Report - marketing.beneplace.com/acton/ct/4326/s-1e88-2307/Bct/q-3eaa/e-3da9-l-338f:3415af/ct3

Report Overview

Visited public
2023-12-04 01:52:05
Tags
Submit Tags
URL
marketing.beneplace.com/acton/ct/4326/s-1e88-2307/Bct/q-3eaa/e-3da9-l-338f:3415af/ct3_0/1/lu?sid=TV2:orGKhisrb
Finishing URL
auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https:%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
IP / ASN
207.189.124.33
#13649 ASN-VINS
Title
Harmac Advantage

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
controlpanel.savings.beneplace.com	368574	2001-12-19	2019-03-14 18:11:12	2023-12-03 03:47:34	503 B	8.1 kB	104.18.37.20
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-12-03 05:48:43	2.3 kB	59 kB	142.250.74.67
harmac.savings.workingadvantage.com	unknown	1999-08-26	2022-09-15 04:00:38	2023-11-14 02:11:58	5.6 kB	1.3 MB	104.18.39.111
cdn.boomtrain.com	6549	2011-03-17	2013-11-26 17:58:09	2023-12-03 22:48:23	449 B	31 kB	143.204.55.34
maps.googleapis.com	33876	2005-01-25	2019-10-17 17:56:16	2023-12-03 05:21:26	3.0 kB	243 kB	142.250.74.74
g3i.imgix.net	287889	2011-06-23	2020-09-11 15:53:19	2023-11-26 01:27:55	1.5 kB	270 kB	151.101.86.208
smetrics.workingadvantage.com	556520	1999-08-26	2017-10-23 11:38:04	2023-11-29 01:57:37	3.2 kB	1.6 kB	63.140.62.22
people.api.boomtrain.com	7069	2011-03-17	2017-12-19 23:03:10	2023-12-03 17:03:01	687 B	455 B	54.160.104.167
auth.savings.workingadvantage.com	225276	1999-08-26	2021-12-21 07:20:15	2023-11-24 20:30:35	22 kB	2.1 MB	104.18.39.111
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17 22:46:33	2023-12-03 05:09:13	970 B	30 kB	104.17.25.14
assets.adobedtm.com	512	2013-11-22	2014-01-28 05:51:35	2023-12-03 05:19:51	5.1 kB	342 kB	2.18.172.233
www.googletagmanager.com	75	2011-11-11	2013-05-22 04:07:37	2023-12-03 06:51:04	3.8 kB	631 kB	142.250.74.168
events.api.boomtrain.com	18474	2011-03-17	2016-06-22 14:16:35	2023-12-03 18:59:46	539 B	307 B	34.194.84.173
harmac.savings.beneplace.com	unknown	2001-12-19	2022-09-15 03:53:37	2023-07-23 03:07:37	6.0 kB	319 kB	104.18.37.20
marketing.beneplace.com	500240	2001-12-19	2013-05-14 20:10:53	2023-12-03 01:00:29	576 B	496 B	207.189.124.33
cdn.jsdelivr.net	439	2012-05-16	2012-09-30 02:15:09	2023-12-03 05:09:21	1.1 kB	54 kB	151.101.193.229
live.rezync.com	2569	2017-05-22	2017-10-10 15:34:40	2023-12-02 06:32:20	560 B	7.2 kB	143.204.55.109

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2023-12-04	medium	assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/99058982850f/RC986b4d5825364bd4887033e40e20c549-source.min.js	Webshells iisstart.aspx and Logout.aspx

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (43)

	URL	From	Size	First Seen	Last Seen
	maps.googleapis.com/maps-api-v3/api/js/54/12a/util.js	ScriptElement	159 kB	2023-11-01	2024-08-20
Pretty URL maps.googleapis.com/maps-api-v3/api/js/54/12a/util.js IP 142.250.74.74 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-01 20:03 Last Seen2024-08-20 21:28 Times Seen1983 Hash dd9a0890c6719e8bbaf67f14c6032e48 645a019ec207a0c321401b6d0d05da505f9917b7 206b430ad8e96d2f58a4c4cc6d2e5b97b40a1b62d9c1a7b027409b376da8c1de Loading...

	auth.savings.workingadvantage.com/scripts.b785e07ef29de485.js	ScriptElement	170 kB	2023-12-03	2024-08-20
Pretty URL auth.savings.workingadvantage.com/scripts.b785e07ef29de485.js IP 104.18.39.111 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-03 01:07 Last Seen2024-08-20 17:00 Times Seen36 Hash 46c966376ef0860c9f256d7701100634 7cf0609623ef764b6c28e3778565084628881241 ac3e5cf9dbf7e7d8afbde8193602e353a531e05ea3ed89990432248a8c73ee18 Loading...

	unknown	Function	148 B	2023-04-11	2025-07-02
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:25 Last Seen2025-07-02 22:49 Times Seen7362 Hash ad647657a6182865673fe2300a1d13ad b1d7352ec14223bdae58961fe3ebab2ec990427b 9f500ac02daa86fc846af97dff1b0d92a41654db4a3548dd90574e5e70c28cdf Loading...

	unknown	ScriptElement	108 B	2023-03-13	2025-04-17
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 17:12 Last Seen2025-04-17 14:20 Times Seen74 Hash 06d378718f9f4be5108e8d43f4f52d1b f48e1e0bcf80ad7c02b621829e704646f83a7f3f 08f8dcd255ba7389dca20d15c5662c30736cf92de10732d5ced395382a2c289f Loading...

	assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement.min.js	ScriptElement	34 kB	2023-03-07	2025-07-02
Pretty URL assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement.min.js IP 2.18.172.233 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-07-02 07:22 Times Seen1280 Hash d860c16ac938f7d839f0ec158d02d0f0 8710f81ed151233677f7e32b229cb35293dd6840 9219086b4f2c3bf77854b2e06ccd97ad32b9b7a140e65ff8b974a3bae6c7854c Loading...

	unknown	Function	201 B	2023-04-11	2025-07-02
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:25 Last Seen2025-07-02 22:49 Times Seen24792 Hash 53d8589ebc4fadb87f1135274db4336a f988aada6bc2e8412ef084550352078c9ed5e56e bd6d634c1b6694571e474743d2d89be15c22ae039b51869d33597806e596feb0 Loading...

	unknown	ScriptElement	508 B	2023-03-13	2025-04-17
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 17:12 Last Seen2025-04-17 14:20 Times Seen74 Hash 5da95c09a7225fece7a6fc22b0e6cc33 a8db951c1c542ae3945ec7a1f585d5fc7af97cd5 d66af1e424df8c9214e31ad6eb27a401588fe39301945870d74e99e7122446e2 Loading...

	auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails	ScriptElement	349 B	2023-09-18	2025-06-29
Pretty URL auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails IP 104.18.39.111 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-09-18 16:29 Last Seen2025-06-29 12:43 Times Seen100 Hash bfd4641cf237f14a85e544d630dc3c09 83c93c4e815ec1f066318e205a326c53b458aace b24c3a538a3af01fa2099c77b91b406dcc125332d015ceea8ceaa070c84998da Loading...

	assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/launch-a0e5cece2585.min.js	ScriptElement	636 kB	2023-11-19	2023-12-05
Pretty URL assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/launch-a0e5cece2585.min.js IP 2.18.172.233 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-19 01:40 Last Seen2023-12-05 15:19 Times Seen33 Hash 9f22d37eff0340108e8e839a349263cc 0cabbc873195e92a33ed4694d49048ef05f52eee 47212462490d0b8fbf15a409fd8a79bd1a1f37c93790055517c1dc629bc9082f Loading...

	unknown	ScriptElement	108 B	2023-03-13	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 17:12 Last Seen2024-08-21 09:32 Times Seen78 Hash d8504261314aff3680de53a08a00a979 8fc77534ff9d316538b881a34acc05e7e6478348 792cc97fffdd6fb26a202096b1bec0f97c24c97202a2ba8e242d7a640eacda2c Loading...

	www.googletagmanager.com/gtag/js?id=G-2K753Z6D0L&l=dataLayer&cx=c	ScriptElement	256 kB	2023-12-04	2023-12-04
Pretty URL www.googletagmanager.com/gtag/js?id=G-2K753Z6D0L&l=dataLayer&cx=c IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-04 02:52 Last Seen2023-12-04 02:52 Times Seen1 Hash 2f4963b7551ec48e6e7b07fdc116b893 f39258e1e1560a56168b8310519d0e7cf5927af9 9cebb4ed076e17efe1353bb73eddaddea6cf41f6982da0c547ca6d58880946f8 Loading...

	auth.savings.workingadvantage.com/runtime.13338c5d9c83d0b6.js	ScriptElement	1.2 kB	2023-12-03	2024-08-20
Pretty URL auth.savings.workingadvantage.com/runtime.13338c5d9c83d0b6.js IP 104.18.39.111 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-03 03:47 Last Seen2024-08-20 16:59 Times Seen40 Hash dad34a2960bdd73c642af9fca8619602 33345e755556c32df38919f8f4db2785e08f2eae 779700103eaa215226d17491070dd24cc4e6ae6533a0f3a4071140805119b45f Loading...

	auth.savings.workingadvantage.com/main.515236637b6c49b5.js	ScriptElement	1.7 MB	2023-12-03	2024-08-20
Pretty URL auth.savings.workingadvantage.com/main.515236637b6c49b5.js IP 104.18.39.111 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-03 03:47 Last Seen2024-08-20 16:59 Times Seen5 Hash d9b8cbec8d9aeba1e01a7ce0b85a0937 50044624485ecc36fc58ad477383387be0708abc 91c427b2b39c5468937c35aaad5f7128e373277c63e42e48890248bd2710451d Loading...

	maps.googleapis.com/maps-api-v3/api/js/54/12a/common.js	ScriptElement	260 kB	2023-11-01	2024-08-20
Pretty URL maps.googleapis.com/maps-api-v3/api/js/54/12a/common.js IP 142.250.74.74 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-01 20:03 Last Seen2024-08-20 21:28 Times Seen1986 Hash 62dd4694504b9493499887d729e7d456 31e1581fda82bcbe5971f202b686a7f2d16d3394 0b6fb8c2b9ee6b41540fd549a726e431eb8667074da38d94af8a647ae05e9da7 Loading...

	www.google-analytics.com/analytics.js	ScriptElement	4.7 kB	2023-04-11	2025-07-02
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-07-02 23:22 Times Seen384665 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

	www.googletagmanager.com/gtag/js?id=G-FD2X5ZMELR&l=dataLayer&cx=c	ScriptElement	280 kB	2023-12-04	2023-12-04
Pretty URL www.googletagmanager.com/gtag/js?id=G-FD2X5ZMELR&l=dataLayer&cx=c IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-04 02:52 Last Seen2023-12-04 02:52 Times Seen1 Hash e878954f18b06da5b5228e3f6c3c7031 eabb8c91551cfb2d1c777ea6e3a7fb5de2aa5698 7f0b230152439a35fb5b2d36327a37f10a9957e4ac6f5f79c8276bae0d90ac11 Loading...

	assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/99058982850f/RCfc27f81c245c44b78fbb03ff4af1a6be-source.min.js	ScriptElement	343 B	2023-11-19	2023-12-05
Pretty URL assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/99058982850f/RCfc27f81c245c44b78fbb03ff4af1a6be-source.min.js IP 2.18.172.233 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-19 01:40 Last Seen2023-12-05 15:19 Times Seen33 Hash 9de49b0d72b52bcff35a575dcbf3a505 67b61404e3f0bf10d1aa5a8895b5f0840a2b8f4d c8ab5af61a41599d2375ab31a82cc778a38e29b25049ac57f1e6fcd60c004afe Loading...

	auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails	ScriptElement	65 B	2023-03-13	2025-07-02
Pretty URL auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails IP 104.18.39.111 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-13 17:12 Last Seen2025-07-02 04:41 Times Seen102 Hash 5794b9877fc16957690d9e006e9e8baa f17cf13c5a87a4044861d4f48b44562629614eb8 ef40261a59ef81b9069e6b65aae5ebf4e9979e34353a15ecd6da30a0f917fa77 Loading...

	unknown	EventHandler	16 B	2023-04-10	2025-07-02
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2023-04-10 15:57 Last Seen2025-07-02 23:21 Times Seen68336 Hash 7c3c3ddeb80438dcbb3d081d2d00e152 5a4016732ee72ec77b4f6ab17047bcea6d2ea34d 321b4f657afbf8ba49518e6ab4cbad07ea967d0b4c68f71c7deed05ed09c1187 Loading...

	auth.savings.workingadvantage.com/polyfills.9bd4a18a68d081a1.js	ScriptElement	124 kB	2023-12-03	2024-08-20
Pretty URL auth.savings.workingadvantage.com/polyfills.9bd4a18a68d081a1.js IP 104.18.39.111 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-03 03:47 Last Seen2024-08-20 16:59 Times Seen24 Hash 0cd11218e1d6b6ab172b905bb2eb2693 9bc810ec1a37bdd5f7f6fe480529cbac372f84e5 040e0f83384cfe2b858b56ce6e588c85aa1f9840901d5edcb8266f65b00a68a5 Loading...

	unknown	Function	195 B	2023-04-12	2025-07-02
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-12 14:56 Last Seen2025-07-02 17:11 Times Seen1641 Hash 576a61e7e95f3fa39f316630cbc5c039 0c1d16e378c8cd9f13e724c9ce675b67d6926859 0c93256523c99dc09c2a8f6206cd600dc0a7715996a6d545794dcc0ed097f105 Loading...

	auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails	ScriptElement	932 B	2023-09-18	2025-06-29
Pretty URL auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails IP 104.18.39.111 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-09-18 16:29 Last Seen2025-06-29 12:43 Times Seen95 Hash 98df3f5778dcb30093a6452f8a1b8ee1 1f33d383afd064ddaa401c0724b2d7a64673ea0e e66e996b32f5bfec8095bc23677892b561f248e0e73428a6222d91dc501b238b Loading...

	unknown	ScriptElement	113 B	2023-03-13	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 17:12 Last Seen2024-08-21 09:32 Times Seen71 Hash 37d56fb9a6cd073433642241ff5aebc7 2eebec40b8e95cb9ad0d121dbc33ca6076f93de1 e98dc58c85660430fbf05198ba1aa66a08473eb678a7b82f42c826f932d95bf8 Loading...

	auth.savings.workingadvantage.com/harmac/sandbox%20eval%20code		147 B	2023-04-11	2025-07-02
Pretty URL auth.savings.workingadvantage.com/harmac/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-07-02 23:22 Times Seen385186 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

	unknown	Function	781 B	2023-04-11	2025-07-02
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:25 Last Seen2025-07-02 04:41 Times Seen452 Hash 6f3f68edbb63ab6f5ea0e26ae6b45ef7 eeaf7e6577aadb00bd1a5be9d2cdb22dfb665dbf 3d202d602a24af3f00f543059305fb1358312c5daed0de048054a717f7cdd35b Loading...

	unknown	Function	286 B	2023-04-11	2025-07-02
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:25 Last Seen2025-07-02 22:49 Times Seen26677 Hash e480511aa0877b44c194ae8d956bbeac 89fab2c13ec27233e4f3a25aae1871ddc29eb436 1008c0d1f25bc12ab18ef2a551d221fdf29ba3719b4285406eb67f048409d374 Loading...

	assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/99058982850f/RC986b4d5825364bd4887033e40e20c549-source.min.js	ScriptElement	757 B	2023-11-19	2023-12-05
Pretty URL assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/99058982850f/RC986b4d5825364bd4887033e40e20c549-source.min.js IP 2.18.172.233 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-19 01:40 Last Seen2023-12-05 15:19 Times Seen33 Hash 312cb3e912e23ae79d6f14e1f73679ac a3303715a66d325886a96badf99dc1111dbffa2c d56b6db4e16388149899dcea8f2bcbf6856bb84e7b9b866ddf3c388e5d12e8d6 Loading...

	unknown	ScriptElement	1.4 kB	2023-03-13	2025-06-29
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 17:12 Last Seen2025-06-29 12:43 Times Seen83 Hash c7e7d198ba8a029e0310b70b4747744f 82e79289263643fc336d045daa6d4dbb88e624d7 e0ab1ab4fe3f9b6f0b19794962343d741395ebae2373edd4371aee7d28366196 Loading...

	www.googletagmanager.com/gtag/js?id=UA-2876877-9	ScriptElement	191 kB	2023-12-04	2023-12-04
Pretty URL www.googletagmanager.com/gtag/js?id=UA-2876877-9 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-04 02:52 Last Seen2023-12-04 02:52 Times Seen1 Hash 3e13c673800e7a668b32825008da1d9b b292e163ae859aaa02bda77370ceb523d9b450d2 430a897234d700684037c835687d0cda572c1ca068f589a53a2a25ff5e3cde9b Loading...

	auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js	ScriptElement	52 kB	2023-09-19	2025-06-29
Pretty URL auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js IP 104.18.39.111 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-19 16:25 Last Seen2025-06-29 12:43 Times Seen198 Hash 0cd967d483680340e1c5d0f1c3b34662 4f6121c35c81f16302bdb45a3a00ee708896a72c bc49c009b33e66a59f057cf4ada682b80d4401d919ddf0f8d3ef2bb0415f0b23 Loading...

	auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails	ScriptElement	24 B	2023-03-07	2025-07-02
Pretty URL auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails IP 104.18.39.111 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:24 Last Seen2025-07-02 23:19 Times Seen2435 Hash c4cc200d428ad0bc226a605f08309d6b 8ee05844bea8306da820f834d06e069371bfb3cf a695b556ffaa49572cfbfa488f5657bcc8822e8c87c82751aad0cc78af5f43dc Loading...

	www.googletagmanager.com/gtm.js?id=GTM-5QN8HWM	ScriptElement	237 kB	2023-12-04	2023-12-04
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-5QN8HWM IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-04 02:52 Last Seen2023-12-04 02:52 Times Seen1 Hash 00a0df9705b9588630646af42424dddb 584d32616032fc28d0c2609ebf797646000dd891 80a0dbb8b039329b7ad83249610d552dd66b7bbef2b1f3e463cef2c6beabbc1a Loading...

	unknown	ScriptElement	323 B	2023-09-18	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-18 16:29 Last Seen2024-08-21 06:26 Times Seen67 Hash 7c703c9bca0e0403159ff66c587427c9 8695cde60a89854fbf93c32f8b28f3bf01f0cd05 203086b57db6bfc4445097904cf0f679afea982ddad7e45b599747f02806fc3f Loading...

	unknown	Function	152 B	2023-04-11	2025-07-02
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:25 Last Seen2025-07-02 23:19 Times Seen32384 Hash 26bc31e12628b8388c3be44bb175d592 9464185aa11d68ea75e8d6495ff7b02ec3b4f1ad b4829119269f7853888d67440f0424d68bd7a7f3d6a85b408bc5260b7953fe09 Loading...

	maps.googleapis.com/maps/api/js?client=gme-entertainmentbenefits&libraries=places	ScriptElement	196 kB	2023-12-04	2023-12-04
Pretty URL maps.googleapis.com/maps/api/js?client=gme-entertainmentbenefits&libraries=places IP 142.250.74.74 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-04 02:52 Last Seen2023-12-04 04:35 Times Seen4 Hash 59b64ce85b33a556c7372400096319f0 2150f1e1e4132e89bb0859d74e8c6468e981bef4 6bc8edf20fa26484c5a1e9a7e825ca66b5aa394a827f204dd9b6860e7d3ed264 Loading...

	cdnjs.cloudflare.com/ajax/libs/web-animations/2.3.1/web-animations.min.js	ScriptElement	48 kB	2023-03-09	2025-06-29
Pretty URL cdnjs.cloudflare.com/ajax/libs/web-animations/2.3.1/web-animations.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 18:01 Last Seen2025-06-29 12:43 Times Seen230 Hash f689a668b5c6078984b93b9f59793c90 83042534752a6d9b0a4a086517e19230416feba4 cbb3c795fd44c83a1200149b18e0df050fe228df4b5b03891373029117d8bd6b Loading...

	assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement_Module_ActivityMap.min.js	ScriptElement	3.3 kB	2023-03-07	2025-07-02
Pretty URL assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement_Module_ActivityMap.min.js IP 2.18.172.233 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-07-02 07:22 Times Seen974 Hash 2d1382c349d480b6b41574ac0c1af066 53ddf017aa6b66b4d54ea0818dc5c04789b9e5ae 462a66acbf50e933685e7587e9f1441df8225b2bb4d6b7bc5e757eccf4ff6575 Loading...

	www.googletagmanager.com/gtm.js?id=GTM-5QN8HWM	ScriptElement	237 kB	2023-12-04	2023-12-04
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-5QN8HWM IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-04 02:52 Last Seen2023-12-04 02:52 Times Seen1 Hash 6d977e6ebfae308c3a521fd20698beb7 87f10b6eaddcddfae5d47e96724830568d7143de ac1259bf2a748942b749a5a75ed2907232297c9b566a21f535124c298d5c4ef0 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 1a2aa1a6ce5068681ea03b256dc4210b	155 B	2023-06-29 15:47	2025-06-29 12:43
Pretty Observations First Seen2023-06-29 15:47 Last Seen2025-06-29 12:43 Times Seen216 Hash 1a2aa1a6ce5068681ea03b256dc4210b 0b3acb47956caeb4b2a11832b7a437604148aab9 956acbc83d8e7697e7fec665f50a35a27146c348e79a2dd765d58ed82ebaccc4 Loading...

	#2 Eval - 7adf665804720ec326158577a3860138	81 B	2023-06-29 15:47	2025-06-29 12:43
Pretty Observations First Seen2023-06-29 15:47 Last Seen2025-06-29 12:43 Times Seen216 Hash 7adf665804720ec326158577a3860138 ad57a3be095407c2c204c1657b0fb02d586e8876 eae7d96ec37a43a8bd194507a5d43e3dcbe614545e64ad4046a9f4a6549170d0 Loading...

	#3 Eval - bebbe774d038ac06c1fe1196b5da7e97	95 B	2023-06-29 15:47	2025-06-29 12:43
Pretty Observations First Seen2023-06-29 15:47 Last Seen2025-06-29 12:43 Times Seen215 Hash bebbe774d038ac06c1fe1196b5da7e97 f0cc3b3895a8b5105bfac31a3bea408538704ffc 6acd8e7ee5a1c5ed053d31c67c030793b89dc506d2eaeff0ac7d420434715993 Loading...

	#4 Eval - b35eed5beba29cad886489ef5fc90bd1	126 B	2023-06-29 15:47	2025-06-29 12:43
Pretty Observations First Seen2023-06-29 15:47 Last Seen2025-06-29 12:43 Times Seen216 Hash b35eed5beba29cad886489ef5fc90bd1 afe98ace5c795fd87bfd83272b821381d7329174 a70b1022d6004cf796149dc1c761eeaa7a93f3722a00bf964564d553f97d20ef Loading...

		Size	First Seen	Last Seen
	#1 Write - e9627b2e708c988d05d68e6938c6f9c0	316 B	2023-03-13 17:12	2025-07-01 17:59
Pretty Observations First Seen2023-03-13 17:12 Last Seen2025-07-01 17:59 Times Seen204 Hash e9627b2e708c988d05d68e6938c6f9c0 1fb1b735d7010d24a6105758447f9df86bb00d6f 40eececc7e4ab6fc3344caf3f737ec4742bbb46441e33f1e766be732ee2f1f96 Loading...

HTTP Transactions (72)

URL IP Response Size

marketing.beneplace.com/acton/ct/4326/s-1e88-2307/Bct/q-3eaa/e-3da9-l-338f:3415af/ct3_0/1/lu?sid=TV2:orGKhisrb

207.189.124.33

0 B

URL
marketing.beneplace.com/acton/ct/4326/s-1e88-2307/Bct/q-3eaa/e-3da9-l-338f:3415af/ct3_0/1/lu?sid=TV2:orGKhisrb
IP
207.189.124.33:0
ASN
#13649 ASN-VINS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /acton/ct/4326/s-1e88-2307/Bct/q-3eaa/e-3da9-l-338f:3415af/ct3_0/1/lu?sid=TV2:orGKhisrb HTTP/1.1
Host: marketing.beneplace.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 
Set-Cookie: wp4326="XWVZDL-WKHC-s-WWBM:WXUYHMDtlnDl-ULBB-VWTADDDUCWCJKADgNssDDLFl-ULBB-VWTAFJmW_T^UATUZYXATWD"; Max-Age=31536000; SameSite=None; Secure; Domain=.beneplace.com; Version=1; Path=/
P3P: CP="ALL CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://harmac.savings.workingadvantage.com/my-profile/details
Content-Length: 0
Date: Mon, 04 Dec 2023 01:51:43 GMT
Keep-Alive: timeout=10
Connection: keep-alive
Strict-Transport-Security: max-age=16070400

GET cdnjs.cloudflare.com/ajax/libs/web-animations/2.3.1/web-animations.min.js

104.17.25.14

200 OK

14 kB

URL GET HTTP/3
cdnjs.cloudflare.com/ajax/libs/web-animations/2.3.1/web-animations.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (47169)
Size
14 kB (13763 bytes)
Hash
f689a668b5c6078984b93b9f59793c90
83042534752a6d9b0a4a086517e19230416feba4
cbb3c795fd44c83a1200149b18e0df050fe228df4b5b03891373029117d8bd6b

HTTP Headers

GET /ajax/libs/web-animations/2.3.1/web-animations.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://harmac.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 04 Dec 2023 01:51:44 GMT
content-type: application/javascript; charset=utf-8
content-length: 13763
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb0402f-bad6"
last-modified: Mon, 04 May 2020 16:17:51 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 681559
expires: Sat, 23 Nov 2024 01:51:44 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GJYhD17YD7kl1CvcTeXBMf9Uy7%2B5bajpiROIZppZ4FD6TyR5h8xmljOb4F4KXTH%2B%2FstTBIv179wFPc%2BHuedok8Fg4WCW8RK6jzPuDBCV77w8LuhUnSfBnEEYkol2JRklD9vcxFPI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 830067ef4cdeb50f-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/launch-a0e5cece2585.min.js

2.18.172.233

200 OK

154 kB

URL GET HTTP/2
assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/launch-a0e5cece2585.min.js
IP
2.18.172.233:443
ASN
#16625 AKAMAI-AS

Requested by
https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerDigiCert Inc
Subjectassets.adobedtm.com
Fingerprint8E:2F:9F:94:55:93:C2:B5:58:37:E8:D3:02:3C:23:AF:BA:E7:1D:EA
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sat, 10 Aug 2024 23:59:59 GMT

File type
ASCII text, with very long lines (32742)
Size
154 kB (154411 bytes)
Hash
9f22d37eff0340108e8e839a349263cc
0cabbc873195e92a33ed4694d49048ef05f52eee
47212462490d0b8fbf15a409fd8a79bd1a1f37c93790055517c1dc629bc9082f

HTTP Headers

GET /a281455e4dfe/86f9b29df5eb/launch-a0e5cece2585.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://harmac.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "9f22d37eff0340108e8e839a349263cc:1700230291.849047"
last-modified: Fri, 17 Nov 2023 14:11:31 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=3600
expires: Mon, 04 Dec 2023 02:51:44 GMT
date: Mon, 04 Dec 2023 01:51:44 GMT
content-length: 154411
access-control-allow-origin: https://harmac.savings.workingadvantage.com
timing-allow-origin: *
X-Firefox-Spdy: h2

GET cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/css/bootstrap.min.css

151.101.193.229

200 OK

26 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/css/bootstrap.min.css
IP
151.101.193.229:443
ASN
#54113 FASTLY

Requested by
https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
ASCII text, with very long lines (65326)
Size
26 kB (26099 bytes)
Hash
023b3876bb73aa541367fc40a193d2b7
8ed2d6350d23f857d92805737d0f97c675de666b
f77c0d1739b618edc4a01ca3f6b2990b01a3009030af49ee8cf68e83052df194

HTTP Headers

GET /npm/bootstrap@4.5.3/dist/css/bootstrap.min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://harmac.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://harmac.savings.workingadvantage.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 4.5.3
x-jsd-version-type: version
etag: W/"27288-jtLWNQ0j+FfZKAVzfQ+XxnXeZms"
content-encoding: br
accept-ranges: bytes
date: Mon, 04 Dec 2023 01:51:44 GMT
age: 21968415
x-served-by: cache-fra-eddf8230071-FRA, cache-bma1646-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 26099
X-Firefox-Spdy: h2

GET maps.googleapis.com/maps/api/js?client=gme-entertainmentbenefits&libraries=places

142.250.74.74

200 OK

66 kB

URL GET HTTP/3
maps.googleapis.com/maps/api/js?client=gme-entertainmentbenefits&libraries=places
IP
142.250.74.74:443
ASN
#15169 GOOGLE

Requested by
https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
ASCII text, with very long lines (2928)
Size
66 kB (65931 bytes)
Hash
59b64ce85b33a556c7372400096319f0
2150f1e1e4132e89bb0859d74e8c6468e981bef4
6bc8edf20fa26484c5a1e9a7e825ca66b5aa394a827f204dd9b6860e7d3ed264

HTTP Headers

GET /maps/api/js?client=gme-entertainmentbenefits&libraries=places HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://harmac.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
cross-origin-resource-policy: cross-origin
cache-control: public, max-age=1800
timing-allow-origin: *
vary: Accept-Language, Origin, X-Origin, Referer
content-type: text/javascript; charset=UTF-8
content-encoding: gzip
date: Mon, 04 Dec 2023 01:51:44 GMT
server: scaffolding on HTTPServer2
content-length: 65931
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement.min.js

2.18.172.233

200 OK

12 kB

URL GET HTTP/2
assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement.min.js
IP
2.18.172.233:443
ASN
#16625 AKAMAI-AS

Requested by
https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerDigiCert Inc
Subjectassets.adobedtm.com
Fingerprint8E:2F:9F:94:55:93:C2:B5:58:37:E8:D3:02:3C:23:AF:BA:E7:1D:EA
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sat, 10 Aug 2024 23:59:59 GMT

File type
ASCII text, with very long lines (32768)
Size
12 kB (12163 bytes)
Hash
d860c16ac938f7d839f0ec158d02d0f0
8710f81ed151233677f7e32b229cb35293dd6840
9219086b4f2c3bf77854b2e06ccd97ad32b9b7a140e65ff8b974a3bae6c7854c

HTTP Headers

GET /extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://harmac.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "d860c16ac938f7d839f0ec158d02d0f0:1644856531.418573"
last-modified: Mon, 14 Feb 2022 16:35:31 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 12163
x-akamai-ew-subworker: 8096267
expires: Mon, 04 Dec 2023 02:51:44 GMT
date: Mon, 04 Dec 2023 01:51:44 GMT
cache-control: no-cache
access-control-allow-origin: https://harmac.savings.workingadvantage.com
timing-allow-origin: *
X-Firefox-Spdy: h2

GET assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement_Module_ActivityMap.min.js

2.18.172.233

200 OK

1.6 kB

URL GET HTTP/2
assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement_Module_ActivityMap.min.js
IP
2.18.172.233:443
ASN
#16625 AKAMAI-AS

Requested by
https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerDigiCert Inc
Subjectassets.adobedtm.com
Fingerprint8E:2F:9F:94:55:93:C2:B5:58:37:E8:D3:02:3C:23:AF:BA:E7:1D:EA
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sat, 10 Aug 2024 23:59:59 GMT

File type
ASCII text, with very long lines (3155)
Size
1.6 kB (1597 bytes)
Hash
2d1382c349d480b6b41574ac0c1af066
53ddf017aa6b66b4d54ea0818dc5c04789b9e5ae
462a66acbf50e933685e7587e9f1441df8225b2bb4d6b7bc5e757eccf4ff6575

HTTP Headers

GET /extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement_Module_ActivityMap.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://harmac.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "2d1382c349d480b6b41574ac0c1af066:1644856531.739514"
last-modified: Mon, 14 Feb 2022 16:35:31 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
x-akamai-ew-subworker: 8096267
content-length: 1597
expires: Mon, 04 Dec 2023 02:51:44 GMT
date: Mon, 04 Dec 2023 01:51:44 GMT
cache-control: no-cache
access-control-allow-origin: https://harmac.savings.workingadvantage.com
timing-allow-origin: *
X-Firefox-Spdy: h2

GET www.googletagmanager.com/gtm.js?id=GTM-5QN8HWM

142.250.74.168

200 OK

79 kB

URL GET HTTP/3
www.googletagmanager.com/gtm.js?id=GTM-5QN8HWM
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT

File type
ASCII text, with very long lines (19808)
Size
79 kB (79019 bytes)
Hash
6d977e6ebfae308c3a521fd20698beb7
87f10b6eaddcddfae5d47e96724830568d7143de
ac1259bf2a748942b749a5a75ed2907232297c9b566a21f535124c298d5c4ef0

HTTP Headers

GET /gtm.js?id=GTM-5QN8HWM HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://harmac.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 04 Dec 2023 01:51:44 GMT
expires: Mon, 04 Dec 2023 01:51:44 GMT
cache-control: private, max-age=900
last-modified: Mon, 04 Dec 2023 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 79019
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

smetrics.workingadvantage.com/id?d_visid_ver=5.4.0&d_fieldgroup=A&mcorgid=B5F9FF2554F608410A4C98C6%40AdobeOrg&mid=28201712594406624848983761685300558313&cl=157680000&d_coppa=true&ts=1701654710284

63.140.62.22

48 B

URL
smetrics.workingadvantage.com/id?d_visid_ver=5.4.0&d_fieldgroup=A&mcorgid=B5F9FF2554F608410A4C98C6%40AdobeOrg&mid=28201712594406624848983761685300558313&cl=157680000&d_coppa=true&ts=1701654710284
IP
63.140.62.22:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with no line terminators
Size
48 B (48 bytes)
Hash
775a3f425d1be33011a3fc6111c81966
fb8723a8e841e3865245892dd34a6a197bd9d9c8
e9feb3d4d92b27458644efb8e471429fea484f5251057894499bf07ff432af98

HTTP Headers

GET /id?d_visid_ver=5.4.0&d_fieldgroup=A&mcorgid=B5F9FF2554F608410A4C98C6%40AdobeOrg&mid=28201712594406624848983761685300558313&cl=157680000&d_coppa=true&ts=1701654710284 HTTP/1.1
Host: smetrics.workingadvantage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://harmac.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://harmac.savings.workingadvantage.com/
Cookie: __cf_bm=Z1lUxOL3voxfctmhCnRFNwPwCyQX8TNxj_v0dr3P6hQ-1701654704-0-AZpFiscTnPtW17V4DnPLLAIIbpsEcNfVEbciNs30klHtPOIuKM+RAGoYBf52je3t0iTJaPsmw5zarDmdKCCLnbI=; AMCV_B5F9FF2554F608410A4C98C6%40AdobeOrg=1176715910%7CMCIDTS%7C19696%7CMCMID%7C28201712594406624848983761685300558313%7CvVersion%7C5.4.0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: https://harmac.savings.workingadvantage.com
access-control-allow-credentials: true
date: Mon, 04 Dec 2023 01:51:44 GMT
p3p: CP="This is not a P3P policy"
server: jag
set-cookie: s_ecid=MCMID%7C28201712594406624848983761685300558313; Path=/; Domain=workingadvantage.com; Max-Age=157680000; Expires=Sat, 02 Dec 2028 01:51:51 GMT; SameSite=Lax;
vary: Origin
content-type: application/x-javascript;charset=utf-8
content-length: 48
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2

GET maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true

142.250.74.74

200 OK

23 B

URL GET HTTP/3
maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true
IP
142.250.74.74:443
ASN
#15169 GOOGLE

Requested by
https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
JSON data\012- , ASCII text
Size
23 B (23 bytes)
Hash
8a80554c91d9fca8acb82f023de02f11
5f36b2ea290645ee34d943220a14b54ee5ea5be5
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

HTTP Headers

GET /maps/api/mapsjs/gen_204?csp_test=true HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://harmac.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://harmac.savings.workingadvantage.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/json; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Mon, 04 Dec 2023 01:51:45 GMT
server: scaffolding on HTTPServer2
cache-control: private
content-length: 23
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://harmac.savings.workingadvantage.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXiWtFCc.woff2

142.250.74.67

200 OK

14 kB

URL GET HTTP/2
fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXiWtFCc.woff2
IP
142.250.74.67:443
ASN
#15169 GOOGLE

Requested by
https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 13980, version 1.0\012- data
Size
14 kB (13980 bytes)
Hash
b7d6b48d8d12946dc808ff39aed6c460
3f18028a04b3fb39bb1cc33dce401d04e9207970
d4ae5188a65370ecfe28f42293bbee8297cfd5712c6aadfdb270d48f2bcd88b0

HTTP Headers

GET /s/lato/v24/S6uyw4BMUTPHjx4wXiWtFCc.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://harmac.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://harmac.savings.workingadvantage.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 13980
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 01:27:40 GMT
expires: Fri, 29 Nov 2024 01:27:40 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 02 May 2023 15:17:19 GMT
content-type: font/woff2
age: 347045
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

harmac.savings.workingadvantage.com/styles.470895e6035d0005.css

104.18.39.111

110 kB

URL
harmac.savings.workingadvantage.com/styles.470895e6035d0005.css
IP
104.18.39.111:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65536), with no line terminators
Size
110 kB (110085 bytes)
Hash
e5139ecca342c6c60da1c222d8b1c415
3327b2ed795950f5459d82952d7e9c73d59e6a95
7678fff11f92c598d89035e7f1e5ae839902925df05059daa23901b914765975

HTTP Headers

GET /styles.470895e6035d0005.css HTTP/1.1
Host: harmac.savings.workingadvantage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://harmac.savings.workingadvantage.com/my-profile/details
Cookie: __cf_bm=Z1lUxOL3voxfctmhCnRFNwPwCyQX8TNxj_v0dr3P6hQ-1701654704-0-AZpFiscTnPtW17V4DnPLLAIIbpsEcNfVEbciNs30klHtPOIuKM+RAGoYBf52je3t0iTJaPsmw5zarDmdKCCLnbI=; AMCV_B5F9FF2554F608410A4C98C6%40AdobeOrg=1176715910%7CMCIDTS%7C19696%7CMCMID%7C28201712594406624848983761685300558313%7CvVersion%7C5.4.0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 04 Dec 2023 01:51:45 GMT
content-type: text/css
last-modified: Wed, 29 Nov 2023 02:18:46 GMT
vary: Accept-Encoding
etag: W/"65669f86-187ec"
strict-transport-security: max-age=5184000; includeSubDomains
x-frame-options: DENY
content-security-policy: frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
server: cloudflare
cf-ray: 830067f1dd59712e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

harmac.savings.workingadvantage.com/main.5139e63dcaa68cb8.js

104.18.39.111

1.1 MB

URL
harmac.savings.workingadvantage.com/main.5139e63dcaa68cb8.js
IP
104.18.39.111:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (65524), with no line terminators
Size
1.1 MB (1092882 bytes)
Hash
95bfd7911ea2afc23eda60fb065f7fa8
6b39d5dbb053484b6ffa3d36932fcd61744f8c75
e57f1978d4478f1baf0978eb135cbf7da6bc2fb5cef9e0c3b6ef7df8d25f2a26

HTTP Headers

GET /main.5139e63dcaa68cb8.js HTTP/1.1
Host: harmac.savings.workingadvantage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://harmac.savings.workingadvantage.com/my-profile/details
Cookie: __cf_bm=Z1lUxOL3voxfctmhCnRFNwPwCyQX8TNxj_v0dr3P6hQ-1701654704-0-AZpFiscTnPtW17V4DnPLLAIIbpsEcNfVEbciNs30klHtPOIuKM+RAGoYBf52je3t0iTJaPsmw5zarDmdKCCLnbI=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 04 Dec 2023 01:51:44 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 29 Nov 2023 02:18:46 GMT
vary: Accept-Encoding
etag: W/"65669f86-5058de"
strict-transport-security: max-age=5184000; includeSubDomains
x-frame-options: DENY
content-security-policy: frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
server: cloudflare
cf-ray: 830067ef2b98712e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

live.rezync.com/sync?c=16b6410431b6374e780104abb0443ca8&p=5ef4f9c1e806678f2ab0275df01d5ff4&zmpID=ebg-wag3&cache_buster=1701654711240&k=ebg-wag3-pixel-0988

143.204.55.109

6.4 kB

URL
live.rezync.com/sync?c=16b6410431b6374e780104abb0443ca8&p=5ef4f9c1e806678f2ab0275df01d5ff4&zmpID=ebg-wag3&cache_buster=1701654711240&k=ebg-wag3-pixel-0988
IP
143.204.55.109:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document, ASCII text, with very long lines (2300)
Size
6.4 kB (6373 bytes)
Hash
3e54103a9196fcc32e119f5c143f9fac
382fe8709c9d16b7d8d0655c6bbec59b9e3a8ef8
eb74404037dc26b435cf3604fcdd1a503baf39663d9cf53eb13bedfea68f169b

HTTP Headers

GET /sync?c=16b6410431b6374e780104abb0443ca8&p=5ef4f9c1e806678f2ab0275df01d5ff4&zmpID=ebg-wag3&cache_buster=1701654711240&k=ebg-wag3-pixel-0988 HTTP/1.1
Host: live.rezync.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://harmac.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/javascript
content-length: 6373
date: Mon, 04 Dec 2023 01:51:45 GMT
set-cookie: zync-uuid=3e2d0cc7-963d-4d35-904e-d72326b695e8:1701654705.9032197; Domain=rezync.com; Expires=Sat, 01 Jun 2024 01:51:45 GMT; Path=/; SameSite=None; Secure
sd-session-id=eyJfcGVybWFuZW50Ijp0cnVlLCJzZXNzaW9uX2lkIjoiM2UyZDBjYzctOTYzZC00ZDM1LTkwNGUtZDcyMzI2YjY5NWU4OjE3MDE2NTQ3MDUuOTAzMjE5NyJ9.ZW0wsQ.T6CQjISnbTzc4-1v-HhO9hXIiMQ; Expires=Sat, 01 Jun 2024 01:51:45 GMT; HttpOnly; Path=/; SameSite=None; Secure
vary: Cookie
accept-ranges: bytes
server: lighttpd/1.4.69
x-cache: Miss from cloudfront
via: 1.1 c9f2a4d2bcd548d1a3cbe1617a22f216.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: WgLeDimhvt-f_KuOZ4fFKsg6S2FJ-CxQa6MALeijFU9bbAH4Vpll3w==
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=DC-12084042

142.250.74.168

70 kB

URL
www.googletagmanager.com/gtag/js?id=DC-12084042
IP
142.250.74.168:0
ASN
#15169 GOOGLE

Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT

File type
ASCII text, with very long lines (4179)
Size
70 kB (70480 bytes)
Hash
ee900f62bacf516a06c227f63eb53123
c4708d12f9a9ae84f3b9864f22cfccca7bcd9cfb
be4a1856d047b5fcaddcc083b33aec16f2ab5a38d3cb41eb6146321d088f6dea

HTTP Headers

GET /gtag/js?id=DC-12084042 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://harmac.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 04 Dec 2023 01:51:46 GMT
expires: Mon, 04 Dec 2023 01:51:46 GMT
cache-control: private, max-age=900
last-modified: Mon, 04 Dec 2023 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 70480
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.googletagmanager.com/gtag/js?id=DC-12084042&l=dataLayer&cx=c

142.250.74.168

71 kB

URL
www.googletagmanager.com/gtag/js?id=DC-12084042&l=dataLayer&cx=c
IP
142.250.74.168:0
ASN
#15169 GOOGLE

Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT

File type
ASCII text, with very long lines (4179)
Size
71 kB (70554 bytes)
Hash
5315cdc67b3597943503251ebe49aa40
ac32404da6538da32b34e90be778538d64698c5e
9f8d7a9c53dbd950c5c2b6d25285ac3ad903e6d57c41476ef771047af3d13e98

HTTP Headers

GET /gtag/js?id=DC-12084042&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://harmac.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 04 Dec 2023 01:51:46 GMT
expires: Mon, 04 Dec 2023 01:51:46 GMT
cache-control: private, max-age=900
last-modified: Mon, 04 Dec 2023 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 70554
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

cdn.boomtrain.com/p13n/ebg-wag3/p13n.min.js

143.204.55.34

30 kB

URL
cdn.boomtrain.com/p13n/ebg-wag3/p13n.min.js
IP
143.204.55.34:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (65536), with no line terminators
Size
30 kB (30374 bytes)
Hash
7e025917ec081cb179b24e9b42269588
a6522f88185982ebde143a2b1e399034962c6eba
cd6c50080cda668d0e858886b870ff15124d16be997d5b0d43e97d4788a20879

HTTP Headers

GET /p13n/ebg-wag3/p13n.min.js HTTP/1.1
Host: cdn.boomtrain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://harmac.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sun, 03 Dec 2023 04:36:21 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: l04UFkooc_cpGNqh.9nfCARIbuQ4HwRZ
Server: AmazonS3
Content-Encoding: gzip
Date: Mon, 04 Dec 2023 01:44:23 GMT
Cache-Control: public, max-age=3600
ETag: W/"7e025917ec081cb179b24e9b42269588"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 71c98156ae29b36a903974f9dd2568f8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: v6FixW-HZYAZA6cQuIyzH5oHHzL3e0yuuZ2Gx0RSPWmdCcEMawoEyA==
Age: 444

people.api.boomtrain.com/identify/resolve?data=eyJjb29raWUiOnsiYnNpbiI6IiJ9LCJxdWVyeXN0cmluZyI6e30sImV4dGVybmFsX2lkcyI6eyJ6eW5jIjoiM2UyZDBjYzctOTYzZC00ZDM1LTkwNGUtZDcyMzI2YjY5NWU4OjE3MDE2NTQ3MDUuOTAzMjE5NyJ9fQ%3D%3D&site_id=ebg-wag3

54.160.104.167

142 B

URL
people.api.boomtrain.com/identify/resolve?data=eyJjb29raWUiOnsiYnNpbiI6IiJ9LCJxdWVyeXN0cmluZyI6e30sImV4dGVybmFsX2lkcyI6eyJ6eW5jIjoiM2UyZDBjYzctOTYzZC00ZDM1LTkwNGUtZDcyMzI2YjY5NWU4OjE3MDE2NTQ3MDUuOTAzMjE5NyJ9fQ%3D%3D&site_id=ebg-wag3
IP
54.160.104.167:0
ASN
#14618 AMAZON-AES

File type
JSON data\012- , ASCII text
Size
142 B (142 bytes)
Hash
4227c4060c56e12d6c5c8c94ee853e77
94ff7d761248664e4f2fa2351ea13b3b7394af25
ca5f8ecf7b78744f0c1d03ae602351a69a30924db520f73645df877f6fb1a9ae

HTTP Headers

GET /identify/resolve?data=eyJjb29raWUiOnsiYnNpbiI6IiJ9LCJxdWVyeXN0cmluZyI6e30sImV4dGVybmFsX2lkcyI6eyJ6eW5jIjoiM2UyZDBjYzctOTYzZC00ZDM1LTkwNGUtZDcyMzI2YjY5NWU4OjE3MDE2NTQ3MDUuOTAzMjE5NyJ9fQ%3D%3D&site_id=ebg-wag3 HTTP/1.1
Host: people.api.boomtrain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://harmac.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://harmac.savings.workingadvantage.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Access-Control-Allow-Headers: X-Requested-With,Content-Type,Authorization,x-app-id
Access-Control-Allow-Methods: GET,PUT,POST,DELETE
Access-Control-Allow-Origin: *
Content-Type: application/json
Date: Mon, 04 Dec 2023 01:51:46 GMT
Server: nginx
Content-Length: 142
Connection: keep-alive

assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/99058982850f/RC6b40217ba8b34b5c95f7ac097beadf09-source.min.js

2.18.172.233

286 B

URL
assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/99058982850f/RC6b40217ba8b34b5c95f7ac097beadf09-source.min.js
IP
2.18.172.233:0
ASN
#16625 AKAMAI-AS

Certificate
IssuerDigiCert Inc
Subjectassets.adobedtm.com
Fingerprint8E:2F:9F:94:55:93:C2:B5:58:37:E8:D3:02:3C:23:AF:BA:E7:1D:EA
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sat, 10 Aug 2024 23:59:59 GMT

File type
ASCII text, with very long lines (304)
Size
286 B (286 bytes)
Hash
9d329853a801c00019899598da50a762
fddbe70abdf0251ce3c72b34899bc1f93dee758c
177b9dbf2cb10e29041b0446aec0ac0d478d2cc420144dd745a4fe5a7c1fd360

HTTP Headers

GET /a281455e4dfe/86f9b29df5eb/99058982850f/RC6b40217ba8b34b5c95f7ac097beadf09-source.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://harmac.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "52b5e7d86e1980765da3e075758f5e02:1700230292.716631"
last-modified: Fri, 17 Nov 2023 14:11:32 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=3600
expires: Mon, 04 Dec 2023 02:51:46 GMT
date: Mon, 04 Dec 2023 01:51:46 GMT
content-length: 286
access-control-allow-origin: https://harmac.savings.workingadvantage.com
timing-allow-origin: *
X-Firefox-Spdy: h2

assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/99058982850f/RC0c16579d5c704bd0a214633d669d35f2-source.min.js

2.18.172.233

548 B

URL
assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/99058982850f/RC0c16579d5c704bd0a214633d669d35f2-source.min.js
IP
2.18.172.233:0
ASN
#16625 AKAMAI-AS

Certificate
IssuerDigiCert Inc
Subjectassets.adobedtm.com
Fingerprint8E:2F:9F:94:55:93:C2:B5:58:37:E8:D3:02:3C:23:AF:BA:E7:1D:EA
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sat, 10 Aug 2024 23:59:59 GMT

File type
ASCII text, with very long lines (871)
Size
548 B (548 bytes)
Hash
b6ab6600ee3ade29d2ceb7e4fbc49442
1de248e70f915eaa24fc5c887fd2fd0ec259529e
c86c5c33c4a4bcdad8cb8ab9208bd80f7c7d24d29bfe3c17621a3b8a7c4b273e

HTTP Headers

GET /a281455e4dfe/86f9b29df5eb/99058982850f/RC0c16579d5c704bd0a214633d669d35f2-source.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://harmac.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "52b5e7d86e1980765da3e075758f5e02:1700230292.716631"
last-modified: Fri, 17 Nov 2023 14:11:32 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=3600
expires: Mon, 04 Dec 2023 02:51:46 GMT
date: Mon, 04 Dec 2023 01:51:46 GMT
content-length: 548
access-control-allow-origin: https://harmac.savings.workingadvantage.com
timing-allow-origin: *
X-Firefox-Spdy: h2

assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/99058982850f/RC668a267ca36c45b5acca38f3e4360a76-source.min.js

2.18.172.233

215 B

URL
assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/99058982850f/RC668a267ca36c45b5acca38f3e4360a76-source.min.js
IP
2.18.172.233:0
ASN
#16625 AKAMAI-AS

Certificate
IssuerDigiCert Inc
Subjectassets.adobedtm.com
Fingerprint8E:2F:9F:94:55:93:C2:B5:58:37:E8:D3:02:3C:23:AF:BA:E7:1D:EA
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sat, 10 Aug 2024 23:59:59 GMT

File type
ASCII text
Size
215 B (215 bytes)
Hash
74f251b2226edb2c9e4e190ca2d1fccb
ff50ff57d401f31803f19ebb65c9307f9dda35da
aaa66fd99c79e6009a990dda2b89b5d2419f07344577f4c1609064b67d43bcf0

HTTP Headers

GET /a281455e4dfe/86f9b29df5eb/99058982850f/RC668a267ca36c45b5acca38f3e4360a76-source.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://harmac.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "52b5e7d86e1980765da3e075758f5e02:1700230292.716631"
last-modified: Fri, 17 Nov 2023 14:11:32 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=3600
expires: Mon, 04 Dec 2023 02:51:46 GMT
date: Mon, 04 Dec 2023 01:51:46 GMT
content-length: 215
access-control-allow-origin: https://harmac.savings.workingadvantage.com
timing-allow-origin: *
X-Firefox-Spdy: h2

events.api.boomtrain.com/event/track

34.194.84.173

2 B

URL
events.api.boomtrain.com/event/track
IP
34.194.84.173:0
ASN
#14618 AMAZON-AES

File type
ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

HTTP Headers

POST /event/track HTTP/1.1
Host: events.api.boomtrain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 801
Origin: https://harmac.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://harmac.savings.workingadvantage.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 04 Dec 2023 01:51:47 GMT
content-type: text/plain
content-length: 2
server: nginx
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With, Content-Type, Authorization, x-app-id
access-control-allow-methods: GET, PUT, POST, DELETE
X-Firefox-Spdy: h2

harmac.savings.workingadvantage.com/api/controls/harmac

104.18.39.111

871 B

URL
harmac.savings.workingadvantage.com/api/controls/harmac
IP
104.18.39.111:0
ASN
#13335 CLOUDFLARENET

File type
JSON data\012- , ASCII text, with very long lines (2050), with no line terminators
Size
871 B (871 bytes)
Hash
66a41fb5c208b7a7036321fcc1a1309a
976240b9b349f4cd7f3eb4473feb2a6698442dce
341083bce636014fe77945e54a94e8cce5c1a34cfe400bffe146af1e78e73cae

HTTP Headers

GET /api/controls/harmac HTTP/1.1
Host: harmac.savings.workingadvantage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjI2NDczNjciLCJhcCI6IjExMjAyMTg3MjUiLCJpZCI6ImFlODNlZGMzZDkzMWM2OTQiLCJ0ciI6IjdhMjQ4NGExNDk2NjkxZThmNDMzZGNlYjhkMTJjYjAwIiwidGkiOjE3MDE2NTQ3MTE3ODAsInRrIjoiODg4MzEifX0=
traceparent: 00-7a2484a1496691e8f433dceb8d12cb00-ae83edc3d931c694-01
tracestate: 88831@nr=0-1-2647367-1120218725-ae83edc3d931c694----1701654711780
DNT: 1
Connection: keep-alive
Referer: https://harmac.savings.workingadvantage.com/my-profile/details
Cookie: __cf_bm=Z1lUxOL3voxfctmhCnRFNwPwCyQX8TNxj_v0dr3P6hQ-1701654704-0-AZpFiscTnPtW17V4DnPLLAIIbpsEcNfVEbciNs30klHtPOIuKM+RAGoYBf52je3t0iTJaPsmw5zarDmdKCCLnbI=; AMCV_B5F9FF2554F608410A4C98C6%40AdobeOrg=1176715910%7CMCIDTS%7C19696%7CMCMID%7C28201712594406624848983761685300558313%7CMCAID%7CNONE%7CMCOPTOUT-1701661910s%7CNONE%7CvVersion%7C5.4.0; s_ecid=MCMID%7C28201712594406624848983761685300558313; AMCVS_B5F9FF2554F608410A4C98C6%40AdobeOrg=1; _ga_FD2X5ZMELR=GS1.1.1701654710.1.0.1701654711.0.0.0; _ga=GA1.1.547215177.1701654711; cf_clearance=bj44fApg1ok1AVLflLzvnF6ZZyW4L7sAazd_nbEfI9w-1701654706-0-1-730ca2d2.73a07051.5b213570-0.2.1701654706; _gcl_au=1.1.364419749.1701654712; btIdentify=5a928e68-f221-4353-d3ef-d29c7271f26b; _bti=%7B%22bsin%22%3A%22%22%7D; _bts=30ac833f-1c1f-40f0-cf38-eacb4dfcacf4
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 04 Dec 2023 01:51:46 GMT
content-type: application/json; charset=utf-8
x-powered-by: 
access-control-allow-origin: http://harmac.savings.workingadvantage.com
vary: Origin
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
etag: W/"802-l2JAubNJ9M1/PrRHP+sqZphELc4"
expires: Mon, 04 Dec 2023 01:51:45 GMT
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-cache-status: DYNAMIC
strict-transport-security: max-age=5184000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 830067fa78b9712e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

harmac.savings.workingadvantage.com/api/info

104.18.39.111

46 kB

URL
harmac.savings.workingadvantage.com/api/info
IP
104.18.39.111:0
ASN
#13335 CLOUDFLARENET

File type
JSON data\012- , ASCII text, with very long lines (6699), with no line terminators
Size
46 kB (46156 bytes)
Hash
a2b522fc85ff10f3c52efd69a8c6f785
6256f0bf6aea851b054fd4c70d6f7845ec758124
c2fe9ca0781bc3f1a81cb1d96a513b568517c84d6af95a71b284edfec5b2e919

HTTP Headers

GET /api/info HTTP/1.1
Host: harmac.savings.workingadvantage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjI2NDczNjciLCJhcCI6IjExMjAyMTg3MjUiLCJpZCI6IjgyMmVhNmZiYjAyMGI0ZDciLCJ0ciI6IjM0ZGMzMDZhOTM2MzkxODk3ZWU3YjU2ZjJkOGUwMDAwIiwidGkiOjE3MDE2NTQ3MTExMzQsInRrIjoiODg4MzEifX0=
traceparent: 00-34dc306a936391897ee7b56f2d8e0000-822ea6fbb020b4d7-01
tracestate: 88831@nr=0-1-2647367-1120218725-822ea6fbb020b4d7----1701654711134
DNT: 1
Connection: keep-alive
Referer: https://harmac.savings.workingadvantage.com/my-profile/details
Cookie: __cf_bm=Z1lUxOL3voxfctmhCnRFNwPwCyQX8TNxj_v0dr3P6hQ-1701654704-0-AZpFiscTnPtW17V4DnPLLAIIbpsEcNfVEbciNs30klHtPOIuKM+RAGoYBf52je3t0iTJaPsmw5zarDmdKCCLnbI=; AMCV_B5F9FF2554F608410A4C98C6%40AdobeOrg=1176715910%7CMCIDTS%7C19696%7CMCMID%7C28201712594406624848983761685300558313%7CMCAID%7CNONE%7CMCOPTOUT-1701661910s%7CNONE%7CvVersion%7C5.4.0; s_ecid=MCMID%7C28201712594406624848983761685300558313; AMCVS_B5F9FF2554F608410A4C98C6%40AdobeOrg=1; _ga_FD2X5ZMELR=GS1.1.1701654710.1.0.1701654710.0.0.0; _ga=GA1.1.547215177.1701654711
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 04 Dec 2023 01:51:46 GMT
content-type: application/json; charset=utf-8
x-powered-by: 
access-control-allow-origin: http://harmac.savings.workingadvantage.com
vary: Origin
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
etag: W/"1a2b-Ylbwv2rqhRsFT9THDW94Rex1gSQ"
expires: Mon, 04 Dec 2023 01:51:45 GMT
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-cache-status: DYNAMIC
strict-transport-security: max-age=5184000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 830067f67eae712e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

harmac.savings.workingadvantage.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js

104.18.39.111

75 kB

URL
harmac.savings.workingadvantage.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js
IP
104.18.39.111:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (7347), with no line terminators
Size
75 kB (75036 bytes)
Hash
47b974e28713790d061a4b6daccb1c00
69a31502f0dc29a35a7dce8589ae3e2cd268b76c
6aac8824cc8df3037646c9d1c348f3bcd58abdd37f203c31b840b3eb3a42feaf

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js HTTP/1.1
Host: harmac.savings.workingadvantage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: __cf_bm=Z1lUxOL3voxfctmhCnRFNwPwCyQX8TNxj_v0dr3P6hQ-1701654704-0-AZpFiscTnPtW17V4DnPLLAIIbpsEcNfVEbciNs30klHtPOIuKM+RAGoYBf52je3t0iTJaPsmw5zarDmdKCCLnbI=; AMCV_B5F9FF2554F608410A4C98C6%40AdobeOrg=1176715910%7CMCIDTS%7C19696%7CMCMID%7C28201712594406624848983761685300558313%7CMCAID%7CNONE%7CMCOPTOUT-1701661910s%7CNONE%7CvVersion%7C5.4.0; s_ecid=MCMID%7C28201712594406624848983761685300558313; AMCVS_B5F9FF2554F608410A4C98C6%40AdobeOrg=1; _ga_FD2X5ZMELR=GS1.1.1701654710.1.0.1701654711.0.0.0; _ga=GA1.1.547215177.1701654711
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 04 Dec 2023 01:51:45 GMT
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
vary: accept-encoding
x-content-type-options: nosniff
strict-transport-security: max-age=5184000; includeSubDomains
server: cloudflare
cf-ray: 830067f72f06712e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/launch-a0e5cece2585.min.js

2.18.172.233

200 OK

154 kB

URL GET HTTP/2
assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/launch-a0e5cece2585.min.js
IP
2.18.172.233:443
ASN
#16625 AKAMAI-AS

Requested by
https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerDigiCert Inc
Subjectassets.adobedtm.com
Fingerprint8E:2F:9F:94:55:93:C2:B5:58:37:E8:D3:02:3C:23:AF:BA:E7:1D:EA
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sat, 10 Aug 2024 23:59:59 GMT

File type
ASCII text, with very long lines (32742)
Size
154 kB (154411 bytes)
Hash
9f22d37eff0340108e8e839a349263cc
0cabbc873195e92a33ed4694d49048ef05f52eee
47212462490d0b8fbf15a409fd8a79bd1a1f37c93790055517c1dc629bc9082f

HTTP Headers

GET /a281455e4dfe/86f9b29df5eb/launch-a0e5cece2585.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "9f22d37eff0340108e8e839a349263cc:1700230291.849047"
last-modified: Fri, 17 Nov 2023 14:11:31 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=3600
expires: Mon, 04 Dec 2023 02:51:47 GMT
date: Mon, 04 Dec 2023 01:51:47 GMT
content-length: 154411
access-control-allow-origin: https://auth.savings.workingadvantage.com
timing-allow-origin: *
X-Firefox-Spdy: h2

GET cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/css/bootstrap.min.css

151.101.193.229

200 OK

26 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/css/bootstrap.min.css
IP
151.101.193.229:443
ASN
#54113 FASTLY

Requested by
https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
ASCII text, with very long lines (65326)
Size
26 kB (26099 bytes)
Hash
023b3876bb73aa541367fc40a193d2b7
8ed2d6350d23f857d92805737d0f97c675de666b
f77c0d1739b618edc4a01ca3f6b2990b01a3009030af49ee8cf68e83052df194

HTTP Headers

GET /npm/bootstrap@4.5.3/dist/css/bootstrap.min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://auth.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 4.5.3
x-jsd-version-type: version
etag: W/"27288-jtLWNQ0j+FfZKAVzfQ+XxnXeZms"
content-encoding: br
accept-ranges: bytes
date: Mon, 04 Dec 2023 01:51:47 GMT
age: 21968419
x-served-by: cache-fra-eddf8230071-FRA, cache-bma1646-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 26099
X-Firefox-Spdy: h2

GET cdnjs.cloudflare.com/ajax/libs/web-animations/2.3.1/web-animations.min.js

104.17.25.14

200 OK

14 kB

URL GET HTTP/3
cdnjs.cloudflare.com/ajax/libs/web-animations/2.3.1/web-animations.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (47169)
Size
14 kB (13763 bytes)
Hash
f689a668b5c6078984b93b9f59793c90
83042534752a6d9b0a4a086517e19230416feba4
cbb3c795fd44c83a1200149b18e0df050fe228df4b5b03891373029117d8bd6b

HTTP Headers

GET /ajax/libs/web-animations/2.3.1/web-animations.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 04 Dec 2023 01:51:47 GMT
content-type: application/javascript; charset=utf-8
content-length: 13763
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb0402f-bad6"
last-modified: Mon, 04 May 2020 16:17:51 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 681562
expires: Sat, 23 Nov 2024 01:51:47 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5w8YnASCqpPKldZVm2p6vNWOWsoVcR1l%2BgcIHRTcYJeYhcYv5kgmlT3Ia%2F4QvxhQsfO0bkRGWNxPRjL1jXkraJpt8zAnyWDYY2flK2jXnYMQsH%2BpYzBLQ6ZCMJIiwHDs62m8OOI0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 830068046a79b4ed-OSL
alt-svc: h3=":443"; ma=86400

GET maps.googleapis.com/maps/api/js?client=gme-entertainmentbenefits&libraries=places

142.250.74.74

200 OK

66 kB

URL GET HTTP/3
maps.googleapis.com/maps/api/js?client=gme-entertainmentbenefits&libraries=places
IP
142.250.74.74:443
ASN
#15169 GOOGLE

Requested by
https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
ASCII text, with very long lines (2928)
Size
66 kB (65931 bytes)
Hash
59b64ce85b33a556c7372400096319f0
2150f1e1e4132e89bb0859d74e8c6468e981bef4
6bc8edf20fa26484c5a1e9a7e825ca66b5aa394a827f204dd9b6860e7d3ed264

HTTP Headers

GET /maps/api/js?client=gme-entertainmentbenefits&libraries=places HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cache-control: public, max-age=1800
content-type: text/javascript; charset=UTF-8
timing-allow-origin: *
vary: Accept-Language, Origin, X-Origin, Referer
cross-origin-resource-policy: cross-origin
content-encoding: gzip
date: Mon, 04 Dec 2023 01:51:47 GMT
server: scaffolding on HTTPServer2
content-length: 65931
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET www.googletagmanager.com/gtm.js?id=GTM-5QN8HWM

142.250.74.168

200 OK

79 kB

URL GET HTTP/3
www.googletagmanager.com/gtm.js?id=GTM-5QN8HWM
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT

File type
ASCII text, with very long lines (19808)
Size
79 kB (79021 bytes)
Hash
00a0df9705b9588630646af42424dddb
584d32616032fc28d0c2609ebf797646000dd891
80a0dbb8b039329b7ad83249610d552dd66b7bbef2b1f3e463cef2c6beabbc1a

HTTP Headers

GET /gtm.js?id=GTM-5QN8HWM HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 04 Dec 2023 01:51:47 GMT
expires: Mon, 04 Dec 2023 01:51:47 GMT
cache-control: private, max-age=900
last-modified: Mon, 04 Dec 2023 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 79021
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement.min.js

2.18.172.233

200 OK

12 kB

URL GET HTTP/2
assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement.min.js
IP
2.18.172.233:443
ASN
#16625 AKAMAI-AS

Requested by
https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerDigiCert Inc
Subjectassets.adobedtm.com
Fingerprint8E:2F:9F:94:55:93:C2:B5:58:37:E8:D3:02:3C:23:AF:BA:E7:1D:EA
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sat, 10 Aug 2024 23:59:59 GMT

File type
ASCII text, with very long lines (32768)
Size
12 kB (12163 bytes)
Hash
d860c16ac938f7d839f0ec158d02d0f0
8710f81ed151233677f7e32b229cb35293dd6840
9219086b4f2c3bf77854b2e06ccd97ad32b9b7a140e65ff8b974a3bae6c7854c

HTTP Headers

GET /extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "d860c16ac938f7d839f0ec158d02d0f0:1644856531.418573"
last-modified: Mon, 14 Feb 2022 16:35:31 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 12163
x-akamai-ew-subworker: 8096267
expires: Mon, 04 Dec 2023 02:51:48 GMT
date: Mon, 04 Dec 2023 01:51:48 GMT
cache-control: no-cache
access-control-allow-origin: https://auth.savings.workingadvantage.com
timing-allow-origin: *
X-Firefox-Spdy: h2

GET auth.savings.workingadvantage.com/auth/authorize?subdomain=harmac&response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails

104.18.39.111

302 Found

23 kB

URL User Request GET HTTP/3
auth.savings.workingadvantage.com/auth/authorize?subdomain=harmac&response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
IP
104.18.39.111:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerCloudflare, Inc.
Subjectworkingadvantage.com
FingerprintE1:B3:50:87:CF:77:63:80:7F:9D:81:96:18:E2:FA:4F:AC:2D:A8:B6
ValidityThu, 06 Jul 2023 00:00:00 GMT - Thu, 04 Jul 2024 23:59:59 GMT

File type
data
Size
23 kB (22665 bytes)
Hash
9879540fe40fdf76057587f2e05c52de
609ed469cd2fc8a61ce370dafd67b018de3571ef
9bd2d02397472630ede0520e0ffac920e410a4f29ebe0b28ac8a27968643bbbc

HTTP Headers

GET /auth/authorize?subdomain=harmac&response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails HTTP/1.1
Host: auth.savings.workingadvantage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://harmac.savings.workingadvantage.com/
Cookie: __cf_bm=Z1lUxOL3voxfctmhCnRFNwPwCyQX8TNxj_v0dr3P6hQ-1701654704-0-AZpFiscTnPtW17V4DnPLLAIIbpsEcNfVEbciNs30klHtPOIuKM+RAGoYBf52je3t0iTJaPsmw5zarDmdKCCLnbI=; AMCV_B5F9FF2554F608410A4C98C6%40AdobeOrg=1176715910%7CMCIDTS%7C19696%7CMCMID%7C28201712594406624848983761685300558313%7CMCAID%7CNONE%7CMCOPTOUT-1701661910s%7CNONE%7CvVersion%7C5.4.0; s_ecid=MCMID%7C28201712594406624848983761685300558313; AMCVS_B5F9FF2554F608410A4C98C6%40AdobeOrg=1; _ga_FD2X5ZMELR=GS1.1.1701654710.1.0.1701654711.0.0.0; _ga=GA1.1.547215177.1701654711; cf_clearance=bj44fApg1ok1AVLflLzvnF6ZZyW4L7sAazd_nbEfI9w-1701654706-0-1-730ca2d2.73a07051.5b213570-0.2.1701654706; _gcl_au=1.1.364419749.1701654712; btIdentify=5a928e68-f221-4353-d3ef-d29c7271f26b; _bti=%7B%22app_id%22%3A%22ebg-wag3%22%2C%22bsin%22%3A%22v0NwZmC5K1%2FbrsroXNQ%2FEKO07mTuWKWwl1prJHUZ2XlRtDW7okh9waiOPLd%2FPEz39K4ag%2FydpNNYw%2FYz5DdU2w%3D%3D%22%2C%22is_identified%22%3Afalse%7D; _bts=30ac833f-1c1f-40f0-cf38-eacb4dfcacf4
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 302 Found
date: Mon, 04 Dec 2023 01:51:47 GMT
content-type: text/html; charset=utf-8
x-powered-by: 
access-control-allow-origin: http://auth.savings.workingadvantage.com
vary: Origin, Accept
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
location: /harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
expires: Mon, 04 Dec 2023 01:51:46 GMT
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-cache-status: DYNAMIC
strict-transport-security: max-age=5184000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 830068023b7b712e-OSL
alt-svc: h3=":443"; ma=86400

GET maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true

142.250.74.74

200 OK

23 B

URL GET HTTP/3
maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true
IP
142.250.74.74:443
ASN
#15169 GOOGLE

Requested by
https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
JSON data\012- , ASCII text
Size
23 B (23 bytes)
Hash
8a80554c91d9fca8acb82f023de02f11
5f36b2ea290645ee34d943220a14b54ee5ea5be5
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

HTTP Headers

GET /maps/api/mapsjs/gen_204?csp_test=true HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://auth.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/json; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Mon, 04 Dec 2023 01:51:48 GMT
server: scaffolding on HTTPServer2
cache-control: private
content-length: 23
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://auth.savings.workingadvantage.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXiWtFCc.woff2

142.250.74.67

200 OK

14 kB

URL GET HTTP/2
fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXiWtFCc.woff2
IP
142.250.74.67:443
ASN
#15169 GOOGLE

Requested by
https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 13980, version 1.0\012- data
Size
14 kB (13980 bytes)
Hash
b7d6b48d8d12946dc808ff39aed6c460
3f18028a04b3fb39bb1cc33dce401d04e9207970
d4ae5188a65370ecfe28f42293bbee8297cfd5712c6aadfdb270d48f2bcd88b0

HTTP Headers

GET /s/lato/v24/S6uyw4BMUTPHjx4wXiWtFCc.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://auth.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 13980
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 01:27:40 GMT
expires: Fri, 29 Nov 2024 01:27:40 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 02 May 2023 15:17:19 GMT
content-type: font/woff2
age: 347048
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET www.googletagmanager.com/gtag/js?id=G-FD2X5ZMELR&l=dataLayer&cx=c

142.250.74.168

200 OK

93 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=G-FD2X5ZMELR&l=dataLayer&cx=c
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT

File type
ASCII text, with very long lines (5955)
Size
93 kB (93082 bytes)
Hash
e878954f18b06da5b5228e3f6c3c7031
eabb8c91551cfb2d1c777ea6e3a7fb5de2aa5698
7f0b230152439a35fb5b2d36327a37f10a9957e4ac6f5f79c8276bae0d90ac11

HTTP Headers

GET /gtag/js?id=G-FD2X5ZMELR&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 04 Dec 2023 01:51:48 GMT
expires: Mon, 04 Dec 2023 01:51:48 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 93082
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET harmac.savings.beneplace.com/api/notifications/system-wide

104.18.37.20

200 OK

2 B

URL GET HTTP/2
harmac.savings.beneplace.com/api/notifications/system-wide
IP
104.18.37.20:443
ASN
#13335 CLOUDFLARENET

Requested by
https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerCloudflare, Inc.
Subjectbeneplace.com
FingerprintFA:10:71:A9:9F:97:37:4F:1A:89:A2:E9:CC:0F:95:A6:CF:A4:A2:D1
ValidityFri, 01 Dec 2023 00:00:00 GMT - Sat, 30 Nov 2024 23:59:59 GMT

File type
JSON data\012- , ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
d751713988987e9331980363e24189ce
97d170e1550eee4afc0af065b78cda302a97674c
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

HTTP Headers

GET /api/notifications/system-wide HTTP/1.1
Host: harmac.savings.beneplace.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://auth.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 04 Dec 2023 01:51:49 GMT
content-type: application/json; charset=utf-8
content-length: 2
x-powered-by: 
access-control-allow-origin: https://auth.savings.workingadvantage.com
vary: Origin
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
etag: W/"2-l9Fw4VUO7kr8CvBlt4zaMCqXZ0w"
expires: Mon, 04 Dec 2023 01:51:48 GMT
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=CujPrtSJWL4B0Zbgb70f7WegPfto.CBS02zn5vckc7o-1701654709-0-ASZJBak9dt9jlzTkapxK+FV3e7X+cbVwsQdT3dNvgP5La2dow0PSuBEBRT3lvPE9dPW51McKypmJENYJev4UXUQ=; path=/; expires=Mon, 04-Dec-23 02:21:49 GMT; domain=.beneplace.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8300680a89f27127-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/99058982850f/RCfc27f81c245c44b78fbb03ff4af1a6be-source.min.js

2.18.172.233

200 OK

214 B

URL GET HTTP/2
assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/99058982850f/RCfc27f81c245c44b78fbb03ff4af1a6be-source.min.js
IP
2.18.172.233:443
ASN
#16625 AKAMAI-AS

Requested by
https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerDigiCert Inc
Subjectassets.adobedtm.com
Fingerprint8E:2F:9F:94:55:93:C2:B5:58:37:E8:D3:02:3C:23:AF:BA:E7:1D:EA
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sat, 10 Aug 2024 23:59:59 GMT

File type
ASCII text
Size
214 B (214 bytes)
Hash
9de49b0d72b52bcff35a575dcbf3a505
67b61404e3f0bf10d1aa5a8895b5f0840a2b8f4d
c8ab5af61a41599d2375ab31a82cc778a38e29b25049ac57f1e6fcd60c004afe

HTTP Headers

GET /a281455e4dfe/86f9b29df5eb/99058982850f/RCfc27f81c245c44b78fbb03ff4af1a6be-source.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "52b5e7d86e1980765da3e075758f5e02:1700230292.716631"
last-modified: Fri, 17 Nov 2023 14:11:32 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=3600
expires: Mon, 04 Dec 2023 02:51:49 GMT
date: Mon, 04 Dec 2023 01:51:49 GMT
content-length: 214
access-control-allow-origin: https://auth.savings.workingadvantage.com
timing-allow-origin: *
X-Firefox-Spdy: h2

GET assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/99058982850f/RC986b4d5825364bd4887033e40e20c549-source.min.js

2.18.172.233

200 OK

429 B

URL GET HTTP/2
assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/99058982850f/RC986b4d5825364bd4887033e40e20c549-source.min.js
IP
2.18.172.233:443
ASN
#16625 AKAMAI-AS

Requested by
https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerDigiCert Inc
Subjectassets.adobedtm.com
Fingerprint8E:2F:9F:94:55:93:C2:B5:58:37:E8:D3:02:3C:23:AF:BA:E7:1D:EA
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sat, 10 Aug 2024 23:59:59 GMT

File type
ASCII text, with very long lines (610)
Size
429 B (429 bytes)
Hash
312cb3e912e23ae79d6f14e1f73679ac
a3303715a66d325886a96badf99dc1111dbffa2c
d56b6db4e16388149899dcea8f2bcbf6856bb84e7b9b866ddf3c388e5d12e8d6

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Webshells iisstart.aspx and Logout.aspx

HTTP Headers

GET /a281455e4dfe/86f9b29df5eb/99058982850f/RC986b4d5825364bd4887033e40e20c549-source.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "52b5e7d86e1980765da3e075758f5e02:1700230292.716631"
last-modified: Fri, 17 Nov 2023 14:11:32 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=3600
expires: Mon, 04 Dec 2023 02:51:49 GMT
date: Mon, 04 Dec 2023 01:51:49 GMT
content-length: 429
access-control-allow-origin: https://auth.savings.workingadvantage.com
timing-allow-origin: *
X-Firefox-Spdy: h2

GET www.googletagmanager.com/gtm.js?id=GTM-5QN8HWM

142.250.74.168

200 OK

79 kB

URL GET HTTP/3
www.googletagmanager.com/gtm.js?id=GTM-5QN8HWM
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT

File type
ASCII text, with very long lines (19808)
Size
79 kB (79019 bytes)
Hash
6d977e6ebfae308c3a521fd20698beb7
87f10b6eaddcddfae5d47e96724830568d7143de
ac1259bf2a748942b749a5a75ed2907232297c9b566a21f535124c298d5c4ef0

HTTP Headers

GET /gtm.js?id=GTM-5QN8HWM HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 04 Dec 2023 01:51:49 GMT
expires: Mon, 04 Dec 2023 01:51:49 GMT
cache-control: private, max-age=900
last-modified: Mon, 04 Dec 2023 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 79019
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET www.googletagmanager.com/gtag/js?id=UA-2876877-9

142.250.74.168

200 OK

69 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=UA-2876877-9
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT

File type
ASCII text, with very long lines (4179)
Size
69 kB (68946 bytes)
Hash
3e13c673800e7a668b32825008da1d9b
b292e163ae859aaa02bda77370ceb523d9b450d2
430a897234d700684037c835687d0cda572c1ca068f589a53a2a25ff5e3cde9b

HTTP Headers

GET /gtag/js?id=UA-2876877-9 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 04 Dec 2023 01:51:49 GMT
expires: Mon, 04 Dec 2023 01:51:49 GMT
cache-control: private, max-age=900
last-modified: Mon, 04 Dec 2023 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 68946
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

POST smetrics.workingadvantage.com/b/ss/entbenwag3/1/JS-2.22.4-LDQM/s01340608910676

63.140.62.22

200 OK

43 B

URL POST HTTP/2
smetrics.workingadvantage.com/b/ss/entbenwag3/1/JS-2.22.4-LDQM/s01340608910676
IP
63.140.62.22:443
ASN
#16509 AMAZON-02

Requested by
https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerDigiCert Inc
Subjectsmetrics.workingadvantage.com
FingerprintBF:39:6F:26:01:A5:E2:6D:81:D9:EB:97:B2:50:D2:2D:2F:2D:48:43
ValiditySun, 09 Jul 2023 00:00:00 GMT - Thu, 08 Aug 2024 23:59:59 GMT

File type
GIF image data, version 89a, 2 x 2\012- data
Size
43 B (43 bytes)
Hash
ad480fd0732d0f6f1a8b06359e3a42bb
a544538683a2dfe574eeb2e358ac8fcc78289d50
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506

HTTP Headers

POST /b/ss/entbenwag3/1/JS-2.22.4-LDQM/s01340608910676 HTTP/1.1
Host: smetrics.workingadvantage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 2222
Origin: https://auth.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Cookie: __cf_bm=Z1lUxOL3voxfctmhCnRFNwPwCyQX8TNxj_v0dr3P6hQ-1701654704-0-AZpFiscTnPtW17V4DnPLLAIIbpsEcNfVEbciNs30klHtPOIuKM+RAGoYBf52je3t0iTJaPsmw5zarDmdKCCLnbI=; AMCV_B5F9FF2554F608410A4C98C6%40AdobeOrg=1176715910%7CMCIDTS%7C19696%7CMCMID%7C28201712594406624848983761685300558313%7CMCAID%7CNONE%7CMCOPTOUT-1701661915s%7CNONE%7CvVersion%7C5.4.0; s_ecid=MCMID%7C28201712594406624848983761685300558313; AMCVS_B5F9FF2554F608410A4C98C6%40AdobeOrg=1; _ga_FD2X5ZMELR=GS1.1.1701654710.1.1.1701654713.0.0.0; _ga=GA1.1.547215177.1701654711; cf_clearance=bj44fApg1ok1AVLflLzvnF6ZZyW4L7sAazd_nbEfI9w-1701654706-0-1-730ca2d2.73a07051.5b213570-0.2.1701654706; _gcl_au=1.1.364419749.1701654712; btIdentify=5a928e68-f221-4353-d3ef-d29c7271f26b; _bti=%7B%22app_id%22%3A%22ebg-wag3%22%2C%22bsin%22%3A%22v0NwZmC5K1%2FbrsroXNQ%2FEKO07mTuWKWwl1prJHUZ2XlRtDW7okh9waiOPLd%2FPEz39K4ag%2FydpNNYw%2FYz5DdU2w%3D%3D%22%2C%22is_identified%22%3Afalse%7D; _bts=30ac833f-1c1f-40f0-cf38-eacb4dfcacf4; sat_domain=A; mbox=session#1d3b9a1dc08d45e4a72e179cc2512ea7#1701656576; at_check=true; g3refurl=https%253A%252F%252Fauth.savings.workingadvantage.com%252Fharmac%252Fsign-in%253Fresponse_type%253Dcode%2526client_id%253D9ezalirn45mf43imjtdf53%2526redirect_uri%253Dhttps%253A%25252f%25252fharmac.savings.workingadvantage.com%25252fmy-profile%25252fdetails; prev_url_v2=https%253A%252F%252Fauth.savings.workingadvantage.com%252Fharmac%252Fsign-in%253Fresponse_type%253Dcode%2526client_id%253D9ezalirn45mf43imjtdf53%2526redirect_uri%253Dhttps%253A%25252f%25252fharmac.savings.workingadvantage.com%25252fmy-profile%25252fdetails; s_cc=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: https://auth.savings.workingadvantage.com
access-control-allow-credentials: true
date: Mon, 04 Dec 2023 01:51:50 GMT
expires: Sun, 03 Dec 2023 01:51:50 GMT
last-modified: Tue, 05 Dec 2023 01:51:50 GMT
pragma: no-cache
p3p: CP="This is not a P3P policy"
server: jag
set-cookie: s_ecid=MCMID%7C28201712594406624848983761685300558313; Path=/; Domain=workingadvantage.com; Max-Age=157680000; Expires=Sat, 02 Dec 2028 01:51:51 GMT;
etag: 3654275665779064832-4617553741675210914
vary: *
content-type: image/gif;charset=utf-8
content-length: 43
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2

GET www.googletagmanager.com/gtag/js?id=G-2K753Z6D0L&l=dataLayer&cx=c

142.250.74.168

200 OK

86 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=G-2K753Z6D0L&l=dataLayer&cx=c
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT

File type
ASCII text, with very long lines (13010)
Size
86 kB (85761 bytes)
Hash
2f4963b7551ec48e6e7b07fdc116b893
f39258e1e1560a56168b8310519d0e7cf5927af9
9cebb4ed076e17efe1353bb73eddaddea6cf41f6982da0c547ca6d58880946f8

HTTP Headers

GET /gtag/js?id=G-2K753Z6D0L&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 04 Dec 2023 01:51:50 GMT
expires: Mon, 04 Dec 2023 01:51:50 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 85761
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

auth.savings.workingadvantage.com/socket.io/?subdomain=harmac&EIO=3&transport=websocket

172.64.148.145

0 B

URL
auth.savings.workingadvantage.com/socket.io/?subdomain=harmac&EIO=3&transport=websocket
IP
172.64.148.145:0
ASN
#13335 CLOUDFLARENET

Certificate
IssuerCloudflare, Inc.
Subjectworkingadvantage.com
FingerprintE1:B3:50:87:CF:77:63:80:7F:9D:81:96:18:E2:FA:4F:AC:2D:A8:B6
ValidityThu, 06 Jul 2023 00:00:00 GMT - Thu, 04 Jul 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /socket.io/?subdomain=harmac&EIO=3&transport=websocket HTTP/1.1
Host: auth.savings.workingadvantage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://auth.savings.workingadvantage.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: vaKSMyjgfPCFIoK+YfaZew==
DNT: 1
Connection: keep-alive, Upgrade
Cookie: __cf_bm=Z1lUxOL3voxfctmhCnRFNwPwCyQX8TNxj_v0dr3P6hQ-1701654704-0-AZpFiscTnPtW17V4DnPLLAIIbpsEcNfVEbciNs30klHtPOIuKM+RAGoYBf52je3t0iTJaPsmw5zarDmdKCCLnbI=; AMCV_B5F9FF2554F608410A4C98C6%40AdobeOrg=1176715910%7CMCIDTS%7C19696%7CMCMID%7C28201712594406624848983761685300558313%7CMCAID%7CNONE%7CMCOPTOUT-1701661913s%7CNONE%7CvVersion%7C5.4.0; s_ecid=MCMID%7C28201712594406624848983761685300558313; AMCVS_B5F9FF2554F608410A4C98C6%40AdobeOrg=1; _ga_FD2X5ZMELR=GS1.1.1701654710.1.1.1701654713.0.0.0; _ga=GA1.1.547215177.1701654711; cf_clearance=bj44fApg1ok1AVLflLzvnF6ZZyW4L7sAazd_nbEfI9w-1701654706-0-1-730ca2d2.73a07051.5b213570-0.2.1701654706; _gcl_au=1.1.364419749.1701654712; btIdentify=5a928e68-f221-4353-d3ef-d29c7271f26b; _bti=%7B%22app_id%22%3A%22ebg-wag3%22%2C%22bsin%22%3A%22v0NwZmC5K1%2FbrsroXNQ%2FEKO07mTuWKWwl1prJHUZ2XlRtDW7okh9waiOPLd%2FPEz39K4ag%2FydpNNYw%2FYz5DdU2w%3D%3D%22%2C%22is_identified%22%3Afalse%7D; _bts=30ac833f-1c1f-40f0-cf38-eacb4dfcacf4
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Date: Mon, 04 Dec 2023 01:51:50 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: X5tfz/mqVy6GhCOZK+8ZTMROW1s=
Access-Control-Allow-Origin: https://auth.savings.workingadvantage.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
CF-Cache-Status: DYNAMIC
Strict-Transport-Security: max-age=5184000; includeSubDomains
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 830068105e2e569f-OSL
alt-svc: h3=":443"; ma=86400

GET auth.savings.workingadvantage.com/polyfills.9bd4a18a68d081a1.js

104.18.39.111

200 OK

73 kB

URL GET HTTP/3
auth.savings.workingadvantage.com/polyfills.9bd4a18a68d081a1.js
IP
104.18.39.111:443
ASN
#13335 CLOUDFLARENET

Requested by
https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerCloudflare, Inc.
Subjectworkingadvantage.com
FingerprintE1:B3:50:87:CF:77:63:80:7F:9D:81:96:18:E2:FA:4F:AC:2D:A8:B6
ValidityThu, 06 Jul 2023 00:00:00 GMT - Thu, 04 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
73 kB (73320 bytes)
Hash
0cd11218e1d6b6ab172b905bb2eb2693
9bc810ec1a37bdd5f7f6fe480529cbac372f84e5
040e0f83384cfe2b858b56ce6e588c85aa1f9840901d5edcb8266f65b00a68a5

HTTP Headers

GET /polyfills.9bd4a18a68d081a1.js HTTP/1.1
Host: auth.savings.workingadvantage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Cookie: __cf_bm=Z1lUxOL3voxfctmhCnRFNwPwCyQX8TNxj_v0dr3P6hQ-1701654704-0-AZpFiscTnPtW17V4DnPLLAIIbpsEcNfVEbciNs30klHtPOIuKM+RAGoYBf52je3t0iTJaPsmw5zarDmdKCCLnbI=; AMCV_B5F9FF2554F608410A4C98C6%40AdobeOrg=1176715910%7CMCIDTS%7C19696%7CMCMID%7C28201712594406624848983761685300558313%7CMCAID%7CNONE%7CMCOPTOUT-1701661910s%7CNONE%7CvVersion%7C5.4.0; s_ecid=MCMID%7C28201712594406624848983761685300558313; AMCVS_B5F9FF2554F608410A4C98C6%40AdobeOrg=1; _ga_FD2X5ZMELR=GS1.1.1701654710.1.0.1701654711.0.0.0; _ga=GA1.1.547215177.1701654711; cf_clearance=bj44fApg1ok1AVLflLzvnF6ZZyW4L7sAazd_nbEfI9w-1701654706-0-1-730ca2d2.73a07051.5b213570-0.2.1701654706; _gcl_au=1.1.364419749.1701654712; btIdentify=5a928e68-f221-4353-d3ef-d29c7271f26b; _bti=%7B%22app_id%22%3A%22ebg-wag3%22%2C%22bsin%22%3A%22v0NwZmC5K1%2FbrsroXNQ%2FEKO07mTuWKWwl1prJHUZ2XlRtDW7okh9waiOPLd%2FPEz39K4ag%2FydpNNYw%2FYz5DdU2w%3D%3D%22%2C%22is_identified%22%3Afalse%7D; _bts=30ac833f-1c1f-40f0-cf38-eacb4dfcacf4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 04 Dec 2023 01:51:48 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 29 Nov 2023 02:24:53 GMT
vary: Accept-Encoding
etag: W/"6566a0f5-1e657"
strict-transport-security: max-age=5184000; includeSubDomains
x-frame-options: DENY
content-security-policy: frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
server: cloudflare
cf-ray: 830068047c88712e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET auth.savings.workingadvantage.com/assets/workingadvantage_logo_wide_inverse_01.png

104.18.39.111

200 OK

19 kB

URL GET HTTP/3
auth.savings.workingadvantage.com/assets/workingadvantage_logo_wide_inverse_01.png
IP
104.18.39.111:443
ASN
#13335 CLOUDFLARENET

Requested by
https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerCloudflare, Inc.
Subjectworkingadvantage.com
FingerprintE1:B3:50:87:CF:77:63:80:7F:9D:81:96:18:E2:FA:4F:AC:2D:A8:B6
ValidityThu, 06 Jul 2023 00:00:00 GMT - Thu, 04 Jul 2024 23:59:59 GMT

File type
PNG image data, 500 x 200, 8-bit/color RGBA, non-interlaced\012- data
Size
19 kB (18724 bytes)
Hash
fad05a309055bbe24890d609a98528f4
48fbd56aa5b0bd2b6139b23a0097aa02a594e13e
22de6cb47cb99a22c97982e083731cbbd79340c75261c8e68f9ddb350a11d264

HTTP Headers

GET /assets/workingadvantage_logo_wide_inverse_01.png HTTP/1.1
Host: auth.savings.workingadvantage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https:%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Cookie: __cf_bm=Z1lUxOL3voxfctmhCnRFNwPwCyQX8TNxj_v0dr3P6hQ-1701654704-0-AZpFiscTnPtW17V4DnPLLAIIbpsEcNfVEbciNs30klHtPOIuKM+RAGoYBf52je3t0iTJaPsmw5zarDmdKCCLnbI=; AMCV_B5F9FF2554F608410A4C98C6%40AdobeOrg=1176715910%7CMCIDTS%7C19696%7CMCMID%7C28201712594406624848983761685300558313%7CMCAID%7CNONE%7CMCOPTOUT-1701661915s%7CNONE%7CvVersion%7C5.4.0; s_ecid=MCMID%7C28201712594406624848983761685300558313; AMCVS_B5F9FF2554F608410A4C98C6%40AdobeOrg=1; _ga_FD2X5ZMELR=GS1.1.1701654710.1.1.1701654716.0.0.0; _ga=GA1.1.547215177.1701654711; cf_clearance=bj44fApg1ok1AVLflLzvnF6ZZyW4L7sAazd_nbEfI9w-1701654706-0-1-730ca2d2.73a07051.5b213570-0.2.1701654706; _gcl_au=1.1.364419749.1701654712; btIdentify=5a928e68-f221-4353-d3ef-d29c7271f26b; _bti=%7B%22app_id%22%3A%22ebg-wag3%22%2C%22bsin%22%3A%22v0NwZmC5K1%2FbrsroXNQ%2FEKO07mTuWKWwl1prJHUZ2XlRtDW7okh9waiOPLd%2FPEz39K4ag%2FydpNNYw%2FYz5DdU2w%3D%3D%22%2C%22is_identified%22%3Afalse%7D; _bts=30ac833f-1c1f-40f0-cf38-eacb4dfcacf4; mbox=session#1d3b9a1dc08d45e4a72e179cc2512ea7#1701656576; at_check=true; g3refurl=https%253A%252F%252Fauth.savings.workingadvantage.com%252Fharmac%252Fsign-in%253Fresponse_type%253Dcode%2526client_id%253D9ezalirn45mf43imjtdf53%2526redirect_uri%253Dhttps%253A%25252f%25252fharmac.savings.workingadvantage.com%25252fmy-profile%25252fdetails; prev_url_v2=https%253A%252F%252Fauth.savings.workingadvantage.com%252Fharmac%252Fsign-in%253Fresponse_type%253Dcode%2526client_id%253D9ezalirn45mf43imjtdf53%2526redirect_uri%253Dhttps%253A%25252f%25252fharmac.savings.workingadvantage.com%25252fmy-profile%25252fdetails; s_cc=true; split_test_groups={}
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 04 Dec 2023 01:51:51 GMT
content-type: image/png
content-length: 18724
last-modified: Wed, 29 Nov 2023 02:24:58 GMT
etag: "6566a0fa-4924"
accept-ranges: bytes
strict-transport-security: max-age=5184000; includeSubDomains
x-frame-options: DENY
content-security-policy: frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
server: cloudflare
cf-ray: 83006817aaad712e-OSL
alt-svc: h3=":443"; ma=86400

GET controlpanel.savings.beneplace.com/uploads/harmac_favicon_01.ico

104.18.37.20

7.4 kB

URL GET
controlpanel.savings.beneplace.com/uploads/harmac_favicon_01.ico
IP
104.18.37.20:0
ASN
#13335 CLOUDFLARENET

Requested by
https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerCloudflare, Inc.
Subjectbeneplace.com
FingerprintFA:10:71:A9:9F:97:37:4F:1A:89:A2:E9:CC:0F:95:A6:CF:A4:A2:D1
ValidityFri, 01 Dec 2023 00:00:00 GMT - Sat, 30 Nov 2024 23:59:59 GMT

File type
MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Size
7.4 kB (7363 bytes)
Hash
73467eee959e69f202e081bd6e3a8eea
4615dbc0f045cd2c2181caac28be42c7188474e1
71b51eb933228cd69fdd396033359e4e9ef796e01dc60c2efc2d6674bd13e735

HTTP Headers

GET /uploads/harmac_favicon_01.ico HTTP/1.1
Host: controlpanel.savings.beneplace.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 04 Dec 2023 01:51:50 GMT
content-type: image/x-icon
last-modified: Thu, 18 Aug 2022 16:31:32 GMT
etag: W/"62fe6964-3c2e"
cache-control: public, max-age=2592000, s-maxage=600
cf-cache-status: MISS
set-cookie: __cf_bm=iTShTyxZNDzLX8zPVfHeJbaMsi5YkxAzlDDapH0VyPo-1701654710-0-AUQCrIctMdU8SECvjbBBCp9jHYZNwe1zyrDNM6Sd3kNGaF2vhyKUN5CvxHqsWO3osSctoZQ6D/M3vvEPgHfTnPA=; path=/; expires=Mon, 04-Dec-23 02:21:50 GMT; domain=.beneplace.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 83006812df2156c6-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET harmac.savings.beneplace.com/api/harmac/marketplace-styles.css

104.18.37.20

200 OK

262 kB

URL GET HTTP/2
harmac.savings.beneplace.com/api/harmac/marketplace-styles.css
IP
104.18.37.20:443
ASN
#13335 CLOUDFLARENET

Requested by
https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerCloudflare, Inc.
Subjectbeneplace.com
FingerprintFA:10:71:A9:9F:97:37:4F:1A:89:A2:E9:CC:0F:95:A6:CF:A4:A2:D1
ValidityFri, 01 Dec 2023 00:00:00 GMT - Sat, 30 Nov 2024 23:59:59 GMT

File type
ASCII text
Size
262 kB (261990 bytes)
Hash
4c20ac279afca93ce189d60dce7c7e24
668aafb1d10a3f2831e846f533512bc3082fb2fc
1ad5c5e43ddfde0f0443b07d54adb9387065dc9f4f1f7d8dce46e14a8b75d78b

HTTP Headers

GET /api/harmac/marketplace-styles.css HTTP/1.1
Host: harmac.savings.beneplace.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://auth.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 04 Dec 2023 01:51:49 GMT
content-type: text/css; charset=utf-8
x-powered-by: 
access-control-allow-origin: https://auth.savings.workingadvantage.com
vary: Origin
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
etag: W/"802c-ZoqvsdEKPygx6Eb1M1Erwwgvsvw"
expires: Mon, 04 Dec 2023 01:51:48 GMT
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=_l1HGXKbjBFU6LvKM75H.KoLaVygO2VYvIuITJTFfWw-1701654709-0-Aa7OiVMm5kxdRJmWWYEISoDm18ycYdag4wPlwwCFC0v82LdG29R1Gf627O3ATTPM7MG/w7edPeWND9Vbn4jdVfA=; path=/; expires=Mon, 04-Dec-23 02:21:49 GMT; domain=.beneplace.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8300680a9a017127-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET harmac.savings.beneplace.com/api/controls/harmac

104.18.37.20

200 OK

10 kB

URL GET HTTP/2
harmac.savings.beneplace.com/api/controls/harmac
IP
104.18.37.20:443
ASN
#13335 CLOUDFLARENET

Requested by
https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerCloudflare, Inc.
Subjectbeneplace.com
FingerprintFA:10:71:A9:9F:97:37:4F:1A:89:A2:E9:CC:0F:95:A6:CF:A4:A2:D1
ValidityFri, 01 Dec 2023 00:00:00 GMT - Sat, 30 Nov 2024 23:59:59 GMT

File type
JSON data\012- , ASCII text, with very long lines (2050), with no line terminators
Size
10 kB (10049 bytes)
Hash
66a41fb5c208b7a7036321fcc1a1309a
976240b9b349f4cd7f3eb4473feb2a6698442dce
341083bce636014fe77945e54a94e8cce5c1a34cfe400bffe146af1e78e73cae

HTTP Headers

GET /api/controls/harmac HTTP/1.1
Host: harmac.savings.beneplace.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://auth.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 04 Dec 2023 01:51:49 GMT
content-type: application/json; charset=utf-8
x-powered-by: 
access-control-allow-origin: https://auth.savings.workingadvantage.com
vary: Origin
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
etag: W/"802-l2JAubNJ9M1/PrRHP+sqZphELc4"
expires: Mon, 04 Dec 2023 01:51:48 GMT
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=7ZZtlWQXiQ6B_DrFoT0RJhbsq3bH1P8eL_L8SdwwJwY-1701654709-0-ATKGGmTCqmJM+LiCo193iFJviCkWNBhiEf+ypIwL+2+EhNKvVOJbB+6+mCLmngOIKmqkYOGfl1Ao/Ebk7kMZ9ps=; path=/; expires=Mon, 04-Dec-23 02:21:49 GMT; domain=.beneplace.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8300680a99ff7127-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ3q5d0.woff2

142.250.74.67

200 OK

14 kB

URL GET HTTP/3
fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ3q5d0.woff2
IP
142.250.74.67:443
ASN
#15169 GOOGLE

Requested by
https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 14168, version 1.0\012- data
Size
14 kB (14168 bytes)
Hash
017598645bcc882a3610effe171c2ca3
ceaca8172b95b6954d5a5752698a5162d7e9877c
7a7ce1a34f3e9944fe88fc61abbc93b6db383afa2b90815fd7ccea456fbce4e5

HTTP Headers

GET /s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ3q5d0.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://auth.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 14168
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 12:50:31 GMT
expires: Fri, 29 Nov 2024 12:50:31 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 02 May 2023 15:29:56 GMT
content-type: font/woff2
age: 306080
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh50XSwiPGQ3q5d0.woff2

142.250.74.67

200 OK

14 kB

URL GET HTTP/3
fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh50XSwiPGQ3q5d0.woff2
IP
142.250.74.67:443
ASN
#15169 GOOGLE

Requested by
https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 13724, version 1.0\012- data
Size
14 kB (13724 bytes)
Hash
cf5ec3859b05de1b9351ab934b937417
97ffac24ea5fe5c47301f1be229699330ea93bf2
bd9a6192274f8f2f3ce31cd3d2cae5ebe32e2fa86fc7c4f60a3c28556e496d56

HTTP Headers

GET /s/lato/v24/S6u9w4BMUTPHh50XSwiPGQ3q5d0.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://auth.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 13724
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 04:58:25 GMT
expires: Fri, 29 Nov 2024 04:58:25 GMT
cache-control: public, max-age=31536000
age: 334406
last-modified: Tue, 02 May 2023 15:20:27 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET maps.googleapis.com/maps-api-v3/api/js/54/12a/common.js

142.250.74.74

200 OK

57 kB

URL GET HTTP/3
maps.googleapis.com/maps-api-v3/api/js/54/12a/common.js
IP
142.250.74.74:443
ASN
#15169 GOOGLE

Requested by
https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
ASCII text, with very long lines (4584)
Size
57 kB (57367 bytes)
Hash
62dd4694504b9493499887d729e7d456
31e1581fda82bcbe5971f202b686a7f2d16d3394
0b6fb8c2b9ee6b41540fd549a726e431eb8667074da38d94af8a647ae05e9da7

HTTP Headers

GET /maps-api-v3/api/js/54/12a/common.js HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-length: 57367
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 02:38:24 GMT
expires: Fri, 29 Nov 2024 02:38:24 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 06 Nov 2023 21:27:26 GMT
content-type: text/javascript
vary: Accept-Encoding, Origin
age: 342809
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET maps.googleapis.com/maps-api-v3/api/js/54/12a/util.js

142.250.74.74

200 OK

50 kB

URL GET HTTP/3
maps.googleapis.com/maps-api-v3/api/js/54/12a/util.js
IP
142.250.74.74:443
ASN
#15169 GOOGLE

Requested by
https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
ASCII text, with very long lines (584)
Size
50 kB (50370 bytes)
Hash
dd9a0890c6719e8bbaf67f14c6032e48
645a019ec207a0c321401b6d0d05da505f9917b7
206b430ad8e96d2f58a4c4cc6d2e5b97b40a1b62d9c1a7b027409b376da8c1de

HTTP Headers

GET /maps-api-v3/api/js/54/12a/util.js HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-length: 50370
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 29 Nov 2023 11:11:29 GMT
expires: Thu, 28 Nov 2024 11:11:29 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 06 Nov 2023 21:27:26 GMT
content-type: text/javascript
vary: Accept-Encoding, Origin
age: 398424
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET harmac.savings.beneplace.com/api/navigation/harmac/auth_footer/US/auth

104.18.37.20

200 OK

959 B

URL GET HTTP/2
harmac.savings.beneplace.com/api/navigation/harmac/auth_footer/US/auth
IP
104.18.37.20:443
ASN
#13335 CLOUDFLARENET

Requested by
https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerCloudflare, Inc.
Subjectbeneplace.com
FingerprintFA:10:71:A9:9F:97:37:4F:1A:89:A2:E9:CC:0F:95:A6:CF:A4:A2:D1
ValidityFri, 01 Dec 2023 00:00:00 GMT - Sat, 30 Nov 2024 23:59:59 GMT

File type
troff or preprocessor input, Unicode text, UTF-8 text, with very long lines (1104), with no line terminators
Size
959 B (959 bytes)
Hash
c3d5ce7b6683af9add7f52618a9527c8
98a01bb68706d5471405a04bd895df57830fb21c
b6e6fbe23eb14cd5c64d79d2e09e4bc6bb145ecb372b1d861c22e9ca0c945915

HTTP Headers

GET /api/navigation/harmac/auth_footer/US/auth HTTP/1.1
Host: harmac.savings.beneplace.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://auth.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 04 Dec 2023 01:51:49 GMT
content-type: application/json; charset=utf-8
x-powered-by: 
access-control-allow-origin: https://auth.savings.workingadvantage.com
vary: Origin
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
etag: W/"3bf-fTrY/POxp8xLE7tJOcrV4J65oF4"
expires: Mon, 04 Dec 2023 01:51:48 GMT
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=xd0WitABtSmDS7m0pSgRdeeNMfs4.7ChCEpbTS5e_HM-1701654709-0-Aa13ZUBvlMawHR0z+62iMV+YI7J0DKFBzIzZSOAMy8BgXeOf88nwqaAAsySD7IR20DLF+I4JKZYf6gYdWajnJZc=; path=/; expires=Mon, 04-Dec-23 02:21:49 GMT; domain=.beneplace.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8300680c3abf7127-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET harmac.savings.beneplace.com/api/info

104.18.37.20

200 OK

6.7 kB

URL GET HTTP/2
harmac.savings.beneplace.com/api/info
IP
104.18.37.20:443
ASN
#13335 CLOUDFLARENET

Requested by
https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerCloudflare, Inc.
Subjectbeneplace.com
FingerprintFA:10:71:A9:9F:97:37:4F:1A:89:A2:E9:CC:0F:95:A6:CF:A4:A2:D1
ValidityFri, 01 Dec 2023 00:00:00 GMT - Sat, 30 Nov 2024 23:59:59 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (7232), with no line terminators
Size
6.7 kB (6699 bytes)
Hash
f779aee5e4ca0a48254fdc224c28d10c
aca05a7c0c67b5200ead083ede7724b5b7c80d95
8dfb6138a3dd0e529b0fe863c03700b2e5b013d87923e7bf415defbcf10fb0e0

HTTP Headers

GET /api/info HTTP/1.1
Host: harmac.savings.beneplace.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://auth.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 04 Dec 2023 01:51:49 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding, Origin
x-powered-by: 
access-control-allow-origin: https://auth.savings.workingadvantage.com
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
expires: Mon, 04 Dec 2023 01:51:47 GMT
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=rEx.7_cvgqTbIaw2Vwzp.iqbBkp9I_Fz46qPEpYPNTE-1701654709-0-AXM32Oz0Jo56amuQEG/iavYdeOKPdJjlguvN7cYq0Q5wXL3ZMu2p++R1BPrvNEjFq0sbW28uzll1pzXuHvzWbBc=; path=/; expires=Mon, 04-Dec-23 02:21:49 GMT; domain=.beneplace.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8300680a99fe7127-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET harmac.savings.beneplace.com/api/info?authInfo=true

104.18.37.20

200 OK

7.7 kB

URL GET HTTP/2
harmac.savings.beneplace.com/api/info?authInfo=true
IP
104.18.37.20:443
ASN
#13335 CLOUDFLARENET

Requested by
https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerCloudflare, Inc.
Subjectbeneplace.com
FingerprintFA:10:71:A9:9F:97:37:4F:1A:89:A2:E9:CC:0F:95:A6:CF:A4:A2:D1
ValidityFri, 01 Dec 2023 00:00:00 GMT - Sat, 30 Nov 2024 23:59:59 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (8338), with no line terminators
Size
7.7 kB (7741 bytes)
Hash
e1eed3a6d1d7dfa52be445b06bb04469
40c7368132eed78b1ed8562da946df74e39e07a7
99dc7615e5b4b26e1d533ee4b716cc3138a33319ecb343bc93db7af67401765b

HTTP Headers

GET /api/info?authInfo=true HTTP/1.1
Host: harmac.savings.beneplace.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://auth.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 04 Dec 2023 01:51:49 GMT
content-type: application/json; charset=utf-8
x-powered-by: 
access-control-allow-origin: https://auth.savings.workingadvantage.com
vary: Origin
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
etag: W/"1e3d-MNymTFke/nTiGbnKrwO+iyxzN18"
expires: Mon, 04 Dec 2023 01:51:48 GMT
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=k7tAX5xb0fj1DszY1ml2I6VEwCgGzJCVQA4LAc4m4ME-1701654709-0-AShL9kdWp34f50sWDw4uWl3TBrU2MVe5NPH+Gm3/v24uaRzUgoYYZrMlVFhWs67gDefzmZPRJG8IAPnd/RDufcs=; path=/; expires=Mon, 04-Dec-23 02:21:49 GMT; domain=.beneplace.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8300680a89f97127-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js

104.18.39.111

200 OK

52 kB

URL GET HTTP/3
auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
IP
104.18.39.111:443
ASN
#13335 CLOUDFLARENET

Requested by
https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerCloudflare, Inc.
Subjectworkingadvantage.com
FingerprintE1:B3:50:87:CF:77:63:80:7F:9D:81:96:18:E2:FA:4F:AC:2D:A8:B6
ValidityThu, 06 Jul 2023 00:00:00 GMT - Thu, 04 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (51930)
Size
52 kB (52446 bytes)
Hash
0cd967d483680340e1c5d0f1c3b34662
4f6121c35c81f16302bdb45a3a00ee708896a72c
bc49c009b33e66a59f057cf4ada682b80d4401d919ddf0f8d3ef2bb0415f0b23

HTTP Headers

GET /assets/new-relic/new-relic-integration.js HTTP/1.1
Host: auth.savings.workingadvantage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Cookie: __cf_bm=Z1lUxOL3voxfctmhCnRFNwPwCyQX8TNxj_v0dr3P6hQ-1701654704-0-AZpFiscTnPtW17V4DnPLLAIIbpsEcNfVEbciNs30klHtPOIuKM+RAGoYBf52je3t0iTJaPsmw5zarDmdKCCLnbI=; AMCV_B5F9FF2554F608410A4C98C6%40AdobeOrg=1176715910%7CMCIDTS%7C19696%7CMCMID%7C28201712594406624848983761685300558313%7CMCAID%7CNONE%7CMCOPTOUT-1701661910s%7CNONE%7CvVersion%7C5.4.0; s_ecid=MCMID%7C28201712594406624848983761685300558313; AMCVS_B5F9FF2554F608410A4C98C6%40AdobeOrg=1; _ga_FD2X5ZMELR=GS1.1.1701654710.1.0.1701654711.0.0.0; _ga=GA1.1.547215177.1701654711; cf_clearance=bj44fApg1ok1AVLflLzvnF6ZZyW4L7sAazd_nbEfI9w-1701654706-0-1-730ca2d2.73a07051.5b213570-0.2.1701654706; _gcl_au=1.1.364419749.1701654712; btIdentify=5a928e68-f221-4353-d3ef-d29c7271f26b; _bti=%7B%22app_id%22%3A%22ebg-wag3%22%2C%22bsin%22%3A%22v0NwZmC5K1%2FbrsroXNQ%2FEKO07mTuWKWwl1prJHUZ2XlRtDW7okh9waiOPLd%2FPEz39K4ag%2FydpNNYw%2FYz5DdU2w%3D%3D%22%2C%22is_identified%22%3Afalse%7D; _bts=30ac833f-1c1f-40f0-cf38-eacb4dfcacf4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 04 Dec 2023 01:51:48 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 29 Nov 2023 02:24:58 GMT
vary: Accept-Encoding
etag: W/"6566a0fa-ccde"
strict-transport-security: max-age=5184000; includeSubDomains
x-frame-options: DENY
content-security-policy: frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
server: cloudflare
cf-ray: 830068045c78712e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET harmac.savings.beneplace.com/api/google-experiments/auth-v2

104.18.37.20

200 OK

4.1 kB

URL GET HTTP/2
harmac.savings.beneplace.com/api/google-experiments/auth-v2
IP
104.18.37.20:443
ASN
#13335 CLOUDFLARENET

Requested by
https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerCloudflare, Inc.
Subjectbeneplace.com
FingerprintFA:10:71:A9:9F:97:37:4F:1A:89:A2:E9:CC:0F:95:A6:CF:A4:A2:D1
ValidityFri, 01 Dec 2023 00:00:00 GMT - Sat, 30 Nov 2024 23:59:59 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (4740), with no line terminators
Size
4.1 kB (4056 bytes)
Hash
14ecdb96169cc32ecc2c6fee0bc2b731
6ed4bf3fda90c177895c158c73e71b881fd91901
ea9e4e9fb1c08973e40810b0c9a5493b723045d7b2dc71f9fcd5605843fa3fc9

HTTP Headers

GET /api/google-experiments/auth-v2 HTTP/1.1
Host: harmac.savings.beneplace.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://auth.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 04 Dec 2023 01:51:49 GMT
content-type: application/json; charset=utf-8
x-powered-by: 
access-control-allow-origin: https://auth.savings.workingadvantage.com
vary: Origin
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
etag: W/"fd8-xTrkXE581f1SQMoUGwMfCAmZvJg"
expires: Mon, 04 Dec 2023 01:51:47 GMT
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=U_kWZDYMFduOAttHK2pWLjhFSkNIhJ7yg1gsg7apRbs-1701654709-0-AcHX81Cz2ub6tc8PCtDhr92TC392sXxyssje+mxvV07ClIRmoJsFXoBYTLvCsPIti25Pq0aY1mBMkUmBL5RlBlU=; path=/; expires=Mon, 04-Dec-23 02:21:49 GMT; domain=.beneplace.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8300680a89f57127-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET harmac.savings.beneplace.com/api/platform/options/mouseflow?name=workingadvantage_mouseflow_script_id

104.18.37.20

200 OK

94 B

URL GET HTTP/3
harmac.savings.beneplace.com/api/platform/options/mouseflow?name=workingadvantage_mouseflow_script_id
IP
104.18.37.20:443
ASN
#13335 CLOUDFLARENET

Requested by
https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerCloudflare, Inc.
Subjectbeneplace.com
FingerprintFA:10:71:A9:9F:97:37:4F:1A:89:A2:E9:CC:0F:95:A6:CF:A4:A2:D1
ValidityFri, 01 Dec 2023 00:00:00 GMT - Sat, 30 Nov 2024 23:59:59 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
94 B (94 bytes)
Hash
574380e3af8e668c085d981c9866561b
68a87b621a0b735bd2c5f0d9ab264e2a5a5e5e1b
18eb455b689078c36720e1eb62d51e407dd707b6565340fa85e9f706f48b2033

HTTP Headers

GET /api/platform/options/mouseflow?name=workingadvantage_mouseflow_script_id HTTP/1.1
Host: harmac.savings.beneplace.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://auth.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 04 Dec 2023 01:51:50 GMT
content-type: application/json; charset=utf-8
x-powered-by: 
access-control-allow-origin: https://auth.savings.workingadvantage.com
vary: Origin
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
etag: W/"5e-xWERRy+8FVp8nFwecehLclRX7Go"
expires: Mon, 04 Dec 2023 01:51:49 GMT
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=_RgIKVHtxKYNnm3tjVc350acyexC7NM6HnLftRdkfOM-1701654710-0-AW17M0zc/5yfhKlBVVinE0ZQ+kc1gp6rbeWEmUHf+YJZXEj4LqXDc/sY2NTUi5aLWcvfz9/UotyliICNSAdNI7Q=; path=/; expires=Mon, 04-Dec-23 02:21:50 GMT; domain=.beneplace.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 830068114c565695-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET auth.savings.workingadvantage.com/runtime.13338c5d9c83d0b6.js

104.18.39.111

200 OK

1.2 kB

URL GET HTTP/3
auth.savings.workingadvantage.com/runtime.13338c5d9c83d0b6.js
IP
104.18.39.111:443
ASN
#13335 CLOUDFLARENET

Requested by
https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerCloudflare, Inc.
Subjectworkingadvantage.com
FingerprintE1:B3:50:87:CF:77:63:80:7F:9D:81:96:18:E2:FA:4F:AC:2D:A8:B6
ValidityThu, 06 Jul 2023 00:00:00 GMT - Thu, 04 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (1162), with no line terminators
Size
1.2 kB (1160 bytes)
Hash
e29acf338ccd95684fd9ee2ea7ddd277
721dcd26e75a7d19304bc9442990b605f8f16ff5
12d58735bc08f3bb5aa001af1dfb3acadb4f60264ad7b680d5a8683d184b2d4c

HTTP Headers

GET /runtime.13338c5d9c83d0b6.js HTTP/1.1
Host: auth.savings.workingadvantage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Cookie: __cf_bm=Z1lUxOL3voxfctmhCnRFNwPwCyQX8TNxj_v0dr3P6hQ-1701654704-0-AZpFiscTnPtW17V4DnPLLAIIbpsEcNfVEbciNs30klHtPOIuKM+RAGoYBf52je3t0iTJaPsmw5zarDmdKCCLnbI=; AMCV_B5F9FF2554F608410A4C98C6%40AdobeOrg=1176715910%7CMCIDTS%7C19696%7CMCMID%7C28201712594406624848983761685300558313%7CMCAID%7CNONE%7CMCOPTOUT-1701661910s%7CNONE%7CvVersion%7C5.4.0; s_ecid=MCMID%7C28201712594406624848983761685300558313; AMCVS_B5F9FF2554F608410A4C98C6%40AdobeOrg=1; _ga_FD2X5ZMELR=GS1.1.1701654710.1.0.1701654711.0.0.0; _ga=GA1.1.547215177.1701654711; cf_clearance=bj44fApg1ok1AVLflLzvnF6ZZyW4L7sAazd_nbEfI9w-1701654706-0-1-730ca2d2.73a07051.5b213570-0.2.1701654706; _gcl_au=1.1.364419749.1701654712; btIdentify=5a928e68-f221-4353-d3ef-d29c7271f26b; _bti=%7B%22app_id%22%3A%22ebg-wag3%22%2C%22bsin%22%3A%22v0NwZmC5K1%2FbrsroXNQ%2FEKO07mTuWKWwl1prJHUZ2XlRtDW7okh9waiOPLd%2FPEz39K4ag%2FydpNNYw%2FYz5DdU2w%3D%3D%22%2C%22is_identified%22%3Afalse%7D; _bts=30ac833f-1c1f-40f0-cf38-eacb4dfcacf4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 04 Dec 2023 01:51:48 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 29 Nov 2023 02:24:53 GMT
vary: Accept-Encoding
etag: W/"6566a0f5-488"
strict-transport-security: max-age=5184000; includeSubDomains
x-frame-options: DENY
content-security-policy: frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
server: cloudflare
cf-ray: 830068046c82712e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET auth.savings.workingadvantage.com/assets/wa-logo-wide.png

104.18.39.111

200 OK

29 kB

URL GET HTTP/3
auth.savings.workingadvantage.com/assets/wa-logo-wide.png
IP
104.18.39.111:443
ASN
#13335 CLOUDFLARENET

Requested by
https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerCloudflare, Inc.
Subjectworkingadvantage.com
FingerprintE1:B3:50:87:CF:77:63:80:7F:9D:81:96:18:E2:FA:4F:AC:2D:A8:B6
ValidityThu, 06 Jul 2023 00:00:00 GMT - Thu, 04 Jul 2024 23:59:59 GMT

File type
PNG image data, 500 x 200, 8-bit/color RGB, non-interlaced\012- data
Size
29 kB (29260 bytes)
Hash
9a514012bac6a68b6d0025ca3f28f4e4
447dd4828180a2480363d765b2c9ef41c1835da1
99e2d1102c644111abed2ee312d1e57ed5418135c0c9905f3f2a1cd44312d3d4

HTTP Headers

GET /assets/wa-logo-wide.png HTTP/1.1
Host: auth.savings.workingadvantage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https:%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Cookie: __cf_bm=Z1lUxOL3voxfctmhCnRFNwPwCyQX8TNxj_v0dr3P6hQ-1701654704-0-AZpFiscTnPtW17V4DnPLLAIIbpsEcNfVEbciNs30klHtPOIuKM+RAGoYBf52je3t0iTJaPsmw5zarDmdKCCLnbI=; AMCV_B5F9FF2554F608410A4C98C6%40AdobeOrg=1176715910%7CMCIDTS%7C19696%7CMCMID%7C28201712594406624848983761685300558313%7CMCAID%7CNONE%7CMCOPTOUT-1701661915s%7CNONE%7CvVersion%7C5.4.0; s_ecid=MCMID%7C28201712594406624848983761685300558313; AMCVS_B5F9FF2554F608410A4C98C6%40AdobeOrg=1; _ga_FD2X5ZMELR=GS1.1.1701654710.1.1.1701654716.0.0.0; _ga=GA1.1.547215177.1701654711; cf_clearance=bj44fApg1ok1AVLflLzvnF6ZZyW4L7sAazd_nbEfI9w-1701654706-0-1-730ca2d2.73a07051.5b213570-0.2.1701654706; _gcl_au=1.1.364419749.1701654712; btIdentify=5a928e68-f221-4353-d3ef-d29c7271f26b; _bti=%7B%22app_id%22%3A%22ebg-wag3%22%2C%22bsin%22%3A%22v0NwZmC5K1%2FbrsroXNQ%2FEKO07mTuWKWwl1prJHUZ2XlRtDW7okh9waiOPLd%2FPEz39K4ag%2FydpNNYw%2FYz5DdU2w%3D%3D%22%2C%22is_identified%22%3Afalse%7D; _bts=30ac833f-1c1f-40f0-cf38-eacb4dfcacf4; mbox=session#1d3b9a1dc08d45e4a72e179cc2512ea7#1701656576; at_check=true; g3refurl=https%253A%252F%252Fauth.savings.workingadvantage.com%252Fharmac%252Fsign-in%253Fresponse_type%253Dcode%2526client_id%253D9ezalirn45mf43imjtdf53%2526redirect_uri%253Dhttps%253A%25252f%25252fharmac.savings.workingadvantage.com%25252fmy-profile%25252fdetails; prev_url_v2=https%253A%252F%252Fauth.savings.workingadvantage.com%252Fharmac%252Fsign-in%253Fresponse_type%253Dcode%2526client_id%253D9ezalirn45mf43imjtdf53%2526redirect_uri%253Dhttps%253A%25252f%25252fharmac.savings.workingadvantage.com%25252fmy-profile%25252fdetails; s_cc=true; split_test_groups={}
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 04 Dec 2023 01:51:51 GMT
content-type: image/png
content-length: 29260
last-modified: Wed, 29 Nov 2023 02:24:58 GMT
etag: "6566a0fa-724c"
accept-ranges: bytes
strict-transport-security: max-age=5184000; includeSubDomains
x-frame-options: DENY
content-security-policy: frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
server: cloudflare
cf-ray: 830068179aaa712e-OSL
alt-svc: h3=":443"; ma=86400

GET auth.savings.workingadvantage.com/scripts.b785e07ef29de485.js

104.18.39.111

200 OK

170 kB

URL GET HTTP/3
auth.savings.workingadvantage.com/scripts.b785e07ef29de485.js
IP
104.18.39.111:443
ASN
#13335 CLOUDFLARENET

Requested by
https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerCloudflare, Inc.
Subjectworkingadvantage.com
FingerprintE1:B3:50:87:CF:77:63:80:7F:9D:81:96:18:E2:FA:4F:AC:2D:A8:B6
ValidityThu, 06 Jul 2023 00:00:00 GMT - Thu, 04 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
170 kB (169744 bytes)
Hash
46c966376ef0860c9f256d7701100634
7cf0609623ef764b6c28e3778565084628881241
ac3e5cf9dbf7e7d8afbde8193602e353a531e05ea3ed89990432248a8c73ee18

HTTP Headers

GET /scripts.b785e07ef29de485.js HTTP/1.1
Host: auth.savings.workingadvantage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Cookie: __cf_bm=Z1lUxOL3voxfctmhCnRFNwPwCyQX8TNxj_v0dr3P6hQ-1701654704-0-AZpFiscTnPtW17V4DnPLLAIIbpsEcNfVEbciNs30klHtPOIuKM+RAGoYBf52je3t0iTJaPsmw5zarDmdKCCLnbI=; AMCV_B5F9FF2554F608410A4C98C6%40AdobeOrg=1176715910%7CMCIDTS%7C19696%7CMCMID%7C28201712594406624848983761685300558313%7CMCAID%7CNONE%7CMCOPTOUT-1701661910s%7CNONE%7CvVersion%7C5.4.0; s_ecid=MCMID%7C28201712594406624848983761685300558313; AMCVS_B5F9FF2554F608410A4C98C6%40AdobeOrg=1; _ga_FD2X5ZMELR=GS1.1.1701654710.1.0.1701654711.0.0.0; _ga=GA1.1.547215177.1701654711; cf_clearance=bj44fApg1ok1AVLflLzvnF6ZZyW4L7sAazd_nbEfI9w-1701654706-0-1-730ca2d2.73a07051.5b213570-0.2.1701654706; _gcl_au=1.1.364419749.1701654712; btIdentify=5a928e68-f221-4353-d3ef-d29c7271f26b; _bti=%7B%22app_id%22%3A%22ebg-wag3%22%2C%22bsin%22%3A%22v0NwZmC5K1%2FbrsroXNQ%2FEKO07mTuWKWwl1prJHUZ2XlRtDW7okh9waiOPLd%2FPEz39K4ag%2FydpNNYw%2FYz5DdU2w%3D%3D%22%2C%22is_identified%22%3Afalse%7D; _bts=30ac833f-1c1f-40f0-cf38-eacb4dfcacf4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 04 Dec 2023 01:51:48 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 29 Nov 2023 02:24:53 GMT
vary: Accept-Encoding
etag: W/"6566a0f5-29710"
strict-transport-security: max-age=5184000; includeSubDomains
x-frame-options: DENY
content-security-policy: frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
server: cloudflare
cf-ray: 830068047c8b712e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET auth.savings.workingadvantage.com/socket.io/?subdomain=harmac&EIO=3&transport=websocket

172.64.148.145

101 Switching Protocols

0 B

URL GET HTTP/1.1
auth.savings.workingadvantage.com/socket.io/?subdomain=harmac&EIO=3&transport=websocket
IP
172.64.148.145:443
ASN
#13335 CLOUDFLARENET

Requested by
https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerCloudflare, Inc.
Subjectworkingadvantage.com
FingerprintE1:B3:50:87:CF:77:63:80:7F:9D:81:96:18:E2:FA:4F:AC:2D:A8:B6
ValidityThu, 06 Jul 2023 00:00:00 GMT - Thu, 04 Jul 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /socket.io/?subdomain=harmac&EIO=3&transport=websocket HTTP/1.1
Host: auth.savings.workingadvantage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://auth.savings.workingadvantage.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: vaKSMyjgfPCFIoK+YfaZew==
DNT: 1
Connection: keep-alive, Upgrade
Cookie: __cf_bm=Z1lUxOL3voxfctmhCnRFNwPwCyQX8TNxj_v0dr3P6hQ-1701654704-0-AZpFiscTnPtW17V4DnPLLAIIbpsEcNfVEbciNs30klHtPOIuKM+RAGoYBf52je3t0iTJaPsmw5zarDmdKCCLnbI=; AMCV_B5F9FF2554F608410A4C98C6%40AdobeOrg=1176715910%7CMCIDTS%7C19696%7CMCMID%7C28201712594406624848983761685300558313%7CMCAID%7CNONE%7CMCOPTOUT-1701661913s%7CNONE%7CvVersion%7C5.4.0; s_ecid=MCMID%7C28201712594406624848983761685300558313; AMCVS_B5F9FF2554F608410A4C98C6%40AdobeOrg=1; _ga_FD2X5ZMELR=GS1.1.1701654710.1.1.1701654713.0.0.0; _ga=GA1.1.547215177.1701654711; cf_clearance=bj44fApg1ok1AVLflLzvnF6ZZyW4L7sAazd_nbEfI9w-1701654706-0-1-730ca2d2.73a07051.5b213570-0.2.1701654706; _gcl_au=1.1.364419749.1701654712; btIdentify=5a928e68-f221-4353-d3ef-d29c7271f26b; _bti=%7B%22app_id%22%3A%22ebg-wag3%22%2C%22bsin%22%3A%22v0NwZmC5K1%2FbrsroXNQ%2FEKO07mTuWKWwl1prJHUZ2XlRtDW7okh9waiOPLd%2FPEz39K4ag%2FydpNNYw%2FYz5DdU2w%3D%3D%22%2C%22is_identified%22%3Afalse%7D; _bts=30ac833f-1c1f-40f0-cf38-eacb4dfcacf4
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Date: Mon, 04 Dec 2023 01:51:50 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: X5tfz/mqVy6GhCOZK+8ZTMROW1s=
Access-Control-Allow-Origin: https://auth.savings.workingadvantage.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
CF-Cache-Status: DYNAMIC
Strict-Transport-Security: max-age=5184000; includeSubDomains
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 830068105e2e569f-OSL
alt-svc: h3=":443"; ma=86400

GET harmac.savings.beneplace.com/api/info?authInfo=true

104.18.37.20

200 OK

7.7 kB

URL GET HTTP/3
harmac.savings.beneplace.com/api/info?authInfo=true
IP
104.18.37.20:443
ASN
#13335 CLOUDFLARENET

Requested by
https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerCloudflare, Inc.
Subjectbeneplace.com
FingerprintFA:10:71:A9:9F:97:37:4F:1A:89:A2:E9:CC:0F:95:A6:CF:A4:A2:D1
ValidityFri, 01 Dec 2023 00:00:00 GMT - Sat, 30 Nov 2024 23:59:59 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (8338), with no line terminators
Size
7.7 kB (7741 bytes)
Hash
e1eed3a6d1d7dfa52be445b06bb04469
40c7368132eed78b1ed8562da946df74e39e07a7
99dc7615e5b4b26e1d533ee4b716cc3138a33319ecb343bc93db7af67401765b

HTTP Headers

GET /api/info?authInfo=true HTTP/1.1
Host: harmac.savings.beneplace.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://auth.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 04 Dec 2023 01:51:50 GMT
content-type: application/json; charset=utf-8
x-powered-by: 
access-control-allow-origin: https://auth.savings.workingadvantage.com
vary: Origin
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
etag: W/"1e3d-MNymTFke/nTiGbnKrwO+iyxzN18"
expires: Mon, 04 Dec 2023 01:51:49 GMT
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=YNFzuAZZQQiuBk.EfRaiUETMrwukzuEPVESHbwC0Hzw-1701654710-0-AfBWnjVRr+ZrkpTgI57r2DD4gPXCTN4T1gxn0jjDWb8e3Y9YRlQb10xiO5ere3Za7p+4rHbflr7gRaGagYoesKg=; path=/; expires=Mon, 04-Dec-23 02:21:50 GMT; domain=.beneplace.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 830068108c225695-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails

104.18.39.111

200 OK

10 kB

URL User Request GET HTTP/3
auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
IP
104.18.39.111:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerCloudflare, Inc.
Subjectworkingadvantage.com
FingerprintE1:B3:50:87:CF:77:63:80:7F:9D:81:96:18:E2:FA:4F:AC:2D:A8:B6
ValidityThu, 06 Jul 2023 00:00:00 GMT - Thu, 04 Jul 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (2673)
Size
10 kB (10021 bytes)
Hash
9dc741cceb3e6196fc51aaf393ba667d
4bc2d73332ea98260ff182810915604317328de8
71acbca9b831f8a47366482c0664f975f7a4bc3d9db4fe8cda3fb5036ac2f001

HTTP Headers

GET /harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails HTTP/1.1
Host: auth.savings.workingadvantage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://harmac.savings.workingadvantage.com/
DNT: 1
Connection: keep-alive
Cookie: __cf_bm=Z1lUxOL3voxfctmhCnRFNwPwCyQX8TNxj_v0dr3P6hQ-1701654704-0-AZpFiscTnPtW17V4DnPLLAIIbpsEcNfVEbciNs30klHtPOIuKM+RAGoYBf52je3t0iTJaPsmw5zarDmdKCCLnbI=; AMCV_B5F9FF2554F608410A4C98C6%40AdobeOrg=1176715910%7CMCIDTS%7C19696%7CMCMID%7C28201712594406624848983761685300558313%7CMCAID%7CNONE%7CMCOPTOUT-1701661910s%7CNONE%7CvVersion%7C5.4.0; s_ecid=MCMID%7C28201712594406624848983761685300558313; AMCVS_B5F9FF2554F608410A4C98C6%40AdobeOrg=1; _ga_FD2X5ZMELR=GS1.1.1701654710.1.0.1701654711.0.0.0; _ga=GA1.1.547215177.1701654711; cf_clearance=bj44fApg1ok1AVLflLzvnF6ZZyW4L7sAazd_nbEfI9w-1701654706-0-1-730ca2d2.73a07051.5b213570-0.2.1701654706; _gcl_au=1.1.364419749.1701654712; btIdentify=5a928e68-f221-4353-d3ef-d29c7271f26b; _bti=%7B%22app_id%22%3A%22ebg-wag3%22%2C%22bsin%22%3A%22v0NwZmC5K1%2FbrsroXNQ%2FEKO07mTuWKWwl1prJHUZ2XlRtDW7okh9waiOPLd%2FPEz39K4ag%2FydpNNYw%2FYz5DdU2w%3D%3D%22%2C%22is_identified%22%3Afalse%7D; _bts=30ac833f-1c1f-40f0-cf38-eacb4dfcacf4
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 04 Dec 2023 01:51:47 GMT
content-type: text/html; charset=utf-8
last-modified: Wed, 29 Nov 2023 02:24:58 GMT
vary: Accept-Encoding
strict-transport-security: max-age=5184000; includeSubDomains
x-frame-options: DENY
content-security-policy: frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
server: cloudflare
cf-ray: 830068032bf1712e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET g3i.imgix.net/uploads/harmac_logo_wide_01.png?w=250&h=32&crop=entropy&fit=clip&trim=color&trim-color=FFFFFF

151.101.86.208

200 OK

6.9 kB

URL GET HTTP/2
g3i.imgix.net/uploads/harmac_logo_wide_01.png?w=250&h=32&crop=entropy&fit=clip&trim=color&trim-color=FFFFFF
IP
151.101.86.208:443
ASN
#54113 FASTLY

Requested by
https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerCertainly
Subject*.imgix.net
Fingerprint78:D7:44:3E:7A:6A:98:03:E3:A6:91:C1:20:CA:43:BB:F5:93:F3:CE
ValidityFri, 01 Dec 2023 12:25:47 GMT - Sun, 31 Dec 2023 12:25:46 GMT

File type
PNG image data, 116 x 32, 8-bit/color RGB, non-interlaced\012- data
Size
6.9 kB (6931 bytes)
Hash
3f98ed06ac07685fcfdee36cc5530df6
ea7d00fe56ec1701f9ac3b0407cae86417d8bef9
268ac18f0b7cc3b69ee345aa3d1cd0a83db1c8f511fda352a42bc35ae234103f

HTTP Headers

GET /uploads/harmac_logo_wide_01.png?w=250&h=32&crop=entropy&fit=clip&trim=color&trim-color=FFFFFF HTTP/1.1
Host: g3i.imgix.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
last-modified: Sun, 03 Dec 2023 19:58:55 GMT
cache-control: public, max-age=31536000
server: imgix
x-imgix-id: 83f40acc28ce31f519ff6419e720458ec266df09
x-imgix-render-farm: 01.140360
date: Mon, 04 Dec 2023 01:51:51 GMT
age: 21176
accept-ranges: bytes
content-type: image/png
access-control-allow-origin: *
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
x-served-by: cache-sjc1000110-SJC, cache-bma1668-BMA
x-cache: HIT, MISS
content-length: 6931
X-Firefox-Spdy: h2

GET g3i.imgix.net/uploads/harmac_logo_wide_01.png?w=280&h=24&crop=entropy&fit=clip&trim=color&trim-color=FFFFFF

151.101.86.208

200 OK

4.3 kB

URL GET HTTP/2
g3i.imgix.net/uploads/harmac_logo_wide_01.png?w=280&h=24&crop=entropy&fit=clip&trim=color&trim-color=FFFFFF
IP
151.101.86.208:443
ASN
#54113 FASTLY

Requested by
https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerCertainly
Subject*.imgix.net
Fingerprint78:D7:44:3E:7A:6A:98:03:E3:A6:91:C1:20:CA:43:BB:F5:93:F3:CE
ValidityFri, 01 Dec 2023 12:25:47 GMT - Sun, 31 Dec 2023 12:25:46 GMT

File type
PNG image data, 87 x 24, 8-bit/color RGB, non-interlaced\012- data
Size
4.3 kB (4278 bytes)
Hash
ed706558511ccf6cf4bbe407694b25f3
df4b28af9481a6fb3839129eac06ad670bffdf28
6139f656b71cac3a7aabc7a67a29d7089d4ead526f9625ebcad8e3751da04200

HTTP Headers

GET /uploads/harmac_logo_wide_01.png?w=280&h=24&crop=entropy&fit=clip&trim=color&trim-color=FFFFFF HTTP/1.1
Host: g3i.imgix.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
last-modified: Sat, 25 Nov 2023 03:19:54 GMT
cache-control: public, max-age=31536000
server: imgix
x-imgix-id: c707906159e7c801e3858e7527f3880ce93065f1
x-imgix-render-farm: 01.140360
date: Mon, 04 Dec 2023 01:51:51 GMT
age: 772316
accept-ranges: bytes
content-type: image/png
access-control-allow-origin: *
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
x-served-by: cache-sjc10043-SJC, cache-bma1668-BMA
x-cache: HIT, MISS
content-length: 4278
X-Firefox-Spdy: h2

GET g3i.imgix.net/uploads/harmac_carousel_02.jpg

151.101.86.208

200 OK

257 kB

URL GET HTTP/2
g3i.imgix.net/uploads/harmac_carousel_02.jpg
IP
151.101.86.208:443
ASN
#54113 FASTLY

Requested by
https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerCertainly
Subject*.imgix.net
Fingerprint78:D7:44:3E:7A:6A:98:03:E3:A6:91:C1:20:CA:43:BB:F5:93:F3:CE
ValidityFri, 01 Dec 2023 12:25:47 GMT - Sun, 31 Dec 2023 12:25:46 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1920x1400, components 3\012- data
Size
257 kB (257138 bytes)
Hash
a8da0add7f28aa310e3db5dc58458f1d
6b6009543d1805e67b88c733481cd62d704cbd64
eeb5d718211d13126dbc7ce42250003cfe5c0b982bb01d9508b454b970a7de8b

HTTP Headers

GET /uploads/harmac_carousel_02.jpg HTTP/1.1
Host: g3i.imgix.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
last-modified: Sun, 26 Nov 2023 01:56:53 GMT
cache-control: public, max-age=31536000
server: imgix
x-imgix-id: d9f2c8df7565b8e2d7e434d9b63f4393ec88f294
x-imgix-render-farm: 01.139848
date: Mon, 04 Dec 2023 01:51:51 GMT
age: 690898
accept-ranges: bytes
content-type: image/jpeg
access-control-allow-origin: *
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
x-served-by: cache-sjc10040-SJC, cache-bma1668-BMA
x-cache: HIT, MISS
content-length: 257138
X-Firefox-Spdy: h2

GET auth.savings.workingadvantage.com/main.515236637b6c49b5.js

104.18.39.111

200 OK

1.7 MB

URL GET HTTP/3
auth.savings.workingadvantage.com/main.515236637b6c49b5.js
IP
104.18.39.111:443
ASN
#13335 CLOUDFLARENET

Requested by
https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerCloudflare, Inc.
Subjectworkingadvantage.com
FingerprintE1:B3:50:87:CF:77:63:80:7F:9D:81:96:18:E2:FA:4F:AC:2D:A8:B6
ValidityThu, 06 Jul 2023 00:00:00 GMT - Thu, 04 Jul 2024 23:59:59 GMT

File type

Size
1.7 MB (1692785 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /main.515236637b6c49b5.js HTTP/1.1
Host: auth.savings.workingadvantage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Cookie: __cf_bm=Z1lUxOL3voxfctmhCnRFNwPwCyQX8TNxj_v0dr3P6hQ-1701654704-0-AZpFiscTnPtW17V4DnPLLAIIbpsEcNfVEbciNs30klHtPOIuKM+RAGoYBf52je3t0iTJaPsmw5zarDmdKCCLnbI=; AMCV_B5F9FF2554F608410A4C98C6%40AdobeOrg=1176715910%7CMCIDTS%7C19696%7CMCMID%7C28201712594406624848983761685300558313%7CMCAID%7CNONE%7CMCOPTOUT-1701661910s%7CNONE%7CvVersion%7C5.4.0; s_ecid=MCMID%7C28201712594406624848983761685300558313; AMCVS_B5F9FF2554F608410A4C98C6%40AdobeOrg=1; _ga_FD2X5ZMELR=GS1.1.1701654710.1.0.1701654711.0.0.0; _ga=GA1.1.547215177.1701654711; cf_clearance=bj44fApg1ok1AVLflLzvnF6ZZyW4L7sAazd_nbEfI9w-1701654706-0-1-730ca2d2.73a07051.5b213570-0.2.1701654706; _gcl_au=1.1.364419749.1701654712; btIdentify=5a928e68-f221-4353-d3ef-d29c7271f26b; _bti=%7B%22app_id%22%3A%22ebg-wag3%22%2C%22bsin%22%3A%22v0NwZmC5K1%2FbrsroXNQ%2FEKO07mTuWKWwl1prJHUZ2XlRtDW7okh9waiOPLd%2FPEz39K4ag%2FydpNNYw%2FYz5DdU2w%3D%3D%22%2C%22is_identified%22%3Afalse%7D; _bts=30ac833f-1c1f-40f0-cf38-eacb4dfcacf4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 04 Dec 2023 01:51:48 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 29 Nov 2023 02:24:53 GMT
vary: Accept-Encoding
etag: W/"6566a0f5-19d471"
strict-transport-security: max-age=5184000; includeSubDomains
x-frame-options: DENY
content-security-policy: frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
server: cloudflare
cf-ray: 830068047c8c712e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET harmac.savings.beneplace.com/api/info?authInfo=true

104.18.37.20

200 OK

7.7 kB

URL GET HTTP/2
harmac.savings.beneplace.com/api/info?authInfo=true
IP
104.18.37.20:443
ASN
#13335 CLOUDFLARENET

Requested by
https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerCloudflare, Inc.
Subjectbeneplace.com
FingerprintFA:10:71:A9:9F:97:37:4F:1A:89:A2:E9:CC:0F:95:A6:CF:A4:A2:D1
ValidityFri, 01 Dec 2023 00:00:00 GMT - Sat, 30 Nov 2024 23:59:59 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (8338), with no line terminators
Size
7.7 kB (7741 bytes)
Hash
e1eed3a6d1d7dfa52be445b06bb04469
40c7368132eed78b1ed8562da946df74e39e07a7
99dc7615e5b4b26e1d533ee4b716cc3138a33319ecb343bc93db7af67401765b

HTTP Headers

GET /api/info?authInfo=true HTTP/1.1
Host: harmac.savings.beneplace.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://auth.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 04 Dec 2023 01:51:49 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding, Origin
x-powered-by: 
access-control-allow-origin: https://auth.savings.workingadvantage.com
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
expires: Mon, 04 Dec 2023 01:51:48 GMT
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=Xft24Fcko5p_kwIZaXaDJFJtsT503iYXpi.yAriMAf0-1701654709-0-AVpkQ5bjO1H04BsOQtZof7jFWI2LVqh0AmKYi/dzfaKNsJ55oLu4Bn4pwo1ILo8Pz7kKwVIbQQ8i8j5saXyZBYk=; path=/; expires=Mon, 04-Dec-23 02:21:49 GMT; domain=.beneplace.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8300680a89f77127-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET auth.savings.workingadvantage.com/styles.55427553bed43367.css

104.18.39.111

200 OK

40 kB

URL GET HTTP/3
auth.savings.workingadvantage.com/styles.55427553bed43367.css
IP
104.18.39.111:443
ASN
#13335 CLOUDFLARENET

Requested by
https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerCloudflare, Inc.
Subjectworkingadvantage.com
FingerprintE1:B3:50:87:CF:77:63:80:7F:9D:81:96:18:E2:FA:4F:AC:2D:A8:B6
ValidityThu, 06 Jul 2023 00:00:00 GMT - Thu, 04 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (39754)
Size
40 kB (39755 bytes)
Hash
0c6c5798b2536d4058555720691fad02
d84162926d57b64efb6e4c06a5b932041f75f570
0d090bed5512aa42771132ca52b0a7820daafbb07375d85a19efad37508f4471

HTTP Headers

GET /styles.55427553bed43367.css HTTP/1.1
Host: auth.savings.workingadvantage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Cookie: __cf_bm=Z1lUxOL3voxfctmhCnRFNwPwCyQX8TNxj_v0dr3P6hQ-1701654704-0-AZpFiscTnPtW17V4DnPLLAIIbpsEcNfVEbciNs30klHtPOIuKM+RAGoYBf52je3t0iTJaPsmw5zarDmdKCCLnbI=; AMCV_B5F9FF2554F608410A4C98C6%40AdobeOrg=1176715910%7CMCIDTS%7C19696%7CMCMID%7C28201712594406624848983761685300558313%7CMCAID%7CNONE%7CMCOPTOUT-1701661910s%7CNONE%7CvVersion%7C5.4.0; s_ecid=MCMID%7C28201712594406624848983761685300558313; AMCVS_B5F9FF2554F608410A4C98C6%40AdobeOrg=1; _ga_FD2X5ZMELR=GS1.1.1701654710.1.0.1701654711.0.0.0; _ga=GA1.1.547215177.1701654711; cf_clearance=bj44fApg1ok1AVLflLzvnF6ZZyW4L7sAazd_nbEfI9w-1701654706-0-1-730ca2d2.73a07051.5b213570-0.2.1701654706; _gcl_au=1.1.364419749.1701654712; btIdentify=5a928e68-f221-4353-d3ef-d29c7271f26b; _bti=%7B%22app_id%22%3A%22ebg-wag3%22%2C%22bsin%22%3A%22v0NwZmC5K1%2FbrsroXNQ%2FEKO07mTuWKWwl1prJHUZ2XlRtDW7okh9waiOPLd%2FPEz39K4ag%2FydpNNYw%2FYz5DdU2w%3D%3D%22%2C%22is_identified%22%3Afalse%7D; _bts=30ac833f-1c1f-40f0-cf38-eacb4dfcacf4
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 04 Dec 2023 01:51:48 GMT
content-type: text/css
last-modified: Wed, 29 Nov 2023 02:24:53 GMT
vary: Accept-Encoding
etag: W/"6566a0f5-9b4b"
strict-transport-security: max-age=5184000; includeSubDomains
x-frame-options: DENY
content-security-policy: frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
server: cloudflare
cf-ray: 83006805ed22712e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET auth.savings.workingadvantage.com/favicon.ico

104.18.39.111

200 OK

10 kB

URL GET HTTP/3
auth.savings.workingadvantage.com/favicon.ico
IP
104.18.39.111:443
ASN
#13335 CLOUDFLARENET

Requested by
https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerCloudflare, Inc.
Subjectworkingadvantage.com
FingerprintE1:B3:50:87:CF:77:63:80:7F:9D:81:96:18:E2:FA:4F:AC:2D:A8:B6
ValidityThu, 06 Jul 2023 00:00:00 GMT - Thu, 04 Jul 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (2673)
Size
10 kB (10021 bytes)
Hash
9dc741cceb3e6196fc51aaf393ba667d
4bc2d73332ea98260ff182810915604317328de8
71acbca9b831f8a47366482c0664f975f7a4bc3d9db4fe8cda3fb5036ac2f001

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: auth.savings.workingadvantage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Cookie: __cf_bm=Z1lUxOL3voxfctmhCnRFNwPwCyQX8TNxj_v0dr3P6hQ-1701654704-0-AZpFiscTnPtW17V4DnPLLAIIbpsEcNfVEbciNs30klHtPOIuKM+RAGoYBf52je3t0iTJaPsmw5zarDmdKCCLnbI=; AMCV_B5F9FF2554F608410A4C98C6%40AdobeOrg=1176715910%7CMCIDTS%7C19696%7CMCMID%7C28201712594406624848983761685300558313%7CMCAID%7CNONE%7CMCOPTOUT-1701661913s%7CNONE%7CvVersion%7C5.4.0; s_ecid=MCMID%7C28201712594406624848983761685300558313; AMCVS_B5F9FF2554F608410A4C98C6%40AdobeOrg=1; _ga_FD2X5ZMELR=GS1.1.1701654710.1.1.1701654713.0.0.0; _ga=GA1.1.547215177.1701654711; cf_clearance=bj44fApg1ok1AVLflLzvnF6ZZyW4L7sAazd_nbEfI9w-1701654706-0-1-730ca2d2.73a07051.5b213570-0.2.1701654706; _gcl_au=1.1.364419749.1701654712; btIdentify=5a928e68-f221-4353-d3ef-d29c7271f26b; _bti=%7B%22app_id%22%3A%22ebg-wag3%22%2C%22bsin%22%3A%22v0NwZmC5K1%2FbrsroXNQ%2FEKO07mTuWKWwl1prJHUZ2XlRtDW7okh9waiOPLd%2FPEz39K4ag%2FydpNNYw%2FYz5DdU2w%3D%3D%22%2C%22is_identified%22%3Afalse%7D; _bts=30ac833f-1c1f-40f0-cf38-eacb4dfcacf4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 04 Dec 2023 01:51:49 GMT
content-type: text/html; charset=utf-8
last-modified: Wed, 29 Nov 2023 02:24:58 GMT
vary: Accept-Encoding
strict-transport-security: max-age=5184000; includeSubDomains
x-frame-options: DENY
content-security-policy: frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8300680e9fcf712e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET harmac.savings.beneplace.com/api/platform/options/onetrust

104.18.37.20

200 OK

501 B

URL GET HTTP/3
harmac.savings.beneplace.com/api/platform/options/onetrust
IP
104.18.37.20:443
ASN
#13335 CLOUDFLARENET

Requested by
https://auth.savings.workingadvantage.com/harmac/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fharmac.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerCloudflare, Inc.
Subjectbeneplace.com
FingerprintFA:10:71:A9:9F:97:37:4F:1A:89:A2:E9:CC:0F:95:A6:CF:A4:A2:D1
ValidityFri, 01 Dec 2023 00:00:00 GMT - Sat, 30 Nov 2024 23:59:59 GMT

File type
ASCII text, with very long lines (593), with no line terminators
Size
501 B (501 bytes)
Hash
1bd871cf6bfbdcca54219eb3b5f1a023
6c8160b6c99dad28e761f01cc9267074a506054a
0f7d9620b9f4d1e7cc5395cc066a7728b4f91b1684cd2fa7b29142b08b03a06f

HTTP Headers

GET /api/platform/options/onetrust HTTP/1.1
Host: harmac.savings.beneplace.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://auth.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 04 Dec 2023 01:51:49 GMT
content-type: application/json; charset=utf-8
x-powered-by: 
access-control-allow-origin: https://auth.savings.workingadvantage.com
vary: Origin
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
etag: W/"1f5-7p9slVTH/yNu6/xY0Gl0Ekd5Wds"
expires: Mon, 04 Dec 2023 01:51:48 GMT
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=1d.3LizCvkwzj7S265poGINwq1iH6r9bfQknx9jbwVw-1701654709-0-AXEKtZ3SwXQLZoQ0rIgcHaVB6H7RP73p4mAX8ap/wLqC6RM48FXHtSFHlxme36DvwTIxSTOWt6HqjLdFnTBwO4A=; path=/; expires=Mon, 04-Dec-23 02:21:49 GMT; domain=.beneplace.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 830068104c0c5695-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (43)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML