urlscan.io logo urlscan.io
SecurityTrails logo

sso-742a7144.sso.duosecurity.com Open in urlscan Pro
99.83.234.190  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://50.170.86.2/
Effective URL: https://sso-742a7144.sso.duosecurity.com/saml2/sp/DICFFIY6CZBAUN9YRA87/sso
Submission: On March 15 via manual from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 3 HTTP transactions. The main IP is 99.83.234.190, located in United States and belongs to AMAZON-02, US. The main domain is sso-742a7144.sso.duosecurity.com.
TLS certificate: Issued by Amazon RSA 2048 M01 on April 25th 2023. Valid for: a year.
This is the only time sso-742a7144.sso.duosecurity.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 3 50.170.86.2 15124 (TOR-CCONN...)
2 99.83.234.190 16509 (AMAZON-02)
3 2
Apex Domain
Subdomains		 Transfer
2 duosecurity.com
sso-742a7144.sso.duosecurity.com
35 KB
3 1
Domain Requested by
2 sso-742a7144.sso.duosecurity.com sso-742a7144.sso.duosecurity.com
3 1

This site contains no links.

Subject Issuer Validity Valid
vpn.ridgefieldct.gov
Go Daddy Secure Certificate Authority - G2		 2023-07-06 -
2024-07-06		 a year crt.sh
*.login.duosecurity.com
Amazon RSA 2048 M01		 2023-04-25 -
2024-05-23		 a year crt.sh

This page contains 1 frames:

Primary Page: https://sso-742a7144.sso.duosecurity.com/saml2/sp/DICFFIY6CZBAUN9YRA87/sso
Frame ID: 212C353194ADFEA06C9CB5CC54A2B3BE
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Oops

Page URL History Show full URLs

  1. http://50.170.86.2/ HTTP 301
    https://50.170.86.2/ HTTP 302
    https://50.170.86.2/global-protect/login.esp Page URL
  2. https://sso-742a7144.sso.duosecurity.com/saml2/sp/DICFFIY6CZBAUN9YRA87/sso Page URL

Page Statistics

3
Requests

67 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

37 kB
Transfer

156 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://50.170.86.2/ HTTP 301
    https://50.170.86.2/ HTTP 302
    https://50.170.86.2/global-protect/login.esp Page URL
  2. https://sso-742a7144.sso.duosecurity.com/saml2/sp/DICFFIY6CZBAUN9YRA87/sso Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://50.170.86.2/ HTTP 301
  • https://50.170.86.2/ HTTP 302
  • https://50.170.86.2/global-protect/login.esp

3 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
login.esp
50.170.86.2/global-protect/
Redirect Chain
  • http://50.170.86.2/
  • https://50.170.86.2/
  • https://50.170.86.2/global-protect/login.esp
1 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://50.170.86.2/global-protect/login.esp
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
50.170.86.2 , United States, ASN15124 (TOR-CCONNECT-01, US),
Reverse DNS
c-50-170-86-2.unallocated.comcastbusiness.net
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline'; img-src * data:; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=31536000;
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection
keep-alive
Content-Length
1108
Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline'; img-src * data:; style-src 'self' 'unsafe-inline';
Content-Type
text/html; charset=UTF-8
Date
Fri, 15 Mar 2024 19:44:07 GMT
Strict-Transport-Security
max-age=31536000;
X-Content-Type-Options
nosniff
X-Frame-Options
DENY
X-XSS-Protection
1; mode=block

Redirect headers

Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection
keep-alive
Content-Length
173
Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline'; img-src * data:; style-src 'self' 'unsafe-inline';
Content-Type
text/html; charset=UTF-8
Date
Fri, 15 Mar 2024 19:44:07 GMT
Location
/global-protect/login.esp
Strict-Transport-Security
max-age=31536000;
X-Content-Type-Options
nosniff
X-Frame-Options
DENY
X-XSS-Protection
1; mode=block
Primary Request sso
sso-742a7144.sso.duosecurity.com/saml2/sp/DICFFIY6CZBAUN9YRA87/ 		970 B
945 B 		Document
General
Check archive.org
Download Go to
Full URL
https://sso-742a7144.sso.duosecurity.com/saml2/sp/DICFFIY6CZBAUN9YRA87/sso
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
99.83.234.190 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
afb043b6cb0f8a076.awsglobalaccelerator.com
Software
Duo/1.0 /
Resource Hash
ab73aa3a21dbf6c44cf7dfe9a7260b76a498b6d81b9ea3482d1f6786f3f9e592
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'self'; script-src 'self'; font-src 'self'; frame-src 'self' ; frame-ancestors 'none'; img-src 'self' ; connect-src 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://50.170.86.2
Referer
https://50.170.86.2/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
gzip
content-security-policy
default-src 'none'; style-src 'self'; script-src 'self'; font-src 'self'; frame-src 'self' ; frame-ancestors 'none'; img-src 'self' ; connect-src 'self'
content-type
text/html; charset=UTF-8
date
Fri, 15 Mar 2024 19:44:07 GMT
server
Duo/1.0
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
x-frame-options
DENY
x-robots-tag
noindex, nofollow
x-xss-protection
1; mode=block
error.css
sso-742a7144.sso.duosecurity.com/static/css/page/ 		154 KB
34 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://sso-742a7144.sso.duosecurity.com/static/css/page/error.css?v=e7c91
Requested by
Host: sso-742a7144.sso.duosecurity.com
URL: https://sso-742a7144.sso.duosecurity.com/saml2/sp/DICFFIY6CZBAUN9YRA87/sso
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
99.83.234.190 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
afb043b6cb0f8a076.awsglobalaccelerator.com
Software
Duo/1.0 /
Resource Hash
e7c911f908df43209a50339f2c23d359781c1404edbbd41e4d8c0ef9da73c4bf
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'self'; script-src 'self'; font-src 'self'; frame-src 'self' ; frame-ancestors 'none'; img-src 'self' ; connect-src 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://sso-742a7144.sso.duosecurity.com/saml2/sp/DICFFIY6CZBAUN9YRA87/sso
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Fri, 15 Mar 2024 19:44:07 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
content-security-policy
default-src 'none'; style-src 'self'; script-src 'self'; font-src 'self'; frame-src 'self' ; frame-ancestors 'none'; img-src 'self' ; connect-src 'self'
last-modified
Fri, 08 Mar 2024 17:19:37 GMT
server
Duo/1.0
content-encoding
gzip
etag
W/"65eb48a9-26965"
x-frame-options
DENY
content-type
text/css
cache-control
max-age=315360000
x-robots-tag
noindex, nofollow
x-xss-protection
1; mode=block
expires
Thu, 31 Dec 2037 23:55:55 GMT

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Domain/Path Name / Value
50.170.86.2/ Name: SESSID
Value: 5a4322a0-db49-4709-9ee0-98378d5df7c5

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline'; img-src * data:; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=31536000;
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

sso-742a7144.sso.duosecurity.com
50.170.86.2
99.83.234.190
ab73aa3a21dbf6c44cf7dfe9a7260b76a498b6d81b9ea3482d1f6786f3f9e592
e7c911f908df43209a50339f2c23d359781c1404edbbd41e4d8c0ef9da73c4bf