urlscan.io logo urlscan.io
SecurityTrails logo

pingfed-ut.msd.com Open in urlscan Pro
52.20.179.157  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://merck-uat.identitynow.com/
Effective URL: https://pingfed-ut.msd.com/idp/SSO.saml2
Submission: On February 20 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 4 domains to perform 6 HTTP transactions. The main IP is 52.20.179.157, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is pingfed-ut.msd.com.
TLS certificate: Issued by Sectigo RSA Organization Validation S... on June 14th 2022. Valid for: a year.
This is the only time pingfed-ut.msd.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 2606:4700:440... 13335 (CLOUDFLAR...)
1 1 2606:4700:440... 13335 (CLOUDFLAR...)
1 2 52.0.208.221 14618 (AMAZON-AES)
1 6 52.20.179.157 14618 (AMAZON-AES)
6 2
1    2606:4700:4400::6812:237e (United States)

ASN13335 (CLOUDFLARENET, US)
merck-uat.identitynow.com
1    2606:4700:4400::ac40:9882 (United States)

ASN13335 (CLOUDFLARENET, US)
merck-uat.identitynow.com
2    52.0.208.221 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-0-208-221.compute-1.amazonaws.com
merck-uat.login.sailpoint.com
6    52.20.179.157 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-20-179-157.compute-1.amazonaws.com
pingfed-ut.merck.com
pingfed-ut.msd.com
Apex Domain
Subdomains		 Transfer
5 msd.com
pingfed-ut.msd.com
201 KB
2 sailpoint.com
merck-uat.login.sailpoint.com
2 KB
2 identitynow.com
merck-uat.identitynow.com
2 KB
1 merck.com
pingfed-ut.merck.com
145 B
6 4
Domain Requested by
5 pingfed-ut.msd.com pingfed-ut.msd.com
2 merck-uat.login.sailpoint.com 1 redirects
2 merck-uat.identitynow.com 2 redirects
1 pingfed-ut.merck.com 1 redirects
6 4

This site contains links to these domains. Also see Links.

Domain
www.msd.com
iam.merck.com
Subject Issuer Validity Valid
*.login.sailpoint.com
Amazon		 2022-06-09 -
2023-07-08		 a year crt.sh
pingfed-ut.merck.com
Sectigo RSA Organization Validation Secure Server CA		 2022-06-14 -
2023-06-14		 a year crt.sh

This page contains 1 frames:

Primary Page: https://pingfed-ut.msd.com/idp/SSO.saml2
Frame ID: 2F5C5A97DD1CCEC2DFBEAD9001AFA633
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Sign On

Page URL History Show full URLs

  1. http://merck-uat.identitynow.com/ HTTP 302
    https://merck-uat.identitynow.com/ui HTTP 302
    https://merck-uat.login.sailpoint.com/oauth/authorize?response_type=code&client_id=800EIbMUGs55kMqh&redirect_uri=h... HTTP 302
    https://merck-uat.login.sailpoint.com/saml/login/alias/merck-uat-sp?idp=https://pingfed-ut.merck.com/saml2/idp&rel... Page URL
  2. https://pingfed-ut.merck.com/idp/SSO.saml2 HTTP 307
    https://pingfed-ut.msd.com/idp/SSO.saml2 Page URL

Page Statistics

6
Requests

100 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

2
IPs

1
Countries

203 kB
Transfer

198 kB
Size

6
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://merck-uat.identitynow.com/ HTTP 302
    https://merck-uat.identitynow.com/ui HTTP 302
    https://merck-uat.login.sailpoint.com/oauth/authorize?response_type=code&client_id=800EIbMUGs55kMqh&redirect_uri=https%3A%2F%2Fmerck-uat.identitynow.com%2Foauth%2Fcallback&state=9QlrsdsF0avKjqMdCtahssSa1NkuaCtaqB9jzEO67ouWmukle7tk3ANg5jGNVyKs9gDYr1C3soNradgCFooNYxCglhfs7GSiYb0pz6h5A2Hy7Pzuluq7BgUHDkwZ48dRF1KEqCA0cIrvjK1WRiNWYPq5zhjOGqZQgVUi9oS8pgwMVU8VG77CDM8gbIzWv71Q58GL086Tj5GuDs0O0yVDgG8DPZT3YDtOMkzOWpFQMr8jIi1WFR21r78fByrWXTAo HTTP 302
    https://merck-uat.login.sailpoint.com/saml/login/alias/merck-uat-sp?idp=https://pingfed-ut.merck.com/saml2/idp&relaystate=3c855380-3b5e-4f0d-b2c7-1d2fa6b000f9 Page URL
  2. https://pingfed-ut.merck.com/idp/SSO.saml2 HTTP 307
    https://pingfed-ut.msd.com/idp/SSO.saml2 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://merck-uat.identitynow.com/ HTTP 302
  • https://merck-uat.identitynow.com/ui HTTP 302
  • https://merck-uat.login.sailpoint.com/oauth/authorize?response_type=code&client_id=800EIbMUGs55kMqh&redirect_uri=https%3A%2F%2Fmerck-uat.identitynow.com%2Foauth%2Fcallback&state=9QlrsdsF0avKjqMdCtahssSa1NkuaCtaqB9jzEO67ouWmukle7tk3ANg5jGNVyKs9gDYr1C3soNradgCFooNYxCglhfs7GSiYb0pz6h5A2Hy7Pzuluq7BgUHDkwZ48dRF1KEqCA0cIrvjK1WRiNWYPq5zhjOGqZQgVUi9oS8pgwMVU8VG77CDM8gbIzWv71Q58GL086Tj5GuDs0O0yVDgG8DPZT3YDtOMkzOWpFQMr8jIi1WFR21r78fByrWXTAo HTTP 302
  • https://merck-uat.login.sailpoint.com/saml/login/alias/merck-uat-sp?idp=https://pingfed-ut.merck.com/saml2/idp&relaystate=3c855380-3b5e-4f0d-b2c7-1d2fa6b000f9

6 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
merck-uat-sp
merck-uat.login.sailpoint.com/saml/login/alias/
Redirect Chain
  • http://merck-uat.identitynow.com/
  • https://merck-uat.identitynow.com/ui
  • https://merck-uat.login.sailpoint.com/oauth/authorize?response_type=code&client_id=800EIbMUGs55kMqh&redirect_uri=https%3A%2F%2Fmerck-uat.identitynow.com%2Foauth%2Fcallback&state=9QlrsdsF0avKjqMdCta...
  • https://merck-uat.login.sailpoint.com/saml/login/alias/merck-uat-sp?idp=https://pingfed-ut.merck.com/saml2/idp&relaystate=3c855380-3b5e-4f0d-b2c7-1d2fa6b000f9
2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://merck-uat.login.sailpoint.com/saml/login/alias/merck-uat-sp?idp=https://pingfed-ut.merck.com/saml2/idp&relaystate=3c855380-3b5e-4f0d-b2c7-1d2fa6b000f9
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.0.208.221 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-0-208-221.compute-1.amazonaws.com
Software
nginx /
Resource Hash
c9ac9059970c3c088ee8e2f4c3501f9f94b291e28b21ae84f7366e6d3f68ecf3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-expose-headers
Transfer-Encoding,X-Content-Type-Options,Connection,Pragma,Date,X-Zuul-ServiceId,X-Frame-Options,Strict-Transport-Security,Retry-After,SLPT-Request-ID,X-XSS-Protection,Cache-control,Content-Type
cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
content-type
text/html;charset=UTF-8
date
Mon, 20 Feb 2023 03:41:50 GMT
server
nginx
slpt-request-id
c4c6d55362164ade8e7e2c91f15a1123
strict-transport-security
max-age=31536000 ; includeSubDomains
vary
Accept-Encoding Origin Access-Control-Request-Method Access-Control-Request-Headers
x-robots-tag
noindex

