benefits-authority.com Open in urlscan Pro
69.172.201.115 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://omrexchtest.omr.state.ny.us/ruKU5ac.aspx?gFFLmPDcrSbM=bTdHsrsrTwfQ1ie451r01wd3u01q2wx0z25d1p06hd2qvniqt
Effective URL:
https://benefits-authority.com/?mbi=1606463709
Submission: On September 30 via api (September 30th 2024, 11:28:36 pm UTC) from BE — Scanned from US

Summary HTTP 24 Redirects Behaviour Indicators

Summary

This website contacted 11 IPs in 5 countries across 13 domains to perform 24 HTTP transactions. The main IP is 69.172.201.115, located in Canada and belongs to DOSARREST, US. The main domain is benefits-authority.com.
TLS certificate: Issued by R11 on September 23rd 2024. Valid for: 3 months.

This is the only time benefits-authority.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	91.234.34.44 91.234.34.44	56485 (THEHOST-AS) (THEHOST-AS)
1	62.210.7.109 62.210.7.109	12876 (Online SAS) (Online SAS)
2 2	45.147.195.6 45.147.195.6	49392 (ASBAXETN) (ASBAXETN)
1 1	35.190.6.55 35.190.6.55	15169 (GOOGLE) (GOOGLE)
1 3	69.172.200.185 69.172.200.185	19324 (DOSARREST) (DOSARREST)
7	69.172.201.115 69.172.201.115	19324 (DOSARREST) (DOSARREST)
1	199.232.192.193 199.232.192.193	54113 (FASTLY) (FASTLY)
1	2606:4700:10:... 2606:4700:10::6816:26b6	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	18.164.124.33 18.164.124.33	16509 (AMAZON-02) (AMAZON-02)
5	54.87.203.20 54.87.203.20	14618 (AMAZON-AES) (AMAZON-AES)
1	18.164.124.56 18.164.124.56	16509 (AMAZON-02) (AMAZON-02)
2	34.238.77.248 34.238.77.248	14618 (AMAZON-AES) (AMAZON-AES)
2	18.235.73.24 18.235.73.24	14618 (AMAZON-AES) (AMAZON-AES)
1	3.168.96.38 3.168.96.38	16509 (AMAZON-02) (AMAZON-02)
24	11

1 91.234.34.44 (Kyiv Oblast, Ukraine) 1 redirects

ASN56485 (THEHOST-AS, UA)
PTR: gibson.gimmetravel.com

omrexchtest.omr.state.ny.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 62.210.7.109 (France)

ASN12876 (Online SAS, FR)
PTR: connect.sweetwaterfares.com

purelymandy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 45.147.195.6 (Moscow, Russian Federation) 2 redirects

ASN49392 (ASBAXETN, RU)

1ibeg.suggestedspins.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
1ibeg.spinningfastloop.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.6.55 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 55.6.190.35.bc.googleusercontent.com

www.dpvyw6trk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 69.172.200.185 (Canada) 1 redirects

ASN19324 (DOSARREST, US)
PTR: maxbounty.com

afflat3d3.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
av-api.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 69.172.201.115 (Canada)

ASN19324 (DOSARREST, US)

benefits-authority.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.232.192.193 (United States)

ASN54113 (FASTLY, US)

i.imgur.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6816:26b6 (United States)

ASN13335 (CLOUDFLARENET, US)

create.lidstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.164.124.33 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-164-124-33.jfk50.r.cloudfront.net

api.pushnami.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 54.87.203.20 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-87-203-20.compute-1.amazonaws.com

create.leadid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.164.124.56 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-164-124-56.jfk50.r.cloudfront.net

api.pushnami.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.238.77.248 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-238-77-248.compute-1.amazonaws.com

trc.pushnami.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.235.73.24 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-235-73-24.compute-1.amazonaws.com

psp.pushnami.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.168.96.38 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-3-168-96-38.jfk52.r.cloudfront.net

d2m2wsoho8qq12.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	benefits-authority.com benefits-authority.com	549 KB
6	pushnami.com api.pushnami.com — Cisco Umbrella Rank: 8257 trc.pushnami.com — Cisco Umbrella Rank: 8303 psp.pushnami.com — Cisco Umbrella Rank: 25396	18 KB
5	leadid.com create.leadid.com — Cisco Umbrella Rank: 15799	3 KB
2	av-api.com av-api.com	39 KB
1	cloudfront.net d2m2wsoho8qq12.cloudfront.net
1	lidstatic.com create.lidstatic.com — Cisco Umbrella Rank: 25553	39 KB
1	imgur.com i.imgur.com — Cisco Umbrella Rank: 8520	411 KB
1	afflat3d3.com 1 redirects afflat3d3.com	839 B
1	dpvyw6trk.com 1 redirects www.dpvyw6trk.com	711 B
1	spinningfastloop.com 1 redirects 1ibeg.spinningfastloop.com	972 B
1	suggestedspins.com 1 redirects 1ibeg.suggestedspins.com	1002 B
1	purelymandy.com purelymandy.com	468 B
1	state.ny.us 1 redirects omrexchtest.omr.state.ny.us	277 B
24	13

	Domain	Requested by
7	benefits-authority.com	purelymandy.com benefits-authority.com
5	create.leadid.com	create.lidstatic.com
2	psp.pushnami.com	api.pushnami.com
2	trc.pushnami.com	api.pushnami.com
2	api.pushnami.com	benefits-authority.com api.pushnami.com
2	av-api.com	benefits-authority.com
1	d2m2wsoho8qq12.cloudfront.net	create.lidstatic.com
1	create.lidstatic.com	benefits-authority.com
1	i.imgur.com
1	afflat3d3.com	1 redirects
1	www.dpvyw6trk.com	1 redirects
1	1ibeg.spinningfastloop.com	1 redirects
1	1ibeg.suggestedspins.com	1 redirects
1	purelymandy.com
1	omrexchtest.omr.state.ny.us	1 redirects
24	15

This site contains no links.

