newenrollmentplans.com Open in urlscan Pro
172.67.194.109 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://benefitplanextras.com/
Effective URL:
https://newenrollmentplans.com/
Submission: On July 07 via api (July 7th 2024, 11:41:54 pm UTC) from BE — Scanned from GB

Summary HTTP 30 Redirects Behaviour Indicators

Summary

This website contacted 13 IPs in 2 countries across 10 domains to perform 30 HTTP transactions. The main IP is 172.67.194.109, located in United States and belongs to CLOUDFLARENET, US. The main domain is newenrollmentplans.com.
TLS certificate: Issued by GTS CA 1P5 on May 25th 2024. Valid for: 3 months.

This is the only time newenrollmentplans.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
4	2a02:4780:2b:... 2a02:4780:2b:1607:0:18fe:8e77:10	47583 (AS-HOSTINGER) (AS-HOSTINGER)
1	194.164.64.15 194.164.64.15	47583 (AS-HOSTINGER) (AS-HOSTINGER)
2	2a03:2880:f08... 2a03:2880:f084:105:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2606:4700:10:... 2606:4700:10::6816:26b6	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	172.67.194.109 172.67.194.109	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:81c::200a	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:80b::2003	15169 (GOOGLE) (GOOGLE)
1	2606:4700:10:... 2606:4700:10::6816:27b6	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	45.223.19.68 45.223.19.68	19551 (INCAPSULA) (INCAPSULA)
1	13.32.23.8 13.32.23.8	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:249... 2600:9000:2490:c00:4:1957:6500:93a1	16509 (AMAZON-02) (AMAZON-02)
1	54.161.34.51 54.161.34.51	14618 (AMAZON-AES) (AMAZON-AES)
30	13

4 2a02:4780:2b:1607:0:18fe:8e77:10 (Boston, United States)

ASN47583 (AS-HOSTINGER, CY)

benefitplanextras.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 194.164.64.15 (Germany)

ASN47583 (AS-HOSTINGER, CY)

benefitplanextras.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f084:105:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6816:26b6 (United States)

ASN13335 (CLOUDFLARENET, US)

create.lidstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 172.67.194.109 (United States)

ASN13335 (CLOUDFLARENET, US)

newenrollmentplans.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81c::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6816:27b6 (United States)

ASN13335 (CLOUDFLARENET, US)

create.lidstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 45.223.19.68 (United States)

ASN19551 (INCAPSULA, US)

create.leadid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.23.8 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-23-8.fra56.r.cloudfront.net

d2m2wsoho8qq12.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2490:c00:4:1957:6500:93a1 (United States)

ASN16509 (AMAZON-02, US)

b-js.ringba.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.161.34.51 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-161-34-51.compute-1.amazonaws.com

display.ringba.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	newenrollmentplans.com newenrollmentplans.com	205 KB
5	benefitplanextras.com benefitplanextras.com	27 KB
3	gstatic.com fonts.gstatic.com	79 KB
3	leadid.com create.leadid.com — Cisco Umbrella Rank: 16699 Failed	2 KB
2	ringba.com b-js.ringba.com — Cisco Umbrella Rank: 286652 display.ringba.com — Cisco Umbrella Rank: 305711	14 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 87	3 KB
2	lidstatic.com create.lidstatic.com — Cisco Umbrella Rank: 25365	78 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 216	71 KB
1	cloudfront.net d2m2wsoho8qq12.cloudfront.net
0	facebook.com Failed www.facebook.com Failed
30	10

	Domain	Requested by
7	newenrollmentplans.com	benefitplanextras.com newenrollmentplans.com
5	benefitplanextras.com	benefitplanextras.com
3	fonts.gstatic.com	fonts.googleapis.com
3	create.leadid.com	create.lidstatic.com
2	fonts.googleapis.com	newenrollmentplans.com
2	create.lidstatic.com	benefitplanextras.com
2	connect.facebook.net	benefitplanextras.com connect.facebook.net
1	display.ringba.com	b-js.ringba.com
1	b-js.ringba.com	benefitplanextras.com
1	d2m2wsoho8qq12.cloudfront.net	create.lidstatic.com
0	www.facebook.com Failed
30	11

This site contains no links.

Subject Issuer	Validity	Valid
benefitplanextras.com ZeroSSL RSA Domain Secure Site CA	`2024-07-02` - `2024-09-30`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-04-16` - `2024-07-15`	3 months	crt.sh
lidstatic.com E1	`2024-05-25` - `2024-08-23`	3 months	crt.sh
newenrollmentplans.com GTS CA 1P5	`2024-05-25` - `2024-08-23`	3 months	crt.sh
upload.video.google.com WR2	`2024-06-13` - `2024-09-05`	3 months	crt.sh
*.gstatic.com WR2	`2024-06-13` - `2024-09-05`	3 months	crt.sh
imperva.com GlobalSign Atlas R3 DV TLS CA 2024 Q2	`2024-04-24` - `2024-10-21`	6 months	crt.sh
*.cloudfront.net Amazon RSA 2048 M01	`2023-10-10` - `2024-09-19`	a year	crt.sh
*.ringba.com Amazon RSA 2048 M03	`2023-11-27` - `2024-12-23`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://newenrollmentplans.com/
Frame ID: CFC069F5EB8783AB26B6F0012E382E5E
Requests: 29 HTTP requests in this frame

Frame: https://d2m2wsoho8qq12.cloudfront.net/iframe.html?token=2E3B3997-C9CF-E762-F328-3AA9BEA521FD&apiurl=https%3A%2F%2Fcreate.leadid.com%2F2.12.1&lck=A57816B4-6C59-F397-7853-7E14E45D3E1B&lac=F252983F-4BD1-0DD8-CD81-F4700AF60B66
Frame ID: FB1957960D1F828CBFF8927EA67B542A
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

MyObamacareRates

Page URL History Show full URLs

https://benefitplanextras.com/ Page URL
https://newenrollmentplans.com/ Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Page Statistics

30
Requests

90 %
HTTPS

58 %
IPv6

10
Domains

11
Subdomains

13
IPs

2
Countries

480 kB
Transfer

1103 kB
Size

9
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://benefitplanextras.com/ Page URL
https://newenrollmentplans.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

30 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 / Show response
benefitplanextras.com/ 14 KB
5 KB 315ms
96ms Document
text/html 2a02:4780:2b:1607:0:18fe:8e77:10
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://benefitplanextras.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:2b:1607:0:18fe:8e77:10 Boston, United States, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed / PHP/8.1.28

Resource Hash

d8f72eac0fa1ec1d0a386d530ff95dd3079538dfc82abe8018dbf32136ca6004

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Accept-Language: en-GB,en;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-encoding: br
content-length: 4685
content-security-policy: upgrade-insecure-requests
content-type: text/html; charset=UTF-8
date: Sun, 07 Jul 2024 23:41:47 GMT
platform: hostinger
server: LiteSpeed
vary: Accept-Encoding
x-powered-by: PHP/8.1.28

GET
H2 200 style.css
benefitplanextras.com/styles/ 7 KB
2 KB 98ms
98ms Stylesheet
text/css 2a02:4780:2b:1607:0:18fe:8e77:10
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://benefitplanextras.com/styles/style.css

Requested by

Host: benefitplanextras.com
URL: https://benefitplanextras.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:2b:1607:0:18fe:8e77:10 Boston, United States, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

6a5dbe4499283fbbc20547e6d14e4fe86a8a29b075558e0af36e566e1a78414b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://benefitplanextras.com/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 23:41:47 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Tue, 02 Jul 2024 19:13:13 GMT
server: LiteSpeed
etag: "1cec-66845149-993425c0938a13ff;br"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 2076
expires: Sun, 14 Jul 2024 23:41:47 GMT

GET
H2 200 absf_v1.0_references.js Show response
benefitplanextras.com/js/ 2 KB
717 B 194ms
193ms Script
application/x-javascript 2a02:4780:2b:1607:0:18fe:8e77:10
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://benefitplanextras.com/js/absf_v1.0_references.js

Requested by

Host: benefitplanextras.com
URL: https://benefitplanextras.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:2b:1607:0:18fe:8e77:10 Boston, United States, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

06ae6e6936555b02a9310328b4eb1481072092968daadd9fdd55d0457f354d31

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://benefitplanextras.com/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 23:41:47 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Tue, 02 Jul 2024 19:13:14 GMT
server: LiteSpeed
etag: "7f7-6684514a-bc5f905062fe5a65;br"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 613
expires: Sun, 14 Jul 2024 23:41:47 GMT

GET
H2 200 profile.png
benefitplanextras.com/images/ 19 KB
19 KB 194ms
194ms Image
image/png 2a02:4780:2b:1607:0:18fe:8e77:10
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://benefitplanextras.com/images/profile.png

Requested by

Host: benefitplanextras.com
URL: https://benefitplanextras.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:2b:1607:0:18fe:8e77:10 Boston, United States, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

028bf096de9208f1199b5f3c61b17f34cfe6284fd58018a1c9765d5f82d0fc36

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://benefitplanextras.com/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 23:41:47 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Tue, 02 Jul 2024 19:13:13 GMT
server: LiteSpeed
etag: "4b5d-66845149-71d9db3b67598762;;;"
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 19293
expires: Sun, 14 Jul 2024 23:41:47 GMT

GET
H3 200 reset.css
benefitplanextras.com/styles/ 935 B
682 B 103ms
102ms Stylesheet
text/css 194.164.64.15
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://benefitplanextras.com/styles/reset.css

Requested by

Host: benefitplanextras.com
URL: https://benefitplanextras.com/styles/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

194.164.64.15 , Germany, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://benefitplanextras.com/styles/style.css
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 23:41:47 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Tue, 02 Jul 2024 19:13:13 GMT
server: LiteSpeed
etag: "3a7-66845149-fb590c076f7770ab;br"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length: 343
expires: Sun, 14 Jul 2024 23:41:47 GMT

GET
H2 200 fbevents.js
connect.facebook.net/en_US/ 222 KB
59 KB 129ms
41ms Script
application/x-javascript 2a03:2880:f084:105:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: benefitplanextras.com
URL: https://benefitplanextras.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://benefitplanextras.com/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Sun, 07 Jul 2024 23:41:47 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 58293
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=38, rtx=0, c=12, mss=1297, tbw=2783, tp=-1, tpl=-1, uplat=0, ullat=-1
pragma: public
x-fb-debug: 6feS60RK+a4HgZ8sUPtGSCEz1cJLCvJkpbY01jUdIbIN1EbN3qgkdgOFxxzhvi8JuXDThJSRi5R25qwljKHPUA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 a57816b4-6c59-f397-7853-7e14e45d3e1b.js
create.lidstatic.com/campaign/ 121 KB
39 KB 389ms
312ms Script
text/javascript 2606:4700:10::6816:26b6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://create.lidstatic.com/campaign/a57816b4-6c59-f397-7853-7e14e45d3e1b.js?snippet_version=2&callback=addToQueryString
Requested by: Host: benefitplanextras.com
URL: https://benefitplanextras.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:26b6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://benefitplanextras.com/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 23:41:48 GMT
x-amz-version-id: 0TYZIhZnCiJDj1Gzr_aWxHS1MWCxaYWH
content-encoding: br
cf-cache-status: REVALIDATED
x-amz-request-id: D3PMQT2TCFRJA9C8
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: Tp0dbPPu1VxQ8lPa4YHaUksd/ICJMhL5P0Y8xKoK7OWNhZB2R5z8AriU6N/BCj/35rC+4uL+DBo=
last-modified: Thu, 18 Jan 2024 02:21:13 GMT
server: cloudflare
etag: W/"bc138804ddd94411bd78fba4df4e96b0"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=1800
cf-ray: 89fbaff59e7063a6-LHR

GET
H3 200 Primary Request / Show response
newenrollmentplans.com/ 23 KB
6 KB 461ms
387ms Document
text/html 172.67.194.109
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://newenrollmentplans.com/
Requested by: Host: benefitplanextras.com
URL: https://benefitplanextras.com/js/absf_v1.0_references.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.194.109 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 726c386597fd41f704fbbcd72ebd3caeca82dd6e3f9a610558fdcad35d868af9

Request headers

Accept-Language: en-GB,en;q=0.9;q=0.9
Referer: https://benefitplanextras.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
cache-control: max-age=2678400
cf-cache-status: MISS
cf-ray: 89fbaff59e1893e1-LHR
content-encoding: br
content-type: text/html; charset=utf-8
date: Sun, 07 Jul 2024 23:41:48 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IHDFsk3EwUJdgG6wvgDe5KBDHETWZqhZ1wsbM4QhYqTm0FE24koGALxxY4dFmMbTQUxrLGT1rRn0I1d7sdz8jgbEkQdMjH2Qg22abf4mjg%2FUTBQIwonPKIbDSMFyvzvSs3gYlYU8mmNo"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-powered-by: Express

GET
H2 200 495892816240862
connect.facebook.net/signals/config/ 58 KB
12 KB 138ms
137ms Script
application/x-javascript 2a03:2880:f084:105:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/495892816240862?v=2.9.160&r=stable&domain=benefitplanextras.com&hme=733c3732ec767f7a62e7787aff967e6d19b1e13e533937876f2e15efe07bf678&ex_m=67%2C113%2C100%2C104%2C58%2C3%2C93%2C66%2C15%2C91%2C84%2C49%2C51%2C160%2C163%2C175%2C171%2C172%2C174%2C28%2C94%2C50%2C73%2C173%2C155%2C158%2C168%2C169%2C176%2C122%2C39%2C33%2C134%2C14%2C48%2C181%2C180%2C124%2C17%2C38%2C1%2C41%2C62%2C63%2C64%2C68%2C88%2C16%2C13%2C90%2C87%2C86%2C101%2C103%2C37%2C102%2C29%2C25%2C156%2C159%2C131%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C54%2C59%2C61%2C71%2C95%2C26%2C72%2C8%2C7%2C76%2C46%2C20%2C97%2C96%2C98%2C9%2C19%2C18%2C81%2C53%2C79%2C32%2C70%2C0%2C89%2C31%2C78%2C83%2C45%2C44%2C82%2C36%2C4%2C85%2C77%2C42%2C34%2C80%2C2%2C35%2C60%2C40%2C99%2C43%2C75%2C65%2C105%2C57%2C56%2C30%2C92%2C55%2C52%2C47%2C74%2C69%2C23%2C106

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://benefitplanextras.com/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Sun, 07 Jul 2024 23:41:48 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=46, rtx=0, c=65, mss=1297, tbw=63814, tp=-1, tpl=-1, uplat=97, ullat=0
pragma: public
x-fb-debug: 9G9JGvsovxAuc9sCBChrRC+wYZ/VpVXT/jk0VIO7xfbr6RWgz268ji3jx1HIV1fmJdQIUPUCqqSZlMRNgOcyyg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET /
www.facebook.com/tr/ 0
0

GET /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 0
0

POST GenerateToken
create.leadid.com/2.12.1/ 0
0

GET
H3 200 bootstrap.min.css
newenrollmentplans.com/css/ 158 KB
25 KB 696ms
695ms Stylesheet
text/css 172.67.194.109
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://newenrollmentplans.com/css/bootstrap.min.css
Requested by: Host: newenrollmentplans.com
URL: https://newenrollmentplans.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.194.109 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: f886516f3d41e9e7bd994c7f7a39a89cafae9483f90396cb0ddeafe8d1ea5e72

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://newenrollmentplans.com/
Origin: https://newenrollmentplans.com
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 23:41:48 GMT
content-encoding: br
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: Express
etag: W/"279d8-G+N7YjBsjAxndbtMk8XkxOE9l3U"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KWG5%2FV6uTktTofDg0LeYPROztsEFIA2g1AQudrjBLZ1mKQ5ukZTl7GsAtVz9UOUw14Jkpv4VZaW0MiVPb1kDOhwy4Z2rh6HqiSFg3qaOnxoAeyrrMwxe6oKT2EZR%2BrKATew8T%2Fav3ge6"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=2678400
cf-ray: 89fbaff8082093e1-LHR
alt-svc: h3=":443"; ma=86400

GET
H2 200 css
fonts.googleapis.com/ 9 KB
1 KB 143ms
52ms Stylesheet
text/css 2a00:1450:4001:81c::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:400,700|Roboto+Slab:400,700&display=swap

Requested by

Host: newenrollmentplans.com
URL: https://newenrollmentplans.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

80b51eb98df76e4f9d7dd4e13ee821497cdb52835b67b74defb5a723b3ea13b6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://newenrollmentplans.com/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000
date: Sun, 07 Jul 2024 23:41:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sun, 07 Jul 2024 23:41:48 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 07 Jul 2024 23:41:48 GMT

GET
H2 200 css2
fonts.googleapis.com/ 23 KB
2 KB 144ms
54ms Stylesheet
text/css 2a00:1450:4001:81c::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Open+Sans:ital,wght@0,400;0,500;0,600;1,400&display=swap

Requested by

Host: newenrollmentplans.com
URL: https://newenrollmentplans.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2edca8c7b268ea2c28f1c0163a70761b07268cab6b11386456cfdcd4759cdf1d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://newenrollmentplans.com/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000
date: Sun, 07 Jul 2024 23:41:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sun, 07 Jul 2024 23:41:48 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 07 Jul 2024 23:41:48 GMT

GET
H3 200 logo.png
newenrollmentplans.com/images/ 114 KB
114 KB 654ms
653ms Image
image/png 172.67.194.109
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://newenrollmentplans.com/images/logo.png
Requested by: Host: newenrollmentplans.com
URL: https://newenrollmentplans.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.194.109 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: d1854f2659dc32e24936df4a715d520ba3b2d3da5b03a3fe84d5904446bbb20a

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://newenrollmentplans.com/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 23:41:48 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: Express
etag: W/"1c760-KNQWKKlfM4e9HIFYB5aik573NbA"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tJQHyivpFnIV%2BKCIHk22ducOZ21E7vqRuIGsGXWgsxuVN96hv%2FdIjFAl1QhUVGlkIXk%2F%2Byet0urZVWFWlVgokStF79ztST8bzmPJ9s03RtOGX3wX9%2Ba03lDMqv9xjqOlnI0Tgr2%2BTJTl"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2678400
accept-ranges: bytes
cf-ray: 89fbaff8082293e1-LHR
alt-svc: h3=":443"; ma=86400
content-length: 116576

GET
H3 200 image.jpg
newenrollmentplans.com/images/ 31 KB
31 KB 454ms
453ms Image
image/jpeg 172.67.194.109
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://newenrollmentplans.com/images/image.jpg
Requested by: Host: newenrollmentplans.com
URL: https://newenrollmentplans.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.194.109 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: f70a1c4355672de33b4f6af28f01121e969e9ac38365905c7ba6b4701a054792

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://newenrollmentplans.com/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 23:41:48 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: Express
etag: W/"7a46-zYQ/YRN1YIvI9yrQhgtF7UwkqkI"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BZv7W9tjfO%2BeRYsmu13M9QRJ6q5EJRsRAV59le%2FdiIxeN57X7REVuCqS2UVMTvO7JQmqmpQg5TbMdI6MRhPiya7c6jfsLm8yfmIzWpnHF0gZ%2F4e8MMnyac%2BG4bicBaBa17R6M26wOzBg"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=2678400
accept-ranges: bytes
cf-ray: 89fbaff8082593e1-LHR
alt-svc: h3=":443"; ma=86400
content-length: 31302

GET
H3 200 rocket-loader.min.js Show response
newenrollmentplans.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ 12 KB
4 KB 44ms
44ms Script
application/javascript 172.67.194.109
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://newenrollmentplans.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Requested by

Host: newenrollmentplans.com
URL: https://newenrollmentplans.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.194.109 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://newenrollmentplans.com/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 23:41:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 04 Jul 2024 09:57:52 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"66867220-302c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KNSdJqyMlYWyi2WSl9d%2F60WFQ3afDOwuHP8Ie4QnvrsiPzmndQSvEM20IYG3iFEZdAUOHyo1DcMqddJRvgXGbNW%2Bq4IQFaC%2BfxWjpAvoDnSr1ZwDFRExlCQkeDMf4tGlCbOAE02hYsE%2B"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-frame-options: DENY
cache-control: max-age=172800, public
cf-ray: 89fbaff8284193e1-LHR
expires: Tue, 09 Jul 2024 23:41:48 GMT

GET
H3 200 bootstrap.bundle.min.js Show response
newenrollmentplans.com/js/ 79 KB
24 KB 516ms
516ms Script
application/javascript 172.67.194.109
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://newenrollmentplans.com/js/bootstrap.bundle.min.js
Requested by: Host: newenrollmentplans.com
URL: https://newenrollmentplans.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.194.109 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 9520018fa5d81f4e4dc9d06afb576f90cbbaba209cfcc6cb60e1464647f7890b

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://newenrollmentplans.com/
Origin: https://newenrollmentplans.com
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 23:41:49 GMT
content-encoding: br
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: Express
etag: W/"13a24-kNFQNu9I/LM2oTW66BK0VmnxkEQ"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GwrdBzzwnDl5PswlqYRdELUwLvPWdNJXWYNDaL7EIxwlp7rr%2Bjw6Z39cSDKGymqcU2yl8lyesdMPUoqCPe%2BGnxSY8aTa9wRtseQitCyIb%2BQ%2FTUwovjd8CEolBeQe9cv6cw7AMA67VhX7"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=2678400
cf-ray: 89fbaffc6bcc93e1-LHR
alt-svc: h3=":443"; ma=86400

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v40/ 47 KB
47 KB 179ms
88ms Font
font/woff2 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Open+Sans:ital,wght@0,400;0,500;0,600;1,400&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://fonts.googleapis.com/
Origin: https://newenrollmentplans.com
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 09:37:33 GMT
x-content-type-options: nosniff
age: 309855
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48236
x-xss-protection: 0
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 04 Jul 2025 09:37:33 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
15 KB 143ms
53ms Font
font/woff2 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,700|Roboto+Slab:400,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://fonts.googleapis.com/
Origin: https://newenrollmentplans.com
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 17:31:01 GMT
x-content-type-options: nosniff
age: 281447
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 04 Jul 2025 17:31:01 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
16 KB 132ms
41ms Font
font/woff2 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,700|Roboto+Slab:400,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://fonts.googleapis.com/
Origin: https://newenrollmentplans.com
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 07:43:41 GMT
x-content-type-options: nosniff
age: 316687
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 04 Jul 2025 07:43:41 GMT

GET
H2 200 a57816b4-6c59-f397-7853-7e14e45d3e1b.js Show response
create.lidstatic.com/campaign/ 121 KB
39 KB 109ms
45ms Script
text/javascript 2606:4700:10::6816:27b6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://create.lidstatic.com/campaign/a57816b4-6c59-f397-7853-7e14e45d3e1b.js?snippet_version=2&callback=addToQueryString
Requested by: Host: benefitplanextras.com
URL: https://benefitplanextras.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:27b6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9947cbb5ca79a84719954ea34e03988bb27ea30bb57d9cb4ff3783c84564d0a5

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://newenrollmentplans.com/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 23:41:49 GMT
x-amz-version-id: 0TYZIhZnCiJDj1Gzr_aWxHS1MWCxaYWH
content-encoding: br
cf-cache-status: HIT
x-amz-request-id: D3PMQT2TCFRJA9C8
age: 1
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: Tp0dbPPu1VxQ8lPa4YHaUksd/ICJMhL5P0Y8xKoK7OWNhZB2R5z8AriU6N/BCj/35rC+4uL+DBo=
last-modified: Thu, 18 Jan 2024 02:21:13 GMT
server: cloudflare
etag: W/"bc138804ddd94411bd78fba4df4e96b0"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=1800
cf-ray: 89fbaffe3a88636d-LHR

GET
H3 404 favicon.ico
newenrollmentplans.com/ 9 B
498 B 267ms
267ms Other
text/plain 172.67.194.109
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://newenrollmentplans.com/favicon.ico
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.194.109 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 0019dfc4b32d63c1392aa264aed2253c1e0c2fb09216f8e2cc269bbfb8bb49b5

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://newenrollmentplans.com/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 23:41:49 GMT
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: Express
etag: W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hUgDJpbG%2FHxtJHRU0sepbQIX4bkScnrvOxMK8XdE%2FkjTh1v0uBko4XYfIoMoqFEksdynqkUiPJ8CJk5KNSBEqMYXa%2FLxGZVi7T%2F6%2BFrrA12YKvBxxtzo5b0SZIrbfTMBf7N7XlYaQYSi"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=2678400
cf-ray: 89fbaffddcfb93e1-LHR
alt-svc: h3=":443"; ma=86400
content-length: 9

POST
H2 200 GenerateToken Show response
create.leadid.com/2.12.1/ 36 B
984 B 500ms
416ms XHR
text/plain 45.223.19.68
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://create.leadid.com/2.12.1/GenerateToken?msn=1&pid=b5054135-0018-40c8-82b4-b5dc1de8671a&_=990876906

Requested by

Host: create.lidstatic.com
URL: https://create.lidstatic.com/campaign/a57816b4-6c59-f397-7853-7e14e45d3e1b.js?snippet_version=2&callback=addToQueryString

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.223.19.68 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

nginx /

Resource Hash

5662647f28aa88919bd3648275f8a3510b60b557d14c429c051bad33a0a21bc0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform: "Win32"
Referer: https://newenrollmentplans.com/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Sun, 07 Jul 2024 23:41:49 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: nginx
x-cdn: Imperva
access-control-max-age: 1728000
content-type: text/plain;charset=UTF-8
access-control-allow-origin: *
x-iinfo: 59-129958029-129958049 NNNN CT(96 101 0) RT(1720395708736 42) q(0 0 2 0) r(3 4) U24
cache-control: no-cache, must-revalidate
access-control-allow-headers: X-Requested-With, Content-Type
expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK iframe.html
d2m2wsoho8qq12.cloudfront.net/ Frame FB19 0
0 144ms
43ms Document
text/html 13.32.23.8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://d2m2wsoho8qq12.cloudfront.net/iframe.html?token=2E3B3997-C9CF-E762-F328-3AA9BEA521FD&apiurl=https%3A%2F%2Fcreate.leadid.com%2F2.12.1&lck=A57816B4-6C59-F397-7853-7E14E45D3E1B&lac=F252983F-4BD1-0DD8-CD81-F4700AF60B66

Requested by

Host: create.lidstatic.com
URL: https://create.lidstatic.com/campaign/a57816b4-6c59-f397-7853-7e14e45d3e1b.js?snippet_version=2&callback=addToQueryString

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

13.32.23.8 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-23-8.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: en-GB,en;q=0.9;q=0.9
Referer: https://newenrollmentplans.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

Access-Control-Allow-Headers: *
Access-Control-Allow-Origin: *
Age: 69325
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html
Date: Sun, 07 Jul 2024 04:26:44 GMT
Etag: W/"65a0715c-dbb"
Last-Modified: Thu, 11 Jan 2024 22:53:16 GMT
Server: nginx
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Transfer-Encoding: chunked
Via: 1.1 307a3e1075dd3d0976c64513a6ec3d74.cloudfront.net (CloudFront)
X-Amz-Cf-Id: LtFz3c2o3OUO18jIHQNjtJl5r7niB6u7toVSgSnGM1DAbSRH2PxtMQ==
X-Amz-Cf-Pop: FRA56-C2
X-Cache: Hit from cloudfront
X-Cdn: Imperva
X-Iinfo: 12-16170717-16170718 NNNN CT(117 92 0) RT(1719992899623 4) q(0 0 2 0) r(3 3) U24

POST
H2 200 SaveDom Show response
create.leadid.com/2.12.1/ 0
734 B 351ms
351ms XHR
text/plain 45.223.19.68
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://create.leadid.com/2.12.1/SaveDom?msn=2&pid=b5054135-0018-40c8-82b4-b5dc1de8671a&token=2E3B3997-C9CF-E762-F328-3AA9BEA521FD&_=990876907

Requested by

Host: create.lidstatic.com
URL: https://create.lidstatic.com/campaign/a57816b4-6c59-f397-7853-7e14e45d3e1b.js?snippet_version=2&callback=addToQueryString

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.223.19.68 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform: "Win32"
Referer: https://newenrollmentplans.com/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Sun, 07 Jul 2024 23:41:49 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: nginx
x-cdn: Imperva
access-control-max-age: 1728000
content-type: text/plain;charset=UTF-8
access-control-allow-origin: *
x-iinfo: 59-129958029-129958245 NNNN CT(101 103 0) RT(1720395708736 465) q(0 0 2 0) r(3 3) U24
cache-control: no-cache, must-revalidate
access-control-allow-headers: X-Requested-With, Content-Type
expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H2 200 CA3efe1122f0fc479bb67e286818ec6966 Show response
b-js.ringba.com/ 13 KB
13 KB 374ms
247ms Script
text/html 2600:9000:2490:c00:4:1957:6500:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://b-js.ringba.com/CA3efe1122f0fc479bb67e286818ec6966
Requested by: Host: benefitplanextras.com
URL: https://benefitplanextras.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2490:c00:4:1957:6500:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: fa5c959317c14a9a13cde4e8d0766334da1c2c34f24701af99f0959d193ae87a

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://newenrollmentplans.com/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-runtime: 4.0000
date: Sun, 07 Jul 2024 23:41:49 GMT
via: 1.1 d05d62f18b6532eb36f4d53b3337857c.cloudfront.net (CloudFront)
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-amz-cf-pop: FRA56-P6
x-powered-by: ASP.NET
access-control-max-age: 300
x-cache: Miss from cloudfront
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public
content-length: 13212
x-amz-cf-id: 0OnLyy_0gYofuTji99bKzmdXO16OPWU3fQ4WbuC7kAAdTulO73uqlw==
expires: Sun, 07 Jul 2024 23:46:50 GMT

POST
H2 200 Snap Show response
create.leadid.com/2.12.1/ 0
757 B 608ms
526ms XHR
text/plain 45.223.19.68
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://create.leadid.com/2.12.1/Snap?msn=3&pid=b5054135-0018-40c8-82b4-b5dc1de8671a&token=2E3B3997-C9CF-E762-F328-3AA9BEA521FD&_=990876908

Requested by

Host: create.lidstatic.com
URL: https://create.lidstatic.com/campaign/a57816b4-6c59-f397-7853-7e14e45d3e1b.js?snippet_version=2&callback=addToQueryString

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.223.19.68 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform: "Win32"
Referer: https://newenrollmentplans.com/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Sun, 07 Jul 2024 23:41:50 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: nginx
x-cdn: Imperva
access-control-max-age: 1728000
content-type: text/plain;charset=UTF-8
access-control-allow-origin: *
x-iinfo: 59-129958029-129958294 NNNN CT(122 110 0) RT(1720395708736 635) q(0 0 3 3) r(4 6) U24
cache-control: no-cache, must-revalidate
access-control-allow-headers: X-Requested-With, Content-Type
expires: Sat, 26 Jul 1997 05:00:00 GMT

POST
H/1.1 200
OK gnbulk Show response
display.ringba.com/v2/nis/ 400 B
793 B 476ms
116ms XHR
application/json 54.161.34.51
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://display.ringba.com/v2/nis/gnbulk
Requested by: Host: b-js.ringba.com
URL: https://b-js.ringba.com/CA3efe1122f0fc479bb67e286818ec6966
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.161.34.51 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-161-34-51.compute-1.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 35ae7308c6f71756d44bd205e650b849c0c154d05611c88150d5396dcae2f0b6

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform: "Win32"
Referer: https://newenrollmentplans.com/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-type: text/plain

Response headers

Pragma: no-cache
Date: Sun, 07 Jul 2024 23:41:49 GMT
X-Runtime: 0.0030
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Access-Control-Max-Age: 300
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://newenrollmentplans.com
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 400
Expires: -1

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.facebook.com
URL: https://www.facebook.com/tr/?id=495892816240862&ev=PageView&dl=https%3A%2F%2Fbenefitplanextras.com%2F&rl=&if=false&ts=1720395708070&sw=1600&sh=1200&v=2.9.160&r=stable&ec=0&o=4126&fbp=fb.1.1720395708069.404634009645599761&ler=empty&cdl=API_unavailable&it=1720395707917&coo=false&rqm=GET

Domain: www.facebook.com
URL: https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=495892816240862&ev=PageView&dl=https%3A%2F%2Fbenefitplanextras.com%2F&rl=&if=false&ts=1720395708070&sw=1600&sh=1200&v=2.9.160&r=stable&ec=0&o=4126&fbp=fb.1.1720395708069.404634009645599761&ler=empty&cdl=API_unavailable&it=1720395707917&coo=false&rqm=FGET

Domain: create.leadid.com
URL: https://create.leadid.com/2.12.1/GenerateToken?msn=1&pid=5324abef-b62c-46bc-ae5f-02847bd5e885&_=32935664

Verdicts & Comments Add Verdict or Comment

21 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

9 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.benefitplanextras.com/	1970-01-21 00:02:51	Name: _fbp Value: fb.1.1720395708069.404634009645599761
newenrollmentplans.com/	1970-01-20 21:53:16	Name: leadid_token-F252983F-4BD1-0DD8-CD81-F4700AF60B66-A57816B4-6C59-F397-7853-7E14E45D3E1B Value: 2E3B3997-C9CF-E762-F328-3AA9BEA521FD
.trueleadid.com/	1969-12-31 23:59:59	Name: nlbi_3051494 Value: dtotEfVG1x6jITw1C30iGwAAAADu5+682HjLTPx+Y47XqfiN
.trueleadid.com/	1970-01-21 06:37:38	Name: visid_incap_3051494 Value: hCMHwjeoTr6pY7MJRooUdL0ni2YAAAAAQUIPAAAAAAAmcpyluf9jnvuR7xEWACgb
.trueleadid.com/	1969-12-31 23:59:59	Name: incap_ses_1854_3051494 Value: 2p5GbofEkkbw9HLVL7u6Gb0ni2YAAAAAZM9X9LEem368ao46GtobbQ==
.deviceid.trueleadid.com/	1970-01-21 07:29:15	Name: uuid Value: 9be7045d7a8942d5a5a6f4df0d7fb649
.leadid.com/	1970-01-21 06:37:38	Name: visid_incap_3079785 Value: SLgxPfwoSKqAwxSMuLiZbr0ni2YAAAAAQUIPAAAAAAAID/uSHGJnNIILWJR7lFuM
.leadid.com/	1969-12-31 23:59:59	Name: nlbi_3079785 Value: 5QlHJ7UsHTYlx/BfoCxIyQAAAADMnhTkfv4Na3IfULs1r7Mx
.leadid.com/	1969-12-31 23:59:59	Name: incap_ses_1854_3079785 Value: JYxDTpoGHxGh9XLVL7u6Gb0ni2YAAAAAgq89tXSn1aLFz+od1TFm2A==

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://newenrollmentplans.com/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

b-js.ringba.com
benefitplanextras.com
connect.facebook.net
create.leadid.com
create.lidstatic.com
d2m2wsoho8qq12.cloudfront.net
display.ringba.com
fonts.googleapis.com
fonts.gstatic.com
newenrollmentplans.com
www.facebook.com
create.leadid.com
www.facebook.com
13.32.23.8
172.67.194.109
194.164.64.15
2600:9000:2490:c00:4:1957:6500:93a1
2606:4700:10::6816:26b6
2606:4700:10::6816:27b6
2a00:1450:4001:80b::2003
2a00:1450:4001:81c::200a
2a02:4780:2b:1607:0:18fe:8e77:10
2a03:2880:f084:105:face:b00c:0:3
45.223.19.68
54.161.34.51
0019dfc4b32d63c1392aa264aed2253c1e0c2fb09216f8e2cc269bbfb8bb49b5
028bf096de9208f1199b5f3c61b17f34cfe6284fd58018a1c9765d5f82d0fc36
06ae6e6936555b02a9310328b4eb1481072092968daadd9fdd55d0457f354d31
2edca8c7b268ea2c28f1c0163a70761b07268cab6b11386456cfdcd4759cdf1d
35ae7308c6f71756d44bd205e650b849c0c154d05611c88150d5396dcae2f0b6
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
5662647f28aa88919bd3648275f8a3510b60b557d14c429c051bad33a0a21bc0
6a5dbe4499283fbbc20547e6d14e4fe86a8a29b075558e0af36e566e1a78414b
726c386597fd41f704fbbcd72ebd3caeca82dd6e3f9a610558fdcad35d868af9
80b51eb98df76e4f9d7dd4e13ee821497cdb52835b67b74defb5a723b3ea13b6
9520018fa5d81f4e4dc9d06afb576f90cbbaba209cfcc6cb60e1464647f7890b
9947cbb5ca79a84719954ea34e03988bb27ea30bb57d9cb4ff3783c84564d0a5
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
d1854f2659dc32e24936df4a715d520ba3b2d3da5b03a3fe84d5904446bbb20a
d8f72eac0fa1ec1d0a386d530ff95dd3079538dfc82abe8018dbf32136ca6004
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f70a1c4355672de33b4f6af28f01121e969e9ac38365905c7ba6b4701a054792
f886516f3d41e9e7bd994c7f7a39a89cafae9483f90396cb0ddeafe8d1ea5e72
fa5c959317c14a9a13cde4e8d0766334da1c2c34f24701af99f0959d193ae87a

newenrollmentplans.com Open in urlscan Pro 172.67.194.109 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

30 Requests

90 %HTTPS

58 %IPv6

10 Domains

11 Subdomains

13 IPs

2 Countries

480 kBTransfer

1103 kBSize

9 Cookies

0 Outgoing links

Page URL History

Redirected requests

30 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

21 JavaScript Global Variables

newenrollmentplans.com Open in urlscan Pro
172.67.194.109 Public Scan

Screenshot
Live screenshot

Full Image

30
Requests

90 %
HTTPS

58 %
IPv6

10
Domains

11
Subdomains

13
IPs

2
Countries

480 kB
Transfer

1103 kB
Size

9
Cookies

30 HTTP transactions
0 data transactions