auth.safesystems.app
Open in
urlscan Pro
2606:4700::6810:b8f8
Public Scan
Effective URL: https://auth.safesystems.app/u/login?state=hKFo2SBTSmVrWmV6TDVyNTRfQV9raExtTzBPR2liMk1HanhTa6Fur3VuaXZlcnNhbC1sb2dpbqN0aWTZIE...
Submission: On March 01 via automatic, source certstream-suspicious — Scanned from DE
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on November 8th 2021. Valid for: a year.
This is the only time auth.safesystems.app was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
4 | 2600:9000:210... 2600:9000:2104:a600:14:4672:4080:93a1 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 35.81.54.170 35.81.54.170 | 16509 (AMAZON-02) (AMAZON-02) | |
1 2 | 2606:4700::68... 2606:4700::6810:b8f8 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 143.204.103.120 143.204.103.120 | 16509 (AMAZON-02) (AMAZON-02) | |
1 2 | 54.186.125.112 54.186.125.112 | 16509 (AMAZON-02) (AMAZON-02) | |
9 | 6 |
ASN16509 (AMAZON-02, US)
mayoclinic.safe.health |
ASN16509 (AMAZON-02, US)
PTR: ec2-35-81-54-170.us-west-2.compute.amazonaws.com
api.getchecked.health |
ASN16509 (AMAZON-02, US)
PTR: server-143-204-103-120.fra50.r.cloudfront.net
cdn.auth0.com |
ASN16509 (AMAZON-02, US)
PTR: ec2-54-186-125-112.us-west-2.compute.amazonaws.com
safehealth.me |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
safe.health
mayoclinic.safe.health |
2 MB |
2 |
safehealth.me
1 redirects
safehealth.me |
626 B |
2 |
safesystems.app
auth.safesystems.app Failed |
15 KB |
1 |
auth0.com
cdn.auth0.com — Cisco Umbrella Rank: 9211 |
52 KB |
1 |
getchecked.health
api.getchecked.health |
611 B |
9 | 5 |
Domain | Requested by | |
---|---|---|
4 | mayoclinic.safe.health |
mayoclinic.safe.health
|
2 | safehealth.me |
1 redirects
auth.safesystems.app
|
2 | auth.safesystems.app |
mayoclinic.safe.health
|
1 | cdn.auth0.com |
auth.safesystems.app
|
1 | api.getchecked.health |
mayoclinic.safe.health
|
9 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
mayoclinic-dev.safe.health Amazon |
2021-03-31 - 2022-04-29 |
a year | crt.sh |
*.getchecked.health Amazon |
2022-01-28 - 2023-02-26 |
a year | crt.sh |
auth.safesystems.app Cloudflare Inc ECC CA-3 |
2021-11-08 - 2022-11-07 |
a year | crt.sh |
*.auth0.com Amazon |
2021-04-25 - 2022-05-24 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://auth.safesystems.app/u/login?state=hKFo2SBTSmVrWmV6TDVyNTRfQV9raExtTzBPR2liMk1HanhTa6Fur3VuaXZlcnNhbC1sb2dpbqN0aWTZIE9mLXBkWS0xbFJLeEI1cTcxdmtPUFVHV0NjRi1sVUIxo2NpZNkgSVl2aHpucFRwQWNuSlEwRlZQUGRvRzNMUDM2ajZQazI
Frame ID: 6707CD9B08BF282485B2318537E17FC5
Requests: 10 HTTP requests in this frame
Screenshot
Page Title
Log in | Mayo-Clinic Administration ConsolePage URL History Show full URLs
- https://mayoclinic.safe.health/ Page URL
-
https://auth.safesystems.app/authorize?client_id=IYvhznpTpAcnJQ0FVPPdoG3LP36j6Pk2&audience=https%3A%2F%2F...
HTTP 302
https://auth.safesystems.app/u/login?state=hKFo2SBTSmVrWmV6TDVyNTRfQV9raExtTzBPR2liMk1HanhTa6Fur3VuaXZlcn... Page URL
Detected technologies
WordPress (CMS) ExpandDetected patterns
- /wp-(?:content|includes)/
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://mayoclinic.safe.health/ Page URL
-
https://auth.safesystems.app/authorize?client_id=IYvhznpTpAcnJQ0FVPPdoG3LP36j6Pk2&audience=https%3A%2F%2Fapi.getchecked.health&redirect_uri=https%3A%2F%2Fmayoclinic.safe.health&response_type=code&scope=openid%20profile%20email&response_mode=query&state=dGFuMndZV3BLMzVyME51cWVWN0toNkR3NTk2RVZfcy5Gc0RVOUFVLU5iXw%3D%3D&nonce=ayIHodSP8yDHg3vpRTPnJbrFeOpXK0GX1M7h.RnuPsc&code_challenge=X3DYdPT_ebXdO9LTM7FlKvf_eib1RWKJKO84C4TI5_E&code_challenge_method=S256&auth0Client=eyJuYW1lIjoiYXV0aDAtc3BhLWpzIiwidmVyc2lvbiI6IjEuNi41In0%3D
HTTP 302
https://auth.safesystems.app/u/login?state=hKFo2SBTSmVrWmV6TDVyNTRfQV9raExtTzBPR2liMk1HanhTa6Fur3VuaXZlcnNhbC1sb2dpbqN0aWTZIE9mLXBkWS0xbFJLeEI1cTcxdmtPUFVHV0NjRi1sVUIxo2NpZNkgSVl2aHpucFRwQWNuSlEwRlZQUGRvRzNMUDM2ajZQazI Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 7- https://safehealth.me/shs-emblem/ HTTP 301
- https://safehealth.me/wp-content/uploads/sites/2/2020/09/shs-emblem.png
9 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
mayoclinic.safe.health/ |
5 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.974f73de.chunk.css
mayoclinic.safe.health/static/css/ |
731 KB 732 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
8.b3b9d24e.chunk.js
mayoclinic.safe.health/static/js/ |
600 KB 601 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.d75467f8.chunk.js
mayoclinic.safe.health/static/js/ |
353 KB 354 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
public
api.getchecked.health/v1/admin/account/ |
44 B 611 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
logout
auth.safesystems.app/v2/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Primary Request
login
auth.safesystems.app/u/ Redirect Chain
|
13 KB 14 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.cdn.min.css
cdn.auth0.com/ulp/react-components/1.58.3/css/ |
224 KB 52 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
shs-emblem.png
safehealth.me/wp-content/uploads/sites/2/2020/09/ Redirect Chain
|
398 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
650 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- auth.safesystems.app
- URL
- https://auth.safesystems.app/v2/logout?client_id=IYvhznpTpAcnJQ0FVPPdoG3LP36j6Pk2&auth0Client=eyJuYW1lIjoiYXV0aDAtc3BhLWpzIiwidmVyc2lvbiI6IjEuNi41In0%3D
Verdicts & Comments Add Verdict or Comment
1 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| structuredClone6 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
mayoclinic.safe.health/ | Name: a0.spajs.txs.dGFuMndZV3BLMzVyME51cWVWN0toNkR3NTk2RVZfcy5Gc0RVOUFVLU5iXw%3D%3D Value: {%22nonce%22:%22ayIHodSP8yDHg3vpRTPnJbrFeOpXK0GX1M7h.RnuPsc%22%2C%22code_verifier%22:%22m2Q5Yeb~hETLRyCBllbyEH0Rmugn4a_il2vEurz~rzQ%22%2C%22appState%22:{%22targetUrl%22:%22/%22}%2C%22scope%22:%22openid%20profile%20email%22%2C%22audience%22:%22https://api.getchecked.health%22%2C%22redirect_uri%22:%22https://mayoclinic.safe.health%22} |
|
auth.safesystems.app/ | Name: did Value: s%3Av0%3Aa0d6db30-990e-11ec-8a87-197e9a28a1a8.UuIQfi8kIeIBatFkcnZ9VoPLJrhSzZRk1e9DVe8RLjY |
|
auth.safesystems.app/ | Name: auth0 Value: s%3Av1.gadzZXNzaW9ugqZoYW5kbGXEQJetgzaw_BqKAYsvO8Xhf0sdbfAAed7qWDSrV7Aa4nhJ8MWqpxK-bn4HkpyoWKTkaOQcie2cdcuWnDY7wnh8GVCmY29va2llg6dleHBpcmVz1__a3kYAYiGFoK5vcmlnaW5hbE1heEFnZc4PcxQAqHNhbWVTaXRlpG5vbmU.vPC%2Br%2FynQTQ9dHDV9HlVEeJ8xt3G6Zww%2BkicWYaFg0Q |
|
auth.safesystems.app/ | Name: did_compat Value: s%3Av0%3Aa0d6db30-990e-11ec-8a87-197e9a28a1a8.UuIQfi8kIeIBatFkcnZ9VoPLJrhSzZRk1e9DVe8RLjY |
|
auth.safesystems.app/ | Name: auth0_compat Value: s%3Av1.gadzZXNzaW9ugqZoYW5kbGXEQJetgzaw_BqKAYsvO8Xhf0sdbfAAed7qWDSrV7Aa4nhJ8MWqpxK-bn4HkpyoWKTkaOQcie2cdcuWnDY7wnh8GVCmY29va2llg6dleHBpcmVz1__a3kYAYiGFoK5vcmlnaW5hbE1heEFnZc4PcxQAqHNhbWVTaXRlpG5vbmU.vPC%2Br%2FynQTQ9dHDV9HlVEeJ8xt3G6Zww%2BkicWYaFg0Q |
|
safehealth.me/ | Name: AWSALBCORS Value: hc2ABm51hI77heUU4PyWGxCB6tt8ZsAuvG/9vPRuZ7jisbTLd6prDoZAJ5N5pZbJd1AcGZeFbYM6UR6E0i30YUekFEKrk+1dH1Pj7kqGgwPgFECfxZnHZj6lYW6I |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
api.getchecked.health
auth.safesystems.app
cdn.auth0.com
mayoclinic.safe.health
safehealth.me
auth.safesystems.app
143.204.103.120
2600:9000:2104:a600:14:4672:4080:93a1
2606:4700::6810:b8f8
35.81.54.170
54.186.125.112
37d2c9b49a0a2cca73c7b358833ff8aed5a7105dd9389a6eebb7b20872815d75
3e4a1a5a31b33b55878efa693ae07f81232e8997ef8937ecf60a103b34c813d6
69fe4bae5bd1866460d7b95218898eaa76be1475adb67c3d7aa210d3221409e8
6b5ae395943fa19714183cec7479693dae548807d05cd30090a6cfe7c7f0bed0
a68fdf4dacefe6fede1b58d63e225aba671b45394002be01d34580f240dd38cd
aaf1eac584819e98c7f78a20216bd2fb10ee29e10b290983bc0fa82d0f293bce
b161533d9517338294365f7db6d80d347042b3d9e013a4e6fe9094703041693a
b65a22f1d24cb5485d4043b0570824eea237afa0fee0fa2bba48827feca895c1