Report - marketing.beneplace.com/ect/cc/eyJhbGciOiJIUzI1NiIsInppcCI6IkdaSVAifQ.H4sIAAAAAAAAAFWQy27CMBBF_yVrDIkfebBDFCRUkpbXoqvKsSfBkDg0NlCo-u91KKjqzvfMzNF4vrydVd7QK_I4hChMQhZIynxIgLAC5zQpEhrlNPR6nuLWGwaRH2DXR3HP03nxHyhjnApqripkoD0pAW6OC9EctZ1JV6MEd6pX4VSesMG779Jc6X3Ga3DIpWnLyxq0_SOTTri-HLo4no9Wq9nY0SUY0PJm7SQTfeqvWnHLH4gAhzsELRoJHc6e0kumFKvm62z_thvZfOxf0-u2ftktLlm9OWcrdp2vp3WGU5vu0s90oUA9PEv4lQMiMvdRhQiJiyHFIfjs_olNW7mGrbUHMxwMBOiKt33DT0qXpn9u2r17cHni2vIS-qKp3dzmqDqrIDH1C-mjnOMY0ZBQxBljiOA8xjJMZERldzhoTaN5pa7cqkY_w-V-IrdgasrbggYFRSQQJkHgKmtemscpv38AnANLhe4BAAA.8nGD5IGKnvxFWCIxr_cu4IHotGAvRn2Qi

Report Overview

Visited public
2023-12-04 03:31:57
Tags
URL
marketing.beneplace.com/ect/cc/eyJhbGciOiJIUzI1NiIsInppcCI6IkdaSVAifQ.H4sIAAAAAAAAAFWQy27CMBBF_yVrDIkfebBDFCRUkpbXoqvKsSfBkDg0NlCo-u91KKjqzvfMzNF4vrydVd7QK_I4hChMQhZIynxIgLAC5zQpEhrlNPR6nuLWGwaRH2DXR3HP03nxHyhjnApqripkoD0pAW6OC9EctZ1JV6MEd6pX4VSesMG779Jc6X3Ga3DIpWnLyxq0_SOTTri-HLo4no9Wq9nY0SUY0PJm7SQTfeqvWnHLH4gAhzsELRoJHc6e0kumFKvm62z_thvZfOxf0-u2ftktLlm9OWcrdp2vp3WGU5vu0s90oUA9PEv4lQMiMvdRhQiJiyHFIfjs_olNW7mGrbUHMxwMBOiKt33DT0qXpn9u2r17cHni2vIS-qKp3dzmqDqrIDH1C-mjnOMY0ZBQxBljiOA8xjJMZERldzhoTaN5pa7cqkY_w-V-IrdgasrbggYFRSQQJkHgKmtemscpv38AnANLhe4BAAA.8nGD5IGKnvxFWCIxr_cu4IHotGAvRn2Qi_08LdlbI5I/
Finishing URL
auth.savings.workingadvantage.com/cenlar/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https:%2F%2Fcenlar.savings.workingadvantage.com%2F
IP / ASN
207.189.124.33
#13649 ASN-VINS
Title
Cenlar FSB Savings Marketplace

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
auth.savings.workingadvantage.com	225276	1999-08-26	2021-12-21 07:20:15	2023-11-24 20:30:35	19 kB	2.1 MB	172.64.148.145
cenlar.savings.beneplace.com	unknown	2001-12-19	2022-12-09 03:04:52	2023-11-06 18:59:45	6.0 kB	181 kB	172.64.150.236
g3i.imgix.net	287889	2011-06-23	2020-09-11 15:53:19	2023-11-26 01:27:55	1.5 kB	205 kB	151.101.246.208
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-12-03 05:48:43	2.3 kB	59 kB	216.58.207.227
smetrics.workingadvantage.com	556520	1999-08-26	2017-10-23 11:38:04	2023-11-29 01:57:37	3.1 kB	1.6 kB	63.140.62.135
ocsp.r2m03.amazontrust.com	unknown	2007-05-11	2023-02-21 01:06:24	2023-12-03 11:12:04	350 B	942 B	143.204.53.97
live.rezync.com	2569	2017-05-22	2017-10-10 15:34:40	2023-12-02 06:32:20	560 B	7.2 kB	143.204.55.109
controlpanel.savings.beneplace.com	368574	2001-12-19	2019-03-14 18:11:12	2023-12-03 03:47:34	503 B	5.9 kB	172.64.150.236
cdn.jsdelivr.net	439	2012-05-16	2012-09-30 02:15:09	2023-12-03 05:09:21	1.1 kB	54 kB	151.101.129.229
maps.googleapis.com	33876	2005-01-25	2019-10-17 17:56:16	2023-12-03 05:21:26	3.0 kB	243 kB	172.217.21.170
www.googletagmanager.com	75	2011-11-11	2013-05-22 04:07:37	2023-12-03 06:51:04	4.2 kB	846 kB	142.250.74.168
cdn.boomtrain.com	6549	2011-03-17	2013-11-26 17:58:09	2023-12-03 22:48:23	449 B	31 kB	143.204.55.34
cenlar.savings.workingadvantage.com	unknown	1999-08-26	2022-12-09 03:04:49	2023-11-17 22:55:30	3.6 kB	245 kB	172.64.148.145
marketing.beneplace.com	500240	2001-12-19	2013-05-14 20:10:53	2023-12-03 01:00:29	1.1 kB	589 B	207.189.124.33
assets.adobedtm.com	512	2013-11-22	2014-01-28 05:51:35	2023-12-03 05:19:51	5.2 kB	188 kB	23.38.200.237
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17 22:46:33	2023-12-03 05:09:13	479 B	15 kB	104.17.25.14
people.api.boomtrain.com	7069	2011-03-17	2017-12-19 23:03:10	2023-12-03 17:03:01	687 B	455 B	54.160.104.167

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2023-12-04	medium	assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/99058982850f/RC986b4d5825364bd4887033e40e20c549-source.min.js	Webshells iisstart.aspx and Logout.aspx

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (42)

	URL	From	Size	First Seen	Last Seen
	unknown	ScriptElement	323 B	2023-09-18	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-18 16:29 Last Seen2024-08-21 06:26 Times Seen67 Hash 7c703c9bca0e0403159ff66c587427c9 8695cde60a89854fbf93c32f8b28f3bf01f0cd05 203086b57db6bfc4445097904cf0f679afea982ddad7e45b599747f02806fc3f Loading...

	unknown	Function	152 B	2023-04-11	2025-05-09
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:25 Last Seen2025-05-09 10:30 Times Seen30996 Hash 26bc31e12628b8388c3be44bb175d592 9464185aa11d68ea75e8d6495ff7b02ec3b4f1ad b4829119269f7853888d67440f0424d68bd7a7f3d6a85b408bc5260b7953fe09 Loading...

	unknown	Function	195 B	2023-04-12	2025-05-07
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-12 14:56 Last Seen2025-05-07 22:25 Times Seen1551 Hash 576a61e7e95f3fa39f316630cbc5c039 0c1d16e378c8cd9f13e724c9ce675b67d6926859 0c93256523c99dc09c2a8f6206cd600dc0a7715996a6d545794dcc0ed097f105 Loading...

	www.googletagmanager.com/gtag/js?id=G-2K753Z6D0L&l=dataLayer&cx=c	ScriptElement	256 kB	2023-12-04	2023-12-04
Pretty URL www.googletagmanager.com/gtag/js?id=G-2K753Z6D0L&l=dataLayer&cx=c IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-04 04:32 Last Seen2023-12-04 04:32 Times Seen1 Hash 4a0ed7e258a33bb18ceb49f5f1d1a223 ca7792169a47fca3a930d07ec6bfd7ba485e21ac 65c2ae0d0916bb8dbc8228fa19ba4668e7033126a48d1bed20a2a17c960105dc Loading...

	auth.savings.workingadvantage.com/scripts.b785e07ef29de485.js	ScriptElement	170 kB	2023-12-03	2024-08-20
Pretty URL auth.savings.workingadvantage.com/scripts.b785e07ef29de485.js IP 172.64.148.145 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-03 01:07 Last Seen2024-08-20 17:00 Times Seen36 Hash 46c966376ef0860c9f256d7701100634 7cf0609623ef764b6c28e3778565084628881241 ac3e5cf9dbf7e7d8afbde8193602e353a531e05ea3ed89990432248a8c73ee18 Loading...

	unknown	Function	201 B	2023-04-11	2025-05-09
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:25 Last Seen2025-05-09 10:30 Times Seen24026 Hash 53d8589ebc4fadb87f1135274db4336a f988aada6bc2e8412ef084550352078c9ed5e56e bd6d634c1b6694571e474743d2d89be15c22ae039b51869d33597806e596feb0 Loading...

	assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/launch-a0e5cece2585.min.js	ScriptElement	636 kB	2023-11-19	2023-12-05
Pretty URL assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/launch-a0e5cece2585.min.js IP 23.38.200.237 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-19 01:40 Last Seen2023-12-05 15:19 Times Seen33 Hash 9f22d37eff0340108e8e839a349263cc 0cabbc873195e92a33ed4694d49048ef05f52eee 47212462490d0b8fbf15a409fd8a79bd1a1f37c93790055517c1dc629bc9082f Loading...

	auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js	ScriptElement	52 kB	2023-09-19	2025-04-17
Pretty URL auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js IP 172.64.148.145 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-19 16:25 Last Seen2025-04-17 14:20 Times Seen196 Hash 0cd967d483680340e1c5d0f1c3b34662 4f6121c35c81f16302bdb45a3a00ee708896a72c bc49c009b33e66a59f057cf4ada682b80d4401d919ddf0f8d3ef2bb0415f0b23 Loading...

	auth.savings.workingadvantage.com/runtime.13338c5d9c83d0b6.js	ScriptElement	1.2 kB	2023-12-03	2024-08-20
Pretty URL auth.savings.workingadvantage.com/runtime.13338c5d9c83d0b6.js IP 172.64.148.145 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-03 03:47 Last Seen2024-08-20 16:59 Times Seen40 Hash dad34a2960bdd73c642af9fca8619602 33345e755556c32df38919f8f4db2785e08f2eae 779700103eaa215226d17491070dd24cc4e6ae6533a0f3a4071140805119b45f Loading...

	www.googletagmanager.com/gtag/js?id=G-FD2X5ZMELR&l=dataLayer&cx=c	ScriptElement	280 kB	2023-12-04	2023-12-04
Pretty URL www.googletagmanager.com/gtag/js?id=G-FD2X5ZMELR&l=dataLayer&cx=c IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-04 04:32 Last Seen2023-12-04 04:35 Times Seen3 Hash 6daa5765c42918fec7a159e29cac689b 865049285dd378eaf47e9096913346b7e97348db 22db338eab8729f4848a35bcf4bb018bd53f7feb693886b3dacb166029f0b343 Loading...

	www.googletagmanager.com/gtm.js?id=GTM-5QN8HWM	ScriptElement	237 kB	2023-12-04	2023-12-04
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-5QN8HWM IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-04 04:32 Last Seen2023-12-04 04:35 Times Seen3 Hash 13f48589805842506f920f45758b2cef 519b2175119ad7337f9dcf856421f8bbb1ecf3f9 23398043c89fbeda8d1fc57c978a23e2c05eea3ba910c8f96208f24b25ad2d03 Loading...

	maps.googleapis.com/maps/api/js?client=gme-entertainmentbenefits&libraries=places	ScriptElement	196 kB	2023-12-04	2023-12-04
Pretty URL maps.googleapis.com/maps/api/js?client=gme-entertainmentbenefits&libraries=places IP 172.217.21.170 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-04 02:52 Last Seen2023-12-04 04:35 Times Seen4 Hash 59b64ce85b33a556c7372400096319f0 2150f1e1e4132e89bb0859d74e8c6468e981bef4 6bc8edf20fa26484c5a1e9a7e825ca66b5aa394a827f204dd9b6860e7d3ed264 Loading...

	www.googletagmanager.com/gtag/js?id=UA-2876877-9	ScriptElement	191 kB	2023-12-04	2023-12-04
Pretty URL www.googletagmanager.com/gtag/js?id=UA-2876877-9 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-04 04:32 Last Seen2023-12-04 04:33 Times Seen2 Hash ec916bd3f25d923a70a220355edb8ac6 fbd4fe0283c0977f4824b1f9b33ad56f7505aca8 e396cdca628ab76403bc3afd1697155c5c51878c3b0fa5d066c7146b315cad6e Loading...

	auth.savings.workingadvantage.com/cenlar/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fcenlar.savings.workingadvantage.com%2F	ScriptElement	349 B	2023-09-18	2025-04-17
Pretty URL auth.savings.workingadvantage.com/cenlar/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fcenlar.savings.workingadvantage.com%2F IP 172.64.148.145 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-09-18 16:29 Last Seen2025-04-17 14:20 Times Seen98 Hash bfd4641cf237f14a85e544d630dc3c09 83c93c4e815ec1f066318e205a326c53b458aace b24c3a538a3af01fa2099c77b91b406dcc125332d015ceea8ceaa070c84998da Loading...

	auth.savings.workingadvantage.com/cenlar/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fcenlar.savings.workingadvantage.com%2F	ScriptElement	65 B	2023-03-13	2025-04-17
Pretty URL auth.savings.workingadvantage.com/cenlar/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fcenlar.savings.workingadvantage.com%2F IP 172.64.148.145 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-13 17:12 Last Seen2025-04-17 14:20 Times Seen98 Hash 5794b9877fc16957690d9e006e9e8baa f17cf13c5a87a4044861d4f48b44562629614eb8 ef40261a59ef81b9069e6b65aae5ebf4e9979e34353a15ecd6da30a0f917fa77 Loading...

	unknown	EventHandler	16 B	2023-04-10	2025-05-09
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2023-04-10 15:57 Last Seen2025-05-09 11:27 Times Seen56570 Hash 7c3c3ddeb80438dcbb3d081d2d00e152 5a4016732ee72ec77b4f6ab17047bcea6d2ea34d 321b4f657afbf8ba49518e6ab4cbad07ea967d0b4c68f71c7deed05ed09c1187 Loading...

	unknown	ScriptElement	1.4 kB	2023-03-13	2025-03-25
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 17:12 Last Seen2025-03-25 02:31 Times Seen82 Hash c7e7d198ba8a029e0310b70b4747744f 82e79289263643fc336d045daa6d4dbb88e624d7 e0ab1ab4fe3f9b6f0b19794962343d741395ebae2373edd4371aee7d28366196 Loading...

	assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/99058982850f/RCfc27f81c245c44b78fbb03ff4af1a6be-source.min.js	ScriptElement	343 B	2023-11-19	2023-12-05
Pretty URL assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/99058982850f/RCfc27f81c245c44b78fbb03ff4af1a6be-source.min.js IP 23.38.200.237 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-19 01:40 Last Seen2023-12-05 15:19 Times Seen33 Hash 9de49b0d72b52bcff35a575dcbf3a505 67b61404e3f0bf10d1aa5a8895b5f0840a2b8f4d c8ab5af61a41599d2375ab31a82cc778a38e29b25049ac57f1e6fcd60c004afe Loading...

	assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/99058982850f/RC986b4d5825364bd4887033e40e20c549-source.min.js	ScriptElement	757 B	2023-11-19	2023-12-05
Pretty URL assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/99058982850f/RC986b4d5825364bd4887033e40e20c549-source.min.js IP 23.38.200.237 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-19 01:40 Last Seen2023-12-05 15:19 Times Seen33 Hash 312cb3e912e23ae79d6f14e1f73679ac a3303715a66d325886a96badf99dc1111dbffa2c d56b6db4e16388149899dcea8f2bcbf6856bb84e7b9b866ddf3c388e5d12e8d6 Loading...

	unknown	ScriptElement	113 B	2023-03-13	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 17:12 Last Seen2024-08-21 09:32 Times Seen71 Hash 37d56fb9a6cd073433642241ff5aebc7 2eebec40b8e95cb9ad0d121dbc33ca6076f93de1 e98dc58c85660430fbf05198ba1aa66a08473eb678a7b82f42c826f932d95bf8 Loading...

	assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement_Module_ActivityMap.min.js	ScriptElement	3.3 kB	2023-03-07	2025-05-06
Pretty URL assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement_Module_ActivityMap.min.js IP 23.38.200.237 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-05-06 01:04 Times Seen904 Hash 2d1382c349d480b6b41574ac0c1af066 53ddf017aa6b66b4d54ea0818dc5c04789b9e5ae 462a66acbf50e933685e7587e9f1441df8225b2bb4d6b7bc5e757eccf4ff6575 Loading...

	unknown	ScriptElement	108 B	2023-03-13	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 17:12 Last Seen2024-08-21 09:32 Times Seen78 Hash d8504261314aff3680de53a08a00a979 8fc77534ff9d316538b881a34acc05e7e6478348 792cc97fffdd6fb26a202096b1bec0f97c24c97202a2ba8e242d7a640eacda2c Loading...

	unknown	Function	286 B	2023-04-11	2025-05-09
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:25 Last Seen2025-05-09 09:29 Times Seen25834 Hash e480511aa0877b44c194ae8d956bbeac 89fab2c13ec27233e4f3a25aae1871ddc29eb436 1008c0d1f25bc12ab18ef2a551d221fdf29ba3719b4285406eb67f048409d374 Loading...

	cdnjs.cloudflare.com/ajax/libs/web-animations/2.3.1/web-animations.min.js	ScriptElement	48 kB	2023-03-09	2025-04-17
Pretty URL cdnjs.cloudflare.com/ajax/libs/web-animations/2.3.1/web-animations.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 18:01 Last Seen2025-04-17 14:20 Times Seen228 Hash f689a668b5c6078984b93b9f59793c90 83042534752a6d9b0a4a086517e19230416feba4 cbb3c795fd44c83a1200149b18e0df050fe228df4b5b03891373029117d8bd6b Loading...

	auth.savings.workingadvantage.com/cenlar/sandbox%20eval%20code		147 B	2023-04-11	2025-05-09
Pretty URL auth.savings.workingadvantage.com/cenlar/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-05-09 11:18 Times Seen341422 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

	maps.googleapis.com/maps-api-v3/api/js/54/12a/util.js	ScriptElement	159 kB	2023-11-01	2024-08-20
Pretty URL maps.googleapis.com/maps-api-v3/api/js/54/12a/util.js IP 172.217.21.170 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-01 20:03 Last Seen2024-08-20 21:28 Times Seen1983 Hash dd9a0890c6719e8bbaf67f14c6032e48 645a019ec207a0c321401b6d0d05da505f9917b7 206b430ad8e96d2f58a4c4cc6d2e5b97b40a1b62d9c1a7b027409b376da8c1de Loading...

	auth.savings.workingadvantage.com/cenlar/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fcenlar.savings.workingadvantage.com%2F	ScriptElement	932 B	2023-09-18	2025-04-17
Pretty URL auth.savings.workingadvantage.com/cenlar/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fcenlar.savings.workingadvantage.com%2F IP 172.64.148.145 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-09-18 16:29 Last Seen2025-04-17 14:20 Times Seen93 Hash 98df3f5778dcb30093a6452f8a1b8ee1 1f33d383afd064ddaa401c0724b2d7a64673ea0e e66e996b32f5bfec8095bc23677892b561f248e0e73428a6222d91dc501b238b Loading...

	assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement.min.js	ScriptElement	34 kB	2023-03-07	2025-05-08
Pretty URL assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement.min.js IP 23.38.200.237 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-05-08 12:40 Times Seen1198 Hash d860c16ac938f7d839f0ec158d02d0f0 8710f81ed151233677f7e32b229cb35293dd6840 9219086b4f2c3bf77854b2e06ccd97ad32b9b7a140e65ff8b974a3bae6c7854c Loading...

	auth.savings.workingadvantage.com/main.515236637b6c49b5.js	ScriptElement	1.7 MB	2023-12-03	2024-08-20
Pretty URL auth.savings.workingadvantage.com/main.515236637b6c49b5.js IP 172.64.148.145 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-03 03:47 Last Seen2024-08-20 16:59 Times Seen5 Hash d9b8cbec8d9aeba1e01a7ce0b85a0937 50044624485ecc36fc58ad477383387be0708abc 91c427b2b39c5468937c35aaad5f7128e373277c63e42e48890248bd2710451d Loading...

	unknown	ScriptElement	108 B	2023-03-13	2025-04-17
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 17:12 Last Seen2025-04-17 14:20 Times Seen74 Hash 06d378718f9f4be5108e8d43f4f52d1b f48e1e0bcf80ad7c02b621829e704646f83a7f3f 08f8dcd255ba7389dca20d15c5662c30736cf92de10732d5ced395382a2c289f Loading...

	unknown	ScriptElement	508 B	2023-03-13	2025-04-17
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 17:12 Last Seen2025-04-17 14:20 Times Seen74 Hash 5da95c09a7225fece7a6fc22b0e6cc33 a8db951c1c542ae3945ec7a1f585d5fc7af97cd5 d66af1e424df8c9214e31ad6eb27a401588fe39301945870d74e99e7122446e2 Loading...

	www.google-analytics.com/analytics.js	ScriptElement	4.7 kB	2023-04-11	2025-05-09
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-05-09 11:18 Times Seen340621 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

	auth.savings.workingadvantage.com/polyfills.9bd4a18a68d081a1.js	ScriptElement	124 kB	2023-12-03	2024-08-20
Pretty URL auth.savings.workingadvantage.com/polyfills.9bd4a18a68d081a1.js IP 172.64.148.145 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-03 03:47 Last Seen2024-08-20 16:59 Times Seen24 Hash 0cd11218e1d6b6ab172b905bb2eb2693 9bc810ec1a37bdd5f7f6fe480529cbac372f84e5 040e0f83384cfe2b858b56ce6e588c85aa1f9840901d5edcb8266f65b00a68a5 Loading...

	unknown	Function	148 B	2023-04-11	2025-05-09
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:25 Last Seen2025-05-09 10:30 Times Seen6585 Hash ad647657a6182865673fe2300a1d13ad b1d7352ec14223bdae58961fe3ebab2ec990427b 9f500ac02daa86fc846af97dff1b0d92a41654db4a3548dd90574e5e70c28cdf Loading...

	maps.googleapis.com/maps-api-v3/api/js/54/12a/common.js	ScriptElement	260 kB	2023-11-01	2024-08-20
Pretty URL maps.googleapis.com/maps-api-v3/api/js/54/12a/common.js IP 172.217.21.170 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-01 20:03 Last Seen2024-08-20 21:28 Times Seen1986 Hash 62dd4694504b9493499887d729e7d456 31e1581fda82bcbe5971f202b686a7f2d16d3394 0b6fb8c2b9ee6b41540fd549a726e431eb8667074da38d94af8a647ae05e9da7 Loading...

	auth.savings.workingadvantage.com/cenlar/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fcenlar.savings.workingadvantage.com%2F	ScriptElement	24 B	2023-03-07	2025-05-09
Pretty URL auth.savings.workingadvantage.com/cenlar/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fcenlar.savings.workingadvantage.com%2F IP 172.64.148.145 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:24 Last Seen2025-05-09 09:29 Times Seen2052 Hash c4cc200d428ad0bc226a605f08309d6b 8ee05844bea8306da820f834d06e069371bfb3cf a695b556ffaa49572cfbfa488f5657bcc8822e8c87c82751aad0cc78af5f43dc Loading...

	unknown	Function	781 B	2023-04-11	2025-05-09
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:25 Last Seen2025-05-09 10:30 Times Seen434 Hash 6f3f68edbb63ab6f5ea0e26ae6b45ef7 eeaf7e6577aadb00bd1a5be9d2cdb22dfb665dbf 3d202d602a24af3f00f543059305fb1358312c5daed0de048054a717f7cdd35b Loading...

		Size	First Seen	Last Seen
	#1 Eval - b35eed5beba29cad886489ef5fc90bd1	126 B	2023-06-29 15:47	2025-04-17 14:20
Pretty Observations First Seen2023-06-29 15:47 Last Seen2025-04-17 14:20 Times Seen214 Hash b35eed5beba29cad886489ef5fc90bd1 afe98ace5c795fd87bfd83272b821381d7329174 a70b1022d6004cf796149dc1c761eeaa7a93f3722a00bf964564d553f97d20ef Loading...

	#2 Eval - 1a2aa1a6ce5068681ea03b256dc4210b	155 B	2023-06-29 15:47	2025-04-17 14:20
Pretty Observations First Seen2023-06-29 15:47 Last Seen2025-04-17 14:20 Times Seen214 Hash 1a2aa1a6ce5068681ea03b256dc4210b 0b3acb47956caeb4b2a11832b7a437604148aab9 956acbc83d8e7697e7fec665f50a35a27146c348e79a2dd765d58ed82ebaccc4 Loading...

	#3 Eval - 7adf665804720ec326158577a3860138	81 B	2023-06-29 15:47	2025-04-17 14:20
Pretty Observations First Seen2023-06-29 15:47 Last Seen2025-04-17 14:20 Times Seen214 Hash 7adf665804720ec326158577a3860138 ad57a3be095407c2c204c1657b0fb02d586e8876 eae7d96ec37a43a8bd194507a5d43e3dcbe614545e64ad4046a9f4a6549170d0 Loading...

	#4 Eval - bebbe774d038ac06c1fe1196b5da7e97	95 B	2023-06-29 15:47	2025-04-17 14:20
Pretty Observations First Seen2023-06-29 15:47 Last Seen2025-04-17 14:20 Times Seen213 Hash bebbe774d038ac06c1fe1196b5da7e97 f0cc3b3895a8b5105bfac31a3bea408538704ffc 6acd8e7ee5a1c5ed053d31c67c030793b89dc506d2eaeff0ac7d420434715993 Loading...

		Size	First Seen	Last Seen
	#1 Write - e9627b2e708c988d05d68e6938c6f9c0	316 B	2023-03-13 17:12	2025-02-10 19:55
Pretty Observations First Seen2023-03-13 17:12 Last Seen2025-02-10 19:55 Times Seen199 Hash e9627b2e708c988d05d68e6938c6f9c0 1fb1b735d7010d24a6105758447f9df86bb00d6f 40eececc7e4ab6fc3344caf3f737ec4742bbb46441e33f1e766be732ee2f1f96 Loading...

HTTP Transactions (69)

URL IP Response Size

marketing.beneplace.com/ect/cc/eyJhbGciOiJIUzI1NiIsInppcCI6IkdaSVAifQ.H4sIAAAAAAAAAFWQy27CMBBF_yVrDIkfebBDFCRUkpbXoqvKsSfBkDg0NlCo-u91KKjqzvfMzNF4vrydVd7QK_I4hChMQhZIynxIgLAC5zQpEhrlNPR6nuLWGwaRH2DXR3HP03nxHyhjnApqripkoD0pAW6OC9EctZ1JV6MEd6pX4VSesMG779Jc6X3Ga3DIpWnLyxq0_SOTTri-HLo4no9Wq9nY0SUY0PJm7SQTfeqvWnHLH4gAhzsELRoJHc6e0kumFKvm62z_thvZfOxf0-u2ftktLlm9OWcrdp2vp3WGU5vu0s90oUA9PEv4lQMiMvdRhQiJiyHFIfjs_olNW7mGrbUHMxwMBOiKt33DT0qXpn9u2r17cHni2vIS-qKp3dzmqDqrIDH1C-mjnOMY0ZBQxBljiOA8xjJMZERldzhoTaN5pa7cqkY_w-V-IrdgasrbggYFRSQQJkHgKmtemscpv38AnANLhe4BAAA.8nGD5IGKnvxFWCIxr_cu4IHotGAvRn2Qi_08LdlbI5I/

207.189.124.33

0 B

URL
marketing.beneplace.com/ect/cc/eyJhbGciOiJIUzI1NiIsInppcCI6IkdaSVAifQ.H4sIAAAAAAAAAFWQy27CMBBF_yVrDIkfebBDFCRUkpbXoqvKsSfBkDg0NlCo-u91KKjqzvfMzNF4vrydVd7QK_I4hChMQhZIynxIgLAC5zQpEhrlNPR6nuLWGwaRH2DXR3HP03nxHyhjnApqripkoD0pAW6OC9EctZ1JV6MEd6pX4VSesMG779Jc6X3Ga3DIpWnLyxq0_SOTTri-HLo4no9Wq9nY0SUY0PJm7SQTfeqvWnHLH4gAhzsELRoJHc6e0kumFKvm62z_thvZfOxf0-u2ftktLlm9OWcrdp2vp3WGU5vu0s90oUA9PEv4lQMiMvdRhQiJiyHFIfjs_olNW7mGrbUHMxwMBOiKt33DT0qXpn9u2r17cHni2vIS-qKp3dzmqDqrIDH1C-mjnOMY0ZBQxBljiOA8xjJMZERldzhoTaN5pa7cqkY_w-V-IrdgasrbggYFRSQQJkHgKmtemscpv38AnANLhe4BAAA.8nGD5IGKnvxFWCIxr_cu4IHotGAvRn2Qi_08LdlbI5I/
IP
207.189.124.33:0
ASN
#13649 ASN-VINS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ect/cc/eyJhbGciOiJIUzI1NiIsInppcCI6IkdaSVAifQ.H4sIAAAAAAAAAFWQy27CMBBF_yVrDIkfebBDFCRUkpbXoqvKsSfBkDg0NlCo-u91KKjqzvfMzNF4vrydVd7QK_I4hChMQhZIynxIgLAC5zQpEhrlNPR6nuLWGwaRH2DXR3HP03nxHyhjnApqripkoD0pAW6OC9EctZ1JV6MEd6pX4VSesMG779Jc6X3Ga3DIpWnLyxq0_SOTTri-HLo4no9Wq9nY0SUY0PJm7SQTfeqvWnHLH4gAhzsELRoJHc6e0kumFKvm62z_thvZfOxf0-u2ftktLlm9OWcrdp2vp3WGU5vu0s90oUA9PEv4lQMiMvdRhQiJiyHFIfjs_olNW7mGrbUHMxwMBOiKt33DT0qXpn9u2r17cHni2vIS-qKp3dzmqDqrIDH1C-mjnOMY0ZBQxBljiOA8xjJMZERldzhoTaN5pa7cqkY_w-V-IrdgasrbggYFRSQQJkHgKmtemscpv38AnANLhe4BAAA.8nGD5IGKnvxFWCIxr_cu4IHotGAvRn2Qi_08LdlbI5I/ HTTP/1.1
Host: marketing.beneplace.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 
Date: Mon, 04 Dec 2023 03:31:35 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: wp4326="XWVZDL-WKIT-s-WWBM:XVZLTYDtlnDl-UMAJ-VWUUDDDWVXKKUYU-BAZC-XIZI-IXIM-YCJTWMVMVYMTDgNssDD"; Version=1; Domain=actonsoftware.com; Max-Age=31536000; Expires=Tue, 03-Dec-2024 03:31:35 GMT; Path=/
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
Strict-Transport-Security: max-age=16070400
X-Frame-Options: DENY
Location: https://cenlar.savings.workingadvantage.com

assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/launch-a0e5cece2585.min.js

23.38.200.237

200 OK

154 kB

URL GET HTTP/2
assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/launch-a0e5cece2585.min.js
IP
23.38.200.237:443
ASN
#16625 AKAMAI-AS

Requested by
https://auth.savings.workingadvantage.com/cenlar/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fcenlar.savings.workingadvantage.com%2F
Certificate
IssuerDigiCert Inc
Subjectassets.adobedtm.com
Fingerprint8E:2F:9F:94:55:93:C2:B5:58:37:E8:D3:02:3C:23:AF:BA:E7:1D:EA
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sat, 10 Aug 2024 23:59:59 GMT

File type
ASCII text, with very long lines (32742)
Size
154 kB (154411 bytes)
Hash
9f22d37eff0340108e8e839a349263cc
0cabbc873195e92a33ed4694d49048ef05f52eee
47212462490d0b8fbf15a409fd8a79bd1a1f37c93790055517c1dc629bc9082f

HTTP Headers

GET /a281455e4dfe/86f9b29df5eb/launch-a0e5cece2585.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cenlar.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "9f22d37eff0340108e8e839a349263cc:1700230291.849047"
last-modified: Fri, 17 Nov 2023 14:11:31 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 154411
cache-control: max-age=3600
expires: Mon, 04 Dec 2023 04:31:36 GMT
date: Mon, 04 Dec 2023 03:31:36 GMT
access-control-allow-origin: https://cenlar.savings.workingadvantage.com
timing-allow-origin: *
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/web-animations/2.3.1/web-animations.min.js

104.17.25.14

200 OK

14 kB

URL GET HTTP/3
cdnjs.cloudflare.com/ajax/libs/web-animations/2.3.1/web-animations.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://auth.savings.workingadvantage.com/cenlar/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fcenlar.savings.workingadvantage.com%2F
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (47169)
Size
14 kB (13763 bytes)
Hash
f689a668b5c6078984b93b9f59793c90
83042534752a6d9b0a4a086517e19230416feba4
cbb3c795fd44c83a1200149b18e0df050fe228df4b5b03891373029117d8bd6b

HTTP Headers

GET /ajax/libs/web-animations/2.3.1/web-animations.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cenlar.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 04 Dec 2023 03:31:36 GMT
content-type: application/javascript; charset=utf-8
content-length: 13763
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb0402f-bad6"
last-modified: Mon, 04 May 2020 16:17:51 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 687551
expires: Sat, 23 Nov 2024 03:31:36 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NT6UvgUKnNE9LnFLETd9muTlz7MygtJWltn%2B%2FaMmBEmRiTmTruv9qRhbl9RRiwz37I9LniHDIjVXf0UwD5zF78e3ozimT3O4kyD%2Ff35bNcdU3FQZ4UvOt5KjEK7GgDoRjEBGl8kX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 8300fa38e97c568f-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/css/bootstrap.min.css

151.101.129.229

200 OK

26 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/css/bootstrap.min.css
IP
151.101.129.229:443
ASN
#54113 FASTLY

Requested by
https://auth.savings.workingadvantage.com/cenlar/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fcenlar.savings.workingadvantage.com%2F
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
ASCII text, with very long lines (65326)
Size
26 kB (26099 bytes)
Hash
023b3876bb73aa541367fc40a193d2b7
8ed2d6350d23f857d92805737d0f97c675de666b
f77c0d1739b618edc4a01ca3f6b2990b01a3009030af49ee8cf68e83052df194

HTTP Headers

GET /npm/bootstrap@4.5.3/dist/css/bootstrap.min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cenlar.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://cenlar.savings.workingadvantage.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 4.5.3
x-jsd-version-type: version
etag: W/"27288-jtLWNQ0j+FfZKAVzfQ+XxnXeZms"
content-encoding: br
accept-ranges: bytes
date: Mon, 04 Dec 2023 03:31:36 GMT
age: 21974407
x-served-by: cache-fra-eddf8230071-FRA, cache-bma1645-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 26099
X-Firefox-Spdy: h2

maps.googleapis.com/maps/api/js?client=gme-entertainmentbenefits&libraries=places

172.217.21.170

200 OK

66 kB

URL GET HTTP/3
maps.googleapis.com/maps/api/js?client=gme-entertainmentbenefits&libraries=places
IP
172.217.21.170:443
ASN
#15169 GOOGLE

Requested by
https://auth.savings.workingadvantage.com/cenlar/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fcenlar.savings.workingadvantage.com%2F
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
ASCII text, with very long lines (2928)
Size
66 kB (65931 bytes)
Hash
59b64ce85b33a556c7372400096319f0
2150f1e1e4132e89bb0859d74e8c6468e981bef4
6bc8edf20fa26484c5a1e9a7e825ca66b5aa394a827f204dd9b6860e7d3ed264

HTTP Headers

GET /maps/api/js?client=gme-entertainmentbenefits&libraries=places HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cenlar.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
vary: Accept-Language, Origin, X-Origin, Referer
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1800
content-encoding: gzip
date: Mon, 04 Dec 2023 03:31:36 GMT
server: scaffolding on HTTPServer2
content-length: 65931
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement.min.js

23.38.200.237

200 OK

12 kB

URL GET HTTP/2
assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement.min.js
IP
23.38.200.237:443
ASN
#16625 AKAMAI-AS

Requested by
https://auth.savings.workingadvantage.com/cenlar/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fcenlar.savings.workingadvantage.com%2F
Certificate
IssuerDigiCert Inc
Subjectassets.adobedtm.com
Fingerprint8E:2F:9F:94:55:93:C2:B5:58:37:E8:D3:02:3C:23:AF:BA:E7:1D:EA
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sat, 10 Aug 2024 23:59:59 GMT

File type
ASCII text, with very long lines (32768)
Size
12 kB (12163 bytes)
Hash
d860c16ac938f7d839f0ec158d02d0f0
8710f81ed151233677f7e32b229cb35293dd6840
9219086b4f2c3bf77854b2e06ccd97ad32b9b7a140e65ff8b974a3bae6c7854c

HTTP Headers

GET /extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cenlar.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "d860c16ac938f7d839f0ec158d02d0f0:1644856531.418573"
last-modified: Mon, 14 Feb 2022 16:35:31 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 12163
expires: Mon, 04 Dec 2023 04:31:36 GMT
date: Mon, 04 Dec 2023 03:31:36 GMT
cache-control: no-cache
access-control-allow-origin: https://cenlar.savings.workingadvantage.com
timing-allow-origin: *
X-Firefox-Spdy: h2

assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement_Module_ActivityMap.min.js

23.38.200.237

200 OK

1.6 kB

URL GET HTTP/2
assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement_Module_ActivityMap.min.js
IP
23.38.200.237:443
ASN
#16625 AKAMAI-AS

Requested by
https://auth.savings.workingadvantage.com/cenlar/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fcenlar.savings.workingadvantage.com%2F
Certificate
IssuerDigiCert Inc
Subjectassets.adobedtm.com
Fingerprint8E:2F:9F:94:55:93:C2:B5:58:37:E8:D3:02:3C:23:AF:BA:E7:1D:EA
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sat, 10 Aug 2024 23:59:59 GMT

File type
ASCII text, with very long lines (3155)
Size
1.6 kB (1597 bytes)
Hash
2d1382c349d480b6b41574ac0c1af066
53ddf017aa6b66b4d54ea0818dc5c04789b9e5ae
462a66acbf50e933685e7587e9f1441df8225b2bb4d6b7bc5e757eccf4ff6575

