nd.benefitplace.com Open in urlscan Pro
74.213.141.44 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://foryounorthdakota.com/
Effective URL:
https://nd.benefitplace.com/welcome/nd.html
Submission: On May 13 via manual (May 13th 2020, 1:50:26 pm UTC) from US

Summary HTTP 13 Redirects Links 6 Behaviour Indicators

Summary

This website contacted 6 IPs in 3 countries across 6 domains to perform 13 HTTP transactions. The main IP is 74.213.141.44, located in United States and belongs to AS-TIERP-7349, US. The main domain is nd.benefitplace.com.
TLS certificate: Issued by DigiCert SHA2 Secure Server CA on April 2nd 2020. Valid for: 2 years.

This is the only time nd.benefitplace.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 4	74.213.141.44 74.213.141.44	7349 (AS-TIERP-...) (AS-TIERP-7349)
1	2a00:1450:400... 2a00:1450:4001:81d::2008	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:817::200e	15169 (GOOGLE) (GOOGLE)
2	74.213.141.79 74.213.141.79	7349 (AS-TIERP-...) (AS-TIERP-7349)
4	2a02:26f0:6c0... 2a02:26f0:6c00::210:ba2a	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a02:26f0:10:... 2a02:26f0:10:292::19fd	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
13	6

4 74.213.141.44 (United States) 1 redirects

ASN7349 (AS-TIERP-7349, US)
PTR: companionquickenroll.com

foryounorthdakota.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
nd.benefitplace.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81d::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:817::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 74.213.141.79 (United States)

ASN7349 (AS-TIERP-7349, US)

wsreporting.benefitfocus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:26f0:6c00::210:ba2a (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)

use.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:10:292::19fd (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)

p.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	typekit.net use.typekit.net p.typekit.net	115 KB
3	benefitplace.com nd.benefitplace.com	831 KB
2	benefitfocus.com wsreporting.benefitfocus.com	68 KB
2	google-analytics.com www.google-analytics.com	19 KB
1	googletagmanager.com www.googletagmanager.com	23 KB
1	foryounorthdakota.com 1 redirects foryounorthdakota.com	187 B
13	6

	Domain	Requested by
4	use.typekit.net	nd.benefitplace.com
3	nd.benefitplace.com	nd.benefitplace.com
2	wsreporting.benefitfocus.com	nd.benefitplace.com
2	www.google-analytics.com	www.googletagmanager.com nd.benefitplace.com
1	p.typekit.net	nd.benefitplace.com
1	www.googletagmanager.com	nd.benefitplace.com
1	foryounorthdakota.com	1 redirects
13	7

This site contains links to these domains. Also see Links.

Domain
my.benefitplace.com
www.benefitfocus.com

Subject Issuer	Validity	Valid
*.benefitplace.com DigiCert SHA2 Secure Server CA	`2020-04-02` - `2022-04-07`	2 years	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-04-15` - `2020-07-08`	3 months	crt.sh
*.benefitfocus.com DigiCert SHA2 Secure Server CA	`2020-01-15` - `2022-01-19`	2 years	crt.sh
use.typekit.net DigiCert SHA2 Secure Server CA	`2020-01-28` - `2022-02-01`	2 years	crt.sh
*.typekit.net DigiCert SHA2 Secure Server CA	`2019-12-06` - `2021-12-10`	2 years	crt.sh

This page contains 1 frames:

Primary Page: https://nd.benefitplace.com/welcome/nd.html
Frame ID: 21508D95B2120994A028A4130F8AA120
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://foryounorthdakota.com/ HTTP 301
https://nd.benefitplace.com/welcome/nd.html Page URL

Detected technologies

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

html //i

Page Statistics

13
Requests

100 %
HTTPS

67 %
IPv6

6
Domains

7
Subdomains

6
IPs

3
Countries

1056 kB
Transfer

1121 kB
Size

0
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: https://my.benefitplace.com/go/benefitplace?sponsorID=BFPL
Title: Login

Search URL Search Domain Scan URL

URL: https://my.benefitplace.com/public/control/memberAccountMaintenance?pl=benefitplace&forRegistration=true&sponsorID=BFPL
Title: Sign up

