urlscan.io logo urlscan.io
SecurityTrails logo

rewardsatball.ehr.com Open in urlscan Pro
20.85.27.236  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://urldefense.us/v3/__http://www4.dmp-voyamail.com/voyamarketingzone/main/index.php?action=t&tag=https*3A*2F*2Fhr...
Effective URL: https://rewardsatball.ehr.com/default.ashx?CLASSNAME=SPLASH
Submission: On March 30 via manual from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 4 domains to perform 9 HTTP transactions. The main IP is 20.85.27.236, located in Boydton, United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is rewardsatball.ehr.com.
TLS certificate: Issued by GlobalSign RSA OV SSL CA 2018 on March 3rd 2023. Valid for: a year.
This is the only time rewardsatball.ehr.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 18.233.38.149 14618 (AMAZON-AES)
3 3 216.205.154.86 7381 (SRS-6-Z-7381)
2 3 158.82.144.42 40196 (WILLISNOR...)
8 20.85.27.236 8075 (MICROSOFT...)
9 2
Apex Domain
Subdomains		 Transfer
11 ehr.com
hrportal.ehr.com — Cisco Umbrella Rank: 117152
rewardsatball.ehr.com
640 KB
2 dmplocal.com
voyamarketingzone.dmplocal.com
2 KB
1 dmp-voyamail.com
www4.dmp-voyamail.com
574 B
1 urldefense.us
urldefense.us — Cisco Umbrella Rank: 256691
530 B
9 4
Domain Requested by
8 rewardsatball.ehr.com rewardsatball.ehr.com
3 hrportal.ehr.com 2 redirects
2 voyamarketingzone.dmplocal.com 2 redirects
1 www4.dmp-voyamail.com 1 redirects
1 urldefense.us 1 redirects
9 5

This site contains links to these domains. Also see Links.

Domain
ballbenefitscentral.ehr.com
ballfed.ballaerospace.com
auth.ball.com
Subject Issuer Validity Valid
hrportal.ehr.com
GlobalSign RSA OV SSL CA 2018		 2022-11-07 -
2023-12-09		 a year crt.sh
rewardsatball.ehr.com
GlobalSign RSA OV SSL CA 2018		 2023-03-03 -
2024-04-03		 a year crt.sh

This page contains 1 frames:

Primary Page: https://rewardsatball.ehr.com/default.ashx?CLASSNAME=SPLASH
Frame ID: E391B32A036DF6A121E2B6F1126EA8DE
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Rewards at Ball - Benefits Portal

Page URL History Show full URLs

  1. https://urldefense.us/v3/__http://www4.dmp-voyamail.com/voyamarketingzone/main/index.php?action=t&... HTTP 302
    http://www4.dmp-voyamail.com/voyamarketingzone/main/index.php?action=t&tag=https%3A%2F%2Fhrportal.ehr.com... HTTP 301
    http://voyamarketingzone.dmplocal.com/main/index.php?action=t&tag=https%3A%2F%2Fhrportal.ehr.com%2Fball%2FHome%2FF... HTTP 302
    https://voyamarketingzone.dmplocal.com/main/?action=t&tag=https%3A%2F%2Fhrportal.ehr.com%2Fball%2FHome%2FFinancial-... HTTP 302
    https://hrportal.ehr.com/ball/Home/Financial-Well-being/Retirement/401-k HTTP 302
    https://hrportal.ehr.com/ball/qa3?returnurl=%2fball%2fHome%2fFinancial-Well-being%2fRetirement%2f401-k HTTP 302
    https://hrportal.ehr.com/ball/desktopmodules/portal/api/saml/sendauthnrequest/?target=sdaauth-portal&... Page URL
  2. https://rewardsatball.ehr.com/default.ashx?CLASSNAME=SPLASH Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

9
Requests

100 %
HTTPS

0 %
IPv6

4
Domains

5
Subdomains

2
IPs

1
Countries

636 kB
Transfer

699 kB
Size

16
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://urldefense.us/v3/__http://www4.dmp-voyamail.com/voyamarketingzone/main/index.php?action=t&tag=https*3A*2F*2Fhrportal.ehr.com*2Fball*2FHome*2FFinancial-Well-being*2FRetirement*2F401-k&id=94705&contact_uuid=8d4145d8-1d55-4b9a-b95c-0cf19416dc93&dest=https*3A*2F*2Fhrportal.ehr.com*2Fball*2FHome*2FFinancial-Well-being*2FRetirement*2F401-k__;JSUlJSUlJSUlJSUlJSUlJQ!!LNnLTj473Oq-L_5O-MApfw!hTJxrUCt9vdLoy5cf8SWaXN39VUaGDHmeGJJDzFgtV9y2XOfKVX-D0A9Xb6sdqdI75roJg9ntqHlhwHtaYXODMp2X18U97EMLQ$ HTTP 302
    http://www4.dmp-voyamail.com/voyamarketingzone/main/index.php?action=t&tag=https%3A%2F%2Fhrportal.ehr.com%2Fball%2FHome%2FFinancial-Well-being%2FRetirement%2F401-k&id=94705&contact_uuid=8d4145d8-1d55-4b9a-b95c-0cf19416dc93&dest=https%3A%2F%2Fhrportal.ehr.com%2Fball%2FHome%2FFinancial-Well-being%2FRetirement%2F401-k HTTP 301
    http://voyamarketingzone.dmplocal.com/main/index.php?action=t&tag=https%3A%2F%2Fhrportal.ehr.com%2Fball%2FHome%2FFinancial-Well-being%2FRetirement%2F401-k&id=94705&contact_uuid=8d4145d8-1d55-4b9a-b95c-0cf19416dc93&dest=https%3A%2F%2Fhrportal.ehr.com%2Fball%2FHome%2FFinancial-Well-being%2FRetirement%2F401-k HTTP 302
    https://voyamarketingzone.dmplocal.com/main/?action=t&tag=https%3A%2F%2Fhrportal.ehr.com%2Fball%2FHome%2FFinancial-Well-being%2FRetirement%2F401-k&id=94705&contact_uuid=8d4145d8-1d55-4b9a-b95c-0cf19416dc93&dest=https%3A%2F%2Fhrportal.ehr.com%2Fball%2FHome%2FFinancial-Well-being%2FRetirement%2F401-k HTTP 302
    https://hrportal.ehr.com/ball/Home/Financial-Well-being/Retirement/401-k HTTP 302
    https://hrportal.ehr.com/ball/qa3?returnurl=%2fball%2fHome%2fFinancial-Well-being%2fRetirement%2f401-k HTTP 302
    https://hrportal.ehr.com/ball/desktopmodules/portal/api/saml/sendauthnrequest/?target=sdaauth-portal&relaystate=%2fHome%2fFinancial-Well-being%2fRetirement%2f401-k&rnd=37325447722024 Page URL
  2. https://rewardsatball.ehr.com/default.ashx?CLASSNAME=SPLASH Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://urldefense.us/v3/__http://www4.dmp-voyamail.com/voyamarketingzone/main/index.php?action=t&tag=https*3A*2F*2Fhrportal.ehr.com*2Fball*2FHome*2FFinancial-Well-being*2FRetirement*2F401-k&id=94705&contact_uuid=8d4145d8-1d55-4b9a-b95c-0cf19416dc93&dest=https*3A*2F*2Fhrportal.ehr.com*2Fball*2FHome*2FFinancial-Well-being*2FRetirement*2F401-k__;JSUlJSUlJSUlJSUlJSUlJQ!!LNnLTj473Oq-L_5O-MApfw!hTJxrUCt9vdLoy5cf8SWaXN39VUaGDHmeGJJDzFgtV9y2XOfKVX-D0A9Xb6sdqdI75roJg9ntqHlhwHtaYXODMp2X18U97EMLQ$ HTTP 302
  • http://www4.dmp-voyamail.com/voyamarketingzone/main/index.php?action=t&tag=https%3A%2F%2Fhrportal.ehr.com%2Fball%2FHome%2FFinancial-Well-being%2FRetirement%2F401-k&id=94705&contact_uuid=8d4145d8-1d55-4b9a-b95c-0cf19416dc93&dest=https%3A%2F%2Fhrportal.ehr.com%2Fball%2FHome%2FFinancial-Well-being%2FRetirement%2F401-k HTTP 301
  • http://voyamarketingzone.dmplocal.com/main/index.php?action=t&tag=https%3A%2F%2Fhrportal.ehr.com%2Fball%2FHome%2FFinancial-Well-being%2FRetirement%2F401-k&id=94705&contact_uuid=8d4145d8-1d55-4b9a-b95c-0cf19416dc93&dest=https%3A%2F%2Fhrportal.ehr.com%2Fball%2FHome%2FFinancial-Well-being%2FRetirement%2F401-k HTTP 302
  • https://voyamarketingzone.dmplocal.com/main/?action=t&tag=https%3A%2F%2Fhrportal.ehr.com%2Fball%2FHome%2FFinancial-Well-being%2FRetirement%2F401-k&id=94705&contact_uuid=8d4145d8-1d55-4b9a-b95c-0cf19416dc93&dest=https%3A%2F%2Fhrportal.ehr.com%2Fball%2FHome%2FFinancial-Well-being%2FRetirement%2F401-k HTTP 302
  • https://hrportal.ehr.com/ball/Home/Financial-Well-being/Retirement/401-k HTTP 302
  • https://hrportal.ehr.com/ball/qa3?returnurl=%2fball%2fHome%2fFinancial-Well-being%2fRetirement%2f401-k HTTP 302
  • https://hrportal.ehr.com/ball/desktopmodules/portal/api/saml/sendauthnrequest/?target=sdaauth-portal&relaystate=%2fHome%2fFinancial-Well-being%2fRetirement%2f401-k&rnd=37325447722024

9 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
hrportal.ehr.com/ball/desktopmodules/portal/api/saml/sendauthnrequest/
Redirect Chain
  • https://urldefense.us/v3/__http://www4.dmp-voyamail.com/voyamarketingzone/main/index.php?action=t&tag=https*3A*2F*2Fhrportal.ehr.com*2Fball*2FHome*2FFinancial-Well-being*2FRetirement*2F401-k&id=947...
  • http://www4.dmp-voyamail.com/voyamarketingzone/main/index.php?action=t&tag=https%3A%2F%2Fhrportal.ehr.com%2Fball%2FHome%2FFinancial-Well-being%2FRetirement%2F401-k&id=94705&contact_uuid=8d4145d8-1d...
  • http://voyamarketingzone.dmplocal.com/main/index.php?action=t&tag=https%3A%2F%2Fhrportal.ehr.com%2Fball%2FHome%2FFinancial-Well-being%2FRetirement%2F401-k&id=94705&contact_uuid=8d4145d8-1d55-4b9a-b...
  • https://voyamarketingzone.dmplocal.com/main/?action=t&tag=https%3A%2F%2Fhrportal.ehr.com%2Fball%2FHome%2FFinancial-Well-being%2FRetirement%2F401-k&id=94705&contact_uuid=8d4145d8-1d55-4b9a-b95c-0cf1...
  • https://hrportal.ehr.com/ball/Home/Financial-Well-being/Retirement/401-k
  • https://hrportal.ehr.com/ball/qa3?returnurl=%2fball%2fHome%2fFinancial-Well-being%2fRetirement%2f401-k
  • https://hrportal.ehr.com/ball/desktopmodules/portal/api/saml/sendauthnrequest/?target=sdaauth-portal&relaystate=%2fHome%2fFinancial-Well-being%2fRetirement%2f401-k&rnd=37325447722024
6 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://hrportal.ehr.com/ball/desktopmodules/portal/api/saml/sendauthnrequest/?target=sdaauth-portal&relaystate=%2fHome%2fFinancial-Well-being%2fRetirement%2f401-k&rnd=37325447722024
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
158.82.144.42 , United States, ASN40196 (WILLISNORTHAMERICA, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

Cache-Control
no-cache
Content-Encoding
gzip
Content-Length
5247
Content-Security-Policy
default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Content-Type
text/html
Cross-Origin-Opener-Policy
same-origin
Date
Thu, 30 Mar 2023 17:43:23 GMT
Expires
-1
Permissions-Policy
accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
Pragma
no-cache
Referrer-Policy
strict-origin-when-cross-origin
Strict-Transport-Security
max-age=31536000
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-Permitted-Cross-Domain-Policies
none
X-XSS-Protection
1; mode=block

Redirect headers

Cache-Control
no-cache
Content-Length
307
Content-Security-Policy
default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Content-Type
text/html; charset=utf-8
Cross-Origin-Opener-Policy
same-origin
Date
Thu, 30 Mar 2023 17:43:23 GMT
Expires
-1
Location
https://hrportal.ehr.com/ball/desktopmodules/portal/api/saml/sendauthnrequest/?target=sdaauth-portal&relaystate=%2fHome%2fFinancial-Well-being%2fRetirement%2f401-k&rnd=37325447722024
Permissions-Policy
accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
Pragma
no-cache
Referrer-Policy
strict-origin-when-cross-origin
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-Permitted-Cross-Domain-Policies
none
X-XSS-Protection
1; mode=block
Primary Request default.ashx
rewardsatball.ehr.com/ 		3 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://rewardsatball.ehr.com/default.ashx?CLASSNAME=SPLASH
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.85.27.236 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
9187b5ce7aeafd3f152da1591acf4974777b2133254065a543806f0efb271e1b
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://hrportal.ehr.com
Referer
https://hrportal.ehr.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

Cache-Control
no-store
Connection
keep-alive
Content-Encoding
gzip
Content-Length
1727
Content-Security-Policy-Report-Only
default-src 'self' https: https://www.google-analytics.com ; font-src * data:; connect-src 'self' cdn.cookielaw.org; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data:
Content-Type
text/html; charset=utf-8
Cross-Origin-Embedder-Policy
credentialless
Cross-Origin-Opener-Policy
same-origin
Cross-Origin-Resource-Policy
cross-origin
Date
Thu, 30 Mar 2023 17:43:25 GMT
Expires
-1
Permissions-Policy
accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
Pragma
no-cache
Referrer-Policy
no-referrer
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-XSS-Protection
1; mode=block
x-frame-options
SAMEORIGIN
default.ashx
rewardsatball.ehr.com/ 		8 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://rewardsatball.ehr.com/default.ashx?CLASSNAME=RESOURCEHANDLER&ID=%257e*%25f0%258f%25ac%257bE%2511%25f6%25ec%251ay%25aa%2b%25e1%25f7%2507%25d1k%25d8%25aaa%257fG%2507%251bs-%25d2%25dd%259dl
Requested by
Host: rewardsatball.ehr.com
URL: https://rewardsatball.ehr.com/default.ashx?CLASSNAME=SPLASH
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.85.27.236 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
657d0478fc414019dfa1531f9814c06fe477eea9210ab05979631a5a25171f73
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date
Thu, 30 Mar 2023 17:43:25 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Cross-Origin-Embedder-Policy
credentialless
Transfer-Encoding
chunked
Content-Security-Policy-Report-Only
default-src 'self' https: https://www.google-analytics.com ; font-src * data:; connect-src 'self' cdn.cookielaw.org; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data:
Cross-Origin-Resource-Policy
cross-origin
Content-Disposition
attachment; filename=idt-style-login.css
Connection
keep-alive
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer
Last-Modified
Tue, 31 Aug 2021 18:17:12 GMT
Cross-Origin-Opener-Policy
same-origin
ETag
/+yNxnYOB3A+oprJwB4w82p9UBxzBg==
Vary
Accept-Encoding
x-frame-options
SAMEORIGIN, SAMEORIGIN
Content-Type
text/css
Cache-Control
no-store
Permissions-Policy
accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
Expires
Thu, 30 Mar 2023 01:03:25 GMT
jquery.js
rewardsatball.ehr.com/Base/Script/ 		105 KB
44 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://rewardsatball.ehr.com/Base/Script/jquery.js
Requested by
Host: rewardsatball.ehr.com
URL: https://rewardsatball.ehr.com/default.ashx?CLASSNAME=SPLASH
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.85.27.236 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
ebf22112a34691501e8ebc0d0b6163cfe5fe31a6a2b3171510777a5b6dfea07a
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date
Thu, 30 Mar 2023 17:43:25 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Cross-Origin-Embedder-Policy
credentialless
Content-Security-Policy-Report-Only
default-src 'self' https: https://www.google-analytics.com ; font-src * data:; connect-src 'self' cdn.cookielaw.org; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data:
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Content-Length
43523
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer
Last-Modified
Fri, 10 Mar 2023 23:27:10 GMT
Cross-Origin-Opener-Policy
same-origin
ETag
"09bdd6a753d91:0"
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Cache-Control
no-store
Permissions-Policy
accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
Accept-Ranges
bytes
password_strength_plugin.js
rewardsatball.ehr.com/base/script/ 		6 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://rewardsatball.ehr.com/base/script/password_strength_plugin.js
Requested by
Host: rewardsatball.ehr.com
URL: https://rewardsatball.ehr.com/default.ashx?CLASSNAME=SPLASH
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.85.27.236 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
90f10ead76df61fddbe7f41a66d808272c4fe9efc09f18f9307b948ec7bf5f1e
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date
Thu, 30 Mar 2023 17:43:25 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Cross-Origin-Embedder-Policy
credentialless
Content-Security-Policy-Report-Only
default-src 'self' https: https://www.google-analytics.com ; font-src * data:; connect-src 'self' cdn.cookielaw.org; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data:
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Content-Length
2472
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer
Last-Modified
Fri, 10 Mar 2023 23:27:12 GMT
Cross-Origin-Opener-Policy
same-origin
ETag
"0c83ed7a753d91:0"
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Cache-Control
no-store
Permissions-Policy
accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
Accept-Ranges
bytes
default.ashx
rewardsatball.ehr.com/ 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rewardsatball.ehr.com/default.ashx?CLASSNAME=RESOURCEHANDLER&ID=%2523%25a78M1%251bm%2588%2519t8O%25e1%2514%2583%25e4
Requested by
Host: rewardsatball.ehr.com
URL: https://rewardsatball.ehr.com/default.ashx?CLASSNAME=SPLASH
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.85.27.236 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
20486c64ef57f6e40f315b6e50d50ab64420aa88f62ea926d86234f2c71aae79
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date
Thu, 30 Mar 2023 17:43:25 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
X-Content-Type-Options
nosniff
Cross-Origin-Embedder-Policy
credentialless
Content-Security-Policy-Report-Only
default-src 'self' https: https://www.google-analytics.com ; font-src * data:; connect-src 'self' cdn.cookielaw.org; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data:
Cross-Origin-Resource-Policy
cross-origin
Content-Disposition
attachment; filename=logo-ballv2.png
Connection
keep-alive
Content-Length
5305
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer
Last-Modified
Tue, 31 Aug 2021 18:17:12 GMT
Cross-Origin-Opener-Policy
same-origin
ETag
tu0isIn4F2REDz7uSPnsKQYrXtc=
x-frame-options
SAMEORIGIN, SAMEORIGIN
Content-Type
image/png
Cache-Control
no-store
Permissions-Policy
accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
Expires
Thu, 30 Mar 2023 01:03:25 GMT
default.ashx
rewardsatball.ehr.com/ 		22 KB
24 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rewardsatball.ehr.com/default.ashx?CLASSNAME=RESOURCEHANDLER&ID=%25b8%25baz%25ee%251c%253e%25cf%25a6W%25e8%2598%2501N%259f%2511%2580%257cb%255b%25e0%2591%2509O%25e5%25d13%258c%25a6%25d2%257fI%2560
Requested by
Host: rewardsatball.ehr.com
URL: https://rewardsatball.ehr.com/default.ashx?CLASSNAME=SPLASH
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.85.27.236 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
c577a78a1ec2d12dc21df54bd9125b8ed45be84a3ebc7f8c5d208a613fb8b3c1
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date
Thu, 30 Mar 2023 17:43:25 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
X-Content-Type-Options
nosniff
Cross-Origin-Embedder-Policy
credentialless
Content-Security-Policy-Report-Only
default-src 'self' https: https://www.google-analytics.com ; font-src * data:; connect-src 'self' cdn.cookielaw.org; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data:
Cross-Origin-Resource-Policy
cross-origin
Content-Disposition
attachment; filename=ball-trlogo-updated.jpg
Connection
keep-alive
Content-Length
23005
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer
Last-Modified
Tue, 31 Aug 2021 18:17:12 GMT
Cross-Origin-Opener-Policy
same-origin
ETag
nNiGit3E5qRg4iHyyb11yK2Tol9c
x-frame-options
SAMEORIGIN, SAMEORIGIN
Content-Type
image/jpeg
Cache-Control
no-store
Permissions-Policy
accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
Expires
Thu, 30 Mar 2023 01:03:25 GMT
default.ashx
rewardsatball.ehr.com/ 		541 KB
543 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rewardsatball.ehr.com/default.ashx?CLASSNAME=RESOURCEHANDLER&FNAME=login-background-image.jpg
Requested by
Host: rewardsatball.ehr.com
URL: https://rewardsatball.ehr.com/default.ashx?CLASSNAME=RESOURCEHANDLER&ID=%257e*%25f0%258f%25ac%257bE%2511%25f6%25ec%251ay%25aa%2b%25e1%25f7%2507%25d1k%25d8%25aaa%257fG%2507%251bs-%25d2%25dd%259dl
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.85.27.236 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
000d9b53a5bcdf0d555f600eece4325761ca31bb830c254cee0f4714bdda09ae
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date
Thu, 30 Mar 2023 17:43:25 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
X-Content-Type-Options
nosniff
Cross-Origin-Embedder-Policy
credentialless
Content-Security-Policy-Report-Only
default-src 'self' https: https://www.google-analytics.com ; font-src * data:; connect-src 'self' cdn.cookielaw.org; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data:
Cross-Origin-Resource-Policy
cross-origin
Content-Disposition
attachment; filename=login-background-image.jpg
Connection
keep-alive
Content-Length
554393
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer
Last-Modified
Tue, 31 Aug 2021 18:17:12 GMT
Cross-Origin-Opener-Policy
same-origin
ETag
A6/6BhnONmW/xO4rXiHW1FH4ji4yXw==
x-frame-options
SAMEORIGIN, SAMEORIGIN
Content-Type
image/jpeg
Cache-Control
no-store
Permissions-Policy
accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
Expires
Thu, 30 Mar 2023 01:03:25 GMT
default.ashx
rewardsatball.ehr.com/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rewardsatball.ehr.com/default.ashx?classname=resourcehandler&fname=button-background.png
Requested by
Host: rewardsatball.ehr.com
URL: https://rewardsatball.ehr.com/default.ashx?CLASSNAME=RESOURCEHANDLER&ID=%257e*%25f0%258f%25ac%257bE%2511%25f6%25ec%251ay%25aa%2b%25e1%25f7%2507%25d1k%25d8%25aaa%257fG%2507%251bs-%25d2%25dd%259dl
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.85.27.236 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
82fd993ba604d1a447587d7ddc332ad0a2afa811cd4094d8343506e743615182
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date
Thu, 30 Mar 2023 17:43:25 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
X-Content-Type-Options
nosniff
Cross-Origin-Embedder-Policy
credentialless
Content-Security-Policy-Report-Only
default-src 'self' https: https://www.google-analytics.com ; font-src * data:; connect-src 'self' cdn.cookielaw.org; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data:
Cross-Origin-Resource-Policy
cross-origin
Content-Disposition
attachment; filename=button-background.png
Connection
keep-alive
Content-Length
1026
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer
Last-Modified
Mon, 25 Feb 2019 13:07:02 GMT
Cross-Origin-Opener-Policy
same-origin
ETag
AHcIUElb8lqnZfdKMmy9TKFwXpusyw==
x-frame-options
SAMEORIGIN, SAMEORIGIN
Content-Type
image/png
Cache-Control
no-store
Permissions-Policy
accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
Expires
Thu, 30 Mar 2023 01:03:25 GMT

Verdicts & Comments Add Verdict or Comment

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless function| $ function| jQuery function| getParameterByName

16 Cookies

Domain/Path Name / Value
.voyamarketingzone.dmplocal.com/ Name: SESSION_NAME
Value: VOYAMARKETINGZONE_SESSION_SECURE
.voyamarketingzone.dmplocal.com/ Name: VOYAMARKETINGZONE_SESSION_SECURE
Value: q07sls2v8mnsv4jkh51krqurq3
hrportal.ehr.com/ Name: dnn_IsMobile
Value: False
hrportal.ehr.com/ Name: language
Value: en-US
hrportal.ehr.com/ Name: Analytics_VisitorId
Value: 87ca3887-400d-4bf8-b27d-51af9720a446
hrportal.ehr.com/ Name: f5-cookie
Value: !66+krVQC6YBGtzhRj9+ylgEfX4CmCaZdOFDDpIF4Yhi4sADMv9Is71tujloT9sq7+1afyzbQpBoTdiQ=
hrportal.ehr.com/ Name: Analytics
Value: SessionId=2ef34757-91e3-43c9-91a4-30dbc5a70671&TabId=13065&ContentItemId=-1
hrportal.ehr.com/ Name: ASP.NET_SessionId
Value: azw25d4hlcoezo3rerzk44tr
hrportal.ehr.com/ Name: authentication
Value: HRT.Portal.DNNModules.HRPortalAuth
hrportal.ehr.com/ Name: 60_dplk
Value: /Home/Financial-Well-being/Retirement/401-k
rewardsatball.ehr.com/ Name: ApplicationGatewayAffinityCORS
Value: 8a0481431897a44c54ca61341167e32d
rewardsatball.ehr.com/ Name: ApplicationGatewayAffinity
Value: 8a0481431897a44c54ca61341167e32d
rewardsatball.ehr.com/ Name: BallPortalApp
Value: %2f%aa%cc%e0%f4n%9e%c1TD80%b1%94S%26-%fa8%1e%f4q%ed%ab%f3S%19x%89%bc%e2%e6%88%e4%00%c3%c7%fb%a1%2f%1c%ea%fa9P%b4%1c%fb
rewardsatball.ehr.com/ Name: BallPortalSessionHistory_Insert
Value: False
rewardsatball.ehr.com/ Name: BallPortalSessionHistory_Key
Value: 22f3f70c-cb24-48db-94b9-9a6beec0b14a
rewardsatball.ehr.com/ Name: BallPortalSessionHistory_Id
Value: 1166590

1 Console Messages

Source Level URL
Text
security error URL: https://rewardsatball.ehr.com/default.ashx?CLASSNAME=SPLASH(Line 4)
Message:
X-Frame-Options may only be set via an HTTP header sent along with a document. It may not be set inside <meta>.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block