citizenenrollmentbenefits.com Open in urlscan Pro
216.24.57.1 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.citizenenrollmentbenefits.com/
Effective URL:
https://citizenenrollmentbenefits.com/
Submission: On November 06 via automatic, source certstream-suspicious (November 6th 2023, 1:58:11 am UTC) — Scanned from SE

Summary HTTP 16 Redirects Links 6 Behaviour Indicators

Summary

This website contacted 6 IPs in 2 countries across 5 domains to perform 16 HTTP transactions. The main IP is 216.24.57.1, located in United States and belongs to RENDER, US. The main domain is citizenenrollmentbenefits.com.
TLS certificate: Issued by GTS CA 1P5 on November 5th 2023. Valid for: 3 months.

This is the only time citizenenrollmentbenefits.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	216.24.57.3 216.24.57.3	397273 (RENDER) (RENDER)
5	216.24.57.1 216.24.57.1	397273 (RENDER) (RENDER)
1	108.138.7.25 108.138.7.25	16509 (AMAZON-02) (AMAZON-02)
2	157.240.251.9 157.240.251.9	32934 (FACEBOOK) (FACEBOOK)
5	2.19.96.186 2.19.96.186	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	54.164.239.81 54.164.239.81	14618 (AMAZON-AES) (AMAZON-AES)
1	157.240.251.35 157.240.251.35	32934 (FACEBOOK) (FACEBOOK)
16	6

1 216.24.57.3 (United States) 1 redirects

ASN397273 (RENDER, US)

www.citizenenrollmentbenefits.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 216.24.57.1 (United States)

ASN397273 (RENDER, US)

citizenenrollmentbenefits.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.138.7.25 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-7-25.fra56.r.cloudfront.net

b-js.ringba.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 157.240.251.9 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-01-fra5.fbcdn.net

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2.19.96.186 (Düsseldorf, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-19-96-186.deploy.static.akamaitechnologies.com

analytics.tiktok.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.164.239.81 (United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-164-239-81.compute-1.amazonaws.com

display.ringba.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 157.240.251.35 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: edge-star-mini-shv-01-fra5.facebook.com

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	citizenenrollmentbenefits.com 1 redirects www.citizenenrollmentbenefits.com citizenenrollmentbenefits.com	80 KB
5	tiktok.com analytics.tiktok.com — Cisco Umbrella Rank: 742	148 KB
3	ringba.com b-js.ringba.com — Cisco Umbrella Rank: 126053 display.ringba.com — Cisco Umbrella Rank: 89047	14 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 174	89 KB
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 110	185 B
16	5

	Domain	Requested by
5	analytics.tiktok.com	citizenenrollmentbenefits.com analytics.tiktok.com
5	citizenenrollmentbenefits.com	citizenenrollmentbenefits.com
2	display.ringba.com	b-js.ringba.com
2	connect.facebook.net	citizenenrollmentbenefits.com connect.facebook.net
1	www.facebook.com	citizenenrollmentbenefits.com
1	b-js.ringba.com	citizenenrollmentbenefits.com
1	www.citizenenrollmentbenefits.com	1 redirects
16	7

This site contains links to these domains. Also see Links.

Domain
achi.net
www.kff.org
www.irs.gov
www.healthreformbeyondthebasics.org
www.verywellhealth.com
assets.adfluential.com

Subject Issuer	Validity	Valid
citizenenrollmentbenefits.com GTS CA 1P5	`2023-11-05` - `2024-02-03`	3 months	crt.sh
*.ringba.com Amazon RSA 2048 M01	`2023-02-28` - `2024-01-08`	10 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-08-15` - `2023-11-13`	3 months	crt.sh
*.tiktok.com RapidSSL ECC CA 2018	`2023-07-14` - `2024-08-13`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://citizenenrollmentbenefits.com/
Frame ID: F89DC2186F47A4088A376BCA0C07E99A
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Benefits For Consumers

Page URL History Show full URLs

https://www.citizenenrollmentbenefits.com/ HTTP 301
https://citizenenrollmentbenefits.com/ Page URL

Detected technologies

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Page Statistics

16
Requests

100 %
HTTPS

0 %
IPv6

5
Domains

7
Subdomains

6
IPs

2
Countries

331 kB
Transfer

1182 kB
Size

4
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: https://achi.net/newsroom/house-passes-bill-extending-aca-subsidies-through-2025-ensuring-continued-affordable-healthcare-insurance-for-millions/
Title: ACHI 2022

Search URL Search Domain Scan URL

URL: https://www.kff.org/faqs/faqs-health-insurance-marketplace-and-the-aca/how-do-the-premium-tax-credits-work/
Title: KFF 2022

Search URL Search Domain Scan URL

URL: https://www.irs.gov/affordable-care-act/individuals-and-families/the-premium-tax-credit-the-basics
Title: IRS 2022

Search URL Search Domain Scan URL

URL: https://www.healthreformbeyondthebasics.org/premium-tax-credits-answers-to-frequently-asked-questions/
Title: Health Reform Basics 2022

Search URL Search Domain Scan URL

URL: https://www.verywellhealth.com/how-the-health-insurance-subsidy-works-1738915/
Title: Very Well Health

Search URL Search Domain Scan URL

URL: https://assets.adfluential.com/privacy.html
Title: Privacy Policy

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.citizenenrollmentbenefits.com/ HTTP 301
https://citizenenrollmentbenefits.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
citizenenrollmentbenefits.com/
Redirect Chain

https://www.citizenenrollmentbenefits.com/
https://citizenenrollmentbenefits.com/

14 KB
5 KB

379ms
308ms

Document
text/html

216.24.57.1
RENDER

General

Check archive.org

Show headers Download Go to

Full URL

https://citizenenrollmentbenefits.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.24.57.1 , United States, ASN397273 (RENDER, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f4f8a67b719a346bae07ba1eb87a11b19aad33ca5a33f2a5bf054398fa57382e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: se-SE,se;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=0, s-maxage=300
cache-tag: srv-cl3pc2hnovjs73blddlg
cf-cache-status: DYNAMIC
cf-ray: 8219bab63a9370b2-ARN
cloudflare-cdn-cache-control: public, max-age=300
content-encoding: br
content-type: text/html; charset=utf-8
date: Mon, 06 Nov 2023 01:58:04 GMT
etag: W/"41e5c755df780b053fd990e6a224b34d"
last-modified: Sun, 05 Nov 2023 13:23:03 UTC
server: cloudflare
vary: Accept-Encoding
x-content-type-options: nosniff

Redirect headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8219bab409d009b5-ARN
content-length: 73
content-type: text/html; charset=utf-8
date: Mon, 06 Nov 2023 01:58:04 GMT
location: https://citizenenrollmentbenefits.com/
server: cloudflare
vary: Accept-Encoding

GET
H2 200 style-43335a8e.css
citizenenrollmentbenefits.com/assets/ 15 KB
4 KB 337ms
336ms Stylesheet
text/css 216.24.57.1
RENDER

General

Check archive.org

Show headers Download Go to

Full URL

https://citizenenrollmentbenefits.com/assets/style-43335a8e.css

Requested by

Host: citizenenrollmentbenefits.com
URL: https://citizenenrollmentbenefits.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.24.57.1 , United States, ASN397273 (RENDER, US),

Reverse DNS

Software

cloudflare /

Resource Hash

43335a8e67bc8a34776bd2e272f7d2bf34f4194bd772a168dd4909bb4b755e47

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: se-SE,se;q=0.9
Referer: https://citizenenrollmentbenefits.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 01:58:05 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
last-modified: Sun, 05 Nov 2023 13:23:03 UTC
server: cloudflare
etag: W/"edf9a1c3f3f10dbef1519e8694d4316a"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
cache-tag: srv-cl3pc2hnovjs73blddlg
cache-control: public, max-age=0, s-maxage=300
cf-ray: 8219bab82bac70b2-ARN
cloudflare-cdn-cache-control: public, max-age=300
alt-svc: h3=":443"; ma=86400

GET
H2 200 CAcda8c68fd0c44f6282a15cafcbc35e81 Show response
b-js.ringba.com/ 13 KB
13 KB 413ms
256ms Script
text/html 108.138.7.25
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://b-js.ringba.com/CAcda8c68fd0c44f6282a15cafcbc35e81
Requested by: Host: citizenenrollmentbenefits.com
URL: https://citizenenrollmentbenefits.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.7.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-7-25.fra56.r.cloudfront.net
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 0247bf36cfef620f5858e1d2d9be112a356fdf1d0ab7159784959b278565ec97

Request headers

accept-language: se-SE,se;q=0.9
Referer: https://citizenenrollmentbenefits.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-runtime: 0.0000
date: Mon, 06 Nov 2023 01:58:04 GMT
via: 1.1 6b85d8725dd6471c3db1f65d4096afc4.cloudfront.net (CloudFront)
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-amz-cf-pop: FRA56-P6
x-powered-by: ASP.NET
access-control-max-age: 300
x-cache: Miss from cloudfront
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public
content-length: 13212
x-amz-cf-id: 5QgBYK1o8zfDHA7jrg1NrW_h2CQk-hhTKQchpo3PIV00C5taHdr1pw==
expires: Mon, 06 Nov 2023 02:03:05 GMT

GET
H2 200 index-10bb1ebb.js Show response
citizenenrollmentbenefits.com/assets/ 235 KB
57 KB 328ms
327ms Script
text/javascript 216.24.57.1
RENDER

General

Check archive.org

Show headers Download Go to

Full URL

https://citizenenrollmentbenefits.com/assets/index-10bb1ebb.js

Requested by

Host: citizenenrollmentbenefits.com
URL: https://citizenenrollmentbenefits.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.24.57.1 , United States, ASN397273 (RENDER, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b9ca9488abc90abd3861f7706196914304ac2ba9fe8b754200873186fc135a74

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://citizenenrollmentbenefits.com/
Origin: https://citizenenrollmentbenefits.com
accept-language: se-SE,se;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 01:58:05 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
last-modified: Sun, 05 Nov 2023 13:23:03 UTC
server: cloudflare
etag: W/"dfbac786935bb01f17867db82fc5fac5"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
cache-tag: srv-cl3pc2hnovjs73blddlg
cache-control: public, max-age=0, s-maxage=300
cf-ray: 8219bab82bae70b2-ARN
cloudflare-cdn-cache-control: public, max-age=300
alt-svc: h3=":443"; ma=86400

GET
H2 200 agent.webp
citizenenrollmentbenefits.com/images/ 8 KB
8 KB 318ms
317ms Image
image/webp 216.24.57.1
RENDER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://citizenenrollmentbenefits.com/images/agent.webp

Requested by

Host: citizenenrollmentbenefits.com
URL: https://citizenenrollmentbenefits.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.24.57.1 , United States, ASN397273 (RENDER, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f917a89155b939c9b71ef7d71a921121dbdc9ef0e12934737812add1ff4596cb

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: se-SE,se;q=0.9
Referer: https://citizenenrollmentbenefits.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 01:58:05 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
last-modified: Sun, 05 Nov 2023 13:23:04 UTC
server: cloudflare
etag: "c564b8c68c14367d2dabfef1827768aa"
vary: Accept-Encoding
content-type: image/webp
cache-tag: srv-cl3pc2hnovjs73blddlg
cache-control: public, max-age=0, s-maxage=300
cf-ray: 8219bab82baf70b2-ARN
cloudflare-cdn-cache-control: public, max-age=300
content-length: 8126
alt-svc: h3=":443"; ma=86400

GET
H2 200 profile.png
citizenenrollmentbenefits.com/images/ 6 KB
6 KB 320ms
320ms Image
image/png 216.24.57.1
RENDER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://citizenenrollmentbenefits.com/images/profile.png

Requested by

Host: citizenenrollmentbenefits.com
URL: https://citizenenrollmentbenefits.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.24.57.1 , United States, ASN397273 (RENDER, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0910e4fe51de18cc4f5c2cf722e92fb0ae32042475ceab1463a26a61a5096dc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: se-SE,se;q=0.9
Referer: https://citizenenrollmentbenefits.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 01:58:05 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
last-modified: Sun, 05 Nov 2023 13:23:04 UTC
server: cloudflare
etag: "0d3b90cca8b1e678290d05ad9d7a0d1d"
vary: Accept-Encoding
content-type: image/png
cache-tag: srv-cl3pc2hnovjs73blddlg
cache-control: public, max-age=0, s-maxage=300
cf-ray: 8219bab82bb070b2-ARN
cloudflare-cdn-cache-control: public, max-age=300
content-length: 6100
alt-svc: h3=":443"; ma=86400

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 202 KB
54 KB 152ms
51ms Script
application/x-javascript 157.240.251.9
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: citizenenrollmentbenefits.com
URL: https://citizenenrollmentbenefits.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.251.9 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-fra5.fbcdn.net

Software

Resource Hash

3e136e77083bfc6ef14ffc5abd19da89a82bf12fc0cda3c603e01582b93303c8

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: se-SE,se;q=0.9
Referer: https://citizenenrollmentbenefits.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 06 Nov 2023 01:58:05 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 54273
x-xss-protection: 0
reporting-endpoints
pragma: public
x-fb-debug: rQ/yqllBn1yUzcgtUZV1VZQ7GFGDneHDsxSiCremCjZeZCR/m8FwRbtZPnqNAfeyxT5BdmqUy15whCReJ3/48g==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 events.js Show response
analytics.tiktok.com/i18n/pixel/ 5 KB
2 KB 301ms
150ms Script
application/javascript 2.19.96.186
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=CKIJ9SBC77UFTHK7CQ3G&lib=ttq
Requested by: Host: citizenenrollmentbenefits.com
URL: https://citizenenrollmentbenefits.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.19.96.186 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-19-96-186.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 51c6bae9986fa99697ee7cbba70e74d1ad1ef25e7f694bb0170798e32a1ea6af

Request headers

accept-language: se-SE,se;q=0.9
Referer: https://citizenenrollmentbenefits.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-akamai-request-id: 1bc96bdb
date: Mon, 06 Nov 2023 01:58:05 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a2-19-96-182.deploy.akamaitechnologies.com (AkamaiGHost/11.3.0.1-51931778) (-)
server-timing: inner; dur=7, cdn-cache; desc=MISS, edge; dur=0, origin; dur=94
content-length: 1730
pragma: no-cache
server: nginx
x-tt-logid: 20231106015805A2F98CCE5D21C2E8612A
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 94,2.19.96.182
x-tt-trace-host: 01ff94f049b502356194ff21e365d96dabf99eec76c10593873f02470abaa652125f98f6c74d72e2bb4ffe218fdc10a830da1a87ef912a778db97c4826139934ba99e2b5754136809f1e2767e04236d8acf4c75ca05175d95cdc84e04d0520ce67
expires: Mon, 06 Nov 2023 01:58:05 GMT

POST
H/1.1 200
OK gnbulk Show response
display.ringba.com/v2/nis/ 400 B
800 B 572ms
144ms XHR
application/json 54.164.239.81
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://display.ringba.com/v2/nis/gnbulk
Requested by: Host: b-js.ringba.com
URL: https://b-js.ringba.com/CAcda8c68fd0c44f6282a15cafcbc35e81
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.164.239.81 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-164-239-81.compute-1.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 4bc215ff13814a29f623157c4eeeca054506db092b69c4b1ef0f04020a4a4d89

Request headers

Referer: https://citizenenrollmentbenefits.com/
accept-language: se-SE,se;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 06 Nov 2023 01:58:04 GMT
X-Runtime: 0.0060
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Access-Control-Max-Age: 300
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://citizenenrollmentbenefits.com
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 400
Expires: -1

GET
H2 200 1286814352132181 Show response
connect.facebook.net/signals/config/ 134 KB
35 KB 241ms
241ms Script
application/x-javascript 157.240.251.9
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1286814352132181?v=2.9.138&r=stable&domain=citizenenrollmentbenefits.com

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.251.9 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-fra5.fbcdn.net

Software

Resource Hash

077594f07ab27fdad1f1564266707210ec7ebfb7f6a9424004804f4bee3397bd

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: se-SE,se;q=0.9
Referer: https://citizenenrollmentbenefits.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 06 Nov 2023 01:58:05 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints
pragma: public
x-fb-debug: sEoukdsbP0PeBtmbx+lfU4C80tU5pSAYNlUqP/ZuX9YeJlSMIXUrbP6Z/Sz8vJkODLxdaMeDNQ1cckmdrbckLQ==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 main.MTdiNDNiZjZlMQ.js Show response
analytics.tiktok.com/i18n/pixel/static/ 416 KB
108 KB 56ms
55ms Script
application/javascript 2.19.96.186
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTdiNDNiZjZlMQ.js
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=CKIJ9SBC77UFTHK7CQ3G&lib=ttq
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.19.96.186 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-19-96-186.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 07be4a3f965216e9f09e0087ea104161641639614cd8b4e22a6d1e52a854df73

Request headers

accept-language: se-SE,se;q=0.9
Referer: https://citizenenrollmentbenefits.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-akamai-request-id: 1bc96bf8
date: Mon, 06 Nov 2023 01:58:05 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
server: nginx
x-tt-logid: 20231102150645E61CB152EF10EE25FEE8
vary: Accept-Encoding
x-cache: TCP_HIT from a2-19-96-182.deploy.akamaitechnologies.com (AkamaiGHost/11.3.0.1-51931778) (-)
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-tt-trace-host: 01ab0da87ed7944c102b71917ac77242dde42210360865f3e09d408d0936aaa5203f5ae32fddd899c8a8ff94b117bfa388c2e6f125f29582ab71ee2fa760a2a07114ffa8e9b7089200b0ce3b0b7f9e7a72fc6639fd86939702160fb83ec785097c
server-timing: cdn-cache; desc=HIT, edge; dur=0, inner; dur=3
content-length: 110185

GET
H2 200 identify_7b38b.js Show response
analytics.tiktok.com/i18n/pixel/static/ 134 KB
36 KB 55ms
55ms Script
application/javascript 2.19.96.186
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/static/identify_7b38b.js
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTdiNDNiZjZlMQ.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.19.96.186 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-19-96-186.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 70242b7559c38404934267e32fa95b7ab11a7f1f8ec793c34b96e84aed7a42b1

Request headers

accept-language: se-SE,se;q=0.9
Referer: https://citizenenrollmentbenefits.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-akamai-request-id: 1bc96c2a
date: Mon, 06 Nov 2023 01:58:05 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
server: nginx
x-tt-logid: 20231102150614FA467B1EA0D0D032C6A3
vary: Accept-Encoding
x-cache: TCP_MEM_HIT from a2-19-96-182.deploy.akamaitechnologies.com (AkamaiGHost/11.3.0.1-51931778) (-)
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-tt-trace-host: 01de1650d0c4ca1c23c7bfe686fe65ded595db4ee09f6124cc4b28b7636c93be9b164641162b10b124849e97e85d99c16fb232b2f74b67c0ca01ca55223a828707b3948fe9973faa1ccbe0993fe3468ccf8c2ac792bf154544d781f8a4e6bb6750
server-timing: cdn-cache; desc=HIT, edge; dur=0, inner; dur=12
content-length: 35886

POST
H2 200 pixel
analytics.tiktok.com/api/v2/ 0
790 B 186ms
185ms Ping
text/plain 2.19.96.186
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTdiNDNiZjZlMQ.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.19.96.186 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-19-96-186.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://citizenenrollmentbenefits.com/
accept-language: se-SE,se;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: 1ba7bc77.1bc96c36
date: Mon, 06 Nov 2023 01:58:05 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a2-19-96-182.deploy.akamaitechnologies.com (AkamaiGHost/11.3.0.1-51931778) (-)
x-parent-response-time: 128,2.19.96.182
server-timing: cdn-cache; desc=MISS, edge; dur=87, origin; dur=45, inner; dur=43
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 20231106015805C7F1B6A39A3E8FE9F70A
x-cache-remote: TCP_MISS from a23-48-249-145.deploy.akamaitechnologies.com (AkamaiGHost/11.3.0.1-51931778) (-)
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 45,23.48.249.145
x-tt-trace-host: 01ff94f049b502356194ff21e365d96dab0360f66f0ce653dc5ec51ab11af81ec2bac79fd1f6ec7ab1022d8c351bad719800cd5b26558ddc142114eb016f0f4c1ec469212a95a9cd14faa5f91c4f04e79704f41996401078fd9417e8e2a9de7dd3d4bb8bb86bc7a89740e9c4dd27f46e4e
access-control-allow-headers: Authorization,*
expires: Mon, 06 Nov 2023 01:58:05 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 162ms
52ms Image
text/plain 157.240.251.35
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1286814352132181&ev=PageView&dl=https%3A%2F%2Fcitizenenrollmentbenefits.com%2F&rl=&if=false&ts=1699235885703&sw=1600&sh=1200&v=2.9.138&r=stable&ec=0&o=4126&fbp=fb.1.1699235885702.65740200&ler=empty&it=1699235885420&coo=false&rqm=GET

Requested by

Host: citizenenrollmentbenefits.com
URL: https://citizenenrollmentbenefits.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.251.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-01-fra5.facebook.com

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: se-SE,se;q=0.9
Referer: https://citizenenrollmentbenefits.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Mon, 06 Nov 2023 01:58:05 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

POST
H2 200 act
analytics.tiktok.com/api/v2/pixel/ 0
790 B 178ms
177ms Ping
text/plain 2.19.96.186
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel/act
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTdiNDNiZjZlMQ.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.19.96.186 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-19-96-186.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://citizenenrollmentbenefits.com/
accept-language: se-SE,se;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: 1d02d2b8.1bc96c67
date: Mon, 06 Nov 2023 01:58:06 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a2-19-96-182.deploy.akamaitechnologies.com (AkamaiGHost/11.3.0.1-51931778) (-)
x-parent-response-time: 120,2.19.96.182
server-timing: cdn-cache; desc=MISS, edge; dur=94, origin; dur=30, inner; dur=27
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 2023110601580583B02C5DA9D48977F2E9
x-cache-remote: TCP_MISS from a23-201-31-167.deploy.akamaitechnologies.com (AkamaiGHost/11.3.0.1-51931778) (-)
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 31,23.201.31.167
x-tt-trace-host: 01ff94f049b502356194ff21e365d96dab0360f66f0ce653dc5ec51ab11af81ec2246985a7466eb63e8b84e73ba0612ed22b5faadcdadfa7066f5b03210ab4fade867c1468b6b5ca2942a2e11d7b935e40553d63465fdbf57eb3c887ca7e61d94771227e144d1e9cc9ba08952e089ff1cf
access-control-allow-headers: Authorization,*
expires: Mon, 06 Nov 2023 01:58:06 GMT

POST
H/1.1 200
OK hb Show response
display.ringba.com/v1/nis/ 0
351 B 141ms
140ms XHR
text/plain 54.164.239.81
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://display.ringba.com/v1/nis/hb
Requested by: Host: b-js.ringba.com
URL: https://b-js.ringba.com/CAcda8c68fd0c44f6282a15cafcbc35e81
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.164.239.81 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-164-239-81.compute-1.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://citizenenrollmentbenefits.com/
accept-language: se-SE,se;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 06 Nov 2023 01:58:10 GMT
X-Runtime: 0.0020
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Access-Control-Max-Age: 300
Access-Control-Allow-Origin: https://citizenenrollmentbenefits.com
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 0
Expires: -1

Verdicts & Comments Add Verdict or Comment

19 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.tiktok.com/	1970-01-21 01:22:11	Name: _ttp Value: 2XmYn7EXpPkgNtw4nSACfhF1Jjq
.citizenenrollmentbenefits.com/	1970-01-21 01:22:11	Name: _tt_enable_cookie Value: 1
.citizenenrollmentbenefits.com/	1970-01-21 01:22:11	Name: _ttp Value: _jhiddcPxHQ5ZnpTJ3hizkgAyEM
.citizenenrollmentbenefits.com/	1970-01-20 18:10:11	Name: _fbp Value: fb.1.1699235885702.65740200

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analytics.tiktok.com
b-js.ringba.com
citizenenrollmentbenefits.com
connect.facebook.net
display.ringba.com
www.citizenenrollmentbenefits.com
www.facebook.com
108.138.7.25
157.240.251.35
157.240.251.9
2.19.96.186
216.24.57.1
216.24.57.3
54.164.239.81
0247bf36cfef620f5858e1d2d9be112a356fdf1d0ab7159784959b278565ec97
077594f07ab27fdad1f1564266707210ec7ebfb7f6a9424004804f4bee3397bd
07be4a3f965216e9f09e0087ea104161641639614cd8b4e22a6d1e52a854df73
0910e4fe51de18cc4f5c2cf722e92fb0ae32042475ceab1463a26a61a5096dc6
3e136e77083bfc6ef14ffc5abd19da89a82bf12fc0cda3c603e01582b93303c8
43335a8e67bc8a34776bd2e272f7d2bf34f4194bd772a168dd4909bb4b755e47
4bc215ff13814a29f623157c4eeeca054506db092b69c4b1ef0f04020a4a4d89
51c6bae9986fa99697ee7cbba70e74d1ad1ef25e7f694bb0170798e32a1ea6af
70242b7559c38404934267e32fa95b7ab11a7f1f8ec793c34b96e84aed7a42b1
b9ca9488abc90abd3861f7706196914304ac2ba9fe8b754200873186fc135a74
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f4f8a67b719a346bae07ba1eb87a11b19aad33ca5a33f2a5bf054398fa57382e
f917a89155b939c9b71ef7d71a921121dbdc9ef0e12934737812add1ff4596cb

citizenenrollmentbenefits.com Open in urlscan Pro 216.24.57.1 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

16 Requests

100 %HTTPS

0 %IPv6

5 Domains

7 Subdomains

6 IPs

2 Countries

331 kBTransfer

1182 kBSize

4 Cookies

6 Outgoing links

Page URL History

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

19 JavaScript Global Variables

4 Cookies

Security Headers

Indicators

citizenenrollmentbenefits.com Open in urlscan Pro
216.24.57.1 Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

100 %
HTTPS

0 %
IPv6

5
Domains

7
Subdomains

6
IPs

2
Countries

331 kB
Transfer

1182 kB
Size

4
Cookies

16 HTTP transactions
0 data transactions