benefits.com Open in urlscan Pro
2606:4700:3034::ac43:d694 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://benefits.com/
Effective URL:
https://benefits.com/
Submission: On January 09 via api (January 9th 2024, 1:25:30 pm UTC) from US — Scanned from DE

Summary HTTP 116 Redirects Links 3 Behaviour Indicators

Summary

This website contacted 29 IPs in 3 countries across 20 domains to perform 116 HTTP transactions. The main IP is 2606:4700:3034::ac43:d694, located in United States and belongs to CLOUDFLARENET, US. The main domain is benefits.com.
TLS certificate: Issued by E1 on November 18th 2023. Valid for: 3 months.

This is the only time benefits.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700:303... 2606:4700:3037::6815:433a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
21	2606:4700:303... 2606:4700:3034::ac43:d694	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2606:4700::68... 2606:4700::6811:190e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:80b::200a	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:80e::2008	15169 (GOOGLE) (GOOGLE)
1	2606:4700:303... 2606:4700:3032::ac43:aa90	13335 (CLOUDFLAR...) (CLOUDFLARENET)
11	18.215.82.39 18.215.82.39	14618 (AMAZON-AES) (AMAZON-AES)
1	2600:9000:223... 2600:9000:223e:b600:19:6119:81c0:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:813::2003	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400c:c00::9c	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:803::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:811::200e	15169 (GOOGLE) (GOOGLE)
3	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2a03:2880:f08... 2a03:2880:f083:100:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2600:9000:224... 2600:9000:224a:e400:c:7d55:b3c0:93a1	16509 (AMAZON-02) (AMAZON-02)
5	2a00:1450:400... 2a00:1450:4001:80b::2004	15169 (GOOGLE) (GOOGLE)
4	18.156.64.29 18.156.64.29	16509 (AMAZON-02) (AMAZON-02)
3	18.195.235.189 18.195.235.189	16509 (AMAZON-02) (AMAZON-02)
1	2a03:2880:f17... 2a03:2880:f177:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
2	2a00:1450:400... 2a00:1450:4001:80b::200e	15169 (GOOGLE) (GOOGLE)
8	18.66.218.102 18.66.218.102	16509 (AMAZON-02) (AMAZON-02)
2	13.32.121.55 13.32.121.55	16509 (AMAZON-02) (AMAZON-02)
4	2a00:1450:400... 2a00:1450:4001:81c::2002	15169 (GOOGLE) (GOOGLE)
2 8	44.210.34.224 44.210.34.224	14618 (AMAZON-AES) (AMAZON-AES)
4	2600:9000:223... 2600:9000:223d:1c00:1c:7f1a:6680:93a1	16509 (AMAZON-02) (AMAZON-02)
4	108.156.253.67 108.156.253.67	16509 (AMAZON-02) (AMAZON-02)
4	52.23.124.10 52.23.124.10	14618 (AMAZON-AES) (AMAZON-AES)
2	2a00:1450:400... 2a00:1450:4001:82a::200e	15169 (GOOGLE) (GOOGLE)
116	29

1 2606:4700:3037::6815:433a (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

benefits.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 2606:4700:3034::ac43:d694 (United States)

ASN13335 (CLOUDFLARENET, US)

benefits.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:80e::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3032::ac43:aa90 (United States)

ASN13335 (CLOUDFLARENET, US)

www.ezojs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 18.215.82.39 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-215-82-39.compute-1.amazonaws.com

ix.leadshook.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:223e:b600:19:6119:81c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

pixel.ampry.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c00::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:803::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:811::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f083:100:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:224a:e400:c:7d55:b3c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.matomo.cloud	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:80b::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 18.156.64.29 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-156-64-29.eu-central-1.compute.amazonaws.com

tags.srv.stackadapt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.195.235.189 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-195-235-189.eu-central-1.compute.amazonaws.com

marketstormai.matomo.cloud	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f177:83:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 18.66.218.102 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-218-102.mxp63.r.cloudfront.net

static.leadshook.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.32.121.55 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-121-55.fra60.r.cloudfront.net

polyfill.leadshook.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:81c::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 44.210.34.224 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-210-34-224.compute-1.amazonaws.com

api.trustedform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:223d:1c00:1c:7f1a:6680:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.trustedform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 108.156.253.67 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-156-253-67.dus51.r.cloudfront.net

d2zdr2rqflfo3.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.23.124.10 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-23-124-10.compute-1.amazonaws.com

renderer.ampry.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
22	benefits.com 1 redirects benefits.com	249 KB
21	leadshook.io ix.leadshook.io static.leadshook.io — Cisco Umbrella Rank: 419374 polyfill.leadshook.io — Cisco Umbrella Rank: 812503	2 MB
12	trustedform.com 2 redirects api.trustedform.com — Cisco Umbrella Rank: 40286 cdn.trustedform.com — Cisco Umbrella Rank: 46525	75 KB
8	google.com region1.analytics.google.com — Cisco Umbrella Rank: 2014 www.google.com — Cisco Umbrella Rank: 6 google.com — Cisco Umbrella Rank: 1	1 KB
6	google.de www.google.de — Cisco Umbrella Rank: 4002	771 B
6	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 184 googleads.g.doubleclick.net — Cisco Umbrella Rank: 68	7 KB
6	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 395	227 KB
5	ampry.com pixel.ampry.com — Cisco Umbrella Rank: 429696 renderer.ampry.com — Cisco Umbrella Rank: 362938	23 KB
5	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 114	414 KB
4	cloudfront.net d2zdr2rqflfo3.cloudfront.net	2 KB
4	stackadapt.com tags.srv.stackadapt.com — Cisco Umbrella Rank: 4796	9 KB
4	matomo.cloud cdn.matomo.cloud — Cisco Umbrella Rank: 29507 marketstormai.matomo.cloud	74 KB
3	bing.com bat.bing.com — Cisco Umbrella Rank: 692	14 KB
3	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 115	18 KB
2	youtube.com www.youtube.com — Cisco Umbrella Rank: 79	69 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 240	91 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 101	21 KB
2	gstatic.com fonts.gstatic.com	16 KB
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 98	185 B
1	ezojs.com www.ezojs.com — Cisco Umbrella Rank: 34092	42 KB
116	20

	Domain	Requested by
22	benefits.com	1 redirects benefits.com
11	ix.leadshook.io	benefits.com ix.leadshook.io static.leadshook.io
8	api.trustedform.com	2 redirects api.trustedform.com cdn.trustedform.com
8	static.leadshook.io	ix.leadshook.io
6	www.google.de	benefits.com ix.leadshook.io
6	cdnjs.cloudflare.com	benefits.com cdnjs.cloudflare.com ix.leadshook.io
5	www.google.com	benefits.com ix.leadshook.io
5	www.googletagmanager.com	benefits.com www.google-analytics.com ix.leadshook.io
4	renderer.ampry.com	pixel.ampry.com
4	d2zdr2rqflfo3.cloudfront.net	ix.leadshook.io
4	cdn.trustedform.com	ix.leadshook.io api.trustedform.com
4	googleads.g.doubleclick.net	www.googletagmanager.com
4	tags.srv.stackadapt.com	benefits.com tags.srv.stackadapt.com
3	marketstormai.matomo.cloud	cdn.matomo.cloud
3	bat.bing.com	benefits.com bat.bing.com
3	fonts.googleapis.com	benefits.com ix.leadshook.io
2	google.com	www.googletagmanager.com
2	polyfill.leadshook.io	ix.leadshook.io
2	www.youtube.com	ix.leadshook.io www.youtube.com
2	connect.facebook.net	benefits.com connect.facebook.net
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	stats.g.doubleclick.net	www.googletagmanager.com www.google-analytics.com
2	fonts.gstatic.com	fonts.googleapis.com
1	www.facebook.com	benefits.com
1	cdn.matomo.cloud	benefits.com
1	region1.analytics.google.com	www.googletagmanager.com
1	pixel.ampry.com	benefits.com
1	www.ezojs.com	benefits.com
116	28

This site contains links to these domains. Also see Links.

Domain
start.benefits.com
www.cv4aftrk.com

Subject Issuer	Validity	Valid
benefits.com E1	`2023-11-18` - `2024-02-16`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-07-03` - `2024-07-02`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
www.ezojs.com GTS CA 1P5	`2024-01-06` - `2024-04-05`	3 months	crt.sh
leadshook.io Amazon RSA 2048 M03	`2023-10-08` - `2024-11-05`	a year	crt.sh
*.ampry.com Amazon RSA 2048 M02	`2023-02-19` - `2024-03-19`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
www.google.de GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
www.bing.com Microsoft Azure TLS Issuing CA 01	`2023-10-24` - `2024-04-21`	6 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-10-18` - `2024-01-16`	3 months	crt.sh
cdn.matomo.cloud Amazon RSA 2048 M03	`2023-10-27` - `2024-11-23`	a year	crt.sh
www.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.srv.stackadapt.com Amazon RSA 2048 M02	`2023-09-09` - `2024-10-07`	a year	crt.sh
*.matomo.cloud Amazon RSA 2048 M02	`2023-06-21` - `2024-07-19`	a year	crt.sh
*.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.cloudfront.net Amazon RSA 2048 M01	`2023-10-10` - `2024-09-19`	a year	crt.sh
*.google.de GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.trustedform.com Amazon RSA 2048 M03	`2023-08-11` - `2024-09-07`	a year	crt.sh
ampry.com Amazon RSA 2048 M02	`2023-03-06` - `2024-04-04`	a year	crt.sh
cdn.trustedform.com Amazon RSA 2048 M02	`2023-03-15` - `2024-04-12`	a year	crt.sh

This page contains 3 frames:

Primary Page: https://benefits.com/
Frame ID: 36ABEFAB7406B06354E11EBC64D4651D
Requests: 60 HTTP requests in this frame

Frame: https://ix.leadshook.io/survey/0NlKKx6XxuEjxqUjSf3ocV1IHK2ZiCYeafPYsAN5?embed=true&index=0&_ga=GA1.2.432104590.1704806725&_fbp=fb.1.1704806725254.1446501616
Frame ID: B9AAD6580BE1DBDAE5F85CE4C25BEDD0
Requests: 28 HTTP requests in this frame

Frame: https://ix.leadshook.io/survey/0NlKKx6XxuEjxqUjSf3ocV1IHK2ZiCYeafPYsAN5?embed=true&index=1&_ga=GA1.2.432104590.1704806725&_fbp=fb.1.1704806725254.1446501616
Frame ID: 7BF79152A93CF8459DFF3097FDA2CE31
Requests: 28 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Benefits.com - We Make Government Benefit Program Information Easier to Understand

Page URL History Show full URLs

http://benefits.com/ HTTP 301
https://benefits.com/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

116
Requests

98 %
HTTPS

72 %
IPv6

20
Domains

28
Subdomains

29
IPs

3
Countries

3253 kB
Transfer

14637 kB
Size

29
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: https://start.benefits.com/ssdi/?utm_source=benefits.com&utm_medium=organic&utm_campaign=homepage&utm_content=big3
Title: Disability (SSDI) Get Help with Social Security Disability Insurance benefits. Learn More

Search URL Search Domain Scan URL

URL: https://start.benefits.com/va/?utm_source=benefits.com&utm_medium=organic&utm_campaign=homepage&utm_content=big3
Title: Veteran (VA) Secure the maximum amount of Veteran Benefits today. Learn More

Search URL Search Domain Scan URL

URL: https://www.cv4aftrk.com/FNX4R/2CTPL/?sub1=benefits.com&sub2=organic&sub3=homepage&sub4=big3
Title: Grants Discover what grants you qualify for. Get more of what's yours! . Learn More

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://benefits.com/ HTTP 301
https://benefits.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 76

https://api.trustedform.com/trustedform.js?provide_referrer=false&field=xxTrustedFormCertUrl&l=17048067262870.2014053591412932&invert_field_sensitivity=false HTTP 301
https://cdn.trustedform.com/bootstrap.js?provide_referrer=false&field=xxTrustedFormCertUrl&l=17048067262870.2014053591412932&invert_field_sensitivity=false

Request Chain 82

https://api.trustedform.com/trustedform.js?provide_referrer=false&field=xxTrustedFormCertUrl&l=17048067264640.6268984850983561&invert_field_sensitivity=false HTTP 301
https://cdn.trustedform.com/bootstrap.js?provide_referrer=false&field=xxTrustedFormCertUrl&l=17048067264640.6268984850983561&invert_field_sensitivity=false

116 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
benefits.com/
Redirect Chain

http://benefits.com/
https://benefits.com/

37 KB
8 KB

553ms
447ms

Document
text/html

2606:4700:3034::ac43:d694
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://benefits.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::ac43:d694 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / WP Engine
Resource Hash: f61e2393195d9a59e7a300bf4e1377290eca355bc900a7fc1e92ab2aa317880a

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: max-age=600, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 842d0186fad96626-AMS
content-encoding: br
content-type: text/html; charset=UTF-8
date: Tue, 09 Jan 2024 13:25:24 GMT
link: <https://benefits.com/wp-json/>; rel="https://api.w.org/" <https://benefits.com/wp-json/wp/v2/pages/1480>; rel="alternate"; type="application/json" <https://benefits.com/>; rel=shortlink
server: cloudflare
vary: Accept-Encoding Accept-Encoding Accept-Encoding Accept-Encoding,Cookie
x-cache: HIT: 1
x-cache-group: normal
x-cacheable: SHORT
x-powered-by: WP Engine

Redirect headers

CF-Cache-Status: DYNAMIC
CF-RAY: 842d01849a874178-AMS
Cache-Control: max-age=600, must-revalidate
Connection: keep-alive
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Date: Tue, 09 Jan 2024 13:25:23 GMT
Location: https://benefits.com/
Server: cloudflare
X-Cache: HIT: 1
X-Cache-Group: normal
X-Cacheable: non200
X-Redirect-By: WordPress
alt-svc: h3=":443"; ma=86400
x-powered-by: WP Engine

GET
H2 200 all.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.1.1/css/ 98 KB
17 KB 131ms
49ms Stylesheet
text/css 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.1.1/css/all.min.css

Requested by

Host: benefits.com
URL: https://benefits.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0df5a33710e433de1f5415b1d47e4130ca7466aee5b81955f1045c4844bbb3ed

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://benefits.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 13:25:24 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 3496699
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 17041
last-modified: Tue, 22 Mar 2022 17:32:26 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "623a082a-4291"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I1ixyP7xET3iKIxF7uzVM6BkNqeH4RP4MRE%2BZ%2BLWtf8egPyF2GvmNGzNxH1APTKpudCQRjxH73luIMZkSJ5TmkyE%2FT7NqkeYB8KownJWYD3GpiihjBwdLIaiF3n5GAwDsxRmlYArh6mQH6EQdVxMJ%2BIy"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 842d018a493371cd-FRA
expires: Sun, 29 Dec 2024 13:25:24 GMT

GET
H2 200 style.css
benefits.com/wp-content/themes/benefits.com/assets/css/ 29 KB
5 KB 457ms
455ms Stylesheet
text/css 2606:4700:3034::ac43:d694
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://benefits.com/wp-content/themes/benefits.com/assets/css/style.css?r=183
Requested by: Host: benefits.com
URL: https://benefits.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::ac43:d694 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fd8b9aaee5d2ca94b9181c7d568449162e8a155ad454a7deaaba4dbcc217ef6a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://benefits.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 13:25:24 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Tue, 05 Dec 2023 23:48:28 GMT
server: cloudflare
etag: W/"656fb6cc-743e"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 842d0189c84e6626-AMS
alt-svc: h3=":443"; ma=86400

GET
H2 200 css2
fonts.googleapis.com/ 2 KB
902 B 136ms
49ms Stylesheet
text/css 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Poppins:wght@400;600&display=swap

Requested by

Host: benefits.com
URL: https://benefits.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

188d321da52decd5b8a5c92b29c10badb5c8ded9b9f45f802ee6b64bd8d6a564

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://benefits.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 09 Jan 2024 13:25:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 09 Jan 2024 11:36:54 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 09 Jan 2024 13:25:24 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 235 KB
81 KB 186ms
100ms Script
application/javascript 2a00:1450:4001:80e::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-61S7EYFJNT

Requested by

Host: benefits.com
URL: https://benefits.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

02fade1eeed2b193ed08834217653248ac5e05d8947e383549a267c9282e7594

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://benefits.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 13:25:24 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 82778
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 09 Jan 2024 13:25:24 GMT

GET
H2 200 style.min.css
benefits.com/wp-includes/css/dist/block-library/ 102 KB
14 KB 85ms
84ms Stylesheet
text/css 2606:4700:3034::ac43:d694
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://benefits.com/wp-includes/css/dist/block-library/style.min.css?ver=6.3.2
Requested by: Host: benefits.com
URL: https://benefits.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::ac43:d694 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 67447c3656caad630373253691f3e8f64467eafd6e7305c9b0e98111b0b41694

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://benefits.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 13:25:24 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 19 Jul 2023 11:13:55 GMT
server: cloudflare
age: 327436
etag: W/"64b7c573-19824"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 842d0189d8516626-AMS
alt-svc: h3=":443"; ma=86400

GET
H2 200 jquery.min.js Show response
benefits.com/wp-includes/js/jquery/ 85 KB
31 KB 62ms
62ms Script
application/javascript 2606:4700:3034::ac43:d694
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://benefits.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.0
Requested by: Host: benefits.com
URL: https://benefits.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::ac43:d694 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5c93f77799d122fb5255ee24da285f9f228cc118cba11e6ceb2b6bda8cdf4164

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://benefits.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 13:25:24 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 26 May 2023 11:33:35 GMT
server: cloudflare
age: 2357363
etag: W/"6470990f-155ba"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 842d0189d8526626-AMS
alt-svc: h3=":443"; ma=86400

GET
H2 200 jquery-migrate.min.js Show response
benefits.com/wp-includes/js/jquery/ 13 KB
5 KB 60ms
59ms Script
application/javascript 2606:4700:3034::ac43:d694
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://benefits.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1
Requested by: Host: benefits.com
URL: https://benefits.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::ac43:d694 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://benefits.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 13:25:24 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 09 Jun 2023 05:49:24 GMT
server: cloudflare
age: 863665
etag: W/"6482bd64-3509"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 842d0189d8546626-AMS
alt-svc: h3=":443"; ma=86400

GET
H2 200 sa.min.js Show response
www.ezojs.com/ezoic/ 121 KB
42 KB 182ms
69ms Script
application/javascript 2606:4700:3032::ac43:aa90
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.ezojs.com/ezoic/sa.min.js
Requested by: Host: benefits.com
URL: https://benefits.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:aa90 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a3445310c729d3f95ccaa8b2a90dcd483f5751ab02fc487fde5137c575142436

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://benefits.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 13:25:24 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 09 Jan 2024 03:02:46 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 37330
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1Z07bEGG6rcWNdh3NHts7sOy9x36InczCFYg4Lxi1%2BtgsOG87eY8kspGQojDIY5krR9wnLwunIBf0rKKx8Fc0h95e%2BkrpBNDfD3Uau3upKf%2FSsX4xrMHWZuGvLBqvXg%2BbW0CMDS%2BGvqMymnf"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-middleton-display: sol-js
cache-control: public, max-age=86400
x-robots-tag: noindex
cf-ray: 842d018d781ab79c-AMS
alt-svc: h3=":443"; ma=86400

GET
H2 200 benefits.png
benefits.com/wp-content/themes/benefits.com/assets/images/ 4 KB
4 KB 65ms
65ms Image
image/webp 2606:4700:3034::ac43:d694
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://benefits.com/wp-content/themes/benefits.com/assets/images/benefits.png?v=4
Requested by: Host: benefits.com
URL: https://benefits.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::ac43:d694 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1705c22f7203ba1948082190860294b9f84313a2f8901f86597cb455f211a1a8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://benefits.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 13:25:24 GMT
cf-cache-status: HIT
age: 1207546
cf-polished: origFmt=png, origSize=62064
content-disposition: inline; filename="benefits.webp"
alt-svc: h3=":443"; ma=86400
content-length: 4028
cf-bgj: imgq:100,h2pri
last-modified: Mon, 18 Sep 2023 19:52:17 GMT
server: cloudflare
etag: "6508aa71-f270"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 842d0189d8556626-AMS

GET
H2 200 js_embed Show response
ix.leadshook.io/s/ 13 KB
5 KB 1215ms
941ms Script
text/html 18.215.82.39
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://ix.leadshook.io/s/js_embed
Requested by: Host: benefits.com
URL: https://benefits.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.215.82.39 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-215-82-39.compute-1.amazonaws.com
Software: nginx/1.19.9 / Express
Resource Hash: 4c9f389586890bc121c0d45c40ea03410d3437e3bd41ad07c428886dac2f897b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://benefits.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 13:25:25 GMT
content-encoding: gzip
server: nginx/1.19.9
x-powered-by: Express
x-cache-status: MISS
vary: Accept-Encoding
etag: W/"326e-l6lDhHvboTI72LzIQJ/TJpOjhdc"
content-type: text/html; charset=utf-8

GET
H2 200 front-page-details-box-ssdi.png
benefits.com/wp-content/themes/benefits.com/assets/images/ 332 B
498 B 59ms
59ms Image
image/webp 2606:4700:3034::ac43:d694
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://benefits.com/wp-content/themes/benefits.com/assets/images/front-page-details-box-ssdi.png
Requested by: Host: benefits.com
URL: https://benefits.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::ac43:d694 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c94753f54cf76af0839eb6db13e9aa71ad04d765e2fa605204ebc5af671af39a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://benefits.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 13:25:24 GMT
cf-cache-status: HIT
age: 45868
cf-polished: origFmt=png, origSize=601
content-disposition: inline; filename="front-page-details-box-ssdi.webp"
alt-svc: h3=":443"; ma=86400
content-length: 332
cf-bgj: imgq:100,h2pri
last-modified: Mon, 18 Sep 2023 19:52:18 GMT
server: cloudflare
etag: "6508aa72-259"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 842d018a39146626-AMS

GET
H3 200 front-page-details-box-va.png
benefits.com/wp-content/themes/benefits.com/assets/images/ 164 B
457 B 65ms
65ms Image
image/webp 2606:4700:3034::ac43:d694
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://benefits.com/wp-content/themes/benefits.com/assets/images/front-page-details-box-va.png
Requested by: Host: benefits.com
URL: https://benefits.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::ac43:d694 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 428685ddbd13dabcf8699b4ba28cc158d034395453e9e0c3fe51404f87486119

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://benefits.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 13:25:24 GMT
cf-cache-status: HIT
age: 12480
cf-polished: origFmt=png, origSize=398
content-disposition: inline; filename="front-page-details-box-va.webp"
alt-svc: h3=":443"; ma=86400
content-length: 164
cf-bgj: imgq:100,h2pri
last-modified: Mon, 18 Sep 2023 19:52:18 GMT
server: cloudflare
etag: "6508aa72-18e"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 842d018a9b82998a-CDG

GET
H3 200 front-page-details-box-grants.png
benefits.com/wp-content/themes/benefits.com/assets/images/ 232 B
491 B 63ms
63ms Image
image/webp 2606:4700:3034::ac43:d694
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://benefits.com/wp-content/themes/benefits.com/assets/images/front-page-details-box-grants.png
Requested by: Host: benefits.com
URL: https://benefits.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::ac43:d694 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2534deb3514672a6957d5716c87bb0f4d63a935d4599f32f294209bbc3a36805

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://benefits.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 13:25:24 GMT
cf-cache-status: HIT
age: 12480
cf-polished: origFmt=png, origSize=501
content-disposition: inline; filename="front-page-details-box-grants.webp"
alt-svc: h3=":443"; ma=86400
content-length: 232
cf-bgj: imgq:100,h2pri
last-modified: Mon, 18 Sep 2023 19:52:18 GMT
server: cloudflare
etag: "6508aa72-1f5"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 842d018b0bf6998a-CDG

GET
H3 200 front-page-quiz-img.png
benefits.com/wp-content/themes/benefits.com/assets/images/ 298 B
552 B 60ms
59ms Image
image/webp 2606:4700:3034::ac43:d694
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://benefits.com/wp-content/themes/benefits.com/assets/images/front-page-quiz-img.png
Requested by: Host: benefits.com
URL: https://benefits.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::ac43:d694 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: be00463181764a24723572cdbb07428c967d0e5c80878a6f4aaca1954a41dba9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://benefits.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 13:25:24 GMT
cf-cache-status: HIT
age: 12479
cf-polished: origFmt=png, origSize=657
content-disposition: inline; filename="front-page-quiz-img.webp"
alt-svc: h3=":443"; ma=86400
content-length: 298
cf-bgj: imgq:100,h2pri
last-modified: Mon, 18 Sep 2023 19:52:18 GMT
server: cloudflare
etag: "6508aa72-291"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 842d018b6c7f998a-CDG

GET
H3 200 front-page-newsletter-img.png
benefits.com/wp-content/themes/benefits.com/assets/images/ 320 B
576 B 61ms
61ms Image
image/webp 2606:4700:3034::ac43:d694
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://benefits.com/wp-content/themes/benefits.com/assets/images/front-page-newsletter-img.png
Requested by: Host: benefits.com
URL: https://benefits.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::ac43:d694 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b9c043ec3e8104d09e08fc14f8bd1afb5ad91fee207525ade4e4ba4c23d38c99

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://benefits.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 13:25:24 GMT
cf-cache-status: HIT
age: 12479
cf-polished: origFmt=png, origSize=649
content-disposition: inline; filename="front-page-newsletter-img.webp"
alt-svc: h3=":443"; ma=86400
content-length: 320
cf-bgj: imgq:100,h2pri
last-modified: Mon, 18 Sep 2023 19:52:18 GMT
server: cloudflare
etag: "6508aa72-289"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 842d018cbe2c998a-CDG

GET
H3 200 app.js Show response
benefits.com/wp-content/themes/benefits.com/assets/js/ 995 B
628 B 60ms
59ms Script
application/javascript 2606:4700:3034::ac43:d694
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://benefits.com/wp-content/themes/benefits.com/assets/js/app.js?ver=1.2
Requested by: Host: benefits.com
URL: https://benefits.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::ac43:d694 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bc7ed14338631eb24268b2424e3969c1ea15f060bcb6e298a900d481565cd47a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://benefits.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 13:25:24 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 18 Sep 2023 19:52:19 GMT
server: cloudflare
age: 23558
etag: W/"6508aa73-3e3"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 842d018bccdb998a-CDG
alt-svc: h3=":443"; ma=86400

GET
H3 200 frontend.min.js Show response
benefits.com/wp-content/plugins/link-whisper-premium/js/ 5 KB
2 KB 63ms
63ms Script
application/javascript 2606:4700:3034::ac43:d694
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://benefits.com/wp-content/plugins/link-whisper-premium/js/frontend.min.js?ver=1704393045
Requested by: Host: benefits.com
URL: https://benefits.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::ac43:d694 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 141ac568be4ebb63260741515cc6e4a81fe3abaa2599567ed81922801800fc5a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://benefits.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 13:25:24 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 04 Jan 2024 18:30:45 GMT
server: cloudflare
age: 23558
etag: W/"6596f955-128e"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 842d018c2d4a998a-CDG
alt-svc: h3=":443"; ma=86400

GET
H2 200 track.js Show response
pixel.ampry.com/ 82 KB
19 KB 159ms
46ms Script
application/javascript 2600:9000:223e:b600:19:6119:81c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.ampry.com/track.js
Requested by: Host: benefits.com
URL: https://benefits.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:b600:19:6119:81c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b19f4154f1166872b1a37173480c96de59f70754b749562b3d67a6c3950a15ad

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://benefits.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 30 Sep 2023 16:13:09 GMT
x-amz-version-id: FX4VK5VoEQoEQwmZAUhykqOtH8IUZT1o
content-encoding: gzip
last-modified: Fri, 21 Jul 2023 13:29:24 GMT
server: AmazonS3
via: 1.1 f8f9f25f837c0ce4e62b6d917642b56a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P4
etag: W/"bf361776772450fff78e7438e46b4003"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=31536000
age: 8716336
x-amz-cf-id: IgDdVp5VszP_mJ7b1k5oKemmd7a225HDu1ln4GTaZedB_DX2aAye7A==

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 248 KB
88 KB 128ms
55ms Script
application/javascript 2a00:1450:4001:80e::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-M84KTS9

Requested by

Host: benefits.com
URL: https://benefits.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

b75dd5704c75a55d53b95c789b9b42659a1a8fe0f291346dec68b76f189cb658

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://benefits.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 13:25:24 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 89580
x-xss-protection: 0
last-modified: Tue, 09 Jan 2024 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 09 Jan 2024 13:25:24 GMT

GET
H3 200 front-page-welcome-bg.jpg
benefits.com/wp-content/themes/benefits.com/assets/images/ 90 KB
91 KB 541ms
540ms Image
image/jpeg 2606:4700:3034::ac43:d694
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://benefits.com/wp-content/themes/benefits.com/assets/images/front-page-welcome-bg.jpg
Requested by: Host: benefits.com
URL: https://benefits.com/wp-content/themes/benefits.com/assets/css/style.css?r=183
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::ac43:d694 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d8aaba1d378de27bff26a4f9512ba9c1d882d9f146e1b9c5ed07c3c15ff4afb4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://benefits.com/wp-content/themes/benefits.com/assets/css/style.css?r=183
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 13:25:25 GMT
cf-cache-status: MISS
last-modified: Mon, 18 Sep 2023 19:52:18 GMT
server: cloudflare
etag: "6508aa72-1697b"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 842d018cce36998a-CDG
alt-svc: h3=":443"; ma=86400
content-length: 92539

GET
H2 200 pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
8 KB 130ms
44ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Poppins:wght@400;600&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://benefits.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 12:31:59 GMT
x-content-type-options: nosniff
age: 3205
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7884
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 17:03:52 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 08 Jan 2025 12:31:59 GMT

GET
H3 200 fa-solid-900.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.1.1/webfonts/ 151 KB
151 KB 97ms
52ms Font
application/octet-stream 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.1.1/webfonts/fa-solid-900.woff2

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.1.1/css/all.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f3d7854a5e060542337a731983a1f0c053e1d7412dd69b4ffdebc37e9028eeac

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.1.1/css/all.min.css
Origin: https://benefits.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 13:25:24 GMT
strict-transport-security: max-age=15780000
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 3487374
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 154228
last-modified: Tue, 22 Mar 2022 17:32:26 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "623a082a-25a74"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7cZjhTE0BXnLBn46PheR4imlLAc5hwVKMmhG%2BWv%2FtkI7podUY1auR3Y%2BNVJHrUdM7azuySLpibtlvOlgK2zTHp2j3fK3xHCchQH2%2BpYV47feBAs9WwsrR%2B0bPZhoehcSX%2F510SaWjmQGPekblHYKC1Yp"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 842d018d0bd75d42-FRA
expires: Sun, 29 Dec 2024 13:25:24 GMT

GET
H2 200 pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
8 KB 125ms
39ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Poppins:wght@400;600&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://benefits.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 08:45:47 GMT
x-content-type-options: nosniff
age: 16777
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8000
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:59:07 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 08 Jan 2025 08:45:47 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
251 B 132ms
46ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-61S7EYFJNT&gtm=45je4130v9119159328&_p=1704806724566&_gaz=1&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=432104590.1704806725&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1704806724&sct=1&seg=0&dl=https%3A%2F%2Fbenefits.com%2F&dt=Benefits.com%20-%20We%20Make%20Government%20Benefit%20Program%20Information%20Easier%20to%20Understand&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=1748
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-61S7EYFJNT
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://benefits.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 09 Jan 2024 13:25:24 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://benefits.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
251 B 153ms
52ms Ping
text/plain 2a00:1450:400c:c00::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-61S7EYFJNT&cid=432104590.1704806725&gtm=45je4130v9119159328&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-61S7EYFJNT
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c00::9c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://benefits.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 09 Jan 2024 13:25:24 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://benefits.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
408 B 152ms
66ms Image
image/gif 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-61S7EYFJNT&cid=432104590.1704806725&gtm=45je4130v9119159328&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1&z=1443417395

Requested by

Host: benefits.com
URL: https://benefits.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://benefits.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 09 Jan 2024 13:25:24 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 124ms
39ms Script
text/javascript 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M84KTS9

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://benefits.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 09 Jan 2024 13:22:27 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 177
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Tue, 09 Jan 2024 15:22:27 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ 45 KB
13 KB 160ms
63ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: benefits.com
URL: https://benefits.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

5e319852607809336b2534ffeb96f6933f26994dd040f535302c84f59cc0a214

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://benefits.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Tue, 09 Jan 2024 13:25:24 GMT
last-modified: Fri, 10 Nov 2023 20:09:55 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: AC563A09FB0C4B24A1E0E9FE70CB6CE8 Ref B: FRA31EDGE0114 Ref C: 2024-01-09T13:25:24Z
etag: "80abcdf1114da1:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 13175

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 202 KB
54 KB 118ms
39ms Script
application/x-javascript 2a03:2880:f083:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: benefits.com
URL: https://benefits.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

b625d5a8adce0e637b3263a627b65445e87da3ec1e62aff4ff86869707ed4fe7

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://benefits.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), keyboard-map=(), picture-in-picture=(), xr-spatial-tracking=()
content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Tue, 09 Jan 2024 13:25:24 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 54366
x-xss-protection: 0
reporting-endpoints
pragma: public
x-fb-debug: V89oh6s3rAR5gcDB5NA/kyYLZCeUMWwSxeOumrIeXpLV2t1qEZGFqCIBezuOH4lQr5eGj644WQ+k4+LCpKsQfw==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 container_Afi9gdAl.js Show response
cdn.matomo.cloud/marketstormai.matomo.cloud/ 271 KB
74 KB 238ms
142ms Script
application/javascript 2600:9000:224a:e400:c:7d55:b3c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.matomo.cloud/marketstormai.matomo.cloud/container_Afi9gdAl.js

Requested by

Host: benefits.com
URL: https://benefits.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:224a:e400:c:7d55:b3c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

f9e8caf28fb3f539674e2a59be1d14baec3d8bc60e4688142b07062cc480de29

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://benefits.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 13:25:25 GMT
x-amz-version-id: LLJjQNjCzJzIIDyiGUWuoT1h0eneyUmq
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Fri, 08 Dec 2023 01:57:13 GMT
server: CloudFront
via: 1.1 2b483ab832506bc86647b6ceba38dc9e.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-P1
etag: W/"53ba5681636fac68e269462b32df5fe5"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/javascript; charset=utf-8
cache-control: max-age=691200
x-amz-replication-status: COMPLETED
x-amz-cf-id: GDecrhYCEH8QB71DQKETeZ7o4YZ6Q7skti8vJvqnAkpyVtT8s2J4Ow==

POST
H2 200 collect Show response
www.google-analytics.com/j/ 16 B
219 B 46ms
46ms XHR
text/plain 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=486385076&t=pageview&_s=1&dl=https%3A%2F%2Fbenefits.com%2F&ul=en-us&de=UTF-8&dt=Benefits.com%20-%20We%20Make%20Government%20Benefit%20Program%20Information%20Easier%20to%20Understand&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAEABAAAAACAAI~&jid=1202351924&gjid=680701927&cid=432104590.1704806725&tid=UA-119266907-1&_gid=1228043554.1704806725&_r=1&_slc=1&gtm=45He4130n81M84KTS9v79027750&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&z=148620188

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

2a123d813111fa6c421bfdf41d3a8f3ed67ea567b2692fc099a71769cc4753cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://benefits.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 09 Jan 2024 13:25:25 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://benefits.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 134004590.js Show response
bat.bing.com/p/action/ 0
118 B 64ms
64ms Script
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/134004590.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://benefits.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
date: Tue, 09 Jan 2024 13:25:24 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: FFBEEFF0842C4885BBF4C7236AA65352 Ref B: FRA31EDGE0114 Ref C: 2024-01-09T13:25:25Z
x-cache: CONFIG_NOCACHE

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
151 B 51ms
51ms XHR
text/plain 2a00:1450:400c:c00::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-119266907-1&cid=432104590.1704806725&jid=1202351924&gjid=680701927&_gid=1228043554.1704806725&_u=YADAAEAAAAAAACAAI~&z=1497930604

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://benefits.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Tue, 09 Jan 2024 13:25:25 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://benefits.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 239 KB
83 KB 59ms
59ms Script
application/javascript 2a00:1450:4001:80e::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-61S7EYFJNT&cx=c&_slc=1

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

99e1fb4618dee96b3f5056d56dbf3b9a186c8d12632dd242d9d57707456cc9e1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://benefits.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 13:25:25 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 84554
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 09 Jan 2024 13:25:25 GMT

GET
H2 200 815144366094512 Show response
connect.facebook.net/signals/config/ 141 KB
36 KB 144ms
144ms Script
application/x-javascript 2a03:2880:f083:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/815144366094512?v=2.9.139&r=stable&domain=benefits.com

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

10c26048505644bce66b11440a1c35ff0bee0658d32ec7dd2f978d2b27728dfa

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://benefits.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), keyboard-map=(), picture-in-picture=(), xr-spatial-tracking=()
content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Tue, 09 Jan 2024 13:25:25 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints
pragma: public
x-fb-debug: xfTqTHul3vC6rsS8aFghrH0Qy6Pxv6XwtNArjFzB7YUxW4HKtFtEPtYbAUyDAHeLbkMFt8y007/EQ4UhUidiyQ==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
408 B 225ms
67ms Image
image/gif 2a00:1450:4001:80b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-119266907-1&cid=432104590.1704806725&jid=1202351924&_u=YADAAEAAAAAAACAAI~&z=24487905

Requested by

Host: benefits.com
URL: https://benefits.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://benefits.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 09 Jan 2024 13:25:25 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 65ms
65ms Image
image/gif 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-119266907-1&cid=432104590.1704806725&jid=1202351924&_u=YADAAEAAAAAAACAAI~&z=24487905

Requested by

Host: benefits.com
URL: https://benefits.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://benefits.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 09 Jan 2024 13:25:25 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 events.js Show response
tags.srv.stackadapt.com/ 18 KB
7 KB 222ms
131ms Script
text/javascript 18.156.64.29
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/events.js
Requested by: Host: benefits.com
URL: https://benefits.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.156.64.29 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-64-29.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: a113596aff7986dafa9b501d9eb455650b956dbc2dcadd689cde88cea2d07af1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://benefits.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 09 Jan 2024 13:25:25 GMT
cache-control: max-age=5
content-encoding: gzip
content-type: text/javascript

POST
H2 204 matomo.php
marketstormai.matomo.cloud/ 0
171 B 163ms
72ms Ping
text/plain 18.195.235.189
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://marketstormai.matomo.cloud/matomo.php?action_name=Benefits.com%20-%20We%20Make%20Government%20Benefit%20Program%20Information%20Easier%20to%20Understand&idsite=88&rec=1&r=891931&h=14&m=25&s=25&url=https%3A%2F%2Fbenefits.com%2F&_id=1939d92428590507&_idn=1&send_image=0&_refts=0&pv_id=NgkOLG&pf_net=106&pf_srv=447&pf_tfr=60&uadata=%7B%22fullVersionList%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%7D&pdf=1&qt=0&realp=0&wma=0&fla=0&java=0&ag=0&cookie=1&res=1600x1200
Requested by: Host: cdn.matomo.cloud
URL: https://cdn.matomo.cloud/marketstormai.matomo.cloud/container_Afi9gdAl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.235.189 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-235-189.eu-central-1.compute.amazonaws.com
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://benefits.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=utf-8

Response headers

access-control-allow-origin: https://benefits.com
date: Tue, 09 Jan 2024 13:25:25 GMT
access-control-allow-credentials: true
server: Apache
vary: Origin,X-Forwarded-Port-Override,X-Forwarded-Proto-Override,User-Agent

GET
H2 200 configs.php Show response
marketstormai.matomo.cloud/plugins/HeatmapSessionRecording/ 117 B
292 B 128ms
45ms Script
application/javascript 18.195.235.189
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://marketstormai.matomo.cloud/plugins/HeatmapSessionRecording/configs.php?idsite=88&trackerid=UeOGz3&url=https%3A%2F%2Fbenefits.com%2F
Requested by: Host: cdn.matomo.cloud
URL: https://cdn.matomo.cloud/marketstormai.matomo.cloud/container_Afi9gdAl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.235.189 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-235-189.eu-central-1.compute.amazonaws.com
Software: Apache /
Resource Hash: a0016f5b9d05a25d15be34c56c7e2a835d9ab75a67ef6c40e004eaadff81c4ec

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://benefits.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 13:25:25 GMT
content-encoding: gzip
server: Apache
content-length: 120
vary: X-Forwarded-Port-Override,X-Forwarded-Proto-Override,Accept-Encoding,User-Agent
content-type: application/javascript

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 118ms
39ms Image
text/plain 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=815144366094512&ev=PageView&dl=https%3A%2F%2Fbenefits.com%2F&rl=&if=false&ts=1704806725255&sw=1600&sh=1200&v=2.9.139&r=stable&ec=0&o=4126&fbp=fb.1.1704806725254.1446501616&cs_est=true&ler=empty&it=1704806725083&coo=false&rqm=GET

Requested by

Host: benefits.com
URL: https://benefits.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://benefits.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Tue, 09 Jan 2024 13:25:25 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 css_embed
ix.leadshook.io/s/ 10 KB
3 KB 206ms
206ms Stylesheet
text/css 18.215.82.39
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://ix.leadshook.io/s/css_embed
Requested by: Host: ix.leadshook.io
URL: https://ix.leadshook.io/s/js_embed
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.215.82.39 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-215-82-39.compute-1.amazonaws.com
Software: nginx/1.19.9 / Express
Resource Hash: 608fe8cb2a8dc300efdd195ce5f4b62559a70382fabf0ca4bf6603622d650b46

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://benefits.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 13:25:25 GMT
content-encoding: gzip
server: nginx/1.19.9
x-powered-by: Express
x-cache-status: MISS
vary: Accept-Encoding
etag: W/"29e0-fZ8z0myIyaI8G4hHnK3ZlJVU1+I"
content-type: text/css; charset=utf-8

GET
H2 200 0NlKKx6XxuEjxqUjSf3ocV1IHK2ZiCYeafPYsAN5 Show response
ix.leadshook.io/survey/ Frame B9AA 177 KB
21 KB 252ms
252ms Document
text/html 18.215.82.39
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://ix.leadshook.io/survey/0NlKKx6XxuEjxqUjSf3ocV1IHK2ZiCYeafPYsAN5?embed=true&index=0&_ga=GA1.2.432104590.1704806725&_fbp=fb.1.1704806725254.1446501616
Requested by: Host: ix.leadshook.io
URL: https://ix.leadshook.io/s/js_embed
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.215.82.39 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-215-82-39.compute-1.amazonaws.com
Software: nginx/1.19.9 / Express
Resource Hash: e9669dceaae081da2e8f271cef50b3f0616117ba15a1dc2d16c16832723cd604

Request headers

Referer: https://benefits.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Tue, 09 Jan 2024 13:25:25 GMT
etag: W/"2c337-S3jX0WyfRSW1JHh9s7Mq30Ztwrs"
expires: 0
pragma: no-cache
server: nginx/1.19.9
vary: Accept-Encoding
x-cache-status: MISS
x-powered-by: Express
x-username: undefined

GET
H2 200 iframe_api Show response
www.youtube.com/ 993 B
2 KB 145ms
59ms Script
text/javascript 2a00:1450:4001:80b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/iframe_api

Requested by

Host: ix.leadshook.io
URL: https://ix.leadshook.io/s/js_embed

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

0271e782d0e49674121fe3f5e703dfbff44ed8de8b8625a006eeb4a9702724d7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://benefits.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 13:25:25 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: br
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=de for more info."
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
server: ESF
x-frame-options: SAMEORIGIN
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
content-type: text/javascript; charset=utf-8
vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: private, max-age=0
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
origin-trial: AvC9UlR6RDk2crliDsFl66RWLnTbHrDbp+DiY6AYz/PNQ4G4tdUTjrHYr2sghbkhGQAVxb7jaPTHpEVBz0uzQwkAAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTcxOTUzMjc5OSwiaXNTdWJkb21haW4iOnRydWV9
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
expires: Tue, 09 Jan 2024 13:25:25 GMT

GET
H2 200 js_embed Show response
ix.leadshook.io/s/ 13 KB
5 KB 125ms
125ms Script
text/html 18.215.82.39
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://ix.leadshook.io/s/js_embed
Requested by: Host: benefits.com
URL: https://benefits.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.215.82.39 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-215-82-39.compute-1.amazonaws.com
Software: nginx/1.19.9 / Express
Resource Hash: 4c9f389586890bc121c0d45c40ea03410d3437e3bd41ad07c428886dac2f897b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://benefits.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 13:25:25 GMT
content-encoding: gzip
server: nginx/1.19.9
x-powered-by: Express
x-cache-status: HIT
vary: Accept-Encoding
etag: W/"326e-l6lDhHvboTI72LzIQJ/TJpOjhdc"
content-type: text/html; charset=utf-8

GET
H2 200 sa.css
tags.srv.stackadapt.com/ 65 B
203 B 130ms
129ms Stylesheet
text/css 18.156.64.29
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/sa.css
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.156.64.29 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-64-29.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 3d5e3514163864b381ab11226aef049f423b11f7487f9c65bffe3d1a95e348b3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://benefits.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 09 Jan 2024 13:25:25 GMT
cache-control: only-if-cached, no-transform, private, max-age=7776000
content-length: 65
content-type: text/css

GET
H2 200 sa.jpeg Show response
tags.srv.stackadapt.com/ 0
2 KB 209ms
130ms Fetch
image/jpeg 18.156.64.29
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/sa.jpeg
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.156.64.29 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-64-29.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://benefits.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 09 Jan 2024 13:25:25 GMT
cache-control: only-if-cached, no-transform, private, max-age=7776000
content-length: 651
content-type: image/jpeg

GET
H2 200 0NlKKx6XxuEjxqUjSf3ocV1IHK2ZiCYeafPYsAN5 Show response
ix.leadshook.io/survey/ Frame 7BF7 177 KB
21 KB 428ms
427ms Document
text/html 18.215.82.39
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://ix.leadshook.io/survey/0NlKKx6XxuEjxqUjSf3ocV1IHK2ZiCYeafPYsAN5?embed=true&index=1&_ga=GA1.2.432104590.1704806725&_fbp=fb.1.1704806725254.1446501616
Requested by: Host: ix.leadshook.io
URL: https://ix.leadshook.io/s/js_embed
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.215.82.39 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-215-82-39.compute-1.amazonaws.com
Software: nginx/1.19.9 / Express
Resource Hash: b64a5c69d41a41ed80d89aac201772d245a94d13d18f8669fdc0cdce9c691c28

Request headers

Referer: https://benefits.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Tue, 09 Jan 2024 13:25:25 GMT
etag: W/"2c337-Z543L8d2RMm1IdVYv0AWqQoI8ng"
expires: 0
pragma: no-cache
server: nginx/1.19.9
vary: Accept-Encoding
x-cache-status: MISS
x-powered-by: Express
x-username: undefined

GET
H3 200 benefits.png
benefits.com/wp-content/themes/benefits.com/assets/images/ 4 KB
4 KB 60ms
60ms Image
image/webp 2606:4700:3034::ac43:d694
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://benefits.com/wp-content/themes/benefits.com/assets/images/benefits.png?v=4
Requested by: Host: benefits.com
URL: https://benefits.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::ac43:d694 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1705c22f7203ba1948082190860294b9f84313a2f8901f86597cb455f211a1a8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://benefits.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 13:25:25 GMT
cf-cache-status: HIT
age: 114349
cf-polished: origFmt=png, origSize=62064
content-disposition: inline; filename="benefits.webp"
alt-svc: h3=":443"; ma=86400
content-length: 4028
cf-bgj: imgq:100,h2pri
last-modified: Mon, 18 Sep 2023 19:52:17 GMT
server: cloudflare
etag: "6508aa71-f270"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 842d01925f69998a-CDG

GET
H3 200 va-form-21-686C-300x199.jpeg
benefits.com/wp-content/uploads/2023/12/ 14 KB
15 KB 60ms
60ms Image
image/jpeg 2606:4700:3034::ac43:d694
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://benefits.com/wp-content/uploads/2023/12/va-form-21-686C-300x199.jpeg
Requested by: Host: benefits.com
URL: https://benefits.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::ac43:d694 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5b94ec9c2602eadfffee173449e17eb83a791eef3dcbdc51b6efb9ae17e89dfe

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://benefits.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 13:25:25 GMT
cf-cache-status: HIT
age: 23558
cf-polished: origSize=23600
alt-svc: h3=":443"; ma=86400
content-length: 14641
cf-bgj: imgq:100,h2pri
last-modified: Fri, 22 Dec 2023 03:14:41 GMT
server: cloudflare
etag: "6584ff21-5c30"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 842d01925f6e998a-CDG

GET
H3 200 10-point-veterans-preference-300x200.jpeg
benefits.com/wp-content/uploads/2023/12/ 11 KB
11 KB 61ms
60ms Image
image/jpeg 2606:4700:3034::ac43:d694
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://benefits.com/wp-content/uploads/2023/12/10-point-veterans-preference-300x200.jpeg
Requested by: Host: benefits.com
URL: https://benefits.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::ac43:d694 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 521101071e783b36df3d9f5c0ad8a9431fa85e0b52e51bbc5d2cc0e059037d52

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://benefits.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 13:25:25 GMT
cf-cache-status: HIT
age: 23558
cf-polished: origSize=21898
alt-svc: h3=":443"; ma=86400
content-length: 10802
cf-bgj: imgq:100,h2pri
last-modified: Fri, 22 Dec 2023 03:05:52 GMT
server: cloudflare
etag: "6584fd10-558a"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 842d01925f6f998a-CDG

GET
H3 200 679-8-300x169.jpg
benefits.com/wp-content/uploads/2022/05/ 11 KB
11 KB 59ms
58ms Image
image/jpeg 2606:4700:3034::ac43:d694
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://benefits.com/wp-content/uploads/2022/05/679-8-300x169.jpg
Requested by: Host: benefits.com
URL: https://benefits.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::ac43:d694 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a603017dc3e8b510c88997cc8f8048e684cd166193944f0f96aa6e49e425f378

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://benefits.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 13:25:25 GMT
cf-cache-status: HIT
age: 23556
cf-polished: origSize=11658
alt-svc: h3=":443"; ma=86400
content-length: 10858
cf-bgj: imgq:100,h2pri
last-modified: Wed, 30 Aug 2023 01:59:24 GMT
server: cloudflare
etag: "64eea27c-2d8a"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 842d01925f70998a-CDG

GET
H3 200 1240-1-300x200.jpg
benefits.com/wp-content/uploads/2021/09/ 8 KB
9 KB 443ms
443ms Image
image/jpeg 2606:4700:3034::ac43:d694
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://benefits.com/wp-content/uploads/2021/09/1240-1-300x200.jpg
Requested by: Host: benefits.com
URL: https://benefits.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::ac43:d694 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 994dce092654e875b1563168d5e68c5de4cb86769d28b632d12e509dceac2a3d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://benefits.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 13:25:25 GMT
cf-cache-status: MISS
last-modified: Wed, 30 Aug 2023 01:54:29 GMT
server: cloudflare
etag: "64eea155-21c2"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 842d01925f72998a-CDG
alt-svc: h3=":443"; ma=86400
content-length: 8642

GET
H3 200 VA-DIC-300x202.jpeg
benefits.com/wp-content/uploads/2023/12/ 17 KB
17 KB 62ms
61ms Image
image/jpeg 2606:4700:3034::ac43:d694
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://benefits.com/wp-content/uploads/2023/12/VA-DIC-300x202.jpeg
Requested by: Host: benefits.com
URL: https://benefits.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::ac43:d694 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d605760868c5d6c5cd8c7de55b5074cf3d3b3576184a7b0ca417a9b6460e534e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://benefits.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 13:25:25 GMT
cf-cache-status: HIT
age: 23557
cf-polished: origSize=27265
alt-svc: h3=":443"; ma=86400
content-length: 17256
cf-bgj: imgq:100,h2pri
last-modified: Tue, 05 Dec 2023 02:12:02 GMT
server: cloudflare
etag: "656e86f2-6a81"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 842d01925f73998a-CDG

GET
H3 200 Guide-for-Disabled-Veterans-300x200.jpeg
benefits.com/wp-content/uploads/2023/11/ 20 KB
20 KB 63ms
62ms Image
image/jpeg 2606:4700:3034::ac43:d694
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://benefits.com/wp-content/uploads/2023/11/Guide-for-Disabled-Veterans-300x200.jpeg
Requested by: Host: benefits.com
URL: https://benefits.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::ac43:d694 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 755c955727ca085a1306ef961db73013e9bc988be481053cb2ec4296c47dc5ba

