gtam.login.duosecurity.com
Open in
urlscan Pro
75.2.30.150
Public Scan
Effective URL: https://gtam.login.duosecurity.com/email_first?authkey=ASGWRLQ9PJFQQNOK69C7&aid=1b3ea640d6cd428691735e731af84c74
Submission: On July 21 via automatic, source certstream-suspicious — Scanned from DE
Summary
TLS certificate: Issued by Amazon on May 25th 2022. Valid for: a year.
This is the only time gtam.login.duosecurity.com was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 2 | 64.238.144.210 64.238.144.210 | 62 (CONE) (CONE) | |
1 6 | 75.2.30.150 75.2.30.150 | 16509 (AMAZON-02) (AMAZON-02) | |
6 | 2 |
ASN62 (CONE, US)
PTR: 64-238-144-210.cyrusone.com
secure.gtm.goldentree.com |
ASN16509 (AMAZON-02, US)
PTR: afb043b6cb0f8a076.awsglobalaccelerator.com
sso-07f32f30.sso.duosecurity.com | |
gtam.login.duosecurity.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
duosecurity.com
1 redirects
sso-07f32f30.sso.duosecurity.com gtam.login.duosecurity.com |
367 KB |
2 |
goldentree.com
1 redirects
secure.gtm.goldentree.com |
2 KB |
6 | 2 |
Domain | Requested by | |
---|---|---|
5 | gtam.login.duosecurity.com |
gtam.login.duosecurity.com
|
2 | secure.gtm.goldentree.com | 1 redirects |
1 | sso-07f32f30.sso.duosecurity.com | 1 redirects |
6 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
secure.goldentree.com DigiCert TLS RSA SHA256 2020 CA1 |
2021-07-31 - 2022-08-03 |
a year | crt.sh |
*.login.duosecurity.com Amazon |
2022-05-25 - 2023-06-23 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://gtam.login.duosecurity.com/email_first?authkey=ASGWRLQ9PJFQQNOK69C7&aid=1b3ea640d6cd428691735e731af84c74
Frame ID: F4E38FBBA265BD12F1B67311A472731A
Requests: 6 HTTP requests in this frame
Screenshot
Page Title
LoginPage URL History Show full URLs
-
https://secure.gtm.goldentree.com/
HTTP 302
https://secure.gtm.goldentree.com/my.policy Page URL
-
https://sso-07f32f30.sso.duosecurity.com/saml2/sp/DIYUBYVWQ5XBSG7CJRKC/sso
HTTP 302
https://gtam.login.duosecurity.com/email_first?authkey=ASGWRLQ9PJFQQNOK69C7&aid=1b3ea640d6cd428691735e731af84c74 Page URL
Detected technologies
jQuery (JavaScript Libraries) ExpandDetected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://secure.gtm.goldentree.com/
HTTP 302
https://secure.gtm.goldentree.com/my.policy Page URL
-
https://sso-07f32f30.sso.duosecurity.com/saml2/sp/DIYUBYVWQ5XBSG7CJRKC/sso
HTTP 302
https://gtam.login.duosecurity.com/email_first?authkey=ASGWRLQ9PJFQQNOK69C7&aid=1b3ea640d6cd428691735e731af84c74 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://secure.gtm.goldentree.com/ HTTP 302
- https://secure.gtm.goldentree.com/my.policy
6 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
my.policy
secure.gtm.goldentree.com/ Redirect Chain
|
1 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
email_first
gtam.login.duosecurity.com/ Redirect Chain
|
2 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
email-first.css
gtam.login.duosecurity.com/static/css/page/ |
62 KB 13 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
gtam.login.duosecurity.com/static/shared/lib/jquery/ |
87 KB 36 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
email-first.js
gtam.login.duosecurity.com/static/js/page/ |
966 KB 289 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo
gtam.login.duosecurity.com/ |
26 KB 26 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
14 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| $ function| jQuery function| _ object| regeneratorRuntime object| _fallbackJedInstance object| _jedInstance7 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
secure.gtm.goldentree.com/ | Name: LastMRH_Session Value: dc27eef4 |
|
secure.gtm.goldentree.com/ | Name: MRHSession Value: b93adcdddbe2ef7d35044b17dc27eef4 |
|
sso-07f32f30.sso.duosecurity.com/ | Name: sid Value: "MzEzYWMwMjM5Y2MzNDAxODg2MWI1Y2Y5YzNhZjliYmU=|84.19.175.183|1658417687|1d9ff803aa9302939e5f78af042ce879e292cd4d" |
|
sso-07f32f30.sso.duosecurity.com/ | Name: sid-init-e9ae339bbfd545f185cf0a96f06795c9 Value: "MzEzYWMwMjM5Y2MzNDAxODg2MWI1Y2Y5YzNhZjliYmU=|84.19.175.183|1658417687|ea98b6074f29e45004888203c709479653d0a2bb" |
|
gtam.login.duosecurity.com/ | Name: sid Value: "YTk1NWQ3MDg5NmU2NDMzNTgxNmEwZWIwOGZkZjFiOTU=|84.19.175.183|1658417687|edb48c28e717684c4712fd938a5e47197eb39e6a" |
|
gtam.login.duosecurity.com/ | Name: sid-init-73f9539043954db2b85c60455fe8dc53 Value: "YTk1NWQ3MDg5NmU2NDMzNTgxNmEwZWIwOGZkZjFiOTU=|84.19.175.183|1658417687|4993803fccceef5b04e7d6cc95e48ca3ddbf1063" |
|
gtam.login.duosecurity.com/ | Name: _xsrf Value: "ZWM4NjVmYjQ2NzYyNGQ0MThhMjA2MTE2YzZiMTYxMDM=|84.19.175.183|1658417687|4afaf78bb2978cd1178032a17258ceb3e7f53d48" |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=16070400; includeSubDomains |
X-Frame-Options | DENY |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
gtam.login.duosecurity.com
secure.gtm.goldentree.com
sso-07f32f30.sso.duosecurity.com
64.238.144.210
75.2.30.150
0b103362f76afcfe6e2f1df52932900c2450560fdd9e32f5537fd4a4aebfdadb
6559b83a9653d7b6cdcc9bc1b7ea5995a8b5c41834b9646769512b4c42492526
6eaccc9b4516418afcd0cf9fc6dd28b05a0b228d3b13aa1a985039c341fd6142
74ac79c5eb135775ab4863d23d1b4e05efb97ba5249b3ef1e8b97064b9647ec6
7709f96c8cc96d7017779931133de6090602eb89ad7b46221248aad100a9b3eb
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e