HTTP Headers

GET /extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement_Module_ActivityMap.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cenlar.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "2d1382c349d480b6b41574ac0c1af066:1644856531.739514"
last-modified: Mon, 14 Feb 2022 16:35:31 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 1597
expires: Mon, 04 Dec 2023 04:31:36 GMT
date: Mon, 04 Dec 2023 03:31:36 GMT
cache-control: no-cache
access-control-allow-origin: https://cenlar.savings.workingadvantage.com
timing-allow-origin: *
X-Firefox-Spdy: h2

www.googletagmanager.com/gtm.js?id=GTM-5QN8HWM

142.250.74.168

200 OK

79 kB

URL GET HTTP/3
www.googletagmanager.com/gtm.js?id=GTM-5QN8HWM
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://auth.savings.workingadvantage.com/cenlar/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fcenlar.savings.workingadvantage.com%2F
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT

File type
ASCII text, with very long lines (19808)
Size
79 kB (79021 bytes)
Hash
6aeb33709ae16fa8a2f1f6fefa58a67d
2132be487f512f91d0814f43026458d26f759ed4
b024b5a0fa428a8a500a5c9f27403d85a221a2c26d22daadc1d611c3e3813946

HTTP Headers

GET /gtm.js?id=GTM-5QN8HWM HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cenlar.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 04 Dec 2023 03:31:36 GMT
expires: Mon, 04 Dec 2023 03:31:36 GMT
cache-control: private, max-age=900
last-modified: Mon, 04 Dec 2023 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 79021
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXiWtFCc.woff2

216.58.207.227

200 OK

14 kB

URL GET HTTP/2
fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXiWtFCc.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://auth.savings.workingadvantage.com/cenlar/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fcenlar.savings.workingadvantage.com%2F
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 13980, version 1.0\012- data
Size
14 kB (13980 bytes)
Hash
b7d6b48d8d12946dc808ff39aed6c460
3f18028a04b3fb39bb1cc33dce401d04e9207970
d4ae5188a65370ecfe28f42293bbee8297cfd5712c6aadfdb270d48f2bcd88b0

HTTP Headers

GET /s/lato/v24/S6uyw4BMUTPHjx4wXiWtFCc.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://cenlar.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://cenlar.savings.workingadvantage.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 13980
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 01:27:40 GMT
expires: Fri, 29 Nov 2024 01:27:40 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 02 May 2023 15:17:19 GMT
content-type: font/woff2
age: 353036
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true

172.217.21.170

200 OK

23 B

URL GET HTTP/3
maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true
IP
172.217.21.170:443
ASN
#15169 GOOGLE

Requested by
https://auth.savings.workingadvantage.com/cenlar/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fcenlar.savings.workingadvantage.com%2F
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
JSON data\012- , ASCII text
Size
23 B (23 bytes)
Hash
8a80554c91d9fca8acb82f023de02f11
5f36b2ea290645ee34d943220a14b54ee5ea5be5
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

HTTP Headers

GET /maps/api/mapsjs/gen_204?csp_test=true HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cenlar.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://cenlar.savings.workingadvantage.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/json; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Mon, 04 Dec 2023 03:31:36 GMT
server: scaffolding on HTTPServer2
cache-control: private
content-length: 23
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://cenlar.savings.workingadvantage.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/99058982850f/RCea9d317d3a374e44b3f0f8711e38765e-source.min.js

23.38.200.237

752 B

URL
assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/99058982850f/RCea9d317d3a374e44b3f0f8711e38765e-source.min.js
IP
23.38.200.237:0
ASN
#16625 AKAMAI-AS

Certificate
IssuerDigiCert Inc
Subjectassets.adobedtm.com
Fingerprint8E:2F:9F:94:55:93:C2:B5:58:37:E8:D3:02:3C:23:AF:BA:E7:1D:EA
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sat, 10 Aug 2024 23:59:59 GMT

File type
ASCII text, with very long lines (1539)
Size
752 B (752 bytes)
Hash
577157aef198d284c2607950ca5103d7
88794ccaa4bd1ebe47ef9c7bc8b8d29e8745d59e
79be51fc272496787a050c87a75d582d640039eb2a6f7e080f64f6e5ec2fc6ca

HTTP Headers

GET /a281455e4dfe/86f9b29df5eb/99058982850f/RCea9d317d3a374e44b3f0f8711e38765e-source.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cenlar.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "52b5e7d86e1980765da3e075758f5e02:1700230292.716631"
last-modified: Fri, 17 Nov 2023 14:11:32 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 752
cache-control: max-age=3600
expires: Mon, 04 Dec 2023 04:31:36 GMT
date: Mon, 04 Dec 2023 03:31:36 GMT
access-control-allow-origin: https://cenlar.savings.workingadvantage.com
timing-allow-origin: *
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-FD2X5ZMELR&l=dataLayer&cx=c

142.250.74.168

200 OK

93 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=G-FD2X5ZMELR&l=dataLayer&cx=c
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://auth.savings.workingadvantage.com/cenlar/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fcenlar.savings.workingadvantage.com%2F
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT

File type
ASCII text, with very long lines (5955)
Size
93 kB (93085 bytes)
Hash
84b3cc94468ca46fb726313c5b313613
771dfa145cc0fe9d92be38044ab3ce8c1a3cc988
bc744146a1e6027e3e5b739b62c6d274bd1f72efbff5f64d74d1be5479418708

HTTP Headers

GET /gtag/js?id=G-FD2X5ZMELR&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cenlar.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 04 Dec 2023 03:31:37 GMT
expires: Mon, 04 Dec 2023 03:31:37 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 93085
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

live.rezync.com/sync?c=16b6410431b6374e780104abb0443ca8&p=5ef4f9c1e806678f2ab0275df01d5ff4&zmpID=ebg-wag3&cache_buster=1701660702495&k=ebg-wag3-pixel-0988

143.204.55.109

6.4 kB

URL
live.rezync.com/sync?c=16b6410431b6374e780104abb0443ca8&p=5ef4f9c1e806678f2ab0275df01d5ff4&zmpID=ebg-wag3&cache_buster=1701660702495&k=ebg-wag3-pixel-0988
IP
143.204.55.109:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document, ASCII text, with very long lines (2300)
Size
6.4 kB (6373 bytes)
Hash
1ed603d167178bae058407069a891891
4f5ee40db8064e36b4a5e070697857214155b334
f45d434c89da12764eedf6a837f93a2bd4f4b8d2827bbc5637fda09f6440e072

HTTP Headers

GET /sync?c=16b6410431b6374e780104abb0443ca8&p=5ef4f9c1e806678f2ab0275df01d5ff4&zmpID=ebg-wag3&cache_buster=1701660702495&k=ebg-wag3-pixel-0988 HTTP/1.1
Host: live.rezync.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cenlar.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/javascript
content-length: 6373
date: Mon, 04 Dec 2023 03:31:37 GMT
set-cookie: zync-uuid=46c32e3f-1fdc-4bb9-9caa-2dbadba6b3ef:1701660697.1096344; Domain=rezync.com; Expires=Sat, 01 Jun 2024 03:31:37 GMT; Path=/; SameSite=None; Secure
sd-session-id=eyJfcGVybWFuZW50Ijp0cnVlLCJzZXNzaW9uX2lkIjoiNDZjMzJlM2YtMWZkYy00YmI5LTljYWEtMmRiYWRiYTZiM2VmOjE3MDE2NjA2OTcuMTA5NjM0NCJ9.ZW1IGQ.pHhoUaaF4y6kcrRFLSeSu_JBxYY; Expires=Sat, 01 Jun 2024 03:31:37 GMT; HttpOnly; Path=/; SameSite=None; Secure
vary: Cookie
accept-ranges: bytes
server: lighttpd/1.4.69
x-cache: Miss from cloudfront
via: 1.1 83a23d85c009b0c0e3626072e9f997fe.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 5AI2KGnJJlQJEJ60Z0tMgMB7SUvR-S9mZ27KMQqL9eFjPCUVHnWy2A==
X-Firefox-Spdy: h2

smetrics.workingadvantage.com/id?d_visid_ver=5.4.0&d_fieldgroup=A&mcorgid=B5F9FF2554F608410A4C98C6%40AdobeOrg&mid=04520742135485040159202582068336759797&cl=157680000&d_coppa=true&ts=1701660702541

63.140.62.135

48 B

URL
smetrics.workingadvantage.com/id?d_visid_ver=5.4.0&d_fieldgroup=A&mcorgid=B5F9FF2554F608410A4C98C6%40AdobeOrg&mid=04520742135485040159202582068336759797&cl=157680000&d_coppa=true&ts=1701660702541
IP
63.140.62.135:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with no line terminators
Size
48 B (48 bytes)
Hash
07960219c24efc436f56d620c2dbcfdb
d8e031d57de9b246c1259e7f816493c90aa3bc05
2725072b50ce756e4fc94e3ab8d74012f92e7964067c6c48eed52844582d2c12

HTTP Headers

GET /id?d_visid_ver=5.4.0&d_fieldgroup=A&mcorgid=B5F9FF2554F608410A4C98C6%40AdobeOrg&mid=04520742135485040159202582068336759797&cl=157680000&d_coppa=true&ts=1701660702541 HTTP/1.1
Host: smetrics.workingadvantage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://cenlar.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://cenlar.savings.workingadvantage.com/
Cookie: __cf_bm=vY0Hz_uP7DG24iup926p1QBfthVp.thOZHqVa8sTrFQ-1701660696-0-AbF2t/+BBHu051LrD2BNEWY/LugJD0hFhTmxmLrBy+d/o7q2R28VURMbWZx6uyVgSz3kiggichkBXuKWHX/fQHE=; AMCV_B5F9FF2554F608410A4C98C6%40AdobeOrg=1176715910%7CMCIDTS%7C19696%7CMCMID%7C04520742135485040159202582068336759797%7CvVersion%7C5.4.0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: https://cenlar.savings.workingadvantage.com
access-control-allow-credentials: true
date: Mon, 04 Dec 2023 03:31:37 GMT
p3p: CP="This is not a P3P policy"
server: jag
set-cookie: s_ecid=MCMID%7C04520742135485040159202582068336759797; Path=/; Domain=workingadvantage.com; Max-Age=157680000; Expires=Sat, 02 Dec 2028 03:31:31 GMT; SameSite=Lax;
vary: Origin
content-type: application/x-javascript;charset=utf-8
content-length: 48
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2

cdn.boomtrain.com/p13n/ebg-wag3/p13n.min.js

143.204.55.34

30 kB

URL
cdn.boomtrain.com/p13n/ebg-wag3/p13n.min.js
IP
143.204.55.34:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (65536), with no line terminators
Size
30 kB (30374 bytes)
Hash
7e025917ec081cb179b24e9b42269588
a6522f88185982ebde143a2b1e399034962c6eba
cd6c50080cda668d0e858886b870ff15124d16be997d5b0d43e97d4788a20879

HTTP Headers

GET /p13n/ebg-wag3/p13n.min.js HTTP/1.1
Host: cdn.boomtrain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cenlar.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sun, 03 Dec 2023 04:36:21 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: l04UFkooc_cpGNqh.9nfCARIbuQ4HwRZ
Server: AmazonS3
Content-Encoding: gzip
Date: Mon, 04 Dec 2023 03:31:33 GMT
Cache-Control: public, max-age=3600
ETag: W/"7e025917ec081cb179b24e9b42269588"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 aac54e3fe9825ce24d51e0204433c2c0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: i1BaHb8T8aq5phpcUYsFWs4rNMufFqq-1zb9H88jnXElJ7nInnkILw==
Age: 2172

www.googletagmanager.com/gtag/js?id=DC-12084042

142.250.74.168

70 kB

URL
www.googletagmanager.com/gtag/js?id=DC-12084042
IP
142.250.74.168:0
ASN
#15169 GOOGLE

Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT

File type
ASCII text, with very long lines (4179)
Size
70 kB (70480 bytes)
Hash
f8d5adcf7cc10aa4610e28c87fbcf74e
d2384bc4d7dd8075dc442a52bc6fbfd120053a4f
0a6c856101211708c0f69d3eba8c12f28429a41b6ff764ff0edfdaec670b57d7

HTTP Headers

GET /gtag/js?id=DC-12084042 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cenlar.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 04 Dec 2023 03:31:37 GMT
expires: Mon, 04 Dec 2023 03:31:37 GMT
cache-control: private, max-age=900
last-modified: Mon, 04 Dec 2023 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 70480
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.googletagmanager.com/gtag/js?id=DC-12084042&l=dataLayer&cx=c

142.250.74.168

71 kB

URL
www.googletagmanager.com/gtag/js?id=DC-12084042&l=dataLayer&cx=c
IP
142.250.74.168:0
ASN
#15169 GOOGLE

Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT

File type
ASCII text, with very long lines (4179)
Size
71 kB (70554 bytes)
Hash
05c7219d08ab4b37f432b476c37db258
7354db1d275d33bfb7907a9038707e0ad0f37209
593359673eab551c10c216ea9350edbfb6140deaaacd0f349b736ee3977555dd

HTTP Headers

GET /gtag/js?id=DC-12084042&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cenlar.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 04 Dec 2023 03:31:37 GMT
expires: Mon, 04 Dec 2023 03:31:37 GMT
cache-control: private, max-age=900
last-modified: Mon, 04 Dec 2023 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 70554
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

ocsp.r2m03.amazontrust.com/

143.204.53.97

471 B

URL
ocsp.r2m03.amazontrust.com/
IP
143.204.53.97:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
1a3b2d4c2734d0ebadbd7b9efe7e443f
a5e1ceec7e42dd21982d734e066579f78746a329
6c7b0c0eec4c0125cc627cc525e41f0226eedb7c77eb40d7050fbae8e23981c5

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Mon, 04 Dec 2023 03:31:38 GMT
Last-Modified: Mon, 04 Dec 2023 02:21:34 GMT
Server: ECAcc (ska/F7A3)
X-Cache: Miss from cloudfront
Via: 1.1 dbfaae0db03f11cf713bbcbdb25be4a2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: x4PtsFJNxVqHM6SJ9_p3Ts5PGT5fHRrsMYrH16x0dE35y6v6CdGEJQ==
Age: 4205

people.api.boomtrain.com/identify/resolve?data=eyJjb29raWUiOnsiYnNpbiI6IiJ9LCJxdWVyeXN0cmluZyI6e30sImV4dGVybmFsX2lkcyI6eyJ6eW5jIjoiNDZjMzJlM2YtMWZkYy00YmI5LTljYWEtMmRiYWRiYTZiM2VmOjE3MDE2NjA2OTcuMTA5NjM0NCJ9fQ%3D%3D&site_id=ebg-wag3

54.160.104.167

142 B

URL
people.api.boomtrain.com/identify/resolve?data=eyJjb29raWUiOnsiYnNpbiI6IiJ9LCJxdWVyeXN0cmluZyI6e30sImV4dGVybmFsX2lkcyI6eyJ6eW5jIjoiNDZjMzJlM2YtMWZkYy00YmI5LTljYWEtMmRiYWRiYTZiM2VmOjE3MDE2NjA2OTcuMTA5NjM0NCJ9fQ%3D%3D&site_id=ebg-wag3
IP
54.160.104.167:0
ASN
#14618 AMAZON-AES

File type
JSON data\012- , ASCII text
Size
142 B (142 bytes)
Hash
6c5b24716685c0329e207483de29c974
3c49ac84f4d4bb9f7d54cf7685164efcccbf8488
e137d34659ef9ef549815c689962b806cd386e7984180dea446cb801dbcf2765

HTTP Headers

GET /identify/resolve?data=eyJjb29raWUiOnsiYnNpbiI6IiJ9LCJxdWVyeXN0cmluZyI6e30sImV4dGVybmFsX2lkcyI6eyJ6eW5jIjoiNDZjMzJlM2YtMWZkYy00YmI5LTljYWEtMmRiYWRiYTZiM2VmOjE3MDE2NjA2OTcuMTA5NjM0NCJ9fQ%3D%3D&site_id=ebg-wag3 HTTP/1.1
Host: people.api.boomtrain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cenlar.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://cenlar.savings.workingadvantage.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Access-Control-Allow-Headers: X-Requested-With,Content-Type,Authorization,x-app-id
Access-Control-Allow-Methods: GET,PUT,POST,DELETE
Access-Control-Allow-Origin: *
Content-Type: application/json
Date: Mon, 04 Dec 2023 03:31:38 GMT
Server: nginx
Content-Length: 142
Connection: keep-alive

cenlar.savings.workingadvantage.com/socket.io/?EIO=3&transport=websocket

172.64.148.145

0 B

URL
cenlar.savings.workingadvantage.com/socket.io/?EIO=3&transport=websocket
IP
172.64.148.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /socket.io/?EIO=3&transport=websocket HTTP/1.1
Host: cenlar.savings.workingadvantage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://cenlar.savings.workingadvantage.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: kbjy/TioFPSdchGnuX9ZDg==
DNT: 1
Connection: keep-alive, Upgrade
Cookie: __cf_bm=vY0Hz_uP7DG24iup926p1QBfthVp.thOZHqVa8sTrFQ-1701660696-0-AbF2t/+BBHu051LrD2BNEWY/LugJD0hFhTmxmLrBy+d/o7q2R28VURMbWZx6uyVgSz3kiggichkBXuKWHX/fQHE=; AMCV_B5F9FF2554F608410A4C98C6%40AdobeOrg=1176715910%7CMCIDTS%7C19696%7CMCMID%7C04520742135485040159202582068336759797%7CMCAID%7CNONE%7CMCOPTOUT-1701667903s%7CNONE%7CvVersion%7C5.4.0; _ga_FD2X5ZMELR=GS1.1.1701660702.1.0.1701660703.0.0.0; _ga=GA1.1.1755890808.1701660703; s_ecid=MCMID%7C04520742135485040159202582068336759797; AMCVS_B5F9FF2554F608410A4C98C6%40AdobeOrg=1; btIdentify=2208a83b-5e7a-43c6-8283-f2fbfb54b672; _bti=%7B%22bsin%22%3A%22%22%7D; _bts=02a5041b-77a8-462a-b5b3-47adbfa57cca; _gcl_au=1.1.194618815.1701660703; cf_clearance=ixO4BoKSJJPQJJJVE3AqthtjzBvpPCCoidnppffZ_ZY-1701660697-0-1-730ca2d2.73a07051.5b213570-0.2.1701660697
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Date: Mon, 04 Dec 2023 03:31:38 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 68BdAu4C+tEFJ2Ju561qgY36HSg=
Access-Control-Allow-Origin: https://cenlar.savings.workingadvantage.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
CF-Cache-Status: DYNAMIC
Strict-Transport-Security: max-age=5184000; includeSubDomains
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 8300fa440a425691-OSL
alt-svc: h3=":443"; ma=86400

assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/99058982850f/RC6b40217ba8b34b5c95f7ac097beadf09-source.min.js

23.38.200.237

286 B

URL
assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/99058982850f/RC6b40217ba8b34b5c95f7ac097beadf09-source.min.js
IP
23.38.200.237:0
ASN
#16625 AKAMAI-AS

Certificate
IssuerDigiCert Inc
Subjectassets.adobedtm.com
Fingerprint8E:2F:9F:94:55:93:C2:B5:58:37:E8:D3:02:3C:23:AF:BA:E7:1D:EA
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sat, 10 Aug 2024 23:59:59 GMT

File type
ASCII text, with very long lines (304)
Size
286 B (286 bytes)
Hash
9d329853a801c00019899598da50a762
fddbe70abdf0251ce3c72b34899bc1f93dee758c
177b9dbf2cb10e29041b0446aec0ac0d478d2cc420144dd745a4fe5a7c1fd360

HTTP Headers

GET /a281455e4dfe/86f9b29df5eb/99058982850f/RC6b40217ba8b34b5c95f7ac097beadf09-source.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cenlar.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "52b5e7d86e1980765da3e075758f5e02:1700230292.716631"
last-modified: Fri, 17 Nov 2023 14:11:32 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 286
cache-control: max-age=3600
expires: Mon, 04 Dec 2023 04:31:38 GMT
date: Mon, 04 Dec 2023 03:31:38 GMT
access-control-allow-origin: https://cenlar.savings.workingadvantage.com
timing-allow-origin: *
X-Firefox-Spdy: h2

assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/99058982850f/RC0c16579d5c704bd0a214633d669d35f2-source.min.js

23.38.200.237

548 B

URL
assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/99058982850f/RC0c16579d5c704bd0a214633d669d35f2-source.min.js
IP
23.38.200.237:0
ASN
#16625 AKAMAI-AS

Certificate
IssuerDigiCert Inc
Subjectassets.adobedtm.com
Fingerprint8E:2F:9F:94:55:93:C2:B5:58:37:E8:D3:02:3C:23:AF:BA:E7:1D:EA
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sat, 10 Aug 2024 23:59:59 GMT

File type
ASCII text, with very long lines (871)
Size
548 B (548 bytes)
Hash
b6ab6600ee3ade29d2ceb7e4fbc49442
1de248e70f915eaa24fc5c887fd2fd0ec259529e
c86c5c33c4a4bcdad8cb8ab9208bd80f7c7d24d29bfe3c17621a3b8a7c4b273e

HTTP Headers

GET /a281455e4dfe/86f9b29df5eb/99058982850f/RC0c16579d5c704bd0a214633d669d35f2-source.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cenlar.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "52b5e7d86e1980765da3e075758f5e02:1700230292.716631"
last-modified: Fri, 17 Nov 2023 14:11:32 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 548
cache-control: max-age=3600
expires: Mon, 04 Dec 2023 04:31:38 GMT
date: Mon, 04 Dec 2023 03:31:38 GMT
access-control-allow-origin: https://cenlar.savings.workingadvantage.com
timing-allow-origin: *
X-Firefox-Spdy: h2

assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/99058982850f/RC668a267ca36c45b5acca38f3e4360a76-source.min.js

23.38.200.237

215 B

URL
assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/99058982850f/RC668a267ca36c45b5acca38f3e4360a76-source.min.js
IP
23.38.200.237:0
ASN
#16625 AKAMAI-AS

Certificate
IssuerDigiCert Inc
Subjectassets.adobedtm.com
Fingerprint8E:2F:9F:94:55:93:C2:B5:58:37:E8:D3:02:3C:23:AF:BA:E7:1D:EA
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sat, 10 Aug 2024 23:59:59 GMT

File type
ASCII text
Size
215 B (215 bytes)
Hash
74f251b2226edb2c9e4e190ca2d1fccb
ff50ff57d401f31803f19ebb65c9307f9dda35da
aaa66fd99c79e6009a990dda2b89b5d2419f07344577f4c1609064b67d43bcf0

HTTP Headers

GET /a281455e4dfe/86f9b29df5eb/99058982850f/RC668a267ca36c45b5acca38f3e4360a76-source.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cenlar.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "52b5e7d86e1980765da3e075758f5e02:1700230292.716631"
last-modified: Fri, 17 Nov 2023 14:11:32 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 215
cache-control: max-age=3600
expires: Mon, 04 Dec 2023 04:31:38 GMT
date: Mon, 04 Dec 2023 03:31:38 GMT
access-control-allow-origin: https://cenlar.savings.workingadvantage.com
timing-allow-origin: *
X-Firefox-Spdy: h2

cenlar.savings.workingadvantage.com/cdn-cgi/challenge-platform/scripts/jsd/main.js

172.64.148.145

158 kB

URL
cenlar.savings.workingadvantage.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
IP
172.64.148.145:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
158 kB (157463 bytes)
Hash
b2512de4dac83e81222cd1b7da6cfc0f
d854d9051ebebbfe9449d601f89d347f62f8ad80
bf8d317c05b7b80f72153fba2dad2756d4ad76772c88276b71749e88230c43b8

HTTP Headers

GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1
Host: cenlar.savings.workingadvantage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: __cf_bm=vY0Hz_uP7DG24iup926p1QBfthVp.thOZHqVa8sTrFQ-1701660696-0-AbF2t/+BBHu051LrD2BNEWY/LugJD0hFhTmxmLrBy+d/o7q2R28VURMbWZx6uyVgSz3kiggichkBXuKWHX/fQHE=; AMCV_B5F9FF2554F608410A4C98C6%40AdobeOrg=1176715910%7CMCIDTS%7C19696%7CMCMID%7C04520742135485040159202582068336759797%7CvVersion%7C5.4.0; _ga_FD2X5ZMELR=GS1.1.1701660702.1.0.1701660702.0.0.0; _ga=GA1.1.1755890808.1701660703; s_ecid=MCMID%7C04520742135485040159202582068336759797
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 302 Found
date: Mon, 04 Dec 2023 03:31:37 GMT
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js
access-control-allow-origin: *
cache-control: max-age=300, public
vary: accept-encoding
strict-transport-security: max-age=5184000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8300fa409bceb51b-OSL
alt-svc: h3=":443"; ma=86400

cenlar.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js

172.64.148.145

32 kB

URL
cenlar.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
IP
172.64.148.145:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (51930)
Size
32 kB (31662 bytes)
Hash
0cd967d483680340e1c5d0f1c3b34662
4f6121c35c81f16302bdb45a3a00ee708896a72c
bc49c009b33e66a59f057cf4ada682b80d4401d919ddf0f8d3ef2bb0415f0b23

HTTP Headers

GET /assets/new-relic/new-relic-integration.js HTTP/1.1
Host: cenlar.savings.workingadvantage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cenlar.savings.workingadvantage.com/
Cookie: __cf_bm=vY0Hz_uP7DG24iup926p1QBfthVp.thOZHqVa8sTrFQ-1701660696-0-AbF2t/+BBHu051LrD2BNEWY/LugJD0hFhTmxmLrBy+d/o7q2R28VURMbWZx6uyVgSz3kiggichkBXuKWHX/fQHE=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 04 Dec 2023 03:31:36 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 29 Nov 2023 02:18:55 GMT
vary: Accept-Encoding
etag: W/"65669f8f-ccde"
strict-transport-security: max-age=5184000; includeSubDomains
x-frame-options: DENY
content-security-policy: frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8300fa389946b51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/css/bootstrap.min.css

151.101.129.229

200 OK

26 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/css/bootstrap.min.css
IP
151.101.129.229:443
ASN
#54113 FASTLY

Requested by
https://auth.savings.workingadvantage.com/cenlar/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fcenlar.savings.workingadvantage.com%2F
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
ASCII text, with very long lines (65326)
Size
26 kB (26099 bytes)
Hash
023b3876bb73aa541367fc40a193d2b7
8ed2d6350d23f857d92805737d0f97c675de666b
f77c0d1739b618edc4a01ca3f6b2990b01a3009030af49ee8cf68e83052df194

HTTP Headers

GET /npm/bootstrap@4.5.3/dist/css/bootstrap.min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://auth.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 4.5.3
x-jsd-version-type: version
etag: W/"27288-jtLWNQ0j+FfZKAVzfQ+XxnXeZms"
content-encoding: br
accept-ranges: bytes
date: Mon, 04 Dec 2023 03:31:38 GMT
age: 21974409
x-served-by: cache-fra-eddf8230071-FRA, cache-bma1645-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 26099
X-Firefox-Spdy: h2

maps.googleapis.com/maps/api/js?client=gme-entertainmentbenefits&libraries=places

172.217.21.170

200 OK

66 kB

URL GET HTTP/3
maps.googleapis.com/maps/api/js?client=gme-entertainmentbenefits&libraries=places
IP
172.217.21.170:443
ASN
#15169 GOOGLE

Requested by
https://auth.savings.workingadvantage.com/cenlar/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fcenlar.savings.workingadvantage.com%2F
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
ASCII text, with very long lines (2928)
Size
66 kB (65931 bytes)
Hash
59b64ce85b33a556c7372400096319f0
2150f1e1e4132e89bb0859d74e8c6468e981bef4
6bc8edf20fa26484c5a1e9a7e825ca66b5aa394a827f204dd9b6860e7d3ed264

HTTP Headers

GET /maps/api/js?client=gme-entertainmentbenefits&libraries=places HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
cache-control: public, max-age=1800
content-type: text/javascript; charset=UTF-8
vary: Accept-Language, Origin, X-Origin, Referer
content-encoding: gzip
date: Mon, 04 Dec 2023 03:31:38 GMT
server: scaffolding on HTTPServer2
content-length: 65931
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.googletagmanager.com/gtm.js?id=GTM-5QN8HWM

142.250.74.168

200 OK

79 kB

URL GET HTTP/3
www.googletagmanager.com/gtm.js?id=GTM-5QN8HWM
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://auth.savings.workingadvantage.com/cenlar/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fcenlar.savings.workingadvantage.com%2F
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT

File type
ASCII text, with very long lines (19808)
Size
79 kB (79019 bytes)
Hash
13f48589805842506f920f45758b2cef
519b2175119ad7337f9dcf856421f8bbb1ecf3f9
23398043c89fbeda8d1fc57c978a23e2c05eea3ba910c8f96208f24b25ad2d03

HTTP Headers

GET /gtm.js?id=GTM-5QN8HWM HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 04 Dec 2023 03:31:38 GMT
expires: Mon, 04 Dec 2023 03:31:38 GMT
cache-control: private, max-age=900
last-modified: Mon, 04 Dec 2023 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 79019
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement.min.js

23.38.200.237

200 OK

12 kB

URL GET HTTP/2
assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement.min.js
IP
23.38.200.237:443
ASN
#16625 AKAMAI-AS

Requested by
https://auth.savings.workingadvantage.com/cenlar/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fcenlar.savings.workingadvantage.com%2F
Certificate
IssuerDigiCert Inc
Subjectassets.adobedtm.com
Fingerprint8E:2F:9F:94:55:93:C2:B5:58:37:E8:D3:02:3C:23:AF:BA:E7:1D:EA
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sat, 10 Aug 2024 23:59:59 GMT

File type
ASCII text, with very long lines (32768)
Size
12 kB (12163 bytes)
Hash
d860c16ac938f7d839f0ec158d02d0f0
8710f81ed151233677f7e32b229cb35293dd6840
9219086b4f2c3bf77854b2e06ccd97ad32b9b7a140e65ff8b974a3bae6c7854c

HTTP Headers

GET /extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "d860c16ac938f7d839f0ec158d02d0f0:1644856531.418573"
last-modified: Mon, 14 Feb 2022 16:35:31 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 12163
expires: Mon, 04 Dec 2023 04:31:39 GMT
date: Mon, 04 Dec 2023 03:31:39 GMT
cache-control: no-cache
access-control-allow-origin: https://auth.savings.workingadvantage.com
timing-allow-origin: *
X-Firefox-Spdy: h2

auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js

172.64.148.145

200 OK

20 kB

URL GET HTTP/3
auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
IP
172.64.148.145:443
ASN
#13335 CLOUDFLARENET

Requested by
https://auth.savings.workingadvantage.com/cenlar/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fcenlar.savings.workingadvantage.com%2F
Certificate
IssuerCloudflare, Inc.
Subjectworkingadvantage.com
FingerprintE1:B3:50:87:CF:77:63:80:7F:9D:81:96:18:E2:FA:4F:AC:2D:A8:B6
ValidityThu, 06 Jul 2023 00:00:00 GMT - Thu, 04 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (51930)
Size
20 kB (19600 bytes)
Hash
0cd967d483680340e1c5d0f1c3b34662
4f6121c35c81f16302bdb45a3a00ee708896a72c
bc49c009b33e66a59f057cf4ada682b80d4401d919ddf0f8d3ef2bb0415f0b23

HTTP Headers

GET /assets/new-relic/new-relic-integration.js HTTP/1.1
Host: auth.savings.workingadvantage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/cenlar/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fcenlar.savings.workingadvantage.com%2F
Cookie: __cf_bm=vY0Hz_uP7DG24iup926p1QBfthVp.thOZHqVa8sTrFQ-1701660696-0-AbF2t/+BBHu051LrD2BNEWY/LugJD0hFhTmxmLrBy+d/o7q2R28VURMbWZx6uyVgSz3kiggichkBXuKWHX/fQHE=; AMCV_B5F9FF2554F608410A4C98C6%40AdobeOrg=1176715910%7CMCIDTS%7C19696%7CMCMID%7C04520742135485040159202582068336759797%7CMCAID%7CNONE%7CMCOPTOUT-1701667903s%7CNONE%7CvVersion%7C5.4.0; _ga_FD2X5ZMELR=GS1.1.1701660702.1.0.1701660703.0.0.0; _ga=GA1.1.1755890808.1701660703; s_ecid=MCMID%7C04520742135485040159202582068336759797; AMCVS_B5F9FF2554F608410A4C98C6%40AdobeOrg=1; btIdentify=2208a83b-5e7a-43c6-8283-f2fbfb54b672; _bti=%7B%22app_id%22%3A%22ebg-wag3%22%2C%22bsin%22%3A%22yYRVDtSGmFaaR8tcq5ePC05pKXEZFIPyLkO6sbG5uYRAEZemHmQZy30d0UQWL4aBxltHY7Dt3Ac%2FVyydhRGqgg%3D%3D%22%2C%22is_identified%22%3Afalse%7D; _bts=02a5041b-77a8-462a-b5b3-47adbfa57cca; _gcl_au=1.1.194618815.1701660703; cf_clearance=ixO4BoKSJJPQJJJVE3AqthtjzBvpPCCoidnppffZ_ZY-1701660697-0-1-730ca2d2.73a07051.5b213570-0.2.1701660697
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 04 Dec 2023 03:31:38 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 29 Nov 2023 02:24:58 GMT
vary: Accept-Encoding
etag: W/"6566a0fa-ccde"
strict-transport-security: max-age=5184000; includeSubDomains
x-frame-options: DENY
content-security-policy: frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8300fa479dffb51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXiWtFCc.woff2

216.58.207.227

200 OK

14 kB

URL GET HTTP/2
fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXiWtFCc.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://auth.savings.workingadvantage.com/cenlar/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fcenlar.savings.workingadvantage.com%2F
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 13980, version 1.0\012- data
Size
14 kB (13980 bytes)
Hash
b7d6b48d8d12946dc808ff39aed6c460
3f18028a04b3fb39bb1cc33dce401d04e9207970
d4ae5188a65370ecfe28f42293bbee8297cfd5712c6aadfdb270d48f2bcd88b0

HTTP Headers

GET /s/lato/v24/S6uyw4BMUTPHjx4wXiWtFCc.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://auth.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 13980
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 01:27:40 GMT
expires: Fri, 29 Nov 2024 01:27:40 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 02 May 2023 15:17:19 GMT
content-type: font/woff2
age: 353039
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true

172.217.21.170

200 OK

23 B

URL GET HTTP/3
maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true
IP
172.217.21.170:443
ASN
#15169 GOOGLE

Requested by
https://auth.savings.workingadvantage.com/cenlar/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fcenlar.savings.workingadvantage.com%2F
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
JSON data\012- , ASCII text
Size
23 B (23 bytes)
Hash
8a80554c91d9fca8acb82f023de02f11
5f36b2ea290645ee34d943220a14b54ee5ea5be5
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

HTTP Headers

GET /maps/api/mapsjs/gen_204?csp_test=true HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://auth.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/json; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Mon, 04 Dec 2023 03:31:39 GMT
server: scaffolding on HTTPServer2
cache-control: private
content-length: 23
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://auth.savings.workingadvantage.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.googletagmanager.com/gtag/js?id=G-FD2X5ZMELR&l=dataLayer&cx=c

142.250.74.168

200 OK

93 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=G-FD2X5ZMELR&l=dataLayer&cx=c
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://auth.savings.workingadvantage.com/cenlar/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fcenlar.savings.workingadvantage.com%2F
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT

File type
ASCII text, with very long lines (5955)
Size
93 kB (93081 bytes)
Hash
6daa5765c42918fec7a159e29cac689b
865049285dd378eaf47e9096913346b7e97348db
22db338eab8729f4848a35bcf4bb018bd53f7feb693886b3dacb166029f0b343

HTTP Headers

GET /gtag/js?id=G-FD2X5ZMELR&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 04 Dec 2023 03:31:39 GMT
expires: Mon, 04 Dec 2023 03:31:39 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 93081
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

cenlar.savings.beneplace.com/api/notifications/system-wide

172.64.150.236

200 OK

2 B

URL GET HTTP/2
cenlar.savings.beneplace.com/api/notifications/system-wide
IP
172.64.150.236:443
ASN
#13335 CLOUDFLARENET

Requested by
https://auth.savings.workingadvantage.com/cenlar/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fcenlar.savings.workingadvantage.com%2F
Certificate
IssuerCloudflare, Inc.
Subjectbeneplace.com
FingerprintFA:10:71:A9:9F:97:37:4F:1A:89:A2:E9:CC:0F:95:A6:CF:A4:A2:D1
ValidityFri, 01 Dec 2023 00:00:00 GMT - Sat, 30 Nov 2024 23:59:59 GMT

File type
JSON data\012- , ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
d751713988987e9331980363e24189ce
97d170e1550eee4afc0af065b78cda302a97674c
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

HTTP Headers

GET /api/notifications/system-wide HTTP/1.1
Host: cenlar.savings.beneplace.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://auth.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 04 Dec 2023 03:31:39 GMT
content-type: application/json; charset=utf-8
content-length: 2
x-powered-by: 
access-control-allow-origin: https://auth.savings.workingadvantage.com
vary: Origin
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
etag: W/"2-l9Fw4VUO7kr8CvBlt4zaMCqXZ0w"
expires: Mon, 04 Dec 2023 03:31:38 GMT
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=EZ50APCP7ihUW8AXSo6enPMfmRz3OcIwzyEeL9Ekexc-1701660699-0-AZkks052eAM1kJDWCfvV+MV7W1WoUWYM4qOuKEO601lIS3LbsxvxnNZK/00KaehxNoYkzHecqUtiPhTfbC1LbY0=; path=/; expires=Mon, 04-Dec-23 04:01:39 GMT; domain=.beneplace.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8300fa4dc826b4f3-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/99058982850f/RCfc27f81c245c44b78fbb03ff4af1a6be-source.min.js

23.38.200.237

200 OK

214 B

URL GET HTTP/2
assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/99058982850f/RCfc27f81c245c44b78fbb03ff4af1a6be-source.min.js
IP
23.38.200.237:443
ASN
#16625 AKAMAI-AS

Requested by
https://auth.savings.workingadvantage.com/cenlar/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fcenlar.savings.workingadvantage.com%2F
Certificate
IssuerDigiCert Inc
Subjectassets.adobedtm.com
Fingerprint8E:2F:9F:94:55:93:C2:B5:58:37:E8:D3:02:3C:23:AF:BA:E7:1D:EA
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sat, 10 Aug 2024 23:59:59 GMT

File type
ASCII text
Size
214 B (214 bytes)
Hash
9de49b0d72b52bcff35a575dcbf3a505
67b61404e3f0bf10d1aa5a8895b5f0840a2b8f4d
c8ab5af61a41599d2375ab31a82cc778a38e29b25049ac57f1e6fcd60c004afe

HTTP Headers

GET /a281455e4dfe/86f9b29df5eb/99058982850f/RCfc27f81c245c44b78fbb03ff4af1a6be-source.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "52b5e7d86e1980765da3e075758f5e02:1700230292.716631"
last-modified: Fri, 17 Nov 2023 14:11:32 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=3600
expires: Mon, 04 Dec 2023 04:31:40 GMT
date: Mon, 04 Dec 2023 03:31:40 GMT
content-length: 214
access-control-allow-origin: https://auth.savings.workingadvantage.com
timing-allow-origin: *
X-Firefox-Spdy: h2

assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/99058982850f/RC986b4d5825364bd4887033e40e20c549-source.min.js

23.38.200.237

200 OK

429 B

URL GET HTTP/2
assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/99058982850f/RC986b4d5825364bd4887033e40e20c549-source.min.js
IP
23.38.200.237:443
ASN
#16625 AKAMAI-AS

Requested by
https://auth.savings.workingadvantage.com/cenlar/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fcenlar.savings.workingadvantage.com%2F
Certificate
IssuerDigiCert Inc
Subjectassets.adobedtm.com
Fingerprint8E:2F:9F:94:55:93:C2:B5:58:37:E8:D3:02:3C:23:AF:BA:E7:1D:EA
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sat, 10 Aug 2024 23:59:59 GMT

File type
ASCII text, with very long lines (610)
Size
429 B (429 bytes)
Hash
312cb3e912e23ae79d6f14e1f73679ac
a3303715a66d325886a96badf99dc1111dbffa2c
d56b6db4e16388149899dcea8f2bcbf6856bb84e7b9b866ddf3c388e5d12e8d6

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Webshells iisstart.aspx and Logout.aspx

HTTP Headers

GET /a281455e4dfe/86f9b29df5eb/99058982850f/RC986b4d5825364bd4887033e40e20c549-source.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "52b5e7d86e1980765da3e075758f5e02:1700230292.716631"
last-modified: Fri, 17 Nov 2023 14:11:32 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=3600
expires: Mon, 04 Dec 2023 04:31:40 GMT
date: Mon, 04 Dec 2023 03:31:40 GMT
content-length: 429
access-control-allow-origin: https://auth.savings.workingadvantage.com
timing-allow-origin: *
X-Firefox-Spdy: h2

cenlar.savings.beneplace.com/api/platform/options/onetrust

172.64.150.236

200 OK

69 kB

URL GET HTTP/3
cenlar.savings.beneplace.com/api/platform/options/onetrust
IP
172.64.150.236:443
ASN
#13335 CLOUDFLARENET

Requested by
https://auth.savings.workingadvantage.com/cenlar/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fcenlar.savings.workingadvantage.com%2F
Certificate
IssuerCloudflare, Inc.
Subjectbeneplace.com
FingerprintFA:10:71:A9:9F:97:37:4F:1A:89:A2:E9:CC:0F:95:A6:CF:A4:A2:D1
ValidityFri, 01 Dec 2023 00:00:00 GMT - Sat, 30 Nov 2024 23:59:59 GMT

File type
JSON data\012- , ASCII text, with very long lines (501), with no line terminators
Size
69 kB (69269 bytes)
Hash
323b183e15b47425a7830d61290d9dd4
ee9f6c9554c7ff236eebfc58d0697412477959db
05f687735d78286be14d4e10a1fb29138cddcf927835e5441b61406512db7c8e

HTTP Headers

GET /api/platform/options/onetrust HTTP/1.1
Host: cenlar.savings.beneplace.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://auth.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 04 Dec 2023 03:31:40 GMT
content-type: application/json; charset=utf-8
x-powered-by: 
access-control-allow-origin: https://auth.savings.workingadvantage.com
vary: Origin
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
etag: W/"1f5-7p9slVTH/yNu6/xY0Gl0Ekd5Wds"
expires: Mon, 04 Dec 2023 03:31:39 GMT
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=nSpcNvINDmLoqrGCzKVOwHB.u7WZKj4eG9_yXv44spQ-1701660700-0-AaHCla7NQvBxmvZfK2erS6YfnYRxF0YWUTrP0hIqSt1hSWJEyrjL6Z8WJv8OJEkYiRhc3bR+6g7Rl9ZTiCHhjmQ=; path=/; expires=Mon, 04-Dec-23 04:01:40 GMT; domain=.beneplace.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8300fa50fb5f56c4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

www.googletagmanager.com/gtm.js?id=GTM-5QN8HWM

142.250.74.168

200 OK

79 kB

URL GET HTTP/3
www.googletagmanager.com/gtm.js?id=GTM-5QN8HWM
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://auth.savings.workingadvantage.com/cenlar/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fcenlar.savings.workingadvantage.com%2F
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT

File type
ASCII text, with very long lines (19808)
Size
79 kB (79019 bytes)
Hash
13f48589805842506f920f45758b2cef
519b2175119ad7337f9dcf856421f8bbb1ecf3f9
23398043c89fbeda8d1fc57c978a23e2c05eea3ba910c8f96208f24b25ad2d03

HTTP Headers

GET /gtm.js?id=GTM-5QN8HWM HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 04 Dec 2023 03:31:40 GMT
expires: Mon, 04 Dec 2023 03:31:40 GMT
cache-control: private, max-age=900
last-modified: Mon, 04 Dec 2023 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 79019
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

cenlar.savings.workingadvantage.com/polyfills.efd19b87dc3c9f76.js

172.64.148.145

53 kB

URL
cenlar.savings.workingadvantage.com/polyfills.efd19b87dc3c9f76.js
IP
172.64.148.145:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65536), with no line terminators
Size
53 kB (53282 bytes)
Hash
2231fe87edd0abc28d7517072aeac06a
df8009ed57a5d1de1b9a03d0657f68bf7be51c2b
4767b15ec5f17f5573f2e58430544bff2be4c30cb3c166ed4428971feaae85c5

HTTP Headers

GET /polyfills.efd19b87dc3c9f76.js HTTP/1.1
Host: cenlar.savings.workingadvantage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cenlar.savings.workingadvantage.com/
Cookie: __cf_bm=vY0Hz_uP7DG24iup926p1QBfthVp.thOZHqVa8sTrFQ-1701660696-0-AbF2t/+BBHu051LrD2BNEWY/LugJD0hFhTmxmLrBy+d/o7q2R28VURMbWZx6uyVgSz3kiggichkBXuKWHX/fQHE=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 04 Dec 2023 03:31:36 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 29 Nov 2023 02:18:46 GMT
vary: Accept-Encoding
etag: W/"65669f86-234ab"
strict-transport-security: max-age=5184000; includeSubDomains
x-frame-options: DENY
content-security-policy: frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8300fa38a94cb51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

www.googletagmanager.com/gtag/js?id=G-2K753Z6D0L&l=dataLayer&cx=c

142.250.74.168

200 OK

86 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=G-2K753Z6D0L&l=dataLayer&cx=c
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://auth.savings.workingadvantage.com/cenlar/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fcenlar.savings.workingadvantage.com%2F
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT

File type
ASCII text, with very long lines (13010)
Size
86 kB (85761 bytes)
Hash
4a0ed7e258a33bb18ceb49f5f1d1a223
ca7792169a47fca3a930d07ec6bfd7ba485e21ac
65c2ae0d0916bb8dbc8228fa19ba4668e7033126a48d1bed20a2a17c960105dc

HTTP Headers

GET /gtag/js?id=G-2K753Z6D0L&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 04 Dec 2023 03:31:40 GMT
expires: Mon, 04 Dec 2023 03:31:40 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 85761
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

cenlar.savings.beneplace.com/api/controls/cenlar

172.64.150.236

200 OK

846 B

URL GET HTTP/2
cenlar.savings.beneplace.com/api/controls/cenlar
IP
172.64.150.236:443
ASN
#13335 CLOUDFLARENET

Requested by
https://auth.savings.workingadvantage.com/cenlar/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fcenlar.savings.workingadvantage.com%2F
Certificate
IssuerCloudflare, Inc.
Subjectbeneplace.com
FingerprintFA:10:71:A9:9F:97:37:4F:1A:89:A2:E9:CC:0F:95:A6:CF:A4:A2:D1
ValidityFri, 01 Dec 2023 00:00:00 GMT - Sat, 30 Nov 2024 23:59:59 GMT

File type
JSON data\012- , ASCII text, with very long lines (2050), with no line terminators
Size
846 B (846 bytes)
Hash
66a41fb5c208b7a7036321fcc1a1309a
976240b9b349f4cd7f3eb4473feb2a6698442dce
341083bce636014fe77945e54a94e8cce5c1a34cfe400bffe146af1e78e73cae

HTTP Headers

GET /api/controls/cenlar HTTP/1.1
Host: cenlar.savings.beneplace.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://auth.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 04 Dec 2023 03:31:40 GMT
content-type: application/json; charset=utf-8
x-powered-by: 
access-control-allow-origin: https://auth.savings.workingadvantage.com
vary: Origin
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
etag: W/"802-l2JAubNJ9M1/PrRHP+sqZphELc4"
expires: Mon, 04 Dec 2023 03:31:39 GMT
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=vdKbHGwLRYrSJeFZROVnhcV9Hd5pG1K9DwzbiqYQuHQ-1701660700-0-AYaBsK/usEJWKSl5w8lAUGJgUPaZlh64sYLKuTfEUobsnepW6kO69F08nDVk4R59rcJOg0cTBru6wVZhqr9uWno=; path=/; expires=Mon, 04-Dec-23 04:01:40 GMT; domain=.beneplace.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8300fa4fc8dcb4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cenlar.savings.beneplace.com/api/platform/options/mouseflow?name=workingadvantage_mouseflow_script_id

172.64.150.236

200 OK

29 kB

URL GET HTTP/3
cenlar.savings.beneplace.com/api/platform/options/mouseflow?name=workingadvantage_mouseflow_script_id
IP
172.64.150.236:443
ASN
#13335 CLOUDFLARENET

Requested by
https://auth.savings.workingadvantage.com/cenlar/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fcenlar.savings.workingadvantage.com%2F
Certificate
IssuerCloudflare, Inc.
Subjectbeneplace.com
FingerprintFA:10:71:A9:9F:97:37:4F:1A:89:A2:E9:CC:0F:95:A6:CF:A4:A2:D1
ValidityFri, 01 Dec 2023 00:00:00 GMT - Sat, 30 Nov 2024 23:59:59 GMT

File type
JSON data\012- , ASCII text, with no line terminators
Size
29 kB (29346 bytes)
Hash
a0fc57db298bfd449bf76a9d58ad85d2
c56111472fbc155a7c9c5c1e71e84b725457ec6a
61b4579ddd9500f72669998271f04641a6f956554326995c3000531a9a57e4d4

HTTP Headers

GET /api/platform/options/mouseflow?name=workingadvantage_mouseflow_script_id HTTP/1.1
Host: cenlar.savings.beneplace.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://auth.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 04 Dec 2023 03:31:40 GMT
content-type: application/json; charset=utf-8
x-powered-by: 
access-control-allow-origin: https://auth.savings.workingadvantage.com
vary: Origin
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
etag: W/"5e-xWERRy+8FVp8nFwecehLclRX7Go"
expires: Mon, 04 Dec 2023 03:31:39 GMT
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=6tFH9SDTlsvSkjZb_vEkzbQGhAeBBLSQJopDRByorkc-1701660700-0-Aa8HxNI+LvDwyFV0WDq4wZXZ62xJ5vvXf8NJ2m6fDiDoow9zF5oTt1L8s/PXgAZXpi0+c4ZocFHbJyLyrPpareg=; path=/; expires=Mon, 04-Dec-23 04:01:40 GMT; domain=.beneplace.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8300fa51ebae56c4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

auth.savings.workingadvantage.com/assets/workingadvantage_logo_wide_inverse_01.png

172.64.148.145

200 OK

19 kB

URL GET HTTP/3
auth.savings.workingadvantage.com/assets/workingadvantage_logo_wide_inverse_01.png
IP
172.64.148.145:443
ASN
#13335 CLOUDFLARENET

Requested by
https://auth.savings.workingadvantage.com/cenlar/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fcenlar.savings.workingadvantage.com%2F
Certificate
IssuerCloudflare, Inc.
Subjectworkingadvantage.com
FingerprintE1:B3:50:87:CF:77:63:80:7F:9D:81:96:18:E2:FA:4F:AC:2D:A8:B6
ValidityThu, 06 Jul 2023 00:00:00 GMT - Thu, 04 Jul 2024 23:59:59 GMT

File type
PNG image data, 500 x 200, 8-bit/color RGBA, non-interlaced\012- data
Size
19 kB (18724 bytes)
Hash
fad05a309055bbe24890d609a98528f4
48fbd56aa5b0bd2b6139b23a0097aa02a594e13e
22de6cb47cb99a22c97982e083731cbbd79340c75261c8e68f9ddb350a11d264

HTTP Headers

GET /assets/workingadvantage_logo_wide_inverse_01.png HTTP/1.1
Host: auth.savings.workingadvantage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/cenlar/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https:%2F%2Fcenlar.savings.workingadvantage.com%2F
Cookie: __cf_bm=vY0Hz_uP7DG24iup926p1QBfthVp.thOZHqVa8sTrFQ-1701660696-0-AbF2t/+BBHu051LrD2BNEWY/LugJD0hFhTmxmLrBy+d/o7q2R28VURMbWZx6uyVgSz3kiggichkBXuKWHX/fQHE=; AMCV_B5F9FF2554F608410A4C98C6%40AdobeOrg=1176715910%7CMCIDTS%7C19696%7CMCMID%7C04520742135485040159202582068336759797%7CMCAID%7CNONE%7CMCOPTOUT-1701667906s%7CNONE%7CvVersion%7C5.4.0; _ga_FD2X5ZMELR=GS1.1.1701660702.1.1.1701660704.0.0.0; _ga=GA1.1.1755890808.1701660703; s_ecid=MCMID%7C04520742135485040159202582068336759797; AMCVS_B5F9FF2554F608410A4C98C6%40AdobeOrg=1; btIdentify=2208a83b-5e7a-43c6-8283-f2fbfb54b672; _bti=%7B%22app_id%22%3A%22ebg-wag3%22%2C%22bsin%22%3A%22yYRVDtSGmFaaR8tcq5ePC05pKXEZFIPyLkO6sbG5uYRAEZemHmQZy30d0UQWL4aBxltHY7Dt3Ac%2FVyydhRGqgg%3D%3D%22%2C%22is_identified%22%3Afalse%7D; _bts=02a5041b-77a8-462a-b5b3-47adbfa57cca; _gcl_au=1.1.194618815.1701660703; cf_clearance=ixO4BoKSJJPQJJJVE3AqthtjzBvpPCCoidnppffZ_ZY-1701660697-0-1-730ca2d2.73a07051.5b213570-0.2.1701660697; mbox=session#b5b88b13ad024c1bb4c208d2e473cf63#1701662566; at_check=true; sat_domain=A; g3refurl=https%253A%252F%252Fauth.savings.workingadvantage.com%252Fcenlar%252Fsign-in%253Fresponse_type%253Dcode%2526client_id%253D9ezalirn45mf43imjtdf53%2526redirect_uri%253Dhttps%253A%25252f%25252fcenlar.savings.workingadvantage.com%25252f; prev_url_v2=https%253A%252F%252Fauth.savings.workingadvantage.com%252Fcenlar%252Fsign-in%253Fresponse_type%253Dcode%2526client_id%253D9ezalirn45mf43imjtdf53%2526redirect_uri%253Dhttps%253A%25252f%25252fcenlar.savings.workingadvantage.com%25252f; s_cc=true; split_test_groups={}
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 04 Dec 2023 03:31:41 GMT
content-type: image/png
content-length: 18724
last-modified: Wed, 29 Nov 2023 02:24:58 GMT
etag: "6566a0fa-4924"
accept-ranges: bytes
strict-transport-security: max-age=5184000; includeSubDomains
x-frame-options: DENY
content-security-policy: frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8300fa56dad6b51b-OSL
alt-svc: h3=":443"; ma=86400

g3i.imgix.net/uploads/cenlar_logo_wide_01.png?w=250&h=32&crop=entropy&fit=clip&trim=color&trim-color=FFFFFF

151.101.246.208

200 OK

6.8 kB

URL GET HTTP/2
g3i.imgix.net/uploads/cenlar_logo_wide_01.png?w=250&h=32&crop=entropy&fit=clip&trim=color&trim-color=FFFFFF
IP
151.101.246.208:443
ASN
#54113 FASTLY

Requested by
https://auth.savings.workingadvantage.com/cenlar/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fcenlar.savings.workingadvantage.com%2F
Certificate
IssuerCertainly
Subject*.imgix.net
Fingerprint78:D7:44:3E:7A:6A:98:03:E3:A6:91:C1:20:CA:43:BB:F5:93:F3:CE
ValidityFri, 01 Dec 2023 12:25:47 GMT - Sun, 31 Dec 2023 12:25:46 GMT

File type
PNG image data, 127 x 32, 8-bit/color RGB, non-interlaced\012- data
Size
6.8 kB (6796 bytes)
Hash
9d7655d48f0b5be04088d57693f4366f
84daf8809e4f6126d6c89e69ea2fcbbe61246a0b
de5e59648a4383bd7b144022f3211082b2e5e947e0a05c59ddf7736dae777605

HTTP Headers

GET /uploads/cenlar_logo_wide_01.png?w=250&h=32&crop=entropy&fit=clip&trim=color&trim-color=FFFFFF HTTP/1.1
Host: g3i.imgix.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
last-modified: Fri, 01 Dec 2023 02:56:20 GMT
cache-control: public, max-age=31536000
server: imgix
x-imgix-id: e3b40efe4e645e34bf149fceb59fa0a3d733916d
x-imgix-render-farm: 01.140360
date: Mon, 04 Dec 2023 03:31:41 GMT
age: 261321
accept-ranges: bytes
content-type: image/png
access-control-allow-origin: *
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
x-served-by: cache-sjc10037-SJC, cache-hel1410023-HEL
x-cache: HIT, MISS
content-length: 6796
X-Firefox-Spdy: h2

controlpanel.savings.beneplace.com/uploads/cenlar_favicon_01.ico

172.64.150.236

5.2 kB

URL GET
controlpanel.savings.beneplace.com/uploads/cenlar_favicon_01.ico
IP
172.64.150.236:0
ASN
#13335 CLOUDFLARENET

Requested by
https://auth.savings.workingadvantage.com/cenlar/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fcenlar.savings.workingadvantage.com%2F
Certificate
IssuerCloudflare, Inc.
Subjectbeneplace.com
FingerprintFA:10:71:A9:9F:97:37:4F:1A:89:A2:E9:CC:0F:95:A6:CF:A4:A2:D1
ValidityFri, 01 Dec 2023 00:00:00 GMT - Sat, 30 Nov 2024 23:59:59 GMT

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Size
5.2 kB (5219 bytes)
Hash
9396b3bc39cd51147f53e89fcc716609
2dc8cfff6bfa9d64710ab2b299ba7e4799bd3573
fd839d346c13a08c470531b18a6b03ab5f93a08beb8a429abb2da218b1d3d732

HTTP Headers

GET /uploads/cenlar_favicon_01.ico HTTP/1.1
Host: controlpanel.savings.beneplace.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 04 Dec 2023 03:31:40 GMT
content-type: image/x-icon
last-modified: Fri, 07 Jan 2022 19:29:54 GMT
etag: W/"61d894b2-47e"
cache-control: public, max-age=2592000, s-maxage=600
cf-cache-status: MISS
set-cookie: __cf_bm=C6L7rBZsJtMDt0FUXEA28MObt.h7y8AnNybF4CHrXKo-1701660700-0-AZqk55/2ooqfAsVfoD84REy1iL9g7VNzxebF6s6AtZ6yl6o0CS+BvASoKIXdhMQAHVOmuHZGk2YU5/MQKZ5MUP4=; path=/; expires=Mon, 04-Dec-23 04:01:40 GMT; domain=.beneplace.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8300fa53991856bb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

g3i.imgix.net/uploads/cenlar_carousel_05.jpg

151.101.246.208

200 OK

192 kB

URL GET HTTP/2
g3i.imgix.net/uploads/cenlar_carousel_05.jpg
IP
151.101.246.208:443
ASN
#54113 FASTLY

Requested by
https://auth.savings.workingadvantage.com/cenlar/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fcenlar.savings.workingadvantage.com%2F
Certificate
IssuerCertainly
Subject*.imgix.net
Fingerprint78:D7:44:3E:7A:6A:98:03:E3:A6:91:C1:20:CA:43:BB:F5:93:F3:CE
ValidityFri, 01 Dec 2023 12:25:47 GMT - Sun, 31 Dec 2023 12:25:46 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1920x1400, components 3\012- data
Size
192 kB (191532 bytes)
Hash
7315eadffb8567b0ef42add703be73ba
b6f6bb8dcba9a1e45c1ce2bf3ba95f3e8d1f301d
73cc6fe654e0cddb2ca7f438c5e6ae57c3bb00fad943e8099306dfb4233d8d2a

HTTP Headers

GET /uploads/cenlar_carousel_05.jpg HTTP/1.1
Host: g3i.imgix.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
last-modified: Mon, 04 Dec 2023 03:31:41 GMT
cache-control: public, max-age=31536000
server: imgix
x-imgix-id: 35c88dd0b1936981b250ef0508b4e8e241ddf6cd
x-imgix-render-farm: 01.140360
date: Mon, 04 Dec 2023 03:31:41 GMT
age: 0
accept-ranges: bytes
content-type: image/jpeg
access-control-allow-origin: *
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
x-served-by: cache-sjc10078-SJC, cache-hel1410023-HEL
x-cache: MISS, MISS
content-length: 191532
X-Firefox-Spdy: h2

fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ3q5d0.woff2

216.58.207.227

200 OK

14 kB

URL GET HTTP/3
fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ3q5d0.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://auth.savings.workingadvantage.com/cenlar/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fcenlar.savings.workingadvantage.com%2F
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 14168, version 1.0\012- data
Size
14 kB (14168 bytes)
Hash
017598645bcc882a3610effe171c2ca3
ceaca8172b95b6954d5a5752698a5162d7e9877c
7a7ce1a34f3e9944fe88fc61abbc93b6db383afa2b90815fd7ccea456fbce4e5

HTTP Headers

GET /s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ3q5d0.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://auth.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 14168
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 12:50:31 GMT
expires: Fri, 29 Nov 2024 12:50:31 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 02 May 2023 15:29:56 GMT
content-type: font/woff2
age: 312071
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh50XSwiPGQ3q5d0.woff2

216.58.207.227

200 OK

14 kB

URL GET HTTP/3
fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh50XSwiPGQ3q5d0.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://auth.savings.workingadvantage.com/cenlar/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fcenlar.savings.workingadvantage.com%2F
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 13724, version 1.0\012- data
Size
14 kB (13724 bytes)
Hash
cf5ec3859b05de1b9351ab934b937417
97ffac24ea5fe5c47301f1be229699330ea93bf2
bd9a6192274f8f2f3ce31cd3d2cae5ebe32e2fa86fc7c4f60a3c28556e496d56

HTTP Headers

GET /s/lato/v24/S6u9w4BMUTPHh50XSwiPGQ3q5d0.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://auth.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 13724
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 04:58:25 GMT
expires: Fri, 29 Nov 2024 04:58:25 GMT
cache-control: public, max-age=31536000
age: 340397
last-modified: Tue, 02 May 2023 15:20:27 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

maps.googleapis.com/maps-api-v3/api/js/54/12a/common.js

172.217.21.170

200 OK

57 kB

URL GET HTTP/3
maps.googleapis.com/maps-api-v3/api/js/54/12a/common.js
IP
172.217.21.170:443
ASN
#15169 GOOGLE

Requested by
https://auth.savings.workingadvantage.com/cenlar/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fcenlar.savings.workingadvantage.com%2F
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
ASCII text, with very long lines (4584)
Size
57 kB (57367 bytes)
Hash
62dd4694504b9493499887d729e7d456
31e1581fda82bcbe5971f202b686a7f2d16d3394
0b6fb8c2b9ee6b41540fd549a726e431eb8667074da38d94af8a647ae05e9da7

HTTP Headers

GET /maps-api-v3/api/js/54/12a/common.js HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-length: 57367
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 29 Nov 2023 21:48:44 GMT
expires: Thu, 28 Nov 2024 21:48:44 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 06 Nov 2023 21:27:26 GMT
content-type: text/javascript
vary: Accept-Encoding, Origin
age: 366180
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

maps.googleapis.com/maps-api-v3/api/js/54/12a/util.js

172.217.21.170

200 OK

50 kB

URL GET HTTP/3
maps.googleapis.com/maps-api-v3/api/js/54/12a/util.js
IP
172.217.21.170:443
ASN
#15169 GOOGLE

Requested by
https://auth.savings.workingadvantage.com/cenlar/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fcenlar.savings.workingadvantage.com%2F
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
ASCII text, with very long lines (584)
Size
50 kB (50370 bytes)
Hash
dd9a0890c6719e8bbaf67f14c6032e48
645a019ec207a0c321401b6d0d05da505f9917b7
206b430ad8e96d2f58a4c4cc6d2e5b97b40a1b62d9c1a7b027409b376da8c1de

HTTP Headers

GET /maps-api-v3/api/js/54/12a/util.js HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-length: 50370
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 29 Nov 2023 14:58:14 GMT
expires: Thu, 28 Nov 2024 14:58:14 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 06 Nov 2023 21:27:26 GMT
content-type: text/javascript
vary: Accept-Encoding, Origin
age: 390810
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

auth.savings.workingadvantage.com/cenlar/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fcenlar.savings.workingadvantage.com%2F

172.64.148.145

200 OK

10 kB

URL User Request GET HTTP/3
auth.savings.workingadvantage.com/cenlar/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fcenlar.savings.workingadvantage.com%2F
IP
172.64.148.145:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerCloudflare, Inc.
Subjectworkingadvantage.com
FingerprintE1:B3:50:87:CF:77:63:80:7F:9D:81:96:18:E2:FA:4F:AC:2D:A8:B6
ValidityThu, 06 Jul 2023 00:00:00 GMT - Thu, 04 Jul 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (2673)
Size
10 kB (10021 bytes)
Hash
9dc741cceb3e6196fc51aaf393ba667d
4bc2d73332ea98260ff182810915604317328de8
71acbca9b831f8a47366482c0664f975f7a4bc3d9db4fe8cda3fb5036ac2f001

HTTP Headers

GET /cenlar/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fcenlar.savings.workingadvantage.com%2F HTTP/1.1
Host: auth.savings.workingadvantage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cenlar.savings.workingadvantage.com/
DNT: 1
Connection: keep-alive
Cookie: __cf_bm=vY0Hz_uP7DG24iup926p1QBfthVp.thOZHqVa8sTrFQ-1701660696-0-AbF2t/+BBHu051LrD2BNEWY/LugJD0hFhTmxmLrBy+d/o7q2R28VURMbWZx6uyVgSz3kiggichkBXuKWHX/fQHE=; AMCV_B5F9FF2554F608410A4C98C6%40AdobeOrg=1176715910%7CMCIDTS%7C19696%7CMCMID%7C04520742135485040159202582068336759797%7CMCAID%7CNONE%7CMCOPTOUT-1701667903s%7CNONE%7CvVersion%7C5.4.0; _ga_FD2X5ZMELR=GS1.1.1701660702.1.0.1701660703.0.0.0; _ga=GA1.1.1755890808.1701660703; s_ecid=MCMID%7C04520742135485040159202582068336759797; AMCVS_B5F9FF2554F608410A4C98C6%40AdobeOrg=1; btIdentify=2208a83b-5e7a-43c6-8283-f2fbfb54b672; _bti=%7B%22app_id%22%3A%22ebg-wag3%22%2C%22bsin%22%3A%22yYRVDtSGmFaaR8tcq5ePC05pKXEZFIPyLkO6sbG5uYRAEZemHmQZy30d0UQWL4aBxltHY7Dt3Ac%2FVyydhRGqgg%3D%3D%22%2C%22is_identified%22%3Afalse%7D; _bts=02a5041b-77a8-462a-b5b3-47adbfa57cca; _gcl_au=1.1.194618815.1701660703; cf_clearance=ixO4BoKSJJPQJJJVE3AqthtjzBvpPCCoidnppffZ_ZY-1701660697-0-1-730ca2d2.73a07051.5b213570-0.2.1701660697
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 04 Dec 2023 03:31:38 GMT
content-type: text/html; charset=utf-8
last-modified: Wed, 29 Nov 2023 02:24:58 GMT
vary: Accept-Encoding
strict-transport-security: max-age=5184000; includeSubDomains
x-frame-options: DENY
content-security-policy: frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8300fa464d92b51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

www.googletagmanager.com/gtag/js?id=UA-2876877-9

142.250.74.168

200 OK

191 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=UA-2876877-9
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://auth.savings.workingadvantage.com/cenlar/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fcenlar.savings.workingadvantage.com%2F
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT

File type
ASCII text, with very long lines (4179)
Size
191 kB (190734 bytes)
Hash
ec916bd3f25d923a70a220355edb8ac6
fbd4fe0283c0977f4824b1f9b33ad56f7505aca8
e396cdca628ab76403bc3afd1697155c5c51878c3b0fa5d066c7146b315cad6e

HTTP Headers

GET /gtag/js?id=UA-2876877-9 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 04 Dec 2023 03:31:40 GMT
expires: Mon, 04 Dec 2023 03:31:40 GMT
cache-control: private, max-age=900
last-modified: Mon, 04 Dec 2023 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 68947
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

g3i.imgix.net/uploads/cenlar_logo_wide_01.png?w=280&h=24&crop=entropy&fit=clip&trim=color&trim-color=FFFFFF

151.101.246.208

200 OK

4.6 kB

URL GET HTTP/2
g3i.imgix.net/uploads/cenlar_logo_wide_01.png?w=280&h=24&crop=entropy&fit=clip&trim=color&trim-color=FFFFFF
IP
151.101.246.208:443
ASN
#54113 FASTLY

Requested by
https://auth.savings.workingadvantage.com/cenlar/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fcenlar.savings.workingadvantage.com%2F
Certificate
IssuerCertainly
Subject*.imgix.net
Fingerprint78:D7:44:3E:7A:6A:98:03:E3:A6:91:C1:20:CA:43:BB:F5:93:F3:CE
ValidityFri, 01 Dec 2023 12:25:47 GMT - Sun, 31 Dec 2023 12:25:46 GMT

File type
PNG image data, 95 x 24, 8-bit/color RGB, non-interlaced\012- data
Size
4.6 kB (4603 bytes)
Hash
6519e12b677bb2d81e9fd5e01a742137
ad2f8b5924ecc2f71dd362f029effbdda238148d
59039cf89e972be5fb6b4bce11d79a4c4f6b8dfcefe66ba55f673e95df205c06

HTTP Headers

GET /uploads/cenlar_logo_wide_01.png?w=280&h=24&crop=entropy&fit=clip&trim=color&trim-color=FFFFFF HTTP/1.1
Host: g3i.imgix.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
last-modified: Tue, 14 Nov 2023 16:24:29 GMT
cache-control: public, max-age=31536000
server: imgix
x-imgix-id: 83f0b00efa29c2f9c3584a536a4539cf9d5b4cbd
x-imgix-render-farm: 01.140360
date: Mon, 04 Dec 2023 03:31:41 GMT
age: 1681632
accept-ranges: bytes
content-type: image/png
access-control-allow-origin: *
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
x-served-by: cache-sjc1000110-SJC, cache-hel1410023-HEL
x-cache: HIT, MISS
content-length: 4603
X-Firefox-Spdy: h2

auth.savings.workingadvantage.com/scripts.b785e07ef29de485.js

172.64.148.145

200 OK

170 kB

URL GET HTTP/3
auth.savings.workingadvantage.com/scripts.b785e07ef29de485.js
IP
172.64.148.145:443
ASN
#13335 CLOUDFLARENET

Requested by
https://auth.savings.workingadvantage.com/cenlar/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fcenlar.savings.workingadvantage.com%2F
Certificate
IssuerCloudflare, Inc.
Subjectworkingadvantage.com
FingerprintE1:B3:50:87:CF:77:63:80:7F:9D:81:96:18:E2:FA:4F:AC:2D:A8:B6
ValidityThu, 06 Jul 2023 00:00:00 GMT - Thu, 04 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
170 kB (169744 bytes)
Hash
46c966376ef0860c9f256d7701100634
7cf0609623ef764b6c28e3778565084628881241
ac3e5cf9dbf7e7d8afbde8193602e353a531e05ea3ed89990432248a8c73ee18

HTTP Headers

GET /scripts.b785e07ef29de485.js HTTP/1.1
Host: auth.savings.workingadvantage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/cenlar/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fcenlar.savings.workingadvantage.com%2F
Cookie: __cf_bm=vY0Hz_uP7DG24iup926p1QBfthVp.thOZHqVa8sTrFQ-1701660696-0-AbF2t/+BBHu051LrD2BNEWY/LugJD0hFhTmxmLrBy+d/o7q2R28VURMbWZx6uyVgSz3kiggichkBXuKWHX/fQHE=; AMCV_B5F9FF2554F608410A4C98C6%40AdobeOrg=1176715910%7CMCIDTS%7C19696%7CMCMID%7C04520742135485040159202582068336759797%7CMCAID%7CNONE%7CMCOPTOUT-1701667903s%7CNONE%7CvVersion%7C5.4.0; _ga_FD2X5ZMELR=GS1.1.1701660702.1.0.1701660703.0.0.0; _ga=GA1.1.1755890808.1701660703; s_ecid=MCMID%7C04520742135485040159202582068336759797; AMCVS_B5F9FF2554F608410A4C98C6%40AdobeOrg=1; btIdentify=2208a83b-5e7a-43c6-8283-f2fbfb54b672; _bti=%7B%22app_id%22%3A%22ebg-wag3%22%2C%22bsin%22%3A%22yYRVDtSGmFaaR8tcq5ePC05pKXEZFIPyLkO6sbG5uYRAEZemHmQZy30d0UQWL4aBxltHY7Dt3Ac%2FVyydhRGqgg%3D%3D%22%2C%22is_identified%22%3Afalse%7D; _bts=02a5041b-77a8-462a-b5b3-47adbfa57cca; _gcl_au=1.1.194618815.1701660703; cf_clearance=ixO4BoKSJJPQJJJVE3AqthtjzBvpPCCoidnppffZ_ZY-1701660697-0-1-730ca2d2.73a07051.5b213570-0.2.1701660697
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 04 Dec 2023 03:31:38 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 29 Nov 2023 02:24:53 GMT
vary: Accept-Encoding
etag: W/"6566a0f5-29710"
strict-transport-security: max-age=5184000; includeSubDomains
x-frame-options: DENY
content-security-policy: frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8300fa47ae04b51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

cenlar.savings.beneplace.com/api/cenlar/marketplace-styles.css

172.64.150.236

200 OK

33 kB

URL GET HTTP/2
cenlar.savings.beneplace.com/api/cenlar/marketplace-styles.css
IP
172.64.150.236:443
ASN
#13335 CLOUDFLARENET

Requested by
https://auth.savings.workingadvantage.com/cenlar/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fcenlar.savings.workingadvantage.com%2F
Certificate
IssuerCloudflare, Inc.
Subjectbeneplace.com
FingerprintFA:10:71:A9:9F:97:37:4F:1A:89:A2:E9:CC:0F:95:A6:CF:A4:A2:D1
ValidityFri, 01 Dec 2023 00:00:00 GMT - Sat, 30 Nov 2024 23:59:59 GMT

File type
ASCII text
Size
33 kB (33121 bytes)
Hash
03757078e96addc8e27642c2f6aca87d
33bf458bb6c31159439fd0c5eee7ed7a3a576bf0
1855753c553a53ce37ff94f7d9204db18175dfd4f135b402e15aec9675086819

HTTP Headers

GET /api/cenlar/marketplace-styles.css HTTP/1.1
Host: cenlar.savings.beneplace.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://auth.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 04 Dec 2023 03:31:40 GMT
content-type: text/css; charset=utf-8
x-powered-by: 
access-control-allow-origin: https://auth.savings.workingadvantage.com
vary: Origin
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
etag: W/"8161-M79Fi7bDEVlDn9DF7uftejpXa/A"
expires: Mon, 04 Dec 2023 03:31:39 GMT
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=l9yOl5dvVrk4_xVvZMHqmm_DuIuxPb6wtad3UCEj2xM-1701660700-0-AcMpyogfhHdBYN3/RpBLvan4rxiSbDXrdiHRj4aEG67HCqNBWlVphFzFZOIhpMH9gWeJuJiF4r4LqbtXI+pzZHU=; path=/; expires=Mon, 04-Dec-23 04:01:40 GMT; domain=.beneplace.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8300fa4dc82ab4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cenlar.savings.beneplace.com/api/info?authInfo=true

172.64.150.236

200 OK

8.5 kB

URL GET HTTP/2
cenlar.savings.beneplace.com/api/info?authInfo=true
IP
172.64.150.236:443
ASN
#13335 CLOUDFLARENET

Requested by
https://auth.savings.workingadvantage.com/cenlar/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fcenlar.savings.workingadvantage.com%2F
Certificate
IssuerCloudflare, Inc.
Subjectbeneplace.com
FingerprintFA:10:71:A9:9F:97:37:4F:1A:89:A2:E9:CC:0F:95:A6:CF:A4:A2:D1
ValidityFri, 01 Dec 2023 00:00:00 GMT - Sat, 30 Nov 2024 23:59:59 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (9085), with no line terminators
Size
8.5 kB (8458 bytes)
Hash
d896c5dcbf45fd319cc4db2d1825ad8d
0065d24d90f6c88a3fec46dc9a3ab3e6daf38ca7
f9dbc2a2eae20da557eb473c344663ea57690f05b978716013fc8e1469433526

HTTP Headers

GET /api/info?authInfo=true HTTP/1.1
Host: cenlar.savings.beneplace.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://auth.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 04 Dec 2023 03:31:39 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding, Origin
x-powered-by: 
access-control-allow-origin: https://auth.savings.workingadvantage.com
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
expires: Mon, 04 Dec 2023 03:31:38 GMT
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=HkYQkL0rFWb590xJmW0ejDZs.T8sPejXzUbw8Lgp7jU-1701660699-0-AdrsR0zFZBk7eF1/PuClCU9PSiu5djMExYNeo5WZPJAa5qsVXaI7RMA2lbFOGIvZj90jnriotzzThxHRbElrQRM=; path=/; expires=Mon, 04-Dec-23 04:01:39 GMT; domain=.beneplace.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8300fa4de839b4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

auth.savings.workingadvantage.com/polyfills.9bd4a18a68d081a1.js

172.64.148.145

200 OK

124 kB

URL GET HTTP/3
auth.savings.workingadvantage.com/polyfills.9bd4a18a68d081a1.js
IP
172.64.148.145:443
ASN
#13335 CLOUDFLARENET

Requested by
https://auth.savings.workingadvantage.com/cenlar/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fcenlar.savings.workingadvantage.com%2F
Certificate
IssuerCloudflare, Inc.
Subjectworkingadvantage.com
FingerprintE1:B3:50:87:CF:77:63:80:7F:9D:81:96:18:E2:FA:4F:AC:2D:A8:B6
ValidityThu, 06 Jul 2023 00:00:00 GMT - Thu, 04 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
124 kB (124503 bytes)
Hash
0cd11218e1d6b6ab172b905bb2eb2693
9bc810ec1a37bdd5f7f6fe480529cbac372f84e5
040e0f83384cfe2b858b56ce6e588c85aa1f9840901d5edcb8266f65b00a68a5

HTTP Headers

GET /polyfills.9bd4a18a68d081a1.js HTTP/1.1
Host: auth.savings.workingadvantage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/cenlar/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fcenlar.savings.workingadvantage.com%2F
Cookie: __cf_bm=vY0Hz_uP7DG24iup926p1QBfthVp.thOZHqVa8sTrFQ-1701660696-0-AbF2t/+BBHu051LrD2BNEWY/LugJD0hFhTmxmLrBy+d/o7q2R28VURMbWZx6uyVgSz3kiggichkBXuKWHX/fQHE=; AMCV_B5F9FF2554F608410A4C98C6%40AdobeOrg=1176715910%7CMCIDTS%7C19696%7CMCMID%7C04520742135485040159202582068336759797%7CMCAID%7CNONE%7CMCOPTOUT-1701667903s%7CNONE%7CvVersion%7C5.4.0; _ga_FD2X5ZMELR=GS1.1.1701660702.1.0.1701660703.0.0.0; _ga=GA1.1.1755890808.1701660703; s_ecid=MCMID%7C04520742135485040159202582068336759797; AMCVS_B5F9FF2554F608410A4C98C6%40AdobeOrg=1; btIdentify=2208a83b-5e7a-43c6-8283-f2fbfb54b672; _bti=%7B%22app_id%22%3A%22ebg-wag3%22%2C%22bsin%22%3A%22yYRVDtSGmFaaR8tcq5ePC05pKXEZFIPyLkO6sbG5uYRAEZemHmQZy30d0UQWL4aBxltHY7Dt3Ac%2FVyydhRGqgg%3D%3D%22%2C%22is_identified%22%3Afalse%7D; _bts=02a5041b-77a8-462a-b5b3-47adbfa57cca; _gcl_au=1.1.194618815.1701660703; cf_clearance=ixO4BoKSJJPQJJJVE3AqthtjzBvpPCCoidnppffZ_ZY-1701660697-0-1-730ca2d2.73a07051.5b213570-0.2.1701660697
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 04 Dec 2023 03:31:39 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 29 Nov 2023 02:24:53 GMT
vary: Accept-Encoding
etag: W/"6566a0f5-1e657"
strict-transport-security: max-age=5184000; includeSubDomains
x-frame-options: DENY
content-security-policy: frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8300fa479e02b51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

auth.savings.workingadvantage.com/auth/authorize?subdomain=cenlar&response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fcenlar.savings.workingadvantage.com%2F

172.64.148.145

302 Found

10 kB

URL User Request GET HTTP/3
auth.savings.workingadvantage.com/auth/authorize?subdomain=cenlar&response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fcenlar.savings.workingadvantage.com%2F
IP
172.64.148.145:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerCloudflare, Inc.
Subjectworkingadvantage.com
FingerprintE1:B3:50:87:CF:77:63:80:7F:9D:81:96:18:E2:FA:4F:AC:2D:A8:B6
ValidityThu, 06 Jul 2023 00:00:00 GMT - Thu, 04 Jul 2024 23:59:59 GMT

File type

Size
10 kB (10021 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /auth/authorize?subdomain=cenlar&response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fcenlar.savings.workingadvantage.com%2F HTTP/1.1
Host: auth.savings.workingadvantage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cenlar.savings.workingadvantage.com/
Cookie: __cf_bm=vY0Hz_uP7DG24iup926p1QBfthVp.thOZHqVa8sTrFQ-1701660696-0-AbF2t/+BBHu051LrD2BNEWY/LugJD0hFhTmxmLrBy+d/o7q2R28VURMbWZx6uyVgSz3kiggichkBXuKWHX/fQHE=; AMCV_B5F9FF2554F608410A4C98C6%40AdobeOrg=1176715910%7CMCIDTS%7C19696%7CMCMID%7C04520742135485040159202582068336759797%7CMCAID%7CNONE%7CMCOPTOUT-1701667903s%7CNONE%7CvVersion%7C5.4.0; _ga_FD2X5ZMELR=GS1.1.1701660702.1.0.1701660703.0.0.0; _ga=GA1.1.1755890808.1701660703; s_ecid=MCMID%7C04520742135485040159202582068336759797; AMCVS_B5F9FF2554F608410A4C98C6%40AdobeOrg=1; btIdentify=2208a83b-5e7a-43c6-8283-f2fbfb54b672; _bti=%7B%22app_id%22%3A%22ebg-wag3%22%2C%22bsin%22%3A%22yYRVDtSGmFaaR8tcq5ePC05pKXEZFIPyLkO6sbG5uYRAEZemHmQZy30d0UQWL4aBxltHY7Dt3Ac%2FVyydhRGqgg%3D%3D%22%2C%22is_identified%22%3Afalse%7D; _bts=02a5041b-77a8-462a-b5b3-47adbfa57cca; _gcl_au=1.1.194618815.1701660703; cf_clearance=ixO4BoKSJJPQJJJVE3AqthtjzBvpPCCoidnppffZ_ZY-1701660697-0-1-730ca2d2.73a07051.5b213570-0.2.1701660697
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 302 Found
date: Mon, 04 Dec 2023 03:31:38 GMT
content-type: text/html; charset=utf-8
x-powered-by: 
access-control-allow-origin: http://auth.savings.workingadvantage.com
vary: Origin, Accept
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
location: /cenlar/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fcenlar.savings.workingadvantage.com%2F
expires: Mon, 04 Dec 2023 03:31:37 GMT
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-cache-status: DYNAMIC
strict-transport-security: max-age=5184000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8300fa450d35b51b-OSL
alt-svc: h3=":443"; ma=86400

smetrics.workingadvantage.com/b/ss/entbenwag3/1/JS-2.22.4-LDQM/s124471132024

63.140.62.135

200 OK

43 B

URL POST HTTP/2
smetrics.workingadvantage.com/b/ss/entbenwag3/1/JS-2.22.4-LDQM/s124471132024
IP
63.140.62.135:443
ASN
#16509 AMAZON-02

Requested by
https://auth.savings.workingadvantage.com/cenlar/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fcenlar.savings.workingadvantage.com%2F
Certificate
IssuerDigiCert Inc
Subjectsmetrics.workingadvantage.com
FingerprintBF:39:6F:26:01:A5:E2:6D:81:D9:EB:97:B2:50:D2:2D:2F:2D:48:43
ValiditySun, 09 Jul 2023 00:00:00 GMT - Thu, 08 Aug 2024 23:59:59 GMT

File type
GIF image data, version 89a, 2 x 2\012- data
Size
43 B (43 bytes)
Hash
ad480fd0732d0f6f1a8b06359e3a42bb
a544538683a2dfe574eeb2e358ac8fcc78289d50
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506

HTTP Headers

POST /b/ss/entbenwag3/1/JS-2.22.4-LDQM/s124471132024 HTTP/1.1
Host: smetrics.workingadvantage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 2131
Origin: https://auth.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Cookie: __cf_bm=vY0Hz_uP7DG24iup926p1QBfthVp.thOZHqVa8sTrFQ-1701660696-0-AbF2t/+BBHu051LrD2BNEWY/LugJD0hFhTmxmLrBy+d/o7q2R28VURMbWZx6uyVgSz3kiggichkBXuKWHX/fQHE=; AMCV_B5F9FF2554F608410A4C98C6%40AdobeOrg=1176715910%7CMCIDTS%7C19696%7CMCMID%7C04520742135485040159202582068336759797%7CMCAID%7CNONE%7CMCOPTOUT-1701667905s%7CNONE%7CvVersion%7C5.4.0; _ga_FD2X5ZMELR=GS1.1.1701660702.1.1.1701660704.0.0.0; _ga=GA1.1.1755890808.1701660703; s_ecid=MCMID%7C04520742135485040159202582068336759797; AMCVS_B5F9FF2554F608410A4C98C6%40AdobeOrg=1; btIdentify=2208a83b-5e7a-43c6-8283-f2fbfb54b672; _bti=%7B%22app_id%22%3A%22ebg-wag3%22%2C%22bsin%22%3A%22yYRVDtSGmFaaR8tcq5ePC05pKXEZFIPyLkO6sbG5uYRAEZemHmQZy30d0UQWL4aBxltHY7Dt3Ac%2FVyydhRGqgg%3D%3D%22%2C%22is_identified%22%3Afalse%7D; _bts=02a5041b-77a8-462a-b5b3-47adbfa57cca; _gcl_au=1.1.194618815.1701660703; cf_clearance=ixO4BoKSJJPQJJJVE3AqthtjzBvpPCCoidnppffZ_ZY-1701660697-0-1-730ca2d2.73a07051.5b213570-0.2.1701660697; mbox=session#b5b88b13ad024c1bb4c208d2e473cf63#1701662566; at_check=true; sat_domain=A; g3refurl=https%253A%252F%252Fauth.savings.workingadvantage.com%252Fcenlar%252Fsign-in%253Fresponse_type%253Dcode%2526client_id%253D9ezalirn45mf43imjtdf53%2526redirect_uri%253Dhttps%253A%25252f%25252fcenlar.savings.workingadvantage.com%25252f; prev_url_v2=https%253A%252F%252Fauth.savings.workingadvantage.com%252Fcenlar%252Fsign-in%253Fresponse_type%253Dcode%2526client_id%253D9ezalirn45mf43imjtdf53%2526redirect_uri%253Dhttps%253A%25252f%25252fcenlar.savings.workingadvantage.com%25252f; s_cc=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: https://auth.savings.workingadvantage.com
access-control-allow-credentials: true
date: Mon, 04 Dec 2023 03:31:40 GMT
expires: Sun, 03 Dec 2023 03:31:40 GMT
last-modified: Tue, 05 Dec 2023 03:31:40 GMT
pragma: no-cache
p3p: CP="This is not a P3P policy"
server: jag
set-cookie: s_ecid=MCMID%7C04520742135485040159202582068336759797; Path=/; Domain=workingadvantage.com; Max-Age=157680000; Expires=Sat, 02 Dec 2028 03:31:31 GMT;
etag: 3654288528936042496-4617840907441720925
vary: *
content-type: image/gif;charset=utf-8
content-length: 43
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2

cenlar.savings.beneplace.com/api/info?authInfo=true

172.64.150.236

200 OK

8.5 kB

URL GET HTTP/3
cenlar.savings.beneplace.com/api/info?authInfo=true
IP
172.64.150.236:443
ASN
#13335 CLOUDFLARENET

Requested by
https://auth.savings.workingadvantage.com/cenlar/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fcenlar.savings.workingadvantage.com%2F
Certificate
IssuerCloudflare, Inc.
Subjectbeneplace.com
FingerprintFA:10:71:A9:9F:97:37:4F:1A:89:A2:E9:CC:0F:95:A6:CF:A4:A2:D1
ValidityFri, 01 Dec 2023 00:00:00 GMT - Sat, 30 Nov 2024 23:59:59 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (9085), with no line terminators
Size
8.5 kB (8458 bytes)
Hash
d896c5dcbf45fd319cc4db2d1825ad8d
0065d24d90f6c88a3fec46dc9a3ab3e6daf38ca7
f9dbc2a2eae20da557eb473c344663ea57690f05b978716013fc8e1469433526

HTTP Headers

GET /api/info?authInfo=true HTTP/1.1
Host: cenlar.savings.beneplace.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://auth.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 04 Dec 2023 03:31:40 GMT
content-type: application/json; charset=utf-8
x-powered-by: 
access-control-allow-origin: https://auth.savings.workingadvantage.com
vary: Origin
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
etag: W/"210a-O5Kp57+WBQ56kx2S71I4/aswqZE"
expires: Mon, 04 Dec 2023 03:31:39 GMT
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=N8kCCyxGhK8grgLZBbpf3SlwrnMet0IYaP9eThpoXjQ-1701660700-0-AT+dxKTJG4Zyqcx63KKGBbyec9dZsFzoBmDmRya/O51m/LnSM5zuifxr8M6NRd8vv6Ohw/bU4pKepoyvvePzL6M=; path=/; expires=Mon, 04-Dec-23 04:01:40 GMT; domain=.beneplace.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8300fa512b7556c4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

auth.savings.workingadvantage.com/runtime.13338c5d9c83d0b6.js

172.64.148.145

200 OK

1.2 kB

URL GET HTTP/3
auth.savings.workingadvantage.com/runtime.13338c5d9c83d0b6.js
IP
172.64.148.145:443
ASN
#13335 CLOUDFLARENET

Requested by
https://auth.savings.workingadvantage.com/cenlar/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fcenlar.savings.workingadvantage.com%2F
Certificate
IssuerCloudflare, Inc.
Subjectworkingadvantage.com
FingerprintE1:B3:50:87:CF:77:63:80:7F:9D:81:96:18:E2:FA:4F:AC:2D:A8:B6
ValidityThu, 06 Jul 2023 00:00:00 GMT - Thu, 04 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (1162), with no line terminators
Size
1.2 kB (1160 bytes)
Hash
e29acf338ccd95684fd9ee2ea7ddd277
721dcd26e75a7d19304bc9442990b605f8f16ff5
12d58735bc08f3bb5aa001af1dfb3acadb4f60264ad7b680d5a8683d184b2d4c

HTTP Headers

GET /runtime.13338c5d9c83d0b6.js HTTP/1.1
Host: auth.savings.workingadvantage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/cenlar/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fcenlar.savings.workingadvantage.com%2F
Cookie: __cf_bm=vY0Hz_uP7DG24iup926p1QBfthVp.thOZHqVa8sTrFQ-1701660696-0-AbF2t/+BBHu051LrD2BNEWY/LugJD0hFhTmxmLrBy+d/o7q2R28VURMbWZx6uyVgSz3kiggichkBXuKWHX/fQHE=; AMCV_B5F9FF2554F608410A4C98C6%40AdobeOrg=1176715910%7CMCIDTS%7C19696%7CMCMID%7C04520742135485040159202582068336759797%7CMCAID%7CNONE%7CMCOPTOUT-1701667903s%7CNONE%7CvVersion%7C5.4.0; _ga_FD2X5ZMELR=GS1.1.1701660702.1.0.1701660703.0.0.0; _ga=GA1.1.1755890808.1701660703; s_ecid=MCMID%7C04520742135485040159202582068336759797; AMCVS_B5F9FF2554F608410A4C98C6%40AdobeOrg=1; btIdentify=2208a83b-5e7a-43c6-8283-f2fbfb54b672; _bti=%7B%22app_id%22%3A%22ebg-wag3%22%2C%22bsin%22%3A%22yYRVDtSGmFaaR8tcq5ePC05pKXEZFIPyLkO6sbG5uYRAEZemHmQZy30d0UQWL4aBxltHY7Dt3Ac%2FVyydhRGqgg%3D%3D%22%2C%22is_identified%22%3Afalse%7D; _bts=02a5041b-77a8-462a-b5b3-47adbfa57cca; _gcl_au=1.1.194618815.1701660703; cf_clearance=ixO4BoKSJJPQJJJVE3AqthtjzBvpPCCoidnppffZ_ZY-1701660697-0-1-730ca2d2.73a07051.5b213570-0.2.1701660697
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 04 Dec 2023 03:31:38 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 29 Nov 2023 02:24:53 GMT
vary: Accept-Encoding
etag: W/"6566a0f5-488"
strict-transport-security: max-age=5184000; includeSubDomains
x-frame-options: DENY
content-security-policy: frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8300fa479e01b51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

auth.savings.workingadvantage.com/main.515236637b6c49b5.js

172.64.148.145

200 OK

1.7 MB

URL GET HTTP/3
auth.savings.workingadvantage.com/main.515236637b6c49b5.js
IP
172.64.148.145:443
ASN
#13335 CLOUDFLARENET

Requested by
https://auth.savings.workingadvantage.com/cenlar/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fcenlar.savings.workingadvantage.com%2F
Certificate
IssuerCloudflare, Inc.
Subjectworkingadvantage.com
FingerprintE1:B3:50:87:CF:77:63:80:7F:9D:81:96:18:E2:FA:4F:AC:2D:A8:B6
ValidityThu, 06 Jul 2023 00:00:00 GMT - Thu, 04 Jul 2024 23:59:59 GMT

File type

Size
1.7 MB (1692785 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /main.515236637b6c49b5.js HTTP/1.1
Host: auth.savings.workingadvantage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/cenlar/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fcenlar.savings.workingadvantage.com%2F
Cookie: __cf_bm=vY0Hz_uP7DG24iup926p1QBfthVp.thOZHqVa8sTrFQ-1701660696-0-AbF2t/+BBHu051LrD2BNEWY/LugJD0hFhTmxmLrBy+d/o7q2R28VURMbWZx6uyVgSz3kiggichkBXuKWHX/fQHE=; AMCV_B5F9FF2554F608410A4C98C6%40AdobeOrg=1176715910%7CMCIDTS%7C19696%7CMCMID%7C04520742135485040159202582068336759797%7CMCAID%7CNONE%7CMCOPTOUT-1701667903s%7CNONE%7CvVersion%7C5.4.0; _ga_FD2X5ZMELR=GS1.1.1701660702.1.0.1701660703.0.0.0; _ga=GA1.1.1755890808.1701660703; s_ecid=MCMID%7C04520742135485040159202582068336759797; AMCVS_B5F9FF2554F608410A4C98C6%40AdobeOrg=1; btIdentify=2208a83b-5e7a-43c6-8283-f2fbfb54b672; _bti=%7B%22app_id%22%3A%22ebg-wag3%22%2C%22bsin%22%3A%22yYRVDtSGmFaaR8tcq5ePC05pKXEZFIPyLkO6sbG5uYRAEZemHmQZy30d0UQWL4aBxltHY7Dt3Ac%2FVyydhRGqgg%3D%3D%22%2C%22is_identified%22%3Afalse%7D; _bts=02a5041b-77a8-462a-b5b3-47adbfa57cca; _gcl_au=1.1.194618815.1701660703; cf_clearance=ixO4BoKSJJPQJJJVE3AqthtjzBvpPCCoidnppffZ_ZY-1701660697-0-1-730ca2d2.73a07051.5b213570-0.2.1701660697
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 04 Dec 2023 03:31:38 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 29 Nov 2023 02:24:53 GMT
vary: Accept-Encoding
etag: W/"6566a0f5-19d471"
strict-transport-security: max-age=5184000; includeSubDomains
x-frame-options: DENY
content-security-policy: frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8300fa47de13b51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

auth.savings.workingadvantage.com/styles.55427553bed43367.css

172.64.148.145

200 OK

40 kB

URL GET HTTP/3
auth.savings.workingadvantage.com/styles.55427553bed43367.css
IP
172.64.148.145:443
ASN
#13335 CLOUDFLARENET

Requested by
https://auth.savings.workingadvantage.com/cenlar/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fcenlar.savings.workingadvantage.com%2F
Certificate
IssuerCloudflare, Inc.
Subjectworkingadvantage.com
FingerprintE1:B3:50:87:CF:77:63:80:7F:9D:81:96:18:E2:FA:4F:AC:2D:A8:B6
ValidityThu, 06 Jul 2023 00:00:00 GMT - Thu, 04 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (39754)
Size
40 kB (39755 bytes)
Hash
0c6c5798b2536d4058555720691fad02
d84162926d57b64efb6e4c06a5b932041f75f570
0d090bed5512aa42771132ca52b0a7820daafbb07375d85a19efad37508f4471

HTTP Headers

GET /styles.55427553bed43367.css HTTP/1.1
Host: auth.savings.workingadvantage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/cenlar/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fcenlar.savings.workingadvantage.com%2F
Cookie: __cf_bm=vY0Hz_uP7DG24iup926p1QBfthVp.thOZHqVa8sTrFQ-1701660696-0-AbF2t/+BBHu051LrD2BNEWY/LugJD0hFhTmxmLrBy+d/o7q2R28VURMbWZx6uyVgSz3kiggichkBXuKWHX/fQHE=; AMCV_B5F9FF2554F608410A4C98C6%40AdobeOrg=1176715910%7CMCIDTS%7C19696%7CMCMID%7C04520742135485040159202582068336759797%7CMCAID%7CNONE%7CMCOPTOUT-1701667903s%7CNONE%7CvVersion%7C5.4.0; _ga_FD2X5ZMELR=GS1.1.1701660702.1.0.1701660703.0.0.0; _ga=GA1.1.1755890808.1701660703; s_ecid=MCMID%7C04520742135485040159202582068336759797; AMCVS_B5F9FF2554F608410A4C98C6%40AdobeOrg=1; btIdentify=2208a83b-5e7a-43c6-8283-f2fbfb54b672; _bti=%7B%22app_id%22%3A%22ebg-wag3%22%2C%22bsin%22%3A%22yYRVDtSGmFaaR8tcq5ePC05pKXEZFIPyLkO6sbG5uYRAEZemHmQZy30d0UQWL4aBxltHY7Dt3Ac%2FVyydhRGqgg%3D%3D%22%2C%22is_identified%22%3Afalse%7D; _bts=02a5041b-77a8-462a-b5b3-47adbfa57cca; _gcl_au=1.1.194618815.1701660703; cf_clearance=ixO4BoKSJJPQJJJVE3AqthtjzBvpPCCoidnppffZ_ZY-1701660697-0-1-730ca2d2.73a07051.5b213570-0.2.1701660697
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 04 Dec 2023 03:31:39 GMT
content-type: text/css
last-modified: Wed, 29 Nov 2023 02:24:53 GMT
vary: Accept-Encoding
etag: W/"6566a0f5-9b4b"
strict-transport-security: max-age=5184000; includeSubDomains
x-frame-options: DENY
content-security-policy: frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8300fa49deb5b51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

cenlar.savings.beneplace.com/api/info

172.64.150.236

200 OK

7.0 kB

URL GET HTTP/2
cenlar.savings.beneplace.com/api/info
IP
172.64.150.236:443
ASN
#13335 CLOUDFLARENET

Requested by
https://auth.savings.workingadvantage.com/cenlar/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fcenlar.savings.workingadvantage.com%2F
Certificate
IssuerCloudflare, Inc.
Subjectbeneplace.com
FingerprintFA:10:71:A9:9F:97:37:4F:1A:89:A2:E9:CC:0F:95:A6:CF:A4:A2:D1
ValidityFri, 01 Dec 2023 00:00:00 GMT - Sat, 30 Nov 2024 23:59:59 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (7547), with no line terminators
Size
7.0 kB (7014 bytes)
Hash
d11890a9c9679f012a7f47cebb26c6be
9985735642d571b76f1644f60b05834fd8b2cf51
d34eda40f2cc9d9ea70ed028b218bb74ac2555bb7b04d800aa249ea1108847d7

HTTP Headers

GET /api/info HTTP/1.1
Host: cenlar.savings.beneplace.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://auth.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 04 Dec 2023 03:31:39 GMT
content-type: application/json; charset=utf-8
x-powered-by: 
access-control-allow-origin: https://auth.savings.workingadvantage.com
vary: Origin
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
etag: W/"1b66-oeu2d6k28cYQrsG0lct+oHlCMl8"
expires: Mon, 04 Dec 2023 03:31:38 GMT
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=PkAv_vQM6W9utnAEzN21hAP7P96I_49SnEeD6uc71dQ-1701660699-0-AdVMSrG3SlcZtF8U5hABZ1grMU5NmvW1+3IjzlDl7sHt6IdBH8GDvmn3C/6d1ncuNxUjWNS7crBDf9mb8iRErF8=; path=/; expires=Mon, 04-Dec-23 04:01:39 GMT; domain=.beneplace.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8300fa4dd834b4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cenlar.savings.beneplace.com/api/info?authInfo=true

172.64.150.236

200 OK

8.5 kB

URL GET HTTP/2
cenlar.savings.beneplace.com/api/info?authInfo=true
IP
172.64.150.236:443
ASN
#13335 CLOUDFLARENET

Requested by
https://auth.savings.workingadvantage.com/cenlar/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fcenlar.savings.workingadvantage.com%2F
Certificate
IssuerCloudflare, Inc.
Subjectbeneplace.com
FingerprintFA:10:71:A9:9F:97:37:4F:1A:89:A2:E9:CC:0F:95:A6:CF:A4:A2:D1
ValidityFri, 01 Dec 2023 00:00:00 GMT - Sat, 30 Nov 2024 23:59:59 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (9085), with no line terminators
Size
8.5 kB (8458 bytes)
Hash
d896c5dcbf45fd319cc4db2d1825ad8d
0065d24d90f6c88a3fec46dc9a3ab3e6daf38ca7
f9dbc2a2eae20da557eb473c344663ea57690f05b978716013fc8e1469433526

HTTP Headers

GET /api/info?authInfo=true HTTP/1.1
Host: cenlar.savings.beneplace.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://auth.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 04 Dec 2023 03:31:39 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding, Origin
x-powered-by: 
access-control-allow-origin: https://auth.savings.workingadvantage.com
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
expires: Mon, 04 Dec 2023 03:31:38 GMT
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=dv0XF.gWEfCRpIFCrKlgEqMrMLABVUmSCgEImS9B_TE-1701660699-0-AeYvOyUGhXk6N/gZTWUEO+v5uW8QZSUsolDcqWE/MmH6ko8ZJenzZUp9JEq8DT7Ot7vAhbiYhqronm5yfnZy3Eo=; path=/; expires=Mon, 04-Dec-23 04:01:39 GMT; domain=.beneplace.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8300fa4dd832b4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

auth.savings.workingadvantage.com/socket.io/?subdomain=cenlar&EIO=3&transport=websocket

104.18.39.111

101 Switching Protocols

0 B

URL GET HTTP/1.1
auth.savings.workingadvantage.com/socket.io/?subdomain=cenlar&EIO=3&transport=websocket
IP
104.18.39.111:443
ASN
#13335 CLOUDFLARENET

Requested by
https://auth.savings.workingadvantage.com/cenlar/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fcenlar.savings.workingadvantage.com%2F
Certificate
IssuerCloudflare, Inc.
Subjectworkingadvantage.com
FingerprintE1:B3:50:87:CF:77:63:80:7F:9D:81:96:18:E2:FA:4F:AC:2D:A8:B6
ValidityThu, 06 Jul 2023 00:00:00 GMT - Thu, 04 Jul 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /socket.io/?subdomain=cenlar&EIO=3&transport=websocket HTTP/1.1
Host: auth.savings.workingadvantage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://auth.savings.workingadvantage.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: GMpeJwTm9oZ3yTldJqsgVg==
DNT: 1
Connection: keep-alive, Upgrade
Cookie: __cf_bm=vY0Hz_uP7DG24iup926p1QBfthVp.thOZHqVa8sTrFQ-1701660696-0-AbF2t/+BBHu051LrD2BNEWY/LugJD0hFhTmxmLrBy+d/o7q2R28VURMbWZx6uyVgSz3kiggichkBXuKWHX/fQHE=; AMCV_B5F9FF2554F608410A4C98C6%40AdobeOrg=1176715910%7CMCIDTS%7C19696%7CMCMID%7C04520742135485040159202582068336759797%7CMCAID%7CNONE%7CMCOPTOUT-1701667904s%7CNONE%7CvVersion%7C5.4.0; _ga_FD2X5ZMELR=GS1.1.1701660702.1.1.1701660704.0.0.0; _ga=GA1.1.1755890808.1701660703; s_ecid=MCMID%7C04520742135485040159202582068336759797; AMCVS_B5F9FF2554F608410A4C98C6%40AdobeOrg=1; btIdentify=2208a83b-5e7a-43c6-8283-f2fbfb54b672; _bti=%7B%22app_id%22%3A%22ebg-wag3%22%2C%22bsin%22%3A%22yYRVDtSGmFaaR8tcq5ePC05pKXEZFIPyLkO6sbG5uYRAEZemHmQZy30d0UQWL4aBxltHY7Dt3Ac%2FVyydhRGqgg%3D%3D%22%2C%22is_identified%22%3Afalse%7D; _bts=02a5041b-77a8-462a-b5b3-47adbfa57cca; _gcl_au=1.1.194618815.1701660703; cf_clearance=ixO4BoKSJJPQJJJVE3AqthtjzBvpPCCoidnppffZ_ZY-1701660697-0-1-730ca2d2.73a07051.5b213570-0.2.1701660697
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Date: Mon, 04 Dec 2023 03:31:40 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: ysuQGGSvtS7t5YTXM41og0z3q44=
Access-Control-Allow-Origin: https://auth.savings.workingadvantage.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
CF-Cache-Status: DYNAMIC
Strict-Transport-Security: max-age=5184000; includeSubDomains
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 8300fa50fe5b56b9-OSL
alt-svc: h3=":443"; ma=86400

auth.savings.workingadvantage.com/assets/wa-logo-wide.png

172.64.148.145

200 OK

29 kB

URL GET HTTP/3
auth.savings.workingadvantage.com/assets/wa-logo-wide.png
IP
172.64.148.145:443
ASN
#13335 CLOUDFLARENET

Requested by
https://auth.savings.workingadvantage.com/cenlar/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fcenlar.savings.workingadvantage.com%2F
Certificate
IssuerCloudflare, Inc.
Subjectworkingadvantage.com
FingerprintE1:B3:50:87:CF:77:63:80:7F:9D:81:96:18:E2:FA:4F:AC:2D:A8:B6
ValidityThu, 06 Jul 2023 00:00:00 GMT - Thu, 04 Jul 2024 23:59:59 GMT

File type
PNG image data, 500 x 200, 8-bit/color RGB, non-interlaced\012- data
Size
29 kB (29260 bytes)
Hash
9a514012bac6a68b6d0025ca3f28f4e4
447dd4828180a2480363d765b2c9ef41c1835da1
99e2d1102c644111abed2ee312d1e57ed5418135c0c9905f3f2a1cd44312d3d4

HTTP Headers

GET /assets/wa-logo-wide.png HTTP/1.1
Host: auth.savings.workingadvantage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/cenlar/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https:%2F%2Fcenlar.savings.workingadvantage.com%2F
Cookie: __cf_bm=vY0Hz_uP7DG24iup926p1QBfthVp.thOZHqVa8sTrFQ-1701660696-0-AbF2t/+BBHu051LrD2BNEWY/LugJD0hFhTmxmLrBy+d/o7q2R28VURMbWZx6uyVgSz3kiggichkBXuKWHX/fQHE=; AMCV_B5F9FF2554F608410A4C98C6%40AdobeOrg=1176715910%7CMCIDTS%7C19696%7CMCMID%7C04520742135485040159202582068336759797%7CMCAID%7CNONE%7CMCOPTOUT-1701667906s%7CNONE%7CvVersion%7C5.4.0; _ga_FD2X5ZMELR=GS1.1.1701660702.1.1.1701660704.0.0.0; _ga=GA1.1.1755890808.1701660703; s_ecid=MCMID%7C04520742135485040159202582068336759797; AMCVS_B5F9FF2554F608410A4C98C6%40AdobeOrg=1; btIdentify=2208a83b-5e7a-43c6-8283-f2fbfb54b672; _bti=%7B%22app_id%22%3A%22ebg-wag3%22%2C%22bsin%22%3A%22yYRVDtSGmFaaR8tcq5ePC05pKXEZFIPyLkO6sbG5uYRAEZemHmQZy30d0UQWL4aBxltHY7Dt3Ac%2FVyydhRGqgg%3D%3D%22%2C%22is_identified%22%3Afalse%7D; _bts=02a5041b-77a8-462a-b5b3-47adbfa57cca; _gcl_au=1.1.194618815.1701660703; cf_clearance=ixO4BoKSJJPQJJJVE3AqthtjzBvpPCCoidnppffZ_ZY-1701660697-0-1-730ca2d2.73a07051.5b213570-0.2.1701660697; mbox=session#b5b88b13ad024c1bb4c208d2e473cf63#1701662566; at_check=true; sat_domain=A; g3refurl=https%253A%252F%252Fauth.savings.workingadvantage.com%252Fcenlar%252Fsign-in%253Fresponse_type%253Dcode%2526client_id%253D9ezalirn45mf43imjtdf53%2526redirect_uri%253Dhttps%253A%25252f%25252fcenlar.savings.workingadvantage.com%25252f; prev_url_v2=https%253A%252F%252Fauth.savings.workingadvantage.com%252Fcenlar%252Fsign-in%253Fresponse_type%253Dcode%2526client_id%253D9ezalirn45mf43imjtdf53%2526redirect_uri%253Dhttps%253A%25252f%25252fcenlar.savings.workingadvantage.com%25252f; s_cc=true; split_test_groups={}
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 04 Dec 2023 03:31:41 GMT
content-type: image/png
content-length: 29260
last-modified: Wed, 29 Nov 2023 02:24:58 GMT
etag: "6566a0fa-724c"
accept-ranges: bytes
strict-transport-security: max-age=5184000; includeSubDomains
x-frame-options: DENY
content-security-policy: frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8300fa56dad5b51b-OSL
alt-svc: h3=":443"; ma=86400

cenlar.savings.beneplace.com/api/navigation/cenlar/auth_footer/US/auth

172.64.150.236

200 OK

959 B

URL GET HTTP/2
cenlar.savings.beneplace.com/api/navigation/cenlar/auth_footer/US/auth
IP
172.64.150.236:443
ASN
#13335 CLOUDFLARENET

Requested by
https://auth.savings.workingadvantage.com/cenlar/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fcenlar.savings.workingadvantage.com%2F
Certificate
IssuerCloudflare, Inc.
Subjectbeneplace.com
FingerprintFA:10:71:A9:9F:97:37:4F:1A:89:A2:E9:CC:0F:95:A6:CF:A4:A2:D1
ValidityFri, 01 Dec 2023 00:00:00 GMT - Sat, 30 Nov 2024 23:59:59 GMT

File type
troff or preprocessor input, Unicode text, UTF-8 text, with very long lines (1104), with no line terminators
Size
959 B (959 bytes)
Hash
c3d5ce7b6683af9add7f52618a9527c8
98a01bb68706d5471405a04bd895df57830fb21c
b6e6fbe23eb14cd5c64d79d2e09e4bc6bb145ecb372b1d861c22e9ca0c945915

HTTP Headers

GET /api/navigation/cenlar/auth_footer/US/auth HTTP/1.1
Host: cenlar.savings.beneplace.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://auth.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 04 Dec 2023 03:31:40 GMT
content-type: application/json; charset=utf-8
x-powered-by: 
access-control-allow-origin: https://auth.savings.workingadvantage.com
vary: Origin
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
etag: W/"3bf-fTrY/POxp8xLE7tJOcrV4J65oF4"
expires: Mon, 04 Dec 2023 03:31:39 GMT
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=_UoJik7UGOKlFMhlZIREFoD.ypOAwbRiZ.huwSvheVY-1701660700-0-AfnJ9G2/Zv+/8+hBVAxfS3xv5+gAt1CUM1hCChkNVPsqdJa+Qwoo6Sza9ETj47yqJbrRkjG2DFvcWJqyEdZXDRc=; path=/; expires=Mon, 04-Dec-23 04:01:40 GMT; domain=.beneplace.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8300fa4fc8deb4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cenlar.savings.beneplace.com/api/google-experiments/auth-v2

172.64.150.236

200 OK

4.1 kB

URL GET HTTP/2
cenlar.savings.beneplace.com/api/google-experiments/auth-v2
IP
172.64.150.236:443
ASN
#13335 CLOUDFLARENET

Requested by
https://auth.savings.workingadvantage.com/cenlar/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Fcenlar.savings.workingadvantage.com%2F
Certificate
IssuerCloudflare, Inc.
Subjectbeneplace.com
FingerprintFA:10:71:A9:9F:97:37:4F:1A:89:A2:E9:CC:0F:95:A6:CF:A4:A2:D1
ValidityFri, 01 Dec 2023 00:00:00 GMT - Sat, 30 Nov 2024 23:59:59 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (4740), with no line terminators
Size
4.1 kB (4056 bytes)
Hash
14ecdb96169cc32ecc2c6fee0bc2b731
6ed4bf3fda90c177895c158c73e71b881fd91901
ea9e4e9fb1c08973e40810b0c9a5493b723045d7b2dc71f9fcd5605843fa3fc9

HTTP Headers

GET /api/google-experiments/auth-v2 HTTP/1.1
Host: cenlar.savings.beneplace.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://auth.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 04 Dec 2023 03:31:39 GMT
content-type: application/json; charset=utf-8
x-powered-by: 
access-control-allow-origin: https://auth.savings.workingadvantage.com
vary: Origin
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
etag: W/"fd8-xTrkXE581f1SQMoUGwMfCAmZvJg"
expires: Mon, 04 Dec 2023 03:31:38 GMT
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=ZC2wrkQl4lYGGzgKKPN_FTEZ3cI2_531DmnTYFDtHf0-1701660699-0-AaAHQEgh8TiGQAzVIoML5lClOqdz7WlDyTVaQy+vMv9Q8ylYGzgu43Hq8NCeCnoyckQPOXuIbfyNJAQXedAwv7k=; path=/; expires=Mon, 04-Dec-23 04:01:39 GMT; domain=.beneplace.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8300fa4dc82db4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (42)

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP