urlscan.io logo urlscan.io
SecurityTrails logo

extranetcloud.marriott.com Open in urlscan Pro
23.206.121.198  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://sso.birchstreetsystems.com/SpringSaml/saml/discovery/alias/478?entityID=urn:prod:marriott&returnIDParam=idp
Effective URL: https://extranetcloud.marriott.com/marrsso/idp/SSO.saml2
Submission: On July 18 via manual from CA — Scanned from CA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 1 countries across 3 domains to perform 7 HTTP transactions. The main IP is 23.206.121.198, located in Piscataway, United States and belongs to AKAMAI-ASN1, NL. The main domain is extranetcloud.marriott.com. The Cisco Umbrella rank of the primary domain is 131236.
TLS certificate: Issued by Entrust Certification Authority - L1K on April 10th 2023. Valid for: a year.
This is the only time extranetcloud.marriott.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 24.249.14.153 22773 (ASN-CXA-A...)
1 4 23.206.121.198 20940 (AKAMAI-ASN1)
1 2600:1400:900... 20940 (AKAMAI-ASN1)
1 2600:141b:e80... 20940 (AKAMAI-ASN1)
7 4
2    24.249.14.153 (Warwick, United States)

ASN22773 (ASN-CXA-ALL-CCI-22773-RDC, US)
PTR: wsip-24-249-14-153.oc.oc.cox.net
sso.birchstreetsystems.com
4    23.206.121.198 (Piscataway, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-206-121-198.deploy.static.akamaitechnologies.com
extranet.marriott.com
extranetcloud.marriott.com
1    2600:1400:9000:2a5::11a6 (New York, United States)

ASN20940 (AKAMAI-ASN1, NL)
s.go-mpulse.net
1    2600:141b:e800:108e::11a6 (Piscataway, United States)

ASN20940 (AKAMAI-ASN1, NL)
c.go-mpulse.net
Apex Domain
Subdomains		 Transfer
4 marriott.com
extranet.marriott.com — Cisco Umbrella Rank: 132494
extranetcloud.marriott.com — Cisco Umbrella Rank: 131236
16 KB
2 go-mpulse.net
s.go-mpulse.net — Cisco Umbrella Rank: 1293
c.go-mpulse.net — Cisco Umbrella Rank: 579
50 KB
2 birchstreetsystems.com
sso.birchstreetsystems.com — Cisco Umbrella Rank: 380668
22 KB
7 3
Domain Requested by
3 extranetcloud.marriott.com extranetcloud.marriott.com
2 sso.birchstreetsystems.com
1 c.go-mpulse.net s.go-mpulse.net
1 s.go-mpulse.net extranetcloud.marriott.com
1 extranet.marriott.com 1 redirects
7 5

This site contains links to these domains. Also see Links.

Domain
eidhelp.marriott.com
mgscloud.marriott.com
Subject Issuer Validity Valid
*.birchstreetsystems.com
Go Daddy Secure Certificate Authority - G2		 2022-12-26 -
2024-01-27		 a year crt.sh
cn-san.marriott.com
Entrust Certification Authority - L1K		 2023-04-10 -
2024-03-22		 a year crt.sh
akstat.io
DigiCert TLS RSA SHA256 2020 CA1		 2023-04-05 -
2024-04-04		 a year crt.sh

This page contains 1 frames:

Primary Page: https://extranetcloud.marriott.com/marrsso/idp/SSO.saml2
Frame ID: FFF91D3924E521D4E99BF8BE9A1AF145
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Marriott Extranet Login

Page URL History Show full URLs

  1. https://sso.birchstreetsystems.com/SpringSaml/saml/discovery/alias/478?entityID=urn:prod:marriott&returnIDParam... Page URL
  2. https://sso.birchstreetsystems.com/SpringSaml/saml/login/alias/478?idp=https%3A%2F%2Fsso.birchstreetsystems.com... Page URL
  3. https://extranet.marriott.com/marrsso/idp/SSO.saml2 HTTP 307
    https://extranetcloud.marriott.com/marrsso/idp/SSO.saml2 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns

Page Statistics

7
Requests

100 %
HTTPS

50 %
IPv6

3
Domains

5
Subdomains

4
IPs

1
Countries

87 kB
Transfer

295 kB
Size

7
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://sso.birchstreetsystems.com/SpringSaml/saml/discovery/alias/478?entityID=urn:prod:marriott&returnIDParam=idp Page URL
  2. https://sso.birchstreetsystems.com/SpringSaml/saml/login/alias/478?idp=https%3A%2F%2Fsso.birchstreetsystems.com%2FSpringSaml%2Fsaml%2FSSO%2Falias%2F478 Page URL
  3. https://extranet.marriott.com/marrsso/idp/SSO.saml2 HTTP 307
    https://extranetcloud.marriott.com/marrsso/idp/SSO.saml2 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
478
sso.birchstreetsystems.com/SpringSaml/saml/discovery/alias/ 		51 KB
18 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://sso.birchstreetsystems.com/SpringSaml/saml/discovery/alias/478?entityID=urn:prod:marriott&returnIDParam=idp
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
24.249.14.153 Warwick, United States, ASN22773 (ASN-CXA-ALL-CCI-22773-RDC, US),
Reverse DNS
wsip-24-249-14-153.oc.oc.cox.net
Software
Apache /
Resource Hash
a17d6bdca480efcc118ae31427862f2647e75d157a26ce64e626682edf282bb6
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

Connection
Keep-Alive
Content-Encoding
gzip
Content-Length
18215
Content-Type
text/html;charset=ISO-8859-1
Date
Tue, 18 Jul 2023 19:22:29 GMT
Keep-Alive
timeout=20, max=5000
Server
Apache
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
X-XSS-Protection
1; mode=block
478
sso.birchstreetsystems.com/SpringSaml/saml/login/alias/ 		6 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://sso.birchstreetsystems.com/SpringSaml/saml/login/alias/478?idp=https%3A%2F%2Fsso.birchstreetsystems.com%2FSpringSaml%2Fsaml%2FSSO%2Falias%2F478
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
24.249.14.153 Warwick, United States, ASN22773 (ASN-CXA-ALL-CCI-22773-RDC, US),
Reverse DNS
wsip-24-249-14-153.oc.oc.cox.net
Software
Apache /
Resource Hash
ca92107206fde214b176dc8a609c0b23d3ddcd08a23442a9317b2cbd62414c8c
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://sso.birchstreetsystems.com/SpringSaml/saml/discovery/alias/478?entityID=urn:prod:marriott&returnIDParam=idp
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

Cache-control
no-cache, no-store
Connection
Keep-Alive
Content-Encoding
gzip
Content-Length
3719
Content-Type
text/html;charset=UTF-8
Date
Tue, 18 Jul 2023 19:22:30 GMT
Keep-Alive
timeout=20, max=4999
Pragma
no-cache
Server
Apache
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
X-XSS-Protection
1; mode=block
Primary Request SSO.saml2
extranetcloud.marriott.com/marrsso/idp/
Redirect Chain
  • https://extranet.marriott.com/marrsso/idp/SSO.saml2
  • https://extranetcloud.marriott.com/marrsso/idp/SSO.saml2
27 KB
10 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://extranetcloud.marriott.com/marrsso/idp/SSO.saml2
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.206.121.198 Piscataway, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-206-121-198.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
819cab5c199b98b6957d0b73cb6445332b0ebea7b836924da047404cfa26cafa
Security Headers
Name Value
Strict-Transport-Security max-age=86400 ; includeSubDomains

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://sso.birchstreetsystems.com
Referer
https://sso.birchstreetsystems.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

cache-control
no-cache, no-store
content-encoding
gzip
content-length
8521
content-type
text/html;charset=utf-8
date
Tue, 18 Jul 2023 19:22:32 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
pragma
no-cache
server-timing
cdn-cache; desc=MISS edge; dur=46 origin; dur=94 ak_p; desc="469363_399407238_78217215_14052_5754_17_0_255";dur=1
strict-transport-security
max-age=86400 ; includeSubDomains
vary
Accept-Encoding
x-akamai-transformed
9 23276 0 pmb=mRUM,2
x-ua-compatible
IE=edge

Redirect headers

content-length
0
date
Tue, 18 Jul 2023 19:22:31 GMT
location
https://extranetcloud.marriott.com/marrsso/idp/SSO.saml2
server-timing
cdn-cache; desc=MISS edge; dur=901 origin; dur=24 ak_p; desc="469363_399407238_78215007_92290_5335_17_0_255";dur=1
strict-transport-security
max-age=86400 ; includeSubDomains
RXK2J-Q8TNH-HPZKT-H59DE-Y6WPG
s.go-mpulse.net/boomerang/ 		205 KB
49 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.go-mpulse.net/boomerang/RXK2J-Q8TNH-HPZKT-H59DE-Y6WPG
Requested by
Host: extranetcloud.marriott.com
URL: https://extranetcloud.marriott.com/marrsso/idp/SSO.saml2
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2600:1400:9000:2a5::11a6 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
09ebd7f407439990aac227e70da23e1a819e8e30282928e324370805f480bec4

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://extranetcloud.marriott.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 18 Jul 2023 19:22:32 GMT
content-encoding
br
last-modified
Tue, 04 Jul 2023 10:04:16 GMT
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
max-age=604800
x-n
S
timing-allow-origin
*
content-length
50393
login-bg.png
extranetcloud.marriott.com/userauth/ig-adapter-security-code-challenge/ 		170 B
424 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://extranetcloud.marriott.com/userauth/ig-adapter-security-code-challenge/login-bg.png
Requested by
Host: extranetcloud.marriott.com
URL: https://extranetcloud.marriott.com/marrsso/idp/SSO.saml2
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.206.121.198 Piscataway, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-206-121-198.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
6c66cb3e0eb903f81b1552a57b5409c84bfa60aca926005c1228cfc41c636542
Security Headers
Name Value
Strict-Transport-Security max-age=86400 ; includeSubDomains

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://extranetcloud.marriott.com/marrsso/idp/SSO.saml2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 18 Jul 2023 19:22:32 GMT
strict-transport-security
max-age=86400 ; includeSubDomains
last-modified
Thu, 09 Sep 2021 03:07:51 GMT
etag
W/"4crMZHXe5Hg4crNHL1Ye4o"
content-type
image/png
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="469363_399407238_78217617_19_7277_19_0_146";dur=1
accept-ranges
bytes
content-length
170
logo.png
extranetcloud.marriott.com/userauth/ig-adapter-security-code-challenge/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://extranetcloud.marriott.com/userauth/ig-adapter-security-code-challenge/logo.png
Requested by
Host: extranetcloud.marriott.com
URL: https://extranetcloud.marriott.com/marrsso/idp/SSO.saml2
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.206.121.198 Piscataway, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-206-121-198.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
8ccb4327251e98bae1486bafd153d13ed49f924f2f6a7a4e8d60dbac23541b83
Security Headers
Name Value
Strict-Transport-Security max-age=86400 ; includeSubDomains

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://extranetcloud.marriott.com/marrsso/idp/SSO.saml2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 18 Jul 2023 19:22:32 GMT
strict-transport-security
max-age=86400 ; includeSubDomains
last-modified
Thu, 09 Sep 2021 03:07:51 GMT
etag
W/"ZatzQJXOk/oZatyOF1IGA0"
content-type
image/png
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="469363_399407238_78217650_56_5492_19_0_219";dur=1
accept-ranges
bytes
content-length
5295
config.json
c.go-mpulse.net/api/ 		51 B
323 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.go-mpulse.net/api/config.json?key=RXK2J-Q8TNH-HPZKT-H59DE-Y6WPG&d=extranetcloud.marriott.com&t=5632361&v=1.720.0&sl=0&si=22af86ae-0380-4153-b8f3-6852e53dabb7-ry0b5j&plugins=AK,ConfigOverride,Continuity,PageParams,IFrameDelay,AutoXHR,SPA,History,Angular,Backbone,Ember,RT,CrossDomain,BW,PaintTiming,NavigationTiming,ResourceTiming,Memory,CACHE_RELOAD,Errors,TPAnalytics,UserTiming,Akamai,Early,EventTiming,LOGN&acao=&ak.ai=786128
Requested by
Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/RXK2J-Q8TNH-HPZKT-H59DE-Y6WPG
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2600:141b:e800:108e::11a6 Piscataway, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
5101594a53ca599320981c3cd1faead43c220d75f15105e5cd28fcbc62340c04

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://extranetcloud.marriott.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Tue, 18 Jul 2023 19:22:32 GMT
Cache-Control
private, max-age=120, stale-while-revalidate=60, stale-if-error=120
Connection
keep-alive
Timing-Allow-Origin
*
Content-Length
51
Content-Type
application/json

Verdicts & Comments Add Verdict or Comment

31 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| onbeforetoggle object| onscrollend object| BOOMR_mq string| BOOMR_API_key object| BOOMR function| is_touch_device object| today string| temp string| PingURL string| PingbaseURL string| REF function| clear function| mivalidator function| postForgotPassword function| postRecoverUsername function| postAlternateAuthnSystem function| postRegistration function| postOk function| submitForm function| postCancel function| postOnReturn function| setFocus function| setMobile function| IsWebAuthnSupported function| isWebAuthnPlatformAuthenticatorAvailable number| BOOMR_onload function| BOOMR_check_doc_domain object| ErrorStackParser object| UserTimingCompression number| BOOMR_configt

7 Cookies

Domain/Path Name / Value
sso.birchstreetsystems.com/SpringSaml Name: JSESSIONID
Value: 1AD2076FA5E5C5DCB3EA5E66FF7A7FE1.tc-sso01
extranetcloud.marriott.com/ Name: AWSALB
Value: ec/MILK+3kVWAhyxMnd50dcisBli/+7OQMIfZWjkf6dXC6RQxiiC8JtrdUpNVnwz6aRB92JQvSXWTn6K3DQCl1masNPtRUk8vZH5F0aa9lN6E1ZHcHbBYIRIbw/+
extranetcloud.marriott.com/ Name: AWSALBCORS
Value: ec/MILK+3kVWAhyxMnd50dcisBli/+7OQMIfZWjkf6dXC6RQxiiC8JtrdUpNVnwz6aRB92JQvSXWTn6K3DQCl1masNPtRUk8vZH5F0aa9lN6E1ZHcHbBYIRIbw/+
.marriott.com/ Name: PF-PROD
Value: GpYNPF0Wm2Dk3qgUnCmWet
.marriott.com/ Name: AKA_A2
Value: A
.marriott.com/ Name: ak_bmsc
Value: 0A42EAE3B38BD710BC8904F0D8D9A366~000000000000000000000000000000~YAAQhnjOF8DkYGeJAQAA5ER0ahTSGLTryo/y3zMCh+1Z7MgE8B0RKqOX/eFwAr4nY0bWB/97b0Nmct3EB/qnB5gekVkTTxxILD1f01hPzk+iPB6AYkgJtC/dB7wj58yqGVCTtDpkimdfVPetuJAdOTmg93iWisCgSHeweu5XrKQ7CGrkckhVVfL8Duci0F935a44rBUqTrXRyYOCJkzGRFTvG1sPzxSCk0eiZZ9ISfOLLnaqzr5kPMyU+PvWuZy3nssTKlTW3WX/2Mkb9HqhamUJbPa2Aw0LClAd2ALxW/jBXoh6gl/UdCht53IYze8rVWyZJBz2ViEAkgRsyAx3wttzkR0PUEWMwuDpdpFr3a7HD1TI4uU4Z88pfidHL9EfuVktyZMcxYqgsQCxng==
.extranetcloud.marriott.com/ Name: RT
Value: "z=1&dm=extranetcloud.marriott.com&si=22af86ae-0380-4153-b8f3-6852e53dabb7&ss=lk8olt8n&sl=1&tt=15k&rl=1&ld=1c3"

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block