cdhauthsvc.lh1ondemand.com Open in urlscan Pro
192.160.101.72 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://alegeus.employeraccess.hsabank.com/
Effective URL:
https://cdhauthsvc.lh1ondemand.com/Login?returnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3DCdhEmp%26redirect_uri%3Dhttps%25...
Submission: On September 30 via automatic, source certstream-suspicious (September 30th 2021, 6:48:12 pm UTC) — Scanned from DE

Summary HTTP 20 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 2 domains to perform 20 HTTP transactions. The main IP is 192.160.101.72, located in United States and belongs to WH01, US. The main domain is cdhauthsvc.lh1ondemand.com.
TLS certificate: Issued by Entrust Certification Authority - L1K on September 29th 2020. Valid for: a year.

This is the only time cdhauthsvc.lh1ondemand.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	65.221.105.146 65.221.105.146	394150 (WH01) (WH01)
2 22	192.160.101.72 192.160.101.72	394150 (WH01) (WH01)
20	1

1 65.221.105.146 (United States) 1 redirects

ASN394150 (WH01, US)

alegeus.employeraccess.hsabank.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 192.160.101.72 (United States) 2 redirects

ASN394150 (WH01, US)

cdhauthsvc.lh1ondemand.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
22	lh1ondemand.com 2 redirects cdhauthsvc.lh1ondemand.com	816 KB
1	hsabank.com 1 redirects alegeus.employeraccess.hsabank.com	3 KB
20	2

	Domain	Requested by
22	cdhauthsvc.lh1ondemand.com	2 redirects cdhauthsvc.lh1ondemand.com
1	alegeus.employeraccess.hsabank.com	1 redirects
20	2

This site contains no links.

Subject Issuer	Validity	Valid
*.lh1ondemand.com Entrust Certification Authority - L1K	`2020-09-29` - `2021-10-28`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://cdhauthsvc.lh1ondemand.com/Login?returnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3DCdhEmp%26redirect_uri%3Dhttps%253A%252F%252Falegeus.employeraccess.hsabank.com%252Fsignin-oidc%26response_type%3Dcode%26scope%3Dopenid%2520profile%2520DataApi%2520offline_access%26code_challenge%3DnG-fPWQfX0OpWRIsAz5TGzT-_o-w7P5gt7X82XH6WRA%26code_challenge_method%3DS256%26response_mode%3Dform_post%26nonce%3D637686244867214053.NzA4NTQwY2YtZTc5NC00ODQzLWI1MDQtY2JlMmFjZmRiMmI1Mzc5N2FkOGMtYzhkNC00MzAwLTk0YjYtYTUzNDkwYTQ1MGM5%26nonceTimeStamp%3D09%252F30%252F2021%252013%253A48%253A06%26state%3DCfDJ8GdtjltGdIFNhc17dnIAl6jAuBKk0PBfPON2F67EIRiKYIGE4X48GQbt0_GK2cfhuFj27Jd8qGdNBH0X0MmYcTOAJZnuPDpNDHh9hMTiBClxyy7H9t1QQK4O_RFjjCxzzzZvahbwgCbN2P51K6AZ8BI5of4WwcYMJJFq6zd-yflESOnmkuyTFuPcRY3rBgl5PhIwMfEXgPqBE_I4uoKHOtSGu-6TUnGnVTopW2RujQLozz6EdcBY5xPWvRR8pk1j42mrrf97LpAiO9R2UuSMnntdW-BWswLx-i7aLyP1umCMsEBwt_6aGnQ5aIZi1hOWKl2BWqm8E4DKKiuheGVq8QcLluW9Tx8Pc4zrtqISCOOPUVc2BUfjTexJyOWbrQ7YrZjf0JMgaERzrOgS9IpjT0g%26x-client-SKU%3DID_NETSTANDARD2_0%26x-client-ver%3D5.5.0.0
Frame ID: 827605A7F5CE2B144DBD893640C186D5
Requests: 20 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Log in

Page URL History Show full URLs

https://alegeus.employeraccess.hsabank.com/ HTTP 302
https://cdhauthsvc.lh1ondemand.com/connect/authorize?client_id=CdhEmp&redirect_uri=https%3A%2F%2Falegeus.employ... HTTP 302
https://cdhauthsvc.lh1ondemand.com/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3DCdhE... HTTP 302
https://cdhauthsvc.lh1ondemand.com/Login?returnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3DCdhEmp%26red... Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

20
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

1
IPs

1
Countries

813 kB
Transfer

805 kB
Size

9
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://alegeus.employeraccess.hsabank.com/ HTTP 302
https://cdhauthsvc.lh1ondemand.com/connect/authorize?client_id=CdhEmp&redirect_uri=https%3A%2F%2Falegeus.employeraccess.hsabank.com%2Fsignin-oidc&response_type=code&scope=openid%20profile%20DataApi%20offline_access&code_challenge=nG-fPWQfX0OpWRIsAz5TGzT-_o-w7P5gt7X82XH6WRA&code_challenge_method=S256&response_mode=form_post&nonce=637686244867214053.NzA4NTQwY2YtZTc5NC00ODQzLWI1MDQtY2JlMmFjZmRiMmI1Mzc5N2FkOGMtYzhkNC00MzAwLTk0YjYtYTUzNDkwYTQ1MGM5&nonceTimeStamp=09%2F30%2F2021%2013%3A48%3A06&state=CfDJ8GdtjltGdIFNhc17dnIAl6jAuBKk0PBfPON2F67EIRiKYIGE4X48GQbt0_GK2cfhuFj27Jd8qGdNBH0X0MmYcTOAJZnuPDpNDHh9hMTiBClxyy7H9t1QQK4O_RFjjCxzzzZvahbwgCbN2P51K6AZ8BI5of4WwcYMJJFq6zd-yflESOnmkuyTFuPcRY3rBgl5PhIwMfEXgPqBE_I4uoKHOtSGu-6TUnGnVTopW2RujQLozz6EdcBY5xPWvRR8pk1j42mrrf97LpAiO9R2UuSMnntdW-BWswLx-i7aLyP1umCMsEBwt_6aGnQ5aIZi1hOWKl2BWqm8E4DKKiuheGVq8QcLluW9Tx8Pc4zrtqISCOOPUVc2BUfjTexJyOWbrQ7YrZjf0JMgaERzrOgS9IpjT0g&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=5.5.0.0 HTTP 302
https://cdhauthsvc.lh1ondemand.com/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3DCdhEmp%26redirect_uri%3Dhttps%253A%252F%252Falegeus.employeraccess.hsabank.com%252Fsignin-oidc%26response_type%3Dcode%26scope%3Dopenid%2520profile%2520DataApi%2520offline_access%26code_challenge%3DnG-fPWQfX0OpWRIsAz5TGzT-_o-w7P5gt7X82XH6WRA%26code_challenge_method%3DS256%26response_mode%3Dform_post%26nonce%3D637686244867214053.NzA4NTQwY2YtZTc5NC00ODQzLWI1MDQtY2JlMmFjZmRiMmI1Mzc5N2FkOGMtYzhkNC00MzAwLTk0YjYtYTUzNDkwYTQ1MGM5%26nonceTimeStamp%3D09%252F30%252F2021%252013%253A48%253A06%26state%3DCfDJ8GdtjltGdIFNhc17dnIAl6jAuBKk0PBfPON2F67EIRiKYIGE4X48GQbt0_GK2cfhuFj27Jd8qGdNBH0X0MmYcTOAJZnuPDpNDHh9hMTiBClxyy7H9t1QQK4O_RFjjCxzzzZvahbwgCbN2P51K6AZ8BI5of4WwcYMJJFq6zd-yflESOnmkuyTFuPcRY3rBgl5PhIwMfEXgPqBE_I4uoKHOtSGu-6TUnGnVTopW2RujQLozz6EdcBY5xPWvRR8pk1j42mrrf97LpAiO9R2UuSMnntdW-BWswLx-i7aLyP1umCMsEBwt_6aGnQ5aIZi1hOWKl2BWqm8E4DKKiuheGVq8QcLluW9Tx8Pc4zrtqISCOOPUVc2BUfjTexJyOWbrQ7YrZjf0JMgaERzrOgS9IpjT0g%26x-client-SKU%3DID_NETSTANDARD2_0%26x-client-ver%3D5.5.0.0 HTTP 302
https://cdhauthsvc.lh1ondemand.com/Login?returnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3DCdhEmp%26redirect_uri%3Dhttps%253A%252F%252Falegeus.employeraccess.hsabank.com%252Fsignin-oidc%26response_type%3Dcode%26scope%3Dopenid%2520profile%2520DataApi%2520offline_access%26code_challenge%3DnG-fPWQfX0OpWRIsAz5TGzT-_o-w7P5gt7X82XH6WRA%26code_challenge_method%3DS256%26response_mode%3Dform_post%26nonce%3D637686244867214053.NzA4NTQwY2YtZTc5NC00ODQzLWI1MDQtY2JlMmFjZmRiMmI1Mzc5N2FkOGMtYzhkNC00MzAwLTk0YjYtYTUzNDkwYTQ1MGM5%26nonceTimeStamp%3D09%252F30%252F2021%252013%253A48%253A06%26state%3DCfDJ8GdtjltGdIFNhc17dnIAl6jAuBKk0PBfPON2F67EIRiKYIGE4X48GQbt0_GK2cfhuFj27Jd8qGdNBH0X0MmYcTOAJZnuPDpNDHh9hMTiBClxyy7H9t1QQK4O_RFjjCxzzzZvahbwgCbN2P51K6AZ8BI5of4WwcYMJJFq6zd-yflESOnmkuyTFuPcRY3rBgl5PhIwMfEXgPqBE_I4uoKHOtSGu-6TUnGnVTopW2RujQLozz6EdcBY5xPWvRR8pk1j42mrrf97LpAiO9R2UuSMnntdW-BWswLx-i7aLyP1umCMsEBwt_6aGnQ5aIZi1hOWKl2BWqm8E4DKKiuheGVq8QcLluW9Tx8Pc4zrtqISCOOPUVc2BUfjTexJyOWbrQ7YrZjf0JMgaERzrOgS9IpjT0g%26x-client-SKU%3DID_NETSTANDARD2_0%26x-client-ver%3D5.5.0.0 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

20 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request

Cookie set Login Show response
cdhauthsvc.lh1ondemand.com/
Redirect Chain

https://alegeus.employeraccess.hsabank.com/
https://cdhauthsvc.lh1ondemand.com/connect/authorize?client_id=CdhEmp&redirect_uri=https%3A%2F%2Falegeus.employeraccess.hsabank.com%2Fsignin-oidc&response_type=code&scope=openid%20profile%20DataApi...
https://cdhauthsvc.lh1ondemand.com/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3DCdhEmp%26redirect_uri%3Dhttps%253A%252F%252Falegeus.employeraccess.hsabank.com%252Fsignin-...
https://cdhauthsvc.lh1ondemand.com/Login?returnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3DCdhEmp%26redirect_uri%3Dhttps%253A%252F%252Falegeus.employeraccess.hsabank.com%252Fsignin-oidc%26r...

6 KB
8 KB

139ms
139ms

Document
text/html

192.160.101.72
WH01

General

Check archive.org

Show headers Download Go to

Full URL

https://cdhauthsvc.lh1ondemand.com/Login?returnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3DCdhEmp%26redirect_uri%3Dhttps%253A%252F%252Falegeus.employeraccess.hsabank.com%252Fsignin-oidc%26response_type%3Dcode%26scope%3Dopenid%2520profile%2520DataApi%2520offline_access%26code_challenge%3DnG-fPWQfX0OpWRIsAz5TGzT-_o-w7P5gt7X82XH6WRA%26code_challenge_method%3DS256%26response_mode%3Dform_post%26nonce%3D637686244867214053.NzA4NTQwY2YtZTc5NC00ODQzLWI1MDQtY2JlMmFjZmRiMmI1Mzc5N2FkOGMtYzhkNC00MzAwLTk0YjYtYTUzNDkwYTQ1MGM5%26nonceTimeStamp%3D09%252F30%252F2021%252013%253A48%253A06%26state%3DCfDJ8GdtjltGdIFNhc17dnIAl6jAuBKk0PBfPON2F67EIRiKYIGE4X48GQbt0_GK2cfhuFj27Jd8qGdNBH0X0MmYcTOAJZnuPDpNDHh9hMTiBClxyy7H9t1QQK4O_RFjjCxzzzZvahbwgCbN2P51K6AZ8BI5of4WwcYMJJFq6zd-yflESOnmkuyTFuPcRY3rBgl5PhIwMfEXgPqBE_I4uoKHOtSGu-6TUnGnVTopW2RujQLozz6EdcBY5xPWvRR8pk1j42mrrf97LpAiO9R2UuSMnntdW-BWswLx-i7aLyP1umCMsEBwt_6aGnQ5aIZi1hOWKl2BWqm8E4DKKiuheGVq8QcLluW9Tx8Pc4zrtqISCOOPUVc2BUfjTexJyOWbrQ7YrZjf0JMgaERzrOgS9IpjT0g%26x-client-SKU%3DID_NETSTANDARD2_0%26x-client-ver%3D5.5.0.0

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.160.101.72 , United States, ASN394150 (WH01, US),

Reverse DNS

Software

/ ASP.NET

Resource Hash

204e5a95fa1894cca2ac01eaf69c850fdea441e90496bf4b124371544de4cd86

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; object-src 'none';frame-ancestors 'self' https://employer.lh1ondemand.com https://alegeus.employeraccess.hsabank.com;frame-src 'self' https://www.google.com/recaptcha/;script-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy	default-src 'self'; object-src 'none';frame-ancestors 'self' https://employer.lh1ondemand.com https://alegeus.employeraccess.hsabank.com;frame-src 'self' https://www.google.com/recaptcha/;script-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Host: cdhauthsvc.lh1ondemand.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Cookie: BIGipServerVER1CP1_EMPLAUTHSVC=2241861898.36895.0000; Domain=ALG; .AspNetCore.Mvc.CookieTempDataProvider=CfDJ8HyTUK0MO6pKqSlRJwlabU4g4xrFbC1ow1lVsdQjzmUZnoNHEsp6w_ECHCjd8O51agLpy5AUy6zHbDARyrh0g0vNb4xuabXRGSjJA6EdXeUcvfV2I909W9rlk1whCDu-BjX33aNKRN0n_KyjujFsNcg
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0, max-age=0, s-maxage=0
Pragma: no-cache
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
Expires: -1
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: default-src 'self'; object-src 'none';frame-ancestors 'self' https://employer.lh1ondemand.com https://alegeus.employeraccess.hsabank.com;frame-src 'self' https://www.google.com/recaptcha/;script-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/;
X-Content-Security-Policy: default-src 'self'; object-src 'none';frame-ancestors 'self' https://employer.lh1ondemand.com https://alegeus.employeraccess.hsabank.com;frame-src 'self' https://www.google.com/recaptcha/;script-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/;
Referrer-Policy: no-referrer
Set-Cookie: .AspNetCore.Antiforgery.C17WO2C10CE=CfDJ8HyTUK0MO6pKqSlRJwlabU5tiIdCX6wrmU539yYhYKnj-AKQRFj7UwCBaloF-StS4T1VWWY83a4CCI-jN2fZqNGzY8xB3z0WOtP5OeTolAcyfjkrDj3ACCbbhqkHktjOpp0NW3Hfvwp3MmjtI1c1IwA; path=/; samesite=strict; httponly .AspNetCore.Mvc.CookieTempDataProvider=; expires=Thu, 01 Jan 1970 00:00:00 GMT; path=/; samesite=lax; httponly
X-Powered-By: ASP.NET
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Date: Thu, 30 Sep 2021 18:48:07 GMT

Redirect headers

Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0, max-age=0, s-maxage=0
Pragma: no-cache
Transfer-Encoding: chunked
Expires: -1
Location: /Login?returnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3DCdhEmp%26redirect_uri%3Dhttps%253A%252F%252Falegeus.employeraccess.hsabank.com%252Fsignin-oidc%26response_type%3Dcode%26scope%3Dopenid%2520profile%2520DataApi%2520offline_access%26code_challenge%3DnG-fPWQfX0OpWRIsAz5TGzT-_o-w7P5gt7X82XH6WRA%26code_challenge_method%3DS256%26response_mode%3Dform_post%26nonce%3D637686244867214053.NzA4NTQwY2YtZTc5NC00ODQzLWI1MDQtY2JlMmFjZmRiMmI1Mzc5N2FkOGMtYzhkNC00MzAwLTk0YjYtYTUzNDkwYTQ1MGM5%26nonceTimeStamp%3D09%252F30%252F2021%252013%253A48%253A06%26state%3DCfDJ8GdtjltGdIFNhc17dnIAl6jAuBKk0PBfPON2F67EIRiKYIGE4X48GQbt0_GK2cfhuFj27Jd8qGdNBH0X0MmYcTOAJZnuPDpNDHh9hMTiBClxyy7H9t1QQK4O_RFjjCxzzzZvahbwgCbN2P51K6AZ8BI5of4WwcYMJJFq6zd-yflESOnmkuyTFuPcRY3rBgl5PhIwMfEXgPqBE_I4uoKHOtSGu-6TUnGnVTopW2RujQLozz6EdcBY5xPWvRR8pk1j42mrrf97LpAiO9R2UuSMnntdW-BWswLx-i7aLyP1umCMsEBwt_6aGnQ5aIZi1hOWKl2BWqm8E4DKKiuheGVq8QcLluW9Tx8Pc4zrtqISCOOPUVc2BUfjTexJyOWbrQ7YrZjf0JMgaERzrOgS9IpjT0g%26x-client-SKU%3DID_NETSTANDARD2_0%26x-client-ver%3D5.5.0.0
Set-Cookie: Domain=ALG; path=/ Domain=ALG; path=/ .AspNetCore.Mvc.CookieTempDataProvider=CfDJ8HyTUK0MO6pKqSlRJwlabU4g4xrFbC1ow1lVsdQjzmUZnoNHEsp6w_ECHCjd8O51agLpy5AUy6zHbDARyrh0g0vNb4xuabXRGSjJA6EdXeUcvfV2I909W9rlk1whCDu-BjX33aNKRN0n_KyjujFsNcg; path=/; samesite=lax; httponly
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: default-src 'self'; object-src 'none';frame-ancestors 'self' https://employer.lh1ondemand.com https://alegeus.employeraccess.hsabank.com;frame-src 'self' https://www.google.com/recaptcha/;script-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/;
X-Content-Security-Policy: default-src 'self'; object-src 'none';frame-ancestors 'self' https://employer.lh1ondemand.com https://alegeus.employeraccess.hsabank.com;frame-src 'self' https://www.google.com/recaptcha/;script-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/;
Referrer-Policy: no-referrer
X-Powered-By: ASP.NET
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Date: Thu, 30 Sep 2021 18:48:06 GMT

GET
H/1.1 200
OK bootstrap.css
cdhauthsvc.lh1ondemand.com/css/ 205 KB
205 KB 115ms
115ms Stylesheet
text/css 192.160.101.72
WH01

General

Check archive.org

Show headers Download Go to

Full URL

https://cdhauthsvc.lh1ondemand.com/css/bootstrap.css

Requested by

Host: cdhauthsvc.lh1ondemand.com
URL: https://cdhauthsvc.lh1ondemand.com/Login?returnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3DCdhEmp%26redirect_uri%3Dhttps%253A%252F%252Falegeus.employeraccess.hsabank.com%252Fsignin-oidc%26response_type%3Dcode%26scope%3Dopenid%2520profile%2520DataApi%2520offline_access%26code_challenge%3DnG-fPWQfX0OpWRIsAz5TGzT-_o-w7P5gt7X82XH6WRA%26code_challenge_method%3DS256%26response_mode%3Dform_post%26nonce%3D637686244867214053.NzA4NTQwY2YtZTc5NC00ODQzLWI1MDQtY2JlMmFjZmRiMmI1Mzc5N2FkOGMtYzhkNC00MzAwLTk0YjYtYTUzNDkwYTQ1MGM5%26nonceTimeStamp%3D09%252F30%252F2021%252013%253A48%253A06%26state%3DCfDJ8GdtjltGdIFNhc17dnIAl6jAuBKk0PBfPON2F67EIRiKYIGE4X48GQbt0_GK2cfhuFj27Jd8qGdNBH0X0MmYcTOAJZnuPDpNDHh9hMTiBClxyy7H9t1QQK4O_RFjjCxzzzZvahbwgCbN2P51K6AZ8BI5of4WwcYMJJFq6zd-yflESOnmkuyTFuPcRY3rBgl5PhIwMfEXgPqBE_I4uoKHOtSGu-6TUnGnVTopW2RujQLozz6EdcBY5xPWvRR8pk1j42mrrf97LpAiO9R2UuSMnntdW-BWswLx-i7aLyP1umCMsEBwt_6aGnQ5aIZi1hOWKl2BWqm8E4DKKiuheGVq8QcLluW9Tx8Pc4zrtqISCOOPUVc2BUfjTexJyOWbrQ7YrZjf0JMgaERzrOgS9IpjT0g%26x-client-SKU%3DID_NETSTANDARD2_0%26x-client-ver%3D5.5.0.0

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.160.101.72 , United States, ASN394150 (WH01, US),

Reverse DNS

Software

/ ASP.NET

Resource Hash

c057d37620f2fc7c9614d1d63a2428ba1258b4b86a284ca156d5ac7d7f40ef17

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: cdhauthsvc.lh1ondemand.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Cookie: BIGipServerVER1CP1_EMPLAUTHSVC=2241861898.36895.0000; Domain=ALG; .AspNetCore.Antiforgery.C17WO2C10CE=CfDJ8HyTUK0MO6pKqSlRJwlabU5tiIdCX6wrmU539yYhYKnj-AKQRFj7UwCBaloF-StS4T1VWWY83a4CCI-jN2fZqNGzY8xB3z0WOtP5OeTolAcyfjkrDj3ACCbbhqkHktjOpp0NW3Hfvwp3MmjtI1c1IwA
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Thu, 26 Aug 2021 21:18:16 GMT
X-Powered-By: ASP.NET
ETag: "1d79abfe27e2f2d"
Content-Type: text/css
Date: Thu, 30 Sep 2021 18:48:07 GMT
Accept-Ranges: bytes
Content-Length: 209709

GET
H/1.1 200
OK customcolorstyles
cdhauthsvc.lh1ondemand.com/ 17 KB
17 KB 327ms
110ms Stylesheet
text/css 192.160.101.72
WH01

General

Check archive.org

Show headers Download Go to

Full URL

https://cdhauthsvc.lh1ondemand.com/customcolorstyles?fileType=1

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.160.101.72 , United States, ASN394150 (WH01, US),

Reverse DNS

Software

/ ASP.NET

Resource Hash

d9a3e866c337f33fba6a51ce2214db82fe32d0e5635ca63680fc39244af8ebde

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: cdhauthsvc.lh1ondemand.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Cookie: BIGipServerVER1CP1_EMPLAUTHSVC=2241861898.36895.0000; Domain=ALG; .AspNetCore.Antiforgery.C17WO2C10CE=CfDJ8HyTUK0MO6pKqSlRJwlabU5tiIdCX6wrmU539yYhYKnj-AKQRFj7UwCBaloF-StS4T1VWWY83a4CCI-jN2fZqNGzY8xB3z0WOtP5OeTolAcyfjkrDj3ACCbbhqkHktjOpp0NW3Hfvwp3MmjtI1c1IwA
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Powered-By: ASP.NET
Date: Thu, 30 Sep 2021 18:48:07 GMT
Transfer-Encoding: chunked
Content-Type: text/css

GET
H/1.1 200
OK components.min.css
cdhauthsvc.lh1ondemand.com/css/ 48 KB
48 KB 326ms
109ms Stylesheet
text/css 192.160.101.72
WH01

General

Check archive.org

Show headers Download Go to

Full URL

https://cdhauthsvc.lh1ondemand.com/css/components.min.css

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.160.101.72 , United States, ASN394150 (WH01, US),

Reverse DNS

Software

/ ASP.NET

Resource Hash

b41a8d90627a88632883c3d2e297ed39ff7bac3fcbffbd940d0ae759ef1af3d6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: cdhauthsvc.lh1ondemand.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Cookie: BIGipServerVER1CP1_EMPLAUTHSVC=2241861898.36895.0000; Domain=ALG; .AspNetCore.Antiforgery.C17WO2C10CE=CfDJ8HyTUK0MO6pKqSlRJwlabU5tiIdCX6wrmU539yYhYKnj-AKQRFj7UwCBaloF-StS4T1VWWY83a4CCI-jN2fZqNGzY8xB3z0WOtP5OeTolAcyfjkrDj3ACCbbhqkHktjOpp0NW3Hfvwp3MmjtI1c1IwA
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Thu, 26 Aug 2021 21:23:21 GMT
X-Powered-By: ASP.NET
ETag: "1d79ac09848aa29"
Content-Type: text/css
Date: Thu, 30 Sep 2021 18:48:07 GMT
Accept-Ranges: bytes
Content-Length: 49321

GET
H/1.1 200
OK employer.core.min.css
cdhauthsvc.lh1ondemand.com/css/ 4 KB
5 KB 331ms
111ms Stylesheet
text/css 192.160.101.72
WH01

General

Check archive.org

Show headers Download Go to

Full URL

https://cdhauthsvc.lh1ondemand.com/css/employer.core.min.css

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.160.101.72 , United States, ASN394150 (WH01, US),

Reverse DNS

Software

/ ASP.NET

Resource Hash

5f6a2b77bf32e2b8ea55cabff40d44c3e03ee4ac572cecbe63fd8f381d2c8446

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: cdhauthsvc.lh1ondemand.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Cookie: BIGipServerVER1CP1_EMPLAUTHSVC=2241861898.36895.0000; Domain=ALG; .AspNetCore.Antiforgery.C17WO2C10CE=CfDJ8HyTUK0MO6pKqSlRJwlabU5tiIdCX6wrmU539yYhYKnj-AKQRFj7UwCBaloF-StS4T1VWWY83a4CCI-jN2fZqNGzY8xB3z0WOtP5OeTolAcyfjkrDj3ACCbbhqkHktjOpp0NW3Hfvwp3MmjtI1c1IwA
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Thu, 26 Aug 2021 21:23:23 GMT
X-Powered-By: ASP.NET
ETag: "1d79ac0997986ac"
Content-Type: text/css
Date: Thu, 30 Sep 2021 18:48:07 GMT
Accept-Ranges: bytes
Content-Length: 4396

GET
H/1.1 200
OK employer.preauth.min.css
cdhauthsvc.lh1ondemand.com/css/ 5 KB
5 KB 339ms
113ms Stylesheet
text/css 192.160.101.72
WH01

General

Check archive.org

Show headers Download Go to

Full URL

https://cdhauthsvc.lh1ondemand.com/css/employer.preauth.min.css

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.160.101.72 , United States, ASN394150 (WH01, US),

Reverse DNS

Software

/ ASP.NET

Resource Hash

9568f665298db24ae1350d581c8e974b198509b8fc29caa50f079917433178aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: cdhauthsvc.lh1ondemand.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Cookie: BIGipServerVER1CP1_EMPLAUTHSVC=2241861898.36895.0000; Domain=ALG; .AspNetCore.Antiforgery.C17WO2C10CE=CfDJ8HyTUK0MO6pKqSlRJwlabU5tiIdCX6wrmU539yYhYKnj-AKQRFj7UwCBaloF-StS4T1VWWY83a4CCI-jN2fZqNGzY8xB3z0WOtP5OeTolAcyfjkrDj3ACCbbhqkHktjOpp0NW3Hfvwp3MmjtI1c1IwA
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Thu, 26 Aug 2021 21:23:46 GMT
X-Powered-By: ASP.NET
ETag: "1d79ac0a72f0f3c"
Content-Type: text/css
Date: Thu, 30 Sep 2021 18:48:07 GMT
Accept-Ranges: bytes
Content-Length: 4668

GET
H/1.1 200
OK brandinglogo
cdhauthsvc.lh1ondemand.com/ 14 KB
14 KB 233ms
128ms Image
image/png 192.160.101.72
WH01

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdhauthsvc.lh1ondemand.com/brandinglogo?logoType=1&appType=1

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.160.101.72 , United States, ASN394150 (WH01, US),

Reverse DNS

Software

/ ASP.NET

Resource Hash

c1640d4e2e10cdfc4630e0823fa88f1f58c4aec9b48a713d8a7fb8f118ea4df2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: cdhauthsvc.lh1ondemand.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Cookie: BIGipServerVER1CP1_EMPLAUTHSVC=2241861898.36895.0000; Domain=ALG; .AspNetCore.Antiforgery.C17WO2C10CE=CfDJ8HyTUK0MO6pKqSlRJwlabU5tiIdCX6wrmU539yYhYKnj-AKQRFj7UwCBaloF-StS4T1VWWY83a4CCI-jN2fZqNGzY8xB3z0WOtP5OeTolAcyfjkrDj3ACCbbhqkHktjOpp0NW3Hfvwp3MmjtI1c1IwA
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Powered-By: ASP.NET
ETag: "FADA12493B16D34F89129C361AC567AA"
Content-Type: image/png
Cache-Control: max-age=0
Date: Thu, 30 Sep 2021 18:48:07 GMT
Content-Length: 13885
Expires: -1

GET
H/1.1 200
OK customcolorimage
cdhauthsvc.lh1ondemand.com/ 1 KB
2 KB 221ms
123ms Image
image/svg+xml 192.160.101.72
WH01

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdhauthsvc.lh1ondemand.com/customcolorimage?fileType=14

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.160.101.72 , United States, ASN394150 (WH01, US),

Reverse DNS

Software

/ ASP.NET

Resource Hash

7068d4c85d50f119eedac1f9378272e5725f3eaeb51de676bbdd64c9c2336c9c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: cdhauthsvc.lh1ondemand.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Cookie: BIGipServerVER1CP1_EMPLAUTHSVC=2241861898.36895.0000; Domain=ALG; .AspNetCore.Antiforgery.C17WO2C10CE=CfDJ8HyTUK0MO6pKqSlRJwlabU5tiIdCX6wrmU539yYhYKnj-AKQRFj7UwCBaloF-StS4T1VWWY83a4CCI-jN2fZqNGzY8xB3z0WOtP5OeTolAcyfjkrDj3ACCbbhqkHktjOpp0NW3Hfvwp3MmjtI1c1IwA
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Powered-By: ASP.NET
ETag: "D980E5E5026D6CFA30C64911FFD712AC"
Content-Type: image/svg+xml
Cache-Control: max-age=0
Date: Thu, 30 Sep 2021 18:48:07 GMT
Content-Length: 1400
Expires: -1

GET
H/1.1 200
OK jquery.min.js Show response
cdhauthsvc.lh1ondemand.com/js/ 87 KB
88 KB 348ms
118ms Script
application/javascript 192.160.101.72
WH01

General

Check archive.org

Show headers Download Go to

Full URL

https://cdhauthsvc.lh1ondemand.com/js/jquery.min.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.160.101.72 , United States, ASN394150 (WH01, US),

Reverse DNS

Software

/ ASP.NET

Resource Hash

f36844906ad2309877aae3121b87fb15b9e09803cb4c333adc7e1e35ac92e14b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: cdhauthsvc.lh1ondemand.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Cookie: BIGipServerVER1CP1_EMPLAUTHSVC=2241861898.36895.0000; Domain=ALG; .AspNetCore.Antiforgery.C17WO2C10CE=CfDJ8HyTUK0MO6pKqSlRJwlabU5tiIdCX6wrmU539yYhYKnj-AKQRFj7UwCBaloF-StS4T1VWWY83a4CCI-jN2fZqNGzY8xB3z0WOtP5OeTolAcyfjkrDj3ACCbbhqkHktjOpp0NW3Hfvwp3MmjtI1c1IwA
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Thu, 26 Aug 2021 21:18:16 GMT
X-Powered-By: ASP.NET
ETag: "1d79abfe27c4186"
Content-Type: application/javascript
Date: Thu, 30 Sep 2021 18:48:07 GMT
Accept-Ranges: bytes
Content-Length: 89478

GET
H/1.1 200
OK bootstrap.min.js Show response
cdhauthsvc.lh1ondemand.com/js/ 62 KB
62 KB 110ms
110ms Script
application/javascript 192.160.101.72
WH01

General

Check archive.org

Show headers Download Go to

Full URL

https://cdhauthsvc.lh1ondemand.com/js/bootstrap.min.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.160.101.72 , United States, ASN394150 (WH01, US),

Reverse DNS

Software

/ ASP.NET

Resource Hash

a4555d8dee9f8adc976e84a97dfe87e6bf5794b579f49bb56f133fed85f7d709

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: cdhauthsvc.lh1ondemand.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Cookie: BIGipServerVER1CP1_EMPLAUTHSVC=2241861898.36895.0000; Domain=ALG; .AspNetCore.Antiforgery.C17WO2C10CE=CfDJ8HyTUK0MO6pKqSlRJwlabU5tiIdCX6wrmU539yYhYKnj-AKQRFj7UwCBaloF-StS4T1VWWY83a4CCI-jN2fZqNGzY8xB3z0WOtP5OeTolAcyfjkrDj3ACCbbhqkHktjOpp0NW3Hfvwp3MmjtI1c1IwA
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Thu, 26 Aug 2021 21:18:16 GMT
X-Powered-By: ASP.NET
ETag: "1d79abfe27debf1"
Content-Type: application/javascript
Date: Thu, 30 Sep 2021 18:48:07 GMT
Accept-Ranges: bytes
Content-Length: 63473

GET
H/1.1 200
OK components.min.js Show response
cdhauthsvc.lh1ondemand.com/js/ 106 KB
106 KB 114ms
114ms Script
application/javascript 192.160.101.72
WH01

General

Check archive.org

Show headers Download Go to

Full URL

https://cdhauthsvc.lh1ondemand.com/js/components.min.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.160.101.72 , United States, ASN394150 (WH01, US),

Reverse DNS

Software

/ ASP.NET

Resource Hash

e2d84949dede77d4d3f8fe632dfadbf2668b7f0ba78c13355c83b672f7bc4750

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: cdhauthsvc.lh1ondemand.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Cookie: BIGipServerVER1CP1_EMPLAUTHSVC=2241861898.36895.0000; Domain=ALG; .AspNetCore.Antiforgery.C17WO2C10CE=CfDJ8HyTUK0MO6pKqSlRJwlabU5tiIdCX6wrmU539yYhYKnj-AKQRFj7UwCBaloF-StS4T1VWWY83a4CCI-jN2fZqNGzY8xB3z0WOtP5OeTolAcyfjkrDj3ACCbbhqkHktjOpp0NW3Hfvwp3MmjtI1c1IwA
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Thu, 26 Aug 2021 21:23:21 GMT
X-Powered-By: ASP.NET
ETag: "1d79ac09849c2f8"
Content-Type: application/javascript
Date: Thu, 30 Sep 2021 18:48:07 GMT
Accept-Ranges: bytes
Content-Length: 108664

GET
H/1.1 200
OK ajax.min.js Show response
cdhauthsvc.lh1ondemand.com/js/ 480 B
784 B 113ms
113ms Script
application/javascript 192.160.101.72
WH01

General

Check archive.org

Show headers Download Go to

Full URL

https://cdhauthsvc.lh1ondemand.com/js/ajax.min.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.160.101.72 , United States, ASN394150 (WH01, US),

Reverse DNS

Software

/ ASP.NET

Resource Hash

c005270fff9367e24f92374e2da2d8e718157fe03c1f46cb18051a9262c6f488

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: cdhauthsvc.lh1ondemand.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Cookie: BIGipServerVER1CP1_EMPLAUTHSVC=2241861898.36895.0000; Domain=ALG; .AspNetCore.Antiforgery.C17WO2C10CE=CfDJ8HyTUK0MO6pKqSlRJwlabU5tiIdCX6wrmU539yYhYKnj-AKQRFj7UwCBaloF-StS4T1VWWY83a4CCI-jN2fZqNGzY8xB3z0WOtP5OeTolAcyfjkrDj3ACCbbhqkHktjOpp0NW3Hfvwp3MmjtI1c1IwA
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Thu, 26 Aug 2021 21:23:23 GMT
X-Powered-By: ASP.NET
ETag: "1d79ac099799660"
Content-Type: application/javascript
Date: Thu, 30 Sep 2021 18:48:07 GMT
Accept-Ranges: bytes
Content-Length: 480

GET
H/1.1 200
OK css-variables-gate.js Show response
cdhauthsvc.lh1ondemand.com/js/ 185 B
489 B 114ms
114ms Script
application/javascript 192.160.101.72
WH01

General

Check archive.org

Show headers Download Go to

Full URL

https://cdhauthsvc.lh1ondemand.com/js/css-variables-gate.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.160.101.72 , United States, ASN394150 (WH01, US),

Reverse DNS

Software

/ ASP.NET

Resource Hash

42dcb6af1874771e21ec922065ffaefcbea5e6f90ca08118179c498251927b84

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: cdhauthsvc.lh1ondemand.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Cookie: BIGipServerVER1CP1_EMPLAUTHSVC=2241861898.36895.0000; Domain=ALG; .AspNetCore.Antiforgery.C17WO2C10CE=CfDJ8HyTUK0MO6pKqSlRJwlabU5tiIdCX6wrmU539yYhYKnj-AKQRFj7UwCBaloF-StS4T1VWWY83a4CCI-jN2fZqNGzY8xB3z0WOtP5OeTolAcyfjkrDj3ACCbbhqkHktjOpp0NW3Hfvwp3MmjtI1c1IwA
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Thu, 26 Aug 2021 21:18:16 GMT
X-Powered-By: ASP.NET
ETag: "1d79abfe27d1cb9"
Content-Type: application/javascript
Date: Thu, 30 Sep 2021 18:48:07 GMT
Accept-Ranges: bytes
Content-Length: 185

GET
H/1.1 200
OK rsaHashtable.js Show response
cdhauthsvc.lh1ondemand.com/js/MFA/ 14 KB
14 KB 112ms
111ms Script
application/javascript 192.160.101.72
WH01

General

Check archive.org

Show headers Download Go to

Full URL

https://cdhauthsvc.lh1ondemand.com/js/MFA/rsaHashtable.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.160.101.72 , United States, ASN394150 (WH01, US),

Reverse DNS

Software

/ ASP.NET

Resource Hash

138143108101149f64bcda5fe38cdd2f3f2139cc957b45949e71fac33ea94482

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: cdhauthsvc.lh1ondemand.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Cookie: BIGipServerVER1CP1_EMPLAUTHSVC=2241861898.36895.0000; Domain=ALG; .AspNetCore.Antiforgery.C17WO2C10CE=CfDJ8HyTUK0MO6pKqSlRJwlabU5tiIdCX6wrmU539yYhYKnj-AKQRFj7UwCBaloF-StS4T1VWWY83a4CCI-jN2fZqNGzY8xB3z0WOtP5OeTolAcyfjkrDj3ACCbbhqkHktjOpp0NW3Hfvwp3MmjtI1c1IwA
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Thu, 26 Aug 2021 21:23:21 GMT
X-Powered-By: ASP.NET
ETag: "1d79ac098485d81"
Content-Type: application/javascript
Date: Thu, 30 Sep 2021 18:48:07 GMT
Accept-Ranges: bytes
Content-Length: 14081

GET
H/1.1 200
OK rsa.js Show response
cdhauthsvc.lh1ondemand.com/js/MFA/ 38 KB
38 KB 116ms
115ms Script
application/javascript 192.160.101.72
WH01

General

Check archive.org

Show headers Download Go to

Full URL

https://cdhauthsvc.lh1ondemand.com/js/MFA/rsa.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.160.101.72 , United States, ASN394150 (WH01, US),

Reverse DNS

Software

/ ASP.NET

Resource Hash

3aa3ac65705ff3ecc78a7a14493e32d5e9e243878ebd598d1e2a99c5c50ba1a0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: cdhauthsvc.lh1ondemand.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Cookie: BIGipServerVER1CP1_EMPLAUTHSVC=2241861898.36895.0000; Domain=ALG; .AspNetCore.Antiforgery.C17WO2C10CE=CfDJ8HyTUK0MO6pKqSlRJwlabU5tiIdCX6wrmU539yYhYKnj-AKQRFj7UwCBaloF-StS4T1VWWY83a4CCI-jN2fZqNGzY8xB3z0WOtP5OeTolAcyfjkrDj3ACCbbhqkHktjOpp0NW3Hfvwp3MmjtI1c1IwA
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Thu, 26 Aug 2021 21:23:21 GMT
X-Powered-By: ASP.NET
ETag: "1d79ac09848f2f5"
Content-Type: application/javascript
Date: Thu, 30 Sep 2021 18:48:07 GMT
Accept-Ranges: bytes
Content-Length: 39029

GET
H/1.1 200
OK AdaptiveAuthDataGathering.js Show response
cdhauthsvc.lh1ondemand.com/js/MFA/ 399 B
703 B 115ms
114ms Script
application/javascript 192.160.101.72
WH01

General

Check archive.org

Show headers Download Go to

Full URL

https://cdhauthsvc.lh1ondemand.com/js/MFA/AdaptiveAuthDataGathering.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.160.101.72 , United States, ASN394150 (WH01, US),

Reverse DNS

Software

/ ASP.NET

Resource Hash

0c919c823588076cf772c424f58eb3ca0600c9314c437a2827a4716f99c456c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: cdhauthsvc.lh1ondemand.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Cookie: BIGipServerVER1CP1_EMPLAUTHSVC=2241861898.36895.0000; Domain=ALG; .AspNetCore.Antiforgery.C17WO2C10CE=CfDJ8HyTUK0MO6pKqSlRJwlabU5tiIdCX6wrmU539yYhYKnj-AKQRFj7UwCBaloF-StS4T1VWWY83a4CCI-jN2fZqNGzY8xB3z0WOtP5OeTolAcyfjkrDj3ACCbbhqkHktjOpp0NW3Hfvwp3MmjtI1c1IwA
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Thu, 26 Aug 2021 21:23:21 GMT
X-Powered-By: ASP.NET
ETag: "1d79ac098486b0f"
Content-Type: application/javascript
Date: Thu, 30 Sep 2021 18:48:07 GMT
Accept-Ranges: bytes
Content-Length: 399

GET
H/1.1 200
OK login.min.js Show response
cdhauthsvc.lh1ondemand.com/js/ 419 B
723 B 112ms
111ms Script
application/javascript 192.160.101.72
WH01

General

Check archive.org

Show headers Download Go to

Full URL

https://cdhauthsvc.lh1ondemand.com/js/login.min.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.160.101.72 , United States, ASN394150 (WH01, US),

Reverse DNS

Software

/ ASP.NET

Resource Hash

cad4c74e23ea7457f468dd63481a156900ca6970f10bbe1e5a5d4812187e7fa3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: cdhauthsvc.lh1ondemand.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Cookie: BIGipServerVER1CP1_EMPLAUTHSVC=2241861898.36895.0000; Domain=ALG; .AspNetCore.Antiforgery.C17WO2C10CE=CfDJ8HyTUK0MO6pKqSlRJwlabU5tiIdCX6wrmU539yYhYKnj-AKQRFj7UwCBaloF-StS4T1VWWY83a4CCI-jN2fZqNGzY8xB3z0WOtP5OeTolAcyfjkrDj3ACCbbhqkHktjOpp0NW3Hfvwp3MmjtI1c1IwA
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Thu, 26 Aug 2021 21:23:46 GMT
X-Powered-By: ASP.NET
ETag: "1d79ac0a72f1ca3"
Content-Type: application/javascript
Date: Thu, 30 Sep 2021 18:48:07 GMT
Accept-Ranges: bytes
Content-Length: 419

GET
H/1.1 200
OK OpenSans-Bold.ttf
cdhauthsvc.lh1ondemand.com/font/ 102 KB
102 KB 195ms
108ms Font
application/x-font-ttf 192.160.101.72
WH01

General

Check archive.org

Show headers Download Go to

Full URL

https://cdhauthsvc.lh1ondemand.com/font/OpenSans-Bold.ttf

Requested by

Host: cdhauthsvc.lh1ondemand.com
URL: https://cdhauthsvc.lh1ondemand.com/css/employer.core.min.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.160.101.72 , United States, ASN394150 (WH01, US),

Reverse DNS

Software

/ ASP.NET

Resource Hash

f7916a37377e38527d4306303cfe89b653b49b0a6b0b05c6b7593f7ab0248da8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://cdhauthsvc.lh1ondemand.com
Accept-Encoding: gzip, deflate, br
Host: cdhauthsvc.lh1ondemand.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: font
Referer: https://cdhauthsvc.lh1ondemand.com/css/employer.core.min.css
Cookie: BIGipServerVER1CP1_EMPLAUTHSVC=2241861898.36895.0000; Domain=ALG; .AspNetCore.Antiforgery.C17WO2C10CE=CfDJ8HyTUK0MO6pKqSlRJwlabU5tiIdCX6wrmU539yYhYKnj-AKQRFj7UwCBaloF-StS4T1VWWY83a4CCI-jN2fZqNGzY8xB3z0WOtP5OeTolAcyfjkrDj3ACCbbhqkHktjOpp0NW3Hfvwp3MmjtI1c1IwA
Connection: keep-alive
Referer: https://cdhauthsvc.lh1ondemand.com/css/employer.core.min.css
Origin: https://cdhauthsvc.lh1ondemand.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Thu, 26 Aug 2021 21:18:16 GMT
X-Powered-By: ASP.NET
ETag: "1d79abfe27c8ab8"
Content-Type: application/x-font-ttf
Date: Thu, 30 Sep 2021 18:48:07 GMT
Accept-Ranges: bytes
Content-Length: 104120

GET
H/1.1 200
OK OpenSans-Regular.ttf
cdhauthsvc.lh1ondemand.com/font/ 94 KB
94 KB 199ms
110ms Font
application/x-font-ttf 192.160.101.72
WH01

General

Check archive.org

Show headers Download Go to

Full URL

https://cdhauthsvc.lh1ondemand.com/font/OpenSans-Regular.ttf

Requested by

Host: cdhauthsvc.lh1ondemand.com
URL: https://cdhauthsvc.lh1ondemand.com/css/employer.core.min.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.160.101.72 , United States, ASN394150 (WH01, US),

Reverse DNS

Software

/ ASP.NET

Resource Hash

34ad67cfc362403e3baabe4ad0f4ef0b4b6b68e2f252dd703bbb1e10198188e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://cdhauthsvc.lh1ondemand.com
Accept-Encoding: gzip, deflate, br
Host: cdhauthsvc.lh1ondemand.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: font
Referer: https://cdhauthsvc.lh1ondemand.com/css/employer.core.min.css
Cookie: BIGipServerVER1CP1_EMPLAUTHSVC=2241861898.36895.0000; Domain=ALG; .AspNetCore.Antiforgery.C17WO2C10CE=CfDJ8HyTUK0MO6pKqSlRJwlabU5tiIdCX6wrmU539yYhYKnj-AKQRFj7UwCBaloF-StS4T1VWWY83a4CCI-jN2fZqNGzY8xB3z0WOtP5OeTolAcyfjkrDj3ACCbbhqkHktjOpp0NW3Hfvwp3MmjtI1c1IwA
Connection: keep-alive
Referer: https://cdhauthsvc.lh1ondemand.com/css/employer.core.min.css
Origin: https://cdhauthsvc.lh1ondemand.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Thu, 26 Aug 2021 21:18:16 GMT
X-Powered-By: ASP.NET
ETag: "1d79abfe27c64ac"
Content-Type: application/x-font-ttf
Date: Thu, 30 Sep 2021 18:48:07 GMT
Accept-Ranges: bytes
Content-Length: 96428

GET
H/1.1 200
OK allowabledomains Show response
cdhauthsvc.lh1ondemand.com/ 199 B
1 KB 116ms
116ms XHR
application/json 192.160.101.72
WH01

General

Check archive.org

Show headers Download Go to

Full URL

https://cdhauthsvc.lh1ondemand.com/allowabledomains

Requested by

Host: cdhauthsvc.lh1ondemand.com
URL: https://cdhauthsvc.lh1ondemand.com/js/jquery.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.160.101.72 , United States, ASN394150 (WH01, US),

Reverse DNS

Software

/ ASP.NET

Resource Hash

1bc62de553cd7c0bf0c4634a383a21d26505f264a26334746c4e17a4df7c680e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; object-src 'none';frame-ancestors 'self' https://employer.lh1ondemand.com https://alegeus.employeraccess.hsabank.com;frame-src 'self' https://www.google.com/recaptcha/;script-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy	default-src 'self'; object-src 'none';frame-ancestors 'self' https://employer.lh1ondemand.com https://alegeus.employeraccess.hsabank.com;frame-src 'self' https://www.google.com/recaptcha/;script-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: cdhauthsvc.lh1ondemand.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors
Accept: application/json, text/javascript, */*; q=0.01
Cache-Control: no-cache
Sec-Fetch-Dest: empty
X-Requested-With: XMLHttpRequest
Cookie: BIGipServerVER1CP1_EMPLAUTHSVC=2241861898.36895.0000; Domain=ALG; .AspNetCore.Antiforgery.C17WO2C10CE=CfDJ8HyTUK0MO6pKqSlRJwlabU5tiIdCX6wrmU539yYhYKnj-AKQRFj7UwCBaloF-StS4T1VWWY83a4CCI-jN2fZqNGzY8xB3z0WOtP5OeTolAcyfjkrDj3ACCbbhqkHktjOpp0NW3Hfvwp3MmjtI1c1IwA
Connection: keep-alive
Accept: application/json, text/javascript, */*; q=0.01
Referer
X-Requested-With: XMLHttpRequest
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Content-Security-Policy: default-src 'self'; object-src 'none';frame-ancestors 'self' https://employer.lh1ondemand.com https://alegeus.employeraccess.hsabank.com;frame-src 'self' https://www.google.com/recaptcha/;script-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/;
X-Content-Type-Options: nosniff
X-Powered-By: ASP.NET
X-Frame-Options: SAMEORIGIN
Content-Type: application/json; charset=utf-8
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0, max-age=0, s-maxage=0
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Date: Thu, 30 Sep 2021 18:48:07 GMT
Referrer-Policy: no-referrer
X-Content-Security-Policy: default-src 'self'; object-src 'none';frame-ancestors 'self' https://employer.lh1ondemand.com https://alegeus.employeraccess.hsabank.com;frame-src 'self' https://www.google.com/recaptcha/;script-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/;

Verdicts & Comments Add Verdict or Comment

63 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

9 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
alegeus.employeraccess.hsabank.com/signin-oidc	1970-01-19 21:37:09	Name: .AspNetCore.OpenIdConnect.Nonce.CfDJ8GdtjltGdIFNhc17dnIAl6hbmlSEIhyiyaUEGyb8ZdcTJBv0FBtPyXzXIu_RYs8gEkJpZpLSxZLRQO0xhVulUa-xrwXj6snfV0qnvi2j367k5v4yn1uw_fkVqPg2eGGzPYgYmhLRfgNZ0S2s_T2cber-E2suodL6CPGqL8cF-LgfWGFf6bXEQ-brYR-MWYM7QzLI5M9xwthuV-jo69PAc-rYt52nNyhnxkQpZjywciUX7hW_W-cqfYarlRRl_CN-j4lnqFPA8mw9LiQSy4_Lcpo Value: N
alegeus.employeraccess.hsabank.com/signin-oidc	1970-01-19 21:37:09	Name: .AspNetCore.Correlation.oidc.lT3ZadYvNgycvKrrIUEfxWGUmCCL1oLAgJ5VhvMEDNc Value: N
alegeus.employeraccess.hsabank.com/signin-oidc	1969-12-31 23:59:59	Name: TS01802312 Value: 011148bcec2c0bd972e568b1b22c2703ecb5198146a4ab84c45a669bb929a1c2ff2d2a05a597027257e739333159921b48046cf9bfb6b65a21e7a2753c9ff8d60b3ded1166b723e44a1703c7d0f5cfbc542b507d9f
alegeus.employeraccess.hsabank.com/	1969-12-31 23:59:59	Name: BIGipServerVER1CP1_PORTAL_EMPLOYER_8080_POOL Value: 1990334730.36895.0000
alegeus.employeraccess.hsabank.com/	1969-12-31 23:59:59	Name: f5avraaaaaaaaaaaaaaaa_session_ Value: GOFPJDNDMJGEBPOMIJMDGDLBPODJBGPEIOMAJIFMEAEEEJHLBPKJEKHPLDPCDABDFAADOHHKLGJDOKIFLALAPMOPBANKBIFMLKFFCKBHKFLOOCAGILDNGKNBNMDAMFNH
alegeus.employeraccess.hsabank.com/	1969-12-31 23:59:59	Name: TS01d72909 Value: 011148bcec6f9883f0be9e82461c725ca09996e87aa4ab84c45a669bb929a1c2ff2d2a05a5a399be65861c04323204f7da14e9a896fe0341095cbf56679992d6fb247eee5072b61a683e30e5a0f027079710ad03ea
cdhauthsvc.lh1ondemand.com/	1969-12-31 23:59:59	Name: BIGipServerVER1CP1_EMPLAUTHSVC Value: 2241861898.36895.0000
cdhauthsvc.lh1ondemand.com/	1969-12-31 23:59:59	Name: Domain Value: ALG
cdhauthsvc.lh1ondemand.com/	1969-12-31 23:59:59	Name: .AspNetCore.Antiforgery.C17WO2C10CE Value: CfDJ8HyTUK0MO6pKqSlRJwlabU5tiIdCX6wrmU539yYhYKnj-AKQRFj7UwCBaloF-StS4T1VWWY83a4CCI-jN2fZqNGzY8xB3z0WOtP5OeTolAcyfjkrDj3ACCbbhqkHktjOpp0NW3Hfvwp3MmjtI1c1IwA

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self'; object-src 'none';frame-ancestors 'self' https://employer.lh1ondemand.com https://alegeus.employeraccess.hsabank.com;frame-src 'self' https://www.google.com/recaptcha/;script-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy	default-src 'self'; object-src 'none';frame-ancestors 'self' https://employer.lh1ondemand.com https://alegeus.employeraccess.hsabank.com;frame-src 'self' https://www.google.com/recaptcha/;script-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

alegeus.employeraccess.hsabank.com
cdhauthsvc.lh1ondemand.com
192.160.101.72
65.221.105.146
0c919c823588076cf772c424f58eb3ca0600c9314c437a2827a4716f99c456c1
138143108101149f64bcda5fe38cdd2f3f2139cc957b45949e71fac33ea94482
1bc62de553cd7c0bf0c4634a383a21d26505f264a26334746c4e17a4df7c680e
204e5a95fa1894cca2ac01eaf69c850fdea441e90496bf4b124371544de4cd86
34ad67cfc362403e3baabe4ad0f4ef0b4b6b68e2f252dd703bbb1e10198188e2
3aa3ac65705ff3ecc78a7a14493e32d5e9e243878ebd598d1e2a99c5c50ba1a0
42dcb6af1874771e21ec922065ffaefcbea5e6f90ca08118179c498251927b84
5f6a2b77bf32e2b8ea55cabff40d44c3e03ee4ac572cecbe63fd8f381d2c8446
7068d4c85d50f119eedac1f9378272e5725f3eaeb51de676bbdd64c9c2336c9c
9568f665298db24ae1350d581c8e974b198509b8fc29caa50f079917433178aa
a4555d8dee9f8adc976e84a97dfe87e6bf5794b579f49bb56f133fed85f7d709
b41a8d90627a88632883c3d2e297ed39ff7bac3fcbffbd940d0ae759ef1af3d6
c005270fff9367e24f92374e2da2d8e718157fe03c1f46cb18051a9262c6f488
c057d37620f2fc7c9614d1d63a2428ba1258b4b86a284ca156d5ac7d7f40ef17
c1640d4e2e10cdfc4630e0823fa88f1f58c4aec9b48a713d8a7fb8f118ea4df2
cad4c74e23ea7457f468dd63481a156900ca6970f10bbe1e5a5d4812187e7fa3
d9a3e866c337f33fba6a51ce2214db82fe32d0e5635ca63680fc39244af8ebde
e2d84949dede77d4d3f8fe632dfadbf2668b7f0ba78c13355c83b672f7bc4750
f36844906ad2309877aae3121b87fb15b9e09803cb4c333adc7e1e35ac92e14b
f7916a37377e38527d4306303cfe89b653b49b0a6b0b05c6b7593f7ab0248da8

cdhauthsvc.lh1ondemand.com Open in urlscan Pro 192.160.101.72 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

20 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

1 IPs

1 Countries

813 kBTransfer

805 kBSize

9 Cookies

0 Outgoing links

Page URL History

Redirected requests

20 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

63 JavaScript Global Variables

9 Cookies

Security Headers

Indicators

cdhauthsvc.lh1ondemand.com Open in urlscan Pro
192.160.101.72 Public Scan

Screenshot
Live screenshot

Full Image

20
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

1
IPs

1
Countries

813 kB
Transfer

805 kB
Size

9
Cookies

20 HTTP transactions
0 data transactions