urlscan.io logo urlscan.io
SecurityTrails logo

www.plumbenefits.com Open in urlscan Pro
104.18.16.48  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://e.email.plumbenefits.com/click?EbHlubi5sYWlAbGVuZGluZ3RyZWUuY29t/CeyJtaWQiOiIxNjg0ODU5Njg5NTc3NTFmZjNjMzY1MmY1IiwiY3QiOiJ...
Effective URL: https://www.plumbenefits.com/pages.php?sub=all-theme-parks-attractions&utm_campaign=Nav-theme-park-attraction&utm_medium=May-...
Submission: On May 23 via manual from IN — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 20 HTTP transactions. The main IP is 104.18.16.48, located in and belongs to CLOUDFLARENET, US. The main domain is www.plumbenefits.com. The Cisco Umbrella rank of the primary domain is 255493.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on April 30th 2023. Valid for: a year.
This is the only time www.plumbenefits.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 96.47.20.26 46263 (EDIALOG)
9 104.18.16.48 13335 (CLOUDFLAR...)
7 2606:4700::68... 13335 (CLOUDFLAR...)
20 3
Apex Domain
Subdomains		 Transfer
10 plumbenefits.com
e.email.plumbenefits.com — Cisco Umbrella Rank: 205144
www.plumbenefits.com — Cisco Umbrella Rank: 255493
128 KB
7 cloudflare.com
challenges.cloudflare.com — Cisco Umbrella Rank: 6358
123 KB
20 2
Domain Requested by
9 www.plumbenefits.com www.plumbenefits.com
7 challenges.cloudflare.com www.plumbenefits.com
challenges.cloudflare.com
1 e.email.plumbenefits.com 1 redirects
20 3

This site contains links to these domains. Also see Links.

Domain
www.cloudflare.com
Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-04-30 -
2024-04-29		 a year crt.sh
challenges.cloudflare.com
Cloudflare Inc ECC CA-3		 2022-09-18 -
2023-09-17		 a year crt.sh

This page contains 2 frames:

Primary Page: https://www.plumbenefits.com/pages.php?sub=all-theme-parks-attractions&utm_campaign=Nav-theme-park-attraction&utm_medium=May-23-2023-Disney-Destinations-WDW&utm_source=Email&frombulletin=1&clthash=fe3f49e5e951eccb6bd74d03a21c091fbb9db79c&cmpid=30516&uid=17660994&conv_source=zeta&bt_ee=0kjFc1v29coZA7wPZ%2BOPrI6th3ZomKd2hhWdoVrPQMnlJxFjphI%2Fs1AvDV6Tqp%2F9&bt_ts=1684859488590
Frame ID: 7956B6011469F12F5E35E971B65CDDAC
Requests: 14 HTTP requests in this frame

Frame: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/1z9na/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Frame ID: 6D1922D5C576F0E19364E659A6B25762
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Just a moment...

Page URL History Show full URLs

  1. https://e.email.plumbenefits.com/click?EbHlubi5sYWlAbGVuZGluZ3RyZWUuY29t/CeyJtaWQiOiIxNjg0ODU5Njg5NTc3NTFmZjN... HTTP 302
    https://www.plumbenefits.com/pages.php?sub=all-theme-parks-attractions&utm_campaign=Nav-theme-park-attrac... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)

Page Statistics

20
Requests

80 %
HTTPS

33 %
IPv6

2
Domains

3
Subdomains

3
IPs

2
Countries

251 kB
Transfer

557 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://e.email.plumbenefits.com/click?EbHlubi5sYWlAbGVuZGluZ3RyZWUuY29t/CeyJtaWQiOiIxNjg0ODU5Njg5NTc3NTFmZjNjMzY1MmY1IiwiY3QiOiJlYmctcGItYzQ4YmRiMmI1ZTcxYzc4NTlkNzRkZTY4YTdiYTJlNDYtMSIsInJkIjoibGVuZGluZ3RyZWUuY29tIn0/HWkhfZWJncGJfTkRCQU0wNTIzMjAyM2M5MTYzNDNiMSxlYjMsaHR0cHM6Ly93d3cucGx1bWJlbmVmaXRzLmNvbS9wYWdlcy5waHA/qP3N1Yj1hbGwtdGhlbWUtcGFya3MtYXR0cmFjdGlvbnMmdXRtX2NhbXBhaWduPU5hdi10aGVtZS1wYXJrLWF0dHJhY3Rpb24mdXRtX21lZGl1bT1NYXktMjMtMjAyMy1EaXNuZXktRGVzdGluYXRpb25zLVdEVyZ1dG1fc291cmNlPUVtYWlsJmZyb21idWxsZXRpbj0xJmNsdGhhc2g9ZmUzZjQ5ZTVlOTUxZWNjYjZiZDc0ZDAzYTIxYzA5MWZiYjlkYjc5YyZjbXBpZD0zMDUxNiZ1aWQ9MTc2NjA5OTQmY29udl9zb3VyY2U9emV0YSZidF9lZT0wa2pGYzF2Mjljb1pBN3dQWiUyQk9Qckk2dGgzWm9tS2QyaGhXZG9WclBRTW5sSnhGanBoSSUyRnMxQXZEVjZUcXAlMkY5JmJ0X3RzPTE2ODQ4NTk0ODg1OTA/scp3ea10f51 HTTP 302
    https://www.plumbenefits.com/pages.php?sub=all-theme-parks-attractions&utm_campaign=Nav-theme-park-attraction&utm_medium=May-23-2023-Disney-Destinations-WDW&utm_source=Email&frombulletin=1&clthash=fe3f49e5e951eccb6bd74d03a21c091fbb9db79c&cmpid=30516&uid=17660994&conv_source=zeta&bt_ee=0kjFc1v29coZA7wPZ%2BOPrI6th3ZomKd2hhWdoVrPQMnlJxFjphI%2Fs1AvDV6Tqp%2F9&bt_ts=1684859488590 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

20 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request pages.php
www.plumbenefits.com/
Redirect Chain
  • https://e.email.plumbenefits.com/click?EbHlubi5sYWlAbGVuZGluZ3RyZWUuY29t/CeyJtaWQiOiIxNjg0ODU5Njg5NTc3NTFmZjNjMzY1MmY1IiwiY3QiOiJlYmctcGItYzQ4YmRiMmI1ZTcxYzc4NTlkNzRkZTY4YTdiYTJlNDYtMSIsInJkIjoibGV...
  • https://www.plumbenefits.com/pages.php?sub=all-theme-parks-attractions&utm_campaign=Nav-theme-park-attraction&utm_medium=May-23-2023-Disney-Destinations-WDW&utm_source=Email&frombulletin=1&clthash=...
10 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.plumbenefits.com/pages.php?sub=all-theme-parks-attractions&utm_campaign=Nav-theme-park-attraction&utm_medium=May-23-2023-Disney-Destinations-WDW&utm_source=Email&frombulletin=1&clthash=fe3f49e5e951eccb6bd74d03a21c091fbb9db79c&cmpid=30516&uid=17660994&conv_source=zeta&bt_ee=0kjFc1v29coZA7wPZ%2BOPrI6th3ZomKd2hhWdoVrPQMnlJxFjphI%2Fs1AvDV6Tqp%2F9&bt_ts=1684859488590
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.16.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8a37c9feb5007e62438bb5796873f09868038a81bf10441aa1b46f1448850eaa
Security Headers
Name Value
Strict-Transport-Security max-age=5184000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-mitigated
challenge
cf-ray
7cbf4dd9f9753820-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
same-origin
date
Tue, 23 May 2023 18:18:54 GMT
expires
Thu, 01 Jan 1970 00:00:01 GMT
permissions-policy
accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy
same-origin
server
cloudflare
strict-transport-security
max-age=5184000; includeSubDomains
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN

Redirect headers

Connection
Keep-Alive
Content-Length
0
Content-Type
text/html; charset=UTF-8
Date
Tue, 23 May 2023 18:18:54 GMT
Keep-Alive
timeout=5, max=100
Location
https://www.plumbenefits.com/pages.php?sub=all-theme-parks-attractions&utm_campaign=Nav-theme-park-attraction&utm_medium=May-23-2023-Disney-Destinations-WDW&utm_source=Email&frombulletin=1&clthash=fe3f49e5e951eccb6bd74d03a21c091fbb9db79c&cmpid=30516&uid=17660994&conv_source=zeta&bt_ee=0kjFc1v29coZA7wPZ%2BOPrI6th3ZomKd2hhWdoVrPQMnlJxFjphI%2Fs1AvDV6Tqp%2F9&bt_ts=1684859488590
Server
Apache
Strict-Transport-Security
max-age=60
X-Powered-By
PHP/7.3.33
challenges.css
www.plumbenefits.com/cdn-cgi/styles/ 		6 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.plumbenefits.com/cdn-cgi/styles/challenges.css
Requested by
Host: www.plumbenefits.com
URL: https://www.plumbenefits.com/pages.php?sub=all-theme-parks-attractions&utm_campaign=Nav-theme-park-attraction&utm_medium=May-23-2023-Disney-Destinations-WDW&utm_source=Email&frombulletin=1&clthash=fe3f49e5e951eccb6bd74d03a21c091fbb9db79c&cmpid=30516&uid=17660994&conv_source=zeta&bt_ee=0kjFc1v29coZA7wPZ%2BOPrI6th3ZomKd2hhWdoVrPQMnlJxFjphI%2Fs1AvDV6Tqp%2F9&bt_ts=1684859488590
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.16.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2b0bd09c1cc7119d27e45353a59bf6c2721563e1689853ff704057a7439508d2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.plumbenefits.com/pages.php?sub=all-theme-parks-attractions&utm_campaign=Nav-theme-park-attraction&utm_medium=May-23-2023-Disney-Destinations-WDW&utm_source=Email&frombulletin=1&clthash=fe3f49e5e951eccb6bd74d03a21c091fbb9db79c&cmpid=30516&uid=17660994&conv_source=zeta&bt_ee=0kjFc1v29coZA7wPZ%2BOPrI6th3ZomKd2hhWdoVrPQMnlJxFjphI%2Fs1AvDV6Tqp%2F9&bt_ts=1684859488590
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Tue, 23 May 2023 18:18:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 18 May 2023 12:46:56 GMT
server
cloudflare
etag
W/"64661e40-19c8"
x-frame-options
DENY
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=7200, public
cf-ray
7cbf4dda39c23820-FRA
expires
Tue, 23 May 2023 20:18:54 GMT
v1
www.plumbenefits.com/cdn-cgi/challenge-platform/h/g/orchestrate/managed/ 		147 KB
53 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.plumbenefits.com/cdn-cgi/challenge-platform/h/g/orchestrate/managed/v1?ray=7cbf4dd9f9753820
Requested by
Host: www.plumbenefits.com
URL: https://www.plumbenefits.com/pages.php?sub=all-theme-parks-attractions&utm_campaign=Nav-theme-park-attraction&utm_medium=May-23-2023-Disney-Destinations-WDW&utm_source=Email&frombulletin=1&clthash=fe3f49e5e951eccb6bd74d03a21c091fbb9db79c&cmpid=30516&uid=17660994&conv_source=zeta&bt_ee=0kjFc1v29coZA7wPZ%2BOPrI6th3ZomKd2hhWdoVrPQMnlJxFjphI%2Fs1AvDV6Tqp%2F9&bt_ts=1684859488590
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.16.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
eab6d410d198f49fa12bb4a81657b1b536a8a01894a2900f9574d9723080bc04
Security Headers
Name Value
Strict-Transport-Security max-age=5184000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.plumbenefits.com/pages.php?sub=all-theme-parks-attractions&utm_campaign=Nav-theme-park-attraction&utm_medium=May-23-2023-Disney-Destinations-WDW&utm_source=Email&frombulletin=1&clthash=fe3f49e5e951eccb6bd74d03a21c091fbb9db79c&cmpid=30516&uid=17660994&conv_source=zeta&bt_ee=0kjFc1v29coZA7wPZ%2BOPrI6th3ZomKd2hhWdoVrPQMnlJxFjphI%2Fs1AvDV6Tqp%2F9&bt_ts=1684859488590&__cf_chl_rt_tk=PDMEMe4hLWPqfvQzTwUMGr3daRraA0Evy7WfHw1qKb4-1684865934-0-gaNycGzNDvs
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Tue, 23 May 2023 18:18:54 GMT
strict-transport-security
max-age=5184000; includeSubDomains
x-content-type-options
nosniff
content-encoding
br
server
cloudflare
content-type
application/javascript; charset=UTF-8
cache-control
max-age=0, must-revalidate
cf-ray
7cbf4dda6f402c65-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
transparent.gif
www.plumbenefits.com/cdn-cgi/images/trace/managed/js/ 		42 B
259 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.plumbenefits.com/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7cbf4dd9f9753820
Requested by
Host: www.plumbenefits.com
URL: https://www.plumbenefits.com/pages.php?sub=all-theme-parks-attractions&utm_campaign=Nav-theme-park-attraction&utm_medium=May-23-2023-Disney-Destinations-WDW&utm_source=Email&frombulletin=1&clthash=fe3f49e5e951eccb6bd74d03a21c091fbb9db79c&cmpid=30516&uid=17660994&conv_source=zeta&bt_ee=0kjFc1v29coZA7wPZ%2BOPrI6th3ZomKd2hhWdoVrPQMnlJxFjphI%2Fs1AvDV6Tqp%2F9&bt_ts=1684859488590&__cf_chl_rt_tk=PDMEMe4hLWPqfvQzTwUMGr3daRraA0Evy7WfHw1qKb4-1684865934-0-gaNycGzNDvs
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.16.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.plumbenefits.com/pages.php?sub=all-theme-parks-attractions&utm_campaign=Nav-theme-park-attraction&utm_medium=May-23-2023-Disney-Destinations-WDW&utm_source=Email&frombulletin=1&clthash=fe3f49e5e951eccb6bd74d03a21c091fbb9db79c&cmpid=30516&uid=17660994&conv_source=zeta&bt_ee=0kjFc1v29coZA7wPZ%2BOPrI6th3ZomKd2hhWdoVrPQMnlJxFjphI%2Fs1AvDV6Tqp%2F9&bt_ts=1684859488590&__cf_chl_rt_tk=PDMEMe4hLWPqfvQzTwUMGr3daRraA0Evy7WfHw1qKb4-1684865934-0-gaNycGzNDvs
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Tue, 23 May 2023 18:18:54 GMT
x-content-type-options
nosniff
last-modified
Thu, 18 May 2023 12:46:56 GMT
server
cloudflare
etag
"64661e40-2a"
x-frame-options
DENY
vary
Accept-Encoding
content-type
image/gif
cache-control
max-age=7200, public
accept-ranges
bytes
cf-ray
7cbf4dda6f432c65-FRA
content-length
42
expires
Tue, 23 May 2023 20:18:54 GMT
api.js
challenges.cloudflare.com/turnstile/v0/g/7fe8adc8/ 		15 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://challenges.cloudflare.com/turnstile/v0/g/7fe8adc8/api.js?onload=_cf_chl_turnstile_l&render=explicit
Requested by
Host: www.plumbenefits.com
URL: https://www.plumbenefits.com/cdn-cgi/challenge-platform/h/g/orchestrate/managed/v1?ray=7cbf4dd9f9753820
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:6b9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
51957b7f445f96a4f027db0a264c33904aaa9cd1ef944148008e41d54d4f8f0c

Request headers

Referer
Origin
https://www.plumbenefits.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Tue, 23 May 2023 18:18:54 GMT
content-encoding
br
server
cloudflare
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=31536000
cf-ray
7cbf4ddaefd19170-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
favicon.ico
www.plumbenefits.com/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.plumbenefits.com/favicon.ico
Requested by
Host: www.plumbenefits.com
URL: https://www.plumbenefits.com/pages.php?sub=all-theme-parks-attractions&utm_campaign=Nav-theme-park-attraction&utm_medium=May-23-2023-Disney-Destinations-WDW&utm_source=Email&frombulletin=1&clthash=fe3f49e5e951eccb6bd74d03a21c091fbb9db79c&cmpid=30516&uid=17660994&conv_source=zeta&bt_ee=0kjFc1v29coZA7wPZ%2BOPrI6th3ZomKd2hhWdoVrPQMnlJxFjphI%2Fs1AvDV6Tqp%2F9&bt_ts=1684859488590
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.16.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1be78528c04c94d5c8ec73e78bc686a60f1c7ea46991fdd331614968467f76f6
Security Headers
Name Value
Strict-Transport-Security max-age=5184000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.plumbenefits.com/pages.php?sub=all-theme-parks-attractions&utm_campaign=Nav-theme-park-attraction&utm_medium=May-23-2023-Disney-Destinations-WDW&utm_source=Email&frombulletin=1&clthash=fe3f49e5e951eccb6bd74d03a21c091fbb9db79c&cmpid=30516&uid=17660994&conv_source=zeta&bt_ee=0kjFc1v29coZA7wPZ%2BOPrI6th3ZomKd2hhWdoVrPQMnlJxFjphI%2Fs1AvDV6Tqp%2F9&bt_ts=1684859488590
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Tue, 23 May 2023 18:18:54 GMT
strict-transport-security
max-age=5184000; includeSubDomains
x-content-type-options
nosniff
content-encoding
br
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
same-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
referrer-policy
same-origin
server
cloudflare
cross-origin-opener-policy
same-origin
cf-mitigated
challenge
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/html; charset=UTF-8
cache-control
private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
permissions-policy
accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
cf-ray
7cbf4ddacfd22c65-FRA
expires
Thu, 01 Jan 1970 00:00:01 GMT
truncated
/ 		586 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
fc95732d9ff3b17fcb3e64fd12c0d451c38e64e1a4b420c556a7feb756a0a3fa

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Content-Type
image/png
cc630d86222f95a
www.plumbenefits.com/cdn-cgi/challenge-platform/h/g/flow/ov1/659963465:1684863209:BpBPTFrKy0jhPQ5BhUxZRXS-fiiJn4zJvpY9u765udM/7cbf4dd9f9753820/ 		93 KB
53 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.plumbenefits.com/cdn-cgi/challenge-platform/h/g/flow/ov1/659963465:1684863209:BpBPTFrKy0jhPQ5BhUxZRXS-fiiJn4zJvpY9u765udM/7cbf4dd9f9753820/cc630d86222f95a
Requested by
Host: www.plumbenefits.com
URL: https://www.plumbenefits.com/cdn-cgi/challenge-platform/h/g/orchestrate/managed/v1?ray=7cbf4dd9f9753820
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.16.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2a8531c23631d2d231454885d81a5f6c9ab477037194dc46ccffbf60e744c7c0
Security Headers
Name Value
Strict-Transport-Security max-age=5184000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://www.plumbenefits.com/pages.php?sub=all-theme-parks-attractions&utm_campaign=Nav-theme-park-attraction&utm_medium=May-23-2023-Disney-Destinations-WDW&utm_source=Email&frombulletin=1&clthash=fe3f49e5e951eccb6bd74d03a21c091fbb9db79c&cmpid=30516&uid=17660994&conv_source=zeta&bt_ee=0kjFc1v29coZA7wPZ%2BOPrI6th3ZomKd2hhWdoVrPQMnlJxFjphI%2Fs1AvDV6Tqp%2F9&bt_ts=1684859488590
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
CF-Challenge
cc630d86222f95a
Content-type
application/x-www-form-urlencoded

Response headers

date
Tue, 23 May 2023 18:18:54 GMT
strict-transport-security
max-age=5184000; includeSubDomains
x-content-type-options
nosniff
cf_chl_gen
dtK3w79AqAg6kwOYXGMt/URsg69ltBKDnMibQkUNRAGVJbtJOQdn6Sl/phHokvX2UhXiAVdecSe9EbAE+i+dI5FBtAi3DE48NnGfbrhnpQ4T2ILVqNMeUG3JeesYJTC6eS9Y5ctlxMCtMBiFG1+FsNlpx0pPUipSCMWKW+6uYPPMD1WJ4uun/WolQYEF3eYU60+07fzSxyOlmiRFdyq25j/FuFx0Q6jtOvVe7tkrpQcAqv/EpQsU7KR45lPbHXjOdFz4uw7eSvB4WCpepYK3BPcPVg/CGsjMU2kgd4c+E4cF5jsgvOwa56Zn0MiQsb/nI6YpZfMN+33CZgLdh1i3sIsr75sUm5kUJ4YnI43HTPy6NpQ1EXB6pyX3HzAEsF3OPuzZ5bzWOvq8zkoZ25uVIyX76QuSzyQc5fxaTmJcsh9Wcd8Ic79+zxa9ESl9EibSR8NQgXeilIHlzLHAEH/TxzqIiScTtzep0ZOjmYCNs/L7MHhuWX66EBD+il+6xc90$Gmw9eVFNkpWBt05Sdklq7g==
content-encoding
br
server
cloudflare
content-type
text/plain; charset=UTF-8
cf-ray
7cbf4ddb78b92c65-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
5PvU0lUZgUChgUF
www.plumbenefits.com/cdn-cgi/challenge-platform/h/g/img/7cbf4dd9f9753820/1684865934649/ 		61 B
195 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.plumbenefits.com/cdn-cgi/challenge-platform/h/g/img/7cbf4dd9f9753820/1684865934649/5PvU0lUZgUChgUF
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.16.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
63cf0682b9d3bff36b3388e7ffac4f718dc94fb3d6909de5e2f33b2b0bb381d0
Security Headers
Name Value
Strict-Transport-Security max-age=5184000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.plumbenefits.com/pages.php?sub=all-theme-parks-attractions&utm_campaign=Nav-theme-park-attraction&utm_medium=May-23-2023-Disney-Destinations-WDW&utm_source=Email&frombulletin=1&clthash=fe3f49e5e951eccb6bd74d03a21c091fbb9db79c&cmpid=30516&uid=17660994&conv_source=zeta&bt_ee=0kjFc1v29coZA7wPZ%2BOPrI6th3ZomKd2hhWdoVrPQMnlJxFjphI%2Fs1AvDV6Tqp%2F9&bt_ts=1684859488590
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Tue, 23 May 2023 18:18:54 GMT
strict-transport-security
max-age=5184000; includeSubDomains
x-content-type-options
nosniff
server
cloudflare
cf-ray
7cbf4ddc19532c65-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-type
image/png
da48483d-389b-4b14-b8b7-5da78787c9e5
https://www.plumbenefits.com/ 		220 B
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://www.plumbenefits.com/da48483d-389b-4b14-b8b7-5da78787c9e5
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d6b64601f895bed389aa525bed33990514b3ea089b51569aaf245f9479caeac8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.plumbenefits.com/pages.php?sub=all-theme-parks-attractions&utm_campaign=Nav-theme-park-attraction&utm_medium=May-23-2023-Disney-Destinations-WDW&utm_source=Email&frombulletin=1&clthash=fe3f49e5e951eccb6bd74d03a21c091fbb9db79c&cmpid=30516&uid=17660994&conv_source=zeta&bt_ee=0kjFc1v29coZA7wPZ%2BOPrI6th3ZomKd2hhWdoVrPQMnlJxFjphI%2Fs1AvDV6Tqp%2F9&bt_ts=1684859488590
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Content-Length
220
Content-Type
application/javascript
3f7b09c1-b3ac-4aab-8c76-708b606010a9
https://www.plumbenefits.com/ 		539 B
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://www.plumbenefits.com/3f7b09c1-b3ac-4aab-8c76-708b606010a9
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
08c91791d18c8b35509f8951ba53b3868ebc91a142f78fb1294aadad03f537c8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.plumbenefits.com/pages.php?sub=all-theme-parks-attractions&utm_campaign=Nav-theme-park-attraction&utm_medium=May-23-2023-Disney-Destinations-WDW&utm_source=Email&frombulletin=1&clthash=fe3f49e5e951eccb6bd74d03a21c091fbb9db79c&cmpid=30516&uid=17660994&conv_source=zeta&bt_ee=0kjFc1v29coZA7wPZ%2BOPrI6th3ZomKd2hhWdoVrPQMnlJxFjphI%2Fs1AvDV6Tqp%2F9&bt_ts=1684859488590
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Content-Length
539
Content-Type
text/javascript
Xj5anMdh2kNZelV
www.plumbenefits.com/cdn-cgi/challenge-platform/h/g/pat/7cbf4dd9f9753820/1684865934654/f166f18e93a20a56fac19a1ff017d42d4e4d233189adbc67d83be43f448d4731/ 		1 B
672 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.plumbenefits.com/cdn-cgi/challenge-platform/h/g/pat/7cbf4dd9f9753820/1684865934654/f166f18e93a20a56fac19a1ff017d42d4e4d233189adbc67d83be43f448d4731/Xj5anMdh2kNZelV
Requested by
Host: www.plumbenefits.com
URL: https://www.plumbenefits.com/pages.php?sub=all-theme-parks-attractions&utm_campaign=Nav-theme-park-attraction&utm_medium=May-23-2023-Disney-Destinations-WDW&utm_source=Email&frombulletin=1&clthash=fe3f49e5e951eccb6bd74d03a21c091fbb9db79c&cmpid=30516&uid=17660994&conv_source=zeta&bt_ee=0kjFc1v29coZA7wPZ%2BOPrI6th3ZomKd2hhWdoVrPQMnlJxFjphI%2Fs1AvDV6Tqp%2F9&bt_ts=1684859488590
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.16.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6da43b944e494e885e69af021f93c6d9331c78aa228084711429160a5bbd15b5
Security Headers
Name Value
Strict-Transport-Security max-age=5184000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.plumbenefits.com/pages.php?sub=all-theme-parks-attractions&utm_campaign=Nav-theme-park-attraction&utm_medium=May-23-2023-Disney-Destinations-WDW&utm_source=Email&frombulletin=1&clthash=fe3f49e5e951eccb6bd74d03a21c091fbb9db79c&cmpid=30516&uid=17660994&conv_source=zeta&bt_ee=0kjFc1v29coZA7wPZ%2BOPrI6th3ZomKd2hhWdoVrPQMnlJxFjphI%2Fs1AvDV6Tqp%2F9&bt_ts=1684859488590
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Tue, 23 May 2023 18:18:56 GMT
strict-transport-security
max-age=5184000; includeSubDomains
www-authenticate
PrivateToken challenge=AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20g8WbxjpOiClb6wZof8BfULU5NIzGJrbxn2DvkP0SNRzEAFHd3dy5wbHVtYmVuZWZpdHMuY29t, token-key=MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAySgKXvR721O-HwSCp6BF8TeuHicxXGVHXJN4EB8npTqPvHY_3JsFIv19McA1L_Hls3UzYxU0XpOgHKAk34hMPkndSXxOerIbkadB_CcGCGM3mS-MrXbJiPIuFgBG1c4mu9avO3K1PWqsKlOpNbqr3V0u4BiLmYsxv7KoBsqjvx76B8USG1V2-VBOhuDmcIwSxzaawL3Rm_dqQHqe805K_T89EWQFXwEL50CjRQCJvBgvj77mAuVESaB4GPQeDcPqKSlZ4wfa6jcuT9Va-g7stXB7YRLo2TZxdG5n_1yP6-jhXLmQ7q5ijd4DKvWX_BNTIc_g3efHdgEFkfHiizu1qwIDAQAB, max-age=20
x-content-type-options
nosniff
server
cloudflare
content-type
text/plain; charset=UTF-8
cf-ray
7cbf4de4de7f2c65-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cc630d86222f95a
www.plumbenefits.com/cdn-cgi/challenge-platform/h/g/flow/ov1/659963465:1684863209:BpBPTFrKy0jhPQ5BhUxZRXS-fiiJn4zJvpY9u765udM/7cbf4dd9f9753820/ 		6 KB
5 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.plumbenefits.com/cdn-cgi/challenge-platform/h/g/flow/ov1/659963465:1684863209:BpBPTFrKy0jhPQ5BhUxZRXS-fiiJn4zJvpY9u765udM/7cbf4dd9f9753820/cc630d86222f95a
Requested by
Host: www.plumbenefits.com
URL: https://www.plumbenefits.com/cdn-cgi/challenge-platform/h/g/orchestrate/managed/v1?ray=7cbf4dd9f9753820
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.16.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d3d9616c9d56dd9e0f62c3a44b1b28e7303f431eb1445ee62756c17cc16604d8
Security Headers
Name Value
Strict-Transport-Security max-age=5184000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://www.plumbenefits.com/pages.php?sub=all-theme-parks-attractions&utm_campaign=Nav-theme-park-attraction&utm_medium=May-23-2023-Disney-Destinations-WDW&utm_source=Email&frombulletin=1&clthash=fe3f49e5e951eccb6bd74d03a21c091fbb9db79c&cmpid=30516&uid=17660994&conv_source=zeta&bt_ee=0kjFc1v29coZA7wPZ%2BOPrI6th3ZomKd2hhWdoVrPQMnlJxFjphI%2Fs1AvDV6Tqp%2F9&bt_ts=1684859488590
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
CF-Challenge
cc630d86222f95a
Content-type
application/x-www-form-urlencoded

Response headers

date
Tue, 23 May 2023 18:18:56 GMT
strict-transport-security
max-age=5184000; includeSubDomains
x-content-type-options
nosniff
cf_chl_gen
9phIm4ExarhTQi20oMWYuX7qXcXAObjkyXZ0P6kBf9porHUcJj131/vzgl0Dkc4i$SOf8155VHjEVO1s0/buI+Q==
content-encoding
br
server
cloudflare
content-type
text/plain; charset=UTF-8
cf-ray
7cbf4de6181c2c65-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
normal
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/1z9na/0x4AAAAAAAAjq6WYeRDKmebM/light/ Frame 6D19 		22 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/1z9na/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Requested by
Host: challenges.cloudflare.com
URL: https://challenges.cloudflare.com/turnstile/v0/g/7fe8adc8/api.js?onload=_cf_chl_turnstile_l&render=explicit
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:6b9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
54b3da6f4fd65cb41916066592eaf95e39d81350c243babff5045859c3b333e2

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
max-age=0, must-revalidate
cf-ray
7cbf4de6b8253a72-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
cross-origin
date
Tue, 23 May 2023 18:18:56 GMT
document-policy
js-profiling
permissions-policy
accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy
same-origin
server
cloudflare
truncated
/ 		187 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4ddc1e33de02a96249bf85fc7b16e669317a81d8e2fc403ddb1ded6c465dd578

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Content-Type
image/png
v1
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/ Frame 6D19 		156 KB
56 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=7cbf4de6b8253a72
Requested by
Host: challenges.cloudflare.com
URL: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/1z9na/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:6b9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9d407ae06a8f825faf3ac14aab77edc96b2461638f1ac33856916f20d04c9545

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/1z9na/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Tue, 23 May 2023 18:18:56 GMT
cache-control
max-age=0, must-revalidate
content-encoding
br
server
cloudflare
cf-ray
7cbf4de769803a72-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-type
application/javascript; charset=UTF-8
0f972b7ac88c63e
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/720545660:1684863278:dFK9LcXZbQX5KBNNy1yZnahd6GAk0QpWUIRafR41ykM/7cbf4de6b8253a72/ Frame 6D19 		81 KB
46 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/720545660:1684863278:dFK9LcXZbQX5KBNNy1yZnahd6GAk0QpWUIRafR41ykM/7cbf4de6b8253a72/0f972b7ac88c63e
Requested by
Host: challenges.cloudflare.com
URL: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=7cbf4de6b8253a72
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:6b9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0bdbc0f2ff770f98506a877dc353850422a0a57745a35da0146f02b7e337ca08

Request headers

Referer
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/1z9na/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
CF-Challenge
0f972b7ac88c63e
Content-type
application/x-www-form-urlencoded

Response headers

date
Tue, 23 May 2023 18:18:56 GMT
content-encoding
br
cf_chl_gen
OuWuWInkYDdx0MCzaFLlyKsOSJZOnczaqB+qDOTReogDRYn+E+WmJ9Qv1OpXjBmpZtUX9iOjyZL8dyeQ3N/LLDFdJx2m6+9FJbXHlC5nTiR4Km6pTEZEwZBOg4FX6eJbGijeOLgQ7mja/odPVCGxcPkq0q/uuS1nlqnaLsXG3s50X81gVFU5MfUMm2kE4elQ/cr+eIeMaH/MDMTpi10EmT1bCm6w3/bv7ZZbxHI90jnljfTc19PAIF2xuUmwZbq9KqvJ5zF4aqnT1YPGf53+hrVR6N/LbU3kH1YIWTyqWY2FDLYBwjGt+r57XzhOpHmEsklIMqOb/jIXOjmhYakwRM5V9lidafsNxYf7I0O2jbPYBwM1KrvN+7uxXrvHD9o/VCy9QwdAhtJr+PsWL9PseRf19efV6DD5uxN73IyMXKQ+ZLbF6W8xwXg/WUnZsht2bcDUdI9DC/Br7sCK+YJsyw==$h8ev2z2SgJGUQWfXQ5KJJA==
server
cloudflare
cf-ray
7cbf4de89b013a72-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-type
text/plain; charset=UTF-8
9upKJRz0udyEvMJ
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/img/7cbf4de6b8253a72/1684865936748/ Frame 6D19 		61 B
166 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/img/7cbf4de6b8253a72/1684865936748/9upKJRz0udyEvMJ
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:6b9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
029e6347e8e1164761251a2459b8f80f677f1894bfb103efe4b32da1abf54368

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/1z9na/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Tue, 23 May 2023 18:18:56 GMT
server
cloudflare
cf-ray
7cbf4de92bcd3a72-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-type
image/png
899ae5e4-15fd-483f-883e-366b58165a8f
https://challenges.cloudflare.com/ Frame 6D19 		539 B
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://challenges.cloudflare.com/899ae5e4-15fd-483f-883e-366b58165a8f
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
08c91791d18c8b35509f8951ba53b3868ebc91a142f78fb1294aadad03f537c8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/1z9na/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Content-Length
539
Content-Type
text/javascript
68dbc18b-f359-4297-9527-07d988cbaf54
https://challenges.cloudflare.com/ Frame 6D19 		220 B
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://challenges.cloudflare.com/68dbc18b-f359-4297-9527-07d988cbaf54
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d6b64601f895bed389aa525bed33990514b3ea089b51569aaf245f9479caeac8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/1z9na/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Content-Length
220
Content-Type
application/javascript
XZM2tXvvA28uiWY
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/7cbf4de6b8253a72/1684865936752/bd2292495dbcad0b283ee4e4e66023a4ffb79261258c121872b12e710242227b/ Frame 6D19 		1 B
649 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/7cbf4de6b8253a72/1684865936752/bd2292495dbcad0b283ee4e4e66023a4ffb79261258c121872b12e710242227b/XZM2tXvvA28uiWY
Requested by
Host: www.plumbenefits.com
URL: https://www.plumbenefits.com/pages.php?sub=all-theme-parks-attractions&utm_campaign=Nav-theme-park-attraction&utm_medium=May-23-2023-Disney-Destinations-WDW&utm_source=Email&frombulletin=1&clthash=fe3f49e5e951eccb6bd74d03a21c091fbb9db79c&cmpid=30516&uid=17660994&conv_source=zeta&bt_ee=0kjFc1v29coZA7wPZ%2BOPrI6th3ZomKd2hhWdoVrPQMnlJxFjphI%2Fs1AvDV6Tqp%2F9&bt_ts=1684859488590
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:6b9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6da43b944e494e885e69af021f93c6d9331c78aa228084711429160a5bbd15b5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/1z9na/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Tue, 23 May 2023 18:18:57 GMT
www-authenticate
PrivateToken challenge=AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20gvSKSSV28rQsoPuTk5mAjpP-3kmEljBIYcrEucQJCInsAGWNoYWxsZW5nZXMuY2xvdWRmbGFyZS5jb20=, token-key=MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAySgKXvR721O-HwSCp6BF8TeuHicxXGVHXJN4EB8npTqPvHY_3JsFIv19McA1L_Hls3UzYxU0XpOgHKAk34hMPkndSXxOerIbkadB_CcGCGM3mS-MrXbJiPIuFgBG1c4mu9avO3K1PWqsKlOpNbqr3V0u4BiLmYsxv7KoBsqjvx76B8USG1V2-VBOhuDmcIwSxzaawL3Rm_dqQHqe805K_T89EWQFXwEL50CjRQCJvBgvj77mAuVESaB4GPQeDcPqKSlZ4wfa6jcuT9Va-g7stXB7YRLo2TZxdG5n_1yP6-jhXLmQ7q5ijd4DKvWX_BNTIc_g3efHdgEFkfHiizu1qwIDAQAB, max-age=20
server
cloudflare
cf-ray
7cbf4decf9253a72-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-type
text/plain; charset=UTF-8
0f972b7ac88c63e
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/720545660:1684863278:dFK9LcXZbQX5KBNNy1yZnahd6GAk0QpWUIRafR41ykM/7cbf4de6b8253a72/ Frame 6D19 		10 KB
8 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/720545660:1684863278:dFK9LcXZbQX5KBNNy1yZnahd6GAk0QpWUIRafR41ykM/7cbf4de6b8253a72/0f972b7ac88c63e
Requested by
Host: challenges.cloudflare.com
URL: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=7cbf4de6b8253a72
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:6b9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5397b9f59de58930a8630d96da98b0f4c7efafe1746e34fc6a9b1a51af8a6f16

Request headers

Referer
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/1z9na/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
CF-Challenge
0f972b7ac88c63e
Content-type
application/x-www-form-urlencoded

Response headers

date
Tue, 23 May 2023 18:18:57 GMT
content-encoding
br
cf_chl_gen
4DZfiRASO4lLLFjr5SMRUw+i0s8kFvqqsjYKpMYyD37l9O+TH53beRY3KTVkEfBD$q06FwL+jXybW7/L4okfzaQ==
server
cloudflare
cf-ray
7cbf4dedca553a72-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-type
text/plain; charset=UTF-8

Verdicts & Comments Add Verdict or Comment

16 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 boolean| credentialless object| _cf_chl_opt function| _cf_chl_preload function| _cf_chl_enter boolean| _cf_chl_done_ran function| _cf_chl_done function| _cf_chl_turnstile_l function| sendRequest function| SHA256 object| _cf_chl_ctx string| prefix object| turnstile boolean| _cf_chl_turnstile_loaded object| _ undefined| _cf_gcr

1 Cookies

Domain/Path Name / Value
.plumbenefits.com/ Name: __cf_bm
Value: cqZh1l4aumiZvaUy.7SuQkbSWLWmmXHqTdqvRSxUXxo-1684865934-0-Ad3N9shKyK++M2FuVeUTPe5/bt+nBtQkcjKeLOCJ9RTgGnuItEzTrOhOADKTa15FSKPlua4RP8eKRCLGCBrM4Z8=

6 Console Messages

Source Level URL
Text
security warning
Message:
Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'interest-cohort'.
network error URL: https://www.plumbenefits.com/pages.php?sub=all-theme-parks-attractions&utm_campaign=Nav-theme-park-attraction&utm_medium=May-23-2023-Disney-Destinations-WDW&utm_source=Email&frombulletin=1&clthash=fe3f49e5e951eccb6bd74d03a21c091fbb9db79c&cmpid=30516&uid=17660994&conv_source=zeta&bt_ee=0kjFc1v29coZA7wPZ%2BOPrI6th3ZomKd2hhWdoVrPQMnlJxFjphI%2Fs1AvDV6Tqp%2F9&bt_ts=1684859488590
Message:
Failed to load resource: the server responded with a status of 403 ()
network error URL: https://www.plumbenefits.com/favicon.ico
Message:
Failed to load resource: the server responded with a status of 403 ()
network error URL: https://www.plumbenefits.com/cdn-cgi/challenge-platform/h/g/pat/7cbf4dd9f9753820/1684865934654/f166f18e93a20a56fac19a1ff017d42d4e4d233189adbc67d83be43f448d4731/Xj5anMdh2kNZelV
Message:
Failed to load resource: the server responded with a status of 401 ()
security warning
Message:
Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'interest-cohort'.
network error URL: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/7cbf4de6b8253a72/1684865936752/bd2292495dbcad0b283ee4e4e66023a4ffb79261258c121872b12e710242227b/XZM2tXvvA28uiWY
Message:
Failed to load resource: the server responded with a status of 401 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=5184000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

challenges.cloudflare.com
e.email.plumbenefits.com
www.plumbenefits.com
104.18.16.48
2606:4700::6812:6b9
96.47.20.26
029e6347e8e1164761251a2459b8f80f677f1894bfb103efe4b32da1abf54368
08c91791d18c8b35509f8951ba53b3868ebc91a142f78fb1294aadad03f537c8
0bdbc0f2ff770f98506a877dc353850422a0a57745a35da0146f02b7e337ca08
1be78528c04c94d5c8ec73e78bc686a60f1c7ea46991fdd331614968467f76f6
2a8531c23631d2d231454885d81a5f6c9ab477037194dc46ccffbf60e744c7c0
2b0bd09c1cc7119d27e45353a59bf6c2721563e1689853ff704057a7439508d2
4ddc1e33de02a96249bf85fc7b16e669317a81d8e2fc403ddb1ded6c465dd578
51957b7f445f96a4f027db0a264c33904aaa9cd1ef944148008e41d54d4f8f0c
5397b9f59de58930a8630d96da98b0f4c7efafe1746e34fc6a9b1a51af8a6f16
54b3da6f4fd65cb41916066592eaf95e39d81350c243babff5045859c3b333e2
63cf0682b9d3bff36b3388e7ffac4f718dc94fb3d6909de5e2f33b2b0bb381d0
6da43b944e494e885e69af021f93c6d9331c78aa228084711429160a5bbd15b5
8a37c9feb5007e62438bb5796873f09868038a81bf10441aa1b46f1448850eaa
9d407ae06a8f825faf3ac14aab77edc96b2461638f1ac33856916f20d04c9545
d3d9616c9d56dd9e0f62c3a44b1b28e7303f431eb1445ee62756c17cc16604d8
d6b64601f895bed389aa525bed33990514b3ea089b51569aaf245f9479caeac8
eab6d410d198f49fa12bb4a81657b1b536a8a01894a2900f9574d9723080bc04
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
fc95732d9ff3b17fcb3e64fd12c0d451c38e64e1a4b420c556a7feb756a0a3fa