Redirect headers

access-control-expose-headers
X-Content-Type-Options,Connection,Pragma,Date,X-Zuul-ServiceId,X-Frame-Options,Strict-Transport-Security,Cache-Control,Retry-After,Set-Cookie,Expires,SLPT-Request-ID,X-XSS-Protection,Content-Length,Location
cache-control
no-cache, no-store, max-age=0, must-revalidate
date
Mon, 20 Feb 2023 03:41:50 GMT
location
https://merck-uat.login.sailpoint.com/saml/login/alias/merck-uat-sp?idp=https://pingfed-ut.merck.com/saml2/idp&relaystate=3c855380-3b5e-4f0d-b2c7-1d2fa6b000f9
server
nginx
slpt-request-id
4770a2d15cc149cf8d65c9fa4f4f6362
strict-transport-security
max-age=31536000 ; includeSubDomains
vary
Origin Access-Control-Request-Method Access-Control-Request-Headers
x-robots-tag
noindex
Primary Request SSO.saml2
pingfed-ut.msd.com/idp/
Redirect Chain
  • https://pingfed-ut.merck.com/idp/SSO.saml2
  • https://pingfed-ut.msd.com/idp/SSO.saml2
6 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://pingfed-ut.msd.com/idp/SSO.saml2
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.20.179.157 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-20-179-157.compute-1.amazonaws.com
Software
/
Resource Hash
487f6c7591f313fcbd2afe9466732471efa81117342413e581e3af89436d8c0a
Security Headers
Name Value
Content-Security-Policy script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self' https://*.merck.com http://*.merck.com; style-src 'self' https://*.merck.com http://*.merck.com; base-uri 'self' https://*.merck.com http://*.merck.com; object-src 'self' https://*.merck.com http://*.merck.com; frame-ancestors 'self' http://*.merck.com https://*.merck.com https://*.kneatgx.com https://*.kneatgxtest.com https://*.veevavault.com https://*.hana.ondemand.com https://*.service-now.com https://*.aeratechnology.com https://*.powerapps.com https://*.azureedge.net https://*.fusioncharts.com http://*.fusioncharts.com https://*.googleapis.net http://*.googleapis.net https://*.myfonts.net http://*.myfonts.net https://*.amazonaws.com http://*.amazonaws.com https://*.jaggaer.com http://*.jaggaer.com http://*.ariba.com https://*.ariba.com *.aeratechnology.com;
X-Frame-Options DENY

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://merck-uat.login.sailpoint.com
Referer
https://merck-uat.login.sailpoint.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-cache, no-store
Content-Length
6505
Content-Security-Policy
script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self' https://*.merck.com http://*.merck.com; style-src 'self' https://*.merck.com http://*.merck.com; base-uri 'self' https://*.merck.com http://*.merck.com; object-src 'self' https://*.merck.com http://*.merck.com; frame-ancestors 'self' http://*.merck.com https://*.merck.com https://*.kneatgx.com https://*.kneatgxtest.com https://*.veevavault.com https://*.hana.ondemand.com https://*.service-now.com https://*.aeratechnology.com https://*.powerapps.com https://*.azureedge.net https://*.fusioncharts.com http://*.fusioncharts.com https://*.googleapis.net http://*.googleapis.net https://*.myfonts.net http://*.myfonts.net https://*.amazonaws.com http://*.amazonaws.com https://*.jaggaer.com http://*.jaggaer.com http://*.ariba.com https://*.ariba.com *.aeratechnology.com;
Content-Type
text/html;charset=utf-8
Date
Mon, 20 Feb 2023 03:41:51 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Pragma
no-cache
Referrer-Policy
origin
X-Frame-Options
DENY

Redirect headers

Connection
Keep-Alive
Content-Length
0
Location
https://pingfed-ut.msd.com/idp/SSO.saml2
Server
BigIP
main.css
pingfed-ut.msd.com/assets/css/ 		170 KB
171 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://pingfed-ut.msd.com/assets/css/main.css
Requested by
Host: pingfed-ut.msd.com
URL: https://pingfed-ut.msd.com/idp/SSO.saml2
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.20.179.157 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-20-179-157.compute-1.amazonaws.com
Software
/
Resource Hash
a70cb484740dd0056335440ec7b1f85070a5fce3015e55aacd5bd2d806361981
Security Headers
Name Value
Content-Security-Policy script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self' https://*.merck.com http://*.merck.com; style-src 'self' https://*.merck.com http://*.merck.com; base-uri 'self' https://*.merck.com http://*.merck.com; object-src 'self' https://*.merck.com http://*.merck.com; frame-ancestors 'self' http://*.merck.com https://*.merck.com https://*.kneatgx.com https://*.kneatgxtest.com https://*.veevavault.com https://*.hana.ondemand.com https://*.service-now.com https://*.aeratechnology.com https://*.powerapps.com https://*.azureedge.net https://*.fusioncharts.com http://*.fusioncharts.com https://*.googleapis.net http://*.googleapis.net https://*.myfonts.net http://*.myfonts.net https://*.amazonaws.com http://*.amazonaws.com https://*.jaggaer.com http://*.jaggaer.com http://*.ariba.com https://*.ariba.com *.aeratechnology.com;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pingfed-ut.msd.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date
Mon, 20 Feb 2023 03:41:52 GMT
Content-Security-Policy
script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self' https://*.merck.com http://*.merck.com; style-src 'self' https://*.merck.com http://*.merck.com; base-uri 'self' https://*.merck.com http://*.merck.com; object-src 'self' https://*.merck.com http://*.merck.com; frame-ancestors 'self' http://*.merck.com https://*.merck.com https://*.kneatgx.com https://*.kneatgxtest.com https://*.veevavault.com https://*.hana.ondemand.com https://*.service-now.com https://*.aeratechnology.com https://*.powerapps.com https://*.azureedge.net https://*.fusioncharts.com http://*.fusioncharts.com https://*.googleapis.net http://*.googleapis.net https://*.myfonts.net http://*.myfonts.net https://*.amazonaws.com http://*.amazonaws.com https://*.jaggaer.com http://*.jaggaer.com http://*.ariba.com https://*.ariba.com *.aeratechnology.com;
Referrer-Policy
origin
Last-Modified
Tue, 26 Jul 2022 20:52:14 GMT
Cache-Control
max-age=0, must-revalidate
Content-Length
174355
Content-Type
text/css
style.css
pingfed-ut.msd.com/assets/responsive/ 		3 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://pingfed-ut.msd.com/assets/responsive/style.css
Requested by
Host: pingfed-ut.msd.com
URL: https://pingfed-ut.msd.com/idp/SSO.saml2
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.20.179.157 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-20-179-157.compute-1.amazonaws.com
Software
/
Resource Hash
c1e9fee8372599c94827053ba4cf761f0e791a4f3e2f8783975dd2d8c8b9ea16
Security Headers
Name Value
Content-Security-Policy script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self' https://*.merck.com http://*.merck.com; style-src 'self' https://*.merck.com http://*.merck.com; base-uri 'self' https://*.merck.com http://*.merck.com; object-src 'self' https://*.merck.com http://*.merck.com; frame-ancestors 'self' http://*.merck.com https://*.merck.com https://*.kneatgx.com https://*.kneatgxtest.com https://*.veevavault.com https://*.hana.ondemand.com https://*.service-now.com https://*.aeratechnology.com https://*.powerapps.com https://*.azureedge.net https://*.fusioncharts.com http://*.fusioncharts.com https://*.googleapis.net http://*.googleapis.net https://*.myfonts.net http://*.myfonts.net https://*.amazonaws.com http://*.amazonaws.com https://*.jaggaer.com http://*.jaggaer.com http://*.ariba.com https://*.ariba.com *.aeratechnology.com;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pingfed-ut.msd.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date
Mon, 20 Feb 2023 03:41:52 GMT
Content-Security-Policy
script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self' https://*.merck.com http://*.merck.com; style-src 'self' https://*.merck.com http://*.merck.com; base-uri 'self' https://*.merck.com http://*.merck.com; object-src 'self' https://*.merck.com http://*.merck.com; frame-ancestors 'self' http://*.merck.com https://*.merck.com https://*.kneatgx.com https://*.kneatgxtest.com https://*.veevavault.com https://*.hana.ondemand.com https://*.service-now.com https://*.aeratechnology.com https://*.powerapps.com https://*.azureedge.net https://*.fusioncharts.com http://*.fusioncharts.com https://*.googleapis.net http://*.googleapis.net https://*.myfonts.net http://*.myfonts.net https://*.amazonaws.com http://*.amazonaws.com https://*.jaggaer.com http://*.jaggaer.com http://*.ariba.com https://*.ariba.com *.aeratechnology.com;
Referrer-Policy
origin
Last-Modified
Mon, 13 Jan 2020 14:31:42 GMT
Cache-Control
max-age=0, must-revalidate
Content-Length
2656
Content-Type
text/css
symbol.png
pingfed-ut.msd.com/assets/responsive/img/ 		850 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pingfed-ut.msd.com/assets/responsive/img/symbol.png
Requested by
Host: pingfed-ut.msd.com
URL: https://pingfed-ut.msd.com/idp/SSO.saml2
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.20.179.157 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-20-179-157.compute-1.amazonaws.com
Software
/
Resource Hash
3cc825440f2051869ab394e72382277a1ad6c13ac9fe35e564f5ead9dbd95628
Security Headers
Name Value
Content-Security-Policy script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self' https://*.merck.com http://*.merck.com; style-src 'self' https://*.merck.com http://*.merck.com; base-uri 'self' https://*.merck.com http://*.merck.com; object-src 'self' https://*.merck.com http://*.merck.com; frame-ancestors 'self' http://*.merck.com https://*.merck.com https://*.kneatgx.com https://*.kneatgxtest.com https://*.veevavault.com https://*.hana.ondemand.com https://*.service-now.com https://*.aeratechnology.com https://*.powerapps.com https://*.azureedge.net https://*.fusioncharts.com http://*.fusioncharts.com https://*.googleapis.net http://*.googleapis.net https://*.myfonts.net http://*.myfonts.net https://*.amazonaws.com http://*.amazonaws.com https://*.jaggaer.com http://*.jaggaer.com http://*.ariba.com https://*.ariba.com *.aeratechnology.com;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pingfed-ut.msd.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date
Mon, 20 Feb 2023 03:41:52 GMT
Content-Security-Policy
script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self' https://*.merck.com http://*.merck.com; style-src 'self' https://*.merck.com http://*.merck.com; base-uri 'self' https://*.merck.com http://*.merck.com; object-src 'self' https://*.merck.com http://*.merck.com; frame-ancestors 'self' http://*.merck.com https://*.merck.com https://*.kneatgx.com https://*.kneatgxtest.com https://*.veevavault.com https://*.hana.ondemand.com https://*.service-now.com https://*.aeratechnology.com https://*.powerapps.com https://*.azureedge.net https://*.fusioncharts.com http://*.fusioncharts.com https://*.googleapis.net http://*.googleapis.net https://*.myfonts.net http://*.myfonts.net https://*.amazonaws.com http://*.amazonaws.com https://*.jaggaer.com http://*.jaggaer.com http://*.ariba.com https://*.ariba.com *.aeratechnology.com;
Referrer-Policy
origin
Last-Modified
Mon, 13 Jan 2020 14:31:42 GMT
Cache-Control
max-age=0, must-revalidate
Content-Length
850
Content-Type
image/png
DINOT.woff2
pingfed-ut.msd.com/assets/responsive/fonts/ 		16 KB
17 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://pingfed-ut.msd.com/assets/responsive/fonts/DINOT.woff2
Requested by
Host: pingfed-ut.msd.com
URL: https://pingfed-ut.msd.com/assets/responsive/style.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.20.179.157 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-20-179-157.compute-1.amazonaws.com
Software
/
Resource Hash
1725a9331b49c4a46cf6dccf5e4a74842e9290e65d74314654e0c91643ae34f6
Security Headers
Name Value
Content-Security-Policy script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self' https://*.merck.com http://*.merck.com; style-src 'self' https://*.merck.com http://*.merck.com; base-uri 'self' https://*.merck.com http://*.merck.com; object-src 'self' https://*.merck.com http://*.merck.com; frame-ancestors 'self' http://*.merck.com https://*.merck.com https://*.kneatgx.com https://*.kneatgxtest.com https://*.veevavault.com https://*.hana.ondemand.com https://*.service-now.com https://*.aeratechnology.com https://*.powerapps.com https://*.azureedge.net https://*.fusioncharts.com http://*.fusioncharts.com https://*.googleapis.net http://*.googleapis.net https://*.myfonts.net http://*.myfonts.net https://*.amazonaws.com http://*.amazonaws.com https://*.jaggaer.com http://*.jaggaer.com http://*.ariba.com https://*.ariba.com *.aeratechnology.com;

Request headers

Referer
https://pingfed-ut.msd.com/
Origin
https://pingfed-ut.msd.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date
Mon, 20 Feb 2023 03:41:52 GMT
Content-Security-Policy
script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self' https://*.merck.com http://*.merck.com; style-src 'self' https://*.merck.com http://*.merck.com; base-uri 'self' https://*.merck.com http://*.merck.com; object-src 'self' https://*.merck.com http://*.merck.com; frame-ancestors 'self' http://*.merck.com https://*.merck.com https://*.kneatgx.com https://*.kneatgxtest.com https://*.veevavault.com https://*.hana.ondemand.com https://*.service-now.com https://*.aeratechnology.com https://*.powerapps.com https://*.azureedge.net https://*.fusioncharts.com http://*.fusioncharts.com https://*.googleapis.net http://*.googleapis.net https://*.myfonts.net http://*.myfonts.net https://*.amazonaws.com http://*.amazonaws.com https://*.jaggaer.com http://*.jaggaer.com http://*.ariba.com https://*.ariba.com *.aeratechnology.com;
Referrer-Policy
origin
Last-Modified
Mon, 13 Jan 2020 14:31:42 GMT
Cache-Control
max-age=0, must-revalidate
Content-Length
16308
Content-Type
font/woff2

Verdicts & Comments Add Verdict or Comment

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| oncontentvisibilityautostatechange function| removeIdentifier function| showIdentifierInputBox function| selectIdentifier function| postOk function| postCancel function| submitForm function| postOnReturn function| setFocus function| setMobile function| getScreenWidth object| bodyTag number| width

6 Cookies

Domain/Path Name / Value
merck-uat.identitynow.com/ Name: AWSALB
Value: JENPaR1Wwy8Yz/Iu3tvKDDDhImupzRyeNEU4VqV/RuU5GxC0tHdvCc/WfIMpcHnTyweWASmxnyTm6y6xjVL9pdklXJ7kRG2hpe/pSx8HyoUdI8/27zNZCWy8mR1y
merck-uat.identitynow.com/ Name: AWSALBCORS
Value: JENPaR1Wwy8Yz/Iu3tvKDDDhImupzRyeNEU4VqV/RuU5GxC0tHdvCc/WfIMpcHnTyweWASmxnyTm6y6xjVL9pdklXJ7kRG2hpe/pSx8HyoUdI8/27zNZCWy8mR1y
merck-uat.identitynow.com/ Name: CCSESSIONID
Value: A0F860D8EB44F7DDCF455D3F6C95A03C
.identitynow.com/ Name: __cf_bm
Value: V3fHTpAHb0OsCD7NAjxE9yiXEw6IP3dfaFIB9VWuMUw-1676864509-0-AW6am2nBUAgcykZ5f6Seb+q9EAgAwMxU32QNxwwfEvOF5pyjP9DNPjBhPsnnphhQOS+ILtlGq9MvniWUm/1ZKiQ=
merck-uat.login.sailpoint.com/ Name: SLPTLS
Value: ODVkNjY4MDYtYTk1MS00OWM4LTk0NTctNTk3OGQ5N2Q4YTBl
pingfed-ut.msd.com/ Name: PF
Value: CXPtSsAU8zMvwmya4jR8ab

1 Console Messages

Source Level URL
Text
security error URL: https://pingfed-ut.msd.com/idp/SSO.saml2(Line 14)
Message:
Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self' https://*.merck.com http://*.merck.com". Either the 'unsafe-inline' keyword, a hash ('sha256-ikDw2UbBjgf/mTzhMT8WBwvKrWcqv0g/K03N6zhAxbc='), or a nonce ('nonce-...') is required to enable inline execution.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains