urlscan.io logo urlscan.io
SecurityTrails logo

mhsinsights.com Open in urlscan Pro
2600:9000:2033:c400:9:f4db:f940:93a1  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://dhl.mhsinsights.com/
Effective URL: https://mhsinsights.com/login/index.html?code=token-not-found
Submission: On March 18 via api from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 11 HTTP transactions. The main IP is 2600:9000:2033:c400:9:f4db:f940:93a1, located in United States and belongs to AMAZON-02, US. The main domain is mhsinsights.com.
TLS certificate: Issued by Amazon RSA 2048 M03 on October 27th 2023. Valid for: a year.
This is the only time mhsinsights.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 2600:9000:23c... 16509 (AMAZON-02)
11 2600:9000:203... 16509 (AMAZON-02)
11 1
Apex Domain
Subdomains		 Transfer
12 mhsinsights.com
dhl.mhsinsights.com
mhsinsights.com
3 MB
11 1
Domain Requested by
11 mhsinsights.com mhsinsights.com
1 dhl.mhsinsights.com 1 redirects
11 2

This site contains no links.

Subject Issuer Validity Valid
mhsinsights.com
Amazon RSA 2048 M03		 2023-10-27 -
2024-11-23		 a year crt.sh

This page contains 1 frames:

Primary Page: https://mhsinsights.com/login/index.html?code=token-not-found
Frame ID: F7054192E055ABA1BE67E5E3B319C1F4
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

MHS | Sign In

Page URL History Show full URLs

  1. https://dhl.mhsinsights.com/ HTTP 302
    https://mhsinsights.com/login/index.html?code=token-not-found Page URL

Page Statistics

11
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

2
Subdomains

1
IPs

1
Countries

3129 kB
Transfer

3117 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://dhl.mhsinsights.com/ HTTP 302
    https://mhsinsights.com/login/index.html?code=token-not-found Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request index.html
mhsinsights.com/login/
Redirect Chain
  • https://dhl.mhsinsights.com/
  • https://mhsinsights.com/login/index.html?code=token-not-found
4 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://mhsinsights.com/login/index.html?code=token-not-found
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2033:c400:9:f4db:f940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6a79bddc06a81ac9bdb939676ad44bf3f50adc3a555aaec4b3a980fb61466b9b
Security Headers
Name Value
Content-Security-Policy default-src 'self'; img-src 'self' data: www.google-analytics.com; frame-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; script-src 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com; connect-src 'self' *.execute-api.us-east-1.amazonaws.com www.google-analytics.com cognito-idp.us-east-1.amazonaws.com;
Strict-Transport-Security max-age=2592000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

accept-ranges
bytes
content-length
3607
content-security-policy
default-src 'self'; img-src 'self' data: www.google-analytics.com; frame-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; script-src 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com; connect-src 'self' *.execute-api.us-east-1.amazonaws.com www.google-analytics.com cognito-idp.us-east-1.amazonaws.com;
content-type
text/html
date
Mon, 18 Mar 2024 15:15:22 GMT
etag
"772ab85a68637dd65c69de0aebf297a8"
last-modified
Tue, 10 Nov 2020 11:20:16 GMT
server
AmazonS3
strict-transport-security
max-age=2592000; includeSubdomains; preload
via
1.1 f204fd5edced5b62e46cf4708208b058.cloudfront.net (CloudFront)
x-amz-cf-id
wb0_UjwFIRywMHAXcVjQTMA7vHOdunxpr6i020Dt7Q7BRjr_zhLUtQ==
x-amz-cf-pop
MIA3-P7
x-cache
RefreshHit from cloudfront
x-content-type-options
nosniff
x-frame-options
DENY
x-permitted-cross-domain-policies
master-only

Redirect headers

cache-control
no-cache, no-store, must-revalidate
content-length
0
date
Mon, 18 Mar 2024 15:15:21 GMT
expires
0
location
https://mhsinsights.com/login/index.html?code=token-not-found
server
CloudFront
via
1.1 005b0f8dc37e46fc9bdc40ea2ce8a602.cloudfront.net (CloudFront)
x-amz-cf-id
45bbiWl-VtYHJFckM7oyDU60G5VUDL14Tx5-Iqr-PuDZcjc68z5Iwg==
x-amz-cf-pop
JFK50-P1
x-cache
LambdaGeneratedResponse from cloudfront
styles.css
mhsinsights.com/login/ 		8 KB
9 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://mhsinsights.com/login/styles.css
Requested by
Host: mhsinsights.com
URL: https://mhsinsights.com/login/index.html?code=token-not-found
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2033:c400:9:f4db:f940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
3e5e616eee4360dde209b2f1f006bd6b62afe77765866ade80cfcb4392948bf2
Security Headers
Name Value
Content-Security-Policy default-src 'self'; img-src 'self' data: www.google-analytics.com; frame-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; script-src 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com; connect-src 'self' *.execute-api.us-east-1.amazonaws.com www.google-analytics.com cognito-idp.us-east-1.amazonaws.com;
Strict-Transport-Security max-age=2592000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
en-US,en;q=0.9
Referer
https://mhsinsights.com/login/index.html?code=token-not-found
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

strict-transport-security
max-age=2592000; includeSubdomains; preload
content-security-policy
default-src 'self'; img-src 'self' data: www.google-analytics.com; frame-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; script-src 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com; connect-src 'self' *.execute-api.us-east-1.amazonaws.com www.google-analytics.com cognito-idp.us-east-1.amazonaws.com;
x-content-type-options
nosniff
date
Mon, 18 Mar 2024 15:15:21 GMT
via
1.1 f204fd5edced5b62e46cf4708208b058.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies
master-only
x-amz-cf-pop
MIA3-P7
age
45701
x-cache
Hit from cloudfront
content-length
8546
last-modified
Tue, 10 Nov 2020 11:20:16 GMT
server
AmazonS3
etag
"cfd2812bacf2f7eaf5e07efae62a24c4"
x-frame-options
DENY
content-type
text/css
accept-ranges
bytes
x-amz-cf-id
crQDRfLXmJqQO5j08cdhc0kWq1pdXIfDiKPuxV3RzDGeOLeX0CL26Q==
theme-dark-logo.svg
mhsinsights.com/login/images/ 		10 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mhsinsights.com/login/images/theme-dark-logo.svg
Requested by
Host: mhsinsights.com
URL: https://mhsinsights.com/login/index.html?code=token-not-found
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2033:c400:9:f4db:f940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
265d9cbe5eb6d104ce9ba75fa623f459fef7684398c975cde122cfa2817e7261
Security Headers
Name Value
Content-Security-Policy default-src 'self'; img-src 'self' data: www.google-analytics.com; frame-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; script-src 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com; connect-src 'self' *.execute-api.us-east-1.amazonaws.com www.google-analytics.com cognito-idp.us-east-1.amazonaws.com;
Strict-Transport-Security max-age=2592000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
en-US,en;q=0.9
Referer
https://mhsinsights.com/login/index.html?code=token-not-found
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

strict-transport-security
max-age=2592000; includeSubdomains; preload
content-security-policy
default-src 'self'; img-src 'self' data: www.google-analytics.com; frame-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; script-src 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com; connect-src 'self' *.execute-api.us-east-1.amazonaws.com www.google-analytics.com cognito-idp.us-east-1.amazonaws.com;
x-content-type-options
nosniff
date
Mon, 18 Mar 2024 15:15:21 GMT
via
1.1 f204fd5edced5b62e46cf4708208b058.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies
master-only
x-amz-cf-pop
MIA3-P7
age
45701
x-cache
Hit from cloudfront
content-length
10152
last-modified
Tue, 10 Nov 2020 11:20:16 GMT
server
AmazonS3
etag
"3021751f341d7acc0a087c27d94d3124"
x-frame-options
DENY
content-type
image/svg+xml
accept-ranges
bytes
x-amz-cf-id
x2T6_18NzhcYElp0xstVP2rRVSKOc3jQsoA2TCNOM6fNPzYLEUhxrg==
aws-sdk.min.js
mhsinsights.com/login/aws/ 		2 MB
2 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://mhsinsights.com/login/aws/aws-sdk.min.js
Requested by
Host: mhsinsights.com
URL: https://mhsinsights.com/login/index.html?code=token-not-found
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2033:c400:9:f4db:f940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f0b65b12bfce1a3236cce723810c98cadaec8ee244da8b20dc4f46d7f6107bf0
Security Headers
Name Value
Content-Security-Policy default-src 'self'; img-src 'self' data: www.google-analytics.com; frame-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; script-src 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com; connect-src 'self' *.execute-api.us-east-1.amazonaws.com www.google-analytics.com cognito-idp.us-east-1.amazonaws.com;
Strict-Transport-Security max-age=2592000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
en-US,en;q=0.9
Referer
https://mhsinsights.com/login/index.html?code=token-not-found
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

strict-transport-security
max-age=2592000; includeSubdomains; preload
content-security-policy
default-src 'self'; img-src 'self' data: www.google-analytics.com; frame-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; script-src 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com; connect-src 'self' *.execute-api.us-east-1.amazonaws.com www.google-analytics.com cognito-idp.us-east-1.amazonaws.com;
x-content-type-options
nosniff
date
Mon, 18 Mar 2024 15:15:21 GMT
via
1.1 f204fd5edced5b62e46cf4708208b058.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies
master-only
x-amz-cf-pop
MIA3-P7
age
45701
x-cache
Hit from cloudfront
content-length
2340697
last-modified
Tue, 10 Nov 2020 11:20:16 GMT
server
AmazonS3
etag
"e3d87481d1f257bda563d1c410fc5a92"
x-frame-options
DENY
content-type
application/javascript
accept-ranges
bytes
x-amz-cf-id
Am8BP843rDfI-60xFekYH04cyikuYneCi2pDFHcSWzPalScJaAqRdw==
aws-cognito-sdk.min.js
mhsinsights.com/login/aws/ 		254 KB
255 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://mhsinsights.com/login/aws/aws-cognito-sdk.min.js
Requested by
Host: mhsinsights.com
URL: https://mhsinsights.com/login/index.html?code=token-not-found
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2033:c400:9:f4db:f940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
07311b04d464e7653822bd1b39c0299da0912075776933f4c20abe992fe88e56
Security Headers
Name Value
Content-Security-Policy default-src 'self'; img-src 'self' data: www.google-analytics.com; frame-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; script-src 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com; connect-src 'self' *.execute-api.us-east-1.amazonaws.com www.google-analytics.com cognito-idp.us-east-1.amazonaws.com;
Strict-Transport-Security max-age=2592000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
en-US,en;q=0.9
Referer
https://mhsinsights.com/login/index.html?code=token-not-found
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

strict-transport-security
max-age=2592000; includeSubdomains; preload
content-security-policy
default-src 'self'; img-src 'self' data: www.google-analytics.com; frame-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; script-src 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com; connect-src 'self' *.execute-api.us-east-1.amazonaws.com www.google-analytics.com cognito-idp.us-east-1.amazonaws.com;
x-content-type-options
nosniff
date
Mon, 18 Mar 2024 15:15:21 GMT
via
1.1 f204fd5edced5b62e46cf4708208b058.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies
master-only
x-amz-cf-pop
MIA3-P7
age
45701
x-cache
Hit from cloudfront
content-length
259601
last-modified
Tue, 10 Nov 2020 11:20:16 GMT
server
AmazonS3
etag
"c5e12e9c6abb110d3851c04cb874fcaf"
x-frame-options
DENY
content-type
application/javascript
accept-ranges
bytes
x-amz-cf-id
NMgWLZAIesU5DSNHlETiZ5oEgR29i6DBfadX2vdEUHiP82g4K9B9Fg==
amazon-cognito-identity.min.js
mhsinsights.com/login/aws/ 		93 KB
94 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://mhsinsights.com/login/aws/amazon-cognito-identity.min.js
Requested by
Host: mhsinsights.com
URL: https://mhsinsights.com/login/index.html?code=token-not-found
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2033:c400:9:f4db:f940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
5925324e71ffff9a19320fd7790b1fe2905e34b8dbc880624b3ecfd6c0cd9303
Security Headers
Name Value
Content-Security-Policy default-src 'self'; img-src 'self' data: www.google-analytics.com; frame-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; script-src 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com; connect-src 'self' *.execute-api.us-east-1.amazonaws.com www.google-analytics.com cognito-idp.us-east-1.amazonaws.com;
Strict-Transport-Security max-age=2592000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
en-US,en;q=0.9
Referer
https://mhsinsights.com/login/index.html?code=token-not-found
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

strict-transport-security
max-age=2592000; includeSubdomains; preload
content-security-policy
default-src 'self'; img-src 'self' data: www.google-analytics.com; frame-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; script-src 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com; connect-src 'self' *.execute-api.us-east-1.amazonaws.com www.google-analytics.com cognito-idp.us-east-1.amazonaws.com;
x-content-type-options
nosniff
date
Mon, 18 Mar 2024 15:15:21 GMT
via
1.1 f204fd5edced5b62e46cf4708208b058.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies
master-only
x-amz-cf-pop
MIA3-P7
age
45701
x-cache
Hit from cloudfront
content-length
95414
last-modified
Tue, 10 Nov 2020 11:20:16 GMT
server
AmazonS3
etag
"2da2130a3d237367561789de55b8c718"
x-frame-options
DENY
content-type
application/javascript
accept-ranges
bytes
x-amz-cf-id
7_PdAo6PiBuqUyu5KRmW2kTnLO_it_jVSz0WD4UgsGZehUF4MZlJsQ==
script.js
mhsinsights.com/login/ 		10 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://mhsinsights.com/login/script.js
Requested by
Host: mhsinsights.com
URL: https://mhsinsights.com/login/index.html?code=token-not-found
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2033:c400:9:f4db:f940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
efb017b91f6b1fab176a76207d8a44f763759322b03eda7df1523401f51bf5fb
Security Headers
Name Value
Content-Security-Policy default-src 'self'; img-src 'self' data: www.google-analytics.com; frame-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; script-src 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com; connect-src 'self' *.execute-api.us-east-1.amazonaws.com www.google-analytics.com cognito-idp.us-east-1.amazonaws.com;
Strict-Transport-Security max-age=2592000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
en-US,en;q=0.9
Referer
https://mhsinsights.com/login/index.html?code=token-not-found
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

strict-transport-security
max-age=2592000; includeSubdomains; preload
content-security-policy
default-src 'self'; img-src 'self' data: www.google-analytics.com; frame-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; script-src 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com; connect-src 'self' *.execute-api.us-east-1.amazonaws.com www.google-analytics.com cognito-idp.us-east-1.amazonaws.com;
x-content-type-options
nosniff
date
Mon, 18 Mar 2024 15:15:21 GMT
via
1.1 f204fd5edced5b62e46cf4708208b058.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies
master-only
x-amz-cf-pop
MIA3-P7
age
45701
x-cache
Hit from cloudfront
content-length
10173
last-modified
Tue, 10 Nov 2020 11:20:16 GMT
server
AmazonS3
etag
"6f1bf8ae615cfc178b00bd7a79d6d520"
x-frame-options
DENY
content-type
application/javascript
accept-ranges
bytes
x-amz-cf-id
beqBsOUjXa4NX30Fg1I73Blx24_nDjDiZ1hUTCd32n0Jr5Vxg_jU5w==
FranklinGothicURWBoo.ttf
mhsinsights.com/login/font/ 		94 KB
95 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://mhsinsights.com/login/font/FranklinGothicURWBoo.ttf
Requested by
Host: mhsinsights.com
URL: https://mhsinsights.com/login/styles.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2033:c400:9:f4db:f940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a9d1c2ad8f775863df4101564577ea9acfb9ee6b93157957187ce86392555457
Security Headers
Name Value
Content-Security-Policy default-src 'self'; img-src 'self' data: www.google-analytics.com; frame-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; script-src 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com; connect-src 'self' *.execute-api.us-east-1.amazonaws.com www.google-analytics.com cognito-idp.us-east-1.amazonaws.com;
Strict-Transport-Security max-age=2592000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://mhsinsights.com/login/styles.css
Origin
https://mhsinsights.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

strict-transport-security
max-age=2592000; includeSubdomains; preload
content-security-policy
default-src 'self'; img-src 'self' data: www.google-analytics.com; frame-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; script-src 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com; connect-src 'self' *.execute-api.us-east-1.amazonaws.com www.google-analytics.com cognito-idp.us-east-1.amazonaws.com;
x-content-type-options
nosniff
date
Mon, 18 Mar 2024 15:15:21 GMT
via
1.1 f204fd5edced5b62e46cf4708208b058.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies
master-only
x-amz-cf-pop
MIA3-P7
age
45701
x-cache
Hit from cloudfront
content-length
96728
last-modified
Tue, 10 Nov 2020 11:20:16 GMT
server
AmazonS3
etag
"5798d53b3a62504b5d5c1d8bb6247dcd"
x-frame-options
DENY
content-type
binary/octet-stream
accept-ranges
bytes
x-amz-cf-id
nWMa0yMts3Utxfwmps78FQwIGjc01DFibDhvviiLL49G36XfTUvWCg==
FranklinGothicURWMed.ttf
mhsinsights.com/login/font/ 		95 KB
96 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://mhsinsights.com/login/font/FranklinGothicURWMed.ttf
Requested by
Host: mhsinsights.com
URL: https://mhsinsights.com/login/styles.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2033:c400:9:f4db:f940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a05f7789794016bc21d872c7b11c99023fe27b76e5b081379651011a2adf12bb
Security Headers
Name Value
Content-Security-Policy default-src 'self'; img-src 'self' data: www.google-analytics.com; frame-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; script-src 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com; connect-src 'self' *.execute-api.us-east-1.amazonaws.com www.google-analytics.com cognito-idp.us-east-1.amazonaws.com;
Strict-Transport-Security max-age=2592000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://mhsinsights.com/login/styles.css
Origin
https://mhsinsights.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

strict-transport-security
max-age=2592000; includeSubdomains; preload
content-security-policy
default-src 'self'; img-src 'self' data: www.google-analytics.com; frame-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; script-src 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com; connect-src 'self' *.execute-api.us-east-1.amazonaws.com www.google-analytics.com cognito-idp.us-east-1.amazonaws.com;
x-content-type-options
nosniff
date
Mon, 18 Mar 2024 15:15:21 GMT
via
1.1 f204fd5edced5b62e46cf4708208b058.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies
master-only
x-amz-cf-pop
MIA3-P7
age
45701
x-cache
Hit from cloudfront
content-length
96976
last-modified
Tue, 10 Nov 2020 11:20:16 GMT
server
AmazonS3
etag
"1d9957711c5e4551809875ea1f808ac7"
x-frame-options
DENY
content-type
binary/octet-stream
accept-ranges
bytes
x-amz-cf-id
_K0C2B8tQrTlatIr3YMvIAH5NuBRM42jo4UNvvgjQ_TaM_4R70KAkQ==
environment.json
mhsinsights.com/login/ 		185 B
918 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mhsinsights.com/login/environment.json
Requested by
Host: mhsinsights.com
URL: https://mhsinsights.com/login/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2033:c400:9:f4db:f940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
287ce3d61ba524a53d2a874cd9cecc71e14576e3a8ec7f87e3bd89ab9c3bc361
Security Headers
Name Value
Content-Security-Policy default-src 'self'; img-src 'self' data: www.google-analytics.com; frame-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; script-src 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com; connect-src 'self' *.execute-api.us-east-1.amazonaws.com www.google-analytics.com cognito-idp.us-east-1.amazonaws.com;
Strict-Transport-Security max-age=2592000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
en-US,en;q=0.9
Referer
https://mhsinsights.com/login/index.html?code=token-not-found
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

strict-transport-security
max-age=2592000; includeSubdomains; preload
content-security-policy
default-src 'self'; img-src 'self' data: www.google-analytics.com; frame-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; script-src 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com; connect-src 'self' *.execute-api.us-east-1.amazonaws.com www.google-analytics.com cognito-idp.us-east-1.amazonaws.com;
x-content-type-options
nosniff
date
Mon, 18 Mar 2024 15:15:22 GMT
via
1.1 f204fd5edced5b62e46cf4708208b058.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies
master-only
x-amz-cf-pop
MIA3-P7
age
45701
x-cache
Hit from cloudfront
content-length
185
last-modified
Tue, 10 Nov 2020 11:20:16 GMT
server
AmazonS3
etag
"6e325990e529a937c460ce807cf684fb"
x-frame-options
DENY
content-type
application/json
accept-ranges
bytes
x-amz-cf-id
secvX6wUX6LkelnhVWtiW7D6wHCNVYNAUIc6VgY_dw2Wueoft0CNqQ==
login-bg-1.jpg
mhsinsights.com/login/images/ 		264 KB
265 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mhsinsights.com/login/images/login-bg-1.jpg
Requested by
Host: mhsinsights.com
URL: https://mhsinsights.com/login/index.html?code=token-not-found
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2033:c400:9:f4db:f940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
31f84f6d6a5c90f044fe94c11f6c9daeba41e0f5ce7af84a3ca3e67490cd5544
Security Headers
Name Value
Content-Security-Policy default-src 'self'; img-src 'self' data: www.google-analytics.com; frame-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; script-src 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com; connect-src 'self' *.execute-api.us-east-1.amazonaws.com www.google-analytics.com cognito-idp.us-east-1.amazonaws.com;
Strict-Transport-Security max-age=2592000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
en-US,en;q=0.9
Referer
https://mhsinsights.com/login/index.html?code=token-not-found
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

strict-transport-security
max-age=2592000; includeSubdomains; preload
content-security-policy
default-src 'self'; img-src 'self' data: www.google-analytics.com; frame-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; script-src 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com; connect-src 'self' *.execute-api.us-east-1.amazonaws.com www.google-analytics.com cognito-idp.us-east-1.amazonaws.com;
x-content-type-options
nosniff
date
Mon, 18 Mar 2024 15:15:23 GMT
via
1.1 f204fd5edced5b62e46cf4708208b058.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies
master-only
x-amz-cf-pop
MIA3-P7
x-cache
RefreshHit from cloudfront
content-length
269848
last-modified
Tue, 10 Nov 2020 11:20:16 GMT
server
AmazonS3
etag
"65bc5f06f9c56b19d14dffe4d9fdf6da"
x-frame-options
DENY
content-type
image/jpeg
accept-ranges
bytes
x-amz-cf-id
nAJTwz7AjpZjazqSX7vnDB-V80Hj15ziQSOgQOpunWQ4GA0xjerfBA==

Verdicts & Comments Add Verdict or Comment

23 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| AWS object| AWSCognito object| AmazonCognitoIdentity function| init function| signIn function| validate function| setFormMessage function| clearFormMessages function| isTimeOK function| millisToMinutesAndSeconds function| setBackgroundImage function| authenticate function| onLoginFailure function| changePassword function| validatePassword function| sendCode function| setNewPassword function| setCookie function| getCookie function| eraseCookie function| loadJSON function| showPopup function| hidePopup

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self'; img-src 'self' data: www.google-analytics.com; frame-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; script-src 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com; connect-src 'self' *.execute-api.us-east-1.amazonaws.com www.google-analytics.com cognito-idp.us-east-1.amazonaws.com;
Strict-Transport-Security max-age=2592000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY