microsoftbenefits.ehr.com
Open in
urlscan Pro
158.82.145.67
Public Scan
Submission Tags: @phishunt_io
Submission: On March 03 via api from DE — Scanned from DE
Summary
TLS certificate: Issued by GlobalSign RSA OV SSL CA 2018 on October 27th 2022. Valid for: a year.
This is the only time microsoftbenefits.ehr.com was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
5 | 158.82.145.67 158.82.145.67 | 40196 (WILLISNOR...) (WILLISNORTHAMERICA) | |
6 | 2 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
ehr.com
microsoftbenefits.ehr.com |
281 KB |
6 | 1 |
Domain | Requested by | |
---|---|---|
5 | microsoftbenefits.ehr.com |
microsoftbenefits.ehr.com
|
6 | 1 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.premera.com |
wa.kaiserpermanente.org |
healthy.kaiserpermanente.org |
go.microsoft.com |
www.microsoft.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.ehr.com GlobalSign RSA OV SSL CA 2018 |
2022-10-27 - 2023-11-28 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://microsoftbenefits.ehr.com/default.ashx?CLASSNAME=LOGIN&NOUSER=TRUE
Frame ID: 7CB41A4AE2AC7A94F3EBE85A07066980
Requests: 6 HTTP requests in this frame
6 Outgoing links
These are links going to different origins than the main page.
Title: Premera Blue Cross
Search URL Search Domain Scan URL
Title: Health Connect Plan
Search URL Search Domain Scan URL
Title: Kaiser Foundation Health Plan of Washington
Search URL Search Domain Scan URL
Title: Kaiser Permanente
Search URL Search Domain Scan URL
Title: Microsoft Data Privacy Notice
Search URL Search Domain Scan URL
Title: Terms of Use
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
6 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
default.ashx
microsoftbenefits.ehr.com/ |
4 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
screen.css
microsoftbenefits.ehr.com/_layouts/images/MicrosoftSDA/css/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
default.ashx
microsoftbenefits.ehr.com/ |
14 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Utilities.js
microsoftbenefits.ehr.com/_layouts/images/MicrosoftSDA/scripts/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Microsoft-logo.png
microsoftbenefits.ehr.com/MicrosoftSDA/images/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
default.ashx
microsoftbenefits.ehr.com/ |
268 KB 270 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- microsoftbenefits.ehr.com
- URL
- https://microsoftbenefits.ehr.com/_layouts/images/MicrosoftSDA/css/screen.css
Verdicts & Comments Add Verdict or Comment
1 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless6 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
microsoftbenefits.ehr.com/ | Name: MicrosoftTCSApp Value: c.%99%e6%83%ff%a1%7dk%3b%3a%ec%bc%5b%7f%83%8b%a1cU%90%9f%b6o%f4Ak%af9%c4%fduL%fa%cb%9c%1fe%26%a3%dfjH0Fx6%92 |
|
microsoftbenefits.ehr.com/ | Name: MicrosoftTCSSessionHistory_Insert Value: False |
|
microsoftbenefits.ehr.com/ | Name: MicrosoftTCSSessionHistory_Key Value: 86a93ce6-9cb2-46a2-aff6-2acda80f1877 |
|
microsoftbenefits.ehr.com/ | Name: MicrosoftTCSSessionHistory_Id Value: 60122051 |
|
microsoftbenefits.ehr.com/ | Name: f5-cookie Value: !L4ZdNsurilbEvwZRj9+ylgEfX4CmCUsiFiRBHjBnM9zvzYvP1icS+rPfidmQFabMhr0J51q34MiMzqY= |
|
microsoftbenefits.ehr.com/ | Name: TS0118478f Value: 01bfca5a259570a820c92d713403f82e054bfd03094824e168c0df2408c46bb294551d085e20be11c3bf3ab41da74e790c7898fd76fe036a65fd47bc565a9d5f0f61882409e3e6ebb5a60615d2d9393401b939f0a15261812d38b39cde8fcee46ae03aba5ad9591bcc4972b3761d7bff4a5290fcf18310ec5ee822c12f47cee206483ad593 |
4 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31536000; includeSubDomains |
X-Content-Type-Options | nosniff |
X-Frame-Options | SAMEORIGIN |
X-Frame-Options | SAMEORIGIN |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
microsoftbenefits.ehr.com
microsoftbenefits.ehr.com
158.82.145.67
3de92c06ab9d76c9135de1d4b10f923e277c3382ee110b621adf5486757de762
8b7cda08ee7444f3a47b464363bb34577e62d56fa2aa897c136af8ac6ab2cb7a
ccc84a0b1cb7190b9ef003729c054a512e4c36724bf06273c75a41eb78e5899d
f35abd0aae9d6f98ccf492a4bc1ef57448e0e26b03c40037f497ba1bcbffd8ea