Search URL Search Domain Scan URL

URL: https://www.benefitfocus.com/
Title: .cls-1{fill:#65a6ff;}

Search URL Search Domain Scan URL

URL: https://www.benefitfocus.com/legal/benefitplace/privacy-statement
Title: Privacy Statement

Search URL Search Domain Scan URL

URL: https://www.benefitfocus.com/legal/benefitplace/terms-of-service
Title: Terms of Service

Search URL Search Domain Scan URL

URL: https://www.benefitfocus.com/legal/benefitplace/licenses
Title: Licenses

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://foryounorthdakota.com/ HTTP 301
https://nd.benefitplace.com/welcome/nd.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request nd.html Show response
nd.benefitplace.com/welcome/
Redirect Chain

http://foryounorthdakota.com/
https://nd.benefitplace.com/welcome/nd.html

20 KB
20 KB

796ms
325ms

Document
text/html

74.213.141.44
AS-TIERP-7349

General

Check archive.org

Show headers Download Go to

Full URL: https://nd.benefitplace.com/welcome/nd.html
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 74.213.141.44 , United States, ASN7349 (AS-TIERP-7349, US),
Reverse DNS: companionquickenroll.com
Software: /
Resource Hash: af4510c05071b9043e77a7a916609fb2c8b05bd6be558d4cf657b523335cf26c

Request headers

Host: nd.benefitplace.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Cache-Control: max-age=1800
Content-Type: text/html
Last-Modified: Thu, 07 May 2020 20:30:25 GMT
Accept-Ranges: bytes
ETag: "80469c56ae24d61:0"
Date: Wed, 13 May 2020 13:50:06 GMT
Content-Length: 20033

Redirect headers

Content-Type: text/html; charset=UTF-8
Location: https://nd.benefitplace.com/welcome/nd.html
Date: Wed, 13 May 2020 13:50:05 GMT
Content-Length: 166

GET
H/1.1 200
OK main.css
nd.benefitplace.com/welcome/ 5 KB
5 KB 158ms
157ms Stylesheet
text/css 74.213.141.44
AS-TIERP-7349

General

Check archive.org

Show headers Download Go to

Full URL: https://nd.benefitplace.com/welcome/main.css
Requested by: Host: nd.benefitplace.com
URL: https://nd.benefitplace.com/welcome/nd.html
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 74.213.141.44 , United States, ASN7349 (AS-TIERP-7349, US),
Reverse DNS: companionquickenroll.com
Software: /
Resource Hash: f26ba5f305b96c9c48d350b21c1ee7aecbeca92bd47d3194d50f74900862d6d5

Request headers

Referer: https://nd.benefitplace.com/welcome/nd.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 13 May 2020 13:50:06 GMT
Cache-Control: max-age=1800
Last-Modified: Mon, 20 Apr 2020 18:19:28 GMT
Accept-Ranges: bytes
ETag: "078733a4017d61:0"
Content-Length: 4618
Content-Type: text/css

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 60 KB
23 KB 42ms
22ms Script
application/javascript 2a00:1450:4001:81d::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-PTJRLS5

Requested by

Host: nd.benefitplace.com
URL: https://nd.benefitplace.com/welcome/nd.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

3751ac721f798d130928d7b21773fe785b04b87d1f143291043bc8a3fc832fa3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://nd.benefitplace.com/welcome/nd.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 13 May 2020 13:50:07 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22827
x-xss-protection: 0
last-modified: Wed, 13 May 2020 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 13 May 2020 13:50:07 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 45 KB
18 KB 25ms
6ms Script
text/javascript 2a00:1450:4001:817::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PTJRLS5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

2f1fd973e6c48489ae07c467e3278635b856c698d1f502e06af3ab555937deac

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://nd.benefitplace.com/welcome/nd.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 30 Apr 2020 21:54:13 GMT
server: Golfe2
age: 4292
date: Wed, 13 May 2020 12:38:35 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18433
expires: Wed, 13 May 2020 14:38:35 GMT

GET
H/1.1 200
OK matomo.js Show response
wsreporting.benefitfocus.com/webstats/prod/enrl/member/ 67 KB
68 KB 770ms
280ms Script
application/javascript 74.213.141.79
AS-TIERP-7349

General

Check archive.org

Show headers Download Go to

Full URL

https://wsreporting.benefitfocus.com/webstats/prod/enrl/member/matomo.js

Requested by

Host: nd.benefitplace.com
URL: https://nd.benefitplace.com/welcome/nd.html

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_CBC

Server

74.213.141.79 , United States, ASN7349 (AS-TIERP-7349, US),

Reverse DNS

Software

Resource Hash

ad2c5ecd660a0a5dff000926a75fe4b13cafa7849ad1e85c36676f1a120e013a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.benefitfocus.com http://.benefitfocus.com https://.hrintouch.com http://.hrintouch.com; connect-src * 'unsafe-eval'; child-src *;
Strict-Transport-Security	max-age=31536000; includeSubdomains

Request headers

Referer: https://nd.benefitplace.com/welcome/nd.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 13 May 2020 13:50:07 GMT
Last-Modified: Mon, 10 Feb 2020 03:17:52 GMT
ETag: "5e40cb60-10d53"
Strict-Transport-Security: max-age=31536000; includeSubdomains
Content-Type: application/javascript
Content-Security-Policy: frame-ancestors https://*.benefitfocus.com http://*.benefitfocus.com https://*.hrintouch.com http://*.hrintouch.com; connect-src * 'unsafe-eval'; child-src *;
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 68947

GET
H2 200 collect
www.google-analytics.com/r/ 35 B
196 B 13ms
13ms Image
image/gif 2a00:1450:4001:817::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/r/collect?v=1&_v=j82&a=1904297633&t=pageview&_s=1&dl=https%3A%2F%2Fnd.benefitplace.com%2Fwelcome%2Fnd.html&ul=en-us&de=UTF-8&dt=Benefitplace&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=YEBAAEAB~&jid=564936906&gjid=797550079&cid=467442397.1589377807&tid=UA-163605645-1&_gid=995272872.1589377807&_r=1&gtm=2wg4t0PTJRLS5&z=122638407

Requested by

Host: nd.benefitplace.com
URL: https://nd.benefitplace.com/welcome/nd.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://nd.benefitplace.com/welcome/nd.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 13 May 2020 13:50:07 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 fpk1ffu.css
use.typekit.net/ 6 KB
1 KB 164ms
143ms Stylesheet
text/css 2a02:26f0:6c00::210:ba2a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://use.typekit.net/fpk1ffu.css

Requested by

Host: nd.benefitplace.com
URL: https://nd.benefitplace.com/welcome/nd.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00::210:ba2a , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

nginx /

Resource Hash

27ae9dca2f5c2d0b1ddf36a57c498b1d14af644063041c9680f22a90ce2537f2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains;

Request headers

Referer: https://nd.benefitplace.com/welcome/nd.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains;
content-encoding: gzip
server: nginx
status: 200
date: Wed, 13 May 2020 13:50:07 GMT
vary: Accept-Encoding
content-type: text/css;charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=600, stale-while-revalidate=604800
timing-allow-origin: *
content-length: 894

GET
H/1.1 200
OK p.css
p.typekit.net/ 5 B
334 B 22ms
6ms Stylesheet
text/css 2a02:26f0:10:292::19fd
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://p.typekit.net/p.css?s=1&k=fpk1ffu&ht=tk&f=24539.24540.24547.24548.39562.39563.39564.39567&a=35044117&app=typekit&e=css
Requested by: Host: nd.benefitplace.com
URL: https://nd.benefitplace.com/welcome/nd.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10:292::19fd , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: nginx /
Resource Hash: 1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb

Request headers

Referer: https://nd.benefitplace.com/welcome/nd.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 13 May 2020 13:50:07 GMT
Last-Modified: Fri, 18 Oct 2019 20:47:29 GMT
Server: nginx
ETag: "5daa24e1-5"
Content-Type: text/css
Access-Control-Allow-Origin: *
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 5
Expires: Wed, 11 Dec 2019 16:45:14 GMT

GET
H/1.1 200
OK bg_hero.png
nd.benefitplace.com/welcome/ 806 KB
806 KB 168ms
167ms Image
image/png 74.213.141.44
AS-TIERP-7349

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nd.benefitplace.com/welcome/bg_hero.png
Requested by: Host: nd.benefitplace.com
URL: https://nd.benefitplace.com/welcome/nd.html
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 74.213.141.44 , United States, ASN7349 (AS-TIERP-7349, US),
Reverse DNS: companionquickenroll.com
Software: /
Resource Hash: 7bdca9730948f23f8401b01c84293a90579bec93c7853f1329425c39dae8e0df

Request headers

Referer: https://nd.benefitplace.com/welcome/main.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 13 May 2020 13:50:06 GMT
Cache-Control: max-age=1800
Last-Modified: Wed, 22 Apr 2020 17:10:05 GMT
Accept-Ranges: bytes
ETag: "8094efddc818d61:0"
Content-Length: 825107
Content-Type: image/png

GET
H2 200 l
use.typekit.net/af/76b2b8/00000000000000003b9b208f/27/ 33 KB
34 KB 37ms
18ms Font
application/font-woff2 2a02:26f0:6c00::210:ba2a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/76b2b8/00000000000000003b9b208f/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
Requested by: Host: nd.benefitplace.com
URL: https://nd.benefitplace.com/welcome/nd.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba2a , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: nginx /
Resource Hash: 19527e511fa665bdf2c871fc65e22aff3fa080e5a6aee94d943ab10781f7a805

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://use.typekit.net/fpk1ffu.css
Origin: https://nd.benefitplace.com

Response headers

date: Wed, 13 May 2020 13:50:07 GMT
server: nginx
etag: "e92a017831d25af189575e341800e73b8fdc8ef8"
status: 200
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
timing-allow-origin: *
content-length: 34168

GET
H2 200 l
use.typekit.net/af/5855b2/00000000000000003b9b1a98/27/ 39 KB
40 KB 25ms
7ms Font
application/font-woff2 2a02:26f0:6c00::210:ba2a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/5855b2/00000000000000003b9b1a98/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
Requested by: Host: nd.benefitplace.com
URL: https://nd.benefitplace.com/welcome/nd.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba2a , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: nginx /
Resource Hash: 7dfd548886b523b93ac1612cc816536cbbe342b71213897c41b1c0245a199db2

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://use.typekit.net/fpk1ffu.css
Origin: https://nd.benefitplace.com

Response headers

date: Wed, 13 May 2020 13:50:07 GMT
server: nginx
etag: "6d15c45d64f64175b9a3528cb8f1e719fe42ab00"
status: 200
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
timing-allow-origin: *
content-length: 40272

GET
H2 200 l
use.typekit.net/af/30420e/00000000000000003b9b1a9e/27/ 41 KB
41 KB 29ms
11ms Font
application/font-woff2 2a02:26f0:6c00::210:ba2a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/30420e/00000000000000003b9b1a9e/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
Requested by: Host: nd.benefitplace.com
URL: https://nd.benefitplace.com/welcome/nd.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba2a , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: nginx /
Resource Hash: 68d4dc40590dffdd0fde1d804cd9ecc62a967a7c9924d96b26108b4c20043570

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://use.typekit.net/fpk1ffu.css
Origin: https://nd.benefitplace.com

Response headers

date: Wed, 13 May 2020 13:50:07 GMT
server: nginx
etag: "a859da2f81bafd36dfbf1aa7ded93511808dc7c3"
status: 200
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
timing-allow-origin: *
content-length: 41492

GET
H/1.1 200
OK matomo.php
wsreporting.benefitfocus.com/webstats/prod/enrl/member/ 43 B
506 B 217ms
216ms Image
image/gif 74.213.141.79
AS-TIERP-7349

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://wsreporting.benefitfocus.com/webstats/prod/enrl/member/matomo.php?action_name=Benefitplace&idsite=1&rec=1&r=924683&h=15&m=50&s=8&url=https%3A%2F%2Fnd.benefitplace.com%2Fwelcome%2Fnd.html&_id=e717b7ddc2a27f15&_idts=1589377808&_idvc=1&_idn=0&_refts=0&_viewts=1589377808&send_image=1&cookie=1&res=1600x1200&dimension2=Benefitplace&dimension3=Benefitplace&dimension4=Member&dimension5=Person&_cvar=%7B%223%22%3A%5B%22Sponsor%22%2C%2210000020049658224%22%5D%2C%224%22%3A%5B%22Carrier%22%2C%22%2010000020052379384%22%5D%7D&gt_ms=330&pv_id=EFZDZC

Requested by

Host: nd.benefitplace.com
URL: https://nd.benefitplace.com/welcome/nd.html

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_CBC

Server

74.213.141.79 , United States, ASN7349 (AS-TIERP-7349, US),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.benefitfocus.com http://.benefitfocus.com https://.hrintouch.com http://.hrintouch.com; connect-src * 'unsafe-eval'; child-src *;
Strict-Transport-Security	max-age=31536000; includeSubdomains

Request headers

Referer: https://nd.benefitplace.com/welcome/nd.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 13 May 2020 13:50:08 GMT
Strict-Transport-Security: max-age=31536000; includeSubdomains
Content-Type: image/gif
Cache-Control: no-store
Transfer-Encoding: chunked
Server-Timing: intid;desc=6ca0a402c08edb4c
Content-Security-Policy: frame-ancestors https://*.benefitfocus.com http://*.benefitfocus.com https://*.hrintouch.com http://*.hrintouch.com; connect-src * 'unsafe-eval'; child-src *;
Connection: keep-alive

Verdicts & Comments Add Verdict or Comment

16 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	error	URL: https://wsreporting.benefitfocus.com/webstats/prod/enrl/member/matomo.js(Line 22) Message: The method enableLinkTracking is registered more than once in "_paq" variable. Only the last call has an effect. Please have a look at the multiple Piwik trackers documentation: https://developer.piwik.org/guides/tracking-javascript-guide#multiple-piwik-trackers

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

foryounorthdakota.com
nd.benefitplace.com
p.typekit.net
use.typekit.net
wsreporting.benefitfocus.com
www.google-analytics.com
www.googletagmanager.com
2a00:1450:4001:817::200e
2a00:1450:4001:81d::2008
2a02:26f0:10:292::19fd
2a02:26f0:6c00::210:ba2a
74.213.141.44
74.213.141.79
19527e511fa665bdf2c871fc65e22aff3fa080e5a6aee94d943ab10781f7a805
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb
27ae9dca2f5c2d0b1ddf36a57c498b1d14af644063041c9680f22a90ce2537f2
2f1fd973e6c48489ae07c467e3278635b856c698d1f502e06af3ab555937deac
3751ac721f798d130928d7b21773fe785b04b87d1f143291043bc8a3fc832fa3
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
68d4dc40590dffdd0fde1d804cd9ecc62a967a7c9924d96b26108b4c20043570
7bdca9730948f23f8401b01c84293a90579bec93c7853f1329425c39dae8e0df
7dfd548886b523b93ac1612cc816536cbbe342b71213897c41b1c0245a199db2
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
ad2c5ecd660a0a5dff000926a75fe4b13cafa7849ad1e85c36676f1a120e013a
af4510c05071b9043e77a7a916609fb2c8b05bd6be558d4cf657b523335cf26c
f26ba5f305b96c9c48d350b21c1ee7aecbeca92bd47d3194d50f74900862d6d5

nd.benefitplace.com Open in urlscan Pro 74.213.141.44 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

13 Requests

100 %HTTPS

67 %IPv6

6 Domains

7 Subdomains

6 IPs

3 Countries

1056 kBTransfer

1121 kBSize

0 Cookies

6 Outgoing links

Page URL History

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

16 JavaScript Global Variables

0 Cookies

1 Console Messages

Indicators

nd.benefitplace.com Open in urlscan Pro
74.213.141.44 Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

100 %
HTTPS

67 %
IPv6

6
Domains

7
Subdomains

6
IPs

3
Countries

1056 kB
Transfer

1121 kB
Size

0
Cookies

13 HTTP transactions
0 data transactions