marketing.beneplace.com/acton/ct/4326/s-1e88-2307/Bct/q-3eaa/e-3da9-l-338f:3415af/ct3_0/1/lu?sid=TV2:orGKhisrb
207.189.124.33 0 B URL marketing.beneplace.com/acton/ct/4326/s-1e88-2307/Bct/q-3eaa/e-3da9-l-338f:3415af/ct3_0/1/lu?sid=TV2:orGKhisrb
IP 207.189.124.33:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /acton/ct/4326/s-1e88-2307/Bct/q-3eaa/e-3da9-l-338f:3415af/ct3_0/1/lu?sid=TV2:orGKhisrb HTTP/1.1
Host: marketing.beneplace.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302
Set-Cookie: wp4326="XWVZDL-WKHC-s-WWBM:WXUYHMDtlnDl-ULBB-VWTADDDUCWCJKADgNssDDLFl-ULBB-VWTAFJmW_T^UATUZYXATWD"; Max-Age=31536000; SameSite=None; Secure; Domain=.beneplace.com; Version=1; Path=/
P3P: CP="ALL CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://harmac.savings.workingadvantage.com/my-profile/details
Content-Length: 0
Date: Mon, 04 Dec 2023 01:51:43 GMT
Keep-Alive: timeout=10
Connection: keep-alive
Strict-Transport-Security: max-age=16070400
cdnjs.cloudflare.com/ajax/libs/web-animations/2.3.1/web-animations.min.js
104.17.25.14200 OK 14 kB URL GET HTTP/3 cdnjs.cloudflare.com/ajax/libs/web-animations/2.3.1/web-animations.min.js
IP 104.17.25.14:443
Requested by https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File type ASCII text, with very long lines (47169)
Hash f689a668b5c6078984b93b9f59793c90
83042534752a6d9b0a4a086517e19230416feba4
cbb3c795fd44c83a1200149b18e0df050fe228df4b5b03891373029117d8bd6b
GET /ajax/libs/web-animations/2.3.1/web-animations.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://harmac.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 01:51:44 GMT
content-type: application/javascript; charset=utf-8
content-length: 13763
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb0402f-bad6"
last-modified: Mon, 04 May 2020 16:17:51 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 681559
expires: Sat, 23 Nov 2024 01:51:44 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GJYhD17YD7kl1CvcTeXBMf9Uy7%2B5bajpiROIZppZ4FD6TyR5h8xmljOb4F4KXTH%2B%2FstTBIv179wFPc%2BHuedok8Fg4WCW8RK6jzPuDBCV77w8LuhUnSfBnEEYkol2JRklD9vcxFPI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 830067ef4cdeb50f-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/launch-a0e5cece2585.min.js
2.18.172.233200 OK 154 kB URL GET HTTP/2 assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/launch-a0e5cece2585.min.js
IP 2.18.172.233:443
Requested by https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate IssuerDigiCert Inc
Subjectassets.adobedtm.com
Fingerprint8E:2F:9F:94:55:93:C2:B5:58:37:E8:D3:02:3C:23:AF:BA:E7:1D:EA
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sat, 10 Aug 2024 23:59:59 GMT
File type ASCII text, with very long lines (32742)
Size 154 kB (154411 bytes)
Hash 9f22d37eff0340108e8e839a349263cc
0cabbc873195e92a33ed4694d49048ef05f52eee
47212462490d0b8fbf15a409fd8a79bd1a1f37c93790055517c1dc629bc9082f
GET /a281455e4dfe/86f9b29df5eb/launch-a0e5cece2585.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://harmac.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "9f22d37eff0340108e8e839a349263cc:1700230291.849047"
last-modified: Fri, 17 Nov 2023 14:11:31 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=3600
expires: Mon, 04 Dec 2023 02:51:44 GMT
date: Mon, 04 Dec 2023 01:51:44 GMT
content-length: 154411
access-control-allow-origin: https://harmac.savings.workingadvantage.com
timing-allow-origin: *
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/css/bootstrap.min.css
151.101.193.229200 OK 26 kB URL GET HTTP/2 cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/css/bootstrap.min.css
IP 151.101.193.229:443
Requested by https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT
File type ASCII text, with very long lines (65326)
Hash 023b3876bb73aa541367fc40a193d2b7
8ed2d6350d23f857d92805737d0f97c675de666b
f77c0d1739b618edc4a01ca3f6b2990b01a3009030af49ee8cf68e83052df194
GET /npm/bootstrap@4.5.3/dist/css/bootstrap.min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://harmac.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://harmac.savings.workingadvantage.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 4.5.3
x-jsd-version-type: version
etag: W/"27288-jtLWNQ0j+FfZKAVzfQ+XxnXeZms"
content-encoding: br
accept-ranges: bytes
date: Mon, 04 Dec 2023 01:51:44 GMT
age: 21968415
x-served-by: cache-fra-eddf8230071-FRA, cache-bma1646-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 26099
X-Firefox-Spdy: h2
maps.googleapis.com/maps/api/js?client=gme-entertainmentbenefits&libraries=places
142.250.74.74200 OK 66 kB URL GET HTTP/3 maps.googleapis.com/maps/api/js?client=gme-entertainmentbenefits&libraries=places
IP 142.250.74.74:443
Requested by https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type ASCII text, with very long lines (2928)
Hash 59b64ce85b33a556c7372400096319f0
2150f1e1e4132e89bb0859d74e8c6468e981bef4
6bc8edf20fa26484c5a1e9a7e825ca66b5aa394a827f204dd9b6860e7d3ed264
GET /maps/api/js?client=gme-entertainmentbenefits&libraries=places HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://harmac.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
cross-origin-resource-policy: cross-origin
cache-control: public, max-age=1800
timing-allow-origin: *
vary: Accept-Language, Origin, X-Origin, Referer
content-type: text/javascript; charset=UTF-8
content-encoding: gzip
date: Mon, 04 Dec 2023 01:51:44 GMT
server: scaffolding on HTTPServer2
content-length: 65931
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement.min.js
2.18.172.233200 OK 12 kB URL GET HTTP/2 assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement.min.js
IP 2.18.172.233:443
Requested by https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate IssuerDigiCert Inc
Subjectassets.adobedtm.com
Fingerprint8E:2F:9F:94:55:93:C2:B5:58:37:E8:D3:02:3C:23:AF:BA:E7:1D:EA
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sat, 10 Aug 2024 23:59:59 GMT
File type ASCII text, with very long lines (32768)
Hash d860c16ac938f7d839f0ec158d02d0f0
8710f81ed151233677f7e32b229cb35293dd6840
9219086b4f2c3bf77854b2e06ccd97ad32b9b7a140e65ff8b974a3bae6c7854c
GET /extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://harmac.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "d860c16ac938f7d839f0ec158d02d0f0:1644856531.418573"
last-modified: Mon, 14 Feb 2022 16:35:31 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 12163
x-akamai-ew-subworker: 8096267
expires: Mon, 04 Dec 2023 02:51:44 GMT
date: Mon, 04 Dec 2023 01:51:44 GMT
cache-control: no-cache
access-control-allow-origin: https://harmac.savings.workingadvantage.com
timing-allow-origin: *
X-Firefox-Spdy: h2
assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement_Module_ActivityMap.min.js
2.18.172.233200 OK 1.6 kB URL GET HTTP/2 assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement_Module_ActivityMap.min.js
IP 2.18.172.233:443
Requested by https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate IssuerDigiCert Inc
Subjectassets.adobedtm.com
Fingerprint8E:2F:9F:94:55:93:C2:B5:58:37:E8:D3:02:3C:23:AF:BA:E7:1D:EA
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sat, 10 Aug 2024 23:59:59 GMT
File type ASCII text, with very long lines (3155)
Hash 2d1382c349d480b6b41574ac0c1af066
53ddf017aa6b66b4d54ea0818dc5c04789b9e5ae
462a66acbf50e933685e7587e9f1441df8225b2bb4d6b7bc5e757eccf4ff6575
GET /extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement_Module_ActivityMap.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://harmac.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "2d1382c349d480b6b41574ac0c1af066:1644856531.739514"
last-modified: Mon, 14 Feb 2022 16:35:31 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
x-akamai-ew-subworker: 8096267
content-length: 1597
expires: Mon, 04 Dec 2023 02:51:44 GMT
date: Mon, 04 Dec 2023 01:51:44 GMT
cache-control: no-cache
access-control-allow-origin: https://harmac.savings.workingadvantage.com
timing-allow-origin: *
X-Firefox-Spdy: h2
www.googletagmanager.com/gtm.js?id=GTM-5QN8HWM
142.250.74.168200 OK 79 kB URL GET HTTP/3 www.googletagmanager.com/gtm.js?id=GTM-5QN8HWM
IP 142.250.74.168:443
Requested by https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT
File type ASCII text, with very long lines (19808)
Hash 6d977e6ebfae308c3a521fd20698beb7
87f10b6eaddcddfae5d47e96724830568d7143de
ac1259bf2a748942b749a5a75ed2907232297c9b566a21f535124c298d5c4ef0
GET /gtm.js?id=GTM-5QN8HWM HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://harmac.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 04 Dec 2023 01:51:44 GMT
expires: Mon, 04 Dec 2023 01:51:44 GMT
cache-control: private, max-age=900
last-modified: Mon, 04 Dec 2023 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 79019
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
smetrics.workingadvantage.com/id?d_visid_ver=5.4.0&d_fieldgroup=A&mcorgid=B5F9FF2554F608410A4C98C6%40AdobeOrg&mid=28201712594406624848983761685300558313&cl=157680000&d_coppa=true&ts=1701654710284
63.140.62.22 48 B URL smetrics.workingadvantage.com/id?d_visid_ver=5.4.0&d_fieldgroup=A&mcorgid=B5F9FF2554F608410A4C98C6%40AdobeOrg&mid=28201712594406624848983761685300558313&cl=157680000&d_coppa=true&ts=1701654710284
IP 63.140.62.22:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 775a3f425d1be33011a3fc6111c81966
fb8723a8e841e3865245892dd34a6a197bd9d9c8
e9feb3d4d92b27458644efb8e471429fea484f5251057894499bf07ff432af98
GET /id?d_visid_ver=5.4.0&d_fieldgroup=A&mcorgid=B5F9FF2554F608410A4C98C6%40AdobeOrg&mid=28201712594406624848983761685300558313&cl=157680000&d_coppa=true&ts=1701654710284 HTTP/1.1
Host: smetrics.workingadvantage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://harmac.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://harmac.savings.workingadvantage.com/
Cookie: __cf_bm=Z1lUxOL3voxfctmhCnRFNwPwCyQX8TNxj_v0dr3P6hQ-1701654704-0-AZpFiscTnPtW17V4DnPLLAIIbpsEcNfVEbciNs30klHtPOIuKM+RAGoYBf52je3t0iTJaPsmw5zarDmdKCCLnbI=; AMCV_B5F9FF2554F608410A4C98C6%40AdobeOrg=1176715910%7CMCIDTS%7C19696%7CMCMID%7C28201712594406624848983761685300558313%7CvVersion%7C5.4.0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-origin: https://harmac.savings.workingadvantage.com
access-control-allow-credentials: true
date: Mon, 04 Dec 2023 01:51:44 GMT
p3p: CP="This is not a P3P policy"
server: jag
set-cookie: s_ecid=MCMID%7C28201712594406624848983761685300558313; Path=/; Domain=workingadvantage.com; Max-Age=157680000; Expires=Sat, 02 Dec 2028 01:51:51 GMT; SameSite=Lax;
vary: Origin
content-type: application/x-javascript;charset=utf-8
content-length: 48
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2
maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true
142.250.74.74200 OK 23 B URL GET HTTP/3 maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true
IP 142.250.74.74:443
Requested by https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type JSON data\012- , ASCII text
Hash 8a80554c91d9fca8acb82f023de02f11
5f36b2ea290645ee34d943220a14b54ee5ea5be5
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
GET /maps/api/mapsjs/gen_204?csp_test=true HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://harmac.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://harmac.savings.workingadvantage.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/json; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Mon, 04 Dec 2023 01:51:45 GMT
server: scaffolding on HTTPServer2
cache-control: private
content-length: 23
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://harmac.savings.workingadvantage.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXiWtFCc.woff2
142.250.74.67200 OK 14 kB URL GET HTTP/2 fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXiWtFCc.woff2
IP 142.250.74.67:443
Requested by https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type Web Open Font Format (Version 2), TrueType, length 13980, version 1.0\012- data
Hash b7d6b48d8d12946dc808ff39aed6c460
3f18028a04b3fb39bb1cc33dce401d04e9207970
d4ae5188a65370ecfe28f42293bbee8297cfd5712c6aadfdb270d48f2bcd88b0
GET /s/lato/v24/S6uyw4BMUTPHjx4wXiWtFCc.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://harmac.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://harmac.savings.workingadvantage.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 13980
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 01:27:40 GMT
expires: Fri, 29 Nov 2024 01:27:40 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 02 May 2023 15:17:19 GMT
content-type: font/woff2
age: 347045
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
harmac.savings.workingadvantage.com/styles.470895e6035d0005.css
104.18.39.111 110 kB URL harmac.savings.workingadvantage.com/styles.470895e6035d0005.css
IP 104.18.39.111:0
File type ASCII text, with very long lines (65536), with no line terminators
Size 110 kB (110085 bytes)
Hash e5139ecca342c6c60da1c222d8b1c415
3327b2ed795950f5459d82952d7e9c73d59e6a95
7678fff11f92c598d89035e7f1e5ae839902925df05059daa23901b914765975
GET /styles.470895e6035d0005.css HTTP/1.1
Host: harmac.savings.workingadvantage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://harmac.savings.workingadvantage.com/my-profile/details
Cookie: __cf_bm=Z1lUxOL3voxfctmhCnRFNwPwCyQX8TNxj_v0dr3P6hQ-1701654704-0-AZpFiscTnPtW17V4DnPLLAIIbpsEcNfVEbciNs30klHtPOIuKM+RAGoYBf52je3t0iTJaPsmw5zarDmdKCCLnbI=; AMCV_B5F9FF2554F608410A4C98C6%40AdobeOrg=1176715910%7CMCIDTS%7C19696%7CMCMID%7C28201712594406624848983761685300558313%7CvVersion%7C5.4.0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 04 Dec 2023 01:51:45 GMT
content-type: text/css
last-modified: Wed, 29 Nov 2023 02:18:46 GMT
vary: Accept-Encoding
etag: W/"65669f86-187ec"
strict-transport-security: max-age=5184000; includeSubDomains
x-frame-options: DENY
content-security-policy: frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
server: cloudflare
cf-ray: 830067f1dd59712e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
harmac.savings.workingadvantage.com/main.5139e63dcaa68cb8.js
104.18.39.111 1.1 MB URL harmac.savings.workingadvantage.com/main.5139e63dcaa68cb8.js
IP 104.18.39.111:0
File type Unicode text, UTF-8 text, with very long lines (65524), with no line terminators
Size 1.1 MB (1092882 bytes)
Hash 95bfd7911ea2afc23eda60fb065f7fa8
6b39d5dbb053484b6ffa3d36932fcd61744f8c75
e57f1978d4478f1baf0978eb135cbf7da6bc2fb5cef9e0c3b6ef7df8d25f2a26
GET /main.5139e63dcaa68cb8.js HTTP/1.1
Host: harmac.savings.workingadvantage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://harmac.savings.workingadvantage.com/my-profile/details
Cookie: __cf_bm=Z1lUxOL3voxfctmhCnRFNwPwCyQX8TNxj_v0dr3P6hQ-1701654704-0-AZpFiscTnPtW17V4DnPLLAIIbpsEcNfVEbciNs30klHtPOIuKM+RAGoYBf52je3t0iTJaPsmw5zarDmdKCCLnbI=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 04 Dec 2023 01:51:44 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 29 Nov 2023 02:18:46 GMT
vary: Accept-Encoding
etag: W/"65669f86-5058de"
strict-transport-security: max-age=5184000; includeSubDomains
x-frame-options: DENY
content-security-policy: frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
server: cloudflare
cf-ray: 830067ef2b98712e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
live.rezync.com/sync?c=16b6410431b6374e780104abb0443ca8&p=5ef4f9c1e806678f2ab0275df01d5ff4&zmpID=ebg-wag3&cache_buster=1701654711240&k=ebg-wag3-pixel-0988
143.204.55.109 6.4 kB URL live.rezync.com/sync?c=16b6410431b6374e780104abb0443ca8&p=5ef4f9c1e806678f2ab0275df01d5ff4&zmpID=ebg-wag3&cache_buster=1701654711240&k=ebg-wag3-pixel-0988
IP 143.204.55.109:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (2300)
Hash 3e54103a9196fcc32e119f5c143f9fac
382fe8709c9d16b7d8d0655c6bbec59b9e3a8ef8
eb74404037dc26b435cf3604fcdd1a503baf39663d9cf53eb13bedfea68f169b
GET /sync?c=16b6410431b6374e780104abb0443ca8&p=5ef4f9c1e806678f2ab0275df01d5ff4&zmpID=ebg-wag3&cache_buster=1701654711240&k=ebg-wag3-pixel-0988 HTTP/1.1
Host: live.rezync.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://harmac.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/javascript
content-length: 6373
date: Mon, 04 Dec 2023 01:51:45 GMT
set-cookie: zync-uuid=3e2d0cc7-963d-4d35-904e-d72326b695e8:1701654705.9032197; Domain=rezync.com; Expires=Sat, 01 Jun 2024 01:51:45 GMT; Path=/; SameSite=None; Secure
sd-session-id=eyJfcGVybWFuZW50Ijp0cnVlLCJzZXNzaW9uX2lkIjoiM2UyZDBjYzctOTYzZC00ZDM1LTkwNGUtZDcyMzI2YjY5NWU4OjE3MDE2NTQ3MDUuOTAzMjE5NyJ9.ZW0wsQ.T6CQjISnbTzc4-1v-HhO9hXIiMQ; Expires=Sat, 01 Jun 2024 01:51:45 GMT; HttpOnly; Path=/; SameSite=None; Secure
vary: Cookie
accept-ranges: bytes
server: lighttpd/1.4.69
x-cache: Miss from cloudfront
via: 1.1 c9f2a4d2bcd548d1a3cbe1617a22f216.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: WgLeDimhvt-f_KuOZ4fFKsg6S2FJ-CxQa6MALeijFU9bbAH4Vpll3w==
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=DC-12084042
142.250.74.168 70 kB URL www.googletagmanager.com/gtag/js?id=DC-12084042
IP 142.250.74.168:0
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT
File type ASCII text, with very long lines (4179)
Hash ee900f62bacf516a06c227f63eb53123
c4708d12f9a9ae84f3b9864f22cfccca7bcd9cfb
be4a1856d047b5fcaddcc083b33aec16f2ab5a38d3cb41eb6146321d088f6dea
GET /gtag/js?id=DC-12084042 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://harmac.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 04 Dec 2023 01:51:46 GMT
expires: Mon, 04 Dec 2023 01:51:46 GMT
cache-control: private, max-age=900
last-modified: Mon, 04 Dec 2023 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 70480
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
www.googletagmanager.com/gtag/js?id=DC-12084042&l=dataLayer&cx=c
142.250.74.168 71 kB URL www.googletagmanager.com/gtag/js?id=DC-12084042&l=dataLayer&cx=c
IP 142.250.74.168:0
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT
File type ASCII text, with very long lines (4179)
Hash 5315cdc67b3597943503251ebe49aa40
ac32404da6538da32b34e90be778538d64698c5e
9f8d7a9c53dbd950c5c2b6d25285ac3ad903e6d57c41476ef771047af3d13e98
GET /gtag/js?id=DC-12084042&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://harmac.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 04 Dec 2023 01:51:46 GMT
expires: Mon, 04 Dec 2023 01:51:46 GMT
cache-control: private, max-age=900
last-modified: Mon, 04 Dec 2023 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 70554
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cdn.boomtrain.com/p13n/ebg-wag3/p13n.min.js
143.204.55.34 30 kB URL cdn.boomtrain.com/p13n/ebg-wag3/p13n.min.js
IP 143.204.55.34:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 7e025917ec081cb179b24e9b42269588
a6522f88185982ebde143a2b1e399034962c6eba
cd6c50080cda668d0e858886b870ff15124d16be997d5b0d43e97d4788a20879
GET /p13n/ebg-wag3/p13n.min.js HTTP/1.1
Host: cdn.boomtrain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://harmac.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sun, 03 Dec 2023 04:36:21 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: l04UFkooc_cpGNqh.9nfCARIbuQ4HwRZ
Server: AmazonS3
Content-Encoding: gzip
Date: Mon, 04 Dec 2023 01:44:23 GMT
Cache-Control: public, max-age=3600
ETag: W/"7e025917ec081cb179b24e9b42269588"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 71c98156ae29b36a903974f9dd2568f8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: v6FixW-HZYAZA6cQuIyzH5oHHzL3e0yuuZ2Gx0RSPWmdCcEMawoEyA==
Age: 444
people.api.boomtrain.com/identify/resolve?data=eyJjb29raWUiOnsiYnNpbiI6IiJ9LCJxdWVyeXN0cmluZyI6e30sImV4dGVybmFsX2lkcyI6eyJ6eW5jIjoiM2UyZDBjYzctOTYzZC00ZDM1LTkwNGUtZDcyMzI2YjY5NWU4OjE3MDE2NTQ3MDUuOTAzMjE5NyJ9fQ%3D%3D&site_id=ebg-wag3
54.160.104.167 142 B URL people.api.boomtrain.com/identify/resolve?data=eyJjb29raWUiOnsiYnNpbiI6IiJ9LCJxdWVyeXN0cmluZyI6e30sImV4dGVybmFsX2lkcyI6eyJ6eW5jIjoiM2UyZDBjYzctOTYzZC00ZDM1LTkwNGUtZDcyMzI2YjY5NWU4OjE3MDE2NTQ3MDUuOTAzMjE5NyJ9fQ%3D%3D&site_id=ebg-wag3
IP 54.160.104.167:0
File type JSON data\012- , ASCII text
Hash 4227c4060c56e12d6c5c8c94ee853e77
94ff7d761248664e4f2fa2351ea13b3b7394af25
ca5f8ecf7b78744f0c1d03ae602351a69a30924db520f73645df877f6fb1a9ae
GET /identify/resolve?data=eyJjb29raWUiOnsiYnNpbiI6IiJ9LCJxdWVyeXN0cmluZyI6e30sImV4dGVybmFsX2lkcyI6eyJ6eW5jIjoiM2UyZDBjYzctOTYzZC00ZDM1LTkwNGUtZDcyMzI2YjY5NWU4OjE3MDE2NTQ3MDUuOTAzMjE5NyJ9fQ%3D%3D&site_id=ebg-wag3 HTTP/1.1
Host: people.api.boomtrain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://harmac.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://harmac.savings.workingadvantage.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Access-Control-Allow-Headers: X-Requested-With,Content-Type,Authorization,x-app-id
Access-Control-Allow-Methods: GET,PUT,POST,DELETE
Access-Control-Allow-Origin: *
Content-Type: application/json
Date: Mon, 04 Dec 2023 01:51:46 GMT
Server: nginx
Content-Length: 142
Connection: keep-alive
assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/99058982850f/RC6b40217ba8b34b5c95f7ac097beadf09-source.min.js
2.18.172.233 286 B URL assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/99058982850f/RC6b40217ba8b34b5c95f7ac097beadf09-source.min.js
IP 2.18.172.233:0
Certificate IssuerDigiCert Inc
Subjectassets.adobedtm.com
Fingerprint8E:2F:9F:94:55:93:C2:B5:58:37:E8:D3:02:3C:23:AF:BA:E7:1D:EA
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sat, 10 Aug 2024 23:59:59 GMT
File type ASCII text, with very long lines (304)
Hash 9d329853a801c00019899598da50a762
fddbe70abdf0251ce3c72b34899bc1f93dee758c
177b9dbf2cb10e29041b0446aec0ac0d478d2cc420144dd745a4fe5a7c1fd360
GET /a281455e4dfe/86f9b29df5eb/99058982850f/RC6b40217ba8b34b5c95f7ac097beadf09-source.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://harmac.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "52b5e7d86e1980765da3e075758f5e02:1700230292.716631"
last-modified: Fri, 17 Nov 2023 14:11:32 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=3600
expires: Mon, 04 Dec 2023 02:51:46 GMT
date: Mon, 04 Dec 2023 01:51:46 GMT
content-length: 286
access-control-allow-origin: https://harmac.savings.workingadvantage.com
timing-allow-origin: *
X-Firefox-Spdy: h2
assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/99058982850f/RC0c16579d5c704bd0a214633d669d35f2-source.min.js
2.18.172.233 548 B URL assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/99058982850f/RC0c16579d5c704bd0a214633d669d35f2-source.min.js
IP 2.18.172.233:0
Certificate IssuerDigiCert Inc
Subjectassets.adobedtm.com
Fingerprint8E:2F:9F:94:55:93:C2:B5:58:37:E8:D3:02:3C:23:AF:BA:E7:1D:EA
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sat, 10 Aug 2024 23:59:59 GMT
File type ASCII text, with very long lines (871)
Hash b6ab6600ee3ade29d2ceb7e4fbc49442
1de248e70f915eaa24fc5c887fd2fd0ec259529e
c86c5c33c4a4bcdad8cb8ab9208bd80f7c7d24d29bfe3c17621a3b8a7c4b273e
GET /a281455e4dfe/86f9b29df5eb/99058982850f/RC0c16579d5c704bd0a214633d669d35f2-source.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://harmac.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "52b5e7d86e1980765da3e075758f5e02:1700230292.716631"
last-modified: Fri, 17 Nov 2023 14:11:32 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=3600
expires: Mon, 04 Dec 2023 02:51:46 GMT
date: Mon, 04 Dec 2023 01:51:46 GMT
content-length: 548
access-control-allow-origin: https://harmac.savings.workingadvantage.com
timing-allow-origin: *
X-Firefox-Spdy: h2
assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/99058982850f/RC668a267ca36c45b5acca38f3e4360a76-source.min.js
2.18.172.233 215 B URL assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/99058982850f/RC668a267ca36c45b5acca38f3e4360a76-source.min.js
IP 2.18.172.233:0
Certificate IssuerDigiCert Inc
Subjectassets.adobedtm.com
Fingerprint8E:2F:9F:94:55:93:C2:B5:58:37:E8:D3:02:3C:23:AF:BA:E7:1D:EA
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sat, 10 Aug 2024 23:59:59 GMT
Hash 74f251b2226edb2c9e4e190ca2d1fccb
ff50ff57d401f31803f19ebb65c9307f9dda35da
aaa66fd99c79e6009a990dda2b89b5d2419f07344577f4c1609064b67d43bcf0
GET /a281455e4dfe/86f9b29df5eb/99058982850f/RC668a267ca36c45b5acca38f3e4360a76-source.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://harmac.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "52b5e7d86e1980765da3e075758f5e02:1700230292.716631"
last-modified: Fri, 17 Nov 2023 14:11:32 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=3600
expires: Mon, 04 Dec 2023 02:51:46 GMT
date: Mon, 04 Dec 2023 01:51:46 GMT
content-length: 215
access-control-allow-origin: https://harmac.savings.workingadvantage.com
timing-allow-origin: *
X-Firefox-Spdy: h2
events.api.boomtrain.com/event/track
34.194.84.173 2 B URL events.api.boomtrain.com/event/track
IP 34.194.84.173:0
File type ASCII text, with no line terminators
Hash e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
POST /event/track HTTP/1.1
Host: events.api.boomtrain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 801
Origin: https://harmac.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://harmac.savings.workingadvantage.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 01:51:47 GMT
content-type: text/plain
content-length: 2
server: nginx
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With, Content-Type, Authorization, x-app-id
access-control-allow-methods: GET, PUT, POST, DELETE
X-Firefox-Spdy: h2
harmac.savings.workingadvantage.com/api/controls/harmac
104.18.39.111 871 B URL harmac.savings.workingadvantage.com/api/controls/harmac
IP 104.18.39.111:0
File type JSON data\012- , ASCII text, with very long lines (2050), with no line terminators
Hash 66a41fb5c208b7a7036321fcc1a1309a
976240b9b349f4cd7f3eb4473feb2a6698442dce
341083bce636014fe77945e54a94e8cce5c1a34cfe400bffe146af1e78e73cae
GET /api/controls/harmac HTTP/1.1
Host: harmac.savings.workingadvantage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjI2NDczNjciLCJhcCI6IjExMjAyMTg3MjUiLCJpZCI6ImFlODNlZGMzZDkzMWM2OTQiLCJ0ciI6IjdhMjQ4NGExNDk2NjkxZThmNDMzZGNlYjhkMTJjYjAwIiwidGkiOjE3MDE2NTQ3MTE3ODAsInRrIjoiODg4MzEifX0=
traceparent: 00-7a2484a1496691e8f433dceb8d12cb00-ae83edc3d931c694-01
tracestate: 88831@nr=0-1-2647367-1120218725-ae83edc3d931c694----1701654711780
DNT: 1
Connection: keep-alive
Referer: https://harmac.savings.workingadvantage.com/my-profile/details
Cookie: __cf_bm=Z1lUxOL3voxfctmhCnRFNwPwCyQX8TNxj_v0dr3P6hQ-1701654704-0-AZpFiscTnPtW17V4DnPLLAIIbpsEcNfVEbciNs30klHtPOIuKM+RAGoYBf52je3t0iTJaPsmw5zarDmdKCCLnbI=; AMCV_B5F9FF2554F608410A4C98C6%40AdobeOrg=1176715910%7CMCIDTS%7C19696%7CMCMID%7C28201712594406624848983761685300558313%7CMCAID%7CNONE%7CMCOPTOUT-1701661910s%7CNONE%7CvVersion%7C5.4.0; s_ecid=MCMID%7C28201712594406624848983761685300558313; AMCVS_B5F9FF2554F608410A4C98C6%40AdobeOrg=1; _ga_FD2X5ZMELR=GS1.1.1701654710.1.0.1701654711.0.0.0; _ga=GA1.1.547215177.1701654711; cf_clearance=bj44fApg1ok1AVLflLzvnF6ZZyW4L7sAazd_nbEfI9w-1701654706-0-1-730ca2d2.73a07051.5b213570-0.2.1701654706; _gcl_au=1.1.364419749.1701654712; btIdentify=5a928e68-f221-4353-d3ef-d29c7271f26b; _bti=%7B%22bsin%22%3A%22%22%7D; _bts=30ac833f-1c1f-40f0-cf38-eacb4dfcacf4
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 04 Dec 2023 01:51:46 GMT
content-type: application/json; charset=utf-8
x-powered-by:
access-control-allow-origin: http://harmac.savings.workingadvantage.com
vary: Origin
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
etag: W/"802-l2JAubNJ9M1/PrRHP+sqZphELc4"
expires: Mon, 04 Dec 2023 01:51:45 GMT
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-cache-status: DYNAMIC
strict-transport-security: max-age=5184000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 830067fa78b9712e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
harmac.savings.workingadvantage.com/api/info
104.18.39.111 46 kB URL harmac.savings.workingadvantage.com/api/info
IP 104.18.39.111:0
File type JSON data\012- , ASCII text, with very long lines (6699), with no line terminators
Hash a2b522fc85ff10f3c52efd69a8c6f785
6256f0bf6aea851b054fd4c70d6f7845ec758124
c2fe9ca0781bc3f1a81cb1d96a513b568517c84d6af95a71b284edfec5b2e919
GET /api/info HTTP/1.1
Host: harmac.savings.workingadvantage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjI2NDczNjciLCJhcCI6IjExMjAyMTg3MjUiLCJpZCI6IjgyMmVhNmZiYjAyMGI0ZDciLCJ0ciI6IjM0ZGMzMDZhOTM2MzkxODk3ZWU3YjU2ZjJkOGUwMDAwIiwidGkiOjE3MDE2NTQ3MTExMzQsInRrIjoiODg4MzEifX0=
traceparent: 00-34dc306a936391897ee7b56f2d8e0000-822ea6fbb020b4d7-01
tracestate: 88831@nr=0-1-2647367-1120218725-822ea6fbb020b4d7----1701654711134
DNT: 1
Connection: keep-alive
Referer: https://harmac.savings.workingadvantage.com/my-profile/details
Cookie: __cf_bm=Z1lUxOL3voxfctmhCnRFNwPwCyQX8TNxj_v0dr3P6hQ-1701654704-0-AZpFiscTnPtW17V4DnPLLAIIbpsEcNfVEbciNs30klHtPOIuKM+RAGoYBf52je3t0iTJaPsmw5zarDmdKCCLnbI=; AMCV_B5F9FF2554F608410A4C98C6%40AdobeOrg=1176715910%7CMCIDTS%7C19696%7CMCMID%7C28201712594406624848983761685300558313%7CMCAID%7CNONE%7CMCOPTOUT-1701661910s%7CNONE%7CvVersion%7C5.4.0; s_ecid=MCMID%7C28201712594406624848983761685300558313; AMCVS_B5F9FF2554F608410A4C98C6%40AdobeOrg=1; _ga_FD2X5ZMELR=GS1.1.1701654710.1.0.1701654710.0.0.0; _ga=GA1.1.547215177.1701654711
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 04 Dec 2023 01:51:46 GMT
content-type: application/json; charset=utf-8
x-powered-by:
access-control-allow-origin: http://harmac.savings.workingadvantage.com
vary: Origin
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
etag: W/"1a2b-Ylbwv2rqhRsFT9THDW94Rex1gSQ"
expires: Mon, 04 Dec 2023 01:51:45 GMT
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-cache-status: DYNAMIC
strict-transport-security: max-age=5184000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 830067f67eae712e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
harmac.savings.workingadvantage.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js
104.18.39.111 75 kB URL harmac.savings.workingadvantage.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js
IP 104.18.39.111:0
File type ASCII text, with very long lines (7347), with no line terminators
Hash 47b974e28713790d061a4b6daccb1c00
69a31502f0dc29a35a7dce8589ae3e2cd268b76c
6aac8824cc8df3037646c9d1c348f3bcd58abdd37f203c31b840b3eb3a42feaf
GET /cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js HTTP/1.1
Host: harmac.savings.workingadvantage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: __cf_bm=Z1lUxOL3voxfctmhCnRFNwPwCyQX8TNxj_v0dr3P6hQ-1701654704-0-AZpFiscTnPtW17V4DnPLLAIIbpsEcNfVEbciNs30klHtPOIuKM+RAGoYBf52je3t0iTJaPsmw5zarDmdKCCLnbI=; AMCV_B5F9FF2554F608410A4C98C6%40AdobeOrg=1176715910%7CMCIDTS%7C19696%7CMCMID%7C28201712594406624848983761685300558313%7CMCAID%7CNONE%7CMCOPTOUT-1701661910s%7CNONE%7CvVersion%7C5.4.0; s_ecid=MCMID%7C28201712594406624848983761685300558313; AMCVS_B5F9FF2554F608410A4C98C6%40AdobeOrg=1; _ga_FD2X5ZMELR=GS1.1.1701654710.1.0.1701654711.0.0.0; _ga=GA1.1.547215177.1701654711
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 04 Dec 2023 01:51:45 GMT
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
vary: accept-encoding
x-content-type-options: nosniff
strict-transport-security: max-age=5184000; includeSubDomains
server: cloudflare
cf-ray: 830067f72f06712e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/launch-a0e5cece2585.min.js
2.18.172.233200 OK 154 kB URL GET HTTP/2 assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/launch-a0e5cece2585.min.js
IP 2.18.172.233:443
Requested by https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate IssuerDigiCert Inc
Subjectassets.adobedtm.com
Fingerprint8E:2F:9F:94:55:93:C2:B5:58:37:E8:D3:02:3C:23:AF:BA:E7:1D:EA
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sat, 10 Aug 2024 23:59:59 GMT
File type ASCII text, with very long lines (32742)
Size 154 kB (154411 bytes)
Hash 9f22d37eff0340108e8e839a349263cc
0cabbc873195e92a33ed4694d49048ef05f52eee
47212462490d0b8fbf15a409fd8a79bd1a1f37c93790055517c1dc629bc9082f
GET /a281455e4dfe/86f9b29df5eb/launch-a0e5cece2585.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "9f22d37eff0340108e8e839a349263cc:1700230291.849047"
last-modified: Fri, 17 Nov 2023 14:11:31 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=3600
expires: Mon, 04 Dec 2023 02:51:47 GMT
date: Mon, 04 Dec 2023 01:51:47 GMT
content-length: 154411
access-control-allow-origin: https://auth.savings.workingadvantage.com
timing-allow-origin: *
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/css/bootstrap.min.css
151.101.193.229200 OK 26 kB URL GET HTTP/2 cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/css/bootstrap.min.css
IP 151.101.193.229:443
Requested by https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT
File type ASCII text, with very long lines (65326)
Hash 023b3876bb73aa541367fc40a193d2b7
8ed2d6350d23f857d92805737d0f97c675de666b
f77c0d1739b618edc4a01ca3f6b2990b01a3009030af49ee8cf68e83052df194
GET /npm/bootstrap@4.5.3/dist/css/bootstrap.min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://auth.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 4.5.3
x-jsd-version-type: version
etag: W/"27288-jtLWNQ0j+FfZKAVzfQ+XxnXeZms"
content-encoding: br
accept-ranges: bytes
date: Mon, 04 Dec 2023 01:51:47 GMT
age: 21968419
x-served-by: cache-fra-eddf8230071-FRA, cache-bma1646-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 26099
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/web-animations/2.3.1/web-animations.min.js
104.17.25.14200 OK 14 kB URL GET HTTP/3 cdnjs.cloudflare.com/ajax/libs/web-animations/2.3.1/web-animations.min.js
IP 104.17.25.14:443
Requested by https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File type ASCII text, with very long lines (47169)
Hash f689a668b5c6078984b93b9f59793c90
83042534752a6d9b0a4a086517e19230416feba4
cbb3c795fd44c83a1200149b18e0df050fe228df4b5b03891373029117d8bd6b
GET /ajax/libs/web-animations/2.3.1/web-animations.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 04 Dec 2023 01:51:47 GMT
content-type: application/javascript; charset=utf-8
content-length: 13763
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb0402f-bad6"
last-modified: Mon, 04 May 2020 16:17:51 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 681562
expires: Sat, 23 Nov 2024 01:51:47 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5w8YnASCqpPKldZVm2p6vNWOWsoVcR1l%2BgcIHRTcYJeYhcYv5kgmlT3Ia%2F4QvxhQsfO0bkRGWNxPRjL1jXkraJpt8zAnyWDYY2flK2jXnYMQsH%2BpYzBLQ6ZCMJIiwHDs62m8OOI0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 830068046a79b4ed-OSL
alt-svc: h3=":443"; ma=86400
maps.googleapis.com/maps/api/js?client=gme-entertainmentbenefits&libraries=places
142.250.74.74200 OK 66 kB URL GET HTTP/3 maps.googleapis.com/maps/api/js?client=gme-entertainmentbenefits&libraries=places
IP 142.250.74.74:443
Requested by https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type ASCII text, with very long lines (2928)
Hash 59b64ce85b33a556c7372400096319f0
2150f1e1e4132e89bb0859d74e8c6468e981bef4
6bc8edf20fa26484c5a1e9a7e825ca66b5aa394a827f204dd9b6860e7d3ed264
GET /maps/api/js?client=gme-entertainmentbenefits&libraries=places HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
cache-control: public, max-age=1800
content-type: text/javascript; charset=UTF-8
timing-allow-origin: *
vary: Accept-Language, Origin, X-Origin, Referer
cross-origin-resource-policy: cross-origin
content-encoding: gzip
date: Mon, 04 Dec 2023 01:51:47 GMT
server: scaffolding on HTTPServer2
content-length: 65931
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
www.googletagmanager.com/gtm.js?id=GTM-5QN8HWM
142.250.74.168200 OK 79 kB URL GET HTTP/3 www.googletagmanager.com/gtm.js?id=GTM-5QN8HWM
IP 142.250.74.168:443
Requested by https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT
File type ASCII text, with very long lines (19808)
Hash 00a0df9705b9588630646af42424dddb
584d32616032fc28d0c2609ebf797646000dd891
80a0dbb8b039329b7ad83249610d552dd66b7bbef2b1f3e463cef2c6beabbc1a
GET /gtm.js?id=GTM-5QN8HWM HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 04 Dec 2023 01:51:47 GMT
expires: Mon, 04 Dec 2023 01:51:47 GMT
cache-control: private, max-age=900
last-modified: Mon, 04 Dec 2023 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 79021
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement.min.js
2.18.172.233200 OK 12 kB URL GET HTTP/2 assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement.min.js
IP 2.18.172.233:443
Requested by https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate IssuerDigiCert Inc
Subjectassets.adobedtm.com
Fingerprint8E:2F:9F:94:55:93:C2:B5:58:37:E8:D3:02:3C:23:AF:BA:E7:1D:EA
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sat, 10 Aug 2024 23:59:59 GMT
File type ASCII text, with very long lines (32768)
Hash d860c16ac938f7d839f0ec158d02d0f0
8710f81ed151233677f7e32b229cb35293dd6840
9219086b4f2c3bf77854b2e06ccd97ad32b9b7a140e65ff8b974a3bae6c7854c
GET /extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "d860c16ac938f7d839f0ec158d02d0f0:1644856531.418573"
last-modified: Mon, 14 Feb 2022 16:35:31 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 12163
x-akamai-ew-subworker: 8096267
expires: Mon, 04 Dec 2023 02:51:48 GMT
date: Mon, 04 Dec 2023 01:51:48 GMT
cache-control: no-cache
access-control-allow-origin: https://auth.savings.workingadvantage.com
timing-allow-origin: *
X-Firefox-Spdy: h2
auth.savings.workingadvantage.com/auth/authorize?subdomain=harmac&response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
104.18.39.111302 Found 23 kB URL User Request GET HTTP/3 auth.savings.workingadvantage.com/auth/authorize?subdomain=harmac&response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
IP 104.18.39.111:443
Certificate IssuerCloudflare, Inc.
Subjectworkingadvantage.com
FingerprintE1:B3:50:87:CF:77:63:80:7F:9D:81:96:18:E2:FA:4F:AC:2D:A8:B6
ValidityThu, 06 Jul 2023 00:00:00 GMT - Thu, 04 Jul 2024 23:59:59 GMT
Hash 9879540fe40fdf76057587f2e05c52de
609ed469cd2fc8a61ce370dafd67b018de3571ef
9bd2d02397472630ede0520e0ffac920e410a4f29ebe0b28ac8a27968643bbbc
GET /auth/authorize?subdomain=harmac&response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails HTTP/1.1
Host: auth.savings.workingadvantage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://harmac.savings.workingadvantage.com/
Cookie: __cf_bm=Z1lUxOL3voxfctmhCnRFNwPwCyQX8TNxj_v0dr3P6hQ-1701654704-0-AZpFiscTnPtW17V4DnPLLAIIbpsEcNfVEbciNs30klHtPOIuKM+RAGoYBf52je3t0iTJaPsmw5zarDmdKCCLnbI=; AMCV_B5F9FF2554F608410A4C98C6%40AdobeOrg=1176715910%7CMCIDTS%7C19696%7CMCMID%7C28201712594406624848983761685300558313%7CMCAID%7CNONE%7CMCOPTOUT-1701661910s%7CNONE%7CvVersion%7C5.4.0; s_ecid=MCMID%7C28201712594406624848983761685300558313; AMCVS_B5F9FF2554F608410A4C98C6%40AdobeOrg=1; _ga_FD2X5ZMELR=GS1.1.1701654710.1.0.1701654711.0.0.0; _ga=GA1.1.547215177.1701654711; cf_clearance=bj44fApg1ok1AVLflLzvnF6ZZyW4L7sAazd_nbEfI9w-1701654706-0-1-730ca2d2.73a07051.5b213570-0.2.1701654706; _gcl_au=1.1.364419749.1701654712; btIdentify=5a928e68-f221-4353-d3ef-d29c7271f26b; _bti=%7B%22app_id%22%3A%22ebg-wag3%22%2C%22bsin%22%3A%22v0NwZmC5K1%2FbrsroXNQ%2FEKO07mTuWKWwl1prJHUZ2XlRtDW7okh9waiOPLd%2FPEz39K4ag%2FydpNNYw%2FYz5DdU2w%3D%3D%22%2C%22is_identified%22%3Afalse%7D; _bts=30ac833f-1c1f-40f0-cf38-eacb4dfcacf4
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 302 Found
date: Mon, 04 Dec 2023 01:51:47 GMT
content-type: text/html; charset=utf-8
x-powered-by:
access-control-allow-origin: http://auth.savings.workingadvantage.com
vary: Origin, Accept
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
location: /harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
expires: Mon, 04 Dec 2023 01:51:46 GMT
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-cache-status: DYNAMIC
strict-transport-security: max-age=5184000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 830068023b7b712e-OSL
alt-svc: h3=":443"; ma=86400
maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true
142.250.74.74200 OK 23 B URL GET HTTP/3 maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true
IP 142.250.74.74:443
Requested by https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type JSON data\012- , ASCII text
Hash 8a80554c91d9fca8acb82f023de02f11
5f36b2ea290645ee34d943220a14b54ee5ea5be5
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
GET /maps/api/mapsjs/gen_204?csp_test=true HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://auth.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/json; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Mon, 04 Dec 2023 01:51:48 GMT
server: scaffolding on HTTPServer2
cache-control: private
content-length: 23
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://auth.savings.workingadvantage.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXiWtFCc.woff2
142.250.74.67200 OK 14 kB URL GET HTTP/2 fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXiWtFCc.woff2
IP 142.250.74.67:443
Requested by https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type Web Open Font Format (Version 2), TrueType, length 13980, version 1.0\012- data
Hash b7d6b48d8d12946dc808ff39aed6c460
3f18028a04b3fb39bb1cc33dce401d04e9207970
d4ae5188a65370ecfe28f42293bbee8297cfd5712c6aadfdb270d48f2bcd88b0
GET /s/lato/v24/S6uyw4BMUTPHjx4wXiWtFCc.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://auth.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 13980
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 01:27:40 GMT
expires: Fri, 29 Nov 2024 01:27:40 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 02 May 2023 15:17:19 GMT
content-type: font/woff2
age: 347048
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=G-FD2X5ZMELR&l=dataLayer&cx=c
142.250.74.168200 OK 93 kB URL GET HTTP/3 www.googletagmanager.com/gtag/js?id=G-FD2X5ZMELR&l=dataLayer&cx=c
IP 142.250.74.168:443
Requested by https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT
File type ASCII text, with very long lines (5955)
Hash e878954f18b06da5b5228e3f6c3c7031
eabb8c91551cfb2d1c777ea6e3a7fb5de2aa5698
7f0b230152439a35fb5b2d36327a37f10a9957e4ac6f5f79c8276bae0d90ac11
GET /gtag/js?id=G-FD2X5ZMELR&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 04 Dec 2023 01:51:48 GMT
expires: Mon, 04 Dec 2023 01:51:48 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 93082
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
harmac.savings.beneplace.com/api/notifications/system-wide
104.18.37.20200 OK 2 B URL GET HTTP/2 harmac.savings.beneplace.com/api/notifications/system-wide
IP 104.18.37.20:443
Requested by https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate IssuerCloudflare, Inc.
Subjectbeneplace.com
FingerprintFA:10:71:A9:9F:97:37:4F:1A:89:A2:E9:CC:0F:95:A6:CF:A4:A2:D1
ValidityFri, 01 Dec 2023 00:00:00 GMT - Sat, 30 Nov 2024 23:59:59 GMT
File type JSON data\012- , ASCII text, with no line terminators
Hash d751713988987e9331980363e24189ce
97d170e1550eee4afc0af065b78cda302a97674c
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
GET /api/notifications/system-wide HTTP/1.1
Host: harmac.savings.beneplace.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://auth.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 01:51:49 GMT
content-type: application/json; charset=utf-8
content-length: 2
x-powered-by:
access-control-allow-origin: https://auth.savings.workingadvantage.com
vary: Origin
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
etag: W/"2-l9Fw4VUO7kr8CvBlt4zaMCqXZ0w"
expires: Mon, 04 Dec 2023 01:51:48 GMT
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=CujPrtSJWL4B0Zbgb70f7WegPfto.CBS02zn5vckc7o-1701654709-0-ASZJBak9dt9jlzTkapxK+FV3e7X+cbVwsQdT3dNvgP5La2dow0PSuBEBRT3lvPE9dPW51McKypmJENYJev4UXUQ=; path=/; expires=Mon, 04-Dec-23 02:21:49 GMT; domain=.beneplace.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8300680a89f27127-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/99058982850f/RCfc27f81c245c44b78fbb03ff4af1a6be-source.min.js
2.18.172.233200 OK 214 B URL GET HTTP/2 assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/99058982850f/RCfc27f81c245c44b78fbb03ff4af1a6be-source.min.js
IP 2.18.172.233:443
Requested by https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate IssuerDigiCert Inc
Subjectassets.adobedtm.com
Fingerprint8E:2F:9F:94:55:93:C2:B5:58:37:E8:D3:02:3C:23:AF:BA:E7:1D:EA
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sat, 10 Aug 2024 23:59:59 GMT
Hash 9de49b0d72b52bcff35a575dcbf3a505
67b61404e3f0bf10d1aa5a8895b5f0840a2b8f4d
c8ab5af61a41599d2375ab31a82cc778a38e29b25049ac57f1e6fcd60c004afe
GET /a281455e4dfe/86f9b29df5eb/99058982850f/RCfc27f81c245c44b78fbb03ff4af1a6be-source.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "52b5e7d86e1980765da3e075758f5e02:1700230292.716631"
last-modified: Fri, 17 Nov 2023 14:11:32 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=3600
expires: Mon, 04 Dec 2023 02:51:49 GMT
date: Mon, 04 Dec 2023 01:51:49 GMT
content-length: 214
access-control-allow-origin: https://auth.savings.workingadvantage.com
timing-allow-origin: *
X-Firefox-Spdy: h2
assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/99058982850f/RC986b4d5825364bd4887033e40e20c549-source.min.js
2.18.172.233200 OK 429 B URL GET HTTP/2 assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/99058982850f/RC986b4d5825364bd4887033e40e20c549-source.min.js
IP 2.18.172.233:443
Requested by https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate IssuerDigiCert Inc
Subjectassets.adobedtm.com
Fingerprint8E:2F:9F:94:55:93:C2:B5:58:37:E8:D3:02:3C:23:AF:BA:E7:1D:EA
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sat, 10 Aug 2024 23:59:59 GMT
File type ASCII text, with very long lines (610)
Hash 312cb3e912e23ae79d6f14e1f73679ac
a3303715a66d325886a96badf99dc1111dbffa2c
d56b6db4e16388149899dcea8f2bcbf6856bb84e7b9b866ddf3c388e5d12e8d6
Analyzer Verdict Alert Public Nextron YARA rules malware Webshells iisstart.aspx and Logout.aspx
GET /a281455e4dfe/86f9b29df5eb/99058982850f/RC986b4d5825364bd4887033e40e20c549-source.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "52b5e7d86e1980765da3e075758f5e02:1700230292.716631"
last-modified: Fri, 17 Nov 2023 14:11:32 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=3600
expires: Mon, 04 Dec 2023 02:51:49 GMT
date: Mon, 04 Dec 2023 01:51:49 GMT
content-length: 429
access-control-allow-origin: https://auth.savings.workingadvantage.com
timing-allow-origin: *
X-Firefox-Spdy: h2
www.googletagmanager.com/gtm.js?id=GTM-5QN8HWM
142.250.74.168200 OK 79 kB URL GET HTTP/3 www.googletagmanager.com/gtm.js?id=GTM-5QN8HWM
IP 142.250.74.168:443
Requested by https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT
File type ASCII text, with very long lines (19808)
Hash 6d977e6ebfae308c3a521fd20698beb7
87f10b6eaddcddfae5d47e96724830568d7143de
ac1259bf2a748942b749a5a75ed2907232297c9b566a21f535124c298d5c4ef0
GET /gtm.js?id=GTM-5QN8HWM HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 04 Dec 2023 01:51:49 GMT
expires: Mon, 04 Dec 2023 01:51:49 GMT
cache-control: private, max-age=900
last-modified: Mon, 04 Dec 2023 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 79019
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
www.googletagmanager.com/gtag/js?id=UA-2876877-9
142.250.74.168200 OK 69 kB URL GET HTTP/3 www.googletagmanager.com/gtag/js?id=UA-2876877-9
IP 142.250.74.168:443
Requested by https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT
File type ASCII text, with very long lines (4179)
Hash 3e13c673800e7a668b32825008da1d9b
b292e163ae859aaa02bda77370ceb523d9b450d2
430a897234d700684037c835687d0cda572c1ca068f589a53a2a25ff5e3cde9b
GET /gtag/js?id=UA-2876877-9 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 04 Dec 2023 01:51:49 GMT
expires: Mon, 04 Dec 2023 01:51:49 GMT
cache-control: private, max-age=900
last-modified: Mon, 04 Dec 2023 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 68946
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
smetrics.workingadvantage.com/b/ss/entbenwag3/1/JS-2.22.4-LDQM/s01340608910676
63.140.62.22200 OK 43 B URL POST HTTP/2 smetrics.workingadvantage.com/b/ss/entbenwag3/1/JS-2.22.4-LDQM/s01340608910676
IP 63.140.62.22:443
Requested by https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate IssuerDigiCert Inc
Subjectsmetrics.workingadvantage.com
FingerprintBF:39:6F:26:01:A5:E2:6D:81:D9:EB:97:B2:50:D2:2D:2F:2D:48:43
ValiditySun, 09 Jul 2023 00:00:00 GMT - Thu, 08 Aug 2024 23:59:59 GMT
File type GIF image data, version 89a, 2 x 2\012- data
Hash ad480fd0732d0f6f1a8b06359e3a42bb
a544538683a2dfe574eeb2e358ac8fcc78289d50
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
POST /b/ss/entbenwag3/1/JS-2.22.4-LDQM/s01340608910676 HTTP/1.1
Host: smetrics.workingadvantage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 2222
Origin: https://auth.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Cookie: __cf_bm=Z1lUxOL3voxfctmhCnRFNwPwCyQX8TNxj_v0dr3P6hQ-1701654704-0-AZpFiscTnPtW17V4DnPLLAIIbpsEcNfVEbciNs30klHtPOIuKM+RAGoYBf52je3t0iTJaPsmw5zarDmdKCCLnbI=; AMCV_B5F9FF2554F608410A4C98C6%40AdobeOrg=1176715910%7CMCIDTS%7C19696%7CMCMID%7C28201712594406624848983761685300558313%7CMCAID%7CNONE%7CMCOPTOUT-1701661915s%7CNONE%7CvVersion%7C5.4.0; s_ecid=MCMID%7C28201712594406624848983761685300558313; AMCVS_B5F9FF2554F608410A4C98C6%40AdobeOrg=1; _ga_FD2X5ZMELR=GS1.1.1701654710.1.1.1701654713.0.0.0; _ga=GA1.1.547215177.1701654711; cf_clearance=bj44fApg1ok1AVLflLzvnF6ZZyW4L7sAazd_nbEfI9w-1701654706-0-1-730ca2d2.73a07051.5b213570-0.2.1701654706; _gcl_au=1.1.364419749.1701654712; btIdentify=5a928e68-f221-4353-d3ef-d29c7271f26b; _bti=%7B%22app_id%22%3A%22ebg-wag3%22%2C%22bsin%22%3A%22v0NwZmC5K1%2FbrsroXNQ%2FEKO07mTuWKWwl1prJHUZ2XlRtDW7okh9waiOPLd%2FPEz39K4ag%2FydpNNYw%2FYz5DdU2w%3D%3D%22%2C%22is_identified%22%3Afalse%7D; _bts=30ac833f-1c1f-40f0-cf38-eacb4dfcacf4; sat_domain=A; mbox=session#1d3b9a1dc08d45e4a72e179cc2512ea7#1701656576; at_check=true; g3refurl=https%253A%252F%252Fauth.savings.workingadvantage.com%252Fharmac%252Fsign-in%253Fresponse_type%253Dcode%2526client_id%253D9ezalirn45mf43imjtdf53%2526redirect_uri%253Dhttps%253A%25252f%25252fharmac.savings.workingadvantage.com%25252fmy-profile%25252fdetails; prev_url_v2=https%253A%252F%252Fauth.savings.workingadvantage.com%252Fharmac%252Fsign-in%253Fresponse_type%253Dcode%2526client_id%253D9ezalirn45mf43imjtdf53%2526redirect_uri%253Dhttps%253A%25252f%25252fharmac.savings.workingadvantage.com%25252fmy-profile%25252fdetails; s_cc=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://auth.savings.workingadvantage.com
access-control-allow-credentials: true
date: Mon, 04 Dec 2023 01:51:50 GMT
expires: Sun, 03 Dec 2023 01:51:50 GMT
last-modified: Tue, 05 Dec 2023 01:51:50 GMT
pragma: no-cache
p3p: CP="This is not a P3P policy"
server: jag
set-cookie: s_ecid=MCMID%7C28201712594406624848983761685300558313; Path=/; Domain=workingadvantage.com; Max-Age=157680000; Expires=Sat, 02 Dec 2028 01:51:51 GMT;
etag: 3654275665779064832-4617553741675210914
vary: *
content-type: image/gif;charset=utf-8
content-length: 43
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=G-2K753Z6D0L&l=dataLayer&cx=c
142.250.74.168200 OK 86 kB URL GET HTTP/3 www.googletagmanager.com/gtag/js?id=G-2K753Z6D0L&l=dataLayer&cx=c
IP 142.250.74.168:443
Requested by https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT
File type ASCII text, with very long lines (13010)
Hash 2f4963b7551ec48e6e7b07fdc116b893
f39258e1e1560a56168b8310519d0e7cf5927af9
9cebb4ed076e17efe1353bb73eddaddea6cf41f6982da0c547ca6d58880946f8
GET /gtag/js?id=G-2K753Z6D0L&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 04 Dec 2023 01:51:50 GMT
expires: Mon, 04 Dec 2023 01:51:50 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 85761
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
auth.savings.workingadvantage.com/socket.io/?subdomain=harmac&EIO=3&transport=websocket
172.64.148.145 0 B URL auth.savings.workingadvantage.com/socket.io/?subdomain=harmac&EIO=3&transport=websocket
IP 172.64.148.145:0
Certificate IssuerCloudflare, Inc.
Subjectworkingadvantage.com
FingerprintE1:B3:50:87:CF:77:63:80:7F:9D:81:96:18:E2:FA:4F:AC:2D:A8:B6
ValidityThu, 06 Jul 2023 00:00:00 GMT - Thu, 04 Jul 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /socket.io/?subdomain=harmac&EIO=3&transport=websocket HTTP/1.1
Host: auth.savings.workingadvantage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://auth.savings.workingadvantage.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: vaKSMyjgfPCFIoK+YfaZew==
DNT: 1
Connection: keep-alive, Upgrade
Cookie: __cf_bm=Z1lUxOL3voxfctmhCnRFNwPwCyQX8TNxj_v0dr3P6hQ-1701654704-0-AZpFiscTnPtW17V4DnPLLAIIbpsEcNfVEbciNs30klHtPOIuKM+RAGoYBf52je3t0iTJaPsmw5zarDmdKCCLnbI=; AMCV_B5F9FF2554F608410A4C98C6%40AdobeOrg=1176715910%7CMCIDTS%7C19696%7CMCMID%7C28201712594406624848983761685300558313%7CMCAID%7CNONE%7CMCOPTOUT-1701661913s%7CNONE%7CvVersion%7C5.4.0; s_ecid=MCMID%7C28201712594406624848983761685300558313; AMCVS_B5F9FF2554F608410A4C98C6%40AdobeOrg=1; _ga_FD2X5ZMELR=GS1.1.1701654710.1.1.1701654713.0.0.0; _ga=GA1.1.547215177.1701654711; cf_clearance=bj44fApg1ok1AVLflLzvnF6ZZyW4L7sAazd_nbEfI9w-1701654706-0-1-730ca2d2.73a07051.5b213570-0.2.1701654706; _gcl_au=1.1.364419749.1701654712; btIdentify=5a928e68-f221-4353-d3ef-d29c7271f26b; _bti=%7B%22app_id%22%3A%22ebg-wag3%22%2C%22bsin%22%3A%22v0NwZmC5K1%2FbrsroXNQ%2FEKO07mTuWKWwl1prJHUZ2XlRtDW7okh9waiOPLd%2FPEz39K4ag%2FydpNNYw%2FYz5DdU2w%3D%3D%22%2C%22is_identified%22%3Afalse%7D; _bts=30ac833f-1c1f-40f0-cf38-eacb4dfcacf4
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Date: Mon, 04 Dec 2023 01:51:50 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: X5tfz/mqVy6GhCOZK+8ZTMROW1s=
Access-Control-Allow-Origin: https://auth.savings.workingadvantage.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
CF-Cache-Status: DYNAMIC
Strict-Transport-Security: max-age=5184000; includeSubDomains
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 830068105e2e569f-OSL
alt-svc: h3=":443"; ma=86400
auth.savings.workingadvantage.com/polyfills.9bd4a18a68d081a1.js
104.18.39.111200 OK 73 kB URL GET HTTP/3 auth.savings.workingadvantage.com/polyfills.9bd4a18a68d081a1.js
IP 104.18.39.111:443
Requested by https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate IssuerCloudflare, Inc.
Subjectworkingadvantage.com
FingerprintE1:B3:50:87:CF:77:63:80:7F:9D:81:96:18:E2:FA:4F:AC:2D:A8:B6
ValidityThu, 06 Jul 2023 00:00:00 GMT - Thu, 04 Jul 2024 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Hash 0cd11218e1d6b6ab172b905bb2eb2693
9bc810ec1a37bdd5f7f6fe480529cbac372f84e5
040e0f83384cfe2b858b56ce6e588c85aa1f9840901d5edcb8266f65b00a68a5
GET /polyfills.9bd4a18a68d081a1.js HTTP/1.1
Host: auth.savings.workingadvantage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Cookie: __cf_bm=Z1lUxOL3voxfctmhCnRFNwPwCyQX8TNxj_v0dr3P6hQ-1701654704-0-AZpFiscTnPtW17V4DnPLLAIIbpsEcNfVEbciNs30klHtPOIuKM+RAGoYBf52je3t0iTJaPsmw5zarDmdKCCLnbI=; AMCV_B5F9FF2554F608410A4C98C6%40AdobeOrg=1176715910%7CMCIDTS%7C19696%7CMCMID%7C28201712594406624848983761685300558313%7CMCAID%7CNONE%7CMCOPTOUT-1701661910s%7CNONE%7CvVersion%7C5.4.0; s_ecid=MCMID%7C28201712594406624848983761685300558313; AMCVS_B5F9FF2554F608410A4C98C6%40AdobeOrg=1; _ga_FD2X5ZMELR=GS1.1.1701654710.1.0.1701654711.0.0.0; _ga=GA1.1.547215177.1701654711; cf_clearance=bj44fApg1ok1AVLflLzvnF6ZZyW4L7sAazd_nbEfI9w-1701654706-0-1-730ca2d2.73a07051.5b213570-0.2.1701654706; _gcl_au=1.1.364419749.1701654712; btIdentify=5a928e68-f221-4353-d3ef-d29c7271f26b; _bti=%7B%22app_id%22%3A%22ebg-wag3%22%2C%22bsin%22%3A%22v0NwZmC5K1%2FbrsroXNQ%2FEKO07mTuWKWwl1prJHUZ2XlRtDW7okh9waiOPLd%2FPEz39K4ag%2FydpNNYw%2FYz5DdU2w%3D%3D%22%2C%22is_identified%22%3Afalse%7D; _bts=30ac833f-1c1f-40f0-cf38-eacb4dfcacf4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 04 Dec 2023 01:51:48 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 29 Nov 2023 02:24:53 GMT
vary: Accept-Encoding
etag: W/"6566a0f5-1e657"
strict-transport-security: max-age=5184000; includeSubDomains
x-frame-options: DENY
content-security-policy: frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
server: cloudflare
cf-ray: 830068047c88712e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
auth.savings.workingadvantage.com/assets/workingadvantage_logo_wide_inverse_01.png
104.18.39.111200 OK 19 kB URL GET HTTP/3 auth.savings.workingadvantage.com/assets/workingadvantage_logo_wide_inverse_01.png
IP 104.18.39.111:443
Requested by https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate IssuerCloudflare, Inc.
Subjectworkingadvantage.com
FingerprintE1:B3:50:87:CF:77:63:80:7F:9D:81:96:18:E2:FA:4F:AC:2D:A8:B6
ValidityThu, 06 Jul 2023 00:00:00 GMT - Thu, 04 Jul 2024 23:59:59 GMT
File type PNG image data, 500 x 200, 8-bit/color RGBA, non-interlaced\012- data
Hash fad05a309055bbe24890d609a98528f4
48fbd56aa5b0bd2b6139b23a0097aa02a594e13e
22de6cb47cb99a22c97982e083731cbbd79340c75261c8e68f9ddb350a11d264
GET /assets/workingadvantage_logo_wide_inverse_01.png HTTP/1.1
Host: auth.savings.workingadvantage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https:%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Cookie: __cf_bm=Z1lUxOL3voxfctmhCnRFNwPwCyQX8TNxj_v0dr3P6hQ-1701654704-0-AZpFiscTnPtW17V4DnPLLAIIbpsEcNfVEbciNs30klHtPOIuKM+RAGoYBf52je3t0iTJaPsmw5zarDmdKCCLnbI=; AMCV_B5F9FF2554F608410A4C98C6%40AdobeOrg=1176715910%7CMCIDTS%7C19696%7CMCMID%7C28201712594406624848983761685300558313%7CMCAID%7CNONE%7CMCOPTOUT-1701661915s%7CNONE%7CvVersion%7C5.4.0; s_ecid=MCMID%7C28201712594406624848983761685300558313; AMCVS_B5F9FF2554F608410A4C98C6%40AdobeOrg=1; _ga_FD2X5ZMELR=GS1.1.1701654710.1.1.1701654716.0.0.0; _ga=GA1.1.547215177.1701654711; cf_clearance=bj44fApg1ok1AVLflLzvnF6ZZyW4L7sAazd_nbEfI9w-1701654706-0-1-730ca2d2.73a07051.5b213570-0.2.1701654706; _gcl_au=1.1.364419749.1701654712; btIdentify=5a928e68-f221-4353-d3ef-d29c7271f26b; _bti=%7B%22app_id%22%3A%22ebg-wag3%22%2C%22bsin%22%3A%22v0NwZmC5K1%2FbrsroXNQ%2FEKO07mTuWKWwl1prJHUZ2XlRtDW7okh9waiOPLd%2FPEz39K4ag%2FydpNNYw%2FYz5DdU2w%3D%3D%22%2C%22is_identified%22%3Afalse%7D; _bts=30ac833f-1c1f-40f0-cf38-eacb4dfcacf4; mbox=session#1d3b9a1dc08d45e4a72e179cc2512ea7#1701656576; at_check=true; g3refurl=https%253A%252F%252Fauth.savings.workingadvantage.com%252Fharmac%252Fsign-in%253Fresponse_type%253Dcode%2526client_id%253D9ezalirn45mf43imjtdf53%2526redirect_uri%253Dhttps%253A%25252f%25252fharmac.savings.workingadvantage.com%25252fmy-profile%25252fdetails; prev_url_v2=https%253A%252F%252Fauth.savings.workingadvantage.com%252Fharmac%252Fsign-in%253Fresponse_type%253Dcode%2526client_id%253D9ezalirn45mf43imjtdf53%2526redirect_uri%253Dhttps%253A%25252f%25252fharmac.savings.workingadvantage.com%25252fmy-profile%25252fdetails; s_cc=true; split_test_groups={}
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 04 Dec 2023 01:51:51 GMT
content-type: image/png
content-length: 18724
last-modified: Wed, 29 Nov 2023 02:24:58 GMT
etag: "6566a0fa-4924"
accept-ranges: bytes
strict-transport-security: max-age=5184000; includeSubDomains
x-frame-options: DENY
content-security-policy: frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
server: cloudflare
cf-ray: 83006817aaad712e-OSL
alt-svc: h3=":443"; ma=86400
controlpanel.savings.beneplace.com/uploads/harmac_favicon_01.ico
104.18.37.20 7.4 kB URL GET controlpanel.savings.beneplace.com/uploads/harmac_favicon_01.ico
IP 104.18.37.20:0
Requested by https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate IssuerCloudflare, Inc.
Subjectbeneplace.com
FingerprintFA:10:71:A9:9F:97:37:4F:1A:89:A2:E9:CC:0F:95:A6:CF:A4:A2:D1
ValidityFri, 01 Dec 2023 00:00:00 GMT - Sat, 30 Nov 2024 23:59:59 GMT
File type MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Hash 73467eee959e69f202e081bd6e3a8eea
4615dbc0f045cd2c2181caac28be42c7188474e1
71b51eb933228cd69fdd396033359e4e9ef796e01dc60c2efc2d6674bd13e735
GET /uploads/harmac_favicon_01.ico HTTP/1.1
Host: controlpanel.savings.beneplace.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 04 Dec 2023 01:51:50 GMT
content-type: image/x-icon
last-modified: Thu, 18 Aug 2022 16:31:32 GMT
etag: W/"62fe6964-3c2e"
cache-control: public, max-age=2592000, s-maxage=600
cf-cache-status: MISS
set-cookie: __cf_bm=iTShTyxZNDzLX8zPVfHeJbaMsi5YkxAzlDDapH0VyPo-1701654710-0-AUQCrIctMdU8SECvjbBBCp9jHYZNwe1zyrDNM6Sd3kNGaF2vhyKUN5CvxHqsWO3osSctoZQ6D/M3vvEPgHfTnPA=; path=/; expires=Mon, 04-Dec-23 02:21:50 GMT; domain=.beneplace.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 83006812df2156c6-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
harmac.savings.beneplace.com/api/harmac/marketplace-styles.css
104.18.37.20200 OK 262 kB URL GET HTTP/2 harmac.savings.beneplace.com/api/harmac/marketplace-styles.css
IP 104.18.37.20:443
Requested by https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate IssuerCloudflare, Inc.
Subjectbeneplace.com
FingerprintFA:10:71:A9:9F:97:37:4F:1A:89:A2:E9:CC:0F:95:A6:CF:A4:A2:D1
ValidityFri, 01 Dec 2023 00:00:00 GMT - Sat, 30 Nov 2024 23:59:59 GMT
Size 262 kB (261990 bytes)
Hash 4c20ac279afca93ce189d60dce7c7e24
668aafb1d10a3f2831e846f533512bc3082fb2fc
1ad5c5e43ddfde0f0443b07d54adb9387065dc9f4f1f7d8dce46e14a8b75d78b
GET /api/harmac/marketplace-styles.css HTTP/1.1
Host: harmac.savings.beneplace.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://auth.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 01:51:49 GMT
content-type: text/css; charset=utf-8
x-powered-by:
access-control-allow-origin: https://auth.savings.workingadvantage.com
vary: Origin
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
etag: W/"802c-ZoqvsdEKPygx6Eb1M1Erwwgvsvw"
expires: Mon, 04 Dec 2023 01:51:48 GMT
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=_l1HGXKbjBFU6LvKM75H.KoLaVygO2VYvIuITJTFfWw-1701654709-0-Aa7OiVMm5kxdRJmWWYEISoDm18ycYdag4wPlwwCFC0v82LdG29R1Gf627O3ATTPM7MG/w7edPeWND9Vbn4jdVfA=; path=/; expires=Mon, 04-Dec-23 02:21:49 GMT; domain=.beneplace.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8300680a9a017127-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
harmac.savings.beneplace.com/api/controls/harmac
104.18.37.20200 OK 10 kB URL GET HTTP/2 harmac.savings.beneplace.com/api/controls/harmac
IP 104.18.37.20:443
Requested by https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate IssuerCloudflare, Inc.
Subjectbeneplace.com
FingerprintFA:10:71:A9:9F:97:37:4F:1A:89:A2:E9:CC:0F:95:A6:CF:A4:A2:D1
ValidityFri, 01 Dec 2023 00:00:00 GMT - Sat, 30 Nov 2024 23:59:59 GMT
File type JSON data\012- , ASCII text, with very long lines (2050), with no line terminators
Hash 66a41fb5c208b7a7036321fcc1a1309a
976240b9b349f4cd7f3eb4473feb2a6698442dce
341083bce636014fe77945e54a94e8cce5c1a34cfe400bffe146af1e78e73cae
GET /api/controls/harmac HTTP/1.1
Host: harmac.savings.beneplace.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://auth.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 01:51:49 GMT
content-type: application/json; charset=utf-8
x-powered-by:
access-control-allow-origin: https://auth.savings.workingadvantage.com
vary: Origin
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
etag: W/"802-l2JAubNJ9M1/PrRHP+sqZphELc4"
expires: Mon, 04 Dec 2023 01:51:48 GMT
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=7ZZtlWQXiQ6B_DrFoT0RJhbsq3bH1P8eL_L8SdwwJwY-1701654709-0-ATKGGmTCqmJM+LiCo193iFJviCkWNBhiEf+ypIwL+2+EhNKvVOJbB+6+mCLmngOIKmqkYOGfl1Ao/Ebk7kMZ9ps=; path=/; expires=Mon, 04-Dec-23 02:21:49 GMT; domain=.beneplace.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8300680a99ff7127-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ3q5d0.woff2
142.250.74.67200 OK 14 kB URL GET HTTP/3 fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ3q5d0.woff2
IP 142.250.74.67:443
Requested by https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type Web Open Font Format (Version 2), TrueType, length 14168, version 1.0\012- data
Hash 017598645bcc882a3610effe171c2ca3
ceaca8172b95b6954d5a5752698a5162d7e9877c
7a7ce1a34f3e9944fe88fc61abbc93b6db383afa2b90815fd7ccea456fbce4e5
GET /s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ3q5d0.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://auth.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 14168
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 12:50:31 GMT
expires: Fri, 29 Nov 2024 12:50:31 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 02 May 2023 15:29:56 GMT
content-type: font/woff2
age: 306080
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh50XSwiPGQ3q5d0.woff2
142.250.74.67200 OK 14 kB URL GET HTTP/3 fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh50XSwiPGQ3q5d0.woff2
IP 142.250.74.67:443
Requested by https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type Web Open Font Format (Version 2), TrueType, length 13724, version 1.0\012- data
Hash cf5ec3859b05de1b9351ab934b937417
97ffac24ea5fe5c47301f1be229699330ea93bf2
bd9a6192274f8f2f3ce31cd3d2cae5ebe32e2fa86fc7c4f60a3c28556e496d56
GET /s/lato/v24/S6u9w4BMUTPHh50XSwiPGQ3q5d0.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://auth.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 13724
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 04:58:25 GMT
expires: Fri, 29 Nov 2024 04:58:25 GMT
cache-control: public, max-age=31536000
age: 334406
last-modified: Tue, 02 May 2023 15:20:27 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
maps.googleapis.com/maps-api-v3/api/js/54/12a/common.js
142.250.74.74200 OK 57 kB URL GET HTTP/3 maps.googleapis.com/maps-api-v3/api/js/54/12a/common.js
IP 142.250.74.74:443
Requested by https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type ASCII text, with very long lines (4584)
Hash 62dd4694504b9493499887d729e7d456
31e1581fda82bcbe5971f202b686a7f2d16d3394
0b6fb8c2b9ee6b41540fd549a726e431eb8667074da38d94af8a647ae05e9da7
GET /maps-api-v3/api/js/54/12a/common.js HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-length: 57367
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 02:38:24 GMT
expires: Fri, 29 Nov 2024 02:38:24 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 06 Nov 2023 21:27:26 GMT
content-type: text/javascript
vary: Accept-Encoding, Origin
age: 342809
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
maps.googleapis.com/maps-api-v3/api/js/54/12a/util.js
142.250.74.74200 OK 50 kB URL GET HTTP/3 maps.googleapis.com/maps-api-v3/api/js/54/12a/util.js
IP 142.250.74.74:443
Requested by https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type ASCII text, with very long lines (584)
Hash dd9a0890c6719e8bbaf67f14c6032e48
645a019ec207a0c321401b6d0d05da505f9917b7
206b430ad8e96d2f58a4c4cc6d2e5b97b40a1b62d9c1a7b027409b376da8c1de
GET /maps-api-v3/api/js/54/12a/util.js HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-length: 50370
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 29 Nov 2023 11:11:29 GMT
expires: Thu, 28 Nov 2024 11:11:29 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 06 Nov 2023 21:27:26 GMT
content-type: text/javascript
vary: Accept-Encoding, Origin
age: 398424
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
harmac.savings.beneplace.com/api/navigation/harmac/auth_footer/US/auth
104.18.37.20200 OK 959 B URL GET HTTP/2 harmac.savings.beneplace.com/api/navigation/harmac/auth_footer/US/auth
IP 104.18.37.20:443
Requested by https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate IssuerCloudflare, Inc.
Subjectbeneplace.com
FingerprintFA:10:71:A9:9F:97:37:4F:1A:89:A2:E9:CC:0F:95:A6:CF:A4:A2:D1
ValidityFri, 01 Dec 2023 00:00:00 GMT - Sat, 30 Nov 2024 23:59:59 GMT
File type troff or preprocessor input, Unicode text, UTF-8 text, with very long lines (1104), with no line terminators
Hash c3d5ce7b6683af9add7f52618a9527c8
98a01bb68706d5471405a04bd895df57830fb21c
b6e6fbe23eb14cd5c64d79d2e09e4bc6bb145ecb372b1d861c22e9ca0c945915
GET /api/navigation/harmac/auth_footer/US/auth HTTP/1.1
Host: harmac.savings.beneplace.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://auth.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 01:51:49 GMT
content-type: application/json; charset=utf-8
x-powered-by:
access-control-allow-origin: https://auth.savings.workingadvantage.com
vary: Origin
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
etag: W/"3bf-fTrY/POxp8xLE7tJOcrV4J65oF4"
expires: Mon, 04 Dec 2023 01:51:48 GMT
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=xd0WitABtSmDS7m0pSgRdeeNMfs4.7ChCEpbTS5e_HM-1701654709-0-Aa13ZUBvlMawHR0z+62iMV+YI7J0DKFBzIzZSOAMy8BgXeOf88nwqaAAsySD7IR20DLF+I4JKZYf6gYdWajnJZc=; path=/; expires=Mon, 04-Dec-23 02:21:49 GMT; domain=.beneplace.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8300680c3abf7127-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
harmac.savings.beneplace.com/api/info
104.18.37.20200 OK 6.7 kB URL GET HTTP/2 harmac.savings.beneplace.com/api/info
IP 104.18.37.20:443
Requested by https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate IssuerCloudflare, Inc.
Subjectbeneplace.com
FingerprintFA:10:71:A9:9F:97:37:4F:1A:89:A2:E9:CC:0F:95:A6:CF:A4:A2:D1
ValidityFri, 01 Dec 2023 00:00:00 GMT - Sat, 30 Nov 2024 23:59:59 GMT
File type troff or preprocessor input, ASCII text, with very long lines (7232), with no line terminators
Hash f779aee5e4ca0a48254fdc224c28d10c
aca05a7c0c67b5200ead083ede7724b5b7c80d95
8dfb6138a3dd0e529b0fe863c03700b2e5b013d87923e7bf415defbcf10fb0e0
GET /api/info HTTP/1.1
Host: harmac.savings.beneplace.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://auth.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 01:51:49 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding, Origin
x-powered-by:
access-control-allow-origin: https://auth.savings.workingadvantage.com
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
expires: Mon, 04 Dec 2023 01:51:47 GMT
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=rEx.7_cvgqTbIaw2Vwzp.iqbBkp9I_Fz46qPEpYPNTE-1701654709-0-AXM32Oz0Jo56amuQEG/iavYdeOKPdJjlguvN7cYq0Q5wXL3ZMu2p++R1BPrvNEjFq0sbW28uzll1pzXuHvzWbBc=; path=/; expires=Mon, 04-Dec-23 02:21:49 GMT; domain=.beneplace.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8300680a99fe7127-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
harmac.savings.beneplace.com/api/info?authInfo=true
104.18.37.20200 OK 7.7 kB URL GET HTTP/2 harmac.savings.beneplace.com/api/info?authInfo=true
IP 104.18.37.20:443
Requested by https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate IssuerCloudflare, Inc.
Subjectbeneplace.com
FingerprintFA:10:71:A9:9F:97:37:4F:1A:89:A2:E9:CC:0F:95:A6:CF:A4:A2:D1
ValidityFri, 01 Dec 2023 00:00:00 GMT - Sat, 30 Nov 2024 23:59:59 GMT
File type troff or preprocessor input, ASCII text, with very long lines (8338), with no line terminators
Hash e1eed3a6d1d7dfa52be445b06bb04469
40c7368132eed78b1ed8562da946df74e39e07a7
99dc7615e5b4b26e1d533ee4b716cc3138a33319ecb343bc93db7af67401765b
GET /api/info?authInfo=true HTTP/1.1
Host: harmac.savings.beneplace.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://auth.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 01:51:49 GMT
content-type: application/json; charset=utf-8
x-powered-by:
access-control-allow-origin: https://auth.savings.workingadvantage.com
vary: Origin
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
etag: W/"1e3d-MNymTFke/nTiGbnKrwO+iyxzN18"
expires: Mon, 04 Dec 2023 01:51:48 GMT
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=k7tAX5xb0fj1DszY1ml2I6VEwCgGzJCVQA4LAc4m4ME-1701654709-0-AShL9kdWp34f50sWDw4uWl3TBrU2MVe5NPH+Gm3/v24uaRzUgoYYZrMlVFhWs67gDefzmZPRJG8IAPnd/RDufcs=; path=/; expires=Mon, 04-Dec-23 02:21:49 GMT; domain=.beneplace.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8300680a89f97127-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
104.18.39.111200 OK 52 kB URL GET HTTP/3 auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
IP 104.18.39.111:443
Requested by https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate IssuerCloudflare, Inc.
Subjectworkingadvantage.com
FingerprintE1:B3:50:87:CF:77:63:80:7F:9D:81:96:18:E2:FA:4F:AC:2D:A8:B6
ValidityThu, 06 Jul 2023 00:00:00 GMT - Thu, 04 Jul 2024 23:59:59 GMT
File type ASCII text, with very long lines (51930)
Hash 0cd967d483680340e1c5d0f1c3b34662
4f6121c35c81f16302bdb45a3a00ee708896a72c
bc49c009b33e66a59f057cf4ada682b80d4401d919ddf0f8d3ef2bb0415f0b23
GET /assets/new-relic/new-relic-integration.js HTTP/1.1
Host: auth.savings.workingadvantage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Cookie: __cf_bm=Z1lUxOL3voxfctmhCnRFNwPwCyQX8TNxj_v0dr3P6hQ-1701654704-0-AZpFiscTnPtW17V4DnPLLAIIbpsEcNfVEbciNs30klHtPOIuKM+RAGoYBf52je3t0iTJaPsmw5zarDmdKCCLnbI=; AMCV_B5F9FF2554F608410A4C98C6%40AdobeOrg=1176715910%7CMCIDTS%7C19696%7CMCMID%7C28201712594406624848983761685300558313%7CMCAID%7CNONE%7CMCOPTOUT-1701661910s%7CNONE%7CvVersion%7C5.4.0; s_ecid=MCMID%7C28201712594406624848983761685300558313; AMCVS_B5F9FF2554F608410A4C98C6%40AdobeOrg=1; _ga_FD2X5ZMELR=GS1.1.1701654710.1.0.1701654711.0.0.0; _ga=GA1.1.547215177.1701654711; cf_clearance=bj44fApg1ok1AVLflLzvnF6ZZyW4L7sAazd_nbEfI9w-1701654706-0-1-730ca2d2.73a07051.5b213570-0.2.1701654706; _gcl_au=1.1.364419749.1701654712; btIdentify=5a928e68-f221-4353-d3ef-d29c7271f26b; _bti=%7B%22app_id%22%3A%22ebg-wag3%22%2C%22bsin%22%3A%22v0NwZmC5K1%2FbrsroXNQ%2FEKO07mTuWKWwl1prJHUZ2XlRtDW7okh9waiOPLd%2FPEz39K4ag%2FydpNNYw%2FYz5DdU2w%3D%3D%22%2C%22is_identified%22%3Afalse%7D; _bts=30ac833f-1c1f-40f0-cf38-eacb4dfcacf4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 04 Dec 2023 01:51:48 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 29 Nov 2023 02:24:58 GMT
vary: Accept-Encoding
etag: W/"6566a0fa-ccde"
strict-transport-security: max-age=5184000; includeSubDomains
x-frame-options: DENY
content-security-policy: frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
server: cloudflare
cf-ray: 830068045c78712e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
harmac.savings.beneplace.com/api/google-experiments/auth-v2
104.18.37.20200 OK 4.1 kB URL GET HTTP/2 harmac.savings.beneplace.com/api/google-experiments/auth-v2
IP 104.18.37.20:443
Requested by https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate IssuerCloudflare, Inc.
Subjectbeneplace.com
FingerprintFA:10:71:A9:9F:97:37:4F:1A:89:A2:E9:CC:0F:95:A6:CF:A4:A2:D1
ValidityFri, 01 Dec 2023 00:00:00 GMT - Sat, 30 Nov 2024 23:59:59 GMT
File type troff or preprocessor input, ASCII text, with very long lines (4740), with no line terminators
Hash 14ecdb96169cc32ecc2c6fee0bc2b731
6ed4bf3fda90c177895c158c73e71b881fd91901
ea9e4e9fb1c08973e40810b0c9a5493b723045d7b2dc71f9fcd5605843fa3fc9
GET /api/google-experiments/auth-v2 HTTP/1.1
Host: harmac.savings.beneplace.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://auth.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 01:51:49 GMT
content-type: application/json; charset=utf-8
x-powered-by:
access-control-allow-origin: https://auth.savings.workingadvantage.com
vary: Origin
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
etag: W/"fd8-xTrkXE581f1SQMoUGwMfCAmZvJg"
expires: Mon, 04 Dec 2023 01:51:47 GMT
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=U_kWZDYMFduOAttHK2pWLjhFSkNIhJ7yg1gsg7apRbs-1701654709-0-AcHX81Cz2ub6tc8PCtDhr92TC392sXxyssje+mxvV07ClIRmoJsFXoBYTLvCsPIti25Pq0aY1mBMkUmBL5RlBlU=; path=/; expires=Mon, 04-Dec-23 02:21:49 GMT; domain=.beneplace.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8300680a89f57127-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
harmac.savings.beneplace.com/api/platform/options/mouseflow?name=workingadvantage_mouseflow_script_id
104.18.37.20200 OK 94 B URL GET HTTP/3 harmac.savings.beneplace.com/api/platform/options/mouseflow?name=workingadvantage_mouseflow_script_id
IP 104.18.37.20:443
Requested by https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate IssuerCloudflare, Inc.
Subjectbeneplace.com
FingerprintFA:10:71:A9:9F:97:37:4F:1A:89:A2:E9:CC:0F:95:A6:CF:A4:A2:D1
ValidityFri, 01 Dec 2023 00:00:00 GMT - Sat, 30 Nov 2024 23:59:59 GMT
File type troff or preprocessor input, ASCII text, with no line terminators
Hash 574380e3af8e668c085d981c9866561b
68a87b621a0b735bd2c5f0d9ab264e2a5a5e5e1b
18eb455b689078c36720e1eb62d51e407dd707b6565340fa85e9f706f48b2033
GET /api/platform/options/mouseflow?name=workingadvantage_mouseflow_script_id HTTP/1.1
Host: harmac.savings.beneplace.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://auth.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 04 Dec 2023 01:51:50 GMT
content-type: application/json; charset=utf-8
x-powered-by:
access-control-allow-origin: https://auth.savings.workingadvantage.com
vary: Origin
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
etag: W/"5e-xWERRy+8FVp8nFwecehLclRX7Go"
expires: Mon, 04 Dec 2023 01:51:49 GMT
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=_RgIKVHtxKYNnm3tjVc350acyexC7NM6HnLftRdkfOM-1701654710-0-AW17M0zc/5yfhKlBVVinE0ZQ+kc1gp6rbeWEmUHf+YJZXEj4LqXDc/sY2NTUi5aLWcvfz9/UotyliICNSAdNI7Q=; path=/; expires=Mon, 04-Dec-23 02:21:50 GMT; domain=.beneplace.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 830068114c565695-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
auth.savings.workingadvantage.com/runtime.13338c5d9c83d0b6.js
104.18.39.111200 OK 1.2 kB URL GET HTTP/3 auth.savings.workingadvantage.com/runtime.13338c5d9c83d0b6.js
IP 104.18.39.111:443
Requested by https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate IssuerCloudflare, Inc.
Subjectworkingadvantage.com
FingerprintE1:B3:50:87:CF:77:63:80:7F:9D:81:96:18:E2:FA:4F:AC:2D:A8:B6
ValidityThu, 06 Jul 2023 00:00:00 GMT - Thu, 04 Jul 2024 23:59:59 GMT
File type ASCII text, with very long lines (1162), with no line terminators
Hash e29acf338ccd95684fd9ee2ea7ddd277
721dcd26e75a7d19304bc9442990b605f8f16ff5
12d58735bc08f3bb5aa001af1dfb3acadb4f60264ad7b680d5a8683d184b2d4c
GET /runtime.13338c5d9c83d0b6.js HTTP/1.1
Host: auth.savings.workingadvantage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Cookie: __cf_bm=Z1lUxOL3voxfctmhCnRFNwPwCyQX8TNxj_v0dr3P6hQ-1701654704-0-AZpFiscTnPtW17V4DnPLLAIIbpsEcNfVEbciNs30klHtPOIuKM+RAGoYBf52je3t0iTJaPsmw5zarDmdKCCLnbI=; AMCV_B5F9FF2554F608410A4C98C6%40AdobeOrg=1176715910%7CMCIDTS%7C19696%7CMCMID%7C28201712594406624848983761685300558313%7CMCAID%7CNONE%7CMCOPTOUT-1701661910s%7CNONE%7CvVersion%7C5.4.0; s_ecid=MCMID%7C28201712594406624848983761685300558313; AMCVS_B5F9FF2554F608410A4C98C6%40AdobeOrg=1; _ga_FD2X5ZMELR=GS1.1.1701654710.1.0.1701654711.0.0.0; _ga=GA1.1.547215177.1701654711; cf_clearance=bj44fApg1ok1AVLflLzvnF6ZZyW4L7sAazd_nbEfI9w-1701654706-0-1-730ca2d2.73a07051.5b213570-0.2.1701654706; _gcl_au=1.1.364419749.1701654712; btIdentify=5a928e68-f221-4353-d3ef-d29c7271f26b; _bti=%7B%22app_id%22%3A%22ebg-wag3%22%2C%22bsin%22%3A%22v0NwZmC5K1%2FbrsroXNQ%2FEKO07mTuWKWwl1prJHUZ2XlRtDW7okh9waiOPLd%2FPEz39K4ag%2FydpNNYw%2FYz5DdU2w%3D%3D%22%2C%22is_identified%22%3Afalse%7D; _bts=30ac833f-1c1f-40f0-cf38-eacb4dfcacf4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 04 Dec 2023 01:51:48 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 29 Nov 2023 02:24:53 GMT
vary: Accept-Encoding
etag: W/"6566a0f5-488"
strict-transport-security: max-age=5184000; includeSubDomains
x-frame-options: DENY
content-security-policy: frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
server: cloudflare
cf-ray: 830068046c82712e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
auth.savings.workingadvantage.com/assets/wa-logo-wide.png
104.18.39.111200 OK 29 kB URL GET HTTP/3 auth.savings.workingadvantage.com/assets/wa-logo-wide.png
IP 104.18.39.111:443
Requested by https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate IssuerCloudflare, Inc.
Subjectworkingadvantage.com
FingerprintE1:B3:50:87:CF:77:63:80:7F:9D:81:96:18:E2:FA:4F:AC:2D:A8:B6
ValidityThu, 06 Jul 2023 00:00:00 GMT - Thu, 04 Jul 2024 23:59:59 GMT
File type PNG image data, 500 x 200, 8-bit/color RGB, non-interlaced\012- data
Hash 9a514012bac6a68b6d0025ca3f28f4e4
447dd4828180a2480363d765b2c9ef41c1835da1
99e2d1102c644111abed2ee312d1e57ed5418135c0c9905f3f2a1cd44312d3d4
GET /assets/wa-logo-wide.png HTTP/1.1
Host: auth.savings.workingadvantage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https:%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Cookie: __cf_bm=Z1lUxOL3voxfctmhCnRFNwPwCyQX8TNxj_v0dr3P6hQ-1701654704-0-AZpFiscTnPtW17V4DnPLLAIIbpsEcNfVEbciNs30klHtPOIuKM+RAGoYBf52je3t0iTJaPsmw5zarDmdKCCLnbI=; AMCV_B5F9FF2554F608410A4C98C6%40AdobeOrg=1176715910%7CMCIDTS%7C19696%7CMCMID%7C28201712594406624848983761685300558313%7CMCAID%7CNONE%7CMCOPTOUT-1701661915s%7CNONE%7CvVersion%7C5.4.0; s_ecid=MCMID%7C28201712594406624848983761685300558313; AMCVS_B5F9FF2554F608410A4C98C6%40AdobeOrg=1; _ga_FD2X5ZMELR=GS1.1.1701654710.1.1.1701654716.0.0.0; _ga=GA1.1.547215177.1701654711; cf_clearance=bj44fApg1ok1AVLflLzvnF6ZZyW4L7sAazd_nbEfI9w-1701654706-0-1-730ca2d2.73a07051.5b213570-0.2.1701654706; _gcl_au=1.1.364419749.1701654712; btIdentify=5a928e68-f221-4353-d3ef-d29c7271f26b; _bti=%7B%22app_id%22%3A%22ebg-wag3%22%2C%22bsin%22%3A%22v0NwZmC5K1%2FbrsroXNQ%2FEKO07mTuWKWwl1prJHUZ2XlRtDW7okh9waiOPLd%2FPEz39K4ag%2FydpNNYw%2FYz5DdU2w%3D%3D%22%2C%22is_identified%22%3Afalse%7D; _bts=30ac833f-1c1f-40f0-cf38-eacb4dfcacf4; mbox=session#1d3b9a1dc08d45e4a72e179cc2512ea7#1701656576; at_check=true; g3refurl=https%253A%252F%252Fauth.savings.workingadvantage.com%252Fharmac%252Fsign-in%253Fresponse_type%253Dcode%2526client_id%253D9ezalirn45mf43imjtdf53%2526redirect_uri%253Dhttps%253A%25252f%25252fharmac.savings.workingadvantage.com%25252fmy-profile%25252fdetails; prev_url_v2=https%253A%252F%252Fauth.savings.workingadvantage.com%252Fharmac%252Fsign-in%253Fresponse_type%253Dcode%2526client_id%253D9ezalirn45mf43imjtdf53%2526redirect_uri%253Dhttps%253A%25252f%25252fharmac.savings.workingadvantage.com%25252fmy-profile%25252fdetails; s_cc=true; split_test_groups={}
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 04 Dec 2023 01:51:51 GMT
content-type: image/png
content-length: 29260
last-modified: Wed, 29 Nov 2023 02:24:58 GMT
etag: "6566a0fa-724c"
accept-ranges: bytes
strict-transport-security: max-age=5184000; includeSubDomains
x-frame-options: DENY
content-security-policy: frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
server: cloudflare
cf-ray: 830068179aaa712e-OSL
alt-svc: h3=":443"; ma=86400
auth.savings.workingadvantage.com/scripts.b785e07ef29de485.js
104.18.39.111200 OK 170 kB URL GET HTTP/3 auth.savings.workingadvantage.com/scripts.b785e07ef29de485.js
IP 104.18.39.111:443
Requested by https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate IssuerCloudflare, Inc.
Subjectworkingadvantage.com
FingerprintE1:B3:50:87:CF:77:63:80:7F:9D:81:96:18:E2:FA:4F:AC:2D:A8:B6
ValidityThu, 06 Jul 2023 00:00:00 GMT - Thu, 04 Jul 2024 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Size 170 kB (169744 bytes)
Hash 46c966376ef0860c9f256d7701100634
7cf0609623ef764b6c28e3778565084628881241
ac3e5cf9dbf7e7d8afbde8193602e353a531e05ea3ed89990432248a8c73ee18
GET /scripts.b785e07ef29de485.js HTTP/1.1
Host: auth.savings.workingadvantage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Cookie: __cf_bm=Z1lUxOL3voxfctmhCnRFNwPwCyQX8TNxj_v0dr3P6hQ-1701654704-0-AZpFiscTnPtW17V4DnPLLAIIbpsEcNfVEbciNs30klHtPOIuKM+RAGoYBf52je3t0iTJaPsmw5zarDmdKCCLnbI=; AMCV_B5F9FF2554F608410A4C98C6%40AdobeOrg=1176715910%7CMCIDTS%7C19696%7CMCMID%7C28201712594406624848983761685300558313%7CMCAID%7CNONE%7CMCOPTOUT-1701661910s%7CNONE%7CvVersion%7C5.4.0; s_ecid=MCMID%7C28201712594406624848983761685300558313; AMCVS_B5F9FF2554F608410A4C98C6%40AdobeOrg=1; _ga_FD2X5ZMELR=GS1.1.1701654710.1.0.1701654711.0.0.0; _ga=GA1.1.547215177.1701654711; cf_clearance=bj44fApg1ok1AVLflLzvnF6ZZyW4L7sAazd_nbEfI9w-1701654706-0-1-730ca2d2.73a07051.5b213570-0.2.1701654706; _gcl_au=1.1.364419749.1701654712; btIdentify=5a928e68-f221-4353-d3ef-d29c7271f26b; _bti=%7B%22app_id%22%3A%22ebg-wag3%22%2C%22bsin%22%3A%22v0NwZmC5K1%2FbrsroXNQ%2FEKO07mTuWKWwl1prJHUZ2XlRtDW7okh9waiOPLd%2FPEz39K4ag%2FydpNNYw%2FYz5DdU2w%3D%3D%22%2C%22is_identified%22%3Afalse%7D; _bts=30ac833f-1c1f-40f0-cf38-eacb4dfcacf4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 04 Dec 2023 01:51:48 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 29 Nov 2023 02:24:53 GMT
vary: Accept-Encoding
etag: W/"6566a0f5-29710"
strict-transport-security: max-age=5184000; includeSubDomains
x-frame-options: DENY
content-security-policy: frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
server: cloudflare
cf-ray: 830068047c8b712e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
auth.savings.workingadvantage.com/socket.io/?subdomain=harmac&EIO=3&transport=websocket
172.64.148.145101 Switching Protocols 0 B URL GET HTTP/1.1 auth.savings.workingadvantage.com/socket.io/?subdomain=harmac&EIO=3&transport=websocket
IP 172.64.148.145:443
Requested by https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate IssuerCloudflare, Inc.
Subjectworkingadvantage.com
FingerprintE1:B3:50:87:CF:77:63:80:7F:9D:81:96:18:E2:FA:4F:AC:2D:A8:B6
ValidityThu, 06 Jul 2023 00:00:00 GMT - Thu, 04 Jul 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /socket.io/?subdomain=harmac&EIO=3&transport=websocket HTTP/1.1
Host: auth.savings.workingadvantage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://auth.savings.workingadvantage.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: vaKSMyjgfPCFIoK+YfaZew==
DNT: 1
Connection: keep-alive, Upgrade
Cookie: __cf_bm=Z1lUxOL3voxfctmhCnRFNwPwCyQX8TNxj_v0dr3P6hQ-1701654704-0-AZpFiscTnPtW17V4DnPLLAIIbpsEcNfVEbciNs30klHtPOIuKM+RAGoYBf52je3t0iTJaPsmw5zarDmdKCCLnbI=; AMCV_B5F9FF2554F608410A4C98C6%40AdobeOrg=1176715910%7CMCIDTS%7C19696%7CMCMID%7C28201712594406624848983761685300558313%7CMCAID%7CNONE%7CMCOPTOUT-1701661913s%7CNONE%7CvVersion%7C5.4.0; s_ecid=MCMID%7C28201712594406624848983761685300558313; AMCVS_B5F9FF2554F608410A4C98C6%40AdobeOrg=1; _ga_FD2X5ZMELR=GS1.1.1701654710.1.1.1701654713.0.0.0; _ga=GA1.1.547215177.1701654711; cf_clearance=bj44fApg1ok1AVLflLzvnF6ZZyW4L7sAazd_nbEfI9w-1701654706-0-1-730ca2d2.73a07051.5b213570-0.2.1701654706; _gcl_au=1.1.364419749.1701654712; btIdentify=5a928e68-f221-4353-d3ef-d29c7271f26b; _bti=%7B%22app_id%22%3A%22ebg-wag3%22%2C%22bsin%22%3A%22v0NwZmC5K1%2FbrsroXNQ%2FEKO07mTuWKWwl1prJHUZ2XlRtDW7okh9waiOPLd%2FPEz39K4ag%2FydpNNYw%2FYz5DdU2w%3D%3D%22%2C%22is_identified%22%3Afalse%7D; _bts=30ac833f-1c1f-40f0-cf38-eacb4dfcacf4
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Date: Mon, 04 Dec 2023 01:51:50 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: X5tfz/mqVy6GhCOZK+8ZTMROW1s=
Access-Control-Allow-Origin: https://auth.savings.workingadvantage.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
CF-Cache-Status: DYNAMIC
Strict-Transport-Security: max-age=5184000; includeSubDomains
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 830068105e2e569f-OSL
alt-svc: h3=":443"; ma=86400
harmac.savings.beneplace.com/api/info?authInfo=true
104.18.37.20200 OK 7.7 kB URL GET HTTP/3 harmac.savings.beneplace.com/api/info?authInfo=true
IP 104.18.37.20:443
Requested by https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate IssuerCloudflare, Inc.
Subjectbeneplace.com
FingerprintFA:10:71:A9:9F:97:37:4F:1A:89:A2:E9:CC:0F:95:A6:CF:A4:A2:D1
ValidityFri, 01 Dec 2023 00:00:00 GMT - Sat, 30 Nov 2024 23:59:59 GMT
File type troff or preprocessor input, ASCII text, with very long lines (8338), with no line terminators
Hash e1eed3a6d1d7dfa52be445b06bb04469
40c7368132eed78b1ed8562da946df74e39e07a7
99dc7615e5b4b26e1d533ee4b716cc3138a33319ecb343bc93db7af67401765b
GET /api/info?authInfo=true HTTP/1.1
Host: harmac.savings.beneplace.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://auth.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 04 Dec 2023 01:51:50 GMT
content-type: application/json; charset=utf-8
x-powered-by:
access-control-allow-origin: https://auth.savings.workingadvantage.com
vary: Origin
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
etag: W/"1e3d-MNymTFke/nTiGbnKrwO+iyxzN18"
expires: Mon, 04 Dec 2023 01:51:49 GMT
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=YNFzuAZZQQiuBk.EfRaiUETMrwukzuEPVESHbwC0Hzw-1701654710-0-AfBWnjVRr+ZrkpTgI57r2DD4gPXCTN4T1gxn0jjDWb8e3Y9YRlQb10xiO5ere3Za7p+4rHbflr7gRaGagYoesKg=; path=/; expires=Mon, 04-Dec-23 02:21:50 GMT; domain=.beneplace.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 830068108c225695-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
104.18.39.111200 OK 10 kB URL User Request GET HTTP/3 auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
IP 104.18.39.111:443
Certificate IssuerCloudflare, Inc.
Subjectworkingadvantage.com
FingerprintE1:B3:50:87:CF:77:63:80:7F:9D:81:96:18:E2:FA:4F:AC:2D:A8:B6
ValidityThu, 06 Jul 2023 00:00:00 GMT - Thu, 04 Jul 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (2673)
Hash 9dc741cceb3e6196fc51aaf393ba667d
4bc2d73332ea98260ff182810915604317328de8
71acbca9b831f8a47366482c0664f975f7a4bc3d9db4fe8cda3fb5036ac2f001
GET /harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails HTTP/1.1
Host: auth.savings.workingadvantage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://harmac.savings.workingadvantage.com/
DNT: 1
Connection: keep-alive
Cookie: __cf_bm=Z1lUxOL3voxfctmhCnRFNwPwCyQX8TNxj_v0dr3P6hQ-1701654704-0-AZpFiscTnPtW17V4DnPLLAIIbpsEcNfVEbciNs30klHtPOIuKM+RAGoYBf52je3t0iTJaPsmw5zarDmdKCCLnbI=; AMCV_B5F9FF2554F608410A4C98C6%40AdobeOrg=1176715910%7CMCIDTS%7C19696%7CMCMID%7C28201712594406624848983761685300558313%7CMCAID%7CNONE%7CMCOPTOUT-1701661910s%7CNONE%7CvVersion%7C5.4.0; s_ecid=MCMID%7C28201712594406624848983761685300558313; AMCVS_B5F9FF2554F608410A4C98C6%40AdobeOrg=1; _ga_FD2X5ZMELR=GS1.1.1701654710.1.0.1701654711.0.0.0; _ga=GA1.1.547215177.1701654711; cf_clearance=bj44fApg1ok1AVLflLzvnF6ZZyW4L7sAazd_nbEfI9w-1701654706-0-1-730ca2d2.73a07051.5b213570-0.2.1701654706; _gcl_au=1.1.364419749.1701654712; btIdentify=5a928e68-f221-4353-d3ef-d29c7271f26b; _bti=%7B%22app_id%22%3A%22ebg-wag3%22%2C%22bsin%22%3A%22v0NwZmC5K1%2FbrsroXNQ%2FEKO07mTuWKWwl1prJHUZ2XlRtDW7okh9waiOPLd%2FPEz39K4ag%2FydpNNYw%2FYz5DdU2w%3D%3D%22%2C%22is_identified%22%3Afalse%7D; _bts=30ac833f-1c1f-40f0-cf38-eacb4dfcacf4
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 04 Dec 2023 01:51:47 GMT
content-type: text/html; charset=utf-8
last-modified: Wed, 29 Nov 2023 02:24:58 GMT
vary: Accept-Encoding
strict-transport-security: max-age=5184000; includeSubDomains
x-frame-options: DENY
content-security-policy: frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
server: cloudflare
cf-ray: 830068032bf1712e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
g3i.imgix.net/uploads/harmac_logo_wide_01.png?w=250&h=32&crop=entropy&fit=clip&trim=color&trim-color=FFFFFF
151.101.86.208200 OK 6.9 kB URL GET HTTP/2 g3i.imgix.net/uploads/harmac_logo_wide_01.png?w=250&h=32&crop=entropy&fit=clip&trim=color&trim-color=FFFFFF
IP 151.101.86.208:443
Requested by https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate IssuerCertainly
Subject*.imgix.net
Fingerprint78:D7:44:3E:7A:6A:98:03:E3:A6:91:C1:20:CA:43:BB:F5:93:F3:CE
ValidityFri, 01 Dec 2023 12:25:47 GMT - Sun, 31 Dec 2023 12:25:46 GMT
File type PNG image data, 116 x 32, 8-bit/color RGB, non-interlaced\012- data
Hash 3f98ed06ac07685fcfdee36cc5530df6
ea7d00fe56ec1701f9ac3b0407cae86417d8bef9
268ac18f0b7cc3b69ee345aa3d1cd0a83db1c8f511fda352a42bc35ae234103f
GET /uploads/harmac_logo_wide_01.png?w=250&h=32&crop=entropy&fit=clip&trim=color&trim-color=FFFFFF HTTP/1.1
Host: g3i.imgix.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
last-modified: Sun, 03 Dec 2023 19:58:55 GMT
cache-control: public, max-age=31536000
server: imgix
x-imgix-id: 83f40acc28ce31f519ff6419e720458ec266df09
x-imgix-render-farm: 01.140360
date: Mon, 04 Dec 2023 01:51:51 GMT
age: 21176
accept-ranges: bytes
content-type: image/png
access-control-allow-origin: *
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
x-served-by: cache-sjc1000110-SJC, cache-bma1668-BMA
x-cache: HIT, MISS
content-length: 6931
X-Firefox-Spdy: h2
g3i.imgix.net/uploads/harmac_logo_wide_01.png?w=280&h=24&crop=entropy&fit=clip&trim=color&trim-color=FFFFFF
151.101.86.208200 OK 4.3 kB URL GET HTTP/2 g3i.imgix.net/uploads/harmac_logo_wide_01.png?w=280&h=24&crop=entropy&fit=clip&trim=color&trim-color=FFFFFF
IP 151.101.86.208:443
Requested by https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate IssuerCertainly
Subject*.imgix.net
Fingerprint78:D7:44:3E:7A:6A:98:03:E3:A6:91:C1:20:CA:43:BB:F5:93:F3:CE
ValidityFri, 01 Dec 2023 12:25:47 GMT - Sun, 31 Dec 2023 12:25:46 GMT
File type PNG image data, 87 x 24, 8-bit/color RGB, non-interlaced\012- data
Hash ed706558511ccf6cf4bbe407694b25f3
df4b28af9481a6fb3839129eac06ad670bffdf28
6139f656b71cac3a7aabc7a67a29d7089d4ead526f9625ebcad8e3751da04200
GET /uploads/harmac_logo_wide_01.png?w=280&h=24&crop=entropy&fit=clip&trim=color&trim-color=FFFFFF HTTP/1.1
Host: g3i.imgix.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
last-modified: Sat, 25 Nov 2023 03:19:54 GMT
cache-control: public, max-age=31536000
server: imgix
x-imgix-id: c707906159e7c801e3858e7527f3880ce93065f1
x-imgix-render-farm: 01.140360
date: Mon, 04 Dec 2023 01:51:51 GMT
age: 772316
accept-ranges: bytes
content-type: image/png
access-control-allow-origin: *
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
x-served-by: cache-sjc10043-SJC, cache-bma1668-BMA
x-cache: HIT, MISS
content-length: 4278
X-Firefox-Spdy: h2
g3i.imgix.net/uploads/harmac_carousel_02.jpg
151.101.86.208200 OK 257 kB URL GET HTTP/2 g3i.imgix.net/uploads/harmac_carousel_02.jpg
IP 151.101.86.208:443
Requested by https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate IssuerCertainly
Subject*.imgix.net
Fingerprint78:D7:44:3E:7A:6A:98:03:E3:A6:91:C1:20:CA:43:BB:F5:93:F3:CE
ValidityFri, 01 Dec 2023 12:25:47 GMT - Sun, 31 Dec 2023 12:25:46 GMT
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1920x1400, components 3\012- data
Size 257 kB (257138 bytes)
Hash a8da0add7f28aa310e3db5dc58458f1d
6b6009543d1805e67b88c733481cd62d704cbd64
eeb5d718211d13126dbc7ce42250003cfe5c0b982bb01d9508b454b970a7de8b
GET /uploads/harmac_carousel_02.jpg HTTP/1.1
Host: g3i.imgix.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
last-modified: Sun, 26 Nov 2023 01:56:53 GMT
cache-control: public, max-age=31536000
server: imgix
x-imgix-id: d9f2c8df7565b8e2d7e434d9b63f4393ec88f294
x-imgix-render-farm: 01.139848
date: Mon, 04 Dec 2023 01:51:51 GMT
age: 690898
accept-ranges: bytes
content-type: image/jpeg
access-control-allow-origin: *
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
x-served-by: cache-sjc10040-SJC, cache-bma1668-BMA
x-cache: HIT, MISS
content-length: 257138
X-Firefox-Spdy: h2
auth.savings.workingadvantage.com/main.515236637b6c49b5.js
104.18.39.111200 OK 1.7 MB URL GET HTTP/3 auth.savings.workingadvantage.com/main.515236637b6c49b5.js
IP 104.18.39.111:443
Requested by https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate IssuerCloudflare, Inc.
Subjectworkingadvantage.com
FingerprintE1:B3:50:87:CF:77:63:80:7F:9D:81:96:18:E2:FA:4F:AC:2D:A8:B6
ValidityThu, 06 Jul 2023 00:00:00 GMT - Thu, 04 Jul 2024 23:59:59 GMT
Size 1.7 MB (1692785 bytes)
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /main.515236637b6c49b5.js HTTP/1.1
Host: auth.savings.workingadvantage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Cookie: __cf_bm=Z1lUxOL3voxfctmhCnRFNwPwCyQX8TNxj_v0dr3P6hQ-1701654704-0-AZpFiscTnPtW17V4DnPLLAIIbpsEcNfVEbciNs30klHtPOIuKM+RAGoYBf52je3t0iTJaPsmw5zarDmdKCCLnbI=; AMCV_B5F9FF2554F608410A4C98C6%40AdobeOrg=1176715910%7CMCIDTS%7C19696%7CMCMID%7C28201712594406624848983761685300558313%7CMCAID%7CNONE%7CMCOPTOUT-1701661910s%7CNONE%7CvVersion%7C5.4.0; s_ecid=MCMID%7C28201712594406624848983761685300558313; AMCVS_B5F9FF2554F608410A4C98C6%40AdobeOrg=1; _ga_FD2X5ZMELR=GS1.1.1701654710.1.0.1701654711.0.0.0; _ga=GA1.1.547215177.1701654711; cf_clearance=bj44fApg1ok1AVLflLzvnF6ZZyW4L7sAazd_nbEfI9w-1701654706-0-1-730ca2d2.73a07051.5b213570-0.2.1701654706; _gcl_au=1.1.364419749.1701654712; btIdentify=5a928e68-f221-4353-d3ef-d29c7271f26b; _bti=%7B%22app_id%22%3A%22ebg-wag3%22%2C%22bsin%22%3A%22v0NwZmC5K1%2FbrsroXNQ%2FEKO07mTuWKWwl1prJHUZ2XlRtDW7okh9waiOPLd%2FPEz39K4ag%2FydpNNYw%2FYz5DdU2w%3D%3D%22%2C%22is_identified%22%3Afalse%7D; _bts=30ac833f-1c1f-40f0-cf38-eacb4dfcacf4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 04 Dec 2023 01:51:48 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 29 Nov 2023 02:24:53 GMT
vary: Accept-Encoding
etag: W/"6566a0f5-19d471"
strict-transport-security: max-age=5184000; includeSubDomains
x-frame-options: DENY
content-security-policy: frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
server: cloudflare
cf-ray: 830068047c8c712e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
harmac.savings.beneplace.com/api/info?authInfo=true
104.18.37.20200 OK 7.7 kB URL GET HTTP/2 harmac.savings.beneplace.com/api/info?authInfo=true
IP 104.18.37.20:443
Requested by https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate IssuerCloudflare, Inc.
Subjectbeneplace.com
FingerprintFA:10:71:A9:9F:97:37:4F:1A:89:A2:E9:CC:0F:95:A6:CF:A4:A2:D1
ValidityFri, 01 Dec 2023 00:00:00 GMT - Sat, 30 Nov 2024 23:59:59 GMT
File type troff or preprocessor input, ASCII text, with very long lines (8338), with no line terminators
Hash e1eed3a6d1d7dfa52be445b06bb04469
40c7368132eed78b1ed8562da946df74e39e07a7
99dc7615e5b4b26e1d533ee4b716cc3138a33319ecb343bc93db7af67401765b
GET /api/info?authInfo=true HTTP/1.1
Host: harmac.savings.beneplace.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://auth.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 01:51:49 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding, Origin
x-powered-by:
access-control-allow-origin: https://auth.savings.workingadvantage.com
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
expires: Mon, 04 Dec 2023 01:51:48 GMT
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=Xft24Fcko5p_kwIZaXaDJFJtsT503iYXpi.yAriMAf0-1701654709-0-AVpkQ5bjO1H04BsOQtZof7jFWI2LVqh0AmKYi/dzfaKNsJ55oLu4Bn4pwo1ILo8Pz7kKwVIbQQ8i8j5saXyZBYk=; path=/; expires=Mon, 04-Dec-23 02:21:49 GMT; domain=.beneplace.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8300680a89f77127-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
auth.savings.workingadvantage.com/styles.55427553bed43367.css
104.18.39.111200 OK 40 kB URL GET HTTP/3 auth.savings.workingadvantage.com/styles.55427553bed43367.css
IP 104.18.39.111:443
Requested by https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate IssuerCloudflare, Inc.
Subjectworkingadvantage.com
FingerprintE1:B3:50:87:CF:77:63:80:7F:9D:81:96:18:E2:FA:4F:AC:2D:A8:B6
ValidityThu, 06 Jul 2023 00:00:00 GMT - Thu, 04 Jul 2024 23:59:59 GMT
File type ASCII text, with very long lines (39754)
Hash 0c6c5798b2536d4058555720691fad02
d84162926d57b64efb6e4c06a5b932041f75f570
0d090bed5512aa42771132ca52b0a7820daafbb07375d85a19efad37508f4471
GET /styles.55427553bed43367.css HTTP/1.1
Host: auth.savings.workingadvantage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Cookie: __cf_bm=Z1lUxOL3voxfctmhCnRFNwPwCyQX8TNxj_v0dr3P6hQ-1701654704-0-AZpFiscTnPtW17V4DnPLLAIIbpsEcNfVEbciNs30klHtPOIuKM+RAGoYBf52je3t0iTJaPsmw5zarDmdKCCLnbI=; AMCV_B5F9FF2554F608410A4C98C6%40AdobeOrg=1176715910%7CMCIDTS%7C19696%7CMCMID%7C28201712594406624848983761685300558313%7CMCAID%7CNONE%7CMCOPTOUT-1701661910s%7CNONE%7CvVersion%7C5.4.0; s_ecid=MCMID%7C28201712594406624848983761685300558313; AMCVS_B5F9FF2554F608410A4C98C6%40AdobeOrg=1; _ga_FD2X5ZMELR=GS1.1.1701654710.1.0.1701654711.0.0.0; _ga=GA1.1.547215177.1701654711; cf_clearance=bj44fApg1ok1AVLflLzvnF6ZZyW4L7sAazd_nbEfI9w-1701654706-0-1-730ca2d2.73a07051.5b213570-0.2.1701654706; _gcl_au=1.1.364419749.1701654712; btIdentify=5a928e68-f221-4353-d3ef-d29c7271f26b; _bti=%7B%22app_id%22%3A%22ebg-wag3%22%2C%22bsin%22%3A%22v0NwZmC5K1%2FbrsroXNQ%2FEKO07mTuWKWwl1prJHUZ2XlRtDW7okh9waiOPLd%2FPEz39K4ag%2FydpNNYw%2FYz5DdU2w%3D%3D%22%2C%22is_identified%22%3Afalse%7D; _bts=30ac833f-1c1f-40f0-cf38-eacb4dfcacf4
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 04 Dec 2023 01:51:48 GMT
content-type: text/css
last-modified: Wed, 29 Nov 2023 02:24:53 GMT
vary: Accept-Encoding
etag: W/"6566a0f5-9b4b"
strict-transport-security: max-age=5184000; includeSubDomains
x-frame-options: DENY
content-security-policy: frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
server: cloudflare
cf-ray: 83006805ed22712e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
auth.savings.workingadvantage.com/favicon.ico
104.18.39.111200 OK 10 kB URL GET HTTP/3 auth.savings.workingadvantage.com/favicon.ico
IP 104.18.39.111:443
Requested by https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate IssuerCloudflare, Inc.
Subjectworkingadvantage.com
FingerprintE1:B3:50:87:CF:77:63:80:7F:9D:81:96:18:E2:FA:4F:AC:2D:A8:B6
ValidityThu, 06 Jul 2023 00:00:00 GMT - Thu, 04 Jul 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (2673)
Hash 9dc741cceb3e6196fc51aaf393ba667d
4bc2d73332ea98260ff182810915604317328de8
71acbca9b831f8a47366482c0664f975f7a4bc3d9db4fe8cda3fb5036ac2f001
GET /favicon.ico HTTP/1.1
Host: auth.savings.workingadvantage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Cookie: __cf_bm=Z1lUxOL3voxfctmhCnRFNwPwCyQX8TNxj_v0dr3P6hQ-1701654704-0-AZpFiscTnPtW17V4DnPLLAIIbpsEcNfVEbciNs30klHtPOIuKM+RAGoYBf52je3t0iTJaPsmw5zarDmdKCCLnbI=; AMCV_B5F9FF2554F608410A4C98C6%40AdobeOrg=1176715910%7CMCIDTS%7C19696%7CMCMID%7C28201712594406624848983761685300558313%7CMCAID%7CNONE%7CMCOPTOUT-1701661913s%7CNONE%7CvVersion%7C5.4.0; s_ecid=MCMID%7C28201712594406624848983761685300558313; AMCVS_B5F9FF2554F608410A4C98C6%40AdobeOrg=1; _ga_FD2X5ZMELR=GS1.1.1701654710.1.1.1701654713.0.0.0; _ga=GA1.1.547215177.1701654711; cf_clearance=bj44fApg1ok1AVLflLzvnF6ZZyW4L7sAazd_nbEfI9w-1701654706-0-1-730ca2d2.73a07051.5b213570-0.2.1701654706; _gcl_au=1.1.364419749.1701654712; btIdentify=5a928e68-f221-4353-d3ef-d29c7271f26b; _bti=%7B%22app_id%22%3A%22ebg-wag3%22%2C%22bsin%22%3A%22v0NwZmC5K1%2FbrsroXNQ%2FEKO07mTuWKWwl1prJHUZ2XlRtDW7okh9waiOPLd%2FPEz39K4ag%2FydpNNYw%2FYz5DdU2w%3D%3D%22%2C%22is_identified%22%3Afalse%7D; _bts=30ac833f-1c1f-40f0-cf38-eacb4dfcacf4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 04 Dec 2023 01:51:49 GMT
content-type: text/html; charset=utf-8
last-modified: Wed, 29 Nov 2023 02:24:58 GMT
vary: Accept-Encoding
strict-transport-security: max-age=5184000; includeSubDomains
x-frame-options: DENY
content-security-policy: frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8300680e9fcf712e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
harmac.savings.beneplace.com/api/platform/options/onetrust
104.18.37.20200 OK 501 B URL GET HTTP/3 harmac.savings.beneplace.com/api/platform/options/onetrust
IP 104.18.37.20:443
Requested by https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate IssuerCloudflare, Inc.
Subjectbeneplace.com
FingerprintFA:10:71:A9:9F:97:37:4F:1A:89:A2:E9:CC:0F:95:A6:CF:A4:A2:D1
ValidityFri, 01 Dec 2023 00:00:00 GMT - Sat, 30 Nov 2024 23:59:59 GMT
File type ASCII text, with very long lines (593), with no line terminators
Hash 1bd871cf6bfbdcca54219eb3b5f1a023
6c8160b6c99dad28e761f01cc9267074a506054a
0f7d9620b9f4d1e7cc5395cc066a7728b4f91b1684cd2fa7b29142b08b03a06f
GET /api/platform/options/onetrust HTTP/1.1
Host: harmac.savings.beneplace.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://auth.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 04 Dec 2023 01:51:49 GMT
content-type: application/json; charset=utf-8
x-powered-by:
access-control-allow-origin: https://auth.savings.workingadvantage.com
vary: Origin
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
etag: W/"1f5-7p9slVTH/yNu6/xY0Gl0Ekd5Wds"
expires: Mon, 04 Dec 2023 01:51:48 GMT
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=1d.3LizCvkwzj7S265poGINwq1iH6r9bfQknx9jbwVw-1701654709-0-AXEKtZ3SwXQLZoQ0rIgcHaVB6H7RP73p4mAX8ap/wLqC6RM48FXHtSFHlxme36DvwTIxSTOWt6HqjLdFnTBwO4A=; path=/; expires=Mon, 04-Dec-23 02:21:49 GMT; domain=.beneplace.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 830068104c0c5695-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400