login.ttm.amnhealthcare.com
Open in
urlscan Pro
2620:1ec:46::19
Public Scan
Effective URL: https://login.ttm.amnhealthcare.com/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fredirect_uri%3Dhttps%253A%252F%252Fs...
Submission Tags: falconsandbox
Submission: On April 17 via api from US
Summary
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on June 9th 2020. Valid for: 2 years.
This is the only time login.ttm.amnhealthcare.com was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 2 | 45.60.14.254 45.60.14.254 | 19551 (INCAPSULA) (INCAPSULA) | |
1 12 | 2620:1ec:46::19 2620:1ec:46::19 | 8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
5 | 104.111.236.100 104.111.236.100 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
17 | 3 |
ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
login.ttm.amnhealthcare.com |
ASN16625 (AKAMAI-AS, US)
PTR: a104-111-236-100.deploy.static.akamaitechnologies.com
cdn.walkme.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
12 |
amnhealthcare.com
1 redirects
login.ttm.amnhealthcare.com |
708 KB |
5 |
walkme.com
cdn.walkme.com |
522 KB |
2 |
shiftwise.net
1 redirects
secure.shiftwise.net |
10 KB |
17 | 3 |
Domain | Requested by | |
---|---|---|
12 | login.ttm.amnhealthcare.com |
1 redirects
login.ttm.amnhealthcare.com
|
5 | cdn.walkme.com |
login.ttm.amnhealthcare.com
cdn.walkme.com |
2 | secure.shiftwise.net |
1 redirects
login.ttm.amnhealthcare.com
|
17 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.shiftwise.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.ttm.amnhealthcare.com Go Daddy Secure Certificate Authority - G2 |
2020-06-09 - 2022-06-09 |
2 years | crt.sh |
incapsula.com GlobalSign CloudSSL CA - SHA256 - G3 |
2021-04-16 - 2021-07-20 |
3 months | crt.sh |
walkme.com DigiCert SHA2 Secure Server CA |
2020-11-01 - 2021-11-30 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://login.ttm.amnhealthcare.com/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fredirect_uri%3Dhttps%253A%252F%252Fsecure.shiftwise.net%252Fesp%252Flogin%252FTokenLogin.aspx%26client_id%3DAmn.Vms.ShiftWise%26response_type%3Dcode%26scope%3Dopenid%2520profile%2520offline_access%2520Amn.Vms.ShiftWise.ProductApi%26code_challenge%3DRTjwYQCaget09zJWMndkHkC2Lp7aN_K5Cd7rkmLESoA%26code_challenge_method%3DS256%26response_mode%3Dform_post%26state%3D6c611252d4a340a79d9afc1af37c029d%26nonce%3Df815a3585fee41cbae006d7f4bc06477
Frame ID: 91ABB9E467D045E1E2D264AB22081849
Requests: 17 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://secure.shiftwise.net/esp/login/login.aspx
HTTP 302
https://login.ttm.amnhealthcare.com/connect/authorize?redirect_uri=https%3a%2f%2fsecure.shiftwise.net%2fesp%2flo... HTTP 302
https://login.ttm.amnhealthcare.com/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fredirect_uri%3Dh... Page URL
Detected technologies
Windows Server (Operating Systems) ExpandDetected patterns
- url /\.aspx?(?:$|\?)/i
Bootstrap (Web Frameworks) Expand
Detected patterns
- html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
- script /(?:\/([\d.]+))?(?:\/js)?\/bootstrap(?:\.min)?\.js/i
Materialize CSS (Web Frameworks) Expand
Detected patterns
- html /<link[^>]* href="[^"]*materialize(?:\.min)?\.css/i
Microsoft ASP.NET (Web Frameworks) Expand
Detected patterns
- url /\.aspx?(?:$|\?)/i
IIS (Web Servers) Expand
Detected patterns
- url /\.aspx?(?:$|\?)/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
- html /<link[^>]* href="[^"]*materialize(?:\.min)?\.css/i
Page Statistics
2 Outgoing links
These are links going to different origins than the main page.
Title:
Search URL Search Domain Scan URL
Title: Click here
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://secure.shiftwise.net/esp/login/login.aspx
HTTP 302
https://login.ttm.amnhealthcare.com/connect/authorize?redirect_uri=https%3a%2f%2fsecure.shiftwise.net%2fesp%2flogin%2fTokenLogin.aspx&client_id=Amn.Vms.ShiftWise&response_type=code&scope=openid+profile+offline_access+Amn.Vms.ShiftWise.ProductApi&code_challenge=RTjwYQCaget09zJWMndkHkC2Lp7aN_K5Cd7rkmLESoA&code_challenge_method=S256&response_mode=form_post&state=6c611252d4a340a79d9afc1af37c029d&nonce=f815a3585fee41cbae006d7f4bc06477 HTTP 302
https://login.ttm.amnhealthcare.com/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fredirect_uri%3Dhttps%253A%252F%252Fsecure.shiftwise.net%252Fesp%252Flogin%252FTokenLogin.aspx%26client_id%3DAmn.Vms.ShiftWise%26response_type%3Dcode%26scope%3Dopenid%2520profile%2520offline_access%2520Amn.Vms.ShiftWise.ProductApi%26code_challenge%3DRTjwYQCaget09zJWMndkHkC2Lp7aN_K5Cd7rkmLESoA%26code_challenge_method%3DS256%26response_mode%3Dform_post%26state%3D6c611252d4a340a79d9afc1af37c029d%26nonce%3Df815a3585fee41cbae006d7f4bc06477 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
17 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
Login
login.ttm.amnhealthcare.com/Account/ Redirect Chain
|
8 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
shiftWiseLogin.css
login.ttm.amnhealthcare.com/css/ |
6 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
util.css
login.ttm.amnhealthcare.com/css/ |
3 KB 842 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.css
login.ttm.amnhealthcare.com/lib/bootstrap/css/ |
151 KB 32 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
materialize.css
login.ttm.amnhealthcare.com/lib/materialize/ |
438 KB 113 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
swlogo.svg
login.ttm.amnhealthcare.com/assets/images/ |
5 KB 5 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
145367.jpg
secure.shiftwise.net/OrganizationLogos/ |
8 KB 9 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
TrainingImageCrop.jpg
login.ttm.amnhealthcare.com/assets/images/ |
53 KB 53 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.js
login.ttm.amnhealthcare.com/lib/jquery/ |
251 KB 97 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.js
login.ttm.amnhealthcare.com/lib/bootstrap/js/ |
70 KB 21 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
LoginBackground.jpg
login.ttm.amnhealthcare.com/assets/images/ |
201 KB 202 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
IBMPlexSans-Regular.ttf
login.ttm.amnhealthcare.com/assets/fonts/ |
177 KB 178 KB |
Font
application/x-font-ttf |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
walkme_04c228883f62436d93afaf255e6596cd_https.js
cdn.walkme.com/users/04c228883f62436d93afaf255e6596cd/ |
20 KB 8 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
settings.txt
cdn.walkme.com/users/04c228883f62436d93afaf255e6596cd/ |
1 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wmjQuery171.js
cdn.walkme.com/player/resources/ |
92 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
walkme_lib_20210401-233919-d9010969.js
cdn.walkme.com/player/lib/ |
2 MB 479 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
walkme_config_7cd1b4d39e4c44dbad459ddecb939330.js
cdn.walkme.com/users/04c228883f62436d93afaf255e6596cd/ |
3 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
23 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated function| SetCursorToTextEnd function| $ function| jQuery object| _walkmeConfig function| WalkmeSnippet object| _walkmeInternals object| wmSnippet undefined| fixedCallback function| mtjQuery function| wmjQuery object| _walkmeWebpackJP object| _makeTutorialEv1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
login.ttm.amnhealthcare.com/ | Name: .AspNetCore.Antiforgery.w5W7x28NAIs Value: CfDJ8C9AmGIix6NDunt8uLJY0E2n_VD2SH4lbKMx9ytT3337aQvxn5cNO6f9NZ9_2fDvjMYRKSVlhCNXyL3ZyJHfTzjpPJHPMQpV8fkHhvK3whbyQXxo9xBUHvgmkqWdha9PvBFEEs5MllSOxWAPZriUwV8 |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.walkme.com *.shiftwise.com *.newrelic.com *.authorize.net *.nr-data.net https://d3sbxpiag177w8.cloudfront.net s3.walkmeusercontent.com https://clients2.google.com/service/update2/crx https://safari-extensions.apple.com/details/; img-src * data: blob: filesystem: mediastream: *.google-analytics.com *.walkme.com *.shiftwise.com *.authorize.net https://d2qhvajt3imc89.cloudfront.net https://d3sbxpiag177w8.cloudfront.net s3.walkmeusercontent.com https://s3.amazonaws.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; |
X-Content-Security-Policy | script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.walkme.com *.shiftwise.com *.newrelic.com *.authorize.net *.nr-data.net https://d3sbxpiag177w8.cloudfront.net s3.walkmeusercontent.com https://clients2.google.com/service/update2/crx https://safari-extensions.apple.com/details/; img-src * data: blob: filesystem: mediastream: *.google-analytics.com *.walkme.com *.shiftwise.com *.authorize.net https://d2qhvajt3imc89.cloudfront.net https://d3sbxpiag177w8.cloudfront.net s3.walkmeusercontent.com https://s3.amazonaws.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; |
X-Content-Type-Options | nosniff |
X-Frame-Options | SAMEORIGIN |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.walkme.com
login.ttm.amnhealthcare.com
secure.shiftwise.net
104.111.236.100
2620:1ec:46::19
45.60.14.254
08d30ac2be6a847a1682b3346d246adcff13207b9b1b012153fe9a00c7e8cfa9
0a7f216533d52b6c9a1d969b3cd64b4534c351aa0bbcaf3f3a4ca368369ad1a3
103b89e9ef1d36920b64a3db3bad144529aa287b858e4d6af61454bc13fa8ce7
2e9e48d2396b5d4811a0f6f3f3157c885d318aa30f37226abb48aafb818c8ccf
37cd10996cc09db978ed954361acf846a9b440bf5f955a876e729cf0ca7e693f
51b19605f596785c20c136598e3934cbd2b0491ceff58610cd523b8defb6db47
53e191323344ef4eaa984ebc63d1d2f1090c636a19e7549ffd45541b0c302e01
5f61706c8a07d940c539b6a21fa576cc9e9d52d597a0d295e65a7c52d0922b46
63065559d81451a99cbd15de5e151a5850d0e535c459fa372b5396338380942e
6bde5eee77006ea3c1808dffc6fecab53d73f49e2d41ae35566ad12adefc7c90
745f657a0e9964f2a1a41a9fcf2b673aa389440a41d8fa3e2ed99e5780da08c8
89995da1fd64592c2aa46925f238babeff584f379cdabce4ca7eff82cce2ffa5
8c34c37291ee6d38191ac0a84ef1aedde856af334a96245759d0482912edb067
95b9746fbc2d94276ea846b5fc148a9dea5bc68d7e8a46cb0410843a2cfc453e
d4b341e0e1b10b8d9d72b33a552d9a4c5f181644a550e6c5290ffbd0df7ff698
f7caf55c99cacd2b7bd1bf2fd34f21ba0a9ffb13870ecbf5401b3bf6a52e1336
fa6d4e58bdbe21df0930831e3b6c9384a6986ca0af9ccf4a037e2cfcf6d0d604