urlscan.io logo urlscan.io
SecurityTrails logo

recovery.vaxcyte.com Open in urlscan Pro
2a09:8280:1::69:ca6e  Public Scan

Go To Rescan Add Verdict Report
URL: https://recovery.vaxcyte.com/
Submission: On November 21 via automatic, source certstream-suspicious — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 1 countries across 4 domains to perform 10 HTTP transactions. The main IP is 2a09:8280:1::69:ca6e, located in United States and belongs to FLY, US. The main domain is recovery.vaxcyte.com.
TLS certificate: Issued by E6 on November 21st 2024. Valid for: 3 months.
This is the only time recovery.vaxcyte.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
8 2a09:8280:1::... 40509 (FLY)
1 13.33.252.108 16509 (AMAZON-02)
1 18.164.96.87 16509 (AMAZON-02)
10 3
Apex Domain
Subdomains		 Transfer
4 vaxcyte.com
recovery.vaxcyte.com
7 KB
3 nametag.co
us.static.nametag.co
1 MB
2 hotjar.com
static.hotjar.com — Cisco Umbrella Rank: 888
script.hotjar.com — Cisco Umbrella Rank: 1185
61 KB
1 nametagusercontent.com
nametagusercontent.com
99 KB
10 4
Domain Requested by
4 recovery.vaxcyte.com
3 us.static.nametag.co recovery.vaxcyte.com
us.static.nametag.co
1 script.hotjar.com static.hotjar.com
1 nametagusercontent.com recovery.vaxcyte.com
1 static.hotjar.com us.static.nametag.co
10 5

This site contains links to these domains. Also see Links.

Domain
getnametag.com
Subject Issuer Validity Valid
recovery.vaxcyte.com
E6		 2024-11-21 -
2025-02-19		 3 months crt.sh
us.static.nametag.co
E5		 2024-10-17 -
2025-01-15		 3 months crt.sh
*.hotjar.com
Amazon RSA 2048 M03		 2024-05-22 -
2025-06-20		 a year crt.sh
nametagusercontent.com
E6		 2024-11-03 -
2025-02-01		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://recovery.vaxcyte.com/
Frame ID: E51F494EB45A2928A7888561B8102E6C
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Nametag

Detected technologies

Overall confidence: 100%
Detected patterns
  • //static\.hotjar\.com/

Page Statistics

10
Requests

100 %
HTTPS

33 %
IPv6

4
Domains

5
Subdomains

3
IPs

1
Countries

1231 kB
Transfer

4538 kB
Size

2
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
recovery.vaxcyte.com/ 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://recovery.vaxcyte.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a09:8280:1::69:ca6e , United States, ASN40509 (FLY, US),
Reverse DNS
Software
Fly/e285b5c8a (2024-11-20) /
Resource Hash
37432aa537cf000b6853342bf3b1c340de1c1147345d922dff87530e53c87c60
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; object-src 'none'; report-uri https://nametag.co/_csp_report; script-src 'nonce-3RaUeqiVDU2FnrEoNS-wICqyBKUhYTKG' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:; upgrade-insecure-requests
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

cache-control
private, max-age=0
content-encoding
zstd
content-security-policy
base-uri 'none'; object-src 'none'; report-uri https://nametag.co/_csp_report; script-src 'nonce-3RaUeqiVDU2FnrEoNS-wICqyBKUhYTKG' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:; upgrade-insecure-requests
content-type
text/html
date
Thu, 21 Nov 2024 17:34:26 GMT
expires
-1
fly-request-id
01JD7WM812RGF9J0B78E1K909G-lax
referrer-policy
strict-origin-when-cross-origin
server
Fly/e285b5c8a (2024-11-20)
via
2 fly.io
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-trace
ntbug.com/45f66e804099603af537a51be0ed9779 ntbug.com/45f66e804099603af537a51be0ed9779
recovery-index-HCPMZWYH.js
us.static.nametag.co/static/js/ 		1 MB
391 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://us.static.nametag.co/static/js/recovery-index-HCPMZWYH.js
Requested by
Host: recovery.vaxcyte.com
URL: https://recovery.vaxcyte.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a09:8280:1::69:ca6e , United States, ASN40509 (FLY, US),
Reverse DNS
Software
Fly/e285b5c8a (2024-11-20) /
Resource Hash
ec374e28c7159e8dfe5299ae2069c730061794d3a130f7f8722e0d23f79435a6
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://recovery.vaxcyte.com
Referer
https://recovery.vaxcyte.com/

Response headers

access-control-max-age
90
content-encoding
gzip
access-control-allow-methods
Get
date
Thu, 21 Nov 2024 17:34:27 GMT
content-type
text/javascript; charset=utf-8
vary
Origin, Accept, Accept-Encoding
fly-request-id
01JD7WM8EM30EGH5KKBRYD8G4B-lax
access-control-allow-headers
X-User-Agent
strict-transport-security
max-age=16070400; includeSubDomains
x-trace
ntbug.com/0a5567df8474695b9552bb559c11161e
cache-control
max-age=31536000
via
2 fly.io
x-nametag-origin
static
accept-ranges
bytes
access-control-allow-origin
https://recovery.vaxcyte.com
server
Fly/e285b5c8a (2024-11-20)
x-region
us
recovery-index-PL7M7FIY.css
us.static.nametag.co/static/css/ 		3 MB
575 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://us.static.nametag.co/static/css/recovery-index-PL7M7FIY.css
Requested by
Host: recovery.vaxcyte.com
URL: https://recovery.vaxcyte.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a09:8280:1::69:ca6e , United States, ASN40509 (FLY, US),
Reverse DNS
Software
Fly/e285b5c8a (2024-11-20) /
Resource Hash
61f534ed1e7160cb4edbf9d544be98bbb9ff5b44de10933bb98c1fff0bea76fc
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://recovery.vaxcyte.com
Referer
https://recovery.vaxcyte.com/

Response headers

access-control-max-age
90
content-encoding
gzip
access-control-allow-methods
Get
date
Thu, 21 Nov 2024 17:34:27 GMT
content-type
text/css; charset=utf-8
vary
Origin, Accept, Accept-Encoding
fly-request-id
01JD7WM8EMFSSR0H0C2BA6HGPA-lax
access-control-allow-headers
X-User-Agent
strict-transport-security
max-age=16070400; includeSubDomains
x-trace
ntbug.com/4cbc694ebf7fc15b0ab4276616c6e58d
cache-control
max-age=31536000
via
2 fly.io
x-nametag-origin
static
accept-ranges
bytes
access-control-allow-origin
https://recovery.vaxcyte.com
server
Fly/e285b5c8a (2024-11-20)
x-region
us
hotjar-3331905.js
static.hotjar.com/c/ 		13 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.hotjar.com/c/hotjar-3331905.js?sv=6
Requested by
Host: us.static.nametag.co
URL: https://us.static.nametag.co/static/js/recovery-index-HCPMZWYH.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.252.108 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-252-108.jfk50.r.cloudfront.net
Software
/
Resource Hash
46f3da7256ff253512a70d927c331b98e49d05b1b88a5984255f41e1534ca4ec
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://recovery.vaxcyte.com/

Response headers

strict-transport-security
max-age=2592000; includeSubDomains
cache-control
max-age=60
content-encoding
br
etag
W/43ea4b910bf2d6e35bef314e3d4a248a
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
x-cache-hit
1
via
1.1 b1422ccb486c8b395d3da3c4f22f7644.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-cache
RefreshHit from cloudfront
x-amz-cf-id
Cs9agT4z5oC9v2ao1aAp0FfnyEVxGjjW-dmhWR_MuAD5n0-Mt79Fzw==
date
Thu, 21 Nov 2024 17:34:28 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
x-amz-cf-pop
JFK50-P10
Nunito-VariableFont_wght-4GDJ7NBH.woff2
us.static.nametag.co/static/woff2/ 		99 KB
99 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://us.static.nametag.co/static/woff2/Nunito-VariableFont_wght-4GDJ7NBH.woff2
Requested by
Host: us.static.nametag.co
URL: https://us.static.nametag.co/static/css/recovery-index-PL7M7FIY.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a09:8280:1::69:ca6e , United States, ASN40509 (FLY, US),
Reverse DNS
Software
Fly/e285b5c8a (2024-11-20) /
Resource Hash
7c2c9e9a5e9ae5b4685c79a5003816470b02505817284e897c8cc6bf01d67b3f
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://recovery.vaxcyte.com
Referer
https://us.static.nametag.co/static/css/recovery-index-PL7M7FIY.css

Response headers

access-control-max-age
90
content-encoding
gzip
access-control-allow-methods
Get
date
Thu, 21 Nov 2024 17:34:28 GMT
content-type
font/woff2
vary
Origin, Accept, Accept-Encoding
fly-request-id
01JD7WM9F939MZC7Z0HC0JJFDE-lax
access-control-allow-headers
X-User-Agent
strict-transport-security
max-age=16070400; includeSubDomains
x-trace
ntbug.com/0fc7c1c7c01551a629a5ba69d256f08f
cache-control
max-age=31536000
via
2 fly.io
x-nametag-origin
static
accept-ranges
bytes
access-control-allow-origin
https://recovery.vaxcyte.com
server
Fly/e285b5c8a (2024-11-20)
x-region
us
-G0wOWiSFAvBonmSQCqbZWR0oXi9kxuaOmUBGM4aqJjLIm1MbgIt2lT5kpehD96Bw1QLyJ4hAyYJwARd-w
nametagusercontent.com/res/ 		98 KB
99 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://nametagusercontent.com/res/-G0wOWiSFAvBonmSQCqbZWR0oXi9kxuaOmUBGM4aqJjLIm1MbgIt2lT5kpehD96Bw1QLyJ4hAyYJwARd-w
Requested by
Host: recovery.vaxcyte.com
URL: https://recovery.vaxcyte.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a09:8280:1::69:ca6e , United States, ASN40509 (FLY, US),
Reverse DNS
Software
Fly/e285b5c8a (2024-11-20) /
Resource Hash
f4bbcbe04a628ce62065d6811fc81a3ef84b30f2efc7af2868f4aad6360f02b8

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://recovery.vaxcyte.com/

Response headers

via
2 fly.io
x-trace
ntbug.com/048007d84709791fed8feb29a9c86b6b
content-length
100555
date
Thu, 21 Nov 2024 17:34:28 GMT
content-type
image/png
server
Fly/e285b5c8a (2024-11-20)
fly-request-id
01JD7WM9NG08DM0RFG8YGPSKVS-lax
modules.86621fa4aeada5bcf025.js
script.hotjar.com/ 		222 KB
55 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://script.hotjar.com/modules.86621fa4aeada5bcf025.js
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-3331905.js?sv=6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.96.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-96-87.jfk50.r.cloudfront.net
Software
/
Resource Hash
feb5c0ee05ef970a3cf34bac95d465e96ccb3a3df353b3a641d9391c168e68ad
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://recovery.vaxcyte.com/

Response headers

x-robots-tag
none
content-encoding
br
etag
"ff8702986a1c41356391628a5f5d6f03"
age
98542
x-content-type-options
nosniff
x-cache
Hit from cloudfront
x-amz-cf-id
8ZEOGT00YcXsOFIicytDhFfWdmcQpQWvzdGbrsCh5-J_IucHVOOL9A==
date
Wed, 20 Nov 2024 14:12:07 GMT
content-type
application/javascript; charset=utf-8
last-modified
Wed, 20 Nov 2024 14:11:55 GMT
vary
Accept-Encoding
strict-transport-security
max-age=2592000; includeSubDomains
cache-control
max-age=31536000
cross-origin-resource-policy
cross-origin
via
1.1 8a9cdb228e33f8d52a4b42c56ca26590.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
content-length
56243
x-amz-cf-pop
JFK50-P5
favicon.ico
recovery.vaxcyte.com/ 		3 KB
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://recovery.vaxcyte.com/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a09:8280:1::69:ca6e , United States, ASN40509 (FLY, US),
Reverse DNS
Software
Fly/e285b5c8a (2024-11-20) /
Resource Hash
3250e8d6b78b0f3e921bf5a5cf99fa36e6d5d7aade14c95e75363ae6f5b9c13d
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; object-src 'none'; report-uri https://nametag.co/_csp_report; script-src 'nonce-B3ZLKeu4txhuvv-iLGELKORFEuftfVxX' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:; upgrade-insecure-requests
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://recovery.vaxcyte.com/

Response headers

x-trace
ntbug.com/34c0ca961ce66d668115a3ba9130c67d, ntbug.com/34c0ca961ce66d668115a3ba9130c67d
content-security-policy
base-uri 'none'; object-src 'none'; report-uri https://nametag.co/_csp_report; script-src 'nonce-B3ZLKeu4txhuvv-iLGELKORFEuftfVxX' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:; upgrade-insecure-requests
cache-control
private, max-age=0
content-encoding
zstd
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
via
2 fly.io
expires
-1
date
Thu, 21 Nov 2024 17:34:29 GMT
content-type
text/html
server
Fly/e285b5c8a (2024-11-20)
fly-request-id
01JD7WMAS3KKAE9K88V77RWJ1G-lax
x-frame-options
SAMEORIGIN
favicon-32x32.png
recovery.vaxcyte.com/favicon/ 		3 KB
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://recovery.vaxcyte.com/favicon/favicon-32x32.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a09:8280:1::69:ca6e , United States, ASN40509 (FLY, US),
Reverse DNS
Software
Fly/e285b5c8a (2024-11-20) /
Resource Hash
3a822897c850a5843a9262afe27c5a40fe17188971d68063b6586829e6660426
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; object-src 'none'; report-uri https://nametag.co/_csp_report; script-src 'nonce-70_Vt-rUhbjNMR1Ix5sZOdxKjcozDv5_' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:; upgrade-insecure-requests
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://recovery.vaxcyte.com/

Response headers

x-trace
ntbug.com/33cd9b8e58b13ecb5d73c3bf609a535b, ntbug.com/33cd9b8e58b13ecb5d73c3bf609a535b
content-security-policy
base-uri 'none'; object-src 'none'; report-uri https://nametag.co/_csp_report; script-src 'nonce-70_Vt-rUhbjNMR1Ix5sZOdxKjcozDv5_' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:; upgrade-insecure-requests
cache-control
private, max-age=0
content-encoding
zstd
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
via
2 fly.io
expires
-1
date
Thu, 21 Nov 2024 17:34:29 GMT
content-type
text/html
server
Fly/e285b5c8a (2024-11-20)
fly-request-id
01JD7WMAYWXRPXPNYPR5NFA250-lax
x-frame-options
SAMEORIGIN
favicon-16x16.png
recovery.vaxcyte.com/favicon/ 		3 KB
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://recovery.vaxcyte.com/favicon/favicon-16x16.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a09:8280:1::69:ca6e , United States, ASN40509 (FLY, US),
Reverse DNS
Software
Fly/e285b5c8a (2024-11-20) /
Resource Hash
9d64e45dffb6a651c5ba7a690b0bd93eb28935592f1555497462746dfae3e591
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; object-src 'none'; report-uri https://nametag.co/_csp_report; script-src 'nonce-LP23WY2SwuhIgk5WEzUCTVke9aYSqaER' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:; upgrade-insecure-requests
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://recovery.vaxcyte.com/

Response headers

x-trace
ntbug.com/3864fc9da06d16d0a8657277d3804086, ntbug.com/3864fc9da06d16d0a8657277d3804086
content-security-policy
base-uri 'none'; object-src 'none'; report-uri https://nametag.co/_csp_report; script-src 'nonce-LP23WY2SwuhIgk5WEzUCTVke9aYSqaER' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:; upgrade-insecure-requests
cache-control
private, max-age=0
content-encoding
zstd
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
via
2 fly.io
expires
-1
date
Thu, 21 Nov 2024 17:34:30 GMT
content-type
text/html
server
Fly/e285b5c8a (2024-11-20)
fly-request-id
01JD7WMB5SYDA6B7Z0VYPGCRAQ-lax
x-frame-options
SAMEORIGIN

Verdicts & Comments Add Verdict or Comment

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 string| __reactRouterVersion object| __core-js_shared__ function| detectIncognito function| hj object| _hjSettings string| _scriptPath object| hjSiteSettings object| hjLazyModules function| hjBootstrap object| hjBootstrapCalled

2 Cookies

Domain/Path Name / Value
.vaxcyte.com/ Name: _hjSessionUser_3331905
Value: eyJpZCI6ImRlOWJiNzM1LTZkZGMtNWViZS04OTc0LWZiN2IyMTA5NWE5NiIsImNyZWF0ZWQiOjE3MzIyMTA0Njk2MTgsImV4aXN0aW5nIjpmYWxzZX0=
.vaxcyte.com/ Name: _hjSession_3331905
Value: eyJpZCI6ImU4MzI0ODFmLTUzOTctNDdkNC05OTYzLTQzOWM0ODFlYzIwYSIsImMiOjE3MzIyMTA0Njk2MTksInMiOjAsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy base-uri 'none'; object-src 'none'; report-uri https://nametag.co/_csp_report; script-src 'nonce-3RaUeqiVDU2FnrEoNS-wICqyBKUhYTKG' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:; upgrade-insecure-requests
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN