sso.hdrid.com
Open in
urlscan Pro
199.168.243.186
Public Scan
Submitted URL: https://auth.uneplan.com/
Effective URL: https://sso.hdrid.com/oamfed/idp/samlv20?SAMLRequest=fZJLT8MwEIT%2FSuR749TpI7WaSKEVolKBqgkcuCAncYglxw5ep8C%2FJw8e5UCv9...
Submission: On August 29 via automatic, source certstream-suspicious
Effective URL: https://sso.hdrid.com/oamfed/idp/samlv20?SAMLRequest=fZJLT8MwEIT%2FSuR749TpI7WaSKEVolKBqgkcuCAncYglxw5ep8C%2FJw8e5UCv9...
Submission: On August 29 via automatic, source certstream-suspicious
Summary
This website contacted 2 IPs
in 1 countries
across 2 domains to perform 4 HTTP transactions.
The main IP is 199.168.243.186, located in
United States and
belongs to HDR-CORP, US.
The main domain is sso.hdrid.com.
TLS certificate: Issued by DigiCert SHA2 Secure Server CA on September 9th 2020. Valid for: a year.
This is the only time sso.hdrid.com was scanned on urlscan.io!
TLS certificate: Issued by DigiCert SHA2 Secure Server CA on September 9th 2020. Valid for: a year.
This is the only time sso.hdrid.com was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 2 | 18.218.251.1 18.218.251.1 | 16509 (AMAZON-02) (AMAZON-02) | |
| 3 | 199.168.243.186 199.168.243.186 | 18708 (HDR-CORP) (HDR-CORP) | |
| 4 | 2 |
2
18.218.251.1
(Columbus, United States)
ASN16509 (AMAZON-02, US)
PTR: ec2-18-218-251-1.us-east-2.compute.amazonaws.com
ASN16509 (AMAZON-02, US)
PTR: ec2-18-218-251-1.us-east-2.compute.amazonaws.com
| auth.uneplan.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 3 |
hdrid.com
sso.hdrid.com |
90 KB |
| 2 |
uneplan.com
1 redirects
auth.uneplan.com |
1 KB |
| 4 | 2 |
| Domain | Requested by | |
|---|---|---|
| 3 | sso.hdrid.com |
sso.hdrid.com
|
| 2 | auth.uneplan.com | 1 redirects |
| 4 | 2 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| auth.uneplan.com R3 |
2021-08-29 - 2021-11-27 |
3 months | crt.sh |
| *.hdrid.com DigiCert SHA2 Secure Server CA |
2020-09-09 - 2021-10-11 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://sso.hdrid.com/oamfed/idp/samlv20?SAMLRequest=fZJLT8MwEIT%2FSuR749TpI7WaSKEVolKBqgkcuCAncYglxw5ep8C%2FJw8e5UCv9uzMzqddA6tlQ%2BPWVurIX1sO1nmvpQI6fISoNYpqBgKoYjUHanOaxLd7SlyPNkZbnWuJnBiAGyu02mgFbc1Nws1J5PzhuA9RZW0DFGPWhbit4o1kys11jZNKZJmWvHsG0Lj3Jfhwn6TI2XaLCMV6y1%2BDTuRWhRHFMK1ZXfICi6LB%2Fa4n4iHnWpucD2VCNEXObhuiZzIjfu6XhT%2BbBsRfrvjCXywDPwuyZVnOsl4G0PKdAsuUDRHxyHTiBROySr2Azud0vnpCzuGr65VQhVAvl8FkowjoTZoeJmOjR25gaNMJULTuV6ZDsDkDftmWfVNG0b9M4YfpGp9ljIENvetMd9uDliL%2FcGIp9dvGcGZ5jwtH48jfc4g%2BAQ%3D%3D&RelayState=ss%3Amem%3Acf014981956b0e030a13c1ba703a879a5738ccf112a64a5aa80f38faff92ca4c
Frame ID: B05287609A4A259E83E99CC24A8565A9
Requests: 4 HTTP requests in this frame
Screenshot
Page Title
LoginPage URL History Show full URLs
- https://auth.uneplan.com/ Page URL
-
https://auth.uneplan.com/secure
HTTP 302
https://sso.hdrid.com/oamfed/idp/samlv20?SAMLRequest=fZJLT8MwEIT%2FSuR749TpI7WaSKEVolKBqgkcuCAncYg... Page URL
Detected technologies
Ubuntu
(Operating Systems)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /Ubuntu/i
Apache
(Web Servers)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://auth.uneplan.com/ Page URL
-
https://auth.uneplan.com/secure
HTTP 302
https://sso.hdrid.com/oamfed/idp/samlv20?SAMLRequest=fZJLT8MwEIT%2FSuR749TpI7WaSKEVolKBqgkcuCAncYglxw5ep8C%2FJw8e5UCv9uzMzqddA6tlQ%2BPWVurIX1sO1nmvpQI6fISoNYpqBgKoYjUHanOaxLd7SlyPNkZbnWuJnBiAGyu02mgFbc1Nws1J5PzhuA9RZW0DFGPWhbit4o1kys11jZNKZJmWvHsG0Lj3Jfhwn6TI2XaLCMV6y1%2BDTuRWhRHFMK1ZXfICi6LB%2Fa4n4iHnWpucD2VCNEXObhuiZzIjfu6XhT%2BbBsRfrvjCXywDPwuyZVnOsl4G0PKdAsuUDRHxyHTiBROySr2Azud0vnpCzuGr65VQhVAvl8FkowjoTZoeJmOjR25gaNMJULTuV6ZDsDkDftmWfVNG0b9M4YfpGp9ljIENvetMd9uDliL%2FcGIp9dvGcGZ5jwtH48jfc4g%2BAQ%3D%3D&RelayState=ss%3Amem%3Acf014981956b0e030a13c1ba703a879a5738ccf112a64a5aa80f38faff92ca4c Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
4 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
/
auth.uneplan.com/ |
187 B 491 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Primary Request
 Cookie set
samlv20
sso.hdrid.com/oamfed/idp/ Redirect Chain
|
1 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
main.css
sso.hdrid.com/oamwebsso//pages/css/ |
3 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
login_logo.png
sso.hdrid.com/oamwebsso/pages/images/ |
83 KB 83 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
11 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated5 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| sso.hdrid.com/ | Name: OAM_REQ_COUNT Value: VERSION_4~1 |
|
| sso.hdrid.com/ | Name: ECID-Context Value: 1.005mevYf6hE7a6S5qFl3iY0000ws000KJO@kZglv0ZGZKSULGSPXKTPJHSRo4USpLO |
|
| sso.hdrid.com/ | Name: OAM_REQ_0 Value: VERSION_4~qwMhnjZedL%2fqR9Uq4P52DcNIQz%2b0eDkrQt%2f0S8VwC8eKmgm4RCRmgPRXzxwqR1crbrRHvfr0nWdoYiYw9%2bS%2bE3qzGNsx%2fXs8H2yhqZfMI5fExP28%2bnpVH%2baMIaz%2blTGDYLK%2bfqkLJRZavAM8KWUjxqZd5xGf33ZBFfLco%2bKgQLMd0R2Z4TlUhVWxQwpTKajOURiW%2fnaPd5FF9z9cMhRN5t8VhnesqqXFqJhCO7y897d4nmlwgnW38uDQUZEx10P2CI9A0Wob0rK6%2bxkdNwxrLVStdhyzCWpZK2OwrS8kJsYNqKKTStnJmoZ7QqsY58qQ9V1cj8gRqa%2fppONlijytb8I9DljMKBbEFg0qCslryRq0IXk%2fDI8IlcIIk%2bFWdeNLgOgEILl9pKfe28omJhkU5jyAFWw6tVDJNoU83huCKNot5g9EDPUEyVes7Rlsbmu%2bBhZf67v%2bHbUy2AogAukCDbk8GqcsR3PbRwa0o2kMSUpx0WZ1BvmY%2f08hKJYmgdNTDmAusJcOyUJti4OOr7yHqrz21aRR1LTK2HEdseRJ%2fpIWv9OyDOTfGrTn4ri43e0b9vUE48ZCYCM1Kl9sV71JbDe%2fqY2BGWn6Ov%2fRXBCWlP7508Jbi6V0KRuH8xj%2ftTxZH23JpSsuPGZ6EaYMF3W6MzrTUMNMBx%2bDu8TlvYXBtI9U55h4vqsEIjlWulYZkjLE1r%2fqNSYmJAXrOxmftOA0DqRnlRwk7y5e6FMit9Xj0lCAE6zAZl9uhmChZ8tPL3b02c5Hi6A1WEwDYfM6Z3s3e2gqFzT1zqbLTi%2bJlgL2LEdqeCA1bGqjJchdFEIu%2bWRjGhwlXbScVl2mTkuuaEC5K61diPJ7jLVNSsQvIZz8qNqlHJw1DCdwlcrS2eouNRfvpvU0jxevm6XRdj4LCkoop%2bR34znmgL99i2dnRVnlHrDoOSh2u24HtCU%2fPDHoPvJzQvO6zynqkzDFXLfw7hhyE3kHBwZQkkCHSh%2fisI%2biQMLoCaTLSF0i63bT7sA5uuMuZb0oqQKfA48OoFfGjepOh8v671R18Pgsl982QM0sBBpzUddHOUI%2feQOrdkzSOUqja96%2fWUjsj%2fk3f8paJdUCnYiaPz5UsCEoSNFjacgWEjrfI7Ayvhz6idAhu95OMC7HzcB66pjLRqrHO7FyHfLNPsaIRc%2fENddO8E51AsUXHbP679rGTd%2feRhekFtJZg8YeZAzLm9HeS9OxWP%2fG2U%2bUfk8qYlgSefVNLIl2OQId0U%2bIbPA4YqEZAu%2fE2nQHzNccFQTUeKC7DHnryicrhI6yRIIgjQ0EEg57VrDUGh1m9jkvTNW8Rc1KSpPQt6WLKfg%2bkPQNhOudbXrlBMd0cmcA9xWPJGJrchCagF%2bixwEeLkYa0ySUj8o5klHMl71x3GT8ZFasxyd7YrUz66tAd7cQpiOkiKjN1bU4Qo4UjiMc%2bk9CHZueGyTUMtWvugUzZf3BMkydRNNOjSucE0BxZUw5bBraavNrFYBEGmkb4y14No%2fa78JdukwRuk36OALXhO%2br2SF4RMSETx2mrGngrGj8rXvK3%2bDXGTdlfSdgStXSygLTcc%2bQi9SvhzkeXXO5603O8hmQZibAWkTHkYADIDjmUg17U7S%2bwr%2fAF6bK6CCD0OAv5UjUll75LiVw55B4HFuk |
|
| sso.hdrid.com/ | Name: JSESSIONID Value: sQJGhrLfcwT1JZTYbgngLj0qs6vD7ZVgmX621YGtD8c35Fdm9psn!-1230209446 |
|
| sso.hdrid.com/ | Name: OAM_JSESSIONID Value: 93LBhrLfRD9Nh0Y99tMpQxGPtrTnJ9LYQjL8wnzBzzpRkqb5x8Ts!-1230209446 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
auth.uneplan.com
sso.hdrid.com
18.218.251.1
199.168.243.186
0446ee5724b9d5889671f78a02614ca5c909faae20dcef62c0bf279d3d5fbd78
0b1ad14715eaae8edd7fd5a4b4f58b3f0279ffa1edfa658490d7b3e2d2eebd04
273c7f6b202f43b1dc93708a99554cc77a6ee22b339e99a81db027607812a969
4056440358b01a5adef33b81409b9476d7447155d11fcebc392c9281f44916a8