Report - marketing.beneplace.com/acton/ct/4326/s-1f3a-2310/Bct/q-3ea0/e-3da7-l-338f:3e4c39/ct3

Report Overview

Visited public
2023-10-28 03:41:27
Tags
URL
marketing.beneplace.com/acton/ct/4326/s-1f3a-2310/Bct/q-3ea0/e-3da7-l-338f:3e4c39/ct3_0/1/lu?sid=TV2:boRd2Ustb
Finishing URL
auth.savings.workingadvantage.com/aramco/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https:%2F%2Faramco.savings.workingadvantage.com%2Fmy-profile%2Fdetails
IP / ASN
207.189.124.33
#13649 ASN-VINS
Title
Aramco Advantage Discount Marketplace

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
people.api.boomtrain.com	7069	2011-03-17	2017-12-19 23:03:10	2023-10-27 23:44:52	677 B	455 B	52.7.157.80
cdn.jsdelivr.net	439	2012-05-16	2012-09-30 02:15:09	2023-10-27 18:12:18	1.1 kB	54 kB	151.101.193.229
assets.adobedtm.com	512	2013-11-22	2014-01-28 05:51:35	2023-10-27 18:12:02	5.6 kB	672 kB	23.38.200.237
maps.googleapis.com	33876	2005-01-25	2019-10-17 17:56:16	2023-10-27 18:21:24	2.9 kB	272 kB	142.250.74.170
cdn.boomtrain.com	6549	2011-03-17	2013-11-26 17:58:09	2023-10-27 20:48:59	439 B	31 kB	143.204.55.27
aramco.savings.workingadvantage.com	unknown	1999-08-26	2022-08-23 13:40:21	2023-10-27 05:56:29	7.6 kB	410 kB	172.64.148.145
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17 22:46:33	2023-10-27 18:12:18	950 B	30 kB	104.17.25.14
controlpanel.savings.beneplace.com	368574	2001-12-19	2019-03-14 18:11:12	2023-10-27 05:56:47	1.1 kB	5.8 kB	104.18.37.20
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-10-27 18:55:07	1.7 kB	44 kB	216.58.207.227
live.rezync.com	2569	2017-05-22	2017-10-10 15:34:40	2023-10-27 20:31:42	550 B	7.2 kB	143.204.55.109
smetrics.workingadvantage.com	556520	1999-08-26	2017-10-23 11:38:04	2023-10-26 23:47:40	3.2 kB	1.6 kB	63.140.62.22
auth.savings.workingadvantage.com	225276	1999-08-26	2021-12-21 07:20:15	2023-10-26 17:03:35	25 kB	969 kB	172.64.148.145
aramco.savings.beneplace.com	unknown	2001-12-19	2022-08-30 06:11:50	2023-10-27 05:56:40	5.9 kB	152 kB	172.64.150.236
g3i.imgix.net	287889	2011-06-23	2020-09-11 15:53:19	2023-10-26 23:09:44	1.5 kB	276 kB	151.101.246.208
marketing.beneplace.com	500240	2001-12-19	2013-05-14 20:10:53	2023-10-27 05:56:29	566 B	496 B	207.189.124.33
www.googletagmanager.com	75	2011-11-11	2013-05-22 04:07:37	2023-10-27 19:07:13	3.7 kB	748 kB	142.250.74.168

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2023-10-28	medium	assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/a7f5bdf81d6c/RC986b4d5825364bd4887033e40e20c549-source.min.js	Webshells iisstart.aspx and Logout.aspx

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (43)

	URL	From	Size	First Seen	Last Seen
	unknown	ScriptElement	108 B	2023-03-13	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 17:12 Last Seen2024-08-21 09:32 Times Seen78 Hash d8504261314aff3680de53a08a00a979 8fc77534ff9d316538b881a34acc05e7e6478348 792cc97fffdd6fb26a202096b1bec0f97c24c97202a2ba8e242d7a640eacda2c Loading...

	unknown	ScriptElement	113 B	2023-03-13	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 17:12 Last Seen2024-08-21 09:32 Times Seen71 Hash 37d56fb9a6cd073433642241ff5aebc7 2eebec40b8e95cb9ad0d121dbc33ca6076f93de1 e98dc58c85660430fbf05198ba1aa66a08473eb678a7b82f42c826f932d95bf8 Loading...

	unknown	ScriptElement	108 B	2023-03-13	2025-04-17
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 17:12 Last Seen2025-04-17 14:20 Times Seen74 Hash 06d378718f9f4be5108e8d43f4f52d1b f48e1e0bcf80ad7c02b621829e704646f83a7f3f 08f8dcd255ba7389dca20d15c5662c30736cf92de10732d5ced395382a2c289f Loading...

	www.googletagmanager.com/gtag/js?id=UA-2876877-9	ScriptElement	190 kB	2023-10-28	2023-10-28
Pretty URL www.googletagmanager.com/gtag/js?id=UA-2876877-9 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-28 05:41 Last Seen2023-10-28 05:41 Times Seen1 Hash c17f82c7916291ef33fd49572ab6bc22 05a129696d32973aa84e139b68703ef511edc5bb 5b545da03f3e62d8eaac58389785e84c2e88a31eef74ec928732469d70e07788 Loading...

	maps.googleapis.com/maps-api-v3/api/js/53/14/util.js	ScriptElement	162 kB	2023-08-02	2024-08-21
Pretty URL maps.googleapis.com/maps-api-v3/api/js/53/14/util.js IP 142.250.74.170 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-02 20:33 Last Seen2024-08-21 09:44 Times Seen1525 Hash a0c5a63a3c62165dccd8235d731b0eff b586b70b9b7a1e3480fb3199ef708e6ba63d1669 143541f596e492db378b791f22a1bab26b16aba740a6b3627d09fe9e56323d66 Loading...

	auth.savings.workingadvantage.com/aramco/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Faramco.savings.workingadvantage.com%2Fmy-profile%2Fdetails	ScriptElement	349 B	2023-09-18	2025-04-17
Pretty URL auth.savings.workingadvantage.com/aramco/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Faramco.savings.workingadvantage.com%2Fmy-profile%2Fdetails IP 172.64.148.145 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-09-18 16:29 Last Seen2025-04-17 14:20 Times Seen98 Hash bfd4641cf237f14a85e544d630dc3c09 83c93c4e815ec1f066318e205a326c53b458aace b24c3a538a3af01fa2099c77b91b406dcc125332d015ceea8ceaa070c84998da Loading...

	assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/launch-a0e5cece2585.min.js	ScriptElement	636 kB	2023-10-13	2023-10-31
Pretty URL assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/launch-a0e5cece2585.min.js IP 23.38.200.237 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-13 03:57 Last Seen2023-10-31 14:31 Times Seen52 Hash e33d264b6768a8b8fee1604b859d7748 0701341ff29fe105f8dadcd8e2fed92e14f9f119 0243c31edfa364b267018adb5220cf2ccc54e61f1b5a472fa7ba9cc6c1a4c984 Loading...

	www.googletagmanager.com/gtm.js?id=GTM-5QN8HWM	ScriptElement	236 kB	2023-10-28	2023-10-28
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-5QN8HWM IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-28 05:41 Last Seen2023-10-28 05:41 Times Seen1 Hash d31325b75dbc2f8801757912ba25a803 f2d94c528031ba95cb30659ce41e75a795f44ad9 4cfd1c5ec7c32df13222aba585c5e0fb9c681fb3b373df21e524d9b0c7088ed0 Loading...

	auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js	ScriptElement	52 kB	2023-09-19	2025-04-17
Pretty URL auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js IP 172.64.148.145 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-19 16:25 Last Seen2025-04-17 14:20 Times Seen196 Hash 0cd967d483680340e1c5d0f1c3b34662 4f6121c35c81f16302bdb45a3a00ee708896a72c bc49c009b33e66a59f057cf4ada682b80d4401d919ddf0f8d3ef2bb0415f0b23 Loading...

	www.googletagmanager.com/gtm.js?id=GTM-5QN8HWM	ScriptElement	236 kB	2023-10-28	2023-10-28
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-5QN8HWM IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-28 05:41 Last Seen2023-10-28 05:41 Times Seen1 Hash ed155139dd55b8de7a35d9c2a79fc15c aabbcff618bc10d1f87d43916016186d9d0da231 ee61417ad5aa8a5d3a03e5667116493066201197a3128a5678124a038c719e5d Loading...

	cdnjs.cloudflare.com/ajax/libs/web-animations/2.3.1/web-animations.min.js	ScriptElement	48 kB	2023-03-09	2025-04-17
Pretty URL cdnjs.cloudflare.com/ajax/libs/web-animations/2.3.1/web-animations.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 18:01 Last Seen2025-04-17 14:20 Times Seen228 Hash f689a668b5c6078984b93b9f59793c90 83042534752a6d9b0a4a086517e19230416feba4 cbb3c795fd44c83a1200149b18e0df050fe228df4b5b03891373029117d8bd6b Loading...

	unknown	Function	781 B	2023-04-11	2025-04-24
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:25 Last Seen2025-04-24 15:49 Times Seen433 Hash 6f3f68edbb63ab6f5ea0e26ae6b45ef7 eeaf7e6577aadb00bd1a5be9d2cdb22dfb665dbf 3d202d602a24af3f00f543059305fb1358312c5daed0de048054a717f7cdd35b Loading...

	auth.savings.workingadvantage.com/aramco/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Faramco.savings.workingadvantage.com%2Fmy-profile%2Fdetails	ScriptElement	65 B	2023-03-13	2025-04-17
Pretty URL auth.savings.workingadvantage.com/aramco/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Faramco.savings.workingadvantage.com%2Fmy-profile%2Fdetails IP 172.64.148.145 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-13 17:12 Last Seen2025-04-17 14:20 Times Seen98 Hash 5794b9877fc16957690d9e006e9e8baa f17cf13c5a87a4044861d4f48b44562629614eb8 ef40261a59ef81b9069e6b65aae5ebf4e9979e34353a15ecd6da30a0f917fa77 Loading...

	unknown	Function	148 B	2023-04-11	2025-05-05
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:25 Last Seen2025-05-05 17:31 Times Seen6567 Hash ad647657a6182865673fe2300a1d13ad b1d7352ec14223bdae58961fe3ebab2ec990427b 9f500ac02daa86fc846af97dff1b0d92a41654db4a3548dd90574e5e70c28cdf Loading...

	auth.savings.workingadvantage.com/aramco/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Faramco.savings.workingadvantage.com%2Fmy-profile%2Fdetails	ScriptElement	932 B	2023-09-18	2025-04-17
Pretty URL auth.savings.workingadvantage.com/aramco/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Faramco.savings.workingadvantage.com%2Fmy-profile%2Fdetails IP 172.64.148.145 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-09-18 16:29 Last Seen2025-04-17 14:20 Times Seen93 Hash 98df3f5778dcb30093a6452f8a1b8ee1 1f33d383afd064ddaa401c0724b2d7a64673ea0e e66e996b32f5bfec8095bc23677892b561f248e0e73428a6222d91dc501b238b Loading...

	assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement_Module_ActivityMap.min.js	ScriptElement	3.3 kB	2023-03-07	2025-05-06
Pretty URL assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement_Module_ActivityMap.min.js IP 23.38.200.237 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-05-06 01:04 Times Seen904 Hash 2d1382c349d480b6b41574ac0c1af066 53ddf017aa6b66b4d54ea0818dc5c04789b9e5ae 462a66acbf50e933685e7587e9f1441df8225b2bb4d6b7bc5e757eccf4ff6575 Loading...

	www.googletagmanager.com/gtag/js?id=G-FD2X5ZMELR&l=dataLayer&cx=c	ScriptElement	279 kB	2024-08-20	2024-08-20
Pretty URL www.googletagmanager.com/gtag/js?id=G-FD2X5ZMELR&l=dataLayer&cx=c IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 22:06 Last Seen2024-08-20 22:06 Times Seen1 Hash a554992550cb2e7c90a42712ff38269b 038715c8c6ac385e4fb8ae78bfea9564f56e289d 5cbdf463ebab72f52ae49f5806e0e6e05a7712d8dc24b98885ed421ee9b144eb Loading...

	unknown	ScriptElement	1.4 kB	2023-03-13	2025-03-25
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 17:12 Last Seen2025-03-25 02:31 Times Seen82 Hash c7e7d198ba8a029e0310b70b4747744f 82e79289263643fc336d045daa6d4dbb88e624d7 e0ab1ab4fe3f9b6f0b19794962343d741395ebae2373edd4371aee7d28366196 Loading...

	assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement.min.js	ScriptElement	34 kB	2023-03-07	2025-05-06
Pretty URL assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement.min.js IP 23.38.200.237 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-05-06 01:04 Times Seen1197 Hash d860c16ac938f7d839f0ec158d02d0f0 8710f81ed151233677f7e32b229cb35293dd6840 9219086b4f2c3bf77854b2e06ccd97ad32b9b7a140e65ff8b974a3bae6c7854c Loading...

	unknown	Function	286 B	2023-04-11	2025-05-05
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:25 Last Seen2025-05-05 21:04 Times Seen25813 Hash e480511aa0877b44c194ae8d956bbeac 89fab2c13ec27233e4f3a25aae1871ddc29eb436 1008c0d1f25bc12ab18ef2a551d221fdf29ba3719b4285406eb67f048409d374 Loading...

	auth.savings.workingadvantage.com/main-es2015.d1b10b000c1670dfd114.js	ScriptElement	1.7 MB	2023-10-25	2023-11-02
Pretty URL auth.savings.workingadvantage.com/main-es2015.d1b10b000c1670dfd114.js IP 172.64.148.145 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-25 18:53 Last Seen2023-11-02 08:16 Times Seen26 Hash 5751c7ccebf9ea543d16fd572843f5df a0d861a7864a3b67b7a4f9bcc6c7d86682ef3e12 0cf98b1ce1a6ce2b5c6b88563939cf674a6ee7e234efa11c2491624d7d05d717 Loading...

	www.googletagmanager.com/gtag/js?id=G-2K753Z6D0L&l=dataLayer&cx=c	ScriptElement	255 kB	2023-10-28	2023-10-28
Pretty URL www.googletagmanager.com/gtag/js?id=G-2K753Z6D0L&l=dataLayer&cx=c IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-28 05:41 Last Seen2023-10-28 05:41 Times Seen1 Hash bd1d16f368fa4fd43a3973f810d752da 3deb7b5b121546b1c2bc8fd01dd1e18a71820145 b2670ad142043b2f77392c8f35e53c4a1754ade50d1e2101a0d90df16459fb64 Loading...

	auth.savings.workingadvantage.com/aramco/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Faramco.savings.workingadvantage.com%2Fmy-profile%2Fdetails	ScriptElement	24 B	2023-03-07	2025-05-06
Pretty URL auth.savings.workingadvantage.com/aramco/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Faramco.savings.workingadvantage.com%2Fmy-profile%2Fdetails IP 172.64.148.145 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:24 Last Seen2025-05-06 07:08 Times Seen2042 Hash c4cc200d428ad0bc226a605f08309d6b 8ee05844bea8306da820f834d06e069371bfb3cf a695b556ffaa49572cfbfa488f5657bcc8822e8c87c82751aad0cc78af5f43dc Loading...

	www.google-analytics.com/analytics.js	ScriptElement	4.7 kB	2023-04-11	2025-05-06
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-05-06 07:34 Times Seen339856 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

	assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/a7f5bdf81d6c/RCfc27f81c245c44b78fbb03ff4af1a6be-source.min.js	ScriptElement	343 B	2023-10-13	2023-10-31
Pretty URL assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/a7f5bdf81d6c/RCfc27f81c245c44b78fbb03ff4af1a6be-source.min.js IP 23.38.200.237 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-13 03:57 Last Seen2023-10-31 14:31 Times Seen52 Hash 30596da9807220040d5f36dc0e9fdaac 368533d23d822c5a6ac752c0c64c16b77be5be6c 0fb88363006fa1090248e57e5bb00bbcb91a851d7619b320fc661312e552be48 Loading...

	unknown	ScriptElement	323 B	2023-09-18	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-18 16:29 Last Seen2024-08-21 06:26 Times Seen67 Hash 7c703c9bca0e0403159ff66c587427c9 8695cde60a89854fbf93c32f8b28f3bf01f0cd05 203086b57db6bfc4445097904cf0f679afea982ddad7e45b599747f02806fc3f Loading...

	unknown	Function	152 B	2023-04-11	2025-05-06
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:25 Last Seen2025-05-06 05:56 Times Seen30955 Hash 26bc31e12628b8388c3be44bb175d592 9464185aa11d68ea75e8d6495ff7b02ec3b4f1ad b4829119269f7853888d67440f0424d68bd7a7f3d6a85b408bc5260b7953fe09 Loading...

	unknown	Function	195 B	2023-04-12	2025-05-06
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-12 14:56 Last Seen2025-05-06 05:56 Times Seen1542 Hash 576a61e7e95f3fa39f316630cbc5c039 0c1d16e378c8cd9f13e724c9ce675b67d6926859 0c93256523c99dc09c2a8f6206cd600dc0a7715996a6d545794dcc0ed097f105 Loading...

	auth.savings.workingadvantage.com/runtime-es2015.d65d9e1ef0e041f5ea49.js	ScriptElement	1.3 kB	2023-09-06	2023-11-28
Pretty URL auth.savings.workingadvantage.com/runtime-es2015.d65d9e1ef0e041f5ea49.js IP 172.64.148.145 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-06 18:04 Last Seen2023-11-28 01:30 Times Seen81 Hash d2ecbef01b8b1cf08bbd2433075490de 97c7501afdae0c65147603ea7095f559024bb4f6 3078803c6ef90f5b252cc62899b2d5dfc3d4842f80e7194d9acd57504d7b1ed5 Loading...

	unknown	EventHandler	16 B	2023-04-10	2025-05-06
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2023-04-10 15:57 Last Seen2025-05-06 05:16 Times Seen56345 Hash 7c3c3ddeb80438dcbb3d081d2d00e152 5a4016732ee72ec77b4f6ab17047bcea6d2ea34d 321b4f657afbf8ba49518e6ab4cbad07ea967d0b4c68f71c7deed05ed09c1187 Loading...

	unknown	ScriptElement	508 B	2023-03-13	2025-04-17
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 17:12 Last Seen2025-04-17 14:20 Times Seen74 Hash 5da95c09a7225fece7a6fc22b0e6cc33 a8db951c1c542ae3945ec7a1f585d5fc7af97cd5 d66af1e424df8c9214e31ad6eb27a401588fe39301945870d74e99e7122446e2 Loading...

	assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/a7f5bdf81d6c/RC986b4d5825364bd4887033e40e20c549-source.min.js	ScriptElement	757 B	2023-10-13	2023-10-31
Pretty URL assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/a7f5bdf81d6c/RC986b4d5825364bd4887033e40e20c549-source.min.js IP 23.38.200.237 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-13 03:57 Last Seen2023-10-31 14:31 Times Seen52 Hash 3e79d124e5224380bea0c8d004a4a9b4 4962bda04fcd673b1522a2aee1c8bf7fbe139bc8 524921f6844becbc9f6f7447807fd724afeceb34924f93b425e04c7816ff38d1 Loading...

	unknown	Function	201 B	2023-04-11	2025-05-06
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:25 Last Seen2025-05-06 05:56 Times Seen24010 Hash 53d8589ebc4fadb87f1135274db4336a f988aada6bc2e8412ef084550352078c9ed5e56e bd6d634c1b6694571e474743d2d89be15c22ae039b51869d33597806e596feb0 Loading...

	maps.googleapis.com/maps/api/js?client=gme-entertainmentbenefits&libraries=places	ScriptElement	249 kB	2023-10-28	2023-10-28
Pretty URL maps.googleapis.com/maps/api/js?client=gme-entertainmentbenefits&libraries=places IP 142.250.74.170 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-28 02:35 Last Seen2023-10-28 05:41 Times Seen2 Hash e2a5fcfa1df0ce58f0392d9a971e8e92 b3dbb21b76c079ee71bb49c838ca9461fea3e8d8 aa6abbdbcd4ec0be7d90b838cdc22cdb0d1490d48218808e299db66b8773f4f2 Loading...

	auth.savings.workingadvantage.com/polyfills-es2015.83678f157fdb7aa8c9b4.js	ScriptElement	124 kB	2023-09-06	2023-11-29
Pretty URL auth.savings.workingadvantage.com/polyfills-es2015.83678f157fdb7aa8c9b4.js IP 172.64.148.145 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-06 18:04 Last Seen2023-11-29 01:58 Times Seen86 Hash 2eea86b36b0b86a11603cf1e34eaa806 513d15e7bb49c30605718a974e28721459033712 d2921dc9f527117223206f193fc90b8c0fddc6dd38e744e932362af8cb1186c1 Loading...

	auth.savings.workingadvantage.com/aramco/sandbox%20eval%20code		147 B	2023-04-11	2025-05-06
Pretty URL auth.savings.workingadvantage.com/aramco/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-05-06 07:34 Times Seen340643 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

	auth.savings.workingadvantage.com/scripts.839823a06217b7c66e38.js	ScriptElement	169 kB	2023-09-06	2023-11-29
Pretty URL auth.savings.workingadvantage.com/scripts.839823a06217b7c66e38.js IP 172.64.148.145 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-06 17:58 Last Seen2023-11-29 01:58 Times Seen118 Hash c675db7168c0708d3d720fef3c4a3ea4 64a3258a7699004f327d490575d9d19301d481a9 cf6df84cb37b5c853a3414f9878473bec61127f2168d9431131bbe0be589a335 Loading...

	maps.googleapis.com/maps-api-v3/api/js/53/14/common.js	ScriptElement	266 kB	2023-08-02	2024-08-21
Pretty URL maps.googleapis.com/maps-api-v3/api/js/53/14/common.js IP 142.250.74.170 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-02 20:33 Last Seen2024-08-21 09:44 Times Seen1522 Hash eb618b565389f0e239056733ad1cd3b4 8bde5b42b10d9f2085c15a44f5df44c8d10a3f08 58ed94893e4142be2847d35ed50d8c3cc9a9aca281143d7794658cb3adb82a9c Loading...

