URL
https://www.google-analytics.com/collect?v=1&_v=j68&aip=1&a=304674164&t=pageview&_s=1&dl=https%3A%2F%2Fwww.benefits-mortgage.com%2Faffinity%2Fmortgage-prequalification.page&ul=en-us&de=windows-1252&dt=Wells%20Fargo%20Home%20Mortgage%20Program%20-%20DEAN%20P%20BOUNOUGIAS&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=YGBAiAABB~&jid=2106160390&gjid=2137647649&cid=1264431924.1575611462&tid=UA-107148943-1&_gid=1619302296.1575611462&cd11=Prequalification_input&cd1=ResidentialLendingForms&cd7=Desktop&cd12=Prequalification&z=1095422307
Requested by
Host: www.benefits-mortgage.com
URL: https://www.benefits-mortgage.com/affinity/mortgage-prequalification.page?suffix=constantine-bounougias&dm=DMIDRBIZCO
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:815::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.benefits-mortgage.com/affinity/mortgage-prequalification.page?suffix=constantine-bounougias&dm=DMIDRBIZCO
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 20 Nov 2019 05:18:36 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
1384345
content-type
image/gif
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control
no-cache, no-store, must-revalidate
access-control-allow-origin
*
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.com/ads/
Redirect Chain
  • https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&v=1&_v=j68&tid=UA-107148943-1&cid=1264431924.1575611462&jid=2106160390&gjid=2137647649&_gid=1619302296.1575611462&_u=YGBAiAABB~&z=147797268
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-107148943-1&cid=1264431924.1575611462&jid=2106160390&_v=j68&z=147797268
0
0

ga-audiences
www.google.de/ads/
0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.google.com
URL
https://www.google.com/pagead/1p-user-list/984436569/?value=0&guid=ON&script=0&data.prod=Prequalification&data.subprod=HMC&data.pageid=Prequalification_input&is_vtc=1&random=1084136008
Domain
www.google.de
URL
https://www.google.de/pagead/1p-user-list/984436569/?value=0&guid=ON&script=0&data.prod=Prequalification&data.subprod=HMC&data.pageid=Prequalification_input&is_vtc=1&random=1084136008&ipr=y
Domain
www.google.com
URL
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-107148943-1&cid=1264431924.1575611462&jid=2106160390&_v=j68&z=147797268
Domain
www.google.de
URL
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-107148943-1&cid=1264431924.1575611462&jid=2106160390&_v=j68&z=147797268&slf_rd=1&random=11991309

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Wells Fargo (Banking)

243 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| $ function| jQuery function| checkRcfFormField function| validateRcfForm function| getElementById function| getLabelId function| checkRadioButton function| isValidEmail function| isNumeric function| realignContactBar string| GB_ROOT_DIR object| theBody object| AJS function| AJSDeferred boolean| script_loaded string| e string| BASE_URL object| ajaxErrorHandler function| getQueryArgument string| _agent string| _agent_version function| isIe function| isIe8 function| isSafari function| isOpera function| isMozilla function| isMac function| isCamino function| createArray function| forceArray function| join function| isIn function| getIndex function| getFirst function| getLast function| getRandom function| update function| flattenList function| flattenElmArguments function| map function| rmap function| filter function| partial function| getElement function| getElements function| getElementsByTagAndClassName function| nodeName function| _nodeWalk function| getParentBytc function| getChildBytc function| hasParent function| getPreviousSiblingBytc function| getNextSiblingBytc function| getBody function| getFormElement function| getSelectValue function| documentInsert function| appendChildNodes function| appendToTop function| replaceChildNodes function| insertAfter function| insertBefore function| swapDOM function| removeElement function| createDOM function| _createDomShortcuts function| setHTML function| setVisibility function| showElement function| hideElement function| isElementHidden function| isElementShown function| setStyle function| __cssDim function| setWidth function| setHeight function| setLeft function| setRight function| setTop function| setClass function| addClass function| hasClass function| removeClass function| setOpacity function| HTML2DOM function| preloadImages function| RND function| getXMLHttpRequest function| getRequest function| serializeJSON function| loadJSON function| evalTxt function| evalScriptTags function| encodeArguments function| _reprString function| _reprDate function| getMousePos function| getScrollTop function| absolutePosition function| getWindowSize function| isOverlapping function| getEventElm function| setEventKey function| onEvent boolean| ready_bound boolean| is_ready function| bindReady object| ready_list function| ready number| _f_guid number| _wipe_guid function| handleEvent function| bind function| bindMethods function| preventDefault function| _listenOnce function| _getRealScope object| _reccruing_tos function| setSingleTimeout function| keys function| values function| urlencode function| urldecode function| isDefined function| isArray function| isString function| isNumber function| isObject function| isFunction function| isDict function| exportToGlobalScope function| log function| strip function| trim_if_needed function| Class function| $$ function| $f function| $b function| $p function| $FA function| $A function| DI function| ACN function| RCN function| AEV function| REV function| $bytc function| $AP function| loadJSONDoc function| queryArguments function| $gp function| $gc function| $sv object| generalErrorback object| generalCallback function| UL function| LI function| TD function| TR function| TH function| TBODY function| TABLE function| INPUT function| SPAN function| B function| A function| DIV function| IMG function| BUTTON function| H1 function| H2 function| H3 function| H4 function| H5 function| H6 function| BR function| TEXTAREA function| FORM function| P function| SELECT function| OPTION function| OPTGROUP function| IFRAME function| SCRIPT function| CENTER function| DL function| DT function| DD function| SMALL function| PRE function| I function| LABEL function| THEAD function| TN object| events string| k object| GB_CURRENT object| GB_SETS function| decoGreyboxLinks function| GB_hide function| GreyBox function| _GB_update function| _GB_setOverlayDimension function| GB_showImage function| GB_showPage function| GB_Gallery function| GB_showFullScreenSet function| GB_showImageSet function| GB_Sets function| GB_show function| GB_showCenter function| GB_showFullScreen function| GB_Window function| controlConditinalFields function| cookieCheck string| tealiumUtagData object| utag_data object| tealiumUtagDataArray object| oHead object| oScript object| today number| year0 object| jQuery1121011940887393206157 function| callback_fn function| filterNonDigit function| filterInvalidChar function| validate function| validateFormFields function| customValidation boolean| utag_condload string| new_path object| utag_cfg_ovrd object| utag function| utag_pad function| utag_visitor_id string| GoogleAnalyticsObject function| ga undefined| d object| gaplugins object| gaGlobal object| gaData

16 Cookies

Domain/Path Name / Value
.benefits-mortgage.com/ Name: _gid
Value: GA1.2.1619302296.1575611462
.benefits-mortgage.com/ Name: utag_main
Value: v_id:016ed9c2efaf0019d30f1063401300079007507100b08$_sn:1$_se:1$_ss:1$_st:1575613261552$ses_id:1575611461552%3Bexp-session$_pn:1%3Bexp-session
www.benefits-mortgage.com/ Name: benefits-mortgage_443_infra_1
Value: !PCpGcM84DjVJEXIm3DtQGulPM9KoKGd9+ciQXanYCH1BOwdZ/ySXkdotMMYRPAm60rz7JlbFJ5dAVHY=
.benefits-mortgage.com/ Name: TS013aa3d0
Value: 011a85ef9b6aa4062458e7d042a2e46055458fe745a61d09a3f4f9e913f6a5f3557214906057324e2d20afe3f7c324d016f5a9095c3114f619fab354daaea562f8e3d534176a4169e1c1c11c54cc24e547a374fd6e
www.benefits-mortgage.com/ Name: ROUTEID
Value: ."jvm2"
www.benefits-mortgage.com/affinity Name: suffix
Value: constantine-bounougias
www.benefits-mortgage.com/ Name: benefits-mortgage_443_infra_2
Value: !RIMgJQ+WF8F5URsm3DtQGulPM9KoKEq4qYY/oZVLlZqOXVRxvsIslp75W9EIE/iE24BaTRNBfSFT6ag=
.benefits-mortgage.com/ Name: TLTUID
Value: 611D33EA17EC10171AECB77F29F28BB5
.benefits-mortgage.com/ Name: _gat_wf_0
Value: 1
.benefits-mortgage.com/ Name: TLTSID
Value: 611D33EA17EC10171AECB77F29F28BB5
www.benefits-mortgage.com/ Name: TS01ccfc32
Value: 011a85ef9b961fdeaa5e885a88f6130adf326eff0ba61d09a3f4f9e913f6a5f355721490608f44436ddadc35794e3e580d61fa4a13a99ca09a699c8757e8b15cd30f2731e5aec183055233bc34ebcc8217be85cbf5060c1cc904bea77c950d4200564be437bb3ec8a1d202257128235a10af59641dfe8ba9c5677f9c3689e30550cd2b4a8d
www.benefits-mortgage.com/affinity Name: TS0139c89a
Value: 011a85ef9bcc941b13b86085933911245b696cb727a61d09a3f4f9e913f6a5f3557214906086620a3c8b51da9f03737ccc45604291bd27220f3316205bc996a5a551efc163
.benefits-mortgage.com/ Name: _ga
Value: GA1.2.1264431924.1575611462
www.benefits-mortgage.com/affinity Name: wfacookie
Value: 212019120600505931897
www.benefits-mortgage.com/affinity Name: dm
Value: DMIDRBIZCO
www.benefits-mortgage.com/affinity Name: JSESSIONID
Value: 4226FBEC6C838FF259EC13CF015DC6E1.JVM

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad.doubleclick.net
adservice.google.com
hmc-ecard.wf.com
mortgage.wellsfargo.com
s.amazon-adsystem.com
static.wellsfargo.com
wellsfargobankna.demdex.net
www.benefits-mortgage.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.wfhm.com
www.google.com
www.google.de
159.45.14.243
159.45.14.246
159.45.14.249
159.45.2.178
172.217.22.6
184.154.24.90
2a00:1450:4001:815::200e
2a00:1450:4001:824::2002
2a03:2880:f11c:8183:face:b00c:0:25de
34.247.192.223
72.21.206.140
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
1d75c1532073401f90f2c4a3135126be6b2cfcd7d24af3da75e393a3c2269a81
1ed889a15705bc76729d29d715c64f3d7f35de2ea519e1d2704924cf40d9e30d
325c9abd3a010d95544f93d94a8ae5b9fae2a70affb4bfa260dd161cbf2e295b
38e2c6116101fe7241055441982c84f56ff0a7eee4542c6cd6cbaba25c3e51ea
3e7f0e56964b201b30b49fb975290614ac8b9ed8ec7b4849b519a33f0c847aa5
48f9004af522f48115c3dc41362c594349764d78119c432f150bdc690f380fed
57d230c644b0cde4f37f92c585db85931c9963456645c077f97242bb1a616b64
5d84bf2ab5a4b97af19f598e41f3fa5daa616fb9e313bc7472e0a4ae96efb614
69cb464241504894bdeb19ada09c5527b65b734b2362a33dd946381629373058
6c5ff9e9cf60feedf249e8152a08ca0addf694ca356d9604f09ee534d6cdf102
6f1835a06585a3cf90a0b7e85f67607fddebb9a4e7f81f534257e61b904e26cf
715df77389e6b1cb4aa5beb6e62cf245ae0169c1f481920a34f4ce877897fd06
76f20a29227b17b4546bad88aa18484ce89ada61f07b6933e93b3a5e535b8291
7a80cebc7c82d342734636c864c21469a31fb714c6f8e415ac228849cdd1c8a8
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
9fe02658a495321edf29de87f262dfda74c89f8b7bc050a40b086b544c0a1641
a0e1de92279bb8348d8756b6fa89fd927d81943b71be5a0a88f02e3de8296834
a991fea949e620727e1f9bd58459bef40b0268fd469d744cb6a9cbd3578456db
aac421b5f7c1ac04e2e2488b8e960c2368c2a28927da0b028bb7b9c6c31a5625
ae516ff917750f1574ac585c708b73f5a969baecb5f1ff4d114a92358db5d250
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c644df4b951b7bb95666d0e565c11a0f052b7f2a281a06e2fdb22409a26ed60e
d6d8eb0c5f0939334fc8f137545dd5b2cfc9beb7cb7128f9069639d143b04e14
e3fbf57ca8c7e4a8e72d595288620c114876f272054e6617364eca5c5e505dc5
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
fd15cb4f34ccd7a6a650dd3926def01c5d5099a172cdbfa6fa858a9d9f766c16
fe4f8946fabafb8509d7361b62424a5de5cd13bc290306b8f3fa0cb66c7e502e