auth.savings.beneplace.com Open in urlscan Pro
172.64.150.236 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://uson.savings.beneplace.com/home?off_guid=6SZ6y4C0jZhifkn9VakBi5&ebldr_form=2.01&source-id=email&utm_source=email&utm_campai...
Effective URL:
https://auth.savings.beneplace.com/uson/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&utm_source=email&utm_medium=Jan...
Submission: On January 31 via manual (January 31st 2024, 7:33:27 pm UTC) from IN — Scanned from DE

Summary HTTP 56 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 23 IPs in 4 countries across 17 domains to perform 56 HTTP transactions. The main IP is 172.64.150.236, located in United States and belongs to CLOUDFLARENET, US. The main domain is auth.savings.beneplace.com. The Cisco Umbrella rank of the primary domain is 141194.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on December 1st 2023. Valid for: a year.

This is the only time auth.savings.beneplace.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 21	172.64.150.236 172.64.150.236	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	2a02:26f0:310... 2a02:26f0:3100:18c::1e80	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2606:4700::68... 2606:4700::6810:5814	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:809::200a	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6811:190e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:808::2008	15169 (GOOGLE) (GOOGLE)
1	34.241.81.135 34.241.81.135	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:811::2003	15169 (GOOGLE) (GOOGLE)
1	63.140.62.17 63.140.62.17	15224 (OMNITURE) (OMNITURE)
3	2a00:1450:400... 2a00:1450:4001:829::200e	15169 (GOOGLE) (GOOGLE)
2	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
1	13.32.27.83 13.32.27.83	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:400c:c0c::9d	15169 (GOOGLE) (GOOGLE)
1	18.66.122.42 18.66.122.42	16509 (AMAZON-02) (AMAZON-02)
2	199.38.167.54 199.38.167.54	54312 (ROCKETFUEL) (ROCKETFUEL)
2 2	172.217.16.198 172.217.16.198	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80b::2002	15169 (GOOGLE) (GOOGLE)
1 2	37.252.171.21 37.252.171.21	29990 (ASN-APPNEX) (ASN-APPNEX)
1	52.45.70.255 52.45.70.255	14618 (AMAZON-AES) (AMAZON-AES)
1	3.223.177.182 3.223.177.182	14618 (AMAZON-AES) (AMAZON-AES)
1	151.101.2.137 151.101.2.137	54113 (FASTLY) (FASTLY)
2	162.247.243.29 162.247.243.29	54113 (FASTLY) (FASTLY)
2	2606:4700::68... 2606:4700::6811:2b8	13335 (CLOUDFLAR...) (CLOUDFLARENET)
56	23

21 172.64.150.236 (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

uson.savings.beneplace.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
auth.savings.beneplace.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a02:26f0:3100:18c::1e80 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

assets.adobedtm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5814 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:809::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

maps.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:808::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.241.81.135 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-241-81-135.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 63.140.62.17 (United States)

ASN15224 (OMNITURE, US)
PTR: ip-63-140-62-17.data.adobedc.net

smetrics.beneplace.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:829::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.27.83 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-27-83.fra56.r.cloudfront.net

live.rezync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0c::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.122.42 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-122-42.fra60.r.cloudfront.net

cdn.boomtrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 199.38.167.54 (United States)

ASN54312 (ROCKETFUEL, US)

com-wag3.netmng.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.16.198 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s08-in-f198.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.252.171.21 (Frankfurt am Main, Germany) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.45.70.255 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-45-70-255.compute-1.amazonaws.com

people.api.boomtrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.223.177.182 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-223-177-182.compute-1.amazonaws.com

events.api.boomtrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.2.137 (United States)

ASN54113 (FASTLY, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 162.247.243.29 (United States)

ASN54113 (FASTLY, US)

bam.nr-data.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:2b8 (United States)

ASN13335 (CLOUDFLARENET, US)

challenges.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
22	beneplace.com 2 redirects uson.savings.beneplace.com smetrics.beneplace.com — Cisco Umbrella Rank: 141849 auth.savings.beneplace.com — Cisco Umbrella Rank: 141194	1 MB
7	adobedtm.com assets.adobedtm.com — Cisco Umbrella Rank: 460	172 KB
5	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 27 region1.google-analytics.com — Cisco Umbrella Rank: 2029	21 KB
3	boomtrain.com cdn.boomtrain.com — Cisco Umbrella Rank: 5754 people.api.boomtrain.com — Cisco Umbrella Rank: 6199 events.api.boomtrain.com — Cisco Umbrella Rank: 8976	31 KB
3	doubleclick.net 2 redirects stats.g.doubleclick.net — Cisco Umbrella Rank: 79 ad.doubleclick.net — Cisco Umbrella Rank: 163	3 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 37	258 KB
3	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 225 challenges.cloudflare.com — Cisco Umbrella Rank: 5168	27 KB
2	nr-data.net bam.nr-data.net — Cisco Umbrella Rank: 236	767 B
2	adnxs.com 1 redirects secure.adnxs.com — Cisco Umbrella Rank: 490	2 KB
2	netmng.com com-wag3.netmng.com — Cisco Umbrella Rank: 133940	5 KB
2	googleapis.com maps.googleapis.com — Cisco Umbrella Rank: 362	65 KB
1	newrelic.com js-agent.newrelic.com — Cisco Umbrella Rank: 600	26 KB
1	google.com adservice.google.com — Cisco Umbrella Rank: 98	401 B
1	rezync.com live.rezync.com — Cisco Umbrella Rank: 1645	6 KB
1	gstatic.com fonts.gstatic.com	14 KB
1	demdex.net dpm.demdex.net — Cisco Umbrella Rank: 239	676 B
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 324	25 KB
56	17

	Domain	Requested by
16	uson.savings.beneplace.com	1 redirects uson.savings.beneplace.com
7	assets.adobedtm.com	uson.savings.beneplace.com assets.adobedtm.com
5	auth.savings.beneplace.com	1 redirects uson.savings.beneplace.com auth.savings.beneplace.com
3	www.google-analytics.com	uson.savings.beneplace.com
3	www.googletagmanager.com	uson.savings.beneplace.com
2	challenges.cloudflare.com	auth.savings.beneplace.com challenges.cloudflare.com
2	bam.nr-data.net	uson.savings.beneplace.com
2	secure.adnxs.com	1 redirects uson.savings.beneplace.com
2	ad.doubleclick.net	2 redirects
2	com-wag3.netmng.com	uson.savings.beneplace.com
2	region1.google-analytics.com	www.googletagmanager.com
2	maps.googleapis.com	uson.savings.beneplace.com
1	js-agent.newrelic.com	uson.savings.beneplace.com
1	events.api.boomtrain.com	uson.savings.beneplace.com
1	people.api.boomtrain.com	uson.savings.beneplace.com
1	adservice.google.com	uson.savings.beneplace.com
1	cdn.boomtrain.com	uson.savings.beneplace.com
1	stats.g.doubleclick.net	uson.savings.beneplace.com
1	live.rezync.com	uson.savings.beneplace.com
1	smetrics.beneplace.com	uson.savings.beneplace.com
1	fonts.gstatic.com	uson.savings.beneplace.com
1	dpm.demdex.net	assets.adobedtm.com
1	cdnjs.cloudflare.com	uson.savings.beneplace.com
1	cdn.jsdelivr.net	uson.savings.beneplace.com
56	24

This site contains links to these domains. Also see Links.

Domain
www.cloudflare.com

Subject Issuer	Validity	Valid
beneplace.com Cloudflare Inc ECC CA-3	`2023-12-01` - `2024-11-30`	a year	crt.sh
assets.adobedtm.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-11` - `2024-08-10`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-02` - `2024-05-01`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2024-01-09` - `2024-04-02`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2024-01-09` - `2024-04-02`	3 months	crt.sh
*.demdex.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-26` - `2024-10-26`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2024-01-09` - `2024-04-02`	3 months	crt.sh
smetrics.beneplace.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-05-05` - `2024-06-04`	a year	crt.sh
*.rezync.com Amazon RSA 2048 M02	`2023-10-25` - `2024-11-21`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2024-01-02` - `2024-03-26`	3 months	crt.sh
*.boomtrain.com Amazon RSA 2048 M02	`2024-01-10` - `2025-02-07`	a year	crt.sh
*.netmng.com Sectigo RSA Domain Validation Secure Server CA	`2024-01-09` - `2025-02-04`	a year	crt.sh
*.api.boomtrain.com Amazon RSA 2048 M03	`2023-09-16` - `2024-10-14`	a year	crt.sh
js-agent.newrelic.com GlobalSign Atlas R3 DV TLS CA 2024 Q1	`2024-01-15` - `2025-02-15`	a year	crt.sh
*.nr-data.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-29` - `2024-10-01`	a year	crt.sh
challenges.cloudflare.com Cloudflare Inc ECC CA-3	`2023-08-18` - `2024-08-17`	a year	crt.sh

This page contains 3 frames:

Primary Page: https://auth.savings.beneplace.com/uson/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&utm_source=email&utm_medium=January-29-2024-Samsung&utm_campaign=email-mme&redirect_uri=https%3A%2F%2Fuson.savings.beneplace.com%2Fhome%3Foff_guid%3D6SZ6y4C0jZhifkn9VakBi5%26ebldr_form%3D2.01%26source-id%3Demail%26utm_source%3Demail%26utm_campaign%3Demail-mme%26utm_medium%3DJanuary-29-2024-Samsung%26DLK%3D88730crr5ph7ir46zt4obnwvr
Frame ID: 7F0D0BB61C8EC4AD5A82ABB923761F9D
Requests: 54 HTTP requests in this frame

Frame: https://uson.savings.beneplace.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/24864818/main.js
Frame ID: B4971D30E1CD81F266BA4DE9C0050CBA
Requests: 2 HTTP requests in this frame

Frame: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/oud84/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
Frame ID: 7B6D12DE0E38DD5BC51B0E8EFDAE95ED
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Just a moment...

Page URL History Show full URLs

https://uson.savings.beneplace.com/home?off_guid=6SZ6y4C0jZhifkn9VakBi5&ebldr_form=2.01&source-id=email&utm_sou... Page URL
https://auth.savings.beneplace.com/auth/authorize?subdomain=uson&response_type=code&client_id=9ezalirn45mF43imJ... HTTP 302
https://auth.savings.beneplace.com/uson/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&utm_source=... Page URL

Detected technologies

Google Maps (Maps) Expand

Overall confidence: 100%
Detected patterns

//maps\.google(?:apis)?\.com/maps/api/js

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

56
Requests

93 %
HTTPS

48 %
IPv6

17
Domains

24
Subdomains

23
IPs

4
Countries

1985 kB
Transfer

8076 kB
Size

25
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://www.cloudflare.com/?utm_source=challenge&utm_campaign=m
Title: Cloudflare

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://uson.savings.beneplace.com/home?off_guid=6SZ6y4C0jZhifkn9VakBi5&ebldr_form=2.01&source-id=email&utm_source=email&utm_campaign=email-mme&utm_medium=January-29-2024-Samsung&DLK=88730crr5ph7ir46zt4obnwvr Page URL
https://auth.savings.beneplace.com/auth/authorize?subdomain=uson&response_type=code&client_id=9ezalirn45mF43imJTdf53&utm_source=email&utm_medium=January-29-2024-Samsung&utm_campaign=email-mme&redirect_uri=https%3A%2F%2Fuson.savings.beneplace.com%2Fhome%3Foff_guid%3D6SZ6y4C0jZhifkn9VakBi5%26ebldr_form%3D2.01%26source-id%3Demail%26utm_source%3Demail%26utm_campaign%3Demail-mme%26utm_medium%3DJanuary-29-2024-Samsung%26DLK%3D88730crr5ph7ir46zt4obnwvr HTTP 302
https://auth.savings.beneplace.com/uson/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&utm_source=email&utm_medium=January-29-2024-Samsung&utm_campaign=email-mme&redirect_uri=https%3A%2F%2Fuson.savings.beneplace.com%2Fhome%3Foff_guid%3D6SZ6y4C0jZhifkn9VakBi5%26ebldr_form%3D2.01%26source-id%3Demail%26utm_source%3Demail%26utm_campaign%3Demail-mme%26utm_medium%3DJanuary-29-2024-Samsung%26DLK%3D88730crr5ph7ir46zt4obnwvr Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 25

https://uson.savings.beneplace.com/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
https://uson.savings.beneplace.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/24864818/main.js

Request Chain 35

https://ad.doubleclick.net/ddm/activity/src=12084042;type=unive0;cat=unive0;u1=;u2=;u3=;u4=;u5=;u6=;u7=;u8=;u9=;u10=;u11=;u12=;u13=;u14=;u18=;u19=;u20=;u22=;u23=;u28=;u29=https://uson.savings.beneplace.com/;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=1706729601.175614 HTTP 302
https://ad.doubleclick.net/ddm/activity/src=12084042;dc_pre=CM32-pyviIQDFcHh_QUdMpYPyA;type=unive0;cat=unive0;u1=;u2=;u3=;u4=;u5=;u6=;u7=;u8=;u9=;u10=;u11=;u12=;u13=;u14=;u18=;u19=;u20=;u22=;u23=;u28=;u29=https://uson.savings.beneplace.com/;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=1706729601.175614 HTTP 302
https://adservice.google.com/ddm/fls/z/src=12084042;dc_pre=CM32-pyviIQDFcHh_QUdMpYPyA;type=unive0;cat=unive0;u1=;u2=;u3=;u4=;u5=;u6=;u7=;u8=;u9=;u10=;u11=;u12=;u13=;u14=;u18=;u19=;u20=;u22=;u23=;u28=;u29=https://uson.savings.beneplace.com/;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=1706729601.175614

Request Chain 36

https://secure.adnxs.com/seg?add=32509374&t=2 HTTP 307
https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D32509374%26t%3D2

56 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 home Show response
uson.savings.beneplace.com/ 9 KB
4 KB 430ms
338ms Document
text/html 172.64.150.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://uson.savings.beneplace.com/home?off_guid=6SZ6y4C0jZhifkn9VakBi5&ebldr_form=2.01&source-id=email&utm_source=email&utm_campaign=email-mme&utm_medium=January-29-2024-Samsung&DLK=88730crr5ph7ir46zt4obnwvr

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.64.150.236 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6bc181c119315e1aeb93533a86b27194ccd8d171a5d72c1ced438335608a6ef6

Security Headers

Name	Value
Content-Security-Policy	frame-src .beneplace.com: .workingadvantage.com: .ebgsolutions.com: .demdex.net: .everesttech.net: .adobedtm.com .sc.omtrdc.net .omtrdc.net .qualtrics.com .adobe.com .keen.io .youtube.com .kaltura.com .libertymutual.com 'unsafe-inline' 'unsafe-eval' frame-ancestors 'self' .beneplace.com:* .workingadvantage.com: .ebgsolutions.com: .demdex.net: .everesttech.net: .adobedtm.com .sc.omtrdc.net .omtrdc.net .qualtrics.com .adobe.com .keen.io .youtube.com .kaltura.com *.libertymutual.com
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 84e462be6d35450a-TXL
content-encoding: br
content-security-policy: frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com 'unsafe-inline' 'unsafe-eval' frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com
content-type: text/html; charset=utf-8
date: Wed, 31 Jan 2024 19:33:20 GMT
last-modified: Thu, 18 Jan 2024 11:47:09 GMT
server: cloudflare
strict-transport-security: max-age=2592000; includeSubDomains
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: DENY

GET
H2 200 launch-a0e5cece2585.min.js Show response
assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/ 652 KB
156 KB 118ms
27ms Script
application/x-javascript 2a02:26f0:3100:18c::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/launch-a0e5cece2585.min.js
Requested by: Host: uson.savings.beneplace.com
URL: https://uson.savings.beneplace.com/home?off_guid=6SZ6y4C0jZhifkn9VakBi5&ebldr_form=2.01&source-id=email&utm_source=email&utm_campaign=email-mme&utm_medium=January-29-2024-Samsung&DLK=88730crr5ph7ir46zt4obnwvr
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3100:18c::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: bc83c7ec22a67fb4f4f9da76257b42c5329c0367f497ae5ffd532f4d065d3df2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uson.savings.beneplace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 19:33:20 GMT
content-encoding: gzip
last-modified: Mon, 29 Jan 2024 22:13:11 GMT
server: AkamaiNetStorage
etag: "e37f005cad3c18d25ff3743eeea3b5f2:1706566391.826699"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://uson.savings.beneplace.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 158908
expires: Wed, 31 Jan 2024 20:33:20 GMT

GET
H2 200 new-relic-integration.js Show response
uson.savings.beneplace.com/assets/new-relic/ 51 KB
18 KB 179ms
177ms Script
application/javascript 172.64.150.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://uson.savings.beneplace.com/assets/new-relic/new-relic-integration.js

Requested by

Host: uson.savings.beneplace.com
URL: https://uson.savings.beneplace.com/home?off_guid=6SZ6y4C0jZhifkn9VakBi5&ebldr_form=2.01&source-id=email&utm_source=email&utm_campaign=email-mme&utm_medium=January-29-2024-Samsung&DLK=88730crr5ph7ir46zt4obnwvr

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.64.150.236 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bc49c009b33e66a59f057cf4ada682b80d4401d919ddf0f8d3ef2bb0415f0b23

Security Headers

Name	Value
Content-Security-Policy	frame-src .beneplace.com: .workingadvantage.com: .ebgsolutions.com: .demdex.net: .everesttech.net: .adobedtm.com .sc.omtrdc.net .omtrdc.net .qualtrics.com .adobe.com .keen.io .youtube.com .kaltura.com .libertymutual.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' .beneplace.com:* .workingadvantage.com: .ebgsolutions.com: .demdex.net: .everesttech.net: .adobedtm.com .sc.omtrdc.net .omtrdc.net .qualtrics.com .adobe.com .keen.io .youtube.com .kaltura.com *.libertymutual.com
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uson.savings.beneplace.com/home?off_guid=6SZ6y4C0jZhifkn9VakBi5&ebldr_form=2.01&source-id=email&utm_source=email&utm_campaign=email-mme&utm_medium=January-29-2024-Samsung&DLK=88730crr5ph7ir46zt4obnwvr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 19:33:20 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com
last-modified: Thu, 18 Jan 2024 11:47:07 GMT
server: cloudflare
cf-cache-status: DYNAMIC
content-encoding: br
etag: W/"65a90fbb-ccde"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript; charset=utf-8
cf-ray: 84e462c14bda450a-TXL
alt-svc: h3=":443"; ma=86400

GET
H2 200 bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/css/ 157 KB
25 KB 93ms
36ms Stylesheet
text/css 2606:4700::6810:5814
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/css/bootstrap.min.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5814 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f77c0d1739b618edc4a01ca3f6b2990b01a3009030af49ee8cf68e83052df194

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://uson.savings.beneplace.com/
Origin: https://uson.savings.beneplace.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 19:33:20 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 5505009
x-jsd-version: 4.5.3
content-encoding: br
x-cache: HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-eddf8230082-FRA
x-jsd-version-type: version
server: cloudflare
etag: W/"27288-jtLWNQ0j+FfZKAVzfQ+XxnXeZms"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F9EcMvJrSmPNVhXhanZeO2lPeA1YyjSXOwsjv4RFCNSv6DOHPS2C%2B4JTFThm4zmTMmzJlnuuDOwcQvr5ySHCqDRYZ9i%2FxlwGA8ckFoPlEPP1hikEYalF%2BdHQRV3eGNhG%2B85YlV8BZkVuJu7nixQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cf-ray: 84e462c1998337ce-FRA

GET
H2 200 js Show response
maps.googleapis.com/maps/api/ 192 KB
65 KB 103ms
53ms Script
text/javascript 2a00:1450:4001:809::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps/api/js?client=gme-entertainmentbenefits&libraries=places

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

eb14bf1316af1de9825f62d16139c334fffcb24cb29fa09ab74ce18bde24bffc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uson.savings.beneplace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 19:33:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: scaffolding on HTTPServer2
vary: Accept-Language, Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1800
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66175
x-xss-protection: 0

GET
H2 200 web-animations.min.js Show response
cdnjs.cloudflare.com/ajax/libs/web-animations/2.3.1/ 47 KB
14 KB 73ms
28ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/web-animations/2.3.1/web-animations.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cbb3c795fd44c83a1200149b18e0df050fe228df4b5b03891373029117d8bd6b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uson.savings.beneplace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 19:33:20 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 4148740
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 13763
last-modified: Mon, 04 May 2020 16:17:51 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb0402f-bad6"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b%2FbqDGwISQNcAeONTN57laUKO%2BvSEw186099N2SAqYyMtf4pA07zDGmdelMrOHl0nFfytYKQPRkQeus7z5AKmWOIjOloqBL3bkHi8Ed7SSdR0s8FNpqqYEhakTlO5Pv34aPei1QEM19yz%2FpaH1aE57Gw"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 84e462c189fe2c37-FRA
expires: Mon, 20 Jan 2025 19:33:20 GMT

GET
H2 200 runtime.7a44192ec7795934.js Show response
uson.savings.beneplace.com/ 3 KB
2 KB 174ms
173ms Script
application/javascript 172.64.150.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://uson.savings.beneplace.com/runtime.7a44192ec7795934.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.64.150.236 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

92598de2d31f86547a73877fbbe8a510a42895e1f0ba3a6ab14a83d5df07a0c8

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://uson.savings.beneplace.com/home?off_guid=6SZ6y4C0jZhifkn9VakBi5&ebldr_form=2.01&source-id=email&utm_source=email&utm_campaign=email-mme&utm_medium=January-29-2024-Samsung&DLK=88730crr5ph7ir46zt4obnwvr
Origin: https://uson.savings.beneplace.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 19:33:20 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
last-modified: Thu, 18 Jan 2024 11:46:58 GMT
server: cloudflare
content-encoding: br
etag: W/"65a90fb2-cc9"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS, GET, POST, PUT, PATCH, DELETE, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: https://uson.savings.beneplace.com, https://uson.savings.beneplace.com
access-control-allow-credentials: true, true
cf-ray: 84e462c14be7450a-TXL
alt-svc: h3=":443"; ma=86400

GET
H2 200 polyfills.0f88da5fdbf95761.js Show response
uson.savings.beneplace.com/ 141 KB
49 KB 205ms
204ms Script
application/javascript 172.64.150.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://uson.savings.beneplace.com/polyfills.0f88da5fdbf95761.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.64.150.236 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

46f16c323557a318dd6604bab3ebe8dbd9d23bc318b55eec33b0b0a4502c0bd1

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://uson.savings.beneplace.com/home?off_guid=6SZ6y4C0jZhifkn9VakBi5&ebldr_form=2.01&source-id=email&utm_source=email&utm_campaign=email-mme&utm_medium=January-29-2024-Samsung&DLK=88730crr5ph7ir46zt4obnwvr
Origin: https://uson.savings.beneplace.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 19:33:20 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
last-modified: Thu, 18 Jan 2024 11:46:58 GMT
server: cloudflare
content-encoding: br
etag: W/"65a90fb2-234ab"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS, GET, POST, PUT, PATCH, DELETE, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: https://uson.savings.beneplace.com, https://uson.savings.beneplace.com
access-control-allow-credentials: true, true
cf-ray: 84e462c14bf1450a-TXL
alt-svc: h3=":443"; ma=86400

GET
H3 200 scripts.b785e07ef29de485.js Show response
uson.savings.beneplace.com/ 166 KB
55 KB 175ms
174ms Script
application/javascript 172.64.150.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://uson.savings.beneplace.com/scripts.b785e07ef29de485.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.150.236 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ac3e5cf9dbf7e7d8afbde8193602e353a531e05ea3ed89990432248a8c73ee18

Security Headers

Name	Value
Content-Security-Policy	frame-src .beneplace.com: .workingadvantage.com: .ebgsolutions.com: .demdex.net: .everesttech.net: .adobedtm.com .sc.omtrdc.net .omtrdc.net .qualtrics.com .adobe.com .keen.io .youtube.com .kaltura.com .libertymutual.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' .beneplace.com:* .workingadvantage.com: .ebgsolutions.com: .demdex.net: .everesttech.net: .adobedtm.com .sc.omtrdc.net .omtrdc.net .qualtrics.com .adobe.com .keen.io .youtube.com .kaltura.com *.libertymutual.com
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uson.savings.beneplace.com/home?off_guid=6SZ6y4C0jZhifkn9VakBi5&ebldr_form=2.01&source-id=email&utm_source=email&utm_campaign=email-mme&utm_medium=January-29-2024-Samsung&DLK=88730crr5ph7ir46zt4obnwvr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 19:33:20 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com
last-modified: Thu, 18 Jan 2024 11:46:58 GMT
server: cloudflare
cf-cache-status: DYNAMIC
content-encoding: br
etag: W/"65a90fb2-29710"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript; charset=utf-8
cf-ray: 84e462c2f80358f0-TXL
alt-svc: h3=":443"; ma=86400

GET
H2 200 main.21d8066a1ba27670.js Show response
uson.savings.beneplace.com/ 5 MB
1 MB 171ms
171ms Script
application/javascript 172.64.150.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://uson.savings.beneplace.com/main.21d8066a1ba27670.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.64.150.236 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5d159e233af5ec9cd87085dcb05d4212e0d28c5def84fb236bafb38a6c005518

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://uson.savings.beneplace.com/home?off_guid=6SZ6y4C0jZhifkn9VakBi5&ebldr_form=2.01&source-id=email&utm_source=email&utm_campaign=email-mme&utm_medium=January-29-2024-Samsung&DLK=88730crr5ph7ir46zt4obnwvr
Origin: https://uson.savings.beneplace.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 19:33:20 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
last-modified: Thu, 18 Jan 2024 11:46:58 GMT
server: cloudflare
content-encoding: br
etag: W/"65a90fb2-512710"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS, GET, POST, PUT, PATCH, DELETE, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: https://uson.savings.beneplace.com, https://uson.savings.beneplace.com
access-control-allow-credentials: true, true
cf-ray: 84e462c14bfd450a-TXL
alt-svc: h3=":443"; ma=86400

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 237 KB
79 KB 96ms
47ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5QN8HWM

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

144c8eb2b5ac64163e65528a33cf8173611882490e4d7d0af3ef958671be6f79

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uson.savings.beneplace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 19:33:20 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 80819
x-xss-protection: 0
last-modified: Wed, 31 Jan 2024 18:48:54 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 31 Jan 2024 19:33:20 GMT

GET
H2 200 id Show response
dpm.demdex.net/ 185 B
676 B 163ms
49ms XHR
application/json 34.241.81.135
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id?d_visid_ver=5.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=B5F9FF2554F608410A4C98C6%40AdobeOrg&d_nsid=0&d_coppa=true&ts=1706729600406

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/launch-a0e5cece2585.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.241.81.135 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-241-81-135.eu-west-1.compute.amazonaws.com

Software

Resource Hash

97bc08d6b6bf5af4d695f68afa6636543e36b0a2e7ea0187add5a3c12e4f70d4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://uson.savings.beneplace.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

dcs: dcs-prod-irl1-2-v054-031c8e95e.edge-irl1.demdex.com 1 ms
pragma: no-cache
date: Wed, 31 Jan 2024 19:33:20 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
x-tid: Ix1qRaA4SXg=
vary: Origin
content-type: application/json;charset=utf-8
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
access-control-allow-origin: https://uson.savings.beneplace.com
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
access-control-allow-credentials: true
content-length: 187
expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 AppMeasurement.min.js Show response
assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/ 33 KB
12 KB 33ms
32ms Script
application/x-javascript 2a02:26f0:3100:18c::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/launch-a0e5cece2585.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3100:18c::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 9219086b4f2c3bf77854b2e06ccd97ad32b9b7a140e65ff8b974a3bae6c7854c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uson.savings.beneplace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 19:33:20 GMT
content-encoding: gzip
last-modified: Mon, 14 Feb 2022 16:35:31 GMT
server: AkamaiNetStorage
etag: "d860c16ac938f7d839f0ec158d02d0f0:1644856531.418573"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://uson.savings.beneplace.com
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 12163
expires: Wed, 31 Jan 2024 20:33:20 GMT

GET
H2 200 AppMeasurement_Module_ActivityMap.min.js Show response
assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/ 3 KB
2 KB 35ms
34ms Script
application/x-javascript 2a02:26f0:3100:18c::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement_Module_ActivityMap.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/launch-a0e5cece2585.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3100:18c::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 462a66acbf50e933685e7587e9f1441df8225b2bb4d6b7bc5e757eccf4ff6575

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uson.savings.beneplace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 19:33:20 GMT
content-encoding: gzip
last-modified: Mon, 14 Feb 2022 16:35:31 GMT
server: AkamaiNetStorage
etag: "2d1382c349d480b6b41574ac0c1af066:1644856531.739514"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://uson.savings.beneplace.com
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 1597
expires: Wed, 31 Jan 2024 20:33:20 GMT

GET
H3 200 styles.470895e6035d0005.css
uson.savings.beneplace.com/ 98 KB
17 KB 211ms
211ms Stylesheet
text/css 172.64.150.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://uson.savings.beneplace.com/styles.470895e6035d0005.css

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.150.236 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7678fff11f92c598d89035e7f1e5ae839902925df05059daa23901b914765975

Security Headers

Name	Value
Content-Security-Policy	frame-src .beneplace.com: .workingadvantage.com: .ebgsolutions.com: .demdex.net: .everesttech.net: .adobedtm.com .sc.omtrdc.net .omtrdc.net .qualtrics.com .adobe.com .keen.io .youtube.com .kaltura.com .libertymutual.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' .beneplace.com:* .workingadvantage.com: .ebgsolutions.com: .demdex.net: .everesttech.net: .adobedtm.com .sc.omtrdc.net .omtrdc.net .qualtrics.com .adobe.com .keen.io .youtube.com .kaltura.com *.libertymutual.com
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uson.savings.beneplace.com/home?off_guid=6SZ6y4C0jZhifkn9VakBi5&ebldr_form=2.01&source-id=email&utm_source=email&utm_campaign=email-mme&utm_medium=January-29-2024-Samsung&DLK=88730crr5ph7ir46zt4obnwvr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 19:33:20 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com
last-modified: Thu, 18 Jan 2024 11:46:58 GMT
server: cloudflare
cf-cache-status: HIT
content-encoding: br
etag: W/"65a90fb2-187ec"
vary: Accept-Encoding
x-frame-options: DENY
content-type: text/css
cf-ray: 84e462c2f80958f0-TXL
alt-svc: h3=":443"; ma=86400

GET
H2 200 S6uyw4BMUTPHjx4wXiWtFCc.woff2
fonts.gstatic.com/s/lato/v24/ 14 KB
14 KB 65ms
19ms Font
font/woff2 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXiWtFCc.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d4ae5188a65370ecfe28f42293bbee8297cfd5712c6aadfdb270d48f2bcd88b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://uson.savings.beneplace.com/
Origin: https://uson.savings.beneplace.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 14:15:23 GMT
x-content-type-options: nosniff
age: 19077
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13980
x-xss-protection: 0
last-modified: Tue, 02 May 2023 15:17:19 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 30 Jan 2025 14:15:23 GMT

GET
H2 200 id Show response
smetrics.beneplace.com/ 48 B
467 B 125ms
33ms XHR
application/x-javascript 63.140.62.17
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL

https://smetrics.beneplace.com/id?d_visid_ver=5.4.0&d_fieldgroup=A&mcorgid=B5F9FF2554F608410A4C98C6%40AdobeOrg&mid=21086972432292724094194753210655036589&cl=157680000&d_coppa=true&ts=1706729600574

Requested by

Host: uson.savings.beneplace.com
URL: https://uson.savings.beneplace.com/assets/new-relic/new-relic-integration.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.140.62.17 , United States, ASN15224 (OMNITURE, US),

Reverse DNS

ip-63-140-62-17.data.adobedc.net

Software

jag /

Resource Hash

3b6461f55386a4ff356d1961c215ac39f0cd4955cd857d20ea567be15d5c7c9e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://uson.savings.beneplace.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Wed, 31 Jan 2024 19:33:20 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
server: jag
vary: Origin
content-type: application/x-javascript;charset=utf-8
access-control-allow-origin: https://uson.savings.beneplace.com
p3p: CP="This is not a P3P policy"
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
content-length: 48
x-xss-protection: 1; mode=block

GET
H3 200 gen_204 Show response
maps.googleapis.com/maps/api/mapsjs/ 3 B
45 B 77ms
37ms XHR
application/json 2a00:1450:4001:809::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true

Requested by

Host: uson.savings.beneplace.com
URL: https://uson.savings.beneplace.com/assets/new-relic/new-relic-integration.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uson.savings.beneplace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 19:33:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: scaffolding on HTTPServer2
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://uson.savings.beneplace.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23
x-xss-protection: 0

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 277 KB
92 KB 38ms
37ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-FD2X5ZMELR&l=dataLayer&cx=c

Requested by

Host: uson.savings.beneplace.com
URL: https://uson.savings.beneplace.com/assets/new-relic/new-relic-integration.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

34ad1925015893a72041819ce524d1ca1194c87c3d1995a5cc57e0815bc345a0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uson.savings.beneplace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 19:33:20 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 94135
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 31 Jan 2024 19:33:20 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 69ms
20ms Script
text/javascript 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: uson.savings.beneplace.com
URL: https://uson.savings.beneplace.com/assets/new-relic/new-relic-integration.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uson.savings.beneplace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 31 Jan 2024 17:48:09 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 6311
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Wed, 31 Jan 2024 19:48:09 GMT

GET
DATA 200
OK truncated
/ 38 B
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 05632bd17ae6013db11864ba86f363756e305cd5a56ee788fe20774ed6c750f9

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type: image/webp

GET
H3 200 info Show response
uson.savings.beneplace.com/api/ 8 KB
3 KB 466ms
465ms XHR
application/json 172.64.150.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://uson.savings.beneplace.com/api/info

Requested by

Host: uson.savings.beneplace.com
URL: https://uson.savings.beneplace.com/assets/new-relic/new-relic-integration.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.150.236 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

15ec705f37cf581b2862905c58e7d963334565af495c47207d296882b88ee5d4

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://uson.savings.beneplace.com/home?off_guid=6SZ6y4C0jZhifkn9VakBi5&ebldr_form=2.01&source-id=email&utm_source=email&utm_campaign=email-mme&utm_medium=January-29-2024-Samsung&DLK=88730crr5ph7ir46zt4obnwvr
tracestate: 88831@nr=0-1-2647367-1120218725-e23d183ac5655f91----1706729600860
traceparent: 00-4cd47ccf440c81ccbcd6e699b99f7900-e23d183ac5655f91-01
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjI2NDczNjciLCJhcCI6IjExMjAyMTg3MjUiLCJpZCI6ImUyM2QxODNhYzU2NTVmOTEiLCJ0ciI6IjRjZDQ3Y2NmNDQwYzgxY2NiY2Q2ZTY5OWI5OWY3OTAwIiwidGkiOjE3MDY3Mjk2MDA4NjAsInRrIjoiODg4MzEifX0=

Response headers

date: Wed, 31 Jan 2024 19:33:21 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
x-powered-by
alt-svc: h3=":443"; ma=86400
server: cloudflare
etag: W/"2174-QgTHi9YhYfAFUHNYdAabfKmGEhg"
vary: Origin
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: http://uson.savings.beneplace.com
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-ray: 84e462c56cf258f0-TXL
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
expires: Wed, 31 Jan 2024 19:33:20 GMT

GET
H3 200 marketplace-styles.css Show response
uson.savings.beneplace.com/api/uson/ 32 KB
5 KB 1660ms
1659ms XHR
text/css 172.64.150.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://uson.savings.beneplace.com/api/uson/marketplace-styles.css

Requested by

Host: uson.savings.beneplace.com
URL: https://uson.savings.beneplace.com/assets/new-relic/new-relic-integration.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.150.236 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

353c49b0419dbcf31f807b3e3a7da77d2002837dc77b0d731d7aae8b287ed225

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://uson.savings.beneplace.com/home?off_guid=6SZ6y4C0jZhifkn9VakBi5&ebldr_form=2.01&source-id=email&utm_source=email&utm_campaign=email-mme&utm_medium=January-29-2024-Samsung&DLK=88730crr5ph7ir46zt4obnwvr
tracestate: 88831@nr=0-1-2647367-1120218725-d12c272a5d550fbb----1706729600862
traceparent: 00-6718dbc5821cd2e75cdeb034ad391b00-d12c272a5d550fbb-01
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjI2NDczNjciLCJhcCI6IjExMjAyMTg3MjUiLCJpZCI6ImQxMmMyNzJhNWQ1NTBmYmIiLCJ0ciI6IjY3MThkYmM1ODIxY2QyZTc1Y2RlYjAzNGFkMzkxYjAwIiwidGkiOjE3MDY3Mjk2MDA4NjIsInRrIjoiODg4MzEifX0=

Response headers

date: Wed, 31 Jan 2024 19:33:22 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
x-powered-by
alt-svc: h3=":443"; ma=86400
server: cloudflare
etag: W/"80e0-FskFlpk3a7UBujB/NYORlMdX8dY"
vary: Origin
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
content-type: text/css; charset=utf-8
access-control-allow-origin: http://uson.savings.beneplace.com
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-ray: 84e462c56cf658f0-TXL
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
expires: Wed, 31 Jan 2024 19:33:21 GMT

GET
H3 200 colors.css Show response
uson.savings.beneplace.com/api/uson/ 3 KB
789 B 305ms
305ms XHR
text/css 172.64.150.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://uson.savings.beneplace.com/api/uson/colors.css?scope=:root,app-logged-in,ngb-modal-window

Requested by

Host: uson.savings.beneplace.com
URL: https://uson.savings.beneplace.com/assets/new-relic/new-relic-integration.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.150.236 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

55716bffdc0f21a432d17d79faa05016f3e172cb1287d48a819d6d6dc95ced2e

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://uson.savings.beneplace.com/home?off_guid=6SZ6y4C0jZhifkn9VakBi5&ebldr_form=2.01&source-id=email&utm_source=email&utm_campaign=email-mme&utm_medium=January-29-2024-Samsung&DLK=88730crr5ph7ir46zt4obnwvr
tracestate: 88831@nr=0-1-2647367-1120218725-417530d5bb5c6931----1706729600863
traceparent: 00-e22d7111b122fafd1a8ecad996157200-417530d5bb5c6931-01
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjI2NDczNjciLCJhcCI6IjExMjAyMTg3MjUiLCJpZCI6IjQxNzUzMGQ1YmI1YzY5MzEiLCJ0ciI6ImUyMmQ3MTExYjEyMmZhZmQxYThlY2FkOTk2MTU3MjAwIiwidGkiOjE3MDY3Mjk2MDA4NjMsInRrIjoiODg4MzEifX0=

Response headers

date: Wed, 31 Jan 2024 19:33:21 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
x-powered-by
alt-svc: h3=":443"; ma=86400
server: cloudflare
etag: W/"a79-jvXDFKFLmw4crLx8Rk4oxu5SIno"
vary: Origin
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
content-type: text/css; charset=utf-8
access-control-allow-origin: http://uson.savings.beneplace.com
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-ray: 84e462c56cfc58f0-TXL
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
expires: Wed, 31 Jan 2024 19:33:20 GMT

GET
H2 200 RCea9d317d3a374e44b3f0f8711e38765e-source.min.js Show response
assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/99b0d340b49c/ 2 KB
1015 B 35ms
35ms Script
application/x-javascript 2a02:26f0:3100:18c::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/99b0d340b49c/RCea9d317d3a374e44b3f0f8711e38765e-source.min.js
Requested by: Host: uson.savings.beneplace.com
URL: https://uson.savings.beneplace.com/assets/new-relic/new-relic-integration.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3100:18c::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 8b78f6c2694ded95d29e65bb8299cd7817d76feaf57363c4eee7fc27faea9624

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uson.savings.beneplace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 19:33:20 GMT
content-encoding: gzip
last-modified: Mon, 29 Jan 2024 22:13:13 GMT
server: AkamaiNetStorage
etag: "90173797179737fc4da75b6ef78d798b:1706566393.859241"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://uson.savings.beneplace.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 751
expires: Wed, 31 Jan 2024 20:33:20 GMT

GET
H3

200

main.js Show response
uson.savings.beneplace.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/24864818/ Frame B497
Redirect Chain

https://uson.savings.beneplace.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
https://uson.savings.beneplace.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/24864818/main.js

7 KB
4 KB

32ms
31ms

Script
application/javascript

172.64.150.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://uson.savings.beneplace.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/24864818/main.js

Requested by

Protocol

Server

172.64.150.236 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4403cd9a1a8cace9725a8bf898f9c1693dfee2fbd1f35ed0b273f8a260818024

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 19:33:20 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
content-encoding: br
server: cloudflare
vary: accept-encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
cf-ray: 84e462c62e7158f0-TXL
alt-svc: h3=":443"; ma=86400

Redirect headers

date: Wed, 31 Jan 2024 19:33:20 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
vary: accept-encoding
access-control-allow-origin: *
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/24864818/main.js
cache-control: max-age=300, public
cf-ray: 84e462c58d2158f0-TXL
alt-svc: h3=":443"; ma=86400

POST
H2 204 collect
region1.google-analytics.com/g/ 0
261 B 76ms
27ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-FD2X5ZMELR&gtm=45je41t0v9112553684z878847533&_p=1706729600206&gcd=11l1l1l1l1&npa=0&dma_cps=sypham&dma=1&cid=261314590.1706729601&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&_s=1&sid=1706729600&sct=1&seg=0&dl=https%3A%2F%2Fuson.savings.beneplace.com%2Fhome%3Foff_guid%3D6SZ6y4C0jZhifkn9VakBi5%26ebldr_form%3D2.01%26source-id%3Demail%26utm_source%3Demail%26utm_campaign%3Demail-mme%26utm_medium%3DJanuary-29-2024-Samsung%26DLK%3D88730crr5ph7ir46zt4obnwvr&dt=Beneplace%20Team%20Discounts&en=page_view&_fv=1&_nsi=1&_ss=1&ep.userId=&up.data_stream_name=G-FD2X5ZMELR&up.site_name=Non%20Cruises&up.url_name=https%3A%2F%2Fuson.savings.beneplace.com%2Fhome%3Foff_guid%3D6SZ6y4C0jZhifkn9VakBi5%26ebldr_form%3D2.01%26source-id%3Demail%26utm_source%3Demail%26utm_campaign%3Demail-mme%26utm_medium%3DJanuary-29-2024-Samsung%26DLK%3D88730crr5ph7ir46zt4obnwvr&up.pb_site_name=uson&up.page_path=%2Fhome&up.user_id_value=&up.zip_code=NaN&tfd=1373
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-FD2X5ZMELR&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uson.savings.beneplace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Jan 2024 19:33:21 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://uson.savings.beneplace.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 16 B
229 B 28ms
27ms XHR
text/plain 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=2144952809&t=pageview&_s=1&dl=https%3A%2F%2Fuson.savings.beneplace.com%2Fhome%3Foff_guid%3D6SZ6y4C0jZhifkn9VakBi5%26ebldr_form%3D2.01%26source-id%3Demail%26utm_source%3Demail%26utm_campaign%3Demail-mme%26utm_medium%3DJanuary-29-2024-Samsung%26DLK%3D88730crr5ph7ir46zt4obnwvr&ul=en-us&de=UTF-8&dt=Beneplace%20Team%20Discounts&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAEABAAAAACAAI~&jid=1648331569&gjid=678621803&cid=261314590.1706729601&tid=UA-2876877-9&_gid=261331163.1706729601&_r=1&_slc=1&gtm=45He41t0n815QN8HWMv78847533&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&z=486006691

Requested by

Host: uson.savings.beneplace.com
URL: https://uson.savings.beneplace.com/assets/new-relic/new-relic-integration.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1da6ad9dfce9466037ec92e1f7699158c9a9347c669333c724f5cf6f3a7c0634

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://uson.savings.beneplace.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 31 Jan 2024 19:33:21 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://uson.savings.beneplace.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sync Show response
live.rezync.com/ 5 KB
6 KB 227ms
168ms Script
text/javascript 13.32.27.83
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://live.rezync.com/sync?c=16b6410431b6374e780104abb0443ca8&p=5ef4f9c1e806678f2ab0275df01d5ff4&zmpID=ebg-wag3&cache_buster=1706729601031&k=ebg-wag3-pixel-0988
Requested by: Host: uson.savings.beneplace.com
URL: https://uson.savings.beneplace.com/assets/new-relic/new-relic-integration.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.27.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-27-83.fra56.r.cloudfront.net
Software: lighttpd/1.4.69 /
Resource Hash: 92bd012680fd71378eb436eb0feaaaef5e20f4aefee239e2a4b8955dd2677607

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uson.savings.beneplace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 19:33:21 GMT
via: 1.1 7d3c59ee1b45f72158a8cbce053c8978.cloudfront.net (CloudFront)
server: lighttpd/1.4.69
x-amz-cf-pop: FRA56-C2
vary: Cookie
x-cache: Miss from cloudfront
content-type: text/javascript
accept-ranges: bytes
content-length: 5434
x-amz-cf-id: z07cG0oirlgow5XasfD7CSNOXvWm7FKYyHHrTotKMjqsk_kS-V861A==

POST
H3 200 84e462be6d35450a Show response
uson.savings.beneplace.com/cdn-cgi/challenge-platform/h/b/jsd/r/ Frame B497 0
339 B 51ms
50ms XHR
text/plain 172.64.150.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://uson.savings.beneplace.com/cdn-cgi/challenge-platform/h/b/jsd/r/84e462be6d35450a

Requested by

Host: uson.savings.beneplace.com
URL: https://uson.savings.beneplace.com/cdn-cgi/challenge-platform/scripts/jsd/main.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.150.236 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 31 Jan 2024 19:33:21 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
content-encoding: br
server: cloudflare
content-type: text/plain; charset=UTF-8
cf-ray: 84e462c728c258f0-TXL
alt-svc: h3=":443"; ma=86400

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
353 B 79ms
26ms XHR
text/plain 2a00:1450:400c:c0c::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-2876877-9&cid=261314590.1706729601&jid=1648331569&gjid=678621803&_gid=261331163.1706729601&_u=YADAAEAAAAAAACAAI~&z=79221662

Requested by

Host: uson.savings.beneplace.com
URL: https://uson.savings.beneplace.com/assets/new-relic/new-relic-integration.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://uson.savings.beneplace.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Wed, 31 Jan 2024 19:33:21 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://uson.savings.beneplace.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 258 KB
86 KB 40ms
40ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-2K753Z6D0L&cx=c&_slc=1

Requested by

Host: uson.savings.beneplace.com
URL: https://uson.savings.beneplace.com/assets/new-relic/new-relic-integration.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

fec7f2071ca0271b74e9948b436226b4cf9e0ebad3263aac40f8169ddc9c2ffe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uson.savings.beneplace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 19:33:21 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 88402
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 31 Jan 2024 19:33:21 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
54 B 28ms
27ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-2K753Z6D0L&gtm=45je41t0v9126564266&_p=1706729600206&gcd=11l1l1l1l2&npa=0&dma_cps=sypham&dma=1&ul=en-us&sr=1600x1200&cid=261314590.1706729601&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&_eu=EBAI&_s=1&dl=https%3A%2F%2Fuson.savings.beneplace.com%2Fhome%3Foff_guid%3D6SZ6y4C0jZhifkn9VakBi5%26ebldr_form%3D2.01%26source-id%3Demail%26utm_source%3Demail%26utm_campaign%3Demail-mme%26utm_medium%3DJanuary-29-2024-Samsung%26DLK%3D88730crr5ph7ir46zt4obnwvr&dt=Beneplace%20Team%20Discounts&sid=1706729601&sct=1&seg=0&en=page_view&_fv=1&_ss=1&_ee=1&tfd=1611
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-2K753Z6D0L&cx=c&_slc=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uson.savings.beneplace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Jan 2024 19:33:21 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://uson.savings.beneplace.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK p13n.min.js Show response
cdn.boomtrain.com/p13n/ebg-wag3/ 93 KB
30 KB 92ms
24ms Script
application/javascript 18.66.122.42
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.boomtrain.com/p13n/ebg-wag3/p13n.min.js
Requested by: Host: uson.savings.beneplace.com
URL: https://uson.savings.beneplace.com/assets/new-relic/new-relic-integration.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.122.42 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-122-42.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: cd6c50080cda668d0e858886b870ff15124d16be997d5b0d43e97d4788a20879

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uson.savings.beneplace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

x-amz-version-id: MoP_VascEW3gFlsLB8BcaQwZyTTX2BCI
Content-Encoding: gzip
Via: 1.1 8ac93eaf91328abbc6951d3fbab21e80.cloudfront.net (CloudFront)
Date: Wed, 31 Jan 2024 19:13:38 GMT
X-Amz-Cf-Pop: FRA60-P2
Age: 1195
x-amz-server-side-encryption: AES256
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Last-Modified: Sun, 28 Jan 2024 04:33:41 GMT
Server: AmazonS3
ETag: W/"7e025917ec081cb179b24e9b42269588"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: public, max-age=3600
X-Amz-Cf-Id: afS5fIEdRsOHsM5vtrElRS2uvJ-2Ays2tz74fFwQpr_ARf8-MSdonw==

GET
H/1.1 200
OK / Show response
com-wag3.netmng.com/ 7 KB
4 KB 519ms
141ms Script
text/javascript 199.38.167.54
ROCKETFUEL

General

Check archive.org

Show headers Download Go to

Full URL: https://com-wag3.netmng.com/?aid=6366&siclientid=105368&url=https%3A%2F%2Fuson.savings.beneplace.com%2Fhome%3Foff_guid%3D6SZ6y4C0jZhifkn9VakBi5%26ebldr_form%3D2.01%26source-id%3Demail%26utm_source%3Demail%26utm_campaign%3Demail-mme%26utm_medium%3DJanuary-29-2024-Samsung%26DLK%3D88730crr5ph7ir46zt4obnwvr&p5=&p6=&p7=&p8=&p9=&p10=&p11=&p12=&p13=&p14=&p15=&p16=&p17=&p18=&p19=&p20=&p26=&p27=&p28=
Requested by: Host: uson.savings.beneplace.com
URL: https://uson.savings.beneplace.com/assets/new-relic/new-relic-integration.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.38.167.54 , United States, ASN54312 (ROCKETFUEL, US),
Reverse DNS
Software: openresty /
Resource Hash: 702a1f01de1e6ba80c1e16ef51ba924e1b90a206596b2b87360add10690fb7b9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uson.savings.beneplace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 31 Jan 2024 19:33:21 GMT
Content-Encoding: gzip
Last-Modified: Mon, 29 Jan 2024 19:33:21 GMT
Server: openresty
Transfer-Encoding: chunked
Vary: Accept-Encoding
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa PSAa OUR BUS COM NAV"
Content-Type: text/javascript; charset=UTF-8
X-Cnection: close
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Mon, 29 Jan 2024 19:33:21 GMT

GET
H2

200

;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=1706729601.175614
adservice.google.com/ddm/fls/z/src=12084042;dc_pre=CM32-pyviIQDFcHh_QUdMpYPyA;type=unive0;cat=unive0;u1=;u2=;u3=;u4=;u5=;u6=;u7=;u8=;u9=;u10=;u11=;u12=;u13=;u14=;u18=;u19=;u20=;u22=;u23=;u28=;u29=h...
Redirect Chain

https://ad.doubleclick.net/ddm/activity/src=12084042;type=unive0;cat=unive0;u1=;u2=;u3=;u4=;u5=;u6=;u7=;u8=;u9=;u10=;u11=;u12=;u13=;u14=;u18=;u19=;u20=;u22=;u23=;u28=;u29=https://uson.savings.benep...
https://ad.doubleclick.net/ddm/activity/src=12084042;dc_pre=CM32-pyviIQDFcHh_QUdMpYPyA;type=unive0;cat=unive0;u1=;u2=;u3=;u4=;u5=;u6=;u7=;u8=;u9=;u10=;u11=;u12=;u13=;u14=;u18=;u19=;u20=;u22=;u23=;u...
https://adservice.google.com/ddm/fls/z/src=12084042;dc_pre=CM32-pyviIQDFcHh_QUdMpYPyA;type=unive0;cat=unive0;u1=;u2=;u3=;u4=;u5=;u6=;u7=;u8=;u9=;u10=;u11=;u12=;u13=;u14=;u18=;u19=;u20=;u22=;u23=;u2...

42 B
401 B

228ms
173ms

Image
image/gif

2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/src=12084042;dc_pre=CM32-pyviIQDFcHh_QUdMpYPyA;type=unive0;cat=unive0;u1=;u2=;u3=;u4=;u5=;u6=;u7=;u8=;u9=;u10=;u11=;u12=;u13=;u14=;u18=;u19=;u20=;u22=;u23=;u28=;u29=https://uson.savings.beneplace.com/;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=1706729601.175614

Requested by

Protocol

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uson.savings.beneplace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Jan 2024 19:33:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Wed, 31 Jan 2024 19:33:21 GMT
attribution-reporting-register-trigger: {"aggregatable_deduplication_keys":[{"deduplication_key":"6537122027304759825"}],"aggregatable_trigger_data":[{"filters":{"14":["12836263"]},"key_piece":"0xae984c664a3e2f9b","source_keys":["1","3","4","5","6","7","8","9","10","11"]},{"key_piece":"0x3d34d25b082b99c","not_filters":{"14":["12836263"]},"source_keys":["1","3","4","5","6","7","8","9","10","11"]},{"filters":{"14":["12836263"]},"key_piece":"0x1cab3e739042b8f6","source_keys":["12","13","14","15","16","17","18","19","20","21"]},{"key_piece":"0xe0b2ec890c88b633","not_filters":{"14":["12836263"]},"source_keys":["12","13","14","15","16","17","18","19","20","21"]}],"aggregatable_values":{"1":327,"10":327,"11":5570,"12":65,"13":65,"14":65,"15":6356,"16":65,"17":65,"18":6356,"19":65,"20":65,"21":6356,"3":327,"4":327,"5":5570,"6":327,"7":327,"8":5570,"9":327},"debug_key":"10881261384496936116","debug_reporting":true,"event_trigger_data":[{"deduplication_key":"6537122027304759825","filters":{"14":["12836263"],"source_type":["event"]},"priority":"10","trigger_data":"1"},{"deduplication_key":"6537122027304759825","filters":{"14":["12836263"],"source_type":["navigation"]},"priority":"10","trigger_data":"6"},{"deduplication_key":"6537122027304759825","filters":{"source_type":["event"]},"priority":"0","trigger_data":"0"},{"deduplication_key":"6537122027304759825","filters":{"source_type":["navigation"]},"priority":"0","trigger_data":"7"}],"filters":{"8":["12084042"]}}
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: image/png
location: https://adservice.google.com/ddm/fls/z/src=12084042;dc_pre=CM32-pyviIQDFcHh_QUdMpYPyA;type=unive0;cat=unive0;u1=;u2=;u3=;u4=;u5=;u6=;u7=;u8=;u9=;u10=;u11=;u12=;u13=;u14=;u18=;u19=;u20=;u22=;u23=;u28=;u29=https://uson.savings.beneplace.com/;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=1706729601.175614
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

bounce
secure.adnxs.com/
Redirect Chain

https://secure.adnxs.com/seg?add=32509374&t=2
https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D32509374%26t%3D2

43 B
1 KB

69ms
68ms

Image
image/gif

37.252.171.21
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D32509374%26t%3D2

Requested by

Protocol

Server

37.252.171.21 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uson.savings.beneplace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Jan 2024 19:33:21 GMT
an-x-request-uuid: b962c943-7256-4903-a3c0-4b6243bade78
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 217.114.218.26; 217.114.218.26; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 31 Jan 2024 19:33:21 GMT
an-x-request-uuid: 68a50c2e-f2e8-4a9e-ad62-15c52f7abf61
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D32509374%26t%3D2
x-proxy-origin: 217.114.218.26; 217.114.218.26; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 uson Show response
uson.savings.beneplace.com/api/controls/ 2 KB
1 KB 239ms
238ms XHR
application/json 172.64.150.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://uson.savings.beneplace.com/api/controls/uson

Requested by

Host: uson.savings.beneplace.com
URL: https://uson.savings.beneplace.com/assets/new-relic/new-relic-integration.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.150.236 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

341083bce636014fe77945e54a94e8cce5c1a34cfe400bffe146af1e78e73cae

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://uson.savings.beneplace.com/home?off_guid=6SZ6y4C0jZhifkn9VakBi5&ebldr_form=2.01&source-id=email&utm_source=email&utm_campaign=email-mme&utm_medium=January-29-2024-Samsung&DLK=88730crr5ph7ir46zt4obnwvr
tracestate: 88831@nr=0-1-2647367-1120218725-2c010ea676e9763e----1706729601330
traceparent: 00-05fc0e5b0e91afe6640eead28065a700-2c010ea676e9763e-01
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjI2NDczNjciLCJhcCI6IjExMjAyMTg3MjUiLCJpZCI6IjJjMDEwZWE2NzZlOTc2M2UiLCJ0ciI6IjA1ZmMwZTViMGU5MWFmZTY2NDBlZWFkMjgwNjVhNzAwIiwidGkiOjE3MDY3Mjk2MDEzMzAsInRrIjoiODg4MzEifX0=

Response headers

date: Wed, 31 Jan 2024 19:33:21 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
x-powered-by
alt-svc: h3=":443"; ma=86400
server: cloudflare
etag: W/"802-l2JAubNJ9M1/PrRHP+sqZphELc4"
vary: Origin
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: http://uson.savings.beneplace.com
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-ray: 84e462c85b7958f0-TXL
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
expires: Wed, 31 Jan 2024 19:33:20 GMT

GET
H/1.1 200
OK resolve Show response
people.api.boomtrain.com/identify/ 142 B
457 B 485ms
128ms XHR
application/json 52.45.70.255
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://people.api.boomtrain.com/identify/resolve?data=eyJjb29raWUiOnsiYnNpbiI6IiJ9LCJxdWVyeXN0cmluZyI6e30sImV4dGVybmFsX2lkcyI6eyJ6eW5jIjoiNTZlMWYyNTgtOGMwOS00OTNkLTliMmMtY2RhY2M4YjUxNjIwOjE3MDY3Mjk2MDEuMTcyNTY2NCJ9fQ%3D%3D&site_id=ebg-wag3
Requested by: Host: uson.savings.beneplace.com
URL: https://uson.savings.beneplace.com/assets/new-relic/new-relic-integration.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.45.70.255 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-45-70-255.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 4e1254ecd9c36e02437f35076e4f1efe6f3f2e86acaf8d63206eec8cc61ee168

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uson.savings.beneplace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Wed, 31 Jan 2024 19:33:21 GMT
Server: nginx
Access-Control-Allow-Methods: GET,PUT,POST,DELETE
Content-Type: application/json
Access-Control-Allow-Origin: *
Connection: keep-alive
Access-Control-Allow-Headers: X-Requested-With,Content-Type,Authorization,x-app-id
Content-Length: 142

GET
H2 200 RC6b40217ba8b34b5c95f7ac097beadf09-source.min.js Show response
assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/99b0d340b49c/ 451 B
549 B 41ms
41ms Script
application/x-javascript 2a02:26f0:3100:18c::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/99b0d340b49c/RC6b40217ba8b34b5c95f7ac097beadf09-source.min.js
Requested by: Host: uson.savings.beneplace.com
URL: https://uson.savings.beneplace.com/assets/new-relic/new-relic-integration.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3100:18c::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 0f8ebc30899eb40dc08bb4de7e68953c83206792c3ec200f60464bed04966c52

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uson.savings.beneplace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 19:33:21 GMT
content-encoding: gzip
last-modified: Mon, 29 Jan 2024 22:13:13 GMT
server: AkamaiNetStorage
etag: "90173797179737fc4da75b6ef78d798b:1706566393.859241"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://uson.savings.beneplace.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 285
expires: Wed, 31 Jan 2024 20:33:21 GMT

GET
H2 200 RC668a267ca36c45b5acca38f3e4360a76-source.min.js Show response
assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/99b0d340b49c/ 340 B
478 B 26ms
26ms Script
application/x-javascript 2a02:26f0:3100:18c::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/99b0d340b49c/RC668a267ca36c45b5acca38f3e4360a76-source.min.js
Requested by: Host: uson.savings.beneplace.com
URL: https://uson.savings.beneplace.com/assets/new-relic/new-relic-integration.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3100:18c::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 85e38bc08194b20e1a64cf3e9f1266dbb8498f72312bb2543b3314f05ad415dd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uson.savings.beneplace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 19:33:21 GMT
content-encoding: gzip
last-modified: Mon, 29 Jan 2024 22:13:13 GMT
server: AkamaiNetStorage
etag: "90173797179737fc4da75b6ef78d798b:1706566393.859241"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://uson.savings.beneplace.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 215
expires: Wed, 31 Jan 2024 20:33:21 GMT

GET
H/1.1 200
OK / Show response
com-wag3.netmng.com/WAG3/com/ 3 KB
2 KB 130ms
130ms Script
text/javascript 199.38.167.54
ROCKETFUEL

General

Check archive.org

Show headers Download Go to

Full URL: https://com-wag3.netmng.com/WAG3/com/?vid=nya8o8ebgadgg&referer=&browserPixelRatio=1&browserWidth=1600&browserHeight=1200&aid=6366&siclientid=105368&url=https%3A%2F%2Fuson.savings.beneplace.com%2Fhome%3Foff_guid%3D6SZ6y4C0jZhifkn9VakBi5%26ebldr_form%3D2.01%26source-id%3Demail%26utm_source%3Demail%26utm_campaign%3Demail-mme%26utm_medium%3DJanuary-29-2024-Samsung%26DLK%3D88730crr5ph7ir46zt4obnwvr&p5=&p6=&p7=&p8=&p9=&p10=&p11=&p12=&p13=&p14=&p15=&p16=&p17=&p18=&p19=&p20=&p26=&p27=&p28=&function=browser_check&r=675707
Requested by: Host: uson.savings.beneplace.com
URL: https://uson.savings.beneplace.com/assets/new-relic/new-relic-integration.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.38.167.54 , United States, ASN54312 (ROCKETFUEL, US),
Reverse DNS
Software: openresty /
Resource Hash: 51c28a44c986a235c6d74f2abfbafd9c9a01452515258628e10cbe3024c45a4e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uson.savings.beneplace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 31 Jan 2024 19:33:21 GMT
Content-Encoding: gzip
Last-Modified: Mon, 29 Jan 2024 19:33:21 GMT
Server: openresty
Transfer-Encoding: chunked
Vary: Accept-Encoding
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa PSAa OUR BUS COM NAV"
Content-Type: text/javascript; charset=UTF-8
X-Cnection: close
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, no-cache, private
Expires: Mon, 29 Jan 2024 19:33:21 GMT

POST
H2 200 track Show response
events.api.boomtrain.com/event/ 2 B
209 B 380ms
135ms XHR
text/plain 3.223.177.182
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://events.api.boomtrain.com/event/track
Requested by: Host: uson.savings.beneplace.com
URL: https://uson.savings.beneplace.com/assets/new-relic/new-relic-integration.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.223.177.182 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-223-177-182.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer: https://uson.savings.beneplace.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: *
date: Wed, 31 Jan 2024 19:33:22 GMT
server: nginx
access-control-allow-headers: X-Requested-With, Content-Type, Authorization, x-app-id
content-length: 2
access-control-allow-methods: GET, PUT, POST, DELETE
content-type: text/plain

GET
H2 200 nr-spa.142f942f-1.239.1.min.js Show response
js-agent.newrelic.com/ 75 KB
26 KB 69ms
19ms Script
application/javascript 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js-agent.newrelic.com/nr-spa.142f942f-1.239.1.min.js

Requested by

Host: uson.savings.beneplace.com
URL: https://uson.savings.beneplace.com/assets/new-relic/new-relic-integration.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.137 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

cdaf31a1071286676944848c1e53c284a611e39473e322a75caf358b1b24e19d

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uson.savings.beneplace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

x-amz-version-id: sn0IxCI.MkvNIiRAoqe.awP2R5evqDa4
content-encoding: br
via: 1.1 varnish
date: Wed, 31 Jan 2024 19:33:21 GMT
strict-transport-security: max-age=300
x-amz-request-id: XKNH2N4BMHCM512R
x-amz-server-side-encryption: AES256
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 25649
x-amz-id-2: 4mexhU0yeIewKmDeZm96VoQ5sJoXlVDLPLvdECeQEQCLYnoSPdDtx9GVJ5S3Dd2cS0NTUzBv+mg=
x-served-by: cache-fra-etou8220117-FRA
last-modified: Wed, 18 Oct 2023 21:33:59 GMT
server: AmazonS3
x-timer: S1706729602.979349,VS0,VE0
etag: "929044c7a94ad93d4583f5b62538f46a"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=86400, stale-if-error=86400
accept-ranges: bytes
x-cache-hits: 180

POST
H/1.1 200 NRJS-2ebdf5b38afbaafd48e Show response
bam.nr-data.net/1/ 40 B
414 B 470ms
404ms XHR
text/plain 162.247.243.29
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.nr-data.net/1/NRJS-2ebdf5b38afbaafd48e?a=1120218725&sa=1&v=1.239.1&t=Unnamed%20Transaction&rst=2371&ck=0&s=44969f8e2c8bbe64&ref=https://uson.savings.beneplace.com/home&af=err,xhr,stn,ins,spa&be=430&fe=1855&dc=809&perf=%7B%22timing%22:%7B%22of%22:1706729599637,%22n%22:0,%22f%22:0,%22dn%22:27,%22dne%22:27,%22c%22:27,%22s%22:52,%22ce%22:92,%22rq%22:92,%22rp%22:430,%22rpe%22:431,%22di%22:834,%22ds%22:1227,%22de%22:1239,%22dc%22:2284,%22l%22:2284,%22le%22:2285%7D,%22navigation%22:%7B%7D%7D
Requested by: Host: uson.savings.beneplace.com
URL: https://uson.savings.beneplace.com/assets/new-relic/new-relic-integration.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.247.243.29 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: c831a58c25f63105a06a622b3435bc6761474664f87e8e7b6ef8dccafa0d890f

Request headers

Referer: https://uson.savings.beneplace.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
content-type: text/plain

Response headers

date: Wed, 31 Jan 2024 19:33:22 GMT
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
content-type: text/plain
access-control-allow-origin: https://uson.savings.beneplace.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
Connection: keep-alive
Content-Length: 40
x-served-by: cache-fra-eddf8230104-FRA

GET
H2 200 RC0c16579d5c704bd0a214633d669d35f2-source.min.js Show response
assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/99b0d340b49c/ 1018 B
811 B 47ms
46ms Script
application/x-javascript 2a02:26f0:3100:18c::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/99b0d340b49c/RC0c16579d5c704bd0a214633d669d35f2-source.min.js
Requested by: Host: uson.savings.beneplace.com
URL: https://uson.savings.beneplace.com/assets/new-relic/new-relic-integration.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3100:18c::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 0313ff313e24ddac9564c74aa33a4b9e7e383f1621b985720466454a3e1ded18

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uson.savings.beneplace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 19:33:22 GMT
content-encoding: gzip
last-modified: Mon, 29 Jan 2024 22:13:13 GMT
server: AkamaiNetStorage
etag: "90173797179737fc4da75b6ef78d798b:1706566393.859241"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://uson.savings.beneplace.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 547
expires: Wed, 31 Jan 2024 20:33:22 GMT

POST
H/1.1 200 NRJS-2ebdf5b38afbaafd48e
bam.nr-data.net/events/1/ 24 B
353 B 613ms
612ms XHR
image/gif 162.247.243.29
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.nr-data.net/events/1/NRJS-2ebdf5b38afbaafd48e?a=1120218725&sa=1&v=1.239.1&t=Unnamed%20Transaction&rst=2881&ck=0&s=44969f8e2c8bbe64&ref=https://uson.savings.beneplace.com/home
Requested by: Host: uson.savings.beneplace.com
URL: https://uson.savings.beneplace.com/assets/new-relic/new-relic-integration.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.247.243.29 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://uson.savings.beneplace.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
content-type: text/plain

Response headers

date: Wed, 31 Jan 2024 19:33:23 GMT
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
content-type: image/gif
access-control-allow-origin: https://uson.savings.beneplace.com
access-control-allow-credentials: true
Connection: keep-alive
Content-Length: 24
x-served-by: cache-fra-eddf8230104-FRA

GET
H3 401 dlk-compare Show response
uson.savings.beneplace.com/api/known/ 182 B
509 B 154ms
154ms XHR
application/json 172.64.150.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://uson.savings.beneplace.com/api/known/dlk-compare?guid=88730crr5ph7ir46zt4obnwvr

Requested by

Host: uson.savings.beneplace.com
URL: https://uson.savings.beneplace.com/assets/new-relic/new-relic-integration.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.150.236 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

170287bbbfc14739c9b3aa6ce30abb0669d418f01118028f4b06c198fdbdde1d

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://uson.savings.beneplace.com/home?off_guid=6SZ6y4C0jZhifkn9VakBi5&ebldr_form=2.01&source-id=email&utm_source=email&utm_campaign=email-mme&utm_medium=January-29-2024-Samsung&DLK=88730crr5ph7ir46zt4obnwvr
tracestate: 88831@nr=0-1-2647367-1120218725-e89a9fd6510ab5de----1706729602591
traceparent: 00-4400f85a60a92f54f7cc311b88d41e00-e89a9fd6510ab5de-01
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjI2NDczNjciLCJhcCI6IjExMjAyMTg3MjUiLCJpZCI6ImU4OWE5ZmQ2NTEwYWI1ZGUiLCJ0ciI6IjQ0MDBmODVhNjBhOTJmNTRmN2NjMzExYjg4ZDQxZTAwIiwidGkiOjE3MDY3Mjk2MDI1OTEsInRrIjoiODg4MzEifX0=

Response headers

date: Wed, 31 Jan 2024 19:33:22 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
x-powered-by
etag: W/"b6-lGFIUF59ZyAYAhOl/ILN9N2OvBU"
vary: Origin
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: http://uson.savings.beneplace.com
cf-ray: 84e462d03d2058f0-TXL
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
content-length: 182
alt-svc: h3=":443"; ma=86400

GET
H3 200 info
uson.savings.beneplace.com/api/ 10 KB
3 KB 476ms
475ms XHR
text/html 172.64.150.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://uson.savings.beneplace.com/api/info?authInfo=true

Requested by

Host: uson.savings.beneplace.com
URL: https://uson.savings.beneplace.com/assets/new-relic/new-relic-integration.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.150.236 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://uson.savings.beneplace.com/home?off_guid=6SZ6y4C0jZhifkn9VakBi5&ebldr_form=2.01&source-id=email&utm_source=email&utm_campaign=email-mme&utm_medium=January-29-2024-Samsung&DLK=88730crr5ph7ir46zt4obnwvr
tracestate: 88831@nr=0-1-2647367-1120218725-e90a1cc6a10e3f7c----1706729602595
traceparent: 00-ac9266ed1c106c7b24ed5da1b4353700-e90a1cc6a10e3f7c-01
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjI2NDczNjciLCJhcCI6IjExMjAyMTg3MjUiLCJpZCI6ImU5MGExY2M2YTEwZTNmN2MiLCJ0ciI6ImFjOTI2NmVkMWMxMDZjN2IyNGVkNWRhMWI0MzUzNzAwIiwidGkiOjE3MDY3Mjk2MDI1OTUsInRrIjoiODg4MzEifX0=

Response headers

date: Wed, 31 Jan 2024 19:33:23 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
x-powered-by
alt-svc: h3=":443"; ma=86400
server: cloudflare
vary: Accept-Encoding, Origin
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
content-type: text/html; charset=utf-8
access-control-allow-origin: http://uson.savings.beneplace.com
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-ray: 84e462d04d3258f0-TXL
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
expires: Wed, 31 Jan 2024 19:33:22 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 22ms
21ms Image
image/gif 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&a=2144952809&t=pageview&_s=1&dl=https%3A%2F%2Fuson.savings.beneplace.com%2F&ul=en-us&de=UTF-8&dt=US%20Oncology%20Perks%20Program&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aADAAEABAAAAACAAI~&jid=&gjid=&cid=261314590.1706729601&tid=UA-2876877-9&_gid=261331163.1706729601&gtm=45He41t0n815QN8HWMv78847533&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&z=2124359253

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uson.savings.beneplace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Jan 2024 19:04:37 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 1725
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3

429

Primary Request sign-in Show response
auth.savings.beneplace.com/uson/
Redirect Chain

https://auth.savings.beneplace.com/auth/authorize?subdomain=uson&response_type=code&client_id=9ezalirn45mF43imJTdf53&utm_source=email&utm_medium=January-29-2024-Samsung&utm_campaign=email-mme&redir...
https://auth.savings.beneplace.com/uson/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&utm_source=email&utm_medium=January-29-2024-Samsung&utm_campaign=email-mme&redirect_uri=https%3A%...

16 KB
16 KB

38ms
37ms

Document
text/html

172.64.150.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://auth.savings.beneplace.com/uson/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&utm_source=email&utm_medium=January-29-2024-Samsung&utm_campaign=email-mme&redirect_uri=https%3A%2F%2Fuson.savings.beneplace.com%2Fhome%3Foff_guid%3D6SZ6y4C0jZhifkn9VakBi5%26ebldr_form%3D2.01%26source-id%3Demail%26utm_source%3Demail%26utm_campaign%3Demail-mme%26utm_medium%3DJanuary-29-2024-Samsung%26DLK%3D88730crr5ph7ir46zt4obnwvr

Requested by

Host: uson.savings.beneplace.com
URL: https://uson.savings.beneplace.com/main.21d8066a1ba27670.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.150.236 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4a6bf1aff55a8d5f1f584210d09008d014a04e6c5b1c9d1cd48fb30b6bbab98a

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://uson.savings.beneplace.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
alt-svc: h3=":443"; ma=86400
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-mitigated: challenge
cf-ray: 84e462d66a3f58f0-TXL
content-length: 15992
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
date: Wed, 31 Jan 2024 19:33:23 GMT
expires: Thu, 01 Jan 1970 00:00:01 GMT
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
server: cloudflare
strict-transport-security: max-age=2592000; includeSubDomains
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN

Redirect headers

access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-origin: http://auth.savings.beneplace.com
alt-svc: h3=":443"; ma=86400
cache-control: no-cache no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-cache-status: DYNAMIC
cf-ray: 84e462d37d38450a-TXL
content-type: text/html; charset=utf-8
date: Wed, 31 Jan 2024 19:33:23 GMT
expires: Wed, 31 Jan 2024 19:33:22 GMT
location: /uson/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&utm_source=email&utm_medium=January-29-2024-Samsung&utm_campaign=email-mme&redirect_uri=https%3A%2F%2Fuson.savings.beneplace.com%2Fhome%3Foff_guid%3D6SZ6y4C0jZhifkn9VakBi5%26ebldr_form%3D2.01%26source-id%3Demail%26utm_source%3Demail%26utm_campaign%3Demail-mme%26utm_medium%3DJanuary-29-2024-Samsung%26DLK%3D88730crr5ph7ir46zt4obnwvr
server: cloudflare
strict-transport-security: max-age=2592000; includeSubDomains
vary: Origin, Accept
x-content-type-options: nosniff
x-powered-by

GET
H3 200 v1 Show response
auth.savings.beneplace.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/ 167 KB
56 KB 50ms
49ms Script
application/javascript 172.64.150.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://auth.savings.beneplace.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=84e462d66a3f58f0

Requested by

Host: auth.savings.beneplace.com
URL: https://auth.savings.beneplace.com/uson/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&utm_source=email&utm_medium=January-29-2024-Samsung&utm_campaign=email-mme&redirect_uri=https%3A%2F%2Fuson.savings.beneplace.com%2Fhome%3Foff_guid%3D6SZ6y4C0jZhifkn9VakBi5%26ebldr_form%3D2.01%26source-id%3Demail%26utm_source%3Demail%26utm_campaign%3Demail-mme%26utm_medium%3DJanuary-29-2024-Samsung%26DLK%3D88730crr5ph7ir46zt4obnwvr

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.150.236 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

203a09ba5f459967203e02f9a932e7e39c79f875761031e7334e0a43530fa710

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://auth.savings.beneplace.com/uson/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&utm_source=email&utm_medium=January-29-2024-Samsung&utm_campaign=email-mme&redirect_uri=https%3A%2F%2Fuson.savings.beneplace.com%2Fhome%3Foff_guid%3D6SZ6y4C0jZhifkn9VakBi5%26ebldr_form%3D2.01%26source-id%3Demail%26utm_source%3Demail%26utm_campaign%3Demail-mme%26utm_medium%3DJanuary-29-2024-Samsung%26DLK%3D88730crr5ph7ir46zt4obnwvr&__cf_chl_rt_tk=7DuDksXEuPBLKzL55LR6fOVUqNCd8pbloU3sWYWdLzE-1706729603-0-gaNycGzNEvs
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 19:33:23 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
content-encoding: br
server: cloudflare
content-type: application/javascript; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray: 84e462d6db3458f0-TXL
alt-svc: h3=":443"; ma=86400

GET
H2 200 api.js Show response
challenges.cloudflare.com/turnstile/v0/b/24864818/ 37 KB
13 KB 92ms
52ms Script
application/javascript 2606:4700::6811:2b8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://challenges.cloudflare.com/turnstile/v0/b/24864818/api.js?onload=rmxH0&render=explicit
Requested by: Host: auth.savings.beneplace.com
URL: https://auth.savings.beneplace.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=84e462d66a3f58f0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:2b8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b40e5d49a5a4e45e5b1d129bbdc3f1f7b7ef4c464063147273a47e9f4aaf825e

Request headers

Referer
Origin: https://auth.savings.beneplace.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 19:33:23 GMT
content-encoding: br
server: cloudflare
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31536000
cf-ray: 84e462d7bd3e4d38-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 favicon.ico
auth.savings.beneplace.com/ 10 KB
10 KB 164ms
163ms Image
text/html 172.64.150.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://auth.savings.beneplace.com/favicon.ico

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.150.236 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	frame-src .beneplace.com: .workingadvantage.com: .ebgsolutions.com: .demdex.net: .everesttech.net: .adobedtm.com .sc.omtrdc.net .omtrdc.net .qualtrics.com .adobe.com .keen.io .youtube.com .kaltura.com .libertymutual.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' .beneplace.com:* .workingadvantage.com: .ebgsolutions.com: .demdex.net: .everesttech.net: .adobedtm.com .sc.omtrdc.net .omtrdc.net .qualtrics.com .adobe.com .keen.io .youtube.com .kaltura.com *.libertymutual.com
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://auth.savings.beneplace.com/uson/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&utm_source=email&utm_medium=January-29-2024-Samsung&utm_campaign=email-mme&redirect_uri=https%3A%2F%2Fuson.savings.beneplace.com%2Fhome%3Foff_guid%3D6SZ6y4C0jZhifkn9VakBi5%26ebldr_form%3D2.01%26source-id%3Demail%26utm_source%3Demail%26utm_campaign%3Demail-mme%26utm_medium%3DJanuary-29-2024-Samsung%26DLK%3D88730crr5ph7ir46zt4obnwvr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 19:33:23 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com
last-modified: Thu, 18 Jan 2024 11:53:07 GMT
server: cloudflare
cf-cache-status: HIT
content-encoding: br
vary: Accept-Encoding
x-frame-options: DENY
content-type: text/html; charset=utf-8
cf-ray: 84e462d77c8b58f0-TXL
alt-svc: h3=":443"; ma=86400

GET
BLOB 200
OK c6371141-a514-42ab-8b06-57c949ab99be
https://auth.savings.beneplace.com/ 13 B
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://auth.savings.beneplace.com/c6371141-a514-42ab-8b06-57c949ab99be
Requested by: Host: auth.savings.beneplace.com
URL: https://auth.savings.beneplace.com/uson/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&utm_source=email&utm_medium=January-29-2024-Samsung&utm_campaign=email-mme&redirect_uri=https%3A%2F%2Fuson.savings.beneplace.com%2Fhome%3Foff_guid%3D6SZ6y4C0jZhifkn9VakBi5%26ebldr_form%3D2.01%26source-id%3Demail%26utm_source%3Demail%26utm_campaign%3Demail-mme%26utm_medium%3DJanuary-29-2024-Samsung%26DLK%3D88730crr5ph7ir46zt4obnwvr
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8860e7fef89219a219cb11d18bd8e4a322f32072613f86e935e7fe162ab69c04

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://auth.savings.beneplace.com/uson/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&utm_source=email&utm_medium=January-29-2024-Samsung&utm_campaign=email-mme&redirect_uri=https%3A%2F%2Fuson.savings.beneplace.com%2Fhome%3Foff_guid%3D6SZ6y4C0jZhifkn9VakBi5%26ebldr_form%3D2.01%26source-id%3Demail%26utm_source%3Demail%26utm_campaign%3Demail-mme%26utm_medium%3DJanuary-29-2024-Samsung%26DLK%3D88730crr5ph7ir46zt4obnwvr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Length: 13
Content-Type: text/javascript

POST
H3 200 239abc1588a11e1 Show response
auth.savings.beneplace.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1263502497:1706728096:7EcZhf7MhKuo2z-qItjqS6Rzs8dn6cqo3Qugz9gnK3Y/84e462d66a3f58f0/ 13 KB
10 KB 65ms
64ms XHR
text/plain 172.64.150.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://auth.savings.beneplace.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1263502497:1706728096:7EcZhf7MhKuo2z-qItjqS6Rzs8dn6cqo3Qugz9gnK3Y/84e462d66a3f58f0/239abc1588a11e1

Requested by

Host: auth.savings.beneplace.com
URL: https://auth.savings.beneplace.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=84e462d66a3f58f0

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.150.236 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

80e744f5d84732e49c10e20a1e8d9aa08c5d2ce899be1bacdbb5f57ed7391ccf

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://auth.savings.beneplace.com/uson/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&utm_source=email&utm_medium=January-29-2024-Samsung&utm_campaign=email-mme&redirect_uri=https%3A%2F%2Fuson.savings.beneplace.com%2Fhome%3Foff_guid%3D6SZ6y4C0jZhifkn9VakBi5%26ebldr_form%3D2.01%26source-id%3Demail%26utm_source%3Demail%26utm_campaign%3Demail-mme%26utm_medium%3DJanuary-29-2024-Samsung%26DLK%3D88730crr5ph7ir46zt4obnwvr
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
CF-Challenge: 239abc1588a11e1
Content-type: application/x-www-form-urlencoded

Response headers

date: Wed, 31 Jan 2024 19:33:23 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
content-encoding: br
server: cloudflare
content-type: text/plain; charset=UTF-8
cf-ray: 84e462d82e5358f0-TXL
alt-svc: h3=":443"; ma=86400
cf-chl-gen: LWxsNfqmOHXNW1Bw+gk5febWHI/lZKZXd89lFt9Ulugb+cvo1yaD2/wkgVvW7YZR$qfdn2tldZVMrP3opCg3lfg==

GET
H3 200 normal
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/oud84/0x4AAAAAAADnPIDROrmt1Wwj/light/ Frame 7B6D 0
0 62ms
40ms Document
text/html 2606:4700::6811:2b8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/oud84/0x4AAAAAAADnPIDROrmt1Wwj/light/normal

Requested by

Host: challenges.cloudflare.com
URL: https://challenges.cloudflare.com/turnstile/v0/b/24864818/api.js?onload=rmxH0&render=explicit

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:2b8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	frame-src https://challenges.cloudflare.com/ blob:; base-uri 'self'

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
alt-svc: h3=":443"; ma=86400
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray: 84e462d8df0339d3-FRA
content-encoding: br
content-security-policy: frame-src https://challenges.cloudflare.com/ blob:; base-uri 'self'
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
date: Wed, 31 Jan 2024 19:33:23 GMT
document-policy: js-profiling
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
server: cloudflare

Verdicts & Comments Add Verdict or Comment

16 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

25 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.beneplace.com/	1970-01-20 18:05:31	Name: __cf_bm Value: 0RvfzXziPRwmNb8zY0RZLM2iZqn0vZwvK1ccA137Cgw-1706729600-1-AQA4SQJ48g2toe6bi7CyHeryN9Qa91OPcye55zOD+JCJVnGj2O9wvbtjvCuKC2M0JMa3pzWOm7UFCNq9Qt1WAQU=
.beneplace.com/	1969-12-31 23:59:59	Name: AMCVS_B5F9FF2554F608410A4C98C6%40AdobeOrg Value: 1
.beneplace.com/	1970-01-21 03:41:29	Name: s_ecid Value: MCMID%7C21086972432292724094194753210655036589
.beneplace.com/	1970-01-21 03:41:29	Name: AMCV_B5F9FF2554F608410A4C98C6%40AdobeOrg Value: 1176715910%7CMCIDTS%7C19754%7CMCMID%7C21086972432292724094194753210655036589%7CMCAAMLH-1707334400%7C6%7CMCAAMB-1707334400%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1706736800s%7CNONE%7CMCAID%7CNONE%7CvVersion%7C5.4.0
.beneplace.com/	1970-01-21 03:41:29	Name: _ga Value: GA1.2.261314590.1706729601
.beneplace.com/	1970-01-20 18:06:56	Name: _gid Value: GA1.2.261331163.1706729601
.beneplace.com/	1970-01-20 18:05:29	Name: _gat_UA-2876877-9 Value: 1
.beneplace.com/	1970-01-21 02:51:05	Name: cf_clearance Value: Zbkd3fnDTeQffVdpHXR01woRQn_BXfYrpqWmzYFaKig-1706729601-1-Afj1WlesVaV4hdAvsaQ8vUUx/Jl0cStgKcdWqfilaj8O5Xgy5meDjs1qyDS3srKjICLZcLOXNk4w3XlWu1SFL1U=
.rezync.com/	1970-01-20 22:24:41	Name: zync-uuid Value: 56e1f258-8c09-493d-9b2c-cdacc8b51620:1706729601.1725664
live.rezync.com/	1970-01-20 22:24:41	Name: sd-session-id Value: eyJfcGVybWFuZW50Ijp0cnVlLCJzZXNzaW9uX2lkIjoiNTZlMWYyNTgtOGMwOS00OTNkLTliMmMtY2RhY2M4YjUxNjIwOjE3MDY3Mjk2MDEuMTcyNTY2NCJ9.ZbqggQ.VtFGQznbPlB2FQNfDWQcrYhmwEw
.adnxs.com/	1970-01-20 20:15:05	Name: XANDR_PANID Value: k2p0muK6rxIsmK35B-wLyZDGvBb4Lo2gke69Bhvqde8DARwY4Gh-PsXCQLBV7ocphvXZ-OhvwfqDztq3VkAKSrfnhGp0jgdQ-NJ8yq_fwvQ.
.adnxs.com/	1970-01-21 03:41:29	Name: receive-cookie-deprecation Value: 1
.adnxs.com/	1970-01-20 20:15:05	Name: uuid2 Value: 4803748778772722710
.beneplace.com/	1970-01-21 02:51:05	Name: btIdentify Value: 72f0c4b1-2ccc-4d17-81ab-54a0cbf7896f
.beneplace.com/	1970-01-20 18:05:33	Name: _bts Value: dbdbde22-5984-4a8d-9135-44bd7f7206fd
.adnxs.com/	1970-01-20 20:15:05	Name: anj Value: dTM7k!M4/8CxrEQF']wIg2Hb[JW1TU!1yIE'Yg-$0y=/d!!'5h$Z_8^
.doubleclick.net/	1970-01-20 18:05:30	Name: test_cookie Value: CheckForPermission
.doubleclick.net/	1970-01-20 18:48:41	Name: ar_debug Value: 1
.doubleclick.net/	1970-01-20 22:24:41	Name: receive-cookie-deprecation Value: 1
com-wag3.netmng.com/	1970-01-20 22:29:00	Name: evo5_WAG3 Value: nya8o8ebgadgg%7CO%7CWkVGaWN6QnRkR0ZVTWtoaVZWWm9jM05yWXl0VFUwSlNWa0pWVEdGNVJVbHhlbVJxYzBOMk5qZERkR1ZJYTBvNE1uaDRVR2hoTjBkMlJXWjNNbEFyUzJ4SE5YbzNkR1JJVW1KM1ZIbFRZMUZHYzNGNFUxZFFWMnhDYm10RmVURlFRVzh6WkRaelowUm9kM0pQUnl0aFlrOUhRM0pLZEdSaE9XVlRaelFyVEZKM05FWk9SWEpuZVc5TVJqZHJjRGhvWmxoUmJXUTNkbm95ZDJaS05HWm5Za1kzT1hOdk9Ea3JOemQyU0c1UEsxbzVjbXBtYTAxdWRXeExSbmxXYUdKcjp1MFFqM0lGczBIdFFNYkhwck5oR0NBPT0%3D
.beneplace.com/	1970-01-21 02:51:05	Name: _bti Value: %7B%22app_id%22%3A%22ebg-wag3%22%2C%22bsin%22%3A%22otc2pYXCiRr7QrCuvmVcoSRrgxhODyyNTcdFCwivbq55Si6Hm2jWwuvHDxLD7UaLBw8c%2B8uPjZyTVqnLesZhVQ%3D%3D%22%2C%22is_identified%22%3Afalse%7D
.beneplace.com/	1970-01-21 03:41:29	Name: _ga_2K753Z6D0L Value: GS1.2.1706729601.1.1.1706729602.0.0.0
.savings.beneplace.com/	1970-01-21 03:41:29	Name: split_test_groups Value: {}
.beneplace.com/	1970-01-21 03:41:29	Name: _ga_FD2X5ZMELR Value: GS1.1.1706729600.1.1.1706729603.0.0.0
auth.savings.beneplace.com/	1970-01-20 18:05:33	Name: cf_chl_3 Value: 239abc1588a11e1

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://uson.savings.beneplace.com/api/known/dlk-compare?guid=88730crr5ph7ir46zt4obnwvr Message: Failed to load resource: the server responded with a status of 401 ()
security	warning	Message: Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'browsing-topics'.
security	warning	Message: Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'interest-cohort'.
network	error	URL: https://auth.savings.beneplace.com/uson/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&utm_source=email&utm_medium=January-29-2024-Samsung&utm_campaign=email-mme&redirect_uri=https%3A%2F%2Fuson.savings.beneplace.com%2Fhome%3Foff_guid%3D6SZ6y4C0jZhifkn9VakBi5%26ebldr_form%3D2.01%26source-id%3Demail%26utm_source%3Demail%26utm_campaign%3Demail-mme%26utm_medium%3DJanuary-29-2024-Samsung%26DLK%3D88730crr5ph7ir46zt4obnwvr Message: Failed to load resource: the server responded with a status of 429 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-src .beneplace.com: .workingadvantage.com: .ebgsolutions.com: .demdex.net: .everesttech.net: .adobedtm.com .sc.omtrdc.net .omtrdc.net .qualtrics.com .adobe.com .keen.io .youtube.com .kaltura.com .libertymutual.com 'unsafe-inline' 'unsafe-eval' frame-ancestors 'self' .beneplace.com:* .workingadvantage.com: .ebgsolutions.com: .demdex.net: .everesttech.net: .adobedtm.com .sc.omtrdc.net .omtrdc.net .qualtrics.com .adobe.com .keen.io .youtube.com .kaltura.com *.libertymutual.com
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad.doubleclick.net
adservice.google.com
assets.adobedtm.com
auth.savings.beneplace.com
bam.nr-data.net
cdn.boomtrain.com
cdn.jsdelivr.net
cdnjs.cloudflare.com
challenges.cloudflare.com
com-wag3.netmng.com
dpm.demdex.net
events.api.boomtrain.com
fonts.gstatic.com
js-agent.newrelic.com
live.rezync.com
maps.googleapis.com
people.api.boomtrain.com
region1.google-analytics.com
secure.adnxs.com
smetrics.beneplace.com
stats.g.doubleclick.net
uson.savings.beneplace.com
www.google-analytics.com
www.googletagmanager.com
13.32.27.83
151.101.2.137
162.247.243.29
172.217.16.198
172.64.150.236
18.66.122.42
199.38.167.54
2001:4860:4802:32::36
2606:4700::6810:5814
2606:4700::6811:190e
2606:4700::6811:2b8
2a00:1450:4001:808::2008
2a00:1450:4001:809::200a
2a00:1450:4001:80b::2002
2a00:1450:4001:811::2003
2a00:1450:4001:829::200e
2a00:1450:400c:c0c::9d
2a02:26f0:3100:18c::1e80
3.223.177.182
34.241.81.135
37.252.171.21
52.45.70.255
63.140.62.17
0313ff313e24ddac9564c74aa33a4b9e7e383f1621b985720466454a3e1ded18
05632bd17ae6013db11864ba86f363756e305cd5a56ee788fe20774ed6c750f9
0f8ebc30899eb40dc08bb4de7e68953c83206792c3ec200f60464bed04966c52
144c8eb2b5ac64163e65528a33cf8173611882490e4d7d0af3ef958671be6f79
15ec705f37cf581b2862905c58e7d963334565af495c47207d296882b88ee5d4
170287bbbfc14739c9b3aa6ce30abb0669d418f01118028f4b06c198fdbdde1d
1da6ad9dfce9466037ec92e1f7699158c9a9347c669333c724f5cf6f3a7c0634
203a09ba5f459967203e02f9a932e7e39c79f875761031e7334e0a43530fa710
341083bce636014fe77945e54a94e8cce5c1a34cfe400bffe146af1e78e73cae
34ad1925015893a72041819ce524d1ca1194c87c3d1995a5cc57e0815bc345a0
353c49b0419dbcf31f807b3e3a7da77d2002837dc77b0d731d7aae8b287ed225
3b6461f55386a4ff356d1961c215ac39f0cd4955cd857d20ea567be15d5c7c9e
4403cd9a1a8cace9725a8bf898f9c1693dfee2fbd1f35ed0b273f8a260818024
462a66acbf50e933685e7587e9f1441df8225b2bb4d6b7bc5e757eccf4ff6575
46f16c323557a318dd6604bab3ebe8dbd9d23bc318b55eec33b0b0a4502c0bd1
4a6bf1aff55a8d5f1f584210d09008d014a04e6c5b1c9d1cd48fb30b6bbab98a
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4e1254ecd9c36e02437f35076e4f1efe6f3f2e86acaf8d63206eec8cc61ee168
51c28a44c986a235c6d74f2abfbafd9c9a01452515258628e10cbe3024c45a4e
55716bffdc0f21a432d17d79faa05016f3e172cb1287d48a819d6d6dc95ced2e
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
5d159e233af5ec9cd87085dcb05d4212e0d28c5def84fb236bafb38a6c005518
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6bc181c119315e1aeb93533a86b27194ccd8d171a5d72c1ced438335608a6ef6
702a1f01de1e6ba80c1e16ef51ba924e1b90a206596b2b87360add10690fb7b9
7678fff11f92c598d89035e7f1e5ae839902925df05059daa23901b914765975
80e744f5d84732e49c10e20a1e8d9aa08c5d2ce899be1bacdbb5f57ed7391ccf
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
85e38bc08194b20e1a64cf3e9f1266dbb8498f72312bb2543b3314f05ad415dd
8860e7fef89219a219cb11d18bd8e4a322f32072613f86e935e7fe162ab69c04
8b78f6c2694ded95d29e65bb8299cd7817d76feaf57363c4eee7fc27faea9624
9219086b4f2c3bf77854b2e06ccd97ad32b9b7a140e65ff8b974a3bae6c7854c
92598de2d31f86547a73877fbbe8a510a42895e1f0ba3a6ab14a83d5df07a0c8
92bd012680fd71378eb436eb0feaaaef5e20f4aefee239e2a4b8955dd2677607
97bc08d6b6bf5af4d695f68afa6636543e36b0a2e7ea0187add5a3c12e4f70d4
ac3e5cf9dbf7e7d8afbde8193602e353a531e05ea3ed89990432248a8c73ee18
b40e5d49a5a4e45e5b1d129bbdc3f1f7b7ef4c464063147273a47e9f4aaf825e
bc49c009b33e66a59f057cf4ada682b80d4401d919ddf0f8d3ef2bb0415f0b23
bc83c7ec22a67fb4f4f9da76257b42c5329c0367f497ae5ffd532f4d065d3df2
c831a58c25f63105a06a622b3435bc6761474664f87e8e7b6ef8dccafa0d890f
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cbb3c795fd44c83a1200149b18e0df050fe228df4b5b03891373029117d8bd6b
cd6c50080cda668d0e858886b870ff15124d16be997d5b0d43e97d4788a20879
cdaf31a1071286676944848c1e53c284a611e39473e322a75caf358b1b24e19d
d4ae5188a65370ecfe28f42293bbee8297cfd5712c6aadfdb270d48f2bcd88b0
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eb14bf1316af1de9825f62d16139c334fffcb24cb29fa09ab74ce18bde24bffc
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f77c0d1739b618edc4a01ca3f6b2990b01a3009030af49ee8cf68e83052df194
fec7f2071ca0271b74e9948b436226b4cf9e0ebad3263aac40f8169ddc9c2ffe

auth.savings.beneplace.com Open in urlscan Pro 172.64.150.236 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

56 Requests

93 %HTTPS

48 %IPv6

17 Domains

24 Subdomains

23 IPs

4 Countries

1985 kBTransfer

8076 kBSize

25 Cookies

1 Outgoing links

Page URL History

Redirected requests

56 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

auth.savings.beneplace.com Open in urlscan Pro
172.64.150.236 Public Scan

Screenshot
Live screenshot

Full Image

56
Requests

93 %
HTTPS

48 %
IPv6

17
Domains

24
Subdomains

23
IPs

4
Countries

1985 kB
Transfer

8076 kB
Size

25
Cookies

56 HTTP transactions
1 data transactions