Subject Issuer	Validity	Valid
purelymandy.com Sectigo RSA Domain Validation Secure Server CA	`2024-05-16` - `2025-06-16`	a year	crt.sh
championautoinsurance.com R11	`2024-09-23` - `2024-12-22`	3 months	crt.sh
av-api.com R10	`2024-08-19` - `2024-11-17`	3 months	crt.sh
*.imgur.com Sectigo RSA Domain Validation Secure Server CA	`2024-02-15` - `2025-02-14`	a year	crt.sh
lidstatic.com E6	`2024-09-20` - `2024-12-19`	3 months	crt.sh
*.pushnami.com Amazon RSA 2048 M02	`2024-02-03` - `2025-03-03`	a year	crt.sh
create.leadid.com Amazon RSA 2048 M03	`2024-07-20` - `2025-08-18`	a year	crt.sh
*.cloudfront.net Amazon RSA 2048 M01	`2024-07-30` - `2025-07-03`	a year	crt.sh

This page contains 3 frames:

Primary Page: https://benefits-authority.com/?mbi=1606463709
Frame ID: 589A01E4A3455E53102FD3BB5309BD3E
Requests: 20 HTTP requests in this frame

Frame: https://api.pushnami.com/scripts/v1/hub
Frame ID: D4CF3E34C1C698C089B25417B8DF8CB2
Requests: 1 HTTP requests in this frame

Frame: https://d2m2wsoho8qq12.cloudfront.net/iframe.html?token=9D5DB41B-92FE-3945-2DBF-078D5E058CD5&apiurl=https%3A%2F%2Fcreate.leadid.com%2F2.15.0&lck=D2FB0EC8-1E8C-A402-E4AC-9205FE98F622&lac=4B1F5928-2127-08FA-4EA5-F0DB210F6AAE
Frame ID: 0B9697F7E9EFA35DAAE093C495C03A7F
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Benefits Authority 2

Page URL History Show full URLs

http://omrexchtest.omr.state.ny.us/ruKU5ac.aspx?gFFLmPDcrSbM=bTdHsrsrTwfQ1ie451r01wd3u01q2wx0z25d1p06hd2qvniqt HTTP 307
https://omrexchtest.omr.state.ny.us/ruKU5ac.aspx?gFFLmPDcrSbM=bTdHsrsrTwfQ1ie451r01wd3u01q2wx0z25d1p06hd2qvniqt HTTP 307
http://omrexchtest.omr.state.ny.us/ruKU5ac.aspx?gFFLmPDcrSbM=bTdHsrsrTwfQ1ie451r01wd3u01q2wx0z25d1p06hd2qvniqt HTTP 302
https://purelymandy.com/1761401a35300e20800/35_1097381_2896449/2785_3189594_06hd2qv_61/1112098959_20... Page URL
https://1ibeg.suggestedspins.com/?kw=690052&s1=690052&s2=35_1097381_2896449&s3=1433321564&s4=45 HTTP 302
https://1ibeg.spinningfastloop.com/o/Z4LLRNST/adc0738e-7f83-11ef-9c64-4bda44ca63c2/adc8c8ea-7f83-11ef-be1a-2b25... HTTP 302
https://www.dpvyw6trk.com/7P4RRF/QT9RR8R/?sub1=74698&sub2=aeb6c73e-7f83-11ef-ba67-99b720f90da4& HTTP 302
https://afflat3d3.com/lnk.asp?o=26996&c=918271&a=574293&k=8E60CC8BC6A39DC220372315C4F7B695&l=28846... HTTP 302
https://benefits-authority.com/?mbi=1606463709 Page URL

Detected technologies

Pushnami (Marketing automation) Expand

Overall confidence: 100%
Detected patterns

api\.pushnami\.com

Page Statistics

24
Requests

100 %
HTTPS

7 %
IPv6

13
Domains

15
Subdomains

11
IPs

5
Countries

1061 kB
Transfer

2475 kB
Size

18
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://omrexchtest.omr.state.ny.us/ruKU5ac.aspx?gFFLmPDcrSbM=bTdHsrsrTwfQ1ie451r01wd3u01q2wx0z25d1p06hd2qvniqt HTTP 307
https://omrexchtest.omr.state.ny.us/ruKU5ac.aspx?gFFLmPDcrSbM=bTdHsrsrTwfQ1ie451r01wd3u01q2wx0z25d1p06hd2qvniqt HTTP 307
http://omrexchtest.omr.state.ny.us/ruKU5ac.aspx?gFFLmPDcrSbM=bTdHsrsrTwfQ1ie451r01wd3u01q2wx0z25d1p06hd2qvniqt HTTP 302
https://purelymandy.com/1761401a35300e20800/35_1097381_2896449/2785_3189594_06hd2qv_61/1112098959_208-252-80-125 Page URL
https://1ibeg.suggestedspins.com/?kw=690052&s1=690052&s2=35_1097381_2896449&s3=1433321564&s4=45 HTTP 302
https://1ibeg.spinningfastloop.com/o/Z4LLRNST/adc0738e-7f83-11ef-9c64-4bda44ca63c2/adc8c8ea-7f83-11ef-be1a-2b25b09bc47c HTTP 302
https://www.dpvyw6trk.com/7P4RRF/QT9RR8R/?sub1=74698&sub2=aeb6c73e-7f83-11ef-ba67-99b720f90da4& HTTP 302
https://afflat3d3.com/lnk.asp?o=26996&c=918271&a=574293&k=8E60CC8BC6A39DC220372315C4F7B695&l=28846&s1=148&s2=6a608168951b42749284bfd0d482050c HTTP 302
https://benefits-authority.com/?mbi=1606463709 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://omrexchtest.omr.state.ny.us/ruKU5ac.aspx?gFFLmPDcrSbM=bTdHsrsrTwfQ1ie451r01wd3u01q2wx0z25d1p06hd2qvniqt HTTP 307
https://omrexchtest.omr.state.ny.us/ruKU5ac.aspx?gFFLmPDcrSbM=bTdHsrsrTwfQ1ie451r01wd3u01q2wx0z25d1p06hd2qvniqt HTTP 307
http://omrexchtest.omr.state.ny.us/ruKU5ac.aspx?gFFLmPDcrSbM=bTdHsrsrTwfQ1ie451r01wd3u01q2wx0z25d1p06hd2qvniqt HTTP 302
https://purelymandy.com/1761401a35300e20800/35_1097381_2896449/2785_3189594_06hd2qv_61/1112098959_208-252-80-125

24 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

1112098959_208-252-80-125
purelymandy.com/1761401a35300e20800/35_1097381_2896449/2785_3189594_06hd2qv_61/
Redirect Chain

http://omrexchtest.omr.state.ny.us/ruKU5ac.aspx?gFFLmPDcrSbM=bTdHsrsrTwfQ1ie451r01wd3u01q2wx0z25d1p06hd2qvniqt
https://omrexchtest.omr.state.ny.us/ruKU5ac.aspx?gFFLmPDcrSbM=bTdHsrsrTwfQ1ie451r01wd3u01q2wx0z25d1p06hd2qvniqt
http://omrexchtest.omr.state.ny.us/ruKU5ac.aspx?gFFLmPDcrSbM=bTdHsrsrTwfQ1ie451r01wd3u01q2wx0z25d1p06hd2qvniqt
https://purelymandy.com/1761401a35300e20800/35_1097381_2896449/2785_3189594_06hd2qv_61/1112098959_208-252-80-125

158 B
468 B

1483ms
468ms

Document
text/html

62.210.7.109
Online SAS

General

Check archive.org

Show headers Download Go to

Full URL: https://purelymandy.com/1761401a35300e20800/35_1097381_2896449/2785_3189594_06hd2qv_61/1112098959_208-252-80-125
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 62.210.7.109 , France, ASN12876 (Online SAS, FR),
Reverse DNS: connect.sweetwaterfares.com
Software: Apache /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

Connection: close
Content-Length: 158
Content-Type: text/html; charset=UTF-8
Date: Mon, 30 Sep 2024 23:28:19 GMT
Server: Apache

Redirect headers

Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Date: Mon, 30 Sep 2024 23:28:17 GMT
Location: https://purelymandy.com/1761401a35300e20800/35_1097381_2896449/2785_3189594_06hd2qv_61/1112098959_208-252-80-125
Server: Apache

GET
H/1.1

200
OK

Primary Request / Show response
benefits-authority.com/
Redirect Chain

https://1ibeg.suggestedspins.com/?kw=690052&s1=690052&s2=35_1097381_2896449&s3=1433321564&s4=45
https://1ibeg.spinningfastloop.com/o/Z4LLRNST/adc0738e-7f83-11ef-9c64-4bda44ca63c2/adc8c8ea-7f83-11ef-be1a-2b25b09bc47c
https://www.dpvyw6trk.com/7P4RRF/QT9RR8R/?sub1=74698&sub2=aeb6c73e-7f83-11ef-ba67-99b720f90da4&
https://afflat3d3.com/lnk.asp?o=26996&c=918271&a=574293&k=8E60CC8BC6A39DC220372315C4F7B695&l=28846&s1=148&s2=6a608168951b42749284bfd0d482050c
https://benefits-authority.com/?mbi=1606463709

3 KB
2 KB

222ms
58ms

Document
text/html

69.172.201.115
DOSARREST

General

Check archive.org

Show headers Download Go to

Full URL

https://benefits-authority.com/?mbi=1606463709

Requested by

Host: purelymandy.com
URL: https://purelymandy.com/1761401a35300e20800/35_1097381_2896449/2785_3189594_06hd2qv_61/1112098959_208-252-80-125

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

69.172.201.115 , Canada, ASN19324 (DOSARREST, US),

Reverse DNS

Software

nginx/1.20.2 / ASP.NET

Resource Hash

5051e2fb2fe91fdd7d5b32f1881c16a58b4dbd92a17a46c86d9d0bea5cb3e0b0

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://purelymandy.com/1761401a35300e20800/35_1097381_2896449/2785_3189594_06hd2qv_61/1112098959_208-252-80-125
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 1470
Content-Type: text/html
Date: Mon, 30 Sep 2024 23:28:22 GMT
ETag: "095ed8b90b6da1:0"
Keep-Alive: timeout=20
Last-Modified: Tue, 04 Jun 2024 15:04:50 GMT
Server: nginx/1.20.2
Vary: Accept-Encoding
X-DIS-Request-ID: 39239dc715d6bd4746510420a83a7f1a
X-Frame-Options: SAMEORIGIN
X-Powered-By: ASP.NET

Redirect headers

Cache-Control: private
Connection: keep-alive
Content-Length: 166
Content-Type: text/html
Date: Mon, 30 Sep 2024 23:28:22 GMT
Keep-Alive: timeout=20
Location: https://benefits-authority.com?mbi=1606463709
Server: nginx/1.20.2
X-DIS-Request-ID: 5b1fd4ffb9252ee23662d2f44f6e8282
X-Powered-By: ASP.NET

GET
H/1.1 200
OK 2.9a56c832.chunk.css
benefits-authority.com/static/css/ 186 KB
48 KB 66ms
64ms Stylesheet
text/css 69.172.201.115
DOSARREST

General

Check archive.org

Show headers Download Go to

Full URL

https://benefits-authority.com/static/css/2.9a56c832.chunk.css

Requested by

Host: benefits-authority.com
URL: https://benefits-authority.com/?mbi=1606463709

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

69.172.201.115 , Canada, ASN19324 (DOSARREST, US),

Reverse DNS

Software

nginx/1.20.2 / ASP.NET

Resource Hash

14b075d2831615d4fb62e8b8271b62ed622ba8d36e51797d6df9ebbc95f96b58

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://benefits-authority.com/?mbi=1606463709

Response headers

X-Frame-Options: SAMEORIGIN
X-Powered-By: ASP.NET
Content-Encoding: gzip
ETag: "095ed8b90b6da1:0"
Connection: keep-alive
X-DIS-Request-ID: 0e8d11a2c1ecc29ea1275fd0f21a243d
Accept-Ranges: bytes
Content-Length: 48500
Keep-Alive: timeout=20
Date: Mon, 30 Sep 2024 23:28:23 GMT
Content-Type: text/css
Last-Modified: Tue, 04 Jun 2024 15:04:50 GMT
Server: nginx/1.20.2
Vary: Accept-Encoding

GET
H/1.1 200
OK main.53dbd380.chunk.css
benefits-authority.com/static/css/ 5 KB
2 KB 188ms
99ms Stylesheet
text/css 69.172.201.115
DOSARREST

General

Check archive.org

Show headers Download Go to

Full URL

https://benefits-authority.com/static/css/main.53dbd380.chunk.css

Requested by

Host: benefits-authority.com
URL: https://benefits-authority.com/?mbi=1606463709

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

69.172.201.115 , Canada, ASN19324 (DOSARREST, US),

Reverse DNS

Software

nginx/1.20.2 / ASP.NET

Resource Hash

42f373b869a5f0a9438bac0f1866aad195a0ec3cf9be60a7036955499e5620a9

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://benefits-authority.com/?mbi=1606463709

Response headers

X-Frame-Options: SAMEORIGIN
X-Powered-By: ASP.NET
Content-Encoding: gzip
ETag: "095ed8b90b6da1:0"
Connection: keep-alive
X-DIS-Request-ID: 78db70fab61994d00307ea86dca288de
Accept-Ranges: bytes
Content-Length: 1634
Keep-Alive: timeout=20
Date: Mon, 30 Sep 2024 23:28:23 GMT
Content-Type: text/css
Last-Modified: Tue, 04 Jun 2024 15:04:50 GMT
Server: nginx/1.20.2
Vary: Accept-Encoding

GET
H/1.1 200
OK 2.12dd23d0.chunk.js Show response
benefits-authority.com/static/js/ 1 MB
475 KB 206ms
116ms Script
application/javascript 69.172.201.115
DOSARREST

General

Check archive.org

Show headers Download Go to

Full URL

https://benefits-authority.com/static/js/2.12dd23d0.chunk.js

Requested by

Host: benefits-authority.com
URL: https://benefits-authority.com/?mbi=1606463709

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

69.172.201.115 , Canada, ASN19324 (DOSARREST, US),

Reverse DNS

Software

nginx/1.20.2 / ASP.NET

Resource Hash

dd30f9294822c6d5c32e8fc4e4de069194ad4b9ca958d9f9265d321fc4aa3e44

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://benefits-authority.com/?mbi=1606463709

Response headers

X-Frame-Options: SAMEORIGIN
X-Powered-By: ASP.NET
Content-Encoding: gzip
ETag: "095ed8b90b6da1:0"
Connection: keep-alive
X-DIS-Request-ID: 0ea8c7d180bf94e0b0c3ff1e6e40c6e7
Accept-Ranges: bytes
Content-Length: 486259
Keep-Alive: timeout=20
Date: Mon, 30 Sep 2024 23:28:23 GMT
Content-Type: application/javascript
Last-Modified: Tue, 04 Jun 2024 15:04:50 GMT
Server: nginx/1.20.2
Vary: Accept-Encoding

GET
H/1.1 200
OK main.37287f54.chunk.js Show response
benefits-authority.com/static/js/ 93 KB
18 KB 145ms
55ms Script
application/javascript 69.172.201.115
DOSARREST

General

Check archive.org

Show headers Download Go to

Full URL

https://benefits-authority.com/static/js/main.37287f54.chunk.js

Requested by

Host: benefits-authority.com
URL: https://benefits-authority.com/?mbi=1606463709

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

69.172.201.115 , Canada, ASN19324 (DOSARREST, US),

Reverse DNS

Software

nginx/1.20.2 / ASP.NET

Resource Hash

c02cb664f7b0323b2d7a5a5b4766f58466c22b62361a62b95b0471cc8330c5a6

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://benefits-authority.com/?mbi=1606463709

Response headers

X-Frame-Options: SAMEORIGIN
X-Powered-By: ASP.NET
Content-Encoding: gzip
ETag: "095ed8b90b6da1:0"
Connection: keep-alive
X-DIS-Request-ID: f408bfcd0ec561719efd168246695ae9
Accept-Ranges: bytes
Content-Length: 18007
Keep-Alive: timeout=20
Date: Mon, 30 Sep 2024 23:28:23 GMT
Content-Type: application/javascript
Last-Modified: Tue, 04 Jun 2024 15:04:50 GMT
Server: nginx/1.20.2
Vary: Accept-Encoding

GET
H/1.1 200
OK 046735c231e9fdd407ad3542d66f1786 Show response
av-api.com/property/13/0/ 164 KB
32 KB 675ms
466ms Fetch
application/json 69.172.200.185
DOSARREST

General

Check archive.org

Show headers Download Go to

Full URL: https://av-api.com/property/13/0/046735c231e9fdd407ad3542d66f1786?mbi=1606463709
Requested by: Host: benefits-authority.com
URL: https://benefits-authority.com/static/js/main.37287f54.chunk.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 69.172.200.185 , Canada, ASN19324 (DOSARREST, US),
Reverse DNS: maxbounty.com
Software: nginx/1.20.2 / Express, ASP.NET
Resource Hash: 5a5c6180144fef4a91d48f06d56d156f26fc37fa01ab07015ca7724dfb25920a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://benefits-authority.com/

Response headers

Transfer-Encoding: chunked
Content-Encoding: gzip
ETag: W/"290d0-wxQTHVQsVqQKzsaYj0GUX38kXrE"
Connection: keep-alive
Access-Control-Allow-Credentials: true
X-DIS-Request-ID: cc3cab7ee5795215d1c24aeb0d888d1a
Access-Control-Allow-Origin: https://benefits-authority.com
Keep-Alive: timeout=20
Date: Mon, 30 Sep 2024 23:28:24 GMT
Content-Type: application/json; charset=utf-8
Vary: Origin
Server: nginx/1.20.2
X-Powered-By: Express, ASP.NET

GET
H/1.1 200
OK favicon.ico
benefits-authority.com/ 4 KB
4 KB 43ms
42ms Other
image/x-icon 69.172.201.115
DOSARREST

General

Check archive.org

Show headers Download Go to

Full URL

https://benefits-authority.com/favicon.ico

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

69.172.201.115 , Canada, ASN19324 (DOSARREST, US),

Reverse DNS

Software

nginx/1.20.2 / ASP.NET

Resource Hash

3d10f7da6c603178340081668c4ac5b3ae9743ca9a262ab0fcd312fbb9f48bdd

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://benefits-authority.com/?mbi=1606463709

Response headers

X-Frame-Options: SAMEORIGIN
ETag: "25e9dfe3d35dda1:0"
Connection: keep-alive
X-DIS-Request-ID: fe716c3da24c15c7e8ef6dd57ee4e1b0
Accept-Ranges: bytes
Content-Length: 3870
Keep-Alive: timeout=20
Date: Mon, 30 Sep 2024 23:28:23 GMT
Content-Type: image/x-icon
Last-Modified: Mon, 12 Feb 2024 16:52:40 GMT
Server: nginx/1.20.2
X-Powered-By: ASP.NET

GET
H/1.1 200
OK logo
av-api.com/cdn/image/site/22/ 7 KB
8 KB 150ms
59ms Image
image/png 69.172.200.185
DOSARREST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://av-api.com/cdn/image/site/22/logo
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 69.172.200.185 , Canada, ASN19324 (DOSARREST, US),
Reverse DNS: maxbounty.com
Software: nginx/1.20.2 / Express, ASP.NET
Resource Hash: 5f1adb90a1acc45fd824b3a042617a48228fde56c778b5c4d7d9f0c3275dfc79

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://benefits-authority.com
Referer: https://benefits-authority.com/

Response headers

Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Credentials: true
X-DIS-Request-ID: 4c20876c7a2f0a7cf02b89c27b44a586
Access-Control-Allow-Origin: https://benefits-authority.com
Keep-Alive: timeout=20
Date: Mon, 30 Sep 2024 23:28:24 GMT
Vary: Origin
Server: nginx/1.20.2
X-Powered-By: Express, ASP.NET

GET
H2 200 JgfDBX6.png
i.imgur.com/ 410 KB
411 KB 203ms
35ms Image
image/png 199.232.192.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/JgfDBX6.png

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.192.193 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

f99e785b0abda784b68fcf4840fbe98909760620f12002087f1af4b874971333

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://benefits-authority.com/

Response headers

etag: "7cc39a0991db31903bf8adc7fdbedbee"
age: 3596954
access-control-allow-methods: GET, OPTIONS
x-content-type-options: nosniff
x-cache: Miss from cloudfront, HIT, HIT
x-amz-cf-id: u-ejUqw-CLgwu1MFuWsle22RELUDKlRtquniQvj31HZtGC7rFApm4Q==
date: Mon, 30 Sep 2024 23:28:24 GMT
content-type: image/png
last-modified: Tue, 04 Jun 2024 20:04:06 GMT
x-cache-hits: 1439, 0
x-served-by: cache-iad-kjyo7100044-IAD, cache-ewr-kewr1740069-EWR
strict-transport-security: max-age=300
cache-control: public, max-age=31536000
x-timer: S1727738904.302914,VS0,VE2
accept-ranges: bytes
access-control-allow-origin: *
content-length: 420303
x-amz-cf-pop: MIA3-P1
server: cat factory 1.0
x-amz-server-side-encryption: AES256

GET
H2 200 d2fb0ec8-1e8c-a402-e4ac-9205fe98f622.js Show response
create.lidstatic.com/campaign/ 121 KB
39 KB 276ms
129ms Script
text/javascript 2606:4700:10::6816:26b6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://create.lidstatic.com/campaign/d2fb0ec8-1e8c-a402-e4ac-9205fe98f622.js?snippet_version=2&callback=setUniversalLeadId
Requested by: Host: benefits-authority.com
URL: https://benefits-authority.com/static/js/main.37287f54.chunk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:26b6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4b10ba9cbef05a78cee2d4a7929ca17601e5a548950222485a0d3210b843d74e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://benefits-authority.com/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"4abc12d0583a69a38379005e8e95eacc"
x-amz-version-id: twCQ4PuHOgpLnmrvwu5tilHUduYAvsSm
age: 208
date: Mon, 30 Sep 2024 23:28:24 GMT
content-type: text/javascript
last-modified: Mon, 15 Jul 2024 16:23:05 GMT
vary: Accept-Encoding
x-amz-id-2: tmQd/o7IImtT32m8isk4aQ3yxfMI7Rl8bRxX1v3RUwzVfz9ytHkD7H1mo9jZE5PY8tEYUo/cYZQ=
x-amz-replication-status: COMPLETED
cache-control: max-age=1800
x-amz-request-id: 24QYYD0KE8CYJDEH
cf-ray: 8cb7fd37ea2f4411-EWR
access-control-allow-origin: *
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 662a836a473fc40013e65c89 Show response
api.pushnami.com/scripts/v1/pushnami-adv/ 87 KB
18 KB 181ms
42ms Script
application/javascript 18.164.124.33
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.pushnami.com/scripts/v1/pushnami-adv/662a836a473fc40013e65c89
Requested by: Host: benefits-authority.com
URL: https://benefits-authority.com/static/js/main.37287f54.chunk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.164.124.33 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-164-124-33.jfk50.r.cloudfront.net
Software: /
Resource Hash: 55f9cdccf0f273c81029326fe8350586bb752c6182ad640789c1296330fd3c7f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://benefits-authority.com/

Response headers

cache-control: no-cache
content-encoding: gzip
age: 208
via: 1.1 441f91af2fc013470161b54d14d10a44.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: PSIkwgJYGFo1KixPGzGp8vU5MlC4O8ldB--O3oLygoaOV7pNUN_rfw==
date: Mon, 30 Sep 2024 23:24:56 GMT
content-type: application/javascript; charset=utf-8
vary: accept-encoding
x-amz-cf-pop: JFK50-P7

GET
H2 200 noscript.gif
create.leadid.com/ 43 B
643 B 236ms
97ms Image
image/gif 54.87.203.20
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://create.leadid.com/noscript.gif?lac=4b1f5928-2127-08fa-4ea5-f0db210f6aae&lck=d2fb0ec8-1e8c-a402-e4ac-9205fe98f622&snippet_version=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.87.203.20 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-87-203-20.compute-1.amazonaws.com

Software

nginx /

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://benefits-authority.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-max-age: 1728000
content-encoding: none
etag: FD2B79A2-97EB-5E37-3C57-34B47B74046B
access-control-allow-origin: *
date: Mon, 30 Sep 2024 23:28:24 GMT
content-type: image/gif
last-modified: Mon, 30 Sep 2024 23:28:24 GMT
server: nginx
access-control-allow-headers: X-Requested-With, Content-Type

GET
H/1.1 200
OK favicon.ico
benefits-authority.com/ 4 KB
0 0ms
0ms Other
image/x-icon 69.172.201.115
DOSARREST

General

Check archive.org

Show headers Download Go to

Full URL

https://benefits-authority.com/favicon.ico

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

69.172.201.115 , Canada, ASN19324 (DOSARREST, US),

Reverse DNS

Software

nginx/1.20.2 / ASP.NET

Resource Hash

3d10f7da6c603178340081668c4ac5b3ae9743ca9a262ab0fcd312fbb9f48bdd

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://benefits-authority.com/?mbi=1606463709

Response headers

X-Powered-By: ASP.NET
ETag: "25e9dfe3d35dda1:0"
X-DIS-Request-ID: fe716c3da24c15c7e8ef6dd57ee4e1b0
Accept-Ranges: bytes
Content-Length: 3870
Date: Mon, 30 Sep 2024 23:28:23 GMT
Content-Type: image/x-icon
Last-Modified: Mon, 12 Feb 2024 16:52:40 GMT
Server: nginx/1.20.2
X-Frame-Options: SAMEORIGIN

GET
H2 200 hub
api.pushnami.com/scripts/v1/ Frame D4CF 0
0 170ms
29ms Document
text/html 18.164.124.56
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.pushnami.com/scripts/v1/hub

Requested by

Host: api.pushnami.com
URL: https://api.pushnami.com/scripts/v1/pushnami-adv/662a836a473fc40013e65c89

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.164.124.56 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-164-124-56.jfk50.r.cloudfront.net

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-inline' *
X-Content-Security-Policy	default-src 'unsafe-inline' *

Request headers

Referer: https://benefits-authority.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: X-Requested-With
access-control-allow-methods: GET,PUT,POST,DELETE
access-control-allow-origin: *
age: 3129
cache-control: no-cache
content-encoding: gzip
content-security-policy: default-src 'unsafe-inline' *
content-type: text/html; charset=utf-8
date: Mon, 30 Sep 2024 22:36:15 GMT
vary: accept-encoding
via: 1.1 a1128ada13f2f3694bc79e73c9d5598e.cloudfront.net (CloudFront)
x-amz-cf-id: erLFGj_eAnL6JNSboceZEcxETCZhHBEhzuwdl2p4_MU5FkkgSwFWkQ==
x-amz-cf-pop: JFK50-P7
x-cache: Hit from cloudfront
x-content-security-policy: default-src 'unsafe-inline' *
x-webkit-csp: default-src 'unsafe-inline' *

POST
H2 200 track Show response
trc.pushnami.com/api/push/ 2 B
168 B 72ms
70ms Fetch
text/html 34.238.77.248
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.pushnami.com/api/push/track
Requested by: Host: api.pushnami.com
URL: https://api.pushnami.com/scripts/v1/pushnami-adv/662a836a473fc40013e65c89
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.238.77.248 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-238-77-248.compute-1.amazonaws.com
Software: /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

key: 662a836a473fc40013e65c89
Referer: https://benefits-authority.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
accept: application/json, text/plain, */*
content-type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: *
access-control-expose-headers: WWW-Authenticate,Server-Authorization
content-length: 2
cache-control: no-cache
date: Mon, 30 Sep 2024 23:28:24 GMT
content-type: text/html; charset=utf-8

OPTIONS
H2 204 track
trc.pushnami.com/api/push/ Frame 0
0 267ms
44ms Preflight 34.238.77.248
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.pushnami.com/api/push/track
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.238.77.248 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-238-77-248.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: key
Access-Control-Request-Method: POST
Origin: https://benefits-authority.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: Accept,Authorization,Content-Type,If-None-Match,key
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-expose-headers: WWW-Authenticate,Server-Authorization
access-control-max-age: 86400
cache-control: no-cache
date: Mon, 30 Sep 2024 23:28:24 GMT

POST
H2 200 GenerateToken Show response
create.leadid.com/2.15.0/ 36 B
658 B 233ms
96ms XHR
text/plain 54.87.203.20
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://create.leadid.com/2.15.0/GenerateToken?msn=1&pid=05f68778-d291-4083-ad52-5f8c6df01e39&_=73836610

Requested by

Host: create.lidstatic.com
URL: https://create.lidstatic.com/campaign/d2fb0ec8-1e8c-a402-e4ac-9205fe98f622.js?snippet_version=2&callback=setUniversalLeadId

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.87.203.20 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-87-203-20.compute-1.amazonaws.com

Software

nginx /

Resource Hash

057057d6d5208dd0c9b5ee5ab685469f28360b098ba911f22de66ad6696fe5ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-type: application/x-www-form-urlencoded
Referer: https://benefits-authority.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-max-age: 1728000
cache-control: no-cache, must-revalidate
content-encoding: gzip
expires: Sat, 26 Jul 1997 05:00:00 GMT
access-control-allow-origin: *
date: Mon, 30 Sep 2024 23:28:24 GMT
content-type: text/plain;charset=UTF-8
server: nginx
access-control-allow-headers: X-Requested-With, Content-Type

OPTIONS
H2 204 psp
psp.pushnami.com/api/ Frame 0
0 267ms
136ms Preflight 18.235.73.24
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://psp.pushnami.com/api/psp
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.235.73.24 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-235-73-24.compute-1.amazonaws.com
Software: / Express
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: key
Access-Control-Request-Method: POST
Origin: https://benefits-authority.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: key
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: *
date: Mon, 30 Sep 2024 23:28:24 GMT
vary: Access-Control-Request-Headers
x-powered-by: Express

POST
H2 200 psp Show response
psp.pushnami.com/api/ 2 B
152 B 64ms
63ms Fetch
text/html 18.235.73.24
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://psp.pushnami.com/api/psp
Requested by: Host: api.pushnami.com
URL: https://api.pushnami.com/scripts/v1/pushnami-adv/662a836a473fc40013e65c89
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.235.73.24 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-235-73-24.compute-1.amazonaws.com
Software: / Express
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

key: 662a836a473fc40013e65c89
Referer: https://benefits-authority.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
accept: application/json, text/plain, */*
content-type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: *
content-length: 2
date: Mon, 30 Sep 2024 23:28:24 GMT
etag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
content-type: text/html; charset=utf-8
x-powered-by: Express

GET
H/1.1 200
OK iframe.html
d2m2wsoho8qq12.cloudfront.net/ Frame 0B96 0
0 237ms
71ms Document
text/html 3.168.96.38
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://d2m2wsoho8qq12.cloudfront.net/iframe.html?token=9D5DB41B-92FE-3945-2DBF-078D5E058CD5&apiurl=https%3A%2F%2Fcreate.leadid.com%2F2.15.0&lck=D2FB0EC8-1E8C-A402-E4AC-9205FE98F622&lac=4B1F5928-2127-08FA-4EA5-F0DB210F6AAE

Requested by

Host: create.lidstatic.com
URL: https://create.lidstatic.com/campaign/d2fb0ec8-1e8c-a402-e4ac-9205fe98f622.js?snippet_version=2&callback=setUniversalLeadId

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

3.168.96.38 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-3-168-96-38.jfk52.r.cloudfront.net

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://benefits-authority.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Headers: *
Access-Control-Allow-Origin: *
Age: 53883
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html
Date: Mon, 30 Sep 2024 08:30:21 GMT
Etag: W/"668f4bcd-dbb"
Last-Modified: Thu, 11 Jul 2024 03:04:45 GMT
Server: nginx
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Transfer-Encoding: chunked
Via: 1.1 55c4f7128709ec1132b875a94abd9a88.cloudfront.net (CloudFront)
X-Amz-Cf-Id: 9BVdkLnDEY9xZAe0zNqO-7l-YHHKTCpIc00WeCLGFMcEm5u6OSPl-A==
X-Amz-Cf-Pop: JFK52-P6
X-Cache: Hit from cloudfront

POST
H2 200 SaveDom Show response
create.leadid.com/2.15.0/ 0
621 B 95ms
94ms XHR
text/plain 54.87.203.20
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://create.leadid.com/2.15.0/SaveDom?msn=2&pid=05f68778-d291-4083-ad52-5f8c6df01e39&token=9D5DB41B-92FE-3945-2DBF-078D5E058CD5&_=73836611

Requested by

Host: create.lidstatic.com
URL: https://create.lidstatic.com/campaign/d2fb0ec8-1e8c-a402-e4ac-9205fe98f622.js?snippet_version=2&callback=setUniversalLeadId

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.87.203.20 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-87-203-20.compute-1.amazonaws.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-type: application/x-www-form-urlencoded
Referer: https://benefits-authority.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-max-age: 1728000
cache-control: no-cache, must-revalidate
content-encoding: gzip
expires: Sat, 26 Jul 1997 05:00:00 GMT
access-control-allow-origin: *
date: Mon, 30 Sep 2024 23:28:24 GMT
content-type: text/plain;charset=UTF-8
server: nginx
access-control-allow-headers: X-Requested-With, Content-Type

POST
H2 200 InitFormData Show response
create.leadid.com/2.15.0/ 0
622 B 35ms
33ms XHR
text/plain 54.87.203.20
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://create.leadid.com/2.15.0/InitFormData?msn=3&pid=05f68778-d291-4083-ad52-5f8c6df01e39&token=9D5DB41B-92FE-3945-2DBF-078D5E058CD5&_=73836612

Requested by

Host: create.lidstatic.com
URL: https://create.lidstatic.com/campaign/d2fb0ec8-1e8c-a402-e4ac-9205fe98f622.js?snippet_version=2&callback=setUniversalLeadId

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.87.203.20 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-87-203-20.compute-1.amazonaws.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-type: application/x-www-form-urlencoded
Referer: https://benefits-authority.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-max-age: 1728000
cache-control: no-cache, must-revalidate
content-encoding: gzip
expires: Sat, 26 Jul 1997 05:00:00 GMT
access-control-allow-origin: *
date: Mon, 30 Sep 2024 23:28:24 GMT
content-type: text/plain;charset=UTF-8
server: nginx
access-control-allow-headers: X-Requested-With, Content-Type

POST
H2 200 Snap Show response
create.leadid.com/2.15.0/ 0
622 B 100ms
69ms XHR
text/plain 54.87.203.20
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://create.leadid.com/2.15.0/Snap?msn=4&pid=05f68778-d291-4083-ad52-5f8c6df01e39&token=9D5DB41B-92FE-3945-2DBF-078D5E058CD5&_=73836613

Requested by

Host: create.lidstatic.com
URL: https://create.lidstatic.com/campaign/d2fb0ec8-1e8c-a402-e4ac-9205fe98f622.js?snippet_version=2&callback=setUniversalLeadId

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.87.203.20 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-87-203-20.compute-1.amazonaws.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-type: application/x-www-form-urlencoded
Referer: https://benefits-authority.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-max-age: 1728000
cache-control: no-cache, must-revalidate
content-encoding: gzip
expires: Sat, 26 Jul 1997 05:00:00 GMT
access-control-allow-origin: *
date: Mon, 30 Sep 2024 23:28:25 GMT
content-type: text/plain;charset=UTF-8
server: nginx
access-control-allow-headers: X-Requested-With, Content-Type

Verdicts & Comments Add Verdict or Comment

19 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

18 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
purelymandy.com/	1970-01-21 00:38:50	Name: uid45 Value: 1433321564-20240930192819-661ad68fbf1737861b94d89283d7c15c-
1ibeg.suggestedspins.com/	1970-01-20 23:55:46	Name: yredir_session Value: eyJpdiI6IkVuaG1sVlY5V25FcEJ5NGhLQyt3UEE9PSIsInZhbHVlIjoiUkJGQThPQjFBT0hycjdVNVhVRDRYNUVxa2NTZjBuUjBSQjBGbnFLYytRZ1hKei9kZjlsV3lONmNrSk5kVy9Laktmc2xoMWVhTWlzV0M5VkNYLzZnaDRaZVh3cURDSERqUVNOV3BaMFBOMXJpL0UrTkliZCtuY3NVdFhha0lHMTgiLCJtYWMiOiI5NGYzOWQ2YTlmOTVjOGVmYTViZjVjY2Q3MTk3YWRjM2MyNWY2YjNhM2U1MmM1MjUxNTNkMGYyZGUxNWU4YjU3IiwidGFnIjoiIn0%3D
1ibeg.spinningfastloop.com/	1970-01-20 23:55:46	Name: yredir_session Value: eyJpdiI6Ik9oSkpNU1J6R1RSRTlueDJFTUh2Rnc9PSIsInZhbHVlIjoiRk9oc2RraVBVcGZ6azQ3SjZuN2hJZUtndklYQm4xdFowdTY3QnF4TmFucmRPcFN6QkEyUjZrK1M2L2pOZkdPS25UWnhIcUFpbVVMY0c2VG54SHVkc0pQMElsb3VBKzRpeXRQVmJRMGJDQmxid1luRXlaUjdzcXNmTVpkbGEyR3EiLCJtYWMiOiI1MzE4OTMxNDJmOTIxYmQzMjM5OWEwZWM1YmZmYjU3YTRhY2NjYjI1ZGI1ZWUyNGNmZWI5N2Q0NmFhOGQ2OWIyIiwidGFnIjoiIn0%3D
www.dpvyw6trk.com/	1970-01-21 00:38:50	Name: uniqueClick_QT9RR8R Value: c356c1ef-63f2-4f92-bd8e-13eac4e76203:1727738902
www.dpvyw6trk.com/	1970-01-21 02:05:14	Name: transaction_id Value: 6a608168951b42749284bfd0d482050c
afflat3d3.com/	1970-01-21 01:21:48	Name: mb_26996_SS Value: AF=574293&AC=1606463709&CS=1607038002
afflat3d3.com/	1970-01-21 09:31:38	Name: I_SS Value: 1606463709
afflat3d3.com/	1970-01-21 09:31:38	Name: I Value: 1606463709
afflat3d3.com/	1970-01-21 01:20:56	Name: mb%5F26996 Value: AC=1606463709&CS=1607038002&AF=574293
afflat3d3.com/	1969-12-31 23:59:59	Name: ASPSESSIONIDCWDTTBSS Value: BPAHNCJBPNFKFOOOJOEFHFPB
benefits-authority.com/	1970-01-21 09:31:38	Name: mbi Value: 1606463709
benefits-authority.com/	1970-01-21 09:31:38	Name: avtc Value: 046735c231e9fdd407ad3542d66f1786
benefits-authority.com/	1970-01-21 09:31:38	Name: avtset Value: 22-192
benefits-authority.com/	1969-12-31 23:59:59	Name: leadid_token-4B1F5928-2127-08FA-4EA5-F0DB210F6AAE-D2FB0EC8-1E8C-A402-E4AC-9205FE98F622 Value: 9D5DB41B-92FE-3945-2DBF-078D5E058CD5
.trueleadid.com/	1970-01-21 08:40:25	Name: visid_incap_3051494 Value: AUk9c07hQUarViaKjnWp8Bk0+2YAAAAAQUIPAAAAAAAy51f6uEFqwQlTtyhg41k0
.trueleadid.com/	1969-12-31 23:59:59	Name: nlbi_3051494 Value: MCb+Zse0VhW2eagEC30iGwAAAADUm+0Mz9HEvfL79QHMm0xD
.trueleadid.com/	1969-12-31 23:59:59	Name: incap_ses_1842_3051494 Value: 8dt4cYHgUkBtFpyabhmQGRk0+2YAAAAA/Mrn2e/23bzcR81ns2z8zQ==
.deviceid.trueleadid.com/	1970-01-21 09:31:38	Name: uuid Value: 0531d50fbc294bfb97794fff2fb4cdd7

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	error	URL: https://benefits-authority.com/?mbi=1606463709# Message: Chrome currently does not support the Push API in incognito mode (https://crbug.com/401439). There is deliberately no way to feature-detect this, since incognito mode needs to be undetectable by websites.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1ibeg.spinningfastloop.com
1ibeg.suggestedspins.com
afflat3d3.com
api.pushnami.com
av-api.com
benefits-authority.com
create.leadid.com
create.lidstatic.com
d2m2wsoho8qq12.cloudfront.net
i.imgur.com
omrexchtest.omr.state.ny.us
psp.pushnami.com
purelymandy.com
trc.pushnami.com
www.dpvyw6trk.com
18.164.124.33
18.164.124.56
18.235.73.24
199.232.192.193
2606:4700:10::6816:26b6
3.168.96.38
34.238.77.248
35.190.6.55
45.147.195.6
54.87.203.20
62.210.7.109
69.172.200.185
69.172.201.115
91.234.34.44
057057d6d5208dd0c9b5ee5ab685469f28360b098ba911f22de66ad6696fe5ba
14b075d2831615d4fb62e8b8271b62ed622ba8d36e51797d6df9ebbc95f96b58
3d10f7da6c603178340081668c4ac5b3ae9743ca9a262ab0fcd312fbb9f48bdd
42f373b869a5f0a9438bac0f1866aad195a0ec3cf9be60a7036955499e5620a9
4b10ba9cbef05a78cee2d4a7929ca17601e5a548950222485a0d3210b843d74e
5051e2fb2fe91fdd7d5b32f1881c16a58b4dbd92a17a46c86d9d0bea5cb3e0b0
55f9cdccf0f273c81029326fe8350586bb752c6182ad640789c1296330fd3c7f
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
5a5c6180144fef4a91d48f06d56d156f26fc37fa01ab07015ca7724dfb25920a
5f1adb90a1acc45fd824b3a042617a48228fde56c778b5c4d7d9f0c3275dfc79
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
c02cb664f7b0323b2d7a5a5b4766f58466c22b62361a62b95b0471cc8330c5a6
dd30f9294822c6d5c32e8fc4e4de069194ad4b9ca958d9f9265d321fc4aa3e44
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f99e785b0abda784b68fcf4840fbe98909760620f12002087f1af4b874971333

benefits-authority.com Open in urlscan Pro 69.172.201.115 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

24 Requests

100 %HTTPS

7 %IPv6

13 Domains

15 Subdomains

11 IPs

5 Countries

1061 kBTransfer

2475 kBSize

18 Cookies

0 Outgoing links

Page URL History

Redirected requests

24 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

19 JavaScript Global Variables

18 Cookies

1 Console Messages

Indicators

benefits-authority.com Open in urlscan Pro
69.172.201.115 Public Scan

Screenshot
Live screenshot

Full Image

24
Requests

100 %
HTTPS

7 %
IPv6

13
Domains

15
Subdomains

11
IPs

5
Countries

1061 kB
Transfer

2475 kB
Size

18
Cookies

24 HTTP transactions
0 data transactions