urlscan.io logo urlscan.io
SecurityTrails logo

staging.phonebenefit.com Open in urlscan Pro
208.30.33.201  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://staging.phonebenefit.com/
Effective URL: https://staging.phonebenefit.com/
Submission: On October 08 via manual from GB — Scanned from GB
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 14 HTTP transactions. The main IP is 208.30.33.201, located in United States and belongs to CAMBRIDGE-NA, US. The main domain is staging.phonebenefit.com.
TLS certificate: Issued by Entrust Certification Authority - L1K on January 9th 2024. Valid for: a year.
This is the only time staging.phonebenefit.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
13 208.30.33.201 40432 (CAMBRIDGE-NA)
14 2
Apex Domain
Subdomains		 Transfer
13 phonebenefit.com
staging.phonebenefit.com
1 MB
0 myfonts.net Failed
hello.myfonts.net Failed
14 2
Domain Requested by
13 staging.phonebenefit.com staging.phonebenefit.com
0 hello.myfonts.net Failed staging.phonebenefit.com
14 2

This site contains no links.

Subject Issuer Validity Valid
staging.phonebenefit.com
Entrust Certification Authority - L1K		 2024-01-09 -
2025-02-04		 a year crt.sh

This page contains 1 frames:

Primary Page: https://staging.phonebenefit.com/
Frame ID: 7CFB339F364D8218646334B0F85E21A9
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Card Benefits Home

Page URL History Show full URLs

  1. http://staging.phonebenefit.com/ HTTP 307
    https://staging.phonebenefit.com/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Page Statistics

14
Requests

93 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

1339 kB
Transfer

2107 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://staging.phonebenefit.com/ HTTP 307
    https://staging.phonebenefit.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
staging.phonebenefit.com/
Redirect Chain
  • http://staging.phonebenefit.com/
  • https://staging.phonebenefit.com/
31 KB
10 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://staging.phonebenefit.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
208.30.33.201 , United States, ASN40432 (CAMBRIDGE-NA, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
d30ab8d8bd83b02700eef36d9405b3e8d277f91e856e2c129d0dbcb564ea708f
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: 'unsafe-inline' 'unsafe-eval'
Public-Key-Pins pin-sha256='MHJYVThihUrJcxW6wcqyOISTXIsInsdj3xK8QrZbHec=';pin-sha256='isi41AizREkLvvft0IRW4u3XMFR2Yg7bvrF7padyCJg='; includeSubDomains
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cache-control
private,max-age=0
content-encoding
gzip
content-length
9175
content-security-policy
default-src 'self' data: 'unsafe-inline' 'unsafe-eval'
content-type
text/html; charset=utf-8
date
Tue, 08 Oct 2024 12:06:52 GMT
feature-policy
vibrate 'self'
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
public-key-pins
pin-sha256='MHJYVThihUrJcxW6wcqyOISTXIsInsdj3xK8QrZbHec=';pin-sha256='isi41AizREkLvvft0IRW4u3XMFR2Yg7bvrF7padyCJg='; includeSubDomains
referrer-policy
no-referrer
server
Microsoft-IIS/10.0
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
x-aspnet-version
4.0.30319
x-aspnetmvc-version
5.0
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-powered-by
ASP.NET
x-xss-protection
1; mode=block

Redirect headers

Location
https://staging.phonebenefit.com/
Non-Authoritative-Reason
HttpsUpgrades
bootstrap.min.css
staging.phonebenefit.com/Content/ 		312 KB
56 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://staging.phonebenefit.com/Content/bootstrap.min.css
Requested by
Host: staging.phonebenefit.com
URL: https://staging.phonebenefit.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
208.30.33.201 , United States, ASN40432 (CAMBRIDGE-NA, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
4aec4cfd42fa010c00ae691cd262488def228c871b646af0b5ee0aca285719a9
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: 'unsafe-inline' 'unsafe-eval'
Public-Key-Pins pin-sha256='MHJYVThihUrJcxW6wcqyOISTXIsInsdj3xK8QrZbHec=';pin-sha256='isi41AizREkLvvft0IRW4u3XMFR2Yg7bvrF7padyCJg='; includeSubDomains
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

content-encoding
gzip
etag
"2f5c9458e71da1:0"
x-content-type-options
nosniff
date
Tue, 08 Oct 2024 12:06:52 GMT
content-type
text/css
feature-policy
vibrate 'self'
vary
Accept-Encoding
last-modified
Fri, 08 Mar 2024 19:24:43 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src 'self' data: 'unsafe-inline' 'unsafe-eval'
cache-control
max-age=0
referrer-policy
no-referrer
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges
bytes
content-length
57171
x-xss-protection
1; mode=block
public-key-pins
pin-sha256='MHJYVThihUrJcxW6wcqyOISTXIsInsdj3xK8QrZbHec=';pin-sha256='isi41AizREkLvvft0IRW4u3XMFR2Yg7bvrF7padyCJg='; includeSubDomains
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
cssPhonebenefit
staging.phonebenefit.com/Content/ 		1 MB
955 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://staging.phonebenefit.com/Content/cssPhonebenefit?v=ljlhvRB_gaTx-oE55Jl0QGoVNK-NzV-Yow_LIAWrMY81
Requested by
Host: staging.phonebenefit.com
URL: https://staging.phonebenefit.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
208.30.33.201 , United States, ASN40432 (CAMBRIDGE-NA, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
06513a5293c5a9036d10bc02f578d1c132b83e1633c462ac2d5f365126cf136d
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: 'unsafe-inline' 'unsafe-eval'
Public-Key-Pins pin-sha256='MHJYVThihUrJcxW6wcqyOISTXIsInsdj3xK8QrZbHec=';pin-sha256='isi41AizREkLvvft0IRW4u3XMFR2Yg7bvrF7padyCJg='; includeSubDomains
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Wed, 08 Oct 2025 12:06:53 GMT
date
Tue, 08 Oct 2024 12:06:52 GMT
content-type
text/css; charset=utf-8
feature-policy
vibrate 'self'
vary
User-Agent,Accept-Encoding
last-modified
Tue, 08 Oct 2024 12:06:53 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src 'self' data: 'unsafe-inline' 'unsafe-eval'
cache-control
public,max-age=0
x-aspnet-version
4.0.30319
referrer-policy
no-referrer
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
x-xss-protection
1; mode=block
x-powered-by
ASP.NET
public-key-pins
pin-sha256='MHJYVThihUrJcxW6wcqyOISTXIsInsdj3xK8QrZbHec=';pin-sha256='isi41AizREkLvvft0IRW4u3XMFR2Yg7bvrF7padyCJg='; includeSubDomains
server
Microsoft-IIS/10.0
MainScripts
staging.phonebenefit.com/Scripts/ 		328 KB
121 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://staging.phonebenefit.com/Scripts/MainScripts?v=ycS1s_xYXhGSBL1rcEnfnlxb-DsSLb6cg68qCtt6D2E1
Requested by
Host: staging.phonebenefit.com
URL: https://staging.phonebenefit.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
208.30.33.201 , United States, ASN40432 (CAMBRIDGE-NA, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
02d0cf59d7cad83fd0697b804d606c5d318e9612836c975804c8abfd512123dc
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: 'unsafe-inline' 'unsafe-eval'
Public-Key-Pins pin-sha256='MHJYVThihUrJcxW6wcqyOISTXIsInsdj3xK8QrZbHec=';pin-sha256='isi41AizREkLvvft0IRW4u3XMFR2Yg7bvrF7padyCJg='; includeSubDomains
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Wed, 08 Oct 2025 12:06:53 GMT
date
Tue, 08 Oct 2024 12:06:52 GMT
content-type
text/javascript; charset=utf-8
feature-policy
vibrate 'self'
vary
User-Agent,Accept-Encoding
last-modified
Tue, 08 Oct 2024 12:06:53 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src 'self' data: 'unsafe-inline' 'unsafe-eval'
cache-control
public,max-age=0
x-aspnet-version
4.0.30319
referrer-policy
no-referrer
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
x-xss-protection
1; mode=block
x-powered-by
ASP.NET
public-key-pins
pin-sha256='MHJYVThihUrJcxW6wcqyOISTXIsInsdj3xK8QrZbHec=';pin-sha256='isi41AizREkLvvft0IRW4u3XMFR2Yg7bvrF7padyCJg='; includeSubDomains
server
Microsoft-IIS/10.0
logo-mastercard.png
staging.phonebenefit.com/images/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://staging.phonebenefit.com/images/logo-mastercard.png
Requested by
Host: staging.phonebenefit.com
URL: https://staging.phonebenefit.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
208.30.33.201 , United States, ASN40432 (CAMBRIDGE-NA, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
87acde4c55311c32304db8e253e3b32cd3baff9f3514b3df8cf9cb46835f9fb6
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: 'unsafe-inline' 'unsafe-eval'
Public-Key-Pins pin-sha256='MHJYVThihUrJcxW6wcqyOISTXIsInsdj3xK8QrZbHec=';pin-sha256='isi41AizREkLvvft0IRW4u3XMFR2Yg7bvrF7padyCJg='; includeSubDomains
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

etag
"c6173c9b7b86d81:0"
x-content-type-options
nosniff
date
Tue, 08 Oct 2024 12:06:52 GMT
content-type
image/png
feature-policy
vibrate 'self'
last-modified
Wed, 22 Jun 2022 21:04:05 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src 'self' data: 'unsafe-inline' 'unsafe-eval'
cache-control
max-age=0
referrer-policy
no-referrer
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges
bytes
content-length
5836
x-xss-protection
1; mode=block
public-key-pins
pin-sha256='MHJYVThihUrJcxW6wcqyOISTXIsInsdj3xK8QrZbHec=';pin-sha256='isi41AizREkLvvft0IRW4u3XMFR2Yg7bvrF7padyCJg='; includeSubDomains
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
banner.jpg
staging.phonebenefit.com/images/ 		50 KB
50 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://staging.phonebenefit.com/images/banner.jpg
Requested by
Host: staging.phonebenefit.com
URL: https://staging.phonebenefit.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
208.30.33.201 , United States, ASN40432 (CAMBRIDGE-NA, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
e7ea851bbba94ec9b18d688bf1de1e32178082b9ce24360ef7dfc4d4e01bd4a5
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: 'unsafe-inline' 'unsafe-eval'
Public-Key-Pins pin-sha256='MHJYVThihUrJcxW6wcqyOISTXIsInsdj3xK8QrZbHec=';pin-sha256='isi41AizREkLvvft0IRW4u3XMFR2Yg7bvrF7padyCJg='; includeSubDomains
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

etag
"6ee8af9a7b86d81:0"
x-content-type-options
nosniff
date
Tue, 08 Oct 2024 12:06:52 GMT
content-type
image/jpeg
feature-policy
vibrate 'self'
last-modified
Wed, 22 Jun 2022 21:04:04 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src 'self' data: 'unsafe-inline' 'unsafe-eval'
cache-control
max-age=0
referrer-policy
no-referrer
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges
bytes
content-length
50807
x-xss-protection
1; mode=block
public-key-pins
pin-sha256='MHJYVThihUrJcxW6wcqyOISTXIsInsdj3xK8QrZbHec=';pin-sha256='isi41AizREkLvvft0IRW4u3XMFR2Yg7bvrF7padyCJg='; includeSubDomains
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
CountryLandingPage.js
staging.phonebenefit.com/js/ 		16 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://staging.phonebenefit.com/js/CountryLandingPage.js
Requested by
Host: staging.phonebenefit.com
URL: https://staging.phonebenefit.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
208.30.33.201 , United States, ASN40432 (CAMBRIDGE-NA, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
289678e0c472e3e49913755c4489bffb11b59795226b7c5868a7e3bcbc3419fd
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: 'unsafe-inline' 'unsafe-eval'
Public-Key-Pins pin-sha256='MHJYVThihUrJcxW6wcqyOISTXIsInsdj3xK8QrZbHec=';pin-sha256='isi41AizREkLvvft0IRW4u3XMFR2Yg7bvrF7padyCJg='; includeSubDomains
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

content-encoding
gzip
etag
"663c9628e71da1:0"
x-content-type-options
nosniff
date
Tue, 08 Oct 2024 12:06:52 GMT
content-type
application/javascript
feature-policy
vibrate 'self'
vary
Accept-Encoding
last-modified
Fri, 08 Mar 2024 19:25:31 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src 'self' data: 'unsafe-inline' 'unsafe-eval'
cache-control
max-age=0
referrer-policy
no-referrer
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges
bytes
content-length
3622
x-xss-protection
1; mode=block
public-key-pins
pin-sha256='MHJYVThihUrJcxW6wcqyOISTXIsInsdj3xK8QrZbHec=';pin-sha256='isi41AizREkLvvft0IRW4u3XMFR2Yg7bvrF7padyCJg='; includeSubDomains
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
custom.js
staging.phonebenefit.com/Scripts/ 		10 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://staging.phonebenefit.com/Scripts/custom.js
Requested by
Host: staging.phonebenefit.com
URL: https://staging.phonebenefit.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
208.30.33.201 , United States, ASN40432 (CAMBRIDGE-NA, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
9930dd0c9370b1b4df39635fab2c7ca1af82e3d7480649d8b66a9577d5a7e448
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: 'unsafe-inline' 'unsafe-eval'
Public-Key-Pins pin-sha256='MHJYVThihUrJcxW6wcqyOISTXIsInsdj3xK8QrZbHec=';pin-sha256='isi41AizREkLvvft0IRW4u3XMFR2Yg7bvrF7padyCJg='; includeSubDomains
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

