login.voya.com Open in urlscan Pro
172.64.146.245 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://click.mail.edelmanfinancialengines.com/?qs=22e6873a5dcf27f5b25de7c06b8793287c86c4e23b39f2bdec97ccbb53ad0128af4ebadff851d683a076e038d9c2...
Effective URL:
https://login.voya.com/voyassoui/index.html?domain=cnpsavings.voya.com&target=link://fe/bGluaz1UT0tFTl9MT0dJTl9QT1NUX1Z...
Submission: On January 07 via manual (January 7th 2024, 4:24:39 am UTC) from US — Scanned from DE

Summary HTTP 15 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 15 HTTP transactions. The main IP is 172.64.146.245, located in United States and belongs to CLOUDFLARENET, US. The main domain is login.voya.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on August 13th 2023. Valid for: a year.

This is the only time login.voya.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	13.111.148.97 13.111.148.97	14340 (SALESFORCE) (SALESFORCE)
1 5	2a02:26f0:350... 2a02:26f0:3500:890::2d5b	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4	44.242.30.195 44.242.30.195	16509 (AMAZON-02) (AMAZON-02)
2 3	172.64.146.245 172.64.146.245	13335 (CLOUDFLAR...) (CLOUDFLARENET)
15	4

1 13.111.148.97 (United States) 1 redirects

ASN14340 (SALESFORCE, US)
PTR: click.mail.edelmanfinancialengines.com

click.mail.edelmanfinancialengines.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a02:26f0:3500:890::2d5b (Frankfurt am Main, Germany) 1 redirects

ASN20940 (AKAMAI-ASN1, NL)

www.financialengines.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 44.242.30.195 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-44-242-30-195.us-west-2.compute.amazonaws.com

http-inputs-financialengines.splunkcloud.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.64.146.245 (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

my.voya.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
login.voya.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	financialengines.com 1 redirects www.financialengines.com — Cisco Umbrella Rank: 145919	25 KB
4	splunkcloud.com http-inputs-financialengines.splunkcloud.com — Cisco Umbrella Rank: 152095	858 B
3	voya.com 2 redirects my.voya.com — Cisco Umbrella Rank: 160766 login.voya.com	1 KB
1	edelmanfinancialengines.com 1 redirects click.mail.edelmanfinancialengines.com	313 B
15	4

	Domain	Requested by
5	www.financialengines.com	1 redirects www.financialengines.com
4	http-inputs-financialengines.splunkcloud.com	www.financialengines.com
2	login.voya.com	1 redirects www.financialengines.com login.voya.com
1	my.voya.com	1 redirects
1	click.mail.edelmanfinancialengines.com	1 redirects
15	5

This site contains no links.

Subject Issuer	Validity	Valid
www.financialengines.com DigiCert EV RSA CA G2	`2023-04-03` - `2024-04-02`	a year	crt.sh
*.financialengines.splunkcloud.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-09` - `2024-07-08`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-08-13` - `2024-08-11`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://login.voya.com/voyassoui/index.html?domain=cnpsavings.voya.com&target=link://fe/bGluaz1UT0tFTl9MT0dJTl9QT1NUX1ZFUklGSUNBVElPTiZ0eXBlPU1BX1JFVF9VUERBVEUmdG9rPXlpcXczcHB0cGVlajk0NXl1ejN4ZW41dDI3ZW1pOWp5JnB1cmxQYXJhbUluZm89Mzk2OTMxNDEw
Frame ID: D2BEE31B9F0A021C2547DEFC60ECE3BD
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://click.mail.edelmanfinancialengines.com/?qs=22e6873a5dcf27f5b25de7c06b8793287c86c4e23b39f2bdec97ccbb53ad0128af4ebadf... HTTP 302
https://www.financialengines.com/framework/emaillogin.act?&tok=yiqw3pptpeej945yuz3xen5t27emi9jy&type=MA_RET_U... HTTP 302
https://www.financialengines.com/app/outbound-sso/?target=TOKEN_LOGIN_POST_VERIFICATION%26type%3DMA_RET_UPDAT... Page URL
https://my.voya.com/voyasso/index.html?domain=cnpsavings.voya.com&target=link://fe/bGluaz1UT0tFT... HTTP 302
https://login.voya.com/voyasso/index.html?domain=cnpsavings.voya.com&target=link://fe/bGluaz1UT0tFT... HTTP 302
https://login.voya.com/voyassoui/index.html?domain=cnpsavings.voya.com&target=link://fe/bGluaz1UT0t... Page URL

Page Statistics

15
Requests

60 %
HTTPS

25 %
IPv6

4
Domains

5
Subdomains

4
IPs

2
Countries

24 kB
Transfer

83 kB
Size

12
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://click.mail.edelmanfinancialengines.com/?qs=22e6873a5dcf27f5b25de7c06b8793287c86c4e23b39f2bdec97ccbb53ad0128af4ebadff851d683a076e038d9c2415f4e5df7c1a44d3d406453028619bdfc36 HTTP 302
https://www.financialengines.com/framework/emaillogin.act?&tok=yiqw3pptpeej945yuz3xen5t27emi9jy&type=MA_RET_UPDATE&purlParamInfo=396931410 HTTP 302
https://www.financialengines.com/app/outbound-sso/?target=TOKEN_LOGIN_POST_VERIFICATION%26type%3DMA_RET_UPDATE%26tok%3Dyiqw3pptpeej945yuz3xen5t27emi9jy%26purlParamInfo%3D396931410&poid=cnpvoya Page URL
https://my.voya.com/voyasso/index.html?domain=cnpsavings.voya.com&target=link://fe/bGluaz1UT0tFTl9MT0dJTl9QT1NUX1ZFUklGSUNBVElPTiZ0eXBlPU1BX1JFVF9VUERBVEUmdG9rPXlpcXczcHB0cGVlajk0NXl1ejN4ZW41dDI3ZW1pOWp5JnB1cmxQYXJhbUluZm89Mzk2OTMxNDEw HTTP 302
https://login.voya.com/voyasso/index.html?domain=cnpsavings.voya.com&target=link://fe/bGluaz1UT0tFTl9MT0dJTl9QT1NUX1ZFUklGSUNBVElPTiZ0eXBlPU1BX1JFVF9VUERBVEUmdG9rPXlpcXczcHB0cGVlajk0NXl1ejN4ZW41dDI3ZW1pOWp5JnB1cmxQYXJhbUluZm89Mzk2OTMxNDEw HTTP 302
https://login.voya.com/voyassoui/index.html?domain=cnpsavings.voya.com&target=link://fe/bGluaz1UT0tFTl9MT0dJTl9QT1NUX1ZFUklGSUNBVElPTiZ0eXBlPU1BX1JFVF9VUERBVEUmdG9rPXlpcXczcHB0cGVlajk0NXl1ejN4ZW41dDI3ZW1pOWp5JnB1cmxQYXJhbUluZm89Mzk2OTMxNDEw Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://click.mail.edelmanfinancialengines.com/?qs=22e6873a5dcf27f5b25de7c06b8793287c86c4e23b39f2bdec97ccbb53ad0128af4ebadff851d683a076e038d9c2415f4e5df7c1a44d3d406453028619bdfc36 HTTP 302
https://www.financialengines.com/framework/emaillogin.act?&tok=yiqw3pptpeej945yuz3xen5t27emi9jy&type=MA_RET_UPDATE&purlParamInfo=396931410 HTTP 302
https://www.financialengines.com/app/outbound-sso/?target=TOKEN_LOGIN_POST_VERIFICATION%26type%3DMA_RET_UPDATE%26tok%3Dyiqw3pptpeej945yuz3xen5t27emi9jy%26purlParamInfo%3D396931410&poid=cnpvoya

15 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

/ Show response
www.financialengines.com/app/outbound-sso/
Redirect Chain

https://click.mail.edelmanfinancialengines.com/?qs=22e6873a5dcf27f5b25de7c06b8793287c86c4e23b39f2bdec97ccbb53ad0128af4ebadff851d683a076e038d9c2415f4e5df7c1a44d3d406453028619bdfc36
https://www.financialengines.com/framework/emaillogin.act?&tok=yiqw3pptpeej945yuz3xen5t27emi9jy&type=MA_RET_UPDATE&purlParamInfo=396931410
https://www.financialengines.com/app/outbound-sso/?target=TOKEN_LOGIN_POST_VERIFICATION%26type%3DMA_RET_UPDATE%26tok%3Dyiqw3pptpeej945yuz3xen5t27emi9jy%26purlParamInfo%3D396931410&poid=cnpvoya

934 B
1 KB

202ms
202ms

Document
text/html

2a02:26f0:3500:890::2d5b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.financialengines.com/app/outbound-sso/?target=TOKEN_LOGIN_POST_VERIFICATION%26type%3DMA_RET_UPDATE%26tok%3Dyiqw3pptpeej945yuz3xen5t27emi9jy%26purlParamInfo%3D396931410&poid=cnpvoya

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:890::2d5b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

AmazonS3 /

Resource Hash

b81a7c135218ba3c0065389d47b564e962bd13b95f6e3677b8398999c29cc10b

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: max-age=660
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 520
Content-Type: text/html
Date: Sun, 07 Jan 2024 04:24:33 GMT
ETag: "7e8ddfaba6ae7d084bfbdcebd1dae084-gzip"
Expires: Sun, 07 Jan 2024 04:35:33 GMT
Last-Modified: Fri, 24 Dec 2021 02:15:16 GMT
Server: AmazonS3
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
x-amz-id-2: L36r9u4myGI232iLDnHrh/rpabiR3aZAk9W5OICvbbowxBCPbgaDqsqr1fhMYIAuAxIaCQeFETg=
x-amz-request-id: HE9ZJ1X8XZAP903H

Redirect headers

Connection: keep-alive
Content-Language: de-DE
Content-Length: 0
Date: Sun, 07 Jan 2024 04:24:33 GMT
Location: https://www.financialengines.com/app/outbound-sso/?target=TOKEN_LOGIN_POST_VERIFICATION%26type%3DMA_RET_UPDATE%26tok%3Dyiqw3pptpeej945yuz3xen5t27emi9jy%26purlParamInfo%3D396931410&poid=cnpvoya
Server: Apache
X-Frame-Options: SAMEORIGIN

GET
H/1.1 200
OK outbound-sso.ad0a9e53a77a7ded8aff.css
www.financialengines.com/app/outbound-sso/ 1 KB
997 B 12ms
11ms Stylesheet
text/css 2a02:26f0:3500:890::2d5b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.financialengines.com/app/outbound-sso/outbound-sso.ad0a9e53a77a7ded8aff.css

Requested by

Host: www.financialengines.com
URL: https://www.financialengines.com/app/outbound-sso/?target=TOKEN_LOGIN_POST_VERIFICATION%26type%3DMA_RET_UPDATE%26tok%3Dyiqw3pptpeej945yuz3xen5t27emi9jy%26purlParamInfo%3D396931410&poid=cnpvoya

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:890::2d5b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

AmazonS3 /

Resource Hash

8c7c9aa848551c68049e9dc19b2b5aba8fef5438ec310d4b750d811ad40558a5

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.financialengines.com/app/outbound-sso/?target=TOKEN_LOGIN_POST_VERIFICATION%26type%3DMA_RET_UPDATE%26tok%3Dyiqw3pptpeej945yuz3xen5t27emi9jy%26purlParamInfo%3D396931410&poid=cnpvoya
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Sun, 07 Jan 2024 04:24:33 GMT
Content-Encoding: gzip
Last-Modified: Fri, 24 Dec 2021 02:15:16 GMT
Server: AmazonS3
x-amz-request-id: GPAQ6J2AEZVKDGW3
ETag: "728903d4fd8595c6bd494ab90f3e807f"
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Type: text/css
Cache-Control: max-age=3024000
Connection: keep-alive
Content-Length: 492
x-amz-id-2: FHDA1NsZp8UaR/HJCe/LsVvsKKy1h6XEp94keAz3Q+ThfQagpvE9JZWgu9fKIYxljqnKOUcS60s=
Expires: Fri, 03 Nov 2023 08:15:57 GMT

GET
H/1.1 200
OK main.ad0a9e53a77a7ded8aff.js Show response
www.financialengines.com/app/outbound-sso/ 71 KB
19 KB 23ms
11ms Script
application/javascript 2a02:26f0:3500:890::2d5b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.financialengines.com/app/outbound-sso/main.ad0a9e53a77a7ded8aff.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:890::2d5b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

AmazonS3 /

Resource Hash

8931409157d628bde00c82d74677e3a8ce39ae307feffdee562974520dcc59f8

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.financialengines.com/app/outbound-sso/?target=TOKEN_LOGIN_POST_VERIFICATION%26type%3DMA_RET_UPDATE%26tok%3Dyiqw3pptpeej945yuz3xen5t27emi9jy%26purlParamInfo%3D396931410&poid=cnpvoya
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Sun, 07 Jan 2024 04:24:33 GMT
Content-Encoding: gzip
Last-Modified: Fri, 24 Dec 2021 02:15:16 GMT
Server: AmazonS3
x-amz-request-id: 18S64832THVSC89K
ETag: "a928185d2a3d78b4ec4a29b69a040327-gzip"
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript
Cache-Control: max-age=3024000
Connection: keep-alive
Content-Length: 18540
x-amz-id-2: qNhxMEnO82X+qI8Sc+gi04eUrQ26184MWpiqTQPs47flNm+qla8bSym4fagAl8NtncgTr752He0=
Expires: Wed, 27 Sep 2023 11:01:51 GMT

OPTIONS
H/1.1 200
OK collector
http-inputs-financialengines.splunkcloud.com/services/ 0
0 758ms
180ms Preflight
text/plain 44.242.30.195
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://http-inputs-financialengines.splunkcloud.com/services/collector

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

44.242.30.195 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-242-30-195.us-west-2.compute.amazonaws.com

Software

Splunkd /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Accept: */*
Access-Control-Request-Headers: authorization
Access-Control-Request-Method: POST
Origin: https://www.financialengines.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Authorization
Access-Control-Allow-Methods: POST,OPTIONS
Access-Control-Allow-Origin: https://www.financialengines.com
Allow: POST,OPTIONS
Connection: keep-alive
Content-Length: 0
Content-Type: text/plain; charset=UTF-8
Date: Sun, 07 Jan 2024 04:24:36 GMT
Server: Splunkd
Vary: Origin
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN

POST
H/1.1 200
OK collector
http-inputs-financialengines.splunkcloud.com/services/ 27 B
429 B 711ms
179ms XHR
application/json 44.242.30.195
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://http-inputs-financialengines.splunkcloud.com/services/collector

Requested by

Host: www.financialengines.com
URL: https://www.financialengines.com/app/outbound-sso/main.ad0a9e53a77a7ded8aff.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

44.242.30.195 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-242-30-195.us-west-2.compute.amazonaws.com

Software

Splunkd /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.financialengines.com/
accept-language: de-DE,de;q=0.9
Authorization: Splunk C8664B01-5010-44F4-91F9-43AF637359FD
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Sun, 07 Jan 2024 04:24:37 GMT
X-Content-Type-Options: nosniff
Server: Splunkd
Vary: Authorization, Origin
Access-Control-Allow-Methods: POST,OPTIONS
Content-Type: application/json; charset=UTF-8
Access-Control-Allow-Origin: https://www.financialengines.com
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 27

GET
H/1.1 200
OK aggregate
www.financialengines.com/api/v1/planowners/cnpvoya/ 2 KB
2 KB 702ms
702ms XHR
application/json 2a02:26f0:3500:890::2d5b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.financialengines.com/api/v1/planowners/cnpvoya/aggregate
Requested by: Host: www.financialengines.com
URL: https://www.financialengines.com/app/outbound-sso/main.ad0a9e53a77a7ded8aff.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:890::2d5b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.financialengines.com/app/outbound-sso/?target=TOKEN_LOGIN_POST_VERIFICATION%26type%3DMA_RET_UPDATE%26tok%3Dyiqw3pptpeej945yuz3xen5t27emi9jy%26purlParamInfo%3D396931410&poid=cnpvoya
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Sun, 07 Jan 2024 04:24:36 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
Content-Language: de-DE
Content-Type: application/json;charset=UTF-8
x-fngn-RequestId: 07f87a3a-3294-4d73-b93e-1ef125a2cb9b
Connection: keep-alive
Content-Length: 797

OPTIONS
H/1.1 200
OK collector
http-inputs-financialengines.splunkcloud.com/services/ 0
0 232ms
180ms Preflight
text/plain 44.242.30.195
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://http-inputs-financialengines.splunkcloud.com/services/collector

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

44.242.30.195 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-242-30-195.us-west-2.compute.amazonaws.com

Software

Splunkd /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Accept: */*
Access-Control-Request-Headers: authorization
Access-Control-Request-Method: POST
Origin: https://www.financialengines.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Authorization
Access-Control-Allow-Methods: POST,OPTIONS
Access-Control-Allow-Origin: https://www.financialengines.com
Allow: POST,OPTIONS
Connection: keep-alive
Content-Length: 0
Content-Type: text/plain; charset=UTF-8
Date: Sun, 07 Jan 2024 04:24:36 GMT
Server: Splunkd
Vary: Origin
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN

POST
H/1.1 200
OK collector
http-inputs-financialengines.splunkcloud.com/services/ 27 B
429 B 710ms
178ms XHR
application/json 44.242.30.195
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://http-inputs-financialengines.splunkcloud.com/services/collector

Requested by

Host: www.financialengines.com
URL: https://www.financialengines.com/app/outbound-sso/main.ad0a9e53a77a7ded8aff.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

44.242.30.195 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-242-30-195.us-west-2.compute.amazonaws.com

Software

Splunkd /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.financialengines.com/
accept-language: de-DE,de;q=0.9
Authorization: Splunk C8664B01-5010-44F4-91F9-43AF637359FD
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Sun, 07 Jan 2024 04:24:37 GMT
X-Content-Type-Options: nosniff
Server: Splunkd
Vary: Authorization, Origin
Access-Control-Allow-Methods: POST,OPTIONS
Content-Type: application/json; charset=UTF-8
Access-Control-Allow-Origin: https://www.financialengines.com
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 27

GET
H2

200

Primary Request index.html
login.voya.com/voyassoui/
Redirect Chain

https://my.voya.com/voyasso/index.html?domain=cnpsavings.voya.com&target=link://fe/bGluaz1UT0tFTl9MT0dJTl9QT1NUX1ZFUklGSUNBVElPTiZ0eXBlPU1BX1JFVF9VUERBVEUmdG9rPXlpcXczcHB0cGVlajk0NXl1ejN4ZW41dDI3ZW...
https://login.voya.com/voyasso/index.html?domain=cnpsavings.voya.com&target=link://fe/bGluaz1UT0tFTl9MT0dJTl9QT1NUX1ZFUklGSUNBVElPTiZ0eXBlPU1BX1JFVF9VUERBVEUmdG9rPXlpcXczcHB0cGVlajk0NXl1ejN4ZW41dDI...
https://login.voya.com/voyassoui/index.html?domain=cnpsavings.voya.com&target=link://fe/bGluaz1UT0tFTl9MT0dJTl9QT1NUX1ZFUklGSUNBVElPTiZ0eXBlPU1BX1JFVF9VUERBVEUmdG9rPXlpcXczcHB0cGVlajk0NXl1ejN4ZW41d...

9 KB
0

145ms
145ms

Document
text/html

172.64.146.245
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://login.voya.com/voyassoui/index.html?domain=cnpsavings.voya.com&target=link://fe/bGluaz1UT0tFTl9MT0dJTl9QT1NUX1ZFUklGSUNBVElPTiZ0eXBlPU1BX1JFVF9VUERBVEUmdG9rPXlpcXczcHB0cGVlajk0NXl1ejN4ZW41dDI3ZW1pOWp5JnB1cmxQYXJhbUluZm89Mzk2OTMxNDEw

Requested by

Host: www.financialengines.com
URL: https://www.financialengines.com/app/outbound-sso/main.ad0a9e53a77a7ded8aff.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.64.146.245 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

Referer: https://www.financialengines.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private
cf-cache-status: DYNAMIC
cf-ray: 84196eac694518e4-FRA
content-encoding: gzip
content-type: text/html
date: Sun, 07 Jan 2024 04:24:39 GMT
last-modified: Thu, 07 Dec 2023 03:01:59 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains
x-old-content-length: 8833

Redirect headers

cache-control: no-cache, no-store, max-age=0, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 84196ea64f2e18e4-FRA
content-length: 0
date: Sun, 07 Jan 2024 04:24:39 GMT
expires: 0
location: https://login.voya.com/voyassoui/index.html?domain=cnpsavings.voya.com&target=link://fe/bGluaz1UT0tFTl9MT0dJTl9QT1NUX1ZFUklGSUNBVElPTiZ0eXBlPU1BX1JFVF9VUERBVEUmdG9rPXlpcXczcHB0cGVlajk0NXl1ejN4ZW41dDI3ZW1pOWp5JnB1cmxQYXJhbUluZm89Mzk2OTMxNDEw
p3p: CP="NON CUR OTPi OUR NOR UNI"
pragma: no-cache
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-envoy-upstream-service-time: 3
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

GET main.css
login.voya.com/voyassoui/static/public/css/ 0
0

GET main.js
login.voya.com/voyassoui/static/public/js/ 0
0

GET info.js
login.voya.com/mga/sps/ac/js/ 0
0

GET main-bundle.js
login.voya.com/voyassoui/static/public/js/bundles/ 0
0

GET smartbanner.min.css
login.voya.com/voyassoui/static/public/smartbanner/ 0
0

GET smartbanner.min.js
login.voya.com/voyassoui/static/public/smartbanner/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: login.voya.com
URL: https://login.voya.com/voyassoui/static/public/css/main.css?ac9c2c0424?20170308

Domain: login.voya.com
URL: https://login.voya.com/voyassoui/static/public/js/main.js?da9ffcf11a?20191004

Domain: login.voya.com
URL: https://login.voya.com/mga/sps/ac/js/info.js

Domain: login.voya.com
URL: https://login.voya.com/voyassoui/static/public/js/bundles/main-bundle.js?884e460049?20191004

Domain: login.voya.com
URL: https://login.voya.com/voyassoui/static/public/smartbanner/smartbanner.min.css

Domain: login.voya.com
URL: https://login.voya.com/voyassoui/static/public/smartbanner/smartbanner.min.js

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture

12 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.financialengines.com/	1970-01-20 17:30:01	Name: SameSite Value: None
.financialengines.com/	1969-12-31 23:59:59	Name: sessFlag Value: true
.financialengines.com/	1969-12-31 23:59:59	Name: sessionToken Value: fa034629-1bb5-48b5-8a0a-6cec6e131a66
.financialengines.com/	1969-12-31 23:59:59	Name: authType Value: aws
.financialengines.com/	1969-12-31 23:59:59	Name: s Value: GW-PRD-20240106-2024-0000076
.financialengines.com/	1969-12-31 23:59:59	Name: sessionId Value: GW-PRD-20240106-2024-0000076
.financialengines.com/	1969-12-31 23:59:59	Name: daVars Value: %7B%22sponsorDateStamp%22%3A%22cnpvoya%3A20240106%22%2C%22enrStatus%22%3A%22MEMBER%22%2C%22envType%22%3A%22USER_PROD%22%2C%22providerId%22%3A%22ssga%22%2C%22sponsorId%22%3A%22cnpvoya%22%2C%22namespace%22%3A%22%22%2C%22userType%22%3A%22USER%22%2C%22sessionId%22%3A%22GW-PRD-20240106-2024-0000076%22%2C%22isUserTemp%22%3A%22false%22%2C%22pageName%22%3A%22%22%2C%22userId%22%3A%2266824661%22%7D
www.financialengines.com/	1970-01-20 17:30:01	Name: ADRUM_BTa Value: R:192\|g:98c2baf6-c78f-4788-b7f0-5b17b2cce444\|n:financial-engines_727a9d82-a197-4abb-9c03-248d548012cf
www.financialengines.com/	1970-01-20 17:30:01	Name: ADRUM_BT1 Value: R:192\|i:1787420\|e:205
.financialengines.com/	1970-01-21 03:06:01	Name: ptc Value: "e2d84213-ebdf-4e35-a3ec-65a736ba3877::1704601476067"
.voya.com/	1969-12-31 23:59:59	Name: PD-S-MYVOYA-SESSION-ID Value: 0_qvJSRcollCj0V4lNrvVWtYVN8xfbdlMq+N5NIKjDBp2R8jrE0uU=_AAAAAAA=_uSe4vdKkUml9vc03ZKr9fovELcI=
.voya.com/	1970-01-20 17:30:03	Name: __cf_bm Value: QCsyBwEiISNHheTif8pLtlqUq212aFnNCFadCfMPkzY-1704601477-1-AcJZ6/9rwqrc3M3mCWz/jhLgVJ94f3PmjtbTorrDaD0CHhYKxZfn3jxivkzXLnj8WOJZfXz4zoPMrT4nbUVcdes=

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

click.mail.edelmanfinancialengines.com
http-inputs-financialengines.splunkcloud.com
login.voya.com
my.voya.com
www.financialengines.com
login.voya.com
13.111.148.97
172.64.146.245
2a02:26f0:3500:890::2d5b
44.242.30.195
8931409157d628bde00c82d74677e3a8ce39ae307feffdee562974520dcc59f8
8c7c9aa848551c68049e9dc19b2b5aba8fef5438ec310d4b750d811ad40558a5
b81a7c135218ba3c0065389d47b564e962bd13b95f6e3677b8398999c29cc10b

login.voya.com Open in urlscan Pro 172.64.146.245 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

15 Requests

60 %HTTPS

25 %IPv6

4 Domains

5 Subdomains

4 IPs

2 Countries

24 kBTransfer

83 kBSize

12 Cookies

0 Outgoing links

Page URL History

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Failed requests

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

12 Cookies

Security Headers

Indicators

login.voya.com Open in urlscan Pro
172.64.146.245 Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

60 %
HTTPS

25 %
IPv6

4
Domains

5
Subdomains

4
IPs

2
Countries

24 kB
Transfer

83 kB
Size

12
Cookies

15 HTTP transactions
0 data transactions