urlscan.io logo urlscan.io
SecurityTrails logo

idp.workhuman.com Open in urlscan Pro
65.9.83.77  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://e.customeriomail.com/e/c/eyJlbWFpbF9pZCI6IlJQTzBCZ0VBQVg2U25WVWV4MFJJT0lNa05sanpnZz09IiwiaHJlZiI6Imh0dHBzOi8vY2xvdWQu...
Effective URL: https://idp.workhuman.com/sp/startSSO.ping?PartnerIdpId=https://dfsso.bnymellon.net/&TARGET=https%3A%2F%2Fcloud.workhuman....
Submission: On January 25 via manual from GB — Scanned from GB
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 14 HTTP transactions. The main IP is 65.9.83.77, located in United States and belongs to AMAZON-02, US. The main domain is idp.workhuman.com. The Cisco Umbrella rank of the primary domain is 38270.
TLS certificate: Issued by Amazon on March 28th 2021. Valid for: a year.
This is the only time idp.workhuman.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 35.227.225.220 15169 (GOOGLE)
10 18.66.122.60 16509 (AMAZON-02)
1 2a02:26f0:170... 20940 (AKAMAI-ASN1)
1 65.9.83.77 16509 (AMAZON-02)
14 4
Apex Domain
Subdomains		 Transfer
11 workhuman.com
cloud.workhuman.com — Cisco Umbrella Rank: 25796
idp.workhuman.com — Cisco Umbrella Rank: 38270
2 MB
1 optimizely.com
cdn.optimizely.com — Cisco Umbrella Rank: 641
a15928870500.cdn.optimizely.com Failed
90 KB
1 customeriomail.com
e.customeriomail.com — Cisco Umbrella Rank: 93483
247 B
0 bnymellon.net Failed
dfsso.bnymellon.net Failed
14 4
Domain Requested by
10 cloud.workhuman.com cloud.workhuman.com
1 idp.workhuman.com
1 cdn.optimizely.com cloud.workhuman.com
1 e.customeriomail.com 1 redirects
0 dfsso.bnymellon.net Failed
0 a15928870500.cdn.optimizely.com Failed cdn.optimizely.com
14 6

This site contains no links.

Subject Issuer Validity Valid
*.workhuman.com
Amazon		 2021-03-28 -
2022-04-26		 a year crt.sh
cdn.optimizely.com
DigiCert SHA2 Secure Server CA		 2021-02-17 -
2022-02-21		 a year crt.sh

This page contains 2 frames:

Frame: https://dfsso.bnymellon.net/affwebservices/public/saml2sso
Frame ID: 65A0FA40C8511F3891E019F13D3EBC5F
Requests: 13 HTTP requests in this frame

Frame: https://a15928870500.cdn.optimizely.com/client_storage/a15928870500.html
Frame ID: 847A948FEA28CAD848DDC95D94087A4A
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://e.customeriomail.com/e/c/eyJlbWFpbF9pZCI6IlJQTzBCZ0VBQVg2U25WVWV4MFJJT0lNa05sanpnZz09IiwiaHJlZiI6... HTTP 302
    https://cloud.workhuman.com/store/ Page URL
  2. https://cloud.workhuman.com/microsites/t/apps/forwardToInternalApp?client=bnymellon&targetUrl=%2Fstore%2... Page URL
  3. https://idp.workhuman.com/sp/startSSO.ping?PartnerIdpId=https://dfsso.bnymellon.net/&TARGET=https%3A%2... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • optimizely\.com.*\.js

Page Statistics

14
Requests

86 %
HTTPS

25 %
IPv6

4
Domains

6
Subdomains

4
IPs

2
Countries

1774 kB
Transfer

2273 kB
Size

7
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://e.customeriomail.com/e/c/eyJlbWFpbF9pZCI6IlJQTzBCZ0VBQVg2U25WVWV4MFJJT0lNa05sanpnZz09IiwiaHJlZiI6Imh0dHBzOi8vY2xvdWQud29ya2h1bWFuLmNvbS9zdG9yZS8jIWJueW1lbGxvbiIsImludGVybmFsIjoiZjNiNDA2MjM5Mzc4YTQ4MzQxIiwibGlua19pZCI6MTAyfQ/44fe36196ca33b72072d9a0a76d6ebdf05f970f12bb3f9fb0fa595536aa9692b HTTP 302
    https://cloud.workhuman.com/store/ Page URL
  2. https://cloud.workhuman.com/microsites/t/apps/forwardToInternalApp?client=bnymellon&targetUrl=%2Fstore%2F%23!bnymellon Page URL
  3. https://idp.workhuman.com/sp/startSSO.ping?PartnerIdpId=https://dfsso.bnymellon.net/&TARGET=https%3A%2F%2Fcloud.workhuman.com%2Fmicrosites%2Fmotivation%2FSSOEntryPoint%3Fclient%3Dbnymellon Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://e.customeriomail.com/e/c/eyJlbWFpbF9pZCI6IlJQTzBCZ0VBQVg2U25WVWV4MFJJT0lNa05sanpnZz09IiwiaHJlZiI6Imh0dHBzOi8vY2xvdWQud29ya2h1bWFuLmNvbS9zdG9yZS8jIWJueW1lbGxvbiIsImludGVybmFsIjoiZjNiNDA2MjM5Mzc4YTQ4MzQxIiwibGlua19pZCI6MTAyfQ/44fe36196ca33b72072d9a0a76d6ebdf05f970f12bb3f9fb0fa595536aa9692b HTTP 302
  • https://cloud.workhuman.com/store/

14 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
cloud.workhuman.com/store/
Redirect Chain
  • http://e.customeriomail.com/e/c/eyJlbWFpbF9pZCI6IlJQTzBCZ0VBQVg2U25WVWV4MFJJT0lNa05sanpnZz09IiwiaHJlZiI6Imh0dHBzOi8vY2xvdWQud29ya2h1bWFuLmNvbS9zdG9yZS8jIWJueW1lbGxvbiIsImludGVybmFsIjoiZjNiNDA2MjM5M...
  • https://cloud.workhuman.com/store/
10 KB
11 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://cloud.workhuman.com/store/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.122.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-122-60.fra60.r.cloudfront.net
Software
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_jk/1.2.46 /
Resource Hash
8c0e1eca9b902a4517612ebc0c6796406e37141fe5795b82035085e426f81f17
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-GB,en;q=0.9

Response headers

content-type
text/html; charset=UTF-8
content-length
10042
date
Tue, 25 Jan 2022 20:25:48 GMT
server
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_jk/1.2.46
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Fri, 21 Jan 2022 09:11:00 GMT
accept-ranges
bytes
cache-control
max-age=600
expires
Tue, 25 Jan 2022 20:35:48 GMT
x-xss-protection
1; mode=block
x-content-type-options
nosniff
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://68cebcfc7e2f58b08b59066f1.report-uri.com/r/d/csp/reportOnly
etag
"273a-5d613ff547100"
x-cache
Hit from cloudfront
via
1.1 0cef334729aed841ca9f130c177beeba.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P2
x-amz-cf-id
FMCrM8RRgd0YurFCTAU0fPWFwTyecHE5r-anCSAws8S8gb-uWvtI4Q==
age
354

Redirect headers

Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate, max-age=0
Content-Length
0
Date
Tue, 25 Jan 2022 20:31:42 GMT
Location
https://cloud.workhuman.com/store/#!bnymellon
Via
1.1 google
16969570298.js
cdn.optimizely.com/js/ 		291 KB
90 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.optimizely.com/js/16969570298.js
Requested by
Host: cloud.workhuman.com
URL: https://cloud.workhuman.com/store/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:1700:197::13b8 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AmazonS3 /
Resource Hash
5ad96c5eebbc0590b4121ad5c30275d85ef43a6bdb2dcd12017542b0a6c75a88
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://cloud.workhuman.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-meta-pci_enabled
False
x-amz-version-id
aMLUFtmoMqjWxjZ1uEGkMeBeHRASC1S9
content-encoding
gzip
etag
"aa51d9d23389d4b2eb56ee197f272df4"
x-amz-request-id
T9NPPVC8CVRAZMHB
x-amz-server-side-encryption
AES256
x-amz-meta-revision
3080
x-amz-replication-status
PENDING
access-control-allow-methods
GET, HEAD
server-timing
cdn;desc="AkamaiION";dur=0,rtt;desc="54";dur=0,cdnip;desc="2a02:26f0:1700:197::13b8";dur=0,cdnmap;desc="a5048.dsca.akamaiedge.net";dur=0,proto;desc="h2";dur=0
vary
Accept-Encoding
content-length
91337
x-amz-id-2
n6nOa5mxTW94RdaYQCBzQ7BzbtEZUGgtqab34MUOtN4Rb8SJOeqd9yoNEk8dXdzjYMMYQk34CWw=
last-modified
Mon, 15 Nov 2021 11:14:08 GMT
server
AmazonS3
date
Tue, 25 Jan 2022 20:31:42 GMT
access-control-max-age
86400
strict-transport-security
max-age=15768000
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
x-amz-meta-revision
cache-control
max-age=120
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
*
main.css
cloud.workhuman.com/store/ 		191 KB
192 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cloud.workhuman.com/store/main.css?669f614095783d5a4b62
Requested by
Host: cloud.workhuman.com
URL: https://cloud.workhuman.com/store/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.122.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-122-60.fra60.r.cloudfront.net
Software
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_jk/1.2.46 /
Resource Hash
e5fe1d16b16755945021128b082b75bf5f39787caa669b0723da78f2ca887df6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://cloud.workhuman.com/store/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Tue, 25 Jan 2022 20:25:50 GMT
via
1.1 0cef334729aed841ca9f130c177beeba.cloudfront.net (CloudFront)
x-content-type-options
nosniff
age
352
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://68cebcfc7e2f58b08b59066f1.report-uri.com/r/d/csp/reportOnly
x-cache
Hit from cloudfront
content-length
195635
x-xss-protection
1; mode=block
last-modified
Fri, 21 Jan 2022 09:11:00 GMT
server
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_jk/1.2.46
etag
"2fc33-5d613ff547100"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
text/css
cache-control
max-age=31536000
x-amz-cf-pop
FRA60-P2
accept-ranges
bytes
x-amz-cf-id
5rlVJJjagpAzzsySQt-KjD3ow_0Un_uCJpYUPDGNrgDJ0Rk-1x6wig==
expires
Wed, 25 Jan 2023 20:25:50 GMT
main.css
cloud.workhuman.com/cookie-banner-ui-app/ 		1 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cloud.workhuman.com/cookie-banner-ui-app/main.css
Requested by
Host: cloud.workhuman.com
URL: https://cloud.workhuman.com/store/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.122.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-122-60.fra60.r.cloudfront.net
Software
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_jk/1.2.46 /
Resource Hash
cb02b2f40be7e9590626cdae4222499f52590c2a681a335edf2046421dbfc3bd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://cloud.workhuman.com/store/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Tue, 25 Jan 2022 20:31:42 GMT
via
1.1 0cef334729aed841ca9f130c177beeba.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
FRA60-P2
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://68cebcfc7e2f58b08b59066f1.report-uri.com/r/d/csp/reportOnly
x-cache
Miss from cloudfront
content-length
1298
x-xss-protection
1; mode=block
last-modified
Fri, 21 Jan 2022 09:06:33 GMT
server
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_jk/1.2.46
etag
"512-5d613ef6a5840"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
text/css
cache-control
max-age=31536000
accept-ranges
bytes
x-amz-cf-id
DxhkuY3eAQ6cH8Syy71aPEqE00v0Df25aD5DEfdlpVhJsgsHnJ3WAg==
expires
Wed, 25 Jan 2023 20:31:42 GMT
polyfills.bundle.js
cloud.workhuman.com/store/ 		41 KB
42 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cloud.workhuman.com/store/polyfills.bundle.js?669f614095783d5a4b62
Requested by
Host: cloud.workhuman.com
URL: https://cloud.workhuman.com/store/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.122.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-122-60.fra60.r.cloudfront.net
Software
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_jk/1.2.46 /
Resource Hash
a3b79578377449847c36bc86527884ca3231a08e926c37dc416a04bb57a18775
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://cloud.workhuman.com/store/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Tue, 25 Jan 2022 20:25:50 GMT
via
1.1 0cef334729aed841ca9f130c177beeba.cloudfront.net (CloudFront)
x-content-type-options
nosniff
age
352
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://68cebcfc7e2f58b08b59066f1.report-uri.com/r/d/csp/reportOnly
x-cache
Hit from cloudfront
content-length
41705
x-xss-protection
1; mode=block
last-modified
Fri, 21 Jan 2022 09:11:00 GMT
server
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_jk/1.2.46
etag
"a2e9-5d613ff547100"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
cache-control
max-age=31536000
x-amz-cf-pop
FRA60-P2
accept-ranges
bytes
x-amz-cf-id
8BjeuMl07CwSp7XT4F6z19arlFor3wHUHBv8LEwbkaTXHSpcc-CThw==
expires
Wed, 25 Jan 2023 20:25:50 GMT
main.bundle.js
cloud.workhuman.com/store/ 		1 MB
1 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://cloud.workhuman.com/store/main.bundle.js?669f614095783d5a4b62
Requested by
Host: cloud.workhuman.com
URL: https://cloud.workhuman.com/store/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.122.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-122-60.fra60.r.cloudfront.net
Software
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_jk/1.2.46 /
Resource Hash
f72a5f210ba80cf53213a545a6d2e5596de9581081f6f73c922010d672182b3b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://cloud.workhuman.com/store/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Tue, 25 Jan 2022 20:25:50 GMT
via
1.1 0cef334729aed841ca9f130c177beeba.cloudfront.net (CloudFront)
x-content-type-options
nosniff
age
352
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://68cebcfc7e2f58b08b59066f1.report-uri.com/r/d/csp/reportOnly
x-cache
Hit from cloudfront
content-length
1233675
x-xss-protection
1; mode=block
last-modified
Fri, 21 Jan 2022 09:11:00 GMT
server
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_jk/1.2.46
etag
"12d30b-5d613ff547100"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
cache-control
max-age=31536000
x-amz-cf-pop
FRA60-P2
accept-ranges
bytes
x-amz-cf-id
9No3t0hCThurt0rXAj-KxMPWVLtFbaK_wzxQ9rTigtU27BpIixS_AQ==
expires
Wed, 25 Jan 2023 20:25:50 GMT
main.bundle.js
cloud.workhuman.com/cookie-banner-ui-app/ 		445 KB
136 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cloud.workhuman.com/cookie-banner-ui-app/main.bundle.js
Requested by
Host: cloud.workhuman.com
URL: https://cloud.workhuman.com/store/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.122.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-122-60.fra60.r.cloudfront.net
Software
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_jk/1.2.46 /
Resource Hash
a0608e5bb74908e691403d4c1ec5fc415606f26431a385b5266f3db2104b12cc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://cloud.workhuman.com/store/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
age
22984
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://68cebcfc7e2f58b08b59066f1.report-uri.com/r/d/csp/reportOnly
x-cache
Hit from cloudfront
date
Tue, 25 Jan 2022 14:23:26 GMT
x-xss-protection
1; mode=block
last-modified
Fri, 21 Jan 2022 09:06:33 GMT
server
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_jk/1.2.46
etag
W/"6f3c9-5d613ef6a5840"
vary
Accept-Encoding
content-type
application/javascript
via
1.1 0cef334729aed841ca9f130c177beeba.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA60-P2
x-amz-cf-id
CPvVDbAxu9Sdr-bcRh7COqL5g3KZZU2Bga76LmETVtykKtPgCxm91g==
expires
Wed, 25 Jan 2023 14:08:39 GMT
Roboto-Regular.cb7e23dffd3d4fdf28bff31741390214.woff
cloud.workhuman.com/store/assets/fonts/ 		81 KB
82 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cloud.workhuman.com/store/assets/fonts/Roboto-Regular.cb7e23dffd3d4fdf28bff31741390214.woff
Requested by
Host: cloud.workhuman.com
URL: https://cloud.workhuman.com/store/main.css?669f614095783d5a4b62
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.122.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-122-60.fra60.r.cloudfront.net
Software
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_jk/1.2.46 /
Resource Hash
f4eda1ef158abd66bb66752828a080366bddc91e86bfe43fffe2dc8a2aaf6438
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cloud.workhuman.com/store/main.css?669f614095783d5a4b62
Origin
https://cloud.workhuman.com
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Tue, 25 Jan 2022 20:31:43 GMT
via
1.1 0cef334729aed841ca9f130c177beeba.cloudfront.net (CloudFront)
x-content-type-options
nosniff
last-modified
Fri, 21 Jan 2022 09:11:00 GMT
server
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_jk/1.2.46
x-amz-cf-pop
FRA60-P2
etag
"14280-5d613ff547100"
strict-transport-security
max-age=31536000; includeSubDomains
x-cache
Miss from cloudfront
accept-ranges
bytes
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://68cebcfc7e2f58b08b59066f1.report-uri.com/r/d/csp/reportOnly
content-length
82560
x-xss-protection
1; mode=block
x-amz-cf-id
BOp49KXZpbJ9Z_TJRB5WFptfhh2nWLWWL4yZUht6fdOMtZA03G9Yyg==
a15928870500.html
a15928870500.cdn.optimizely.com/client_storage/ Frame 847A 		0
0
userSessionAuthToken
cloud.workhuman.com/microsites/login/ 		4 KB
5 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cloud.workhuman.com/microsites/login/userSessionAuthToken?
Requested by
Host: cloud.workhuman.com
URL: https://cloud.workhuman.com/store/main.bundle.js?669f614095783d5a4b62
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.122.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-122-60.fra60.r.cloudfront.net
Software
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_jk/1.2.46 /
Resource Hash
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.quicksight.aws.amazon.com outlook.office365.com outlook.office.com; report-uri https://68cebcfc7e2f58b08b59066f1.report-uri.com/r/d/csp/enforce
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cloud.workhuman.com/store/
X-Requested-With
XMLHttpRequest
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Tue, 25 Jan 2022 20:31:43 GMT
via
1.1 0cef334729aed841ca9f130c177beeba.cloudfront.net (CloudFront)
x-content-type-options
nosniff
server
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_jk/1.2.46
x-amz-cf-pop
FRA60-P2
strict-transport-security
max-age=31536000; includeSubDomains
x-cache
Error from cloudfront
content-type
text/html;charset=utf-8
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-security-policy
frame-ancestors 'self' *.quicksight.aws.amazon.com outlook.office365.com outlook.office.com; report-uri https://68cebcfc7e2f58b08b59066f1.report-uri.com/r/d/csp/enforce
content-length
3606
x-xss-protection
1; mode=block
x-amz-cf-id
seibbVKk6z4UA3uyTJAvJ4374D6Ju-MArBdl8q8jkYPGqN4BpKu63Q==
expires
Sat, 6 May 1995 12:00:00 GMT
userSessionAuthToken
cloud.workhuman.com/microsites/login/ 		4 KB
5 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cloud.workhuman.com/microsites/login/userSessionAuthToken?
Requested by
Host: cloud.workhuman.com
URL: https://cloud.workhuman.com/store/main.bundle.js?669f614095783d5a4b62
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.122.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-122-60.fra60.r.cloudfront.net
Software
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_jk/1.2.46 /
Resource Hash
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.quicksight.aws.amazon.com outlook.office365.com outlook.office.com; report-uri https://68cebcfc7e2f58b08b59066f1.report-uri.com/r/d/csp/enforce
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cloud.workhuman.com/store/
X-Requested-With
XMLHttpRequest
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Tue, 25 Jan 2022 20:31:43 GMT
via
1.1 0cef334729aed841ca9f130c177beeba.cloudfront.net (CloudFront)
x-content-type-options
nosniff
server
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_jk/1.2.46
x-amz-cf-pop
FRA60-P2
strict-transport-security
max-age=31536000; includeSubDomains
x-cache
Error from cloudfront
content-type
text/html;charset=utf-8
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-security-policy
frame-ancestors 'self' *.quicksight.aws.amazon.com outlook.office365.com outlook.office.com; report-uri https://68cebcfc7e2f58b08b59066f1.report-uri.com/r/d/csp/enforce
content-length
3606
x-xss-protection
1; mode=block
x-amz-cf-id
CFIlRbThHhM_2Fja_0SZcf0W0oaQCm-nDOkAS1XrjUn-fS0SFFKlwg==
expires
Sat, 6 May 1995 12:00:00 GMT
forwardToInternalApp
cloud.workhuman.com/microsites/t/apps/ 		599 B
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://cloud.workhuman.com/microsites/t/apps/forwardToInternalApp?client=bnymellon&targetUrl=%2Fstore%2F%23!bnymellon
Requested by
Host: cloud.workhuman.com
URL: https://cloud.workhuman.com/store/main.bundle.js?669f614095783d5a4b62
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.122.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-122-60.fra60.r.cloudfront.net
Software
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_jk/1.2.46 /
Resource Hash
d8bb433ada767e5104aa1391e257b19bd4da9e97b2e51bb7bc41ba203cf3d107
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.quicksight.aws.amazon.com outlook.office365.com outlook.office.com; report-uri https://68cebcfc7e2f58b08b59066f1.report-uri.com/r/d/csp/enforce
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-GB,en;q=0.9
Referer
https://cloud.workhuman.com/store/

Response headers

content-type
text/html;charset=ISO-8859-1
content-length
599
date
Tue, 25 Jan 2022 20:31:43 GMT
server
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_jk/1.2.46
strict-transport-security
max-age=31536000; includeSubDomains
pragma
no-cache
cache-control
no-cache, no-store, must-revalidate
expires
01 Apr 1995 01:10:10 GMT
x-xss-protection
1; mode=block
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self' *.quicksight.aws.amazon.com outlook.office365.com outlook.office.com; report-uri https://68cebcfc7e2f58b08b59066f1.report-uri.com/r/d/csp/enforce
x-cache
Miss from cloudfront
via
1.1 0cef334729aed841ca9f130c177beeba.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P2
x-amz-cf-id
PdR99tjzrcD67AWFaWNy3BvJkGGuQCyh6qq2UDx-aw2ZFfgViRVQAg==
Primary Request startSSO.ping
idp.workhuman.com/sp/ 		1 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://idp.workhuman.com/sp/startSSO.ping?PartnerIdpId=https://dfsso.bnymellon.net/&TARGET=https%3A%2F%2Fcloud.workhuman.com%2Fmicrosites%2Fmotivation%2FSSOEntryPoint%3Fclient%3Dbnymellon
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.83.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-83-77.ams1.r.cloudfront.net
Software
/
Resource Hash
607df95201e78ffc667d89136a0e492d97c589eb26a5f2e7df0983c50b6e3b6d
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
Origin
https://cloud.workhuman.com
Content-Type
application/x-www-form-urlencoded
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-GB,en;q=0.9
Referer
https://cloud.workhuman.com/

Response headers

content-type
text/html;charset=utf-8
content-length
1346
date
Tue, 25 Jan 2022 20:31:44 GMT
x-frame-options
SAMEORIGIN
referrer-policy
origin
cache-control
no-cache, no-store
pragma
no-cache
expires
Thu, 01 Jan 1970 00:00:00 GMT
x-cache
Miss from cloudfront
via
1.1 8da78542dac6b4328eb443200c30bbfe.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS1-C1
x-amz-cf-id
_yybbYYKEHZjw7YzPBqWMPjVWbCEE3DahRgyeb0R1vNkCJv-iALvQA==
saml2sso
dfsso.bnymellon.net/affwebservices/public/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
a15928870500.cdn.optimizely.com
URL
https://a15928870500.cdn.optimizely.com/client_storage/a15928870500.html
Domain
dfsso.bnymellon.net
URL
https://dfsso.bnymellon.net/affwebservices/public/saml2sso

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

7 Cookies

Domain/Path Name / Value
cloud.workhuman.com/microsites Name: client
Value: bnymellon
.workhuman.com/ Name: optimizelyEndUserId
Value: oeu1643142703287r0.930298528238467
cloud.workhuman.com/ Name: AWSALB
Value: tXqfmlDE2MjACw8Mx+d23tD7NhP5tYKNZorfrYkWZYcjnTQrYHjizqRT0iRQeOngemnD38jQ6AIwp+kNmJ2++hP3sDsGvsSOZ/G6wwvZTSy6wHzhI/de0GEjSOZQ
cloud.workhuman.com/ Name: AWSALBCORS
Value: tXqfmlDE2MjACw8Mx+d23tD7NhP5tYKNZorfrYkWZYcjnTQrYHjizqRT0iRQeOngemnD38jQ6AIwp+kNmJ2++hP3sDsGvsSOZ/G6wwvZTSy6wHzhI/de0GEjSOZQ
cloud.workhuman.com/ Name: cf_client
Value: bnymellon
cloud.workhuman.com/ Name: JSESSIONID
Value: 1A4E697C77C503B62FAC49B4900836DA
idp.workhuman.com/ Name: PF
Value: BRo1RVvsztRyHdySpW8ALF

2 Console Messages

Source Level URL
Text
network error URL: https://cloud.workhuman.com/microsites/login/userSessionAuthToken?
Message:
Failed to load resource: the server responded with a status of 500 ()
network error URL: https://cloud.workhuman.com/microsites/login/userSessionAuthToken?
Message:
Failed to load resource: the server responded with a status of 500 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block