Report - mybenefitpartners.com/citibank/login.php?primarymember

Report Overview

Submitted URL
mybenefitpartners.com/citibank/login.php?primarymember_id=7ef10af6898174aee15d45537
IP
50.87.248.23
ASN
#46606 UNIFIEDLAYER-AS-1
Submitted
2022-09-26 18:49:09
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
16

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
stats.wpmucdn.com	40743	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	359 B	24 kB	151.139.242.7
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.7 kB	3.5 kB	142.250.74.3
130035.smushcdn.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	456 B	3.7 kB	151.139.243.27
i0.wp.com	3021	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	447 B	1.2 kB	192.0.77.2
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.3 kB	3.5 kB	23.36.76.226
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	5.8 kB	143.204.55.35
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.0 kB	4.4 kB	93.184.220.29
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	758 B	2.7 kB	143.204.55.35
hb.wpmucdn.com	43790	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.5 kB	109 kB	151.139.244.25
stats.wp.com	2711	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	353 B	356 B	192.0.76.3
stats1.wpmudev.com	32661	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	732 B	224 B	3.21.50.43
www.google.com	7	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	638 B	24 kB	142.250.74.164
mybenefitpartners.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	4.1 kB	93 kB	50.87.248.23
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	66 kB	34.120.237.76
pixel.wp.com	2545	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	519 B	239 B	192.0.76.3
www.gstatic.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.8 kB	347 kB	142.250.74.163
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	321 B	229 B	34.117.237.239
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	594 B	127 B	34.218.159.206
fonts.gstatic.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.4 kB	87 kB	142.250.74.163

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-09-26	medium	mybenefitpartners.com/citibank/login.php?primarymember_id=7ef10af6898174aee15d45537	Phishing
2022-09-26	medium	mybenefitpartners.com/wp-content/et-cache/global/et-divi-customizer-global.min.css?ver=1664052361	Phishing
2022-09-26	medium	mybenefitpartners.com/wp-content/et-cache/37/et-core-unified-cpt-37.min.css?ver=1664204710	Phishing
2022-09-26	medium	mybenefitpartners.com/wp-content/et-cache/37/et-core-unified-cpt-deferred-37.min.css?ver=1664052362	Phishing
2022-09-26	medium	mybenefitpartners.com/wp-content/et-cache/42/et-core-unified-cpt-deferred-42.min.css?ver=1664052362	Phishing
2022-09-26	medium	mybenefitpartners.com/wp-content/themes/Divi/core/admin/fonts/fontawesome/fa-solid-900.woff2	Phishing
2022-09-26	medium	mybenefitpartners.com/wp-content/themes/Divi/js/scripts.min.js	Phishing
2022-09-26	medium	mybenefitpartners.com/citibank/login.php?primarymember_id=7ef10af6898174aee15d45537	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (21)

	URL	Size	First Seen	Last Seen
	mybenefitpartners.com/citibank/login.php?primarymember_id=7ef10af6898174aee15d45537	47 B	2023-03-07	2024-04-19
Pretty URL mybenefitpartners.com/citibank/login.php?primarymember_id=7ef10af6898174aee15d45537 IP 50.87.248.23 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:48 Last Seen2024-04-19 23:26:46 Times Seen6610 Hash 2f518cfc8223c53c44094f57eacc972f a919f586352875054a0a7f438c3e3d33cb5768b3 1d89df5c4aeb93c45e67d479e74ca02e5a104d7e421e4f2415e4a204c9816b0b Loading...

	mybenefitpartners.com/citibank/login.php?primarymember_id=7ef10af6898174aee15d45537	104 B	2023-03-07	2024-04-20
Pretty URL mybenefitpartners.com/citibank/login.php?primarymember_id=7ef10af6898174aee15d45537 IP 50.87.248.23 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:33 Last Seen2024-04-20 00:22:51 Times Seen4273 Hash 3217923b47c3b4f1720c42f8cc99b87f 951a09e9e5b98a7ac8d114e42a743e5d41cb5dfb 39aa079dbe6286ef5a74421f2ca2a4d1b8f13b1c1506e51f0635a2c434b1b286 Loading...

	mybenefitpartners.com/citibank/login.php?primarymember_id=7ef10af6898174aee15d45537	1.6 kB	2023-03-08	2023-03-08
Pretty URL mybenefitpartners.com/citibank/login.php?primarymember_id=7ef10af6898174aee15d45537 IP 50.87.248.23 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 01:53:54 Last Seen2023-03-08 01:53:55 Times Seen1 Hash d9ad2f0a58df7a703c7a310f98a55482 b5c5a68bae6d29082a45e4a576eb46efb398fe6e fefd208b029e72150b67f8cb52abc5586dc7820c3dc1b54e7ecf1093f5e33f36 Loading...

	stats.wpmucdn.com/analytics.js	70 kB	2023-03-07	2024-04-18
Pretty URL stats.wpmucdn.com/analytics.js IP 151.139.242.7 ASN #12989 StackPath LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:24:47 Last Seen2024-04-18 15:50:45 Times Seen2957 Hash 434f3d0418b4425917954bf073f4d262 1119ad5f14fe6a7ce2cc7bdaea72245d5e05c71a 0995371a359a4a701d66f8b183de6144de9a042e5bac84b6f920968f51567742 Loading...

	unknown	0 B	2023-03-07	2024-04-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-20 08:39:30 Times Seen36970831 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	mybenefitpartners.com/citibank/login.php?primarymember_id=7ef10af6898174aee15d45537	150 B	2023-03-07	2024-04-18
Pretty URL mybenefitpartners.com/citibank/login.php?primarymember_id=7ef10af6898174aee15d45537 IP 50.87.248.23 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:11:11 Last Seen2024-04-18 11:27:49 Times Seen277 Hash 4cfe1bd612f5c3965c5c77837d9599b9 f293d1b30e3d2d6026eddf2a61fb27a953fb1014 4d8f747bce9b760f461e82645e61e3297687bda63948e7d806a8a07e1f4d10b8 Loading...

	hb.wpmucdn.com/mybenefitpartners.com/c8140b9c-17a3-4555-908e-ca7f6f866851.js	102 kB	2023-03-08	2023-03-08
Pretty URL hb.wpmucdn.com/mybenefitpartners.com/c8140b9c-17a3-4555-908e-ca7f6f866851.js IP 151.139.244.25 ASN #12989 StackPath LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:32:25 Last Seen2023-03-08 01:53:55 Times Seen1 Hash 7ff8e3e8c908f2fc99e7200d7b246d5f a699864fb4aef249d4d8ac856d867b77617e2338 bde06ab18ce571e1209f70a6e7a7ce8aa69c7cee617b0b66ed161a1d68bf4ec5 Loading...

	stats.wp.com/e-202239.js	9.0 kB	2023-03-07	2024-01-05
Pretty URL stats.wp.com/e-202239.js IP 192.0.76.3 ASN #2635 AUTOMATTIC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:19 Last Seen2024-01-05 09:08:33 Times Seen3233 Hash 9152c169155daa333287728cb8e4ae93 1e45a9ea1464acf983f022567cb9f669f4c77f65 82d0aae1e7b8cfc0574d6548d1f35096f5e4310321aa964ff3fdb46c4d12e302 Loading...

	mybenefitpartners.com/citibank/login.php?primarymember_id=7ef10af6898174aee15d45537	191 B	2023-03-08	2023-03-08
Pretty URL mybenefitpartners.com/citibank/login.php?primarymember_id=7ef10af6898174aee15d45537 IP 50.87.248.23 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:32:25 Last Seen2023-03-08 01:53:55 Times Seen1 Hash af1ef6b9d5b570a106367bccc2458448 b8c18406cabb10c9753d0d567fd23b332c6af975 6cd91536a3eb78bbe3e9a55edbe2249e9a134bf48fb5e9f4d03147886863f302 Loading...

	hb.wpmucdn.com/mybenefitpartners.com/32b52802-2199-4444-8d02-d43f4a470b2c.js	17 kB	2023-03-08	2023-03-08
Pretty URL hb.wpmucdn.com/mybenefitpartners.com/32b52802-2199-4444-8d02-d43f4a470b2c.js IP 151.139.244.25 ASN #12989 StackPath LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:32:25 Last Seen2023-03-08 01:53:55 Times Seen1 Hash 70b905bfbcdaa6ab19cd191c52c35515 1ac26444a1f8651002d1bfff86e25b47e26045b3 dd46359bcd096dcb3c705d9c7111b5b21e41e85f26e2a5ef38b0333e61942720 Loading...

	mybenefitpartners.com/citibank/login.php?primarymember_id=7ef10af6898174aee15d45537	503 B	2023-03-08	2023-03-08
Pretty URL mybenefitpartners.com/citibank/login.php?primarymember_id=7ef10af6898174aee15d45537 IP 50.87.248.23 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:32:25 Last Seen2023-03-08 01:53:55 Times Seen1 Hash 8c16db4f643aad4414f5e232a91444c2 075e49dbf71b4a83a6e8a5cc6ec4c0f240260916 fb79f2d1f94c48e58a8943d76edc064fb023f7d884a615c30ce9ddc33dc99d0f Loading...

	mybenefitpartners.com/citibank/login.php?primarymember_id=7ef10af6898174aee15d45537	180 B	2023-03-07	2024-04-17
Pretty URL mybenefitpartners.com/citibank/login.php?primarymember_id=7ef10af6898174aee15d45537 IP 50.87.248.23 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:06 Last Seen2024-04-17 22:34:30 Times Seen3180 Hash 623d6f59f2a5b2ba62b39858ccdd3989 6a97f16eb9c49657c50eb392d761380915ffd423 dd2c61ba8e6b506df9729d254d5c12b3c0f9de99bb7e5dba5f7e58c15d729f89 Loading...

	www.google.com/recaptcha/api2/anchor?ar=1&k=6Lfy1iodAAAAAM4zBZkDBcO-UgwDpMcLDvfw5V2p&co=aHR0cHM6Ly9teWJlbmVmaXRwYXJ0bmVycy5jb206NDQz&hl=en&v=ovmhLiigaw4D9ujHYlHcKKhP&size=invisible&cb=in8lnkjg2rhe	69 B	2023-03-07	2024-04-20
Pretty URL www.google.com/recaptcha/api2/anchor?ar=1&k=6Lfy1iodAAAAAM4zBZkDBcO-UgwDpMcLDvfw5V2p&co=aHR0cHM6Ly9teWJlbmVmaXRwYXJ0bmVycy5jb206NDQz&hl=en&v=ovmhLiigaw4D9ujHYlHcKKhP&size=invisible&cb=in8lnkjg2rhe IP 142.250.74.164 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:05 Last Seen2024-04-20 08:28:05 Times Seen99090 Hash 45ecf7458f42da80ac248ad42d610372 a5b3edf8328769bc754e6e616a957ceed4fdadd7 75867e75b209895995014b43c3d711476e3437481e5fbec91a4da674302558bf Loading...

	www.google.com/recaptcha/api2/anchor?ar=1&k=6Lfy1iodAAAAAM4zBZkDBcO-UgwDpMcLDvfw5V2p&co=aHR0cHM6Ly9teWJlbmVmaXRwYXJ0bmVycy5jb206NDQz&hl=en&v=ovmhLiigaw4D9ujHYlHcKKhP&size=invisible&cb=in8lnkjg2rhe	35 kB	2023-03-08	2023-03-08
Pretty URL www.google.com/recaptcha/api2/anchor?ar=1&k=6Lfy1iodAAAAAM4zBZkDBcO-UgwDpMcLDvfw5V2p&co=aHR0cHM6Ly9teWJlbmVmaXRwYXJ0bmVycy5jb206NDQz&hl=en&v=ovmhLiigaw4D9ujHYlHcKKhP&size=invisible&cb=in8lnkjg2rhe IP 142.250.74.164 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 01:53:55 Last Seen2023-03-08 01:53:55 Times Seen1 Hash 9a07490afb46947d1738e9650818a2b5 3072fdb066d8bb7552b8d373811725e842114672 87208927386724f01e44a9ddae1b0d5fb5986cfb483031929ba74ba214c40f3e Loading...

	mybenefitpartners.com/citibank/login.php?primarymember_id=7ef10af6898174aee15d45537	739 B	2023-03-07	2024-04-19
Pretty URL mybenefitpartners.com/citibank/login.php?primarymember_id=7ef10af6898174aee15d45537 IP 50.87.248.23 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:06 Last Seen2024-04-19 23:26:46 Times Seen4198 Hash ff682bd8e00a4c2b202a4d37f7ba3cdd 4b92aa9fb8a9cf79c352ece5cba00b2f281de332 d1576e7c5bb5b36cc04888b220fb672165073615b2423b76b51074334d616555 Loading...

	mybenefitpartners.com/citibank/login.php?primarymember_id=7ef10af6898174aee15d45537	558 B	2023-03-08	2023-03-08
Pretty URL mybenefitpartners.com/citibank/login.php?primarymember_id=7ef10af6898174aee15d45537 IP 50.87.248.23 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:32:25 Last Seen2023-03-08 01:53:55 Times Seen1 Hash e4fd18d00a8dd8e72e2b359c31fe430d 365a306f7adeea2330ab73380a7b389df19fd9c0 72328e2a876ee0080aa97b404199f01189c1beb7b3a42ae966470fdcc4a21b7d Loading...

		Size	First Seen	Last Seen
	#1 Eval - 2851c27fe4d7dcfce30aeaa53cfb59ed	16 kB	2023-03-07	2023-03-08
Pretty Observations First Seen2023-03-07 23:04:59 Last Seen2023-03-08 03:22:24 Times Seen1 Hash 2851c27fe4d7dcfce30aeaa53cfb59ed e6d6747077359e2996fcb8ce60c94647e548a120 b7bb0c5ac33ab436c5fe975360ef1af5f66987c6c8bf5c0569e749197b16ecaa Loading...

	#2 Eval - 1845a1a5613a3cc719cdfd0f4354c64d	22 B	2023-03-07	2023-03-08
Pretty Observations First Seen2023-03-07 23:04:59 Last Seen2023-03-08 03:22:24 Times Seen1 Hash 1845a1a5613a3cc719cdfd0f4354c64d d98cc33e5143dec9bb98528b47284c10072c60ce 531ec07d216cb5810b6ebf63f292c8c1759049139e175d847973b17cd08238fa Loading...

	#3 Eval - c4bcc9c08455c63b6941587911bb5e33	62 B	2023-03-07	2023-03-08
Pretty Observations First Seen2023-03-07 23:04:59 Last Seen2023-03-08 03:22:24 Times Seen1 Hash c4bcc9c08455c63b6941587911bb5e33 a63bdfb594e7769cde32b002448f0fec82476ce7 9a40ef33f7700831131770a8048c5a08faa312d7311fc2c6ced1909ea6e458ce Loading...

	#4 Eval - 8255e47c8659ff37c9b3a0934673908e	22 B	2023-03-07	2023-03-08
Pretty Observations First Seen2023-03-07 23:04:59 Last Seen2023-03-08 03:22:24 Times Seen1 Hash 8255e47c8659ff37c9b3a0934673908e e851f0d2bd2c672883af76176e787f6530feabcf d651a2902f113132877a12117727707b1031e8f12615f8a3a0ad138ea5eb79ea Loading...

	#5 Eval - d59644a258c7eebf069095afb0197f4e	20 kB	2023-03-08	2023-03-08
Pretty Observations First Seen2023-03-08 01:53:55 Last Seen2023-03-08 01:53:55 Times Seen1 Hash d59644a258c7eebf069095afb0197f4e a2af46abb68172c5c9491c901273815027b7e89b 7514eea0f70e4647fa424eb835dadcda750534a97f2eead22350086e7a852e9a Loading...

HTTP Transactions (54)

URL IP Response Size

firefox.settings.services.mozilla.com/v1/

143.204.55.35

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
143.204.55.35:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Mon, 26 Sep 2022 18:15:19 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 71c98156ae29b36a903974f9dd2568f8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: llqjAKP-YTp3vzcqiKnlyqit7mAQpD6zlOqLJAoBpCWIf6Jotr2tzA==
Age: 2020

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d2560f62890e75b8de444fed96c22f52
334ce0c48e606ee029f31eeb1463af87b1024bb9
4397e6b45b5822fbab9b83abe0b96ee70efba7cd2160b51936159865ede5fdb1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4397E6B45B5822FBAB9B83ABE0B96EE70EFBA7CD2160B51936159865EDE5FDB1"
Last-Modified: Sun, 25 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5283
Expires: Mon, 26 Sep 2022 20:17:02 GMT
Date: Mon, 26 Sep 2022 18:48:59 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain

143.204.55.35

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP
143.204.55.35:0
ASN
#16509 AMAZON-02

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Mon, 26 Sep 2022 04:35:16 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 aac54e3fe9825ce24d51e0204433c2c0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: TsDAoefuVT_tGV374xvOhgoGhzBcM70wD5Sfa45F4LJ3sScl_GDPwQ==
age: 51224
X-Firefox-Spdy: h2

mybenefitpartners.com/citibank/login.php?primarymember_id=7ef10af6898174aee15d45537

50.87.248.23

301 Moved Permanently

0 B

URL HTTP/1.1
mybenefitpartners.com/citibank/login.php?primarymember_id=7ef10af6898174aee15d45537
IP
50.87.248.23:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /citibank/login.php?primarymember_id=7ef10af6898174aee15d45537 HTTP/1.1
Host: mybenefitpartners.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Date: Mon, 26 Sep 2022 18:48:59 GMT
Server: Apache
X-Redirect-By: iThemes Security
Content-Security-Policy: upgrade-insecure-requests
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Permissions-Policy: accelerometer=(*), autoplay=(*), camera=(*), encrypted-media=(*), fullscreen=(*), geolocation=(*), microphone=(*), midi=(*), payment=(*), document-domain=(*), display-capture=(*)
X-Frame-Options: SAMEORIGIN
Cross-Origin-Opener-Policy: same-site
Cross-Origin-Resource-Policy: same-origin
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Location: https://mybenefitpartners.com/citibank/login.php?primarymember_id=7ef10af6898174aee15d45537
Cache-Control: max-age=0
Expires: Mon, 26 Sep 2022 18:48:59 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
X-Endurance-Cache-Level: 0
X-nginx-cache: WordPress
Content-Length: 0
Keep-Alive: timeout=5, max=75
Content-Type: text/html; charset=UTF-8

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 26 Sep 2022 18:48:59 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

143.204.55.35

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
143.204.55.35:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600, max-age=3600
Date: Mon, 26 Sep 2022 18:10:46 GMT
Expires: Mon, 26 Sep 2022 18:33:32 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 96c778ce6156d12f24b8b6cdaa0cbf66.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: HlFnQjeU4Fp8Zb6AhD7-OAhr10bilnuq2Jd8iTdgP2msJjTZDqnvZQ==
Age: 2293

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e082bc474c83126d30e9406f0c4620dd
91368e4813d2b70f4097aebbc985cb66df7d93e0
6cdbdcb6947f0a97286b3d0bd784524fba2e9df9ade97f49a951bcdb92b2b5e7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6CDBDCB6947F0A97286B3D0BD784524FBA2E9DF9ADE97F49A951BCDB92B2B5E7"
Last-Modified: Sat, 24 Sep 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21494
Expires: Tue, 27 Sep 2022 00:47:13 GMT
Date: Mon, 26 Sep 2022 18:48:59 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
5adb7eb1d103eadeeafac36e663ffdd3
23b784388dd634fa736cd60aed71570661e73d02
5c95ba48bc342887b4f7ef697bd4def50f6f2f472f654169179e5ac44df883d9

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3010
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 18:48:59 GMT
Last-Modified: Mon, 26 Sep 2022 17:58:49 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 471

push.services.mozilla.com/

34.218.159.206

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
34.218.159.206:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: A5C5lMaL4G8Of/TsWsX13g==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: UQrnfc9SmT9bTqTBo4JcZhFjHyo=

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
aade64a9f6d8a11f476faa1671477602
f963c726903f21da1a0e2da43b2cb3f4efe4eeac
7e47d8ecd3d69ed7cec458d3118d9c332d24dd12e503efdf84d5ab9bb2152334

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2163
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 18:49:00 GMT
Last-Modified: Mon, 26 Sep 2022 18:12:57 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 471

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
aade64a9f6d8a11f476faa1671477602
f963c726903f21da1a0e2da43b2cb3f4efe4eeac
7e47d8ecd3d69ed7cec458d3118d9c332d24dd12e503efdf84d5ab9bb2152334

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2163
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 18:49:00 GMT
Last-Modified: Mon, 26 Sep 2022 18:12:57 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 471

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
aade64a9f6d8a11f476faa1671477602
f963c726903f21da1a0e2da43b2cb3f4efe4eeac
7e47d8ecd3d69ed7cec458d3118d9c332d24dd12e503efdf84d5ab9bb2152334

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2593
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 18:49:00 GMT
Last-Modified: Mon, 26 Sep 2022 18:05:47 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
aade64a9f6d8a11f476faa1671477602
f963c726903f21da1a0e2da43b2cb3f4efe4eeac
7e47d8ecd3d69ed7cec458d3118d9c332d24dd12e503efdf84d5ab9bb2152334

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6356
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 18:49:00 GMT
Last-Modified: Mon, 26 Sep 2022 17:03:04 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471

mybenefitpartners.com/wp-content/et-cache/global/et-divi-customizer-global.min.css?ver=1664052361

50.87.248.23

200 OK

1.7 kB

URL HTTP/2
mybenefitpartners.com/wp-content/et-cache/global/et-divi-customizer-global.min.css?ver=1664052361
IP
50.87.248.23:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
ASCII text, with very long lines (5899), with no line terminators
Size
1.7 kB (1714 bytes)
Hash
69b07b2c450a279fa2b8feff598140a8
3a6e9f807056c4ff6509322a66ebf6f6bc43a9d8
3d2c8aa70d9bf7671d50db20f55111415547bcf8bc9f7fcb50b2923ae0dbb0a8

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/et-cache/global/et-divi-customizer-global.min.css?ver=1664052361 HTTP/1.1
Host: mybenefitpartners.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mybenefitpartners.com/citibank/login.php?primarymember_id=7ef10af6898174aee15d45537
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests
x-xss-protection: 0
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(*), autoplay=(*), camera=(*), encrypted-media=(*), fullscreen=(*), geolocation=(*), microphone=(*), midi=(*), payment=(*), document-domain=(*), display-capture=(*)
x-frame-options: SAMEORIGIN
cross-origin-opener-policy: same-site
cross-origin-resource-policy: same-origin
last-modified: Sat, 24 Sep 2022 20:46:01 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Tue, 26 Sep 2023 18:49:00 GMT
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 1714
content-type: text/css
date: Mon, 26 Sep 2022 18:49:00 GMT
server: Apache
X-Firefox-Spdy: h2

mybenefitpartners.com/wp-content/et-cache/37/et-core-unified-cpt-37.min.css?ver=1664204710

50.87.248.23

200 OK

1.3 kB

URL HTTP/2
mybenefitpartners.com/wp-content/et-cache/37/et-core-unified-cpt-37.min.css?ver=1664204710
IP
50.87.248.23:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
ASCII text, with very long lines (6845), with no line terminators
Size
1.3 kB (1297 bytes)
Hash
2edb76e536bf00d9918f6304e67dbaa7
104bcb2eb90f07ea70009cc35ec95f2dd9250bc3
3f24f565a6c028b285c2b8204db632ac0496f11480d01ff36893effcc3188686

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/et-cache/37/et-core-unified-cpt-37.min.css?ver=1664204710 HTTP/1.1
Host: mybenefitpartners.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mybenefitpartners.com/citibank/login.php?primarymember_id=7ef10af6898174aee15d45537
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests
x-xss-protection: 0
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(*), autoplay=(*), camera=(*), encrypted-media=(*), fullscreen=(*), geolocation=(*), microphone=(*), midi=(*), payment=(*), document-domain=(*), display-capture=(*)
x-frame-options: SAMEORIGIN
cross-origin-opener-policy: same-site
cross-origin-resource-policy: same-origin
last-modified: Mon, 26 Sep 2022 15:05:10 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Tue, 26 Sep 2023 18:49:00 GMT
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 1297
content-type: text/css
date: Mon, 26 Sep 2022 18:49:00 GMT
server: Apache
X-Firefox-Spdy: h2

mybenefitpartners.com/wp-content/et-cache/37/et-core-unified-cpt-deferred-37.min.css?ver=1664052362

50.87.248.23

200 OK

1.4 kB

URL HTTP/2
mybenefitpartners.com/wp-content/et-cache/37/et-core-unified-cpt-deferred-37.min.css?ver=1664052362
IP
50.87.248.23:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
ASCII text, with very long lines (8609), with no line terminators
Size
1.4 kB (1377 bytes)
Hash
1c85a0254c83a3325b8265bf4a6a0168
32e5b1e8198a1f79c8b80af8893960e54ecc3aa2
d493ae6ea1c52c7320c339cd2a43a6e84b424fa50b069c93070e0bc9dc63ab74

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/et-cache/37/et-core-unified-cpt-deferred-37.min.css?ver=1664052362 HTTP/1.1
Host: mybenefitpartners.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mybenefitpartners.com/citibank/login.php?primarymember_id=7ef10af6898174aee15d45537
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests
x-xss-protection: 0
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(*), autoplay=(*), camera=(*), encrypted-media=(*), fullscreen=(*), geolocation=(*), microphone=(*), midi=(*), payment=(*), document-domain=(*), display-capture=(*)
x-frame-options: SAMEORIGIN
cross-origin-opener-policy: same-site
cross-origin-resource-policy: same-origin
last-modified: Sat, 24 Sep 2022 20:46:02 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Tue, 26 Sep 2023 18:49:00 GMT
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 1377
content-type: text/css
date: Mon, 26 Sep 2022 18:49:00 GMT
server: Apache
X-Firefox-Spdy: h2

stats.wpmucdn.com/analytics.js

151.139.242.7

200 OK

24 kB

URL HTTP/2
stats.wpmucdn.com/analytics.js
IP
151.139.242.7:0
ASN
#12989 StackPath LLC

File type
ASCII text, with very long lines (1925)
Size
24 kB (23826 bytes)
Hash
66e020f73ca2ccdcb4ef1b1454e13b98
7c2d30bf730690ed2437db725f3c4de9ca9a9d11
45ec0d06a35d0b222d6d267005f6dce0507055f419aeb22a16b3035e49a7c576

HTTP Headers

GET /analytics.js HTTP/1.1
Host: stats.wpmucdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mybenefitpartners.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 26 Sep 2022 18:49:00 GMT
content-type: application/javascript
content-length: 23826
last-modified: Thu, 10 Feb 2022 17:56:53 GMT
etag: "620551e5-1131c"
expires: Thu, 21 Sep 2023 18:48:52 GMT
cache-control: max-age=31104000
content-encoding: gzip
vary: Accept-Encoding
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

mybenefitpartners.com/wp-content/et-cache/42/et-core-unified-cpt-deferred-42.min.css?ver=1664052362

50.87.248.23

200 OK

470 B

URL HTTP/2
mybenefitpartners.com/wp-content/et-cache/42/et-core-unified-cpt-deferred-42.min.css?ver=1664052362
IP
50.87.248.23:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
ASCII text, with very long lines (2925), with no line terminators
Size
470 B (470 bytes)
Hash
e60de1f415cb5043f121bc994d3d3a2f
d924e044771700d63126c284413b3886f2e21b3a
7baf9631d9beffde5149d193d22add505cad302c3e13b57475324645e4ffc073

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/et-cache/42/et-core-unified-cpt-deferred-42.min.css?ver=1664052362 HTTP/1.1
Host: mybenefitpartners.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mybenefitpartners.com/citibank/login.php?primarymember_id=7ef10af6898174aee15d45537
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests
x-xss-protection: 0
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(*), autoplay=(*), camera=(*), encrypted-media=(*), fullscreen=(*), geolocation=(*), microphone=(*), midi=(*), payment=(*), document-domain=(*), display-capture=(*)
x-frame-options: SAMEORIGIN
cross-origin-opener-policy: same-site
cross-origin-resource-policy: same-origin
last-modified: Sat, 24 Sep 2022 20:46:02 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Tue, 26 Sep 2023 18:49:00 GMT
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 470
content-type: text/css
date: Mon, 26 Sep 2022 18:49:00 GMT
server: Apache
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
d1256b6452c58ffb05e1db44d9d37a5f
04538f69abefe1019a0c4c6cc1fd3ffe5a5b2cfd
4bf592b24e41cf58e4ea973378a8559c4011a25ccdc51cc7a31457cc6561d22b

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 18:49:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
d1256b6452c58ffb05e1db44d9d37a5f
04538f69abefe1019a0c4c6cc1fd3ffe5a5b2cfd
4bf592b24e41cf58e4ea973378a8559c4011a25ccdc51cc7a31457cc6561d22b

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 18:49:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/questrial/v18/QdVUSTchPBm7nuUeVf7EvA.woff2

142.250.74.163

200 OK

53 kB

URL HTTP/2
fonts.gstatic.com/s/questrial/v18/QdVUSTchPBm7nuUeVf7EvA.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 53364, version 1.0\012- data
Size
53 kB (53364 bytes)
Hash
b46888b20cd46632326ecc12f3726004
34f963ee968c7f85c83224fd66976e4810a6e5d1
273cbf63ccd08e4b37a1dfdc5edd5ab0873e5d558d6d4b9e2b4e1197f69bd35b

HTTP Headers

GET /s/questrial/v18/QdVUSTchPBm7nuUeVf7EvA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://mybenefitpartners.com
Connection: keep-alive
Referer: https://hb.wpmucdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 53364
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 21 Sep 2022 19:42:46 GMT
expires: Thu, 21 Sep 2023 19:42:46 GMT
cache-control: public, max-age=31536000
age: 428775
last-modified: Wed, 27 Apr 2022 16:13:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
d1256b6452c58ffb05e1db44d9d37a5f
04538f69abefe1019a0c4c6cc1fd3ffe5a5b2cfd
4bf592b24e41cf58e4ea973378a8559c4011a25ccdc51cc7a31457cc6561d22b

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 18:49:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

hb.wpmucdn.com/mybenefitpartners.com/bc5ce0c0-022e-44db-956a-c398f2c6a176.css

151.139.244.25

200 OK

82 kB

URL HTTP/2
hb.wpmucdn.com/mybenefitpartners.com/bc5ce0c0-022e-44db-956a-c398f2c6a176.css
IP
151.139.244.25:0
ASN
#12989 StackPath LLC

File type
data
Size
82 kB (81548 bytes)
Hash
26632ad833ce9ac56f1d6598c6c1f9f1
2141c39c8d2e6b23a902145d6a0c84ecb28cf475
e8b9763685402d057a5617d88b3ddfdc77853ba289f457fb1cc9817a1ba78559

HTTP Headers

GET /mybenefitpartners.com/bc5ce0c0-022e-44db-956a-c398f2c6a176.css HTTP/1.1
Host: hb.wpmucdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mybenefitpartners.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 26 Sep 2022 18:49:00 GMT
content-type: text/css
last-modified: Fri, 23 Sep 2022 01:26:50 GMT
etag: W/"1358e37aa3b0ae480b728fb9e459867a"
cache-control: max-age=31104000
expires: Thu, 21 Sep 2023 18:49:00 GMT
hb-minify: minify=0.0%, origSize=88932
content-encoding: gzip
vary: Accept-Encoding
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
737756d717fd215d94458a21028ae486
ee3c3097bcb2ff3f5482b0dc6056b1549afa8f1f
8e705bae2060960e1b2f79c42ebc445d52f307aeac41b34d3a1789879e51b85a

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 18:49:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

hb.wpmucdn.com/mybenefitpartners.com/32b52802-2199-4444-8d02-d43f4a470b2c.js

151.139.244.25

200 OK

7.6 kB

URL HTTP/2
hb.wpmucdn.com/mybenefitpartners.com/32b52802-2199-4444-8d02-d43f4a470b2c.js
IP
151.139.244.25:0
ASN
#12989 StackPath LLC

File type
ASCII text, with very long lines (7870), with CRLF, LF line terminators
Size
7.6 kB (7634 bytes)
Hash
fcbce839f5333248245a10e25cd8aa04
34d69b4852d9dfc5faa954dac2d3394be72a8e2a
fa50ad71f985b5d9c575250b96f47ee9a72f0a83a8949dd98d81a451b378cee7

HTTP Headers

GET /mybenefitpartners.com/32b52802-2199-4444-8d02-d43f4a470b2c.js HTTP/1.1
Host: hb.wpmucdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mybenefitpartners.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 26 Sep 2022 18:49:00 GMT
content-type: application/javascript
last-modified: Fri, 23 Sep 2022 01:26:55 GMT
etag: W/"70b905bfbcdaa6ab19cd191c52c35515"
cache-control: max-age=31104000
expires: Thu, 21 Sep 2023 18:49:00 GMT
hb-minify: minify=2.5%, origSize=5714
content-encoding: gzip
vary: Accept-Encoding
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
5a6097201b7da81f6e9a6d99a7353a0c
d4240fe80c76013b9f7b6fd09963aa47151b8d6a
519e9b47ddfa1e1fe047f4dc7df88e3011817f88144fcc3853a7984a781c2070

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "519E9B47DDFA1E1FE047F4DC7DF88E3011817F88144FCC3853A7984A781C2070"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7802
Expires: Mon, 26 Sep 2022 20:59:03 GMT
Date: Mon, 26 Sep 2022 18:49:01 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
5a6097201b7da81f6e9a6d99a7353a0c
d4240fe80c76013b9f7b6fd09963aa47151b8d6a
519e9b47ddfa1e1fe047f4dc7df88e3011817f88144fcc3853a7984a781c2070

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "519E9B47DDFA1E1FE047F4DC7DF88E3011817F88144FCC3853A7984A781C2070"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7802
Expires: Mon, 26 Sep 2022 20:59:03 GMT
Date: Mon, 26 Sep 2022 18:49:01 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Febd85aa2-fe15-49c2-aa3e-38b97cb99849.jpeg

34.120.237.76

200 OK

5.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Febd85aa2-fe15-49c2-aa3e-38b97cb99849.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.2 kB (5157 bytes)
Hash
2fe8c4f0c70fb6c1f4259eabedc7015e
85e378d0fff856832a8dd01743516b9476fed8c6
508a1c7d350fcf82d1ece0b99f8557b2f300c7c1148f28c3ae9fece20530e4b6

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Febd85aa2-fe15-49c2-aa3e-38b97cb99849.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5157
x-amzn-requestid: b5748f49-693f-4bc3-a850-cb68e770de24
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZCUG9GUHIAMF7pw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6330cd5f-5d2aaa212cf1be2506593746;Sampled=0
x-amzn-remapped-date: Sun, 25 Sep 2022 21:51:27 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 4h9lb_7egxb2hBbxjcS_cpZ5lDq6Lx-c_WUZyRHdUA0YTwr6kgDuiQ==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 22:10:16 GMT
age: 74325
etag: "85e378d0fff856832a8dd01743516b9476fed8c6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc9985e6-5fe2-4d64-8060-3ea9e7ea528d.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10318 bytes)
Hash
a90590f26bae9ad9e95ffdfbfb7dd21d
cde7845f38c4c077f1f1cfda1d1e3b00065d3ac3
33fe3394213e01d11c3e005cb5a678ba74511704d4132fc2bd9f7ad4e1b7dbfc

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc9985e6-5fe2-4d64-8060-3ea9e7ea528d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10318
x-amzn-requestid: 6a205445-8a9e-4f25-b144-ba6e6934d383
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZCSlhFNAIAMFmBA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6330caef-61ecbf9154cd56131b940ac0;Sampled=0
x-amzn-remapped-date: Sun, 25 Sep 2022 21:41:04 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: qP5-TglQAoTGc78-rIK27mKRTS_WthN0OpiiMqSF-y2rmWxVOyfNVw==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 21:57:14 GMT
age: 75107
etag: "cde7845f38c4c077f1f1cfda1d1e3b00065d3ac3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb77ad616-c829-40b4-8b70-2be46252d64c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10279 bytes)
Hash
8ea5f06ad31f0cedd2cb5c6df82f35f4
60a83a1618ffae06e49ca3002bac1db9980dcfe8
5f6a4cb92c016ef0f229b11d727e9680a15b10782b5bfe9e66ad9d100b458d8d

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb77ad616-c829-40b4-8b70-2be46252d64c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10279
x-amzn-requestid: 0f361c26-1f12-421a-9752-7d4fcdf839ac
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y4V65GTXIAMF9-Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632cd045-25677a637307879044de8242;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 21:14:45 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: HfslSWhSAKRjZr-qqajVm6bKf9jGt2pXq8N8GlXgyTwRxWqw0y-CgA==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 989017835f43d594873bde5a7ee7fe5e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 06:49:49 GMT
age: 43152
etag: "60a83a1618ffae06e49ca3002bac1db9980dcfe8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7838a122-2b2e-4e4c-9bcc-7c6b46a93b1e.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (11728 bytes)
Hash
968b9c138702fb5994d1d9eab1a697fa
9660bb2d38079182efbd11d7a687bfc7f9d30751
5ba74820ad451747c8ed25529f06b037bebf4c0616a1f2165c9197c1171db7a6

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7838a122-2b2e-4e4c-9bcc-7c6b46a93b1e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11728
x-amzn-requestid: bf60e58f-c4f4-45c7-923b-0d1539f720f5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZCUCGGw7oAMF3wQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6330cd40-32043c1b1411544f5d00edc0;Sampled=0
x-amzn-remapped-date: Sun, 25 Sep 2022 21:50:56 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: ZRG0Axnhc5RY5rDbnnbauco9dpPeFdkP01UxkpNYI5pgSbfGKWcikw==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 22:16:26 GMT
age: 73955
etag: "9660bb2d38079182efbd11d7a687bfc7f9d30751"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

14 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feddf5115-4c67-4a03-b497-8b149b3c332c.png
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
14 kB (13584 bytes)
Hash
2c11e6fef1be62b971bd9daf378bfc95
ef9d756cbcda72cf7ef5029b7d384cd1fbaed633
b8369f83d6dddcd2355b81d8eb200791788165e56881ce21e1a1e9c8bb1bb2ef

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feddf5115-4c67-4a03-b497-8b149b3c332c.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 13584
x-amzn-requestid: 198bd2b4-d4ae-4f19-a500-463aee52b890
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZCTHgFdNoAMFwEw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6330cbc9-19a1f7d2102820da4b21f18b;Sampled=0
x-amzn-remapped-date: Sun, 25 Sep 2022 21:44:41 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: bGRBCfCtZkeYhbTpaE18IpIgUtOHyttE-0hRk8fWVB9sJS2rSbP22g==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 22:05:32 GMT
etag: "ef9d756cbcda72cf7ef5029b7d384cd1fbaed633"
content-type: image/jpeg
age: 74609
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9723d426-a6ee-4860-8067-0b8d98143233.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.6 kB (8637 bytes)
Hash
d02ede0c964f3346fd53ae2950bf2a62
e49306a3713cb724be024a4ddb5e90645718a718
c0e653d89656016c55aca9b198b9191620f1ae9a3c45742a90744bd74c4f9505

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9723d426-a6ee-4860-8067-0b8d98143233.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8637
x-amzn-requestid: 07dc23e0-000f-4f6c-8d2b-0e65d88be270
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZCSvvEenoAMFr0Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6330cb31-520803124760abc216152d7b;Sampled=0
x-amzn-remapped-date: Sun, 25 Sep 2022 21:42:09 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: mToVKJcSAtJB1AOuQ-Y9o_EZzyhUuZJivVa3DLql5FwzK4NC82kh5Q==
via: 1.1 27a84054de24e45f952ea4056a821764.cloudfront.net (CloudFront), 1.1 0d4ebcaa87ba94709def0eaac9371e5a.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 22:06:17 GMT
age: 74564
etag: "e49306a3713cb724be024a4ddb5e90645718a718"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

pixel.wp.com/g.gif?v=ext&j=1%3A11.3.2&blog=199840582&post=0&tz=0&srv=mybenefitpartners.com&host=mybenefitpartners.com&ref=&fcp=2103&rand=0.3476454358450163

192.0.76.3

200 OK

50 B

URL HTTP/2
pixel.wp.com/g.gif?v=ext&j=1%3A11.3.2&blog=199840582&post=0&tz=0&srv=mybenefitpartners.com&host=mybenefitpartners.com&ref=&fcp=2103&rand=0.3476454358450163
IP
192.0.76.3:0
ASN
#2635 AUTOMATTIC

File type
GIF image data, version 89a, 6 x 5\012- data
Size
50 B (50 bytes)
Hash
e4d673a55c5656f19ef81563fb10884c
1f2d8ed221d39329251ad3a6ff1edb20b7219443
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

HTTP Headers

GET /g.gif?v=ext&j=1%3A11.3.2&blog=199840582&post=0&tz=0&srv=mybenefitpartners.com&host=mybenefitpartners.com&ref=&fcp=2103&rand=0.3476454358450163 HTTP/1.1
Host: pixel.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mybenefitpartners.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 26 Sep 2022 18:49:01 GMT
content-type: image/gif
content-length: 50
cache-control: no-cache
access-control-allow-origin: *
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
7f0864a52b0779a0eb85008810aacdc6
a0e36731731324139683ae6cf8e9ffd8e5d57613
706a62efc8cb306bf4a460f12624743a9dade9af62a6a41cd4605fccabd98515

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1450
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 18:49:01 GMT
Last-Modified: Mon, 26 Sep 2022 18:24:51 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 471

hb.wpmucdn.com/mybenefitpartners.com/e9d648ba-0a60-4ce6-8286-9f94cd92ed21.css

151.139.244.25

200 OK

17 kB

URL HTTP/2
hb.wpmucdn.com/mybenefitpartners.com/e9d648ba-0a60-4ce6-8286-9f94cd92ed21.css
IP
151.139.244.25:0
ASN
#12989 StackPath LLC

File type
data
Size
17 kB (17177 bytes)
Hash
30c4ac2e177996b91998a5d6255020b2
c4e9425a5e907cda4fd56f82c61d4573389087c6
9edfb14d79170f7a38d20e789e0294321c1f3df1bdcb909b07d08051834e20c0

HTTP Headers

GET /mybenefitpartners.com/e9d648ba-0a60-4ce6-8286-9f94cd92ed21.css HTTP/1.1
Host: hb.wpmucdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mybenefitpartners.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 26 Sep 2022 18:49:00 GMT
content-type: text/css
last-modified: Fri, 23 Sep 2022 01:26:53 GMT
etag: W/"9cd15ef2908aed3584621a217197d506"
cache-control: max-age=31104000
expires: Thu, 21 Sep 2023 18:49:00 GMT
hb-minify: minify=0.3%, origSize=85960
content-encoding: gzip
vary: Accept-Encoding
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

130035.smushcdn.com/2538240/wp-content/uploads/2021/11/logo-my-benefit-partners.png?lossy=1&strip=1&webp=1

151.139.243.27

200 OK

3.2 kB

URL HTTP/2
130035.smushcdn.com/2538240/wp-content/uploads/2021/11/logo-my-benefit-partners.png?lossy=1&strip=1&webp=1
IP
151.139.243.27:0
ASN
#12989 StackPath LLC

File type
RIFF (little-endian) data, Web/P image\012- data
Size
3.2 kB (3236 bytes)
Hash
a598ef0620d77c91729b25ce67b027c7
a4fdcde4b5bcafda904f0e029673d0797f0f7f10
59844030df51df95aab0d6e99200e5ea22f89e5d91c0c55ba47d777e394f2141

HTTP Headers

GET /2538240/wp-content/uploads/2021/11/logo-my-benefit-partners.png?lossy=1&strip=1&webp=1 HTTP/1.1
Host: 130035.smushcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mybenefitpartners.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 26 Sep 2022 18:49:01 GMT
content-type: image/webp
content-length: 3236
last-modified: Fri, 02 Sep 2022 12:07:56 GMT
x-amz-expiration: expiry-date="Sun, 02 Oct 2022 12:07:56 GMT", rule-id="expire"
etag: "a598ef0620d77c91729b25ce67b027c7"
smushed: origFmt=png, origSize=6940, smushRatio=53.37, skipped=0, originCache=HIT
expires: Thu, 21 Sep 2023 18:49:01 GMT
cache-control: max-age=31104000
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

mybenefitpartners.com/wp-content/themes/Divi/core/admin/fonts/fontawesome/fa-solid-900.woff2

50.87.248.23

200 OK

80 kB

URL HTTP/2
mybenefitpartners.com/wp-content/themes/Divi/core/admin/fonts/fontawesome/fa-solid-900.woff2
IP
50.87.248.23:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
Web Open Font Format (Version 2), TrueType, length 80300, version 331.-31392\012- data
Size
80 kB (80300 bytes)
Hash
8e1ed89b6ccb8ce41faf5cb672677105
9b592048b9062b00f0b2dd782d70a95b7dc69b83
6b555920e358f8a25a422988b448615c33bcccb4f932e8331cebfc8e2a737fc7

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/themes/Divi/core/admin/fonts/fontawesome/fa-solid-900.woff2 HTTP/1.1
Host: mybenefitpartners.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://mybenefitpartners.com/wp-content/et-cache/notfound/et-divi-dynamic-tb-37-tb-42-late.css
Connection: keep-alive
Cookie: _pk_id.70088.4350=72e6f3670fd0cac7.1664218139.1.1664218139.1664218139.; _pk_ses.70088.4350=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests
x-xss-protection: 0
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(*), autoplay=(*), camera=(*), encrypted-media=(*), fullscreen=(*), geolocation=(*), microphone=(*), midi=(*), payment=(*), document-domain=(*), display-capture=(*)
x-frame-options: SAMEORIGIN
cross-origin-opener-policy: same-site
cross-origin-resource-policy: same-origin
last-modified: Fri, 12 Aug 2022 01:25:39 GMT
accept-ranges: bytes
content-length: 80300
cache-control: max-age=31536000
expires: Tue, 26 Sep 2023 18:49:01 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-type: font/woff2
date: Mon, 26 Sep 2022 18:49:01 GMT
server: Apache
X-Firefox-Spdy: h2

stats1.wpmudev.com/track/?action_name=Page%20not%20found%20%7C%20My%20Benefit%20Partners&idsite=70088&rec=1&r=818828&h=18&m=48&s=59&url=https%3A%2F%2Fmybenefitpartners.com%2Fcitibank%2Flogin.php%3Fprimarymember_id%3D7ef10af6898174aee15d45537&_id=72e6f3670fd0cac7&_idts=1664218139&_idvc=1&_idn=1&_refts=0&_viewts=1664218139&send_image=1&cookie=1&res=1280x1024&gt_ms=1100&pv_id=XEz7DU

3.21.50.43

200 OK

43 B

URL HTTP/2
stats1.wpmudev.com/track/?action_name=Page%20not%20found%20%7C%20My%20Benefit%20Partners&idsite=70088&rec=1&r=818828&h=18&m=48&s=59&url=https%3A%2F%2Fmybenefitpartners.com%2Fcitibank%2Flogin.php%3Fprimarymember_id%3D7ef10af6898174aee15d45537&_id=72e6f3670fd0cac7&_idts=1664218139&_idvc=1&_idn=1&_refts=0&_viewts=1664218139&send_image=1&cookie=1&res=1280x1024&gt_ms=1100&pv_id=XEz7DU
IP
3.21.50.43:0
ASN
#16509 AMAZON-02

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

HTTP Headers

GET /track/?action_name=Page%20not%20found%20%7C%20My%20Benefit%20Partners&idsite=70088&rec=1&r=818828&h=18&m=48&s=59&url=https%3A%2F%2Fmybenefitpartners.com%2Fcitibank%2Flogin.php%3Fprimarymember_id%3D7ef10af6898174aee15d45537&_id=72e6f3670fd0cac7&_idts=1664218139&_idvc=1&_idn=1&_refts=0&_viewts=1664218139&send_image=1&cookie=1&res=1280x1024&gt_ms=1100&pv_id=XEz7DU HTTP/1.1
Host: stats1.wpmudev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mybenefitpartners.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 26 Sep 2022 18:49:01 GMT
content-type: image/gif
content-length: 43
server: nginx
cache-control: no-store
content-encoding: none
X-Firefox-Spdy: h2

www.gstatic.com/recaptcha/releases/ovmhLiigaw4D9ujHYlHcKKhP/recaptcha__en.js

142.250.74.163

200 OK

158 kB

URL HTTP/2
www.gstatic.com/recaptcha/releases/ovmhLiigaw4D9ujHYlHcKKhP/recaptcha__en.js
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (826)
Size
158 kB (158248 bytes)
Hash
db1b5789e9915e9c82f5df92e5982980
2e193e502995501c85f45fd89d9f83707a7f9573
db9c82b18117d7cff0f674de758f5bbb39bc6dee969cee679c741090968b9206

HTTP Headers

GET /recaptcha/releases/ovmhLiigaw4D9ujHYlHcKKhP/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mybenefitpartners.com/
Origin: https://mybenefitpartners.com
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 158248
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 25 Sep 2022 22:25:55 GMT
expires: Mon, 25 Sep 2023 22:25:55 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 19 Sep 2022 04:01:43 GMT
content-type: text/javascript
age: 73386
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

i0.wp.com/mybenefitpartners.com/wp-content/uploads/2021/11/cropped-MBP_Icon.png?fit=32%2C32&ssl=1

192.0.77.2

200 OK

636 B

URL HTTP/2
i0.wp.com/mybenefitpartners.com/wp-content/uploads/2021/11/cropped-MBP_Icon.png?fit=32%2C32&ssl=1
IP
192.0.77.2:0
ASN
#2635 AUTOMATTIC

File type
RIFF (little-endian) data, Web/P image\012- data
Size
636 B (636 bytes)
Hash
a5ddfe391e66cdc7bcb3bcec92a715a7
13c6b84e2ee83b2a46fa73715cd430b0ef9c7961
951be6c4069c1356a55914e74d8a9d6b6dac8b927e3309884b8d6dadfafcef8f

HTTP Headers

GET /mybenefitpartners.com/wp-content/uploads/2021/11/cropped-MBP_Icon.png?fit=32%2C32&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mybenefitpartners.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 26 Sep 2022 18:49:01 GMT
content-type: image/webp
content-length: 636
last-modified: Sat, 24 Sep 2022 16:31:32 GMT
expires: Tue, 24 Sep 2024 04:31:32 GMT
cache-control: public, max-age=63115200
link: <https://mybenefitpartners.com/wp-content/uploads/2021/11/cropped-MBP_Icon.png>; rel="canonical"
x-content-type-options: nosniff
etag: "097a1108e1d5cf3d"
vary: Accept
x-nc: HIT arn 7
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
bc7883d0a03d9c3559288a600fecc70a
b0e538996510ec8c861264cba4bf79fa73f6f7d6
c3bdc9bb12c7c951ca2d861c95156de2c724acc82386e882864c464132e07ac3

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 18:49:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google.com/recaptcha/api2/anchor?ar=1&k=6Lfy1iodAAAAAM4zBZkDBcO-UgwDpMcLDvfw5V2p&co=aHR0cHM6Ly9teWJlbmVmaXRwYXJ0bmVycy5jb206NDQz&hl=en&v=ovmhLiigaw4D9ujHYlHcKKhP&size=invisible&cb=in8lnkjg2rhe

142.250.74.164

200 OK

23 kB

URL HTTP/2
www.google.com/recaptcha/api2/anchor?ar=1&k=6Lfy1iodAAAAAM4zBZkDBcO-UgwDpMcLDvfw5V2p&co=aHR0cHM6Ly9teWJlbmVmaXRwYXJ0bmVycy5jb206NDQz&hl=en&v=ovmhLiigaw4D9ujHYlHcKKhP&size=invisible&cb=in8lnkjg2rhe
IP
142.250.74.164:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (35016)
Size
23 kB (22615 bytes)
Hash
196bbf25a5215a5f4570f511d52bab95
42a5268f37cfa0941dd49e68db60a67e8191d21e
c76300f9c9a436a998a577c9a0e8e503d991f63f8d65fd6cf64ea9ecae0b6d68

HTTP Headers

GET /recaptcha/api2/anchor?ar=1&k=6Lfy1iodAAAAAM4zBZkDBcO-UgwDpMcLDvfw5V2p&co=aHR0cHM6Ly9teWJlbmVmaXRwYXJ0bmVycy5jb206NDQz&hl=en&v=ovmhLiigaw4D9ujHYlHcKKhP&size=invisible&cb=in8lnkjg2rhe HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mybenefitpartners.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 26 Sep 2022 18:49:01 GMT
content-security-policy: script-src 'nonce-jOC68yDdDhcIuaWERyV25w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 22615
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.gstatic.com/recaptcha/releases/ovmhLiigaw4D9ujHYlHcKKhP/styles__ltr.css

142.250.74.163

200 OK

24 kB

URL HTTP/2
www.gstatic.com/recaptcha/releases/ovmhLiigaw4D9ujHYlHcKKhP/styles__ltr.css
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (52762), with no line terminators
Size
24 kB (24251 bytes)
Hash
f2d649025c814be9c33f166a5e04fe88
26bf59de631415927ba2c6c9e44fe9c763f95313
f95ec963b7657097e1ef827fc07d96eda5b63f7d3e17b5a1b5eeb7a8d0b67921

HTTP Headers

GET /recaptcha/releases/ovmhLiigaw4D9ujHYlHcKKhP/styles__ltr.css HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 24251
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 25 Sep 2022 08:33:30 GMT
expires: Mon, 25 Sep 2023 08:33:30 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 19 Sep 2022 04:01:43 GMT
content-type: text/css
age: 123331
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.gstatic.com/recaptcha/releases/ovmhLiigaw4D9ujHYlHcKKhP/recaptcha__en.js

142.250.74.163

200 OK

158 kB

URL HTTP/2
www.gstatic.com/recaptcha/releases/ovmhLiigaw4D9ujHYlHcKKhP/recaptcha__en.js
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (826)
Size
158 kB (158248 bytes)
Hash
db1b5789e9915e9c82f5df92e5982980
2e193e502995501c85f45fd89d9f83707a7f9573
db9c82b18117d7cff0f674de758f5bbb39bc6dee969cee679c741090968b9206

HTTP Headers

GET /recaptcha/releases/ovmhLiigaw4D9ujHYlHcKKhP/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 158248
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 25 Sep 2022 22:25:55 GMT
expires: Mon, 25 Sep 2023 22:25:55 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 19 Sep 2022 04:01:43 GMT
content-type: text/javascript
age: 73386
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

142.250.74.163

200 OK

15 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Size
15 kB (15344 bytes)
Hash
5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

HTTP Headers

GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 24 Sep 2022 12:31:58 GMT
expires: Sun, 24 Sep 2023 12:31:58 GMT
cache-control: public, max-age=31536000
age: 195423
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

142.250.74.163

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Size
16 kB (15552 bytes)
Hash
285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

HTTP Headers

GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 23 Sep 2022 00:48:31 GMT
expires: Sat, 23 Sep 2023 00:48:31 GMT
cache-control: public, max-age=31536000
age: 324030
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.gstatic.com/recaptcha/api2/logo_48.png

142.250.74.163

200 OK

2.2 kB

URL HTTP/2
www.gstatic.com/recaptcha/api2/logo_48.png
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced\012- data
Size
2.2 kB (2228 bytes)
Hash
ef9941290c50cd3866e2ba6b793f010d
4736508c795667dcea21f8d864233031223b7832
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a

HTTP Headers

GET /recaptcha/api2/logo_48.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gstatic.com/recaptcha/releases/ovmhLiigaw4D9ujHYlHcKKhP/styles__ltr.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 2228
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 19 Sep 2022 20:02:15 GMT
expires: Mon, 26 Sep 2022 20:02:15 GMT
cache-control: public, max-age=604800
age: 600407
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

hb.wpmucdn.com/mybenefitpartners.com/c8140b9c-17a3-4555-908e-ca7f6f866851.js

151.139.244.25

200 OK

0 B

URL HTTP/2
hb.wpmucdn.com/mybenefitpartners.com/c8140b9c-17a3-4555-908e-ca7f6f866851.js
IP
151.139.244.25:0
ASN
#12989 StackPath LLC

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /mybenefitpartners.com/c8140b9c-17a3-4555-908e-ca7f6f866851.js HTTP/1.1
Host: hb.wpmucdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mybenefitpartners.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 26 Sep 2022 18:49:00 GMT
content-type: application/javascript
last-modified: Fri, 23 Sep 2022 01:26:54 GMT
etag: W/"7ff8e3e8c908f2fc99e7200d7b246d5f"
cache-control: max-age=31104000
expires: Thu, 21 Sep 2023 18:49:00 GMT
hb-minify: minify=0.0%, origSize=685
content-encoding: gzip
vary: Accept-Encoding
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

stats.wp.com/e-202239.js

192.0.76.3

200 OK

0 B

URL HTTP/2
stats.wp.com/e-202239.js
IP
192.0.76.3:0
ASN
#2635 AUTOMATTIC

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /e-202239.js HTTP/1.1
Host: stats.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mybenefitpartners.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 26 Sep 2022 18:49:00 GMT
content-type: application/javascript
vary: Accept-Encoding
etag: W/"6197c5cf-3508"
content-encoding: br
expires: Sun, 17 Sep 2023 22:04:35 GMT
cache-control: max-age=31536000
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
x-nc: HIT arn
X-Firefox-Spdy: h2

mybenefitpartners.com/wp-content/themes/Divi/js/scripts.min.js

50.87.248.23

200 OK

0 B

URL HTTP/2
mybenefitpartners.com/wp-content/themes/Divi/js/scripts.min.js
IP
50.87.248.23:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/themes/Divi/js/scripts.min.js HTTP/1.1
Host: mybenefitpartners.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mybenefitpartners.com/citibank/login.php?primarymember_id=7ef10af6898174aee15d45537
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests
x-xss-protection: 0
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(*), autoplay=(*), camera=(*), encrypted-media=(*), fullscreen=(*), geolocation=(*), microphone=(*), midi=(*), payment=(*), document-domain=(*), display-capture=(*)
x-frame-options: SAMEORIGIN
cross-origin-opener-policy: same-site
cross-origin-resource-policy: same-origin
last-modified: Fri, 12 Aug 2022 01:25:39 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Tue, 26 Sep 2023 18:49:00 GMT
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-type: application/javascript
date: Mon, 26 Sep 2022 18:49:00 GMT
server: Apache
X-Firefox-Spdy: h2

mybenefitpartners.com/citibank/login.php?primarymember_id=7ef10af6898174aee15d45537

50.87.248.23

404 Not Found

0 B

URL HTTP/2
mybenefitpartners.com/citibank/login.php?primarymember_id=7ef10af6898174aee15d45537
IP
50.87.248.23:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /citibank/login.php?primarymember_id=7ef10af6898174aee15d45537 HTTP/1.1
Host: mybenefitpartners.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 404 Not Found
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://mybenefitpartners.com/wp-json/>; rel="https://api.w.org/"
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests
x-xss-protection: 0
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(*), autoplay=(*), camera=(*), encrypted-media=(*), fullscreen=(*), geolocation=(*), microphone=(*), midi=(*), payment=(*), document-domain=(*), display-capture=(*)
x-frame-options: SAMEORIGIN
cross-origin-opener-policy: same-site
cross-origin-resource-policy: same-origin
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-type: text/html; charset=UTF-8
date: Mon, 26 Sep 2022 18:48:59 GMT
server: Apache
X-Firefox-Spdy: h2

hb.wpmucdn.com/mybenefitpartners.com/f8325c78-1502-4947-ab77-fb47724bcf22.css

151.139.244.25

200 OK

0 B

URL HTTP/2
hb.wpmucdn.com/mybenefitpartners.com/f8325c78-1502-4947-ab77-fb47724bcf22.css
IP
151.139.244.25:0
ASN
#12989 StackPath LLC

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /mybenefitpartners.com/f8325c78-1502-4947-ab77-fb47724bcf22.css HTTP/1.1
Host: hb.wpmucdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mybenefitpartners.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 26 Sep 2022 18:49:00 GMT
content-type: text/css
last-modified: Fri, 23 Sep 2022 01:26:52 GMT
etag: W/"0fd40e1d6ae1ab8ca014440ca93a0668"
cache-control: max-age=31104000
expires: Thu, 21 Sep 2023 18:49:00 GMT
hb-minify: minify=50.2%, origSize=70564
content-encoding: gzip
vary: Accept-Encoding
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

hb.wpmucdn.com/mybenefitpartners.com/c9830f97-cc20-4ed0-8f03-e3ac1d5e5815.css

151.139.244.25

200 OK

0 B

URL HTTP/2
hb.wpmucdn.com/mybenefitpartners.com/c9830f97-cc20-4ed0-8f03-e3ac1d5e5815.css
IP
151.139.244.25:0
ASN
#12989 StackPath LLC

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /mybenefitpartners.com/c9830f97-cc20-4ed0-8f03-e3ac1d5e5815.css HTTP/1.1
Host: hb.wpmucdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mybenefitpartners.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 26 Sep 2022 18:49:00 GMT
content-type: text/css
last-modified: Fri, 23 Sep 2022 01:26:50 GMT
etag: W/"1089a9ac94db2018351bd3017b8dd858"
cache-control: max-age=31104000
expires: Thu, 21 Sep 2023 18:49:00 GMT
hb-minify: minify=0.0%, origSize=11430
content-encoding: gzip
vary: Accept-Encoding
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (21)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP