Submitted URL: http://login.nyhplans.com/
Effective URL: https://login.nyhplans.com/
Submission: On November 09 via manual from US — Scanned from DE

Summary

This website contacted 4 IPs in 1 countries across 3 domains to perform 13 HTTP transactions. The main IP is 3.15.167.137, located in Columbus, United States and belongs to AMAZON-02, US. The main domain is login.nyhplans.com.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on February 3rd 2022. Valid for: a year.
This is the only time login.nyhplans.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 3.15.167.136 16509 (AMAZON-02)
1 3.15.167.137 16509 (AMAZON-02)
4 13.224.189.61 16509 (AMAZON-02)
6 3.226.124.150 14618 (AMAZON-AES)
2 13.225.78.104 16509 (AMAZON-02)
13 4
Apex Domain
Subdomains
Transfer
8 nyhplans.com
login.nyhplans.com
api.nyhplans.com
93 KB
4 oktacdn.com
ok10static.oktacdn.com — Cisco Umbrella Rank: 98149
620 KB
2 okta.com
login.okta.com — Cisco Umbrella Rank: 10869
97 KB
13 3
Domain Requested by
6 api.nyhplans.com login.nyhplans.com
api.nyhplans.com
4 ok10static.oktacdn.com login.nyhplans.com
2 login.okta.com ok10static.oktacdn.com
login.okta.com
2 login.nyhplans.com 1 redirects
13 4

This site contains no links.

Subject Issuer Validity Valid
*.nyhplans.com
DigiCert TLS RSA SHA256 2020 CA1
2022-02-03 -
2023-03-02
a year crt.sh
*.oktacdn.com
DigiCert TLS RSA SHA256 2020 CA1
2021-12-22 -
2023-01-22
a year crt.sh
api.nyhplans.com
Amazon
2021-12-14 -
2023-01-12
a year crt.sh
accounts.okta.com
DigiCert TLS RSA SHA256 2020 CA1
2022-07-13 -
2023-07-25
a year crt.sh

This page contains 2 frames:

Primary Page: https://login.nyhplans.com/
Frame ID: 982BF994079D690388D9C6EF07347B9F
Requests: 10 HTTP requests in this frame

Frame: https://login.okta.com/discovery/iframe.html
Frame ID: D998739A9221E43A0AFFED975D987149
Requests: 2 HTTP requests in this frame

Screenshot

Page Title

Login

Page URL History Show full URLs

  1. http://login.nyhplans.com/ HTTP 302
    https://login.nyhplans.com/ Page URL

Page Statistics

13
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

4
Subdomains

4
IPs

1
Countries

809 kB
Transfer

2314 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://login.nyhplans.com/ HTTP 302
    https://login.nyhplans.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
login.nyhplans.com/
Redirect Chain
  • http://login.nyhplans.com/
  • https://login.nyhplans.com/
8 KB
4 KB
Document
General
Full URL
https://login.nyhplans.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.15.167.137 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-15-167-137.us-east-2.compute.amazonaws.com
Software
nginx /
Resource Hash
6d9d2447f53c063cde561234add412a9d25d22c938d169fad88b9c025085bd38
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=315360000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
Keep-Alive
Content-Encoding
gzip
Content-Type
text/html;charset=utf-8
Date
Wed, 09 Nov 2022 20:19:48 GMT
Keep-Alive
timeout=5, max=100
Server
nginx
Strict-Transport-Security
max-age=315360000; includeSubDomains
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Robots-Tag
noindex,nofollow
cache-control
no-cache, no-store
content-language
de
content-security-policy
frame-ancestors 'self'
expect-ct
report-uri="https://oktaexpectct.report-uri.com/r/t/ct/reportOnly", max-age=0
expires
0
p3p
CP="HONK"
pragma
no-cache
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-okta-request-id
Y2wLZHaNq9Hic73txECVuAAAAPw
x-rate-limit-limit
1200
x-rate-limit-remaining
1199
x-rate-limit-reset
1668025248
x-ua-compatible
IE=edge
x-xss-protection
0

Redirect headers

Connection
Keep-Alive
Content-Length
211
Content-Type
text/html; charset=iso-8859-1
Date
Wed, 09 Nov 2022 20:19:48 GMT
Keep-Alive
timeout=5, max=100
Location
https://login.nyhplans.com/
Server
Apache
okta-sign-in.min.js
ok10static.oktacdn.com/assets/js/sdk/okta-signin-widget/5.16.1/js/
2 MB
505 KB
Script
General
Full URL
https://ok10static.oktacdn.com/assets/js/sdk/okta-signin-widget/5.16.1/js/okta-sign-in.min.js
Requested by
Host: login.nyhplans.com
URL: https://login.nyhplans.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-61.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
9d75be9fa71d9de02417f044d50b1264dc564d453ee20efc7faa9d819a8ffdfb
Security Headers
Name Value
Strict-Transport-Security max-age=315360000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://login.nyhplans.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Fri, 04 Nov 2022 07:38:35 GMT
strict-transport-security
max-age=315360000; includeSubDomains
content-encoding
gzip
via
1.1 c379418fd6100691807f32f274ebe9ce.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
age
477673
x-cache
Hit from cloudfront
last-modified
Wed, 02 Feb 2022 19:11:57 GMT
server
nginx
etag
W/"3201febd49d61359da808444b6a8dd0e"
vary
Accept-Encoding
content-type
application/javascript
public-key-pins-report-only
pin-sha256="r5EfzZxQVvQpKo3AgYRaT7X2bDO/kj3ACwmxfdT2zt8="; pin-sha256="MaqlcUgk2mvY/RFSGeSwBRkI+rZ6/dxe/DuQfBT/vnQ="; pin-sha256="72G5IEvDEWn+EThf3qjR7/bQSWaS2ZSLqolhnO6iyJI="; pin-sha256="rrV6CLCCvqnk89gWibYT0JO6fNQ8cCit7GGoiVTjCOg="; max-age=60; report-uri="https://okta.report-uri.com/r/default/hpkp/reportOnly"
access-control-allow-origin
*
cache-control
max-age=31536000, public,max-age=31536000,s-maxage=1814400
x-amz-cf-id
xSCDOA4mD5MOlc3gHW7o3wSo5SM1oEITWxhWNzRA0i_x43jp9jolgQ==
expires
Sat, 04 Nov 2023 07:38:35 GMT
okta-sign-in.min.css
ok10static.oktacdn.com/assets/js/sdk/okta-signin-widget/5.16.1/css/
211 KB
37 KB
Stylesheet
General
Full URL
https://ok10static.oktacdn.com/assets/js/sdk/okta-signin-widget/5.16.1/css/okta-sign-in.min.css
Requested by
Host: login.nyhplans.com
URL: https://login.nyhplans.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-61.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
9088ba84bd8facb1ae216959655256308143f85f3608acb93880347b60f9a620
Security Headers
Name Value
Strict-Transport-Security max-age=315360000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://login.nyhplans.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Mon, 31 Oct 2022 09:12:30 GMT
strict-transport-security
max-age=315360000; includeSubDomains
content-encoding
gzip
via
1.1 c379418fd6100691807f32f274ebe9ce.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
age
817638
x-cache
Hit from cloudfront
last-modified
Wed, 02 Feb 2022 19:11:48 GMT
server
nginx
etag
W/"32082203138e95c3496af212b9076cd4"
vary
Accept-Encoding
content-type
text/css
public-key-pins-report-only
pin-sha256="r5EfzZxQVvQpKo3AgYRaT7X2bDO/kj3ACwmxfdT2zt8="; pin-sha256="MaqlcUgk2mvY/RFSGeSwBRkI+rZ6/dxe/DuQfBT/vnQ="; pin-sha256="72G5IEvDEWn+EThf3qjR7/bQSWaS2ZSLqolhnO6iyJI="; pin-sha256="rrV6CLCCvqnk89gWibYT0JO6fNQ8cCit7GGoiVTjCOg="; max-age=60; report-uri="https://okta.report-uri.com/r/default/hpkp/reportOnly"
access-control-allow-origin
*
cache-control
max-age=31536000, public,max-age=31536000,s-maxage=1814400
x-amz-cf-id
cytt70SvJS91PQ0dLJBj8NLZS8FodO874i0MxcpD-kcY3jL7j5NtFw==
expires
Tue, 31 Oct 2023 09:12:30 GMT
custom-signin.241e0fb439244dc50c5929c0513a6765.css
ok10static.oktacdn.com/assets/loginpage/css/
2 KB
1 KB
Stylesheet
General
Full URL
https://ok10static.oktacdn.com/assets/loginpage/css/custom-signin.241e0fb439244dc50c5929c0513a6765.css
Requested by
Host: login.nyhplans.com
URL: https://login.nyhplans.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-61.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
dcc89f32e3f978bd4c2e313916b6267abd287eea87daec0e5c049150fd9062aa
Security Headers
Name Value
Strict-Transport-Security max-age=315360000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://login.nyhplans.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 02:52:41 GMT
strict-transport-security
max-age=315360000; includeSubDomains
content-encoding
gzip
via
1.1 c379418fd6100691807f32f274ebe9ce.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
age
581227
x-cache
Hit from cloudfront
last-modified
Tue, 22 Mar 2022 20:55:33 GMT
server
nginx
etag
W/"241e0fb439244dc50c5929c0513a6765"
vary
Accept-Encoding
content-type
text/css
public-key-pins-report-only
pin-sha256="r5EfzZxQVvQpKo3AgYRaT7X2bDO/kj3ACwmxfdT2zt8="; pin-sha256="MaqlcUgk2mvY/RFSGeSwBRkI+rZ6/dxe/DuQfBT/vnQ="; pin-sha256="72G5IEvDEWn+EThf3qjR7/bQSWaS2ZSLqolhnO6iyJI="; pin-sha256="rrV6CLCCvqnk89gWibYT0JO6fNQ8cCit7GGoiVTjCOg="; max-age=60; report-uri="https://okta.report-uri.com/r/default/hpkp/reportOnly"
access-control-allow-origin
*
cache-control
max-age=31536000, public,max-age=31536000,s-maxage=1814400
x-amz-cf-id
vRSrOXPojHR1P6Y5KiViLbJWjJ6IKAg5WWXBxkvVcqo2hzNcaq_RXA==
expires
Fri, 03 Nov 2023 02:52:41 GMT
okta.css
api.nyhplans.com/web/public/assets/css/
2 KB
2 KB
Stylesheet
General
Full URL
https://api.nyhplans.com/web/public/assets/css/okta.css
Requested by
Host: login.nyhplans.com
URL: https://login.nyhplans.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.226.124.150 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-226-124-150.compute-1.amazonaws.com
Software
/
Resource Hash
a4b5de0fd4da10cbc4a870206267228a015bd16205024ae63212d8d785c89312

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://login.nyhplans.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

x-backside-transport
OK OK
date
Wed, 09 Nov 2022 20:19:49 GMT
x-global-transaction-id
f8373ba3636c0b650829a720
content-type
text/css
okta.js
api.nyhplans.com/web/public/assets/js/
15 KB
15 KB
Script
General
Full URL
https://api.nyhplans.com/web/public/assets/js/okta.js
Requested by
Host: login.nyhplans.com
URL: https://login.nyhplans.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.226.124.150 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-226-124-150.compute-1.amazonaws.com
Software
/
Resource Hash
c48cf57d2674c8f01b9b141ee8ded654656092b410747392d574087190b851a1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://login.nyhplans.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

x-backside-transport
OK OK
date
Wed, 09 Nov 2022 20:19:49 GMT
x-global-transaction-id
f50588ca636c0b650818bea1
content-type
text/javascript
initLoginPage.pack.2bdb59c1d8e3f47bf6fd77317d3b5214.js
ok10static.oktacdn.com/assets/js/mvc/loginpage/
204 KB
76 KB
Script
General
Full URL
https://ok10static.oktacdn.com/assets/js/mvc/loginpage/initLoginPage.pack.2bdb59c1d8e3f47bf6fd77317d3b5214.js
Requested by
Host:
URL: OktaUtil.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-61.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
aceefc59efc53b72a00a04b44d641f2af026de4de7743f648b08611b5a4e6770
Security Headers
Name Value
Strict-Transport-Security max-age=315360000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://login.nyhplans.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Sat, 05 Nov 2022 11:20:29 GMT
strict-transport-security
max-age=315360000; includeSubDomains
content-encoding
gzip
via
1.1 c379418fd6100691807f32f274ebe9ce.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
age
377960
x-cache
Hit from cloudfront
last-modified
Tue, 18 Oct 2022 17:34:35 GMT
server
nginx
etag
W/"2bdb59c1d8e3f47bf6fd77317d3b5214"
vary
Accept-Encoding
content-type
application/javascript
public-key-pins-report-only
pin-sha256="r5EfzZxQVvQpKo3AgYRaT7X2bDO/kj3ACwmxfdT2zt8="; pin-sha256="MaqlcUgk2mvY/RFSGeSwBRkI+rZ6/dxe/DuQfBT/vnQ="; pin-sha256="72G5IEvDEWn+EThf3qjR7/bQSWaS2ZSLqolhnO6iyJI="; pin-sha256="rrV6CLCCvqnk89gWibYT0JO6fNQ8cCit7GGoiVTjCOg="; max-age=60; report-uri="https://okta.report-uri.com/r/default/hpkp/reportOnly"
access-control-allow-origin
*
cache-control
max-age=31536000, public,max-age=31536000,s-maxage=1814400
x-amz-cf-id
WeuNar9Tvd0SwZtPTQMK80Khl6ZjTx8k10O1MNfjDTTInIyBEuNpdw==
expires
Sun, 05 Nov 2023 11:20:29 GMT
login
api.nyhplans.com/hn/web-apis/ext/okta/configs/
2 KB
916 B
XHR
General
Full URL
https://api.nyhplans.com/hn/web-apis/ext/okta/configs/login
Requested by
Host: api.nyhplans.com
URL: https://api.nyhplans.com/web/public/assets/js/okta.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.226.124.150 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-226-124-150.compute-1.amazonaws.com
Software
/
Resource Hash
5cedeb4764b1cddcfacb2165432338149a931241c8324c8a4e689211531e4af6

Request headers

Referer
https://login.nyhplans.com/
X-Requested-With
XMLHttpRequest
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-type
application/json

Response headers

date
Wed, 09 Nov 2022 20:19:49 GMT
content-encoding
gzip
access-control-allow-methods
POST
content-type
application/json
x-backside-transport
OK OK
access-control-allow-origin
https://login.nyhplans.com
access-control-expose-headers
APIm-Debug-Trans-Id, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, X-Global-Transaction-ID
x-global-transaction-id
f50588ca636c0b650818bd11
access-control-allow-credentials
true
login
api.nyhplans.com/hn/web-apis/ext/okta/configs/ Frame
0
0
Preflight
General
Full URL
https://api.nyhplans.com/hn/web-apis/ext/okta/configs/login
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.226.124.150 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-226-124-150.compute-1.amazonaws.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-requested-with
Access-Control-Request-Method
POST
Origin
https://login.nyhplans.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

accept
*/*
accept-encoding
gzip, deflate, br
access-control-allow-credentials
true
access-control-allow-headers
content-type,x-requested-with
access-control-allow-methods
POST
access-control-allow-origin
https://login.nyhplans.com
access-control-expose-headers
APIm-Debug-Trans-Id, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, X-Global-Transaction-ID
access-control-request-headers
content-type,x-requested-with
access-control-request-method
POST
cache-control
no-cache
content-encoding
gzip
date
Wed, 09 Nov 2022 20:19:49 GMT
origin
https://login.nyhplans.com
pragma
no-cache
referer
https://login.nyhplans.com/
sec-fetch-dest
empty
sec-fetch-mode
cors
sec-fetch-site
same-site
via
1.1 AAAAAHC+gOY-
x-amzn-trace-id
Root=1-636c0b65-7e86eded1f5e4d060c66356b
x-backside-transport
OK OK
x-client-ip
10.5.1.17
x-forwarded-for
178.162.209.142
x-forwarded-port
443
x-forwarded-proto
https
x-global-transaction-id
f8373ba3636c0b650829a740
iframe.html
login.okta.com/discovery/ Frame D998
546 B
985 B
Document
General
Full URL
https://login.okta.com/discovery/iframe.html
Requested by
Host: ok10static.oktacdn.com
URL: https://ok10static.oktacdn.com/assets/js/mvc/loginpage/initLoginPage.pack.2bdb59c1d8e3f47bf6fd77317d3b5214.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.225.78.104 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-78-104.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
64b87d7f20fd8415961b110eea44d95759b9dd8573f5c1a08bd8cd321d3193d2

Request headers

Referer
https://login.nyhplans.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Age
11083
Connection
keep-alive
Content-Length
546
Content-Type
text/html
Date
Wed, 09 Nov 2022 17:15:07 GMT
ETag
"d31972220c176b431cfc97fb589e3faa"
Last-Modified
Wed, 02 Nov 2022 17:14:32 GMT
Server
AmazonS3
Via
1.1 edfd22ec6695cdc9d7ac634220af1314.cloudfront.net (CloudFront)
X-Amz-Cf-Id
73aFS8qYYkm9KpaaBd5Bdu9gRXP-YOFiPGEIevr44er0Nh3Mp2upWQ==
X-Amz-Cf-Pop
FRA2-C2
X-Cache
Hit from cloudfront
discoveryIframe-2692d5ddd2b91a4c061d.min.js
login.okta.com/lib/ Frame D998
96 KB
96 KB
Script
General
Full URL
https://login.okta.com/lib/discoveryIframe-2692d5ddd2b91a4c061d.min.js
Requested by
Host: login.okta.com
URL: https://login.okta.com/discovery/iframe.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.225.78.104 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-78-104.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e411407027a30686cacf70e8cdbda75187d227dab220c4a5f39be7e66c018736

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://login.okta.com/discovery/iframe.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date
Wed, 09 Nov 2022 04:38:18 GMT
Via
1.1 edfd22ec6695cdc9d7ac634220af1314.cloudfront.net (CloudFront)
Last-Modified
Wed, 02 Nov 2022 17:14:33 GMT
Server
AmazonS3
X-Amz-Cf-Pop
FRA2-C2
Age
56492
ETag
"1e81b8f8e1712aeff69a4b08b45e2d61"
X-Cache
Hit from cloudfront
Content-Type
application/javascript
Connection
keep-alive
Content-Length
97960
X-Amz-Cf-Id
Hjy-kbuTMux3DxgaicPariDH65b-B5mnEK7C1VIoFfOanT9vO_x_OQ==
hmneny-logo.png
api.nyhplans.com/web/public/assets/images/neny/
34 KB
34 KB
Image
General
Full URL
https://api.nyhplans.com/web/public/assets/images/neny/hmneny-logo.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.226.124.150 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-226-124-150.compute-1.amazonaws.com
Software
/
Resource Hash
2e10309abf268df4edd627dc721b8d83ec389b85657d9440653715b2ddd00f3d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://login.nyhplans.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

x-backside-transport
OK OK
date
Wed, 09 Nov 2022 20:19:49 GMT
x-global-transaction-id
f8373ba3636c0b6508135411
content-type
image/png
hmwny-logo.png
api.nyhplans.com/web/public/assets/images/wny/
36 KB
36 KB
Image
General
Full URL
https://api.nyhplans.com/web/public/assets/images/wny/hmwny-logo.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.226.124.150 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-226-124-150.compute-1.amazonaws.com
Software
/
Resource Hash
44142333f2f0f56348f0ff52ecc7cdff9140c9c5ad0f55d29db341fe83b8d8a3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://login.nyhplans.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

x-backside-transport
OK OK
date
Wed, 09 Nov 2022 20:19:49 GMT
x-global-transaction-id
f50588ca636c0b650818beb1
content-type
image/png

Verdicts & Comments Add Verdict or Comment

47 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation object| regeneratorRuntime function| setImmediate function| clearImmediate object| Backbone function| jQueryCourage object| u2f function| OktaSignIn function| getRequestContext function| getClientId function| getScopes function| initiateSignInWidget function| setBrowserDetails function| addHelpLinksToConfig function| addMessageOverridesToConfig function| initiateSignInWidgetWithBrandConfig function| fixObjectKeys object| Ajax function| findObjectByKey function| isValidBrandConfig function| getPreviousSignInConfig function| updateUrl function| loadUrl function| getQueryStringParameters function| generateQueryString function| addParameterToURL function| hasPreviousSignInConfig function| loadPreviousSignInConfig function| loadFailureScreen function| loadBrandingPicker function| getAPIHostname function| initPage function| signInSuccessCallBackFunction object| oktaData function| runLoginPage object| OktaUtil object| OktaLogin object| jQBrowser

3 Cookies

Domain/Path Name / Value
login.nyhplans.com/ Name: JSESSIONID
Value: FBE32F1B0E966599FD5B1C809E48FE8C
login.nyhplans.com/ Name: t
Value: default
login.nyhplans.com/ Name: DT
Value: DI1VrUyobtnQ06ivSXMWdLbcg

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=315360000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0