urlscan.io logo urlscan.io
SecurityTrails logo

okta-socure.com Open in urlscan Pro
85.209.133.145  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://okta-socure.com/
Effective URL: https://okta-socure.com/oauth2/v1/authorize/settings/dashboard/signin
Submission: On October 07 via manual from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 1 countries across 5 domains to perform 17 HTTP transactions. The main IP is 85.209.133.145, located in Ashburn, United States and belongs to VIRTUO, CA. The main domain is okta-socure.com.
TLS certificate: Issued by R10 on October 7th 2024. Valid for: 3 months.
This is the only time okta-socure.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Okta (Online)

Domain & IP information

IP Address AS Autonomous System
1 12 85.209.133.145 399486 (VIRTUO)
1 18.245.31.5 16509 (AMAZON-02)
1 13.224.189.74 16509 (AMAZON-02)
2 18.245.46.20 16509 (AMAZON-02)
1 34.224.177.146 14618 (AMAZON-AES)
17 6
12    85.209.133.145 (Ashburn, United States)

ASN399486 (VIRTUO, CA)
okta-socure.com
1    18.245.31.5 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-245-31-5.fra56.r.cloudfront.net
cdn.socket.io
1    13.224.189.74 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-189-74.fra2.r.cloudfront.net
widget.intercom.io
2    18.245.46.20 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-245-46-20.fra56.r.cloudfront.net
js.intercomcdn.com
1    34.224.177.146 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-224-177-146.compute-1.amazonaws.com
api-iam.intercom.io
Apex Domain
Subdomains		 Transfer
12 okta-socure.com
okta-socure.com
1 MB
2 intercomcdn.com
js.intercomcdn.com — Cisco Umbrella Rank: 3146
286 KB
2 intercom.io
widget.intercom.io — Cisco Umbrella Rank: 2183
api-iam.intercom.io — Cisco Umbrella Rank: 2649
5 KB
1 socket.io
cdn.socket.io — Cisco Umbrella Rank: 37029
15 KB
0 persona.io Failed
widget.persona.io Failed
17 5
Domain Requested by
12 okta-socure.com 1 redirects okta-socure.com
cdn.socket.io
2 js.intercomcdn.com widget.intercom.io
1 api-iam.intercom.io js.intercomcdn.com
1 widget.intercom.io okta-socure.com
1 cdn.socket.io okta-socure.com
0 widget.persona.io Failed okta-socure.com
17 6

This site contains links to these domains. Also see Links.

Domain
persona.okta.com
Subject Issuer Validity Valid
okta-socure.com
R10		 2024-10-07 -
2025-01-05		 3 months crt.sh
cdn.socket.io
Amazon RSA 2048 M02		 2024-09-19 -
2025-10-16		 a year crt.sh
*.intercom.com
Amazon RSA 2048 M03		 2024-01-15 -
2025-02-11		 a year crt.sh
*.intercomcdn.com
Amazon RSA 2048 M02		 2023-12-01 -
2024-12-29		 a year crt.sh

This page contains 2 frames:

Primary Page: https://okta-socure.com/oauth2/v1/authorize/settings/dashboard/signin
Frame ID: F7FDB7F381575B6FE0E4C52BE401F5D7
Requests: 19 HTTP requests in this frame

Frame: https://js.intercomcdn.com/frame-modern.4a6d1262.js
Frame ID: 51D5F2F20866218DD109F9BFBC833ED0
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Socure, Inc. - Prod - Sign In

Page URL History Show full URLs

  1. http://okta-socure.com/ HTTP 307
    https://okta-socure.com/ HTTP 302
    https://okta-socure.com/oauth2/v1/authorize/settings/dashboard/signin Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • socket\.io.*\.js

Page Statistics

17
Requests

94 %
HTTPS

0 %
IPv6

5
Domains

6
Subdomains

6
IPs

1
Countries

1462 kB
Transfer

3218 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://okta-socure.com/ HTTP 307
    https://okta-socure.com/ HTTP 302
    https://okta-socure.com/oauth2/v1/authorize/settings/dashboard/signin Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request signin
okta-socure.com/oauth2/v1/authorize/settings/dashboard/
Redirect Chain
  • http://okta-socure.com/
  • https://okta-socure.com/
  • https://okta-socure.com/oauth2/v1/authorize/settings/dashboard/signin
977 KB
459 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://okta-socure.com/oauth2/v1/authorize/settings/dashboard/signin
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
85.209.133.145 Ashburn, United States, ASN399486 (VIRTUO, CA),
Reverse DNS
Software
nginx / Express
Resource Hash
30276dc9ef66ab0e22fe26c8be91b8124a0377c320d6860fafc84da217ef2ba8
Security Headers
Name Value
Content-Security-Policy default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

content-encoding
gzip
content-security-policy
default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';
content-type
text/html; charset=utf-8
date
Mon, 07 Oct 2024 15:46:49 GMT
etag
W/"f4297-PWpYkWPY4imdcFIzFZTiZlNZYN4"
permissions-policy
interest-cohort=()
referrer-policy
no-referrer-when-downgrade
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
x-content-type-options
nosniff
x-powered-by
Express
x-xss-protection
1; mode=block

Redirect headers

content-length
136
content-security-policy
default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';
content-type
text/html; charset=utf-8
date
Mon, 07 Oct 2024 15:46:49 GMT
location
/oauth2/v1/authorize/settings/dashboard/signin
permissions-policy
interest-cohort=()
referrer-policy
no-referrer-when-downgrade
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept
x-content-type-options
nosniff
x-powered-by
Express
x-xss-protection
1; mode=block
happy.css
okta-socure.com/oauth2/v1/authorize/settings/dashboard/ 		747 KB
295 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://okta-socure.com/oauth2/v1/authorize/settings/dashboard/happy.css
Requested by
Host: okta-socure.com
URL: https://okta-socure.com/oauth2/v1/authorize/settings/dashboard/signin
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
85.209.133.145 Ashburn, United States, ASN399486 (VIRTUO, CA),
Reverse DNS
Software
nginx / Express
Resource Hash
88f36deebff9f3e448ebcd26308aefdd950fc0555e448f4f944747035ca84db5
Security Headers
Name Value
Content-Security-Policy default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://okta-socure.com/oauth2/v1/authorize/settings/dashboard/signin

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';
cache-control
public, max-age=0
content-encoding
gzip
etag
W/"bac3b-19266ddf653"
x-content-type-options
nosniff
referrer-policy
no-referrer-when-downgrade
permissions-policy
interest-cohort=()
date
Mon, 07 Oct 2024 15:46:49 GMT
x-xss-protection
1; mode=block
content-type
text/css; charset=UTF-8
vary
Accept-Encoding
server
nginx
last-modified
Mon, 07 Oct 2024 12:04:35 GMT
x-powered-by
Express
socket.io.min.js
cdn.socket.io/3.1.0/ 		60 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.socket.io/3.1.0/socket.io.min.js
Requested by
Host: okta-socure.com
URL: https://okta-socure.com/oauth2/v1/authorize/settings/dashboard/signin
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.31.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-31-5.fra56.r.cloudfront.net
Software
Vercel /
Resource Hash
52c39ac29a79d395e21859f5670c767786815a735c234ca6801d5ba5d18f1d71
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

content-encoding
gzip
etag
W/"24c5b6ac56d8d9cc8c194801b852a674"
age
1295570
x-cache
Hit from cloudfront
x-amz-cf-id
-XepTW7UjioETwv9HuxEav4V95Qbg4hGmVf6nkG0cSz6U48qPO4ivA==
date
Fri, 27 Sep 2024 22:41:28 GMT
content-type
application/javascript; charset=utf-8
content-disposition
inline; filename="socket.io.min.js"
strict-transport-security
max-age=63072000
cache-control
public, max-age=31536000, immutable
x-vercel-cache
HIT
via
1.1 f36453eb82bc9ab0c6e360ac52cc5972.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-amz-cf-pop
FRA56-P8
server
Vercel
x-vercel-id
fra1::dk8h7-1727476888513-0219730c1b37
index.js
okta-socure.com/oauth2/v1/authorize/settings/dashboard/ 		169 KB
67 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://okta-socure.com/oauth2/v1/authorize/settings/dashboard/index.js
Requested by
Host: okta-socure.com
URL: https://okta-socure.com/oauth2/v1/authorize/settings/dashboard/signin
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
85.209.133.145 Ashburn, United States, ASN399486 (VIRTUO, CA),
Reverse DNS
Software
nginx / Express
Resource Hash
5abed82d73768278a6d6cb3ac6cbcb47ed1833efe7c410e1b705bd8f9a109687
Security Headers
Name Value
Content-Security-Policy default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';
cache-control
public, max-age=0
content-encoding
gzip
etag
W/"2a563-19266dde2a7"
x-content-type-options
nosniff
referrer-policy
no-referrer-when-downgrade
permissions-policy
interest-cohort=()
date
Mon, 07 Oct 2024 15:46:50 GMT
x-xss-protection
1; mode=block
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
server
nginx
last-modified
Mon, 07 Oct 2024 12:04:30 GMT
x-powered-by
Express
application.png
okta-socure.com/oauth2/v1/authorize/settings/dashboard/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://okta-socure.com/oauth2/v1/authorize/settings/dashboard/application.png
Requested by
Host: okta-socure.com
URL: https://okta-socure.com/oauth2/v1/authorize/settings/dashboard/signin
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
85.209.133.145 Ashburn, United States, ASN399486 (VIRTUO, CA),
Reverse DNS
Software
nginx / Express
Resource Hash
4518d4163499e73d57e08bc18164153c19a67be0125432fc400f0d17d3317fe8
Security Headers
Name Value
Content-Security-Policy default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';
cache-control
public, max-age=0
etag
W/"535-19266dd6323"
x-content-type-options
nosniff
referrer-policy
no-referrer-when-downgrade
permissions-policy
interest-cohort=()
accept-ranges
bytes
content-length
1333
date
Mon, 07 Oct 2024 15:46:50 GMT
x-xss-protection
1; mode=block
content-type
image/png
x-powered-by
Express
server
nginx
last-modified
Mon, 07 Oct 2024 12:03:57 GMT
logo.png
okta-socure.com/oauth2/v1/authorize/settings/dashboard/ 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://okta-socure.com/oauth2/v1/authorize/settings/dashboard/logo.png
Requested by
Host: okta-socure.com
URL: https://okta-socure.com/oauth2/v1/authorize/settings/dashboard/signin
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
85.209.133.145 Ashburn, United States, ASN399486 (VIRTUO, CA),
Reverse DNS
Software
nginx / Express
Resource Hash
e6ba970a35723dc7a69e810a5b2b84e21de879159cdf2579baab10efa4914c9b
Security Headers
Name Value
Content-Security-Policy default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';
cache-control
public, max-age=0
etag
W/"1562-19266dd4fab"
x-content-type-options
nosniff
referrer-policy
no-referrer-when-downgrade
permissions-policy
interest-cohort=()
accept-ranges
bytes
content-length
5474
date
Mon, 07 Oct 2024 15:46:50 GMT
x-xss-protection
1; mode=block
content-type
image/png
x-powered-by
Express
server
nginx
last-modified
Mon, 07 Oct 2024 12:03:52 GMT
/
okta-socure.com/socket.io/ 		118 B
473 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://okta-socure.com/socket.io/?EIO=4&transport=polling&t=P9dgN1i
Requested by
Host: cdn.socket.io
URL: https://cdn.socket.io/3.1.0/socket.io.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
85.209.133.145 Ashburn, United States, ASN399486 (VIRTUO, CA),
Reverse DNS
Software
nginx /
Resource Hash
ee3fc68ec414b08e23693f44d10df1bfaf731700cba9d13e122cc3399b807f7f
Security Headers
Name Value
Content-Security-Policy default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept
*/*
Referer

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';
content-encoding
gzip
referrer-policy
no-referrer-when-downgrade
x-content-type-options
nosniff
permissions-policy
interest-cohort=()
date
Mon, 07 Oct 2024 15:46:50 GMT
x-xss-protection
1; mode=block
content-type
text/plain; charset=UTF-8
vary
Accept-Encoding
server
nginx
background.png
okta-socure.com/oauth2/v1/authorize/settings/dashboard/ 		218 KB
219 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://okta-socure.com/oauth2/v1/authorize/settings/dashboard/background.png
Requested by
Host: okta-socure.com
URL: https://okta-socure.com/oauth2/v1/authorize/settings/dashboard/signin
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
85.209.133.145 Ashburn, United States, ASN399486 (VIRTUO, CA),
Reverse DNS
Software
nginx / Express
Resource Hash
086e39000fdff67e19fa5900ab3e7985a021a752f39c79bb5fabdd652ab9d0e2
Security Headers
Name Value
Content-Security-Policy default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://okta-socure.com/oauth2/v1/authorize/settings/dashboard/signin

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';
cache-control
public, max-age=0
etag
W/"3690f-19266dd5f4b"
x-content-type-options
nosniff
referrer-policy
no-referrer-when-downgrade
permissions-policy
interest-cohort=()
accept-ranges
bytes
content-length
223503
date
Mon, 07 Oct 2024 15:46:50 GMT
x-xss-protection
1; mode=block
content-type
image/png
x-powered-by
Express
server
nginx
last-modified
Mon, 07 Oct 2024 12:03:56 GMT
truncated
/ 		638 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f0a0cb86c3a462478b9603cf8b18042bade83ebace885bc2fc7d99fddde98138

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
truncated
/ 		20 KB
20 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
affdba1620552b12a1a8a04467136aeb408c03fa337d20e9c38374d682d4d149

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://okta-socure.com
Referer

Response headers

Content-Type
application/font-woff2
truncated
/ 		20 KB
20 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
018930498a4b01e598099a6e45d7316d54c7b1411ce2b741a3b1f1b0ed4e578b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://okta-socure.com
Referer

Response headers

Content-Type
application/font-woff2
truncated
/ 		20 KB
20 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9b5d2290b34cd718e1e97e894d6790f92387ee50de0b3364da291e7112f412be

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://okta-socure.com
Referer

Response headers

Content-Type
application/font-woff2
truncated
/ 		22 KB
22 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
feb177fb563f478cb8ecade71caea5df5ad318ca161c71875114e504ce304ace

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://okta-socure.com
Referer

Response headers

Content-Type
application/font-woff
/
okta-socure.com/socket.io/ 		2 B
322 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://okta-socure.com/socket.io/?EIO=4&transport=polling&t=P9dgN3B&sid=A_wHxFGfVZsmahAfAAAg
Requested by
Host: cdn.socket.io
URL: https://cdn.socket.io/3.1.0/socket.io.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
85.209.133.145 Ashburn, United States, ASN399486 (VIRTUO, CA),
Reverse DNS
Software
nginx /
Resource Hash
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
Security Headers
Name Value
Content-Security-Policy default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept
*/*
Content-type
text/plain;charset=UTF-8

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';
referrer-policy
no-referrer-when-downgrade
x-content-type-options
nosniff
permissions-policy
interest-cohort=()
content-length
2
date
Mon, 07 Oct 2024 15:46:50 GMT
x-xss-protection
1; mode=block
content-type
text/html; charset=utf-8
server
nginx
/
okta-socure.com/socket.io/ 		32 B
400 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://okta-socure.com/socket.io/?EIO=4&transport=polling&t=P9dgN3C&sid=A_wHxFGfVZsmahAfAAAg
Requested by
Host: cdn.socket.io
URL: https://cdn.socket.io/3.1.0/socket.io.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
85.209.133.145 Ashburn, United States, ASN399486 (VIRTUO, CA),
Reverse DNS
Software
nginx /
Resource Hash
1ae3e14fb08765e09d1981461b3827ec0fbd88ac59deb2dfb38920b67952f886
Security Headers
Name Value
Content-Security-Policy default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept
*/*
Referer

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';
content-encoding
gzip
referrer-policy
no-referrer-when-downgrade
x-content-type-options
nosniff
permissions-policy
interest-cohort=()
date
Mon, 07 Oct 2024 15:46:50 GMT
x-xss-protection
1; mode=block
content-type
text/plain; charset=UTF-8
vary
Accept-Encoding
server
nginx
h24k3p4a
widget.intercom.io/widget/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://widget.intercom.io/widget/h24k3p4a
Requested by
Host: okta-socure.com
URL: https://okta-socure.com/oauth2/v1/authorize/settings/dashboard/index.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.74 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-74.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
336ece43fff6fe2024e7931a56d4fda302a45f7b86664ac60c0ddff8f561341f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

content-encoding
gzip
x-amz-version-id
CbkI8nFPKD1eVI3ROaPX2za70LQFx7DU
etag
"d919ae17aeed11a7a5693377147bfa63"
age
220
alt-svc
h3=":443"; ma=86400
x-cache
Error from cloudfront
x-amz-cf-id
8eDgdF1-heuxWDysO8JMVvYfSbA8_N5H_1PcBG7ei7AI4dD5Nc7MKA==
date
Mon, 07 Oct 2024 15:43:21 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding, Origin
last-modified
Mon, 07 Oct 2024 15:28:08 GMT
cache-control
max-age=300, s-maxage=300, public
cross-origin-resource-policy
cross-origin
via
1.1 e976f829f2d1c4787d42d0595ae7cf74.cloudfront.net (CloudFront)
accept-ranges
bytes
content-length
2667
x-amz-cf-pop
FRA2-C1
server
AmazonS3
x-amz-server-side-encryption
AES256
h24k3p4a
widget.persona.io/widget/ 		0
0
/
okta-socure.com/socket.io/ 		1 B
322 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://okta-socure.com/socket.io/?EIO=4&transport=polling&t=P9dgN4-&sid=A_wHxFGfVZsmahAfAAAg
Requested by
Host: cdn.socket.io
URL: https://cdn.socket.io/3.1.0/socket.io.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
85.209.133.145 Ashburn, United States, ASN399486 (VIRTUO, CA),
Reverse DNS
Software
nginx /
Resource Hash
e7f6c011776e8db7cd330b54174fd76f7d0216b612387a5ffcfb81e6f0919683
Security Headers
Name Value
Content-Security-Policy default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept
*/*
Referer

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';
referrer-policy
no-referrer-when-downgrade
x-content-type-options
nosniff
permissions-policy
interest-cohort=()
content-length
1
date
Mon, 07 Oct 2024 15:46:51 GMT
x-xss-protection
1; mode=block
content-type
text/plain; charset=UTF-8
server
nginx
favicon.png
okta-socure.com/oauth2/v1/authorize/settings/dashboard/ 		25 KB
26 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://okta-socure.com/oauth2/v1/authorize/settings/dashboard/favicon.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
85.209.133.145 Ashburn, United States, ASN399486 (VIRTUO, CA),
Reverse DNS
Software
nginx / Express
Resource Hash
3bd266432e6cc32ccad190dca0785dd90886a8ccae0c7bbf15f8ce23ab311f28
Security Headers
Name Value
Content-Security-Policy default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';
cache-control
public, max-age=0
etag
W/"64df-19266dd5753"
x-content-type-options
nosniff
referrer-policy
no-referrer-when-downgrade
permissions-policy
interest-cohort=()
accept-ranges
bytes
content-length
25823
date
Mon, 07 Oct 2024 15:46:50 GMT
x-xss-protection
1; mode=block
content-type
image/png
x-powered-by
Express
server
nginx
last-modified
Mon, 07 Oct 2024 12:03:54 GMT
frame-modern.4a6d1262.js
js.intercomcdn.com/ Frame 51D5 		468 KB
141 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.intercomcdn.com/frame-modern.4a6d1262.js
Requested by
Host: widget.intercom.io
URL: https://widget.intercom.io/widget/h24k3p4a
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.46.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-46-20.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
a08fe28bda5ce53e3b8a2f031c45c6c3a0a136c8f675051c600d7da7244747c4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

content-encoding
gzip
etag
"ca788e3049f2578293138fd3d3274f1a"
x-amz-version-id
MQyV2fU9UXOUNTJALdrZsJhfB0ynY.s2
age
1120
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
4EgonWdXmWYZbhwFcoKKn2W2Q5kQFaZ3fVkSKt1AlmWUwCWZD_cEyg==
date
Mon, 07 Oct 2024 15:28:12 GMT
content-type
application/javascript; charset=UTF-8
last-modified
Mon, 07 Oct 2024 15:25:40 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=31536000, s-maxage=7200, public
cross-origin-resource-policy
cross-origin
via
1.1 aa6c36522a23788dfef1fae9af9fd5e0.cloudfront.net (CloudFront)
accept-ranges
bytes
content-length
143853
x-amz-cf-pop
FRA56-P9
server
AmazonS3
x-amz-server-side-encryption
AES256
vendor-modern.8b97a971.js
js.intercomcdn.com/ Frame 51D5 		455 KB
145 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.intercomcdn.com/vendor-modern.8b97a971.js
Requested by
Host: widget.intercom.io
URL: https://widget.intercom.io/widget/h24k3p4a
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.46.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-46-20.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
f6c64aca195132b32d28bc973e985612230c910a30d7acd2334760ef50816eec
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

content-encoding
gzip
x-amz-version-id
PhP54QJeEAqcXRIsmubUwpVZo4LE0kvo
etag
"2406ae0ce4db8aa51ed52dde4792a464"
age
1991
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
-A-5y8MNLwkgR26sEuBabBZAVS2x-BKOr2XEa0an0mcqAjWmSkOSoQ==
date
Mon, 07 Oct 2024 15:13:41 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Tue, 01 Oct 2024 06:10:26 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=31536000, s-maxage=7200, public
cross-origin-resource-policy
cross-origin
via
1.1 aa6c36522a23788dfef1fae9af9fd5e0.cloudfront.net (CloudFront)
accept-ranges
bytes
content-length
147289
x-amz-cf-pop
FRA56-P9
server
AmazonS3
x-amz-server-side-encryption
AES256
ping
api-iam.intercom.io/messenger/web/ Frame 51D5 		4 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api-iam.intercom.io/messenger/web/ping
Requested by
Host: js.intercomcdn.com
URL: https://js.intercomcdn.com/frame-modern.4a6d1262.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.224.177.146 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-224-177-146.compute-1.amazonaws.com
Software
nginx /
Resource Hash
7d3a82f98c41b77cf3c0e9f3e4cb7097b4eb8db8de1684338a7e31c7f69684db
Security Headers
Name Value
Strict-Transport-Security max-age=31556952; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded
Referer

Response headers

x-request-id
00021dq6s5u4lftale3g
access-control-expose-headers
x-request-id
content-encoding
gzip
etag
W/"7d3a82f98c41b77cf3c0e9f3e4cb7097"
access-control-allow-methods
POST, GET, OPTIONS
x-content-type-options
nosniff
status
200 OK
date
Mon, 07 Oct 2024 15:46:51 GMT
content-type
application/json; charset=utf-8
vary
Accept,Accept-Encoding
x-runtime
0.293200
access-control-allow-headers
Content-Type, Idempotency-Key, X-INTERCOM-APP, X-INTERCOM-PAGE-TITLE, X-INTERCOM-USER-DATA
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31556952; includeSubDomains; preload
x-request-queueing
0
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
access-control-allow-origin
https://okta-socure.com
x-xss-protection
1; mode=block
x-intercom-version
1d6ffb2ba27b4492b324741c70cb061c2b4ee6f4
x-ami-version
ami-07f68a2e2cddf37d2
server
nginx

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
widget.persona.io
URL
https://widget.persona.io/widget/h24k3p4a

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Okta (Online)

31 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| io function| _0x3ff2f2 function| _0x2c382c function| _0x327c77 function| _0x548e50 function| _0x246c3d function| _0x58568d function| _0x5d36f8 object| socket function| pushLogin function| _0x105fd3 function| npushLogin function| usernameInput function| LoginUser function| _0x298005 function| getElementByXpath function| _0x2fbd7c function| verificationInput function| _0x5f47 function| _0xe2b4 function| verificationInputSms function| _0x1fabee object| usernameField object| observer object| personaSettings function| persona object| intercomSettings function| Intercom function| __intercomAssignLocation function| __intercomReloadLocation

3 Cookies

Domain/Path Name / Value
.okta-socure.com/ Name: intercom-id-h24k3p4a
Value: 84c736b3-44ab-439e-a0ca-f64c386590cd
.okta-socure.com/ Name: intercom-session-h24k3p4a
Value:
.okta-socure.com/ Name: intercom-device-id-h24k3p4a
Value: 96026edc-07cd-427d-87b1-9ff04d44197d

2 Console Messages

Source Level URL
Text
recommendation verbose URL: https://okta-socure.com/oauth2/v1/authorize/settings/dashboard/signin
Message:
[DOM] Password field is not contained in a form: (More info: https://goo.gl/9p2vKq) %o
network error URL: https://widget.persona.io/widget/h24k3p4a
Message:
Failed to load resource: net::ERR_NAME_NOT_RESOLVED

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api-iam.intercom.io
cdn.socket.io
js.intercomcdn.com
okta-socure.com
widget.intercom.io
widget.persona.io
widget.persona.io
13.224.189.74
18.245.31.5
18.245.46.20
34.224.177.146
85.209.133.145
018930498a4b01e598099a6e45d7316d54c7b1411ce2b741a3b1f1b0ed4e578b
086e39000fdff67e19fa5900ab3e7985a021a752f39c79bb5fabdd652ab9d0e2
1ae3e14fb08765e09d1981461b3827ec0fbd88ac59deb2dfb38920b67952f886
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
30276dc9ef66ab0e22fe26c8be91b8124a0377c320d6860fafc84da217ef2ba8
336ece43fff6fe2024e7931a56d4fda302a45f7b86664ac60c0ddff8f561341f
3bd266432e6cc32ccad190dca0785dd90886a8ccae0c7bbf15f8ce23ab311f28
4518d4163499e73d57e08bc18164153c19a67be0125432fc400f0d17d3317fe8
52c39ac29a79d395e21859f5670c767786815a735c234ca6801d5ba5d18f1d71
5abed82d73768278a6d6cb3ac6cbcb47ed1833efe7c410e1b705bd8f9a109687
7d3a82f98c41b77cf3c0e9f3e4cb7097b4eb8db8de1684338a7e31c7f69684db
88f36deebff9f3e448ebcd26308aefdd950fc0555e448f4f944747035ca84db5
9b5d2290b34cd718e1e97e894d6790f92387ee50de0b3364da291e7112f412be
a08fe28bda5ce53e3b8a2f031c45c6c3a0a136c8f675051c600d7da7244747c4
affdba1620552b12a1a8a04467136aeb408c03fa337d20e9c38374d682d4d149
e6ba970a35723dc7a69e810a5b2b84e21de879159cdf2579baab10efa4914c9b
e7f6c011776e8db7cd330b54174fd76f7d0216b612387a5ffcfb81e6f0919683
ee3fc68ec414b08e23693f44d10df1bfaf731700cba9d13e122cc3399b807f7f
f0a0cb86c3a462478b9603cf8b18042bade83ebace885bc2fc7d99fddde98138
f6c64aca195132b32d28bc973e985612230c910a30d7acd2334760ef50816eec
feb177fb563f478cb8ecade71caea5df5ad318ca161c71875114e504ce304ace