ssofed.dev.aa.com
Open in
urlscan Pro
144.9.61.144
Public Scan
Submitted URL: https://np-charters-dev-c-303457-09e60a96741624574bf3ee4db19c9c1e-0000.us-south.containers.appdomain.cloud/
Effective URL: https://ssofed.dev.aa.com/idp/SSO.saml2?SAMLRequest=jVNdj9owEPwrkd%2Fz4RAOYoWcKKgq0rWHgPahL5Vjb%2B4sJXbqdTj67%2BsE0PFwRX2y...
Submission: On April 26 via automatic, source certstream-suspicious
Effective URL: https://ssofed.dev.aa.com/idp/SSO.saml2?SAMLRequest=jVNdj9owEPwrkd%2Fz4RAOYoWcKKgq0rWHgPahL5Vjb%2B4sJXbqdTj67%2BsE0PFwRX2y...
Submission: On April 26 via automatic, source certstream-suspicious
Summary
This website contacted 1 IPs
in 1 countries
across 3 domains to perform 6 HTTP transactions.
The main IP is 144.9.61.144, located in
United States and
belongs to AMRAS01, US.
The main domain is ssofed.dev.aa.com.
TLS certificate: Issued by Entrust Certification Authority - L1K on July 14th 2020. Valid for: 2 years.
This is the only time ssofed.dev.aa.com was scanned on urlscan.io!
TLS certificate: Issued by Entrust Certification Authority - L1K on July 14th 2020. Valid for: 2 years.
This is the only time ssofed.dev.aa.com was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 1 | 169.48.197.12 169.48.197.12 | 36351 (SOFTLAYER) (SOFTLAYER) | |
| 1 1 | 2606:4700::68... 2606:4700::6813:9156 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 6 | 144.9.61.144 144.9.61.144 | 29982 (AMRAS01) (AMRAS01) | |
| 6 | 1 |
1
169.48.197.12
(Triangle, United States)
ASN36351 (SOFTLAYER, US)
PTR: c.c5.30a9.ip4.static.sl-reverse.com
ASN36351 (SOFTLAYER, US)
PTR: c.c5.30a9.ip4.static.sl-reverse.com
| np-charters-dev-c-303457-09e60a96741624574bf3ee4db19c9c1e-0000.us-south.containers.appdomain.cloud |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 6 |
aa.com
ssofed.dev.aa.com |
57 KB |
| 1 |
ibm.com
1 redirects
us-south.appid.cloud.ibm.com |
1 KB |
| 1 |
appdomain.cloud
1 redirects
np-charters-dev-c-303457-09e60a96741624574bf3ee4db19c9c1e-0000.us-south.containers.appdomain.cloud |
647 B |
| 6 | 3 |
| Domain | Requested by | |
|---|---|---|
| 6 | ssofed.dev.aa.com |
ssofed.dev.aa.com
|
| 1 | us-south.appid.cloud.ibm.com | 1 redirects |
| 1 | np-charters-dev-c-303457-09e60a96741624574bf3ee4db19c9c1e-0000.us-south.containers.appdomain.cloud | 1 redirects |
| 6 | 3 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| ssofed.dev.aa.com Entrust Certification Authority - L1K |
2020-07-14 - 2022-07-14 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://ssofed.dev.aa.com/idp/SSO.saml2?SAMLRequest=jVNdj9owEPwrkd%2Fz4RAOYoWcKKgq0rWHgPahL5Vjb%2B4sJXbqdTj67%2BsE0PFwRX2yvBrPzsyui8dT2wRHsKiMXhAaJeSxLJa9e9U7%2BN0DusADNC5IbzUzHBUyzVtA5gTbL78%2BsTRKWGeNM8I05AxmyNvm%2FguOCNb5niT4cW3u6yTYrBfkl6hhkstpPUt5ks9oMp9LmE%2BTCRf5A02yLK%2FyWS5FllL%2FALGHjUbHtfMcSUrDJAvTh0MyZTRlNI9SOvtJgrX3ojR3Y6tX5zpkcYxoapCRhGPEeSRMGyvZxfv9czRYSEmwvOpcGY19C3YP9qgEfN89vbP0GKLxkUW865SMRGN6GamqHQlHovhIYy%2BjqqppEtKsTsOMTqqQ08nMX7PpRIpkLmkSN%2BZF6ZALJMH2EuonpaXSL%2FfzrM4gZF8Oh224fd4fSPDZWAHjKBek5g0CKYtBDRsjs%2BXA51WyUS%2FDszFkown2P2qL%2BJau%2BOZVbdZb0yjxZ2jecvdv0TSiY0XJsB6hDFqumqWUFtC7XzaNeVtZ4A4WxNkeSFwWl5UEObryI3FwcsHKtB23CofBwokLd%2FV5i1o1fuV2UJd3t1L4MIbVRLb1x5uxcpgCCN%2FyYLnGzlh3cf0heRF%2FKNHXb79U%2BRc%3D&RelayState=JhPCj2RKwpTDncOewqQADsKkHCl0FcKIA8Oww6LDjlzDiMKpBi9QccKKw6BcSg
Frame ID: 6AAC89087D4EA4C145042F6230DE7384
Requests: 6 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://np-charters-dev-c-303457-09e60a96741624574bf3ee4db19c9c1e-0000.us-south.containers.appdomain.cloud/
HTTP 302
https://us-south.appid.cloud.ibm.com/oauth/v4/217bbb50-14f2-413b-a137-14453dc08d10/authorization?client_id=4d3967... HTTP 302
https://ssofed.dev.aa.com/idp/SSO.saml2?SAMLRequest=jVNdj9owEPwrkd%2Fz4RAOYoWcKKgq0rWHgPahL5Vjb%2B4sJX... Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://np-charters-dev-c-303457-09e60a96741624574bf3ee4db19c9c1e-0000.us-south.containers.appdomain.cloud/
HTTP 302
https://us-south.appid.cloud.ibm.com/oauth/v4/217bbb50-14f2-413b-a137-14453dc08d10/authorization?client_id=4d3967e4-f237-4b4c-a7f8-1791167d3598&response_type=code&redirect_uri=https://np-charters-dev-c-303457-09e60a96741624574bf3ee4db19c9c1e-0000.us-south.containers.appdomain.cloud/appid_callback&scope=appid_default HTTP 302
https://ssofed.dev.aa.com/idp/SSO.saml2?SAMLRequest=jVNdj9owEPwrkd%2Fz4RAOYoWcKKgq0rWHgPahL5Vjb%2B4sJXbqdTj67%2BsE0PFwRX2yvBrPzsyui8dT2wRHsKiMXhAaJeSxLJa9e9U7%2BN0DusADNC5IbzUzHBUyzVtA5gTbL78%2BsTRKWGeNM8I05AxmyNvm%2FguOCNb5niT4cW3u6yTYrBfkl6hhkstpPUt5ks9oMp9LmE%2BTCRf5A02yLK%2FyWS5FllL%2FALGHjUbHtfMcSUrDJAvTh0MyZTRlNI9SOvtJgrX3ojR3Y6tX5zpkcYxoapCRhGPEeSRMGyvZxfv9czRYSEmwvOpcGY19C3YP9qgEfN89vbP0GKLxkUW865SMRGN6GamqHQlHovhIYy%2BjqqppEtKsTsOMTqqQ08nMX7PpRIpkLmkSN%2BZF6ZALJMH2EuonpaXSL%2FfzrM4gZF8Oh224fd4fSPDZWAHjKBek5g0CKYtBDRsjs%2BXA51WyUS%2FDszFkown2P2qL%2BJau%2BOZVbdZb0yjxZ2jecvdv0TSiY0XJsB6hDFqumqWUFtC7XzaNeVtZ4A4WxNkeSFwWl5UEObryI3FwcsHKtB23CofBwokLd%2FV5i1o1fuV2UJd3t1L4MIbVRLb1x5uxcpgCCN%2FyYLnGzlh3cf0heRF%2FKNHXb79U%2BRc%3D&RelayState=JhPCj2RKwpTDncOewqQADsKkHCl0FcKIA8Oww6LDjlzDiMKpBi9QccKKw6BcSg Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
6 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
Primary Request
 Cookie set
SSO.saml2
ssofed.dev.aa.com/idp/ Redirect Chain
|
3 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Cookie set
styles.css
ssofed.dev.aa.com/assets/css/ |
3 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Cookie set
charter-logo.png
ssofed.dev.aa.com/assets/images/ |
18 KB 18 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Cookie set
icon-user.gif
ssofed.dev.aa.com/assets/images/ |
355 B 767 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Cookie set
icon-lock.gif
ssofed.dev.aa.com/assets/images/ |
572 B 984 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Cookie set
americansans-light-webfont.woff
ssofed.dev.aa.com/assets/fonts/ |
30 KB 30 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
13 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated function| postForgotPassword function| postRegistration2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| ssofed.dev.aa.com/ | Name: aacook Value: !wynTLIqE+KFLz1RVJDhxlaL5TRCTeu1nNocdEV6boDNNQgRFTbSN6wYJtt+ej9tGvGdSFummjzXMeFI= |
|
| ssofed.dev.aa.com/ | Name: PF Value: JoDxZJ9lKoLjcXzfBu5kdN |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
| Header | Value |
|---|---|
| X-Frame-Options | SAMEORIGIN |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
np-charters-dev-c-303457-09e60a96741624574bf3ee4db19c9c1e-0000.us-south.containers.appdomain.cloud
ssofed.dev.aa.com
us-south.appid.cloud.ibm.com
144.9.61.144
169.48.197.12
2606:4700::6813:9156
0c6704169d2a4edef8382fd9521820a8b87b41488ee81333f7a1446f9d2c17b4
118869af9630c43483325de7a30e7878bbd4412ac6686ebbfa44a1edde6e1a67
2fac5016f3619d59bcf50e088ccea1f58d89851d739f9f4a9e7db0b564d2eace
718e657e9eb51e5e23c38a3b01e006e43e027e42cbf761785d38fa7cc25d9d1d
cf972df981004cc02222202cb0cbfe87b0a4f03ccaf3453d74b68ec83ccc3e88
d612504359ac5ef9aa8deab4f6cdf2b2becb8f0ee675a7cae26827d864676565