urlscan.io logo urlscan.io
SecurityTrails logo

nationwidesavingsandbenefits.com Open in urlscan Pro
35.240.1.10  Public Scan

Go To Rescan Add Verdict Report
URL: https://nationwidesavingsandbenefits.com/
Submission: On July 21 via automatic, source certstream-suspicious — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 8 IPs in 3 countries across 6 domains to perform 17 HTTP transactions. The main IP is 35.240.1.10, located in Brussels, Belgium and belongs to GOOGLE-CLOUD-PLATFORM, US. The main domain is nationwidesavingsandbenefits.com.
TLS certificate: Issued by R10 on July 21st 2024. Valid for: 3 months.
This is the only time nationwidesavingsandbenefits.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 3 35.240.1.10 396982 (GOOGLE-CL...)
1 2a00:1450:400... 15169 (GOOGLE)
7 169.150.247.33 60068 (CDN77 _)
1 2600:9000:25e... 16509 (AMAZON-02)
2 2a00:1450:400... 15169 (GOOGLE)
1 54.209.40.92 14618 (AMAZON-AES)
1 2a04:4e42:400... 54113 (FASTLY)
2 3.89.0.249 14618 (AMAZON-AES)
17 8
3    35.240.1.10 (Brussels, Belgium)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 10.1.240.35.bc.googleusercontent.com
nationwidesavingsandbenefits.com
1    2a00:1450:4001:830::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
7    169.150.247.33 (Frankfurt am Main, Germany)

ASN60068 (CDN77 _, GB)
PTR: 169-150-247-33.bunnyinfra.net
cdn.convertri.com
1    2600:9000:25e8:3a00:11:8138:9040:93a1 (United States)

ASN16509 (AMAZON-02, US)
dist.routingapi.com
2    2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
1    54.209.40.92 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-209-40-92.compute-1.amazonaws.com
snowplow.convertri.com
1    2a04:4e42:400::720 (United States)

ASN54113 (FASTLY, US)
convertri.imgix.net
2    3.89.0.249 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-89-0-249.compute-1.amazonaws.com
api.routingapi.com
Apex Domain
Subdomains		 Transfer
8 convertri.com
cdn.convertri.com — Cisco Umbrella Rank: 206320
snowplow.convertri.com — Cisco Umbrella Rank: 217524
203 KB
3 routingapi.com
dist.routingapi.com — Cisco Umbrella Rank: 688545
api.routingapi.com — Cisco Umbrella Rank: 478999
9 KB
3 nationwidesavingsandbenefits.com
nationwidesavingsandbenefits.com
42 KB
2 gstatic.com
fonts.gstatic.com
41 KB
1 imgix.net
convertri.imgix.net — Cisco Umbrella Rank: 223426
15 KB
1 googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 641
31 KB
17 6
Domain Requested by
7 cdn.convertri.com nationwidesavingsandbenefits.com
3 nationwidesavingsandbenefits.com 1 redirects nationwidesavingsandbenefits.com
2 api.routingapi.com dist.routingapi.com
2 fonts.gstatic.com nationwidesavingsandbenefits.com
1 convertri.imgix.net nationwidesavingsandbenefits.com
1 snowplow.convertri.com nationwidesavingsandbenefits.com
1 dist.routingapi.com nationwidesavingsandbenefits.com
1 ajax.googleapis.com nationwidesavingsandbenefits.com
17 8

This site contains links to these domains. Also see Links.

Domain
homesavingspros.com
lifesavingsinfo.com
www.healthreformbeyondthebasics.org
app.convertri.com
Subject Issuer Validity Valid
nationwidesavingsandbenefits.com
R10		 2024-07-21 -
2024-10-19		 3 months crt.sh
upload.video.google.com
WR2		 2024-06-24 -
2024-09-16		 3 months crt.sh
cdn.convertri.com
R10		 2024-06-28 -
2024-09-26		 3 months crt.sh
dist.routingapi.com
Amazon RSA 2048 M02		 2024-01-23 -
2025-02-19		 a year crt.sh
*.gstatic.com
WR2		 2024-06-24 -
2024-09-16		 3 months crt.sh
snowplow.convertri.com
Amazon RSA 2048 M02		 2023-12-27 -
2025-01-25		 a year crt.sh
*.imgix.com
GlobalSign Atlas R3 DV TLS CA 2023 Q4		 2023-12-07 -
2025-01-07		 a year crt.sh
api.routingapi.com
Amazon RSA 2048 M03		 2024-01-14 -
2025-02-10		 a year crt.sh

This page contains 1 frames:

Primary Page: https://nationwidesavingsandbenefits.com/
Frame ID: 9047F4A937C2F4E944653A3E665EE017
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

ACA6

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

17
Requests

94 %
HTTPS

50 %
IPv6

6
Domains

8
Subdomains

8
IPs

3
Countries

341 kB
Transfer

884 kB
Size

3
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 15
  • https://nationwidesavingsandbenefits.com/favicon.ico HTTP 307
  • https://cdn.convertri.com/favicon.ico

17 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
nationwidesavingsandbenefits.com/ 		131 KB
21 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://nationwidesavingsandbenefits.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.240.1.10 Brussels, Belgium, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
10.1.240.35.bc.googleusercontent.com
Software
/
Resource Hash
52a4a71ccb127c457202ff4248529525334c209ce8a9d9e35053201960583846

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-encoding
gzip
content-type
text/html; charset=utf-8
date
Sun, 21 Jul 2024 15:01:11 GMT
vary
Accept-Encoding
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.5.1/ 		87 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js
Requested by
Host: nationwidesavingsandbenefits.com
URL: https://nationwidesavingsandbenefits.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://nationwidesavingsandbenefits.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Tue, 16 Jul 2024 09:18:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
452563
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
31021
x-xss-protection
0
last-modified
Fri, 08 May 2020 07:05:03 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 16 Jul 2025 09:18:28 GMT
desktop.png
cdn.convertri.com/img/powered-by-badge/v1/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.convertri.com/img/powered-by-badge/v1/desktop.png
Requested by
Host: nationwidesavingsandbenefits.com
URL: https://nationwidesavingsandbenefits.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
169.150.247.33 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
169-150-247-33.bunnyinfra.net
Software
BunnyCDN-DE1-1076 /
Resource Hash
46d2194497a850b9e8fad211181d62176c6eb8186bcc82dd4459d1a6f54b5e6a

Request headers

Referer
https://nationwidesavingsandbenefits.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Sun, 21 Jul 2024 15:01:11 GMT
x-downloadsize
2664
cdn-edgestorageid
860
x-bo-processingtime
0
cdn-cachedat
07/16/2024 09:53:46
cdn-pullzone
408079
x-bo-server
ASB-196
last-modified
Tue, 16 Jul 2024 09:53:43 GMT
server
BunnyCDN-DE1-1076
cdn-requestpullcode
200
cdn-proxyver
1.04
x-bo-origindownloadtime
56
content-type
image/png
cdn-cache
HIT
cdn-uid
aa1ac425-1b79-4cdb-bd61-f1990cecd40e
cache-control
public, max-age=2592000
cdn-requestid
0aac95bfda77c69068f40a372ec055b8
cdn-requestcountrycode
DE
cdn-status
200
cdn-requestpullsuccess
True
mobile.jpg
cdn.convertri.com/img/powered-by-badge/v1/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.convertri.com/img/powered-by-badge/v1/mobile.jpg
Requested by
Host: nationwidesavingsandbenefits.com
URL: https://nationwidesavingsandbenefits.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
169.150.247.33 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
169-150-247-33.bunnyinfra.net
Software
BunnyCDN-DE1-1076 /
Resource Hash
bdf23e805d067c111468eb60b30c02995327a58b05255d683e71641d0685afa5

Request headers

Referer
https://nationwidesavingsandbenefits.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Sun, 21 Jul 2024 15:01:11 GMT
x-downloadsize
2010
cdn-edgestorageid
1075
x-bo-processingtime
0
cdn-cachedat
07/16/2024 09:53:46
cdn-pullzone
408079
content-length
1899
x-bo-server
ASB-206
last-modified
Tue, 16 Jul 2024 09:53:43 GMT
server
BunnyCDN-DE1-1076
cdn-proxyver
1.04
cdn-requestpullcode
200
x-bo-origindownloadtime
86
content-type
image/jpeg
cdn-cache
HIT
cdn-uid
aa1ac425-1b79-4cdb-bd61-f1990cecd40e
cache-control
public, max-age=2592000
x-bo-compressionratio
5.52%
cdn-requestid
6fc294386af6008a421f2ad2b5f710f2
cdn-requestcountrycode
DE
cdn-status
200
cdn-requestpullsuccess
True
jquery-1.12.2.min.js
cdn.convertri.com/ 		393 KB
115 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.convertri.com/jquery-1.12.2.min.js?v=2024-04-23-08-57-07
Requested by
Host: nationwidesavingsandbenefits.com
URL: https://nationwidesavingsandbenefits.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
169.150.247.33 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
169-150-247-33.bunnyinfra.net
Software
BunnyCDN-DE1-1076 /
Resource Hash
592e43252d016f384776187b747facf1b631dc566ef55bb22dc511da4c0d0f3d

Request headers

Referer
https://nationwidesavingsandbenefits.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Sun, 21 Jul 2024 15:01:11 GMT
content-encoding
br
cdn-edgestorageid
1049
x-amz-request-id
E2MDY319SV1FR688
x-amz-server-side-encryption
AES256
cdn-cachedat
07/16/2024 09:53:45
cdn-pullzone
408079
x-amz-id-2
EubgGDebAtWUZv4nDSWBHnYnonbjwBORu9E5DyL1VJ87/ycmgd2ND7Z5TGRSW9UMujXVwIxdMdc=
last-modified
Tue, 16 Jul 2024 09:53:21 GMT
server
BunnyCDN-DE1-1076
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
W/"a16a0a6a2c16739e47632f5cd41c29f8"
vary
Accept-Encoding
content-type
text/javascript
cdn-cache
HIT
cdn-uid
aa1ac425-1b79-4cdb-bd61-f1990cecd40e
cache-control
max-age=604800
cdn-requestid
a227f019f0c8951300c995a7ad052bfb
cdn-requestcountrycode
DE
cdn-status
200
cdn-requestpullsuccess
True
retreaver.min.js
dist.routingapi.com/jsapi/v1/ 		23 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dist.routingapi.com/jsapi/v1/retreaver.min.js
Requested by
Host: nationwidesavingsandbenefits.com
URL: https://nationwidesavingsandbenefits.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:25e8:3a00:11:8138:9040:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
afbf8984c3d6e653a8293e9858f16b353f6555616050a6bdb0c2eea69bac0d75

Request headers

Referer
https://nationwidesavingsandbenefits.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Sun, 21 Jul 2024 05:04:00 GMT
content-encoding
gzip
via
1.1 c00e79984dfec6a6601fb861a1d8d5e8.cloudfront.net (CloudFront)
last-modified
Tue, 16 Jul 2024 06:31:58 GMT
server
nginx/1.18.0 (Ubuntu)
x-amz-cf-pop
AMS1-P3
age
35831
etag
W/"669613de-5d48"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
x-amz-cf-id
nmIgOqAkncJoWrc-hW1qOyjkOzFlVqXDdiXWB93cFY-TpXqNIjf_rg==
open-sans-700.ttf
cdn.convertri.com/font/ 		35 KB
36 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdn.convertri.com/font/open-sans-700.ttf
Requested by
Host: nationwidesavingsandbenefits.com
URL: https://nationwidesavingsandbenefits.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
169.150.247.33 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
169-150-247-33.bunnyinfra.net
Software
BunnyCDN-DE1-1076 /
Resource Hash
79431c33f2330eccac17fdd2aa229c0ce43b9db9c7bec3031178e68a004331e2

Request headers

Referer
https://nationwidesavingsandbenefits.com/
Origin
https://nationwidesavingsandbenefits.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Sun, 21 Jul 2024 15:01:11 GMT
cdn-edgestorageid
755
x-amz-request-id
11GK53V44BSPHYRY
cdn-cachedat
07/16/2024 09:53:36
cdn-pullzone
408079
content-length
35924
x-amz-id-2
1WNZ/hZDF2KcQa3tYfAmOykYplCI2yRG05Ai+2gd/Q48D/o+CQXopELN3umEt3kEuH+sTKREc4M=
last-modified
Sat, 23 Jul 2016 08:57:46 GMT
server
BunnyCDN-DE1-1076
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
"bdafb9df42d16395dd5d87d12a74ea3f"
access-control-allow-methods
GET, HEAD, PUT, POST, DELETE
content-type
application/octet-stream
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
aa1ac425-1b79-4cdb-bd61-f1990cecd40e
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
max-age=31536000
cdn-requestid
efa33bb9d4e86e372f61cb9415ac6d30
accept-ranges
bytes
cdn-requestcountrycode
DE
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status
200
cdn-requestpullsuccess
True
KFOlCnqEu92Fr1MmWUlfBBc9.ttf
fonts.gstatic.com/s/roboto/v30/ 		35 KB
20 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc9.ttf
Requested by
Host: nationwidesavingsandbenefits.com
URL: https://nationwidesavingsandbenefits.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8a9a74f4455f392ec3e7499cfda6097b536bb4b7f1e529a079c3d953c08b54ca
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://nationwidesavingsandbenefits.com/
Origin
https://nationwidesavingsandbenefits.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Sun, 21 Jul 2024 13:44:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
4597
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20828
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:45 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
vary
Accept-Encoding
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/ttf
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Mon, 21 Jul 2025 13:44:34 GMT
KFOmCnqEu92Fr1Mu4mxP.ttf
fonts.gstatic.com/s/roboto/v30/ 		35 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxP.ttf
Requested by
Host: nationwidesavingsandbenefits.com
URL: https://nationwidesavingsandbenefits.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a9ef021078603005c0b08fba881f1a7eb62ef213238021f3e8a4a00daa60b9d6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://nationwidesavingsandbenefits.com/
Origin
https://nationwidesavingsandbenefits.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Sun, 21 Jul 2024 10:25:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
16542
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20776
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:42 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
vary
Accept-Encoding
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/ttf
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Mon, 21 Jul 2025 10:25:29 GMT
open-sans-400.ttf
cdn.convertri.com/font/ 		33 KB
34 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdn.convertri.com/font/open-sans-400.ttf
Requested by
Host: nationwidesavingsandbenefits.com
URL: https://nationwidesavingsandbenefits.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
169.150.247.33 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
169-150-247-33.bunnyinfra.net
Software
BunnyCDN-DE1-1076 /
Resource Hash
24b337181983cb1cff33d2bacf608a0568be59b83e505e26c8597cea5d2171c4

Request headers

Referer
https://nationwidesavingsandbenefits.com/
Origin
https://nationwidesavingsandbenefits.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Sun, 21 Jul 2024 15:01:11 GMT
cdn-edgestorageid
864
x-amz-request-id
11GTWF5MK0Q98R38
cdn-cachedat
07/16/2024 09:53:36
cdn-pullzone
408079
content-length
34156
x-amz-id-2
d49GwyZgHzR9W324IAWxyzoO4dlFXtrbo+hWFoAa13e79fNnORRB0UZZ6DEF9T4i5f3+IYtzeM4=
last-modified
Sat, 23 Jul 2016 08:57:13 GMT
server
BunnyCDN-DE1-1076
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
"953de7bafd9fdbf41ea443aacabe2706"
content-type
application/octet-stream
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
aa1ac425-1b79-4cdb-bd61-f1990cecd40e
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
max-age=31536000
cdn-requestid
03b623030f49af7c973469b547bb78e6
accept-ranges
bytes
cdn-requestcountrycode
DE
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status
200
cdn-requestpullsuccess
True
cdn.min.css
cdn.convertri.com/ 		67 KB
9 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.convertri.com/cdn.min.css?v=2024-04-23-08-57-07
Requested by
Host: nationwidesavingsandbenefits.com
URL: https://nationwidesavingsandbenefits.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
169.150.247.33 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
169-150-247-33.bunnyinfra.net
Software
BunnyCDN-DE1-1076 /
Resource Hash
4a9e5fa6d886f98d64d71b026e6e5fe57a3c207da288bbb63ee8a19803ec09f6

Request headers

Referer
https://nationwidesavingsandbenefits.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Sun, 21 Jul 2024 15:01:11 GMT
content-encoding
br
cdn-edgestorageid
723
x-amz-request-id
E2M4C0DA7K0H9T9S
x-amz-server-side-encryption
AES256
cdn-cachedat
07/16/2024 09:53:46
cdn-pullzone
408079
x-amz-id-2
Lu42kpC60tcGFZqUIwwZKx9KWaB52OcnXs+w9Vp9tDUgFhGUYGZuCqA56MNoKmIMeSj6b0YWm4M=
last-modified
Tue, 16 Jul 2024 09:53:26 GMT
server
BunnyCDN-DE1-1076
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
W/"91bf7fad9eda26930ae8c633102e65e0"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
aa1ac425-1b79-4cdb-bd61-f1990cecd40e
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
max-age=604800
cdn-requestid
d82f4c8cb0fee0dff8e3808842fdf664
cdn-requestcountrycode
DE
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status
200
cdn-requestpullsuccess
True
i
snowplow.convertri.com/ 		43 B
337 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snowplow.convertri.com/i?stm=1721574071948&e=pv&url=https%3A%2F%2Fnationwidesavingsandbenefits.com%2F&page=ACA6&tv=js-2.7.0&tna=cvt-cookies-enabled&aid=cvt&p=web&tz=Europe%2FBerlin&lang=de-DE&cs=UTF-8&f_pdf=1&f_qt=0&f_realp=0&f_wma=0&f_dir=0&f_fla=0&f_java=0&f_gears=0&f_ag=0&res=1600x1200&cd=24&cookie=1&eid=aeb4571a-5edd-411d-a3ad-c2bf8c32e317&dtm=1721574071948&vp=1600x1200&ds=1600x2411&vid=1&sid=f5dadc34-7e7b-468c-9f07-ec267d3d0dca&duid=a6775bc1-0473-4b8b-8a26-cd6c61822f41&fp=2356428178
Requested by
Host: nationwidesavingsandbenefits.com
URL: https://nationwidesavingsandbenefits.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.209.40.92 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-209-40-92.compute-1.amazonaws.com
Software
spray-can/1.3.3 /
Resource Hash
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Request headers

Referer
https://nationwidesavingsandbenefits.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-origin
*
date
Sun, 21 Jul 2024 15:01:12 GMT
access-control-allow-credentials
true
content-type
image/gif
server
spray-can/1.3.3
content-length
43
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
/
nationwidesavingsandbenefits.com/ 		21 KB
21 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://nationwidesavingsandbenefits.com/?auto=compress,format&fit=scale&w=483&h=356
Requested by
Host: nationwidesavingsandbenefits.com
URL: https://nationwidesavingsandbenefits.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.240.1.10 Brussels, Belgium, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
10.1.240.35.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://nationwidesavingsandbenefits.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Sun, 21 Jul 2024 15:01:11 GMT
content-encoding
gzip
vary
Accept-Encoding
content-type
text/html; charset=utf-8
1ffc0edb-b971-11eb-abef-0697e5ca793e%2Fb88a60558ad0c390972a40303adad1d7d2a057da%2Fhappy.jpeg
convertri.imgix.net/ 		14 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://convertri.imgix.net/1ffc0edb-b971-11eb-abef-0697e5ca793e%2Fb88a60558ad0c390972a40303adad1d7d2a057da%2Fhappy.jpeg?auto=compress,format&fit=scale&w=519&h=346
Requested by
Host: nationwidesavingsandbenefits.com
URL: https://nationwidesavingsandbenefits.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::720 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
imgix /
Resource Hash
c5be71159aea3d3765d57fc61ab663ec8bf2f0b6dc579e6fc6e18164880bfcee
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://nationwidesavingsandbenefits.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Sun, 21 Jul 2024 15:01:12 GMT
x-content-type-options
nosniff
age
131376
x-cache
HIT, MISS
x-imgix-id
20af5b0a4ca44a24e4fc440d9fdd8cbb0f0fb6e8
cross-origin-resource-policy
cross-origin
content-length
14801
x-served-by
cache-sjc10055-SJC, cache-fra-etou8220067-FRA
last-modified
Sat, 20 Jul 2024 02:31:36 GMT
server
imgix
vary
Accept, User-Agent
content-type
image/avif
access-control-allow-origin
*
cache-control
public, max-age=2419200
accept-ranges
bytes
timing-allow-origin
*
numbers
api.routingapi.com/api/v1/ 		34 B
733 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.routingapi.com/api/v1/numbers?&campaign_key=00ab180e0eff15403a5a06a45bd490c5
Requested by
Host: dist.routingapi.com
URL: https://dist.routingapi.com/jsapi/v1/retreaver.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.89.0.249 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-89-0-249.compute-1.amazonaws.com
Software
nginx/1.18.0 + Phusion Passenger(R) 6.0.17 / Phusion Passenger(R) Enterprise 6.0.17
Resource Hash
cb110cd562f9cdad78722a9a34db894fc8c3b06f2b4197d2925abc9b26e6e367
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options ALLOWALL
X-Xss-Protection 0

Request headers

Referer
https://nationwidesavingsandbenefits.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
application/json

Response headers

date
Sun, 21 Jul 2024 15:01:12 GMT
strict-transport-security
max-age=63072000; includeSubDomains
x-content-type-options
nosniff
x-permitted-cross-domain-policies
none
x-powered-by
Phusion Passenger(R) Enterprise 6.0.17
status
200 OK
x-xss-protection
0
x-request-id
793ed391-7790-4e2a-9460-de586437f4ac
x-runtime
0.071815
referrer-policy
strict-origin-when-cross-origin
server
nginx/1.18.0 + Phusion Passenger(R) 6.0.17
etag
W/"cb110cd562f9cdad78722a9a34db894f"
x-download-options
noopen
vary
Origin
access-control-max-age
1728000
content-type
application/json; charset=utf-8
access-control-allow-origin
https://nationwidesavingsandbenefits.com
access-control-allow-methods
GET, POST, OPTIONS
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
x-frame-options
ALLOWALL
numbers
api.routingapi.com/api/v1/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.routingapi.com/api/v1/numbers?&campaign_key=00ab180e0eff15403a5a06a45bd490c5
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.89.0.249 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-89-0-249.compute-1.amazonaws.com
Software
nginx/1.18.0 + Phusion Passenger(R) 6.0.17 / Phusion Passenger(R) Enterprise 6.0.17
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://nationwidesavingsandbenefits.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://nationwidesavingsandbenefits.com
access-control-max-age
1728000
cache-control
no-cache
content-type
text/plain
date
Sun, 21 Jul 2024 15:01:12 GMT
server
nginx/1.18.0 + Phusion Passenger(R) 6.0.17
status
200 OK
strict-transport-security
max-age=63072000; includeSubDomains
x-powered-by
Phusion Passenger(R) Enterprise 6.0.17
x-request-id
ec755a16-75b7-4995-9fff-04601d93caf0
x-runtime
0.001114
favicon.ico
cdn.convertri.com/
Redirect Chain
  • https://nationwidesavingsandbenefits.com/favicon.ico
  • https://cdn.convertri.com/favicon.ico
2 KB
3 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://cdn.convertri.com/favicon.ico
Protocol
H2
Server
169.150.247.33 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
169-150-247-33.bunnyinfra.net
Software
BunnyCDN-DE1-1076 /
Resource Hash
c79c14bf58a56fb450588a775ea6e0b231f4c8f6977c6334b650795162e14e79

Request headers

Referer
https://nationwidesavingsandbenefits.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Sun, 21 Jul 2024 15:01:12 GMT
cdn-edgestorageid
1078
x-amz-request-id
11GV4Z0695RCXBC5
cdn-cachedat
07/16/2024 09:53:40
cdn-pullzone
408079
content-length
2425
x-amz-id-2
jM5O/W8SfIQwhJtEUMH83wCoEc0UQ4OV+l6XRuUBoD9sEH8QR6Nv95Z+NEB9F1vD37guWcdn0Ig=
last-modified
Tue, 11 Sep 2018 10:57:55 GMT
server
BunnyCDN-DE1-1076
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
"542a6c950dc11dfdcc8262df4185b767"
content-type
image/png
cdn-cache
HIT
cdn-uid
aa1ac425-1b79-4cdb-bd61-f1990cecd40e
cache-control
max-age=604800
cdn-requestid
d1f83925114a8eb6027995e8860edb88
accept-ranges
bytes
cdn-requestcountrycode
DE
cdn-status
200
cdn-requestpullsuccess
True

Redirect headers

location
https://cdn.convertri.com/favicon.ico
date
Sun, 21 Jul 2024 15:01:12 GMT
content-length
73
vary
Accept-Encoding
content-type
text/html; charset=utf-8

Verdicts & Comments Add Verdict or Comment

85 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentClassList object| CONVERTRI_CONSTANTS object| convertriParameters object| warningMessages object| submitMessages object| dataLayer object| ConvertriScriptConsent function| $ function| jQuery function| waitingInfo function| countdown string| _cvt_gsi function| needsJQuery function| convertriLoadDeferredStyles function| raf function| manageIframesState object| UrlUtils function| CheckoutValidationErrorRenderer function| AnalyticsUtils function| ClickAnalyticsEventBuilder function| OpenCheckoutAnalyticsEventBuilder function| PurchaseAnalyticsEventBuilder function| PurchaseAnalyticsLegacyEventBuilder function| SubmitFormAnalyticsEventBuilder function| GmtDataLayerTracker function| AnalyticsEvent function| ClickAnalyticsEvent function| OpenCheckoutAnalyticsEvent function| PurchaseAnalyticsLegacyEvent function| PurchaseAnalyticsEvent function| SubmitFormAnalyticsEvent function| convertriCheckoutApiFactory function| convertriFormApiFactory function| convertriCheckoutFormApiFactory function| convertriCheckoutFormValidatorFactory function| jQueryToPromise function| orderDataFactory function| PaypalBasePaymentButton function| PaypalException function| PaypalOneTimePaymentButtonConfigFactory function| PaypalOneTimePaymentButton function| convertToPaypalOrder function| PaypalButtonConfigFactory function| PaypalSubscriptionButtonConfigFactory function| PaypalSubscriptionButton function| ShippingZonesHelper function| StripeElements function| CheckoutModalCustomValidatorFactory function| uniqueSelector function| visibilityChanged function| yall object| ConvertriCheckoutCurrencies object| ConvertriCheckoutEvents object| ConvertriCheckoutModalEvents object| ConvertriProductSelectionModalEvents function| ConvertriAnalytics object| CheckoutCoupons object| ConvertriAbandonedCartHandler object| ConvertriCheckoutController object| formWidgetCartInfo object| BlankFormValidator object| CheckoutHelpers object| PromiseHelpers object| ConvertriCheckoutPaymentDetailsForm object| ConvertriCheckoutModal object| ConvertriPreCheckoutProductSelection object| ConvertriCheckoutModalRenderer object| ConvertriCheckoutModalPreviewRenderer object| MobileDetector object| QueryArgBag function| ViewportResizer object| GlobalSnowplowNamespace function| ConvertriAnalyticsSnowplow function| Cookies object| doT function| ES6Promise object| Snowplow function| UAParser object| fbEventInfo object| fbPixelProxy function| getPresentCoupon function| handleCheckoutResponse object| jQuery112207999867921898931 object| Retreaver object| Callpixels

3 Cookies

Domain/Path Name / Value
nationwidesavingsandbenefits.com/ Name: _sp_ses.4fdb
Value: *
nationwidesavingsandbenefits.com/ Name: _sp_id.4fdb
Value: a6775bc1-0473-4b8b-8a26-cd6c61822f41.1721574072.1.1721574072.1721574072.f5dadc34-7e7b-468c-9f07-ec267d3d0dca
nationwidesavingsandbenefits.com/ Name: CallPixels-ou
Value: aHR0cHM6Ly9uYXRpb253aWRlc2F2aW5nc2FuZGJlbmVmaXRzLmNvbS8=

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
api.routingapi.com
cdn.convertri.com
convertri.imgix.net
dist.routingapi.com
fonts.gstatic.com
nationwidesavingsandbenefits.com
snowplow.convertri.com
169.150.247.33
2600:9000:25e8:3a00:11:8138:9040:93a1
2a00:1450:4001:80f::2003
2a00:1450:4001:830::200a
2a04:4e42:400::720
3.89.0.249
35.240.1.10
54.209.40.92
24b337181983cb1cff33d2bacf608a0568be59b83e505e26c8597cea5d2171c4
46d2194497a850b9e8fad211181d62176c6eb8186bcc82dd4459d1a6f54b5e6a
4a9e5fa6d886f98d64d71b026e6e5fe57a3c207da288bbb63ee8a19803ec09f6
52a4a71ccb127c457202ff4248529525334c209ce8a9d9e35053201960583846
592e43252d016f384776187b747facf1b631dc566ef55bb22dc511da4c0d0f3d
79431c33f2330eccac17fdd2aa229c0ce43b9db9c7bec3031178e68a004331e2
8a9a74f4455f392ec3e7499cfda6097b536bb4b7f1e529a079c3d953c08b54ca
a9ef021078603005c0b08fba881f1a7eb62ef213238021f3e8a4a00daa60b9d6
afbf8984c3d6e653a8293e9858f16b353f6555616050a6bdb0c2eea69bac0d75
bdf23e805d067c111468eb60b30c02995327a58b05255d683e71641d0685afa5
c5be71159aea3d3765d57fc61ab663ec8bf2f0b6dc579e6fc6e18164880bfcee
c79c14bf58a56fb450588a775ea6e0b231f4c8f6977c6334b650795162e14e79
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
cb110cd562f9cdad78722a9a34db894fc8c3b06f2b4197d2925abc9b26e6e367
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d