sso.matrixabsence.com
Open in
urlscan Pro
3.33.189.110
Public Scan
Submitted URL: https://protect-au.mimecast.com/s/P7N4CyoN3NfXPn10TZqINx?domain=sso.matrixabsence.com
Effective URL: https://sso.matrixabsence.com/enduser/report-suspicious-activity?i=eyJ6aXAiOiJERUYiLCJ2ZXIiOiIxIiwiZW5jIjoiQTI1NkdDTSIsImFsZyI...
Submission: On June 23 via manual from AU — Scanned from DE
Effective URL: https://sso.matrixabsence.com/enduser/report-suspicious-activity?i=eyJ6aXAiOiJERUYiLCJ2ZXIiOiIxIiwiZW5jIjoiQTI1NkdDTSIsImFsZyI...
Submission: On June 23 via manual from AU — Scanned from DE
Summary
This website contacted 2 IPs
in 2 countries
across 3 domains to perform 12 HTTP transactions.
The main IP is 3.33.189.110, located in
United States and
belongs to AMAZON-02, US.
The main domain is sso.matrixabsence.com.
The Cisco Umbrella rank of the primary domain is 313321.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on June 24th 2021. Valid for: a year.
This is the only time sso.matrixabsence.com was scanned on urlscan.io!
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on June 24th 2021. Valid for: a year.
This is the only time sso.matrixabsence.com was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 2 2 | 103.13.69.19 103.13.69.19 | 136792 (MIMECAST-...) (MIMECAST-AS-AP Mimecast Australia Pty Ltd) | |
| 1 | 3.33.189.110 3.33.189.110 | 16509 (AMAZON-02) (AMAZON-02) | |
| 11 | 18.66.112.91 18.66.112.91 | 16509 (AMAZON-02) (AMAZON-02) | |
| 12 | 2 |
2
103.13.69.19
(Australia)
ASN136792 (MIMECAST-AS-AP Mimecast Australia Pty Ltd, AU)
PTR: au-api.mimecast.com
ASN136792 (MIMECAST-AS-AP Mimecast Australia Pty Ltd, AU)
PTR: au-api.mimecast.com
| protect-au.mimecast.com |
1
3.33.189.110
(United States)
ASN16509 (AMAZON-02, US)
PTR: af77c9e516730cc51.awsglobalaccelerator.com
ASN16509 (AMAZON-02, US)
PTR: af77c9e516730cc51.awsglobalaccelerator.com
| sso.matrixabsence.com |
11
18.66.112.91
(United States)
ASN16509 (AMAZON-02, US)
PTR: server-18-66-112-91.fra56.r.cloudfront.net
ASN16509 (AMAZON-02, US)
PTR: server-18-66-112-91.fra56.r.cloudfront.net
| ok11static.oktacdn.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 11 |
oktacdn.com
ok11static.oktacdn.com — Cisco Umbrella Rank: 15317 |
400 KB |
| 2 |
mimecast.com
2 redirects
protect-au.mimecast.com — Cisco Umbrella Rank: 457583 |
3 KB |
| 1 |
matrixabsence.com
sso.matrixabsence.com — Cisco Umbrella Rank: 313321 |
5 KB |
| 12 | 3 |
| Domain | Requested by | |
|---|---|---|
| 11 | ok11static.oktacdn.com |
sso.matrixabsence.com
ok11static.oktacdn.com |
| 2 | protect-au.mimecast.com | 2 redirects |
| 1 | sso.matrixabsence.com | |
| 12 | 3 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| sso.matrixabsence.com DigiCert TLS RSA SHA256 2020 CA1 |
2021-06-24 - 2022-07-25 |
a year | crt.sh |
| *.oktacdn.com DigiCert TLS RSA SHA256 2020 CA1 |
2021-12-22 - 2023-01-22 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://sso.matrixabsence.com/enduser/report-suspicious-activity?i=eyJ6aXAiOiJERUYiLCJ2ZXIiOiIxIiwiZW5jIjoiQTI1NkdDTSIsImFsZyI6ImRpciJ9..JBCbsdq56lBQMzcH.7QxPnT_RCdHAKJbuKLmWmwKkz_aVxjPTz43ADKRb2nxWsnxjxoS48HCnyQoGKYAu1q172sH0pRbLVKNjE2KN6rF-6baxSzHFCiVZGevLabcuHjhsGIcvfSw8_s8-q_SpHmLYcqeDyM1-8BNw5CZstlCw7VRO1uiDGqrrjEXAYBs47JQLSoBiUG_GYbTi4XUaWhxmZS40-nJ2VRWKis4.JyFLoyhbObCLUf5dXTjmew
Frame ID: 50C187D0DBC629519819695922A04340
Requests: 12 HTTP requests in this frame
Screenshot
Page Title
matrixabsence - Verdächtige Aktivität meldenPage URL History Show full URLs
-
https://protect-au.mimecast.com/s/P7N4CyoN3NfXPn10TZqINx?domain=sso.matrixabsence.com
HTTP 307
https://protect-au.mimecast.com/redirect/eNqtVdlyGjkU_RVPP81UmbbWluSaJRhvLCYx4DWeorS1EaEXtxobnMq_jxqyOE7mLbz... HTTP 307
https://sso.matrixabsence.com/enduser/report-suspicious-activity?i=eyJ6aXAiOiJERUYiLCJ2ZXIiOiIxIiwiZW5jIjo... Page URL
Detected technologies
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://protect-au.mimecast.com/s/P7N4CyoN3NfXPn10TZqINx?domain=sso.matrixabsence.com
HTTP 307
https://protect-au.mimecast.com/redirect/eNqtVdlyGjkU_RVPP81UmbbWluSaJRhvLCYx4DWeorS1EaEXtxobnMq_jxqyOE7mLbzA3aR7zz06fIwqXdbRfpQ7XSxs7DNXz954mdeFj3WRRbvRotDRPtyNKqutK-vaZTbYCaUCEcQEACDEwhFoN5J1LfXM5WkRTvx499nObF77u2j_ffCkbmGHMrPBvItUYdZxvarvot27yM8k3HhFiiTRIk0VgJCnHFBJqYaCa2QMpCk3NgWM6y9ViCabOp5Yk0BLMBSSCk1tSlIBYKqJREZJiDRmkktNJQYpAophjoRJDNHAKorV5rzM0G1rWkgCIbJWYMG5spAyjhKFESFMYbFJroqiHv_qBgK8k3W5Bai2AZy9ciFdvp3WPTcBiBD-tPsazbqSeVif967IY5stvkeVGJyGnTEqAAU8IGyQZZQhTrClCQCMQqgwpT-gCliKUyOkDFXhoygQKcYqSQADhCqGwgTMWA4lUCAkWSUIxTJkKayI_g5VgBhVJEmN0SjBCqWEa01EIgE1RhL2U1R_SQMvUc2s9_Le3u1VqQ5Htny9VMqalwijsLcfEd7wdVZn3yOrE4ypEBJBBpkWJAmXaiUMxGG71iDMLJIiUa-RpWlYRpoQoiRiljRviVmjUmyIoZILhCjCQmOcaisskwbzFCNIw5q4CTd-h6xm1iLCrTRJIiWHGEuBFBGMAyMwpD9D9tc08CNfA0KLl2BiisCnfz8FKTEuiEijNt08WKUzDdJsN1I-ZPGgI6UMWhN12hewDRMccuQmvTOz-sPFaLB1BH4HX1vrYPpM-lmwJLUIkSAZCKUJEoE0jGJLQHjFILCeSSaCU4qmJDdVI3hFZcvF-k0m68qt9Fe580s1D-Hf3h9dT3ZaO-P2cPJ2vDNsnx39u79zdtzeOQ4tFNXOUV4Vi4U1oaTO6rNimZumj2VtqwxGzUz61SyN0n7TxoCEK90Lacy_0GzcaPDuznCjyDu_b7__2CBqM-kWm6T_0etNlimyjWKEtJeR7Q6sb2BPOA-KijHHW0C-9fW1jWHRGjUIvb74Z7i9vvbHoCu3nAMxhjFlMQJk458Vvt5EChI3d1R2Iddx8aGWn5ve4jssTPjXiQBAwXZl-PnypODL_H0zV_QnIwQnYbaYJpjC-OsfFecIv_ly7t9NxVYG6sC9CAXegAThICgC00CbEF9WixCZ1XXp9-_27va8L-LtXFJ5m2u7aXDP5mbpbRXUxJZFVbf80pdOu2LpWw1XH129_sf9Zde9RF633VvXOxpd3LhBp4dur7vB7q667sndXtF5d16480kXDj-Yw8m467vZsb9dd5NuNiq164k47h10lDcPNFkcnJ8969OYna_e5ZPpqGNO2_2eWvYH2VX21P_wPJWXq_m7yTPB7cP-SKF8deXz1XxVjAk_7eTr8-Kkf9NewgfIkD8F5UgNLvvD-RHqD5PquJUouRo_nx533OXtiX0cSKWXp_OZP-nqx3T8xKeetx6m4_I0G9zoB3u4PoMtfjB8op1bXy86T-xy9BYu3eHJQ1XNj67bNweesN75YFwcuIuT6cmNmjhyfSGvZqvsdkxAK--hy9FV33kS99bHg2I9U29VZ3CRUnM9mWf2qWFuIwX3U92yU7kEcIrp9DHoUAtNvzyy6XaPIYbQ9PNTbAXOtML2CSSQ42ax98sNU8bEXT7n7-i7wzV95n3iA6SP5yGul74uMlvpLedevmB7vxWfsirqoGQtuYwbAdTS1xv5-PQfdtzRYg HTTP 307
https://sso.matrixabsence.com/enduser/report-suspicious-activity?i=eyJ6aXAiOiJERUYiLCJ2ZXIiOiIxIiwiZW5jIjoiQTI1NkdDTSIsImFsZyI6ImRpciJ9..JBCbsdq56lBQMzcH.7QxPnT_RCdHAKJbuKLmWmwKkz_aVxjPTz43ADKRb2nxWsnxjxoS48HCnyQoGKYAu1q172sH0pRbLVKNjE2KN6rF-6baxSzHFCiVZGevLabcuHjhsGIcvfSw8_s8-q_SpHmLYcqeDyM1-8BNw5CZstlCw7VRO1uiDGqrrjEXAYBs47JQLSoBiUG_GYbTi4XUaWhxmZS40-nJ2VRWKis4.JyFLoyhbObCLUf5dXTjmew Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
12 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
Primary Request
report-suspicious-activity
sso.matrixabsence.com/enduser/ Redirect Chain
|
9 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
moment-with-locales.6e3038cf40602b967dc379abf9524fe0.js
ok11static.oktacdn.com/assets/js/mvc/vendor/lib/ |
131 KB 39 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
saasure.6ca1cd5b6355cf006fbcd7eb358bb088.css
ok11static.oktacdn.com/assets/css/ |
76 KB 18 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
courage.9b2a57762c3d84c1951d4ecc0be2c294.css
ok11static.oktacdn.com/assets/courage/css/ |
234 KB 41 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
admin-overrides.c745331757ff24221d56d8bdd435125b.css
ok11static.oktacdn.com/assets/css/ |
121 KB 29 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
report-suspicious-activity.a3b871a2a23ea6514727f0d9fe8a120d.css
ok11static.oktacdn.com/assets/css/sections/ |
3 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
saasure.jqueryui.min.102606b546693fe717cfa52286ba3da5.js
ok11static.oktacdn.com/assets/js/ |
625 KB 217 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
routing.77e1bbe6e9f5f13ec333a5b6f091135e.js
ok11static.oktacdn.com/assets/js/sections/user/ |
571 B 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
saasure-js-bundle.36dd61cdb7cae23eb6d507680efcb4ce.js
ok11static.oktacdn.com/assets/js/translations/ |
3 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
fs01k76bq7JvL1qtE4x7
ok11static.oktacdn.com/fs/bco/1/ |
7 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
proximanova-reg-webfont.353416ed0ff540352235.woff2
ok11static.oktacdn.com/assets/courage/font/assets/ |
20 KB 21 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
okticon.7f3843fc834ac0c91507.woff
ok11static.oktacdn.com/assets/courage/font/assets/ |
22 KB 22 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
34 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation object| e function| t function| moment object| okta function| oldval function| OktaWayPoint object| webFontConfig object| AjaxForm object| JobManager object| ModalDialog object| Utils object| Preferences object| OktaMetrics function| $ function| jQuery object| BROWSER object| jQuery112409587957161324567 function| _ object| webfont object| WebFont object| saasure object| hashChangeHandler object| mixpanel object| oktaMetrics function| trackEvent function| showBadBrowserIfNotSeen3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| sso.matrixabsence.com/ | Name: JSESSIONID Value: B55000BBD248EAEA6029C8744DE4C446 |
|
| sso.matrixabsence.com/ | Name: t Value: default |
|
| sso.matrixabsence.com/ | Name: DT Value: DI0lWAS9SvTR1eu7IG45hYD7w |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
| Header | Value |
|---|---|
| Content-Security-Policy | frame-ancestors 'self' |
| Strict-Transport-Security | max-age=315360000; includeSubDomains |
| X-Content-Type-Options | nosniff |
| X-Frame-Options | SAMEORIGIN |
| X-Xss-Protection | 0 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ok11static.oktacdn.com
protect-au.mimecast.com
sso.matrixabsence.com
103.13.69.19
18.66.112.91
3.33.189.110
2100b397bceb5d89899790cd891c956625b1475a1d9d14df7c277cfe1564d1d7
2482eb2c01c9f74ed4dabfb8667fde4faee8b27089033f26c44269f1d2bd278f
398d3583a812a10d5d6669885a3f31790fe42d2ad7ac97ddbd66182dcc904c05
437464680eb8c00273ef91489d4c468153734b98cd951fb00fa00765010aeda3
64bb91fe33c18372700eda6597c27f605e528993aa45f325f278a8ac9084dd7b
7b68ff4ad1bac009c2bbcbd1eef24ed62384209b650544a5b87edc8192ae19d7
95d1a50b54178b2dcd0d0e5586f3897e0686df1a328ea2307325d1e8895a20f8
9c1f08dfa48c343162de0d31baa57519db5dc501927b6d449615e4e62bc67e8d
affdba1620552b12a1a8a04467136aeb408c03fa337d20e9c38374d682d4d149
b058e72333f2f26fe5e26eaf6b982c57832f5b463756ff6ee3595a8583d0d702
d10e4f732cdab4a08906a2108ca967b5e2abf1ae47c42dba1e32e533863eeae5
e98a25ab47e6f3ecc22c6b0830a936776fe1594a1a56ce4e3b32c0b7156a9835