urlscan.io logo urlscan.io
SecurityTrails logo

oneplace.ehr.com Open in urlscan Pro
45.60.14.1  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://oneplace.ehr.com/
Effective URL: https://oneplace.ehr.com/_layouts/15/oneplace/login.aspx?ReturnUrl=%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252F&...
Submission: On April 27 via manual from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 2 HTTP transactions. The main IP is 45.60.14.1, located in United States and belongs to INCAPSULA, US. The main domain is oneplace.ehr.com. The Cisco Umbrella rank of the primary domain is 340258.
TLS certificate: Issued by GlobalSign Atlas R3 DV TLS CA 2022 Q1 on April 8th 2022. Valid for: 6 months.
This is the only time oneplace.ehr.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
3 4 45.60.14.1 19551 (INCAPSULA)
1 1 158.82.156.134 40196 (WILLISNOR...)
1 2620:1ec:bdf::44 ()
2 2
Apex Domain
Subdomains		 Transfer
4 ehr.com
oneplace.ehr.com — Cisco Umbrella Rank: 340258
3 KB
2 willistowerswatson.com
oneplacelogin.willistowerswatson.com — Cisco Umbrella Rank: 649639
auth.willistowerswatson.com
2 KB
2 2
Domain Requested by
4 oneplace.ehr.com 3 redirects
1 auth.willistowerswatson.com oneplace.ehr.com
1 oneplacelogin.willistowerswatson.com 1 redirects
2 3

This site contains no links.

Subject Issuer Validity Valid
imperva.com
GlobalSign Atlas R3 DV TLS CA 2022 Q1		 2022-04-08 -
2022-10-08		 6 months crt.sh
*.willistowerswatson.com
GlobalSign RSA OV SSL CA 2018		 2020-04-17 -
2022-07-21		 2 years crt.sh

This page contains 1 frames:

Frame: https://auth.willistowerswatson.com/auth.willistowerswatson.com/oauth2/v2.0/authorize?p=b2c_1a_hcb_oneplace_signuporsignin&client_id=8703959d-87ab-4d81-ac81-d3eadbead636&redirect_uri=https%3a%2f%2foneplacelogin.willistowerswatson.com%2f&response_mode=form_post&response_type=id_token&scope=openid+offline_access&state=OpenIdConnect.AuthenticationProperties%3dZbCZf0GZyamrlal9KoVmv2L5a_9onJUC98N13S-yz1JhqL5i3bhltjJJvC2XjeSmTpRcETxNTJD-kiwwn78c58iDJCZwff2_F9NQ8PRx4WQ6r6dd0EzneGHFhJlSluE5mrzilFh3M-xdpOT40v_WE7s4e7wVCAdUQyDY4kAWJ3mYC-GVVcK1iFGMeYOR8fp4CjfWJPKQ1AwfX4TEnlsOJhaiptEmfP0jE23I5ic-ZTGIRoODdb58CS7ZQxhAci2-kLDLb7wmE7GQHE85VWIUAQZRjl1I2IdHt-ck0XVXvPPcFRFs6FNEdNC9060BRJIz03SeUWwEYaZed8H73hqX7FtwgO-Mm3iKJWb4YQ1x9djIzLUBrHF_VVhmYTdJI4ddmJM8Y0VvFiwsRrB1_xZndHRqPm0UBJbspVdV1CxUklsQcBnuxDTP-iZgkv3I4uazKbm12xkBvVEnFlgbPq9IgmVx5GgoRZUT1T-QMFLYx8NqOZlIw3eYICaPiktmrVCq-jM_hOxsv_nTDLAxLq_-c4n2qIR0HCnwis2YGQmCeZ7i2Mr0N1BtiWguFUFGx8p3CnDUiKgFaKkVWGKxQ85EARPDPdFS8sFomCDq6n_ifoQ&nonce=637866982401219604.MWEzMGUxNTYtMDBkYi00NzVkLThkMjMtNWY4YjkwZjVhMWNlYzI1NmMwYmUtMDExMy00ZTU3LTg3YzktNWYzZGU1OTc5M2Rm&isFederated=False&gn=OPL&suite=opl&app=opl&client=opl
Frame ID: F82F7D758DE3E8A31379CA953D3F228C
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://oneplace.ehr.com/ HTTP 302
    https://oneplace.ehr.com/ HTTP 302
    https://oneplace.ehr.com/_layouts/15/Authenticate.aspx?Source=%2F HTTP 302
    https://oneplace.ehr.com/_layouts/15/oneplace/login.aspx?ReturnUrl=%2f_layouts%2f15%2fAuthenticate.as... Page URL

Page Statistics

2
Requests

100 %
HTTPS

33 %
IPv6

2
Domains

3
Subdomains

2
IPs

1
Countries

1 kB
Transfer

0 kB
Size

12
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://oneplace.ehr.com/ HTTP 302
    https://oneplace.ehr.com/ HTTP 302
    https://oneplace.ehr.com/_layouts/15/Authenticate.aspx?Source=%2F HTTP 302
    https://oneplace.ehr.com/_layouts/15/oneplace/login.aspx?ReturnUrl=%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252F&Source=%2F Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://oneplacelogin.willistowerswatson.com//?username=&isFederated=False&samlTarget=OnePlace_Prod&isLW=False&returnUrl=ooneplace_redirect_NKq4plt1_ldLihlG75JyDuRIoXw HTTP 302
  • https://auth.willistowerswatson.com/auth.willistowerswatson.com/oauth2/v2.0/authorize?p=b2c_1a_hcb_oneplace_signuporsignin&client_id=8703959d-87ab-4d81-ac81-d3eadbead636&redirect_uri=https%3a%2f%2foneplacelogin.willistowerswatson.com%2f&response_mode=form_post&response_type=id_token&scope=openid+offline_access&state=OpenIdConnect.AuthenticationProperties%3dZbCZf0GZyamrlal9KoVmv2L5a_9onJUC98N13S-yz1JhqL5i3bhltjJJvC2XjeSmTpRcETxNTJD-kiwwn78c58iDJCZwff2_F9NQ8PRx4WQ6r6dd0EzneGHFhJlSluE5mrzilFh3M-xdpOT40v_WE7s4e7wVCAdUQyDY4kAWJ3mYC-GVVcK1iFGMeYOR8fp4CjfWJPKQ1AwfX4TEnlsOJhaiptEmfP0jE23I5ic-ZTGIRoODdb58CS7ZQxhAci2-kLDLb7wmE7GQHE85VWIUAQZRjl1I2IdHt-ck0XVXvPPcFRFs6FNEdNC9060BRJIz03SeUWwEYaZed8H73hqX7FtwgO-Mm3iKJWb4YQ1x9djIzLUBrHF_VVhmYTdJI4ddmJM8Y0VvFiwsRrB1_xZndHRqPm0UBJbspVdV1CxUklsQcBnuxDTP-iZgkv3I4uazKbm12xkBvVEnFlgbPq9IgmVx5GgoRZUT1T-QMFLYx8NqOZlIw3eYICaPiktmrVCq-jM_hOxsv_nTDLAxLq_-c4n2qIR0HCnwis2YGQmCeZ7i2Mr0N1BtiWguFUFGx8p3CnDUiKgFaKkVWGKxQ85EARPDPdFS8sFomCDq6n_ifoQ&nonce=637866982401219604.MWEzMGUxNTYtMDBkYi00NzVkLThkMjMtNWY4YjkwZjVhMWNlYzI1NmMwYmUtMDExMy00ZTU3LTg3YzktNWYzZGU1OTc5M2Rm&isFederated=False&gn=OPL&suite=opl&app=opl&client=opl

2 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request login.aspx
oneplace.ehr.com/_layouts/15/oneplace/
Redirect Chain
  • http://oneplace.ehr.com/
  • https://oneplace.ehr.com/
  • https://oneplace.ehr.com/_layouts/15/Authenticate.aspx?Source=%2F
  • https://oneplace.ehr.com/_layouts/15/oneplace/login.aspx?ReturnUrl=%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252F&Source=%2F
511 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://oneplace.ehr.com/_layouts/15/oneplace/login.aspx?ReturnUrl=%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252F&Source=%2F
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.14.1 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
6ea172a60a3bf000ddd3e7191b3206461ff8ea8c2434cb4f86a76738daeee3a4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private
content-encoding
gzip
content-length
510
content-type
text/html; charset=utf-8
date
Wed, 27 Apr 2022 23:17:18 GMT
microsoftsharepointteamservices
16.0.0.10381
request-id
d6f737a0-6bbc-80b7-5891-da56f90ad770
server
Microsoft-IIS/10.0
spiislatency
0
sprequestduration
9
sprequestguid
d6f737a0-6bbc-80b7-5891-da56f90ad770
strict-transport-security
max-age=31536000 ; includeSubDomains
vary
Accept-Encoding
x-cdn
Imperva
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-iinfo
13-50971055-50971057 PNNN RT(1651101437965 801) q(0 0 0 -1) r(2 2) U12
x-ms-invokeapp
1; RequireReadOnly

Redirect headers

cache-control
private
content-length
228
content-type
text/html; charset=utf-8
date
Wed, 27 Apr 2022 23:17:18 GMT
location
/_layouts/15/oneplace/login.aspx?ReturnUrl=%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252F&Source=%2F
microsoftsharepointteamservices
16.0.0.10381
server
Microsoft-IIS/10.0
spiislatency
0
sprequestduration
9
strict-transport-security
max-age=31536000 ; includeSubDomains
x-cdn
Imperva
x-content-type-options
nosniff
x-iinfo
13-50971055-50971057 PNNN RT(1651101437965 654) q(0 0 0 -1) r(1 1) U11
x-ms-invokeapp
1; RequireReadOnly
x-sharepointhealthscore
0
authorize
auth.willistowerswatson.com/auth.willistowerswatson.com/oauth2/v2.0/
Redirect Chain
  • https://oneplacelogin.willistowerswatson.com//?username=&isFederated=False&samlTarget=OnePlace_Prod&isLW=False&returnUrl=ooneplace_redirect_NKq4plt1_ldLihlG75JyDuRIoXw
  • https://auth.willistowerswatson.com/auth.willistowerswatson.com/oauth2/v2.0/authorize?p=b2c_1a_hcb_oneplace_signuporsignin&client_id=8703959d-87ab-4d81-ac81-d3eadbead636&redirect_uri=https%3a%2f%2f...
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://auth.willistowerswatson.com/auth.willistowerswatson.com/oauth2/v2.0/authorize?p=b2c_1a_hcb_oneplace_signuporsignin&client_id=8703959d-87ab-4d81-ac81-d3eadbead636&redirect_uri=https%3a%2f%2foneplacelogin.willistowerswatson.com%2f&response_mode=form_post&response_type=id_token&scope=openid+offline_access&state=OpenIdConnect.AuthenticationProperties%3dZbCZf0GZyamrlal9KoVmv2L5a_9onJUC98N13S-yz1JhqL5i3bhltjJJvC2XjeSmTpRcETxNTJD-kiwwn78c58iDJCZwff2_F9NQ8PRx4WQ6r6dd0EzneGHFhJlSluE5mrzilFh3M-xdpOT40v_WE7s4e7wVCAdUQyDY4kAWJ3mYC-GVVcK1iFGMeYOR8fp4CjfWJPKQ1AwfX4TEnlsOJhaiptEmfP0jE23I5ic-ZTGIRoODdb58CS7ZQxhAci2-kLDLb7wmE7GQHE85VWIUAQZRjl1I2IdHt-ck0XVXvPPcFRFs6FNEdNC9060BRJIz03SeUWwEYaZed8H73hqX7FtwgO-Mm3iKJWb4YQ1x9djIzLUBrHF_VVhmYTdJI4ddmJM8Y0VvFiwsRrB1_xZndHRqPm0UBJbspVdV1CxUklsQcBnuxDTP-iZgkv3I4uazKbm12xkBvVEnFlgbPq9IgmVx5GgoRZUT1T-QMFLYx8NqOZlIw3eYICaPiktmrVCq-jM_hOxsv_nTDLAxLq_-c4n2qIR0HCnwis2YGQmCeZ7i2Mr0N1BtiWguFUFGx8p3CnDUiKgFaKkVWGKxQ85EARPDPdFS8sFomCDq6n_ifoQ&nonce=637866982401219604.MWEzMGUxNTYtMDBkYi00NzVkLThkMjMtNWY4YjkwZjVhMWNlYzI1NmMwYmUtMDExMy00ZTU3LTg3YzktNWYzZGU1OTc5M2Rm&isFederated=False&gn=OPL&suite=opl&app=opl&client=opl
Requested by
Host: oneplace.ehr.com
URL: https://oneplace.ehr.com/_layouts/15/oneplace/login.aspx?ReturnUrl=%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252F&Source=%2F
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:bdf::44 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://oneplace.ehr.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

allow
OPTIONS,TRACE,GET,HEAD,POST
cache-control
no-store, must-revalidate, no-cache
content-length
81794
content-type
text/html; charset=utf-8
date
Wed, 27 Apr 2022 23:17:23 GMT
expires
-1
public
OPTIONS,TRACE,GET,HEAD,POST
strict-transport-security
max-age=31536000; includeSubDomains
x-azure-ref
0AM9pYgAAAAAzScrOqmZeT4sJi6RfGhE0RlJBRURHRTEwMjAAOTFlYWE0NGItMmE3OS00OTkxLWFlZTgtZTEwNjY3ODdjOTM0
x-build
1.0.2595.0
x-cache
CONFIG_NOCACHE
x-content-type-options
nosniff
x-frame-options
DENY
x-ms-gateway-requestid
fb59031d-de66-4256-ba1f-7c0aac493c25
x-request-id
82cccc2b-4dc5-4974-a4b4-15a9263db838
x-ua-compatible
IE=edge
x-xss-protection
1; mode=block

Redirect headers

Cache-Control
private
Connection
Keep-Alive
Content-Length
0
Date
Wed, 27 Apr 2022 23:17:19 GMT
Keep-Alive
timeout=5, max=100
Location
https://auth.willistowerswatson.com/auth.willistowerswatson.com/oauth2/v2.0/authorize?p=b2c_1a_hcb_oneplace_signuporsignin&client_id=8703959d-87ab-4d81-ac81-d3eadbead636&redirect_uri=https%3a%2f%2foneplacelogin.willistowerswatson.com%2f&response_mode=form_post&response_type=id_token&scope=openid+offline_access&state=OpenIdConnect.AuthenticationProperties%3dZbCZf0GZyamrlal9KoVmv2L5a_9onJUC98N13S-yz1JhqL5i3bhltjJJvC2XjeSmTpRcETxNTJD-kiwwn78c58iDJCZwff2_F9NQ8PRx4WQ6r6dd0EzneGHFhJlSluE5mrzilFh3M-xdpOT40v_WE7s4e7wVCAdUQyDY4kAWJ3mYC-GVVcK1iFGMeYOR8fp4CjfWJPKQ1AwfX4TEnlsOJhaiptEmfP0jE23I5ic-ZTGIRoODdb58CS7ZQxhAci2-kLDLb7wmE7GQHE85VWIUAQZRjl1I2IdHt-ck0XVXvPPcFRFs6FNEdNC9060BRJIz03SeUWwEYaZed8H73hqX7FtwgO-Mm3iKJWb4YQ1x9djIzLUBrHF_VVhmYTdJI4ddmJM8Y0VvFiwsRrB1_xZndHRqPm0UBJbspVdV1CxUklsQcBnuxDTP-iZgkv3I4uazKbm12xkBvVEnFlgbPq9IgmVx5GgoRZUT1T-QMFLYx8NqOZlIw3eYICaPiktmrVCq-jM_hOxsv_nTDLAxLq_-c4n2qIR0HCnwis2YGQmCeZ7i2Mr0N1BtiWguFUFGx8p3CnDUiKgFaKkVWGKxQ85EARPDPdFS8sFomCDq6n_ifoQ&nonce=637866982401219604.MWEzMGUxNTYtMDBkYi00NzVkLThkMjMtNWY4YjkwZjVhMWNlYzI1NmMwYmUtMDExMy00ZTU3LTg3YzktNWYzZGU1OTc5M2Rm&isFederated=False&gn=OPL&suite=opl&app=opl&client=opl
Server
Microsoft-IIS/10.0
Strict-Transport-Security
max-age=31536000 ; includeSubDomains
X-AspNet-Version
4.0.30319
X-AspNetMvc-Version
5.2
X-Powered-By
ASP.NET

Verdicts & Comments Add Verdict or Comment

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone function| getScreenDetails

12 Cookies

Domain/Path Name / Value
.ehr.com/ Name: visid_incap_2144506
Value: dM6USLcWScK1yV/Ug4rH0f3OaWIAAAAAQUIPAAAAAAANR4O4Vrd+oApO767P/v+S
.ehr.com/ Name: incap_ses_875_2144506
Value: Z6AhPBL6r22UK1/+RaAkDP3OaWIAAAAACwOxeua53Qy8jmcdSXd2sA==
.ehr.com/ Name: SWID
Value: 3b108ba2.5ddab02ba8a87
oneplace.ehr.com/ Name: SWT_BE088
Value: !IYY1goNk2a+89Lr6Cz6ikIEWRr9TN4wV+eDcJDj5PcoK4ce8e+Ko3WmUj6p67wqHpE9GW6fLAd0dDWA2bf0j7oAyEl27UeYsaLueIASdljw=
oneplace.ehr.com/ Name: SWT_ANON
Value: !27B56w6SSnE7clRfQQdGsj4c5+s7AmcVmtPzyqnYSlOuCpVIdu3x5pOlKYywy9130EMdI5SFkk4RHH3HeicqIWzRnwq8/afG/ADwH3wtbQ==
oneplace.ehr.com/ Name: SWT_RP
Value: !y83NC9nmqiPuDOlfQQdGsj4c5+s7AtUVEzpwa/fCirCmIYgYZ/LUSAx0383+Rvj08xEv6A3zaNAWfagG0RxXI2YDDDWP24zwQXmD9GO7pw==
oneplace.ehr.com/ Name: ASP.NET_SessionId
Value: nv3yxxmbdm0xyewsc4bmw01i
.willistowerswatson.com/ Name: SWID
Value: 46b6963b.5ddab02d397c8
oneplacelogin.willistowerswatson.com/ Name: OpenIdConnect.nonce.3nz57MXJ2crxJ8guJWaYBZcFCsMMcC2Oy9OcDou6Oqw%3D
Value: OVpybFdTcVhSN0d4VGZHRTUyRGlvUWxnSGlDbkFlaVJ5TEdkdG5YZXFXWXptTTlYMHRLYW5aNE9BMUdma2RpSlVLTFVUVmJGZlNjc2FqTFpHeHNXNGFyQ0ctUHNKMTBXWDNMS0ZpMldJdldDelIyVlVNX1N0N1ZCUGYtNHNhUDlnVnJfdjluYTJjV202Rmdlemg1NUpFVXlJNmliRWxfa1R6MjdkREdUcnItd1FIZzlFVXUwMXBCSlZaQ1NZQTFibEtWSWJMcGY1SUI0TXNKUURUZHZJZjNJM0kxN2J3NE44NkhDTDJQOGg3WQ%3D%3D
oneplacelogin.willistowerswatson.com/ Name: SWT_BE088
Value: !XlzXRQ5btqQ5MZL6Cz6ikIEWRr9TN8AOHd6z52ZX9hOgqlW8a0HV1DBEI3T3FDVymEfJANWp0/6V7RxU5IEkn8VUihp/Z9FNDAo5xamWsts=
oneplacelogin.willistowerswatson.com/ Name: SWT_ANON
Value: !vfkXqeSPOtrrZsBfQQdGsj4c5+s7AslzZqnIeRS2oSaU5qIQQMUqItqlELFDvgi1e3sDDNB7g341uAGZSYsewJA59TOoq88bv7h5ZJ07Ew==
oneplacelogin.willistowerswatson.com/ Name: SWT_RP
Value: !Z4tQHadBVeJkG0NfQQdGsj4c5+s7AkOV/RFibNvl92MwcTZCbtXhpzQXk0c+ScDGZVTXu5jsEj14w+N16UE524ozWHEfMtg2DeEayBHkvw==

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

auth.willistowerswatson.com
oneplace.ehr.com
oneplacelogin.willistowerswatson.com
158.82.156.134
2620:1ec:bdf::44
45.60.14.1
6ea172a60a3bf000ddd3e7191b3206461ff8ea8c2434cb4f86a76738daeee3a4