		Size	First Seen	Last Seen
	#1 Eval - b35eed5beba29cad886489ef5fc90bd1	126 B	2023-06-29 15:47	2025-04-17 14:20
Pretty Observations First Seen2023-06-29 15:47 Last Seen2025-04-17 14:20 Times Seen214 Hash b35eed5beba29cad886489ef5fc90bd1 afe98ace5c795fd87bfd83272b821381d7329174 a70b1022d6004cf796149dc1c761eeaa7a93f3722a00bf964564d553f97d20ef Loading...

	#2 Eval - 7adf665804720ec326158577a3860138	81 B	2023-06-29 15:47	2025-04-17 14:20
Pretty Observations First Seen2023-06-29 15:47 Last Seen2025-04-17 14:20 Times Seen214 Hash 7adf665804720ec326158577a3860138 ad57a3be095407c2c204c1657b0fb02d586e8876 eae7d96ec37a43a8bd194507a5d43e3dcbe614545e64ad4046a9f4a6549170d0 Loading...

	#3 Eval - bebbe774d038ac06c1fe1196b5da7e97	95 B	2023-06-29 15:47	2025-04-17 14:20
Pretty Observations First Seen2023-06-29 15:47 Last Seen2025-04-17 14:20 Times Seen213 Hash bebbe774d038ac06c1fe1196b5da7e97 f0cc3b3895a8b5105bfac31a3bea408538704ffc 6acd8e7ee5a1c5ed053d31c67c030793b89dc506d2eaeff0ac7d420434715993 Loading...

	#4 Eval - 1a2aa1a6ce5068681ea03b256dc4210b	155 B	2023-06-29 15:47	2025-04-17 14:20
Pretty Observations First Seen2023-06-29 15:47 Last Seen2025-04-17 14:20 Times Seen214 Hash 1a2aa1a6ce5068681ea03b256dc4210b 0b3acb47956caeb4b2a11832b7a437604148aab9 956acbc83d8e7697e7fec665f50a35a27146c348e79a2dd765d58ed82ebaccc4 Loading...

		Size	First Seen	Last Seen
	#1 Write - e9627b2e708c988d05d68e6938c6f9c0	316 B	2023-03-13 17:12	2025-02-10 19:55
Pretty Observations First Seen2023-03-13 17:12 Last Seen2025-02-10 19:55 Times Seen199 Hash e9627b2e708c988d05d68e6938c6f9c0 1fb1b735d7010d24a6105758447f9df86bb00d6f 40eececc7e4ab6fc3344caf3f737ec4742bbb46441e33f1e766be732ee2f1f96 Loading...

HTTP Transactions (72)

URL IP Response Size

marketing.beneplace.com/acton/ct/4326/s-1f3a-2310/Bct/q-3ea0/e-3da7-l-338f:3e4c39/ct3_0/1/lu?sid=TV2:boRd2Ustb

207.189.124.33

0 B

URL
marketing.beneplace.com/acton/ct/4326/s-1f3a-2310/Bct/q-3ea0/e-3da7-l-338f:3e4c39/ct3_0/1/lu?sid=TV2:boRd2Ustb
IP
207.189.124.33:0
ASN
#13649 ASN-VINS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /acton/ct/4326/s-1f3a-2310/Bct/q-3ea0/e-3da7-l-338f:3e4c39/ct3_0/1/lu?sid=TV2:boRd2Ustb HTTP/1.1
Host: marketing.beneplace.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 
Set-Cookie: wp4326="XWVZDL-WKHA-s-WWBM:WLXJWCDtlnDl-UMWH-VWUTDDDUBCTYLMDgNssDDLFl-UMWH-VWUTFJmW_T^UZCBXZXXZAD"; Max-Age=31536000; SameSite=None; Secure; Domain=.beneplace.com; Version=1; Path=/
P3P: CP="ALL CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://aramco.savings.workingadvantage.com/my-profile/details
Content-Length: 0
Date: Sat, 28 Oct 2023 03:41:06 GMT
Keep-Alive: timeout=10
Connection: keep-alive
Strict-Transport-Security: max-age=16070400

aramco.savings.workingadvantage.com/my-profile/details

172.64.148.145

157 kB

URL
aramco.savings.workingadvantage.com/my-profile/details
IP
172.64.148.145:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (3285)
Size
157 kB (157111 bytes)
Hash
220810113bca21ecc689e93e4fbbd688
2fad31e1e8a9f1a54b871c2cf05eb9a8a8a76a4d
513598dac5e3c3355bbd74c0af2ab4f8dd70322354046308b53d85dcaacd7418

HTTP Headers

GET /my-profile/details HTTP/1.1
Host: aramco.savings.workingadvantage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 28 Oct 2023 03:41:07 GMT
content-type: text/html; charset=utf-8
last-modified: Wed, 25 Oct 2023 01:22:51 GMT
vary: Accept-Encoding
strict-transport-security: max-age=5184000; includeSubDomains
x-frame-options: DENY
content-security-policy: frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=rodsgAdpDO9jN0xxNHx2N.aCDuKu8Va02T_H912EQc8-1698464467-0-AclEW9ZgjMyGgwoR1WI8VBoIQ8umX5Eyt3fjk6edwAdLuZKEtUI0+vC6t4PT8LsC5bNKpOUmTGUWyJu9NGgs1fc=; path=/; expires=Sat, 28-Oct-23 04:11:07 GMT; domain=.workingadvantage.com; HttpOnly; Secure; SameSite=None
x-content-type-options: nosniff
server: cloudflare
cf-ray: 81d02947b970b4ff-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/web-animations/2.3.1/web-animations.min.js

104.17.25.14

200 OK

14 kB

URL GET HTTP/3
cdnjs.cloudflare.com/ajax/libs/web-animations/2.3.1/web-animations.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://auth.savings.workingadvantage.com/aramco/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Faramco.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (47169)
Size
14 kB (13763 bytes)
Hash
f689a668b5c6078984b93b9f59793c90
83042534752a6d9b0a4a086517e19230416feba4
cbb3c795fd44c83a1200149b18e0df050fe228df4b5b03891373029117d8bd6b

HTTP Headers

GET /ajax/libs/web-animations/2.3.1/web-animations.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aramco.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 28 Oct 2023 03:41:07 GMT
content-type: application/javascript; charset=utf-8
content-length: 13763
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb0402f-bad6"
last-modified: Mon, 04 May 2020 16:17:51 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 252551
expires: Thu, 17 Oct 2024 03:41:07 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uJZedApdPpWyLHLreL0GhsiV8qYh73PpVCyaO2tqyWnhnhtisB1eNpHENcvs%2BmosZtMSJhHe5QtUiO2eIUUJt9Yx9thP2uYmJcqQNPavvsozj%2ByCZOUcM6Q2MFWvlTGdTAIQjFfD"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 81d02949ca5eb529-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/css/bootstrap.min.css

151.101.193.229

200 OK

26 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/css/bootstrap.min.css
IP
151.101.193.229:443
ASN
#54113 FASTLY

Requested by
https://auth.savings.workingadvantage.com/aramco/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Faramco.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
ASCII text, with very long lines (65326)
Size
26 kB (26099 bytes)
Hash
023b3876bb73aa541367fc40a193d2b7
8ed2d6350d23f857d92805737d0f97c675de666b
f77c0d1739b618edc4a01ca3f6b2990b01a3009030af49ee8cf68e83052df194

HTTP Headers

GET /npm/bootstrap@4.5.3/dist/css/bootstrap.min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://aramco.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://aramco.savings.workingadvantage.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 4.5.3
x-jsd-version-type: version
etag: W/"27288-jtLWNQ0j+FfZKAVzfQ+XxnXeZms"
content-encoding: br
accept-ranges: bytes
date: Sat, 28 Oct 2023 03:41:07 GMT
age: 18778178
x-served-by: cache-fra-eddf8230071-FRA, cache-bma1659-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 26099
X-Firefox-Spdy: h2

maps.googleapis.com/maps/api/js?client=gme-entertainmentbenefits&libraries=places

142.250.74.170

200 OK

80 kB

URL GET HTTP/3
maps.googleapis.com/maps/api/js?client=gme-entertainmentbenefits&libraries=places
IP
142.250.74.170:443
ASN
#15169 GOOGLE

Requested by
https://auth.savings.workingadvantage.com/aramco/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Faramco.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint87:BD:C2:71:54:40:3F:F2:18:79:1A:89:F5:E9:BC:63:E5:EC:57:64
ValidityMon, 09 Oct 2023 08:10:33 GMT - Mon, 01 Jan 2024 08:10:32 GMT

File type
ASCII text, with very long lines (3107)
Size
80 kB (79677 bytes)
Hash
e2a5fcfa1df0ce58f0392d9a971e8e92
b3dbb21b76c079ee71bb49c838ca9461fea3e8d8
aa6abbdbcd4ec0be7d90b838cdc22cdb0d1490d48218808e299db66b8773f4f2

HTTP Headers

GET /maps/api/js?client=gme-entertainmentbenefits&libraries=places HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aramco.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: public, max-age=1800
content-type: text/javascript; charset=UTF-8
vary: Accept-Language, Origin, X-Origin, Referer
content-encoding: gzip
date: Sat, 28 Oct 2023 03:41:07 GMT
server: scaffolding on HTTPServer2
content-length: 79677
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement.min.js

23.38.200.237

200 OK

12 kB

URL GET HTTP/2
assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement.min.js
IP
23.38.200.237:443
ASN
#16625 AKAMAI-AS

Requested by
https://auth.savings.workingadvantage.com/aramco/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Faramco.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerDigiCert Inc
Subjectassets.adobedtm.com
Fingerprint8E:2F:9F:94:55:93:C2:B5:58:37:E8:D3:02:3C:23:AF:BA:E7:1D:EA
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sat, 10 Aug 2024 23:59:59 GMT

File type
ASCII text, with very long lines (32768)
Size
12 kB (12163 bytes)
Hash
d860c16ac938f7d839f0ec158d02d0f0
8710f81ed151233677f7e32b229cb35293dd6840
9219086b4f2c3bf77854b2e06ccd97ad32b9b7a140e65ff8b974a3bae6c7854c

HTTP Headers

GET /extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aramco.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "d860c16ac938f7d839f0ec158d02d0f0:1644856531.418573"
last-modified: Mon, 14 Feb 2022 16:35:31 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 12163
expires: Sat, 28 Oct 2023 04:41:07 GMT
date: Sat, 28 Oct 2023 03:41:07 GMT
cache-control: no-cache
access-control-allow-origin: https://aramco.savings.workingadvantage.com
timing-allow-origin: *
X-Firefox-Spdy: h2

assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement_Module_ActivityMap.min.js

23.38.200.237

200 OK

1.6 kB

URL GET HTTP/2
assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement_Module_ActivityMap.min.js
IP
23.38.200.237:443
ASN
#16625 AKAMAI-AS

Requested by
https://auth.savings.workingadvantage.com/aramco/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Faramco.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerDigiCert Inc
Subjectassets.adobedtm.com
Fingerprint8E:2F:9F:94:55:93:C2:B5:58:37:E8:D3:02:3C:23:AF:BA:E7:1D:EA
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sat, 10 Aug 2024 23:59:59 GMT

File type
ASCII text, with very long lines (3155)
Size
1.6 kB (1597 bytes)
Hash
2d1382c349d480b6b41574ac0c1af066
53ddf017aa6b66b4d54ea0818dc5c04789b9e5ae
462a66acbf50e933685e7587e9f1441df8225b2bb4d6b7bc5e757eccf4ff6575

HTTP Headers

GET /extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement_Module_ActivityMap.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aramco.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "2d1382c349d480b6b41574ac0c1af066:1644856531.739514"
last-modified: Mon, 14 Feb 2022 16:35:31 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 1597
expires: Sat, 28 Oct 2023 04:41:07 GMT
date: Sat, 28 Oct 2023 03:41:07 GMT
cache-control: no-cache
access-control-allow-origin: https://aramco.savings.workingadvantage.com
timing-allow-origin: *
X-Firefox-Spdy: h2

www.googletagmanager.com/gtm.js?id=GTM-5QN8HWM

142.250.74.168

200 OK

79 kB

URL GET HTTP/3
www.googletagmanager.com/gtm.js?id=GTM-5QN8HWM
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://auth.savings.workingadvantage.com/aramco/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Faramco.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint97:15:34:CA:DF:1A:DF:2E:7B:EF:E9:6E:44:21:30:2B:ED:13:54:AE
ValidityMon, 09 Oct 2023 08:03:58 GMT - Mon, 01 Jan 2024 08:03:57 GMT

File type
ASCII text, with very long lines (19808)
Size
79 kB (78709 bytes)
Hash
d31325b75dbc2f8801757912ba25a803
f2d94c528031ba95cb30659ce41e75a795f44ad9
4cfd1c5ec7c32df13222aba585c5e0fb9c681fb3b373df21e524d9b0c7088ed0

HTTP Headers

GET /gtm.js?id=GTM-5QN8HWM HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aramco.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 28 Oct 2023 03:41:07 GMT
expires: Sat, 28 Oct 2023 03:41:07 GMT
cache-control: private, max-age=900
last-modified: Sat, 28 Oct 2023 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 78709
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXiWtFCc.woff2

216.58.207.227

200 OK

14 kB

URL GET HTTP/2
fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXiWtFCc.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://auth.savings.workingadvantage.com/aramco/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Faramco.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintBE:D3:D2:0A:C4:57:FB:0B:D7:17:48:C8:AB:52:49:39:3E:E9:3C:60
ValidityMon, 09 Oct 2023 08:10:32 GMT - Mon, 01 Jan 2024 08:10:31 GMT

File type
Web Open Font Format (Version 2), TrueType, length 13980, version 1.0\012- data
Size
14 kB (13980 bytes)
Hash
b7d6b48d8d12946dc808ff39aed6c460
3f18028a04b3fb39bb1cc33dce401d04e9207970
d4ae5188a65370ecfe28f42293bbee8297cfd5712c6aadfdb270d48f2bcd88b0

HTTP Headers

GET /s/lato/v24/S6uyw4BMUTPHjx4wXiWtFCc.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://aramco.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://aramco.savings.workingadvantage.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 13980
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 26 Oct 2023 15:09:25 GMT
expires: Fri, 25 Oct 2024 15:09:25 GMT
cache-control: public, max-age=31536000
age: 131502
last-modified: Tue, 02 May 2023 15:17:19 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true

142.250.74.170

200 OK

23 B

URL GET HTTP/3
maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true
IP
142.250.74.170:443
ASN
#15169 GOOGLE

Requested by
https://auth.savings.workingadvantage.com/aramco/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Faramco.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint87:BD:C2:71:54:40:3F:F2:18:79:1A:89:F5:E9:BC:63:E5:EC:57:64
ValidityMon, 09 Oct 2023 08:10:33 GMT - Mon, 01 Jan 2024 08:10:32 GMT

File type
JSON data\012- , ASCII text
Size
23 B (23 bytes)
Hash
8a80554c91d9fca8acb82f023de02f11
5f36b2ea290645ee34d943220a14b54ee5ea5be5
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

HTTP Headers

GET /maps/api/mapsjs/gen_204?csp_test=true HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://aramco.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://aramco.savings.workingadvantage.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/json; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Sat, 28 Oct 2023 03:41:07 GMT
server: scaffolding on HTTPServer2
cache-control: private
content-length: 23
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://aramco.savings.workingadvantage.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/a7f5bdf81d6c/RCea9d317d3a374e44b3f0f8711e38765e-source.min.js

23.38.200.237

750 B

URL
assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/a7f5bdf81d6c/RCea9d317d3a374e44b3f0f8711e38765e-source.min.js
IP
23.38.200.237:0
ASN
#16625 AKAMAI-AS

Certificate
IssuerDigiCert Inc
Subjectassets.adobedtm.com
Fingerprint8E:2F:9F:94:55:93:C2:B5:58:37:E8:D3:02:3C:23:AF:BA:E7:1D:EA
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sat, 10 Aug 2024 23:59:59 GMT

File type
ASCII text, with very long lines (1539)
Size
750 B (750 bytes)
Hash
7128ae519a72f0c47a4c48b2222b4669
22e0add62325bb7fd2c9934a46f5bbecaf15c68e
f92af17b23f77c222229cf069ee967e0786a95665bd87cbfc984fe3de13c3ea0

HTTP Headers

GET /a281455e4dfe/86f9b29df5eb/a7f5bdf81d6c/RCea9d317d3a374e44b3f0f8711e38765e-source.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aramco.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "7e9b95127b86f5b4657a8a4d1840ccc1:1696974419.9836"
last-modified: Tue, 10 Oct 2023 21:46:59 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 750
cache-control: max-age=3600
expires: Sat, 28 Oct 2023 04:41:07 GMT
date: Sat, 28 Oct 2023 03:41:07 GMT
access-control-allow-origin: https://aramco.savings.workingadvantage.com
timing-allow-origin: *
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-FD2X5ZMELR&l=dataLayer&cx=c

142.250.74.168

200 OK

92 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=G-FD2X5ZMELR&l=dataLayer&cx=c
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://auth.savings.workingadvantage.com/aramco/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Faramco.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint97:15:34:CA:DF:1A:DF:2E:7B:EF:E9:6E:44:21:30:2B:ED:13:54:AE
ValidityMon, 09 Oct 2023 08:03:58 GMT - Mon, 01 Jan 2024 08:03:57 GMT

File type
ASCII text, with very long lines (5788)
Size
92 kB (92418 bytes)
Hash
f9c98d063dbc75f4472129d3725b02ba
ad4f9d7ec128f4955b5f24747d1bb3e555e69ed2
664b8844ba8999cfbc990f2ec6bffd8f55dea72a08089d45c9019da4575209dc

HTTP Headers

GET /gtag/js?id=G-FD2X5ZMELR&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aramco.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 28 Oct 2023 03:41:07 GMT
expires: Sat, 28 Oct 2023 03:41:07 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 92418
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

live.rezync.com/sync?c=16b6410431b6374e780104abb0443ca8&p=5ef4f9c1e806678f2ab0275df01d5ff4&zmpID=ebg-wag3&cache_buster=1698464468787&k=ebg-wag3-pixel-0988

143.204.55.109

6.4 kB

URL
live.rezync.com/sync?c=16b6410431b6374e780104abb0443ca8&p=5ef4f9c1e806678f2ab0275df01d5ff4&zmpID=ebg-wag3&cache_buster=1698464468787&k=ebg-wag3-pixel-0988
IP
143.204.55.109:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document, ASCII text, with very long lines (2299)
Size
6.4 kB (6371 bytes)
Hash
d00bf91ca13d0e750742d39eef47c366
38e6ed8a122f71022163ee1b10317e6c31e2a679
6fb0d4f6ce2e7bbfe3bbd9d573ef6c9fb069e03df1730d55e9105c95a74ed55a

HTTP Headers

GET /sync?c=16b6410431b6374e780104abb0443ca8&p=5ef4f9c1e806678f2ab0275df01d5ff4&zmpID=ebg-wag3&cache_buster=1698464468787&k=ebg-wag3-pixel-0988 HTTP/1.1
Host: live.rezync.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aramco.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/javascript
content-length: 6371
date: Sat, 28 Oct 2023 03:41:08 GMT
set-cookie: zync-uuid=128c1260-d7b7-4466-b226-c92d18ab8f25:1698464468.0710151; Domain=rezync.com; Expires=Thu, 25 Apr 2024 03:41:08 GMT; Path=/; SameSite=None; Secure
sd-session-id=eyJfcGVybWFuZW50Ijp0cnVlLCJzZXNzaW9uX2lkIjoiMTI4YzEyNjAtZDdiNy00NDY2LWIyMjYtYzkyZDE4YWI4ZjI1OjE2OTg0NjQ0NjguMDcxMDE1MSJ9.ZTyC1A.1XDmm4bO2R5Pk1C7RBMzKr4OHjw; Expires=Thu, 25 Apr 2024 03:41:08 GMT; HttpOnly; Path=/; SameSite=None; Secure
vary: Cookie
accept-ranges: bytes
server: lighttpd/1.4.69
x-cache: Miss from cloudfront
via: 1.1 aac54e3fe9825ce24d51e0204433c2c0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 5zxWp7wlOvNM-WAaCx06SdbTCiBR4dqaExUX7sqMecgxUfS6o2f8ZA==
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=DC-12084042

142.250.74.168

70 kB

URL
www.googletagmanager.com/gtag/js?id=DC-12084042
IP
142.250.74.168:0
ASN
#15169 GOOGLE

Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint97:15:34:CA:DF:1A:DF:2E:7B:EF:E9:6E:44:21:30:2B:ED:13:54:AE
ValidityMon, 09 Oct 2023 08:03:58 GMT - Mon, 01 Jan 2024 08:03:57 GMT

File type
ASCII text, with very long lines (4179)
Size
70 kB (70025 bytes)
Hash
28fccf7eb945a655ea57a87b69f1c59c
4c9b1add6c6606088b1ead8bec49d04a8ce20130
5914215b2f9e8064345c00fa42e38a5c021d84a6993402eb0cd5a46e694d573c

HTTP Headers

GET /gtag/js?id=DC-12084042 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aramco.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 28 Oct 2023 03:41:08 GMT
expires: Sat, 28 Oct 2023 03:41:08 GMT
cache-control: private, max-age=900
last-modified: Sat, 28 Oct 2023 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 70025
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.googletagmanager.com/gtag/js?id=DC-12084042&l=dataLayer&cx=c

142.250.74.168

70 kB

URL
www.googletagmanager.com/gtag/js?id=DC-12084042&l=dataLayer&cx=c
IP
142.250.74.168:0
ASN
#15169 GOOGLE

Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint97:15:34:CA:DF:1A:DF:2E:7B:EF:E9:6E:44:21:30:2B:ED:13:54:AE
ValidityMon, 09 Oct 2023 08:03:58 GMT - Mon, 01 Jan 2024 08:03:57 GMT

File type
ASCII text, with very long lines (4179)
Size
70 kB (70003 bytes)
Hash
7fd21b04c678a8f2efa776a5a39c3c56
153c090f1305b2ff5716ea17f775f4325a1b3f53
89f62d1d64e0f37bd94c2e0defd0fbfd378eee869a1d297bf49062a48cc61408

HTTP Headers

GET /gtag/js?id=DC-12084042&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aramco.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 28 Oct 2023 03:41:08 GMT
expires: Sat, 28 Oct 2023 03:41:08 GMT
cache-control: private, max-age=900
last-modified: Sat, 28 Oct 2023 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 70003
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

smetrics.workingadvantage.com/id?d_visid_ver=5.4.0&d_fieldgroup=A&mcorgid=B5F9FF2554F608410A4C98C6%40AdobeOrg&mid=30986471486012307707364686134468208909&cl=157680000&d_coppa=true&ts=1698464468905

63.140.62.22

48 B

URL
smetrics.workingadvantage.com/id?d_visid_ver=5.4.0&d_fieldgroup=A&mcorgid=B5F9FF2554F608410A4C98C6%40AdobeOrg&mid=30986471486012307707364686134468208909&cl=157680000&d_coppa=true&ts=1698464468905
IP
63.140.62.22:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with no line terminators
Size
48 B (48 bytes)
Hash
30c7f39d4cd77e3010f1d0d5ea17adaa
6196af0047085734e23f340a53126ccd406c6165
4f98103b4f32e9eecd35575f44e714b00c782c98c11b5d5ae78bd43a683beacb

HTTP Headers

GET /id?d_visid_ver=5.4.0&d_fieldgroup=A&mcorgid=B5F9FF2554F608410A4C98C6%40AdobeOrg&mid=30986471486012307707364686134468208909&cl=157680000&d_coppa=true&ts=1698464468905 HTTP/1.1
Host: smetrics.workingadvantage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://aramco.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://aramco.savings.workingadvantage.com/
Cookie: __cf_bm=rodsgAdpDO9jN0xxNHx2N.aCDuKu8Va02T_H912EQc8-1698464467-0-AclEW9ZgjMyGgwoR1WI8VBoIQ8umX5Eyt3fjk6edwAdLuZKEtUI0+vC6t4PT8LsC5bNKpOUmTGUWyJu9NGgs1fc=; AMCV_B5F9FF2554F608410A4C98C6%40AdobeOrg=1176715910%7CMCIDTS%7C19659%7CMCMID%7C30986471486012307707364686134468208909%7CvVersion%7C5.4.0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: https://aramco.savings.workingadvantage.com
access-control-allow-credentials: true
date: Sat, 28 Oct 2023 03:41:08 GMT
p3p: CP="This is not a P3P policy"
server: jag
set-cookie: s_ecid=MCMID%7C30986471486012307707364686134468208909; Path=/; Domain=workingadvantage.com; Max-Age=157680000; Expires=Thu, 26 Oct 2028 03:41:41 GMT; SameSite=Lax;
vary: Origin
content-type: application/x-javascript;charset=utf-8
content-length: 48
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2

cdn.boomtrain.com/p13n/ebg-wag3/p13n.min.js

143.204.55.27

30 kB

URL
cdn.boomtrain.com/p13n/ebg-wag3/p13n.min.js
IP
143.204.55.27:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (65536), with no line terminators
Size
30 kB (30195 bytes)
Hash
6f20e9c72330eb507ebd90a9fe7026e5
f5e0afbff58bed4cbc72a5dd7829abe60c09b69d
6657dc9f6ee9fef340fa05ea4110332efb39d8f4e0d7da0aa080b59691eb53ab

HTTP Headers

GET /p13n/ebg-wag3/p13n.min.js HTTP/1.1
Host: cdn.boomtrain.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aramco.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 24 Oct 2023 04:34:10 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: ZG.w.l49O_ew7ONL.VJfy_bYdRjSIbb_
Server: AmazonS3
Content-Encoding: gzip
Date: Sat, 28 Oct 2023 03:34:23 GMT
Cache-Control: public, max-age=3600
ETag: W/"6f20e9c72330eb507ebd90a9fe7026e5"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 96c778ce6156d12f24b8b6cdaa0cbf66.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 6dt2oRBzsEB_Fd8YnY2Orub4lvXHMKN_pE6Zzd02IDhTiL_BeYbfbA==
Age: 1910

assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/a7f5bdf81d6c/RC6b40217ba8b34b5c95f7ac097beadf09-source.min.js

23.38.200.237

285 B

URL
assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/a7f5bdf81d6c/RC6b40217ba8b34b5c95f7ac097beadf09-source.min.js
IP
23.38.200.237:0
ASN
#16625 AKAMAI-AS

Certificate
IssuerDigiCert Inc
Subjectassets.adobedtm.com
Fingerprint8E:2F:9F:94:55:93:C2:B5:58:37:E8:D3:02:3C:23:AF:BA:E7:1D:EA
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sat, 10 Aug 2024 23:59:59 GMT

File type
ASCII text, with very long lines (304)
Size
285 B (285 bytes)
Hash
d3f24a9f03bc50659b625b7caa914ee3
813a4fa4a6027dcb653d8963f69191faba4fcb6d
c70f8766c7fee7aedfcb948900117789514ac7c920e2b314bcf385397f498670

HTTP Headers

GET /a281455e4dfe/86f9b29df5eb/a7f5bdf81d6c/RC6b40217ba8b34b5c95f7ac097beadf09-source.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aramco.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "7e9b95127b86f5b4657a8a4d1840ccc1:1696974419.9836"
last-modified: Tue, 10 Oct 2023 21:46:59 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 285
cache-control: max-age=3600
expires: Sat, 28 Oct 2023 04:41:08 GMT
date: Sat, 28 Oct 2023 03:41:08 GMT
access-control-allow-origin: https://aramco.savings.workingadvantage.com
timing-allow-origin: *
X-Firefox-Spdy: h2

assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/a7f5bdf81d6c/RC668a267ca36c45b5acca38f3e4360a76-source.min.js

23.38.200.237

215 B

URL
assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/a7f5bdf81d6c/RC668a267ca36c45b5acca38f3e4360a76-source.min.js
IP
23.38.200.237:0
ASN
#16625 AKAMAI-AS

Certificate
IssuerDigiCert Inc
Subjectassets.adobedtm.com
Fingerprint8E:2F:9F:94:55:93:C2:B5:58:37:E8:D3:02:3C:23:AF:BA:E7:1D:EA
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sat, 10 Aug 2024 23:59:59 GMT

File type
ASCII text
Size
215 B (215 bytes)
Hash
4627c0fcdd55205a7c5e5714d0d8ae5f
6fbc74f149bb912aee268ffe4464c0235a90d78e
20a8315825d09c3114231169667bced9e63c0119ace360cbb42b1a898caf8ac4

HTTP Headers

GET /a281455e4dfe/86f9b29df5eb/a7f5bdf81d6c/RC668a267ca36c45b5acca38f3e4360a76-source.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aramco.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "7e9b95127b86f5b4657a8a4d1840ccc1:1696974419.9836"
last-modified: Tue, 10 Oct 2023 21:46:59 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 215
cache-control: max-age=3600
expires: Sat, 28 Oct 2023 04:41:08 GMT
date: Sat, 28 Oct 2023 03:41:08 GMT
access-control-allow-origin: https://aramco.savings.workingadvantage.com
timing-allow-origin: *
X-Firefox-Spdy: h2

people.api.boomtrain.com/identify/resolve?data=eyJjb29raWUiOnsiYnNpbiI6IiJ9LCJxdWVyeXN0cmluZyI6e30sImV4dGVybmFsX2lkcyI6eyJ6eW5jIjoiMTI4YzEyNjAtZDdiNy00NDY2LWIyMjYtYzkyZDE4YWI4ZjI1OjE2OTg0NjQ0NjguMDcxMDE1MSJ9fQ%3D%3D&site_id=ebg-wag3

52.7.157.80

142 B

URL
people.api.boomtrain.com/identify/resolve?data=eyJjb29raWUiOnsiYnNpbiI6IiJ9LCJxdWVyeXN0cmluZyI6e30sImV4dGVybmFsX2lkcyI6eyJ6eW5jIjoiMTI4YzEyNjAtZDdiNy00NDY2LWIyMjYtYzkyZDE4YWI4ZjI1OjE2OTg0NjQ0NjguMDcxMDE1MSJ9fQ%3D%3D&site_id=ebg-wag3
IP
52.7.157.80:0
ASN
#14618 AMAZON-AES

File type
JSON data\012- , ASCII text
Size
142 B (142 bytes)
Hash
fae7695a02cf91a16ba298ef3bb25428
581b9055317d4b081e553516cb339c6362aa384c
1c106bfa951ff7c2d76ef7f143e491b302fabb16a41015cbeaa456af647e612c

HTTP Headers

GET /identify/resolve?data=eyJjb29raWUiOnsiYnNpbiI6IiJ9LCJxdWVyeXN0cmluZyI6e30sImV4dGVybmFsX2lkcyI6eyJ6eW5jIjoiMTI4YzEyNjAtZDdiNy00NDY2LWIyMjYtYzkyZDE4YWI4ZjI1OjE2OTg0NjQ0NjguMDcxMDE1MSJ9fQ%3D%3D&site_id=ebg-wag3 HTTP/1.1
Host: people.api.boomtrain.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://aramco.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://aramco.savings.workingadvantage.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Access-Control-Allow-Headers: X-Requested-With,Content-Type,Authorization,x-app-id
Access-Control-Allow-Methods: GET,PUT,POST,DELETE
Access-Control-Allow-Origin: *
Content-Type: application/json
Date: Sat, 28 Oct 2023 03:41:09 GMT
Server: nginx
Content-Length: 142
Connection: keep-alive

controlpanel.savings.beneplace.com/uploads/aramco_favicon_01.png

104.18.37.20

200 OK

2.3 kB

URL GET HTTP/3
controlpanel.savings.beneplace.com/uploads/aramco_favicon_01.png
IP
104.18.37.20:443
ASN
#13335 CLOUDFLARENET

Requested by
https://auth.savings.workingadvantage.com/aramco/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Faramco.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerCloudflare, Inc.
Subjectbeneplace.com
Fingerprint29:E9:25:EC:69:97:9A:65:2D:C3:73:CB:B4:99:F2:EE:E5:D0:F3:FF
ValiditySat, 31 Dec 2022 00:00:00 GMT - Sun, 31 Dec 2023 23:59:59 GMT

File type
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Size
2.3 kB (2293 bytes)
Hash
a1172f0c93619cb5e03ce9b050994f06
0d3cb5379da12a47a9dd076bdc84fa1c91985fa5
efb9186b8aff7176ed5862a85234debfec867bb6a4f262ee091e5acb760a201d

HTTP Headers

GET /uploads/aramco_favicon_01.png HTTP/1.1
Host: controlpanel.savings.beneplace.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aramco.savings.workingadvantage.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 28 Oct 2023 03:41:09 GMT
content-type: image/png
content-length: 2293
last-modified: Fri, 19 Nov 2021 13:30:39 GMT
etag: "6197a6ff-8f5"
cache-control: public, max-age=2592000, s-maxage=600
cf-cache-status: HIT
age: 404
accept-ranges: bytes
set-cookie: __cf_bm=71xZhvQqSHYpIbLJyA0Hw5IPexpUnxGDEmI8uC4FVJE-1698464469-0-AVOIQIX1VT210hbpj2mgUNCYh4TTJwR0NebfbY+f8m/1BMAlz437UGg8dM/PAqLPL5xs04Nq6+WpwY20LlOhG78=; path=/; expires=Sat, 28-Oct-23 04:11:09 GMT; domain=.beneplace.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 81d02957dd3756bd-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

aramco.savings.workingadvantage.com/favicon.ico

172.64.148.145

2.7 kB

URL
aramco.savings.workingadvantage.com/favicon.ico
IP
172.64.148.145:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (3285)
Size
2.7 kB (2676 bytes)
Hash
33a355f53551b7cf11785d51cb5b6338
f47855db06dbd91ae4de20e068d4c1e24792b21b
76c0d4b4667bcd9c15b2c1f0829b2fe37cfef3bb156485d9d3dce237adad03e6

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: aramco.savings.workingadvantage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aramco.savings.workingadvantage.com/my-profile/details
Cookie: __cf_bm=rodsgAdpDO9jN0xxNHx2N.aCDuKu8Va02T_H912EQc8-1698464467-0-AclEW9ZgjMyGgwoR1WI8VBoIQ8umX5Eyt3fjk6edwAdLuZKEtUI0+vC6t4PT8LsC5bNKpOUmTGUWyJu9NGgs1fc=; AMCV_B5F9FF2554F608410A4C98C6%40AdobeOrg=1176715910%7CMCIDTS%7C19659%7CMCMID%7C30986471486012307707364686134468208909%7CMCAID%7CNONE%7CMCOPTOUT-1698471669s%7CNONE%7CvVersion%7C5.4.0; _ga_FD2X5ZMELR=GS1.1.1698464468.1.0.1698464469.0.0.0; _ga=GA1.1.800168080.1698464469; s_ecid=MCMID%7C30986471486012307707364686134468208909; _gcl_au=1.1.1525976388.1698464469; AMCVS_B5F9FF2554F608410A4C98C6%40AdobeOrg=1; btIdentify=f71ed42a-9710-4e53-a5db-f892252daec6; _bti=%7B%22bsin%22%3A%22%22%7D; _bts=8fe47497-142d-4185-a62a-0bec89f26b6b; cf_clearance=mjciZ.JAm483u8WjxVFee81nEKcCVfHYBoB2ytFHNvQ-1698464469-0-1-69b0ef05.6b0d8b6b.438cce4a-0.2.1698464469
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 28 Oct 2023 03:41:09 GMT
content-type: text/html; charset=utf-8
last-modified: Wed, 25 Oct 2023 01:22:51 GMT
vary: Accept-Encoding
strict-transport-security: max-age=5184000; includeSubDomains
x-frame-options: DENY
content-security-policy: frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
server: cloudflare
cf-ray: 81d029543f9c5689-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/a7f5bdf81d6c/RC0c16579d5c704bd0a214633d669d35f2-source.min.js

23.38.200.237

546 B

URL
assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/a7f5bdf81d6c/RC0c16579d5c704bd0a214633d669d35f2-source.min.js
IP
23.38.200.237:0
ASN
#16625 AKAMAI-AS

Certificate
IssuerDigiCert Inc
Subjectassets.adobedtm.com
Fingerprint8E:2F:9F:94:55:93:C2:B5:58:37:E8:D3:02:3C:23:AF:BA:E7:1D:EA
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sat, 10 Aug 2024 23:59:59 GMT

File type
ASCII text, with very long lines (871)
Size
546 B (546 bytes)
Hash
fafe34c3638ce3b77c95f7b8270f7477
5968996ccd542f670bce2973197a7ebdce5a2777
bf6c1922101f16138b3eb8e4ade5f905468ab27509407053e21cd9d80967f9bc

HTTP Headers

GET /a281455e4dfe/86f9b29df5eb/a7f5bdf81d6c/RC0c16579d5c704bd0a214633d669d35f2-source.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aramco.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "7e9b95127b86f5b4657a8a4d1840ccc1:1696974419.9836"
last-modified: Tue, 10 Oct 2023 21:46:59 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=3600
expires: Sat, 28 Oct 2023 04:41:09 GMT
date: Sat, 28 Oct 2023 03:41:09 GMT
content-length: 546
access-control-allow-origin: https://aramco.savings.workingadvantage.com
timing-allow-origin: *
X-Firefox-Spdy: h2

aramco.savings.workingadvantage.com/api/info

172.64.148.145

2.9 kB

URL
aramco.savings.workingadvantage.com/api/info
IP
172.64.148.145:0
ASN
#13335 CLOUDFLARENET

File type
JSON data\012- , ASCII text, with very long lines (6751), with no line terminators
Size
2.9 kB (2918 bytes)
Hash
51878986c7b11fe2033418633349314b
35cd72170b39f324397e3a8d9d1027011011046d
c679c8dbd1cd6d2c530c3528cf456585b7e3b0087edc91668185b4b0432d0e4d

HTTP Headers

GET /api/info HTTP/1.1
Host: aramco.savings.workingadvantage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjI2NDczNjciLCJhcCI6IjExMjAyMTg3MjUiLCJpZCI6ImUxMDdlY2FlZjFhMDJhNjAiLCJ0ciI6IjdkOWI0NmY2ZjI2YWM2ZjIyNzMyNDU2MTNmYzg4ZjAwIiwidGkiOjE2OTg0NjQ0Njk1NDUsInRrIjoiODg4MzEifX0=
traceparent: 00-7d9b46f6f26ac6f2273245613fc88f00-e107ecaef1a02a60-01
tracestate: 88831@nr=0-1-2647367-1120218725-e107ecaef1a02a60----1698464469545
DNT: 1
Connection: keep-alive
Referer: https://aramco.savings.workingadvantage.com/my-profile/details
Cookie: __cf_bm=rodsgAdpDO9jN0xxNHx2N.aCDuKu8Va02T_H912EQc8-1698464467-0-AclEW9ZgjMyGgwoR1WI8VBoIQ8umX5Eyt3fjk6edwAdLuZKEtUI0+vC6t4PT8LsC5bNKpOUmTGUWyJu9NGgs1fc=; AMCV_B5F9FF2554F608410A4C98C6%40AdobeOrg=1176715910%7CMCIDTS%7C19659%7CMCMID%7C30986471486012307707364686134468208909%7CMCAID%7CNONE%7CMCOPTOUT-1698471669s%7CNONE%7CvVersion%7C5.4.0; _ga_FD2X5ZMELR=GS1.1.1698464468.1.0.1698464469.0.0.0; _ga=GA1.1.800168080.1698464469; s_ecid=MCMID%7C30986471486012307707364686134468208909; _gcl_au=1.1.1525976388.1698464469; AMCVS_B5F9FF2554F608410A4C98C6%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 28 Oct 2023 03:41:09 GMT
content-type: application/json; charset=utf-8
x-powered-by: 
access-control-allow-origin: http://aramco.savings.workingadvantage.com
vary: Origin
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
etag: W/"1a5f-Nc1yFws58yQ5fjqNnRAnARARBG0"
expires: Sat, 28 Oct 2023 03:41:08 GMT
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-cache-status: DYNAMIC
strict-transport-security: max-age=5184000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 81d029517ee05689-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

aramco.savings.workingadvantage.com/api/profile

172.64.148.145

182 B

URL
aramco.savings.workingadvantage.com/api/profile
IP
172.64.148.145:0
ASN
#13335 CLOUDFLARENET

File type
JSON data\012- , ASCII text, with no line terminators
Size
182 B (182 bytes)
Hash
d31f438ae4da135e79cb20d87893151d
946148505e7d6720180213a5fc82cdf4dd8ebc15
170287bbbfc14739c9b3aa6ce30abb0669d418f01118028f4b06c198fdbdde1d