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://benefits.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 13:25:25 GMT
cf-cache-status: HIT
age: 23557
cf-polished: origSize=34195
alt-svc: h3=":443"; ma=86400
content-length: 20083
cf-bgj: imgq:100,h2pri
last-modified: Thu, 23 Nov 2023 02:08:16 GMT
server: cloudflare
etag: "655eb410-8593"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 842d01925f74998a-CDG

GET
H2 204 0
bat.bing.com/action/ 0
287 B 64ms
63ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=134004590&Ver=2&mid=370c2030-3c29-4ecd-9d4c-dc8207837b56&sid=8c563d80aef211eeb4d4ddaf50a7c987&vid=8c562ec0aef211eea52c8dbd55c03993&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=Benefits.com%20-%20We%20Make%20Government%20Benefit%20Program%20Information%20Easier%20to%20Understand&p=https%3A%2F%2Fbenefits.com%2F&r=&lt=2367&evt=pageLoad&sv=1&rn=798557

Requested by

Host: benefits.com
URL: https://benefits.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://benefits.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 09 Jan 2024 13:25:25 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 66DECD0E03494617B34DC49FDB2B0D01 Ref B: FRA31EDGE0114 Ref C: 2024-01-09T13:25:25Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 www-widgetapi.js Show response
www.youtube.com/s/player/4fd50162/www-widgetapi.vflset/ 216 KB
67 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:80b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/4fd50162/www-widgetapi.vflset/www-widgetapi.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/iframe_api

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d772756f7f30b155def5b4c539d7883b69134c27e64be72d6e2fd98b37718843

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://benefits.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 12:52:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1991
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68492
x-xss-protection: 0
last-modified: Wed, 03 Jan 2024 02:44:34 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Wed, 08 Jan 2025 12:52:14 GMT

GET
H2 200 d3fed649.frontend_vendor.css
static.leadshook.io/app/ Frame B9AA 29 KB
5 KB 158ms
49ms Stylesheet
text/css 18.66.218.102
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.leadshook.io/app/d3fed649.frontend_vendor.css
Requested by: Host: ix.leadshook.io
URL: https://ix.leadshook.io/survey/0NlKKx6XxuEjxqUjSf3ocV1IHK2ZiCYeafPYsAN5?embed=true&index=0&_ga=GA1.2.432104590.1704806725&_fbp=fb.1.1704806725254.1446501616
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.218.102 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-218-102.mxp63.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 3715b504c68323affe436a0169f96fcccfff8f0632a7bce1ca2a762ff714fd17

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ix.leadshook.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 07:30:39 GMT
content-encoding: gzip
via: 1.1 a659f7836f37684fda1f390ef3140e5a.cloudfront.net (CloudFront)
last-modified: Mon, 01 Jan 2024 15:28:29 GMT
server: AmazonS3
x-amz-cf-pop: MXP63-P2
age: 23392
x-amz-server-side-encryption: AES256
etag: W/"d3fed6497d41e35427f8a3440db188fb"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css; charset=utf-8
x-amz-cf-id: o56zPImErjnzgXIi_cK3-gLYrQkOokWGSfv6kYgSujQ_Jd_7hfX4NA==

GET
H2 200 7ed49953.app.css
static.leadshook.io/app/ Frame B9AA 279 KB
47 KB 166ms
57ms Stylesheet
text/css 18.66.218.102
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.leadshook.io/app/7ed49953.app.css
Requested by: Host: ix.leadshook.io
URL: https://ix.leadshook.io/survey/0NlKKx6XxuEjxqUjSf3ocV1IHK2ZiCYeafPYsAN5?embed=true&index=0&_ga=GA1.2.432104590.1704806725&_fbp=fb.1.1704806725254.1446501616
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.218.102 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-218-102.mxp63.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f93156b0e55f73fa048853c532d79b93fa03a9c588966de030662d458a43c694

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ix.leadshook.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 02:51:52 GMT
content-encoding: gzip
via: 1.1 a659f7836f37684fda1f390ef3140e5a.cloudfront.net (CloudFront)
last-modified: Mon, 01 Jan 2024 15:28:28 GMT
server: AmazonS3
x-amz-cf-pop: MXP63-P2
age: 38014
x-amz-server-side-encryption: AES256
etag: W/"7ed499539d42f027e89486cfb9ef2a02"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css; charset=utf-8
x-amz-cf-id: eAikHuajyPD9Fj7SZCV08XQwv82avqXuu3O936C8ircRY3Gp-sKj_Q==

GET
H2 200 pollyfill.js Show response
polyfill.leadshook.io/ Frame B9AA 101 B
537 B 143ms
41ms Script
application/javascript 13.32.121.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://polyfill.leadshook.io/pollyfill.js

Requested by

Host: ix.leadshook.io
URL: https://ix.leadshook.io/survey/0NlKKx6XxuEjxqUjSf3ocV1IHK2ZiCYeafPYsAN5?embed=true&index=0&_ga=GA1.2.432104590.1704806725&_fbp=fb.1.1704806725254.1446501616

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.121.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-121-55.fra60.r.cloudfront.net

Software

CloudFront /

Resource Hash

d7f817255acac24d24766a420471f23c0796b5228b84f8432bf70570ed870b72

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ix.leadshook.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sun, 07 Jan 2024 15:22:22 GMT
content-security-policy: default-src 'self'
via: 1.1 5fa65194b963365c20fbd28444032cfc.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: FRA60-P1
age: 165783
access-control-allow-methods: GET,HEAD,OPTIONS
content-type: application/javascript;charset=utf-8
access-control-allow-origin: *
x-cache: Hit from cloudfront
cache-control: max-age=31536000
feature-policy: camera 'none'; microphone 'none'; speaker 'none'
content-length: 101
x-amz-cf-id: OPrHnjfX0wxzS8aaq97uCWsyd2TP3TpYm4ToPf8wnNtNwAuwkTaiXQ==

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ Frame B9AA 234 KB
81 KB 56ms
56ms Script
application/javascript 2a00:1450:4001:80e::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-10876875974

Requested by

Host: ix.leadshook.io
URL: https://ix.leadshook.io/survey/0NlKKx6XxuEjxqUjSf3ocV1IHK2ZiCYeafPYsAN5?embed=true&index=0&_ga=GA1.2.432104590.1704806725&_fbp=fb.1.1704806725254.1446501616

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

1c57be229caa8e3f6d3739002a6e2b2dc969f68e43ba528a1e4c2d8575927f05

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ix.leadshook.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 13:25:26 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 82891
x-xss-protection: 0
last-modified: Tue, 09 Jan 2024 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 09 Jan 2024 13:25:26 GMT

GET
H2 200 font-awesome.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/ Frame B9AA 30 KB
6 KB 45ms
44ms Stylesheet
text/css 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css

Requested by

Host: ix.leadshook.io
URL: https://ix.leadshook.io/survey/0NlKKx6XxuEjxqUjSf3ocV1IHK2ZiCYeafPYsAN5?embed=true&index=0&_ga=GA1.2.432104590.1704806725&_fbp=fb.1.1704806725254.1446501616

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ix.leadshook.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 13:25:25 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 322885
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 5631
last-modified: Mon, 04 May 2020 16:10:07 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e5f-7918"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SPNOZ%2FVfOpBArgPbVuMjveUxYbtQoDVvEbaAmZl%2BJqTRBgRd9FLYemgz7ZdBSltG79Ji46kLer2%2FxfNej%2B4w1MnKowJS2Rh5cBcUaZEkkHNG5fKq67pEGBw7Im5SfiC9nQVMzent5UILQRjbuXEwXn7r"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 842d019309b171cd-FRA
expires: Sun, 29 Dec 2024 13:25:25 GMT

GET
H2 200 saq_pxl Show response
tags.srv.stackadapt.com/ 116 B
307 B 131ms
131ms XHR
text/plain 18.156.64.29
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/saq_pxl?uid=BfkHGTT1cyMidgL72NciZQ&is_js=true&landing_url=https%3A%2F%2Fbenefits.com%2F&t=Benefits.com%20-%20We%20Make%20Government%20Benefit%20Program%20Information%20Easier%20to%20Understand&tip=XczwLqtw27xupqYZ1IiUzg5h5j1YD-F76pMdOeqL_iM&host=https%3A%2F%2Fbenefits.com&sa_conv_data_css_value=%270-f3637285-b477-5d23-47ec-f8e0e7db5f30%27&sa_conv_data_image_value=ffd8ffe000104a46494600010101006000600000ffdb004300080606070605080707070909080a0c140d0c0b0b0c1912130f141d1a1f1e1d1a1c1c20242e2720222c231c1c2837292c30313434341f27393d38323c2e333432ffdb0043010909090c0b0c180d0d1832211c213232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232ffc00011080001000103012200021101031101ffc4001f0000010501010101010100000000000000000102030405060708090a0bffc400b5100002010303020403050504040000017d01020300041105122131410613516107227114328191a1082342b1c11552d1f02433627282090a161718191a25262728292a3435363738393a434445464748494a535455565758595a636465666768696a737475767778797a838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae1e2e3e4e5e6e7e8e9eaf1f2f3f4f5f6f7f8f9faffc4001f0100030101010101010101010000000000000102030405060708090a0bffc400b51100020102040403040705040400010277000102031104052131061241510761711322328108144291a1b1c109233352f0156272d10a162434e125f11718191a262728292a35363738393a434445464748494a535455565758595a636465666768696a737475767778797a82838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae2e3e4e5e6e7e8e9eaf2f3f4f5f6f7f8f9faffda000c03010002110311003f00f7fa28a2803fffd9f3637285b4775d2347ecf8e0e7db5f3050ff076c&sa-user-id-v3=s%253AAQAKIGFtzq-L4TuPwox2UZo5vn1abI_hyoKnna9vEXhX2CJTEHwYBCDFkvWsBjABOgT90vuTQgQNTWBM.2FB3wV%252FS46ubfZPeRJszySBXOoWmZehWXxcgPQRVtJg&sa-user-id-v2=s%253A82NyhbR3XSNH7Pjg59tfMFD_B2w.6h56y2ZQ5IppI50dzLQWiqRB2cVNPRPL97Z%252BNISnMfk&sa-user-id=s%253A0-f3637285-b477-5d23-47ec-f8e0e7db5f30.7dg8Luy%252FdF2SrLlqe56BqNqiuYRUxbbDmsoJ8Tau7XE
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.156.64.29 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-64-29.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 3ab5b1498fc35d6bf06781105346a6da759dd43e5e0967e7339bfe6b65f1ff70

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://benefits.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-origin: https://benefits.com
date: Tue, 09 Jan 2024 13:25:25 GMT
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 116
access-control-allow-methods: GET
content-type: text/plain; charset=utf-8

GET
H3 200 gsap.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/3.9.1/ Frame B9AA 63 KB
23 KB 46ms
46ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/3.9.1/gsap.min.js

Requested by

Host: ix.leadshook.io
URL: https://ix.leadshook.io/survey/0NlKKx6XxuEjxqUjSf3ocV1IHK2ZiCYeafPYsAN5?embed=true&index=0&_ga=GA1.2.432104590.1704806725&_fbp=fb.1.1704806725254.1446501616

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6dbe9c2e13cf06c6633ea3fcf6d7bd30452561202a205c75a035cd1d8b93368f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ix.leadshook.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 13:25:25 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 3498329
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 22890
last-modified: Sat, 25 Dec 2021 03:05:32 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "61c68a7c-596a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LZqGhsQreoDTT1as414Zzpb2KW0x1sVT9z8lCaEBXXJUCPZaag8RFz%2FmqXLx0fFl6%2BYRWNKPcXxx1lDVXO8cZlHcomRK77m64oiMYVQQiWT3fJxO%2BEZ9pJiISCUbJn2bVyBYL1A7CreaRntGEVuSLvr4"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 842d01937abb1915-FRA
expires: Sun, 29 Dec 2024 13:25:25 GMT

GET
H2 200 699fb379.frontend_vendor.js Show response
static.leadshook.io/app/ Frame B9AA 2 MB
528 KB 270ms
231ms Script
application/javascript 18.66.218.102
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.leadshook.io/app/699fb379.frontend_vendor.js
Requested by: Host: ix.leadshook.io
URL: https://ix.leadshook.io/survey/0NlKKx6XxuEjxqUjSf3ocV1IHK2ZiCYeafPYsAN5?embed=true&index=0&_ga=GA1.2.432104590.1704806725&_fbp=fb.1.1704806725254.1446501616
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.218.102 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-218-102.mxp63.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 9c8c6f4cde46b63c0597a92adf4f24691428303c65ff203e5cec681535db90bb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ix.leadshook.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 12:03:34 GMT
content-encoding: gzip
via: 1.1 a659f7836f37684fda1f390ef3140e5a.cloudfront.net (CloudFront)
last-modified: Mon, 01 Jan 2024 15:28:28 GMT
server: AmazonS3
x-amz-cf-pop: MXP63-P2
age: 5378
x-amz-server-side-encryption: AES256
etag: W/"699fb379b1e05e1316391961c5fbca6e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
x-amz-cf-id: 4dW2QNEnxjgboES5GXH0d2y6Xm2jQp5TDWM5b7ODH2it49M3gyQ59g==

GET
H2 200 b40346f9.frontend_app.js Show response
static.leadshook.io/app/ Frame B9AA 3 MB
330 KB 461ms
422ms Script
application/javascript 18.66.218.102
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.leadshook.io/app/b40346f9.frontend_app.js
Requested by: Host: ix.leadshook.io
URL: https://ix.leadshook.io/survey/0NlKKx6XxuEjxqUjSf3ocV1IHK2ZiCYeafPYsAN5?embed=true&index=0&_ga=GA1.2.432104590.1704806725&_fbp=fb.1.1704806725254.1446501616
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.218.102 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-218-102.mxp63.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 99d60eaa310785df6e613e99a7ef31ae4141636d50506c6f4add28e0c1f9aee7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ix.leadshook.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 04:37:19 GMT
content-encoding: gzip
via: 1.1 a659f7836f37684fda1f390ef3140e5a.cloudfront.net (CloudFront)
last-modified: Mon, 01 Jan 2024 15:28:29 GMT
server: AmazonS3
x-amz-cf-pop: MXP63-P2
age: 32483
x-amz-server-side-encryption: AES256
etag: W/"2793ffadd83291d2757dbb2ad08b597d"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
x-amz-cf-id: H1uNkGYMB_0vLvX5uqdv_jKeMIcyQGVA8YHarfzDGueepZ7NiCGDnQ==

GET
H2 200 d3fed649.frontend_vendor.css
static.leadshook.io/app/ Frame 7BF7 29 KB
5 KB 248ms
247ms Stylesheet
text/css 18.66.218.102
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.leadshook.io/app/d3fed649.frontend_vendor.css
Requested by: Host: ix.leadshook.io
URL: https://ix.leadshook.io/survey/0NlKKx6XxuEjxqUjSf3ocV1IHK2ZiCYeafPYsAN5?embed=true&index=1&_ga=GA1.2.432104590.1704806725&_fbp=fb.1.1704806725254.1446501616
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.218.102 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-218-102.mxp63.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 3715b504c68323affe436a0169f96fcccfff8f0632a7bce1ca2a762ff714fd17

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ix.leadshook.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 07:30:39 GMT
content-encoding: gzip
via: 1.1 a659f7836f37684fda1f390ef3140e5a.cloudfront.net (CloudFront)
last-modified: Mon, 01 Jan 2024 15:28:29 GMT
server: AmazonS3
x-amz-cf-pop: MXP63-P2
age: 23392
x-amz-server-side-encryption: AES256
etag: W/"d3fed6497d41e35427f8a3440db188fb"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css; charset=utf-8
x-amz-cf-id: DPm1-5qUUbxRUd7cF040huSVtPQq-8LHl1nmYWqYxAZuo4vaS37sFw==

GET
H2 200 7ed49953.app.css
static.leadshook.io/app/ Frame 7BF7 279 KB
47 KB 249ms
249ms Stylesheet
text/css 18.66.218.102
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.leadshook.io/app/7ed49953.app.css
Requested by: Host: ix.leadshook.io
URL: https://ix.leadshook.io/survey/0NlKKx6XxuEjxqUjSf3ocV1IHK2ZiCYeafPYsAN5?embed=true&index=1&_ga=GA1.2.432104590.1704806725&_fbp=fb.1.1704806725254.1446501616
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.218.102 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-218-102.mxp63.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f93156b0e55f73fa048853c532d79b93fa03a9c588966de030662d458a43c694

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ix.leadshook.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 02:51:52 GMT
content-encoding: gzip
via: 1.1 a659f7836f37684fda1f390ef3140e5a.cloudfront.net (CloudFront)
last-modified: Mon, 01 Jan 2024 15:28:28 GMT
server: AmazonS3
x-amz-cf-pop: MXP63-P2
age: 38014
x-amz-server-side-encryption: AES256
etag: W/"7ed499539d42f027e89486cfb9ef2a02"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css; charset=utf-8
x-amz-cf-id: R1ZBQREh5_x9Xnmh9m6ejAqgYBZ7uD7HhngBF6xLxfwq10ZDzBKBAw==

GET
H2 200 pollyfill.js Show response
polyfill.leadshook.io/ Frame 7BF7 101 B
535 B 41ms
40ms Script
application/javascript 13.32.121.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://polyfill.leadshook.io/pollyfill.js

Requested by

Host: ix.leadshook.io
URL: https://ix.leadshook.io/survey/0NlKKx6XxuEjxqUjSf3ocV1IHK2ZiCYeafPYsAN5?embed=true&index=1&_ga=GA1.2.432104590.1704806725&_fbp=fb.1.1704806725254.1446501616

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.121.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-121-55.fra60.r.cloudfront.net

Software

CloudFront /

Resource Hash

d7f817255acac24d24766a420471f23c0796b5228b84f8432bf70570ed870b72

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ix.leadshook.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sun, 07 Jan 2024 15:22:22 GMT
content-security-policy: default-src 'self'
via: 1.1 5fa65194b963365c20fbd28444032cfc.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: FRA60-P1
age: 165783
access-control-allow-methods: GET,HEAD,OPTIONS
content-type: application/javascript;charset=utf-8
access-control-allow-origin: *
x-cache: Hit from cloudfront
cache-control: max-age=31536000
feature-policy: camera 'none'; microphone 'none'; speaker 'none'
content-length: 101
x-amz-cf-id: DNPLswN7l3uc70tGtTHxpzQo28sbUJBLLPiUwnJF9KJbBHodmiiQaQ==

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ Frame 7BF7 234 KB
81 KB 59ms
59ms Script
application/javascript 2a00:1450:4001:80e::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-10876875974

Requested by

Host: ix.leadshook.io
URL: https://ix.leadshook.io/survey/0NlKKx6XxuEjxqUjSf3ocV1IHK2ZiCYeafPYsAN5?embed=true&index=1&_ga=GA1.2.432104590.1704806725&_fbp=fb.1.1704806725254.1446501616

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e31524c091698ef342ebb4198d656224492ba68362a175cd5cb71566882c29fd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ix.leadshook.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 13:25:26 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 82892
x-xss-protection: 0
last-modified: Tue, 09 Jan 2024 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 09 Jan 2024 13:25:26 GMT

GET
H3 200 gsap.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/3.9.1/ Frame 7BF7 63 KB
23 KB 46ms
45ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/3.9.1/gsap.min.js

Requested by

Host: ix.leadshook.io
URL: https://ix.leadshook.io/survey/0NlKKx6XxuEjxqUjSf3ocV1IHK2ZiCYeafPYsAN5?embed=true&index=1&_ga=GA1.2.432104590.1704806725&_fbp=fb.1.1704806725254.1446501616

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6dbe9c2e13cf06c6633ea3fcf6d7bd30452561202a205c75a035cd1d8b93368f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ix.leadshook.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 13:25:25 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 3498329
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 22890
last-modified: Sat, 25 Dec 2021 03:05:32 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "61c68a7c-596a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mO0PoZb%2F7DYfxKX0AERbyybasLSyStcJWU5rcoLVLRdYoVVCLUd9Ees1K97ojcNOr9EeNM45ZghI%2BBfMuHqqBh%2FmDbJvQjs0k3gYLC1dsjXqJaQjYVUBoOfnskkUcCooKy1stN4G%2BOpgfOmwdaKd68gm"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 842d0194fc421915-FRA
expires: Sun, 29 Dec 2024 13:25:25 GMT

GET
H2 200 699fb379.frontend_vendor.js Show response
static.leadshook.io/app/ Frame 7BF7 2 MB
528 KB 253ms
252ms Script
application/javascript 18.66.218.102
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.leadshook.io/app/699fb379.frontend_vendor.js
Requested by: Host: ix.leadshook.io
URL: https://ix.leadshook.io/survey/0NlKKx6XxuEjxqUjSf3ocV1IHK2ZiCYeafPYsAN5?embed=true&index=1&_ga=GA1.2.432104590.1704806725&_fbp=fb.1.1704806725254.1446501616
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.218.102 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-218-102.mxp63.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 9c8c6f4cde46b63c0597a92adf4f24691428303c65ff203e5cec681535db90bb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ix.leadshook.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 12:03:34 GMT
content-encoding: gzip
via: 1.1 a659f7836f37684fda1f390ef3140e5a.cloudfront.net (CloudFront)
last-modified: Mon, 01 Jan 2024 15:28:28 GMT
server: AmazonS3
x-amz-cf-pop: MXP63-P2
age: 5378
x-amz-server-side-encryption: AES256
etag: W/"699fb379b1e05e1316391961c5fbca6e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
x-amz-cf-id: YHQlS-i12SatAmNlWxaGMkxVE5hhVeacW7M6BfOqHfzd9dW5Q6h--Q==

GET
H2 200 b40346f9.frontend_app.js Show response
static.leadshook.io/app/ Frame 7BF7 3 MB
330 KB 252ms
252ms Script
application/javascript 18.66.218.102
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.leadshook.io/app/b40346f9.frontend_app.js
Requested by: Host: ix.leadshook.io
URL: https://ix.leadshook.io/survey/0NlKKx6XxuEjxqUjSf3ocV1IHK2ZiCYeafPYsAN5?embed=true&index=1&_ga=GA1.2.432104590.1704806725&_fbp=fb.1.1704806725254.1446501616
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.218.102 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-218-102.mxp63.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 99d60eaa310785df6e613e99a7ef31ae4141636d50506c6f4add28e0c1f9aee7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ix.leadshook.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 04:37:19 GMT
content-encoding: gzip
via: 1.1 a659f7836f37684fda1f390ef3140e5a.cloudfront.net (CloudFront)
last-modified: Mon, 01 Jan 2024 15:28:29 GMT
server: AmazonS3
x-amz-cf-pop: MXP63-P2
age: 32483
x-amz-server-side-encryption: AES256
etag: W/"2793ffadd83291d2757dbb2ad08b597d"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
x-amz-cf-id: N9y0TZxknkmUnE7KZ4Bpo48wu1pEGhhOFottMPA_U0aD4SLJFMUBIA==

GET
H3 200 font-awesome.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/ Frame 7BF7 30 KB
6 KB 76ms
76ms Stylesheet
text/css 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css

Requested by

Host: ix.leadshook.io
URL: https://ix.leadshook.io/survey/0NlKKx6XxuEjxqUjSf3ocV1IHK2ZiCYeafPYsAN5?embed=true&index=1&_ga=GA1.2.432104590.1704806725&_fbp=fb.1.1704806725254.1446501616

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ix.leadshook.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 13:25:25 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 59025
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 5631
last-modified: Mon, 04 May 2020 16:10:07 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e5f-7918"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6H3Y6gzcAaWbqsmuIXKI1lYOd9L0nrknOXltq1Ock7yUTY0QGC5W9NrSurszQmo0oJwMcWxNm8LReJjyo1kjr4q%2FThgroOj7bbSWfu1pEIVD7szlNuDXALij%2FkFIBeTRmS9J3az9kcAP1yWjjK4n%2FDhS"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 842d01950c501915-FRA
expires: Sun, 29 Dec 2024 13:25:25 GMT

GET
H2 200 css2
fonts.googleapis.com/ Frame B9AA 262 KB
9 KB 68ms
67ms Stylesheet
text/css 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Abel:wght@100;300;400;500;700;900&family=Abril+Fatface:wght@100;300;400;500;700;900&family=Barlow:wght@100;300;400;500;700;900&family=Bitter:wght@100;300;400;500;700;900&family=Comforta:wght@100;300;400;500;700;900&family=Droid+Serif:wght@100;300;400;500;700;900&family=Inconsolata:wght@100;300;400;500;700;900&family=Josefin+Sans:wght@100;300;400;500;700;900&family=Josefin+Slab:wght@100;300;400;500;700;900&family=Lato:wght@100;300;400;500;700;900&family=Libre+Franklin:wght@100;300;400;500;700;900&family=Lobset+Two:wght@100;300;400;500;700;900&family=Lobster:wght@100;300;400;500;700;900&family=Lora:wght@100;300;400;500;700;900&family=Merriweather:wght@100;300;400;500;700;900&family=Montserrat:wght@100;300;400;500;700;900&family=Muli:wght@100;300;400;500;700;900&family=Noto+Sans:wght@100;300;400;500;700;900&family=Nunito:wght@100;300;400;500;700;900&family=Nunito+Sans:wght@100;300;400;500;700;900&family=Open+Sans:wght@100;300;400;500;700;900&family=Oswald:wght@100;300;400;500;700;900&family=Oxygen:wght@100;300;400;500;700;900&family=PT+Sans:wght@100;300;400;500;700;900&family=PT+Serif:wght@100;300;400;500;700;900&family=Patua+Online:wght@100;300;400;500;700;900&family=Playfair+Display:wght@100;300;400;500;700;900&family=Poppins:wght@100;300;400;500;700;900&family=Quicksand:wght@100;300;400;500;700;900&family=Raleway:wght@100;300;400;500;700;900&family=Roboto:wght@100;300;400;500;700;900&family=Roboto+Condensed:wght@100;300;400;500;700;900&family=Roboto+Mono:wght@100;300;400;500;700;900&family=Roboto+Slab:wght@100;300;400;500;700;900&family=Rubik:wght@100;300;400;500;700;900&family=Sigmar+One:wght@100;300;400;500;700;900&family=Source+Sans+Pro:wght@100;300;400;500;700;900&family=Special+Elite:wght@100;300;400;500;700;900&family=Titillium+Web:wght@100;300;400;500;700;900&family=Ubuntu:wght@100;300;400;500;700;900&family=Work+Sans&display=swap

Requested by

Host: ix.leadshook.io
URL: https://ix.leadshook.io/survey/0NlKKx6XxuEjxqUjSf3ocV1IHK2ZiCYeafPYsAN5?embed=true&index=0&_ga=GA1.2.432104590.1704806725&_fbp=fb.1.1704806725254.1446501616

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

cabcbcf88931dc54f0abacc5e288bd8cdc259736ac71908be0fc99686d984e5f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ix.leadshook.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 09 Jan 2024 13:25:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 09 Jan 2024 13:25:25 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 09 Jan 2024 13:25:25 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/10876875974/ Frame B9AA 3 KB
2 KB 172ms
86ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10876875974/?random=1704806726245&cv=11&fst=1704806726245&bg=ffffff&guid=ON&async=1&gtm=45be4130v867851398&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Fix.leadshook.io%2Fsurvey%2F0NlKKx6XxuEjxqUjSf3ocV1IHK2ZiCYeafPYsAN5%3Fembed%3Dtrue%26index%3D0%26_ga%3DGA1.2.432104590.1704806725%26_fbp%3Dfb.1.1704806725254.1446501616&ref=https%3A%2F%2Fbenefits.com%2F&top=https%3A%2F%2Fbenefits.com%2F&hn=www.googleadservices.com&frm=2&tiba=Benefits.com%20Quiz&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-10876875974

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a45e7bf542de2c3c7596aa5fa34c0945034c0c6741dc7dfa37c8cc32df8dbfd3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ix.leadshook.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 09 Jan 2024 13:25:26 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1379
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

bootstrap.js Show response
cdn.trustedform.com/ Frame B9AA
Redirect Chain

https://api.trustedform.com/trustedform.js?provide_referrer=false&field=xxTrustedFormCertUrl&l=17048067262870.2014053591412932&invert_field_sensitivity=false
https://cdn.trustedform.com/bootstrap.js?provide_referrer=false&field=xxTrustedFormCertUrl&l=17048067262870.2014053591412932&invert_field_sensitivity=false

8 KB
4 KB

264ms
164ms

Script
application/javascript

2600:9000:223d:1c00:1c:7f1a:6680:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.trustedform.com/bootstrap.js?provide_referrer=false&field=xxTrustedFormCertUrl&l=17048067262870.2014053591412932&invert_field_sensitivity=false
Requested by: Host: ix.leadshook.io
URL: https://ix.leadshook.io/survey/0NlKKx6XxuEjxqUjSf3ocV1IHK2ZiCYeafPYsAN5?embed=true&index=0&_ga=GA1.2.432104590.1704806725&_fbp=fb.1.1704806725254.1446501616
Protocol: H2
Server: 2600:9000:223d:1c00:1c:7f1a:6680:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 35cbf6a6e5e7ff72ebb142669e1727de048df4fc13fc9fb5d9bd2d8334de7a71

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ix.leadshook.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 13:25:27 GMT
x-amz-version-id: D_l7Wi1wOYgTC52uzRMI5HnwJykAKtLr
content-encoding: gzip
last-modified: Wed, 08 Nov 2023 19:52:40 GMT
server: AmazonS3
via: 1.1 82514a5a8cf35fb3132b0b5ab9cb724c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P3
etag: W/"e11406d1e7ba652ddbe0623e1207c210"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/javascript
x-amz-cf-id: 0NwkyhAm7ic2zGpxsvBYYoosaGdFrkX7hqUQAZZlA2XugCS157B5iw==

Redirect headers

location: https://cdn.trustedform.com:443/bootstrap.js?provide_referrer=false&field=xxTrustedFormCertUrl&l=17048067262870.2014053591412932&invert_field_sensitivity=false
date: Tue, 09 Jan 2024 13:25:26 GMT
server: awselb/2.0
content-length: 134
content-type: text/html

GET
H3 200 css2
fonts.googleapis.com/ Frame 7BF7 262 KB
8 KB 68ms
68ms Stylesheet
text/css 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: ix.leadshook.io
URL: https://ix.leadshook.io/survey/0NlKKx6XxuEjxqUjSf3ocV1IHK2ZiCYeafPYsAN5?embed=true&index=1&_ga=GA1.2.432104590.1704806725&_fbp=fb.1.1704806725254.1446501616

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

cabcbcf88931dc54f0abacc5e288bd8cdc259736ac71908be0fc99686d984e5f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ix.leadshook.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 09 Jan 2024 13:25:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 09 Jan 2024 13:25:26 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 09 Jan 2024 13:25:26 GMT

POST
H2 204 nodetracker Show response
ix.leadshook.io/api/ Frame B9AA 0
184 B 130ms
130ms XHR
text/plain 18.215.82.39
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://ix.leadshook.io/api/nodetracker
Requested by: Host: static.leadshook.io
URL: https://static.leadshook.io/app/699fb379.frontend_vendor.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.215.82.39 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-215-82-39.compute-1.amazonaws.com
Software: nginx/1.19.9 / Express
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json, text/plain, */*
Referer: https://ix.leadshook.io/survey/0NlKKx6XxuEjxqUjSf3ocV1IHK2ZiCYeafPYsAN5?embed=true&index=0&_ga=GA1.2.432104590.1704806725&_fbp=fb.1.1704806725254.1446501616
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: application/json;charset=UTF-8

Response headers

access-control-allow-origin: https://ix.leadshook.io
date: Tue, 09 Jan 2024 13:25:26 GMT
access-control-allow-credentials: true
server: nginx/1.19.9
x-username: undefined
x-powered-by: Express
vary: X-HTTP-Method-Override, Origin

GET
H2 200 pixel.png
d2zdr2rqflfo3.cloudfront.net/ Frame B9AA 95 B
412 B 552ms
460ms Image
image/png 108.156.253.67
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d2zdr2rqflfo3.cloudfront.net/pixel.png?host=ix.leadshook.io&subdomain=ix&accountId=2085&quizId=65785&leadId=456081354&quizVersionId=6
Requested by: Host: ix.leadshook.io
URL: https://ix.leadshook.io/survey/0NlKKx6XxuEjxqUjSf3ocV1IHK2ZiCYeafPYsAN5?embed=true&index=0&_ga=GA1.2.432104590.1704806725&_fbp=fb.1.1704806725254.1446501616
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.156.253.67 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-156-253-67.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: cafbd551d674da240212f6c44988757a728b9dc8cbc2a6c8dcf53c0d9159c323

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ix.leadshook.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 13:25:27 GMT
via: 1.1 6eb77e673c2aa566dbadbc817458b976.cloudfront.net (CloudFront)
last-modified: Sat, 28 Sep 2019 18:11:04 GMT
server: AmazonS3
x-amz-cf-pop: DUS51-P2
etag: "9591c410148e6883727c5339fd1c02cd"
x-cache: Miss from cloudfront
content-type: image/png
accept-ranges: bytes
content-length: 95
x-amz-cf-id: y_bquPChmmq6_RuZGp4Cl16myRJQ9hCw44ywxL7zccg2p6bXC0uA7A==

GET
H2 200 geoip Show response
ix.leadshook.io/api/ Frame B9AA 3 KB
1020 B 177ms
176ms XHR
application/json 18.215.82.39
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://ix.leadshook.io/api/geoip?leadId=456081354
Requested by: Host: static.leadshook.io
URL: https://static.leadshook.io/app/699fb379.frontend_vendor.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.215.82.39 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-215-82-39.compute-1.amazonaws.com
Software: nginx/1.19.9 / Express
Resource Hash: 9a31e4a87745cbfadd6e4f24e4075fd5fddab1c56532de8d11d83137ae42122e

Request headers

Accept: */*
Referer: https://ix.leadshook.io/survey/0NlKKx6XxuEjxqUjSf3ocV1IHK2ZiCYeafPYsAN5?embed=true&index=0&_ga=GA1.2.432104590.1704806725&_fbp=fb.1.1704806725254.1446501616
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 13:25:26 GMT
content-encoding: gzip
server: nginx/1.19.9
x-username: undefined
x-powered-by: Express
etag: W/"d6b-UkwO0n+sH8J0efEq3j2WmY3WpA8"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
x-cache-status: MISS

GET
H2 200 leaddevice Show response
ix.leadshook.io/api/ Frame B9AA 1 KB
664 B 153ms
152ms XHR
application/json 18.215.82.39
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://ix.leadshook.io/api/leaddevice?leadId=456081354&ua=Mozilla%2F5.0+(Windows+NT+10.0%3B+Win64%3B+x64)+AppleWebKit%2F537.36+(KHTML%2C+like+Gecko)+Chrome%2F120.0.6099.129+Safari%2F537.36
Requested by: Host: static.leadshook.io
URL: https://static.leadshook.io/app/699fb379.frontend_vendor.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.215.82.39 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-215-82-39.compute-1.amazonaws.com
Software: nginx/1.19.9 / Express
Resource Hash: ba520ccc0b0f68088e7688c010a42d4737c9a87de09ca3b0d96638feb03bb01f

Request headers

Accept: */*
Referer: https://ix.leadshook.io/survey/0NlKKx6XxuEjxqUjSf3ocV1IHK2ZiCYeafPYsAN5?embed=true&index=0&_ga=GA1.2.432104590.1704806725&_fbp=fb.1.1704806725254.1446501616
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 13:25:26 GMT
content-encoding: gzip
server: nginx/1.19.9
x-username: undefined
x-powered-by: Express
etag: W/"567-d1n2AmTiwzo5eBnSOpoFqz06Rvc"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
x-cache-status: MISS

GET
H2

200

bootstrap.js Show response
cdn.trustedform.com/ Frame 7BF7
Redirect Chain

https://api.trustedform.com/trustedform.js?provide_referrer=false&field=xxTrustedFormCertUrl&l=17048067264640.6268984850983561&invert_field_sensitivity=false
https://cdn.trustedform.com/bootstrap.js?provide_referrer=false&field=xxTrustedFormCertUrl&l=17048067264640.6268984850983561&invert_field_sensitivity=false

8 KB
3 KB

349ms
249ms

Script
application/javascript

2600:9000:223d:1c00:1c:7f1a:6680:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.trustedform.com/bootstrap.js?provide_referrer=false&field=xxTrustedFormCertUrl&l=17048067264640.6268984850983561&invert_field_sensitivity=false
Requested by: Host: ix.leadshook.io
URL: https://ix.leadshook.io/survey/0NlKKx6XxuEjxqUjSf3ocV1IHK2ZiCYeafPYsAN5?embed=true&index=1&_ga=GA1.2.432104590.1704806725&_fbp=fb.1.1704806725254.1446501616
Protocol: H2
Server: 2600:9000:223d:1c00:1c:7f1a:6680:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 35cbf6a6e5e7ff72ebb142669e1727de048df4fc13fc9fb5d9bd2d8334de7a71

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ix.leadshook.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 13:25:27 GMT
x-amz-version-id: D_l7Wi1wOYgTC52uzRMI5HnwJykAKtLr
content-encoding: gzip
last-modified: Wed, 08 Nov 2023 19:52:40 GMT
server: AmazonS3
via: 1.1 82514a5a8cf35fb3132b0b5ab9cb724c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P3
etag: W/"e11406d1e7ba652ddbe0623e1207c210"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/javascript
x-amz-cf-id: oKay0HU2QcoXXXGgUtHWPgoNGz24mllzkFD7E32Njz9-vdg0P23wEg==

Redirect headers

location: https://cdn.trustedform.com:443/bootstrap.js?provide_referrer=false&field=xxTrustedFormCertUrl&l=17048067264640.6268984850983561&invert_field_sensitivity=false
date: Tue, 09 Jan 2024 13:25:26 GMT
server: awselb/2.0
content-length: 134
content-type: text/html

POST
H2 204 nodetracker Show response
ix.leadshook.io/api/ Frame 7BF7 0
184 B 129ms
129ms XHR
text/plain 18.215.82.39
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://ix.leadshook.io/api/nodetracker
Requested by: Host: static.leadshook.io
URL: https://static.leadshook.io/app/699fb379.frontend_vendor.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.215.82.39 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-215-82-39.compute-1.amazonaws.com
Software: nginx/1.19.9 / Express
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json, text/plain, */*
Referer: https://ix.leadshook.io/survey/0NlKKx6XxuEjxqUjSf3ocV1IHK2ZiCYeafPYsAN5?embed=true&index=1&_ga=GA1.2.432104590.1704806725&_fbp=fb.1.1704806725254.1446501616
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: application/json;charset=UTF-8

Response headers

access-control-allow-origin: https://ix.leadshook.io
date: Tue, 09 Jan 2024 13:25:26 GMT
access-control-allow-credentials: true
server: nginx/1.19.9
x-username: undefined
x-powered-by: Express
vary: X-HTTP-Method-Override, Origin

GET
H2 200 pixel.png
d2zdr2rqflfo3.cloudfront.net/ Frame 7BF7 95 B
411 B 447ms
447ms Image
image/png 108.156.253.67
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d2zdr2rqflfo3.cloudfront.net/pixel.png?host=ix.leadshook.io&subdomain=ix&accountId=2085&quizId=65785&leadId=456081356&quizVersionId=6
Requested by: Host: ix.leadshook.io
URL: https://ix.leadshook.io/survey/0NlKKx6XxuEjxqUjSf3ocV1IHK2ZiCYeafPYsAN5?embed=true&index=1&_ga=GA1.2.432104590.1704806725&_fbp=fb.1.1704806725254.1446501616
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.156.253.67 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-156-253-67.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: cafbd551d674da240212f6c44988757a728b9dc8cbc2a6c8dcf53c0d9159c323

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ix.leadshook.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 13:25:27 GMT
via: 1.1 6eb77e673c2aa566dbadbc817458b976.cloudfront.net (CloudFront)
last-modified: Sat, 28 Sep 2019 18:11:04 GMT
server: AmazonS3
x-amz-cf-pop: DUS51-P2
etag: "9591c410148e6883727c5339fd1c02cd"
x-cache: Miss from cloudfront
content-type: image/png
accept-ranges: bytes
content-length: 95
x-amz-cf-id: DqegNcn9o8op_dOAVMPVnJiTx-1SljIH3QgJKMMdF6b_AcCOebzFqw==

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/10876875974/ Frame 7BF7 3 KB
2 KB 79ms
79ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10876875974/?random=1704806726531&cv=11&fst=1704806726531&bg=ffffff&guid=ON&async=1&gtm=45be4130v867851398&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Fix.leadshook.io%2Fsurvey%2F0NlKKx6XxuEjxqUjSf3ocV1IHK2ZiCYeafPYsAN5%3Fembed%3Dtrue%26index%3D1%26_ga%3DGA1.2.432104590.1704806725%26_fbp%3Dfb.1.1704806725254.1446501616&ref=https%3A%2F%2Fbenefits.com%2F&top=https%3A%2F%2Fbenefits.com%2F&hn=www.googleadservices.com&frm=2&tiba=Benefits.com%20Quiz&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-10876875974

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f7b400bf2e5f7209247ff7d9d88ef19aa2bcf9785f53ab5af92e2dd478bb6a9d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ix.leadshook.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 09 Jan 2024 13:25:26 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1395
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/10876875974/ Frame B9AA 42 B
154 B 52ms
52ms Image
image/gif 2a00:1450:4001:80b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/10876875974/?random=1704806726245&cv=11&fst=1704805200000&bg=ffffff&guid=ON&async=1&gtm=45be4130v867851398&u_w=1600&u_h=1200&url=https%3A%2F%2Fix.leadshook.io%2Fsurvey%2F0NlKKx6XxuEjxqUjSf3ocV1IHK2ZiCYeafPYsAN5%3Fembed%3Dtrue%26index%3D0%26_ga%3DGA1.2.432104590.1704806725%26_fbp%3Dfb.1.1704806725254.1446501616&ref=https%3A%2F%2Fbenefits.com%2F&frm=2&tiba=Benefits.com%20Quiz&data=event%3Dgtag.config&fmt=3&is_vtc=1&cid=CAQSGwAvHhf_sbRbvgsOBKpCApkqGs7-CF53yd5HGA&random=4084121737&rmt_tld=0&ipr=y

Requested by

Host: ix.leadshook.io
URL: https://ix.leadshook.io/survey/0NlKKx6XxuEjxqUjSf3ocV1IHK2ZiCYeafPYsAN5?embed=true&index=0&_ga=GA1.2.432104590.1704806725&_fbp=fb.1.1704806725254.1446501616

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ix.leadshook.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 09 Jan 2024 13:25:26 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/10876875974/ Frame B9AA 42 B
64 B 53ms
53ms Image
image/gif 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/10876875974/?random=1704806726245&cv=11&fst=1704805200000&bg=ffffff&guid=ON&async=1&gtm=45be4130v867851398&u_w=1600&u_h=1200&url=https%3A%2F%2Fix.leadshook.io%2Fsurvey%2F0NlKKx6XxuEjxqUjSf3ocV1IHK2ZiCYeafPYsAN5%3Fembed%3Dtrue%26index%3D0%26_ga%3DGA1.2.432104590.1704806725%26_fbp%3Dfb.1.1704806725254.1446501616&ref=https%3A%2F%2Fbenefits.com%2F&frm=2&tiba=Benefits.com%20Quiz&data=event%3Dgtag.config&fmt=3&is_vtc=1&cid=CAQSGwAvHhf_sbRbvgsOBKpCApkqGs7-CF53yd5HGA&random=4084121737&rmt_tld=1&ipr=y

Requested by

Host: ix.leadshook.io
URL: https://ix.leadshook.io/survey/0NlKKx6XxuEjxqUjSf3ocV1IHK2ZiCYeafPYsAN5?embed=true&index=0&_ga=GA1.2.432104590.1704806725&_fbp=fb.1.1704806725254.1446501616

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ix.leadshook.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 09 Jan 2024 13:25:26 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 geoip Show response
ix.leadshook.io/api/ Frame 7BF7 3 KB
1020 B 135ms
134ms XHR
application/json 18.215.82.39
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://ix.leadshook.io/api/geoip?leadId=456081356
Requested by: Host: static.leadshook.io
URL: https://static.leadshook.io/app/699fb379.frontend_vendor.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.215.82.39 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-215-82-39.compute-1.amazonaws.com
Software: nginx/1.19.9 / Express
Resource Hash: 9a31e4a87745cbfadd6e4f24e4075fd5fddab1c56532de8d11d83137ae42122e

Request headers

Accept: */*
Referer: https://ix.leadshook.io/survey/0NlKKx6XxuEjxqUjSf3ocV1IHK2ZiCYeafPYsAN5?embed=true&index=1&_ga=GA1.2.432104590.1704806725&_fbp=fb.1.1704806725254.1446501616
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 13:25:26 GMT
content-encoding: gzip
server: nginx/1.19.9
x-username: undefined
x-powered-by: Express
etag: W/"d6b-UkwO0n+sH8J0efEq3j2WmY3WpA8"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
x-cache-status: MISS

GET
H2 200 leaddevice Show response
ix.leadshook.io/api/ Frame 7BF7 1 KB
664 B 169ms
169ms XHR
application/json 18.215.82.39
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://ix.leadshook.io/api/leaddevice?leadId=456081356&ua=Mozilla%2F5.0+(Windows+NT+10.0%3B+Win64%3B+x64)+AppleWebKit%2F537.36+(KHTML%2C+like+Gecko)+Chrome%2F120.0.6099.129+Safari%2F537.36
Requested by: Host: static.leadshook.io
URL: https://static.leadshook.io/app/699fb379.frontend_vendor.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.215.82.39 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-215-82-39.compute-1.amazonaws.com
Software: nginx/1.19.9 / Express
Resource Hash: ba520ccc0b0f68088e7688c010a42d4737c9a87de09ca3b0d96638feb03bb01f

Request headers

Accept: */*
Referer: https://ix.leadshook.io/survey/0NlKKx6XxuEjxqUjSf3ocV1IHK2ZiCYeafPYsAN5?embed=true&index=1&_ga=GA1.2.432104590.1704806725&_fbp=fb.1.1704806725254.1446501616
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 13:25:26 GMT
content-encoding: gzip
server: nginx/1.19.9
x-username: undefined
x-powered-by: Express
etag: W/"567-d1n2AmTiwzo5eBnSOpoFqz06Rvc"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
x-cache-status: MISS

GET
H3 200 /
www.google.com/pagead/1p-user-list/10876875974/ Frame 7BF7 42 B
64 B 55ms
54ms Image
image/gif 2a00:1450:4001:80b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/10876875974/?random=1704806726531&cv=11&fst=1704805200000&bg=ffffff&guid=ON&async=1&gtm=45be4130v867851398&u_w=1600&u_h=1200&url=https%3A%2F%2Fix.leadshook.io%2Fsurvey%2F0NlKKx6XxuEjxqUjSf3ocV1IHK2ZiCYeafPYsAN5%3Fembed%3Dtrue%26index%3D1%26_ga%3DGA1.2.432104590.1704806725%26_fbp%3Dfb.1.1704806725254.1446501616&ref=https%3A%2F%2Fbenefits.com%2F&frm=2&tiba=Benefits.com%20Quiz&data=event%3Dgtag.config&fmt=3&is_vtc=1&cid=CAQSKQAvHhf_OLE3dvjoiooTKb7gKvHNZRZuEQplKSR52SgtTMopmDgJ3LSJ&random=2332522774&rmt_tld=0&ipr=y

Requested by

Host: ix.leadshook.io
URL: https://ix.leadshook.io/survey/0NlKKx6XxuEjxqUjSf3ocV1IHK2ZiCYeafPYsAN5?embed=true&index=1&_ga=GA1.2.432104590.1704806725&_fbp=fb.1.1704806725254.1446501616

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ix.leadshook.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 09 Jan 2024 13:25:26 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/10876875974/ Frame 7BF7 42 B
64 B 52ms
51ms Image
image/gif 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/10876875974/?random=1704806726531&cv=11&fst=1704805200000&bg=ffffff&guid=ON&async=1&gtm=45be4130v867851398&u_w=1600&u_h=1200&url=https%3A%2F%2Fix.leadshook.io%2Fsurvey%2F0NlKKx6XxuEjxqUjSf3ocV1IHK2ZiCYeafPYsAN5%3Fembed%3Dtrue%26index%3D1%26_ga%3DGA1.2.432104590.1704806725%26_fbp%3Dfb.1.1704806725254.1446501616&ref=https%3A%2F%2Fbenefits.com%2F&frm=2&tiba=Benefits.com%20Quiz&data=event%3Dgtag.config&fmt=3&is_vtc=1&cid=CAQSKQAvHhf_OLE3dvjoiooTKb7gKvHNZRZuEQplKSR52SgtTMopmDgJ3LSJ&random=2332522774&rmt_tld=1&ipr=y

Requested by

Host: ix.leadshook.io
URL: https://ix.leadshook.io/survey/0NlKKx6XxuEjxqUjSf3ocV1IHK2ZiCYeafPYsAN5?embed=true&index=1&_ga=GA1.2.432104590.1704806725&_fbp=fb.1.1704806725254.1446501616

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ix.leadshook.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 09 Jan 2024 13:25:26 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 201 certs Show response
api.trustedform.com/ Frame B9AA 475 B
685 B 384ms
135ms XHR
application/json 44.210.34.224
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.trustedform.com/certs
Requested by: Host: api.trustedform.com
URL: https://api.trustedform.com/trustedform.js?provide_referrer=false&field=xxTrustedFormCertUrl&l=17048067262870.2014053591412932&invert_field_sensitivity=false
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 44.210.34.224 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-210-34-224.compute-1.amazonaws.com
Software: Cowboy /
Resource Hash: 5b6edf29711b424ae6b9141e244d7e47446ff6b606c4ac682e73d12e822313e1

Request headers

Referer: https://ix.leadshook.io/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 09 Jan 2024 13:25:27 GMT
server: Cowboy
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
content-length: 475

POST
H2 201 certs Show response
api.trustedform.com/ Frame 7BF7 475 B
686 B 323ms
134ms XHR
application/json 44.210.34.224
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.trustedform.com/certs
Requested by: Host: api.trustedform.com
URL: https://api.trustedform.com/trustedform.js?provide_referrer=false&field=xxTrustedFormCertUrl&l=17048067264640.6268984850983561&invert_field_sensitivity=false
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 44.210.34.224 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-210-34-224.compute-1.amazonaws.com
Software: Cowboy /
Resource Hash: 02086d74762a5b98281b03d0a787d0c0b8b947768f74b25762e92fdc79708ebf

Request headers

Referer: https://ix.leadshook.io/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 09 Jan 2024 13:25:27 GMT
server: Cowboy
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
content-length: 475

OPTIONS
H2 204 cookie
renderer.ampry.com/register/conversion/ Frame 0
0 436ms
149ms Preflight 52.23.124.10
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://renderer.ampry.com/register/conversion/cookie?pixel_code=49199886798e260a77999888fe9da5940eb4bc
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.23.124.10 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-23-124-10.compute-1.amazonaws.com
Software: awselb/2.0 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://benefits.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: https://benefits.com
access-control-max-age: 0
cache-control: no-cache, private
date: Tue, 09 Jan 2024 13:25:27 GMT
server: awselb/2.0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers

OPTIONS
H2 204 templates
renderer.ampry.com/filter/ Frame 0
0 434ms
149ms Preflight 52.23.124.10
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://renderer.ampry.com/filter/templates
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.23.124.10 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-23-124-10.compute-1.amazonaws.com
Software: awselb/2.0 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://benefits.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: POST
access-control-allow-origin: https://benefits.com
access-control-max-age: 0
cache-control: no-cache, private
date: Tue, 09 Jan 2024 13:25:27 GMT
server: awselb/2.0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers

GET
H2 200 cookie Show response
renderer.ampry.com/register/conversion/ 39 B
252 B 389ms
144ms Fetch
application/json 52.23.124.10
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://renderer.ampry.com/register/conversion/cookie?pixel_code=49199886798e260a77999888fe9da5940eb4bc
Requested by: Host: pixel.ampry.com
URL: https://pixel.ampry.com/track.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.23.124.10 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-23-124-10.compute-1.amazonaws.com
Software: awselb/2.0 /
Resource Hash: 7d1971b24c491befa0de070b93f69444fe8e3206b88dd67c01f43ab7eb0bbde6

Request headers

Referer: https://benefits.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 09 Jan 2024 13:25:27 GMT
server: awselb/2.0
vary: Origin
x-ratelimit-remaining: 984
content-type: application/json
access-control-allow-origin: https://benefits.com
cache-control: no-cache, private
access-control-allow-credentials: true
x-ratelimit-limit: 1000
content-length: 39

POST
H2 200 templates Show response
renderer.ampry.com/filter/ 3 KB
4 KB 432ms
187ms Fetch
application/json 52.23.124.10
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://renderer.ampry.com/filter/templates
Requested by: Host: pixel.ampry.com
URL: https://pixel.ampry.com/track.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.23.124.10 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-23-124-10.compute-1.amazonaws.com
Software: awselb/2.0 /
Resource Hash: c06c7822e45c120da659f2eda4886c99d85a258aeda73191b6121ea9cd1b7c76

Request headers

Referer: https://benefits.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 09 Jan 2024 13:25:27 GMT
server: awselb/2.0
vary: Origin
x-ratelimit-remaining: 985
content-type: application/json
access-control-allow-origin: https://benefits.com
cache-control: no-cache, private
access-control-allow-credentials: true
x-ratelimit-limit: 1000
content-length: 3130

GET
H2 200 trustedform-1.9.4.js Show response
cdn.trustedform.com/ Frame 7BF7 84 KB
33 KB 47ms
46ms Script
application/javascript 2600:9000:223d:1c00:1c:7f1a:6680:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.trustedform.com/trustedform-1.9.4.js
Requested by: Host: api.trustedform.com
URL: https://api.trustedform.com/trustedform.js?provide_referrer=false&field=xxTrustedFormCertUrl&l=17048067264640.6268984850983561&invert_field_sensitivity=false
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223d:1c00:1c:7f1a:6680:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: daec1d32a4f211884695930cbc2443467f28e7bd1b1ae1afb7f2eb16349aacfe

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ix.leadshook.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id: gtnb1Uxu8qLJRc.iYT4wVelhc0u4qkAi
content-encoding: gzip
via: 1.1 82514a5a8cf35fb3132b0b5ab9cb724c.cloudfront.net (CloudFront)
date: Tue, 09 Jan 2024 13:25:17 GMT
last-modified: Wed, 08 Nov 2023 19:52:40 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P3
age: 11
etag: W/"f46641519eee44fe450f02ae72e64a74"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: RKgH90EDdsAPZdzNLg-fUwW9Uq6IE_6jne76nWBjP0g8JdelwMEfhA==

GET
H2 200 trustedform-1.9.4.js Show response
cdn.trustedform.com/ Frame B9AA 84 KB
33 KB 82ms
81ms Script
application/javascript 2600:9000:223d:1c00:1c:7f1a:6680:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.trustedform.com/trustedform-1.9.4.js
Requested by: Host: api.trustedform.com
URL: https://api.trustedform.com/trustedform.js?provide_referrer=false&field=xxTrustedFormCertUrl&l=17048067262870.2014053591412932&invert_field_sensitivity=false
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223d:1c00:1c:7f1a:6680:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: daec1d32a4f211884695930cbc2443467f28e7bd1b1ae1afb7f2eb16349aacfe

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ix.leadshook.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id: gtnb1Uxu8qLJRc.iYT4wVelhc0u4qkAi
content-encoding: gzip
via: 1.1 82514a5a8cf35fb3132b0b5ab9cb724c.cloudfront.net (CloudFront)
date: Tue, 09 Jan 2024 13:25:27 GMT
last-modified: Wed, 08 Nov 2023 19:52:40 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P3
age: 11
etag: W/"f46641519eee44fe450f02ae72e64a74"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: RXq-KDjqkWNkda9nYTtI_bEXScySFiy9VgVY-8iApOZKbefS501YQA==

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/10876875974/ Frame B9AA 3 KB
1 KB 79ms
79ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10876875974/?random=1704806727388&cv=11&fst=1704806727388&bg=ffffff&guid=ON&async=1&gtm=45be4130v867851398&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=%2Fsurvey%2F0NlKKx6XxuEjxqUjSf3ocV1IHK2ZiCYeafPYsAN5%2Fwe-are-here-to-help-you-find-the-benefits-you-deserve!&ref=https%3A%2F%2Fbenefits.com%2F&top=https%3A%2F%2Fbenefits.com%2F&tiba=Benefits.com%20Quiz%20-%20We%20are%20here%20to%20help%20you%20find%20the%20benefits%20you%20deserve!&hn=www.googleadservices.com&frm=2&uamb=0&uaw=0&data=event%3Dpage_view&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-10876875974

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

eb70a6cb2c551885980260eac70b226e790d87930c1dc41ce8eba5e19759569e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ix.leadshook.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 09 Jan 2024 13:25:27 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1384
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 10876875974
google.com/ccm/form-data/ Frame B9AA 0
245 B 132ms
46ms Ping
text/plain 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://google.com/ccm/form-data/10876875974?gtm=45be4130v867851398&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&hn=www.googleadservices.com&ec_mode=a&uamb=0&uaw=0&em=tv.1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-10876875974
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ix.leadshook.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 09 Jan 2024 13:25:27 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://ix.leadshook.io
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 snapshot Show response
api.trustedform.com/certs/edad610eddd455e3c260fdc27eb67a4e84692163/ Frame 7BF7 0
159 B 130ms
130ms XHR
text/plain 44.210.34.224
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.trustedform.com/certs/edad610eddd455e3c260fdc27eb67a4e84692163/snapshot
Requested by: Host: cdn.trustedform.com
URL: https://cdn.trustedform.com/trustedform-1.9.4.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 44.210.34.224 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-210-34-224.compute-1.amazonaws.com
Software: Cowboy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ix.leadshook.io/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: *
date: Tue, 09 Jan 2024 13:25:27 GMT
access-control-expose-headers
access-control-allow-credentials: true
cache-control: max-age=0, private, must-revalidate
server: Cowboy

POST
H2 204 fingerprints Show response
api.trustedform.com/certs/edad610eddd455e3c260fdc27eb67a4e84692163/ Frame 7BF7 0
159 B 129ms
128ms XHR
text/plain 44.210.34.224
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.trustedform.com/certs/edad610eddd455e3c260fdc27eb67a4e84692163/fingerprints
Requested by: Host: cdn.trustedform.com
URL: https://cdn.trustedform.com/trustedform-1.9.4.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 44.210.34.224 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-210-34-224.compute-1.amazonaws.com
Software: Cowboy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ix.leadshook.io/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: *
date: Tue, 09 Jan 2024 13:25:27 GMT
access-control-expose-headers
access-control-allow-credentials: true
cache-control: max-age=0, private, must-revalidate
server: Cowboy

GET
H2 200 pixel.png
d2zdr2rqflfo3.cloudfront.net/ Frame 7BF7 95 B
416 B 48ms
47ms Image
image/png 108.156.253.67
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d2zdr2rqflfo3.cloudfront.net/pixel.png?host=ix.leadshook.io&subdomain=ix&accountId=2085&quizId=65785&leadId=456081356&quizVersionId=6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.156.253.67 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-156-253-67.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: cafbd551d674da240212f6c44988757a728b9dc8cbc2a6c8dcf53c0d9159c323

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ix.leadshook.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 13:25:27 GMT
via: 1.1 6eb77e673c2aa566dbadbc817458b976.cloudfront.net (CloudFront)
last-modified: Sat, 28 Sep 2019 18:11:04 GMT
server: AmazonS3
x-amz-cf-pop: DUS51-P2
age: 1
etag: "9591c410148e6883727c5339fd1c02cd"
x-cache: Hit from cloudfront
content-type: image/png
accept-ranges: bytes
content-length: 95
x-amz-cf-id: zxL6QkgDrHXUE_naIYBoqZ1bcf3dfvTkoPpN8_S-bKO6nOAauYsnKA==

GET
DATA 200
OK truncated
/ Frame 7BF7 10 KB
10 KB Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: eed633a8002069e13f06351bfe014d0132941a0882144ccee95cdacfa403b954

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: text/javascript

POST
H2 204 snapshot Show response
api.trustedform.com/certs/818baa396bbc8a37c8b1a060d1dfca3b4c277cb6/ Frame B9AA 0
159 B 214ms
214ms XHR
text/plain 44.210.34.224
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.trustedform.com/certs/818baa396bbc8a37c8b1a060d1dfca3b4c277cb6/snapshot
Requested by: Host: cdn.trustedform.com
URL: https://cdn.trustedform.com/trustedform-1.9.4.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 44.210.34.224 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-210-34-224.compute-1.amazonaws.com
Software: Cowboy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ix.leadshook.io/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: *
date: Tue, 09 Jan 2024 13:25:27 GMT
access-control-expose-headers
access-control-allow-credentials: true
cache-control: max-age=0, private, must-revalidate
server: Cowboy

POST
H2 204 fingerprints Show response
api.trustedform.com/certs/818baa396bbc8a37c8b1a060d1dfca3b4c277cb6/ Frame B9AA 0
159 B 210ms
210ms XHR
text/plain 44.210.34.224
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.trustedform.com/certs/818baa396bbc8a37c8b1a060d1dfca3b4c277cb6/fingerprints
Requested by: Host: cdn.trustedform.com
URL: https://cdn.trustedform.com/trustedform-1.9.4.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 44.210.34.224 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-210-34-224.compute-1.amazonaws.com
Software: Cowboy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ix.leadshook.io/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: *
date: Tue, 09 Jan 2024 13:25:27 GMT
access-control-expose-headers
access-control-allow-credentials: true
cache-control: max-age=0, private, must-revalidate
server: Cowboy

GET
H2 200 pixel.png
d2zdr2rqflfo3.cloudfront.net/ Frame B9AA 95 B
416 B 48ms
48ms Image
image/png 108.156.253.67
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d2zdr2rqflfo3.cloudfront.net/pixel.png?host=ix.leadshook.io&subdomain=ix&accountId=2085&quizId=65785&leadId=456081354&quizVersionId=6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.156.253.67 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-156-253-67.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: cafbd551d674da240212f6c44988757a728b9dc8cbc2a6c8dcf53c0d9159c323

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ix.leadshook.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 13:25:27 GMT
via: 1.1 6eb77e673c2aa566dbadbc817458b976.cloudfront.net (CloudFront)
last-modified: Sat, 28 Sep 2019 18:11:04 GMT
server: AmazonS3
x-amz-cf-pop: DUS51-P2
age: 1
etag: "9591c410148e6883727c5339fd1c02cd"
x-cache: Hit from cloudfront
content-type: image/png
accept-ranges: bytes
content-length: 95
x-amz-cf-id: 0jWOulQi-bdtui0FJjzc3ehr6JMj6hEJJCo6_eBnqCQPMFJqzNUbuA==

GET
DATA 200
OK truncated
/ Frame B9AA 10 KB
10 KB Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: eed633a8002069e13f06351bfe014d0132941a0882144ccee95cdacfa403b954

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: text/javascript

GET
H3 200 /
www.google.com/pagead/1p-user-list/10876875974/ Frame B9AA 42 B
64 B 50ms
50ms Image
image/gif 2a00:1450:4001:80b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/10876875974/?random=1704806727388&cv=11&fst=1704805200000&bg=ffffff&guid=ON&async=1&gtm=45be4130v867851398&u_w=1600&u_h=1200&url=%2Fsurvey%2F0NlKKx6XxuEjxqUjSf3ocV1IHK2ZiCYeafPYsAN5%2Fwe-are-here-to-help-you-find-the-benefits-you-deserve!&ref=https%3A%2F%2Fbenefits.com%2F&tiba=Benefits.com%20Quiz%20-%20We%20are%20here%20to%20help%20you%20find%20the%20benefits%20you%20deserve!&frm=2&data=event%3Dpage_view&fmt=3&is_vtc=1&cid=CAQSKQAvHhf_PsWWOjMVbUBseDVI2AzTmuALn_HiO5cMEGFdqreN3FQ6lu41&random=2146127226&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ix.leadshook.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 09 Jan 2024 13:25:27 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/10876875974/ Frame B9AA 42 B
64 B 51ms
50ms Image
image/gif 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/10876875974/?random=1704806727388&cv=11&fst=1704805200000&bg=ffffff&guid=ON&async=1&gtm=45be4130v867851398&u_w=1600&u_h=1200&url=%2Fsurvey%2F0NlKKx6XxuEjxqUjSf3ocV1IHK2ZiCYeafPYsAN5%2Fwe-are-here-to-help-you-find-the-benefits-you-deserve!&ref=https%3A%2F%2Fbenefits.com%2F&tiba=Benefits.com%20Quiz%20-%20We%20are%20here%20to%20help%20you%20find%20the%20benefits%20you%20deserve!&frm=2&data=event%3Dpage_view&fmt=3&is_vtc=1&cid=CAQSKQAvHhf_PsWWOjMVbUBseDVI2AzTmuALn_HiO5cMEGFdqreN3FQ6lu41&random=2146127226&rmt_tld=1&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ix.leadshook.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 09 Jan 2024 13:25:27 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/10876875974/ Frame 7BF7 3 KB
1 KB 79ms
79ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10876875974/?random=1704806727505&cv=11&fst=1704806727505&bg=ffffff&guid=ON&async=1&gtm=45be4130v867851398&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=%2Fsurvey%2F0NlKKx6XxuEjxqUjSf3ocV1IHK2ZiCYeafPYsAN5%2Fwe-are-here-to-help-you-find-the-benefits-you-deserve!&ref=https%3A%2F%2Fbenefits.com%2F&top=https%3A%2F%2Fbenefits.com%2F&tiba=Benefits.com%20Quiz%20-%20We%20are%20here%20to%20help%20you%20find%20the%20benefits%20you%20deserve!&hn=www.googleadservices.com&frm=2&uamb=0&uaw=0&data=event%3Dpage_view&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-10876875974

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7dedbb75df7b6fad756abd36d1d68dd0b308d7af4f6d671bcd217d59874a25ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ix.leadshook.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 09 Jan 2024 13:25:27 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1387
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 10876875974
google.com/ccm/form-data/ Frame 7BF7 0
54 B 50ms
50ms Ping
text/plain 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://google.com/ccm/form-data/10876875974?gtm=45be4130v867851398&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&hn=www.googleadservices.com&ec_mode=a&uamb=0&uaw=0&em=tv.1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-10876875974
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ix.leadshook.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 09 Jan 2024 13:25:27 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://ix.leadshook.io
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/10876875974/ Frame 7BF7 42 B
64 B 51ms
50ms Image
image/gif 2a00:1450:4001:80b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/10876875974/?random=1704806727505&cv=11&fst=1704805200000&bg=ffffff&guid=ON&async=1&gtm=45be4130v867851398&u_w=1600&u_h=1200&url=%2Fsurvey%2F0NlKKx6XxuEjxqUjSf3ocV1IHK2ZiCYeafPYsAN5%2Fwe-are-here-to-help-you-find-the-benefits-you-deserve!&ref=https%3A%2F%2Fbenefits.com%2F&tiba=Benefits.com%20Quiz%20-%20We%20are%20here%20to%20help%20you%20find%20the%20benefits%20you%20deserve!&frm=2&data=event%3Dpage_view&fmt=3&is_vtc=1&cid=CAQSKQAvHhf_eWMd3EJGr_KNV6CQWKYd2skoOxS5hNdmry5eIjnqdDS1DL8U&random=1574187830&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ix.leadshook.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 09 Jan 2024 13:25:27 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/10876875974/ Frame 7BF7 42 B
64 B 50ms
49ms Image
image/gif 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/10876875974/?random=1704806727505&cv=11&fst=1704805200000&bg=ffffff&guid=ON&async=1&gtm=45be4130v867851398&u_w=1600&u_h=1200&url=%2Fsurvey%2F0NlKKx6XxuEjxqUjSf3ocV1IHK2ZiCYeafPYsAN5%2Fwe-are-here-to-help-you-find-the-benefits-you-deserve!&ref=https%3A%2F%2Fbenefits.com%2F&tiba=Benefits.com%20Quiz%20-%20We%20are%20here%20to%20help%20you%20find%20the%20benefits%20you%20deserve!&frm=2&data=event%3Dpage_view&fmt=3&is_vtc=1&cid=CAQSKQAvHhf_eWMd3EJGr_KNV6CQWKYd2skoOxS5hNdmry5eIjnqdDS1DL8U&random=1574187830&rmt_tld=1&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ix.leadshook.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 09 Jan 2024 13:25:27 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 matomo.php
marketstormai.matomo.cloud/ 0
171 B 102ms
101ms Ping
text/plain 18.195.235.189
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://marketstormai.matomo.cloud/matomo.php?fa_vid=IFDg07&fa_fv=1&ca=1&idsite=88&rec=1&r=331358&h=14&m=25&s=25&url=https%3A%2F%2Fbenefits.com%2F&_id=1939d92428590507&_idn=0&send_image=0&_refts=0&pv_id=NgkOLG&uadata=%7B%22fullVersionList%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%7D&pdf=1&qt=0&realp=0&wma=0&fla=0&java=0&ag=0&cookie=1&res=1600x1200
Requested by: Host: cdn.matomo.cloud
URL: https://cdn.matomo.cloud/marketstormai.matomo.cloud/container_Afi9gdAl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.235.189 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-235-189.eu-central-1.compute.amazonaws.com
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://benefits.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=utf-8

Response headers

access-control-allow-origin: https://benefits.com
date: Tue, 09 Jan 2024 13:25:28 GMT
access-control-allow-credentials: true
server: Apache
vary: Origin,X-Forwarded-Port-Override,X-Forwarded-Proto-Override,User-Agent

Verdicts & Comments Add Verdict or Comment

83 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

29 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.benefits.com/	1970-01-20 17:33:28	Name: __cf_bm Value: m.6.GZBuR1NGXEoqcu9yYStnMhCKEXIcDaDCSzX3vcI-1704806724-1-ATeF6jMGDM2jYrWXggv2K5QP8Ny/5JxziWTvhiFupaPDy146vx6aRaNyB1i87dpgmcMSfxqkrNHxuBMKgLAjdr0=
.benefits.com/	1970-01-21 03:09:26	Name: _ga_61S7EYFJNT Value: GS1.1.1704806724.1.0.1704806724.60.0.0
.benefits.com/	1970-01-20 19:43:02	Name: _gcl_au Value: 1.1.70658354.1704806725
.benefits.com/	1970-01-21 03:09:26	Name: _ga Value: GA1.2.432104590.1704806725
.benefits.com/	1970-01-20 17:34:53	Name: _gid Value: GA1.2.1228043554.1704806725
.benefits.com/	1970-01-20 17:33:26	Name: _gat_UA-119266907-1 Value: 1
benefits.com/	1970-01-21 02:59:21	Name: _pk_id.88.f790 Value: 1939d92428590507.1704806725.
benefits.com/	1970-01-20 17:33:28	Name: _pk_ses.88.f790 Value: 1
.benefits.com/	1970-01-20 19:43:02	Name: _fbp Value: fb.1.1704806725254.1446501616
tags.srv.stackadapt.com/	1970-01-21 02:19:02	Name: sa-user-id Value: s%3A0-f3637285-b477-5d23-47ec-f8e0e7db5f30.7dg8Luy%2FdF2SrLlqe56BqNqiuYRUxbbDmsoJ8Tau7XE
.srv.stackadapt.com/	1970-01-21 02:19:02	Name: sa-user-id Value: s%3A0-f3637285-b477-5d23-47ec-f8e0e7db5f30.7dg8Luy%2FdF2SrLlqe56BqNqiuYRUxbbDmsoJ8Tau7XE
tags.srv.stackadapt.com/	1970-01-21 02:19:02	Name: sa-user-id-v2 Value: s%3A82NyhbR3XSNH7Pjg59tfMFD_B2w.6h56y2ZQ5IppI50dzLQWiqRB2cVNPRPL97Z%2BNISnMfk
.srv.stackadapt.com/	1970-01-21 02:19:02	Name: sa-user-id-v2 Value: s%3A82NyhbR3XSNH7Pjg59tfMFD_B2w.6h56y2ZQ5IppI50dzLQWiqRB2cVNPRPL97Z%2BNISnMfk
tags.srv.stackadapt.com/	1970-01-21 02:19:02	Name: sa-user-id-v3 Value: s%3AAQAKIGFtzq-L4TuPwox2UZo5vn1abI_hyoKnna9vEXhX2CJTEHwYBCDFkvWsBjABOgT90vuTQgQNTWBM.2FB3wV%2FS46ubfZPeRJszySBXOoWmZehWXxcgPQRVtJg
.srv.stackadapt.com/	1970-01-21 02:19:02	Name: sa-user-id-v3 Value: s%3AAQAKIGFtzq-L4TuPwox2UZo5vn1abI_hyoKnna9vEXhX2CJTEHwYBCDFkvWsBjABOgT90vuTQgQNTWBM.2FB3wV%2FS46ubfZPeRJszySBXOoWmZehWXxcgPQRVtJg
benefits.com/	1970-01-21 02:19:02	Name: sa-user-id Value: s%253A0-f3637285-b477-5d23-47ec-f8e0e7db5f30.7dg8Luy%252FdF2SrLlqe56BqNqiuYRUxbbDmsoJ8Tau7XE
benefits.com/	1970-01-21 02:19:02	Name: sa-user-id-v2 Value: s%253A82NyhbR3XSNH7Pjg59tfMFD_B2w.6h56y2ZQ5IppI50dzLQWiqRB2cVNPRPL97Z%252BNISnMfk
benefits.com/	1970-01-21 02:19:02	Name: sa-user-id-v3 Value: s%253AAQAKIGFtzq-L4TuPwox2UZo5vn1abI_hyoKnna9vEXhX2CJTEHwYBCDFkvWsBjABOgT90vuTQgQNTWBM.2FB3wV%252FS46ubfZPeRJszySBXOoWmZehWXxcgPQRVtJg
.youtube.com/	1969-12-31 23:59:59	Name: YSC Value: EMZYpGALS1c
.youtube.com/	1970-01-20 21:52:38	Name: VISITOR_INFO1_LIVE Value: 34Q8SE_1edQ
.benefits.com/	1970-01-20 17:34:53	Name: _uetsid Value: 8c563d80aef211eeb4d4ddaf50a7c987
.benefits.com/	1970-01-21 02:55:02	Name: _uetvid Value: 8c562ec0aef211eea52c8dbd55c03993
.bing.com/	1970-01-21 02:55:02	Name: MUID Value: 3AF514F3C2C963C225E300F2C365621C
ix.leadshook.io/	1970-01-20 17:43:31	Name: AWSALBTGCORS Value: JGrLNOWLmUNSqZAdDxRmUOCTPI1ZeXTFtodyfyo0gjTY7O2qn3yrwCJgo+4SeSvFIadrAcgmeW5GFOcKUe/iVNshvpG6uqCohHLVb7YS8ITFQMuOpOsHs3CMkAVG9N1CvYEZnPjRwqRH/eRPmG8o7+CkeMaN6vO17DLQSKXdduTxL6t1YqzPGq/G6XbxhsVQkJL/RGO01CwMz/JVT6+22kJ8tHas3xvZE/SycUd8tbBVHZcxfWrc8ctzHuiY55P0CnxTZ98=
ix.leadshook.io/	1970-01-20 17:43:31	Name: AWSALBCORS Value: m+9II7CQ/yjAB+XFym51K/J/WCnCPUEJLAstQ03/JCGPD3w8bA3HKMxLBgVoSPQL+h4mNtXJnMDvBK1PhYOag2ABMmVzLp7AdFRN2YoXlzYlBESWfT51opkHWbIx
ix.leadshook.io/	1970-01-20 18:16:38	Name: 0NlKKx6XxuEjxqUjSf3ocV1IHK2ZiCYeafPYsAN5.leadData Value: j%3A%7B%22leadId%22%3A456081356%2C%22leadToken%22%3A%220NlKKx6XxuEjxqUjSf3ocV1IHK2ZiCYeafPYsAN5pcELBUaL1z7YxoxBd4pv%22%2C%22quizId%22%3A65785%7D
.doubleclick.net/	1970-01-21 02:55:02	Name: IDE Value: AHWqTUnqI-1KxOxZWHiMxbsEs7Zu0qawyz5PxqGaWepjhy28LygzPytbYxqAN_Xv
.ampry.com/	1970-01-20 21:52:38	Name: visited_urls Value: eyJpdiI6IkpTcXFqck5UcisySWN2UkNDUUJRTXc9PSIsInZhbHVlIjoiZjd5K0NHSXVWMHozaEFlRmZ5a212dERFUDdBcDZhbnE3Q1Z4eG4wckNwWVNvM2ZjVmdOcWFkSVE2MSt4dHJTZSIsIm1hYyI6ImVjY2MyMWUwYjI2MWMzZTE2M2M2OWExYmE3MWIyYjY4OGMxMWZjN2IyOTRlNjYyYTUwOWEwMWE1NGRjMDc2Y2EiLCJ0YWciOiIifQ%3D%3D
.ampry.com/	1970-01-20 21:52:38	Name: ampry_unique Value: eyJpdiI6ImoydWNycDNQZy85YVZ6WmRFbmVyanc9PSIsInZhbHVlIjoiU3dDUFVpR0FXL2FlbHRwWmhremttcCt3UzdjZnFUdXFXa3lFdzdLYUV1emVVaXQzb0x0VXVkU0ZVZnpJVnU3NHNOQ1IrSzU1WTFJZmJSTHRwYndaNWpvWVAwMW9KdUZXZkV0NVo0UzVlRmM9IiwibWFjIjoiODQ1ODUzNzkzMGQxOTJhYmI0M2YxYTMxMjJkOTA4NTMzOWJiNzI4MzRjN2MzZDNhOWQxNjE1ZDFlZjI0ZmFkNCIsInRhZyI6IiJ9

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://connect.facebook.net/signals/config/815144366094512?v=2.9.139&r=stable&domain=benefits.com(Line 137) Message: Unrecognized feature: 'attribution-reporting'.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.trustedform.com
bat.bing.com
benefits.com
cdn.matomo.cloud
cdn.trustedform.com
cdnjs.cloudflare.com
connect.facebook.net
d2zdr2rqflfo3.cloudfront.net
fonts.googleapis.com
fonts.gstatic.com
google.com
googleads.g.doubleclick.net
ix.leadshook.io
marketstormai.matomo.cloud
pixel.ampry.com
polyfill.leadshook.io
region1.analytics.google.com
renderer.ampry.com
static.leadshook.io
stats.g.doubleclick.net
tags.srv.stackadapt.com
www.ezojs.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.youtube.com
108.156.253.67
13.32.121.55
18.156.64.29
18.195.235.189
18.215.82.39
18.66.218.102
2001:4860:4802:34::36
2600:9000:223d:1c00:1c:7f1a:6680:93a1
2600:9000:223e:b600:19:6119:81c0:93a1
2600:9000:224a:e400:c:7d55:b3c0:93a1
2606:4700:3032::ac43:aa90
2606:4700:3034::ac43:d694
2606:4700:3037::6815:433a
2606:4700::6811:190e
2620:1ec:c11::200
2a00:1450:4001:803::2003
2a00:1450:4001:80b::2004
2a00:1450:4001:80b::200a
2a00:1450:4001:80b::200e
2a00:1450:4001:80e::2008
2a00:1450:4001:811::200e
2a00:1450:4001:813::2003
2a00:1450:4001:81c::2002
2a00:1450:4001:82a::200e
2a00:1450:400c:c00::9c
2a03:2880:f083:100:face:b00c:0:3
2a03:2880:f177:83:face:b00c:0:25de
44.210.34.224
52.23.124.10
02086d74762a5b98281b03d0a787d0c0b8b947768f74b25762e92fdc79708ebf
0271e782d0e49674121fe3f5e703dfbff44ed8de8b8625a006eeb4a9702724d7
02fade1eeed2b193ed08834217653248ac5e05d8947e383549a267c9282e7594
0df5a33710e433de1f5415b1d47e4130ca7466aee5b81955f1045c4844bbb3ed
10c26048505644bce66b11440a1c35ff0bee0658d32ec7dd2f978d2b27728dfa
141ac568be4ebb63260741515cc6e4a81fe3abaa2599567ed81922801800fc5a
1705c22f7203ba1948082190860294b9f84313a2f8901f86597cb455f211a1a8
188d321da52decd5b8a5c92b29c10badb5c8ded9b9f45f802ee6b64bd8d6a564
1c57be229caa8e3f6d3739002a6e2b2dc969f68e43ba528a1e4c2d8575927f05
2534deb3514672a6957d5716c87bb0f4d63a935d4599f32f294209bbc3a36805
2a123d813111fa6c421bfdf41d3a8f3ed67ea567b2692fc099a71769cc4753cf
35cbf6a6e5e7ff72ebb142669e1727de048df4fc13fc9fb5d9bd2d8334de7a71
3715b504c68323affe436a0169f96fcccfff8f0632a7bce1ca2a762ff714fd17
3ab5b1498fc35d6bf06781105346a6da759dd43e5e0967e7339bfe6b65f1ff70
3d5e3514163864b381ab11226aef049f423b11f7487f9c65bffe3d1a95e348b3
428685ddbd13dabcf8699b4ba28cc158d034395453e9e0c3fe51404f87486119
4c9f389586890bc121c0d45c40ea03410d3437e3bd41ad07c428886dac2f897b
521101071e783b36df3d9f5c0ad8a9431fa85e0b52e51bbc5d2cc0e059037d52
5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89
5b6edf29711b424ae6b9141e244d7e47446ff6b606c4ac682e73d12e822313e1
5b94ec9c2602eadfffee173449e17eb83a791eef3dcbdc51b6efb9ae17e89dfe
5c93f77799d122fb5255ee24da285f9f228cc118cba11e6ceb2b6bda8cdf4164
5e319852607809336b2534ffeb96f6933f26994dd040f535302c84f59cc0a214
608fe8cb2a8dc300efdd195ce5f4b62559a70382fabf0ca4bf6603622d650b46
67447c3656caad630373253691f3e8f64467eafd6e7305c9b0e98111b0b41694
6dbe9c2e13cf06c6633ea3fcf6d7bd30452561202a205c75a035cd1d8b93368f
755c955727ca085a1306ef961db73013e9bc988be481053cb2ec4296c47dc5ba
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7d1971b24c491befa0de070b93f69444fe8e3206b88dd67c01f43ab7eb0bbde6
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
7dedbb75df7b6fad756abd36d1d68dd0b308d7af4f6d671bcd217d59874a25ed
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
994dce092654e875b1563168d5e68c5de4cb86769d28b632d12e509dceac2a3d
99d60eaa310785df6e613e99a7ef31ae4141636d50506c6f4add28e0c1f9aee7
99e1fb4618dee96b3f5056d56dbf3b9a186c8d12632dd242d9d57707456cc9e1
9a31e4a87745cbfadd6e4f24e4075fd5fddab1c56532de8d11d83137ae42122e
9c8c6f4cde46b63c0597a92adf4f24691428303c65ff203e5cec681535db90bb
a0016f5b9d05a25d15be34c56c7e2a835d9ab75a67ef6c40e004eaadff81c4ec
a113596aff7986dafa9b501d9eb455650b956dbc2dcadd689cde88cea2d07af1
a3445310c729d3f95ccaa8b2a90dcd483f5751ab02fc487fde5137c575142436
a45e7bf542de2c3c7596aa5fa34c0945034c0c6741dc7dfa37c8cc32df8dbfd3
a603017dc3e8b510c88997cc8f8048e684cd166193944f0f96aa6e49e425f378
b19f4154f1166872b1a37173480c96de59f70754b749562b3d67a6c3950a15ad
b625d5a8adce0e637b3263a627b65445e87da3ec1e62aff4ff86869707ed4fe7
b64a5c69d41a41ed80d89aac201772d245a94d13d18f8669fdc0cdce9c691c28
b75dd5704c75a55d53b95c789b9b42659a1a8fe0f291346dec68b76f189cb658
b9c043ec3e8104d09e08fc14f8bd1afb5ad91fee207525ade4e4ba4c23d38c99
ba520ccc0b0f68088e7688c010a42d4737c9a87de09ca3b0d96638feb03bb01f
bc7ed14338631eb24268b2424e3969c1ea15f060bcb6e298a900d481565cd47a
be00463181764a24723572cdbb07428c967d0e5c80878a6f4aaca1954a41dba9
c06c7822e45c120da659f2eda4886c99d85a258aeda73191b6121ea9cd1b7c76
c94753f54cf76af0839eb6db13e9aa71ad04d765e2fa605204ebc5af671af39a
cabcbcf88931dc54f0abacc5e288bd8cdc259736ac71908be0fc99686d984e5f
cafbd551d674da240212f6c44988757a728b9dc8cbc2a6c8dcf53c0d9159c323
d605760868c5d6c5cd8c7de55b5074cf3d3b3576184a7b0ca417a9b6460e534e
d772756f7f30b155def5b4c539d7883b69134c27e64be72d6e2fd98b37718843
d7f817255acac24d24766a420471f23c0796b5228b84f8432bf70570ed870b72
d8aaba1d378de27bff26a4f9512ba9c1d882d9f146e1b9c5ed07c3c15ff4afb4
daec1d32a4f211884695930cbc2443467f28e7bd1b1ae1afb7f2eb16349aacfe
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e31524c091698ef342ebb4198d656224492ba68362a175cd5cb71566882c29fd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e9669dceaae081da2e8f271cef50b3f0616117ba15a1dc2d16c16832723cd604
eb70a6cb2c551885980260eac70b226e790d87930c1dc41ce8eba5e19759569e
eed633a8002069e13f06351bfe014d0132941a0882144ccee95cdacfa403b954
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f3d7854a5e060542337a731983a1f0c053e1d7412dd69b4ffdebc37e9028eeac
f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149
f61e2393195d9a59e7a300bf4e1377290eca355bc900a7fc1e92ab2aa317880a
f7b400bf2e5f7209247ff7d9d88ef19aa2bcf9785f53ab5af92e2dd478bb6a9d
f93156b0e55f73fa048853c532d79b93fa03a9c588966de030662d458a43c694
f9e8caf28fb3f539674e2a59be1d14baec3d8bc60e4688142b07062cc480de29
fd8b9aaee5d2ca94b9181c7d568449162e8a155ad454a7deaaba4dbcc217ef6a

benefits.com Open in urlscan Pro 2606:4700:3034::ac43:d694 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

116 Requests

98 %HTTPS

72 %IPv6

20 Domains

28 Subdomains

29 IPs

3 Countries

3253 kBTransfer

14637 kBSize

29 Cookies

3 Outgoing links

Page URL History

Redirected requests

116 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

benefits.com Open in urlscan Pro
2606:4700:3034::ac43:d694 Public Scan

Screenshot
Live screenshot

Full Image

116
Requests

98 %
HTTPS

72 %
IPv6

20
Domains

28
Subdomains

29
IPs

3
Countries

3253 kB
Transfer

14637 kB
Size

29
Cookies

116 HTTP transactions
2 data transactions