content-encoding
gzip
etag
"7c8ad478e71da1:0"
x-content-type-options
nosniff
date
Tue, 08 Oct 2024 12:06:52 GMT
content-type
application/javascript
feature-policy
vibrate 'self'
vary
Accept-Encoding
last-modified
Fri, 08 Mar 2024 19:24:45 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src 'self' data: 'unsafe-inline' 'unsafe-eval'
cache-control
max-age=0
referrer-policy
no-referrer
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges
bytes
content-length
3334
x-xss-protection
1; mode=block
public-key-pins
pin-sha256='MHJYVThihUrJcxW6wcqyOISTXIsInsdj3xK8QrZbHec=';pin-sha256='isi41AizREkLvvft0IRW4u3XMFR2Yg7bvrF7padyCJg='; includeSubDomains
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
CalenderBundle
staging.phonebenefit.com/Scripts/ 		93 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://staging.phonebenefit.com/Scripts/CalenderBundle?v=5W9a5V1LajaA0y7rs59vbkp1CDwpRiU488XszlQHZ9A1
Requested by
Host: staging.phonebenefit.com
URL: https://staging.phonebenefit.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
208.30.33.201 , United States, ASN40432 (CAMBRIDGE-NA, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
62271654e16769498e35daad8aa881060042d34f22d6f308d9d0e74405dab50f
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: 'unsafe-inline' 'unsafe-eval'
Public-Key-Pins pin-sha256='MHJYVThihUrJcxW6wcqyOISTXIsInsdj3xK8QrZbHec=';pin-sha256='isi41AizREkLvvft0IRW4u3XMFR2Yg7bvrF7padyCJg='; includeSubDomains
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Wed, 08 Oct 2025 12:06:53 GMT
date
Tue, 08 Oct 2024 12:06:53 GMT
content-type
text/javascript; charset=utf-8
feature-policy
vibrate 'self'
vary
User-Agent,Accept-Encoding
last-modified
Tue, 08 Oct 2024 12:06:53 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src 'self' data: 'unsafe-inline' 'unsafe-eval'
cache-control
public,max-age=0
x-aspnet-version
4.0.30319
referrer-policy
no-referrer
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
content-length
36267
x-xss-protection
1; mode=block
x-powered-by
ASP.NET
public-key-pins
pin-sha256='MHJYVThihUrJcxW6wcqyOISTXIsInsdj3xK8QrZbHec=';pin-sha256='isi41AizREkLvvft0IRW4u3XMFR2Yg7bvrF7padyCJg='; includeSubDomains
server
Microsoft-IIS/10.0
2f8e61
hello.myfonts.net/count/ 		0
0
truncated
/ 		20 KB
20 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
691643b7d13ca9a7865125b775cb0df8be4f91183d908e108c29725a62d7bc9a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://staging.phonebenefit.com
Referer

Response headers

Content-Type
application/font-woff2
truncated
/ 		20 KB
20 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a76b2e770fcb2af8fb6f49006f02b822923d6360b908038c5ac344b9d9e36976

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://staging.phonebenefit.com
Referer

Response headers

Content-Type
application/font-woff2
LoadBenefits
staging.phonebenefit.com/Home/ 		679 B
751 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://staging.phonebenefit.com/Home/LoadBenefits?cardType=&languageCode=&_=1728389213844
Requested by
Host: staging.phonebenefit.com
URL: https://staging.phonebenefit.com/Scripts/MainScripts?v=ycS1s_xYXhGSBL1rcEnfnlxb-DsSLb6cg68qCtt6D2E1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
208.30.33.201 , United States, ASN40432 (CAMBRIDGE-NA, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
294546d9c1bea8b10dbb9504d7a04aa85a51ef7aa5c13e5a55184cd78820d125
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: 'unsafe-inline' 'unsafe-eval'
Public-Key-Pins pin-sha256='MHJYVThihUrJcxW6wcqyOISTXIsInsdj3xK8QrZbHec=';pin-sha256='isi41AizREkLvvft0IRW4u3XMFR2Yg7bvrF7padyCJg='; includeSubDomains
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept
application/json, text/javascript, */*; q=0.01

Response headers

x-aspnetmvc-version
5.0
x-content-type-options
nosniff
date
Tue, 08 Oct 2024 12:06:53 GMT
content-type
application/json; charset=utf-8
feature-policy
vibrate 'self'
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src 'self' data: 'unsafe-inline' 'unsafe-eval'
cache-control
private,max-age=0
x-aspnet-version
4.0.30319
referrer-policy
no-referrer
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
content-length
679
x-xss-protection
1; mode=block
public-key-pins
pin-sha256='MHJYVThihUrJcxW6wcqyOISTXIsInsdj3xK8QrZbHec=';pin-sha256='isi41AizREkLvvft0IRW4u3XMFR2Yg7bvrF7padyCJg='; includeSubDomains
x-powered-by
ASP.NET
server
Microsoft-IIS/10.0
benefit-imgCPP.jpg
staging.phonebenefit.com/images/ 		27 KB
27 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://staging.phonebenefit.com/images/benefit-imgCPP.jpg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
208.30.33.201 , United States, ASN40432 (CAMBRIDGE-NA, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
4366cadfc6069f2b1cecd91b7ef56f868bbf3aa39f8913325345a7b613ff8c99
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: 'unsafe-inline' 'unsafe-eval'
Public-Key-Pins pin-sha256='MHJYVThihUrJcxW6wcqyOISTXIsInsdj3xK8QrZbHec=';pin-sha256='isi41AizREkLvvft0IRW4u3XMFR2Yg7bvrF7padyCJg='; includeSubDomains
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

etag
"c047c29a7b86d81:0"
x-content-type-options
nosniff
date
Tue, 08 Oct 2024 12:06:53 GMT
content-type
image/jpeg
feature-policy
vibrate 'self'
last-modified
Wed, 22 Jun 2022 21:04:04 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src 'self' data: 'unsafe-inline' 'unsafe-eval'
cache-control
max-age=0
referrer-policy
no-referrer
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges
bytes
content-length
27765
x-xss-protection
1; mode=block
public-key-pins
pin-sha256='MHJYVThihUrJcxW6wcqyOISTXIsInsdj3xK8QrZbHec=';pin-sha256='isi41AizREkLvvft0IRW4u3XMFR2Yg7bvrF7padyCJg='; includeSubDomains
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
SetVariable
staging.phonebenefit.com/SetSession/ 		16 B
64 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://staging.phonebenefit.com/SetSession/SetVariable
Requested by
Host: staging.phonebenefit.com
URL: https://staging.phonebenefit.com/Scripts/MainScripts?v=ycS1s_xYXhGSBL1rcEnfnlxb-DsSLb6cg68qCtt6D2E1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
208.30.33.201 , United States, ASN40432 (CAMBRIDGE-NA, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: 'unsafe-inline' 'unsafe-eval'
Public-Key-Pins pin-sha256='MHJYVThihUrJcxW6wcqyOISTXIsInsdj3xK8QrZbHec=';pin-sha256='isi41AizREkLvvft0IRW4u3XMFR2Yg7bvrF7padyCJg='; includeSubDomains
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept
*/*
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

x-aspnetmvc-version
5.0
x-content-type-options
nosniff
date
Tue, 08 Oct 2024 12:06:53 GMT
content-type
application/json; charset=utf-8
feature-policy
vibrate 'self'
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src 'self' data: 'unsafe-inline' 'unsafe-eval'
cache-control
private,max-age=0
x-aspnet-version
4.0.30319
referrer-policy
no-referrer
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
content-length
16
x-xss-protection
1; mode=block
public-key-pins
pin-sha256='MHJYVThihUrJcxW6wcqyOISTXIsInsdj3xK8QrZbHec=';pin-sha256='isi41AizREkLvvft0IRW4u3XMFR2Yg7bvrF7padyCJg='; includeSubDomains
x-powered-by
ASP.NET
server
Microsoft-IIS/10.0
favicon.ico
staging.phonebenefit.com/ 		31 KB
31 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://staging.phonebenefit.com/favicon.ico
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
208.30.33.201 , United States, ASN40432 (CAMBRIDGE-NA, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
a94f8a8553caea8430dd4ca3cc01d4e318d19828f74cb65453ffb7f5d9e2f44d
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: 'unsafe-inline' 'unsafe-eval'
Public-Key-Pins pin-sha256='MHJYVThihUrJcxW6wcqyOISTXIsInsdj3xK8QrZbHec=';pin-sha256='isi41AizREkLvvft0IRW4u3XMFR2Yg7bvrF7padyCJg='; includeSubDomains
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

etag
"5ea857987b86d81:0"
x-content-type-options
nosniff
date
Tue, 08 Oct 2024 12:06:53 GMT
content-type
image/x-icon
feature-policy
vibrate 'self'
last-modified
Wed, 22 Jun 2022 21:04:00 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src 'self' data: 'unsafe-inline' 'unsafe-eval'
cache-control
max-age=0
referrer-policy
no-referrer
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges
bytes
content-length
32038
x-xss-protection
1; mode=block
public-key-pins
pin-sha256='MHJYVThihUrJcxW6wcqyOISTXIsInsdj3xK8QrZbHec=';pin-sha256='isi41AizREkLvvft0IRW4u3XMFR2Yg7bvrF7padyCJg='; includeSubDomains
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
hello.myfonts.net
URL
https://hello.myfonts.net/count/2f8e61

Verdicts & Comments Add Verdict or Comment

90 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| CommonValidations function| RObj function| keypressHandler function| SlidePaging function| setHiddenDateELement function| clearTextboxUnknown function| uncheckCheckboxIfknow function| allowNumberOnly2 function| PhoneOnly function| PhoneNumber function| CheckclaimAmount function| NoGreaterLessThanForwardBackwordSlash function| NoGreaterLessThan function| getSelText function| ClearShift function| GetStateList function| setCountry function| NoNumbers function| onlyTabAllowed function| FormatDecimal function| clearTextbox function| setMaxLengths function| EnableAllControls function| HTMLDecode function| limitText function| update_counter function| clearValidateErrorClass function| phoneTypeEnableDisable function| setPostalFormatHint function| amountValidation function| changeDateFormat function| LoadSpinner function| allowAlphabetsOnly function| allowValidPhoneNumberOnly object| sTimer function| InitializeTimer function| settimerFun function| sExpired string| requiredMessage string| substrings function| getValidationLabel function| changeCaseForSpecialWords function| setFocus function| allowNumberOnly function| Addparty function| AddValidationRulesForOtherParties function| ResetTabIndex function| initializeOtherparties function| ShowPartiesInfo function| AddPartyOnSave function| AllowAlphaNumericOnly function| getValidClaimStatusLabel object| MCMasterScript function| MCMaster function| $ function| jQuery number| uidEvent object| bootstrap function| Spinner object| toastr function| noBack string| BenefitListMarkUp function| LoadBenefits function| DisableHyperLinks function| LoadCurousel function| DisplayBenefit function| LACBenefitsListMobile function| SlidePages function| PhoneBenefitsListMobile function| callbackPopMessage function| moment function| closeIcModal string| controllerName string| actionName string| currentHost function| logoclick function| DoNavigation function| LanguageSelected string| hosturl function| onLacMenuClick function| onGlossaryClick function| onContactUSClick function| onWTFClick function| showoverlay function| hideoverlay function| appendoverlay function| attachoverlayevents object| t string| languageCode number| k

1 Cookies

Domain/Path Name / Value
staging.phonebenefit.com/ Name: ASP.NET_SessionId
Value: j410bszwmblikqcccusgpqxh

2 Console Messages

Source Level URL
Text
security warning
Message:
Error with Feature-Policy header: Unrecognized feature: 'vibrate'.
security error URL: https://staging.phonebenefit.com/
Message:
Refused to load the stylesheet 'https://hello.myfonts.net/count/2f8e61' because it violates the following Content Security Policy directive: "default-src 'self' data: 'unsafe-inline' 'unsafe-eval'". Note that 'style-src-elem' was not explicitly set, so 'default-src' is used as a fallback.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' data: 'unsafe-inline' 'unsafe-eval'
Public-Key-Pins pin-sha256='MHJYVThihUrJcxW6wcqyOISTXIsInsdj3xK8QrZbHec=';pin-sha256='isi41AizREkLvvft0IRW4u3XMFR2Yg7bvrF7padyCJg='; includeSubDomains
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block