HTTP Headers

GET /api/profile HTTP/1.1
Host: aramco.savings.workingadvantage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjI2NDczNjciLCJhcCI6IjExMjAyMTg3MjUiLCJpZCI6IjM4YTIwYzNjMmNkZGFhMDEiLCJ0ciI6IjRhMGRhYWQ1NjVkMjgxNzg4NjBjZjg5OWViYmFmNzAwIiwidGkiOjE2OTg0NjQ0NzA5NDEsInRrIjoiODg4MzEifX0=
traceparent: 00-4a0daad565d28178860cf899ebbaf700-38a20c3c2cddaa01-01
tracestate: 88831@nr=0-1-2647367-1120218725-38a20c3c2cddaa01----1698464470941
DNT: 1
Connection: keep-alive
Referer: https://aramco.savings.workingadvantage.com/my-profile/details
Cookie: __cf_bm=rodsgAdpDO9jN0xxNHx2N.aCDuKu8Va02T_H912EQc8-1698464467-0-AclEW9ZgjMyGgwoR1WI8VBoIQ8umX5Eyt3fjk6edwAdLuZKEtUI0+vC6t4PT8LsC5bNKpOUmTGUWyJu9NGgs1fc=; AMCV_B5F9FF2554F608410A4C98C6%40AdobeOrg=1176715910%7CMCIDTS%7C19659%7CMCMID%7C30986471486012307707364686134468208909%7CMCAID%7CNONE%7CMCOPTOUT-1698471669s%7CNONE%7CvVersion%7C5.4.0; _ga_FD2X5ZMELR=GS1.1.1698464468.1.0.1698464469.0.0.0; _ga=GA1.1.800168080.1698464469; s_ecid=MCMID%7C30986471486012307707364686134468208909; _gcl_au=1.1.1525976388.1698464469; AMCVS_B5F9FF2554F608410A4C98C6%40AdobeOrg=1; btIdentify=f71ed42a-9710-4e53-a5db-f892252daec6; _bti=%7B%22app_id%22%3A%22ebg-wag3%22%2C%22bsin%22%3A%22kJ7NFmJTiFMe5aYlVJeNZTn9WhBSZU7buPb7raC6%2B4NvqKb9cP%2FxTMtYEaX8FcZCJRS8%2BqkxW13MkTUp%2FFy34Q%3D%3D%22%2C%22is_identified%22%3Afalse%7D; _bts=8fe47497-142d-4185-a62a-0bec89f26b6b; cf_clearance=mjciZ.JAm483u8WjxVFee81nEKcCVfHYBoB2ytFHNvQ-1698464469-0-1-69b0ef05.6b0d8b6b.438cce4a-0.2.1698464469
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 401 Unauthorized
date: Sat, 28 Oct 2023 03:41:10 GMT
content-type: application/json; charset=utf-8
content-length: 182
x-powered-by: 
access-control-allow-origin: http://aramco.savings.workingadvantage.com
vary: Origin
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
etag: W/"b6-lGFIUF59ZyAYAhOl/ILN9N2OvBU"
cf-cache-status: DYNAMIC
strict-transport-security: max-age=5184000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 81d0295a292b5689-OSL
alt-svc: h3=":443"; ma=86400

aramco.savings.workingadvantage.com/api/info?authInfo=true

172.64.148.145

159 kB

URL
aramco.savings.workingadvantage.com/api/info?authInfo=true
IP
172.64.148.145:0
ASN
#13335 CLOUDFLARENET

File type
JSON data\012- , ASCII text, with very long lines (8163), with no line terminators
Size
159 kB (159182 bytes)
Hash
265560b727517be6980ca82ba2a26609
90790b79699e6355cfe855bfc481514d01c7a2e8
6a0248d0f2608a6ff8d784dac55aa033838a72ba6e5869dcb2792a7ef1200047

HTTP Headers

GET /api/info?authInfo=true HTTP/1.1
Host: aramco.savings.workingadvantage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjI2NDczNjciLCJhcCI6IjExMjAyMTg3MjUiLCJpZCI6ImNjMDU4MzJiMzNhZjc4ZTMiLCJ0ciI6ImFmZDE2YTAwNzkwOTI5MDhhYjlhNmNkYjEyOTdlNDAwIiwidGkiOjE2OTg0NjQ0NzA5NDcsInRrIjoiODg4MzEifX0=
traceparent: 00-afd16a0079092908ab9a6cdb1297e400-cc05832b33af78e3-01
tracestate: 88831@nr=0-1-2647367-1120218725-cc05832b33af78e3----1698464470947
DNT: 1
Connection: keep-alive
Referer: https://aramco.savings.workingadvantage.com/my-profile/details
Cookie: __cf_bm=rodsgAdpDO9jN0xxNHx2N.aCDuKu8Va02T_H912EQc8-1698464467-0-AclEW9ZgjMyGgwoR1WI8VBoIQ8umX5Eyt3fjk6edwAdLuZKEtUI0+vC6t4PT8LsC5bNKpOUmTGUWyJu9NGgs1fc=; AMCV_B5F9FF2554F608410A4C98C6%40AdobeOrg=1176715910%7CMCIDTS%7C19659%7CMCMID%7C30986471486012307707364686134468208909%7CMCAID%7CNONE%7CMCOPTOUT-1698471669s%7CNONE%7CvVersion%7C5.4.0; _ga_FD2X5ZMELR=GS1.1.1698464468.1.0.1698464469.0.0.0; _ga=GA1.1.800168080.1698464469; s_ecid=MCMID%7C30986471486012307707364686134468208909; _gcl_au=1.1.1525976388.1698464469; AMCVS_B5F9FF2554F608410A4C98C6%40AdobeOrg=1; btIdentify=f71ed42a-9710-4e53-a5db-f892252daec6; _bti=%7B%22app_id%22%3A%22ebg-wag3%22%2C%22bsin%22%3A%22kJ7NFmJTiFMe5aYlVJeNZTn9WhBSZU7buPb7raC6%2B4NvqKb9cP%2FxTMtYEaX8FcZCJRS8%2BqkxW13MkTUp%2FFy34Q%3D%3D%22%2C%22is_identified%22%3Afalse%7D; _bts=8fe47497-142d-4185-a62a-0bec89f26b6b; cf_clearance=mjciZ.JAm483u8WjxVFee81nEKcCVfHYBoB2ytFHNvQ-1698464469-0-1-69b0ef05.6b0d8b6b.438cce4a-0.2.1698464469
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 28 Oct 2023 03:41:10 GMT
content-type: application/json; charset=utf-8
x-powered-by: 
access-control-allow-origin: http://aramco.savings.workingadvantage.com
vary: Origin
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
etag: W/"1fe3-kHkLeWmeY1XP6FW/xIFRTQHHoug"
expires: Sat, 28 Oct 2023 03:41:09 GMT
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-cache-status: DYNAMIC
strict-transport-security: max-age=5184000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 81d0295a39315689-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

cdnjs.cloudflare.com/ajax/libs/web-animations/2.3.1/web-animations.min.js

104.17.25.14

200 OK

14 kB

URL GET HTTP/3
cdnjs.cloudflare.com/ajax/libs/web-animations/2.3.1/web-animations.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://auth.savings.workingadvantage.com/aramco/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Faramco.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (47169)
Size
14 kB (13763 bytes)
Hash
f689a668b5c6078984b93b9f59793c90
83042534752a6d9b0a4a086517e19230416feba4
cbb3c795fd44c83a1200149b18e0df050fe228df4b5b03891373029117d8bd6b

HTTP Headers

GET /ajax/libs/web-animations/2.3.1/web-animations.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 28 Oct 2023 03:41:10 GMT
content-type: application/javascript; charset=utf-8
content-length: 13763
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb0402f-bad6"
last-modified: Mon, 04 May 2020 16:17:51 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 252554
expires: Thu, 17 Oct 2024 03:41:10 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dls%2BdNTWzjW23%2FSLaakjEBcNO8Mo34Dzuhqy%2BjjkHOTcB%2FcXLsP%2F%2Fb%2B2Gtx8WKS9OScZ4eVu3NCxUZnyRnitLGH3J7C7AT6eBFDz4LdrgHAqSkgISigx%2BNl7zgFlP8Lgbq4bITcp"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 81d0295d8ffeb509-OSL
alt-svc: h3=":443"; ma=86400

cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/css/bootstrap.min.css

151.101.193.229

200 OK

26 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/css/bootstrap.min.css
IP
151.101.193.229:443
ASN
#54113 FASTLY

Requested by
https://auth.savings.workingadvantage.com/aramco/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Faramco.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
ASCII text, with very long lines (65326)
Size
26 kB (26099 bytes)
Hash
023b3876bb73aa541367fc40a193d2b7
8ed2d6350d23f857d92805737d0f97c675de666b
f77c0d1739b618edc4a01ca3f6b2990b01a3009030af49ee8cf68e83052df194

HTTP Headers

GET /npm/bootstrap@4.5.3/dist/css/bootstrap.min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://auth.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 4.5.3
x-jsd-version-type: version
etag: W/"27288-jtLWNQ0j+FfZKAVzfQ+XxnXeZms"
content-encoding: br
accept-ranges: bytes
date: Sat, 28 Oct 2023 03:41:10 GMT
age: 18778181
x-served-by: cache-fra-eddf8230071-FRA, cache-bma1659-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 26099
X-Firefox-Spdy: h2

maps.googleapis.com/maps/api/js?client=gme-entertainmentbenefits&libraries=places

142.250.74.170

200 OK

80 kB

URL GET HTTP/3
maps.googleapis.com/maps/api/js?client=gme-entertainmentbenefits&libraries=places
IP
142.250.74.170:443
ASN
#15169 GOOGLE

Requested by
https://auth.savings.workingadvantage.com/aramco/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Faramco.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint87:BD:C2:71:54:40:3F:F2:18:79:1A:89:F5:E9:BC:63:E5:EC:57:64
ValidityMon, 09 Oct 2023 08:10:33 GMT - Mon, 01 Jan 2024 08:10:32 GMT

File type
ASCII text, with very long lines (3107)
Size
80 kB (79677 bytes)
Hash
e2a5fcfa1df0ce58f0392d9a971e8e92
b3dbb21b76c079ee71bb49c838ca9461fea3e8d8
aa6abbdbcd4ec0be7d90b838cdc22cdb0d1490d48218808e299db66b8773f4f2

HTTP Headers

GET /maps/api/js?client=gme-entertainmentbenefits&libraries=places HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Language, Origin, X-Origin, Referer
cache-control: public, max-age=1800
content-type: text/javascript; charset=UTF-8
content-encoding: gzip
date: Sat, 28 Oct 2023 03:41:10 GMT
server: scaffolding on HTTPServer2
content-length: 79677
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.googletagmanager.com/gtm.js?id=GTM-5QN8HWM

142.250.74.168

200 OK

79 kB

URL GET HTTP/3
www.googletagmanager.com/gtm.js?id=GTM-5QN8HWM
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://auth.savings.workingadvantage.com/aramco/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Faramco.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint97:15:34:CA:DF:1A:DF:2E:7B:EF:E9:6E:44:21:30:2B:ED:13:54:AE
ValidityMon, 09 Oct 2023 08:03:58 GMT - Mon, 01 Jan 2024 08:03:57 GMT

File type
ASCII text, with very long lines (19808)
Size
79 kB (78612 bytes)
Hash
ed155139dd55b8de7a35d9c2a79fc15c
aabbcff618bc10d1f87d43916016186d9d0da231
ee61417ad5aa8a5d3a03e5667116493066201197a3128a5678124a038c719e5d

HTTP Headers

GET /gtm.js?id=GTM-5QN8HWM HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 28 Oct 2023 03:41:10 GMT
expires: Sat, 28 Oct 2023 03:41:10 GMT
cache-control: private, max-age=900
last-modified: Sat, 28 Oct 2023 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 78612
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement.min.js

23.38.200.237

200 OK

12 kB

URL GET HTTP/2
assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement.min.js
IP
23.38.200.237:443
ASN
#16625 AKAMAI-AS

Requested by
https://auth.savings.workingadvantage.com/aramco/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Faramco.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerDigiCert Inc
Subjectassets.adobedtm.com
Fingerprint8E:2F:9F:94:55:93:C2:B5:58:37:E8:D3:02:3C:23:AF:BA:E7:1D:EA
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sat, 10 Aug 2024 23:59:59 GMT

File type
ASCII text, with very long lines (32768)
Size
12 kB (12163 bytes)
Hash
d860c16ac938f7d839f0ec158d02d0f0
8710f81ed151233677f7e32b229cb35293dd6840
9219086b4f2c3bf77854b2e06ccd97ad32b9b7a140e65ff8b974a3bae6c7854c

HTTP Headers

GET /extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "d860c16ac938f7d839f0ec158d02d0f0:1644856531.418573"
last-modified: Mon, 14 Feb 2022 16:35:31 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 12163
expires: Sat, 28 Oct 2023 04:41:10 GMT
date: Sat, 28 Oct 2023 03:41:10 GMT
cache-control: no-cache
access-control-allow-origin: https://auth.savings.workingadvantage.com
timing-allow-origin: *
X-Firefox-Spdy: h2

assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement_Module_ActivityMap.min.js

23.38.200.237

200 OK

1.6 kB

URL GET HTTP/2
assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement_Module_ActivityMap.min.js
IP
23.38.200.237:443
ASN
#16625 AKAMAI-AS

Requested by
https://auth.savings.workingadvantage.com/aramco/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Faramco.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerDigiCert Inc
Subjectassets.adobedtm.com
Fingerprint8E:2F:9F:94:55:93:C2:B5:58:37:E8:D3:02:3C:23:AF:BA:E7:1D:EA
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sat, 10 Aug 2024 23:59:59 GMT

File type
ASCII text, with very long lines (3155)
Size
1.6 kB (1597 bytes)
Hash
2d1382c349d480b6b41574ac0c1af066
53ddf017aa6b66b4d54ea0818dc5c04789b9e5ae
462a66acbf50e933685e7587e9f1441df8225b2bb4d6b7bc5e757eccf4ff6575

HTTP Headers

GET /extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement_Module_ActivityMap.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "2d1382c349d480b6b41574ac0c1af066:1644856531.739514"
last-modified: Mon, 14 Feb 2022 16:35:31 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 1597
expires: Sat, 28 Oct 2023 04:41:10 GMT
date: Sat, 28 Oct 2023 03:41:10 GMT
cache-control: no-cache
access-control-allow-origin: https://auth.savings.workingadvantage.com
timing-allow-origin: *
X-Firefox-Spdy: h2

maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true

142.250.74.170

200 OK

23 B

URL GET HTTP/3
maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true
IP
142.250.74.170:443
ASN
#15169 GOOGLE

Requested by
https://auth.savings.workingadvantage.com/aramco/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Faramco.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint87:BD:C2:71:54:40:3F:F2:18:79:1A:89:F5:E9:BC:63:E5:EC:57:64
ValidityMon, 09 Oct 2023 08:10:33 GMT - Mon, 01 Jan 2024 08:10:32 GMT

File type
JSON data\012- , ASCII text
Size
23 B (23 bytes)
Hash
8a80554c91d9fca8acb82f023de02f11
5f36b2ea290645ee34d943220a14b54ee5ea5be5
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

HTTP Headers

GET /maps/api/mapsjs/gen_204?csp_test=true HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://auth.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/json; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Sat, 28 Oct 2023 03:41:11 GMT
server: scaffolding on HTTPServer2
cache-control: private
content-length: 23
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://auth.savings.workingadvantage.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js

172.64.148.145

200 OK

40 kB

URL GET HTTP/3
auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
IP
172.64.148.145:443
ASN
#13335 CLOUDFLARENET

Requested by
https://auth.savings.workingadvantage.com/aramco/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Faramco.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerCloudflare, Inc.
Subjectworkingadvantage.com
FingerprintE1:B3:50:87:CF:77:63:80:7F:9D:81:96:18:E2:FA:4F:AC:2D:A8:B6
ValidityThu, 06 Jul 2023 00:00:00 GMT - Thu, 04 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (51930)
Size
40 kB (39522 bytes)
Hash
0cd967d483680340e1c5d0f1c3b34662
4f6121c35c81f16302bdb45a3a00ee708896a72c
bc49c009b33e66a59f057cf4ada682b80d4401d919ddf0f8d3ef2bb0415f0b23

HTTP Headers

GET /assets/new-relic/new-relic-integration.js HTTP/1.1
Host: auth.savings.workingadvantage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/aramco/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Faramco.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Cookie: __cf_bm=rodsgAdpDO9jN0xxNHx2N.aCDuKu8Va02T_H912EQc8-1698464467-0-AclEW9ZgjMyGgwoR1WI8VBoIQ8umX5Eyt3fjk6edwAdLuZKEtUI0+vC6t4PT8LsC5bNKpOUmTGUWyJu9NGgs1fc=; AMCV_B5F9FF2554F608410A4C98C6%40AdobeOrg=1176715910%7CMCIDTS%7C19659%7CMCMID%7C30986471486012307707364686134468208909%7CMCAID%7CNONE%7CMCOPTOUT-1698471669s%7CNONE%7CvVersion%7C5.4.0; _ga_FD2X5ZMELR=GS1.1.1698464468.1.0.1698464469.0.0.0; _ga=GA1.1.800168080.1698464469; s_ecid=MCMID%7C30986471486012307707364686134468208909; _gcl_au=1.1.1525976388.1698464469; AMCVS_B5F9FF2554F608410A4C98C6%40AdobeOrg=1; btIdentify=f71ed42a-9710-4e53-a5db-f892252daec6; _bti=%7B%22app_id%22%3A%22ebg-wag3%22%2C%22bsin%22%3A%22kJ7NFmJTiFMe5aYlVJeNZTn9WhBSZU7buPb7raC6%2B4NvqKb9cP%2FxTMtYEaX8FcZCJRS8%2BqkxW13MkTUp%2FFy34Q%3D%3D%22%2C%22is_identified%22%3Afalse%7D; _bts=8fe47497-142d-4185-a62a-0bec89f26b6b; cf_clearance=mjciZ.JAm483u8WjxVFee81nEKcCVfHYBoB2ytFHNvQ-1698464469-0-1-69b0ef05.6b0d8b6b.438cce4a-0.2.1698464469; split_test_groups={"auth_v3_test1":{"group_id":"auth_v3","events":["stts-set-test-group","stts-view-search-result","stts-clickout-internal","stts-clickout-external","stts-auth-access","stts-accounts-created-password","stts-accounts-created-otp","stts-accounts-set-password-new","stts-auth-password-reset","stts-auth-password-skip"]}}
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 28 Oct 2023 03:41:10 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 25 Oct 2023 01:27:26 GMT
vary: Accept-Encoding
etag: W/"65386efe-ccde"
strict-transport-security: max-age=5184000; includeSubDomains
x-frame-options: DENY
content-security-policy: frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
server: cloudflare
cf-ray: 81d0295d7a3d5689-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

auth.savings.workingadvantage.com/main-es2015.d1b10b000c1670dfd114.js

172.64.148.145

200 OK

503 kB

URL GET HTTP/3
auth.savings.workingadvantage.com/main-es2015.d1b10b000c1670dfd114.js
IP
172.64.148.145:443
ASN
#13335 CLOUDFLARENET

Requested by
https://auth.savings.workingadvantage.com/aramco/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Faramco.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerCloudflare, Inc.
Subjectworkingadvantage.com
FingerprintE1:B3:50:87:CF:77:63:80:7F:9D:81:96:18:E2:FA:4F:AC:2D:A8:B6
ValidityThu, 06 Jul 2023 00:00:00 GMT - Thu, 04 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
503 kB (502991 bytes)
Hash
5751c7ccebf9ea543d16fd572843f5df
a0d861a7864a3b67b7a4f9bcc6c7d86682ef3e12
0cf98b1ce1a6ce2b5c6b88563939cf674a6ee7e234efa11c2491624d7d05d717

HTTP Headers

GET /main-es2015.d1b10b000c1670dfd114.js HTTP/1.1
Host: auth.savings.workingadvantage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/aramco/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Faramco.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Cookie: __cf_bm=rodsgAdpDO9jN0xxNHx2N.aCDuKu8Va02T_H912EQc8-1698464467-0-AclEW9ZgjMyGgwoR1WI8VBoIQ8umX5Eyt3fjk6edwAdLuZKEtUI0+vC6t4PT8LsC5bNKpOUmTGUWyJu9NGgs1fc=; AMCV_B5F9FF2554F608410A4C98C6%40AdobeOrg=1176715910%7CMCIDTS%7C19659%7CMCMID%7C30986471486012307707364686134468208909%7CMCAID%7CNONE%7CMCOPTOUT-1698471669s%7CNONE%7CvVersion%7C5.4.0; _ga_FD2X5ZMELR=GS1.1.1698464468.1.0.1698464469.0.0.0; _ga=GA1.1.800168080.1698464469; s_ecid=MCMID%7C30986471486012307707364686134468208909; _gcl_au=1.1.1525976388.1698464469; AMCVS_B5F9FF2554F608410A4C98C6%40AdobeOrg=1; btIdentify=f71ed42a-9710-4e53-a5db-f892252daec6; _bti=%7B%22app_id%22%3A%22ebg-wag3%22%2C%22bsin%22%3A%22kJ7NFmJTiFMe5aYlVJeNZTn9WhBSZU7buPb7raC6%2B4NvqKb9cP%2FxTMtYEaX8FcZCJRS8%2BqkxW13MkTUp%2FFy34Q%3D%3D%22%2C%22is_identified%22%3Afalse%7D; _bts=8fe47497-142d-4185-a62a-0bec89f26b6b; cf_clearance=mjciZ.JAm483u8WjxVFee81nEKcCVfHYBoB2ytFHNvQ-1698464469-0-1-69b0ef05.6b0d8b6b.438cce4a-0.2.1698464469; split_test_groups={"auth_v3_test1":{"group_id":"auth_v3","events":["stts-set-test-group","stts-view-search-result","stts-clickout-internal","stts-clickout-external","stts-auth-access","stts-accounts-created-password","stts-accounts-created-otp","stts-accounts-set-password-new","stts-auth-password-reset","stts-auth-password-skip"]}}
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 28 Oct 2023 03:41:10 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 25 Oct 2023 01:27:26 GMT
vary: Accept-Encoding
etag: W/"65386efe-1a1069"
strict-transport-security: max-age=5184000; includeSubDomains
x-frame-options: DENY
content-security-policy: frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
server: cloudflare
cf-ray: 81d0295d9a445689-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

aramco.savings.beneplace.com/api/notifications/system-wide

172.64.150.236

200 OK

2 B

URL GET HTTP/2
aramco.savings.beneplace.com/api/notifications/system-wide
IP
172.64.150.236:443
ASN
#13335 CLOUDFLARENET

Requested by
https://auth.savings.workingadvantage.com/aramco/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Faramco.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerCloudflare, Inc.
Subjectbeneplace.com
Fingerprint29:E9:25:EC:69:97:9A:65:2D:C3:73:CB:B4:99:F2:EE:E5:D0:F3:FF
ValiditySat, 31 Dec 2022 00:00:00 GMT - Sun, 31 Dec 2023 23:59:59 GMT

File type
JSON data\012- , ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
d751713988987e9331980363e24189ce
97d170e1550eee4afc0af065b78cda302a97674c
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

HTTP Headers

GET /api/notifications/system-wide HTTP/1.1
Host: aramco.savings.beneplace.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://auth.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 28 Oct 2023 03:41:11 GMT
content-type: application/json; charset=utf-8
content-length: 2
x-powered-by: 
access-control-allow-origin: https://auth.savings.workingadvantage.com
vary: Origin
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
etag: W/"2-l9Fw4VUO7kr8CvBlt4zaMCqXZ0w"
expires: Sat, 28 Oct 2023 03:41:10 GMT
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=.3TJ4Q.3qWgY6sg.LePG9bAWlnBYErGXxF6PfsiNMTM-1698464471-0-AYJNXtehlh/fcjJhp8NKbE99BE/NjjBu69b2aoyqw2u+GCyg7K+pdHDYBYngXu3KlB705uEACgJ5JQnYfWJun1E=; path=/; expires=Sat, 28-Oct-23 04:11:11 GMT; domain=.beneplace.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 81d02962aec2b511-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/a7f5bdf81d6c/RCfc27f81c245c44b78fbb03ff4af1a6be-source.min.js

23.38.200.237

200 OK

215 B

URL GET HTTP/2
assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/a7f5bdf81d6c/RCfc27f81c245c44b78fbb03ff4af1a6be-source.min.js
IP
23.38.200.237:443
ASN
#16625 AKAMAI-AS

Requested by
https://auth.savings.workingadvantage.com/aramco/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Faramco.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerDigiCert Inc
Subjectassets.adobedtm.com
Fingerprint8E:2F:9F:94:55:93:C2:B5:58:37:E8:D3:02:3C:23:AF:BA:E7:1D:EA
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sat, 10 Aug 2024 23:59:59 GMT

File type
ASCII text
Size
215 B (215 bytes)
Hash
30596da9807220040d5f36dc0e9fdaac
368533d23d822c5a6ac752c0c64c16b77be5be6c
0fb88363006fa1090248e57e5bb00bbcb91a851d7619b320fc661312e552be48

HTTP Headers

GET /a281455e4dfe/86f9b29df5eb/a7f5bdf81d6c/RCfc27f81c245c44b78fbb03ff4af1a6be-source.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "7e9b95127b86f5b4657a8a4d1840ccc1:1696974419.9836"
last-modified: Tue, 10 Oct 2023 21:46:59 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=3600
expires: Sat, 28 Oct 2023 04:41:12 GMT
date: Sat, 28 Oct 2023 03:41:12 GMT
content-length: 215
access-control-allow-origin: https://auth.savings.workingadvantage.com
timing-allow-origin: *
X-Firefox-Spdy: h2

assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/a7f5bdf81d6c/RC986b4d5825364bd4887033e40e20c549-source.min.js

23.38.200.237

200 OK

429 B

URL GET HTTP/2
assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/a7f5bdf81d6c/RC986b4d5825364bd4887033e40e20c549-source.min.js
IP
23.38.200.237:443
ASN
#16625 AKAMAI-AS

Requested by
https://auth.savings.workingadvantage.com/aramco/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Faramco.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerDigiCert Inc
Subjectassets.adobedtm.com
Fingerprint8E:2F:9F:94:55:93:C2:B5:58:37:E8:D3:02:3C:23:AF:BA:E7:1D:EA
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sat, 10 Aug 2024 23:59:59 GMT

File type
ASCII text, with very long lines (610)
Size
429 B (429 bytes)
Hash
3e79d124e5224380bea0c8d004a4a9b4
4962bda04fcd673b1522a2aee1c8bf7fbe139bc8
524921f6844becbc9f6f7447807fd724afeceb34924f93b425e04c7816ff38d1

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Webshells iisstart.aspx and Logout.aspx

HTTP Headers

GET /a281455e4dfe/86f9b29df5eb/a7f5bdf81d6c/RC986b4d5825364bd4887033e40e20c549-source.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "7e9b95127b86f5b4657a8a4d1840ccc1:1696974419.9836"
last-modified: Tue, 10 Oct 2023 21:46:59 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=3600
expires: Sat, 28 Oct 2023 04:41:12 GMT
date: Sat, 28 Oct 2023 03:41:12 GMT
content-length: 429
access-control-allow-origin: https://auth.savings.workingadvantage.com
timing-allow-origin: *
X-Firefox-Spdy: h2

aramco.savings.beneplace.com/api/google-experiments/auth-v2

172.64.150.236

200 OK

73 kB

URL GET HTTP/2
aramco.savings.beneplace.com/api/google-experiments/auth-v2
IP
172.64.150.236:443
ASN
#13335 CLOUDFLARENET

Requested by
https://auth.savings.workingadvantage.com/aramco/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Faramco.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerCloudflare, Inc.
Subjectbeneplace.com
Fingerprint29:E9:25:EC:69:97:9A:65:2D:C3:73:CB:B4:99:F2:EE:E5:D0:F3:FF
ValiditySat, 31 Dec 2022 00:00:00 GMT - Sun, 31 Dec 2023 23:59:59 GMT

File type
JSON data\012- , ASCII text, with very long lines (4056), with no line terminators
Size
73 kB (73355 bytes)
Hash
1b8008d29de8cf1e4178b27c2ef2c120
c53ae45c4e7cd5fd5240ca141b031f080999bc98
a83eaf590f2c078872c01c0f332037dc8fef2a3a2f925d9d8ea5425d0172cf99

HTTP Headers

GET /api/google-experiments/auth-v2 HTTP/1.1
Host: aramco.savings.beneplace.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://auth.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 28 Oct 2023 03:41:11 GMT
content-type: application/json; charset=utf-8
x-powered-by: 
access-control-allow-origin: https://auth.savings.workingadvantage.com
vary: Origin
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
etag: W/"fd8-xTrkXE581f1SQMoUGwMfCAmZvJg"
expires: Sat, 28 Oct 2023 03:41:10 GMT
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=PP9ha4V_fUkXPaa_9uuty10HhHU7.s8ZTx_CIQJ_gfA-1698464471-0-Aa0foEfMefeFF50MsAXN1OcV8zAtDj6QDU1JpQIUQF7H179pX6h3asAJ8UZZ56k8qu7vWwl5eU9zrkU5WtniPRc=; path=/; expires=Sat, 28-Oct-23 04:11:11 GMT; domain=.beneplace.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 81d02962aec3b511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

www.googletagmanager.com/gtm.js?id=GTM-5QN8HWM

142.250.74.168

200 OK

79 kB

URL GET HTTP/3
www.googletagmanager.com/gtm.js?id=GTM-5QN8HWM
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://auth.savings.workingadvantage.com/aramco/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Faramco.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint97:15:34:CA:DF:1A:DF:2E:7B:EF:E9:6E:44:21:30:2B:ED:13:54:AE
ValidityMon, 09 Oct 2023 08:03:58 GMT - Mon, 01 Jan 2024 08:03:57 GMT

File type
ASCII text, with very long lines (19808)
Size
79 kB (78709 bytes)
Hash
d31325b75dbc2f8801757912ba25a803
f2d94c528031ba95cb30659ce41e75a795f44ad9
4cfd1c5ec7c32df13222aba585c5e0fb9c681fb3b373df21e524d9b0c7088ed0

HTTP Headers

GET /gtm.js?id=GTM-5QN8HWM HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 28 Oct 2023 03:41:12 GMT
expires: Sat, 28 Oct 2023 03:41:12 GMT
cache-control: private, max-age=900
last-modified: Sat, 28 Oct 2023 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 78709
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

smetrics.workingadvantage.com/b/ss/entbenwag3/1/JS-2.22.4-LDQM/s5574852876674

63.140.62.22

200 OK

43 B

URL POST HTTP/2
smetrics.workingadvantage.com/b/ss/entbenwag3/1/JS-2.22.4-LDQM/s5574852876674
IP
63.140.62.22:443
ASN
#16509 AMAZON-02

Requested by
https://auth.savings.workingadvantage.com/aramco/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Faramco.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerDigiCert Inc
Subjectsmetrics.workingadvantage.com
FingerprintBF:39:6F:26:01:A5:E2:6D:81:D9:EB:97:B2:50:D2:2D:2F:2D:48:43
ValiditySun, 09 Jul 2023 00:00:00 GMT - Thu, 08 Aug 2024 23:59:59 GMT

File type
GIF image data, version 89a, 2 x 2\012- data
Size
43 B (43 bytes)
Hash
ad480fd0732d0f6f1a8b06359e3a42bb
a544538683a2dfe574eeb2e358ac8fcc78289d50
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506

HTTP Headers

POST /b/ss/entbenwag3/1/JS-2.22.4-LDQM/s5574852876674 HTTP/1.1
Host: smetrics.workingadvantage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 2217
Origin: https://auth.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Cookie: __cf_bm=rodsgAdpDO9jN0xxNHx2N.aCDuKu8Va02T_H912EQc8-1698464467-0-AclEW9ZgjMyGgwoR1WI8VBoIQ8umX5Eyt3fjk6edwAdLuZKEtUI0+vC6t4PT8LsC5bNKpOUmTGUWyJu9NGgs1fc=; AMCV_B5F9FF2554F608410A4C98C6%40AdobeOrg=1176715910%7CMCIDTS%7C19659%7CMCMID%7C30986471486012307707364686134468208909%7CMCAID%7CNONE%7CMCOPTOUT-1698471673s%7CNONE%7CvVersion%7C5.4.0; _ga_FD2X5ZMELR=GS1.1.1698464468.1.1.1698464472.0.0.0; _ga=GA1.1.800168080.1698464469; s_ecid=MCMID%7C30986471486012307707364686134468208909; _gcl_au=1.1.1525976388.1698464469; AMCVS_B5F9FF2554F608410A4C98C6%40AdobeOrg=1; btIdentify=f71ed42a-9710-4e53-a5db-f892252daec6; _bti=%7B%22app_id%22%3A%22ebg-wag3%22%2C%22bsin%22%3A%22kJ7NFmJTiFMe5aYlVJeNZTn9WhBSZU7buPb7raC6%2B4NvqKb9cP%2FxTMtYEaX8FcZCJRS8%2BqkxW13MkTUp%2FFy34Q%3D%3D%22%2C%22is_identified%22%3Afalse%7D; _bts=8fe47497-142d-4185-a62a-0bec89f26b6b; cf_clearance=mjciZ.JAm483u8WjxVFee81nEKcCVfHYBoB2ytFHNvQ-1698464469-0-1-69b0ef05.6b0d8b6b.438cce4a-0.2.1698464469; sat_domain=A; mbox=session#c33126014e5b4ef4846a0d7c62e0c72d#1698466334; at_check=true; g3refurl=https%253A%252F%252Fauth.savings.workingadvantage.com%252Faramco%252Fsign-in%253Fresponse_type%253Dcode%2526client_id%253D9ezalirn45mf43imjtdf53%2526redirect_uri%253Dhttps%253A%25252f%25252faramco.savings.workingadvantage.com%25252fmy-profile%25252fdetails; prev_url_v2=https%253A%252F%252Fauth.savings.workingadvantage.com%252Faramco%252Fsign-in%253Fresponse_type%253Dcode%2526client_id%253D9ezalirn45mf43imjtdf53%2526redirect_uri%253Dhttps%253A%25252f%25252faramco.savings.workingadvantage.com%25252fmy-profile%25252fdetails; s_cc=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: https://auth.savings.workingadvantage.com
access-control-allow-credentials: true
date: Sat, 28 Oct 2023 03:41:12 GMT
expires: Fri, 27 Oct 2023 03:41:12 GMT
last-modified: Sun, 29 Oct 2023 03:41:12 GMT
pragma: no-cache
p3p: CP="This is not a P3P policy"
server: jag
set-cookie: s_ecid=MCMID%7C30986471486012307707364686134468208909; Path=/; Domain=workingadvantage.com; Max-Age=157680000; Expires=Thu, 26 Oct 2028 03:41:41 GMT;
etag: 3647424680602173440-4617923240813322373
vary: *
content-type: image/gif;charset=utf-8
content-length: 43
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-2K753Z6D0L&l=dataLayer&cx=c

142.250.74.168

200 OK

85 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=G-2K753Z6D0L&l=dataLayer&cx=c
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://auth.savings.workingadvantage.com/aramco/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Faramco.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint97:15:34:CA:DF:1A:DF:2E:7B:EF:E9:6E:44:21:30:2B:ED:13:54:AE
ValidityMon, 09 Oct 2023 08:03:58 GMT - Mon, 01 Jan 2024 08:03:57 GMT

File type
ASCII text, with very long lines (13010)
Size
85 kB (85119 bytes)
Hash
bd1d16f368fa4fd43a3973f810d752da
3deb7b5b121546b1c2bc8fd01dd1e18a71820145
b2670ad142043b2f77392c8f35e53c4a1754ade50d1e2101a0d90df16459fb64

HTTP Headers

GET /gtag/js?id=G-2K753Z6D0L&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 28 Oct 2023 03:41:12 GMT
expires: Sat, 28 Oct 2023 03:41:12 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 85119
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

controlpanel.savings.beneplace.com/uploads/aramco_favicon_01.png

104.18.37.20

200 OK

2.3 kB

URL GET HTTP/3
controlpanel.savings.beneplace.com/uploads/aramco_favicon_01.png
IP
104.18.37.20:443
ASN
#13335 CLOUDFLARENET

Requested by
https://auth.savings.workingadvantage.com/aramco/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Faramco.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerCloudflare, Inc.
Subjectbeneplace.com
Fingerprint29:E9:25:EC:69:97:9A:65:2D:C3:73:CB:B4:99:F2:EE:E5:D0:F3:FF
ValiditySat, 31 Dec 2022 00:00:00 GMT - Sun, 31 Dec 2023 23:59:59 GMT

File type
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Size
2.3 kB (2293 bytes)
Hash
a1172f0c93619cb5e03ce9b050994f06
0d3cb5379da12a47a9dd076bdc84fa1c91985fa5
efb9186b8aff7176ed5862a85234debfec867bb6a4f262ee091e5acb760a201d

HTTP Headers

GET /uploads/aramco_favicon_01.png HTTP/1.1
Host: controlpanel.savings.beneplace.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Cookie: __cf_bm=71xZhvQqSHYpIbLJyA0Hw5IPexpUnxGDEmI8uC4FVJE-1698464469-0-AVOIQIX1VT210hbpj2mgUNCYh4TTJwR0NebfbY+f8m/1BMAlz437UGg8dM/PAqLPL5xs04Nq6+WpwY20LlOhG78=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 28 Oct 2023 03:41:12 GMT
content-type: image/png
content-length: 2293
last-modified: Fri, 19 Nov 2021 13:30:39 GMT
etag: "6197a6ff-8f5"
cache-control: public, max-age=2592000, s-maxage=600
cf-cache-status: HIT
age: 407
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 81d029691acd5697-OSL
alt-svc: h3=":443"; ma=86400

aramco.savings.beneplace.com/api/controls/aramco

172.64.150.236

200 OK

846 B

URL GET HTTP/2
aramco.savings.beneplace.com/api/controls/aramco
IP
172.64.150.236:443
ASN
#13335 CLOUDFLARENET

Requested by
https://auth.savings.workingadvantage.com/aramco/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Faramco.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerCloudflare, Inc.
Subjectbeneplace.com
Fingerprint29:E9:25:EC:69:97:9A:65:2D:C3:73:CB:B4:99:F2:EE:E5:D0:F3:FF
ValiditySat, 31 Dec 2022 00:00:00 GMT - Sun, 31 Dec 2023 23:59:59 GMT

File type
JSON data\012- , ASCII text, with very long lines (2050), with no line terminators
Size
846 B (846 bytes)
Hash
66a41fb5c208b7a7036321fcc1a1309a
976240b9b349f4cd7f3eb4473feb2a6698442dce
341083bce636014fe77945e54a94e8cce5c1a34cfe400bffe146af1e78e73cae

HTTP Headers

GET /api/controls/aramco HTTP/1.1
Host: aramco.savings.beneplace.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://auth.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 28 Oct 2023 03:41:12 GMT
content-type: application/json; charset=utf-8
x-powered-by: 
access-control-allow-origin: https://auth.savings.workingadvantage.com
vary: Origin
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
etag: W/"802-l2JAubNJ9M1/PrRHP+sqZphELc4"
expires: Sat, 28 Oct 2023 03:41:11 GMT
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=HXWzDSozE_jhD_3t8Ouk7pAvsx.5K1sZyTa_pvJovis-1698464472-0-Adfkm752HuGJpInFMPYvXfInuUmAD+BJeBhKjUPNjjyTokA1rtcGjAYjRu3dDFXo9rdzUnAfi+Qhie8kMb5gwq4=; path=/; expires=Sat, 28-Oct-23 04:11:12 GMT; domain=.beneplace.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 81d029639ef9b511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

aramco.savings.workingadvantage.com/scripts.839823a06217b7c66e38.js

172.64.148.145

83 kB

URL
aramco.savings.workingadvantage.com/scripts.839823a06217b7c66e38.js
IP
172.64.148.145:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65447)
Size
83 kB (82737 bytes)
Hash
c675db7168c0708d3d720fef3c4a3ea4
64a3258a7699004f327d490575d9d19301d481a9
cf6df84cb37b5c853a3414f9878473bec61127f2168d9431131bbe0be589a335

HTTP Headers

GET /scripts.839823a06217b7c66e38.js HTTP/1.1
Host: aramco.savings.workingadvantage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aramco.savings.workingadvantage.com/my-profile/details
Cookie: __cf_bm=rodsgAdpDO9jN0xxNHx2N.aCDuKu8Va02T_H912EQc8-1698464467-0-AclEW9ZgjMyGgwoR1WI8VBoIQ8umX5Eyt3fjk6edwAdLuZKEtUI0+vC6t4PT8LsC5bNKpOUmTGUWyJu9NGgs1fc=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 28 Oct 2023 03:41:07 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 25 Oct 2023 01:20:07 GMT
vary: Accept-Encoding
etag: W/"65386d47-2957f"
strict-transport-security: max-age=5184000; includeSubDomains
x-frame-options: DENY
content-security-policy: frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
server: cloudflare
cf-ray: 81d02949ac0e5689-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

auth.savings.workingadvantage.com/assets/workingadvantage_logo_wide_inverse_01.png

172.64.148.145

200 OK

19 kB

URL GET HTTP/3
auth.savings.workingadvantage.com/assets/workingadvantage_logo_wide_inverse_01.png
IP
172.64.148.145:443
ASN
#13335 CLOUDFLARENET

Requested by
https://auth.savings.workingadvantage.com/aramco/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Faramco.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerCloudflare, Inc.
Subjectworkingadvantage.com
FingerprintE1:B3:50:87:CF:77:63:80:7F:9D:81:96:18:E2:FA:4F:AC:2D:A8:B6
ValidityThu, 06 Jul 2023 00:00:00 GMT - Thu, 04 Jul 2024 23:59:59 GMT

File type
PNG image data, 500 x 200, 8-bit/color RGBA, non-interlaced\012- data
Size
19 kB (18724 bytes)
Hash
fad05a309055bbe24890d609a98528f4
48fbd56aa5b0bd2b6139b23a0097aa02a594e13e
22de6cb47cb99a22c97982e083731cbbd79340c75261c8e68f9ddb350a11d264

HTTP Headers

GET /assets/workingadvantage_logo_wide_inverse_01.png HTTP/1.1
Host: auth.savings.workingadvantage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/aramco/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https:%2F%2Faramco.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Cookie: __cf_bm=rodsgAdpDO9jN0xxNHx2N.aCDuKu8Va02T_H912EQc8-1698464467-0-AclEW9ZgjMyGgwoR1WI8VBoIQ8umX5Eyt3fjk6edwAdLuZKEtUI0+vC6t4PT8LsC5bNKpOUmTGUWyJu9NGgs1fc=; AMCV_B5F9FF2554F608410A4C98C6%40AdobeOrg=1176715910%7CMCIDTS%7C19659%7CMCMID%7C30986471486012307707364686134468208909%7CMCAID%7CNONE%7CMCOPTOUT-1698471673s%7CNONE%7CvVersion%7C5.4.0; _ga_FD2X5ZMELR=GS1.1.1698464468.1.1.1698464474.0.0.0; _ga=GA1.1.800168080.1698464469; s_ecid=MCMID%7C30986471486012307707364686134468208909; _gcl_au=1.1.1525976388.1698464469; AMCVS_B5F9FF2554F608410A4C98C6%40AdobeOrg=1; btIdentify=f71ed42a-9710-4e53-a5db-f892252daec6; _bti=%7B%22app_id%22%3A%22ebg-wag3%22%2C%22bsin%22%3A%22kJ7NFmJTiFMe5aYlVJeNZTn9WhBSZU7buPb7raC6%2B4NvqKb9cP%2FxTMtYEaX8FcZCJRS8%2BqkxW13MkTUp%2FFy34Q%3D%3D%22%2C%22is_identified%22%3Afalse%7D; _bts=8fe47497-142d-4185-a62a-0bec89f26b6b; cf_clearance=mjciZ.JAm483u8WjxVFee81nEKcCVfHYBoB2ytFHNvQ-1698464469-0-1-69b0ef05.6b0d8b6b.438cce4a-0.2.1698464469; split_test_groups={"auth_v3_test1":{"group_id":"auth_v3","events":["stts-set-test-group","stts-view-search-result","stts-clickout-internal","stts-clickout-external","stts-auth-access","stts-accounts-created-password","stts-accounts-created-otp","stts-accounts-set-password-new","stts-auth-password-reset","stts-auth-password-skip"]}}; mbox=session#c33126014e5b4ef4846a0d7c62e0c72d#1698466334; at_check=true; g3refurl=https%253A%252F%252Fauth.savings.workingadvantage.com%252Faramco%252Fsign-in%253Fresponse_type%253Dcode%2526client_id%253D9ezalirn45mf43imjtdf53%2526redirect_uri%253Dhttps%253A%25252f%25252faramco.savings.workingadvantage.com%25252fmy-profile%25252fdetails; prev_url_v2=https%253A%252F%252Fauth.savings.workingadvantage.com%252Faramco%252Fsign-in%253Fresponse_type%253Dcode%2526client_id%253D9ezalirn45mf43imjtdf53%2526redirect_uri%253Dhttps%253A%25252f%25252faramco.savings.workingadvantage.com%25252fmy-profile%25252fdetails; s_cc=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 28 Oct 2023 03:41:13 GMT
content-type: image/png
content-length: 18724
last-modified: Wed, 25 Oct 2023 01:27:26 GMT
etag: "65386efe-4924"
accept-ranges: bytes
strict-transport-security: max-age=5184000; includeSubDomains
x-frame-options: DENY
content-security-policy: frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
server: cloudflare
cf-ray: 81d0296d9f3b5689-OSL
alt-svc: h3=":443"; ma=86400

g3i.imgix.net/assets/auth-bg-3.jpg

151.101.246.208

200 OK

268 kB

URL GET HTTP/2
g3i.imgix.net/assets/auth-bg-3.jpg
IP
151.101.246.208:443
ASN
#54113 FASTLY

Requested by
https://auth.savings.workingadvantage.com/aramco/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Faramco.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerGlobalSign nv-sa
Subject*.imgix.com
FingerprintB4:E4:B7:6D:A3:73:77:08:35:9C:5A:31:F8:BC:B9:C0:D4:91:E5:D4
ValiditySun, 05 Mar 2023 12:38:15 GMT - Fri, 05 Apr 2024 12:38:14 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1920x1400, components 3\012- data
Size
268 kB (267462 bytes)
Hash
4beee1bf5c6a4979c610e700c92cc572
9381ccd908be1f35ea28f1602472a3f4afc96dc0
3085dbb36c047918aa7839b0082b4f9f79b9bcbc2811b213905ec47107d26a0a

HTTP Headers

GET /assets/auth-bg-3.jpg HTTP/1.1
Host: g3i.imgix.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
last-modified: Tue, 17 Oct 2023 14:12:30 GMT
cache-control: public, max-age=31536000
server: imgix
x-imgix-id: 53d6e0e83b4c1c9c687b67046e7b7fb52cb5d4c7
x-imgix-render-farm: 01.140360
date: Sat, 28 Oct 2023 03:41:13 GMT
age: 912523
accept-ranges: bytes
content-type: image/jpeg
access-control-allow-origin: *
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
x-served-by: cache-sjc10054-SJC, cache-hel1410024-HEL
x-cache: HIT, HIT
content-length: 267462
X-Firefox-Spdy: h2

g3i.imgix.net/uploads/aramco_logo_wide_01.png?w=250&h=32&crop=entropy&fit=clip&trim=color&trim-color=FFFFFF

151.101.246.208

200 OK

4.5 kB

URL GET HTTP/2
g3i.imgix.net/uploads/aramco_logo_wide_01.png?w=250&h=32&crop=entropy&fit=clip&trim=color&trim-color=FFFFFF
IP
151.101.246.208:443
ASN
#54113 FASTLY

Requested by
https://auth.savings.workingadvantage.com/aramco/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Faramco.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerGlobalSign nv-sa
Subject*.imgix.com
FingerprintB4:E4:B7:6D:A3:73:77:08:35:9C:5A:31:F8:BC:B9:C0:D4:91:E5:D4
ValiditySun, 05 Mar 2023 12:38:15 GMT - Fri, 05 Apr 2024 12:38:14 GMT

File type
PNG image data, 105 x 32, 8-bit/color RGB, non-interlaced\012- data
Size
4.5 kB (4547 bytes)
Hash
2a8732f02dedf102358151af2d1eaedf
b4200631951183383f403e5e5e56ce872308677e
e47ca7fddb0900bc5f68f99044d04f40130804bf13ce72014b2d1ff7e875d248

HTTP Headers

GET /uploads/aramco_logo_wide_01.png?w=250&h=32&crop=entropy&fit=clip&trim=color&trim-color=FFFFFF HTTP/1.1
Host: g3i.imgix.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
last-modified: Wed, 27 Sep 2023 01:03:41 GMT
cache-control: public, max-age=31536000
server: imgix
x-imgix-id: b9ec15d55bb66ccab02b5e50d222683f5f022384
x-imgix-render-farm: 01.140360
date: Sat, 28 Oct 2023 03:41:13 GMT
age: 2687852
accept-ranges: bytes
content-type: image/png
access-control-allow-origin: *
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
x-served-by: cache-sjc1000117-SJC, cache-hel1410024-HEL
x-cache: HIT, MISS
content-length: 4547
X-Firefox-Spdy: h2

g3i.imgix.net/uploads/aramco_logo_wide_01.png?w=280&h=24&crop=entropy&fit=clip&trim=color&trim-color=FFFFFF

151.101.246.208

200 OK

2.9 kB

URL GET HTTP/2
g3i.imgix.net/uploads/aramco_logo_wide_01.png?w=280&h=24&crop=entropy&fit=clip&trim=color&trim-color=FFFFFF
IP
151.101.246.208:443
ASN
#54113 FASTLY

Requested by
https://auth.savings.workingadvantage.com/aramco/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Faramco.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerGlobalSign nv-sa
Subject*.imgix.com
FingerprintB4:E4:B7:6D:A3:73:77:08:35:9C:5A:31:F8:BC:B9:C0:D4:91:E5:D4
ValiditySun, 05 Mar 2023 12:38:15 GMT - Fri, 05 Apr 2024 12:38:14 GMT

File type
PNG image data, 79 x 24, 8-bit/color RGB, non-interlaced\012- data
Size
2.9 kB (2868 bytes)
Hash
701880e1ec4ac8402d656bed1031a0f8
5b69d5c65efcf01f0650e22f6a8b9226a948ba4f
86913de5c5e3b57bf40e1345ec632b11c437687be0730bee167072eb4352dfcf

HTTP Headers

GET /uploads/aramco_logo_wide_01.png?w=280&h=24&crop=entropy&fit=clip&trim=color&trim-color=FFFFFF HTTP/1.1
Host: g3i.imgix.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
last-modified: Fri, 13 Oct 2023 20:12:39 GMT
cache-control: public, max-age=31536000
server: imgix
x-imgix-id: a186f9e0b13a4556f4c894e18e476785fa8aaa57
x-imgix-render-farm: 01.140360
date: Sat, 28 Oct 2023 03:41:13 GMT
age: 1236514
accept-ranges: bytes
content-type: image/png
access-control-allow-origin: *
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
x-served-by: cache-sjc1000125-SJC, cache-hel1410024-HEL
x-cache: HIT, MISS
content-length: 2868
X-Firefox-Spdy: h2

fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ3q5d0.woff2

216.58.207.227

200 OK

14 kB

URL GET HTTP/3
fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ3q5d0.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://auth.savings.workingadvantage.com/aramco/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Faramco.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintBE:D3:D2:0A:C4:57:FB:0B:D7:17:48:C8:AB:52:49:39:3E:E9:3C:60
ValidityMon, 09 Oct 2023 08:10:32 GMT - Mon, 01 Jan 2024 08:10:31 GMT

File type
Web Open Font Format (Version 2), TrueType, length 14168, version 1.0\012- data
Size
14 kB (14168 bytes)
Hash
017598645bcc882a3610effe171c2ca3
ceaca8172b95b6954d5a5752698a5162d7e9877c
7a7ce1a34f3e9944fe88fc61abbc93b6db383afa2b90815fd7ccea456fbce4e5

HTTP Headers

GET /s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ3q5d0.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://auth.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 14168
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 21 Oct 2023 11:02:29 GMT
expires: Sun, 20 Oct 2024 11:02:29 GMT
cache-control: public, max-age=31536000
age: 578325
last-modified: Tue, 02 May 2023 15:29:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh50XSwiPGQ3q5d0.woff2

216.58.207.227

200 OK

14 kB

URL GET HTTP/3
fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh50XSwiPGQ3q5d0.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://auth.savings.workingadvantage.com/aramco/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Faramco.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintBE:D3:D2:0A:C4:57:FB:0B:D7:17:48:C8:AB:52:49:39:3E:E9:3C:60
ValidityMon, 09 Oct 2023 08:10:32 GMT - Mon, 01 Jan 2024 08:10:31 GMT

File type
Web Open Font Format (Version 2), TrueType, length 13724, version 1.0\012- data
Size
14 kB (13724 bytes)
Hash
cf5ec3859b05de1b9351ab934b937417
97ffac24ea5fe5c47301f1be229699330ea93bf2
bd9a6192274f8f2f3ce31cd3d2cae5ebe32e2fa86fc7c4f60a3c28556e496d56

HTTP Headers

GET /s/lato/v24/S6u9w4BMUTPHh50XSwiPGQ3q5d0.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://auth.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 13724
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 27 Oct 2023 23:49:09 GMT
expires: Sat, 26 Oct 2024 23:49:09 GMT
cache-control: public, max-age=31536000
age: 13925
last-modified: Tue, 02 May 2023 15:20:27 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

maps.googleapis.com/maps-api-v3/api/js/53/14/common.js

142.250.74.170

200 OK

58 kB

URL GET HTTP/3
maps.googleapis.com/maps-api-v3/api/js/53/14/common.js
IP
142.250.74.170:443
ASN
#15169 GOOGLE

Requested by
https://auth.savings.workingadvantage.com/aramco/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Faramco.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint87:BD:C2:71:54:40:3F:F2:18:79:1A:89:F5:E9:BC:63:E5:EC:57:64
ValidityMon, 09 Oct 2023 08:10:33 GMT - Mon, 01 Jan 2024 08:10:32 GMT

File type
ASCII text, with very long lines (586)
Size
58 kB (57767 bytes)
Hash
eb618b565389f0e239056733ad1cd3b4
8bde5b42b10d9f2085c15a44f5df44c8d10a3f08
58ed94893e4142be2847d35ed50d8c3cc9a9aca281143d7794658cb3adb82a9c

HTTP Headers

GET /maps-api-v3/api/js/53/14/common.js HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-length: 57767
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 27 Oct 2023 17:24:49 GMT
expires: Sat, 26 Oct 2024 17:24:49 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 01 Aug 2023 04:14:20 GMT
content-type: text/javascript
vary: Accept-Encoding, Origin
age: 36987
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

maps.googleapis.com/maps-api-v3/api/js/53/14/util.js

142.250.74.170

200 OK

51 kB

URL GET HTTP/3
maps.googleapis.com/maps-api-v3/api/js/53/14/util.js
IP
142.250.74.170:443
ASN
#15169 GOOGLE

Requested by
https://auth.savings.workingadvantage.com/aramco/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Faramco.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint87:BD:C2:71:54:40:3F:F2:18:79:1A:89:F5:E9:BC:63:E5:EC:57:64
ValidityMon, 09 Oct 2023 08:10:33 GMT - Mon, 01 Jan 2024 08:10:32 GMT

File type
ASCII text, with very long lines (564)
Size
51 kB (51065 bytes)
Hash
a0c5a63a3c62165dccd8235d731b0eff
b586b70b9b7a1e3480fb3199ef708e6ba63d1669
143541f596e492db378b791f22a1bab26b16aba740a6b3627d09fe9e56323d66

HTTP Headers

GET /maps-api-v3/api/js/53/14/util.js HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-length: 51065
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 27 Oct 2023 14:30:52 GMT
expires: Sat, 26 Oct 2024 14:30:52 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 01 Aug 2023 04:14:20 GMT
content-type: text/javascript
vary: Accept-Encoding, Origin
age: 47424
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

auth.savings.workingadvantage.com/assets/wa-logo-wide.png

172.64.148.145

200 OK

29 kB

URL GET HTTP/3
auth.savings.workingadvantage.com/assets/wa-logo-wide.png
IP
172.64.148.145:443
ASN
#13335 CLOUDFLARENET

Requested by
https://auth.savings.workingadvantage.com/aramco/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Faramco.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerCloudflare, Inc.
Subjectworkingadvantage.com
FingerprintE1:B3:50:87:CF:77:63:80:7F:9D:81:96:18:E2:FA:4F:AC:2D:A8:B6
ValidityThu, 06 Jul 2023 00:00:00 GMT - Thu, 04 Jul 2024 23:59:59 GMT

File type
PNG image data, 500 x 200, 8-bit/color RGB, non-interlaced\012- data
Size
29 kB (29260 bytes)
Hash
9a514012bac6a68b6d0025ca3f28f4e4
447dd4828180a2480363d765b2c9ef41c1835da1
99e2d1102c644111abed2ee312d1e57ed5418135c0c9905f3f2a1cd44312d3d4

HTTP Headers

GET /assets/wa-logo-wide.png HTTP/1.1
Host: auth.savings.workingadvantage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/aramco/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https:%2F%2Faramco.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Cookie: __cf_bm=rodsgAdpDO9jN0xxNHx2N.aCDuKu8Va02T_H912EQc8-1698464467-0-AclEW9ZgjMyGgwoR1WI8VBoIQ8umX5Eyt3fjk6edwAdLuZKEtUI0+vC6t4PT8LsC5bNKpOUmTGUWyJu9NGgs1fc=; AMCV_B5F9FF2554F608410A4C98C6%40AdobeOrg=1176715910%7CMCIDTS%7C19659%7CMCMID%7C30986471486012307707364686134468208909%7CMCAID%7CNONE%7CMCOPTOUT-1698471673s%7CNONE%7CvVersion%7C5.4.0; _ga_FD2X5ZMELR=GS1.1.1698464468.1.1.1698464474.0.0.0; _ga=GA1.1.800168080.1698464469; s_ecid=MCMID%7C30986471486012307707364686134468208909; _gcl_au=1.1.1525976388.1698464469; AMCVS_B5F9FF2554F608410A4C98C6%40AdobeOrg=1; btIdentify=f71ed42a-9710-4e53-a5db-f892252daec6; _bti=%7B%22app_id%22%3A%22ebg-wag3%22%2C%22bsin%22%3A%22kJ7NFmJTiFMe5aYlVJeNZTn9WhBSZU7buPb7raC6%2B4NvqKb9cP%2FxTMtYEaX8FcZCJRS8%2BqkxW13MkTUp%2FFy34Q%3D%3D%22%2C%22is_identified%22%3Afalse%7D; _bts=8fe47497-142d-4185-a62a-0bec89f26b6b; cf_clearance=mjciZ.JAm483u8WjxVFee81nEKcCVfHYBoB2ytFHNvQ-1698464469-0-1-69b0ef05.6b0d8b6b.438cce4a-0.2.1698464469; split_test_groups={"auth_v3_test1":{"group_id":"auth_v3","events":["stts-set-test-group","stts-view-search-result","stts-clickout-internal","stts-clickout-external","stts-auth-access","stts-accounts-created-password","stts-accounts-created-otp","stts-accounts-set-password-new","stts-auth-password-reset","stts-auth-password-skip"]}}; mbox=session#c33126014e5b4ef4846a0d7c62e0c72d#1698466334; at_check=true; g3refurl=https%253A%252F%252Fauth.savings.workingadvantage.com%252Faramco%252Fsign-in%253Fresponse_type%253Dcode%2526client_id%253D9ezalirn45mf43imjtdf53%2526redirect_uri%253Dhttps%253A%25252f%25252faramco.savings.workingadvantage.com%25252fmy-profile%25252fdetails; prev_url_v2=https%253A%252F%252Fauth.savings.workingadvantage.com%252Faramco%252Fsign-in%253Fresponse_type%253Dcode%2526client_id%253D9ezalirn45mf43imjtdf53%2526redirect_uri%253Dhttps%253A%25252f%25252faramco.savings.workingadvantage.com%25252fmy-profile%25252fdetails; s_cc=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 28 Oct 2023 03:41:13 GMT
content-type: image/png
content-length: 29260
last-modified: Wed, 25 Oct 2023 01:27:26 GMT
etag: "65386efe-724c"
accept-ranges: bytes
strict-transport-security: max-age=5184000; includeSubDomains
x-frame-options: DENY
content-security-policy: frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
server: cloudflare
cf-ray: 81d0296d9f395689-OSL
alt-svc: h3=":443"; ma=86400

auth.savings.workingadvantage.com/runtime-es2015.d65d9e1ef0e041f5ea49.js

172.64.148.145

200 OK

1.3 kB

URL GET HTTP/3
auth.savings.workingadvantage.com/runtime-es2015.d65d9e1ef0e041f5ea49.js
IP
172.64.148.145:443
ASN
#13335 CLOUDFLARENET

Requested by
https://auth.savings.workingadvantage.com/aramco/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Faramco.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerCloudflare, Inc.
Subjectworkingadvantage.com
FingerprintE1:B3:50:87:CF:77:63:80:7F:9D:81:96:18:E2:FA:4F:AC:2D:A8:B6
ValidityThu, 06 Jul 2023 00:00:00 GMT - Thu, 04 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (1299), with no line terminators
Size
1.3 kB (1297 bytes)
Hash
9661045bff6e6e78ed54b57c6dc003dc
0e1cfcb6e34a09aa820614a33fadf8e51716d367
0aead7214956a2d489b2ef36c84d7ef902b4ae270795fca7f528e8fa1589a861

HTTP Headers

GET /runtime-es2015.d65d9e1ef0e041f5ea49.js HTTP/1.1
Host: auth.savings.workingadvantage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/aramco/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Faramco.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Cookie: __cf_bm=rodsgAdpDO9jN0xxNHx2N.aCDuKu8Va02T_H912EQc8-1698464467-0-AclEW9ZgjMyGgwoR1WI8VBoIQ8umX5Eyt3fjk6edwAdLuZKEtUI0+vC6t4PT8LsC5bNKpOUmTGUWyJu9NGgs1fc=; AMCV_B5F9FF2554F608410A4C98C6%40AdobeOrg=1176715910%7CMCIDTS%7C19659%7CMCMID%7C30986471486012307707364686134468208909%7CMCAID%7CNONE%7CMCOPTOUT-1698471669s%7CNONE%7CvVersion%7C5.4.0; _ga_FD2X5ZMELR=GS1.1.1698464468.1.0.1698464469.0.0.0; _ga=GA1.1.800168080.1698464469; s_ecid=MCMID%7C30986471486012307707364686134468208909; _gcl_au=1.1.1525976388.1698464469; AMCVS_B5F9FF2554F608410A4C98C6%40AdobeOrg=1; btIdentify=f71ed42a-9710-4e53-a5db-f892252daec6; _bti=%7B%22app_id%22%3A%22ebg-wag3%22%2C%22bsin%22%3A%22kJ7NFmJTiFMe5aYlVJeNZTn9WhBSZU7buPb7raC6%2B4NvqKb9cP%2FxTMtYEaX8FcZCJRS8%2BqkxW13MkTUp%2FFy34Q%3D%3D%22%2C%22is_identified%22%3Afalse%7D; _bts=8fe47497-142d-4185-a62a-0bec89f26b6b; cf_clearance=mjciZ.JAm483u8WjxVFee81nEKcCVfHYBoB2ytFHNvQ-1698464469-0-1-69b0ef05.6b0d8b6b.438cce4a-0.2.1698464469; split_test_groups={"auth_v3_test1":{"group_id":"auth_v3","events":["stts-set-test-group","stts-view-search-result","stts-clickout-internal","stts-clickout-external","stts-auth-access","stts-accounts-created-password","stts-accounts-created-otp","stts-accounts-set-password-new","stts-auth-password-reset","stts-auth-password-skip"]}}
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 28 Oct 2023 03:41:10 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 25 Oct 2023 01:26:25 GMT
vary: Accept-Encoding
etag: W/"65386ec1-511"
strict-transport-security: max-age=5184000; includeSubDomains
x-frame-options: DENY
content-security-policy: frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
server: cloudflare
cf-ray: 81d0295d8a405689-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

aramco.savings.beneplace.com/api/info?authInfo=true

172.64.150.236

200 OK

8.2 kB

URL GET HTTP/2
aramco.savings.beneplace.com/api/info?authInfo=true
IP
172.64.150.236:443
ASN
#13335 CLOUDFLARENET

Requested by
https://auth.savings.workingadvantage.com/aramco/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Faramco.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerCloudflare, Inc.
Subjectbeneplace.com
Fingerprint29:E9:25:EC:69:97:9A:65:2D:C3:73:CB:B4:99:F2:EE:E5:D0:F3:FF
ValiditySat, 31 Dec 2022 00:00:00 GMT - Sun, 31 Dec 2023 23:59:59 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (8790), with no line terminators
Size
8.2 kB (8163 bytes)
Hash
a08745e8193f1bc0e6e752a7ff91e72b
59459ee9e771a6664bafa5cb18b7066ca0139587
0244c1fd5ca35c17f1772050cf045ee69b9bc0b24629de778b66fe1c45eb30c7

HTTP Headers

GET /api/info?authInfo=true HTTP/1.1
Host: aramco.savings.beneplace.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://auth.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 28 Oct 2023 03:41:11 GMT
content-type: application/json; charset=utf-8
x-powered-by: 
access-control-allow-origin: https://auth.savings.workingadvantage.com
vary: Origin
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
etag: W/"1fe3-kHkLeWmeY1XP6FW/xIFRTQHHoug"
expires: Sat, 28 Oct 2023 03:41:10 GMT
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=4ortZDjVjFx3lEkl1MM0qxltIv9uyG2L0nCgDYk0U5k-1698464471-0-AceEUYwPfGm54Oi+f61vso9m6ATjM9e76Ne880rNfqHXLMRi1q+mElfPH6Cfz+PncOFZV5ACpGt9DrvelhTujeU=; path=/; expires=Sat, 28-Oct-23 04:11:11 GMT; domain=.beneplace.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 81d02962cecab511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

aramco.savings.beneplace.com/api/navigation/aramco/auth_footer/US/auth

172.64.150.236

200 OK

959 B

URL GET HTTP/2
aramco.savings.beneplace.com/api/navigation/aramco/auth_footer/US/auth
IP
172.64.150.236:443
ASN
#13335 CLOUDFLARENET

Requested by
https://auth.savings.workingadvantage.com/aramco/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Faramco.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerCloudflare, Inc.
Subjectbeneplace.com
Fingerprint29:E9:25:EC:69:97:9A:65:2D:C3:73:CB:B4:99:F2:EE:E5:D0:F3:FF
ValiditySat, 31 Dec 2022 00:00:00 GMT - Sun, 31 Dec 2023 23:59:59 GMT

File type
troff or preprocessor input, Unicode text, UTF-8 text, with very long lines (1104), with no line terminators
Size
959 B (959 bytes)
Hash
c3d5ce7b6683af9add7f52618a9527c8
98a01bb68706d5471405a04bd895df57830fb21c
b6e6fbe23eb14cd5c64d79d2e09e4bc6bb145ecb372b1d861c22e9ca0c945915

HTTP Headers

GET /api/navigation/aramco/auth_footer/US/auth HTTP/1.1
Host: aramco.savings.beneplace.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://auth.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 28 Oct 2023 03:41:11 GMT
content-type: application/json; charset=utf-8
x-powered-by: 
access-control-allow-origin: https://auth.savings.workingadvantage.com
vary: Origin
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
etag: W/"3bf-fTrY/POxp8xLE7tJOcrV4J65oF4"
expires: Sat, 28 Oct 2023 03:41:10 GMT
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=asi.2Lz4ZCU4RUzl5sR2MzJ5rJ7LaYCRIEqfRFfnGCY-1698464471-0-AY0XEhBe9D+6sgi3DnLVFI/G+olfoMUuefApGdMhQVB1yrI0dzsKRCCpPWj9DMfACn5TM1n551hiXGeXnYpXhi8=; path=/; expires=Sat, 28-Oct-23 04:11:11 GMT; domain=.beneplace.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 81d02964df58b511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=UA-2876877-9

142.250.74.168

200 OK

190 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=UA-2876877-9
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://auth.savings.workingadvantage.com/aramco/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Faramco.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint97:15:34:CA:DF:1A:DF:2E:7B:EF:E9:6E:44:21:30:2B:ED:13:54:AE
ValidityMon, 09 Oct 2023 08:03:58 GMT - Mon, 01 Jan 2024 08:03:57 GMT

File type
ASCII text, with very long lines (4179)
Size
190 kB (189841 bytes)
Hash
c17f82c7916291ef33fd49572ab6bc22
05a129696d32973aa84e139b68703ef511edc5bb
5b545da03f3e62d8eaac58389785e84c2e88a31eef74ec928732469d70e07788

HTTP Headers

GET /gtag/js?id=UA-2876877-9 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 28 Oct 2023 03:41:12 GMT
expires: Sat, 28 Oct 2023 03:41:12 GMT
cache-control: private, max-age=900
last-modified: Sat, 28 Oct 2023 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 68591
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

auth.savings.workingadvantage.com/socket.io/?subdomain=aramco&EIO=3&transport=websocket

172.64.148.145

101 Switching Protocols

0 B

URL GET HTTP/1.1
auth.savings.workingadvantage.com/socket.io/?subdomain=aramco&EIO=3&transport=websocket
IP
172.64.148.145:443
ASN
#13335 CLOUDFLARENET

Requested by
https://auth.savings.workingadvantage.com/aramco/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Faramco.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerCloudflare, Inc.
Subjectworkingadvantage.com
FingerprintE1:B3:50:87:CF:77:63:80:7F:9D:81:96:18:E2:FA:4F:AC:2D:A8:B6
ValidityThu, 06 Jul 2023 00:00:00 GMT - Thu, 04 Jul 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /socket.io/?subdomain=aramco&EIO=3&transport=websocket HTTP/1.1
Host: auth.savings.workingadvantage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://auth.savings.workingadvantage.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: eDMEaHJtEYScgUn+M+56pg==
DNT: 1
Connection: keep-alive, Upgrade
Cookie: __cf_bm=rodsgAdpDO9jN0xxNHx2N.aCDuKu8Va02T_H912EQc8-1698464467-0-AclEW9ZgjMyGgwoR1WI8VBoIQ8umX5Eyt3fjk6edwAdLuZKEtUI0+vC6t4PT8LsC5bNKpOUmTGUWyJu9NGgs1fc=; AMCV_B5F9FF2554F608410A4C98C6%40AdobeOrg=1176715910%7CMCIDTS%7C19659%7CMCMID%7C30986471486012307707364686134468208909%7CMCAID%7CNONE%7CMCOPTOUT-1698471672s%7CNONE%7CvVersion%7C5.4.0; _ga_FD2X5ZMELR=GS1.1.1698464468.1.1.1698464472.0.0.0; _ga=GA1.1.800168080.1698464469; s_ecid=MCMID%7C30986471486012307707364686134468208909; _gcl_au=1.1.1525976388.1698464469; AMCVS_B5F9FF2554F608410A4C98C6%40AdobeOrg=1; btIdentify=f71ed42a-9710-4e53-a5db-f892252daec6; _bti=%7B%22app_id%22%3A%22ebg-wag3%22%2C%22bsin%22%3A%22kJ7NFmJTiFMe5aYlVJeNZTn9WhBSZU7buPb7raC6%2B4NvqKb9cP%2FxTMtYEaX8FcZCJRS8%2BqkxW13MkTUp%2FFy34Q%3D%3D%22%2C%22is_identified%22%3Afalse%7D; _bts=8fe47497-142d-4185-a62a-0bec89f26b6b; cf_clearance=mjciZ.JAm483u8WjxVFee81nEKcCVfHYBoB2ytFHNvQ-1698464469-0-1-69b0ef05.6b0d8b6b.438cce4a-0.2.1698464469; split_test_groups={"auth_v3_test1":{"group_id":"auth_v3","events":["stts-set-test-group","stts-view-search-result","stts-clickout-internal","stts-clickout-external","stts-auth-access","stts-accounts-created-password","stts-accounts-created-otp","stts-accounts-set-password-new","stts-auth-password-reset","stts-auth-password-skip"]}}
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Date: Sat, 28 Oct 2023 03:41:12 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: co3WsxjWlGfrTmpRjT+maJdednw=
Access-Control-Allow-Origin: https://auth.savings.workingadvantage.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
CF-Cache-Status: DYNAMIC
Strict-Transport-Security: max-age=5184000; includeSubDomains
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 81d02966ee40b515-OSL
alt-svc: h3=":443"; ma=86400

aramco.savings.beneplace.com/api/platform/options/onetrust

172.64.150.236

200 OK

501 B

URL GET HTTP/3
aramco.savings.beneplace.com/api/platform/options/onetrust
IP
172.64.150.236:443
ASN
#13335 CLOUDFLARENET

Requested by
https://auth.savings.workingadvantage.com/aramco/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Faramco.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerCloudflare, Inc.
Subjectbeneplace.com
Fingerprint29:E9:25:EC:69:97:9A:65:2D:C3:73:CB:B4:99:F2:EE:E5:D0:F3:FF
ValiditySat, 31 Dec 2022 00:00:00 GMT - Sun, 31 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (593), with no line terminators
Size
501 B (501 bytes)
Hash
1bd871cf6bfbdcca54219eb3b5f1a023
6c8160b6c99dad28e761f01cc9267074a506054a
0f7d9620b9f4d1e7cc5395cc066a7728b4f91b1684cd2fa7b29142b08b03a06f

HTTP Headers

GET /api/platform/options/onetrust HTTP/1.1
Host: aramco.savings.beneplace.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://auth.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 28 Oct 2023 03:41:12 GMT
content-type: application/json; charset=utf-8
x-powered-by: 
access-control-allow-origin: https://auth.savings.workingadvantage.com
vary: Origin
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
etag: W/"1f5-7p9slVTH/yNu6/xY0Gl0Ekd5Wds"
expires: Sat, 28 Oct 2023 03:41:11 GMT
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=qFiq.EfwtQEg_EWpNaDat8fSVptR_FHI1NJbXMy4xr8-1698464472-0-ASntZzaKd6BrqMRIMujum4qq/9nz4XkwX8347BqgCy9vhOVeNyifLFyjnlMgcC1cstAm5g0+GSh6FZxuxibdnaQ=; path=/; expires=Sat, 28-Oct-23 04:11:12 GMT; domain=.beneplace.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 81d02966d8700b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

aramco.savings.beneplace.com/api/info

172.64.150.236

200 OK

6.8 kB

URL GET HTTP/2
aramco.savings.beneplace.com/api/info
IP
172.64.150.236:443
ASN
#13335 CLOUDFLARENET

Requested by
https://auth.savings.workingadvantage.com/aramco/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Faramco.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerCloudflare, Inc.
Subjectbeneplace.com
Fingerprint29:E9:25:EC:69:97:9A:65:2D:C3:73:CB:B4:99:F2:EE:E5:D0:F3:FF
ValiditySat, 31 Dec 2022 00:00:00 GMT - Sun, 31 Dec 2023 23:59:59 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (7284), with no line terminators
Size
6.8 kB (6751 bytes)
Hash
ea3d933fdd9ba4885a5dc592bb6c56b2
b246c5d3dd768f22cc5abdfe9305f473a19f0bb4
d92e92c05396a474cda7a87a38f8044d22e4d993eb6370b657de4bf2fdb280c2

HTTP Headers

GET /api/info HTTP/1.1
Host: aramco.savings.beneplace.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://auth.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 28 Oct 2023 03:41:11 GMT
content-type: application/json; charset=utf-8
x-powered-by: 
access-control-allow-origin: https://auth.savings.workingadvantage.com
vary: Origin
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
etag: W/"1a5f-Nc1yFws58yQ5fjqNnRAnARARBG0"
expires: Sat, 28 Oct 2023 03:41:10 GMT
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=jKHtR01Dp90twcpHMvT9EumhNNSusw_6rmw9b6u3OTM-1698464471-0-AdSMFPviDj+NmsnaznaiezLAh+fC4ruJNln2NE0+6YCHPodbFf0tno3Sv1w//8BkU1WCz9GPm6CnCEpECFwmpfA=; path=/; expires=Sat, 28-Oct-23 04:11:11 GMT; domain=.beneplace.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 81d02962bec4b511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

aramco.savings.beneplace.com/api/aramco/marketplace-styles.css

172.64.150.236

200 OK

33 kB

URL GET HTTP/2
aramco.savings.beneplace.com/api/aramco/marketplace-styles.css
IP
172.64.150.236:443
ASN
#13335 CLOUDFLARENET

Requested by
https://auth.savings.workingadvantage.com/aramco/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Faramco.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerCloudflare, Inc.
Subjectbeneplace.com
Fingerprint29:E9:25:EC:69:97:9A:65:2D:C3:73:CB:B4:99:F2:EE:E5:D0:F3:FF
ValiditySat, 31 Dec 2022 00:00:00 GMT - Sun, 31 Dec 2023 23:59:59 GMT

File type
ASCII text
Size
33 kB (33219 bytes)
Hash
e14691bbf6fa71141db853013135434b
2d1c236463cc2b0b88660f8d36f35a792b4d3ece
9905c4d49013e8e380a3449ba1014c3af01d0e74bd22831dcbf3db77fd91f259

HTTP Headers

GET /api/aramco/marketplace-styles.css HTTP/1.1
Host: aramco.savings.beneplace.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://auth.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 28 Oct 2023 03:41:11 GMT
content-type: text/css; charset=utf-8
x-powered-by: 
access-control-allow-origin: https://auth.savings.workingadvantage.com
vary: Origin
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
etag: W/"81c3-LRwjZGPMKwuIZg+NNvNaeStNPs4"
expires: Sat, 28 Oct 2023 03:41:10 GMT
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=eJM_gs8gghQ_mHZ0SynmQ_p7nNqNdirqRKYwctXIiOM-1698464471-0-Aa0X0H9TrzscZkiAPp2op8Bgg3ZHdMFYjPXdvv5lsaLlkX9C/46dQ6oqZ4l3zoWH3Trn28B5XZh1r2EYbXjEcxg=; path=/; expires=Sat, 28-Oct-23 04:11:11 GMT; domain=.beneplace.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 81d02962bec8b511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

aramco.savings.beneplace.com/api/platform/options/mouseflow?name=workingadvantage_mouseflow_script_id

172.64.150.236

200 OK

94 B

URL GET HTTP/3
aramco.savings.beneplace.com/api/platform/options/mouseflow?name=workingadvantage_mouseflow_script_id
IP
172.64.150.236:443
ASN
#13335 CLOUDFLARENET

Requested by
https://auth.savings.workingadvantage.com/aramco/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Faramco.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerCloudflare, Inc.
Subjectbeneplace.com
Fingerprint29:E9:25:EC:69:97:9A:65:2D:C3:73:CB:B4:99:F2:EE:E5:D0:F3:FF
ValiditySat, 31 Dec 2022 00:00:00 GMT - Sun, 31 Dec 2023 23:59:59 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
94 B (94 bytes)
Hash
574380e3af8e668c085d981c9866561b
68a87b621a0b735bd2c5f0d9ab264e2a5a5e5e1b
18eb455b689078c36720e1eb62d51e407dd707b6565340fa85e9f706f48b2033

HTTP Headers

GET /api/platform/options/mouseflow?name=workingadvantage_mouseflow_script_id HTTP/1.1
Host: aramco.savings.beneplace.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://auth.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 28 Oct 2023 03:41:12 GMT
content-type: application/json; charset=utf-8
x-powered-by: 
access-control-allow-origin: https://auth.savings.workingadvantage.com
vary: Origin
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
etag: W/"5e-xWERRy+8FVp8nFwecehLclRX7Go"
expires: Sat, 28 Oct 2023 03:41:11 GMT
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=wAbApg3XmCJe5c1RB3CF60DmybaDTwyMfg0w.4ZGLQc-1698464472-0-AQsLOfyoCJMrzM9WH94OEkclPkEXCN5wbgNObCbRd2Qbv3gIBB3AdptyRIsCLNXAcPO7kwsjKCTKC6FF0fmtaKI=; path=/; expires=Sat, 28-Oct-23 04:11:12 GMT; domain=.beneplace.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 81d02967b8a60b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/launch-a0e5cece2585.min.js

23.38.200.237

200 OK

636 kB

URL GET HTTP/2
assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/launch-a0e5cece2585.min.js
IP
23.38.200.237:443
ASN
#16625 AKAMAI-AS

Requested by
https://auth.savings.workingadvantage.com/aramco/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Faramco.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerDigiCert Inc
Subjectassets.adobedtm.com
Fingerprint8E:2F:9F:94:55:93:C2:B5:58:37:E8:D3:02:3C:23:AF:BA:E7:1D:EA
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sat, 10 Aug 2024 23:59:59 GMT

File type
ASCII text, with very long lines (32727)
Size
636 kB (636006 bytes)
Hash
e33d264b6768a8b8fee1604b859d7748
0701341ff29fe105f8dadcd8e2fed92e14f9f119
0243c31edfa364b267018adb5220cf2ccc54e61f1b5a472fa7ba9cc6c1a4c984

HTTP Headers

GET /a281455e4dfe/86f9b29df5eb/launch-a0e5cece2585.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "e33d264b6768a8b8fee1604b859d7748:1696974419.198914"
last-modified: Tue, 10 Oct 2023 21:46:59 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 154061
cache-control: max-age=3600
expires: Sat, 28 Oct 2023 04:41:10 GMT
date: Sat, 28 Oct 2023 03:41:10 GMT
access-control-allow-origin: https://auth.savings.workingadvantage.com
timing-allow-origin: *
X-Firefox-Spdy: h2

auth.savings.workingadvantage.com/auth/authorize?subdomain=aramco&response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Faramco.savings.workingadvantage.com%2Fmy-profile%2Fdetails

172.64.148.145

302 Found

11 kB

URL User Request GET HTTP/3
auth.savings.workingadvantage.com/auth/authorize?subdomain=aramco&response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Faramco.savings.workingadvantage.com%2Fmy-profile%2Fdetails
IP
172.64.148.145:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerCloudflare, Inc.
Subjectworkingadvantage.com
FingerprintE1:B3:50:87:CF:77:63:80:7F:9D:81:96:18:E2:FA:4F:AC:2D:A8:B6
ValidityThu, 06 Jul 2023 00:00:00 GMT - Thu, 04 Jul 2024 23:59:59 GMT

File type

Size
11 kB (11020 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /auth/authorize?subdomain=aramco&response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Faramco.savings.workingadvantage.com%2Fmy-profile%2Fdetails HTTP/1.1
Host: auth.savings.workingadvantage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aramco.savings.workingadvantage.com/
Cookie: __cf_bm=rodsgAdpDO9jN0xxNHx2N.aCDuKu8Va02T_H912EQc8-1698464467-0-AclEW9ZgjMyGgwoR1WI8VBoIQ8umX5Eyt3fjk6edwAdLuZKEtUI0+vC6t4PT8LsC5bNKpOUmTGUWyJu9NGgs1fc=; AMCV_B5F9FF2554F608410A4C98C6%40AdobeOrg=1176715910%7CMCIDTS%7C19659%7CMCMID%7C30986471486012307707364686134468208909%7CMCAID%7CNONE%7CMCOPTOUT-1698471669s%7CNONE%7CvVersion%7C5.4.0; _ga_FD2X5ZMELR=GS1.1.1698464468.1.0.1698464469.0.0.0; _ga=GA1.1.800168080.1698464469; s_ecid=MCMID%7C30986471486012307707364686134468208909; _gcl_au=1.1.1525976388.1698464469; AMCVS_B5F9FF2554F608410A4C98C6%40AdobeOrg=1; btIdentify=f71ed42a-9710-4e53-a5db-f892252daec6; _bti=%7B%22app_id%22%3A%22ebg-wag3%22%2C%22bsin%22%3A%22kJ7NFmJTiFMe5aYlVJeNZTn9WhBSZU7buPb7raC6%2B4NvqKb9cP%2FxTMtYEaX8FcZCJRS8%2BqkxW13MkTUp%2FFy34Q%3D%3D%22%2C%22is_identified%22%3Afalse%7D; _bts=8fe47497-142d-4185-a62a-0bec89f26b6b; cf_clearance=mjciZ.JAm483u8WjxVFee81nEKcCVfHYBoB2ytFHNvQ-1698464469-0-1-69b0ef05.6b0d8b6b.438cce4a-0.2.1698464469; split_test_groups={"auth_v3_test1":{"group_id":"auth_v3","events":["stts-set-test-group","stts-view-search-result","stts-clickout-internal","stts-clickout-external","stts-auth-access","stts-accounts-created-password","stts-accounts-created-otp","stts-accounts-set-password-new","stts-auth-password-reset","stts-auth-password-skip"]}}
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 302 Found
date: Sat, 28 Oct 2023 03:41:10 GMT
content-type: text/html; charset=utf-8
x-powered-by: 
access-control-allow-origin: http://auth.savings.workingadvantage.com
vary: Origin, Accept
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
location: /aramco/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Faramco.savings.workingadvantage.com%2Fmy-profile%2Fdetails
expires: Sat, 28 Oct 2023 03:41:09 GMT
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-cache-status: DYNAMIC
strict-transport-security: max-age=5184000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 81d0295b898b5689-OSL
alt-svc: h3=":443"; ma=86400

auth.savings.workingadvantage.com/styles.7a30f38d0e88aa825854.css

172.64.148.145

200 OK

40 kB

URL GET HTTP/3
auth.savings.workingadvantage.com/styles.7a30f38d0e88aa825854.css
IP
172.64.148.145:443
ASN
#13335 CLOUDFLARENET

Requested by
https://auth.savings.workingadvantage.com/aramco/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Faramco.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerCloudflare, Inc.
Subjectworkingadvantage.com
FingerprintE1:B3:50:87:CF:77:63:80:7F:9D:81:96:18:E2:FA:4F:AC:2D:A8:B6
ValidityThu, 06 Jul 2023 00:00:00 GMT - Thu, 04 Jul 2024 23:59:59 GMT

File type

Size
40 kB (39903 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /styles.7a30f38d0e88aa825854.css HTTP/1.1
Host: auth.savings.workingadvantage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/aramco/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Faramco.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Cookie: __cf_bm=rodsgAdpDO9jN0xxNHx2N.aCDuKu8Va02T_H912EQc8-1698464467-0-AclEW9ZgjMyGgwoR1WI8VBoIQ8umX5Eyt3fjk6edwAdLuZKEtUI0+vC6t4PT8LsC5bNKpOUmTGUWyJu9NGgs1fc=; AMCV_B5F9FF2554F608410A4C98C6%40AdobeOrg=1176715910%7CMCIDTS%7C19659%7CMCMID%7C30986471486012307707364686134468208909%7CMCAID%7CNONE%7CMCOPTOUT-1698471669s%7CNONE%7CvVersion%7C5.4.0; _ga_FD2X5ZMELR=GS1.1.1698464468.1.0.1698464469.0.0.0; _ga=GA1.1.800168080.1698464469; s_ecid=MCMID%7C30986471486012307707364686134468208909; _gcl_au=1.1.1525976388.1698464469; AMCVS_B5F9FF2554F608410A4C98C6%40AdobeOrg=1; btIdentify=f71ed42a-9710-4e53-a5db-f892252daec6; _bti=%7B%22app_id%22%3A%22ebg-wag3%22%2C%22bsin%22%3A%22kJ7NFmJTiFMe5aYlVJeNZTn9WhBSZU7buPb7raC6%2B4NvqKb9cP%2FxTMtYEaX8FcZCJRS8%2BqkxW13MkTUp%2FFy34Q%3D%3D%22%2C%22is_identified%22%3Afalse%7D; _bts=8fe47497-142d-4185-a62a-0bec89f26b6b; cf_clearance=mjciZ.JAm483u8WjxVFee81nEKcCVfHYBoB2ytFHNvQ-1698464469-0-1-69b0ef05.6b0d8b6b.438cce4a-0.2.1698464469; split_test_groups={"auth_v3_test1":{"group_id":"auth_v3","events":["stts-set-test-group","stts-view-search-result","stts-clickout-internal","stts-clickout-external","stts-auth-access","stts-accounts-created-password","stts-accounts-created-otp","stts-accounts-set-password-new","stts-auth-password-reset","stts-auth-password-skip"]}}
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 28 Oct 2023 03:41:11 GMT
content-type: text/css
last-modified: Wed, 25 Oct 2023 01:26:23 GMT
vary: Accept-Encoding
etag: W/"65386ebf-9bdf"
strict-transport-security: max-age=5184000; includeSubDomains
x-frame-options: DENY
content-security-policy: frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
server: cloudflare
cf-ray: 81d0295f8afb5689-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

auth.savings.workingadvantage.com/scripts.839823a06217b7c66e38.js

172.64.148.145

200 OK

169 kB

URL GET HTTP/3
auth.savings.workingadvantage.com/scripts.839823a06217b7c66e38.js
IP
172.64.148.145:443
ASN
#13335 CLOUDFLARENET

Requested by
https://auth.savings.workingadvantage.com/aramco/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Faramco.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerCloudflare, Inc.
Subjectworkingadvantage.com
FingerprintE1:B3:50:87:CF:77:63:80:7F:9D:81:96:18:E2:FA:4F:AC:2D:A8:B6
ValidityThu, 06 Jul 2023 00:00:00 GMT - Thu, 04 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65447)
Size
169 kB (169343 bytes)
Hash
c675db7168c0708d3d720fef3c4a3ea4
64a3258a7699004f327d490575d9d19301d481a9
cf6df84cb37b5c853a3414f9878473bec61127f2168d9431131bbe0be589a335

HTTP Headers

GET /scripts.839823a06217b7c66e38.js HTTP/1.1
Host: auth.savings.workingadvantage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/aramco/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Faramco.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Cookie: __cf_bm=rodsgAdpDO9jN0xxNHx2N.aCDuKu8Va02T_H912EQc8-1698464467-0-AclEW9ZgjMyGgwoR1WI8VBoIQ8umX5Eyt3fjk6edwAdLuZKEtUI0+vC6t4PT8LsC5bNKpOUmTGUWyJu9NGgs1fc=; AMCV_B5F9FF2554F608410A4C98C6%40AdobeOrg=1176715910%7CMCIDTS%7C19659%7CMCMID%7C30986471486012307707364686134468208909%7CMCAID%7CNONE%7CMCOPTOUT-1698471669s%7CNONE%7CvVersion%7C5.4.0; _ga_FD2X5ZMELR=GS1.1.1698464468.1.0.1698464469.0.0.0; _ga=GA1.1.800168080.1698464469; s_ecid=MCMID%7C30986471486012307707364686134468208909; _gcl_au=1.1.1525976388.1698464469; AMCVS_B5F9FF2554F608410A4C98C6%40AdobeOrg=1; btIdentify=f71ed42a-9710-4e53-a5db-f892252daec6; _bti=%7B%22app_id%22%3A%22ebg-wag3%22%2C%22bsin%22%3A%22kJ7NFmJTiFMe5aYlVJeNZTn9WhBSZU7buPb7raC6%2B4NvqKb9cP%2FxTMtYEaX8FcZCJRS8%2BqkxW13MkTUp%2FFy34Q%3D%3D%22%2C%22is_identified%22%3Afalse%7D; _bts=8fe47497-142d-4185-a62a-0bec89f26b6b; cf_clearance=mjciZ.JAm483u8WjxVFee81nEKcCVfHYBoB2ytFHNvQ-1698464469-0-1-69b0ef05.6b0d8b6b.438cce4a-0.2.1698464469; split_test_groups={"auth_v3_test1":{"group_id":"auth_v3","events":["stts-set-test-group","stts-view-search-result","stts-clickout-internal","stts-clickout-external","stts-auth-access","stts-accounts-created-password","stts-accounts-created-otp","stts-accounts-set-password-new","stts-auth-password-reset","stts-auth-password-skip"]}}
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 28 Oct 2023 03:41:10 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 25 Oct 2023 01:26:23 GMT
vary: Accept-Encoding
etag: W/"65386ebf-2957f"
strict-transport-security: max-age=5184000; includeSubDomains
x-frame-options: DENY
content-security-policy: frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
server: cloudflare
cf-ray: 81d0295d8a435689-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

aramco.savings.beneplace.com/api/info?authInfo=true

172.64.150.236

200 OK

8.2 kB

URL GET HTTP/2
aramco.savings.beneplace.com/api/info?authInfo=true
IP
172.64.150.236:443
ASN
#13335 CLOUDFLARENET

Requested by
https://auth.savings.workingadvantage.com/aramco/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Faramco.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerCloudflare, Inc.
Subjectbeneplace.com
Fingerprint29:E9:25:EC:69:97:9A:65:2D:C3:73:CB:B4:99:F2:EE:E5:D0:F3:FF
ValiditySat, 31 Dec 2022 00:00:00 GMT - Sun, 31 Dec 2023 23:59:59 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (8790), with no line terminators
Size
8.2 kB (8163 bytes)
Hash
a08745e8193f1bc0e6e752a7ff91e72b
59459ee9e771a6664bafa5cb18b7066ca0139587
0244c1fd5ca35c17f1772050cf045ee69b9bc0b24629de778b66fe1c45eb30c7

HTTP Headers

GET /api/info?authInfo=true HTTP/1.1
Host: aramco.savings.beneplace.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://auth.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 28 Oct 2023 03:41:11 GMT
content-type: application/json; charset=utf-8
x-powered-by: 
access-control-allow-origin: https://auth.savings.workingadvantage.com
vary: Origin
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
etag: W/"1fe3-kHkLeWmeY1XP6FW/xIFRTQHHoug"
expires: Sat, 28 Oct 2023 03:41:10 GMT
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=uYcsFhOtRCJPpwaTtqfrgcjfYac9LHFdi7NluUcTOkE-1698464471-0-AYuaWtx4o3kZ4dJL/K+oQIeLC3tqYcXh/NN29pxZ58jrQNAqjB5zTPz4XSJmx0oHuYMx5PCm6LAWzuCdPnhO9NI=; path=/; expires=Sat, 28-Oct-23 04:11:11 GMT; domain=.beneplace.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 81d02962bec6b511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

auth.savings.workingadvantage.com/favicon.ico

172.64.148.145

200 OK

11 kB

URL GET HTTP/3
auth.savings.workingadvantage.com/favicon.ico
IP
172.64.148.145:443
ASN
#13335 CLOUDFLARENET

Requested by
https://auth.savings.workingadvantage.com/aramco/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Faramco.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerCloudflare, Inc.
Subjectworkingadvantage.com
FingerprintE1:B3:50:87:CF:77:63:80:7F:9D:81:96:18:E2:FA:4F:AC:2D:A8:B6
ValidityThu, 06 Jul 2023 00:00:00 GMT - Thu, 04 Jul 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (3285)
Size
11 kB (11020 bytes)
Hash
af63b10b1dd36207cb645ca6162a97a3
7e3bdcfcf0c38600af0ea470d6b5a253fa7fa02e
b3b83ced5629150dbea6190afe5ad44feaef7987587aa905a7254ee701c2a3a0

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: auth.savings.workingadvantage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/aramco/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Faramco.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Cookie: __cf_bm=rodsgAdpDO9jN0xxNHx2N.aCDuKu8Va02T_H912EQc8-1698464467-0-AclEW9ZgjMyGgwoR1WI8VBoIQ8umX5Eyt3fjk6edwAdLuZKEtUI0+vC6t4PT8LsC5bNKpOUmTGUWyJu9NGgs1fc=; AMCV_B5F9FF2554F608410A4C98C6%40AdobeOrg=1176715910%7CMCIDTS%7C19659%7CMCMID%7C30986471486012307707364686134468208909%7CMCAID%7CNONE%7CMCOPTOUT-1698471672s%7CNONE%7CvVersion%7C5.4.0; _ga_FD2X5ZMELR=GS1.1.1698464468.1.1.1698464472.0.0.0; _ga=GA1.1.800168080.1698464469; s_ecid=MCMID%7C30986471486012307707364686134468208909; _gcl_au=1.1.1525976388.1698464469; AMCVS_B5F9FF2554F608410A4C98C6%40AdobeOrg=1; btIdentify=f71ed42a-9710-4e53-a5db-f892252daec6; _bti=%7B%22app_id%22%3A%22ebg-wag3%22%2C%22bsin%22%3A%22kJ7NFmJTiFMe5aYlVJeNZTn9WhBSZU7buPb7raC6%2B4NvqKb9cP%2FxTMtYEaX8FcZCJRS8%2BqkxW13MkTUp%2FFy34Q%3D%3D%22%2C%22is_identified%22%3Afalse%7D; _bts=8fe47497-142d-4185-a62a-0bec89f26b6b; cf_clearance=mjciZ.JAm483u8WjxVFee81nEKcCVfHYBoB2ytFHNvQ-1698464469-0-1-69b0ef05.6b0d8b6b.438cce4a-0.2.1698464469; split_test_groups={"auth_v3_test1":{"group_id":"auth_v3","events":["stts-set-test-group","stts-view-search-result","stts-clickout-internal","stts-clickout-external","stts-auth-access","stts-accounts-created-password","stts-accounts-created-otp","stts-accounts-set-password-new","stts-auth-password-reset","stts-auth-password-skip"]}}
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 28 Oct 2023 03:41:12 GMT
content-type: text/html; charset=utf-8
last-modified: Wed, 25 Oct 2023 01:27:26 GMT
vary: Accept-Encoding
strict-transport-security: max-age=5184000; includeSubDomains
x-frame-options: DENY
content-security-policy: frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
server: cloudflare
cf-ray: 81d029668d2b5689-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

aramco.savings.beneplace.com/api/info?authInfo=true

172.64.150.236

200 OK

8.2 kB

URL GET HTTP/3
aramco.savings.beneplace.com/api/info?authInfo=true
IP
172.64.150.236:443
ASN
#13335 CLOUDFLARENET

Requested by
https://auth.savings.workingadvantage.com/aramco/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Faramco.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerCloudflare, Inc.
Subjectbeneplace.com
Fingerprint29:E9:25:EC:69:97:9A:65:2D:C3:73:CB:B4:99:F2:EE:E5:D0:F3:FF
ValiditySat, 31 Dec 2022 00:00:00 GMT - Sun, 31 Dec 2023 23:59:59 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (8790), with no line terminators
Size
8.2 kB (8163 bytes)
Hash
a08745e8193f1bc0e6e752a7ff91e72b
59459ee9e771a6664bafa5cb18b7066ca0139587
0244c1fd5ca35c17f1772050cf045ee69b9bc0b24629de778b66fe1c45eb30c7

HTTP Headers

GET /api/info?authInfo=true HTTP/1.1
Host: aramco.savings.beneplace.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://auth.savings.workingadvantage.com
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 28 Oct 2023 03:41:12 GMT
content-type: application/json; charset=utf-8
x-powered-by: 
access-control-allow-origin: https://auth.savings.workingadvantage.com
vary: Origin
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
etag: W/"1fe3-kHkLeWmeY1XP6FW/xIFRTQHHoug"
expires: Sat, 28 Oct 2023 03:41:11 GMT
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=t4y4Z2L.rXNSs_zvSsS_aEjhXA7NrOSZGIBfVHdJSFA-1698464472-0-AcrjODG+AUdnEbGov2oMPhosbH6NbA52VCEaIaPmf6YITjWJV10YO6zKCZC8/NIpX43s9N+0lFEhwlKXvt7U69s=; path=/; expires=Sat, 28-Oct-23 04:11:12 GMT; domain=.beneplace.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 81d02967187c0b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

auth.savings.workingadvantage.com/aramco/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Faramco.savings.workingadvantage.com%2Fmy-profile%2Fdetails

172.64.148.145

200 OK

11 kB

URL User Request GET HTTP/3
auth.savings.workingadvantage.com/aramco/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Faramco.savings.workingadvantage.com%2Fmy-profile%2Fdetails
IP
172.64.148.145:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerCloudflare, Inc.
Subjectworkingadvantage.com
FingerprintE1:B3:50:87:CF:77:63:80:7F:9D:81:96:18:E2:FA:4F:AC:2D:A8:B6
ValidityThu, 06 Jul 2023 00:00:00 GMT - Thu, 04 Jul 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (3285)
Size
11 kB (11020 bytes)
Hash
af63b10b1dd36207cb645ca6162a97a3
7e3bdcfcf0c38600af0ea470d6b5a253fa7fa02e
b3b83ced5629150dbea6190afe5ad44feaef7987587aa905a7254ee701c2a3a0

HTTP Headers

GET /aramco/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Faramco.savings.workingadvantage.com%2Fmy-profile%2Fdetails HTTP/1.1
Host: auth.savings.workingadvantage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://aramco.savings.workingadvantage.com/
DNT: 1
Connection: keep-alive
Cookie: __cf_bm=rodsgAdpDO9jN0xxNHx2N.aCDuKu8Va02T_H912EQc8-1698464467-0-AclEW9ZgjMyGgwoR1WI8VBoIQ8umX5Eyt3fjk6edwAdLuZKEtUI0+vC6t4PT8LsC5bNKpOUmTGUWyJu9NGgs1fc=; AMCV_B5F9FF2554F608410A4C98C6%40AdobeOrg=1176715910%7CMCIDTS%7C19659%7CMCMID%7C30986471486012307707364686134468208909%7CMCAID%7CNONE%7CMCOPTOUT-1698471669s%7CNONE%7CvVersion%7C5.4.0; _ga_FD2X5ZMELR=GS1.1.1698464468.1.0.1698464469.0.0.0; _ga=GA1.1.800168080.1698464469; s_ecid=MCMID%7C30986471486012307707364686134468208909; _gcl_au=1.1.1525976388.1698464469; AMCVS_B5F9FF2554F608410A4C98C6%40AdobeOrg=1; btIdentify=f71ed42a-9710-4e53-a5db-f892252daec6; _bti=%7B%22app_id%22%3A%22ebg-wag3%22%2C%22bsin%22%3A%22kJ7NFmJTiFMe5aYlVJeNZTn9WhBSZU7buPb7raC6%2B4NvqKb9cP%2FxTMtYEaX8FcZCJRS8%2BqkxW13MkTUp%2FFy34Q%3D%3D%22%2C%22is_identified%22%3Afalse%7D; _bts=8fe47497-142d-4185-a62a-0bec89f26b6b; cf_clearance=mjciZ.JAm483u8WjxVFee81nEKcCVfHYBoB2ytFHNvQ-1698464469-0-1-69b0ef05.6b0d8b6b.438cce4a-0.2.1698464469; split_test_groups={"auth_v3_test1":{"group_id":"auth_v3","events":["stts-set-test-group","stts-view-search-result","stts-clickout-internal","stts-clickout-external","stts-auth-access","stts-accounts-created-password","stts-accounts-created-otp","stts-accounts-set-password-new","stts-auth-password-reset","stts-auth-password-skip"]}}
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 28 Oct 2023 03:41:10 GMT
content-type: text/html; charset=utf-8
last-modified: Wed, 25 Oct 2023 01:27:26 GMT
vary: Accept-Encoding
strict-transport-security: max-age=5184000; includeSubDomains
x-frame-options: DENY
content-security-policy: frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
server: cloudflare
cf-ray: 81d0295c59cf5689-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

auth.savings.workingadvantage.com/polyfills-es2015.83678f157fdb7aa8c9b4.js

172.64.148.145

200 OK

124 kB

URL GET HTTP/3
auth.savings.workingadvantage.com/polyfills-es2015.83678f157fdb7aa8c9b4.js
IP
172.64.148.145:443
ASN
#13335 CLOUDFLARENET

Requested by
https://auth.savings.workingadvantage.com/aramco/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Faramco.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Certificate
IssuerCloudflare, Inc.
Subjectworkingadvantage.com
FingerprintE1:B3:50:87:CF:77:63:80:7F:9D:81:96:18:E2:FA:4F:AC:2D:A8:B6
ValidityThu, 06 Jul 2023 00:00:00 GMT - Thu, 04 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
124 kB (124359 bytes)
Hash
2eea86b36b0b86a11603cf1e34eaa806
513d15e7bb49c30605718a974e28721459033712
d2921dc9f527117223206f193fc90b8c0fddc6dd38e744e932362af8cb1186c1

HTTP Headers

GET /polyfills-es2015.83678f157fdb7aa8c9b4.js HTTP/1.1
Host: auth.savings.workingadvantage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auth.savings.workingadvantage.com/aramco/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2Faramco.savings.workingadvantage.com%2Fmy-profile%2Fdetails
Cookie: __cf_bm=rodsgAdpDO9jN0xxNHx2N.aCDuKu8Va02T_H912EQc8-1698464467-0-AclEW9ZgjMyGgwoR1WI8VBoIQ8umX5Eyt3fjk6edwAdLuZKEtUI0+vC6t4PT8LsC5bNKpOUmTGUWyJu9NGgs1fc=; AMCV_B5F9FF2554F608410A4C98C6%40AdobeOrg=1176715910%7CMCIDTS%7C19659%7CMCMID%7C30986471486012307707364686134468208909%7CMCAID%7CNONE%7CMCOPTOUT-1698471669s%7CNONE%7CvVersion%7C5.4.0; _ga_FD2X5ZMELR=GS1.1.1698464468.1.0.1698464469.0.0.0; _ga=GA1.1.800168080.1698464469; s_ecid=MCMID%7C30986471486012307707364686134468208909; _gcl_au=1.1.1525976388.1698464469; AMCVS_B5F9FF2554F608410A4C98C6%40AdobeOrg=1; btIdentify=f71ed42a-9710-4e53-a5db-f892252daec6; _bti=%7B%22app_id%22%3A%22ebg-wag3%22%2C%22bsin%22%3A%22kJ7NFmJTiFMe5aYlVJeNZTn9WhBSZU7buPb7raC6%2B4NvqKb9cP%2FxTMtYEaX8FcZCJRS8%2BqkxW13MkTUp%2FFy34Q%3D%3D%22%2C%22is_identified%22%3Afalse%7D; _bts=8fe47497-142d-4185-a62a-0bec89f26b6b; cf_clearance=mjciZ.JAm483u8WjxVFee81nEKcCVfHYBoB2ytFHNvQ-1698464469-0-1-69b0ef05.6b0d8b6b.438cce4a-0.2.1698464469; split_test_groups={"auth_v3_test1":{"group_id":"auth_v3","events":["stts-set-test-group","stts-view-search-result","stts-clickout-internal","stts-clickout-external","stts-auth-access","stts-accounts-created-password","stts-accounts-created-otp","stts-accounts-set-password-new","stts-auth-password-reset","stts-auth-password-skip"]}}
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 28 Oct 2023 03:41:10 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 25 Oct 2023 01:26:27 GMT
vary: Accept-Encoding
etag: W/"65386ec3-1e5c7"
strict-transport-security: max-age=5184000; includeSubDomains
x-frame-options: DENY
content-security-policy: frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
server: cloudflare
cf-ray: 81d0295d8a425689-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (43)

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations