| cokene.savings.workingadvantage.com/home?off_guid=0B0tS3WhoJMcPiJq6xroki&source-id=email&utm_source=email&utm_campaign=email-mme&utm_medium=November-18-2022-MME&utm_content=Disneyland%20Resort&DLK=f32xyv69a1mc1mtbmu3ydomvl |  104.18.1.62 | 301 Moved Permanently | 0 B |
URL HTTP/1.1cokene.savings.workingadvantage.com/home?off_guid=0B0tS3WhoJMcPiJq6xroki&source-id=email&utm_source=email&utm_campaign=email-mme&utm_medium=November-18-2022-MME&utm_content=Disneyland%20Resort&DLK=f32xyv69a1mc1mtbmu3ydomvl IP104.18.1.62:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /home?off_guid=0B0tS3WhoJMcPiJq6xroki&source-id=email&utm_source=email&utm_campaign=email-mme&utm_medium=November-18-2022-MME&utm_content=Disneyland%20Resort&DLK=f32xyv69a1mc1mtbmu3ydomvl HTTP/1.1
Host: cokene.savings.workingadvantage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Sun, 05 Feb 2023 01:12:47 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sun, 05 Feb 2023 02:12:47 GMT
Location: https://cokene.savings.workingadvantage.com/home?off_guid=0B0tS3WhoJMcPiJq6xroki&source-id=email&utm_source=email&utm_campaign=email-mme&utm_medium=November-18-2022-MME&utm_content=Disneyland%20Resort&DLK=f32xyv69a1mc1mtbmu3ydomvl
Set-Cookie: __cf_bm=goMn3DZN33bUm_hdOYQKTnKrmpKntD5x2jDrl_vmZ9c-1675559567-0-AQrBnDkE3epdSlX3d7CBAFwp+VN8sVnxVdcS/b5d73MpU1TSGq0/Ax5Fe7iSp1+Nhkrh/V9X7y0NErDthHvNmrE=; path=/; expires=Sun, 05-Feb-23 01:42:47 GMT; domain=.workingadvantage.com; HttpOnly; SameSite=None
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 7947c7a12fe1b4e8-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
|
|
| r3.o.lencr.org/ |  23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash1cdc095521e9ee2606059be447d1fdd5 02b5d0a5b5823e2338daf7e144700babe2a213af 8bda3aabcf331c2bfcc4c7023cd797c760fd301dc353641bb95048e072f66c66
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8BDA3AABCF331C2BFCC4C7023CD797C760FD301DC353641BB95048E072F66C66"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6440
Expires: Sun, 05 Feb 2023 03:00:07 GMT
Date: Sun, 05 Feb 2023 01:12:47 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hashc21ba65e44ac95470c314e068e49a9eb 17a13b13738993d889d4afa3d848dc63bf6eba64 9bd0795b30e84ce63b6e2a365ca91bbffc395dd955e112152066c31e63a4ab66
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9BD0795B30E84CE63B6E2A365CA91BBFFC395DD955E112152066C31E63A4AB66"
Last-Modified: Sat, 04 Feb 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10762
Expires: Sun, 05 Feb 2023 04:12:09 GMT
Date: Sun, 05 Feb 2023 01:12:47 GMT
Connection: keep-alive
|
|
| firefox.settings.services.mozilla.com/v1/ |  35.241.9.150 | 200 OK | 939 B |
URL HTTP/2firefox.settings.services.mozilla.com/v1/ IP35.241.9.150:0
File typeJSON data\012- , ASCII text, with very long lines (939), with no line terminators Hashff250d3ef3fa45322bf05039a0122a9f b3e7a2c383bce1bab807dbe1a03c375258b51f1d d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Backoff, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 05 Feb 2023 00:43:39 GMT
content-type: application/json
age: 1748
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hashfb7b6b46e708ad73eaaa3c21e74569ae 950663c025acad81556af5aa3022ecc9d55097fe 763f58b9fb838378c92033b59907b036f4c33081f5103d9bcc2ca2a8de500d64
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "763F58B9FB838378C92033B59907B036F4C33081F5103D9BCC2CA2A8DE500D64"
Last-Modified: Sat, 04 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18369
Expires: Sun, 05 Feb 2023 06:18:56 GMT
Date: Sun, 05 Feb 2023 01:12:47 GMT
Connection: keep-alive
|
|
| content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain | 34.160.144.191 | 200 OK | 5.3 kB |
URL HTTP/2content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain IP34.160.144.191:0
File typePEM certificate\012- , ASCII text Hash7b922915ebf1fa3639b333f994c74f24 144a3f80b98fd0652d4614f24cf6cbbee40f8938 adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: +k5nsWFBoyqd6Ms59AweGMTneiVD2HQLWWW+m5AeuJxxGc/OTYu/0gZAWBG6VUBTXz/88MEZGD0=
x-amz-request-id: 08RD74767PR75EE1
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 05 Feb 2023 00:24:14 GMT
age: 2913
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| contile.services.mozilla.com/v1/tiles | 34.117.237.239 | 200 OK | 12 B |
URL HTTP/2contile.services.mozilla.com/v1/tiles IP34.117.237.239:0
File typeJSON data\012- , ASCII text, with no line terminators Hash23e88fb7b99543fb33315b29b1fad9d6 a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 05 Feb 2023 01:12:47 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| ocsp.digicert.com/ |  93.184.220.29 | 200 OK | 279 B |
IP93.184.220.29:0
Hash1bdd553d6d873a92685821a065af8b02 38efe120500741d780b9cbbadde6e7a7f9deeaeb eded7d03795e05fafb4202de48ac7ae034db12e1a81a29d5c1a335b719ca9c73
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=122023
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 01:12:47 GMT
Etag: "63de3c36-117"
Expires: Mon, 06 Feb 2023 11:06:30 GMT
Last-Modified: Sat, 04 Feb 2023 11:06:30 GMT
Server: nginx
Content-Length: 279
|
|
| ocsp.digicert.com/ | 93.184.220.29 | 200 OK | 279 B |
IP93.184.220.29:0
Hash1bdd553d6d873a92685821a065af8b02 38efe120500741d780b9cbbadde6e7a7f9deeaeb eded7d03795e05fafb4202de48ac7ae034db12e1a81a29d5c1a335b719ca9c73
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1
Cache-Control: max-age=122023
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 01:12:48 GMT
Etag: "63de3c36-117"
Expires: Mon, 06 Feb 2023 11:06:31 GMT
Last-Modified: Sat, 04 Feb 2023 11:06:30 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 279
|
|
| assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/launch-a0e5cece2585.min.js | 23.38.200.237 | 200 OK | 154 kB |
URL HTTP/2assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/launch-a0e5cece2585.min.js IP23.38.200.237:0
File typeASCII text, with very long lines (32747) Size154 kB (154541 bytes) Hash229c3760d2403d46bb8d043db5208a6e 3e2faadb9b7ffa48d64ab1341d101451ad6a5986 8910759abbef560353c11a3863bf723b69d62b849d8cc17a6e3c203a04ff7c8e
GET /a281455e4dfe/86f9b29df5eb/launch-a0e5cece2585.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cokene.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "669a38b35fb2e03aa2d7ed644f222812:1662405833.508666"
last-modified: Mon, 05 Sep 2022 19:23:53 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=3600
expires: Sun, 05 Feb 2023 02:12:48 GMT
date: Sun, 05 Feb 2023 01:12:48 GMT
content-length: 154541
access-control-allow-origin: https://cokene.savings.workingadvantage.com
timing-allow-origin: *
X-Firefox-Spdy: h2
|
|
| cdnjs.cloudflare.com/ajax/libs/web-animations/2.3.1/web-animations.min.js | 104.17.24.14 | 200 OK | 14 kB |
URL HTTP/2cdnjs.cloudflare.com/ajax/libs/web-animations/2.3.1/web-animations.min.js IP104.17.24.14:0
File typeASCII text, with very long lines (47169) Hashe48dd74bbc2aac07e5cbe2467f4ae5b9 a50759e1393750d72f41b2cedec6cd0556414f23 8736dfb9d72a2c9102efd77fb87c22efaf125337fef382522a9247c03e883b3f
GET /ajax/libs/web-animations/2.3.1/web-animations.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cokene.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 01:12:48 GMT
content-type: application/javascript; charset=utf-8
content-length: 13763
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb0402f-bad6"
last-modified: Mon, 04 May 2020 16:17:51 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 7788043
expires: Fri, 26 Jan 2024 01:12:48 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BQpw21Q218MpOsB7IFW25882StugolU6%2FJO5WEtBLz5cW2tNVeQe8NDC%2F3D69eof3VCXWMREE5pacOHp1dZFCoAcceWTj3ebUxP%2Bh%2BOmcJvJTNyxIEw3udKyvUpkCEcHt%2FEgWKl%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7947c7a62d2db515-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/css/bootstrap.min.css | 151.101.65.229 | 200 OK | 24 kB |
URL HTTP/2cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/css/bootstrap.min.css IP151.101.65.229:0
File typeASCII text, with very long lines (65326) Hash77348602be5574ea01c6e042f63a9b12 1a0d5e8fdf352f8e58351f85152be5d141547e11 57e4cabfd2685370ba747eb1216a753a389200451202efd886758debf0d33a2a
GET /npm/bootstrap@4.5.3/dist/css/bootstrap.min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cokene.savings.workingadvantage.com
Connection: keep-alive
Referer: https://cokene.savings.workingadvantage.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 4.5.3
x-jsd-version-type: version
etag: W/"27288-jtLWNQ0j+FfZKAVzfQ+XxnXeZms"
content-encoding: gzip
accept-ranges: bytes
date: Sun, 05 Feb 2023 01:12:48 GMT
age: 27624521
x-served-by: cache-fra19178-FRA, cache-bma1678-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 23906
X-Firefox-Spdy: h2
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.131 | 200 OK | 471 B |
IP142.250.74.131:0
Hash98be7fe21d059e46146a43d20c4eea92 1ec58129fea75085588be7b8baec05b0874b5274 7bb2eb5ffcd88a3b6ba7b210bdbcd4469134c9708f06befb6c616beebf8dae46
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 01:12:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.131 | 200 OK | 471 B |
IP142.250.74.131:0
Hash98be7fe21d059e46146a43d20c4eea92 1ec58129fea75085588be7b8baec05b0874b5274 7bb2eb5ffcd88a3b6ba7b210bdbcd4469134c9708f06befb6c616beebf8dae46
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 01:12:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US | 35.241.9.150 | 200 OK | 329 B |
URL HTTP/2firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US IP35.241.9.150:0
File typeJSON data\012- , ASCII text, with very long lines (329), with no line terminators Hash0333b0655111aa68de771adfcc4db243 63f295a144ac87a7c8e23417626724eeca68a7eb 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Pragma, Backoff, Retry-After, Content-Length, Last-Modified, Expires, Cache-Control, ETag, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 05 Feb 2023 01:07:20 GMT
age: 328
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q4 | 151.101.66.133 | 200 OK | 1.5 kB |
URL HTTP/1.1ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q4 IP151.101.66.133:0
Hash0b370dc55dee155a5b82e83505dcde18 59fbf95cecc44ca237a79a3f3045883cc3a9cf8e 20c4f32b2d6694bdb382f0ef54e987c89bf7e8adad42bbcac948404a352a179c
POST /ca/gsatlasr3dvtlsca2022q4 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 1462
Content-Type: application/ocsp-response
Etag: "7B1EC9F3931F506138ADD4894DF4E12797565AF1"
Expires: Sun, 05 Feb 2023 13:00:00 UTC
Last-Modified: Sun, 05 Feb 2023 01:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
Accept-Ranges: bytes
Date: Sun, 05 Feb 2023 01:12:48 GMT
Via: 1.1 varnish
Age: 78
X-Served-By: cache-bma1622-BMA
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1675559568.472985,VS0,VE1
|
|
| maps.googleapis.com/maps/api/js?client=gme-entertainmentbenefits&libraries=places | 142.250.74.170 | 200 OK | 56 kB |
URL HTTP/2maps.googleapis.com/maps/api/js?client=gme-entertainmentbenefits&libraries=places IP142.250.74.170:0
File typeASCII text, with very long lines (2489) Hash5f0a823b45fe2b35b49079858aa8c107 91d9463dff46881bb83e3211bcd761c9a271f1d0 edf85f311b49924ff6960ae75cb2bb601f1879aa2ac6879e6b9521f8fac14a75
GET /maps/api/js?client=gme-entertainmentbenefits&libraries=places HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cokene.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
date: Sun, 05 Feb 2023 01:12:48 GMT
expires: Sun, 05 Feb 2023 01:42:48 GMT
cache-control: public, max-age=1800
vary: Accept-Language
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-encoding: gzip
server: mafe
content-length: 55561
x-xss-protection: 0
x-frame-options: SAMEORIGIN
server-timing: gfet4t7; dur=27
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement.min.js | 23.38.200.237 | 200 OK | 12 kB |
URL HTTP/2assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement.min.js IP23.38.200.237:0
File typeASCII text, with very long lines (32768) Hashe616df092766c7ab7904619f971a35cc a960429c42802a43e3ce728fc4d1e8bdab10e606 082ae7647bfdb639846791e5c0ca39b96544dff3aed0c365973c9589cd5b091e
GET /extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cokene.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "d860c16ac938f7d839f0ec158d02d0f0:1644856531.418573"
last-modified: Mon, 14 Feb 2022 16:35:31 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 12163
expires: Sun, 05 Feb 2023 02:12:48 GMT
date: Sun, 05 Feb 2023 01:12:48 GMT
cache-control: no-cache
access-control-allow-origin: https://cokene.savings.workingadvantage.com
timing-allow-origin: *
X-Firefox-Spdy: h2
|
|
| assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement_Module_ActivityMap.min.js | 23.38.200.237 | 200 OK | 1.6 kB |
URL HTTP/2assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement_Module_ActivityMap.min.js IP23.38.200.237:0
File typeASCII text, with very long lines (3155) Hashe672de61b277fc72de4299829bfbb31c 157a7409922d58a02dad3ba879d04eb2a3ef8f3d e1a1c2a6f2ed4ffb63ebfda157eaf12c6ee3973be4da649eb63e0402c0d29215
GET /extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement_Module_ActivityMap.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cokene.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "2d1382c349d480b6b41574ac0c1af066:1644856531.739514"
last-modified: Mon, 14 Feb 2022 16:35:31 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 1597
expires: Sun, 05 Feb 2023 02:12:48 GMT
date: Sun, 05 Feb 2023 01:12:48 GMT
cache-control: no-cache
access-control-allow-origin: https://cokene.savings.workingadvantage.com
timing-allow-origin: *
X-Firefox-Spdy: h2
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.131 | 200 OK | 55 kB |
IP142.250.74.131:0
Hash32dcfa72ae435462e3a4cc1701ff93d0 fe0899ffbcc95ccd4a0a695a711c6fc708440539 ab66569a72d6187c179aade569a9e56dfcd08e0ae0830cee9929c889909e13d6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 01:12:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.131 | 200 OK | 471 B |
IP142.250.74.131:0
Hash98be7fe21d059e46146a43d20c4eea92 1ec58129fea75085588be7b8baec05b0874b5274 7bb2eb5ffcd88a3b6ba7b210bdbcd4469134c9708f06befb6c616beebf8dae46
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 01:12:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hashdedf9c519ac38c4bece9c5bc895787d7 4911175c3f8a435978c5301c33c7a99a5e00a1d5 bddd7e3a4939f863642a7c5348c1c8b9bc569b35c10a27f4cf5ec71f7e6b9698
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BDDD7E3A4939F863642A7C5348C1C8B9BC569B35C10A27F4CF5EC71F7E6B9698"
Last-Modified: Fri, 03 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7794
Expires: Sun, 05 Feb 2023 03:22:42 GMT
Date: Sun, 05 Feb 2023 01:12:48 GMT
Connection: keep-alive
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.131 | 200 OK | 471 B |
IP142.250.74.131:0
Hash5452c58c07ce8d3cade93b323b271c35 581b1e438daeb32a12feaf50f2aab17dcf3e3171 b99ea2af71e697f45db51732f7d3e8d3e50258c9c96e50a772b8c4638577140a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 01:12:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2 | 216.58.207.227 | 200 OK | 24 kB |
URL HTTP/2fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2 IP216.58.207.227:0
File typeWeb Open Font Format (Version 2), TrueType, length 23580, version 1.0\012- data Hashe1b3b5908c9cf23dfb2b9c52b9a023ab fcd4136085f2a03481d9958cc6793a5ed98e714c 918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
GET /s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://cokene.savings.workingadvantage.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23580
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 31 Jan 2023 04:29:08 GMT
expires: Wed, 31 Jan 2024 04:29:08 GMT
cache-control: public, max-age=31536000
age: 420220
last-modified: Tue, 26 Apr 2022 15:48:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/12569482cfef/RCea9d317d3a374e44b3f0f8711e38765e-source.min.js | 23.38.200.237 | 200 OK | 751 B |
URL HTTP/2assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/12569482cfef/RCea9d317d3a374e44b3f0f8711e38765e-source.min.js IP23.38.200.237:0
File typeASCII text, with very long lines (1539) Hashf3924189ce9c780212ed903b90814648 53f66067ec6a1ae7989b35ab17fa3aaa3d82951b 5e7c331af787c218f17d671b82921af8a728eba1d659885d5adabdbfb25492b7
GET /a281455e4dfe/86f9b29df5eb/12569482cfef/RCea9d317d3a374e44b3f0f8711e38765e-source.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cokene.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "bf12e6028d837026ed54b934e047290d:1662405834.342951"
last-modified: Mon, 05 Sep 2022 19:23:54 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=3600
expires: Sun, 05 Feb 2023 02:12:48 GMT
date: Sun, 05 Feb 2023 01:12:48 GMT
content-length: 751
access-control-allow-origin: https://cokene.savings.workingadvantage.com
timing-allow-origin: *
X-Firefox-Spdy: h2
|
|
| ocsp.digicert.com/ | 93.184.220.29 | 200 OK | 471 B |
IP93.184.220.29:0
Hash3a8f191b6804fc7779af2631165a23cb d64c7ccd78c831820e1fbe0f96f012bd8a1ea7f8 3d1128de7ff22ad54dc569850cff7895140ead9c34009a0be3a7872694f03869
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1782
Cache-Control: max-age=105829
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 01:12:48 GMT
Etag: "63ddf5ff-1d7"
Expires: Mon, 06 Feb 2023 06:36:37 GMT
Last-Modified: Sat, 04 Feb 2023 06:06:55 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 471
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.131 | 200 OK | 471 B |
IP142.250.74.131:0
Hash5452c58c07ce8d3cade93b323b271c35 581b1e438daeb32a12feaf50f2aab17dcf3e3171 b99ea2af71e697f45db51732f7d3e8d3e50258c9c96e50a772b8c4638577140a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 01:12:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| dpm.demdex.net/id?d_visid_ver=5.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=B5F9FF2554F608410A4C98C6%40AdobeOrg&d_nsid=0&d_coppa=true&ts=1675559606487 |  34.255.210.6 | 200 OK | 185 B |
URL HTTP/1.1dpm.demdex.net/id?d_visid_ver=5.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=B5F9FF2554F608410A4C98C6%40AdobeOrg&d_nsid=0&d_coppa=true&ts=1675559606487 IP34.255.210.6:0
File typeJSON data\012- , ASCII text, with no line terminators Hash47e70aaab1940312f922179799800e70 a7908597b46426faefa4296063726a7047bb7b2a 3de10b343d35652b1e84c6a0de28977784e843b584e2076cf888ef2e3559fc2a
GET /id?d_visid_ver=5.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=B5F9FF2554F608410A4C98C6%40AdobeOrg&d_nsid=0&d_coppa=true&ts=1675559606487 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://cokene.savings.workingadvantage.com
Connection: keep-alive
Referer: https://cokene.savings.workingadvantage.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://cokene.savings.workingadvantage.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-1-v045-0ba4161da.edge-irl1.demdex.com 1 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: trIGXQvXRqA=
Content-Length: 185
Connection: keep-alive
|
|
| push.services.mozilla.com/ | 35.162.52.254 | 101 Switching Protocols | 0 B |
URL HTTP/1.1push.services.mozilla.com/ IP35.162.52.254:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: v87Xc7ayzJA3oKbXTl+X8Q==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Fb2NWoSfYBWBPIygQgT2T21maBE=
|
|
| ocsp.digicert.com/ | 93.184.220.29 | 200 OK | 471 B |
IP93.184.220.29:0
Hashbc6af7d1b45a0ed2c1482e45785f4832 234c2c453367f22ba6195474440fe0810fa4ee9d 31066583c27153bfef1014e154482bbec63acd6054e1e7c314e88c1aee79c804
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=107649
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 01:12:49 GMT
Etag: "63de0412-1d7"
Expires: Mon, 06 Feb 2023 07:06:58 GMT
Last-Modified: Sat, 04 Feb 2023 07:06:58 GMT
Server: nginx
Content-Length: 471
|
|
| live.rezync.com/sync?c=16b6410431b6374e780104abb0443ca8&p=5ef4f9c1e806678f2ab0275df01d5ff4&zmpID=ebg-wag3&cache_buster=1675559606694&k=ebg-wag3-pixel-0988 | 143.204.55.106 | 200 OK | 5.3 kB |
URL HTTP/2live.rezync.com/sync?c=16b6410431b6374e780104abb0443ca8&p=5ef4f9c1e806678f2ab0275df01d5ff4&zmpID=ebg-wag3&cache_buster=1675559606694&k=ebg-wag3-pixel-0988 IP143.204.55.106:0
File typeHTML document, ASCII text, with very long lines (2142) Hashf9fb8e694c9a35b273fd934dc9d01758 c5318056def6a47494c99bd5bea40d84a860a671 9d01158d89c1c3a0a38ed6a9f7c10f140edad8a7ea7275234966e6178aa6954d
GET /sync?c=16b6410431b6374e780104abb0443ca8&p=5ef4f9c1e806678f2ab0275df01d5ff4&zmpID=ebg-wag3&cache_buster=1675559606694&k=ebg-wag3-pixel-0988 HTTP/1.1
Host: live.rezync.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cokene.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
content-length: 5291
date: Sun, 05 Feb 2023 01:12:49 GMT
set-cookie: zync-uuid=84b0ccd3-81d0-46b4-a9fb-b1a0695db497:1675559569.036782; Domain=rezync.com; Expires=Thu, 03 Aug 2023 17:12:49 GMT; Path=/; SameSite=None; Secure
sd-session-id=eyJfcGVybWFuZW50Ijp0cnVlLCJzZXNzaW9uX2lkIjoiODRiMGNjZDMtODFkMC00NmI0LWE5ZmItYjFhMDY5NWRiNDk3OjE2NzU1NTk1NjkuMDM2NzgyIn0.Y98CkQ.36ITnsbBw1SnD6BDTS7rIQQhlL4; Expires=Fri, 04 Aug 2023 01:12:49 GMT; HttpOnly; Path=/; SameSite=None; Secure
vary: Cookie
server: lighttpd/1.4.59
x-cache: Miss from cloudfront
via: 1.1 aa34a836095df9de9d246a53dd63f1d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: DdusdHZ5RkZ2myII773QoCUaYTvQcJRUPQ1ILDm99SMb5asi-7G5Cw==
X-Firefox-Spdy: h2
|
|
| smetrics.workingadvantage.com/id?d_visid_ver=5.4.0&d_fieldgroup=A&mcorgid=B5F9FF2554F608410A4C98C6%40AdobeOrg&mid=39492142839455239941442667009925997708&cl=157680000&d_coppa=true&ts=1675559606781 |  13.37.25.97 | 200 OK | 48 B |
URL HTTP/2smetrics.workingadvantage.com/id?d_visid_ver=5.4.0&d_fieldgroup=A&mcorgid=B5F9FF2554F608410A4C98C6%40AdobeOrg&mid=39492142839455239941442667009925997708&cl=157680000&d_coppa=true&ts=1675559606781 IP13.37.25.97:0
File typeJSON data\012- , ASCII text, with no line terminators Hashcf8471ab4b5275907484b890a52537cb 82f494292d18aee4450908b4b49b793d14da7e22 d96e5a867e542721066945f09a83038e4eab19e5007489433f0c01f41f8b9f0d
GET /id?d_visid_ver=5.4.0&d_fieldgroup=A&mcorgid=B5F9FF2554F608410A4C98C6%40AdobeOrg&mid=39492142839455239941442667009925997708&cl=157680000&d_coppa=true&ts=1675559606781 HTTP/1.1
Host: smetrics.workingadvantage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://cokene.savings.workingadvantage.com
Connection: keep-alive
Referer: https://cokene.savings.workingadvantage.com/
Cookie: __cf_bm=dHF8hkyt1OkQUSTuKcn7uPxCqeAi7RvdwoZBMVxa194-1675559568-0-AZMbVxnr44nU38Adsvh4R9gMMnlfItpa6sdmmjxk0o+4i2+KRaWNqsJshhGe9T/7N9jG3kqFglwv0J5LSp1c1yY=; AMCV_B5F9FF2554F608410A4C98C6%40AdobeOrg=1176715910%7CMCIDTS%7C19394%7CMCMID%7C39492142839455239941442667009925997708%7CMCAAMLH-1676164406%7C6%7CMCAAMB-1676164406%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1675566806s%7CNONE%7CvVersion%7C5.4.0; AMCVS_B5F9FF2554F608410A4C98C6%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
access-control-allow-origin: https://cokene.savings.workingadvantage.com
access-control-allow-credentials: true
date: Sun, 05 Feb 2023 01:12:49 GMT
p3p: CP="This is not a P3P policy"
server: jag
set-cookie: s_ecid=MCMID%7C39492142839455239941442667009925997708; Path=/; Domain=workingadvantage.com; Max-Age=157680000; Expires=Fri, 04 Feb 2028 01:12:12 GMT; SameSite=Lax;
vary: Origin
content-type: application/x-javascript;charset=utf-8
content-length: 48
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| cdn.boomtrain.com/p13n/ebg-wag3/p13n.min.js | 143.204.55.34 | 200 OK | 30 kB |
URL HTTP/1.1cdn.boomtrain.com/p13n/ebg-wag3/p13n.min.js IP143.204.55.34:0
File typeASCII text, with very long lines (65536), with no line terminators Hashe0815bf86dd46ae570de3b530680e6fa eb9ebd41cf019bef6467f45579852750219396f2 d7a2ebb6a59fd8e06c14f2a8731cd0886e6a0222d307363c6ae82cd89cfc914c
GET /p13n/ebg-wag3/p13n.min.js HTTP/1.1
Host: cdn.boomtrain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cokene.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sat, 04 Feb 2023 03:34:08 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: fX1.eYlQu0hw_1s8YSKn0A7cNqCziPtG
Server: AmazonS3
Content-Encoding: gzip
Date: Sun, 05 Feb 2023 01:12:49 GMT
Cache-Control: public, max-age=3600
ETag: W/"b2af7e248ba5f3c196170df8bff9dc0e"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 057fdebf738f5915bf38a78949190758.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: -YQFzcGzMmdS3Nm7p7HTXYyYNXGeL8tIJQOLigMu63C0MhQoemva0Q==
Age: 85
|
|
| assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/12569482cfef/RC6b40217ba8b34b5c95f7ac097beadf09-source.min.js | 23.38.200.237 | 200 OK | 286 B |
URL HTTP/2assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/12569482cfef/RC6b40217ba8b34b5c95f7ac097beadf09-source.min.js IP23.38.200.237:0
File typeASCII text, with very long lines (304) Hash8dcbf91119780fcf5b935de089b0f183 1d8a2c7e8df4534c242070c47ae158eee646f60a 27e7ae595ef5cbf2d7be64a639093a2fb32019c5717cc1b8fd3371c1d6d9c82a
GET /a281455e4dfe/86f9b29df5eb/12569482cfef/RC6b40217ba8b34b5c95f7ac097beadf09-source.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cokene.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "bf12e6028d837026ed54b934e047290d:1662405834.342951"
last-modified: Mon, 05 Sep 2022 19:23:54 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=3600
expires: Sun, 05 Feb 2023 02:12:49 GMT
date: Sun, 05 Feb 2023 01:12:49 GMT
content-length: 286
access-control-allow-origin: https://cokene.savings.workingadvantage.com
timing-allow-origin: *
X-Firefox-Spdy: h2
|
|
| assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/12569482cfef/RC668a267ca36c45b5acca38f3e4360a76-source.min.js | 23.38.200.237 | 200 OK | 215 B |
URL HTTP/2assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/12569482cfef/RC668a267ca36c45b5acca38f3e4360a76-source.min.js IP23.38.200.237:0
Hash0eccc1310bb29910a116b1969331682d e5c338d7b2dfea87dfd72ea61e3a40e648a13a32 d1a2aa2836ef8f8ed555ec669eeb0ddad1ee3dd2e417d9016e890aff99e9e357
GET /a281455e4dfe/86f9b29df5eb/12569482cfef/RC668a267ca36c45b5acca38f3e4360a76-source.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cokene.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "bf12e6028d837026ed54b934e047290d:1662405834.342951"
last-modified: Mon, 05 Sep 2022 19:23:54 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=3600
expires: Sun, 05 Feb 2023 02:12:49 GMT
date: Sun, 05 Feb 2023 01:12:49 GMT
content-length: 215
access-control-allow-origin: https://cokene.savings.workingadvantage.com
timing-allow-origin: *
X-Firefox-Spdy: h2
|
|
| ocsp.sca1b.amazontrust.com/ | 143.204.42.88 | 200 OK | 471 B |
URL HTTP/1.1ocsp.sca1b.amazontrust.com/ IP143.204.42.88:0
Hashe6de17e842b3eafe55d5d8d29d6027c9 de47ae29c4793227d64f4d4690ef81541809fd7d 4c1d64acec72216750e95193b205a9445d378eddaf053843457a507254074a64
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=166744
Date: Sun, 05 Feb 2023 01:12:49 GMT
Etag: "63dedb33-1d7"
Expires: Mon, 06 Feb 2023 23:31:53 GMT
Last-Modified: Sat, 04 Feb 2023 22:24:51 GMT
Server: ECS (nyb/1D35)
X-Cache: Miss from cloudfront
Via: 1.1 80d21802b1b80c40e55ccf83433b8eac.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: zqhPnIddCpWuq_8alHlT-SZXQJbp2Hl4CDF2abhuSRPLQnXQ3mLXUA==
Age: 4022
|
|
| people.api.boomtrain.com/identify/resolve?data=eyJjb29raWUiOnsiYnNpbiI6IiJ9LCJxdWVyeXN0cmluZyI6e30sImV4dGVybmFsX2lkcyI6eyJ6eW5jIjoiODRiMGNjZDMtODFkMC00NmI0LWE5ZmItYjFhMDY5NWRiNDk3OjE2NzU1NTk1NjkuMDM2NzgyIn19&site_id=ebg-wag3 | 107.23.51.200 | 200 OK | 142 B |
URL HTTP/1.1people.api.boomtrain.com/identify/resolve?data=eyJjb29raWUiOnsiYnNpbiI6IiJ9LCJxdWVyeXN0cmluZyI6e30sImV4dGVybmFsX2lkcyI6eyJ6eW5jIjoiODRiMGNjZDMtODFkMC00NmI0LWE5ZmItYjFhMDY5NWRiNDk3OjE2NzU1NTk1NjkuMDM2NzgyIn19&site_id=ebg-wag3 IP107.23.51.200:0
File typeJSON data\012- , ASCII text Hashbbe27e5c98c9ce2916f9a5e20d0a45f8 3dcc3812bc03995ec1cd194b1622eecbb0975239 b84f8f4383fc57ebc92c60f9d973b32aa26ac374d5bea88a4a34a825a5f08c35
GET /identify/resolve?data=eyJjb29raWUiOnsiYnNpbiI6IiJ9LCJxdWVyeXN0cmluZyI6e30sImV4dGVybmFsX2lkcyI6eyJ6eW5jIjoiODRiMGNjZDMtODFkMC00NmI0LWE5ZmItYjFhMDY5NWRiNDk3OjE2NzU1NTk1NjkuMDM2NzgyIn19&site_id=ebg-wag3 HTTP/1.1
Host: people.api.boomtrain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cokene.savings.workingadvantage.com
Connection: keep-alive
Referer: https://cokene.savings.workingadvantage.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Headers: X-Requested-With,Content-Type,Authorization,x-app-id
Access-Control-Allow-Methods: GET,PUT,POST,DELETE
Access-Control-Allow-Origin: *
Content-Type: application/json
Date: Sun, 05 Feb 2023 01:12:49 GMT
Server: nginx
Content-Length: 142
Connection: keep-alive
|
|
| maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true | 142.250.74.170 | 200 OK | 23 B |
URL HTTP/2maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true IP142.250.74.170:0
File typeJSON data\012- , ASCII text Hashe3981ca10169a319d5aa062bf43a5fa1 2c6ed584767b65688ce99b1ebe1a3b7448a67421 8b0b8749aba12de93f3cf5d86f9fac9d6de7cac400a17473718f182a34ebb7e9
GET /maps/api/mapsjs/gen_204?csp_test=true HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cokene.savings.workingadvantage.com
Connection: keep-alive
Referer: https://cokene.savings.workingadvantage.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/json; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Sun, 05 Feb 2023 01:12:49 GMT
server: scaffolding on HTTPServer2
cache-control: private
content-length: 23
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://cokene.savings.workingadvantage.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hashc14d3cf8ade0150a711f094be32ac474 11e7fb5487d364c5392e1594e09f5b49831043ea 2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5065
Expires: Sun, 05 Feb 2023 02:37:15 GMT
Date: Sun, 05 Feb 2023 01:12:50 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hashc14d3cf8ade0150a711f094be32ac474 11e7fb5487d364c5392e1594e09f5b49831043ea 2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5065
Expires: Sun, 05 Feb 2023 02:37:15 GMT
Date: Sun, 05 Feb 2023 01:12:50 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hashc14d3cf8ade0150a711f094be32ac474 11e7fb5487d364c5392e1594e09f5b49831043ea 2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5065
Expires: Sun, 05 Feb 2023 02:37:15 GMT
Date: Sun, 05 Feb 2023 01:12:50 GMT
Connection: keep-alive
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9070541c-6707-464e-b141-b6c767d8a58a.jpeg | 34.120.237.76 | 200 OK | 12 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9070541c-6707-464e-b141-b6c767d8a58a.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash062e186a259eda97173695240a492c63 9b476a4ec219667f560b88199a3a4e4b0a93b579 d18570d3c4ada689b5c2a99b0783ce41c629bd125e6683cf225e01b7032f14a4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9070541c-6707-464e-b141-b6c767d8a58a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12256
x-amzn-requestid: 1b959eb9-cf69-414c-b57b-4a63277d709c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fvgx-EhgoAMF2wA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dc7b3f-2c58e8ac2aee8a8f409a93a0;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 03:10:55 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: dvxlk1iSyNfjmNRI_8HcmhG9_xe0ZlaZ0Pzj0H9EBR6wwXKg0L7YVQ==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 04:43:21 GMT
age: 73769
etag: "9b476a4ec219667f560b88199a3a4e4b0a93b579"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fef803fc0-c789-4c2b-8cb2-33bef88abc9c.jpeg | 34.120.237.76 | 200 OK | 8.7 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fef803fc0-c789-4c2b-8cb2-33bef88abc9c.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hashbbb38d805862a1b3081eebf256e0dae0 4a5cb01390d897be8721cd4551c74d0452aff640 02443891d0533f37fe38b16febafc86fa64c457dc1827b97ec535d623486d549
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fef803fc0-c789-4c2b-8cb2-33bef88abc9c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8691
x-amzn-requestid: 51bb839e-c32c-4be9-9f38-7f8044160e70
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fVsLgFPqIAMFfww=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d22716-3794126b47a79aed27e1aac4;Sampled=0
x-amzn-remapped-date: Thu, 26 Jan 2023 07:09:10 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 9du1ien5j1WSLplBzT5AAV-xIPKNgg4-8tdjux_iEGXNGaCcj29Xog==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 10:04:17 GMT
age: 54513
etag: "4a5cb01390d897be8721cd4551c74d0452aff640"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98423c35-aa11-41c0-8f4f-52bec4c9eaa8.jpeg | 34.120.237.76 | 200 OK | 9.6 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98423c35-aa11-41c0-8f4f-52bec4c9eaa8.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hashb3e7140400336984afc6093c1246f863 59e0b21cdf4cfdac3f1ea05badd007727939ac42 4d927e74922159db5d07b9947fa1021cff74bb7b55759960cb3941d05c1e8f11
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98423c35-aa11-41c0-8f4f-52bec4c9eaa8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9579
x-amzn-requestid: 377c182d-43e8-4251-8731-6364d29fb955
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: foJaRFs0oAMFreQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d9890e-1ad3e68f50fc15707ec0406a;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 21:33:02 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: sUtUjqOLpq42m22bLgmLggmPbtatZC01og_xzkVI1o8rJtAnvhvqHA==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 14:15:26 GMT
age: 39444
etag: "59e0b21cdf4cfdac3f1ea05badd007727939ac42"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4a38348b-ed70-4e2f-80ce-d13e44fefcfc.webp | 34.120.237.76 | 200 OK | 14 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4a38348b-ed70-4e2f-80ce-d13e44fefcfc.webp IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash7b596a8e984911df703e15c72d25d513 a1fa1355f4de6f246d35bed9f128e13fc9dc4e72 aba708124199ec6b0ce86ac14c6c18d233ff405071a7f22522217c2fcb0aa9b7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4a38348b-ed70-4e2f-80ce-d13e44fefcfc.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13557
x-amzn-requestid: 981a0f31-e874-4392-a81d-12d667020700
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fH8-JGEsoAMFhZA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cca85a-7398031f2676734c65447e5b;Sampled=0
x-amzn-remapped-date: Sun, 22 Jan 2023 03:07:06 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: dDjAyq5pSck1A4V9vIFxwjPfUfo4B23FmPmq9AJwxGLqy6m99zEH-Q==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 22:09:58 GMT
age: 10972
etag: "a1fa1355f4de6f246d35bed9f128e13fc9dc4e72"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F88b593b5-5093-4504-8ab7-492c62b14ca7.jpeg | 34.120.237.76 | 200 OK | 5.8 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F88b593b5-5093-4504-8ab7-492c62b14ca7.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hashc1f3df5bbad5048923e29c0767d703d3 48c408d37a7bd7f96653174359178eed46ddf298 c8bae041c3d64334964b2aa771a07bc2709ced4c497e1795f864d9416fed728f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F88b593b5-5093-4504-8ab7-492c62b14ca7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5801
x-amzn-requestid: 441284a8-923a-4b22-b39f-95dec713c292
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fjj9jHu_IAMFZ-w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d7b389-788174a773fcd695540cc95e;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 12:09:45 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: DgvqiQwdytO2caPNzg2OhGcv8ly9N_YeQTzpuf6iwAVt8AQZEXRLqw==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 21:44:03 GMT
age: 12527
etag: "48c408d37a7bd7f96653174359178eed46ddf298"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc3f52758-d976-47aa-a47d-f0d6026514dc.jpeg | 34.120.237.76 | 200 OK | 13 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc3f52758-d976-47aa-a47d-f0d6026514dc.jpeg IP34.120.237.76:0
Hash2ea7b16115fb2d57c4248c1a6705454e 4746c679da9c5e3a1b1853a45fcc04aa381069bf 3db5b20f30e9292427d579b6554d34a1150ac7b693fb75ac63dacf8f9d28c16d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc3f52758-d976-47aa-a47d-f0d6026514dc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7665
x-amzn-requestid: 001ba86d-ebc8-4819-89f7-1604bc059cd8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fPGibFeqIAMFqMA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cf8475-076d982b5fccf2b931a05976;Sampled=0
x-amzn-remapped-date: Tue, 24 Jan 2023 07:10:45 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Y5yw5NZcyU6jkDXFaCeTuevp7YSZ42oJ1FhYyQHVvPlYWhpm1SwZLA==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 22:23:59 GMT
age: 10131
etag: "e5d4cbfc7482d35ee2ca03a7178426f3e2e97010"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| ocsp.sectigo.com/ | 104.18.32.68 | 200 OK | 472 B |
IP104.18.32.68:0
Hash047bb44ec9ba8b0d39b7d727ed6014f4 071aca000405da3068857c8b844216a32160180f 06862104e1cbb5b0278bec013c5afb57180f6f1fc5e7760616ee851a8d2897d9
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 01:12:50 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 04 Feb 2023 15:52:00 GMT
Expires: Sat, 11 Feb 2023 15:51:59 GMT
Etag: "071aca000405da3068857c8b844216a32160180f"
Cache-Control: max-age=570548,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7947c7b10bddb4f3-OSL
|
|
| com-wag3.netmng.com/?aid=6366&siclientid=105368&url=https%3A%2F%2Fcokene.savings.workingadvantage.com%2Fhome%3Foff_guid%3D0B0tS3WhoJMcPiJq6xroki%26source-id%3Demail%26utm_source%3Demail%26utm_campaign%3Demail-mme%26utm_medium%3DNovember-18-2022-MME%26utm_content%3DDisneyland%2520Resort%26DLK%3Df32xyv69a1mc1mtbmu3ydomvl&p5=&p6=&p7=&p8=&p9=&p10=&p11=&p12=&p13=&p14=&p15=&p16=&p17=&p18=&p19=&p20=&p26=&p27=&p28= | 199.38.167.54 | 200 OK | 2.6 kB |
URL HTTP/1.1com-wag3.netmng.com/?aid=6366&siclientid=105368&url=https%3A%2F%2Fcokene.savings.workingadvantage.com%2Fhome%3Foff_guid%3D0B0tS3WhoJMcPiJq6xroki%26source-id%3Demail%26utm_source%3Demail%26utm_campaign%3Demail-mme%26utm_medium%3DNovember-18-2022-MME%26utm_content%3DDisneyland%2520Resort%26DLK%3Df32xyv69a1mc1mtbmu3ydomvl&p5=&p6=&p7=&p8=&p9=&p10=&p11=&p12=&p13=&p14=&p15=&p16=&p17=&p18=&p19=&p20=&p26=&p27=&p28= IP199.38.167.54:0
File typeC source, ASCII text, with very long lines (7436) Hash1abd0a04c44ec39c03d6db7952a106de e7c29654145d422c81a84d57c543228180d420d8 eb1588d03f8c96bddb908ac983e73095102c52e086b7dc7ed6a2a8ead47b5968
GET /?aid=6366&siclientid=105368&url=https%3A%2F%2Fcokene.savings.workingadvantage.com%2Fhome%3Foff_guid%3D0B0tS3WhoJMcPiJq6xroki%26source-id%3Demail%26utm_source%3Demail%26utm_campaign%3Demail-mme%26utm_medium%3DNovember-18-2022-MME%26utm_content%3DDisneyland%2520Resort%26DLK%3Df32xyv69a1mc1mtbmu3ydomvl&p5=&p6=&p7=&p8=&p9=&p10=&p11=&p12=&p13=&p14=&p15=&p16=&p17=&p18=&p19=&p20=&p26=&p27=&p28= HTTP/1.1
Host: com-wag3.netmng.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cokene.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: openresty
Date: Sun, 05 Feb 2023 01:12:50 GMT
Content-Type: text/javascript; charset=UTF-8
Transfer-Encoding: chunked
X-Cnection: close
Vary: Accept-Encoding
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa PSAa OUR BUS COM NAV"
Expires: Fri, 03 Feb 2023 01:12:50 GMT
Last-Modified: Fri, 03 Feb 2023 01:12:50 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: evo5_WAG3=z6ol8kkbtcuxt%7CO%7CT0ZwMGRIaFdWamxUVjA1a1VWSkJRVWh2TkVkV2NEVlFjSGhpWm5reVQzQnJWblJSUlhaUmVGUjBlSGRPTkdoRFZrMWpSM2x6UjFaeU0yMXJhVk5OTDAwNFFtd3hLMDQxUWpNNU16TkJjbEF6V1c5eE9HVkVWVEpwUlhSNWNra3hWM3BSY1U1MFFsaFpiMnRVTTFwSWVIWXhhVUZRWTNCMFdFNXFSa2xFT0dKR1R6ZDRka2RLVUd3d05uUklXRWR1Y1hCT2FsZE9lRWh1TUhWV1dFY3hURFp0YmtvMGJYWklaM1JCZVhFMlJsVXljV1J5YldscVIweDFkM05RU1RSbTpybnBTNHNUZ2U5NWVQdnp6bFI4dTlRPT0%3D; expires=Mon, 07-Aug-2023 01:12:50 GMT; Max-Age=15811200; path=/
Content-Encoding: gzip
|
|
| events.api.boomtrain.com/event/track | 35.169.46.120 | 200 OK | 2 B |
URL HTTP/2events.api.boomtrain.com/event/track IP35.169.46.120:0
File typeASCII text, with no line terminators Hashe0aa021e21dddbd6d8cecec71e9cf564 9ce3bd4224c8c1780db56b4125ecf3f24bf748b7 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
POST /event/track HTTP/1.1
Host: events.api.boomtrain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 1137
Origin: https://cokene.savings.workingadvantage.com
Connection: keep-alive
Referer: https://cokene.savings.workingadvantage.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 01:12:50 GMT
content-type: text/plain
content-length: 2
server: nginx
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With, Content-Type, Authorization, x-app-id
access-control-allow-methods: GET, PUT, POST, DELETE
X-Firefox-Spdy: h2
|
|
| assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/12569482cfef/RC0c16579d5c704bd0a214633d669d35f2-source.min.js | 23.38.200.237 | 200 OK | 548 B |
URL HTTP/2assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/12569482cfef/RC0c16579d5c704bd0a214633d669d35f2-source.min.js IP23.38.200.237:0
File typeASCII text, with very long lines (871) Hashe0c38bebb5226b0893de67fd65f75c82 b1f8c76d9d9b56e2ad75c3d14cbfecba96db7c47 b7f1b424b884d7833407fdb363e4aeda19df8feef0edfa4e4f3cd077060a6b0e
GET /a281455e4dfe/86f9b29df5eb/12569482cfef/RC0c16579d5c704bd0a214633d669d35f2-source.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cokene.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "bf12e6028d837026ed54b934e047290d:1662405834.342951"
last-modified: Mon, 05 Sep 2022 19:23:54 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=3600
expires: Sun, 05 Feb 2023 02:12:50 GMT
date: Sun, 05 Feb 2023 01:12:50 GMT
content-length: 548
access-control-allow-origin: https://cokene.savings.workingadvantage.com
timing-allow-origin: *
X-Firefox-Spdy: h2
|
|
| com-wag3.netmng.com/WAG3/com/?vid=z6ol8kkbtcuxt&referer=&browserPixelRatio=1&browserWidth=1280&browserHeight=1024&aid=6366&siclientid=105368&url=https%3A%2F%2Fcokene.savings.workingadvantage.com%2Fhome%3Foff_guid%3D0B0tS3WhoJMcPiJq6xroki%26source-id%3Demail%26utm_source%3Demail%26utm_campaign%3Demail-mme%26utm_medium%3DNovember-18-2022-MME%26utm_content%3DDisneyland%2520Resort%26DLK%3Df32xyv69a1mc1mtbmu3ydomvl&p5=&p6=&p7=&p8=&p9=&p10=&p11=&p12=&p13=&p14=&p15=&p16=&p17=&p18=&p19=&p20=&p26=&p27=&p28=&function=browser_check&r=72b99c | 199.38.167.54 | 200 OK | 1.3 kB |
URL HTTP/1.1com-wag3.netmng.com/WAG3/com/?vid=z6ol8kkbtcuxt&referer=&browserPixelRatio=1&browserWidth=1280&browserHeight=1024&aid=6366&siclientid=105368&url=https%3A%2F%2Fcokene.savings.workingadvantage.com%2Fhome%3Foff_guid%3D0B0tS3WhoJMcPiJq6xroki%26source-id%3Demail%26utm_source%3Demail%26utm_campaign%3Demail-mme%26utm_medium%3DNovember-18-2022-MME%26utm_content%3DDisneyland%2520Resort%26DLK%3Df32xyv69a1mc1mtbmu3ydomvl&p5=&p6=&p7=&p8=&p9=&p10=&p11=&p12=&p13=&p14=&p15=&p16=&p17=&p18=&p19=&p20=&p26=&p27=&p28=&function=browser_check&r=72b99c IP199.38.167.54:0
File typeASCII text, with very long lines (3499) Hash52306cfab20998a223561ada19317358 eb9b1fe85d25df97fb774df2340f0f9fc2d53de3 7fb31d2fbc698d48ba1c70bc21282efe1c780ef64ed83a23a5bb88bc2ef20860
GET /WAG3/com/?vid=z6ol8kkbtcuxt&referer=&browserPixelRatio=1&browserWidth=1280&browserHeight=1024&aid=6366&siclientid=105368&url=https%3A%2F%2Fcokene.savings.workingadvantage.com%2Fhome%3Foff_guid%3D0B0tS3WhoJMcPiJq6xroki%26source-id%3Demail%26utm_source%3Demail%26utm_campaign%3Demail-mme%26utm_medium%3DNovember-18-2022-MME%26utm_content%3DDisneyland%2520Resort%26DLK%3Df32xyv69a1mc1mtbmu3ydomvl&p5=&p6=&p7=&p8=&p9=&p10=&p11=&p12=&p13=&p14=&p15=&p16=&p17=&p18=&p19=&p20=&p26=&p27=&p28=&function=browser_check&r=72b99c HTTP/1.1
Host: com-wag3.netmng.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cokene.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: openresty
Content-Type: text/javascript; charset=UTF-8
Transfer-Encoding: chunked
X-Cnection: close
Vary: Accept-Encoding
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa PSAa OUR BUS COM NAV"
Expires: Fri, 03 Feb 2023 01:12:50 GMT
Last-Modified: Fri, 03 Feb 2023 01:12:50 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, no-cache, private
Pragma: no-cache
Date: Sun, 05 Feb 2023 01:12:50 GMT
Content-Encoding: gzip
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.131 | 200 OK | 472 B |
IP142.250.74.131:0
Hash153d0de36959c722c00df71ba86daca2 305f56a3134879ebf0828e169e903e560540c070 0cf533a798d42d1e97fb6619a411afadf9a68c92302ba852869b0c0555a47987
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 01:12:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.131 | 200 OK | 472 B |
IP142.250.74.131:0
Hash153d0de36959c722c00df71ba86daca2 305f56a3134879ebf0828e169e903e560540c070 0cf533a798d42d1e97fb6619a411afadf9a68c92302ba852869b0c0555a47987
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 01:12:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| www.googletagmanager.com/gtag/js?id=UA-2876877-9 | 142.250.74.168 | 200 OK | 45 kB |
URL HTTP/2www.googletagmanager.com/gtag/js?id=UA-2876877-9 IP142.250.74.168:0
File typeJSON data\012- , ASCII text, with very long lines (1948), with no line terminators Hash229476ae63b116d0ed7f5100433e0959 f2df64f9b6dfcf9450f2dda9b67d5e2ea09b0658 cf78ea1d89cd94b292cb06fba2a0b989dfc1cb5510a05f06c646bee0a64e0222
GET /gtag/js?id=UA-2876877-9 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cokene.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 05 Feb 2023 01:12:51 GMT
expires: Sun, 05 Feb 2023 01:12:51 GMT
cache-control: private, max-age=900
last-modified: Sun, 05 Feb 2023 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43900
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtm.js?id=GTM-5QN8HWM | 142.250.74.168 | 200 OK | 46 kB |
URL HTTP/2www.googletagmanager.com/gtm.js?id=GTM-5QN8HWM IP142.250.74.168:0
File typeASCII text, with very long lines (1759) Hashaea7b3687aac0eb365664eabf90b225d 2a2bfb4e39a1232187ef1c01bf95f65539a5e17e f1fa30b55e2a70464ba0f11160cc5d5a857ae5948945e8ca099a38a074fe8c2e
GET /gtm.js?id=GTM-5QN8HWM HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cokene.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 05 Feb 2023 01:12:51 GMT
expires: Sun, 05 Feb 2023 01:12:51 GMT
cache-control: private, max-age=900
last-modified: Sun, 05 Feb 2023 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 46492
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.131 | 200 OK | 472 B |
IP142.250.74.131:0
Hash153d0de36959c722c00df71ba86daca2 305f56a3134879ebf0828e169e903e560540c070 0cf533a798d42d1e97fb6619a411afadf9a68c92302ba852869b0c0555a47987
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 01:12:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| cokene.savings.workingadvantage.com/socket.io/?EIO=3&transport=websocket | 104.18.0.62 | 101 Switching Protocols | 0 B |
URL HTTP/1.1cokene.savings.workingadvantage.com/socket.io/?EIO=3&transport=websocket IP104.18.0.62:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /socket.io/?EIO=3&transport=websocket HTTP/1.1
Host: cokene.savings.workingadvantage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://cokene.savings.workingadvantage.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: I3wei3by/8JZ0g9/oWGjaw==
Connection: keep-alive, Upgrade
Cookie: __cf_bm=dNTWj30fEDl08pva5Rpczd8JI2vcSaelvZoLFMHJOAY-1675559570-0-AfY10rzH1TY5BkrT+5Zyk873PLAaWP06solRF6GNv1HYeAAZ3lLj/dkeS+OdE/x564IgQq20+2SC2knj6qt3/n/y2ES6vEKyvjWwANPKhDFpZsB/cJt8lk5Y9xk4VJOUbMxHiRmqgPc14VRp0A3yytLTA3N8um56cSp7t61SrPeZj/iqUcyuK3Pok/8yh0QDxA==; AMCV_B5F9FF2554F608410A4C98C6%40AdobeOrg=1176715910%7CMCIDTS%7C19394%7CMCMID%7C39492142839455239941442667009925997708%7CMCAAMLH-1676164406%7C6%7CMCAAMB-1676164406%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1675566807s%7CNONE%7CMCAID%7CNONE%7CvVersion%7C5.4.0; AMCVS_B5F9FF2554F608410A4C98C6%40AdobeOrg=1; s_ecid=MCMID%7C39492142839455239941442667009925997708; btIdentify=13124ae5-3835-477f-be65-f2239c21e33d; _bti=%7B%22app_id%22%3A%22ebg-wag3%22%2C%22bsin%22%3A%222tl1muuPIcLJdcCcDOT9myLyTpoOc24G5NuJRBiBXxtg0jiGPIxeolfQCSww0nlU5p8buLaaGX%2BocKGG%2BFV10g%3D%3D%22%2C%22is_identified%22%3Afalse%7D; _bts=e906ec92-2833-401d-e82b-d1f1eb9ba985
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Date: Sun, 05 Feb 2023 01:12:51 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: vETyEq6OGPn6cUDw4o2IWlzlZoY=
Sec-WebSocket-Extensions: permessage-deflate
Access-Control-Allow-Origin: https://cokene.savings.workingadvantage.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
CF-Cache-Status: DYNAMIC
Strict-Transport-Security: max-age=5184000; includeSubDomains
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 7947c7b82a360afe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
|
|
| fonts.googleapis.com/css?family=Roboto:500 | 142.250.74.106 | 200 OK | 511 B |
URL HTTP/2fonts.googleapis.com/css?family=Roboto:500 IP142.250.74.106:0
Hash463e8e15a2b74a2a3232c318da699524 3778e8f504c2c776ceeba675d8ced1c963a6f2fb 2d5d5afadfe8e9ef71fe74e69847af142437ac31b7f8e118fd64f9b9fe1ff463
GET /css?family=Roboto:500 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 05 Feb 2023 01:12:51 GMT
date: Sun, 05 Feb 2023 01:12:51 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement_Module_ActivityMap.min.js | 23.38.200.237 | 304 Not Modified | 41 kB |
URL HTTP/2assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement_Module_ActivityMap.min.js IP23.38.200.237:0
Hash453e7fba8c47fa0fcb719aa7dba0e087 8ad2f9b0aef2413c94b463788cf992213e6cfea5 0a71ce1ebcfc417e80cd1d0fd2a0fc57f1f622083f916c762735a4c25c193a27
GET /extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement_Module_ActivityMap.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
If-Modified-Since: Mon, 14 Feb 2022 16:35:31 GMT
If-None-Match: "2d1382c349d480b6b41574ac0c1af066:1644856531.739514"
TE: trailers
HTTP/2 304 Not Modified
content-type: application/x-javascript
last-modified: Mon, 14 Feb 2022 16:35:31 GMT
etag: "2d1382c349d480b6b41574ac0c1af066:1644856531.739514"
expires: Sun, 05 Feb 2023 02:12:51 GMT
date: Sun, 05 Feb 2023 01:12:51 GMT
cache-control: no-cache
access-control-allow-origin: https://auth.savings.workingadvantage.com
timing-allow-origin: *
X-Firefox-Spdy: h2
|
|
| cokene.savings.beneplace.com/api/notifications/system-wide | 104.18.10.206 | 200 OK | 55 kB |
URL HTTP/2cokene.savings.beneplace.com/api/notifications/system-wide IP104.18.10.206:0
Hash5c9eed421390526fb7a7c5eb8d59d2e6 5a994848b63ae1ec42d77dbee3490a654e5ad8e5 06d6cb51ce854f511a32af5069ac951db944491ca3cae2f8694b1b10b11217ce
GET /api/notifications/system-wide HTTP/1.1
Host: cokene.savings.beneplace.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://auth.savings.workingadvantage.com
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 01:12:52 GMT
content-type: application/json; charset=utf-8
content-length: 2
x-powered-by:
access-control-allow-origin: https://auth.savings.workingadvantage.com
vary: Origin
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
etag: W/"2-l9Fw4VUO7kr8CvBlt4zaMCqXZ0w"
expires: Sun, 05 Feb 2023 01:12:51 GMT
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=czoxXRc6gND.ftZ54mKMw3xJzTdDY9hssNAb.SOCxDY-1675559572-0-ASMKFuvlRZgEv9wbvMMfDEDtI3xWRrUQwBm4kWpJKlTkoK6TVkDMq6gPRTTCVHgqSGCWGIna+gTJdtP8Ru6wEHQ=; path=/; expires=Sun, 05-Feb-23 01:42:52 GMT; domain=.beneplace.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7947c7bfd95ab527-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| www.google-analytics.com/analytics.js | 142.250.74.46 | 200 OK | 20 kB |
URL HTTP/2www.google-analytics.com/analytics.js IP142.250.74.46:0
File typeASCII text, with very long lines (1490) Hashca7fbbfd120e3e329633044190bbf134 d17f81e03dd827554ddd207ea081fb46b3415445 847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20085
date: Sat, 04 Feb 2023 23:45:20 GMT
expires: Sun, 05 Feb 2023 01:45:20 GMT
cache-control: public, max-age=7200
age: 5252
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| cokene.savings.beneplace.com/api/info | 104.18.10.206 | 200 OK | 1.9 kB |
URL HTTP/2cokene.savings.beneplace.com/api/info IP104.18.10.206:0
File typeJSON data\012- , ASCII text, with very long lines (6235), with no line terminators Hash8d25e0102cdc7dc71e5dc49aed7cf03d 5c95bc9a1675ebdb82f70b8c2518f964cc3145ae dcb908c314ed8a21abccdb790fa8d6a9fb7e61a5806d2723d5cdd2a61dd4f35e
GET /api/info HTTP/1.1
Host: cokene.savings.beneplace.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://auth.savings.workingadvantage.com
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 01:12:52 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding, Origin
x-powered-by:
access-control-allow-origin: https://auth.savings.workingadvantage.com
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
expires: Sun, 05 Feb 2023 01:12:51 GMT
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=mKOd_MZz7Q_opXl7GpnSpABO6E93byQ9Poz1MRxjiZE-1675559572-0-AexHY++fzj8ghtCIRB6xGDikozbbMelbMQ98tjweqXclCjRNGQQJNDgh0Fx8Wmz80y4TtXNiLH8qNdreo6qhZ+E=; path=/; expires=Sun, 05-Feb-23 01:42:52 GMT; domain=.beneplace.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7947c7bfe968b527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/12569482cfef/RCfc27f81c245c44b78fbb03ff4af1a6be-source.min.js | 23.38.200.237 | 200 OK | 2.4 kB |
URL HTTP/2assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/12569482cfef/RCfc27f81c245c44b78fbb03ff4af1a6be-source.min.js IP23.38.200.237:0
Hasha39e7d2df5366e1347b14ffe383a597d 082cd03559b261fbc463672bfff614e035060256 de9253efe9a60ea8370af5d3cae267a8fd6d7faed5633f11f04be85a3f46d39b
GET /a281455e4dfe/86f9b29df5eb/12569482cfef/RCfc27f81c245c44b78fbb03ff4af1a6be-source.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "bf12e6028d837026ed54b934e047290d:1662405834.342951"
last-modified: Mon, 05 Sep 2022 19:23:54 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=3600
expires: Sun, 05 Feb 2023 02:12:52 GMT
date: Sun, 05 Feb 2023 01:12:52 GMT
content-length: 214
access-control-allow-origin: https://auth.savings.workingadvantage.com
timing-allow-origin: *
X-Firefox-Spdy: h2
|
|
| assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/12569482cfef/RC986b4d5825364bd4887033e40e20c549-source.min.js | 23.38.200.237 | 200 OK | 2.3 kB |
URL HTTP/2assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/12569482cfef/RC986b4d5825364bd4887033e40e20c549-source.min.js IP23.38.200.237:0
Hash5db55aeb2aa64fd80e949e6efa466c34 9763a533fc229cf8d30525cb8b2d78e151cf60c0 9ce080d039718a972590937b52ade63ceed079fbe8cf3c3080abaa4ffa9961b7
GET /a281455e4dfe/86f9b29df5eb/12569482cfef/RC986b4d5825364bd4887033e40e20c549-source.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "bf12e6028d837026ed54b934e047290d:1662405834.342951"
last-modified: Mon, 05 Sep 2022 19:23:54 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=3600
expires: Sun, 05 Feb 2023 02:12:52 GMT
date: Sun, 05 Feb 2023 01:12:52 GMT
content-length: 429
access-control-allow-origin: https://auth.savings.workingadvantage.com
timing-allow-origin: *
X-Firefox-Spdy: h2
|
|
| dpm.demdex.net/id?d_visid_ver=5.4.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=B5F9FF2554F608410A4C98C6%40AdobeOrg&d_nsid=0&d_mid=39492142839455239941442667009925997708&d_coppa=true&d_blob=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&d_cid_ic=adobe_ecid%0139492142839455239941442667009925997708&d_cid_ic=ecid%0139492142839455239941442667009925997708&d_cid_ic=mcid%0139492142839455239941442667009925997708&ts=1675559610934 | 34.255.210.6 | 200 OK | 187 B |
URL HTTP/1.1dpm.demdex.net/id?d_visid_ver=5.4.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=B5F9FF2554F608410A4C98C6%40AdobeOrg&d_nsid=0&d_mid=39492142839455239941442667009925997708&d_coppa=true&d_blob=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&d_cid_ic=adobe_ecid%0139492142839455239941442667009925997708&d_cid_ic=ecid%0139492142839455239941442667009925997708&d_cid_ic=mcid%0139492142839455239941442667009925997708&ts=1675559610934 IP34.255.210.6:0
File typeJSON data\012- , ASCII text, with no line terminators Hash3e7fa3741aa996a0a046148c9316891a 30c4aad7819989d85ccd49388f70ac830c01a82d e2c0849784d27509e375496e90f46bc2c59e9a5a91e5ee078af0439866c624aa
GET /id?d_visid_ver=5.4.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=B5F9FF2554F608410A4C98C6%40AdobeOrg&d_nsid=0&d_mid=39492142839455239941442667009925997708&d_coppa=true&d_blob=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&d_cid_ic=adobe_ecid%0139492142839455239941442667009925997708&d_cid_ic=ecid%0139492142839455239941442667009925997708&d_cid_ic=mcid%0139492142839455239941442667009925997708&ts=1675559610934 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://auth.savings.workingadvantage.com
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://auth.savings.workingadvantage.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-2-v045-0cc0feb7f.edge-irl1.demdex.com 2 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-Error: 300,300
X-TID: c1VONAnKQDQ=
Content-Length: 187
Connection: keep-alive
|
|
| www.google-analytics.com/j/collect?v=1&_v=j99&a=1868898343&t=pageview&_s=1&dl=https%3A%2F%2Fauth.savings.workingadvantage.com%2Fcokene%2Fsign-in%3Fresponse_type%3Dcode%26client_id%3D9ezalirn45mF43imJTdf53%26utm_source%3Demail%26utm_medium%3DNovember-18-2022-MME%26utm_campaign%3Demail-mme%26utm_content%3DDisneyland%2520Resort%26redirect_uri%3Dhttps%3A%252F%252Fcokene.savings.workingadvantage.com%252Fhome%253Foff_guid%253D0B0tS3WhoJMcPiJq6xroki%2526source-id%253Demail%2526utm_source%253Demail%2526utm_campaign%253Demail-mme%2526utm_medium%253DNovember-18-2022-MME%2526utm_content%253DDisneyland%252520Resort%2526DLK%253Df32xyv69a1mc1mtbmu3ydomvl&dr=https%3A%2F%2Fcokene.savings.workingadvantage.com%2F&ul=en-us&de=UTF-8&dt=Coke%20Northeast%20Perks%20Marketplace&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YEBAAEABAAAAACAAI~&jid=1274620484&gjid=1360360873&cid=353660936.1675559611&tid=UA-2876877-9&_gid=1073557244.1675559611&_r=1&_slc=1>m=45He3210n815QN8HWM&z=762403256 | 142.250.74.46 | 200 OK | 4 B |
URL HTTP/2www.google-analytics.com/j/collect?v=1&_v=j99&a=1868898343&t=pageview&_s=1&dl=https%3A%2F%2Fauth.savings.workingadvantage.com%2Fcokene%2Fsign-in%3Fresponse_type%3Dcode%26client_id%3D9ezalirn45mF43imJTdf53%26utm_source%3Demail%26utm_medium%3DNovember-18-2022-MME%26utm_campaign%3Demail-mme%26utm_content%3DDisneyland%2520Resort%26redirect_uri%3Dhttps%3A%252F%252Fcokene.savings.workingadvantage.com%252Fhome%253Foff_guid%253D0B0tS3WhoJMcPiJq6xroki%2526source-id%253Demail%2526utm_source%253Demail%2526utm_campaign%253Demail-mme%2526utm_medium%253DNovember-18-2022-MME%2526utm_content%253DDisneyland%252520Resort%2526DLK%253Df32xyv69a1mc1mtbmu3ydomvl&dr=https%3A%2F%2Fcokene.savings.workingadvantage.com%2F&ul=en-us&de=UTF-8&dt=Coke%20Northeast%20Perks%20Marketplace&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YEBAAEABAAAAACAAI~&jid=1274620484&gjid=1360360873&cid=353660936.1675559611&tid=UA-2876877-9&_gid=1073557244.1675559611&_r=1&_slc=1>m=45He3210n815QN8HWM&z=762403256 IP142.250.74.46:0
File typeASCII text, with no line terminators Hash9e92e190700c1af4539b40c2171320a9 209bcdb79e6067b51091ce8586d4b977f25b67d8 aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
POST /j/collect?v=1&_v=j99&a=1868898343&t=pageview&_s=1&dl=https%3A%2F%2Fauth.savings.workingadvantage.com%2Fcokene%2Fsign-in%3Fresponse_type%3Dcode%26client_id%3D9ezalirn45mF43imJTdf53%26utm_source%3Demail%26utm_medium%3DNovember-18-2022-MME%26utm_campaign%3Demail-mme%26utm_content%3DDisneyland%2520Resort%26redirect_uri%3Dhttps%3A%252F%252Fcokene.savings.workingadvantage.com%252Fhome%253Foff_guid%253D0B0tS3WhoJMcPiJq6xroki%2526source-id%253Demail%2526utm_source%253Demail%2526utm_campaign%253Demail-mme%2526utm_medium%253DNovember-18-2022-MME%2526utm_content%253DDisneyland%252520Resort%2526DLK%253Df32xyv69a1mc1mtbmu3ydomvl&dr=https%3A%2F%2Fcokene.savings.workingadvantage.com%2F&ul=en-us&de=UTF-8&dt=Coke%20Northeast%20Perks%20Marketplace&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YEBAAEABAAAAACAAI~&jid=1274620484&gjid=1360360873&cid=353660936.1675559611&tid=UA-2876877-9&_gid=1073557244.1675559611&_r=1&_slc=1>m=45He3210n815QN8HWM&z=762403256 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://auth.savings.workingadvantage.com
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://auth.savings.workingadvantage.com
date: Sun, 05 Feb 2023 01:12:52 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| cokene.savings.beneplace.com/api/cokene/marketplace-styles.css | 104.18.10.206 | 200 OK | 5.7 kB |
URL HTTP/2cokene.savings.beneplace.com/api/cokene/marketplace-styles.css IP104.18.10.206:0
Hashd8c1b121d8cf41208719b1c8509d379a de4df54c80d1009fe9b0fa95c764bac6711e2a57 0116e059c208724b3143427afff0e0c0858b4c18deea97d8902bb46142c1c6f1
GET /api/cokene/marketplace-styles.css HTTP/1.1
Host: cokene.savings.beneplace.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://auth.savings.workingadvantage.com
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 01:12:52 GMT
content-type: text/css; charset=utf-8
x-powered-by:
access-control-allow-origin: https://auth.savings.workingadvantage.com
vary: Origin
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
etag: W/"7fc5-5nMYEsJHPatYeGBoLYY0AD+UYq0"
expires: Sun, 05 Feb 2023 01:12:51 GMT
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=6AQ2Q4CVydHwJ301eLhapR4tHkmZCD9EV9C8AoSWjPg-1675559572-0-Acz6CXtiNAV4bcxzcOh0m41YDdJGaPcXmyUTCL4QsORtjClOTH1dWsAxrEjpnMyXfKkNdIakVlqy9MnMIsYu/v8=; path=/; expires=Sun, 05-Feb-23 01:42:52 GMT; domain=.beneplace.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7947c7bfe96ab527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| smetrics.workingadvantage.com/b/ss/entbenwag3/1/JS-2.22.4-LCUM/s46916844479326 | 13.37.25.97 | 200 OK | 285 B |
URL HTTP/2smetrics.workingadvantage.com/b/ss/entbenwag3/1/JS-2.22.4-LCUM/s46916844479326 IP13.37.25.97:0
Hashe72795a8f4e03724bd5623bd1eacb7ff 63e3246310701f7daabe96e89066123a137e5f41 37961c85d4bebc631409c4421429e14ec53bdd4c08f0929a3ba19b9133ba3ed1
POST /b/ss/entbenwag3/1/JS-2.22.4-LCUM/s46916844479326 HTTP/1.1
Host: smetrics.workingadvantage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 3892
Origin: https://auth.savings.workingadvantage.com
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Cookie: __cf_bm=dNTWj30fEDl08pva5Rpczd8JI2vcSaelvZoLFMHJOAY-1675559570-0-AfY10rzH1TY5BkrT+5Zyk873PLAaWP06solRF6GNv1HYeAAZ3lLj/dkeS+OdE/x564IgQq20+2SC2knj6qt3/n/y2ES6vEKyvjWwANPKhDFpZsB/cJt8lk5Y9xk4VJOUbMxHiRmqgPc14VRp0A3yytLTA3N8um56cSp7t61SrPeZj/iqUcyuK3Pok/8yh0QDxA==; AMCV_B5F9FF2554F608410A4C98C6%40AdobeOrg=1176715910%7CMCIDTS%7C19394%7CMCMID%7C39492142839455239941442667009925997708%7CMCAAMLH-1676164410%7C6%7CMCAAMB-1676164410%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1675566810s%7CNONE%7CMCAID%7CNONE%7CvVersion%7C5.4.0%7CMCCIDH%7C-246190611; AMCVS_B5F9FF2554F608410A4C98C6%40AdobeOrg=1; s_ecid=MCMID%7C39492142839455239941442667009925997708; btIdentify=13124ae5-3835-477f-be65-f2239c21e33d; _bti=%7B%22app_id%22%3A%22ebg-wag3%22%2C%22bsin%22%3A%222tl1muuPIcLJdcCcDOT9myLyTpoOc24G5NuJRBiBXxtg0jiGPIxeolfQCSww0nlU5p8buLaaGX%2BocKGG%2BFV10g%3D%3D%22%2C%22is_identified%22%3Afalse%7D; _bts=e906ec92-2833-401d-e82b-d1f1eb9ba985; mbox=session#0690c03e0a1a476a80237df718fb3245#1675561471; at_check=true; _ga=GA1.2.353660936.1675559611; _gid=GA1.2.1073557244.1675559611; _gat_UA-2876877-9=1; sat_domain=A; g3refurl=https%253A%252F%252Fauth.savings.workingadvantage.com%252Fcokene%252Fsign-in%253Fresponse_type%253Dcode%2526client_id%253D9ezalirn45mf43imjtdf53%2526utm_source%253Demail%2526utm_medium%253Dnovember-18-2022-mme%2526utm_campaign%253Demail-mme%2526utm_content%253Ddisneyland%252520resort%2526redirect_uri%253Dhttps%253A%25252f%25252fcokene.savings.workingadvantage.com%25252fhome%25253foff_guid%25253d0b0ts3whojmcpijq6xroki%252526source-id%25253demail%252526utm_source%25253demail%252526utm_campaign%25253demail-mme%252526utm_medium%25253dnovember-18-2022-mme%252526utm_content%25253ddisneyland%25252520resort%252526dlk%25253df32xyv69a1mc1mtbmu3ydomvl; prev_url_v2=https%253A%252F%252Fauth.savings.workingadvantage.com%252Fcokene%252Fsign-in%253Fresponse_type%253Dcode%2526client_id%253D9ezalirn45mf43imjtdf53%2526utm_source%253Demail%2526utm_medium%253Dnovember-18-2022-mme%2526utm_campaign%253Demail-mme%2526utm_content%253Ddisneyland%252520resort%2526redirect_uri%253Dhttps%253A%25252f%25252fcokene.savings.workingadvantage.com%25252fhome%25253foff_guid%25253d0b0ts3whojmcpijq6xroki%252526source-id%25253demail%252526utm_source%25253demail%252526utm_campaign%25253demail-mme%252526utm_medium%25253dnovember-18-2022-mme%252526utm_content%25253ddisneyland%25252520resort%252526dlk%25253df32xyv69a1mc1mtbmu3ydomvl; s_cc=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://auth.savings.workingadvantage.com
access-control-allow-credentials: true
date: Sun, 05 Feb 2023 01:12:53 GMT
expires: Sat, 04 Feb 2023 01:12:53 GMT
last-modified: Mon, 06 Feb 2023 01:12:53 GMT
pragma: no-cache
p3p: CP="This is not a P3P policy"
server: jag
set-cookie: s_ecid=MCMID%7C39492142839455239941442667009925997708; Path=/; Domain=workingadvantage.com; Max-Age=157680000; Expires=Fri, 04 Feb 2028 01:12:12 GMT;
etag: 3598236785725440000-4619826758263409894
vary: *
content-type: image/gif;charset=utf-8
content-length: 43
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| cokene.savings.beneplace.com/api/controls/cokene | 104.18.10.206 | 200 OK | 792 B |
URL HTTP/2cokene.savings.beneplace.com/api/controls/cokene IP104.18.10.206:0
File typeJSON data\012- , ASCII text, with very long lines (1948), with no line terminators Hashc43f9df8473a3125c98d347b4af7180b 4de84288c230c74f93e5ef572ead2912d95c62e9 7e204f871c9a6a150153c316892291d49ca46e0ea12c5290f2be95648070d3ae
GET /api/controls/cokene HTTP/1.1
Host: cokene.savings.beneplace.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://auth.savings.workingadvantage.com
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 01:12:52 GMT
content-type: application/json; charset=utf-8
x-powered-by:
access-control-allow-origin: https://auth.savings.workingadvantage.com
vary: Origin
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
etag: W/"79c-gB4Fwt+bH/CsyPiVfSPx4FB7Q5U"
expires: Sun, 05 Feb 2023 01:12:51 GMT
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=eAXmu1ysfutFkDXcfxSPeeiTGpydhOKkI80JkMoUn8Y-1675559572-0-AdfqbyjRvY7xVQrvTeARrKP90O1r8aTUK2kPp7MfVE0v/OjAfuuKk8HKMB1qJaWAW4ddpJbWPRGAYkmlufFHQHs=; path=/; expires=Sun, 05-Feb-23 01:42:52 GMT; domain=.beneplace.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7947c7bfe967b527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement.min.js | 23.38.200.237 | 304 Not Modified | 0 B |
URL HTTP/2assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement.min.js IP23.38.200.237:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cokene.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
If-Modified-Since: Mon, 14 Feb 2022 16:35:31 GMT
If-None-Match: "d860c16ac938f7d839f0ec158d02d0f0:1644856531.418573"
TE: trailers
HTTP/2 304 Not Modified
content-type: application/x-javascript
last-modified: Mon, 14 Feb 2022 16:35:31 GMT
etag: "d860c16ac938f7d839f0ec158d02d0f0:1644856531.418573"
expires: Sun, 05 Feb 2023 02:12:53 GMT
date: Sun, 05 Feb 2023 01:12:53 GMT
cache-control: no-cache
access-control-allow-origin: https://cokene.savings.workingadvantage.com
timing-allow-origin: *
X-Firefox-Spdy: h2
|
|
| assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement_Module_ActivityMap.min.js | 23.38.200.237 | 304 Not Modified | 0 B |
URL HTTP/2assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement_Module_ActivityMap.min.js IP23.38.200.237:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement_Module_ActivityMap.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cokene.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
If-Modified-Since: Mon, 14 Feb 2022 16:35:31 GMT
If-None-Match: "2d1382c349d480b6b41574ac0c1af066:1644856531.739514"
TE: trailers
HTTP/2 304 Not Modified
content-type: application/x-javascript
last-modified: Mon, 14 Feb 2022 16:35:31 GMT
etag: "2d1382c349d480b6b41574ac0c1af066:1644856531.739514"
expires: Sun, 05 Feb 2023 02:12:53 GMT
date: Sun, 05 Feb 2023 01:12:53 GMT
cache-control: no-cache
access-control-allow-origin: https://cokene.savings.workingadvantage.com
timing-allow-origin: *
X-Firefox-Spdy: h2
|
|
| live.rezync.com/sync?c=16b6410431b6374e780104abb0443ca8&p=5ef4f9c1e806678f2ab0275df01d5ff4&zmpID=ebg-wag3&cache_buster=1675559611627&k=ebg-wag3-pixel-0988 | 143.204.55.106 | 200 OK | 5.3 kB |
URL HTTP/2live.rezync.com/sync?c=16b6410431b6374e780104abb0443ca8&p=5ef4f9c1e806678f2ab0275df01d5ff4&zmpID=ebg-wag3&cache_buster=1675559611627&k=ebg-wag3-pixel-0988 IP143.204.55.106:0
File typeHTML document, ASCII text, with very long lines (2142) Hashfcb9701de34f91403c2d9c5c8212fcb4 63881a375880328725fff7c2680a3d5d082950e2 0437ed5d7279d6efa6b28597bd1e26371941c78d94b189bda221d916f1046999
GET /sync?c=16b6410431b6374e780104abb0443ca8&p=5ef4f9c1e806678f2ab0275df01d5ff4&zmpID=ebg-wag3&cache_buster=1675559611627&k=ebg-wag3-pixel-0988 HTTP/1.1
Host: live.rezync.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cokene.savings.workingadvantage.com/
Cookie: zync-uuid=84b0ccd3-81d0-46b4-a9fb-b1a0695db497:1675559569.036782; sd-session-id=eyJfcGVybWFuZW50Ijp0cnVlLCJzZXNzaW9uX2lkIjoiODRiMGNjZDMtODFkMC00NmI0LWE5ZmItYjFhMDY5NWRiNDk3OjE2NzU1NTk1NjkuMDM2NzgyIn0.Y98CkQ.36ITnsbBw1SnD6BDTS7rIQQhlL4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-length: 5291
date: Sun, 05 Feb 2023 01:12:53 GMT
set-cookie: zync-uuid=84b0ccd3-81d0-46b4-a9fb-b1a0695db497:1675559569.036782; Domain=rezync.com; Expires=Thu, 03 Aug 2023 17:12:53 GMT; Path=/; SameSite=None; Secure
sd-session-id=eyJfcGVybWFuZW50Ijp0cnVlLCJzZXNzaW9uX2lkIjoiODRiMGNjZDMtODFkMC00NmI0LWE5ZmItYjFhMDY5NWRiNDk3OjE2NzU1NTk1NjkuMDM2NzgyIn0.Y98ClQ.Ru9_qrNclGhJG4NZL8uHAocRPOU; Expires=Fri, 04 Aug 2023 01:12:53 GMT; HttpOnly; Path=/; SameSite=None; Secure
vary: Cookie
server: lighttpd/1.4.59
x-cache: Miss from cloudfront
via: 1.1 aa34a836095df9de9d246a53dd63f1d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: wXkqU_AXsXcQ7tDtv9OzYTNItV7XvfBkOHBO8oAhRXmk6Ciq_RBsxQ==
X-Firefox-Spdy: h2
|
|
| events.api.boomtrain.com/event/track | 35.169.46.120 | 200 OK | 2 B |
URL HTTP/2events.api.boomtrain.com/event/track IP35.169.46.120:0
File typeASCII text, with no line terminators Hashe0aa021e21dddbd6d8cecec71e9cf564 9ce3bd4224c8c1780db56b4125ecf3f24bf748b7 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
POST /event/track HTTP/1.1
Host: events.api.boomtrain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 1393
Origin: https://cokene.savings.workingadvantage.com
Connection: keep-alive
Referer: https://cokene.savings.workingadvantage.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 01:12:53 GMT
content-type: text/plain
content-length: 2
server: nginx
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With, Content-Type, Authorization, x-app-id
access-control-allow-methods: GET, PUT, POST, DELETE
X-Firefox-Spdy: h2
|
|
| maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true | 142.250.74.170 | 200 OK | 23 B |
URL HTTP/2maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true IP142.250.74.170:0
File typeJSON data\012- , ASCII text Hashe3981ca10169a319d5aa062bf43a5fa1 2c6ed584767b65688ce99b1ebe1a3b7448a67421 8b0b8749aba12de93f3cf5d86f9fac9d6de7cac400a17473718f182a34ebb7e9
GET /maps/api/mapsjs/gen_204?csp_test=true HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cokene.savings.workingadvantage.com
Connection: keep-alive
Referer: https://cokene.savings.workingadvantage.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Sun, 05 Feb 2023 01:12:54 GMT
server: scaffolding on HTTPServer2
cache-control: private
content-length: 23
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://cokene.savings.workingadvantage.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| com-wag3.netmng.com/?aid=6366&siclientid=105368&url=https%3A%2F%2Fcokene.savings.workingadvantage.com%2Fhome%3Foff_guid%3D0B0tS3WhoJMcPiJq6xroki%26source-id%3Demail%26utm_source%3Demail%26utm_campaign%3Demail-mme%26utm_medium%3DNovember-18-2022-MME%26utm_content%3DDisneyland%2520Resort%26%26known_email%3Dsbukowski%2540cokenortheast.com%26known_user_type%3Dknown_set_confirmed%26known_user%3Dtrue%26known_user_guid%3Df32xyv69a1mc1mtbmu3ydomvl&p5=&p6=&p7=&p8=&p9=&p10=&p11=&p12=&p13=&p14=&p15=&p16=&p17=&p18=&p19=&p20=&p26=&p27=&p28=&ref=https%3A%2F%2Fauth.savings.workingadvantage.com%2F | 199.38.167.54 | 200 OK | 6.6 kB |
URL HTTP/1.1com-wag3.netmng.com/?aid=6366&siclientid=105368&url=https%3A%2F%2Fcokene.savings.workingadvantage.com%2Fhome%3Foff_guid%3D0B0tS3WhoJMcPiJq6xroki%26source-id%3Demail%26utm_source%3Demail%26utm_campaign%3Demail-mme%26utm_medium%3DNovember-18-2022-MME%26utm_content%3DDisneyland%2520Resort%26%26known_email%3Dsbukowski%2540cokenortheast.com%26known_user_type%3Dknown_set_confirmed%26known_user%3Dtrue%26known_user_guid%3Df32xyv69a1mc1mtbmu3ydomvl&p5=&p6=&p7=&p8=&p9=&p10=&p11=&p12=&p13=&p14=&p15=&p16=&p17=&p18=&p19=&p20=&p26=&p27=&p28=&ref=https%3A%2F%2Fauth.savings.workingadvantage.com%2F IP199.38.167.54:0
Hash0164ecde6b878ea7929ffc4595f00155 b581bd187d6f8917e20767357d5db4877e5879c5 2e57a58cddd288be3b08babae77811ee9c26ba2972a90ab84d964e3d0c27b79b
GET /?aid=6366&siclientid=105368&url=https%3A%2F%2Fcokene.savings.workingadvantage.com%2Fhome%3Foff_guid%3D0B0tS3WhoJMcPiJq6xroki%26source-id%3Demail%26utm_source%3Demail%26utm_campaign%3Demail-mme%26utm_medium%3DNovember-18-2022-MME%26utm_content%3DDisneyland%2520Resort%26%26known_email%3Dsbukowski%2540cokenortheast.com%26known_user_type%3Dknown_set_confirmed%26known_user%3Dtrue%26known_user_guid%3Df32xyv69a1mc1mtbmu3ydomvl&p5=&p6=&p7=&p8=&p9=&p10=&p11=&p12=&p13=&p14=&p15=&p16=&p17=&p18=&p19=&p20=&p26=&p27=&p28=&ref=https%3A%2F%2Fauth.savings.workingadvantage.com%2F HTTP/1.1
Host: com-wag3.netmng.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cokene.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: openresty
Content-Type: text/javascript; charset=UTF-8
Transfer-Encoding: chunked
X-Cnection: close
Vary: Accept-Encoding
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa PSAa OUR BUS COM NAV"
Expires: Fri, 03 Feb 2023 01:12:54 GMT
Last-Modified: Fri, 03 Feb 2023 01:12:54 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, no-cache, private
Pragma: no-cache
Set-Cookie: evo5_WAG3=z6ol8kkbtcuxt%7CO%7CZWxSdmIxQktSbVZxWldaTFNWbGtXa1E0YlZvcmJuRk1PRU5xZEcxR1REQnFZaXRYWkM5NlMyZHZVMlkyZFU5TVEzUkVURTVLTDJ4b1lrbFViWG93Wld4UFVuWkNMM3BOV0RaNmNYbDJaRE5VUlRWVVFtTklVV2gzWjNvdlRHSTBRMUpFWTJaTVlYQTNkbk4xVGxSemJuTkZTV3AzTHpSWmFVZGtjMHRoWWsxT1ozaHZVM2hKWVVWWWVFNTRjVFIyTWxsaVJFOVpWa1k0YkdwdEswWndTekJEVW5WS04yMW5WbVZLVEVwUFpWUk1TMHhGY1ZFeldrRkNhR2R1UWtOTzppYXZodXZIRk4xUjgvemwwUUtlTzVRPT0%3D; expires=Mon, 07-Aug-2023 01:12:54 GMT; Max-Age=15811200; path=/
Date: Sun, 05 Feb 2023 01:12:54 GMT
Content-Encoding: gzip
|
|
| cokene.savings.workingadvantage.com/socket.io/?EIO=3&transport=websocket | 104.18.0.62 | 101 Switching Protocols | 0 B |
URL HTTP/1.1cokene.savings.workingadvantage.com/socket.io/?EIO=3&transport=websocket IP104.18.0.62:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /socket.io/?EIO=3&transport=websocket HTTP/1.1
Host: cokene.savings.workingadvantage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://cokene.savings.workingadvantage.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 0N3KUsF9Z9vrgPZxOx/S5w==
Connection: keep-alive, Upgrade
Cookie: __cf_bm=dNTWj30fEDl08pva5Rpczd8JI2vcSaelvZoLFMHJOAY-1675559570-0-AfY10rzH1TY5BkrT+5Zyk873PLAaWP06solRF6GNv1HYeAAZ3lLj/dkeS+OdE/x564IgQq20+2SC2knj6qt3/n/y2ES6vEKyvjWwANPKhDFpZsB/cJt8lk5Y9xk4VJOUbMxHiRmqgPc14VRp0A3yytLTA3N8um56cSp7t61SrPeZj/iqUcyuK3Pok/8yh0QDxA==; AMCV_B5F9FF2554F608410A4C98C6%40AdobeOrg=1176715910%7CMCIDTS%7C19394%7CMCMID%7C39492142839455239941442667009925997708%7CMCAAMLH-1676164410%7C6%7CMCAAMB-1676164410%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1675566810s%7CNONE%7CMCAID%7CNONE%7CvVersion%7C5.4.0%7CMCCIDH%7C-246190611; AMCVS_B5F9FF2554F608410A4C98C6%40AdobeOrg=1; s_ecid=MCMID%7C39492142839455239941442667009925997708; btIdentify=13124ae5-3835-477f-be65-f2239c21e33d; _bti=%7B%22app_id%22%3A%22ebg-wag3%22%2C%22bsin%22%3A%222tl1muuPIcLJdcCcDOT9myLyTpoOc24G5NuJRBiBXxtg0jiGPIxeolfQCSww0nlU5p8buLaaGX%2BocKGG%2BFV10g%3D%3D%22%2C%22is_identified%22%3Afalse%7D; _bts=e906ec92-2833-401d-e82b-d1f1eb9ba985; mbox=session#0690c03e0a1a476a80237df718fb3245#1675561471; at_check=true; _ga=GA1.2.353660936.1675559611; _gid=GA1.2.1073557244.1675559611; _gat_UA-2876877-9=1; g3refurl=https%253A%252F%252Fauth.savings.workingadvantage.com%252Fcokene%252Fsign-in%253Fresponse_type%253Dcode%2526client_id%253D9ezalirn45mf43imjtdf53%2526utm_source%253Demail%2526utm_medium%253Dnovember-18-2022-mme%2526utm_campaign%253Demail-mme%2526utm_content%253Ddisneyland%252520resort%2526redirect_uri%253Dhttps%253A%25252f%25252fcokene.savings.workingadvantage.com%25252fhome%25253foff_guid%25253d0b0ts3whojmcpijq6xroki%252526source-id%25253demail%252526utm_source%25253demail%252526utm_campaign%25253demail-mme%252526utm_medium%25253dnovember-18-2022-mme%252526utm_content%25253ddisneyland%25252520resort%252526dlk%25253df32xyv69a1mc1mtbmu3ydomvl; prev_url_v2=https%253A%252F%252Fauth.savings.workingadvantage.com%252Fcokene%252Fsign-in%253Fresponse_type%253Dcode%2526client_id%253D9ezalirn45mf43imjtdf53%2526utm_source%253Demail%2526utm_medium%253Dnovember-18-2022-mme%2526utm_campaign%253Demail-mme%2526utm_content%253Ddisneyland%252520resort%2526redirect_uri%253Dhttps%253A%25252f%25252fcokene.savings.workingadvantage.com%25252fhome%25253foff_guid%25253d0b0ts3whojmcpijq6xroki%252526source-id%25253demail%252526utm_source%25253demail%252526utm_campaign%25253demail-mme%252526utm_medium%25253dnovember-18-2022-mme%252526utm_content%25253ddisneyland%25252520resort%252526dlk%25253df32xyv69a1mc1mtbmu3ydomvl; s_cc=true
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Date: Sun, 05 Feb 2023 01:12:55 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: HC+GZx9J5b2+DGPwvHR2E9f3UMg=
Sec-WebSocket-Extensions: permessage-deflate
Access-Control-Allow-Origin: https://cokene.savings.workingadvantage.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
CF-Cache-Status: DYNAMIC
Strict-Transport-Security: max-age=5184000; includeSubDomains
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 7947c7cf2a3fb50f-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Early-Data: accepted
|
|
| assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement.min.js | 23.38.200.237 | 304 Not Modified | 1.6 kB |
URL HTTP/2assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement.min.js IP23.38.200.237:0
Hash26cb922572c247e0c1b556cf4fd9130d 05733f5318d2d38fe5ab3e8473f8b2a20ce17bfa aebed415d10916d2a24b28c5bdfc7baf7371891a9ded124121d039e95d5894df
GET /extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cokene.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
If-Modified-Since: Mon, 14 Feb 2022 16:35:31 GMT
If-None-Match: "d860c16ac938f7d839f0ec158d02d0f0:1644856531.418573"
TE: trailers
HTTP/2 304 Not Modified
content-type: application/x-javascript
last-modified: Mon, 14 Feb 2022 16:35:31 GMT
etag: "d860c16ac938f7d839f0ec158d02d0f0:1644856531.418573"
expires: Sun, 05 Feb 2023 02:12:55 GMT
date: Sun, 05 Feb 2023 01:12:55 GMT
cache-control: no-cache
access-control-allow-origin: https://cokene.savings.workingadvantage.com
timing-allow-origin: *
X-Firefox-Spdy: h2
|
|
| assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement_Module_ActivityMap.min.js | 23.38.200.237 | 304 Not Modified | 86 B |
URL HTTP/2assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement_Module_ActivityMap.min.js IP23.38.200.237:0
Hash32010ee3471b01e66c41385d05342133 060bfe6cd512bf55dfcdd986a3f159fc8310a598 38f750e717e11131eec35035d4bdaa7e0b8f4f1f3a14557366abe4871d64e425
GET /extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement_Module_ActivityMap.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cokene.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
If-Modified-Since: Mon, 14 Feb 2022 16:35:31 GMT
If-None-Match: "2d1382c349d480b6b41574ac0c1af066:1644856531.739514"
TE: trailers
HTTP/2 304 Not Modified
content-type: application/x-javascript
last-modified: Mon, 14 Feb 2022 16:35:31 GMT
etag: "2d1382c349d480b6b41574ac0c1af066:1644856531.739514"
expires: Sun, 05 Feb 2023 02:12:55 GMT
date: Sun, 05 Feb 2023 01:12:55 GMT
cache-control: no-cache
access-control-allow-origin: https://cokene.savings.workingadvantage.com
timing-allow-origin: *
X-Firefox-Spdy: h2
|
|
| live.rezync.com/sync?c=16b6410431b6374e780104abb0443ca8&p=5ef4f9c1e806678f2ab0275df01d5ff4&zmpID=ebg-wag3&cache_buster=1675559613806&k=ebg-wag3-pixel-0988 | 143.204.55.106 | 200 OK | 6.3 kB |
URL HTTP/2live.rezync.com/sync?c=16b6410431b6374e780104abb0443ca8&p=5ef4f9c1e806678f2ab0275df01d5ff4&zmpID=ebg-wag3&cache_buster=1675559613806&k=ebg-wag3-pixel-0988 IP143.204.55.106:0
Hash21e575aaef0fdb8f9d4a0b484296a29b b9d9d94b6cf8a5a269bf90f222f7118a888cf2e9 ce80249c77485903d5e606a734b7d8171657f5b267da7394428f6385fc26cf3b
GET /sync?c=16b6410431b6374e780104abb0443ca8&p=5ef4f9c1e806678f2ab0275df01d5ff4&zmpID=ebg-wag3&cache_buster=1675559613806&k=ebg-wag3-pixel-0988 HTTP/1.1
Host: live.rezync.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cokene.savings.workingadvantage.com/
Cookie: zync-uuid=84b0ccd3-81d0-46b4-a9fb-b1a0695db497:1675559569.036782; sd-session-id=eyJfcGVybWFuZW50Ijp0cnVlLCJzZXNzaW9uX2lkIjoiODRiMGNjZDMtODFkMC00NmI0LWE5ZmItYjFhMDY5NWRiNDk3OjE2NzU1NTk1NjkuMDM2NzgyIn0.Y98ClQ.Ru9_qrNclGhJG4NZL8uHAocRPOU
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-length: 4588
date: Sun, 05 Feb 2023 01:12:55 GMT
set-cookie: zync-uuid=84b0ccd3-81d0-46b4-a9fb-b1a0695db497:1675559569.036782; Domain=rezync.com; Expires=Thu, 03 Aug 2023 17:12:55 GMT; Path=/; SameSite=None; Secure
sd-session-id=eyJfcGVybWFuZW50Ijp0cnVlLCJzZXNzaW9uX2lkIjoiODRiMGNjZDMtODFkMC00NmI0LWE5ZmItYjFhMDY5NWRiNDk3OjE2NzU1NTk1NjkuMDM2NzgyIn0.Y98Clw.2bNjJ2quxhIvc2Dlejsvj-9dHRk; Expires=Fri, 04 Aug 2023 01:12:55 GMT; HttpOnly; Path=/; SameSite=None; Secure
vary: Cookie
server: lighttpd/1.4.59
x-cache: Miss from cloudfront
via: 1.1 aa34a836095df9de9d246a53dd63f1d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: -gUudW7s41TsTRYtqqU0-VFtmZrUOLt4rAv2AJ_4JC6442T-fhxNNA==
X-Firefox-Spdy: h2
|
|
| events.api.boomtrain.com/event/track | 35.169.46.120 | 200 OK | 2 B |
URL HTTP/2events.api.boomtrain.com/event/track IP35.169.46.120:0
File typeASCII text, with no line terminators Hashe0aa021e21dddbd6d8cecec71e9cf564 9ce3bd4224c8c1780db56b4125ecf3f24bf748b7 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
POST /event/track HTTP/1.1
Host: events.api.boomtrain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 1405
Origin: https://cokene.savings.workingadvantage.com
Connection: keep-alive
Referer: https://cokene.savings.workingadvantage.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 01:12:56 GMT
content-type: text/plain
content-length: 2
server: nginx
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With, Content-Type, Authorization, x-app-id
access-control-allow-methods: GET, PUT, POST, DELETE
X-Firefox-Spdy: h2
|
|
| cokene.savings.workingadvantage.com/home?off_guid=0B0tS3WhoJMcPiJq6xroki&source-id=email&utm_source=email&utm_campaign=email-mme&utm_medium=November-18-2022-MME&utm_content=Disneyland%20Resort&DLK=f32xyv69a1mc1mtbmu3ydomvl | 104.18.0.62 | 200 OK | 0 B |
URL HTTP/2cokene.savings.workingadvantage.com/home?off_guid=0B0tS3WhoJMcPiJq6xroki&source-id=email&utm_source=email&utm_campaign=email-mme&utm_medium=November-18-2022-MME&utm_content=Disneyland%20Resort&DLK=f32xyv69a1mc1mtbmu3ydomvl IP104.18.0.62:0
GET /home?off_guid=0B0tS3WhoJMcPiJq6xroki&source-id=email&utm_source=email&utm_campaign=email-mme&utm_medium=November-18-2022-MME&utm_content=Disneyland%20Resort&DLK=f32xyv69a1mc1mtbmu3ydomvl HTTP/1.1
Host: cokene.savings.workingadvantage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Sun, 05 Feb 2023 01:12:48 GMT
content-type: text/html; charset=utf-8
last-modified: Wed, 01 Feb 2023 02:20:58 GMT
vary: Accept-Encoding
strict-transport-security: max-age=5184000; includeSubDomains
x-frame-options: DENY
content-security-policy: frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=dHF8hkyt1OkQUSTuKcn7uPxCqeAi7RvdwoZBMVxa194-1675559568-0-AZMbVxnr44nU38Adsvh4R9gMMnlfItpa6sdmmjxk0o+4i2+KRaWNqsJshhGe9T/7N9jG3kqFglwv0J5LSp1c1yY=; path=/; expires=Sun, 05-Feb-23 01:42:48 GMT; domain=.workingadvantage.com; HttpOnly; Secure; SameSite=None
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7947c7a47bdfb515-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| cokene.savings.beneplace.com/api/info?authInfo=true | 104.18.10.206 | 200 OK | 0 B |
URL HTTP/2cokene.savings.beneplace.com/api/info?authInfo=true IP104.18.10.206:0
GET /api/info?authInfo=true HTTP/1.1
Host: cokene.savings.beneplace.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://auth.savings.workingadvantage.com
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 01:12:52 GMT
content-type: application/json; charset=utf-8
x-powered-by:
access-control-allow-origin: https://auth.savings.workingadvantage.com
vary: Origin
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
etag: W/"1de4-jpcgL3PyLH0HRQ4PstYFu37F1Go"
expires: Sun, 05 Feb 2023 01:12:51 GMT
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=VmueCtkXvoF7k03Cy4rcHJ1Lx3sk68gZZREAr2VtqMo-1675559572-0-AZmvshjcqDhlOGH6y9u5PQlytcAT1ZjHoN+i4cjsTb5UT3seOSzOFB3tTUaEYWfCS2pqwfs4syUc751pLAQuyEw=; path=/; expires=Sun, 05-Feb-23 01:42:52 GMT; domain=.beneplace.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7947c7bfd960b527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| cokene.savings.beneplace.com/api/controls/cokene | 104.18.10.206 | 200 OK | 0 B |
URL HTTP/2cokene.savings.beneplace.com/api/controls/cokene IP104.18.10.206:0
GET /api/controls/cokene HTTP/1.1
Host: cokene.savings.beneplace.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://auth.savings.workingadvantage.com
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 01:12:52 GMT
content-type: application/json; charset=utf-8
x-powered-by:
access-control-allow-origin: https://auth.savings.workingadvantage.com
vary: Origin
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
etag: W/"79c-gB4Fwt+bH/CsyPiVfSPx4FB7Q5U"
expires: Sun, 05 Feb 2023 01:12:51 GMT
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=CG7Ro950F9uPHU7Kr7GoFq1WUOV_ow7WupKDFH6pBqU-1675559572-0-Ae01xegMStKNM8cslUEZevR1RS3KOo0ZnXbtEo1ZRUwR1EFmJcZ3UOkxhlrMQwz/w1o5rhNL1zy/5kAVvsCOqHw=; path=/; expires=Sun, 05-Feb-23 01:42:52 GMT; domain=.beneplace.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7947c7c0c9e6b527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| fonts.googleapis.com/css?family=Lato:300,400,700,900 | 142.250.74.106 | 200 OK | 0 B |
URL HTTP/2fonts.googleapis.com/css?family=Lato:300,400,700,900 IP142.250.74.106:0
GET /css?family=Lato:300,400,700,900 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cokene.savings.workingadvantage.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 05 Feb 2023 01:12:48 GMT
date: Sun, 05 Feb 2023 01:12:48 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| cokene.savings.beneplace.com/api/google-experiments/auth-v2 | 104.18.10.206 | 200 OK | 0 B |
URL HTTP/2cokene.savings.beneplace.com/api/google-experiments/auth-v2 IP104.18.10.206:0
GET /api/google-experiments/auth-v2 HTTP/1.1
Host: cokene.savings.beneplace.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://auth.savings.workingadvantage.com
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 01:12:52 GMT
content-type: application/json; charset=utf-8
x-powered-by:
access-control-allow-origin: https://auth.savings.workingadvantage.com
vary: Origin
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
etag: W/"fd8-xTrkXE581f1SQMoUGwMfCAmZvJg"
expires: Sun, 05 Feb 2023 01:12:51 GMT
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=6YnAmFaR81LULPerhQnfAtM1t7mofWT0qsb9.7aAy9c-1675559572-0-AavJsKZjFIzigykZcL9zVy6Zdbxx+tbo1mOoTmhBDwDpKxFsgFsH8S34sPYm8ooajqwdYhcAKpFP4luOnpc3zpI=; path=/; expires=Sun, 05-Feb-23 01:42:52 GMT; domain=.beneplace.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7947c7bfd95bb527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| cokene.savings.beneplace.com/api/info?authInfo=true | 104.18.10.206 | 200 OK | 0 B |
URL HTTP/2cokene.savings.beneplace.com/api/info?authInfo=true IP104.18.10.206:0
GET /api/info?authInfo=true HTTP/1.1
Host: cokene.savings.beneplace.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://auth.savings.workingadvantage.com
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 01:12:52 GMT
content-type: application/json; charset=utf-8
x-powered-by:
access-control-allow-origin: https://auth.savings.workingadvantage.com
vary: Origin
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
etag: W/"1de4-jpcgL3PyLH0HRQ4PstYFu37F1Go"
expires: Sun, 05 Feb 2023 01:12:51 GMT
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=cJ_9_WiZgTjw.F8YrS3k2MwG6cNIfc3XVQvQ5eNi_Ow-1675559572-0-ASXAZkuuiLlFKyxIXlwHb2LAifbpXAsMF93ocmen1ja0zR4R4SMLd3IBciS+jb0tKtOiz8GwpP94joHEVxHLmYk=; path=/; expires=Sun, 05-Feb-23 01:42:52 GMT; domain=.beneplace.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7947c7bfe96cb527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|