urlscan.io logo urlscan.io
SecurityTrails logo

cobra.hsabank.com Open in urlscan Pro
192.160.101.20  Public Scan

Go To Rescan Add Verdict Report
URL: https://cobra.hsabank.com/
Submission: On June 03 via automatic, source certstream-suspicious — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 24 HTTP transactions. The main IP is 192.160.101.20, located in United States and belongs to WH01, US. The main domain is cobra.hsabank.com.
TLS certificate: Issued by Entrust Certification Authority - L1M on June 5th 2020. Valid for: 2 years.
This is the only time cobra.hsabank.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
24 192.160.101.20 394150 (WH01)
24 2
Apex Domain
Subdomains		 Transfer
24 hsabank.com
cobra.hsabank.com
1 MB
24 1
Domain Requested by
24 cobra.hsabank.com cobra.hsabank.com
24 1

This site contains no links.

Subject Issuer Validity Valid
cobra.hsabank.com
Entrust Certification Authority - L1M		 2020-06-05 -
2022-06-05		 2 years crt.sh

This page contains 2 frames:

Primary Page: https://cobra.hsabank.com/
Frame ID: 525029DB1987D66056CCDAF372D11513
Requests: 20 HTTP requests in this frame

Frame: https://cobra.hsabank.com/openenrollmentportal/logout
Frame ID: 39703E33C4EB672B41DE59DED037DBF8
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

HSA Bank

Detected technologies

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

24
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

1033 kB
Transfer

2445 kB
Size

5
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

24 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
cobra.hsabank.com/ 		7 KB
10 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://cobra.hsabank.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.160.101.20 , United States, ASN394150 (WH01, US),
Reverse DNS
Software
/
Resource Hash
154387954616a66d0315edd5f88cb28410e2f8c96b0cbce851f099d1c29299c4
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com data:; base-uri 'self'; upgrade-insecure-requests; connect-src 'self' https://auth.wexhealthinc.com; frame-src 'self' https://auth.wexhealthinc.com; frame-ancestors 'self'; img-src 'self' data: blob:; media-src 'self' data:;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-cache, no-store,no-cache, no-store, must-revalidate, pre-check=0, post-check=0, max-age=0, s-maxage=0
Content-Length
7620
Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com data:; base-uri 'self'; upgrade-insecure-requests; connect-src 'self' https://auth.wexhealthinc.com; frame-src 'self' https://auth.wexhealthinc.com; frame-ancestors 'self'; img-src 'self' data: blob:; media-src 'self' data:;
Content-Type
text/html; charset=utf-8
Date
Fri, 03 Jun 2022 14:33:08 GMT
Expires
-1,0
Pragma
no-cache,no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
css
cobra.hsabank.com/Content/ 		208 KB
209 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cobra.hsabank.com/Content/css?v=Z5Fe2EHsPqO2Ity6xDpubEBDngwz-2I94OdkQm9FaXw1
Requested by
Host: cobra.hsabank.com
URL: https://cobra.hsabank.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.160.101.20 , United States, ASN394150 (WH01, US),
Reverse DNS
Software
/
Resource Hash
0453f02fac70a342f3312baa1c76e58ecca382ffff2c4edbaebee236e0cf3f9d
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com data:; base-uri 'self'; upgrade-insecure-requests; connect-src 'self' https://auth.wexhealthinc.com; frame-src 'self' https://auth.wexhealthinc.com; frame-ancestors 'self'; img-src 'self' data: blob:; media-src 'self' data:;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cobra.hsabank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com data:; base-uri 'self'; upgrade-insecure-requests; connect-src 'self' https://auth.wexhealthinc.com; frame-src 'self' https://auth.wexhealthinc.com; frame-ancestors 'self'; img-src 'self' data: blob:; media-src 'self' data:;
X-Content-Type-Options
nosniff
Last-Modified
Fri, 03 Jun 2022 14:33:09 GMT
Date
Fri, 03 Jun 2022 14:33:08 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Type
text/css; charset=utf-8
Cache-Control
public,private, must-revalidate, max-age=3600, s-maxage=0
Vary
User-Agent
Content-Length
213371
Expires
Sat, 03 Jun 2023 14:33:09 GMT
Stylesheet
cobra.hsabank.com/File/ 		0
843 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cobra.hsabank.com/File/Stylesheet
Requested by
Host: cobra.hsabank.com
URL: https://cobra.hsabank.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.160.101.20 , United States, ASN394150 (WH01, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com data:; base-uri 'self'; upgrade-insecure-requests; connect-src 'self' https://auth.wexhealthinc.com; frame-src 'self' https://auth.wexhealthinc.com; frame-ancestors 'self'; img-src 'self' data: blob:; media-src 'self' data:;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cobra.hsabank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Pragma
no-cache
Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com data:; base-uri 'self'; upgrade-insecure-requests; connect-src 'self' https://auth.wexhealthinc.com; frame-src 'self' https://auth.wexhealthinc.com; frame-ancestors 'self'; img-src 'self' data: blob:; media-src 'self' data:;
X-Content-Type-Options
nosniff
Last-Modified
Fri, 03 Jun 2022 14:33:09 GMT
Date
Fri, 03 Jun 2022 14:33:08 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Type
text/css
Cache-Control
private, max-age=900,no-cache, no-store, must-revalidate, pre-check=0, post-check=0, max-age=0, s-maxage=0
Content-Length
0
Expires
Fri, 03 Jun 2022 14:48:09 GMT,0
jquery
cobra.hsabank.com/bundles/ 		174 KB
174 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cobra.hsabank.com/bundles/jquery?v=azKMaE2j_w9weoOvwcfA-yNReYT2fx0VbjPFACz2y1k1
Requested by
Host: cobra.hsabank.com
URL: https://cobra.hsabank.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.160.101.20 , United States, ASN394150 (WH01, US),
Reverse DNS
Software
/
Resource Hash
40ae80de5d8e1ab6f5e48ac74ebea41c5d21377ea7f115750d21f8cced096afb
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com data:; base-uri 'self'; upgrade-insecure-requests; connect-src 'self' https://auth.wexhealthinc.com; frame-src 'self' https://auth.wexhealthinc.com; frame-ancestors 'self'; img-src 'self' data: blob:; media-src 'self' data:;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cobra.hsabank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com data:; base-uri 'self'; upgrade-insecure-requests; connect-src 'self' https://auth.wexhealthinc.com; frame-src 'self' https://auth.wexhealthinc.com; frame-ancestors 'self'; img-src 'self' data: blob:; media-src 'self' data:;
X-Content-Type-Options
nosniff
Last-Modified
Fri, 03 Jun 2022 14:33:09 GMT
Date
Fri, 03 Jun 2022 14:33:08 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Type
text/javascript; charset=utf-8
Cache-Control
public,private, must-revalidate, max-age=3600, s-maxage=0
Vary
User-Agent
Content-Length
177673
Expires
Sat, 03 Jun 2023 14:33:09 GMT
popper
cobra.hsabank.com/bundles/ 		21 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cobra.hsabank.com/bundles/popper?v=PS0SNJ_uxITfT_4fChxUr85QfelxfboK8BOL5PyjAeY1
Requested by
Host: cobra.hsabank.com
URL: https://cobra.hsabank.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.160.101.20 , United States, ASN394150 (WH01, US),
Reverse DNS
Software
/
Resource Hash
9c520f008880b447560f85ee36ba811941f9e11cba7f5f7dce78cbd03af48319
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com data:; base-uri 'self'; upgrade-insecure-requests; connect-src 'self' https://auth.wexhealthinc.com; frame-src 'self' https://auth.wexhealthinc.com; frame-ancestors 'self'; img-src 'self' data: blob:; media-src 'self' data:;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cobra.hsabank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com data:; base-uri 'self'; upgrade-insecure-requests; connect-src 'self' https://auth.wexhealthinc.com; frame-src 'self' https://auth.wexhealthinc.com; frame-ancestors 'self'; img-src 'self' data: blob:; media-src 'self' data:;
X-Content-Type-Options
nosniff
Last-Modified
Fri, 03 Jun 2022 14:33:09 GMT
Date
Fri, 03 Jun 2022 14:33:08 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Type
text/javascript; charset=utf-8
Cache-Control
public,private, must-revalidate, max-age=3600, s-maxage=0
Vary
User-Agent
Content-Length
21042
Expires
Sat, 03 Jun 2023 14:33:09 GMT
bootstrap
cobra.hsabank.com/bundles/ 		58 KB
59 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cobra.hsabank.com/bundles/bootstrap?v=APNaV4UVBnOtVvyWFX-SYNvrcsepKaH8yU1vdoDjhk41
Requested by
Host: cobra.hsabank.com
URL: https://cobra.hsabank.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.160.101.20 , United States, ASN394150 (WH01, US),
Reverse DNS
Software
/
Resource Hash
e735a78f4a4c3271973890c3ef5e07b58011128314f95366e826deb04983ae12
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com data:; base-uri 'self'; upgrade-insecure-requests; connect-src 'self' https://auth.wexhealthinc.com; frame-src 'self' https://auth.wexhealthinc.com; frame-ancestors 'self'; img-src 'self' data: blob:; media-src 'self' data:;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cobra.hsabank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com data:; base-uri 'self'; upgrade-insecure-requests; connect-src 'self' https://auth.wexhealthinc.com; frame-src 'self' https://auth.wexhealthinc.com; frame-ancestors 'self'; img-src 'self' data: blob:; media-src 'self' data:;
X-Content-Type-Options
nosniff
Last-Modified
Fri, 03 Jun 2022 14:33:09 GMT
Date
Fri, 03 Jun 2022 14:33:08 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Type
text/javascript; charset=utf-8
Cache-Control
public,private, must-revalidate, max-age=3600, s-maxage=0
Vary
User-Agent
Content-Length
59494
Expires
Sat, 03 Jun 2023 14:33:09 GMT
jquerymaskedinput
cobra.hsabank.com/bundles/ 		4 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cobra.hsabank.com/bundles/jquerymaskedinput?v=AMCHGeZwlDmWLZIYLrJi5-22PDQURd0uAiPTnlqwDWI1
Requested by
Host: cobra.hsabank.com
URL: https://cobra.hsabank.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.160.101.20 , United States, ASN394150 (WH01, US),
Reverse DNS
Software
/
Resource Hash
b06dd1652201f641d72aa01966316e0e074ed5bc516c2f7ba8d725cfd1af3573
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com data:; base-uri 'self'; upgrade-insecure-requests; connect-src 'self' https://auth.wexhealthinc.com; frame-src 'self' https://auth.wexhealthinc.com; frame-ancestors 'self'; img-src 'self' data: blob:; media-src 'self' data:;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cobra.hsabank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com data:; base-uri 'self'; upgrade-insecure-requests; connect-src 'self' https://auth.wexhealthinc.com; frame-src 'self' https://auth.wexhealthinc.com; frame-ancestors 'self'; img-src 'self' data: blob:; media-src 'self' data:;
X-Content-Type-Options
nosniff
Last-Modified
Fri, 03 Jun 2022 14:33:12 GMT
Date
Fri, 03 Jun 2022 14:33:11 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Type
text/javascript; charset=utf-8
Cache-Control
public,private, must-revalidate, max-age=3600, s-maxage=0
Vary
User-Agent
Content-Length
4103
Expires
Sat, 03 Jun 2023 14:33:12 GMT
jquerycookie
cobra.hsabank.com/bundles/ 		1 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cobra.hsabank.com/bundles/jquerycookie?v=Y88Y6HuE2a-2RAlgCbhRv5FnZoAZ_PJPVOgm1p031V81
Requested by
Host: cobra.hsabank.com
URL: https://cobra.hsabank.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.160.101.20 , United States, ASN394150 (WH01, US),
Reverse DNS
Software
/
Resource Hash
46fa74a64cf5ad9a427f3b07805a96b4c4e66a1c10c3a7680f619330472f3d2d
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com data:; base-uri 'self'; upgrade-insecure-requests; connect-src 'self' https://auth.wexhealthinc.com; frame-src 'self' https://auth.wexhealthinc.com; frame-ancestors 'self'; img-src 'self' data: blob:; media-src 'self' data:;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cobra.hsabank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com data:; base-uri 'self'; upgrade-insecure-requests; connect-src 'self' https://auth.wexhealthinc.com; frame-src 'self' https://auth.wexhealthinc.com; frame-ancestors 'self'; img-src 'self' data: blob:; media-src 'self' data:;
X-Content-Type-Options
nosniff
Last-Modified
Fri, 03 Jun 2022 14:33:09 GMT
Date
Fri, 03 Jun 2022 14:33:08 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Type
text/javascript; charset=utf-8
Cache-Control
public,private, must-revalidate, max-age=3600, s-maxage=0
Vary
User-Agent
Content-Length
1284
Expires
Sat, 03 Jun 2023 14:33:09 GMT
common
cobra.hsabank.com/bundles/ 		4 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cobra.hsabank.com/bundles/common?v=cJ4BY4At0p_6xZVVfEKFGV0NH6l1MdbOlysqlmP647U1
Requested by
Host: cobra.hsabank.com
URL: https://cobra.hsabank.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.160.101.20 , United States, ASN394150 (WH01, US),
Reverse DNS
Software
/
Resource Hash
20754e76b1cf9a08036af885d5b79780db6514a7b3ab36856534343c47b0498f
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com data:; base-uri 'self'; upgrade-insecure-requests; connect-src 'self' https://auth.wexhealthinc.com; frame-src 'self' https://auth.wexhealthinc.com; frame-ancestors 'self'; img-src 'self' data: blob:; media-src 'self' data:;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cobra.hsabank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com data:; base-uri 'self'; upgrade-insecure-requests; connect-src 'self' https://auth.wexhealthinc.com; frame-src 'self' https://auth.wexhealthinc.com; frame-ancestors 'self'; img-src 'self' data: blob:; media-src 'self' data:;
X-Content-Type-Options
nosniff
Last-Modified
Fri, 03 Jun 2022 14:33:09 GMT
Date
Fri, 03 Jun 2022 14:33:08 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Type
text/javascript; charset=utf-8
Cache-Control
public,private, must-revalidate, max-age=3600, s-maxage=0
Vary
User-Agent
Content-Length
3726
Expires
Sat, 03 Jun 2023 14:33:09 GMT
jqueryval
cobra.hsabank.com/bundles/ 		29 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cobra.hsabank.com/bundles/jqueryval?v=qe2eT4mFmQMafFANdIxwGoXsK7hMjRi4BFY8hOamwZo1
Requested by
Host: cobra.hsabank.com
URL: https://cobra.hsabank.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.160.101.20 , United States, ASN394150 (WH01, US),
Reverse DNS
Software
/
Resource Hash
adedbbc6ece28f936b05316ac9bbf2fd75d679a5c766d970ca6a5394906d48f5
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com data:; base-uri 'self'; upgrade-insecure-requests; connect-src 'self' https://auth.wexhealthinc.com; frame-src 'self' https://auth.wexhealthinc.com; frame-ancestors 'self'; img-src 'self' data: blob:; media-src 'self' data:;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cobra.hsabank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com data:; base-uri 'self'; upgrade-insecure-requests; connect-src 'self' https://auth.wexhealthinc.com; frame-src 'self' https://auth.wexhealthinc.com; frame-ancestors 'self'; img-src 'self' data: blob:; media-src 'self' data:;
X-Content-Type-Options
nosniff
Last-Modified
Fri, 03 Jun 2022 14:33:09 GMT
Date
Fri, 03 Jun 2022 14:33:09 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Type
text/javascript; charset=utf-8
Cache-Control
public,private, must-revalidate, max-age=3600, s-maxage=0
Vary
User-Agent
Content-Length
30009
Expires
Sat, 03 Jun 2023 14:33:09 GMT
accessible-forms.js
cobra.hsabank.com/Scripts/aria/ 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cobra.hsabank.com/Scripts/aria/accessible-forms.js
Requested by
Host: cobra.hsabank.com
URL: https://cobra.hsabank.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.160.101.20 , United States, ASN394150 (WH01, US),
Reverse DNS
Software
/
Resource Hash
ddedfd5d9e8a2011a5fe7d7bc215262090783635942c89a40bb4a0614a05e716
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com data:; base-uri 'self'; upgrade-insecure-requests; connect-src 'self' https://auth.wexhealthinc.com; frame-src 'self' https://auth.wexhealthinc.com; frame-ancestors 'self'; img-src 'self' data: blob:; media-src 'self' data:;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cobra.hsabank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com data:; base-uri 'self'; upgrade-insecure-requests; connect-src 'self' https://auth.wexhealthinc.com; frame-src 'self' https://auth.wexhealthinc.com; frame-ancestors 'self'; img-src 'self' data: blob:; media-src 'self' data:;
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Wed, 11 May 2022 12:27:21 GMT
ETag
"805a1763265d81:0"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
private, must-revalidate, max-age=3600, s-maxage=0
Date
Fri, 03 Jun 2022 14:33:09 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Accept-Ranges
bytes
Content-Length
1565
aria
cobra.hsabank.com/bundles/ 		3 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cobra.hsabank.com/bundles/aria?v=JFHga84QjuON_XIG9X9hkM28g2SICkD5__yMh7DqW141
Requested by
Host: cobra.hsabank.com
URL: https://cobra.hsabank.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.160.101.20 , United States, ASN394150 (WH01, US),
Reverse DNS
Software
/
Resource Hash
b52d596ba1fed7db9a9546bd66f3687958f8f519a154af1a4140e691dd2fea89
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com data:; base-uri 'self'; upgrade-insecure-requests; connect-src 'self' https://auth.wexhealthinc.com; frame-src 'self' https://auth.wexhealthinc.com; frame-ancestors 'self'; img-src 'self' data: blob:; media-src 'self' data:;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cobra.hsabank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com data:; base-uri 'self'; upgrade-insecure-requests; connect-src 'self' https://auth.wexhealthinc.com; frame-src 'self' https://auth.wexhealthinc.com; frame-ancestors 'self'; img-src 'self' data: blob:; media-src 'self' data:;
X-Content-Type-Options
nosniff
Last-Modified
Fri, 03 Jun 2022 14:33:09 GMT
Date
Fri, 03 Jun 2022 14:33:09 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Type
text/javascript; charset=utf-8
Cache-Control
public,private, must-revalidate, max-age=3600, s-maxage=0
Vary
User-Agent
Content-Length
3393
Expires
Sat, 03 Jun 2023 14:33:09 GMT
icon_help.png
cobra.hsabank.com/images/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cobra.hsabank.com/images/icon_help.png
Requested by
Host: cobra.hsabank.com
URL: https://cobra.hsabank.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.160.101.20 , United States, ASN394150 (WH01, US),
Reverse DNS
Software
/
Resource Hash
e931105b2c2435ff303b1d445bda4a0f1ecc65cd7522cf8bc2ad74fbde930d7d
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com data:; base-uri 'self'; upgrade-insecure-requests; connect-src 'self' https://auth.wexhealthinc.com; frame-src 'self' https://auth.wexhealthinc.com; frame-ancestors 'self'; img-src 'self' data: blob:; media-src 'self' data:;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cobra.hsabank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com data:; base-uri 'self'; upgrade-insecure-requests; connect-src 'self' https://auth.wexhealthinc.com; frame-src 'self' https://auth.wexhealthinc.com; frame-ancestors 'self'; img-src 'self' data: blob:; media-src 'self' data:;
X-Content-Type-Options
nosniff
Last-Modified
Wed, 11 May 2022 12:27:20 GMT
ETag
"0c468753265d81:0"
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Type
image/png
Cache-Control
private, must-revalidate, max-age=3600, s-maxage=0
Date
Fri, 03 Jun 2022 14:33:09 GMT
Accept-Ranges
bytes
Content-Length
1490
Logo
cobra.hsabank.com/File/ 		7 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cobra.hsabank.com/File/Logo
Requested by
Host: cobra.hsabank.com
URL: https://cobra.hsabank.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.160.101.20 , United States, ASN394150 (WH01, US),
Reverse DNS
Software
/
Resource Hash
ef69d5ee44cff59fefea3b0283ec267f1f293a4d9a1d8479ae41ff0c18cbc8b2
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com data:; base-uri 'self'; upgrade-insecure-requests; connect-src 'self' https://auth.wexhealthinc.com; frame-src 'self' https://auth.wexhealthinc.com; frame-ancestors 'self'; img-src 'self' data: blob:; media-src 'self' data:;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cobra.hsabank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Pragma
no-cache
Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com data:; base-uri 'self'; upgrade-insecure-requests; connect-src 'self' https://auth.wexhealthinc.com; frame-src 'self' https://auth.wexhealthinc.com; frame-ancestors 'self'; img-src 'self' data: blob:; media-src 'self' data:;
X-Content-Type-Options
nosniff
Last-Modified
Fri, 03 Jun 2022 14:33:10 GMT
Date
Fri, 03 Jun 2022 14:33:09 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Type
image/jpeg
Cache-Control
private, max-age=900,no-cache, no-store, must-revalidate, pre-check=0, post-check=0, max-age=0, s-maxage=0
Content-Length
7606
Expires
Fri, 03 Jun 2022 14:48:10 GMT,0
ajaxLoader.gif
cobra.hsabank.com/images/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cobra.hsabank.com/images/ajaxLoader.gif
Requested by
Host: cobra.hsabank.com
URL: https://cobra.hsabank.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.160.101.20 , United States, ASN394150 (WH01, US),
Reverse DNS
Software
/
Resource Hash
aebc793d0064383ee6b1625bf3bb32532ec30a5c12bf9117066107d412119123
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com data:; base-uri 'self'; upgrade-insecure-requests; connect-src 'self' https://auth.wexhealthinc.com; frame-src 'self' https://auth.wexhealthinc.com; frame-ancestors 'self'; img-src 'self' data: blob:; media-src 'self' data:;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cobra.hsabank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com data:; base-uri 'self'; upgrade-insecure-requests; connect-src 'self' https://auth.wexhealthinc.com; frame-src 'self' https://auth.wexhealthinc.com; frame-ancestors 'self'; img-src 'self' data: blob:; media-src 'self' data:;
X-Content-Type-Options
nosniff
Last-Modified
Wed, 11 May 2022 12:27:20 GMT
ETag
"0c468753265d81:0"
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Type
image/gif
Cache-Control
private, must-revalidate, max-age=3600, s-maxage=0
Date
Fri, 03 Jun 2022 14:33:09 GMT
Accept-Ranges
bytes
Content-Length
3208
logout
cobra.hsabank.com/openenrollmentportal/ Frame 3970 		11 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://cobra.hsabank.com/openenrollmentportal/logout
Requested by
Host: cobra.hsabank.com
URL: https://cobra.hsabank.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.160.101.20 , United States, ASN394150 (WH01, US),
Reverse DNS
Software
/
Resource Hash
dbb5a91a8dc99be6bbadb3e56837344e19c5dd4b5d6eebe01f08db252a1be80c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://cobra.hsabank.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Cache-Control
private, must-revalidate, max-age=3600, s-maxage=0
Content-Encoding
gzip
Content-Length
1404
Content-Type
text/html
Date
Fri, 03 Jun 2022 14:33:11 GMT
ETag
"80a63c713265d81:0"
Last-Modified
Wed, 11 May 2022 12:27:13 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
truncated
/ 		619 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
53b7e1050e6f65b3a97ef9029363b3b43bb12db14de405a1d67bd62d40938722

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		118 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
55612dea7ec4e310768928ec4ad8a12408ac91c0862ccb73cae8a1790aa1371c

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6db9116a6c580a51b1fc523fb41fce795f823b4a457a8680bccce4559e590581

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		902 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
817e2b060ccf03e0c0b4283f7ac29fa613069a971009e36e94f4fddde1e3005e

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Content-Type
image/png
Mark%20Simonson%20-%20Proxima%20Nova%20Alt%20Light.otf
cobra.hsabank.com/fonts/ 		23 KB
24 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cobra.hsabank.com/fonts/Mark%20Simonson%20-%20Proxima%20Nova%20Alt%20Light.otf
Requested by
Host: cobra.hsabank.com
URL: https://cobra.hsabank.com/Content/css?v=Z5Fe2EHsPqO2Ity6xDpubEBDngwz-2I94OdkQm9FaXw1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.160.101.20 , United States, ASN394150 (WH01, US),
Reverse DNS
Software
/
Resource Hash
33f4ed2ab96bb8aa12305632dbf92d8e402a8de14c768ae7a02369c515220c8c
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com data:; base-uri 'self'; upgrade-insecure-requests; connect-src 'self' https://auth.wexhealthinc.com; frame-src 'self' https://auth.wexhealthinc.com; frame-ancestors 'self'; img-src 'self' data: blob:; media-src 'self' data:;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://cobra.hsabank.com/Content/css?v=Z5Fe2EHsPqO2Ity6xDpubEBDngwz-2I94OdkQm9FaXw1
Origin
https://cobra.hsabank.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com data:; base-uri 'self'; upgrade-insecure-requests; connect-src 'self' https://auth.wexhealthinc.com; frame-src 'self' https://auth.wexhealthinc.com; frame-ancestors 'self'; img-src 'self' data: blob:; media-src 'self' data:;
X-Content-Type-Options
nosniff
Last-Modified
Wed, 11 May 2022 12:27:20 GMT
ETag
"0c468753265d81:0"
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Type
font/otf
Cache-Control
private, must-revalidate, max-age=3600, s-maxage=0
Date
Fri, 03 Jun 2022 14:33:11 GMT
Accept-Ranges
bytes
Content-Length
23572
styles.3925070777e638168221.css
cobra.hsabank.com/openenrollmentportal/ Frame 3970 		252 KB
41 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cobra.hsabank.com/openenrollmentportal/styles.3925070777e638168221.css
Requested by
Host: cobra.hsabank.com
URL: https://cobra.hsabank.com/openenrollmentportal/logout
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.160.101.20 , United States, ASN394150 (WH01, US),
Reverse DNS
Software
/
Resource Hash
fa5a0f4f2aaeb4e373106ecd0b0cd67c280a79450b77086c54bdb7a407240aec
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cobra.hsabank.com/openenrollmentportal/logout
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Wed, 11 May 2022 12:27:13 GMT
ETag
"80a63c713265d81:0"
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
private, must-revalidate, max-age=3600, s-maxage=0
Date
Fri, 03 Jun 2022 14:33:11 GMT
Accept-Ranges
bytes
Content-Length
41303
runtime.4181ef3092a2da257574.js
cobra.hsabank.com/openenrollmentportal/ Frame 3970 		2 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cobra.hsabank.com/openenrollmentportal/runtime.4181ef3092a2da257574.js
Requested by
Host: cobra.hsabank.com
URL: https://cobra.hsabank.com/openenrollmentportal/logout
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.160.101.20 , United States, ASN394150 (WH01, US),
Reverse DNS
Software
/
Resource Hash
793cc119c26acbeafb9fb7c3ad6b0c4033a016aa6ce2569679be77e6ae826500
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cobra.hsabank.com/openenrollmentportal/logout
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
Last-Modified
Wed, 11 May 2022 12:27:13 GMT
ETag
"80a63c713265d81:0"
Content-Type
application/javascript
Cache-Control
private, must-revalidate, max-age=3600, s-maxage=0
Date
Fri, 03 Jun 2022 14:33:11 GMT
Accept-Ranges
bytes
Content-Length
2338
polyfills.7a965888daba3fbc4385.js
cobra.hsabank.com/openenrollmentportal/ Frame 3970 		36 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cobra.hsabank.com/openenrollmentportal/polyfills.7a965888daba3fbc4385.js
Requested by
Host: cobra.hsabank.com
URL: https://cobra.hsabank.com/openenrollmentportal/logout
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.160.101.20 , United States, ASN394150 (WH01, US),
Reverse DNS
Software
/
Resource Hash
6af9910ca87296f81d7fbacf50529157c51cfa0d77a06987cf36e1d138b6d15f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cobra.hsabank.com/openenrollmentportal/logout
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Wed, 11 May 2022 12:27:13 GMT
ETag
"80a63c713265d81:0"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
private, must-revalidate, max-age=3600, s-maxage=0
Date
Fri, 03 Jun 2022 14:33:11 GMT
Accept-Ranges
bytes
Content-Length
12504
scripts.a73844de5f291be94c3b.js
cobra.hsabank.com/openenrollmentportal/ Frame 3970 		148 KB
44 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cobra.hsabank.com/openenrollmentportal/scripts.a73844de5f291be94c3b.js
Requested by
Host: cobra.hsabank.com
URL: https://cobra.hsabank.com/openenrollmentportal/logout
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.160.101.20 , United States, ASN394150 (WH01, US),
Reverse DNS
Software
/
Resource Hash
c66894e85870c148e046c7fb4ef0675b759866a7a3320fd0e37868ec5939a434
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cobra.hsabank.com/openenrollmentportal/logout
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Wed, 11 May 2022 12:27:13 GMT
ETag
"80a63c713265d81:0"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
private, must-revalidate, max-age=3600, s-maxage=0
Date
Fri, 03 Jun 2022 14:33:11 GMT
Accept-Ranges
bytes
Content-Length
44999
main.03769d3a3c324b2e04ff.js
cobra.hsabank.com/openenrollmentportal/ Frame 3970 		1 MB
368 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cobra.hsabank.com/openenrollmentportal/main.03769d3a3c324b2e04ff.js
Requested by
Host: cobra.hsabank.com
URL: https://cobra.hsabank.com/openenrollmentportal/logout
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.160.101.20 , United States, ASN394150 (WH01, US),
Reverse DNS
Software
/
Resource Hash
f0a90480d452f014cbe5e63355434e2a2ad09ed575e54803eb85b22cf39a5c22
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cobra.hsabank.com/openenrollmentportal/logout
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Wed, 11 May 2022 12:27:13 GMT
ETag
"80a63c713265d81:0"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
private, must-revalidate, max-age=3600, s-maxage=0
Date
Fri, 03 Jun 2022 14:33:11 GMT
Accept-Ranges
bytes
Content-Length
376873
config.env.json
cobra.hsabank.com/openenrollmentportal/assets/config/ Frame 3970 		922 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cobra.hsabank.com/openenrollmentportal/assets/config/config.env.json
Requested by
Host: cobra.hsabank.com
URL: https://cobra.hsabank.com/openenrollmentportal/polyfills.7a965888daba3fbc4385.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.160.101.20 , United States, ASN394150 (WH01, US),
Reverse DNS
Software
/
Resource Hash
00bb958429989108ec36403fa18322fe2466dd0503a30763f445217d6403fde8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept
application/json, text/plain, */*
Referer
https://cobra.hsabank.com/openenrollmentportal/logout
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
Last-Modified
Thu, 05 May 2022 17:12:35 GMT
ETag
"f69b950a360d81:0"
Content-Type
application/json
Cache-Control
private, must-revalidate, max-age=3600, s-maxage=0
Date
Fri, 03 Jun 2022 14:33:13 GMT
Accept-Ranges
bytes
Content-Length
922
en-us.unauthorized.json
cobra.hsabank.com/openenrollmentportal/assets/dictionary-resources/ Frame 3970 		243 B
620 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://cobra.hsabank.com/openenrollmentportal/assets/dictionary-resources/en-us.unauthorized.json
Requested by
Host: cobra.hsabank.com
URL: https://cobra.hsabank.com/openenrollmentportal/polyfills.7a965888daba3fbc4385.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.160.101.20 , United States, ASN394150 (WH01, US),
Reverse DNS
Software
/
Resource Hash
2c9f6cf09b0428e2f5fb2369110e5fcfbc861ce69a0aa2bad32f62b209ed0773
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept
application/json, text/plain, */*
Referer
https://cobra.hsabank.com/openenrollmentportal/unauthorized/401
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
Last-Modified
Wed, 11 May 2022 12:27:13 GMT
ETag
"80a63c713265d81:0"
Content-Type
application/json
Cache-Control
private, must-revalidate, max-age=3600, s-maxage=0
Date
Fri, 03 Jun 2022 14:33:13 GMT
Accept-Ranges
bytes
Content-Length
243

Verdicts & Comments Add Verdict or Comment

35 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails object| navigation function| $ function| jQuery function| Popper object| bootstrap function| OnFormSubmit function| StartActivityIndicator function| StopActivityIndicator function| OnInputChanged function| CheckForChanges function| CheckForChange function| keyUpChange function| agreementAcceptClick function| GetPostData function| SetupAlternativeError function| SetupAlternativeErrors function| UpdateAlternativeError function| SetupPasswordView function| focusOnMainContent function| initializeModals boolean| hasFormActivity function| validateDynamicContent function| CreditCardPageAnnouncements function| InitFocusableElementSaving function| SetupBrowserValidation function| AdditionalServerErrorAnnounce object| aria object| accessibleFormValidator

5 Cookies

Domain/Path Name / Value
cobra.hsabank.com/ Name: .ASPXANONYMOUS
Value: 717eDt9g6ie5J94yCPkzEfp7EypnEMuXH5z4v5T8aNSNC3_6USol-p74C1uT1qGRCvJSnTmVkmHyCzE2IDCMncI_7F-rlTPLtOWq2oBBSQg5GQMu5SytRGcYx1P68XcrPbMm9A2
cobra.hsabank.com/ Name: ASP.NET_SessionId
Value: z0w1w0hnx2m1v4hjakvvd0v0
cobra.hsabank.com/ Name: __RequestVerificationToken
Value: ZCfquW2mNWvuQqycPp4yTgyMOi1uqXsR-X0I0sYZQ46b-zN0XjcF64Iwh0LplMnBxiMwoHeg8esMcIKkup3dabUhCM81
cobra.hsabank.com/ Name: BIGipServerVERPTP1_COBRAPOINTVANITY.BENAISSANCE.COM_443_POOL
Value: 2727613450.47873.0000
cobra.hsabank.com/ Name: TS01d72909
Value: 011148bceca0f9b646caa3b8182a09a76ee2b8d2cc40805123ee9116407eef937fe0e7705d960d253d65039b0013689ba0956982f8359d44a4b8bf663b744bcc54d021ee1e89bddf1dc055f3a93a6fa3f17d8366c0c7f73fedb9d8f0151c1b03e6bec84ea30ab8dc0385b46e28fa59b5656b58481f1e3e54ad0e837e31d58a1b01b17efc63bb3f304fdfa9a40892a4e9e7ab523e32

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com data:; base-uri 'self'; upgrade-insecure-requests; connect-src 'self' https://auth.wexhealthinc.com; frame-src 'self' https://auth.wexhealthinc.com; frame-ancestors 'self'; img-src 'self' data: blob:; media-src 'self' data:;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cobra.hsabank.com
192.160.101.20
00bb958429989108ec36403fa18322fe2466dd0503a30763f445217d6403fde8
0453f02fac70a342f3312baa1c76e58ecca382ffff2c4edbaebee236e0cf3f9d
154387954616a66d0315edd5f88cb28410e2f8c96b0cbce851f099d1c29299c4
20754e76b1cf9a08036af885d5b79780db6514a7b3ab36856534343c47b0498f
2c9f6cf09b0428e2f5fb2369110e5fcfbc861ce69a0aa2bad32f62b209ed0773
33f4ed2ab96bb8aa12305632dbf92d8e402a8de14c768ae7a02369c515220c8c
40ae80de5d8e1ab6f5e48ac74ebea41c5d21377ea7f115750d21f8cced096afb
46fa74a64cf5ad9a427f3b07805a96b4c4e66a1c10c3a7680f619330472f3d2d
53b7e1050e6f65b3a97ef9029363b3b43bb12db14de405a1d67bd62d40938722
55612dea7ec4e310768928ec4ad8a12408ac91c0862ccb73cae8a1790aa1371c
6af9910ca87296f81d7fbacf50529157c51cfa0d77a06987cf36e1d138b6d15f
6db9116a6c580a51b1fc523fb41fce795f823b4a457a8680bccce4559e590581
793cc119c26acbeafb9fb7c3ad6b0c4033a016aa6ce2569679be77e6ae826500
817e2b060ccf03e0c0b4283f7ac29fa613069a971009e36e94f4fddde1e3005e
9c520f008880b447560f85ee36ba811941f9e11cba7f5f7dce78cbd03af48319
adedbbc6ece28f936b05316ac9bbf2fd75d679a5c766d970ca6a5394906d48f5
aebc793d0064383ee6b1625bf3bb32532ec30a5c12bf9117066107d412119123
b06dd1652201f641d72aa01966316e0e074ed5bc516c2f7ba8d725cfd1af3573
b52d596ba1fed7db9a9546bd66f3687958f8f519a154af1a4140e691dd2fea89
c66894e85870c148e046c7fb4ef0675b759866a7a3320fd0e37868ec5939a434
dbb5a91a8dc99be6bbadb3e56837344e19c5dd4b5d6eebe01f08db252a1be80c
ddedfd5d9e8a2011a5fe7d7bc215262090783635942c89a40bb4a0614a05e716
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e735a78f4a4c3271973890c3ef5e07b58011128314f95366e826deb04983ae12
e931105b2c2435ff303b1d445bda4a0f1ecc65cd7522cf8bc2ad74fbde930d7d
ef69d5ee44cff59fefea3b0283ec267f1f293a4d9a1d8479ae41ff0c18cbc8b2
f0a90480d452f014cbe5e63355434e2a2ad09ed575e54803eb85b22cf39a5c22
fa5a0f4f2aaeb4e373106ecd0b0cd67c280a79450b77086c54bdb7a407240aec