benefits.otisproductions.co Open in urlscan Pro
2a06:98c1:3120::7 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://otsprd.info/x/a6G633IU103Y8R
Effective URL:
https://benefits.otisproductions.co/b/1/?wid=6d10f1e7-d65c-4ff5-a17d-1705892b1113&filter=low_income&affid=7A6X&s1=null&s2=a6g633iu10...
Submission: On March 20 via manual (March 20th 2022, 5:03:38 am UTC) from US — Scanned from DE

Summary HTTP 30 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 12 IPs in 2 countries across 10 domains to perform 30 HTTP transactions. The main IP is 2a06:98c1:3120::7, located in United States and belongs to CLOUDFLARENET, US. The main domain is benefits.otisproductions.co.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on February 21st 2022. Valid for: a year.

This is the only time benefits.otisproductions.co was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	64.135.127.61 64.135.127.61	13645 (BROADBANDONE) (BROADBANDONE)
1 8	2a06:98c1:312... 2a06:98c1:3120::7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:82b::200a	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6812:1734	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:808::2008	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:811::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:803::2003	15169 (GOOGLE) (GOOGLE)
3	2606:4700:303... 2606:4700:3036::6815:2ab8	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	45.55.126.207 45.55.126.207	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
5	205.185.216.10 205.185.216.10	20446 (STACKPATH...) (STACKPATH-CDN)
1	162.243.189.2 162.243.189.2	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
4	2a06:98c1:312... 2a06:98c1:3121::7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
30	12

1 64.135.127.61 (North Miami Beach, United States) 1 redirects

ASN13645 (BROADBANDONE, US)

otsprd.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a06:98c1:3120::7 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

benefits.otisproductions.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ka-f.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:1734 (United States)

ASN13335 (CLOUDFLARENET, US)

kit.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:811::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:803::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:3036::6815:2ab8 (United States)

ASN13335 (CLOUDFLARENET, US)

pushaim1.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 45.55.126.207 (Clifton, United States)

ASN14061 (DIGITALOCEAN-ASN, US)

beacon.otisproductions.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 205.185.216.10 (United States)

ASN20446 (STACKPATH-CDN, US)
PTR: map2.hwcdn.net

thanos-assets.nyc3.cdn.digitaloceanspaces.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.243.189.2 (United States)

ASN14061 (DIGITALOCEAN-ASN, US)
PTR: nyc3.digitaloceanspaces.com

thanos-assets.nyc3.digitaloceanspaces.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a06:98c1:3121::7 (United States)

ASN13335 (CLOUDFLARENET, US)

hostandpost.rputools.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	otisproductions.co 1 redirects benefits.otisproductions.co beacon.otisproductions.co	478 KB
6	digitaloceanspaces.com thanos-assets.nyc3.cdn.digitaloceanspaces.com — Cisco Umbrella Rank: 585810 thanos-assets.nyc3.digitaloceanspaces.com	550 KB
4	rputools.com hostandpost.rputools.com — Cisco Umbrella Rank: 626706	1 KB
4	fontawesome.com kit.fontawesome.com — Cisco Umbrella Rank: 1590 ka-f.fontawesome.com — Cisco Umbrella Rank: 2959	23 KB
3	pushaim1.xyz pushaim1.xyz — Cisco Umbrella Rank: 799701	7 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 31	371 B
1	gstatic.com fonts.gstatic.com	26 KB
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 54	63 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 35	1 KB
1	otsprd.info 1 redirects otsprd.info	230 B
30	10

	Domain	Requested by
5	thanos-assets.nyc3.cdn.digitaloceanspaces.com	benefits.otisproductions.co
5	benefits.otisproductions.co	1 redirects benefits.otisproductions.co
4	hostandpost.rputools.com	benefits.otisproductions.co
3	beacon.otisproductions.co	benefits.otisproductions.co
3	pushaim1.xyz	benefits.otisproductions.co pushaim1.xyz
3	ka-f.fontawesome.com	kit.fontawesome.com
2	www.google-analytics.com	www.googletagmanager.com
1	thanos-assets.nyc3.digitaloceanspaces.com	benefits.otisproductions.co
1	fonts.gstatic.com	fonts.googleapis.com
1	www.googletagmanager.com	benefits.otisproductions.co
1	kit.fontawesome.com	benefits.otisproductions.co
1	fonts.googleapis.com	benefits.otisproductions.co
1	otsprd.info	1 redirects
30	13

This site contains links to these domains. Also see Links.

Domain
travelerguidebuddy.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-02-21` - `2023-02-21`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-02-28` - `2022-05-23`	3 months	crt.sh
*.fontawesome.com DigiCert TLS RSA SHA256 2020 CA1	`2021-12-01` - `2023-01-01`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-02-28` - `2022-05-23`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-02-28` - `2022-05-23`	3 months	crt.sh
beacon.otisproductions.co R3	`2022-02-14` - `2022-05-15`	3 months	crt.sh
*.nyc3.cdn.digitaloceanspaces.com DigiCert TLS RSA SHA256 2020 CA1	`2021-03-30` - `2022-04-30`	a year	crt.sh
*.nyc3.digitaloceanspaces.com DigiCert TLS RSA SHA256 2020 CA1	`2021-04-22` - `2022-05-23`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://benefits.otisproductions.co/b/1/?wid=6d10f1e7-d65c-4ff5-a17d-1705892b1113&filter=low_income&affid=7A6X&s1=null&s2=a6g633iu103y8r&s3=DMSBA
Frame ID: 0FE14037F46CE3542988EA2EFEC147E2
Requests: 27 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Otis Productions

Page URL History Show full URLs

https://otsprd.info/x/a6G633IU103Y8R HTTP 302
https://benefits.otisproductions.co/b/1?wid=6d10f1e7-d65c-4ff5-a17d-1705892b1113&filter=low_income&affid=7A6X&s1... HTTP 301
https://benefits.otisproductions.co/b/1/?wid=6d10f1e7-d65c-4ff5-a17d-1705892b1113&filter=low_income&affid=7A6X&s... Page URL

Detected technologies

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
kit\.fontawesome\.com/([0-9a-z]+).js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Page Statistics

30
Requests

97 %
HTTPS

67 %
IPv6

10
Domains

13
Subdomains

12
IPs

2
Countries

1150 kB
Transfer

2048 kB
Size

5
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: http://travelerguidebuddy.com/r/ff010494-5ea9-4f26-a3e7-875cc02236b9/
Title: Housing Assistance

Search URL Search Domain Scan URL

URL: http://travelerguidebuddy.com/r/dcae93ab-df2a-4243-b827-ab45c66995b0/
Title: Transportation Help

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://otsprd.info/x/a6G633IU103Y8R HTTP 302
https://benefits.otisproductions.co/b/1?wid=6d10f1e7-d65c-4ff5-a17d-1705892b1113&filter=low_income&affid=7A6X&s1=null&s2=a6g633iu103y8r&s3=DMSBA HTTP 301
https://benefits.otisproductions.co/b/1/?wid=6d10f1e7-d65c-4ff5-a17d-1705892b1113&filter=low_income&affid=7A6X&s1=null&s2=a6g633iu103y8r&s3=DMSBA Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

30 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
benefits.otisproductions.co/b/1/
Redirect Chain

https://otsprd.info/x/a6G633IU103Y8R
https://benefits.otisproductions.co/b/1?wid=6d10f1e7-d65c-4ff5-a17d-1705892b1113&filter=low_income&affid=7A6X&s1=null&s2=a6g633iu103y8r&s3=DMSBA
https://benefits.otisproductions.co/b/1/?wid=6d10f1e7-d65c-4ff5-a17d-1705892b1113&filter=low_income&affid=7A6X&s1=null&s2=a6g633iu103y8r&s3=DMSBA

3 KB
1 KB

131ms
130ms

Document
text/html

2a06:98c1:3120::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://benefits.otisproductions.co/b/1/?wid=6d10f1e7-d65c-4ff5-a17d-1705892b1113&filter=low_income&affid=7A6X&s1=null&s2=a6g633iu103y8r&s3=DMSBA
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 704081f3b7af01e683217e42331444e58d6b9c99f3350dcff738c14b6cc5ace6

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Sun, 20 Mar 2022 05:03:29 GMT
content-type: text/html
last-modified: Wed, 16 Mar 2022 11:19:48 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YKe4LUMLCed5Pjo4D6ObTEmwLQ6%2BTYcDzzgU99XG6bsMyRjWeki7PDE%2FMbjjSKfmNfgv%2Bz7I8ts0iCQleEIhWfxXSsvwMrG%2BgKldVYlouoO%2BSZE2yiZ4MS1tz%2FJOdHqkk4elegh50KxXZ23P9R9w67Z7kyU%2BXAPziz8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6eebe6ce282590e6-FRA
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

date: Sun, 20 Mar 2022 05:03:28 GMT
content-type: text/html
location: https://benefits.otisproductions.co/b/1/?wid=6d10f1e7-d65c-4ff5-a17d-1705892b1113&filter=low_income&affid=7A6X&s1=null&s2=a6g633iu103y8r&s3=DMSBA
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k9Dibu9hN5IMb3hA40qI%2FhYH0Wohoc8PSUs2pmaoYo%2FYzYJNwQkJoeMF%2FlA7is7yk0n3otfZ5rdysik3u9IM%2F8HYOi1C88CCsQG%2BY%2FVw15RX5pM8eVSIdKQLW597E4TYDDxXbOn1JcdQIJgiVbUuemcDnwLWNboiYN0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6eebe6cbed7190e6-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 css
fonts.googleapis.com/ 5 KB
1 KB 139ms
54ms Stylesheet
text/css 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Cabin:400,700,900|Poppins:300,400,700&display=swap

Requested by

Host: benefits.otisproductions.co
URL: https://benefits.otisproductions.co/b/1/?wid=6d10f1e7-d65c-4ff5-a17d-1705892b1113&filter=low_income&affid=7A6X&s1=null&s2=a6g633iu103y8r&s3=DMSBA

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

dbe4d590cbf353a92983a10f0a9727742ff9a94425963d750d206d005b6da6e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://benefits.otisproductions.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sun, 20 Mar 2022 05:03:29 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Sun, 20 Mar 2022 05:03:29 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 20 Mar 2022 05:03:29 GMT

GET
H2 200 268a7048dd.js Show response
kit.fontawesome.com/ 11 KB
4 KB 77ms
44ms Script
text/javascript 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kit.fontawesome.com/268a7048dd.js

Requested by

Host: benefits.otisproductions.co
URL: https://benefits.otisproductions.co/b/1/?wid=6d10f1e7-d65c-4ff5-a17d-1705892b1113&filter=low_income&affid=7A6X&s1=null&s2=a6g633iu103y8r&s3=DMSBA

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2e17c79e1b4d86ddba5a9d2104902942db44f856a9fd63a137cf5deb35f56366

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://benefits.otisproductions.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 20 Mar 2022 05:03:29 GMT
content-encoding: gzip
cf-cache-status: REVALIDATED
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: origin, accept-encoding, access-control-request-headers, access-control-request-method
access-control-allow-methods: GET, OPTIONS
content-type: text/javascript
access-control-allow-origin: *
access-control-max-age: 3000
cache-control: max-age=60, public, must-revalidate
strict-transport-security: max-age=31536000; preload
cf-ray: 6eebe6cf49b69177-FRA
access-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-token
x-request-id: Fs10Vq5mQlPHvnYeBvdC

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 170 KB
63 KB 143ms
56ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-CSQ3T208XX

Requested by

Host: benefits.otisproductions.co
URL: https://benefits.otisproductions.co/b/1/?wid=6d10f1e7-d65c-4ff5-a17d-1705892b1113&filter=low_income&affid=7A6X&s1=null&s2=a6g633iu103y8r&s3=DMSBA

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

223289b1b4c272f77ae307a197ba84648e4fa2fbcb541ae831cdc4175313d158

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://benefits.otisproductions.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 20 Mar 2022 05:03:29 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 64291
x-xss-protection: 0
expires: Sun, 20 Mar 2022 05:03:29 GMT

GET
H3 200 bundle.6e6d4711dea1edd82cb3.css
benefits.otisproductions.co/b/1/ 9 KB
3 KB 371ms
370ms Stylesheet
text/css 2a06:98c1:3120::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://benefits.otisproductions.co/b/1/bundle.6e6d4711dea1edd82cb3.css?t=1647429565225
Requested by: Host: benefits.otisproductions.co
URL: https://benefits.otisproductions.co/b/1/?wid=6d10f1e7-d65c-4ff5-a17d-1705892b1113&filter=low_income&affid=7A6X&s1=null&s2=a6g633iu103y8r&s3=DMSBA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 78a4d729524b91f02e5da5c8fe8a4ac01d04152dffe78781e219c3a0c5f14501

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://benefits.otisproductions.co/b/1/?wid=6d10f1e7-d65c-4ff5-a17d-1705892b1113&filter=low_income&affid=7A6X&s1=null&s2=a6g633iu103y8r&s3=DMSBA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 20 Mar 2022 05:03:29 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Wed, 16 Mar 2022 11:19:47 GMT
server: cloudflare
etag: W/"6231c7d3-25f5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uvPF%2BYaOaf%2BFTFS%2FgykCQ8NXCBMwcGs2XLW%2BUvnYjMgrTyBNw21uLxs3lqtmhec3Y10PL4mQnt8HnPPXRQubbQApZVfsfM6PEIIVxwF7R7ZB7rouBiq05PDbcqzDgPajVUXB0Ak%2B96ZwGNLIc1BvXGN6bF%2FhOL%2BjXLw%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6eebe6cf1fad8ffe-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Mon, 20 Mar 2023 05:03:29 GMT

GET
H3 200 1.af2b3623.chunk.js Show response
benefits.otisproductions.co/b/1/js/ 176 KB
62 KB 611ms
610ms Script
application/javascript 2a06:98c1:3120::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://benefits.otisproductions.co/b/1/js/1.af2b3623.chunk.js
Requested by: Host: benefits.otisproductions.co
URL: https://benefits.otisproductions.co/b/1/?wid=6d10f1e7-d65c-4ff5-a17d-1705892b1113&filter=low_income&affid=7A6X&s1=null&s2=a6g633iu103y8r&s3=DMSBA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ef06b22dc326412a2852691bf3a96a1a2fc594eaa9bc60c945e5841b9ec5dc9d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://benefits.otisproductions.co/b/1/?wid=6d10f1e7-d65c-4ff5-a17d-1705892b1113&filter=low_income&affid=7A6X&s1=null&s2=a6g633iu103y8r&s3=DMSBA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 20 Mar 2022 05:03:29 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Wed, 16 Mar 2022 11:19:47 GMT
server: cloudflare
etag: W/"6231c7d3-2bf94"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7IGI5g2ByPKzjiVcm7uRSRY1mF%2FUk8tr7VA9jrMiie1sQBul1xepvvd4WFv3w3IMPZosVAa2EqKX2DR430279cs0eVRJMLEpMQdzLS9i4XWw1m64RUR49DevnJn%2BPuykmJsfXHKLV5HOhSXhCGNUduoDFO66d8lF72Q%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6eebe6cf1fae8ffe-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Mon, 20 Mar 2023 05:03:29 GMT

GET
H3 200 app.226db536.js Show response
benefits.otisproductions.co/b/1/js/ 100 KB
28 KB 594ms
593ms Script
application/javascript 2a06:98c1:3120::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://benefits.otisproductions.co/b/1/js/app.226db536.js
Requested by: Host: benefits.otisproductions.co
URL: https://benefits.otisproductions.co/b/1/?wid=6d10f1e7-d65c-4ff5-a17d-1705892b1113&filter=low_income&affid=7A6X&s1=null&s2=a6g633iu103y8r&s3=DMSBA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 391ea5472b84fb18322aa53a271a0181044fb5092aa88a1edffa8fd1f1903b76

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://benefits.otisproductions.co/b/1/?wid=6d10f1e7-d65c-4ff5-a17d-1705892b1113&filter=low_income&affid=7A6X&s1=null&s2=a6g633iu103y8r&s3=DMSBA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 20 Mar 2022 05:03:29 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Wed, 16 Mar 2022 11:19:47 GMT
server: cloudflare
etag: W/"6231c7d3-18f79"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O0uCZGQrGVXO6%2FNK%2FrVxCWeFgbr0HBGpCLs4KgCvKvR7Mp6fam5RgfXS8keicywhJJ%2B2BcUb75aRyA2s%2BNd1jESQ5qfrQiF6zmckqRakTAytCwc5I5s9T90qIMpo%2F86c%2Flj4jAj7sPgKV%2BjjzW1Y61Keq0sIrwGDWiA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6eebe6cf1faf8ffe-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Mon, 20 Mar 2023 05:03:29 GMT

GET
H2 200 free.min.css Show response
ka-f.fontawesome.com/releases/v5.15.4/css/ 59 KB
13 KB 117ms
63ms Fetch
text/css 2a06:98c1:3120::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-f.fontawesome.com/releases/v5.15.4/css/free.min.css?token=268a7048dd
Requested by: Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/268a7048dd.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fc5128dfdcdfa0c3a9967a6d2f19399d7bf1aaae6ad7571b96b03915a1f30dda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://benefits.otisproductions.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 20 Mar 2022 05:03:29 GMT
via: 1.1 56d45ca72c110eb4c3736727b5f5040a.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: TXL50-P2
x-cache: Hit from cloudfront
access-control-allow-methods: GET
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
server: cloudflare
etag: W/"a12ec7ebe75a4d59a5dd6b79e2ba2e16"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ikKSLgTELzfVH%2F8bOsvJW5Qb7Si%2Bp008RXU%2F5Cc7SmgL3LSPrTuNWFWFbR6ANZskTaYCraJLp3cgi8Fk5nuDKYwA9EV6Iv1pRI4NWlK%2FG9%2FoRQZ%2F1KSpTW9yOvSwSWAoPmxFbwqA01pkjBrX1c7jRpLh5Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556926
cf-ray: 6eebe6cfeefb9213-FRA
access-control-allow-headers: fa-kit-token
x-amz-cf-id: q655o4aqGjEJ0HWuIxoZ312Z7dkL-opQpCbuwBo4hNIl7UkO0exsEw==

GET
H2 200 free-v4-shims.min.css Show response
ka-f.fontawesome.com/releases/v5.15.4/css/ 26 KB
4 KB 113ms
60ms Fetch
text/css 2a06:98c1:3120::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-f.fontawesome.com/releases/v5.15.4/css/free-v4-shims.min.css?token=268a7048dd
Requested by: Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/268a7048dd.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6dea47458a4cd7cd7312cc780a53c62e0c8b3ccc8d0b13c1ac0ea6e3dfcecea8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://benefits.otisproductions.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 20 Mar 2022 05:03:29 GMT
via: 1.1 5bab9b28b9df8c7c6cb942e5654e9558.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: TXL50-P2
x-cache: Hit from cloudfront
access-control-allow-methods: GET
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
server: cloudflare
etag: W/"76f34b71fc9fb641507ff6a822cc07f5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0D7D5z8sjoahfsn4KegU3FQYs2sppoU5fYQ2tX2AMnQgqUfdOIEhiooTX1XgGtZLXLQ%2BrOsBfxrs8taOSC3CYMBdTOXSLBJKkv32B7PMnud0tFR5amDhXQy3AgZ3j6BBpMoqa3LWUQz7LdCbBdg5qDAbFg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556926
cf-ray: 6eebe6cfeefc9213-FRA
access-control-allow-headers: fa-kit-token
x-amz-cf-id: 1xEqctqMJLamV_Z1B4_TFOglayBe830rVyxfaXsOox4gsuIEnDwXoQ==

GET
H2 200 free-v4-font-face.min.css Show response
ka-f.fontawesome.com/releases/v5.15.4/css/ 3 KB
2 KB 87ms
35ms Fetch
text/css 2a06:98c1:3120::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-f.fontawesome.com/releases/v5.15.4/css/free-v4-font-face.min.css?token=268a7048dd
Requested by: Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/268a7048dd.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7f8b63bff49fba3c5bae30f4eb39f2fd6d088fbe9d7292bdf37b0ef4a1ec68d6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://benefits.otisproductions.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 20 Mar 2022 05:03:29 GMT
via: 1.1 23f4d6fe05b7a037f9e8a8a9a9896368.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: TXL50-P2
x-cache: Hit from cloudfront
access-control-allow-methods: GET
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
server: cloudflare
etag: W/"f2e0b2680d9b0bcb6e0039c4424e5a59"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HCWimG%2FxWWX9DjsN8acSy90GgRRigECqa4IrbGZgRKbHjU6ePHTY3CZC%2BO3TmXlf0SFu%2Bj0RRukmJQ6mYGqBn5ULyh%2Bq1TsZpxccZIa2asGNeVnSrFFfWcvf%2Fxc9IVA8GqS6q7COnyAYiinVAtnwZ9R8jw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556926
cf-ray: 6eebe6cfeefd9213-FRA
access-control-allow-headers: fa-kit-token
x-amz-cf-id: z1ePcle7woJsNC0TUxW5-xkc8MPRFnZkyjp92EUhxVOjLG585xJeqA==

POST
H2 204 collect
www.google-analytics.com/g/ 0
354 B 132ms
45ms Ping
text/plain 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-CSQ3T208XX&gtm=2oe3e0&_p=1578921634&sr=1600x1200&ul=en-us&cid=1376263217.1647752610&_s=1&dl=https%3A%2F%2Fbenefits.otisproductions.co%2Fb%2F1%2F%3Fwid%3D6d10f1e7-d65c-4ff5-a17d-1705892b1113%26filter%3Dlow_income%26affid%3D7A6X%26s1%3Dnull%26s2%3Da6g633iu103y8r%26s3%3DDMSBA&dt=Otis%20Productions&sid=1647752609&sct=1&seg=0&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-CSQ3T208XX
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://benefits.otisproductions.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 20 Mar 2022 05:03:29 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://benefits.otisproductions.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 u-4i0qWljRw-PfU81xCKCpdpbgZJl6Xvqdns.woff2
fonts.gstatic.com/s/cabin/v18/ 25 KB
26 KB 122ms
39ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/cabin/v18/u-4i0qWljRw-PfU81xCKCpdpbgZJl6Xvqdns.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Cabin:400,700,900|Poppins:300,400,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4632f2a6b880931a9a2468fe53828f3a5a4b0934d9f4f6f37d6831214469a07e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://benefits.otisproductions.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 18:04:48 GMT
x-content-type-options: nosniff
age: 298721
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26104
x-xss-protection: 0
last-modified: Thu, 28 Jan 2021 20:56:38 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 16 Mar 2023 18:04:48 GMT

GET
H2 200 ace-push.js Show response
pushaim1.xyz/ 13 KB
5 KB 1770ms
1726ms Script
application/javascript 2606:4700:3036::6815:2ab8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pushaim1.xyz/ace-push.js
Requested by: Host: benefits.otisproductions.co
URL: https://benefits.otisproductions.co/b/1/js/app.226db536.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::6815:2ab8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d4880710c87636a8a8aaacfd576c79a5768fc651367636c71d2443ecc4ccb02e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://benefits.otisproductions.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 20 Mar 2022 05:03:31 GMT
content-encoding: br
cf-cache-status: BYPASS
last-modified: Sun, 13 Mar 2022 22:42:08 GMT
server: cloudflare
etag: W/"1d8372b91ff941e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v2vM1mHr6FTTX5SnLlZCjC3GHXfIb40mqZfFWgkomSUI3ebLTco10vJsrJm9jkpxSG%2Ba08A9C4s%2FBihjNAvTyaZCX0ffkpueN8498GbqCHmT2E7RJNv3uKgU77E8VLfx1zoC2ttsFBsjrcs%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6eebe6d39a029171-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 summary Show response
beacon.otisproductions.co/geo/ 121 B
570 B 309ms
102ms XHR
application/json 45.55.126.207
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://beacon.otisproductions.co/geo/summary

Requested by

Host: benefits.otisproductions.co
URL: https://benefits.otisproductions.co/b/1/js/1.af2b3623.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

45.55.126.207 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Kestrel /

Resource Hash

98b53fd42182094248dfcd219992e3740a87a135b587a652572d3ed9a500b4c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000

Request headers

Accept: application/json, text/plain, */*
Referer: https://benefits.otisproductions.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 20 Mar 2022 05:03:29 GMT
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS, PATCH, HEAD
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-allow-credentials: false
strict-transport-security: max-age=2592000
access-control-allow-headers: Origin, Accept, Cache-Control, If-Modified-Since, Keep-Alive, Range, DNT, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization

GET
H2 200 f827f008-7c88-4b6a-9a9b-8ca3411d8d09 Show response
beacon.otisproductions.co/c/ 510 KB
380 KB 402ms
196ms XHR
text/plain 45.55.126.207
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://beacon.otisproductions.co/c/f827f008-7c88-4b6a-9a9b-8ca3411d8d09?filter=low_income

Requested by

Host: benefits.otisproductions.co
URL: https://benefits.otisproductions.co/b/1/js/1.af2b3623.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

45.55.126.207 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Kestrel /

Resource Hash

270d036a03f7583105c1757a575bba96cad50cc67c9b3b4e7d2331f5a86c212b

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000

Request headers

Accept: application/json, text/plain, */*
Referer: https://benefits.otisproductions.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 20 Mar 2022 05:03:29 GMT
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS, PATCH, HEAD
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
access-control-allow-credentials: false
strict-transport-security: max-age=2592000
access-control-allow-headers: Origin, Accept, Cache-Control, If-Modified-Since, Keep-Alive, Range, DNT, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization

GET
DATA 200
OK truncated
/ 380 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 59cac1a37612eb643f9cbf618e604e946b9c66c27bad01a31ade8c93e896f303

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 6d10f1e7-d65c-4ff5-a17d-1705892b1113 Show response
beacon.otisproductions.co/t/ 8 KB
3 KB 129ms
129ms XHR
text/plain 45.55.126.207
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://beacon.otisproductions.co/t/6d10f1e7-d65c-4ff5-a17d-1705892b1113?affid=7A6X

Requested by

Host: benefits.otisproductions.co
URL: https://benefits.otisproductions.co/b/1/js/1.af2b3623.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

45.55.126.207 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Kestrel /

Resource Hash

ed44acb2bdb63b0f928ae48953fdbf81b122dedbdde46099ff3738168c279b94

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000

Request headers

Accept: application/json, text/plain, */*
Referer: https://benefits.otisproductions.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 20 Mar 2022 05:03:30 GMT
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS, PATCH, HEAD
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
access-control-allow-credentials: false
strict-transport-security: max-age=2592000
access-control-allow-headers: Origin, Accept, Cache-Control, If-Modified-Since, Keep-Alive, Range, DNT, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization

GET
H/1.1 200
OK 05bfd898e54c35fcc70c3a0161a9a878Section8Assistance.jpg
thanos-assets.nyc3.cdn.digitaloceanspaces.com/tenants/7/ 58 KB
58 KB 722ms
667ms Image
image/jpeg 205.185.216.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://thanos-assets.nyc3.cdn.digitaloceanspaces.com/tenants/7/05bfd898e54c35fcc70c3a0161a9a878Section8Assistance.jpg

Requested by

Host: benefits.otisproductions.co
URL: https://benefits.otisproductions.co/b/1/?affid=7A6X&filter=low_income&s1=null&s2=a6g633iu103y8r&s3=DMSBA&session_id=8775f571-1088-447b-94b1-b43e0b4c15d5&wid=6d10f1e7-d65c-4ff5-a17d-1705892b1113

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

205.185.216.10 , United States, ASN20446 (STACKPATH-CDN, US),

Reverse DNS

map2.hwcdn.net

Software

Resource Hash

362d6124079b14fd7aaf237e8cc09153e1ff8ff7565c1e4abf428ccaeb96866c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://benefits.otisproductions.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Sun, 20 Mar 2022 05:03:31 GMT
Last-Modified: Wed, 12 Jan 2022 18:11:26 GMT
x-amz-request-id: tx00000000000004108e686-006236b5a3-2be26abb-nyc3c
etag: "bf61fe2404beab85e452ffa2197998eb"
strict-transport-security: max-age=15552000; includeSubDomains; preload
X-HW: 1647752610.dop250.am5.t,1647752610.cds291.am5.shn,1647752610.dop250.am5.t,1647752611.cds008.am5.p
Content-Type: image/jpeg
Cache-Control: max-age=600
x-rgw-object-type: Normal
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 59078

GET
H/1.1 200
OK 87c82f112d7417237c5f3a018fd13a94Resources4Relief_300x225.jpg
thanos-assets.nyc3.cdn.digitaloceanspaces.com/tenants/3/ 73 KB
73 KB 574ms
518ms Image
image/jpeg 205.185.216.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://thanos-assets.nyc3.cdn.digitaloceanspaces.com/tenants/3/87c82f112d7417237c5f3a018fd13a94Resources4Relief_300x225.jpg

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

205.185.216.10 , United States, ASN20446 (STACKPATH-CDN, US),

Reverse DNS

map2.hwcdn.net

Software

Resource Hash

a9cdc052efaf128fbc9e4ab55175efeaabe6761507a6d815edaebb60f9175cc2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://benefits.otisproductions.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Sun, 20 Mar 2022 05:03:31 GMT
Connection: Keep-Alive
Last-Modified: Fri, 21 Jan 2022 17:17:12 GMT
x-amz-request-id: tx000000000000040ff821d-006236b5a3-2be2b299-nyc3c
etag: "153bded1914fd4d8345fcad0bb85bd8d"
Vary: Access-Control-Request-Headers,Access-Control-Request-Method,Origin
X-HW: 1647752610.dop214.am5.t,1647752610.cds303.am5.shn,1647752610.dop214.am5.t,1647752611.cds127.am5.pr
Content-Type: image/jpeg
Cache-Control: max-age=600
x-rgw-object-type: Normal
strict-transport-security: max-age=15552000; includeSubDomains; preload
Accept-Ranges: bytes
Content-Length: 74323

GET
H/1.1 200
OK 16716dbcdf7e56d08af93a0210130fbcahr.png
thanos-assets.nyc3.cdn.digitaloceanspaces.com/tenants/7/ 128 KB
129 KB 631ms
575ms Image
image/png 205.185.216.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://thanos-assets.nyc3.cdn.digitaloceanspaces.com/tenants/7/16716dbcdf7e56d08af93a0210130fbcahr.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

205.185.216.10 , United States, ASN20446 (STACKPATH-CDN, US),

Reverse DNS

map2.hwcdn.net

Software

Resource Hash

26080c69066e46c33f6e402272fd95bccafa2dda1ded5c88516a9f67784a631d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://benefits.otisproductions.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Sun, 20 Mar 2022 05:03:31 GMT
Last-Modified: Tue, 15 Feb 2022 15:00:30 GMT
x-amz-request-id: tx000000000000040ff8213-006236b5a3-2be2b299-nyc3c
etag: "1007f74955704bf7abf8300364a79c43"
strict-transport-security: max-age=15552000; includeSubDomains; preload
X-HW: 1647752610.dop013.am5.t,1647752610.cds237.am5.shn,1647752610.dop013.am5.t,1647752611.cds256.am5.p
Content-Type: image/png
Cache-Control: max-age=600
x-rgw-object-type: Normal
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 131193

GET
H/1.1 200
OK 32b58ab86650fb3e7d993a028b9cf5f5bagroupone.png
thanos-assets.nyc3.cdn.digitaloceanspaces.com/tenants/7/ 97 KB
98 KB 659ms
600ms Image
image/png 205.185.216.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://thanos-assets.nyc3.cdn.digitaloceanspaces.com/tenants/7/32b58ab86650fb3e7d993a028b9cf5f5bagroupone.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

205.185.216.10 , United States, ASN20446 (STACKPATH-CDN, US),

Reverse DNS

map2.hwcdn.net

Software

Resource Hash

0b15df9bc02a8734aaa8dc77263de99fd3cba9d448f7947fb18940e21e0c6e50

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://benefits.otisproductions.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Sun, 20 Mar 2022 05:03:31 GMT
Last-Modified: Fri, 11 Mar 2022 14:44:25 GMT
x-amz-request-id: tx000000000000040fac56e-006236b5a3-2be38d33-nyc3c
etag: "136c3fc636bab6d416677d9d48b220d9"
strict-transport-security: max-age=15552000; includeSubDomains; preload
X-HW: 1647752610.dop140.am5.t,1647752610.cds015.am5.shn,1647752610.dop140.am5.t,1647752611.cds256.am5.p
Content-Type: image/png
Cache-Control: max-age=600
x-rgw-object-type: Normal
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 99763

GET
H/1.1 200
OK e9d7b786697fe856f88039fd032482d2xcz5j69rp_1583945846034_charminbanner.jpg
thanos-assets.nyc3.digitaloceanspaces.com/tenants/3/ 88 KB
88 KB 394ms
192ms Image
image/jpeg 162.243.189.2
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://thanos-assets.nyc3.digitaloceanspaces.com/tenants/3/e9d7b786697fe856f88039fd032482d2xcz5j69rp_1583945846034_charminbanner.jpg

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

162.243.189.2 , United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

nyc3.digitaloceanspaces.com

Software

Resource Hash

f3e2588ed49634a56a2476e73f1acab7e0d86f2d02398e9e6615fc8e3d88c053

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://benefits.otisproductions.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 20 Mar 2022 05:03:30 GMT
last-modified: Wed, 09 Jun 2021 13:30:33 GMT
x-amz-request-id: tx000000000000040ff815b-006236b5a2-2be2b299-nyc3c
etag: "3732a664d167a7e296a59d54891197f0"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
content-type: image/jpeg
x-rgw-object-type: Normal
strict-transport-security: max-age=15552000; includeSubDomains; preload
accept-ranges: bytes
content-length: 89682

GET
H/1.1 200
OK c80d24601cde6b5a5d013a0180ab341binsuremycar300x225.png
thanos-assets.nyc3.cdn.digitaloceanspaces.com/tenants/3/ 104 KB
104 KB 554ms
495ms Image
image/png 205.185.216.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://thanos-assets.nyc3.cdn.digitaloceanspaces.com/tenants/3/c80d24601cde6b5a5d013a0180ab341binsuremycar300x225.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

205.185.216.10 , United States, ASN20446 (STACKPATH-CDN, US),

Reverse DNS

map2.hwcdn.net

Software

Resource Hash

9828dfd31eb0e2ccf5f775841ff30953ad33b6417cad4ac57e3eb23528abf6c8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://benefits.otisproductions.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Sun, 20 Mar 2022 05:03:31 GMT
Connection: Keep-Alive
Last-Modified: Tue, 18 Jan 2022 18:41:21 GMT
x-amz-request-id: tx000000000000041046c6c-006236b5a3-2be473bb-nyc3c
etag: "d2fa3299c2610b49d86062f69184003b"
Vary: Access-Control-Request-Headers,Access-Control-Request-Method,Origin
X-HW: 1647752610.dop129.am5.t,1647752610.cds143.am5.shn,1647752610.dop129.am5.t,1647752611.cds136.am5.pr
Content-Type: image/png
Cache-Control: max-age=600
x-rgw-object-type: Normal
strict-transport-security: max-age=15552000; includeSubDomains; preload
Accept-Ranges: bytes
Content-Length: 106104

OPTIONS
H2 200 pending
hostandpost.rputools.com/api/queue/ 0
0 174ms
116ms Preflight
text/html 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hostandpost.rputools.com/api/queue/pending?campaign_id=523&affid=7A6X&filter=low_income&s1=null&s2=a6g633iu103y8r&s3=DMSBA&wid=6d10f1e7-d65c-4ff5-a17d-1705892b1113&domain=benefits.otisproductions.co&age=&day=sunday&hour=5&utchour=5&utcday=sunday&uuid=da588ff3-8232-4667-96da-7d53d5614e33&folder=b1/&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/99.0.4844.51%20Safari/537.36&zip=60326&dzip=60326&state=HE&dstate=HE&statename=Hesse&dstatename=Hesse&ip=185.213.155.176&country=DE&email_signup_url=&cid=b0f8ee16-3d06-448e-b462-179af1253a1d&trackingUrl=http://hardship-recovery.com
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: https://benefits.otisproductions.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Sun, 20 Mar 2022 05:03:30 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
access-control-allow-headers: Content-Type, session_id
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3L0XaPptBcxZw9IC6G56Lo0Xv%2B1V7EdwhGDOr39wkERdxq8fkVP44s%2FcoiYzDlBOlCiWJn65bHwF%2FMo5e0ZbERAAfhq425NnEXxWhVeULwp4BRDoTAHbzJsh8LnJMl3GMTCY7XmKbj474UzU%2FxhDaNCCsKBzFAg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6eebe6d9bae89211-FRA
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

OPTIONS
H2 200 pending
hostandpost.rputools.com/api/queue/ 0
0 173ms
117ms Preflight
text/html 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hostandpost.rputools.com/api/queue/pending?campaign_id=523&affid=7A6X&filter=low_income&s1=null&s2=a6g633iu103y8r&s3=DMSBA&wid=6d10f1e7-d65c-4ff5-a17d-1705892b1113&domain=benefits.otisproductions.co&age=&day=sunday&hour=5&utchour=5&utcday=sunday&uuid=da588ff3-8232-4667-96da-7d53d5614e33&folder=b1/&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/99.0.4844.51%20Safari/537.36&zip=60326&dzip=60326&state=HE&dstate=HE&statename=Hesse&dstatename=Hesse&ip=185.213.155.176&country=DE&email_signup_url=&cid=ff010494-5ea9-4f26-a3e7-875cc02236b9&trackingUrl=http://travelerguidebuddy.com
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: https://benefits.otisproductions.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Sun, 20 Mar 2022 05:03:30 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
access-control-allow-headers: Content-Type, session_id
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g7CMq%2F%2Fqutr4GHr%2B5mwzy2IiAdnrjzhaAlvgEq%2BSLgxQi7hn36ST4T4HhCtv4cbr8uKPjFzyZaIViKNv44xNZEg5HOD83pZEIHF6kpd9vYJxCNnI5wESmDiI0bnM9FdnFfoQGCG8bpaeg5WBckhIrI3AlHtwy1w%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6eebe6d9bae99211-FRA
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 pending Show response
hostandpost.rputools.com/api/queue/ 19 B
610 B 151ms
138ms XHR
text/html 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hostandpost.rputools.com/api/queue/pending?campaign_id=523&affid=7A6X&filter=low_income&s1=null&s2=a6g633iu103y8r&s3=DMSBA&wid=6d10f1e7-d65c-4ff5-a17d-1705892b1113&domain=benefits.otisproductions.co&age=&day=sunday&hour=5&utchour=5&utcday=sunday&uuid=da588ff3-8232-4667-96da-7d53d5614e33&folder=b1/&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/99.0.4844.51%20Safari/537.36&zip=60326&dzip=60326&state=HE&dstate=HE&statename=Hesse&dstatename=Hesse&ip=185.213.155.176&country=DE&email_signup_url=&cid=b0f8ee16-3d06-448e-b462-179af1253a1d&trackingUrl=http://hardship-recovery.com
Requested by: Host: benefits.otisproductions.co
URL: https://benefits.otisproductions.co/b/1/js/1.af2b3623.chunk.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 68e26b8b9bb82ac6bb487da621b57c91d86a334e163e543ae61e9a1cfeebb9d2

Request headers

Accept: application/json, text/plain, */*
Referer: https://benefits.otisproductions.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: application/json;charset=utf-8

Response headers

date: Sun, 20 Mar 2022 05:03:31 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uhdmVHiRl0Q5RhIpxrUBXr%2BceF5gsz%2FlIlQtzUdRJGfrAdHOAE9Mnaz7iY2nBVXs9BuOkPGPiKd9%2BoFEY1YkZCCYPCN6WAf3bk%2BrzoRgiSjiKCoeA9Pbd2LzNrW5MvkgzAQUc%2B245isHYI0RjJXMTrDhamerqpE%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 6eebe6da89f1997b-FRA
access-control-allow-headers: Content-Type, session_id
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 pending Show response
hostandpost.rputools.com/api/queue/ 19 B
575 B 199ms
186ms XHR
text/html 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hostandpost.rputools.com/api/queue/pending?campaign_id=523&affid=7A6X&filter=low_income&s1=null&s2=a6g633iu103y8r&s3=DMSBA&wid=6d10f1e7-d65c-4ff5-a17d-1705892b1113&domain=benefits.otisproductions.co&age=&day=sunday&hour=5&utchour=5&utcday=sunday&uuid=da588ff3-8232-4667-96da-7d53d5614e33&folder=b1/&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/99.0.4844.51%20Safari/537.36&zip=60326&dzip=60326&state=HE&dstate=HE&statename=Hesse&dstatename=Hesse&ip=185.213.155.176&country=DE&email_signup_url=&cid=ff010494-5ea9-4f26-a3e7-875cc02236b9&trackingUrl=http://travelerguidebuddy.com
Requested by: Host: benefits.otisproductions.co
URL: https://benefits.otisproductions.co/b/1/js/1.af2b3623.chunk.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 68e26b8b9bb82ac6bb487da621b57c91d86a334e163e543ae61e9a1cfeebb9d2

Request headers

Accept: application/json, text/plain, */*
Referer: https://benefits.otisproductions.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: application/json;charset=utf-8

Response headers

date: Sun, 20 Mar 2022 05:03:31 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LPGmsrwmCo4jmUEVrtgXiMSsCcj97sQtWmwI%2BNGRORziB1a%2FKABG57IJCrBh0Zwzhmen%2BPxBob%2Fh5zDKerxGPBYVct2cOyjvluOCfIx1ZBCuXxaGcDhoDSse9IAFthLFC9xtR5njv1uJ00yK%2BSxtqe%2FNH2nDUh4%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 6eebe6da89f3997b-FRA
access-control-allow-headers: Content-Type, session_id
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

POST
H3 200 visit Show response
pushaim1.xyz/api/v1/ 1 KB
2 KB 5272ms
5272ms Fetch
application/json 2606:4700:3036::6815:2ab8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pushaim1.xyz/api/v1/visit
Requested by: Host: pushaim1.xyz
URL: https://pushaim1.xyz/ace-push.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:2ab8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b6adb28d718b143360af0175505063dddf327e122ac516dfdf3e7ab8c908e602

Request headers

Referer: https://benefits.otisproductions.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-type: application/json

Response headers

date: Sun, 20 Mar 2022 05:03:37 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qOWhgm1rFI%2BLRqmQKnt0wo3%2FW8cK%2Boa5ZT4UuCBro2oI9N5A2UjHnP1sGsNPXqaysxbwiiJ0%2BuMr3kG8Aq3CLEg8KA7eWzk0HP0Hh1INzfMtGU%2FhMDbRoJY1g1ZognlnAgTjGtHIFgZldY0%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cf-ray: 6eebe6df79c4929b-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

OPTIONS
H3 204 visit
pushaim1.xyz/api/v1/ 0
0 155ms
132ms Preflight 2606:4700:3036::6815:2ab8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pushaim1.xyz/api/v1/visit
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:2ab8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://benefits.otisproductions.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Sun, 20 Mar 2022 05:03:31 GMT
access-control-allow-headers: content-type
access-control-allow-methods: POST
access-control-allow-origin: *
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FF9MxZFfsp%2FRdoskceV4vDLxShSy5bRzu%2F1u2dMXqUSKCVpZAc2B%2FSP9ci6nDL3Gy8scfU8swR%2FlJoz6vsusVCazW9%2FJ5xDlcr%2F0RK%2FFdftSWr4AkztPYVtNUpkawiIaddW03mOyDB8MdX8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6eebe6de991f929b-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

POST
H3 204 collect
www.google-analytics.com/g/ 0
17 B 93ms
46ms Ping
text/plain 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-CSQ3T208XX&gtm=2oe3e0&_p=1578921634&sr=1600x1200&ul=en-us&cid=1376263217.1647752610&dl=https%3A%2F%2Fbenefits.otisproductions.co%2Fb%2F1%2F%3Faffid%3D7A6X%26filter%3Dlow_income%26s1%3Dnull%26s2%3Da6g633iu103y8r%26s3%3DDMSBA%26session_id%3D8775f571-1088-447b-94b1-b43e0b4c15d5%26wid%3D6d10f1e7-d65c-4ff5-a17d-1705892b1113&dt=Otis%20Productions&sid=1647752609&sct=1&seg=0&_s=2
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-CSQ3T208XX
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://benefits.otisproductions.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Sun, 20 Mar 2022 05:03:35 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://benefits.otisproductions.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET md-service-worker.js
benefits.otisproductions.co/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: benefits.otisproductions.co
URL: https://benefits.otisproductions.co/md-service-worker.js

Verdicts & Comments Add Verdict or Comment

17 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.otisproductions.co/	1970-01-20 19:13:44	Name: _ga Value: GA1.1.1376263217.1647752610
.otisproductions.co/	1970-01-20 19:13:44	Name: _ga_CSQ3T208XX Value: GS1.1.1647752609.1.1.1647752610.0
.pushaim1.xyz/	1970-01-20 01:42:36	Name: TiPMix Value: 0.836053258197407
.pushaim1.xyz/	1970-01-20 01:42:36	Name: x-ms-routing-name Value: self
.pushaim1.xyz/	1969-12-31 23:59:59	Name: ARRAffinitySameSite Value: 77326ad586acf1052ff3bf68d2c170ad6670503fcea3b010542643066a16af73

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

beacon.otisproductions.co
benefits.otisproductions.co
fonts.googleapis.com
fonts.gstatic.com
hostandpost.rputools.com
ka-f.fontawesome.com
kit.fontawesome.com
otsprd.info
pushaim1.xyz
thanos-assets.nyc3.cdn.digitaloceanspaces.com
thanos-assets.nyc3.digitaloceanspaces.com
www.google-analytics.com
www.googletagmanager.com
benefits.otisproductions.co
162.243.189.2
205.185.216.10
2606:4700:3036::6815:2ab8
2606:4700::6812:1734
2a00:1450:4001:803::2003
2a00:1450:4001:808::2008
2a00:1450:4001:811::200e
2a00:1450:4001:82b::200a
2a06:98c1:3120::7
2a06:98c1:3121::7
45.55.126.207
64.135.127.61
0b15df9bc02a8734aaa8dc77263de99fd3cba9d448f7947fb18940e21e0c6e50
223289b1b4c272f77ae307a197ba84648e4fa2fbcb541ae831cdc4175313d158
26080c69066e46c33f6e402272fd95bccafa2dda1ded5c88516a9f67784a631d
270d036a03f7583105c1757a575bba96cad50cc67c9b3b4e7d2331f5a86c212b
2e17c79e1b4d86ddba5a9d2104902942db44f856a9fd63a137cf5deb35f56366
362d6124079b14fd7aaf237e8cc09153e1ff8ff7565c1e4abf428ccaeb96866c
391ea5472b84fb18322aa53a271a0181044fb5092aa88a1edffa8fd1f1903b76
4632f2a6b880931a9a2468fe53828f3a5a4b0934d9f4f6f37d6831214469a07e
59cac1a37612eb643f9cbf618e604e946b9c66c27bad01a31ade8c93e896f303
68e26b8b9bb82ac6bb487da621b57c91d86a334e163e543ae61e9a1cfeebb9d2
6dea47458a4cd7cd7312cc780a53c62e0c8b3ccc8d0b13c1ac0ea6e3dfcecea8
704081f3b7af01e683217e42331444e58d6b9c99f3350dcff738c14b6cc5ace6
78a4d729524b91f02e5da5c8fe8a4ac01d04152dffe78781e219c3a0c5f14501
7f8b63bff49fba3c5bae30f4eb39f2fd6d088fbe9d7292bdf37b0ef4a1ec68d6
9828dfd31eb0e2ccf5f775841ff30953ad33b6417cad4ac57e3eb23528abf6c8
98b53fd42182094248dfcd219992e3740a87a135b587a652572d3ed9a500b4c4
a9cdc052efaf128fbc9e4ab55175efeaabe6761507a6d815edaebb60f9175cc2
b6adb28d718b143360af0175505063dddf327e122ac516dfdf3e7ab8c908e602
d4880710c87636a8a8aaacfd576c79a5768fc651367636c71d2443ecc4ccb02e
dbe4d590cbf353a92983a10f0a9727742ff9a94425963d750d206d005b6da6e0
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ed44acb2bdb63b0f928ae48953fdbf81b122dedbdde46099ff3738168c279b94
ef06b22dc326412a2852691bf3a96a1a2fc594eaa9bc60c945e5841b9ec5dc9d
f3e2588ed49634a56a2476e73f1acab7e0d86f2d02398e9e6615fc8e3d88c053
fc5128dfdcdfa0c3a9967a6d2f19399d7bf1aaae6ad7571b96b03915a1f30dda

benefits.otisproductions.co Open in urlscan Pro 2a06:98c1:3120::7 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

30 Requests

97 %HTTPS

67 %IPv6

10 Domains

13 Subdomains

12 IPs

2 Countries

1150 kBTransfer

2048 kBSize

5 Cookies

2 Outgoing links

Page URL History

Redirected requests

30 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

benefits.otisproductions.co Open in urlscan Pro
2a06:98c1:3120::7 Public Scan

Screenshot
Live screenshot

Full Image

30
Requests

97 %
HTTPS

67 %
IPv6

10
Domains

13
Subdomains

12
IPs

2
Countries

1150 kB
Transfer

2048 kB
Size

5
Cookies

30 HTTP transactions
1 data transactions