info.groomsbenefits.com/e3t/Ctc/T5+113/c9P9504/MWG56gTtZgSW6_X1YK2kBSjyW7vv0b_4SMY82N5LPbS73lLB3V1-WJV7CgN8WW2k8fqc3Mv0mHW8pV78Y5tFBYPW3h4D174jyBs9W1MKgbw8kLqzPW1hM1Qc80x_p7W1NjbmK51XSffW3bBgBR97tr44N3zBTMd4PgtTW4MyMBn8y06HkW1hlPy65f9P0kW5bfd9g1JQl14W2HvJK_8CPm_pW8vDtbJ7Jh9P0W6WZS_93hqX0DW91VRy71krLlCW2P7XtW4DTZzjW5GcF_r3jtJNzW745xm97kD1dcW6mP6t_937CpLW6DQX2b35K4MC38-H1
199.60.103.29301 Moved Permanently 0 B URL HTTP/1.1 info.groomsbenefits.com/e3t/Ctc/T5+113/c9P9504/MWG56gTtZgSW6_X1YK2kBSjyW7vv0b_4SMY82N5LPbS73lLB3V1-WJV7CgN8WW2k8fqc3Mv0mHW8pV78Y5tFBYPW3h4D174jyBs9W1MKgbw8kLqzPW1hM1Qc80x_p7W1NjbmK51XSffW3bBgBR97tr44N3zBTMd4PgtTW4MyMBn8y06HkW1hlPy65f9P0kW5bfd9g1JQl14W2HvJK_8CPm_pW8vDtbJ7Jh9P0W6WZS_93hqX0DW91VRy71krLlCW2P7XtW4DTZzjW5GcF_r3jtJNzW745xm97kD1dcW6mP6t_937CpLW6DQX2b35K4MC38-H1
IP 199.60.103.29:0
ASN #209242 Cloudflare London, LLC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET /e3t/Ctc/T5+113/c9P9504/MWG56gTtZgSW6_X1YK2kBSjyW7vv0b_4SMY82N5LPbS73lLB3V1-WJV7CgN8WW2k8fqc3Mv0mHW8pV78Y5tFBYPW3h4D174jyBs9W1MKgbw8kLqzPW1hM1Qc80x_p7W1NjbmK51XSffW3bBgBR97tr44N3zBTMd4PgtTW4MyMBn8y06HkW1hlPy65f9P0kW5bfd9g1JQl14W2HvJK_8CPm_pW8vDtbJ7Jh9P0W6WZS_93hqX0DW91VRy71krLlCW2P7XtW4DTZzjW5GcF_r3jtJNzW745xm97kD1dcW6mP6t_937CpLW6DQX2b35K4MC38-H1 HTTP/1.1
Host: info.groomsbenefits.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Thu, 24 Nov 2022 14:57:16 GMT
Content-Length: 0
Connection: keep-alive
Location: https://info.groomsbenefits.com/e3t/Ctc/T5+113/c9P9504/MWG56gTtZgSW6_X1YK2kBSjyW7vv0b_4SMY82N5LPbS73lLB3V1-WJV7CgN8WW2k8fqc3Mv0mHW8pV78Y5tFBYPW3h4D174jyBs9W1MKgbw8kLqzPW1hM1Qc80x_p7W1NjbmK51XSffW3bBgBR97tr44N3zBTMd4PgtTW4MyMBn8y06HkW1hlPy65f9P0kW5bfd9g1JQl14W2HvJK_8CPm_pW8vDtbJ7Jh9P0W6WZS_93hqX0DW91VRy71krLlCW2P7XtW4DTZzjW5GcF_r3jtJNzW745xm97kD1dcW6mP6t_937CpLW6DQX2b35K4MC38-H1
Cache-Control: s-maxage=3600,max-age=120
Strict-Transport-Security: max-age=31536000
X-Hs-Https-Only: worker
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z80tc6nxT1eTXKDzPZhLaFj95POO%2FoUxoMF%2BL7%2Bq0Kf9mJJKvtSR3DwR1PhGZs01Pcq8nn0ZfQkxVu%2FJy1CM8PMVku5AdlvCPl8AuYQhaGbFS1%2Fgt2VP2hmGJSTo4fW0GFi5FSui8Mxz"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Set-Cookie: __cf_bm=yj6WLctP7EBoYn_.gNUDL26R_tT9q51d20E9QKGWj70-1669301836-0-Ac7SjfOL4vnozKmwGuu1Faz3s0E2h0s3FZKdT2HGzlOJPK2Cdt1PdymD3Q3n7kjt9kInQJzivJDrNGXl16f6kUM=; path=/; expires=Thu, 24-Nov-22 15:27:16 GMT; domain=.info.groomsbenefits.com; HttpOnly; SameSite=None
__cfruid=29a6373292be6493f759efa185fc5ee2200f7ac8-1669301836; path=/; domain=.info.groomsbenefits.com; HttpOnly
Server: cloudflare
CF-RAY: 76f2fefd3a781c16-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a9f1d4d98705c281fed3b60343463200
db6f8aa98d2eda4e5473b116a222c3055568bb78
164d11173045b569cafb32e300e4c1ec6d6ab177fd34d0414cc40c541268779f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "164D11173045B569CAFB32E300E4C1EC6D6AB177FD34D0414CC40C541268779F"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4544
Expires: Thu, 24 Nov 2022 16:13:00 GMT
Date: Thu, 24 Nov 2022 14:57:16 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash af40a2fcf8debb90c3608002da6c907a
3c75d6c0b557a3bd8d5db50155b8d896e852c145
555617a51ee3077552545a29a3baf0b43e8a82367e4c08110ee480ebedc8b523
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6492
Cache-Control: max-age=163327
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 14:57:16 GMT
Etag: "637f47ef-1d7"
Expires: Sat, 26 Nov 2022 12:19:23 GMT
Last-Modified: Thu, 24 Nov 2022 10:31:11 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 260e9998c20d831b66f1029c8f47aac9
716d630f647c54dc69a7f9c63a6cac294b3df7f7
c9951a909f354174f0075a01c01c3c3aa6960983040e328bfbbbea81aeb405c2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C9951A909F354174F0075A01C01C3C3AA6960983040E328BFBBBEA81AEB405C2"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10859
Expires: Thu, 24 Nov 2022 17:58:15 GMT
Date: Thu, 24 Nov 2022 14:57:16 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash d130218d0e2841f39c99610fe1a2ab90
29fbe1e177ee55c7a61ae0a206afff271cf5f945
6b6d74dccf10c2bc98a91c3388280d7ba1d9596bf8cadd7db0e2f63720b3d152
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Alert, Content-Type, Retry-After, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 24 Nov 2022 14:18:58 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2298
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: nD5ACWWjmMKQ+br4fStoTESQFvWZ+pzfYX54LiPkBOJPxeRszlELTGo6FAHp0t15eyF96rY8maY=
x-amz-request-id: 9CV4RSBGB15K1XBA
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 24 Nov 2022 14:43:26 GMT
age: 830
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 24 Nov 2022 14:57:16 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash f9200487363a567e36fc265e25da3f86
25b804e19a1e419e6e88602ce07e2d812c68cd5a
d642b502f2227a54f076c9cd0c193ec27c94504a49115f00f77d59618c40876c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 14:57:16 GMT
Server: ECS (amb/6B8E)
Content-Length: 279
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Cache-Control, ETag, Pragma, Expires, Backoff, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 24 Nov 2022 14:08:53 GMT
cache-control: public,max-age=3600
age: 2904
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash f9200487363a567e36fc265e25da3f86
25b804e19a1e419e6e88602ce07e2d812c68cd5a
d642b502f2227a54f076c9cd0c193ec27c94504a49115f00f77d59618c40876c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 14:57:17 GMT
Last-Modified: Thu, 24 Nov 2022 14:57:16 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash fb6949e7abaa473393f7c604691de14f
599681bba3947709baa603bbae2dd7afd04059a4
36c5165526ea9d34de14d36655ed494d0cffaa11ca3271ee47824ac11246ba13
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4356
Cache-Control: max-age=156128
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 14:57:17 GMT
Etag: "637f3429-1d7"
Expires: Sat, 26 Nov 2022 10:19:25 GMT
Last-Modified: Thu, 24 Nov 2022 09:06:49 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
34.218.168.248101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.218.168.248:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: xm2y32PBO3nfs+hBINmwwA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 4lpH8GyJXXJ1YiR0My7Bgoh/rSA=
www.groomsbenefits.com/?utm_medium=email&_hsmi=235309039&_hsenc=p2ANqtz--CX2hvriJoGkdcAM0wubFM0B_iPujho0i1xBMJbXdsulaURBNx8Fe7A4-5b1qKKeuYv_Nr6JD8xNKlQiZf0KvzsptaRA&utm_content=235309039&utm_source=hs_email
199.34.228.77301 Moved Permanently 1.2 kB URL HTTP/1.1 www.groomsbenefits.com/?utm_medium=email&_hsmi=235309039&_hsenc=p2ANqtz--CX2hvriJoGkdcAM0wubFM0B_iPujho0i1xBMJbXdsulaURBNx8Fe7A4-5b1qKKeuYv_Nr6JD8xNKlQiZf0KvzsptaRA&utm_content=235309039&utm_source=hs_email
IP 199.34.228.77:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (499)
Hash 7116e9225950b433e87978b832c6b783
9897d341d5a259f160dae286fd5a53f293185fea
2f5d9c41e6a2bc3441169efd51510f841b9a9e03ddae9f1027ff16fcf0921c59
GET /?utm_medium=email&_hsmi=235309039&_hsenc=p2ANqtz--CX2hvriJoGkdcAM0wubFM0B_iPujho0i1xBMJbXdsulaURBNx8Fe7A4-5b1qKKeuYv_Nr6JD8xNKlQiZf0KvzsptaRA&utm_content=235309039&utm_source=hs_email HTTP/1.1
Host: www.groomsbenefits.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Thu, 24 Nov 2022 14:57:18 GMT
Server: Apache
Set-Cookie: is_mobile=0; path=/; domain=www.groomsbenefits.com
Vary: X-W-SSL,User-Agent
Location: https://www.groomsbenefits.com/?utm_medium=email&_hsmi=235309039&_hsenc=p2ANqtz--CX2hvriJoGkdcAM0wubFM0B_iPujho0i1xBMJbXdsulaURBNx8Fe7A4-5b1qKKeuYv_Nr6JD8xNKlQiZf0KvzsptaRA&utm_content=235309039&utm_source=hs_email
X-Host: grn92.sf2p.intern.weebly.net
X-UA-Compatible: IE=edge,chrome=1
Content-Length: 1166
Keep-Alive: timeout=10, max=72
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 9f115cdf83e0b7497d03916e1b429efd
be57c311cbc974ad53c13f7f5f65ab37ea47a882
74ea848c320eea8ffb7026d9d018510a98ff90b5dd174b3bb8162668600e1b46
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "74EA848C320EEA8FFB7026D9D018510A98FF90B5DD174B3BB8162668600E1B46"
Last-Modified: Tue, 22 Nov 2022 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21564
Expires: Thu, 24 Nov 2022 20:56:42 GMT
Date: Thu, 24 Nov 2022 14:57:18 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14169
Expires: Thu, 24 Nov 2022 18:53:27 GMT
Date: Thu, 24 Nov 2022 14:57:18 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14169
Expires: Thu, 24 Nov 2022 18:53:27 GMT
Date: Thu, 24 Nov 2022 14:57:18 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14169
Expires: Thu, 24 Nov 2022 18:53:27 GMT
Date: Thu, 24 Nov 2022 14:57:18 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14169
Expires: Thu, 24 Nov 2022 18:53:27 GMT
Date: Thu, 24 Nov 2022 14:57:18 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14169
Expires: Thu, 24 Nov 2022 18:53:27 GMT
Date: Thu, 24 Nov 2022 14:57:18 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fca5cb469-21a0-420a-875c-a81635b33f53.jpeg
34.120.237.76200 OK 8.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fca5cb469-21a0-420a-875c-a81635b33f53.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 92c78302bcce1568eb6a5563100b932c
43d1dec7fc06879988c9c3cadd800cc8145df988
0dda9914306c8e3a7ea75eade8e762652d93907dd6c5a8cc81707d6d8098b60a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fca5cb469-21a0-420a-875c-a81635b33f53.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7993
x-amzn-requestid: 9f0ff853-4819-47cd-959d-658401ea5748
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cEvCsG5mIAMFqAQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637e9211-1c48b9223684f2942f8dd42d;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 21:35:13 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 7YSXUV-LZpsI7vciFhuqt1EVr6YRkhxcOgMg8z8bxLcOE01_baf6Gg==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 23 Nov 2022 21:47:06 GMT
etag: "43d1dec7fc06879988c9c3cadd800cc8145df988"
content-type: image/jpeg
age: 61812
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg
34.120.237.76200 OK 4.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 841a4b110022a99ddea6f7bf66df0fa1
126771b86638108050cf57c0d12faa27f80f0edb
240fbffc1f9104433297d3ff7afba2d0b58d7f1b13d9a9260a1bad25216665db
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4309
x-amzn-requestid: a22b4d7e-e208-4bda-81c2-d13e6463380e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: blE0hGNioAMF_Tg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6371e81c-1b13846866f56a0e47675e56;Sampled=0
x-amzn-remapped-date: Mon, 14 Nov 2022 07:02:52 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 0sYKpJWi2Tv9Atz3PYXm5j7kmncAOxjcLcK4hgAkJ5b4pNMDmjdB6g==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 07:14:07 GMT
age: 27791
etag: "126771b86638108050cf57c0d12faa27f80f0edb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F433fbaf5-7c54-485b-af70-542e1e788832.webp
34.120.237.76200 OK 5.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F433fbaf5-7c54-485b-af70-542e1e788832.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0856fdb55f19f03a1bec38b3d6e0ac77
89accd230fba95fe0049678070817b36ead015fa
17c6e6f9bb8f4261fff2dc2a43ed994986418761624b8afead768e89927594f2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F433fbaf5-7c54-485b-af70-542e1e788832.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5070
x-amzn-requestid: d86d95ad-9b78-4047-82e7-04e83a97e330
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cEwViF1GIAMF_PQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637e9423-10809ba1634776171cf79cb8;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 21:44:03 GMT
x-amz-cf-pop: SFO5-P2, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 8rbsN9OVJmneT9ov-Q7V4RB8DP5UWhhn-7cnukHiBpl06zmMM0zJTg==
via: 1.1 0dc4feb22bb4657ce2bb95fd05ec7122.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 23 Nov 2022 21:57:20 GMT
age: 61198
etag: "89accd230fba95fe0049678070817b36ead015fa"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d85d03d-8fcf-42f4-bada-e7f488f04307.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d85d03d-8fcf-42f4-bada-e7f488f04307.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b4157f2c5c3c77ce699324ecb08f47c7
a7d9135f9d01ba13c3cdaf8b038c70212f159297
2305f7afee95bb34d9e8dbff571c6b146ba7b694be96e9e925c32d1f41785916
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d85d03d-8fcf-42f4-bada-e7f488f04307.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7462
x-amzn-requestid: 1f6fb14d-83e0-43d3-9dab-5bc83af1a7c4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cEwV3HV9oAMFs9w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637e9425-634d43db6308e0be596aa5a0;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 21:44:05 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: GW5UTfY7-TwPWTno9z1e21a2cA9fmU7GfHFYWdL-zQvMLxeq-S9Trg==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Wed, 23 Nov 2022 22:03:54 GMT
age: 60804
etag: "a7d9135f9d01ba13c3cdaf8b038c70212f159297"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F81517ad5-7c1b-49aa-9ba9-dbfa36fbb071.webp
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F81517ad5-7c1b-49aa-9ba9-dbfa36fbb071.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 64d79191f005c9876b952c5f948aa0f7
1102dbdcbcabf5c25d17840f8f00d5b55b9b8f0a
00fb36c3d322e8302c5ce202d6d4119d637510cd6f3b63e1347781ec3bb9d7fc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F81517ad5-7c1b-49aa-9ba9-dbfa36fbb071.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13882
x-amzn-requestid: 9022b0b3-31d5-4149-a969-02514f11b95a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cEvzNHjMoAMFWMg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637e9347-0e8354a02bef623644714e31;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 21:40:23 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ve4q5FDkwMGhPK6ZVVVCZtoBTaGaz43r_PwINzwS5Nx5tcZeQkVIfw==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Wed, 23 Nov 2022 21:49:47 GMT
age: 61651
etag: "1102dbdcbcabf5c25d17840f8f00d5b55b9b8f0a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F50d7d834-f80d-4fd9-a728-24643ed00c45.jpeg
34.120.237.76200 OK 6.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F50d7d834-f80d-4fd9-a728-24643ed00c45.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d9d93b2a6875d446c3467eb49767eef5
303c571b13b05fcf27ee1159d8fdf6369aaef0a2
2a2345a925e0187979930a7f2de8548957ad9f2baae77364dcb157286e2b3fcf
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F50d7d834-f80d-4fd9-a728-24643ed00c45.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6789
x-amzn-requestid: 4d94ce1b-d18f-43b8-bb4d-e7093f9bea42
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cCvd2G9UIAMFrEg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637dc5f2-64a570135be59b83031811da;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 07:04:18 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: JygkDI7XSvlgurUTot874ZAXlOIqnv4cntMQ55IvHVqw93JBcksZjQ==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 07:15:22 GMT
age: 27716
etag: "303c571b13b05fcf27ee1159d8fdf6369aaef0a2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.groomsbenefits.com/?utm_medium=email&_hsmi=235309039&_hsenc=p2ANqtz--CX2hvriJoGkdcAM0wubFM0B_iPujho0i1xBMJbXdsulaURBNx8Fe7A4-5b1qKKeuYv_Nr6JD8xNKlQiZf0KvzsptaRA&utm_content=235309039&utm_source=hs_email
199.34.228.77200 OK 11 kB URL HTTP/1.1 www.groomsbenefits.com/?utm_medium=email&_hsmi=235309039&_hsenc=p2ANqtz--CX2hvriJoGkdcAM0wubFM0B_iPujho0i1xBMJbXdsulaURBNx8Fe7A4-5b1qKKeuYv_Nr6JD8xNKlQiZf0KvzsptaRA&utm_content=235309039&utm_source=hs_email
IP 199.34.228.77:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1350), with CRLF, LF line terminators
Hash c68eaf476b5c3161ad326e569ba3311c
6e98e67a1658b2a5745023740004370971eaf210
5d54b029a3c8009d73895923639ea76412886fadf2a47a07d84601b74b172453
GET /?utm_medium=email&_hsmi=235309039&_hsenc=p2ANqtz--CX2hvriJoGkdcAM0wubFM0B_iPujho0i1xBMJbXdsulaURBNx8Fe7A4-5b1qKKeuYv_Nr6JD8xNKlQiZf0KvzsptaRA&utm_content=235309039&utm_source=hs_email HTTP/1.1
Host: www.groomsbenefits.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 24 Nov 2022 14:57:18 GMT
Server: Apache
Vary: X-W-SSL,Accept-Encoding,User-Agent
Set-Cookie: is_mobile=0; path=/; domain=www.groomsbenefits.com
language=en; expires=Thu, 08-Dec-2022 14:57:18 GMT; Max-Age=1209600; path=/
Cache-Control: private
ETag: W/"3f6e7377e19131f534936e46c020986d-gzip"
Content-Encoding: gzip
X-Host: blu133.sf2p.intern.weebly.net
X-UA-Compatible: IE=edge,chrome=1
Content-Length: 10843
Keep-Alive: timeout=10, max=70
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 4af780570d49b327d38dc189095448e9
1dd4193a2afeb237c5e475b603b1cbd137f7f97e
f25ef2e65d3c2acbba49b5d36c2fe37f8d404fa3b0ea5cdd6c93ac1685a6129a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 14:57:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 4af780570d49b327d38dc189095448e9
1dd4193a2afeb237c5e475b603b1cbd137f7f97e
f25ef2e65d3c2acbba49b5d36c2fe37f8d404fa3b0ea5cdd6c93ac1685a6129a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 14:57:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 4af780570d49b327d38dc189095448e9
1dd4193a2afeb237c5e475b603b1cbd137f7f97e
f25ef2e65d3c2acbba49b5d36c2fe37f8d404fa3b0ea5cdd6c93ac1685a6129a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 14:57:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 4af780570d49b327d38dc189095448e9
1dd4193a2afeb237c5e475b603b1cbd137f7f97e
f25ef2e65d3c2acbba49b5d36c2fe37f8d404fa3b0ea5cdd6c93ac1685a6129a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 14:57:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 4af780570d49b327d38dc189095448e9
1dd4193a2afeb237c5e475b603b1cbd137f7f97e
f25ef2e65d3c2acbba49b5d36c2fe37f8d404fa3b0ea5cdd6c93ac1685a6129a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 14:57:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash dd0dd96ca622aa07354fabdd0da767bf
a29eaa02a81dabed2c12be20a89d65a5a0417524
6a670e9031ec8c94bdc91c47a2d6a4ca2bd95fe032fec28888a8e6d7dc163cb4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 14:57:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js
142.250.74.10200 OK 34 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js
IP 142.250.74.10:0
File type ASCII text, with very long lines (65483)
Hash a54a444f20643b131117dc2112cca05f
074964746b12ff1d30f7656310d6154ae1cc98b5
aa3ca8485dd777d4d880b38c1cf3bc2fc290d28a79ba3e3e43cba1f653132830
GET /ajax/libs/jquery/1.8.3/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.groomsbenefits.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33593
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 22 Nov 2022 16:26:29 GMT
expires: Wed, 22 Nov 2023 16:26:29 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 167450
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn2.editmysite.com/js/site/main.js?buildTime=1661188642
151.101.85.46200 OK 146 kB URL HTTP/2 cdn2.editmysite.com/js/site/main.js?buildTime=1661188642
IP 151.101.85.46:0
File type ASCII text, with very long lines (32147)
Size 146 kB (146400 bytes)
Hash 81b8673c5d3aa3ab8c0574f2a8f0e3b4
2e0661bc7907d9e2703b3347c3fec579f0aef5d6
0e981f4de6287406ce261fddea24aa05ded4b6a8c4c07283c363c1502071cf40
GET /js/site/main.js?buildTime=1661188642 HTTP/1.1
Host: cdn2.editmysite.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.groomsbenefits.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-type: application/javascript
last-modified: Fri, 18 Nov 2022 01:33:58 GMT
etag: "6376e106-74804"
expires: Fri, 02 Dec 2022 03:44:09 GMT
cache-control: max-age=1209600
x-host: blu97.sf2p.intern.weebly.net
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Thu, 24 Nov 2022 14:57:19 GMT
age: 558789
x-served-by: cache-sjc10039-SJC, cache-bma1629-BMA
x-cache: HIT, HIT
x-cache-hits: 42, 1
x-timer: S1669301839.083209,VS0,VE2
vary: Accept-Encoding
access-control-allow-origin: *
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 146400
X-Firefox-Spdy: h2
cdn2.editmysite.com/css/old/fancybox.css?1661188642
151.101.85.46200 OK 1.2 kB URL HTTP/2 cdn2.editmysite.com/css/old/fancybox.css?1661188642
IP 151.101.85.46:0
File type ASCII text, with very long lines (3910)
Hash b644e92258f4c7c0b4270047652d1e60
93734d52ee9e86a768159e514076051813c39cd9
29199496fb817668f887938571046abcdfb49063d0207d571b361f221f467907
GET /css/old/fancybox.css?1661188642 HTTP/1.1
Host: cdn2.editmysite.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.groomsbenefits.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-type: text/css
last-modified: Fri, 11 Nov 2022 17:05:17 GMT
etag: "636e80cd-f47"
expires: Tue, 29 Nov 2022 08:56:36 GMT
cache-control: max-age=1209600
x-host: grn27.sf2p.intern.weebly.net
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Thu, 24 Nov 2022 14:57:19 GMT
age: 799243
x-served-by: cache-sjc10079-SJC, cache-bma1629-BMA
x-cache: HIT, HIT
x-cache-hits: 114, 1
x-timer: S1669301839.098888,VS0,VE1
vary: Accept-Encoding
access-control-allow-origin: *
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 1218
X-Firefox-Spdy: h2
cdn2.editmysite.com/css/sites.css?buildTime=1661188642
151.101.85.46200 OK 30 kB URL HTTP/2 cdn2.editmysite.com/css/sites.css?buildTime=1661188642
IP 151.101.85.46:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash d10158b22b553f723d99dc78eaee6390
80f2d6670cfb0d01cd20c471cf8e3e6465ddd3f6
939c7a8e1ad74a44e0c847e38533e69e36454b6805d25acf3fb0cb5c472d245e
GET /css/sites.css?buildTime=1661188642 HTTP/1.1
Host: cdn2.editmysite.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.groomsbenefits.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-type: text/css
last-modified: Mon, 21 Nov 2022 22:29:33 GMT
etag: W/"637bfbcd-347ac"
expires: Tue, 06 Dec 2022 08:48:57 GMT
cache-control: max-age=1209600
x-host: blu133.sf2p.intern.weebly.net
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Thu, 24 Nov 2022 14:57:19 GMT
age: 194902
x-served-by: cache-sjc10077-SJC, cache-bma1629-BMA
x-cache: HIT, HIT
x-cache-hits: 52, 1
x-timer: S1669301839.088867,VS0,VE1
vary: Accept-Encoding
access-control-allow-origin: *
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 29746
X-Firefox-Spdy: h2
cdn2.editmysite.com/js/lang/en/stl.js?buildTime=1661188642&
151.101.85.46200 OK 33 kB URL HTTP/2 cdn2.editmysite.com/js/lang/en/stl.js?buildTime=1661188642&
IP 151.101.85.46:0
File type ASCII text, with very long lines (65024)
Hash d8a96093e4ac9525ad79fcfd57d8ef8a
c69965f81400795e52e7795f2befbb62dc84dbeb
260dadf35ac438d5101a0c5ad9f48d631d6e9652e92761af42e81338153831f2
GET /js/lang/en/stl.js?buildTime=1661188642& HTTP/1.1
Host: cdn2.editmysite.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.groomsbenefits.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-type: application/javascript
last-modified: Mon, 21 Nov 2022 22:28:26 GMT
etag: "637bfb8a-2c00a"
expires: Tue, 06 Dec 2022 11:42:33 GMT
cache-control: max-age=1209600
x-host: grn138.sf2p.intern.weebly.net
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Thu, 24 Nov 2022 14:57:19 GMT
age: 184485
x-served-by: cache-sjc10066-SJC, cache-bma1629-BMA
x-cache: HIT, HIT
x-cache-hits: 55, 1
x-timer: S1669301839.092975,VS0,VE1
vary: Accept-Encoding
access-control-allow-origin: *
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 32668
X-Firefox-Spdy: h2
cdn2.editmysite.com/css/social-icons.css?buildtime=1661188642
151.101.85.46200 OK 1.6 kB URL HTTP/2 cdn2.editmysite.com/css/social-icons.css?buildtime=1661188642
IP 151.101.85.46:0
File type ASCII text, with very long lines (13080)
Hash d306624a8cd3d76a13489b7b2a1a6e43
d2346013823c0dcb2aada15b3a4b638535bb510c
405e8cd6fdf03ee699df49d516f471c4c209e478acaf4624140a4f72edfe69b3
GET /css/social-icons.css?buildtime=1661188642 HTTP/1.1
Host: cdn2.editmysite.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.groomsbenefits.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-type: text/css
last-modified: Fri, 11 Nov 2022 17:05:11 GMT
etag: W/"636e80c7-3319"
expires: Tue, 29 Nov 2022 08:56:36 GMT
cache-control: max-age=1209600
x-host: grn34.sf2p.intern.weebly.net
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Thu, 24 Nov 2022 14:57:19 GMT
age: 799243
x-served-by: cache-sjc10079-SJC, cache-bma1629-BMA
x-cache: HIT, HIT
x-cache-hits: 75, 1
x-timer: S1669301839.095164,VS0,VE7
vary: Accept-Encoding
access-control-allow-origin: *
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 1639
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=UA-107306435-1
142.250.74.168200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-107306435-1
IP 142.250.74.168:0
File type ASCII text, with very long lines (1921)
Hash f5a2e34b9719406552b9bb8e0c5fb40e
1bf9065f7c23a686175dea77439e25b679f03dbe
f3230d3eca4b1a3c947d3311d4406741df7fadd80b973568576d93f050dbc422
GET /gtag/js?id=UA-107306435-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.groomsbenefits.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 24 Nov 2022 14:57:19 GMT
expires: Thu, 24 Nov 2022 14:57:19 GMT
cache-control: private, max-age=900
last-modified: Thu, 24 Nov 2022 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43680
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 4af780570d49b327d38dc189095448e9
1dd4193a2afeb237c5e475b603b1cbd137f7f97e
f25ef2e65d3c2acbba49b5d36c2fe37f8d404fa3b0ea5cdd6c93ac1685a6129a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 14:57:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q3
104.18.20.226200 OK 1.5 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q3
IP 104.18.20.226:0
Hash da54499acc284296137c66dfc7f13c4e
2fa492e0de12241a8a3f53f4c8e678dad9e69732
69a9f6dbbb270213efbdb8962921b6e6a29bbc9b952a630a1e062e1b4af70f0b
POST /ca/gsatlasr3dvtlsca2022q3 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 24 Nov 2022 14:57:19 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "1790D66BFD4A3330B56A15F1FDA0059195E692B3"
Expires: Fri, 25 Nov 2022 02:00:00 GMT
Last-Modified: Thu, 24 Nov 2022 14:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 821
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76f2ff0f184b0b4d-OSL
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 4af780570d49b327d38dc189095448e9
1dd4193a2afeb237c5e475b603b1cbd137f7f97e
f25ef2e65d3c2acbba49b5d36c2fe37f8d404fa3b0ea5cdd6c93ac1685a6129a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 14:57:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash dd0dd96ca622aa07354fabdd0da767bf
a29eaa02a81dabed2c12be20a89d65a5a0417524
6a670e9031ec8c94bdc91c47a2d6a4ca2bd95fe032fec28888a8e6d7dc163cb4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 14:57:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 861995aff6efdbed5c516c0eb409e2db
90b634fde8578134051cc127e3d8f5e9eb971b58
b45cd2447b38e045822322f9e1d048436d881d6aafe6757f3128af1537efda45
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4850
Cache-Control: max-age=147652
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 14:57:19 GMT
Etag: "637f1121-117"
Expires: Sat, 26 Nov 2022 07:58:11 GMT
Last-Modified: Thu, 24 Nov 2022 06:37:21 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 279
www.groomsbenefits.com/files/theme/custom.js?1531150540
199.34.228.77200 OK 3.2 kB URL HTTP/1.1 www.groomsbenefits.com/files/theme/custom.js?1531150540
IP 199.34.228.77:0
Hash 6ddabf9ec1dae07f541de3e009969179
37359e9551b6247c7a8fe9f2d7f6a05e18ccb7d5
c057541328f3e6fcee23c1ec11a2d1d57dc8450e5ad366d56d41df4202955765
GET /files/theme/custom.js?1531150540 HTTP/1.1
Host: www.groomsbenefits.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.groomsbenefits.com/?utm_medium=email&_hsmi=235309039&_hsenc=p2ANqtz--CX2hvriJoGkdcAM0wubFM0B_iPujho0i1xBMJbXdsulaURBNx8Fe7A4-5b1qKKeuYv_Nr6JD8xNKlQiZf0KvzsptaRA&utm_content=235309039&utm_source=hs_email
Cookie: is_mobile=0; language=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 24 Nov 2022 14:57:19 GMT
Content-Type: application/javascript
Content-Length: 3233
Connection: keep-alive
Last-Modified: Mon, 16 May 2022 15:56:50 GMT
x-rgw-object-type: Normal
ETag: "6ddabf9ec1dae07f541de3e009969179"
x-amz-request-id: tx000000000000001bf1d8e-00628488e8-b9fbc20-sfo1
X-Storage-Bucket: zc057
X-Storage-Object: c057541328f3e6fcee23c1ec11a2d1d57dc8450e5ad366d56d41df4202955765
X-Host: blu146.sf2p.intern.weebly.net
Accept-Ranges: bytes
www.groomsbenefits.com/files/templateArtifacts.js?1661191631
199.34.228.77200 OK 1.6 kB URL HTTP/1.1 www.groomsbenefits.com/files/templateArtifacts.js?1661191631
IP 199.34.228.77:0
File type exported SGML document, ASCII text, with very long lines (1630)
Hash e0836e8203c22b8e4086f27e91e86f5a
28235e77f5a895c8cd411aff4a6ef4e6f7d419c2
32dbc4a2eeca39a57d35670f00e2cf59e03c279521e47506c56c5c36d8b664b6
Analyzer Verdict Alert fortinet Phishing
GET /files/templateArtifacts.js?1661191631 HTTP/1.1
Host: www.groomsbenefits.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.groomsbenefits.com/?utm_medium=email&_hsmi=235309039&_hsenc=p2ANqtz--CX2hvriJoGkdcAM0wubFM0B_iPujho0i1xBMJbXdsulaURBNx8Fe7A4-5b1qKKeuYv_Nr6JD8xNKlQiZf0KvzsptaRA&utm_content=235309039&utm_source=hs_email
Cookie: is_mobile=0; language=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 24 Nov 2022 14:57:19 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Access-Control-Allow-Headers: Origin, Authorization, Content-Type
Access-Control-Allow-Methods: GET, POST, DELETE, OPTIONS
Access-Control-Allow-Origin: *
X-Host: blu66.sf2p.intern.weebly.net
Content-Encoding: gzip
www.groomsbenefits.com/files/theme/mobile.js?1531150540
199.34.228.77200 OK 3.0 kB URL HTTP/1.1 www.groomsbenefits.com/files/theme/mobile.js?1531150540
IP 199.34.228.77:0
Hash df46997a63ceb84c8708e197225bf22e
461b6fa23df29f7da9b3a03f3dba6f846bedf917
84881ad46cfd8cd5adf57ee99e47fd4790e655d5bfc4e45e0b833f0beeacb602
GET /files/theme/mobile.js?1531150540 HTTP/1.1
Host: www.groomsbenefits.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.groomsbenefits.com/?utm_medium=email&_hsmi=235309039&_hsenc=p2ANqtz--CX2hvriJoGkdcAM0wubFM0B_iPujho0i1xBMJbXdsulaURBNx8Fe7A4-5b1qKKeuYv_Nr6JD8xNKlQiZf0KvzsptaRA&utm_content=235309039&utm_source=hs_email
Cookie: is_mobile=0; language=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 24 Nov 2022 14:57:19 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Sat, 22 May 2021 22:42:27 GMT
x-rgw-object-type: Normal
ETag: W/"008fd6990b3bdf96b9d46f87e52a7730"
x-amz-request-id: tx000000000000000c3d560-0061a70f5e-a9f4046-sfo1
X-Storage-Bucket: z52fc
X-Storage-Object: 52fce566223a538d2037cd7f8ee707362452d0e935d018f857322f10c4446e64
X-Host: grn13.sf2p.intern.weebly.net
Content-Encoding: gzip
www.groomsbenefits.com/uploads/1/1/2/3/112387325/editor/consulting.png?1529675047
199.34.228.77200 OK 6.4 kB URL HTTP/1.1 www.groomsbenefits.com/uploads/1/1/2/3/112387325/editor/consulting.png?1529675047
IP 199.34.228.77:0
File type PNG image data, 131 x 131, 8-bit/color RGBA, non-interlaced\012- data
Hash dbe0276d4a2dd8f51490c2d1f63839ca
6485fe55e75e3d347b373110da18be2ae9d41e46
d6cc249438e7208ff30af603eb7aeb82e40eded2c565ef37206bd2c4cc2b82fe
Analyzer Verdict Alert fortinet Phishing
GET /uploads/1/1/2/3/112387325/editor/consulting.png?1529675047 HTTP/1.1
Host: www.groomsbenefits.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.groomsbenefits.com/?utm_medium=email&_hsmi=235309039&_hsenc=p2ANqtz--CX2hvriJoGkdcAM0wubFM0B_iPujho0i1xBMJbXdsulaURBNx8Fe7A4-5b1qKKeuYv_Nr6JD8xNKlQiZf0KvzsptaRA&utm_content=235309039&utm_source=hs_email
Cookie: is_mobile=0; language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 24 Nov 2022 14:57:19 GMT
Content-Type: image/png
Content-Length: 6428
Connection: keep-alive
Last-Modified: Fri, 22 Jun 2018 13:44:07 GMT
x-rgw-object-type: Normal
ETag: "dbe0276d4a2dd8f51490c2d1f63839ca"
x-amz-request-id: tx000000000000037b4ea4f-00637cff14-c696eea-sfo1
X-Storage-Bucket: zd6cc
X-Storage-Object: d6cc249438e7208ff30af603eb7aeb82e40eded2c565ef37206bd2c4cc2b82fe
X-Host: blu47.sf2p.intern.weebly.net
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash aee1eaa2ef2d0edbb0bc5703979e6439
8baa6d1cdd85ce2c5b6e30bd7a60096eeafce4db
095cc1e6ce8241ba22f88cb66d752587909fea3dc66936a72c369ef74b3134f1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 14:57:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash aee1eaa2ef2d0edbb0bc5703979e6439
8baa6d1cdd85ce2c5b6e30bd7a60096eeafce4db
095cc1e6ce8241ba22f88cb66d752587909fea3dc66936a72c369ef74b3134f1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 14:57:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash aee1eaa2ef2d0edbb0bc5703979e6439
8baa6d1cdd85ce2c5b6e30bd7a60096eeafce4db
095cc1e6ce8241ba22f88cb66d752587909fea3dc66936a72c369ef74b3134f1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 14:57:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
216.58.207.195200 OK 45 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Hash 565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.groomsbenefits.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 24 Nov 2022 05:42:51 GMT
expires: Fri, 24 Nov 2023 05:42:51 GMT
cache-control: public, max-age=31536000
age: 33268
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/raleway/v28/1Ptug8zYS_SKggPNyC0ITw.woff2
216.58.207.195200 OK 46 kB URL HTTP/2 fonts.gstatic.com/s/raleway/v28/1Ptug8zYS_SKggPNyC0ITw.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 46524, version 1.0\012- data
Hash c1fd378f54921c75e4ae1821e7b8fff6
2ce96e97783b2f154d07f4464ca6f8eb2469f2c1
405ceee1c2f5c31f1cb94ebc63d49a43fddd1471c2c7401a01c7c11bb1d93826
GET /s/raleway/v28/1Ptug8zYS_SKggPNyC0ITw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.groomsbenefits.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 46524
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 21 Nov 2022 21:13:13 GMT
expires: Tue, 21 Nov 2023 21:13:13 GMT
cache-control: public, max-age=31536000
age: 236646
last-modified: Mon, 18 Jul 2022 19:58:01 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.groomsbenefits.com/uploads/1/1/2/3/112387325/g_1.jpg
199.34.228.77200 OK 3.4 kB URL HTTP/1.1 www.groomsbenefits.com/uploads/1/1/2/3/112387325/g_1.jpg
IP 199.34.228.77:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 75x75, components 3\012- data
Hash 4a190320a56cc67150d174920c0d4220
63c0a7cc084284623ac469f5f81c83babdc5be7e
7486c0b7b4dbbfed4dc1cd72f525f1e9aad5efb113fca9cc877b7288059d72ef
GET /uploads/1/1/2/3/112387325/g_1.jpg HTTP/1.1
Host: www.groomsbenefits.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.groomsbenefits.com/?utm_medium=email&_hsmi=235309039&_hsenc=p2ANqtz--CX2hvriJoGkdcAM0wubFM0B_iPujho0i1xBMJbXdsulaURBNx8Fe7A4-5b1qKKeuYv_Nr6JD8xNKlQiZf0KvzsptaRA&utm_content=235309039&utm_source=hs_email
Cookie: is_mobile=0; language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 24 Nov 2022 14:57:19 GMT
Content-Type: image/jpeg
Content-Length: 3352
Connection: keep-alive
Last-Modified: Wed, 26 Sep 2018 20:53:56 GMT
x-rgw-object-type: Normal
ETag: "4a190320a56cc67150d174920c0d4220"
x-amz-request-id: tx00000000000003974027a-00637f864f-c695612-sfo1
X-Storage-Bucket: z7486
X-Storage-Object: 7486c0b7b4dbbfed4dc1cd72f525f1e9aad5efb113fca9cc877b7288059d72ef
X-Host: blu63.sf2p.intern.weebly.net
Accept-Ranges: bytes
www.groomsbenefits.com/files/theme/plugins.js?1531150540
199.34.228.77200 OK 19 kB URL HTTP/1.1 www.groomsbenefits.com/files/theme/plugins.js?1531150540
IP 199.34.228.77:0
Hash 17c0b51cd6ba1b91479bfe0274feed18
785a5cfa1ee86fd40b1a9deab58477ac101cb20a
64fa489daea8001c79f266c076946a1dd2b3568d3c6810bc1db9fb27529dee28
Analyzer Verdict Alert fortinet Phishing
GET /files/theme/plugins.js?1531150540 HTTP/1.1
Host: www.groomsbenefits.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.groomsbenefits.com/?utm_medium=email&_hsmi=235309039&_hsenc=p2ANqtz--CX2hvriJoGkdcAM0wubFM0B_iPujho0i1xBMJbXdsulaURBNx8Fe7A4-5b1qKKeuYv_Nr6JD8xNKlQiZf0KvzsptaRA&utm_content=235309039&utm_source=hs_email
Cookie: is_mobile=0; language=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 24 Nov 2022 14:57:19 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Fri, 21 May 2021 20:17:30 GMT
ETag: W/"7f6df4939d4102a752a5c1989d81afd4"
x-amz-request-id: tx000000000000000124073-006162831c-1ff9432-las
X-Storage-Bucket: z6ee5
X-Storage-Object: 6ee5ff05679a26a9027cbb63cadee08104fa248a93d3582a333a5d134c25460b
X-Host: grn44.sf2p.intern.weebly.net
Content-Encoding: gzip
cdn2.editmysite.com/js/site/main-customer-accounts-site.js?buildTime=1661188642
151.101.85.46200 OK 472 B URL HTTP/2 cdn2.editmysite.com/js/site/main-customer-accounts-site.js?buildTime=1661188642
IP 151.101.85.46:0
Hash aee1eaa2ef2d0edbb0bc5703979e6439
8baa6d1cdd85ce2c5b6e30bd7a60096eeafce4db
095cc1e6ce8241ba22f88cb66d752587909fea3dc66936a72c369ef74b3134f1
GET /js/site/main-customer-accounts-site.js?buildTime=1661188642 HTTP/1.1
Host: cdn2.editmysite.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.groomsbenefits.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-type: application/javascript
last-modified: Fri, 11 Nov 2022 17:05:34 GMT
etag: "636e80de-82588"
expires: Tue, 29 Nov 2022 13:25:03 GMT
cache-control: max-age=1209600
x-host: grn62.sf2p.intern.weebly.net
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Thu, 24 Nov 2022 14:57:19 GMT
age: 783136
x-served-by: cache-sjc10024-SJC, cache-bma1629-BMA
x-cache: HIT, HIT
x-cache-hits: 53, 1
x-timer: S1669301839.099094,VS0,VE1
vary: Accept-Encoding
access-control-allow-origin: *
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 159020
X-Firefox-Spdy: h2
www.groomsbenefits.com/uploads/1/1/2/3/112387325/employee-benefits-advisor-gurentee_orig.png
199.34.228.77200 OK 83 kB URL HTTP/1.1 www.groomsbenefits.com/uploads/1/1/2/3/112387325/employee-benefits-advisor-gurentee_orig.png
IP 199.34.228.77:0
File type PNG image data, 1100 x 733, 8-bit/color RGBA, non-interlaced\012- data
Hash 172dec35ca6334e96d2253f8daa92996
378d73ecdca2866ceb7b1a5d7b7fa532b6fac557
14f071d6a463376379341d89ab6c52ec395cd22080689f6f021ef7285a36b4cb
GET /uploads/1/1/2/3/112387325/employee-benefits-advisor-gurentee_orig.png HTTP/1.1
Host: www.groomsbenefits.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.groomsbenefits.com/?utm_medium=email&_hsmi=235309039&_hsenc=p2ANqtz--CX2hvriJoGkdcAM0wubFM0B_iPujho0i1xBMJbXdsulaURBNx8Fe7A4-5b1qKKeuYv_Nr6JD8xNKlQiZf0KvzsptaRA&utm_content=235309039&utm_source=hs_email
Cookie: is_mobile=0; language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 24 Nov 2022 14:57:19 GMT
Content-Type: image/png
Content-Length: 82952
Connection: keep-alive
Last-Modified: Mon, 30 Jul 2018 15:07:22 GMT
x-rgw-object-type: Normal
ETag: "172dec35ca6334e96d2253f8daa92996"
x-amz-request-id: tx00000000000003854caa7-00637f864d-c67eadd-sfo1
X-Storage-Bucket: z14f0
X-Storage-Object: 14f071d6a463376379341d89ab6c52ec395cd22080689f6f021ef7285a36b4cb
X-Host: grn17.sf2p.intern.weebly.net
Accept-Ranges: bytes
www.groomsbenefits.com/uploads/1/1/2/3/112387325/background-images/1996843700.jpg
199.34.228.77200 OK 14 kB URL HTTP/1.1 www.groomsbenefits.com/uploads/1/1/2/3/112387325/background-images/1996843700.jpg
IP 199.34.228.77:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1024x370, components 3\012- data
Hash 6601d08365e91806e9ef4584a42a988e
34387037475b38e42e390a7c5108147461d1fa38
5dec34342242bf636398d033dad19ca493df223d516031bdb61548fe716a1b7d
GET /uploads/1/1/2/3/112387325/background-images/1996843700.jpg HTTP/1.1
Host: www.groomsbenefits.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.groomsbenefits.com/?utm_medium=email&_hsmi=235309039&_hsenc=p2ANqtz--CX2hvriJoGkdcAM0wubFM0B_iPujho0i1xBMJbXdsulaURBNx8Fe7A4-5b1qKKeuYv_Nr6JD8xNKlQiZf0KvzsptaRA&utm_content=235309039&utm_source=hs_email
Cookie: is_mobile=0; language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 24 Nov 2022 14:57:20 GMT
Content-Type: image/jpeg
Content-Length: 14302
Connection: keep-alive
Last-Modified: Fri, 18 May 2018 16:58:14 GMT
x-rgw-object-type: Normal
ETag: "6601d08365e91806e9ef4584a42a988e"
x-amz-request-id: tx00000000000003854c969-00637f864b-c67eadd-sfo1
X-Storage-Bucket: z5dec
X-Storage-Object: 5dec34342242bf636398d033dad19ca493df223d516031bdb61548fe716a1b7d
X-Host: grn33.sf2p.intern.weebly.net
Accept-Ranges: bytes
www.groomsbenefits.com/uploads/1/1/2/3/112387325/gbs-official-logo-final_5_orig.png
199.34.228.77200 OK 37 kB URL HTTP/1.1 www.groomsbenefits.com/uploads/1/1/2/3/112387325/gbs-official-logo-final_5_orig.png
IP 199.34.228.77:0
File type PNG image data, 1813 x 408, 8-bit/color RGBA, non-interlaced\012- data
Hash 78ad44a9c1c34424650a12a7d4d28ac7
8e61b95812042ba32529713ab3afb218f286d3a0
d2b278949c52c8f00d2c90e505eeb23bb3fa681c0d0dab87b63b0144fe5d0a3a
GET /uploads/1/1/2/3/112387325/gbs-official-logo-final_5_orig.png HTTP/1.1
Host: www.groomsbenefits.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.groomsbenefits.com/?utm_medium=email&_hsmi=235309039&_hsenc=p2ANqtz--CX2hvriJoGkdcAM0wubFM0B_iPujho0i1xBMJbXdsulaURBNx8Fe7A4-5b1qKKeuYv_Nr6JD8xNKlQiZf0KvzsptaRA&utm_content=235309039&utm_source=hs_email
Cookie: is_mobile=0; language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 24 Nov 2022 14:57:19 GMT
Content-Type: image/png
Content-Length: 36984
Connection: keep-alive
Last-Modified: Thu, 30 Jan 2020 19:19:51 GMT
x-rgw-object-type: Normal
ETag: "78ad44a9c1c34424650a12a7d4d28ac7"
x-amz-request-id: tx00000000000003919b3df-00637f864b-c696eea-sfo1
X-Storage-Bucket: zd2b2
X-Storage-Object: d2b278949c52c8f00d2c90e505eeb23bb3fa681c0d0dab87b63b0144fe5d0a3a
X-Host: blu41.sf2p.intern.weebly.net
Accept-Ranges: bytes
www.groomsbenefits.com/uploads/1/1/2/3/112387325/published/istock-541976598.jpg?1611935515
199.34.228.77200 OK 1.7 kB URL HTTP/1.1 www.groomsbenefits.com/uploads/1/1/2/3/112387325/published/istock-541976598.jpg?1611935515
IP 199.34.228.77:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 55x37, components 3\012- data
Hash 934fb74592233ad79be210a41674529f
5e696d6000accfefe1f8b84865d90b708738f105
f1bed59a36049e7f681c06dad871e24dd56ec3ef41c6864680081d406656c6dd
Analyzer Verdict Alert fortinet Phishing
GET /uploads/1/1/2/3/112387325/published/istock-541976598.jpg?1611935515 HTTP/1.1
Host: www.groomsbenefits.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.groomsbenefits.com/?utm_medium=email&_hsmi=235309039&_hsenc=p2ANqtz--CX2hvriJoGkdcAM0wubFM0B_iPujho0i1xBMJbXdsulaURBNx8Fe7A4-5b1qKKeuYv_Nr6JD8xNKlQiZf0KvzsptaRA&utm_content=235309039&utm_source=hs_email
Cookie: is_mobile=0; language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 24 Nov 2022 14:57:20 GMT
Content-Type: image/jpeg
Content-Length: 1654
Connection: keep-alive
Last-Modified: Fri, 29 Jan 2021 15:51:55 GMT
x-rgw-object-type: Normal
ETag: "934fb74592233ad79be210a41674529f"
x-amz-request-id: tx0000000000000382ed392-00637f864b-c6aed46-sfo1
X-Storage-Bucket: zf1be
X-Storage-Object: f1bed59a36049e7f681c06dad871e24dd56ec3ef41c6864680081d406656c6dd
X-Host: grn14.sf2p.intern.weebly.net
Accept-Ranges: bytes
www.groomsbenefits.com/uploads/1/1/2/3/112387325/editor/eb.png?1529586084
199.34.228.77200 OK 5.2 kB URL HTTP/1.1 www.groomsbenefits.com/uploads/1/1/2/3/112387325/editor/eb.png?1529586084
IP 199.34.228.77:0
File type PNG image data, 130 x 130, 8-bit/color RGBA, non-interlaced\012- data
Hash add8809adb339d5ce435abf9ee623e20
0c454c5fa56d9466145fbee3c2cc322b6a51159a
f1b13b1c8a3ecf8c13c820189ebe4931395ec2035254f61dc80880aef8dd52d2
GET /uploads/1/1/2/3/112387325/editor/eb.png?1529586084 HTTP/1.1
Host: www.groomsbenefits.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.groomsbenefits.com/?utm_medium=email&_hsmi=235309039&_hsenc=p2ANqtz--CX2hvriJoGkdcAM0wubFM0B_iPujho0i1xBMJbXdsulaURBNx8Fe7A4-5b1qKKeuYv_Nr6JD8xNKlQiZf0KvzsptaRA&utm_content=235309039&utm_source=hs_email
Cookie: is_mobile=0; language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 24 Nov 2022 14:57:20 GMT
Content-Type: image/png
Content-Length: 5155
Connection: keep-alive
Last-Modified: Thu, 21 Jun 2018 13:01:24 GMT
x-rgw-object-type: Normal
ETag: "add8809adb339d5ce435abf9ee623e20"
x-amz-request-id: tx000000000000037d217c8-00637cff14-c669cc6-sfo1
X-Storage-Bucket: zf1b1
X-Storage-Object: f1b13b1c8a3ecf8c13c820189ebe4931395ec2035254f61dc80880aef8dd52d2
X-Host: blu83.sf2p.intern.weebly.net
Accept-Ranges: bytes
www.groomsbenefits.com/uploads/1/1/2/3/112387325/editor/tech.png?1529349532
199.34.228.77200 OK 5.3 kB URL HTTP/1.1 www.groomsbenefits.com/uploads/1/1/2/3/112387325/editor/tech.png?1529349532
IP 199.34.228.77:0
File type PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced\012- data
Hash 5e7f2b3d8dd6994fb5442d4c91cdb05f
a8c6b54f3521bd9428220f50f0637a57412cf47d
6fd61baf86dcc39494a1586355bce054999d9a9a1e4981fe92dbb01439e653e5
Analyzer Verdict Alert fortinet Phishing
GET /uploads/1/1/2/3/112387325/editor/tech.png?1529349532 HTTP/1.1
Host: www.groomsbenefits.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.groomsbenefits.com/?utm_medium=email&_hsmi=235309039&_hsenc=p2ANqtz--CX2hvriJoGkdcAM0wubFM0B_iPujho0i1xBMJbXdsulaURBNx8Fe7A4-5b1qKKeuYv_Nr6JD8xNKlQiZf0KvzsptaRA&utm_content=235309039&utm_source=hs_email
Cookie: is_mobile=0; language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 24 Nov 2022 14:57:20 GMT
Content-Type: image/png
Content-Length: 5330
Connection: keep-alive
Last-Modified: Mon, 18 Jun 2018 19:18:52 GMT
x-rgw-object-type: Normal
ETag: "5e7f2b3d8dd6994fb5442d4c91cdb05f"
x-amz-request-id: tx00000000000003919b541-00637f864d-c696eea-sfo1
X-Storage-Bucket: z6fd6
X-Storage-Object: 6fd61baf86dcc39494a1586355bce054999d9a9a1e4981fe92dbb01439e653e5
X-Host: blu41.sf2p.intern.weebly.net
Accept-Ranges: bytes
www.groomsbenefits.com/uploads/1/1/2/3/112387325/editor/management.png?1529675076
199.34.228.77200 OK 6.4 kB URL HTTP/1.1 www.groomsbenefits.com/uploads/1/1/2/3/112387325/editor/management.png?1529675076
IP 199.34.228.77:0
File type PNG image data, 131 x 131, 8-bit/color RGBA, non-interlaced\012- data
Hash eed8352ebc7ccd4950acdf60e6d4863d
0a12a8eced1d55ce11bee1ffca3beefb252c96c1
d230b45d3c0e9d28cea05d5eac7081a94cce327b1b5525dc8e01f560029e3b29
Analyzer Verdict Alert fortinet Phishing
GET /uploads/1/1/2/3/112387325/editor/management.png?1529675076 HTTP/1.1
Host: www.groomsbenefits.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.groomsbenefits.com/?utm_medium=email&_hsmi=235309039&_hsenc=p2ANqtz--CX2hvriJoGkdcAM0wubFM0B_iPujho0i1xBMJbXdsulaURBNx8Fe7A4-5b1qKKeuYv_Nr6JD8xNKlQiZf0KvzsptaRA&utm_content=235309039&utm_source=hs_email
Cookie: is_mobile=0; language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 24 Nov 2022 14:57:20 GMT
Content-Type: image/png
Content-Length: 6431
Connection: keep-alive
Last-Modified: Fri, 22 Jun 2018 13:44:36 GMT
x-rgw-object-type: Normal
ETag: "eed8352ebc7ccd4950acdf60e6d4863d"
x-amz-request-id: tx000000000000039349019-00637f8643-c669cc6-sfo1
X-Storage-Bucket: zd230
X-Storage-Object: d230b45d3c0e9d28cea05d5eac7081a94cce327b1b5525dc8e01f560029e3b29
X-Host: grn17.sf2p.intern.weebly.net
Accept-Ranges: bytes
www.groomsbenefits.com/uploads/1/1/2/3/112387325/editor/comm.png?1529349538
199.34.228.77200 OK 6.9 kB URL HTTP/1.1 www.groomsbenefits.com/uploads/1/1/2/3/112387325/editor/comm.png?1529349538
IP 199.34.228.77:0
File type PNG image data, 130 x 130, 8-bit/color RGBA, non-interlaced\012- data
Hash 7c41b8b6f3d54d8757e93c60ef2c50b3
db3c52221d0fd3d96302a8169dfccd0739892331
49d72111191f04168b7b8e9c8d0a1dbe6ae6d3c6c58e1d40a99a205f8c2224bf
Analyzer Verdict Alert fortinet Phishing
GET /uploads/1/1/2/3/112387325/editor/comm.png?1529349538 HTTP/1.1
Host: www.groomsbenefits.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.groomsbenefits.com/?utm_medium=email&_hsmi=235309039&_hsenc=p2ANqtz--CX2hvriJoGkdcAM0wubFM0B_iPujho0i1xBMJbXdsulaURBNx8Fe7A4-5b1qKKeuYv_Nr6JD8xNKlQiZf0KvzsptaRA&utm_content=235309039&utm_source=hs_email
Cookie: is_mobile=0; language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 24 Nov 2022 14:57:20 GMT
Content-Type: image/png
Content-Length: 6853
Connection: keep-alive
Last-Modified: Mon, 18 Jun 2018 19:18:59 GMT
x-rgw-object-type: Normal
ETag: "7c41b8b6f3d54d8757e93c60ef2c50b3"
x-amz-request-id: tx00000000000003919b375-00637f864b-c696eea-sfo1
X-Storage-Bucket: z49d7
X-Storage-Object: 49d72111191f04168b7b8e9c8d0a1dbe6ae6d3c6c58e1d40a99a205f8c2224bf
X-Host: grn155.sf2p.intern.weebly.net
Accept-Ranges: bytes
www.groomsbenefits.com/uploads/1/1/2/3/112387325/published/gbs-official-logo-final_3.png?1637761955
199.34.228.77200 OK 9.3 kB URL HTTP/1.1 www.groomsbenefits.com/uploads/1/1/2/3/112387325/published/gbs-official-logo-final_3.png?1637761955
IP 199.34.228.77:0
File type PNG image data, 273 x 84, 8-bit/color RGBA, non-interlaced\012- data
Hash 9da8c384fbe863d939252217b02fe47e
efc02b88d2741b3e22743e328434cdaee1eb15d2
cd8834a86f9860fd6727d274fae59a44d550bceb9513a7603a1af5c43964c4ed
Analyzer Verdict Alert fortinet Phishing
GET /uploads/1/1/2/3/112387325/published/gbs-official-logo-final_3.png?1637761955 HTTP/1.1
Host: www.groomsbenefits.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.groomsbenefits.com/?utm_medium=email&_hsmi=235309039&_hsenc=p2ANqtz--CX2hvriJoGkdcAM0wubFM0B_iPujho0i1xBMJbXdsulaURBNx8Fe7A4-5b1qKKeuYv_Nr6JD8xNKlQiZf0KvzsptaRA&utm_content=235309039&utm_source=hs_email
Cookie: is_mobile=0; language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 24 Nov 2022 14:57:20 GMT
Content-Type: image/png
Content-Length: 9340
Connection: keep-alive
Last-Modified: Wed, 24 Nov 2021 13:52:35 GMT
x-rgw-object-type: Normal
ETag: "9da8c384fbe863d939252217b02fe47e"
x-amz-request-id: tx00000000000003919b2aa-00637f864a-c696eea-sfo1
X-Storage-Bucket: zcd88
X-Storage-Object: cd8834a86f9860fd6727d274fae59a44d550bceb9513a7603a1af5c43964c4ed
X-Host: grn14.sf2p.intern.weebly.net
Accept-Ranges: bytes
www.groomsbenefits.com/uploads/1/1/2/3/112387325/editor/comp.png?1529603383
199.34.228.77200 OK 6.8 kB URL HTTP/1.1 www.groomsbenefits.com/uploads/1/1/2/3/112387325/editor/comp.png?1529603383
IP 199.34.228.77:0
File type PNG image data, 131 x 131, 8-bit/color RGBA, non-interlaced\012- data
Hash 8c21f0c648990ad4443e0ddcb2320cf3
22c3b24aec8d5079538f5e60441f0c6392933ca4
570f3d808bec1913da28797f8b85802779e74b7b4624fa498165dc9e4de249ed
Analyzer Verdict Alert fortinet Phishing
GET /uploads/1/1/2/3/112387325/editor/comp.png?1529603383 HTTP/1.1
Host: www.groomsbenefits.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.groomsbenefits.com/?utm_medium=email&_hsmi=235309039&_hsenc=p2ANqtz--CX2hvriJoGkdcAM0wubFM0B_iPujho0i1xBMJbXdsulaURBNx8Fe7A4-5b1qKKeuYv_Nr6JD8xNKlQiZf0KvzsptaRA&utm_content=235309039&utm_source=hs_email
Cookie: is_mobile=0; language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 24 Nov 2022 14:57:20 GMT
Content-Type: image/png
Content-Length: 6765
Connection: keep-alive
Last-Modified: Fri, 22 Jun 2018 03:17:52 GMT
x-rgw-object-type: Normal
ETag: "8c21f0c648990ad4443e0ddcb2320cf3"
x-amz-request-id: tx00000000000003854cc3d-00637f8650-c67eadd-sfo1
X-Storage-Bucket: z570f
X-Storage-Object: 570f3d808bec1913da28797f8b85802779e74b7b4624fa498165dc9e4de249ed
X-Host: grn155.sf2p.intern.weebly.net
Accept-Ranges: bytes
js.hs-banner.com/1540139.js
172.64.154.85200 OK 182 kB URL HTTP/2 js.hs-banner.com/1540139.js
IP 172.64.154.85:0
File type ASCII text, with very long lines (60033)
Size 182 kB (182478 bytes)
Hash 149da07c39692406906680cacdc81e44
8c6e6f91a8cae386a165a92d9b6e26317c576c38
2ac48d8e1cd7a6881bd45f28dbce5c3acfa337668b66b596d9429e71bfa9a2b5
GET /1540139.js HTTP/1.1
Host: js.hs-banner.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.groomsbenefits.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 24 Nov 2022 14:57:19 GMT
content-type: text/javascript; charset=UTF-8
x-amz-id-2: 5fTZ7ITlCF3jEvObgJiAZUCfu80jg4OuEO5S/2mOH4fqmkh01F9YCsHKpoqaEgBR2iq0F/Vi38s=
x-amz-request-id: XB6EA0TE6CAY97DA
last-modified: Tue, 25 Oct 2022 19:58:27 GMT
etag: W/"08c9947902f6959ede3aab3856fd49f9"
x-amz-server-side-encryption: AES256
cache-control: max-age=300, public
x-amz-version-id: tSwK4GwyqZeFZvtZz0Zybc3cnq6c2j8z
access-control-allow-origin: https://www.groomsbenefits.com
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-allow-credentials: true
access-control-max-age: 604800
timing-allow-origin: *
vary: origin, Accept-Encoding
expires: Thu, 24 Nov 2022 15:02:19 GMT
cf-cache-status: MISS
server: cloudflare
cf-ray: 76f2ff0fc8f10b4d-OSL
content-encoding: br
X-Firefox-Spdy: h2
www.groomsbenefits.com/uploads/1/1/2/3/112387325/background-images/1312451387.jpg
199.34.228.77200 OK 136 kB URL HTTP/1.1 www.groomsbenefits.com/uploads/1/1/2/3/112387325/background-images/1312451387.jpg
IP 199.34.228.77:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 2377x1262, components 3\012- data
Size 136 kB (135906 bytes)
Hash d7e9e5d20e034be6f057a0ab437edc01
895d5bbc87ecc74fcd64faf1d3862a2fe2201034
135de379873181d609ef10d3b7a859125bd5e84a84b31b65a7c36bb45db7e747
GET /uploads/1/1/2/3/112387325/background-images/1312451387.jpg HTTP/1.1
Host: www.groomsbenefits.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.groomsbenefits.com/?utm_medium=email&_hsmi=235309039&_hsenc=p2ANqtz--CX2hvriJoGkdcAM0wubFM0B_iPujho0i1xBMJbXdsulaURBNx8Fe7A4-5b1qKKeuYv_Nr6JD8xNKlQiZf0KvzsptaRA&utm_content=235309039&utm_source=hs_email
Cookie: is_mobile=0; language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 24 Nov 2022 14:57:20 GMT
Content-Type: image/jpeg
Content-Length: 135906
Connection: keep-alive
Last-Modified: Wed, 26 Sep 2018 20:54:35 GMT
x-rgw-object-type: Normal
ETag: "d7e9e5d20e034be6f057a0ab437edc01"
x-amz-request-id: tx0000000000000393495a8-00637f864c-c669cc6-sfo1
X-Storage-Bucket: z135d
X-Storage-Object: 135de379873181d609ef10d3b7a859125bd5e84a84b31b65a7c36bb45db7e747
X-Host: blu47.sf2p.intern.weebly.net
Accept-Ranges: bytes
ocsp.sca1b.amazontrust.com/
143.204.42.158200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.158:0
Hash aaede7c36f50769bd5d06cbe10682db3
120f6531ee6f59e11506ddd67655e901b7217e7d
5e215ff4205df39d95ee6396477bdf8625f3ab93bbbe02f36b7c6ed47a78eadd
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Thu, 24 Nov 2022 14:57:20 GMT
Last-Modified: Thu, 24 Nov 2022 14:41:06 GMT
Server: ECS (dcb/7EA4)
X-Cache: Miss from cloudfront
Via: 1.1 bcd5dadccb0831729969c938747ff79a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: VNCfIjA-zxufyA7LiX8OG6oaM-P_7qTaJtb0rK_-wY_XiX4G2CK9aA==
Age: 974
ocsp.sca1b.amazontrust.com/
143.204.42.158200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.158:0
Hash aaede7c36f50769bd5d06cbe10682db3
120f6531ee6f59e11506ddd67655e901b7217e7d
5e215ff4205df39d95ee6396477bdf8625f3ab93bbbe02f36b7c6ed47a78eadd
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=101249
Date: Thu, 24 Nov 2022 14:57:20 GMT
Etag: "637e5bab-1d7"
Expires: Fri, 25 Nov 2022 19:04:49 GMT
Last-Modified: Wed, 23 Nov 2022 17:43:07 GMT
Server: ECS (dcb/7F5E)
X-Cache: Miss from cloudfront
Via: 1.1 1d8cf7c8865ed1078c19a98771ad34ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: ujsnUkjRMB3jIqiJqsd9nbZMFeZ8Cq0dfaWscF4Odq8niQpx_1sFQw==
Age: 4902
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 43399d683475f0e5ef645489d57faa0a
3b55f890931aebc771c7a27b62504c13ed741e00
b3607af3eeeb7cacb35be67e02611ac2c2b547eccbda52a70cdc9fe0df76368a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6449
Cache-Control: max-age=121168
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 14:57:20 GMT
Etag: "637ea370-116"
Expires: Sat, 26 Nov 2022 00:36:48 GMT
Last-Modified: Wed, 23 Nov 2022 22:49:20 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 278
ssl.google-analytics.com/ga.js
142.250.74.104200 OK 17 kB URL HTTP/2 ssl.google-analytics.com/ga.js
IP 142.250.74.104:0
File type ASCII text, with very long lines (1305)
Hash 01d5892e6e243b52998310c2925b9f3a
58180151b6a6ee4af73583a214b68efb9e8844d4
7e90efb4620a78e8869796d256bcddbde90b853c8c15c5cc116cb11d3d17bc4d
GET /ga.js HTTP/1.1
Host: ssl.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.groomsbenefits.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 17168
date: Thu, 24 Nov 2022 14:17:12 GMT
expires: Thu, 24 Nov 2022 16:17:12 GMT
cache-control: public, max-age=7200
age: 2408
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
216.239.34.178200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 216.239.34.178:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.groomsbenefits.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Thu, 24 Nov 2022 14:41:08 GMT
expires: Thu, 24 Nov 2022 16:41:08 GMT
cache-control: public, max-age=7200
age: 972
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash 176c5bdeeb799ec212e8b21126aa58d5
02c76719828821643ec84cfe61ecb4499838021c
eaa1c4ffce046f2951b93258d2c8c396da596a86c40cb3954ea8ceb4b13aa842
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 24 Nov 2022 14:57:20 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 23 Nov 2022 16:30:36 GMT
Expires: Wed, 30 Nov 2022 16:30:35 GMT
Etag: "02c76719828821643ec84cfe61ecb4499838021c"
Cache-Control: max-age=523394,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76f2ff187fdcb4fa-OSL
www.google-analytics.com/j/collect?v=1&_v=j98&a=1666885595&t=pageview&_s=1&dl=https%3A%2F%2Fwww.groomsbenefits.com%2F%3Futm_medium%3Demail%26_hsmi%3D235309039%26_hsenc%3Dp2ANqtz--CX2hvriJoGkdcAM0wubFM0B_iPujho0i1xBMJbXdsulaURBNx8Fe7A4-5b1qKKeuYv_Nr6JD8xNKlQiZf0KvzsptaRA%26utm_content%3D235309039%26utm_source%3Dhs_email&ul=en-us&de=UTF-8&dt=Employee%20Benefit%20Solutions%20%7C%20Grooms%20Benefits&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=YEBAAUABAAAAACAAI~&jid=1921421416&gjid=1770072489&cid=2049675072.1669301840&tid=UA-107306435-1&_gid=915802351.1669301840&_r=1>m=2oub90&z=2105400542
216.239.34.178200 OK 2 B URL HTTP/2 www.google-analytics.com/j/collect?v=1&_v=j98&a=1666885595&t=pageview&_s=1&dl=https%3A%2F%2Fwww.groomsbenefits.com%2F%3Futm_medium%3Demail%26_hsmi%3D235309039%26_hsenc%3Dp2ANqtz--CX2hvriJoGkdcAM0wubFM0B_iPujho0i1xBMJbXdsulaURBNx8Fe7A4-5b1qKKeuYv_Nr6JD8xNKlQiZf0KvzsptaRA%26utm_content%3D235309039%26utm_source%3Dhs_email&ul=en-us&de=UTF-8&dt=Employee%20Benefit%20Solutions%20%7C%20Grooms%20Benefits&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=YEBAAUABAAAAACAAI~&jid=1921421416&gjid=1770072489&cid=2049675072.1669301840&tid=UA-107306435-1&_gid=915802351.1669301840&_r=1>m=2oub90&z=2105400542
IP 216.239.34.178:0
File type ASCII text, with no line terminators
Hash cc7a1e792bca8ccb1946b7a07f6dbc03
11a2757082428311f587b7664fa9840376137f80
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
POST /j/collect?v=1&_v=j98&a=1666885595&t=pageview&_s=1&dl=https%3A%2F%2Fwww.groomsbenefits.com%2F%3Futm_medium%3Demail%26_hsmi%3D235309039%26_hsenc%3Dp2ANqtz--CX2hvriJoGkdcAM0wubFM0B_iPujho0i1xBMJbXdsulaURBNx8Fe7A4-5b1qKKeuYv_Nr6JD8xNKlQiZf0KvzsptaRA%26utm_content%3D235309039%26utm_source%3Dhs_email&ul=en-us&de=UTF-8&dt=Employee%20Benefit%20Solutions%20%7C%20Grooms%20Benefits&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=YEBAAUABAAAAACAAI~&jid=1921421416&gjid=1770072489&cid=2049675072.1669301840&tid=UA-107306435-1&_gid=915802351.1669301840&_r=1>m=2oub90&z=2105400542 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://www.groomsbenefits.com
Connection: keep-alive
Referer: https://www.groomsbenefits.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://www.groomsbenefits.com
date: Thu, 24 Nov 2022 14:57:20 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ec.editmysite.com/com.snowplowanalytics.snowplow/tp2
44.232.247.128200 OK 0 B URL HTTP/2 ec.editmysite.com/com.snowplowanalytics.snowplow/tp2
IP 44.232.247.128:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /com.snowplowanalytics.snowplow/tp2 HTTP/1.1
Host: ec.editmysite.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://www.groomsbenefits.com/
Origin: https://www.groomsbenefits.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 24 Nov 2022 14:57:20 GMT
content-length: 0
server: nginx
access-control-allow-origin: https://www.groomsbenefits.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, SP-Anonymous
access-control-max-age: 600
X-Firefox-Spdy: h2
www.groomsbenefits.com/favicon.ico
199.34.228.77200 OK 17 kB URL HTTP/1.1 www.groomsbenefits.com/favicon.ico
IP 199.34.228.77:0
File type MS Windows icon resource - 1 icon, 64x64, 32 bits/pixel\012- data
Hash 6bec6988a42ab9151762539d0ea9e754
75d29d1722f46c9b2f06c77203f6b86e58d9ab19
0f08eff3fa4932e9884c70b01f4a0e0ad26a720bed06c1c943ffc877c359fd14
GET /favicon.ico HTTP/1.1
Host: www.groomsbenefits.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.groomsbenefits.com/?utm_medium=email&_hsmi=235309039&_hsenc=p2ANqtz--CX2hvriJoGkdcAM0wubFM0B_iPujho0i1xBMJbXdsulaURBNx8Fe7A4-5b1qKKeuYv_Nr6JD8xNKlQiZf0KvzsptaRA&utm_content=235309039&utm_source=hs_email
Cookie: is_mobile=0; language=en; _snow_ses.2bde=*; _snow_id.2bde=3b6d3fc5-c05a-4300-ba92-1fb7211164a8.1669301840.1.1669301840.1669301840.45f1a6fa-ca84-4378-b205-79a45ca9a547
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 24 Nov 2022 14:57:20 GMT
Content-Type: image/vnd.microsoft.icon
Content-Length: 16958
Connection: keep-alive
Last-Modified: Wed, 26 Sep 2018 20:54:01 GMT
x-rgw-object-type: Normal
ETag: "6bec6988a42ab9151762539d0ea9e754"
x-amz-request-id: tx00000000000003854cc6a-00637f8650-c67eadd-sfo1
X-Storage-Bucket: z0f08
X-Storage-Object: 0f08eff3fa4932e9884c70b01f4a0e0ad26a720bed06c1c943ffc877c359fd14
X-Host: blu41.sf2p.intern.weebly.net
Accept-Ranges: bytes
www.groomsbenefits.com/ajax/api/JsonRPC/CustomerAccounts/?CustomerAccounts[CustomerAccounts::getAccountDetails]
199.34.228.77200 OK 348 B URL HTTP/1.1 www.groomsbenefits.com/ajax/api/JsonRPC/CustomerAccounts/?CustomerAccounts[CustomerAccounts::getAccountDetails]
IP 199.34.228.77:0
File type JSON data\012- , ASCII text, with very long lines (348), with no line terminators
Hash a944dd688c99d2901d6719be713271c0
4f5454d5d434829baf46671638610791758725d9
adb97e1bc686c58b4286f1208d2bd969687c6cf3e2fc468697dfd956d260de49
Analyzer Verdict Alert fortinet Phishing
POST /ajax/api/JsonRPC/CustomerAccounts/?CustomerAccounts[CustomerAccounts::getAccountDetails] HTTP/1.1
Host: www.groomsbenefits.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 83
Origin: https://www.groomsbenefits.com
Connection: keep-alive
Referer: https://www.groomsbenefits.com/?utm_medium=email&_hsmi=235309039&_hsenc=p2ANqtz--CX2hvriJoGkdcAM0wubFM0B_iPujho0i1xBMJbXdsulaURBNx8Fe7A4-5b1qKKeuYv_Nr6JD8xNKlQiZf0KvzsptaRA&utm_content=235309039&utm_source=hs_email
Cookie: is_mobile=0; language=en; _snow_ses.2bde=*; _snow_id.2bde=3b6d3fc5-c05a-4300-ba92-1fb7211164a8.1669301840.1.1669301840.1669301840.45f1a6fa-ca84-4378-b205-79a45ca9a547
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 24 Nov 2022 14:57:20 GMT
Server: Apache
Vary: X-W-SSL,User-Agent
X-Host: blu116.sf2p.intern.weebly.net
X-UA-Compatible: IE=edge,chrome=1
Content-Length: 348
Keep-Alive: timeout=10, max=74
Connection: Keep-Alive
Content-Type: application/json
ec.editmysite.com/com.snowplowanalytics.snowplow/tp2
44.232.247.128200 OK 2 B URL HTTP/2 ec.editmysite.com/com.snowplowanalytics.snowplow/tp2
IP 44.232.247.128:0
File type ASCII text, with no line terminators
Hash 444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
POST /com.snowplowanalytics.snowplow/tp2 HTTP/1.1
Host: ec.editmysite.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json; charset=UTF-8
Content-Length: 1976
Origin: https://www.groomsbenefits.com
Connection: keep-alive
Referer: https://www.groomsbenefits.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 24 Nov 2022 14:57:20 GMT
content-type: text/plain; charset=UTF-8
content-length: 2
server: nginx
set-cookie: sp=22c03b39-b6e9-4bfa-9e9e-cc1cc97d2209; Expires=Fri, 24 Nov 2023 14:57:20 GMT; Domain=; Path=/; Secure; SameSite=None
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
access-control-allow-origin: https://www.groomsbenefits.com
access-control-allow-credentials: true
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash c2095f0645768792abcb4100af409047
7db95c1e64c4c44505ca7fa07b788f598dc223d0
697c4e67fd37fac1dfcc126afe0065832b0be8470653ded5f1d8532e7c0b00fa
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6151
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 14:57:21 GMT
Last-Modified: Thu, 24 Nov 2022 13:14:50 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 278
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash f86429279e19a89ba7fae87ba2406b4e
abfa5369a7feb4dfebf13f5eb902c3e860976238
76d03c181e150e7e3a61bfa8489231999fb562f6cb0b382c456b9a37da1106a6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 14:57:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
js.hs-analytics.net/analytics/1669301700000/1540139.js
104.17.67.176200 OK 20 kB URL HTTP/2 js.hs-analytics.net/analytics/1669301700000/1540139.js
IP 104.17.67.176:0
File type ASCII text, with very long lines (64108)
Hash 21a6bd44d4224a8c3359fbafd8767d87
3641cb02d02005b95f9797450733c70cc6dc45e1
c6e9238192136291fd535e81bb8a89c56c5eb5686b5e330cbc6c4583e509695c
GET /analytics/1669301700000/1540139.js HTTP/1.1
Host: js.hs-analytics.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.groomsbenefits.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 24 Nov 2022 14:57:21 GMT
content-type: text/javascript
x-amz-id-2: WN1IwJfbso4yJvmHSSX8gtYE2xd5e33g9gFxcxW9Ekc5Qnhko27oL40XhaOdZ8Whi9yQhMHEYOY=
x-amz-request-id: YKRAKNQMFQCQ94VN
last-modified: Fri, 04 Nov 2022 20:23:27 GMT
etag: W/"d11cc6eb46ce0b052e3a3c4e97753d69"
x-amz-server-side-encryption: AES256
cache-control: max-age=300, public
x-amz-version-id: null
access-control-allow-credentials: false
vary: origin, Accept-Encoding
expires: Thu, 24 Nov 2022 15:02:20 GMT
cf-cache-status: MISS
server: cloudflare
cf-ray: 76f2ff188d91b505-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash f86429279e19a89ba7fae87ba2406b4e
abfa5369a7feb4dfebf13f5eb902c3e860976238
76d03c181e150e7e3a61bfa8489231999fb562f6cb0b382c456b9a37da1106a6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 14:57:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
track.hubspot.com/__ptq.gif?k=1&sd=1280x1024&cd=24-bit&cs=UTF-8&ln=en-us&bfp=504767505&v=1.1&a=1540139&pu=https%3A%2F%2Fwww.groomsbenefits.com%2F%3Futm_medium%3Demail%26_hsmi%3D235309039%26_hsenc%3Dp2ANqtz--CX2hvriJoGkdcAM0wubFM0B_iPujho0i1xBMJbXdsulaURBNx8Fe7A4-5b1qKKeuYv_Nr6JD8xNKlQiZf0KvzsptaRA%26utm_content%3D235309039%26utm_source%3Dhs_email&t=Employee+Benefit+Solutions+%7C+Grooms+Benefits&cts=1669301840760&vi=a0c8f13bb8ec4ef9636131629c8d7e96&nc=true&u=82654921.a0c8f13bb8ec4ef9636131629c8d7e96.1669301840751.1669301840751.1669301840751.1&b=82654921.1.1669301840751&cc=15
104.19.154.83200 OK 45 B URL HTTP/2 track.hubspot.com/__ptq.gif?k=1&sd=1280x1024&cd=24-bit&cs=UTF-8&ln=en-us&bfp=504767505&v=1.1&a=1540139&pu=https%3A%2F%2Fwww.groomsbenefits.com%2F%3Futm_medium%3Demail%26_hsmi%3D235309039%26_hsenc%3Dp2ANqtz--CX2hvriJoGkdcAM0wubFM0B_iPujho0i1xBMJbXdsulaURBNx8Fe7A4-5b1qKKeuYv_Nr6JD8xNKlQiZf0KvzsptaRA%26utm_content%3D235309039%26utm_source%3Dhs_email&t=Employee+Benefit+Solutions+%7C+Grooms+Benefits&cts=1669301840760&vi=a0c8f13bb8ec4ef9636131629c8d7e96&nc=true&u=82654921.a0c8f13bb8ec4ef9636131629c8d7e96.1669301840751.1669301840751.1669301840751.1&b=82654921.1.1669301840751&cc=15
IP 104.19.154.83:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash c8817d472077ebfc04593c1fa019d32d
e1e86f41c86c7b9cd2e8b76c6a925a1a3e7e3247
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
GET /__ptq.gif?k=1&sd=1280x1024&cd=24-bit&cs=UTF-8&ln=en-us&bfp=504767505&v=1.1&a=1540139&pu=https%3A%2F%2Fwww.groomsbenefits.com%2F%3Futm_medium%3Demail%26_hsmi%3D235309039%26_hsenc%3Dp2ANqtz--CX2hvriJoGkdcAM0wubFM0B_iPujho0i1xBMJbXdsulaURBNx8Fe7A4-5b1qKKeuYv_Nr6JD8xNKlQiZf0KvzsptaRA%26utm_content%3D235309039%26utm_source%3Dhs_email&t=Employee+Benefit+Solutions+%7C+Grooms+Benefits&cts=1669301840760&vi=a0c8f13bb8ec4ef9636131629c8d7e96&nc=true&u=82654921.a0c8f13bb8ec4ef9636131629c8d7e96.1669301840751.1669301840751.1669301840751.1&b=82654921.1.1669301840751&cc=15 HTTP/1.1
Host: track.hubspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.groomsbenefits.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 24 Nov 2022 14:57:21 GMT
content-type: image/gif
content-length: 45
cf-ray: 76f2ff1b1927b4f1-OSL
cache-control: no-cache, no-store, no-transform
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: origin, Accept-Encoding
cf-cache-status: DYNAMIC
access-control-allow-credentials: false
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-hubspot-correlation-id: 1d2d6729-887e-4276-8bc7-e53f85f67787
x-robots-tag: none
set-cookie: __cf_bm=QQbI_cP6Q5W5t1oJpclFFJqUbkXmwrI1jdNaToZKHMg-1669301841-0-ASphkOlSLLg+EtWZeZlhWQnrg73NmgZ+t5Dbw5OkvLNJQzlySe6LKlUyVLbWzT9nwrrjwhygQnA6raxaqpXI5OI=; path=/; expires=Thu, 24-Nov-22 15:27:21 GMT; domain=.hubspot.com; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d7NpKXVW7bwoFFLJjXVeXI4Q3HpkfWM4RWf%2BklJrDWARRsJElZyPygwnspp3ey%2FS9h%2FrRgtWwHPfyNIcHStoQl15JTrRhEvF0aX7ZcDUv9c7GHdtAnIpws4Foa6mfgRUbih8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash c2095f0645768792abcb4100af409047
7db95c1e64c4c44505ca7fa07b788f598dc223d0
697c4e67fd37fac1dfcc126afe0065832b0be8470653ded5f1d8532e7c0b00fa
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6151
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 14:57:21 GMT
Last-Modified: Thu, 24 Nov 2022 13:14:50 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 278
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F707b8d34-3bd2-4793-9e17-c60d0b285f84.jpeg
34.120.237.76200 OK 9.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F707b8d34-3bd2-4793-9e17-c60d0b285f84.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash dc118bae963b381ce5450890130ecf15
9355a16a81b11e024dd2c5c0024aba1121fff925
cb5bc2cc49e05c133434eeb725690b3e32a0d3c6b75074582f941eee3bf7e1c1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F707b8d34-3bd2-4793-9e17-c60d0b285f84.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 9828
x-amzn-requestid: bf2f8429-416d-40d4-a237-7593ee26c27a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cEv0KHywIAMFvtA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637e934d-349e1dcc595b1be906a83577;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 21:40:29 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: bQcpPUgu6eN6PQeLMGWwBlf01iHj77_aXHjKmh8SH7HsWlUX6kipDg==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Wed, 23 Nov 2022 21:57:23 GMT
age: 61202
etag: "9355a16a81b11e024dd2c5c0024aba1121fff925"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
js.hs-scripts.com/1540139.js
104.17.212.204200 OK 0 B URL HTTP/2 js.hs-scripts.com/1540139.js
IP 104.17.212.204:0
GET /1540139.js HTTP/1.1
Host: js.hs-scripts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.groomsbenefits.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 24 Nov 2022 14:57:19 GMT
content-type: application/javascript;charset=utf-8
x-trace: 2BA44444BE92D10B2E7FF31FD5B71A7DCC0F44D19D000000000000000000
cache-control: public, max-age=60
vary: origin, Accept-Encoding
x-hubspot-correlation-id: 74ae7ed0-aeab-44c9-a4cf-1d09b266f0a1
access-control-allow-credentials: true
access-control-max-age: 3600
access-control-allow-origin: https://www.groomsbenefits.com
last-modified: Thu, 24 Nov 2022 14:57:19 GMT
cf-cache-status: MISS
expires: Thu, 24 Nov 2022 14:58:19 GMT
server: cloudflare
cf-ray: 76f2ff0d9e6db50b-OSL
content-encoding: br
X-Firefox-Spdy: h2
www.statcounter.com/counter/counter.js
104.20.229.67200 OK 0 B URL HTTP/2 www.statcounter.com/counter/counter.js
IP 104.20.229.67:0
GET /counter/counter.js HTTP/1.1
Host: www.statcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.groomsbenefits.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 24 Nov 2022 14:57:20 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 23 Nov 2022 10:19:33 GMT
etag: W/"637df3b5-aa70"
expires: Thu, 24 Nov 2022 22:48:37 GMT
cache-control: max-age=43200
cf-cache-status: HIT
age: 14923
server: cloudflare
cf-ray: 76f2ff18de2efac4-OSL
content-encoding: br
X-Firefox-Spdy: h2
c.statcounter.com/t.php?sc_project=11937852&u1=3C5F96FD7FEC4F856CAB5B8DFFD745AF&java=1&security=c4eb057d&sc_snum=1&sess=a8f3c4&p=0&rcat=d&rdom=d&rdomg=new&bb=1&jg=new&rr=1.1.1.1.1.1.1.1.1&resolution=1280&h=1024&camefrom=&u=https%3A//www.groomsbenefits.com/%3Futm_medium%3Demail%26_hsmi%3D235309039%26_hsenc%3Dp2ANqtz--CX2hvriJoGkdcAM0wubFM0B_iPujho0i1xBMJbXdsulaURBNx8Fe7A4-5b1qKKeuYv_Nr6JD8xNKlQiZf0KvzsptaRA%26utm_content%3D235309039%26utm_source%3Dhs_email&t=Employee%20Benefit%20Solutions%20%7C%20Grooms%20Benefits&invisible=1&sc_rum_e_s=3466&sc_rum_e_e=3470&sc_rum_f_s=0&sc_rum_f_e=3456&get_config=true
104.20.229.67200 OK 0 B URL HTTP/2 c.statcounter.com/t.php?sc_project=11937852&u1=3C5F96FD7FEC4F856CAB5B8DFFD745AF&java=1&security=c4eb057d&sc_snum=1&sess=a8f3c4&p=0&rcat=d&rdom=d&rdomg=new&bb=1&jg=new&rr=1.1.1.1.1.1.1.1.1&resolution=1280&h=1024&camefrom=&u=https%3A//www.groomsbenefits.com/%3Futm_medium%3Demail%26_hsmi%3D235309039%26_hsenc%3Dp2ANqtz--CX2hvriJoGkdcAM0wubFM0B_iPujho0i1xBMJbXdsulaURBNx8Fe7A4-5b1qKKeuYv_Nr6JD8xNKlQiZf0KvzsptaRA%26utm_content%3D235309039%26utm_source%3Dhs_email&t=Employee%20Benefit%20Solutions%20%7C%20Grooms%20Benefits&invisible=1&sc_rum_e_s=3466&sc_rum_e_e=3470&sc_rum_f_s=0&sc_rum_f_e=3456&get_config=true
IP 104.20.229.67:0
GET /t.php?sc_project=11937852&u1=3C5F96FD7FEC4F856CAB5B8DFFD745AF&java=1&security=c4eb057d&sc_snum=1&sess=a8f3c4&p=0&rcat=d&rdom=d&rdomg=new&bb=1&jg=new&rr=1.1.1.1.1.1.1.1.1&resolution=1280&h=1024&camefrom=&u=https%3A//www.groomsbenefits.com/%3Futm_medium%3Demail%26_hsmi%3D235309039%26_hsenc%3Dp2ANqtz--CX2hvriJoGkdcAM0wubFM0B_iPujho0i1xBMJbXdsulaURBNx8Fe7A4-5b1qKKeuYv_Nr6JD8xNKlQiZf0KvzsptaRA%26utm_content%3D235309039%26utm_source%3Dhs_email&t=Employee%20Benefit%20Solutions%20%7C%20Grooms%20Benefits&invisible=1&sc_rum_e_s=3466&sc_rum_e_e=3470&sc_rum_f_s=0&sc_rum_f_e=3456&get_config=true HTTP/1.1
Host: c.statcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.groomsbenefits.com
Connection: keep-alive
Referer: https://www.groomsbenefits.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 24 Nov 2022 14:57:20 GMT
content-type: application/json
p3p: policyref="http://www.statcounter.com/w3c/p3p.xml", CP="ADMa OUR COM NAV NID DSP NOI COR"
expires: Mon, 26 Jul 1997 05:00:00 GMT
set-cookie: is_unique=sc11937852.1669301840.0; SameSite=None; Secure; Expires=Tuesday, 23-Nov-2027 09:57:20 EST; Path=/; Domain=.statcounter.com
is_visitor_unique=1669301840749494668; SameSite=None; Secure; Expires=Saturday, 23-Nov-2024 09:57:20 EST; Path=/; Domain=.statcounter.com
access-control-allow-origin: https://www.groomsbenefits.com
access-control-allow-credentials: true
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 76f2ff191e5cfac4-OSL
content-encoding: br
X-Firefox-Spdy: h2
info.groomsbenefits.com/e3t/Ctc/T5+113/c9P9504/MWG56gTtZgSW6_X1YK2kBSjyW7vv0b_4SMY82N5LPbS73lLB3V1-WJV7CgN8WW2k8fqc3Mv0mHW8pV78Y5tFBYPW3h4D174jyBs9W1MKgbw8kLqzPW1hM1Qc80x_p7W1NjbmK51XSffW3bBgBR97tr44N3zBTMd4PgtTW4MyMBn8y06HkW1hlPy65f9P0kW5bfd9g1JQl14W2HvJK_8CPm_pW8vDtbJ7Jh9P0W6WZS_93hqX0DW91VRy71krLlCW2P7XtW4DTZzjW5GcF_r3jtJNzW745xm97kD1dcW6mP6t_937CpLW6DQX2b35K4MC38-H1
199.60.103.227200 OK 0 B URL HTTP/2 info.groomsbenefits.com/e3t/Ctc/T5+113/c9P9504/MWG56gTtZgSW6_X1YK2kBSjyW7vv0b_4SMY82N5LPbS73lLB3V1-WJV7CgN8WW2k8fqc3Mv0mHW8pV78Y5tFBYPW3h4D174jyBs9W1MKgbw8kLqzPW1hM1Qc80x_p7W1NjbmK51XSffW3bBgBR97tr44N3zBTMd4PgtTW4MyMBn8y06HkW1hlPy65f9P0kW5bfd9g1JQl14W2HvJK_8CPm_pW8vDtbJ7Jh9P0W6WZS_93hqX0DW91VRy71krLlCW2P7XtW4DTZzjW5GcF_r3jtJNzW745xm97kD1dcW6mP6t_937CpLW6DQX2b35K4MC38-H1
IP 199.60.103.227:0
ASN #209242 Cloudflare London, LLC
Analyzer Verdict Alert fortinet Phishing
GET /e3t/Ctc/T5+113/c9P9504/MWG56gTtZgSW6_X1YK2kBSjyW7vv0b_4SMY82N5LPbS73lLB3V1-WJV7CgN8WW2k8fqc3Mv0mHW8pV78Y5tFBYPW3h4D174jyBs9W1MKgbw8kLqzPW1hM1Qc80x_p7W1NjbmK51XSffW3bBgBR97tr44N3zBTMd4PgtTW4MyMBn8y06HkW1hlPy65f9P0kW5bfd9g1JQl14W2HvJK_8CPm_pW8vDtbJ7Jh9P0W6WZS_93hqX0DW91VRy71krLlCW2P7XtW4DTZzjW5GcF_r3jtJNzW745xm97kD1dcW6mP6t_937CpLW6DQX2b35K4MC38-H1 HTTP/1.1
Host: info.groomsbenefits.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Thu, 24 Nov 2022 14:57:17 GMT
content-type: text/html;charset=utf-8
cf-ray: 76f2ff00ae310b3d-OSL
last-modified: Thu, 24 Nov 2022 14:57:17 GMT
strict-transport-security: max-age=31536000
vary: origin, Accept-Encoding
cf-cache-status: MISS
access-control-allow-credentials: false
referrer-policy: no-referrer
x-hs-https-only: worker
x-hubspot-correlation-id: 7012d6fe-f162-446e-ad1d-1950eb5c8f7f
x-robots-tag: none
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rP%2F3hdOSXgYSXOXN2%2Ffn894cLhi%2BjCUzmX8AcRN5b21%2B07c4nXzdMcI0hW%2FxgNz3QdDA%2FOXAh22loeN3pJ0S8w6qfE3QuISHMO2mWIflwmkod3qc0MdCGQHMlPoBvSYVx72WvYKMJ4U2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
set-cookie: __cf_bm=fcyI1yvSdm2o3aQ1zW7coP__..htbThmkWdy5tP5p4k-1669301837-0-AdRTVfdWvF/tCQRd2I3XkkxF3Iyk/HOY2590iQnl9iCYJqs/0CfhYG2Ob+s0j4WFsUGo2SgT/sWEGd8vJ7Q1Bzw=; path=/; expires=Thu, 24-Nov-22 15:27:17 GMT; domain=.info.groomsbenefits.com; HttpOnly; Secure; SameSite=None
__cfruid=bebefdcc6a5c1c73c5f12ddd997fd24d1942e0a1-1669301837; path=/; domain=.info.groomsbenefits.com; HttpOnly; Secure; SameSite=None
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Open+Sans:400,300,300italic,700,400italic,700italic&subset=latin,latin-ext
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Open+Sans:400,300,300italic,700,400italic,700italic&subset=latin,latin-ext
IP 142.250.74.10:0
GET /css?family=Open+Sans:400,300,300italic,700,400italic,700italic&subset=latin,latin-ext HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.groomsbenefits.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 24 Nov 2022 14:57:19 GMT
date: Thu, 24 Nov 2022 14:57:19 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic&subset=latin,latin-ext
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic&subset=latin,latin-ext
IP 142.250.74.10:0
GET /css?family=Lora:400,700,400italic,700italic&subset=latin,latin-ext HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.groomsbenefits.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 24 Nov 2022 14:57:19 GMT
date: Thu, 24 Nov 2022 14:57:19 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Raleway:400,300,200,700&subset=latin,latin-ext
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Raleway:400,300,200,700&subset=latin,latin-ext
IP 142.250.74.10:0
GET /css?family=Raleway:400,300,200,700&subset=latin,latin-ext HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.groomsbenefits.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 24 Nov 2022 14:57:19 GMT
date: Thu, 24 Nov 2022 14:57:19 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Maven+Pro:400,700&subset=latin,latin-ext
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Maven+Pro:400,700&subset=latin,latin-ext
IP 142.250.74.10:0
GET /css?family=Maven+Pro:400,700&subset=latin,latin-ext HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.groomsbenefits.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 24 Nov 2022 14:57:19 GMT
date: Thu, 24 Nov 2022 14:57:19 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2