r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d4e95d0d8982bcd07804baf6fc88231c
5027abda0875bd2529dd4d6691784c74da71a9ee
373799b5749d2cb08b5721699a3e4c6b94b0d41604ac07d4ef7179e47dabc71f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "373799B5749D2CB08B5721699A3E4C6B94B0D41604AC07D4EF7179E47DABC71F"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14593
Expires: Fri, 03 Feb 2023 17:23:37 GMT
Date: Fri, 03 Feb 2023 13:20:24 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e935ea42be4feaed61a824b0b903913e
f966cfa80d65a805cb9d7c6a53b3340865d7c51a
eb0ce9ae50d156fe5924b2d77346735e4e93b5240cff301c9aa835bb0b385815
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EB0CE9AE50D156FE5924B2D77346735E4E93B5240CFF301C9AA835BB0B385815"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13004
Expires: Fri, 03 Feb 2023 16:57:08 GMT
Date: Fri, 03 Feb 2023 13:20:24 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Backoff, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 03 Feb 2023 12:36:10 GMT
content-type: application/json
age: 2654
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7d2222d41721947297aaeb5a6e3d0714
04cc1ee417c8bf6338657fd4c2e4e1c1ddfd3065
de0e45969a2ad95e52f7e2fbd0d021d9075dd7b14666c929346efe111f648f7c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DE0E45969A2AD95E52F7E2FBD0D021D9075DD7B14666C929346EFE111F648F7C"
Last-Modified: Thu, 02 Feb 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14893
Expires: Fri, 03 Feb 2023 17:28:37 GMT
Date: Fri, 03 Feb 2023 13:20:24 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: /iEeH9LZXbZcRy8QPnq6wjIMIZkAzJtl8nfIkJlpXn2ZL44MeKGDeZOcFbPp7Crsr/7Tcgp78A8=
x-amz-request-id: D15VXANWMENQE0MN
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 03 Feb 2023 12:23:32 GMT
age: 3412
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 13:20:24 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Content-Type, ETag, Last-Modified, Alert, Retry-After, Content-Length, Cache-Control, Pragma, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 03 Feb 2023 13:07:19 GMT
age: 785
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8913af0be619500295008bb91f506660
a7b8068ba9aa506205a295b24458c2616997a0d1
6a9838d00256431807ca382fc205064b07c08d5054f2895c2ae3cc4e9094179a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6A9838D00256431807CA382FC205064B07C08D5054F2895C2AE3CC4E9094179A"
Last-Modified: Wed, 01 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13690
Expires: Fri, 03 Feb 2023 17:08:35 GMT
Date: Fri, 03 Feb 2023 13:20:25 GMT
Connection: keep-alive
benefits-expert.com/most-line-managers-think-they-can-health-wellbeing-support/
185.219.238.35200 OK 33 kB URL HTTP/1.1 benefits-expert.com/most-line-managers-think-they-can-health-wellbeing-support/
IP 185.219.238.35:0
ASN #41000 Freethought Internet Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (22979)
Hash da8594927d21a0f55c9a8e78cc5ecb25
fab7d65bc7310cfdaea37b94de2e9572b76111a7
79aac80f73089497556a13f5174d42d398ff298ec068cb01cfc28bab1fd1c9fe
NIDS Severity Alert suricata low ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
suricata low ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
suricata low ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3
GET /most-line-managers-think-they-can-health-wellbeing-support/ HTTP/1.1
Host: benefits-expert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html; charset=UTF-8
link: <https://benefits-expert.com/wp-json/>; rel="https://api.w.org/", <https://benefits-expert.com/wp-json/wp/v2/posts/35272>; rel="alternate"; type="application/json", <https://benefits-expert.com/?p=35272>; rel=shortlink
x-litespeed-cache-control: public,max-age=604800
x-litespeed-tag: 244_HTTP.200,244_post,244_URL.5beabd95b57038f66d787aaf30a02cb7,244_Po.35272,244_
etag: "552248-1675430425;gz"
x-litespeed-cache: miss
transfer-encoding: chunked
content-encoding: gzip
vary: Accept-Encoding
date: Fri, 03 Feb 2023 13:20:25 GMT
server: LiteSpeed
benefits-expert.com/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1
185.219.238.35200 OK 16 kB URL HTTP/1.1 benefits-expert.com/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1
IP 185.219.238.35:0
ASN #41000 Freethought Internet Limited
File type ASCII text, with very long lines (47826)
Hash f900baa20a50cc986670a1acfed3c04a
ee2ca8a3fc0287cddf2a5546b747a68b60738950
ca674f5479ab55e973bea867cf11312f726bd00fee6669855bf404acd179e758
GET /wp-includes/css/dist/block-library/style.min.css?ver=6.1.1 HTTP/1.1
Host: benefits-expert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://benefits-expert.com/most-line-managers-think-they-can-health-wellbeing-support/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 10 Feb 2023 13:20:25 GMT
content-type: text/css
last-modified: Fri, 11 Nov 2022 14:56:45 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 16113
date: Fri, 03 Feb 2023 13:20:25 GMT
server: LiteSpeed
fonts.googleapis.com/css?family=Open+Sans%3Aregular%2C700%7CMukta%3A600%2C300%7CLato%3Aregular&display=swap&ver=1.3.0
142.250.74.106200 OK 837 B URL HTTP/1.1 fonts.googleapis.com/css?family=Open+Sans%3Aregular%2C700%7CMukta%3A600%2C300%7CLato%3Aregular&display=swap&ver=1.3.0
IP 142.250.74.106:0
Hash f4ef69fc44eb07dab9980138e1afb273
110f21398cb6e6a40e37239781f1be191d5937df
202b2ecdd2f53b6438eb338ea4a64b7d600e8097290791d233025b1fbad39d19
GET /css?family=Open+Sans%3Aregular%2C700%7CMukta%3A600%2C300%7CLato%3Aregular&display=swap&ver=1.3.0 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://benefits-expert.com/
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Fri, 03 Feb 2023 13:20:25 GMT
Date: Fri, 03 Feb 2023 13:20:25 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
a.mailmunch.co/app/v1/site.js
143.204.55.128200 OK 8.4 kB URL HTTP/1.1 a.mailmunch.co/app/v1/site.js
IP 143.204.55.128:0
File type ASCII text, with very long lines (26047), with no line terminators
Hash 3501a3b4202226a1c6885386f6fabc1c
a2643dea4aac27e0ed3241b3b1d3a885ad058927
1fce35b9b5bc9ad9586de71b9999fc13e4a888219bdcd47259252900e8a2b8ff
GET /app/v1/site.js HTTP/1.1
Host: a.mailmunch.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://benefits-expert.com/
HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 8416
Connection: keep-alive
Date: Fri, 03 Feb 2023 03:03:24 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, POST, PUT, DELETE
Access-Control-Expose-Headers: ETag
Access-Control-Max-Age: 3000
Last-Modified: Thu, 02 Feb 2023 07:55:16 GMT
ETag: "3501a3b4202226a1c6885386f6fabc1c"
Cache-Control: max-age=172800
Content-Encoding: gzip
Accept-Ranges: bytes
Server: AmazonS3
X-Cache: Hit from cloudfront
Via: 1.1 71c98156ae29b36a903974f9dd2568f8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 8zpA1bCi_dAoQzWQxYr5kFC26HK6G7GI9ITeI0B8QTBLr1jdK1kSzw==
Age: 37022
benefits-expert.com/wp-includes/css/classic-themes.min.css?ver=1
185.219.238.35200 OK 217 B URL HTTP/1.1 benefits-expert.com/wp-includes/css/classic-themes.min.css?ver=1
IP 185.219.238.35:0
ASN #41000 Freethought Internet Limited
Hash 95e891f28e44a9b314c09545d86be2b7
f9b13a8bd47273b086a0a07df15f314e0af0bc3e
5a5f39391fbf5b06db84b8f9716d53de575ee97a627d2c5f12f79a991a671eb5
GET /wp-includes/css/classic-themes.min.css?ver=1 HTTP/1.1
Host: benefits-expert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://benefits-expert.com/most-line-managers-think-they-can-health-wellbeing-support/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 10 Feb 2023 13:20:25 GMT
content-type: text/css
last-modified: Tue, 25 Oct 2022 13:45:16 GMT
accept-ranges: bytes
content-length: 217
date: Fri, 03 Feb 2023 13:20:25 GMT
server: LiteSpeed
benefits-expert.com/wp-content/themes/jnews-child/style.css?ver=1.0.0
185.219.238.35200 OK 1.6 kB URL HTTP/1.1 benefits-expert.com/wp-content/themes/jnews-child/style.css?ver=1.0.0
IP 185.219.238.35:0
ASN #41000 Freethought Internet Limited
File type ASCII text, with very long lines (1661)
Hash d9681959d0f4b2170f926eeee161edb9
c034e741197a24072be30d4319b7f3d0e6ec141b
023cac32cc9811e086aac7407b0d62b2a197501672538ac29a2bf9719b67118d
GET /wp-content/themes/jnews-child/style.css?ver=1.0.0 HTTP/1.1
Host: benefits-expert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://benefits-expert.com/most-line-managers-think-they-can-health-wellbeing-support/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 10 Feb 2023 13:20:25 GMT
content-type: text/css
last-modified: Mon, 23 Jan 2023 17:04:06 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 1649
date: Fri, 03 Feb 2023 13:20:25 GMT
server: LiteSpeed
benefits-expert.com/wp-content/themes/jnews/assets/css/darkmode.css?ver=1.0.0
185.219.238.35200 OK 9.0 kB URL HTTP/1.1 benefits-expert.com/wp-content/themes/jnews/assets/css/darkmode.css?ver=1.0.0
IP 185.219.238.35:0
ASN #41000 Freethought Internet Limited
File type ASCII text, with very long lines (46766), with no line terminators
Hash 1e06bb09cc92f7a3aaf89be6821695f2
e18dac9efe9acab82ef4413e711a48d4bf9f7b9b
f84a3099bbb7945f18fa2d8336562026b4c488558ca5bf0262f91c7e206701a0
GET /wp-content/themes/jnews/assets/css/darkmode.css?ver=1.0.0 HTTP/1.1
Host: benefits-expert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://benefits-expert.com/most-line-managers-think-they-can-health-wellbeing-support/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 10 Feb 2023 13:20:25 GMT
content-type: text/css
last-modified: Thu, 19 Jan 2023 09:39:31 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 9044
date: Fri, 03 Feb 2023 13:20:25 GMT
server: LiteSpeed
benefits-expert.com/wp-content/plugins/jnews-social-login/assets/css/plugin.css?ver=10.0.3
185.219.238.35200 OK 635 B URL HTTP/1.1 benefits-expert.com/wp-content/plugins/jnews-social-login/assets/css/plugin.css?ver=10.0.3
IP 185.219.238.35:0
ASN #41000 Freethought Internet Limited
File type ASCII text, with very long lines (2382), with no line terminators
Hash 74cf2ae8424f193cf10b8b5fb8bed29d
f3c72d6c2be1879f77042f35eeeaa20ac24a3664
8bc14d0d9f643affc6fec4aeed59b16a8a62eb8a4a1069056fb55dff0df76a6a
GET /wp-content/plugins/jnews-social-login/assets/css/plugin.css?ver=10.0.3 HTTP/1.1
Host: benefits-expert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://benefits-expert.com/most-line-managers-think-they-can-health-wellbeing-support/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 10 Feb 2023 13:20:25 GMT
content-type: text/css
last-modified: Mon, 09 Jan 2023 20:45:46 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 635
date: Fri, 03 Feb 2023 13:20:25 GMT
server: LiteSpeed
benefits-expert.com/wp-content/plugins/jnews-social-share/assets/css/plugin.css
185.219.238.35200 OK 506 B URL HTTP/1.1 benefits-expert.com/wp-content/plugins/jnews-social-share/assets/css/plugin.css
IP 185.219.238.35:0
ASN #41000 Freethought Internet Limited
File type ASCII text, with very long lines (1138), with no line terminators
Hash c0cc43167c76eca42a7d5672fb42ebb4
8a976643cf67b5bc2ad50ec687b1d911d367dcf3
c96b1ccb709a71135aaf070bf5bba8060d7e6f5fad95a25a0ddf7b384e401683
GET /wp-content/plugins/jnews-social-share/assets/css/plugin.css HTTP/1.1
Host: benefits-expert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://benefits-expert.com/most-line-managers-think-they-can-health-wellbeing-support/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 10 Feb 2023 13:20:25 GMT
content-type: text/css
last-modified: Wed, 21 Dec 2022 21:50:13 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 506
date: Fri, 03 Feb 2023 13:20:25 GMT
server: LiteSpeed
benefits-expert.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
185.219.238.35200 OK 4.6 kB URL HTTP/1.1 benefits-expert.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP 185.219.238.35:0
ASN #41000 Freethought Internet Limited
File type ASCII text, with very long lines (11126)
Hash a5ffc5f13084a2c13c864ba30fea34aa
0ddd15b8c844e0a39734a45668f772907913901a
18846359c368facb0a297df866b58c9d9c1ac2cb6c4bb1222e8b9b195b2c201e
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: benefits-expert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://benefits-expert.com/most-line-managers-think-they-can-health-wellbeing-support/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 10 Feb 2023 13:20:25 GMT
content-type: application/javascript
last-modified: Wed, 18 Nov 2020 09:06:06 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 4564
date: Fri, 03 Feb 2023 13:20:25 GMT
server: LiteSpeed
benefits-expert.com/wp-includes/js/hoverIntent.min.js?ver=1.10.2
185.219.238.35200 OK 721 B URL HTTP/1.1 benefits-expert.com/wp-includes/js/hoverIntent.min.js?ver=1.10.2
IP 185.219.238.35:0
ASN #41000 Freethought Internet Limited
File type ASCII text, with very long lines (1464)
Hash 31d28cf829ef7282a64b74233df8d403
d266f07f76290ba8751be662b4a99fe6ab023bf9
bf3bba54e381f6209375f4e5b394e30765ebb82fd3fc004447507fe340e26a03
GET /wp-includes/js/hoverIntent.min.js?ver=1.10.2 HTTP/1.1
Host: benefits-expert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://benefits-expert.com/most-line-managers-think-they-can-health-wellbeing-support/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 10 Feb 2023 13:20:25 GMT
content-type: application/javascript
last-modified: Fri, 08 Apr 2022 20:07:18 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 721
date: Fri, 03 Feb 2023 13:20:25 GMT
server: LiteSpeed
benefits-expert.com/wp-includes/js/imagesloaded.min.js?ver=4.1.4
185.219.238.35200 OK 2.0 kB URL HTTP/1.1 benefits-expert.com/wp-includes/js/imagesloaded.min.js?ver=4.1.4
IP 185.219.238.35:0
ASN #41000 Freethought Internet Limited
File type ASCII text, with very long lines (5477)
Hash f7f92f227c056d18b74de6c709616bad
72a9a7cde6a67072d40d2ed7dc6837f64bd66549
2982b1a2a13a615f4b68c4b8660ac5177f83ca50476d00aaaba8c6f53b2b161d
GET /wp-includes/js/imagesloaded.min.js?ver=4.1.4 HTTP/1.1
Host: benefits-expert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://benefits-expert.com/most-line-managers-think-they-can-health-wellbeing-support/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 10 Feb 2023 13:20:25 GMT
content-type: application/javascript
last-modified: Sat, 13 Jun 2020 18:53:27 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 2010
date: Fri, 03 Feb 2023 13:20:25 GMT
server: LiteSpeed
benefits-expert.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
185.219.238.35200 OK 36 kB URL HTTP/1.1 benefits-expert.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
IP 185.219.238.35:0
ASN #41000 Freethought Internet Limited
File type ASCII text, with very long lines (65447)
Hash 3fefa18e3cbe3acddd34a143490f3568
fb58024ffc3f0776f8deb6690930aaa8d0846599
850052eb84c33764aa1ea684fe1448bf6e6eb65d9bb16fa8e30cd472a53fe28c
GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.1 HTTP/1.1
Host: benefits-expert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://benefits-expert.com/most-line-managers-think-they-can-health-wellbeing-support/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 10 Feb 2023 13:20:25 GMT
content-type: application/javascript
last-modified: Mon, 19 Sep 2022 14:16:24 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 36096
date: Fri, 03 Feb 2023 13:20:25 GMT
server: LiteSpeed
benefits-expert.com/wp-content/plugins/jnews-social-login/assets/js/plugin.js?ver=10.0.3
185.219.238.35200 OK 494 B URL HTTP/1.1 benefits-expert.com/wp-content/plugins/jnews-social-login/assets/js/plugin.js?ver=10.0.3
IP 185.219.238.35:0
ASN #41000 Freethought Internet Limited
File type ASCII text, with very long lines (990), with no line terminators
Hash b5d598f4c301b1d3ed88843435a2270c
4a913f000f70caa1ff21f2c6271b59ac38ed2e0e
e1bf71aa3b996c63635843b8221f35af3c1ba6955ffa2322362ca69dbb1c297b
GET /wp-content/plugins/jnews-social-login/assets/js/plugin.js?ver=10.0.3 HTTP/1.1
Host: benefits-expert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://benefits-expert.com/most-line-managers-think-they-can-health-wellbeing-support/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 10 Feb 2023 13:20:25 GMT
content-type: application/javascript
last-modified: Mon, 09 Jan 2023 20:45:46 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 494
date: Fri, 03 Feb 2023 13:20:25 GMT
server: LiteSpeed
benefits-expert.com/wp-content/plugins/jnews-social-share/assets/js/plugin.js
185.219.238.35200 OK 1.4 kB URL HTTP/1.1 benefits-expert.com/wp-content/plugins/jnews-social-share/assets/js/plugin.js
IP 185.219.238.35:0
ASN #41000 Freethought Internet Limited
File type ASCII text, with very long lines (3480), with no line terminators
Hash 65e3514896e63aba11e3b1449769ca7b
c237d85bbfd694a45449f154be86b8ec7891e915
21b01d8cebd63d170a2852271ecf26284b8a658348dbe94576396009d3207e3e
GET /wp-content/plugins/jnews-social-share/assets/js/plugin.js HTTP/1.1
Host: benefits-expert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://benefits-expert.com/most-line-managers-think-they-can-health-wellbeing-support/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 10 Feb 2023 13:20:25 GMT
content-type: application/javascript
last-modified: Wed, 21 Dec 2022 21:50:13 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 1411
date: Fri, 03 Feb 2023 13:20:25 GMT
server: LiteSpeed
benefits-expert.com/wp-content/themes/jnews/style.css?ver=6.1.1
185.219.238.35200 OK 297 B URL HTTP/1.1 benefits-expert.com/wp-content/themes/jnews/style.css?ver=6.1.1
IP 185.219.238.35:0
ASN #41000 Freethought Internet Limited
Hash 28aca8bbdca4220b9157c546784448b9
2b6eb1e5c803e27c03ea9986f505b81318d0d884
482a8ae2ca364eef4356f69cabeac46212631f39c137fd758e9c86db8864e11b
GET /wp-content/themes/jnews/style.css?ver=6.1.1 HTTP/1.1
Host: benefits-expert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://benefits-expert.com/most-line-managers-think-they-can-health-wellbeing-support/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 10 Feb 2023 13:20:25 GMT
content-type: text/css
last-modified: Thu, 19 Jan 2023 09:39:30 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 297
date: Fri, 03 Feb 2023 13:20:25 GMT
server: LiteSpeed
push.services.mozilla.com/
52.38.146.2101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.38.146.2:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: j/kFz0yI0mwXAlqg6ph0YQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 5T5hi7Kbeftmmmz3SZ2zIpow7Hg=
benefits-expert.com/wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=6.10.0
185.219.238.35200 OK 57 kB URL HTTP/1.1 benefits-expert.com/wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=6.10.0
IP 185.219.238.35:0
ASN #41000 Freethought Internet Limited
File type ASCII text, with very long lines (65358)
Hash 651021d2b6993a1f50c130b9d40870eb
cb3419a260f3b7b268f81595338a1831d1f789f6
1dbfce8fe38d970f48bc6bb2712333e3e04c49f89924fd45be31015f64299c6f
GET /wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=6.10.0 HTTP/1.1
Host: benefits-expert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://benefits-expert.com/most-line-managers-think-they-can-health-wellbeing-support/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 10 Feb 2023 13:20:25 GMT
content-type: text/css
last-modified: Wed, 21 Dec 2022 21:49:53 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 56851
date: Fri, 03 Feb 2023 13:20:25 GMT
server: LiteSpeed
benefits-expert.com/wp-content/themes/jnews/assets/css/js-composer-frontend.css?ver=1.0.0
185.219.238.35200 OK 353 B URL HTTP/1.1 benefits-expert.com/wp-content/themes/jnews/assets/css/js-composer-frontend.css?ver=1.0.0
IP 185.219.238.35:0
ASN #41000 Freethought Internet Limited
File type ASCII text, with very long lines (2999), with no line terminators
Hash 67461c78f8d13da7b799a5b68e686045
666cbb00497a4847146e9b0b3bed4c20a3a27a97
37e6bb8c1518af9afdf00c13c7811e1968e6bc362ae388e4a0dd4d5484e50d24
GET /wp-content/themes/jnews/assets/css/js-composer-frontend.css?ver=1.0.0 HTTP/1.1
Host: benefits-expert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://benefits-expert.com/most-line-managers-think-they-can-health-wellbeing-support/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 10 Feb 2023 13:20:25 GMT
content-type: text/css
last-modified: Thu, 19 Jan 2023 09:39:31 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 353
date: Fri, 03 Feb 2023 13:20:25 GMT
server: LiteSpeed
benefits-expert.com/wp-content/themes/jnews/assets/dist/frontend.min.js?ver=1.0.0
185.219.238.35200 OK 104 kB URL HTTP/1.1 benefits-expert.com/wp-content/themes/jnews/assets/dist/frontend.min.js?ver=1.0.0
IP 185.219.238.35:0
ASN #41000 Freethought Internet Limited
File type ASCII text, with very long lines (65536), with no line terminators
Size 104 kB (103845 bytes)
Hash a8b2ae7ecee9f9ed462701bbdbdadcf4
e78a5dc50ff55de5492a63f9332bc282a7f740db
30fc45177bfcc395276430621756b96e827578e2fd3a991257149f42543c6740
GET /wp-content/themes/jnews/assets/dist/frontend.min.js?ver=1.0.0 HTTP/1.1
Host: benefits-expert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://benefits-expert.com/most-line-managers-think-they-can-health-wellbeing-support/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 10 Feb 2023 13:20:25 GMT
content-type: application/javascript
last-modified: Thu, 19 Jan 2023 09:39:31 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 103845
date: Fri, 03 Feb 2023 13:20:25 GMT
server: LiteSpeed
benefits-expert.com/wp-content/themes/jnews/assets/dist/frontend.min.css?ver=1.0.0
185.219.238.35200 OK 126 kB URL HTTP/1.1 benefits-expert.com/wp-content/themes/jnews/assets/dist/frontend.min.css?ver=1.0.0
IP 185.219.238.35:0
ASN #41000 Freethought Internet Limited
File type ASCII text, with very long lines (42577)
Size 126 kB (126487 bytes)
Hash 8d61ae9ed8eb6eb8230ea1ef57c2d86a
b6d6ac9fb1cfa50a8f1fe0792522034fe3cffc97
027b36e139f9d197bf8057e6626a4f96f43abed960b465e829e435cfd7bbc08b
GET /wp-content/themes/jnews/assets/dist/frontend.min.css?ver=1.0.0 HTTP/1.1
Host: benefits-expert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://benefits-expert.com/most-line-managers-think-they-can-health-wellbeing-support/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 10 Feb 2023 13:20:25 GMT
content-type: text/css
last-modified: Thu, 19 Jan 2023 09:39:31 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 126487
date: Fri, 03 Feb 2023 13:20:25 GMT
server: LiteSpeed
static.ctctcdn.com/js/signup-form-widget/current/signup-form-widget.min.js
172.64.153.179200 OK 54 kB URL HTTP/1.1 static.ctctcdn.com/js/signup-form-widget/current/signup-form-widget.min.js
IP 172.64.153.179:0
File type Unicode text, UTF-8 text, with very long lines (32280)
Hash 1c77fbaeabbe0dcef710c49e0e8e2342
ce2bfc7081c7b77177880a8c714912e641a2d71a
39e188ebd969337b8c91afe7d237710d85c0072e1446de4e2abc211cdce0f7e7
GET /js/signup-form-widget/current/signup-form-widget.min.js HTTP/1.1
Host: static.ctctcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://benefits-expert.com/
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 13:20:25 GMT
Content-Type: application/javascript
Content-Length: 54135
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 21:36:52 GMT
Expires: Sat, 03 Feb 2024 13:19:39 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Cache-Control: max-age=900, public
CF-Cache-Status: HIT
Accept-Ranges: bytes
X-Robots-Tag: noindex
Server: cloudflare
CF-RAY: 793b76bdfe840afe-OSL
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d7e26de81f64fa476c3e8c0f369265b8
7d76b45ab363444cbcb5852ccbc3b893c3d72b81
ace03921c291369fb457f471103a6975ec13966efbf92f2593fd86a28995ceca
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "ACE03921C291369FB457F471103A6975EC13966EFBF92F2593FD86A28995CECA"
Last-Modified: Thu, 02 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Fri, 03 Feb 2023 19:20:25 GMT
Date: Fri, 03 Feb 2023 13:20:25 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 24d2fdb5bd1d6c9f8327a9617ff28fc4
dbea157696fe28beeef1de058ede6350dcfec342
d7269454183a1a1de460fe5265b1a6a0bcb3739bad2c3dcc65efb52c8b93385b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D7269454183A1A1DE460FE5265B1A6A0BCB3739BAD2C3DCC65EFB52C8B93385B"
Last-Modified: Fri, 03 Feb 2023 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21590
Expires: Fri, 03 Feb 2023 19:20:15 GMT
Date: Fri, 03 Feb 2023 13:20:25 GMT
Connection: keep-alive
benefits-expert.com/wp-content/uploads/2023/01/csshero-static-style-jnews-child-theme.css?ver=26
185.219.238.35200 OK 576 B URL HTTP/2 benefits-expert.com/wp-content/uploads/2023/01/csshero-static-style-jnews-child-theme.css?ver=26
IP 185.219.238.35:0
ASN #41000 Freethought Internet Limited
File type ASCII text, with CRLF line terminators
Hash fbbc04cc28e8af7b4691ab217043e056
cc1e6d9b5912a512c319cf46c64d83c34dc201b6
949597bad935a5f0ebe0ca742ec471cfbcd8705fa0c54cacc21fa2ce43433302
GET /wp-content/uploads/2023/01/csshero-static-style-jnews-child-theme.css?ver=26 HTTP/1.1
Host: benefits-expert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://benefits-expert.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 10 Feb 2023 13:20:25 GMT
content-type: text/css
last-modified: Sun, 22 Jan 2023 21:55:19 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 576
date: Fri, 03 Feb 2023 13:20:25 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
benefits-expert.com/wp-content/uploads/2023/01/BENEFITS-EXPERT-200w.png
185.219.238.35200 OK 9.6 kB URL HTTP/2 benefits-expert.com/wp-content/uploads/2023/01/BENEFITS-EXPERT-200w.png
IP 185.219.238.35:0
ASN #41000 Freethought Internet Limited
File type PNG image data, 200 x 95, 8-bit/color RGBA, non-interlaced\012- data
Hash 6303c57674cd65a90981a619a030c7c3
8924f6035a3b7fe690b1d862f63559940b34ad19
7eb62f4453f3449bb9e26246b54d77d5bf4105eff24133c41aae85ac59d816e9
GET /wp-content/uploads/2023/01/BENEFITS-EXPERT-200w.png HTTP/1.1
Host: benefits-expert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://benefits-expert.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 10 Feb 2023 13:20:25 GMT
content-type: image/png
last-modified: Thu, 19 Jan 2023 10:46:21 GMT
accept-ranges: bytes
content-length: 9597
date: Fri, 03 Feb 2023 13:20:25 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
benefits-expert.com/wp-content/uploads/2023/01/171202-dam-logo-250.png
185.219.238.35200 OK 25 kB URL HTTP/2 benefits-expert.com/wp-content/uploads/2023/01/171202-dam-logo-250.png
IP 185.219.238.35:0
ASN #41000 Freethought Internet Limited
File type PNG image data, 250 x 117, 8-bit/color RGBA, non-interlaced\012- data
Hash dc7163bd9d82d404da81c1535cd1127d
70a67c6dde522039e5651c0b74780ffab02b4e5c
eebdfb050ed2890b4659f9fd2a89c8744ad3584d0cb5eb282d55fbc35d08f31f
GET /wp-content/uploads/2023/01/171202-dam-logo-250.png HTTP/1.1
Host: benefits-expert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://benefits-expert.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 10 Feb 2023 13:20:25 GMT
content-type: image/png
last-modified: Thu, 19 Jan 2023 16:43:17 GMT
accept-ranges: bytes
content-length: 24817
date: Fri, 03 Feb 2023 13:20:25 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
benefits-expert.com/wp-content/uploads/jnews/scheme.css?ver=1674550826
185.219.238.35200 OK 723 B URL HTTP/2 benefits-expert.com/wp-content/uploads/jnews/scheme.css?ver=1674550826
IP 185.219.238.35:0
ASN #41000 Freethought Internet Limited
File type ASCII text, with very long lines (2267), with no line terminators
Hash 77b7cc79fb378ac79abf4a958fdeb62e
a3d08dde33bcba4d899fb435623ce194de9a40a8
f85d456d19390bc5fc44837d07f18c7da0c997f639c1228d9ade703fa6e8a667
GET /wp-content/uploads/jnews/scheme.css?ver=1674550826 HTTP/1.1
Host: benefits-expert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://benefits-expert.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 10 Feb 2023 13:20:25 GMT
content-type: text/css
last-modified: Tue, 24 Jan 2023 09:00:26 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 723
date: Fri, 03 Feb 2023 13:20:25 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
benefits-expert.com/wp-content/themes/jnews/assets/img/jeg-empty.png
185.219.238.35200 OK 70 B URL HTTP/1.1 benefits-expert.com/wp-content/themes/jnews/assets/img/jeg-empty.png
IP 185.219.238.35:0
ASN #41000 Freethought Internet Limited
File type PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash c0ddcc7cc2d334254808ae1d918f9ee7
6ea24d025387ce247fa530f14778ef7ada4683d5
67ebf650147a9122e94ff1b25a78a82e903b92b877821c1479de69f00f59d429
GET /wp-content/themes/jnews/assets/img/jeg-empty.png HTTP/1.1
Host: benefits-expert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://benefits-expert.com/most-line-managers-think-they-can-health-wellbeing-support/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 10 Feb 2023 13:20:25 GMT
content-type: image/png
last-modified: Thu, 19 Jan 2023 09:39:30 GMT
accept-ranges: bytes
content-length: 70
date: Fri, 03 Feb 2023 13:20:25 GMT
server: LiteSpeed
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash bbeb609cbf32a8842bf96a124588e65e
40c0f548bcb714731f62df5a27cad21adef0463d
502c60a18a13b84598933731d182aafd4b83576bfc56451b36f9238c621a571d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 13:20:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash bbeb609cbf32a8842bf96a124588e65e
40c0f548bcb714731f62df5a27cad21adef0463d
502c60a18a13b84598933731d182aafd4b83576bfc56451b36f9238c621a571d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 13:20:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
benefits-expert.com/wp-content/themes/jnews/assets/dist/image/preloader.gif
185.219.238.35200 OK 4.4 kB URL HTTP/1.1 benefits-expert.com/wp-content/themes/jnews/assets/dist/image/preloader.gif
IP 185.219.238.35:0
ASN #41000 Freethought Internet Limited
File type GIF image data, version 89a, 100 x 75\012- data
Hash c225d4001dc31c7ff8e290129f436175
b27a1dcbf1accdee9b64db482e72ac3972363915
e2e60e9eae839d6b2e857c708f6d02ae6069141594b941a1590cd5c5435d42f4
GET /wp-content/themes/jnews/assets/dist/image/preloader.gif HTTP/1.1
Host: benefits-expert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://benefits-expert.com/wp-content/themes/jnews/assets/dist/frontend.min.css?ver=1.0.0
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 10 Feb 2023 13:20:25 GMT
content-type: image/gif
last-modified: Thu, 19 Jan 2023 09:39:31 GMT
accept-ranges: bytes
content-length: 4399
date: Fri, 03 Feb 2023 13:20:25 GMT
server: LiteSpeed
fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2
142.250.74.163200 OK 24 kB URL HTTP/1.1 fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 23580, version 1.0\012- data
Hash e1b3b5908c9cf23dfb2b9c52b9a023ab
fcd4136085f2a03481d9958cc6793a5ed98e714c
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
GET /s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://benefits-expert.com
Connection: keep-alive
Referer: http://fonts.googleapis.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 23580
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Fri, 03 Feb 2023 02:11:00 GMT
Expires: Sat, 03 Feb 2024 02:11:00 GMT
Cache-Control: public, max-age=31536000
Age: 40165
Last-Modified: Tue, 26 Apr 2022 15:48:56 GMT
Content-Type: font/woff2
fonts.gstatic.com/s/mukta/v13/iJWHBXyXfDDVXbEeiWmd8WA.woff2
142.250.74.163200 OK 21 kB URL HTTP/1.1 fonts.gstatic.com/s/mukta/v13/iJWHBXyXfDDVXbEeiWmd8WA.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 21288, version 1.0\012- data
Hash eab39466c05fbfa06f2d5955c4f0afbc
b0680d4a7e6836048a610116c95198d88377d40c
9a3f8eb676ca0c654a8edea4aacd4a1339340dcd7540335abac4463cc78580a6
GET /s/mukta/v13/iJWHBXyXfDDVXbEeiWmd8WA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://benefits-expert.com
Connection: keep-alive
Referer: http://fonts.googleapis.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 21288
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Thu, 02 Feb 2023 11:03:26 GMT
Expires: Fri, 02 Feb 2024 11:03:26 GMT
Cache-Control: public, max-age=31536000
Age: 94619
Last-Modified: Tue, 26 Apr 2022 15:46:35 GMT
Content-Type: font/woff2
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
142.250.74.163200 OK 45 kB URL HTTP/1.1 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Hash 565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://benefits-expert.com
Connection: keep-alive
Referer: http://fonts.googleapis.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 44856
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Mon, 30 Jan 2023 06:58:33 GMT
Expires: Tue, 30 Jan 2024 06:58:33 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Mon, 15 Aug 2022 18:20:18 GMT
Content-Type: font/woff2
Age: 368512
fonts.gstatic.com/s/mukta/v13/iJWHBXyXfDDVXbFqj2md8WA.woff2
142.250.74.163200 OK 21 kB URL HTTP/1.1 fonts.gstatic.com/s/mukta/v13/iJWHBXyXfDDVXbFqj2md8WA.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 21140, version 1.0\012- data
Hash cbd267bc765067b15567aa3d0d617794
f7dd8c99d6e561c0d29060d95711102d2419cc32
18efe70c0ef13ab8ccac687d4cfd1a56e6acc691ec1bd7f242127e5cc0d6afd2
GET /s/mukta/v13/iJWHBXyXfDDVXbFqj2md8WA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://benefits-expert.com
Connection: keep-alive
Referer: http://fonts.googleapis.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 21140
Date: Fri, 03 Feb 2023 13:20:25 GMT
Expires: Sat, 03 Feb 2024 13:20:25 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Tue, 26 Apr 2022 15:49:36 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
benefits-expert.com/wp-content/themes/jnews/assets/dist/font/fontawesome-webfont.woff2
185.219.238.35200 OK 77 kB URL HTTP/1.1 benefits-expert.com/wp-content/themes/jnews/assets/dist/font/fontawesome-webfont.woff2
IP 185.219.238.35:0
ASN #41000 Freethought Internet Limited
File type Web Open Font Format (Version 2), TrueType, length 77160, version 4.459\012- data
Hash af7ae505a9eed503f8b8e6982036873e
d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
GET /wp-content/themes/jnews/assets/dist/font/fontawesome-webfont.woff2 HTTP/1.1
Host: benefits-expert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://benefits-expert.com/wp-content/themes/jnews/assets/dist/frontend.min.css?ver=1.0.0
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 10 Feb 2023 13:20:25 GMT
content-type: font/woff2
last-modified: Thu, 19 Jan 2023 09:39:31 GMT
accept-ranges: bytes
content-length: 77160
date: Fri, 03 Feb 2023 13:20:25 GMT
server: LiteSpeed
benefits-expert.com/wp-content/themes/jnews/assets/dist/font/jegicon.woff
185.219.238.35200 OK 7.1 kB URL HTTP/1.1 benefits-expert.com/wp-content/themes/jnews/assets/dist/font/jegicon.woff
IP 185.219.238.35:0
ASN #41000 Freethought Internet Limited
File type Web Open Font Format, CFF, length 7144, version 1.0\012- data
Hash 80f6e7a7a6eb44255aeb06a2d5b5ea41
4ded570e00c9c96cc3cf18e770903cb60e360ce4
e2d3127da85763e024971c6192f78becbdf85db231b3d088c9f8b3777d444ede
GET /wp-content/themes/jnews/assets/dist/font/jegicon.woff HTTP/1.1
Host: benefits-expert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://benefits-expert.com/wp-content/themes/jnews/assets/dist/frontend.min.css?ver=1.0.0
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 10 Feb 2023 13:20:25 GMT
content-type: font/woff
last-modified: Thu, 19 Jan 2023 09:39:31 GMT
accept-ranges: bytes
content-length: 7144
date: Fri, 03 Feb 2023 13:20:25 GMT
server: LiteSpeed
cdnjs.cloudflare.com/ajax/libs/underscore.js/1.8.3/underscore-min.js
104.17.25.14200 OK 5.3 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/underscore.js/1.8.3/underscore-min.js
IP 104.17.25.14:0
File type ASCII text, with very long lines (16194)
Hash 57803b45f1b25011811565d409fd61ec
d72b8b0f11423ae1fec54744e1ea9fcde0514198
966608c9ac927a170a3965d8fdcd2a3cc95e2ba6ff7ad7d248c590e54c933455
GET /ajax/libs/underscore.js/1.8.3/underscore-min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://benefits-expert.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 03 Feb 2023 13:20:25 GMT
content-type: application/javascript; charset=utf-8
content-length: 5303
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb04015-4041"
last-modified: Mon, 04 May 2020 16:17:25 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 2488989
expires: Wed, 24 Jan 2024 13:20:25 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5%2Bp50wcNgqwk70joSXP1zUVzkwYNtsLtRpTfMPEf1WeSSPaXCEN9L94Ai0UbdlltUpvxzoR4nb9IWWUHrDqb58ghkTpaYNoolUnc8UaK32bRLgOfDBeRamYX%2Bwd97ObrtJt%2FhXTI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 793b76c26f44b515-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 4cf0ccf2909be74efd7a89dbe4228ffb
b4993da334b48312584d116a3de4be4cd71962cf
e81c8aa45d0707079d9eba798fb447059042453be4834d14467839688ca66f5d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 13:20:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/recaptcha/api.js?onload=ctctOnLoadCallback&render=explicit
216.58.211.4200 OK 583 B URL HTTP/2 www.google.com/recaptcha/api.js?onload=ctctOnLoadCallback&render=explicit
IP 216.58.211.4:0
File type ASCII text, with very long lines (913), with no line terminators
Hash 1bbd4530c60a1dbe67443effe748cbce
9126231d6cc2ce04c14f05696f62973f6145ed83
f70b5dff8b85bd786c8e938d9f976aae6a1bd1ce215e141bd319cfcf31a044b3
GET /recaptcha/api.js?onload=ctctOnLoadCallback&render=explicit HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://benefits-expert.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Fri, 03 Feb 2023 13:20:26 GMT
date: Fri, 03 Feb 2023 13:20:26 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 583
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 0c15fd84f4711d994724c35236542194
c47d77fe5b373a86bd9a116bd8baac07ec746add
a210a4599baaa980674b456f020282cd470559b319be263fdcf9eaec7cff0d3b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 13:20:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
benefits-expert.com/wp-content/uploads/2023/02/cancer-screening-e1675354454234-120x86.png
185.219.238.35200 OK 16 kB URL HTTP/2 benefits-expert.com/wp-content/uploads/2023/02/cancer-screening-e1675354454234-120x86.png
IP 185.219.238.35:0
ASN #41000 Freethought Internet Limited
File type PNG image data, 120 x 86, 8-bit/color RGBA, non-interlaced\012- data
Hash 96874d80d1aaf7ce02df41bf6b2997c9
ad93368e318c5df85d7c497301de107fa81914d0
9e91b03e7e0d43549f53f6a97bf8d5413b2b5a4778b0bc42351d800257d7650a
GET /wp-content/uploads/2023/02/cancer-screening-e1675354454234-120x86.png HTTP/1.1
Host: benefits-expert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://benefits-expert.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 10 Feb 2023 13:20:26 GMT
content-type: image/png
last-modified: Thu, 02 Feb 2023 16:14:17 GMT
accept-ranges: bytes
content-length: 15820
date: Fri, 03 Feb 2023 13:20:26 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
benefits-expert.com/wp-content/uploads/2023/01/Kavitha-2-scaled-e1674477628529-120x86.jpg
185.219.238.35200 OK 11 kB URL HTTP/2 benefits-expert.com/wp-content/uploads/2023/01/Kavitha-2-scaled-e1674477628529-120x86.jpg
IP 185.219.238.35:0
ASN #41000 Freethought Internet Limited
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 240x240, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=10, description=KSivasubramaniam06, manufacturer=NIKON CORPORATION, model=NIKON D810], baseline, precision 8, 120x86, components 3\012- data
Hash 893a716bacdd2971b01a8f466042a2a8
50e004168fa975c95af714a957cd04573a3d27f7
964e2b5a3579b6a47efe36d558ac3243ccf47651aed7b1d038150531bc9eaa4c
GET /wp-content/uploads/2023/01/Kavitha-2-scaled-e1674477628529-120x86.jpg HTTP/1.1
Host: benefits-expert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://benefits-expert.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 10 Feb 2023 13:20:26 GMT
content-type: image/jpeg
last-modified: Mon, 23 Jan 2023 12:40:28 GMT
accept-ranges: bytes
content-length: 11330
date: Fri, 03 Feb 2023 13:20:26 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
benefits-expert.com/wp-content/uploads/2023/01/Screenshot-2023-01-23-at-16.18.59-e1674495255773-120x86.png
185.219.238.35200 OK 11 kB URL HTTP/2 benefits-expert.com/wp-content/uploads/2023/01/Screenshot-2023-01-23-at-16.18.59-e1674495255773-120x86.png
IP 185.219.238.35:0
ASN #41000 Freethought Internet Limited
File type PNG image data, 120 x 86, 8-bit/color RGBA, non-interlaced\012- data
Hash 147abe39fc5d7aa2f8df04bc467a7d99
c2ac9fd3a1dcb354d5ad022baa0d1f5ef2582568
56b59acd3a2d6edbd3a79862ab552293e9ae4e010965708ce40dd4b8e24b9340
GET /wp-content/uploads/2023/01/Screenshot-2023-01-23-at-16.18.59-e1674495255773-120x86.png HTTP/1.1
Host: benefits-expert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://benefits-expert.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 10 Feb 2023 13:20:26 GMT
content-type: image/png
last-modified: Mon, 23 Jan 2023 17:34:16 GMT
accept-ranges: bytes
content-length: 11115
date: Fri, 03 Feb 2023 13:20:26 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
benefits-expert.com/wp-content/uploads/2023/01/Screenshot-2023-01-23-at-11.42.07-120x86.png
185.219.238.35200 OK 15 kB URL HTTP/2 benefits-expert.com/wp-content/uploads/2023/01/Screenshot-2023-01-23-at-11.42.07-120x86.png
IP 185.219.238.35:0
ASN #41000 Freethought Internet Limited
File type PNG image data, 120 x 86, 8-bit/color RGBA, non-interlaced\012- data
Hash 16a01cf6a0eeed9f549766d2fb52b71a
917a91a117f8f3a648715b7d73f62449dcb98da3
597f8d86bf3061047966e70ee1b6305637c1ca2d4a6b4aa56097dd0e079cb0bc
GET /wp-content/uploads/2023/01/Screenshot-2023-01-23-at-11.42.07-120x86.png HTTP/1.1
Host: benefits-expert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://benefits-expert.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 10 Feb 2023 13:20:26 GMT
content-type: image/png
last-modified: Mon, 23 Jan 2023 11:43:04 GMT
accept-ranges: bytes
content-length: 15149
date: Fri, 03 Feb 2023 13:20:26 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
benefits-expert.com/wp-content/uploads/2023/01/Katharine-Moxham-Grid-e1674390142143-120x86.png
185.219.238.35200 OK 20 kB URL HTTP/2 benefits-expert.com/wp-content/uploads/2023/01/Katharine-Moxham-Grid-e1674390142143-120x86.png
IP 185.219.238.35:0
ASN #41000 Freethought Internet Limited
File type PNG image data, 120 x 86, 8-bit/color RGBA, non-interlaced\012- data
Hash a04e5811f3254c21c223c5f268818be9
f7c022c35ad9f4a49782c3df19762803387d93f9
abb7202f2abb3ac309bf83f22a6d48dc63471e17994dfe1f2a9916039c0902c8
GET /wp-content/uploads/2023/01/Katharine-Moxham-Grid-e1674390142143-120x86.png HTTP/1.1
Host: benefits-expert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://benefits-expert.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 10 Feb 2023 13:20:26 GMT
content-type: image/png
last-modified: Sun, 22 Jan 2023 12:22:27 GMT
accept-ranges: bytes
content-length: 20131
date: Fri, 03 Feb 2023 13:20:26 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
benefits-expert.com/wp-content/uploads/2023/01/Nov-29-30-2023-Pennyhill-Park-Hotel-2.png
185.219.238.35200 OK 178 kB URL HTTP/2 benefits-expert.com/wp-content/uploads/2023/01/Nov-29-30-2023-Pennyhill-Park-Hotel-2.png
IP 185.219.238.35:0
ASN #41000 Freethought Internet Limited
File type PNG image data, 300 x 500, 8-bit/color RGBA, non-interlaced\012- data
Size 178 kB (177545 bytes)
Hash 353503c16b45ccb482c3fca6e4f10476
92ecdd646fe64b55df65f5a9a3f1ef20a92bd17c
84c6e090bd1e8afa6f3dfe3a84dc3d5d72dd65857e7b0aede76d32cca35fdef7
GET /wp-content/uploads/2023/01/Nov-29-30-2023-Pennyhill-Park-Hotel-2.png HTTP/1.1
Host: benefits-expert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://benefits-expert.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 10 Feb 2023 13:20:26 GMT
content-type: image/png
last-modified: Fri, 27 Jan 2023 13:26:09 GMT
accept-ranges: bytes
content-length: 177545
date: Fri, 03 Feb 2023 13:20:26 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
benefits-expert.com/wp-content/uploads/2023/02/EQ-e1675351512911.png
185.219.238.35200 OK 405 kB URL HTTP/2 benefits-expert.com/wp-content/uploads/2023/02/EQ-e1675351512911.png
IP 185.219.238.35:0
ASN #41000 Freethought Internet Limited
File type PNG image data, 700 x 466, 8-bit/color RGBA, non-interlaced\012- data
Size 405 kB (405101 bytes)
Hash 2d182e17b8c4c4a43e55657415a6f437
8c15d77a68edd94104e00938090424572f9960de
ef96cfa87c0d776cba9ef7822019dd80be6e7e3c6241a8edde0dc5393113d571
GET /wp-content/uploads/2023/02/EQ-e1675351512911.png HTTP/1.1
Host: benefits-expert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://benefits-expert.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 10 Feb 2023 13:20:26 GMT
content-type: image/png
last-modified: Thu, 02 Feb 2023 15:25:14 GMT
accept-ranges: bytes
content-length: 405101
date: Fri, 03 Feb 2023 13:20:26 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
benefits-expert.com/wp-content/uploads/2023/01/cropped-BE-512-192x192.png
185.219.238.35200 OK 3.9 kB URL HTTP/2 benefits-expert.com/wp-content/uploads/2023/01/cropped-BE-512-192x192.png
IP 185.219.238.35:0
ASN #41000 Freethought Internet Limited
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash 9014ef5f1fbad9a2be104f9e4b1f5feb
c134a589e67f8b114b478e1204310c99093d7b08
64f1ce86190afd6ccb0f7788251aff4d4459d7fed8730ce04612ace123e3811b
GET /wp-content/uploads/2023/01/cropped-BE-512-192x192.png HTTP/1.1
Host: benefits-expert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://benefits-expert.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 10 Feb 2023 13:20:26 GMT
content-type: image/png
last-modified: Thu, 19 Jan 2023 10:58:59 GMT
accept-ranges: bytes
content-length: 3884
date: Fri, 03 Feb 2023 13:20:26 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
benefits-expert.com/wp-content/uploads/2023/01/cropped-BE-512-32x32.png
185.219.238.35200 OK 777 B URL HTTP/2 benefits-expert.com/wp-content/uploads/2023/01/cropped-BE-512-32x32.png
IP 185.219.238.35:0
ASN #41000 Freethought Internet Limited
File type PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash dbd07d03cecca8b1d7e38508cddc148f
dffa7c2aec4957cdb3698fa7a12ee746936823fe
35ef314c32f941a5fc5577a7c1a7c9e66583789d178c70ba535359d24dfbbca4
GET /wp-content/uploads/2023/01/cropped-BE-512-32x32.png HTTP/1.1
Host: benefits-expert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://benefits-expert.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 10 Feb 2023 13:20:26 GMT
content-type: image/png
last-modified: Thu, 19 Jan 2023 10:58:59 GMT
accept-ranges: bytes
content-length: 777
date: Fri, 03 Feb 2023 13:20:26 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 9bfd33253208c9d034988400d66abd5d
8811fd76d9bc56c15431433f8f08d648185992ed
6382de7eb2bc0b40dc6d2e21ab8b6cb90cc0effe3241e3fb5008d2e4f626e92c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 13:20:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js
142.250.74.42200 OK 34 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js
IP 142.250.74.42:0
File type ASCII text, with very long lines (32038)
Hash 103708790db3586027df27ded660f8ef
d3f58fbe6e02cb4b8b34c6fd510e011cb325bc70
fdba876856bb6c2783df94cacb0f17b53fe33f1907135539272c0127b4270ffe
GET /ajax/libs/jquery/1.11.3/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://benefits-expert.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33507
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 30 Jan 2023 20:04:17 GMT
expires: Tue, 30 Jan 2024 20:04:17 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
age: 321369
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 9c45ea25709afbea416f215ee34611b0
117c52c0ee3ff15a2485c0b1e39cc12c7c2021ed
7fbc3c806c7fc6d70d70b55723dbbfc00698b14fcad55014218bc5e03e92a118
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 13:20:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash e3383a870b280d28b1d924543e6128af
0e9ccaf308e10ae68774fe0d32e10d063f379e7d
093a4523b327faf080d2d200d6e8d9e615abe6e048a72d70c3bc8e9f89cc50bf
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 13:20:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
securepubads.g.doubleclick.net/tag/js/gpt.js
142.250.74.34200 OK 27 kB URL HTTP/2 securepubads.g.doubleclick.net/tag/js/gpt.js
IP 142.250.74.34:0
File type ASCII text, with very long lines (39525)
Hash 824764ac21bd40f1d3e13ebdcdbda237
15974c02de9d7a1241cb897bc24899afdada02b2
0d76b000aaf8110de3fb411968560fa957aa5bb9fa8c6211ec860a25ace20363
GET /tag/js/gpt.js HTTP/1.1
Host: securepubads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://benefits-expert.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 27228
date: Fri, 03 Feb 2023 13:20:26 GMT
expires: Fri, 03 Feb 2023 13:20:26 GMT
cache-control: private, max-age=900, stale-while-revalidate=3600
etag: "1471 / 316 of 1000 / last-modified: 1675426045"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14254
Expires: Fri, 03 Feb 2023 17:18:00 GMT
Date: Fri, 03 Feb 2023 13:20:26 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14254
Expires: Fri, 03 Feb 2023 17:18:00 GMT
Date: Fri, 03 Feb 2023 13:20:26 GMT
Connection: keep-alive
www.google-analytics.com/analytics.js
142.250.74.110200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.110:0
File type ASCII text, with very long lines (1490)
Hash ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://benefits-expert.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20085
date: Fri, 03 Feb 2023 11:44:08 GMT
expires: Fri, 03 Feb 2023 13:44:08 GMT
cache-control: public, max-age=7200
age: 5778
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
a.mailmunch.co/app/v1/styles.css
143.204.55.128200 OK 2.3 kB URL HTTP/1.1 a.mailmunch.co/app/v1/styles.css
IP 143.204.55.128:0
File type ASCII text, with very long lines (21666), with no line terminators
Hash 5d0df0b3154b3df6994e483e24e9c924
58ca52b3a064c064e768c4860b54d10ec1784fb6
7a26b4761e190fcbe7c0cddd7908f9b0b74d131ab7c62a278bc4ecb834c04e2d
GET /app/v1/styles.css HTTP/1.1
Host: a.mailmunch.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://benefits-expert.com/
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 2274
Connection: keep-alive
Date: Thu, 02 Feb 2023 19:03:15 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, POST, PUT, DELETE
Access-Control-Expose-Headers: ETag
Access-Control-Max-Age: 3000
Last-Modified: Thu, 02 Feb 2023 07:55:21 GMT
ETag: "5d0df0b3154b3df6994e483e24e9c924"
Cache-Control: max-age=172800
Content-Encoding: gzip
Accept-Ranges: bytes
Server: AmazonS3
X-Cache: Hit from cloudfront
Via: 1.1 71c98156ae29b36a903974f9dd2568f8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: iXnhgzFNjfTbOY_zyrzZHFSNUJnC16ppmtY_DsN31gD51BYbPPXdGw==
Age: 65832
www.gstatic.com/recaptcha/releases/gEr-ODersURoIfof1hiDm7R5/recaptcha__en.js
142.250.74.35200 OK 164 kB URL HTTP/2 www.gstatic.com/recaptcha/releases/gEr-ODersURoIfof1hiDm7R5/recaptcha__en.js
IP 142.250.74.35:0
File type ASCII text, with very long lines (633)
Size 164 kB (163841 bytes)
Hash fe98364486b3206867b17008f995646f
35a5e9aa210970f7abd718d99e629c6982a3cc02
1fd703cb16e3f6f3f7192109d19c69d6e5ac1cfa0feb5b105a86564b7970d28a
GET /recaptcha/releases/gEr-ODersURoIfof1hiDm7R5/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://benefits-expert.com
Connection: keep-alive
Referer: http://benefits-expert.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 163841
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 31 Jan 2023 08:53:11 GMT
expires: Wed, 31 Jan 2024 08:53:11 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 31 Jan 2023 02:51:47 GMT
content-type: text/javascript
age: 275235
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8458d532-a4e7-4e54-9165-f01ff92729f5.jpeg
34.120.237.76200 OK 5.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8458d532-a4e7-4e54-9165-f01ff92729f5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash fe87e986c62630127a7fdd979c802947
28ce91c8643c4bc4dcc4cd26dfc69dc6219ce5bf
770a765c927c0f81d0c41acd45a7a24f5799f9497fcc73489cab4fafbf994bdb
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8458d532-a4e7-4e54-9165-f01ff92729f5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5256
x-amzn-requestid: b0455eb8-b10c-4328-8abe-65c5184f6654
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: frx7uFcooAMFpxQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dafd17-553139816e1fb7b65e683dc6;Sampled=0
x-amzn-remapped-date: Thu, 02 Feb 2023 00:00:23 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: pwRBB72InX8OP4KXpQKTs9T4iMY0E3hPX8Nko9gd7m1BOm8_DqbRaA==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 00:37:24 GMT
age: 45782
etag: "28ce91c8643c4bc4dcc4cd26dfc69dc6219ce5bf"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc5300360-6063-4d18-8dd2-28dbcf47d371.jpeg
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc5300360-6063-4d18-8dd2-28dbcf47d371.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9ab97f766ee1ed6ebbb2b3889a9157b4
f87f165404dec4d65531e6e25146cb77601f3616
f3d0f76f956371b1733a526f10a8253fc3396a459d7af59380d8e8db7dee8ec2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc5300360-6063-4d18-8dd2-28dbcf47d371.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 14071
x-amzn-requestid: 40cb363f-2c4d-4361-9fe1-10e4c8b2fe29
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fiTo4Ek2oAMFs6g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d73305-6cb63d3c49f9f84e639467f6;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 03:01:25 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: b7r7phj8i49RMSuWufxF1L34K9udWa0mJ4dY12izM9ofwAuCFBGEZQ==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 21:48:01 GMT
age: 55945
etag: "f87f165404dec4d65531e6e25146cb77601f3616"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b4ea648-021a-44ef-a083-3ea03f73dca3.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b4ea648-021a-44ef-a083-3ea03f73dca3.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3490571dd2de0a747987b9a0e18cccc8
18e9f8f160d3515f1cb31fc7538ac762a6cab344
1c071d7f3b288b29254500f94f19c0db0633c6aa90812f2e92c4f64992f5221a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b4ea648-021a-44ef-a083-3ea03f73dca3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10796
x-amzn-requestid: 5c9b1a83-c99a-44b9-9a90-5edd7ef1e225
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fi0XKG93oAMFtsA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d76760-01bf754d6c725c3275c02a1b;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 06:44:48 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: XTZJAn0LMAfFtaQ2bN8z58cCsUT5GzxDMnHVB_iw9E_NskHQ-BgbRQ==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 22:19:26 GMT
age: 84437
etag: "18e9f8f160d3515f1cb31fc7538ac762a6cab344"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 9bfd33253208c9d034988400d66abd5d
8811fd76d9bc56c15431433f8f08d648185992ed
6382de7eb2bc0b40dc6d2e21ab8b6cb90cc0effe3241e3fb5008d2e4f626e92c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 13:20:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fedd456a0-d42f-4b40-ad63-ea1dcfaf69eb.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fedd456a0-d42f-4b40-ad63-ea1dcfaf69eb.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2a6aaf87a867f93dc9268a8b27973b97
f52ccbe6cbced1994acb13a00b05436553b6813e
3fbd7441712035f4d53c17eec93bc278e6c072043f3b5a721cac349fc0dabe77
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fedd456a0-d42f-4b40-ad63-ea1dcfaf69eb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10166
x-amzn-requestid: 54fe0d12-360f-4d97-bcf3-b24747d956aa
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fY_4zHEcoAMF1iA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d379d1-4ba89e44005f616a0ed3ed24;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 07:14:25 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: hSyEfSDToqgfnFIW68Krz-ANYUNQoUPWhyb-8xDUarI6mnVLXriHDQ==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 21:59:54 GMT
age: 55232
etag: "f52ccbe6cbced1994acb13a00b05436553b6813e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e366b32074025aaf60bbae8bdb08d330
a52c2883bad98fa20333aa639a5dd3a5bf544c8e
9d661c26effaec9efee16833f6459d6ecbe4f77b822c9c46e2a6433bda816e5c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11565
x-amzn-requestid: 87a84ffd-1176-4656-aac4-e98f38ec2cd9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fboIrFGboAMFyyQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d48704-162ed8114aa1809204500548;Sampled=0
x-amzn-remapped-date: Sat, 28 Jan 2023 02:23:00 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: w0Zm5V0TQxsQ7917U3fdhS_n7qKE143PuhI2JmNCDM_Pf0yPLyW6yA==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 21:48:01 GMT
age: 55945
etag: "a52c2883bad98fa20333aa639a5dd3a5bf544c8e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash e3383a870b280d28b1d924543e6128af
0e9ccaf308e10ae68774fe0d32e10d063f379e7d
093a4523b327faf080d2d200d6e8d9e615abe6e048a72d70c3bc8e9f89cc50bf
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 13:20:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 9c45ea25709afbea416f215ee34611b0
117c52c0ee3ff15a2485c0b1e39cc12c7c2021ed
7fbc3c806c7fc6d70d70b55723dbbfc00698b14fcad55014218bc5e03e92a118
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 13:20:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
benefits-expert.com/?ajax-request=jnews
185.219.238.35200 OK 124 B URL HTTP/1.1 benefits-expert.com/?ajax-request=jnews
IP 185.219.238.35:0
ASN #41000 Freethought Internet Limited
File type JSON data\012- , ASCII text, with no line terminators
Hash 9caa50960c4c21fa368b2f9c3aa5a3ca
cf13b35d40806c6429dbb520194705b597effdde
a4a7f8edb4ba3ea107e629c538e382185c7a1497784be978b4b97e91dc2881c1
POST /?ajax-request=jnews HTTP/1.1
Host: benefits-expert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 73
Origin: http://benefits-expert.com
Connection: keep-alive
Referer: http://benefits-expert.com/most-line-managers-think-they-can-health-wellbeing-support/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-litespeed-tag: 244_HTTP.200
set-cookie: jnews_view_counter_visits[0]=1675430426b35272; expires=Fri, 03-Feb-2023 13:20:26 GMT; Max-Age=0; path=/; HttpOnly
content-type: application/json; charset=UTF-8
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
x-litespeed-cache-control: no-cache
content-length: 124
date: Fri, 03 Feb 2023 13:20:26 GMT
server: LiteSpeed
ocsp.sca1b.amazontrust.com/
54.230.245.100200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.100:0
Hash cf7f5c19d7739d5c5c3261d5656365fc
3c6565e602a85f21400ab2d9a3ee001c6bb99cd8
fef232c8195f2f7c93840ccbe922ab5613b0b5881c2e45af4cf08677cc9b5864
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=147147
Date: Fri, 03 Feb 2023 13:20:26 GMT
Etag: "63dc9d8a-1d7"
Expires: Sun, 05 Feb 2023 06:12:53 GMT
Last-Modified: Fri, 03 Feb 2023 05:37:14 GMT
Server: ECS (nyb/1D22)
X-Cache: Miss from cloudfront
Via: 1.1 9037b7743a833da13439f0d4e2619b52.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: AsTQkGX5p1Pj6qOHG74sdObddZPsHYQVRgQ0QFUARV0Ec_7lgRstKg==
Age: 2139
forms.mailmunch.co/sites/1023274
54.157.58.70200 OK 130 B URL HTTP/1.1 forms.mailmunch.co/sites/1023274
IP 54.157.58.70:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 636d7f77c3b0a1db4df83affafb1dcfe
5267c1d70e220336c7f889bcff47653e94584b2e
393d85c2751786162bbe595fa83f28df46eed332d3096a80d625fc8da8a14edd
GET /sites/1023274 HTTP/1.1
Host: forms.mailmunch.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://benefits-expert.com
Connection: keep-alive
Referer: http://benefits-expert.com/
HTTP/1.1 200 OK
Server: Cowboy
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, X-MM-Form-Tool, X-MM-Coupons
Access-Control-Expose-Headers: X-MM-Comp-Tracking, X-MM-EU-Continent, X-MM-T
Content-Type: application/json; charset=utf-8
Content-Length: 130
Etag: W/"82-UmfB1w4iAzbH+Im8/0dlPpRYSy4"
Vary: Accept-Encoding
Date: Fri, 03 Feb 2023 13:20:26 GMT
Via: 1.1 vegur
static.ctctcdn.com/js/signup-form-widget/current/signup-form-widget.css
172.64.153.179200 OK 3.4 kB URL HTTP/1.1 static.ctctcdn.com/js/signup-form-widget/current/signup-form-widget.css
IP 172.64.153.179:0
File type ASCII text, with very long lines (37139), with no line terminators
Hash 3134759baef162d3713fa4e7e5a37be2
a082fa38dfddfab5982d97b0ce0864184938fd09
1edaf2b25588a044ca149d2ad251e911c6b263f5b45a07863511177a9095768b
GET /js/signup-form-widget/current/signup-form-widget.css HTTP/1.1
Host: static.ctctcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://benefits-expert.com/
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 13:20:26 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=900, public
Cf-Bgj: minify
Cf-Polished: origSize=51270
Expires: Sat, 03 Feb 2024 13:19:41 GMT
Last-Modified: Mon, 01 Aug 2022 21:36:52 GMT
Vary: Accept-Encoding,User-Agent
CF-Cache-Status: HIT
X-Robots-Tag: noindex
Server: cloudflare
CF-RAY: 793b76c69e9c0afe-OSL
Content-Encoding: gzip
a.mailmunch.co/forms-cache/1023274/settings-1675414461.json
143.204.55.128200 OK 837 B URL HTTP/1.1 a.mailmunch.co/forms-cache/1023274/settings-1675414461.json
IP 143.204.55.128:0
File type JSON data\012- , ASCII text, with very long lines (2700), with no line terminators
Hash 32ca79099b701a5fa8a7c9eea23c6001
3e0bc5b0b4e5f9a05db5fa43abb4ad96f2b6af47
fc687ac9bc55608f9a550ef164b0561b560fbccf5da9ea79be153a3d5cbb7d7a
GET /forms-cache/1023274/settings-1675414461.json HTTP/1.1
Host: a.mailmunch.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://benefits-expert.com
Connection: keep-alive
Referer: http://benefits-expert.com/
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Fri, 03 Feb 2023 08:59:33 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, POST, PUT, DELETE
Access-Control-Expose-Headers: ETag
Access-Control-Max-Age: 3000
Last-Modified: Fri, 03 Feb 2023 08:54:29 GMT
ETag: W/"907c07903ab12289cffb56829304cb59"
Cache-Control: max-age=31556952
Server: AmazonS3
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: NQTFYp5wMfRo4UbK8I-s5C07jXLRkI494fMM-J7PR1V5RNcnst5P9g==
Age: 15654
a.mailmunch.co/app/v1/popover.js
143.204.55.128200 OK 2.3 kB URL HTTP/1.1 a.mailmunch.co/app/v1/popover.js
IP 143.204.55.128:0
File type ASCII text, with very long lines (9035), with no line terminators
Hash 9037a8cc341ca9a497cb8b2e224bc7ef
1f751856024ee0b98238e8f296945a437cd1abf7
1be8ed06619d9073ee467d48817fa4bae72e20caec54af2f7f4ac1bd55db72e9
GET /app/v1/popover.js HTTP/1.1
Host: a.mailmunch.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://benefits-expert.com/
HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 2274
Connection: keep-alive
Date: Wed, 01 Feb 2023 19:10:51 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, POST, PUT, DELETE
Access-Control-Expose-Headers: ETag
Access-Control-Max-Age: 3000
Last-Modified: Wed, 01 Feb 2023 13:06:58 GMT
ETag: "9037a8cc341ca9a497cb8b2e224bc7ef"
Cache-Control: max-age=172800
Content-Encoding: gzip
Accept-Ranges: bytes
Server: AmazonS3
X-Cache: Hit from cloudfront
Via: 1.1 71c98156ae29b36a903974f9dd2568f8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: SR3piouVvLZ5TOaajW1zBcYFTgr3LBATENTEzZRCUdjH_E01FGHtpg==
Age: 151776
a.mailmunch.co/app/v1/sidebar.js
143.204.55.128200 OK 842 B URL HTTP/1.1 a.mailmunch.co/app/v1/sidebar.js
IP 143.204.55.128:0
File type ASCII text, with very long lines (2731), with no line terminators
Hash ee4740680a8d8540a9f4484865b8d895
83cc3e1d45542afe085dacd035386e47abbadbfd
698e60369913ff5fb0742cd2d78afcef39e93090e6ba83b4182a8209986fd8f2
GET /app/v1/sidebar.js HTTP/1.1
Host: a.mailmunch.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://benefits-expert.com/
HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 842
Connection: keep-alive
Date: Thu, 02 Feb 2023 22:33:39 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, POST, PUT, DELETE
Access-Control-Expose-Headers: ETag
Access-Control-Max-Age: 3000
Last-Modified: Thu, 02 Feb 2023 07:55:18 GMT
ETag: "ee4740680a8d8540a9f4484865b8d895"
Cache-Control: max-age=172800
Content-Encoding: gzip
Accept-Ranges: bytes
Server: AmazonS3
X-Cache: Hit from cloudfront
Via: 1.1 71c98156ae29b36a903974f9dd2568f8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: RzoXgeoDmeFrfjEm2-mybrvIITwjr8lXNEnUHxLUZkMV81WJN5BfRQ==
Age: 53208
a.mailmunch.co/forms-cache/1023274/1108719/index-1674557287.html
143.204.55.128200 OK 47 kB URL HTTP/1.1 a.mailmunch.co/forms-cache/1023274/1108719/index-1674557287.html
IP 143.204.55.128:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (26098)
Hash 6055e0589e8ae955337baff24125cb28
a333160ccdce8aa699084ea6b31cd2aec3add299
c81660ee5c6fc8b178aefb43fc222d12fc4fde4e37107a00603630094d46aee3
GET /forms-cache/1023274/1108719/index-1674557287.html HTTP/1.1
Host: a.mailmunch.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://benefits-expert.com
Connection: keep-alive
Referer: http://benefits-expert.com/
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Mon, 30 Jan 2023 07:05:57 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, POST, PUT, DELETE
Access-Control-Expose-Headers: ETag
Access-Control-Max-Age: 3000
Last-Modified: Tue, 24 Jan 2023 10:48:17 GMT
ETag: W/"ccf07ce685caf41acf56e1b914ef1097"
Cache-Control: max-age=31556952
Server: AmazonS3
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: MGqPWG5Qni4s1lMk0KLvoRc7yyD-RzpNvaLZ1o9uHyIjoNpnCR44eA==
Age: 368071
a.mailmunch.co/forms-cache/1023274/1108722/index-1674556475.html
143.204.55.128200 OK 47 kB URL HTTP/1.1 a.mailmunch.co/forms-cache/1023274/1108722/index-1674556475.html
IP 143.204.55.128:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (24887)
Hash 0bdf65304c2fc4ed9c02f9b3114034d1
20c53ec9a5b9b9db92c75aceecd607d3c9acd4e5
c72179bbe5b8813c689d20b8d274058d917b5108ab6511f5f2d4b7c56d5aef43
GET /forms-cache/1023274/1108722/index-1674556475.html HTTP/1.1
Host: a.mailmunch.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://benefits-expert.com
Connection: keep-alive
Referer: http://benefits-expert.com/
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Mon, 30 Jan 2023 07:05:57 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, POST, PUT, DELETE
Access-Control-Expose-Headers: ETag
Access-Control-Max-Age: 3000
Last-Modified: Tue, 24 Jan 2023 10:34:46 GMT
ETag: W/"58358cf389aeb6938796a28ac0102322"
Cache-Control: max-age=31556952
Server: AmazonS3
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 475d4ecb64796af058573c6f1048e898.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 9ks76R0yQniKQq_VRUg7aU04WlC7QJVYWuqFexoG7ltEQbOwqnTteg==
Age: 368071
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 2bef39ac599211fe23ad884ceacf1c9b
c19b32a600412658c49a3e55d5d8353a5101c31d
0ff4181df99351d3aa3490540d2f19474531fb07e13ee457b9339efab1a47ad9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 13:20:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 0c15fd84f4711d994724c35236542194
c47d77fe5b373a86bd9a116bd8baac07ec746add
a210a4599baaa980674b456f020282cd470559b319be263fdcf9eaec7cff0d3b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 13:20:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.no/adsid/integrator.js?domain=benefits-expert.com
142.250.74.162200 OK 554 B URL HTTP/2 adservice.google.no/adsid/integrator.js?domain=benefits-expert.com
IP 142.250.74.162:0
Hash b344e0d3ec75d9b71f41a31e365c66fc
91a227c90c143bacf4cd8f742f9f289ddffd8140
9ed53f4a37fb9eacb2194cfd6e77ae7c8d71efa3df7978d120f7f0c83d73d450
GET /adsid/integrator.js?domain=benefits-expert.com HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://benefits-expert.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Fri, 03 Feb 2023 13:20:27 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
adservice.google.com/adsid/integrator.js?domain=benefits-expert.com
142.250.74.162200 OK 100 B URL HTTP/2 adservice.google.com/adsid/integrator.js?domain=benefits-expert.com
IP 142.250.74.162:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=benefits-expert.com HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://benefits-expert.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Fri, 03 Feb 2023 13:20:27 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 2bef39ac599211fe23ad884ceacf1c9b
c19b32a600412658c49a3e55d5d8353a5101c31d
0ff4181df99351d3aa3490540d2f19474531fb07e13ee457b9339efab1a47ad9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 13:20:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/cabin/v26/u-4i0qWljRw-PfU81xCKCpdpbgZJl6Xvqdns.woff2
142.250.74.163200 OK 26 kB URL HTTP/2 fonts.gstatic.com/s/cabin/v26/u-4i0qWljRw-PfU81xCKCpdpbgZJl6Xvqdns.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 26100, version 1.0\012- data
Hash 312bcfa92b0b0a09c3f404b2c662a0b6
5398ff9ee3c10bffc54e3a9f7e5e7506a822b38a
979caf94add5b00ec59d8abde43d200523745c2f4b105c2906f4d9dda4afaeec
GET /s/cabin/v26/u-4i0qWljRw-PfU81xCKCpdpbgZJl6Xvqdns.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://benefits-expert.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 26100
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 29 Jan 2023 12:46:22 GMT
expires: Mon, 29 Jan 2024 12:46:22 GMT
cache-control: public, max-age=31536000
age: 434045
last-modified: Fri, 24 Jun 2022 18:41:34 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
142.250.74.163200 OK 45 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Hash 565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://benefits-expert.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 Feb 2023 10:05:58 GMT
expires: Fri, 02 Feb 2024 10:05:58 GMT
cache-control: public, max-age=31536000
age: 98069
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2
142.250.74.163200 OK 23 kB URL HTTP/2 fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 23040, version 1.0\012- data
Hash de69cf9e514df447d1b0bb16f49d2457
2ac78601179c3a63ba3f3f3081556b12ddcaf655
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49
GET /s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://benefits-expert.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23040
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 Feb 2023 13:13:54 GMT
expires: Fri, 02 Feb 2024 13:13:54 GMT
cache-control: public, max-age=31536000
age: 86793
last-modified: Tue, 26 Apr 2022 15:56:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2
142.250.74.163200 OK 24 kB URL HTTP/2 fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 23580, version 1.0\012- data
Hash e1b3b5908c9cf23dfb2b9c52b9a023ab
fcd4136085f2a03481d9958cc6793a5ed98e714c
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
GET /s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://benefits-expert.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23580
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 28 Jan 2023 09:40:57 GMT
expires: Sun, 28 Jan 2024 09:40:57 GMT
cache-control: public, max-age=31536000
age: 531570
last-modified: Tue, 26 Apr 2022 15:48:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cb41fee9c31ef158fc1778d62344f7b3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
142.250.74.97200 OK 2.7 kB URL HTTP/2 cb41fee9c31ef158fc1778d62344f7b3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
IP 142.250.74.97:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (5657)
Hash e8ee9c011ff8e1f464e74c37113119ee
64ad72134ea05877de0f2b6503f5c0d8c3f78197
09e42988871806c7f0a897bda7bc4247f47f4d8590749eaa245b8ff1fa907303
GET /safeframe/1-0-40/html/container.html HTTP/1.1
Host: cb41fee9c31ef158fc1778d62344f7b3.safeframe.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://benefits-expert.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 2653
date: Fri, 03 Feb 2023 13:20:27 GMT
expires: Sat, 03 Feb 2024 13:20:27 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/playfairdisplay/v30/nuFiD-vYSZviVYUb_rj3ij__anPXDTzYgA.woff2
142.250.74.163200 OK 36 kB URL HTTP/2 fonts.gstatic.com/s/playfairdisplay/v30/nuFiD-vYSZviVYUb_rj3ij__anPXDTzYgA.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 35764, version 1.0\012- data
Hash 60f23230f1a8d5c3b7d25b73f5b5ce23
ed08ada85d017893b9bcb8224e99154c6708f5d2
22b6cdc450204c1cb32b31e679d812fea1c17ac506a7b78daeb12bd0ab25fde8
GET /s/playfairdisplay/v30/nuFiD-vYSZviVYUb_rj3ij__anPXDTzYgA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://benefits-expert.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 35764
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 03 Feb 2023 02:06:00 GMT
expires: Sat, 03 Feb 2024 02:06:00 GMT
cache-control: public, max-age=31536000
age: 40467
last-modified: Mon, 18 Jul 2022 19:06:36 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 832775a408c718892e82db29cfd714ee
4b05adbde482a9d0e8290326273c8cc52b051123
2e24e9ddbdb9326d57ee324b8b8280d7fb51266af3109226a95f866149090062
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 13:20:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
tpc.googlesyndication.com/pagead/js/r20230201/r20110914/abg_lite_fy2021.js
142.250.74.161200 OK 9.0 kB URL HTTP/2 tpc.googlesyndication.com/pagead/js/r20230201/r20110914/abg_lite_fy2021.js
IP 142.250.74.161:0
File type ASCII text, with very long lines (1672)
Hash 9aa683d616d8b2d10fe0100d761df816
60f84308b40072edcc24b6fd54c68247786001aa
2e8549a4bc0e1f4a4eda2637f239105e780b2ae2879c9a241b1ffe7130386e0a
GET /pagead/js/r20230201/r20110914/abg_lite_fy2021.js HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://benefits-expert.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 8993
x-xss-protection: 0
date: Thu, 02 Feb 2023 19:49:13 GMT
expires: Thu, 16 Feb 2023 19:49:13 GMT
cache-control: public, max-age=1209600
age: 63074
etag: 12355142264901698679
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
142.250.74.2200 OK 49 kB URL HTTP/2 www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
IP 142.250.74.2:0
File type ASCII text, with very long lines (3504)
Hash 40b8ffdc606e81703c5f6a39df96f373
0a39b905fe6b8f947d256b01614abcdd27baef65
93cfc3bdb53008e8640dee5f3e7515b10a9b2959e69d8f2919f3d243cf547f36
GET /activeview/js/current/rx_lidar.js?cache=r20110914 HTTP/1.1
Host: www.googletagservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://benefits-expert.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-length: 49146
date: Fri, 03 Feb 2023 13:20:27 GMT
expires: Fri, 03 Feb 2023 13:20:27 GMT
cache-control: private, max-age=3000
etag: "1675254965429469"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
benefits-expert.com/most-line-managers-think-they-can-health-wellbeing-support/?display=swap
185.219.238.35200 OK 33 kB URL HTTP/1.1 benefits-expert.com/most-line-managers-think-they-can-health-wellbeing-support/?display=swap
IP 185.219.238.35:0
ASN #41000 Freethought Internet Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (22979)
Hash 16e1148727b3542b83e9f783e1d41876
5d6695da3a96ddfedd288f5ee2655a13ba578cc1
7d3b0ceb3039ba83546b21feef0752e29f75eb1bc2b223d413969f2dd6895af2
NIDS Severity Alert suricata low ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
suricata low ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
suricata low ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3
GET /most-line-managers-think-they-can-health-wellbeing-support/?display=swap HTTP/1.1
Host: benefits-expert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://benefits-expert.com/most-line-managers-think-they-can-health-wellbeing-support/
Cookie: _ga=GA1.2.1594765525.1675430458; _gid=GA1.2.241411604.1675430458; _gat=1
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html; charset=UTF-8
link: <https://benefits-expert.com/wp-json/>; rel="https://api.w.org/", <https://benefits-expert.com/wp-json/wp/v2/posts/35272>; rel="alternate"; type="application/json", <https://benefits-expert.com/?p=35272>; rel=shortlink
x-litespeed-cache-control: public,max-age=604800
x-litespeed-tag: 244_HTTP.200,244_post,244_URL.5beabd95b57038f66d787aaf30a02cb7,244_Po.35272,244_
etag: "552250-1675430428;gz"
x-litespeed-cache: miss
transfer-encoding: chunked
content-encoding: gzip
vary: Accept-Encoding
date: Fri, 03 Feb 2023 13:20:28 GMT
server: LiteSpeed
cf.mailmunch.com/partner/mailmunch/logo_branding.png
143.204.55.42200 OK 3.7 kB URL HTTP/1.1 cf.mailmunch.com/partner/mailmunch/logo_branding.png
IP 143.204.55.42:0
File type gzip compressed data, max compression\012- data
Hash 4ba7cc439f08346be5e5cea67161a447
ce88663cf4b165aed09e37393fb0e11a7751b8bf
7b1d100a095a9559564fc7394f063b33213c25a59718c83c7d4965bd041fee39
GET /partner/mailmunch/logo_branding.png HTTP/1.1
Host: cf.mailmunch.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://benefits-expert.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 3019
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, POST, PUT, DELETE
Access-Control-Expose-Headers: ETag
Access-Control-Max-Age: 3000
Last-Modified: Mon, 31 Aug 2020 12:20:46 GMT
Accept-Ranges: bytes
Server: AmazonS3
Date: Fri, 03 Feb 2023 07:47:44 GMT
ETag: "9b53f488aacdce3693ba93861ca034cf"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 f00e3524edcdf61801454f2bb21e71ce.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: BbPEZacRd8kt4ZlANSkQdGWGPLX2oyzUwkO4Lv4gc32mHK1JGfg2cQ==
Age: 19988
pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2023013001&st=env
142.250.74.98200 OK 11 kB URL HTTP/2 pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2023013001&st=env
IP 142.250.74.98:0
File type JSON data\012- , ASCII text, with very long lines (14674), with no line terminators
Hash 9ae981a801d95cce4c82520d025d1e1d
1576d52cec7e33726a52693ad3385d042f38931e
bd91c682ed403745b987853aea0c596d4d26ba3d89ab294f3e8f91a8e614594d
GET /getconfig/sodar?sv=200&tid=gpt&tv=2023013001&st=env HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://benefits-expert.com
Connection: keep-alive
Referer: http://benefits-expert.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-type: application/json; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
date: Fri, 03 Feb 2023 13:20:28 GMT
server: cafe
content-length: 11075
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
analytics.mailmunch.co/event/?site_id=1023274&widget_id=1108722&event_name=views&cache=1675430459832&referrer=http%3A%2F%2Fbenefits-expert.com%2Fmost-line-managers-think-they-can-health-wellbeing-support%2F&visitor_id=c9de624c-a279-4cc9-9e5c-293cedefc08c
3.232.242.170200 OK 35 B URL HTTP/1.1 analytics.mailmunch.co/event/?site_id=1023274&widget_id=1108722&event_name=views&cache=1675430459832&referrer=http%3A%2F%2Fbenefits-expert.com%2Fmost-line-managers-think-they-can-health-wellbeing-support%2F&visitor_id=c9de624c-a279-4cc9-9e5c-293cedefc08c
IP 3.232.242.170:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash c2196de8ba412c60c22ab491af7b1409
5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
GET /event/?site_id=1023274&widget_id=1108722&event_name=views&cache=1675430459832&referrer=http%3A%2F%2Fbenefits-expert.com%2Fmost-line-managers-think-they-can-health-wellbeing-support%2F&visitor_id=c9de624c-a279-4cc9-9e5c-293cedefc08c HTTP/1.1
Host: analytics.mailmunch.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://benefits-expert.com/
HTTP/1.1 200 OK
Server: Cowboy
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Content-Type: image/gif
Date: Fri, 03 Feb 2023 13:20:29 GMT
Transfer-Encoding: chunked
Via: 1.1 vegur
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F524a46fd-88eb-4539-9d8b-1ac679ae5990.jpeg
34.120.237.76200 OK 8.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F524a46fd-88eb-4539-9d8b-1ac679ae5990.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 114e345e134986d7451148fcea31b29d
541e878afee68c8802bb52b0cbbe5a5a0a185392
5030244d4babd1023166f39c935029d789a91ba90aa3a44c6f4c88ddc947b678
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F524a46fd-88eb-4539-9d8b-1ac679ae5990.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 8211
x-amzn-requestid: 6a1fd567-b34d-4787-aa05-5b7db3fc51c3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fflRBHU4IAMFnsw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d61c06-2d1ec3206d2ebeb4780a84b4;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 07:11:02 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: lUloQ6xaRWpnvMRh7kFvFIWhFotmILLZHfD_YK01RmrQ2vmYKVh46w==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 03:08:32 GMT
age: 36721
etag: "541e878afee68c8802bb52b0cbbe5a5a0a185392"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
fonts.googleapis.com/css2?family=Mukta
142.250.74.106200 OK 0 B URL HTTP/2 fonts.googleapis.com/css2?family=Mukta
IP 142.250.74.106:0
GET /css2?family=Mukta HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://benefits-expert.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 03 Feb 2023 13:20:25 GMT
date: Fri, 03 Feb 2023 13:20:25 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
listgrowth.ctctcdn.com/v1/643dc37f34a2f0aac154aa6bc686ef4c.json?lang=en_GB
54.230.111.89200 OK 0 B URL HTTP/2 listgrowth.ctctcdn.com/v1/643dc37f34a2f0aac154aa6bc686ef4c.json?lang=en_GB
IP 54.230.111.89:0
GET /v1/643dc37f34a2f0aac154aa6bc686ef4c.json?lang=en_GB HTTP/1.1
Host: listgrowth.ctctcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://benefits-expert.com
Connection: keep-alive
Referer: http://benefits-expert.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/json
x-amz-id-2: Ag9GzFPNyYOHJcxkH6Edbe3Ck+5J05YmZ9GJ6pVF1phjarPzDgkxHPz8J/m5LpQrl7PNNtDVZ94PFKRHQolyq972d1yYZ9hg1uxngbQ2Fbo=
x-amz-request-id: AG3GNX06GHJCHRC2
date: Fri, 03 Feb 2023 13:20:28 GMT
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
x-amz-replication-status: COMPLETED
last-modified: Mon, 09 May 2022 16:58:46 GMT
etag: W/"7a0457fc8f539f1695e0972d29ae08da"
cache-control: max-age=5
x-amz-version-id: Kc.6tgHUhwso.8355K48sGyZFEga.FOV
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
recaptcha-key: 6LfHrSkUAAAAAPnKk5cT6JuKlKPzbwyTYuO8--Vr
access-control-expose-headers: recaptcha-key
x-cache: Miss from cloudfront
via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: c-juh4PPiBXi2AHeL0aqoRgnT6kh9TsnprudKMrxjJzYnc7utXmxdg==
X-Firefox-Spdy: h2