benefits-authority.com Open in urlscan Pro
69.172.201.115 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://dash.creditcreditrepair.com/
Effective URL:
https://benefits-authority.com/?mbi=1583577160
Submission: On August 30 via automatic, source certstream-suspicious (August 30th 2024, 3:18:50 pm UTC) — Scanned from US

Summary HTTP 37 Redirects Behaviour Indicators

Summary

This website contacted 15 IPs in 2 countries across 12 domains to perform 37 HTTP transactions. The main IP is 69.172.201.115, located in Canada and belongs to DOSARREST, US. The main domain is benefits-authority.com.
TLS certificate: Issued by R11 on July 25th 2024. Valid for: 3 months.

This is the only time benefits-authority.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
4	104.247.81.53 104.247.81.53	206834 (TEAMINTER...) (TEAMINTERNET-CA-AS)
1	2600:9000:220... 2600:9000:2209:c800:1d:4618:5c80:21	16509 (AMAZON-02) (AMAZON-02)
1 2	34.227.255.228 34.227.255.228	14618 (AMAZON-AES) (AMAZON-AES)
2	18.208.62.125 18.208.62.125	14618 (AMAZON-AES) (AMAZON-AES)
2 4	69.172.200.185 69.172.200.185	19324 (DOSARREST) (DOSARREST)
7	69.172.201.115 69.172.201.115	19324 (DOSARREST) (DOSARREST)
1	199.232.192.193 199.232.192.193	54113 (FASTLY) (FASTLY)
1	2606:4700:10:... 2606:4700:10::6816:26b6	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	18.164.124.65 18.164.124.65	16509 (AMAZON-02) (AMAZON-02)
6	44.207.126.79 44.207.126.79	14618 (AMAZON-AES) (AMAZON-AES)
2	108.139.47.113 108.139.47.113	16509 (AMAZON-02) (AMAZON-02)
3	23.20.32.71 23.20.32.71	14618 (AMAZON-AES) (AMAZON-AES)
1	18.164.115.36 18.164.115.36	16509 (AMAZON-02) (AMAZON-02)
2	100.25.224.72 100.25.224.72	() ()
37	15

4 104.247.81.53 (Canada)

ASN206834 (TEAMINTERNET-CA-AS, DE)

dash.creditcreditrepair.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2209:c800:1d:4618:5c80:21 (United States)

ASN16509 (AMAZON-02, US)

d38psrni17bvxu.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.227.255.228 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-227-255-228.compute-1.amazonaws.com

heimi-lwx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
bhask-bbh.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.208.62.125 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-208-62-125.compute-1.amazonaws.com

scided-mington.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 69.172.200.185 (Canada) 2 redirects

ASN19324 (DOSARREST, US)
PTR: maxbounty.com

afflat3a1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
av-api.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 69.172.201.115 (Canada)

ASN19324 (DOSARREST, US)

benefits-authority.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.232.192.193 (United States)

ASN54113 (FASTLY, US)

i.imgur.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6816:26b6 (United States)

ASN13335 (CLOUDFLARENET, US)

create.lidstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.164.124.65 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-164-124-65.jfk50.r.cloudfront.net

api.pushnami.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 44.207.126.79 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-207-126-79.compute-1.amazonaws.com

create.leadid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 108.139.47.113 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-139-47-113.jfk50.r.cloudfront.net

cdn.pushnami.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.20.32.71 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-23-20-32-71.compute-1.amazonaws.com

trc.pushnami.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.164.115.36 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-164-115-36.jfk50.r.cloudfront.net

d2m2wsoho8qq12.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 100.25.224.72 (None, )

ASN- ()

psp.pushnami.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	pushnami.com api.pushnami.com — Cisco Umbrella Rank: 7428 cdn.pushnami.com — Cisco Umbrella Rank: 21693 trc.pushnami.com — Cisco Umbrella Rank: 7212 psp.pushnami.com Failed	369 KB
7	benefits-authority.com benefits-authority.com	549 KB
6	leadid.com create.leadid.com — Cisco Umbrella Rank: 20067	4 KB
4	creditcreditrepair.com dash.creditcreditrepair.com	4 KB
2	av-api.com av-api.com	39 KB
2	afflat3a1.com 2 redirects afflat3a1.com — Cisco Umbrella Rank: 304541	1 KB
2	scided-mington.com scided-mington.com	2 KB
2	cloudfront.net d38psrni17bvxu.cloudfront.net d2m2wsoho8qq12.cloudfront.net	1 KB
1	lidstatic.com create.lidstatic.com — Cisco Umbrella Rank: 32125	39 KB
1	imgur.com i.imgur.com — Cisco Umbrella Rank: 7108	411 KB
1	bhask-bbh.com 1 redirects bhask-bbh.com	578 B
1	heimi-lwx.com heimi-lwx.com — Cisco Umbrella Rank: 312066	3 KB
37	12

	Domain	Requested by
7	benefits-authority.com	scided-mington.com benefits-authority.com
6	create.leadid.com	create.lidstatic.com
4	dash.creditcreditrepair.com	d38psrni17bvxu.cloudfront.net dash.creditcreditrepair.com
3	trc.pushnami.com	api.pushnami.com
2	psp.pushnami.com	cdn.pushnami.com api.pushnami.com
2	cdn.pushnami.com	api.pushnami.com
2	api.pushnami.com	benefits-authority.com api.pushnami.com
2	av-api.com	benefits-authority.com
2	afflat3a1.com	2 redirects
2	scided-mington.com	heimi-lwx.com scided-mington.com
1	d2m2wsoho8qq12.cloudfront.net	create.lidstatic.com
1	create.lidstatic.com	benefits-authority.com
1	i.imgur.com
1	bhask-bbh.com	1 redirects
1	heimi-lwx.com	dash.creditcreditrepair.com
1	d38psrni17bvxu.cloudfront.net	dash.creditcreditrepair.com
37	16

This site contains no links.

Subject Issuer	Validity	Valid
dash.creditcreditrepair.com R10	`2024-08-30` - `2024-11-28`	3 months	crt.sh
*.cloudfront.net Amazon RSA 2048 M01	`2024-07-30` - `2025-07-03`	a year	crt.sh
zeropark.com Amazon RSA 2048 M02	`2024-06-11` - `2025-07-09`	a year	crt.sh
scided-mington.com R11	`2024-07-05` - `2024-10-03`	3 months	crt.sh
championautoinsurance.com R11	`2024-07-25` - `2024-10-23`	3 months	crt.sh
av-api.com R10	`2024-08-19` - `2024-11-17`	3 months	crt.sh
*.imgur.com Sectigo RSA Domain Validation Secure Server CA	`2024-02-15` - `2025-02-14`	a year	crt.sh
lidstatic.com E6	`2024-07-23` - `2024-10-21`	3 months	crt.sh
*.pushnami.com Amazon RSA 2048 M02	`2024-02-03` - `2025-03-03`	a year	crt.sh
create.leadid.com Amazon RSA 2048 M03	`2024-07-20` - `2025-08-18`	a year	crt.sh

This page contains 3 frames:

Primary Page: https://benefits-authority.com/?mbi=1583577160
Frame ID: 3E0B84873B77E83B7FFA6F6C1A858E6B
Requests: 32 HTTP requests in this frame

Frame: https://api.pushnami.com/scripts/v1/hub
Frame ID: FD4E334FA9302326DCE490EA7709933E
Requests: 1 HTTP requests in this frame

Frame: https://d2m2wsoho8qq12.cloudfront.net/iframe.html?token=1D33424B-D825-F3A0-CC67-13AF42E4C563&apiurl=https%3A%2F%2Fcreate.leadid.com%2F2.15.0&lck=D2FB0EC8-1E8C-A402-E4AC-9205FE98F622&lac=4B1F5928-2127-08FA-4EA5-F0DB210F6AAE
Frame ID: 19C940AFDC880F33ED4AD9D292A3A57D
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Benefits Authority 2

Page URL History Show full URLs

https://dash.creditcreditrepair.com/ Page URL
http://heimi-lwx.com/zclkvisitor/2492e233-66e3-11ef-ae16-0affd6cbb9c1/85aefdc2-9ed0-48aa-922d-60f... HTTP 307
https://heimi-lwx.com/zclkvisitor/2492e233-66e3-11ef-ae16-0affd6cbb9c1/85aefdc2-9ed0-48aa-922d-60f... Page URL
https://bhask-bbh.com/zclkredirect?visitid=2492e233-66e3-11ef-ae16-0affd6cbb9c1&type=js&browserWid... HTTP 302
https://scided-mington.com/zp-redirect?target=https%3A%2F%2Fafflat3a1.com%2Flnk.asp%3Fo%3D22600%26c%3D9... Page URL
https://scided-mington.com/redirect?target=BASE64aHR0cHM6Ly9hZmZsYXQzYTEuY29tL2xuay5hc3A_bz0yMjYwMCZjPT... Page URL
https://afflat3a1.com/lnk.asp?o=22600&c=918277&a=299463&k=74BF8EDE667EC69FDE0FB052377BCFE4&l=23434... HTTP 302
https://afflat3a1.com/lnk.asp?o=26996&a=299463&c=7777777&r=1&s1=66cd4f9e-9e05-4be0-a764-6381b7b557... HTTP 302
https://benefits-authority.com/?mbi=1583577160 Page URL

Detected technologies

Pushnami (Marketing automation) Expand

Overall confidence: 100%
Detected patterns

api\.pushnami\.com

Page Statistics

37
Requests

92 %
HTTPS

14 %
IPv6

12
Domains

16
Subdomains

15
IPs

2
Countries

1422 kB
Transfer

2869 kB
Size

15
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://dash.creditcreditrepair.com/ Page URL
http://heimi-lwx.com/zclkvisitor/2492e233-66e3-11ef-ae16-0affd6cbb9c1/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=c6b27e10-bdff-11ed-b891-12beee04f19b HTTP 307
https://heimi-lwx.com/zclkvisitor/2492e233-66e3-11ef-ae16-0affd6cbb9c1/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=c6b27e10-bdff-11ed-b891-12beee04f19b Page URL
https://bhask-bbh.com/zclkredirect?visitid=2492e233-66e3-11ef-ae16-0affd6cbb9c1&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false&webdriverDetected=false&gpu=Intel%20Inc.%3B%20Intel%20Iris%20OpenGL%20Engine&timezone=UTC-10%3A00&timezoneName=Pacific%2FHonolulu HTTP 302
https://scided-mington.com/zp-redirect?target=https%3A%2F%2Fafflat3a1.com%2Flnk.asp%3Fo%3D22600%26c%3D918277%26a%3D299463%26k%3D74BF8EDE667EC69FDE0FB052377BCFE4%26l%3D23434%26s1%3D66cd4f9e-9e05-4be0-a764-6381b7b557b5%26s2%3Dw65u89qhva34nnq3378kn9cq&caid=66cd4f9e-9e05-4be0-a764-6381b7b557b5&zpid=2492e233-66e3-11ef-ae16-0affd6cbb9c1&cid=w65u89qhva34nnq3378kn9cq&rt=DJ&ts=1725031124718&hash=HzsFMQ7Qm1Yg0nmQQqZqZYftO39dnoDiS9B7Yu2_fCM Page URL
https://scided-mington.com/redirect?target=BASE64aHR0cHM6Ly9hZmZsYXQzYTEuY29tL2xuay5hc3A_bz0yMjYwMCZjPTkxODI3NyZhPTI5OTQ2MyZrPTc0QkY4RURFNjY3RUM2OUZERTBGQjA1MjM3N0JDRkU0Jmw9MjM0MzQmczE9NjZjZDRmOWUtOWUwNS00YmUwLWE3NjQtNjM4MWI3YjU1N2I1JnMyPXc2NXU4OXFodmEzNG5ucTMzNzhrbjljcQ&ts=1725031124927&hash=MP2WTs0edjBYjZTC7DOLBRqX5q8eI472NChewbnUUVk&rm=DJ Page URL
https://afflat3a1.com/lnk.asp?o=22600&c=918277&a=299463&k=74BF8EDE667EC69FDE0FB052377BCFE4&l=23434&s1=66cd4f9e-9e05-4be0-a764-6381b7b557b5&s2=w65u89qhva34nnq3378kn9cq HTTP 302
https://afflat3a1.com/lnk.asp?o=26996&a=299463&c=7777777&r=1&s1=66cd4f9e-9e05-4be0-a764-6381b7b557b5&s2=w65u89qhva34nnq3378kn9cq HTTP 302
https://benefits-authority.com/?mbi=1583577160 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 5

http://heimi-lwx.com/zclkvisitor/2492e233-66e3-11ef-ae16-0affd6cbb9c1/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=c6b27e10-bdff-11ed-b891-12beee04f19b HTTP 307
https://heimi-lwx.com/zclkvisitor/2492e233-66e3-11ef-ae16-0affd6cbb9c1/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=c6b27e10-bdff-11ed-b891-12beee04f19b

Request Chain 6

https://bhask-bbh.com/zclkredirect?visitid=2492e233-66e3-11ef-ae16-0affd6cbb9c1&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false&webdriverDetected=false&gpu=Intel%20Inc.%3B%20Intel%20Iris%20OpenGL%20Engine&timezone=UTC-10%3A00&timezoneName=Pacific%2FHonolulu HTTP 302
https://scided-mington.com/zp-redirect?target=https%3A%2F%2Fafflat3a1.com%2Flnk.asp%3Fo%3D22600%26c%3D918277%26a%3D299463%26k%3D74BF8EDE667EC69FDE0FB052377BCFE4%26l%3D23434%26s1%3D66cd4f9e-9e05-4be0-a764-6381b7b557b5%26s2%3Dw65u89qhva34nnq3378kn9cq&caid=66cd4f9e-9e05-4be0-a764-6381b7b557b5&zpid=2492e233-66e3-11ef-ae16-0affd6cbb9c1&cid=w65u89qhva34nnq3378kn9cq&rt=DJ&ts=1725031124718&hash=HzsFMQ7Qm1Yg0nmQQqZqZYftO39dnoDiS9B7Yu2_fCM

37 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK / Show response
dash.creditcreditrepair.com/ 2 KB
2 KB 682ms
334ms Document
text/html 104.247.81.53
TEAMINTERNET-CA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://dash.creditcreditrepair.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 104.247.81.53 , Canada, ASN206834 (TEAMINTERNET-CA-AS, DE),
Reverse DNS
Software: nginx /
Resource Hash: 3204af58394f17cc8b253bc91be25989b10151be493bb712a93a930d57d7177b

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Accept-Ch: viewport-width dpr device-memory rtt downlink ect ua ua-full-version ua-platform ua-platform-version ua-arch ua-model ua-mobile
Accept-Ch-Lifetime: 30
Content-Encoding: gzip
Content-Length: 1355
Content-Type: text/html; charset=UTF-8
Date: Fri, 30 Aug 2024 15:18:43 GMT
Server: nginx
Vary: Accept-Encoding
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_Um7QvTs/4/gLYbWe3NOdg0LsQBytQ+PRpVFaZv/tNCCIeZkFgqabLYmLwgIXEGiMcv/L1H22qnRdpb2qNywR4A==
X-Buckets: bucket105,bucket077
X-Domain: creditcreditrepair.com
X-Language: english
X-Redirect: zeropark_zeroclick
X-Subdomain: dash
X-Template: tpl_CleanPeppermintBlack_twoclick

GET
H2 200 js3.js Show response
d38psrni17bvxu.cloudfront.net/scripts/ 1 KB
1 KB 173ms
30ms Script
application/javascript 2600:9000:2209:c800:1d:4618:5c80:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d38psrni17bvxu.cloudfront.net/scripts/js3.js
Requested by: Host: dash.creditcreditrepair.com
URL: https://dash.creditcreditrepair.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2209:c800:1d:4618:5c80:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 036c94653e84e6078c087abeb3ac8804491d27b27938839ae3df42b31e2238d9

Request headers

Referer: https://dash.creditcreditrepair.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 29 Aug 2024 18:06:53 GMT
via: 1.1 99b519fb7ca87e7fd6040aacb1160452.cloudfront.net (CloudFront)
last-modified: Thu, 21 Mar 2024 11:48:11 GMT
server: nginx
x-amz-cf-pop: EWR53-P1
age: 76310
etag: "65fc1e7b-448"
x-cache: Hit from cloudfront
content-type: application/javascript
accept-ranges: bytes
content-length: 1096
x-amz-cf-id: dE-tcvxCGkvicRX8M58IlSW_hNG42M7jwetHI1MJjJ47-KI8lQ24rA==

GET
H/1.1 200
OK track.php Show response
dash.creditcreditrepair.com/ 0
565 B 70ms
70ms XHR
text/html 104.247.81.53
TEAMINTERNET-CA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://dash.creditcreditrepair.com/track.php?domain=creditcreditrepair.com&toggle=browserjs&uid=MTcyNTAzMTEyMi44MjY0OjljNDFjZWUzMTRlNzZlNjM5N2RjNjM1MDM0M2Q2NzdjMjk1ODI1NjhjODcxYmMwMjQ1ZmE5MWU5NjFjOTU3ZWY6NjZkMWUyZDJjOWMwNQ%3D%3D
Requested by: Host: d38psrni17bvxu.cloudfront.net
URL: https://d38psrni17bvxu.cloudfront.net/scripts/js3.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 104.247.81.53 , Canada, ASN206834 (TEAMINTERNET-CA-AS, DE),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

device-memory: 8
rtt: 200
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
viewport-width: 1600
Referer: https://dash.creditcreditrepair.com/
dpr: 1
downlink: 10
ect: 4g

Response headers

Date: Fri, 30 Aug 2024 15:18:43 GMT
Content-Encoding: gzip
Accept-Ch: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Server: nginx
X-Custom-Track: browserjs
Vary: Accept-Encoding
Accept-Ch-Lifetime: 30
Content-Type: text/html; charset=UTF-8
Access-Control-Allow-Origin: *
Content-Length: 20

GET
H/1.1 201
Created ls.php
dash.creditcreditrepair.com/ 16 B
863 B 87ms
87ms XHR
text/javascript 104.247.81.53
TEAMINTERNET-CA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://dash.creditcreditrepair.com/ls.php?t=66d1e2d3&token=187b2c63434349ca3139a6e747529a535895a34c
Requested by: Host: dash.creditcreditrepair.com
URL: https://dash.creditcreditrepair.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 104.247.81.53 , Canada, ASN206834 (TEAMINTERNET-CA-AS, DE),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

device-memory: 8
rtt: 200
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
viewport-width: 1600
Referer: https://dash.creditcreditrepair.com/
dpr: 1
downlink: 10
ect: 4g

Response headers

Date: Fri, 30 Aug 2024 15:18:43 GMT
Accept-Ch: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Server: nginx
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: POST, OPTIONS
Content-Type: text/javascript;charset=UTF-8
Access-Control-Allow-Origin
Accept-Ch-Lifetime: 30
Charset: utf-8
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_CBRoDDCAkryb8KWncX3l1jOOtT2g6EqAUQRO1ZLx8ygP/zOsPbk8TyLQsE2pybEIhlXrvOqaI700YIqm2znbUw==
X-Log-Success: 66d1e2d3cb965ee51f043480
Content-Length: 16

GET
H/1.1 200
OK track.php
dash.creditcreditrepair.com/ 0
580 B 157ms
72ms XHR
text/html 104.247.81.53
TEAMINTERNET-CA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://dash.creditcreditrepair.com/track.php?click=9efdcc9d75c530d1a40c844ef4a2aa77a65e6732&domain=creditcreditrepair.com&uid=MTcyNTAzMTEyMi44MjY0OjljNDFjZWUzMTRlNzZlNjM5N2RjNjM1MDM0M2Q2NzdjMjk1ODI1NjhjODcxYmMwMjQ1ZmE5MWU5NjFjOTU3ZWY6NjZkMWUyZDJjOWMwNQ%3D%3D&ts=fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQxMDUsYnVja2V0MDc3fHx8fHx8NjZkMWUyZDJjOWI4Y3x8fDE3MjUwMzExMjMuMDc4M3xiMTI0ODk4ZWZhYzZkYWE2ZWU2YjQxNjlhOWY1N2IzYTNkNTEyZWQ3fHx8fHwxfHwwfDB8fHx8MXx8fHx8MHwwfHx8fHx8fHx8fDB8MHx8MHx8fDB8MHxXMTA9fHwxfFcxMD18MTg3YjJjNjM0MzQzNDljYTMxMzlhNmU3NDc1MjlhNTM1ODk1YTM0Y3wwfHwwfDB8fHw%3D&kw=&search=&pcat=&bucket=&clientID=&adtest=off
Requested by: Host: d38psrni17bvxu.cloudfront.net
URL: https://d38psrni17bvxu.cloudfront.net/scripts/js3.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 104.247.81.53 , Canada, ASN206834 (TEAMINTERNET-CA-AS, DE),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

device-memory: 8
rtt: 200
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
viewport-width: 1600
Referer: https://dash.creditcreditrepair.com/
dpr: 1
downlink: 10
ect: 4g

Response headers

Date: Fri, 30 Aug 2024 15:18:43 GMT
Content-Encoding: gzip
Accept-Ch: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Server: nginx
X-Custom-Track: none
Vary: Accept-Encoding
Accept-Ch-Lifetime: 30
Content-Type: text/html; charset=UTF-8
Access-Control-Allow-Origin: *
X-View-Match: true
Content-Length: 20

GET
H2

200

85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d Show response
heimi-lwx.com/zclkvisitor/2492e233-66e3-11ef-ae16-0affd6cbb9c1/
Redirect Chain

http://heimi-lwx.com/zclkvisitor/2492e233-66e3-11ef-ae16-0affd6cbb9c1/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=c6b27e10-bdff-11ed-b891-12beee04f19b
https://heimi-lwx.com/zclkvisitor/2492e233-66e3-11ef-ae16-0affd6cbb9c1/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=c6b27e10-bdff-11ed-b891-12beee04f19b

3 KB
3 KB

139ms
35ms

Document
text/html

34.227.255.228
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://heimi-lwx.com/zclkvisitor/2492e233-66e3-11ef-ae16-0affd6cbb9c1/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=c6b27e10-bdff-11ed-b891-12beee04f19b

Requested by

Host: dash.creditcreditrepair.com
URL: https://dash.creditcreditrepair.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.227.255.228 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-227-255-228.compute-1.amazonaws.com

Software

Resource Hash

21738298a781805a7da881fc62b3fa55cba2f8f168bebd04238fd27aa658342d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline'

Request headers

Referer: https://dash.creditcreditrepair.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: X-Requested-With,Content-Type
access-control-allow-methods: GET,POST,OPTIONS
access-control-allow-origin: *
cache-control: no-store, no-cache, pre-check=0, post-check=0
content-length: 3088
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
content-type: text/html;charset=UTF-8
date: Fri, 30 Aug 2024 15:18:43 GMT

Redirect headers

Location: https://heimi-lwx.com/zclkvisitor/2492e233-66e3-11ef-ae16-0affd6cbb9c1/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=c6b27e10-bdff-11ed-b891-12beee04f19b
Non-Authoritative-Reason: HttpsUpgrades

GET
H2

200

zp-redirect Show response
scided-mington.com/
Redirect Chain

https://bhask-bbh.com/zclkredirect?visitid=2492e233-66e3-11ef-ae16-0affd6cbb9c1&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false&webdriverDetected=false&gpu=Intel%20Inc.%3B%20Intel...
https://scided-mington.com/zp-redirect?target=https%3A%2F%2Fafflat3a1.com%2Flnk.asp%3Fo%3D22600%26c%3D918277%26a%3D299463%26k%3D74BF8EDE667EC69FDE0FB052377BCFE4%26l%3D23434%26s1%3D66cd4f9e-9e05-4be...

1 KB
1 KB

183ms
76ms

Document
text/html

18.208.62.125
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://scided-mington.com/zp-redirect?target=https%3A%2F%2Fafflat3a1.com%2Flnk.asp%3Fo%3D22600%26c%3D918277%26a%3D299463%26k%3D74BF8EDE667EC69FDE0FB052377BCFE4%26l%3D23434%26s1%3D66cd4f9e-9e05-4be0-a764-6381b7b557b5%26s2%3Dw65u89qhva34nnq3378kn9cq&caid=66cd4f9e-9e05-4be0-a764-6381b7b557b5&zpid=2492e233-66e3-11ef-ae16-0affd6cbb9c1&cid=w65u89qhva34nnq3378kn9cq&rt=DJ&ts=1725031124718&hash=HzsFMQ7Qm1Yg0nmQQqZqZYftO39dnoDiS9B7Yu2_fCM
Requested by: Host: heimi-lwx.com
URL: https://heimi-lwx.com/zclkvisitor/2492e233-66e3-11ef-ae16-0affd6cbb9c1/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=c6b27e10-bdff-11ed-b891-12beee04f19b
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.208.62.125 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-208-62-125.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 04104e2a382cc14bc9eff976186ccf406ce590098de119dc1a36620d6ca048ed

Request headers

Referer: https://heimi-lwx.com/zclkvisitor/2492e233-66e3-11ef-ae16-0affd6cbb9c1/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=c6b27e10-bdff-11ed-b891-12beee04f19b
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

cache-control: no-store, no-cache, pre-check=0, post-check=0
content-type: text/html;charset=UTF-8
date: Fri, 30 Aug 2024 15:18:44 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
server: nginx

Redirect headers

access-control-allow-headers: X-Requested-With,Content-Type
access-control-allow-methods: GET,POST,OPTIONS
access-control-allow-origin: *
cache-control: no-store, no-cache, pre-check=0, post-check=0
content-length: 0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
date: Fri, 30 Aug 2024 15:18:44 GMT
location: https://scided-mington.com/zp-redirect?target=https%3A%2F%2Fafflat3a1.com%2Flnk.asp%3Fo%3D22600%26c%3D918277%26a%3D299463%26k%3D74BF8EDE667EC69FDE0FB052377BCFE4%26l%3D23434%26s1%3D66cd4f9e-9e05-4be0-a764-6381b7b557b5%26s2%3Dw65u89qhva34nnq3378kn9cq&caid=66cd4f9e-9e05-4be0-a764-6381b7b557b5&zpid=2492e233-66e3-11ef-ae16-0affd6cbb9c1&cid=w65u89qhva34nnq3378kn9cq&rt=DJ&ts=1725031124718&hash=HzsFMQ7Qm1Yg0nmQQqZqZYftO39dnoDiS9B7Yu2_fCM

GET
H2 200 redirect Show response
scided-mington.com/ 670 B
831 B 32ms
31ms Document
text/html 18.208.62.125
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://scided-mington.com/redirect?target=BASE64aHR0cHM6Ly9hZmZsYXQzYTEuY29tL2xuay5hc3A_bz0yMjYwMCZjPTkxODI3NyZhPTI5OTQ2MyZrPTc0QkY4RURFNjY3RUM2OUZERTBGQjA1MjM3N0JDRkU0Jmw9MjM0MzQmczE9NjZjZDRmOWUtOWUwNS00YmUwLWE3NjQtNjM4MWI3YjU1N2I1JnMyPXc2NXU4OXFodmEzNG5ucTMzNzhrbjljcQ&ts=1725031124927&hash=MP2WTs0edjBYjZTC7DOLBRqX5q8eI472NChewbnUUVk&rm=DJ
Requested by: Host: scided-mington.com
URL: https://scided-mington.com/zp-redirect?target=https%3A%2F%2Fafflat3a1.com%2Flnk.asp%3Fo%3D22600%26c%3D918277%26a%3D299463%26k%3D74BF8EDE667EC69FDE0FB052377BCFE4%26l%3D23434%26s1%3D66cd4f9e-9e05-4be0-a764-6381b7b557b5%26s2%3Dw65u89qhva34nnq3378kn9cq&caid=66cd4f9e-9e05-4be0-a764-6381b7b557b5&zpid=2492e233-66e3-11ef-ae16-0affd6cbb9c1&cid=w65u89qhva34nnq3378kn9cq&rt=DJ&ts=1725031124718&hash=HzsFMQ7Qm1Yg0nmQQqZqZYftO39dnoDiS9B7Yu2_fCM
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.208.62.125 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-208-62-125.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 0e0bae47f8af0ea6507d8085056c52220b8f0b2067e38db3a38d434a39843e4b

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

cache-control: no-store, no-cache, pre-check=0, post-check=0
content-length: 670
content-type: text/html;charset=UTF-8
date: Fri, 30 Aug 2024 15:18:45 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
server: nginx

GET
H/1.1

200
OK

Primary Request / Show response
benefits-authority.com/
Redirect Chain

https://afflat3a1.com/lnk.asp?o=22600&c=918277&a=299463&k=74BF8EDE667EC69FDE0FB052377BCFE4&l=23434&s1=66cd4f9e-9e05-4be0-a764-6381b7b557b5&s2=w65u89qhva34nnq3378kn9cq
https://afflat3a1.com/lnk.asp?o=26996&a=299463&c=7777777&r=1&s1=66cd4f9e-9e05-4be0-a764-6381b7b557b5&s2=w65u89qhva34nnq3378kn9cq
https://benefits-authority.com/?mbi=1583577160

3 KB
2 KB

355ms
79ms

Document
text/html

69.172.201.115
DOSARREST

General

Check archive.org

Show headers Download Go to

Full URL

https://benefits-authority.com/?mbi=1583577160

Requested by

Host: scided-mington.com
URL: https://scided-mington.com/redirect?target=BASE64aHR0cHM6Ly9hZmZsYXQzYTEuY29tL2xuay5hc3A_bz0yMjYwMCZjPTkxODI3NyZhPTI5OTQ2MyZrPTc0QkY4RURFNjY3RUM2OUZERTBGQjA1MjM3N0JDRkU0Jmw9MjM0MzQmczE9NjZjZDRmOWUtOWUwNS00YmUwLWE3NjQtNjM4MWI3YjU1N2I1JnMyPXc2NXU4OXFodmEzNG5ucTMzNzhrbjljcQ&ts=1725031124927&hash=MP2WTs0edjBYjZTC7DOLBRqX5q8eI472NChewbnUUVk&rm=DJ

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

69.172.201.115 , Canada, ASN19324 (DOSARREST, US),

Reverse DNS

Software

nginx/1.20.2 / ASP.NET

Resource Hash

5051e2fb2fe91fdd7d5b32f1881c16a58b4dbd92a17a46c86d9d0bea5cb3e0b0

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://scided-mington.com/redirect?target=BASE64aHR0cHM6Ly9hZmZsYXQzYTEuY29tL2xuay5hc3A_bz0yMjYwMCZjPTkxODI3NyZhPTI5OTQ2MyZrPTc0QkY4RURFNjY3RUM2OUZERTBGQjA1MjM3N0JDRkU0Jmw9MjM0MzQmczE9NjZjZDRmOWUtOWUwNS00YmUwLWE3NjQtNjM4MWI3YjU1N2I1JnMyPXc2NXU4OXFodmEzNG5ucTMzNzhrbjljcQ&ts=1725031124927&hash=MP2WTs0edjBYjZTC7DOLBRqX5q8eI472NChewbnUUVk&rm=DJ
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 1470
Content-Type: text/html
Date: Fri, 30 Aug 2024 15:18:45 GMT
ETag: "095ed8b90b6da1:0"
Keep-Alive: timeout=20
Last-Modified: Tue, 04 Jun 2024 15:04:50 GMT
Server: nginx/1.20.2
Vary: Accept-Encoding
X-DIS-Request-ID: f4bbd8f4fff272dd1f48a9e24ebc46b9
X-Frame-Options: SAMEORIGIN
X-Powered-By: ASP.NET

Redirect headers

Cache-Control: private
Connection: keep-alive
Content-Length: 166
Content-Type: text/html
Date: Fri, 30 Aug 2024 15:18:45 GMT
Keep-Alive: timeout=20
Location: https://benefits-authority.com?mbi=1583577160
Server: nginx/1.20.2
X-DIS-Request-ID: 4060f836edfafcb48058d60499c7987b
X-Powered-By: ASP.NET

GET
H/1.1 200
OK 2.9a56c832.chunk.css
benefits-authority.com/static/css/ 186 KB
48 KB 81ms
80ms Stylesheet
text/css 69.172.201.115
DOSARREST

General

Check archive.org

Show headers Download Go to

Full URL

https://benefits-authority.com/static/css/2.9a56c832.chunk.css

Requested by

Host: benefits-authority.com
URL: https://benefits-authority.com/?mbi=1583577160

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

69.172.201.115 , Canada, ASN19324 (DOSARREST, US),

Reverse DNS

Software

nginx/1.20.2 / ASP.NET

Resource Hash

14b075d2831615d4fb62e8b8271b62ed622ba8d36e51797d6df9ebbc95f96b58

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://benefits-authority.com/?mbi=1583577160
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date: Fri, 30 Aug 2024 15:18:45 GMT
Content-Encoding: gzip
Last-Modified: Tue, 04 Jun 2024 15:04:50 GMT
Server: nginx/1.20.2
ETag: "095ed8b90b6da1:0"
X-Powered-By: ASP.NET
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=20
Content-Length: 48500
X-DIS-Request-ID: eb451410d0655f5de1c046882bdfd36a

GET
H/1.1 200
OK main.53dbd380.chunk.css
benefits-authority.com/static/css/ 5 KB
2 KB 166ms
66ms Stylesheet
text/css 69.172.201.115
DOSARREST

General

Check archive.org

Show headers Download Go to

Full URL

https://benefits-authority.com/static/css/main.53dbd380.chunk.css

Requested by

Host: benefits-authority.com
URL: https://benefits-authority.com/?mbi=1583577160

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

69.172.201.115 , Canada, ASN19324 (DOSARREST, US),

Reverse DNS

Software

nginx/1.20.2 / ASP.NET

Resource Hash

42f373b869a5f0a9438bac0f1866aad195a0ec3cf9be60a7036955499e5620a9

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://benefits-authority.com/?mbi=1583577160
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date: Fri, 30 Aug 2024 15:18:45 GMT
Content-Encoding: gzip
Last-Modified: Tue, 04 Jun 2024 15:04:50 GMT
Server: nginx/1.20.2
ETag: "095ed8b90b6da1:0"
X-Powered-By: ASP.NET
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=20
Content-Length: 1634
X-DIS-Request-ID: 0f597ea50629ff32e96d7137fd0d4ea1

GET
H/1.1 200
OK 2.12dd23d0.chunk.js Show response
benefits-authority.com/static/js/ 1 MB
475 KB 188ms
83ms Script
application/javascript 69.172.201.115
DOSARREST

General

Check archive.org

Show headers Download Go to

Full URL

https://benefits-authority.com/static/js/2.12dd23d0.chunk.js

Requested by

Host: benefits-authority.com
URL: https://benefits-authority.com/?mbi=1583577160

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

69.172.201.115 , Canada, ASN19324 (DOSARREST, US),

Reverse DNS

Software

nginx/1.20.2 / ASP.NET

Resource Hash

dd30f9294822c6d5c32e8fc4e4de069194ad4b9ca958d9f9265d321fc4aa3e44

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://benefits-authority.com/?mbi=1583577160
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date: Fri, 30 Aug 2024 15:18:45 GMT
Content-Encoding: gzip
Last-Modified: Tue, 04 Jun 2024 15:04:50 GMT
Server: nginx/1.20.2
ETag: "095ed8b90b6da1:0"
X-Powered-By: ASP.NET
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=20
Content-Length: 486259
X-DIS-Request-ID: 0bb00608006495a1c027d345a965ebcb

GET
H/1.1 200
OK main.37287f54.chunk.js Show response
benefits-authority.com/static/js/ 93 KB
18 KB 379ms
268ms Script
application/javascript 69.172.201.115
DOSARREST

General

Check archive.org

Show headers Download Go to

Full URL

https://benefits-authority.com/static/js/main.37287f54.chunk.js

Requested by

Host: benefits-authority.com
URL: https://benefits-authority.com/?mbi=1583577160

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

69.172.201.115 , Canada, ASN19324 (DOSARREST, US),

Reverse DNS

Software

nginx/1.20.2 / ASP.NET

Resource Hash

c02cb664f7b0323b2d7a5a5b4766f58466c22b62361a62b95b0471cc8330c5a6

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://benefits-authority.com/?mbi=1583577160
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date: Fri, 30 Aug 2024 15:18:45 GMT
Content-Encoding: gzip
Last-Modified: Tue, 04 Jun 2024 15:04:50 GMT
Server: nginx/1.20.2
ETag: "095ed8b90b6da1:0"
X-Powered-By: ASP.NET
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=20
Content-Length: 18007
X-DIS-Request-ID: 7d41831676a7a605c72530937f62c08b

GET
H/1.1 200
OK e631f1dc8eca408692714c29656b01fd Show response
av-api.com/property/13/0/ 164 KB
32 KB 1190ms
946ms Fetch
application/json 69.172.200.185
DOSARREST

General

Check archive.org

Show headers Download Go to

Full URL: https://av-api.com/property/13/0/e631f1dc8eca408692714c29656b01fd?mbi=1583577160
Requested by: Host: benefits-authority.com
URL: https://benefits-authority.com/static/js/main.37287f54.chunk.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 69.172.200.185 , Canada, ASN19324 (DOSARREST, US),
Reverse DNS: maxbounty.com
Software: nginx/1.20.2 / Express, ASP.NET
Resource Hash: 29d79e271f881da5574fbd66c481834c9720da20cb6cbb40b6cd96032d28c320

Request headers

Referer: https://benefits-authority.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date: Fri, 30 Aug 2024 15:18:47 GMT
Content-Encoding: gzip
Server: nginx/1.20.2
ETag: W/"29105-Tj3Zm+2synDkgfVZ/8HBCXLFPPA"
X-Powered-By: Express, ASP.NET
Transfer-Encoding: chunked
Vary: Origin
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://benefits-authority.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Keep-Alive: timeout=20
X-DIS-Request-ID: 90c05a9ac80c9a06240c88f374f9bb9b

GET
H/1.1 200
OK favicon.ico
benefits-authority.com/ 4 KB
4 KB 26ms
25ms Other
image/x-icon 69.172.201.115
DOSARREST

General

Check archive.org

Show headers Download Go to

Full URL

https://benefits-authority.com/favicon.ico

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

69.172.201.115 , Canada, ASN19324 (DOSARREST, US),

Reverse DNS

Software

nginx/1.20.2 / ASP.NET

Resource Hash

3d10f7da6c603178340081668c4ac5b3ae9743ca9a262ab0fcd312fbb9f48bdd

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://benefits-authority.com/?mbi=1583577160
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date: Fri, 30 Aug 2024 15:18:46 GMT
Last-Modified: Mon, 12 Feb 2024 16:52:40 GMT
Server: nginx/1.20.2
ETag: "25e9dfe3d35dda1:0"
X-Powered-By: ASP.NET
X-Frame-Options: SAMEORIGIN
Content-Type: image/x-icon
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=20
Content-Length: 3870
X-DIS-Request-ID: 183532be5ef450c9fc60c23af6bba099

GET
H/1.1 200
OK logo
av-api.com/cdn/image/site/22/ 7 KB
8 KB 348ms
164ms Image
image/png 69.172.200.185
DOSARREST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://av-api.com/cdn/image/site/22/logo
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 69.172.200.185 , Canada, ASN19324 (DOSARREST, US),
Reverse DNS: maxbounty.com
Software: nginx/1.20.2 / Express, ASP.NET
Resource Hash: 5f1adb90a1acc45fd824b3a042617a48228fde56c778b5c4d7d9f0c3275dfc79

Request headers

Referer: https://benefits-authority.com/
Origin: https://benefits-authority.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date: Fri, 30 Aug 2024 15:18:47 GMT
Server: nginx/1.20.2
X-Powered-By: Express, ASP.NET
Transfer-Encoding: chunked
Vary: Origin
Access-Control-Allow-Origin: https://benefits-authority.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Keep-Alive: timeout=20
X-DIS-Request-ID: 4be0e20aded95f0e66eb206e2a05a3bc

GET
H2 200 JgfDBX6.png
i.imgur.com/ 410 KB
411 KB 273ms
70ms Image
image/png 199.232.192.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/JgfDBX6.png

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.192.193 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

f99e785b0abda784b68fcf4840fbe98909760620f12002087f1af4b874971333

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

Referer: https://benefits-authority.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 30 Aug 2024 15:18:47 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-amz-cf-pop: MIA3-P1
age: 889178
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront, HIT, HIT
content-length: 420303
x-served-by: cache-iad-kjyo7100044-IAD, cache-ewr-kewr1740032-EWR
last-modified: Tue, 04 Jun 2024 20:04:06 GMT
server: cat factory 1.0
x-timer: S1725031128.823823,VS0,VE1
etag: "7cc39a0991db31903bf8adc7fdbedbee"
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: u-ejUqw-CLgwu1MFuWsle22RELUDKlRtquniQvj31HZtGC7rFApm4Q==
x-cache-hits: 1439, 0

GET
H2 200 d2fb0ec8-1e8c-a402-e4ac-9205fe98f622.js Show response
create.lidstatic.com/campaign/ 121 KB
39 KB 421ms
110ms Script
text/javascript 2606:4700:10::6816:26b6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://create.lidstatic.com/campaign/d2fb0ec8-1e8c-a402-e4ac-9205fe98f622.js?snippet_version=2&callback=setUniversalLeadId
Requested by: Host: benefits-authority.com
URL: https://benefits-authority.com/static/js/main.37287f54.chunk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:26b6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4b10ba9cbef05a78cee2d4a7929ca17601e5a548950222485a0d3210b843d74e

Request headers

Referer: https://benefits-authority.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 30 Aug 2024 15:18:47 GMT
x-amz-version-id: twCQ4PuHOgpLnmrvwu5tilHUduYAvsSm
content-encoding: br
cf-cache-status: HIT
x-amz-request-id: 24QYYD0KE8CYJDEH
age: 1275
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: tmQd/o7IImtT32m8isk4aQ3yxfMI7Rl8bRxX1v3RUwzVfz9ytHkD7H1mo9jZE5PY8tEYUo/cYZQ=
last-modified: Mon, 15 Jul 2024 16:23:05 GMT
server: cloudflare
etag: W/"4abc12d0583a69a38379005e8e95eacc"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=1800
cf-ray: 8bb5c1658ba7433e-EWR

GET
H2 200 662a836a473fc40013e65c89 Show response
api.pushnami.com/scripts/v1/pushnami-adv/ 94 KB
20 KB 361ms
108ms Script
application/javascript 18.164.124.65
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.pushnami.com/scripts/v1/pushnami-adv/662a836a473fc40013e65c89
Requested by: Host: benefits-authority.com
URL: https://benefits-authority.com/static/js/main.37287f54.chunk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.164.124.65 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-164-124-65.jfk50.r.cloudfront.net
Software: /
Resource Hash: 008bf334cdba91db068acb7f3756e756a356b4ddb4832486f2b10c1b27e7cdce

Request headers

Referer: https://benefits-authority.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 30 Aug 2024 15:15:57 GMT
content-encoding: gzip
via: 1.1 3b596e6534b28f6cf60d32fc6bf542dc.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK50-P7
age: 170
vary: accept-encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
cache-control: no-cache
x-amz-cf-id: nyCkOdT_NRH6AHa83_hazkL3HLLbBh83k5-Rjw__fUkbXKS_XQP4Yw==

GET
H2 200 noscript.gif
create.leadid.com/ 43 B
644 B 289ms
90ms Image
image/gif 44.207.126.79
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://create.leadid.com/noscript.gif?lac=4b1f5928-2127-08fa-4ea5-f0db210f6aae&lck=d2fb0ec8-1e8c-a402-e4ac-9205fe98f622&snippet_version=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.207.126.79 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-207-126-79.compute-1.amazonaws.com

Software

nginx /

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://benefits-authority.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 30 Aug 2024 15:18:47 GMT
content-encoding: none
strict-transport-security: max-age=31536000; includeSubDomains; preload
last-modified: Fri, 30 Aug 2024 15:18:47 GMT
server: nginx
etag: 0AD5ED2A-9693-0891-7AE7-6B59965B4FE7
access-control-max-age: 1728000
content-type: image/gif
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With, Content-Type

GET
H/1.1 200
OK favicon.ico
benefits-authority.com/ 4 KB
0 2ms
2ms Other
image/x-icon 69.172.201.115
DOSARREST

General

Check archive.org

Show headers Download Go to

Full URL

https://benefits-authority.com/favicon.ico

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

69.172.201.115 , Canada, ASN19324 (DOSARREST, US),

Reverse DNS

Software

nginx/1.20.2 / ASP.NET

Resource Hash

3d10f7da6c603178340081668c4ac5b3ae9743ca9a262ab0fcd312fbb9f48bdd

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://benefits-authority.com/?mbi=1583577160
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date: Fri, 30 Aug 2024 15:18:46 GMT
Last-Modified: Mon, 12 Feb 2024 16:52:40 GMT
Server: nginx/1.20.2
ETag: "25e9dfe3d35dda1:0"
X-Powered-By: ASP.NET
X-Frame-Options: SAMEORIGIN
Content-Type: image/x-icon
Accept-Ranges: bytes
Content-Length: 3870
X-DIS-Request-ID: 183532be5ef450c9fc60c23af6bba099

GET
H2 200 fcm-v1-module.019781ec7a1c97363e85.bundle.js Show response
cdn.pushnami.com/js/modules/ 46 KB
15 KB 331ms
83ms Script
application/javascript 108.139.47.113
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pushnami.com/js/modules/fcm-v1-module.019781ec7a1c97363e85.bundle.js
Requested by: Host: api.pushnami.com
URL: https://api.pushnami.com/scripts/v1/pushnami-adv/662a836a473fc40013e65c89
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.139.47.113 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-139-47-113.jfk50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b41d7402cbdab32acba31cfdd479730c74b7527fa7c881b0486098bd1a895607

Request headers

Referer: https://benefits-authority.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-amz-version-id: DKNNXfrKVNQFoskvuTtbaAOVbVs0JYVO
content-encoding: gzip
via: 1.1 dedf8f82a63be28fe4cc799f6c4bfc08.cloudfront.net (CloudFront)
date: Fri, 30 Aug 2024 14:42:41 GMT
last-modified: Fri, 10 May 2024 21:23:38 GMT
server: AmazonS3
x-amz-cf-pop: JFK50-P1
age: 2168
x-amz-server-side-encryption: AES256
etag: W/"09467cbbdfbe0b4f7131476215348a19"
vary: accept-encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: McFuaB6dyhMGs2YxzI7s0K9FU0iapVULhe_w5PxMRvWC9CTOGtWOgA==

GET
H2 200 hub
api.pushnami.com/scripts/v1/ Frame FD4E 0
0 298ms
77ms Document
text/html 18.164.124.65
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.pushnami.com/scripts/v1/hub

Requested by

Host: api.pushnami.com
URL: https://api.pushnami.com/scripts/v1/pushnami-adv/662a836a473fc40013e65c89

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.164.124.65 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-164-124-65.jfk50.r.cloudfront.net

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-inline' *
X-Content-Security-Policy	default-src 'unsafe-inline' *

Request headers

Referer: https://benefits-authority.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: X-Requested-With
access-control-allow-methods: GET,PUT,POST,DELETE
access-control-allow-origin: *
age: 3523
cache-control: no-cache
content-encoding: gzip
content-security-policy: default-src 'unsafe-inline' *
content-type: text/html; charset=utf-8
date: Fri, 30 Aug 2024 14:20:05 GMT
vary: accept-encoding
via: 1.1 62c27224785ce0e5201a4eab3d49262e.cloudfront.net (CloudFront)
x-amz-cf-id: h9ECUK4glKnUQFeOP7ZLPL1Y9xRgbftgDgJxi7fntpcsQJjkyYuIcw==
x-amz-cf-pop: JFK50-P7
x-cache: Hit from cloudfront
x-content-security-policy: default-src 'unsafe-inline' *
x-webkit-csp: default-src 'unsafe-inline' *

POST
H2 200 track Show response
trc.pushnami.com/api/push/ 2 B
168 B 83ms
62ms Fetch
text/html 23.20.32.71
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.pushnami.com/api/push/track
Requested by: Host: api.pushnami.com
URL: https://api.pushnami.com/scripts/v1/pushnami-adv/662a836a473fc40013e65c89
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.20.32.71 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-23-20-32-71.compute-1.amazonaws.com
Software: /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

accept: application/json, text/plain, */*
Referer: https://benefits-authority.com/
key: 662a836a473fc40013e65c89
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
content-type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: *
date: Fri, 30 Aug 2024 15:18:48 GMT
access-control-expose-headers: WWW-Authenticate,Server-Authorization
cache-control: no-cache
content-length: 2
content-type: text/html; charset=utf-8

OPTIONS
H2 204 track
trc.pushnami.com/api/push/ Frame 0
0 303ms
61ms Preflight 23.20.32.71
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.pushnami.com/api/push/track
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.20.32.71 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-23-20-32-71.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: key
Access-Control-Request-Method: POST
Origin: https://benefits-authority.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: Accept,Authorization,Content-Type,If-None-Match,key
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-expose-headers: WWW-Authenticate,Server-Authorization
access-control-max-age: 86400
cache-control: no-cache
date: Fri, 30 Aug 2024 15:18:48 GMT

POST
H2 200 GenerateToken Show response
create.leadid.com/2.15.0/ 36 B
660 B 280ms
92ms XHR
text/plain 44.207.126.79
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://create.leadid.com/2.15.0/GenerateToken?msn=1&pid=ac3174d6-f639-4a21-8c8a-fb9126d0bfa3&_=47741633

Requested by

Host: create.lidstatic.com
URL: https://create.lidstatic.com/campaign/d2fb0ec8-1e8c-a402-e4ac-9205fe98f622.js?snippet_version=2&callback=setUniversalLeadId

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.207.126.79 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-207-126-79.compute-1.amazonaws.com

Software

nginx /

Resource Hash

b1da3f6127ebfcf17b14c04a736b0dd77dd6e052c4a18f8c743f1cc5f81c49b6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://benefits-authority.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Fri, 30 Aug 2024 15:18:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: nginx
access-control-max-age: 1728000
content-type: text/plain;charset=UTF-8
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
access-control-allow-headers: X-Requested-With, Content-Type
expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK iframe.html
d2m2wsoho8qq12.cloudfront.net/ Frame 19C9 0
0 143ms
31ms Document
text/html 18.164.115.36
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://d2m2wsoho8qq12.cloudfront.net/iframe.html?token=1D33424B-D825-F3A0-CC67-13AF42E4C563&apiurl=https%3A%2F%2Fcreate.leadid.com%2F2.15.0&lck=D2FB0EC8-1E8C-A402-E4AC-9205FE98F622&lac=4B1F5928-2127-08FA-4EA5-F0DB210F6AAE

Requested by

Host: create.lidstatic.com
URL: https://create.lidstatic.com/campaign/d2fb0ec8-1e8c-a402-e4ac-9205fe98f622.js?snippet_version=2&callback=setUniversalLeadId

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

18.164.115.36 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-164-115-36.jfk50.r.cloudfront.net

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://benefits-authority.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Headers: *
Access-Control-Allow-Origin: *
Age: 22577
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html
Date: Fri, 30 Aug 2024 09:02:31 GMT
Etag: W/"668f4bcd-dbb"
Last-Modified: Thu, 11 Jul 2024 03:04:45 GMT
Server: nginx
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Transfer-Encoding: chunked
Via: 1.1 6e810acc9d798bdf126180508d1b511e.cloudfront.net (CloudFront)
X-Amz-Cf-Id: qDzRhZjTTAJ-J0f4qFu3knj5Vf_Hii-wD8uWB2cY_lU4Xp7-SwEt7w==
X-Amz-Cf-Pop: JFK50-P6
X-Cache: Hit from cloudfront

POST
H2 200 SaveDom Show response
create.leadid.com/2.15.0/ 0
624 B 39ms
35ms XHR
text/plain 44.207.126.79
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://create.leadid.com/2.15.0/SaveDom?msn=2&pid=ac3174d6-f639-4a21-8c8a-fb9126d0bfa3&token=1D33424B-D825-F3A0-CC67-13AF42E4C563&_=47741634

Requested by

Host: create.lidstatic.com
URL: https://create.lidstatic.com/campaign/d2fb0ec8-1e8c-a402-e4ac-9205fe98f622.js?snippet_version=2&callback=setUniversalLeadId

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.207.126.79 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-207-126-79.compute-1.amazonaws.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://benefits-authority.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Fri, 30 Aug 2024 15:18:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: nginx
access-control-max-age: 1728000
content-type: text/plain;charset=UTF-8
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
access-control-allow-headers: X-Requested-With, Content-Type
expires: Sat, 26 Jul 1997 05:00:00 GMT

POST
H2 200 InitFormData Show response
create.leadid.com/2.15.0/ 0
623 B 79ms
76ms XHR
text/plain 44.207.126.79
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://create.leadid.com/2.15.0/InitFormData?msn=3&pid=ac3174d6-f639-4a21-8c8a-fb9126d0bfa3&token=1D33424B-D825-F3A0-CC67-13AF42E4C563&_=47741635

Requested by

Host: create.lidstatic.com
URL: https://create.lidstatic.com/campaign/d2fb0ec8-1e8c-a402-e4ac-9205fe98f622.js?snippet_version=2&callback=setUniversalLeadId

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.207.126.79 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-207-126-79.compute-1.amazonaws.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://benefits-authority.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Fri, 30 Aug 2024 15:18:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: nginx
access-control-max-age: 1728000
content-type: text/plain;charset=UTF-8
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
access-control-allow-headers: X-Requested-With, Content-Type
expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H2 200 psfpv4_client_1.128.0_e69807988e393582df7e4f36997f32ce191eefb9bae310a2b10e144b1d3638f9.js Show response
cdn.pushnami.com/js/exp/ 333 KB
334 KB 26ms
25ms Script
application/javascript 108.139.47.113
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pushnami.com/js/exp/psfpv4_client_1.128.0_e69807988e393582df7e4f36997f32ce191eefb9bae310a2b10e144b1d3638f9.js
Requested by: Host: api.pushnami.com
URL: https://api.pushnami.com/scripts/v1/pushnami-adv/662a836a473fc40013e65c89
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.139.47.113 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-139-47-113.jfk50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e69807988e393582df7e4f36997f32ce191eefb9bae310a2b10e144b1d3638f9

Request headers

Referer: https://benefits-authority.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-amz-version-id: iJVtw0MDnvg5Vkf9zg8GHQyDY6vN4ZdU
content-encoding: utf-8
via: 1.1 dedf8f82a63be28fe4cc799f6c4bfc08.cloudfront.net (CloudFront)
date: Fri, 30 Aug 2024 14:41:32 GMT
x-amz-cf-pop: JFK50-P1
age: 2237
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 340965
last-modified: Mon, 12 Aug 2024 17:22:56 GMT
server: AmazonS3
etag: "4b9f77845d59f14274d2b8d4b1112ca4"
vary: accept-encoding
content-type: application/javascript; charset=utf-8
accept-ranges: bytes
x-amz-cf-id: Dj3KcgeC06D8g7UIW9bCkwzKRx7OS-pCPXjm4vLB8lLoeqj2aYntGg==

POST
H2 200 Snap Show response
create.leadid.com/2.15.0/ 0
623 B 601ms
460ms XHR
text/plain 44.207.126.79
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://create.leadid.com/2.15.0/Snap?msn=4&pid=ac3174d6-f639-4a21-8c8a-fb9126d0bfa3&token=1D33424B-D825-F3A0-CC67-13AF42E4C563&_=47741636

Requested by

Host: create.lidstatic.com
URL: https://create.lidstatic.com/campaign/d2fb0ec8-1e8c-a402-e4ac-9205fe98f622.js?snippet_version=2&callback=setUniversalLeadId

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.207.126.79 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-207-126-79.compute-1.amazonaws.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://benefits-authority.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Fri, 30 Aug 2024 15:18:49 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: nginx
access-control-max-age: 1728000
content-type: text/plain;charset=UTF-8
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
access-control-allow-headers: X-Requested-With, Content-Type
expires: Sat, 26 Jul 1997 05:00:00 GMT

POST data
psp.pushnami.com/psfp/ 0
0

OPTIONS data
psp.pushnami.com/psfp/ Frame 0
0

POST
H2 200 psp Show response
psp.pushnami.com/api/ 2 B
152 B 395ms
393ms Fetch
text/html 100.25.224.72

General

Check archive.org

Show headers Download Go to

Full URL: https://psp.pushnami.com/api/psp
Requested by: Host: api.pushnami.com
URL: https://api.pushnami.com/scripts/v1/pushnami-adv/662a836a473fc40013e65c89
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 100.25.224.72 -, , ASN (),
Reverse DNS
Software: / Express
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

accept: application/json, text/plain, */*
Referer: https://benefits-authority.com/
key: 662a836a473fc40013e65c89
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
content-type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: *
date: Fri, 30 Aug 2024 15:18:50 GMT
x-powered-by: Express
content-length: 2
etag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
content-type: text/html; charset=utf-8

OPTIONS
H2 204 psp
psp.pushnami.com/api/ Frame 0
0 409ms
167ms Preflight 100.25.224.72

General

Check archive.org

Show headers Download Go to

Full URL: https://psp.pushnami.com/api/psp
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 100.25.224.72 -, , ASN (),
Reverse DNS
Software: / Express
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: key
Access-Control-Request-Method: POST
Origin: https://benefits-authority.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: key
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: *
date: Fri, 30 Aug 2024 15:18:50 GMT
vary: Access-Control-Request-Headers
x-powered-by: Express

POST
H2 200 Snap Show response
create.leadid.com/2.15.0/ 0
623 B 256ms
103ms XHR
text/plain 44.207.126.79
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://create.leadid.com/2.15.0/Snap?msn=5&pid=ac3174d6-f639-4a21-8c8a-fb9126d0bfa3&token=1D33424B-D825-F3A0-CC67-13AF42E4C563&_=47741637

Requested by

Host: create.lidstatic.com
URL: https://create.lidstatic.com/campaign/d2fb0ec8-1e8c-a402-e4ac-9205fe98f622.js?snippet_version=2&callback=setUniversalLeadId

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.207.126.79 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-207-126-79.compute-1.amazonaws.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://benefits-authority.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Fri, 30 Aug 2024 15:18:50 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: nginx
access-control-max-age: 1728000
content-type: text/plain;charset=UTF-8
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
access-control-allow-headers: X-Requested-With, Content-Type
expires: Sat, 26 Jul 1997 05:00:00 GMT

POST
H2 200 track Show response
trc.pushnami.com/api/push/ 2 B
168 B 125ms
124ms Fetch
text/html 23.20.32.71
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.pushnami.com/api/push/track
Requested by: Host: api.pushnami.com
URL: https://api.pushnami.com/scripts/v1/pushnami-adv/662a836a473fc40013e65c89
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.20.32.71 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-23-20-32-71.compute-1.amazonaws.com
Software: /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

accept: application/json, text/plain, */*
Referer: https://benefits-authority.com/
key: 662a836a473fc40013e65c89
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
content-type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: *
date: Fri, 30 Aug 2024 15:18:50 GMT
access-control-expose-headers: WWW-Authenticate,Server-Authorization
cache-control: no-cache
content-length: 2
content-type: text/html; charset=utf-8

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: psp.pushnami.com
URL: https://psp.pushnami.com/psfp/data

Domain: psp.pushnami.com
URL: https://psp.pushnami.com/psfp/data

Verdicts & Comments Add Verdict or Comment

23 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

15 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.scided-mington.com/	1970-01-21 07:56:07	Name: cc-v4 Value: XAIKYbT92QkVzqaF6w96E%2FT2%2FoZnxFZrs1fl0%2F31%2BjxrPx21GPJE9vluxMpQhjfFClnLX%2FrxuPfpasbrMIVRFE2PjAricc9UB6hDxRiNhqazZZ9ZS1tQk2UgPPpUfO7b17Id8SRjNnoA6asXJUWCCA%3D%3D
afflat3a1.com/	1969-12-31 23:59:59	Name: ASPSESSIONIDQUQBQABS Value: FBCAIIOAPGLEBMLEIBLHCMIN
afflat3a1.com/	1970-01-21 00:36:40	Name: mb_26996_SS Value: AF=299463&AC=1583577160&CS=1583876623
afflat3a1.com/	1970-01-21 08:46:31	Name: I_SS Value: 1583577160
afflat3a1.com/	1970-01-21 08:46:31	Name: I Value: 1583577160
afflat3a1.com/	1970-01-21 00:36:14	Name: mb%5F26996 Value: AC=1583577160&CS=1583876623&AF=299463
afflat3a1.com/	1969-12-31 23:59:59	Name: ASPSESSIONIDSUTCSBBR Value: FGGDHMOALKCBMMAHDJDDKOOP
benefits-authority.com/	1970-01-21 08:46:31	Name: mbi Value: 1583577160
benefits-authority.com/	1970-01-21 08:46:31	Name: avtc Value: e631f1dc8eca408692714c29656b01fd
benefits-authority.com/	1970-01-21 08:46:31	Name: avtset Value: 22-192
benefits-authority.com/	1969-12-31 23:59:59	Name: leadid_token-4B1F5928-2127-08FA-4EA5-F0DB210F6AAE-D2FB0EC8-1E8C-A402-E4AC-9205FE98F622 Value: 1D33424B-D825-F3A0-CC67-13AF42E4C563
.trueleadid.com/	1970-01-21 07:54:54	Name: visid_incap_3051494 Value: zcR38paPSaK48TuE+CxgoNji0WYAAAAAQUIPAAAAAAD449Gfg+PE8z2L2rQ4+Uw9
.trueleadid.com/	1969-12-31 23:59:59	Name: nlbi_3051494 Value: aWLZPXDBZw2TJJAAC30iGwAAAABTn/baGdFwTR5SzzLNu3J8
.trueleadid.com/	1969-12-31 23:59:59	Name: incap_ses_1840_3051494 Value: KZF7OmRChm9D0u0vX/6IGdji0WYAAAAAA7XT3F56VYAcwQbdN3dkBw==
.deviceid.trueleadid.com/	1970-01-21 08:46:31	Name: uuid Value: 70ac72ddaf664df3988c05049d01d55f

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	error	URL: https://benefits-authority.com/?mbi=1583577160# Message: Chrome currently does not support the Push API in incognito mode (https://crbug.com/401439). There is deliberately no way to feature-detect this, since incognito mode needs to be undetectable by websites.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

afflat3a1.com
api.pushnami.com
av-api.com
benefits-authority.com
bhask-bbh.com
cdn.pushnami.com
create.leadid.com
create.lidstatic.com
d2m2wsoho8qq12.cloudfront.net
d38psrni17bvxu.cloudfront.net
dash.creditcreditrepair.com
heimi-lwx.com
i.imgur.com
psp.pushnami.com
scided-mington.com
trc.pushnami.com
psp.pushnami.com
100.25.224.72
104.247.81.53
108.139.47.113
18.164.115.36
18.164.124.65
18.208.62.125
199.232.192.193
23.20.32.71
2600:9000:2209:c800:1d:4618:5c80:21
2606:4700:10::6816:26b6
34.227.255.228
44.207.126.79
69.172.200.185
69.172.201.115
008bf334cdba91db068acb7f3756e756a356b4ddb4832486f2b10c1b27e7cdce
036c94653e84e6078c087abeb3ac8804491d27b27938839ae3df42b31e2238d9
04104e2a382cc14bc9eff976186ccf406ce590098de119dc1a36620d6ca048ed
0e0bae47f8af0ea6507d8085056c52220b8f0b2067e38db3a38d434a39843e4b
14b075d2831615d4fb62e8b8271b62ed622ba8d36e51797d6df9ebbc95f96b58
21738298a781805a7da881fc62b3fa55cba2f8f168bebd04238fd27aa658342d
29d79e271f881da5574fbd66c481834c9720da20cb6cbb40b6cd96032d28c320
3204af58394f17cc8b253bc91be25989b10151be493bb712a93a930d57d7177b
3d10f7da6c603178340081668c4ac5b3ae9743ca9a262ab0fcd312fbb9f48bdd
42f373b869a5f0a9438bac0f1866aad195a0ec3cf9be60a7036955499e5620a9
4b10ba9cbef05a78cee2d4a7929ca17601e5a548950222485a0d3210b843d74e
5051e2fb2fe91fdd7d5b32f1881c16a58b4dbd92a17a46c86d9d0bea5cb3e0b0
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
5f1adb90a1acc45fd824b3a042617a48228fde56c778b5c4d7d9f0c3275dfc79
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1da3f6127ebfcf17b14c04a736b0dd77dd6e052c4a18f8c743f1cc5f81c49b6
b41d7402cbdab32acba31cfdd479730c74b7527fa7c881b0486098bd1a895607
c02cb664f7b0323b2d7a5a5b4766f58466c22b62361a62b95b0471cc8330c5a6
dd30f9294822c6d5c32e8fc4e4de069194ad4b9ca958d9f9265d321fc4aa3e44
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e69807988e393582df7e4f36997f32ce191eefb9bae310a2b10e144b1d3638f9
f99e785b0abda784b68fcf4840fbe98909760620f12002087f1af4b874971333

benefits-authority.com Open in urlscan Pro 69.172.201.115 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

37 Requests

92 %HTTPS

14 %IPv6

12 Domains

16 Subdomains

15 IPs

2 Countries

1422 kBTransfer

2869 kBSize

15 Cookies

0 Outgoing links

Page URL History

Redirected requests

37 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

benefits-authority.com Open in urlscan Pro
69.172.201.115 Public Scan

Screenshot
Live screenshot

Full Image

37
Requests

92 %
HTTPS

14 %
IPv6

12
Domains

16
Subdomains

15
IPs

2
Countries

1422 kB
Transfer

2869 kB
Size

15
Cookies

37 HTTP transactions
0 data transactions