login.aritic.com - urlscan.io

Summary

This website contacted 2 IPs in 2 countries across 3 domains to perform 5 HTTP transactions. The main IP is 35.180.166.78, located in Paris, France and belongs to AMAZON-02, US. The main domain is login.aritic.com.
TLS certificate: Issued by R3 on January 2nd 2023. Valid for: 3 months.

This is the only time login.aritic.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
6 6	195.154.45.207 195.154.45.207	12876 (Online SAS) (Online SAS)
1 2	35.180.166.78 35.180.166.78	16509 (AMAZON-02) (AMAZON-02)
4	15.204.155.238 15.204.155.238	16276 (OVH) (OVH)
5	2

6 195.154.45.207 (France) 6 redirects

ASN12876 (Online SAS, FR)
PTR: 195-154-45-207.rev.poneytelecom.eu

gmail4276-ma.ariticapp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.180.166.78 (Paris, France) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-35-180-166-78.eu-west-3.compute.amazonaws.com

login.aritic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 15.204.155.238 (Reston, United States)

ASN16276 (OVH, FR)
PTR: ip238.ip-15-204-155.us

demoapp.ctrmv.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	ariticapp.com 6 redirects gmail4276-ma.ariticapp.com	2 KB
4	ctrmv.com demoapp.ctrmv.com	186 KB
2	aritic.com 1 redirects login.aritic.com	2 KB
5	3

	Domain	Requested by
6	gmail4276-ma.ariticapp.com	6 redirects
4	demoapp.ctrmv.com	login.aritic.com
2	login.aritic.com	1 redirects
5	3

This site contains no links.

Subject Issuer	Validity	Valid
login.aritic.com R3	`2023-01-02` - `2023-04-02`	3 months	crt.sh
demoapp.ctrmv.com R3	`2023-01-26` - `2023-04-26`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://login.aritic.com/simplesaml/module.php/core/loginuserpass.php?AuthState=_bf129f8f6a89cbe1e5c0ab945c64deebe083787801%3Ahttps%3A%2F%2Flogin.aritic.com%2Fsimplesaml%2Fsaml2%2Fidp%2FSSOService.php%3Fspentityid%3Dsimplesaml1%26cookieTime%3D1677073553
Frame ID: A06BBFA62292D7EBCE9671CF7289888F
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://gmail4276-ma.ariticapp.com/ HTTP 302
https://gmail4276-ma.ariticapp.com/ma/ HTTP 302
https://gmail4276-ma.ariticapp.com/ma/s/dashboard HTTP 302
https://gmail4276-ma.ariticapp.com/ma/s/saml/login HTTP 302
https://gmail4276-ma.ariticapp.com/ma/saml/discovery HTTP 302
https://gmail4276-ma.ariticapp.com/ma/s/saml/login?idp=https%3A//login.aritic.com/simplesaml/saml2/idp/metadata... HTTP 302
https://login.aritic.com/simplesaml/saml2/idp/SSOService.php?SAMLRequest=fVFBbsIwELzzish34sQkAVkhCBVV... HTTP 302
https://login.aritic.com/simplesaml/module.php/core/loginuserpass.php?AuthState=_bf129f8f6a89cbe1e5c0... Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

5
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

2
IPs

2
Countries

188 kB
Transfer

812 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://gmail4276-ma.ariticapp.com/ HTTP 302
https://gmail4276-ma.ariticapp.com/ma/ HTTP 302
https://gmail4276-ma.ariticapp.com/ma/s/dashboard HTTP 302
https://gmail4276-ma.ariticapp.com/ma/s/saml/login HTTP 302
https://gmail4276-ma.ariticapp.com/ma/saml/discovery HTTP 302
https://gmail4276-ma.ariticapp.com/ma/s/saml/login?idp=https%3A//login.aritic.com/simplesaml/saml2/idp/metadata.php HTTP 302
https://login.aritic.com/simplesaml/saml2/idp/SSOService.php?SAMLRequest=fVFBbsIwELzzish34sQkAVkhCBVVQqKqRNoeekG2Y4hFbKdeB7W%2FbxJawYnLHmZnZ2Z389W3boKLdKCsWaI4jNCqmOTrztdmL786CT7oGQaWqHOGWgYKqGFaAvWCluuXHSVhRFtnvRW2QcF2s0SHSqScZKTKstmRL5J5MueEZIs04bxKGK9iuYgWFWeZQMHHv3ev048DdHJrwDPjeygis2lEpoS8xTOapDQlnyjY9KGUYX6cqr1vgWLc2JMyIXPKKxEKqzEo3TYSmG7wUAhWVYvL8rWU7qKEDNu6RcEaQLpB6Mka6LR0f933%2Fe4mrZk7y97xFDaMwyiuGYZR9up7ELUUZ1TkA0THHdz1bHRAHt%2BO%2FWdAwbN1mvnH9AFR1fQ4Uqk0XvkfVNy2jXN8l6LI8f0vi8kv&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1&Signature=IPMDMYqm3oQh1alXCVacBkJEAWiC98iWXY9XS4Nx9pPaazBnTNJfTAjeVnON1jEFU%2BmCrKU21PLUwz8XTkZlvC3gegrMTuPkf74oWi9Z4ISktVgzTKFhkYwhuSGhjX3E2g%2BKmYmgHdRIrQyg80euZU5lEsgwcnP%2B4ymmHAkTfSY%3D HTTP 302
https://login.aritic.com/simplesaml/module.php/core/loginuserpass.php?AuthState=_bf129f8f6a89cbe1e5c0ab945c64deebe083787801%3Ahttps%3A%2F%2Flogin.aritic.com%2Fsimplesaml%2Fsaml2%2Fidp%2FSSOService.php%3Fspentityid%3Dsimplesaml1%26cookieTime%3D1677073553 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request loginuserpass.php Show response login.aritic.com/simplesaml/module.php/core/ Redirect Chain https://gmail4276-ma.ariticapp.com/ https://gmail4276-ma.ariticapp.com/ma/ https://gmail4276-ma.ariticapp.com/ma/s/dashboard https://gmail4276-ma.ariticapp.com/ma/s/saml/login https://gmail4276-ma.ariticapp.com/ma/saml/discovery https://gmail4276-ma.ariticapp.com/ma/s/saml/login?idp=https%3A//login.aritic.com/simplesaml/saml2/idp/metadata.php https://login.aritic.com/simplesaml/saml2/idp/SSOService.php?SAMLRequest=fVFBbsIwELzzish34sQkAVkhCBVVQqKqRNoeekG2Y4hFbKdeB7W%2FbxJawYnLHmZnZ2Z389W3boKLdKCsWaI4jNCqmOTrztdmL786CT7oGQaWqHOGWgYKqGFaAv... https://login.aritic.com/simplesaml/module.php/core/loginuserpass.php?AuthState=_bf129f8f6a89cbe1e5c0ab945c64deebe083787801%3Ahttps%3A%2F%2Flogin.aritic.com%2Fsimplesaml%2Fsaml2%2Fidp%2FSSOService....	4 KB 2 KB	22ms 21ms	Document text/html	35.180.166.78 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://login.aritic.com/simplesaml/module.php/core/loginuserpass.php?AuthState=_bf129f8f6a89cbe1e5c0ab945c64deebe083787801%3Ahttps%3A%2F%2Flogin.aritic.com%2Fsimplesaml%2Fsaml2%2Fidp%2FSSOService.php%3Fspentityid%3Dsimplesaml1%26cookieTime%3D1677073553 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 35.180.166.78 Paris, France, ASN16509 (AMAZON-02, US), Reverse DNS ec2-35-180-166-78.eu-west-3.compute.amazonaws.com Software Apache/2.4.41 (Ubuntu) / Resource Hash `216f2223a811f5812b03e41dd919b6c14e952fe52d312943b7e0766b16b186e1` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36 accept-language fr-FR,fr;q=0.9 Response headers Cache-Control no-store, no-cache, must-revalidate Connection Keep-Alive Content-Encoding gzip Content-Length 1393 Content-Type text/html; charset=UTF-8 Date Wed, 22 Feb 2023 13:45:53 GMT Expires Thu, 19 Nov 1981 08:52:00 GMT Keep-Alive timeout=5, max=99 Pragma no-cache Server Apache/2.4.41 (Ubuntu) Vary Accept-Encoding Redirect headers Cache-Control no-cache, no-store, must-revalidate Connection Keep-Alive Content-Length 1339 Content-Type text/html; charset=UTF-8 Date Wed, 22 Feb 2023 13:45:53 GMT Expires Thu, 19 Nov 1981 08:52:00 GMT Keep-Alive timeout=5, max=100 Location https://login.aritic.com/simplesaml/module.php/core/loginuserpass.php?AuthState=_bf129f8f6a89cbe1e5c0ab945c64deebe083787801%3Ahttps%3A%2F%2Flogin.aritic.com%2Fsimplesaml%2Fsaml2%2Fidp%2FSSOService.php%3Fspentityid%3Dsimplesaml1%26cookieTime%3D1677073553 Pragma no-cache Server Apache/2.4.41 (Ubuntu)
GET H/1.1	200 OK	main.min.css demoapp.ctrmv.com/ma/media/css/	300 KB 44 KB	536ms 103ms	Stylesheet text/css	15.204.155.238 OVH
General Check archive.org Show headers Download Go to Full URL https://demoapp.ctrmv.com/ma/media/css/main.min.css Requested by Host: login.aritic.com URL: https://login.aritic.com/simplesaml/module.php/core/loginuserpass.php?AuthState=_bf129f8f6a89cbe1e5c0ab945c64deebe083787801%3Ahttps%3A%2F%2Flogin.aritic.com%2Fsimplesaml%2Fsaml2%2Fidp%2FSSOService.php%3Fspentityid%3Dsimplesaml1%26cookieTime%3D1677073553 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 15.204.155.238 Reston, United States, ASN16276 (OVH, FR), Reverse DNS ip238.ip-15-204-155.us Software Apache/2.4.29 (Ubuntu) / Resource Hash `aa14491ab506ab117a75ee9d7efcb4bd72ad209c5ea4ec137a12be25a8a803fb` Request headers accept-language fr-FR,fr;q=0.9 Referer https://login.aritic.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36 Response headers Date Wed, 22 Feb 2023 13:45:53 GMT Content-Encoding gzip Last-Modified Fri, 21 Jan 2022 07:30:14 GMT Server Apache/2.4.29 (Ubuntu) ETag "4b0a8-5d61296f5cd80-gzip" Vary Accept-Encoding,Origin Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 44528
GET H/1.1	200 OK	login_page.css demoapp.ctrmv.com/ma/media/css/	153 KB 22 KB	530ms 97ms	Stylesheet text/css	15.204.155.238 OVH
General Check archive.org Show headers Download Go to Full URL https://demoapp.ctrmv.com/ma/media/css/login_page.css Requested by Host: login.aritic.com URL: https://login.aritic.com/simplesaml/module.php/core/loginuserpass.php?AuthState=_bf129f8f6a89cbe1e5c0ab945c64deebe083787801%3Ahttps%3A%2F%2Flogin.aritic.com%2Fsimplesaml%2Fsaml2%2Fidp%2FSSOService.php%3Fspentityid%3Dsimplesaml1%26cookieTime%3D1677073553 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 15.204.155.238 Reston, United States, ASN16276 (OVH, FR), Reverse DNS ip238.ip-15-204-155.us Software Apache/2.4.29 (Ubuntu) / Resource Hash `430ed90b3a8702f8a3d5121cde450bac76da22ce88e1d3ae2480de5af598fd83` Request headers accept-language fr-FR,fr;q=0.9 Referer https://login.aritic.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36 Response headers Date Wed, 22 Feb 2023 13:45:53 GMT Content-Encoding gzip Last-Modified Mon, 04 Jan 2021 08:43:13 GMT Server Apache/2.4.29 (Ubuntu) ETag "265ca-5b80f1496ca40-gzip" Vary Accept-Encoding,Origin Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 21816
GET H/1.1	200 OK	common.min.js Show response demoapp.ctrmv.com/ma/media/js/	349 KB 114 KB	531ms 98ms	Script application/javascript	15.204.155.238 OVH
General Check archive.org Show headers Download Go to Full URL https://demoapp.ctrmv.com/ma/media/js/common.min.js Requested by Host: login.aritic.com URL: https://login.aritic.com/simplesaml/module.php/core/loginuserpass.php?AuthState=_bf129f8f6a89cbe1e5c0ab945c64deebe083787801%3Ahttps%3A%2F%2Flogin.aritic.com%2Fsimplesaml%2Fsaml2%2Fidp%2FSSOService.php%3Fspentityid%3Dsimplesaml1%26cookieTime%3D1677073553 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 15.204.155.238 Reston, United States, ASN16276 (OVH, FR), Reverse DNS ip238.ip-15-204-155.us Software Apache/2.4.29 (Ubuntu) / Resource Hash `0910cc54a4d490b94e502c191bc7c86230a2c1a1d28ab01fe49b47d6f17eb632` Request headers accept-language fr-FR,fr;q=0.9 Referer https://login.aritic.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36 Response headers Date Wed, 22 Feb 2023 13:45:53 GMT Content-Encoding gzip Last-Modified Fri, 21 Jan 2022 07:30:15 GMT Server Apache/2.4.29 (Ubuntu) ETag "573a3-5d61297050fc0-gzip" Vary Accept-Encoding,Origin Transfer-Encoding chunked Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100
GET H/1.1	200 OK	aritic_logo.png demoapp.ctrmv.com/ma/media/images/	6 KB 6 KB	94ms 93ms	Image image/png	15.204.155.238 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://demoapp.ctrmv.com/ma/media/images/aritic_logo.png Requested by Host: login.aritic.com URL: https://login.aritic.com/simplesaml/module.php/core/loginuserpass.php?AuthState=_bf129f8f6a89cbe1e5c0ab945c64deebe083787801%3Ahttps%3A%2F%2Flogin.aritic.com%2Fsimplesaml%2Fsaml2%2Fidp%2FSSOService.php%3Fspentityid%3Dsimplesaml1%26cookieTime%3D1677073553 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 15.204.155.238 Reston, United States, ASN16276 (OVH, FR), Reverse DNS ip238.ip-15-204-155.us Software Apache/2.4.29 (Ubuntu) / Resource Hash `6854ec972cc16ed960411369af65bd31a2fbc89ad63ed7fc7b77742ce2411541` Request headers accept-language fr-FR,fr;q=0.9 Referer https://login.aritic.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36 Response headers Date Wed, 22 Feb 2023 13:45:53 GMT Last-Modified Mon, 04 Jan 2021 08:43:13 GMT Server Apache/2.4.29 (Ubuntu) ETag "168d-5b80f1496ca40" Vary Origin Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 5773

Verdicts & Comments Add Verdict or Comment

31 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			gmail4276-ma.ariticapp.com/	1969-12-31 23:59:59	Name: b9620110ca4f309c2b03be5ecd7d54fb Value: brqii2its8clsfkonc3jat072j
			login.aritic.com/	1969-12-31 23:59:59	Name: SimpleSAML Value: 2bcracepp1an6i999ee75p0c4q

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

demoapp.ctrmv.com
gmail4276-ma.ariticapp.com
login.aritic.com
15.204.155.238
195.154.45.207
35.180.166.78
0910cc54a4d490b94e502c191bc7c86230a2c1a1d28ab01fe49b47d6f17eb632
216f2223a811f5812b03e41dd919b6c14e952fe52d312943b7e0766b16b186e1
430ed90b3a8702f8a3d5121cde450bac76da22ce88e1d3ae2480de5af598fd83
6854ec972cc16ed960411369af65bd31a2fbc89ad63ed7fc7b77742ce2411541
aa14491ab506ab117a75ee9d7efcb4bd72ad209c5ea4ec137a12be25a8a803fb

login.aritic.com Open in urlscan Pro 35.180.166.78 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

5 Requests

100 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

2 IPs

2 Countries

188 kBTransfer

812 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

31 JavaScript Global Variables

2 Cookies

Indicators

login.aritic.com Open in urlscan Pro
35.180.166.78 Public Scan

Screenshot
Live screenshot

Full Image

5
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

2
IPs

2
Countries

188 kB
Transfer

812 kB
Size

2
Cookies

5 HTTP transactions
0 data transactions