urlscan.io logo urlscan.io
SecurityTrails logo

centralparticipant.lh1ondemand.com Open in urlscan Pro
45.223.165.93  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://centralparticipant.lh1ondemand.com/PortalSkinHandler.ashx?file=1&type=400&emp=CB5107&adm=ASF
Effective URL: https://centralparticipant.lh1ondemand.com/PortalSkinHandler.ashx?file=1&type=400&emp=CB5107&adm=ASF
Submission: On January 10 via manual from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 1 HTTP transactions. The main IP is 45.223.165.93, located in United States and belongs to INCAPSULA, US. The main domain is centralparticipant.lh1ondemand.com.
TLS certificate: Issued by Entrust Certification Authority - L1K on September 12th 2023. Valid for: a year.
This is the only time centralparticipant.lh1ondemand.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2 45.223.165.93 19551 (INCAPSULA)
1 1
Apex Domain
Subdomains		 Transfer
2 lh1ondemand.com
centralparticipant.lh1ondemand.com
13 KB
1 1
Domain Requested by
2 centralparticipant.lh1ondemand.com 1 redirects
1 1

This site contains no links.

Subject Issuer Validity Valid
*.lh1ondemand.com
Entrust Certification Authority - L1K		 2023-09-12 -
2024-10-09		 a year crt.sh

This page contains 1 frames:

Primary Page: https://centralparticipant.lh1ondemand.com/PortalSkinHandler.ashx?file=1&type=400&emp=CB5107&adm=ASF
Frame ID: FDA6A57471A9E9935CCB4C1312D288F5
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

PortalSkinHandler.ashx (500×150)

Page URL History Show full URLs

  1. http://centralparticipant.lh1ondemand.com/PortalSkinHandler.ashx?file=1&type=400&emp=CB5107&adm=ASF HTTP 301
    https://centralparticipant.lh1ondemand.com/PortalSkinHandler.ashx?file=1&type=400&emp=CB5107&adm=ASF Page URL

Page Statistics

1
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

13 kB
Transfer

11 kB
Size

6
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://centralparticipant.lh1ondemand.com/PortalSkinHandler.ashx?file=1&type=400&emp=CB5107&adm=ASF HTTP 301
    https://centralparticipant.lh1ondemand.com/PortalSkinHandler.ashx?file=1&type=400&emp=CB5107&adm=ASF Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

1 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request PortalSkinHandler.ashx
centralparticipant.lh1ondemand.com/
Redirect Chain
  • http://centralparticipant.lh1ondemand.com/PortalSkinHandler.ashx?file=1&type=400&emp=CB5107&adm=ASF
  • https://centralparticipant.lh1ondemand.com/PortalSkinHandler.ashx?file=1&type=400&emp=CB5107&adm=ASF
11 KB
13 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://centralparticipant.lh1ondemand.com/PortalSkinHandler.ashx?file=1&type=400&emp=CB5107&adm=ASF
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.223.165.93 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
aea00dc3544fe9ec236015c1c2f542de891b6c0dad383c84282d9ed705964818
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' assets.adobedtm.com https://www.google.com https://www.gstatic.com https://cdn.evgnet.com https://wexinc2.us-5.evergage.com https://cdn.evergage.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com fonts.googleapis.com https://wexinc2.us-5.evergage.com https://cdn.evergage.com https://cdn.evgnet.com; font-src 'self' https://maxcdn.bootstrapcdn.com fonts.gstatic.com; media-src *; object-src 'none'; frame-src 'self' http: fast.whc.demdex.net; connect-src 'self' dpm.demdex.net https://wexinc2.us-5.evergage.com https://cdn.evergage.com https://northamerica.directline.botframework.com wss://northamerica.directline.botframework.com blob:; img-src 'self' * data:;;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private, must-revalidate, max-age=0
content-length
11748
content-security-policy
upgrade-insecure-requests; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' assets.adobedtm.com https://www.google.com https://www.gstatic.com https://cdn.evgnet.com https://wexinc2.us-5.evergage.com https://cdn.evergage.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com fonts.googleapis.com https://wexinc2.us-5.evergage.com https://cdn.evergage.com https://cdn.evgnet.com; font-src 'self' https://maxcdn.bootstrapcdn.com fonts.gstatic.com; media-src *; object-src 'none'; frame-src 'self' http: fast.whc.demdex.net; connect-src 'self' dpm.demdex.net https://wexinc2.us-5.evergage.com https://cdn.evergage.com https://northamerica.directline.botframework.com wss://northamerica.directline.botframework.com blob:; img-src 'self' * data:;;
content-type
image/png
date
Wed, 10 Jan 2024 18:10:07 GMT
etag
364CDEFE61C392A896BF548088C034DE
expires
-1
pragma
no-cache
server
Microsoft-IIS/10.0
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-cdn
Imperva
x-iinfo
10-12087030-12087176 NNNN CT(137 539 0) RT(1704910205860 674) q(0 0 7 1) r(8 8) U2
x-ua-compatible
IE=edge

Redirect headers

Connection
close
Content-Length
0
Location
https://centralparticipant.lh1ondemand.com/PortalSkinHandler.ashx?file=1&type=400&emp=CB5107&adm=ASF

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture

6 Cookies

Domain/Path Name / Value
centralparticipant.lh1ondemand.com/ Name: cdh-cookieCORS
Value: 27c5fe69b5addf4d9e4c86f23de039fc
centralparticipant.lh1ondemand.com/ Name: cdh-cookie
Value: 27c5fe69b5addf4d9e4c86f23de039fc
centralparticipant.lh1ondemand.com/ Name: ASP.NET_SessionId
Value: ocjucxwuojjaqo30d15guvsg
.lh1ondemand.com/ Name: visid_incap_2960416
Value: 2MvY9gJ1RQapFMwRfJNSx37dnmUAAAAAQUIPAAAAAAC2lT63SDvBjHe4+/FX7UZe
.lh1ondemand.com/ Name: nlbi_2960416
Value: DHB+GFJWNmHesUDq/sRgKQAAAAA804EK6xucZDN/tqA+gXtW
.lh1ondemand.com/ Name: incap_ses_184_2960416
Value: CobFXp5XsRCdCa2n3LONAn/dnmUAAAAArdJ3XRvgvaq8Of9o4khzFA==

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' assets.adobedtm.com https://www.google.com https://www.gstatic.com https://cdn.evgnet.com https://wexinc2.us-5.evergage.com https://cdn.evergage.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com fonts.googleapis.com https://wexinc2.us-5.evergage.com https://cdn.evergage.com https://cdn.evgnet.com; font-src 'self' https://maxcdn.bootstrapcdn.com fonts.gstatic.com; media-src *; object-src 'none'; frame-src 'self' http: fast.whc.demdex.net; connect-src 'self' dpm.demdex.net https://wexinc2.us-5.evergage.com https://cdn.evergage.com https://northamerica.directline.botframework.com wss://northamerica.directline.botframework.com blob:; img-src 'self' * data:;;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

centralparticipant.lh1ondemand.com
45.223.165.93
aea00dc3544fe9ec236015c1c2f542de891b6c0dad383c84282d9ed705964818