URL: https://microsoftbenefits.ehr.com/default.ashx?CLASSNAME=LOGIN&NOUSER=TRUE
Submission Tags: @phishunt_io
Submission: On March 03 via api from DE — Scanned from DE

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 6 HTTP transactions. The main IP is 158.82.145.67, located in United States and belongs to WILLISNORTHAMERICA, US. The main domain is microsoftbenefits.ehr.com.
TLS certificate: Issued by GlobalSign RSA OV SSL CA 2018 on October 27th 2022. Valid for: a year.
This is the only time microsoftbenefits.ehr.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
5 158.82.145.67 40196 (WILLISNOR...)
6 2
Apex Domain
Subdomains
Transfer
5 ehr.com
microsoftbenefits.ehr.com
281 KB
6 1
Domain Requested by
5 microsoftbenefits.ehr.com microsoftbenefits.ehr.com
6 1
Subject Issuer Validity Valid
*.ehr.com
GlobalSign RSA OV SSL CA 2018
2022-10-27 -
2023-11-28
a year crt.sh

This page contains 1 frames:

Primary Page: https://microsoftbenefits.ehr.com/default.ashx?CLASSNAME=LOGIN&NOUSER=TRUE
Frame ID: 7CB41A4AE2AC7A94F3EBE85A07066980
Requests: 6 HTTP requests in this frame

Screenshot

Page Title

Login

Page Statistics

6
Requests

83 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

281 kB
Transfer

288 kB
Size

6
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request default.ashx
microsoftbenefits.ehr.com/
4 KB
4 KB
Document
General
Full URL
https://microsoftbenefits.ehr.com/default.ashx?CLASSNAME=LOGIN&NOUSER=TRUE
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
158.82.145.67 , United States, ASN40196 (WILLISNORTHAMERICA, US),
Reverse DNS
Software
/
Resource Hash
ccc84a0b1cb7190b9ef003729c054a512e4c36724bf06273c75a41eb78e5899d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-store
Content-Encoding
gzip
Content-Length
1793
Content-Security-Policy-Report-Only
default-src 'self' https: https://www.google-analytics.com ; font-src * data:; connect-src 'self' cdn.cookielaw.org; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data:
Content-Type
text/html; charset=utf-8
Cross-Origin-Embedder-Policy
credentialless
Cross-Origin-Opener-Policy
same-origin
Cross-Origin-Resource-Policy
cross-origin
Date
Fri, 03 Mar 2023 22:51:53 GMT
Expires
Fri, 03 Mar 2023 06:11:53 GMT
Permissions-Policy
accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
Referrer-Policy
strict-origin-when-cross-origin
Strict-Transport-Security
max-age=31536000; includeSubDomains
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-XSS-Protection
1; mode=block
x-frame-options
SAMEORIGIN
screen.css
microsoftbenefits.ehr.com/_layouts/images/MicrosoftSDA/css/
0
0

default.ashx
microsoftbenefits.ehr.com/
14 KB
5 KB
Stylesheet
General
Full URL
https://microsoftbenefits.ehr.com/default.ashx?CLASSNAME=RESOURCEHANDLER&ID=%25f9%255cye%2501%2519!%2588%253f%25eaD%2588%2508%25bc%255b%25f5
Requested by
Host: microsoftbenefits.ehr.com
URL: https://microsoftbenefits.ehr.com/default.ashx?CLASSNAME=LOGIN&NOUSER=TRUE
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
158.82.145.67 , United States, ASN40196 (WILLISNORTHAMERICA, US),
Reverse DNS
Software
/
Resource Hash
f35abd0aae9d6f98ccf492a4bc1ef57448e0e26b03c40037f497ba1bcbffd8ea
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://microsoftbenefits.ehr.com/default.ashx?CLASSNAME=LOGIN&NOUSER=TRUE
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Date
Fri, 03 Mar 2023 22:51:53 GMT
Cross-Origin-Embedder-Policy
credentialless
Content-Security-Policy-Report-Only
default-src 'self' https: https://www.google-analytics.com ; font-src * data:; connect-src 'self' cdn.cookielaw.org; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data:
Transfer-Encoding
chunked
Cross-Origin-Resource-Policy
cross-origin
Content-Disposition
attachment; filename=screen.css
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Thu, 13 Oct 2022 02:02:44 GMT
Cross-Origin-Opener-Policy
same-origin
ETag
AH75XBHZD0uNZh6vJiPTR7uaSz4Dkg==
Vary
Accept-Encoding
x-frame-options
SAMEORIGIN, SAMEORIGIN
Content-Type
text/css
Cache-Control
no-store
Permissions-Policy
accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
Expires
Fri, 03 Mar 2023 06:11:54 GMT
Utilities.js
microsoftbenefits.ehr.com/_layouts/images/MicrosoftSDA/scripts/
0
0
Script
General
Full URL
https://microsoftbenefits.ehr.com/_layouts/images/MicrosoftSDA/scripts/Utilities.js
Requested by
Host: microsoftbenefits.ehr.com
URL: https://microsoftbenefits.ehr.com/default.ashx?CLASSNAME=LOGIN&NOUSER=TRUE
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
158.82.145.67 , United States, ASN40196 (WILLISNORTHAMERICA, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://microsoftbenefits.ehr.com/default.ashx?CLASSNAME=LOGIN&NOUSER=TRUE
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Date
Fri, 03 Mar 2023 22:51:53 GMT
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin-when-cross-origin
Cross-Origin-Opener-Policy
same-origin
Cross-Origin-Embedder-Policy
credentialless
X-Frame-Options
SAMEORIGIN
Content-Security-Policy-Report-Only
default-src 'self' https: https://www.google-analytics.com ; font-src * data:; connect-src 'self' cdn.cookielaw.org; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data:
Content-Type
text/html
Cache-Control
no-store
Permissions-Policy
accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
Cross-Origin-Resource-Policy
cross-origin
Content-Length
1245
X-XSS-Protection
1; mode=block
Microsoft-logo.png
microsoftbenefits.ehr.com/MicrosoftSDA/images/
2 KB
3 KB
Image
General
Full URL
https://microsoftbenefits.ehr.com/MicrosoftSDA/images/Microsoft-logo.png
Requested by
Host: microsoftbenefits.ehr.com
URL: https://microsoftbenefits.ehr.com/default.ashx?CLASSNAME=LOGIN&NOUSER=TRUE
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
158.82.145.67 , United States, ASN40196 (WILLISNORTHAMERICA, US),
Reverse DNS
Software
/
Resource Hash
3de92c06ab9d76c9135de1d4b10f923e277c3382ee110b621adf5486757de762
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://microsoftbenefits.ehr.com/default.ashx?CLASSNAME=LOGIN&NOUSER=TRUE
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Date
Fri, 03 Mar 2023 22:51:53 GMT
X-Content-Type-Options
nosniff
Cross-Origin-Embedder-Policy
credentialless
Content-Security-Policy-Report-Only
default-src 'self' https: https://www.google-analytics.com ; font-src * data:; connect-src 'self' cdn.cookielaw.org; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data:
Cross-Origin-Resource-Policy
cross-origin
Content-Length
2329
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Tue, 14 Feb 2023 19:33:16 GMT
Cross-Origin-Opener-Policy
same-origin
ETag
"026392fab40d91:0"
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Cache-Control
no-store
Permissions-Policy
accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
Accept-Ranges
bytes
default.ashx
microsoftbenefits.ehr.com/
268 KB
270 KB
Image
General
Full URL
https://microsoftbenefits.ehr.com/default.ashx?CLASSNAME=RESOURCEHANDLER&FNAME=MS-Employee-Login-Page.jpg
Requested by
Host: microsoftbenefits.ehr.com
URL: https://microsoftbenefits.ehr.com/default.ashx?CLASSNAME=RESOURCEHANDLER&ID=%25f9%255cye%2501%2519!%2588%253f%25eaD%2588%2508%25bc%255b%25f5
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
158.82.145.67 , United States, ASN40196 (WILLISNORTHAMERICA, US),
Reverse DNS
Software
/
Resource Hash
8b7cda08ee7444f3a47b464363bb34577e62d56fa2aa897c136af8ac6ab2cb7a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://microsoftbenefits.ehr.com/default.ashx?CLASSNAME=RESOURCEHANDLER&ID=%25f9%255cye%2501%2519!%2588%253f%25eaD%2588%2508%25bc%255b%25f5
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Date
Fri, 03 Mar 2023 22:51:53 GMT
X-Content-Type-Options
nosniff
Cross-Origin-Embedder-Policy
credentialless
Content-Security-Policy-Report-Only
default-src 'self' https: https://www.google-analytics.com ; font-src * data:; connect-src 'self' cdn.cookielaw.org; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data:
Cross-Origin-Resource-Policy
cross-origin
Content-Disposition
attachment; filename=MS-Employee-Login-Page.jpg
Content-Length
274905
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Mon, 26 Sep 2022 20:02:23 GMT
Cross-Origin-Opener-Policy
same-origin
ETag
ihRLQnQRqhT9RFnLHzJ0zX7CrpA=
x-frame-options
SAMEORIGIN, SAMEORIGIN
Content-Type
image/jpeg
Cache-Control
no-store
Permissions-Policy
accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
Expires
Fri, 03 Mar 2023 06:11:54 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
microsoftbenefits.ehr.com
URL
https://microsoftbenefits.ehr.com/_layouts/images/MicrosoftSDA/css/screen.css

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless

6 Cookies

Domain/Path Name / Value
microsoftbenefits.ehr.com/ Name: MicrosoftTCSApp
Value: c.%99%e6%83%ff%a1%7dk%3b%3a%ec%bc%5b%7f%83%8b%a1cU%90%9f%b6o%f4Ak%af9%c4%fduL%fa%cb%9c%1fe%26%a3%dfjH0Fx6%92
microsoftbenefits.ehr.com/ Name: MicrosoftTCSSessionHistory_Insert
Value: False
microsoftbenefits.ehr.com/ Name: MicrosoftTCSSessionHistory_Key
Value: 86a93ce6-9cb2-46a2-aff6-2acda80f1877
microsoftbenefits.ehr.com/ Name: MicrosoftTCSSessionHistory_Id
Value: 60122051
microsoftbenefits.ehr.com/ Name: f5-cookie
Value: !L4ZdNsurilbEvwZRj9+ylgEfX4CmCUsiFiRBHjBnM9zvzYvP1icS+rPfidmQFabMhr0J51q34MiMzqY=
microsoftbenefits.ehr.com/ Name: TS0118478f
Value: 01bfca5a259570a820c92d713403f82e054bfd03094824e168c0df2408c46bb294551d085e20be11c3bf3ab41da74e790c7898fd76fe036a65fd47bc565a9d5f0f61882409e3e6ebb5a60615d2d9393401b939f0a15261812d38b39cde8fcee46ae03aba5ad9591bcc4972b3761d7bff4a5290fcf18310ec5ee822c12f47cee206483ad593

4 Console Messages

Source Level URL
Text
security error URL: https://microsoftbenefits.ehr.com/default.ashx?CLASSNAME=LOGIN&NOUSER=TRUE(Line 4)
Message:
X-Frame-Options may only be set via an HTTP header sent along with a document. It may not be set inside <meta>.
security error URL: https://microsoftbenefits.ehr.com/default.ashx?CLASSNAME=LOGIN&NOUSER=TRUE
Message:
Refused to apply style from 'https://microsoftbenefits.ehr.com/_layouts/images/MicrosoftSDA/css/screen.css' because its MIME type ('text/html') is not a supported stylesheet MIME type, and strict MIME checking is enabled.
network error URL: https://microsoftbenefits.ehr.com/_layouts/images/MicrosoftSDA/scripts/Utilities.js
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
security error URL: https://microsoftbenefits.ehr.com/default.ashx?CLASSNAME=LOGIN&NOUSER=TRUE
Message:
Refused to execute script from 'https://microsoftbenefits.ehr.com/_layouts/images/MicrosoftSDA/scripts/Utilities.js' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block