Submitted URL: http://cloud.workhuman.com/microsites/t/il/merck/myord
Effective URL: https://idp.workhuman.com/sp/ACS.saml2
Submission: On January 04 via manual from US — Scanned from DE

Summary

This website contacted 3 IPs in 1 countries across 4 domains to perform 4 HTTP transactions. The main IP is 65.9.66.115, located in United States and belongs to AMAZON-02, US. The main domain is idp.workhuman.com. The Cisco Umbrella rank of the primary domain is 100696.
TLS certificate: Issued by Amazon on February 26th 2022. Valid for: a year.
This is the only time idp.workhuman.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 65.9.66.2 16509 (AMAZON-02)
1 3 65.9.66.115 16509 (AMAZON-02)
1 2 34.233.17.74 14618 (AMAZON-AES)
1 99.86.240.62 16509 (AMAZON-02)
4 3
Apex Domain
Subdomains
Transfer
4 workhuman.com
cloud.workhuman.com — Cisco Umbrella Rank: 55297
idp.workhuman.com — Cisco Umbrella Rank: 100696
6 KB
1 globoforce.net
idp.globoforce.net
1 msd.com
pingfed.msd.com
5 KB
1 merck.com
pingfed.merck.com
142 B
4 4
Domain Requested by
2 idp.workhuman.com
2 cloud.workhuman.com 2 redirects
1 idp.globoforce.net idp.workhuman.com
1 pingfed.msd.com
1 pingfed.merck.com 1 redirects
4 5

This site contains no links.

Subject Issuer Validity Valid
*.workhuman.com
Amazon
2022-02-26 -
2023-03-27
a year crt.sh
pingfed.merck.com
Sectigo RSA Organization Validation Secure Server CA
2022-06-14 -
2023-06-14
a year crt.sh
*.globoforce.net
Amazon
2022-05-11 -
2023-06-09
a year crt.sh

This page contains 1 frames:

Primary Page: https://idp.workhuman.com/sp/ACS.saml2
Frame ID: 033FCDCAFFDF3DCEA9E7BCE0E8C875AA
Requests: 4 HTTP requests in this frame

Screenshot

Page Title

Sign On Error

Page URL History Show full URLs

  1. http://cloud.workhuman.com/microsites/t/il/merck/myord HTTP 301
    https://cloud.workhuman.com/microsites/t/il/merck/myord HTTP 302
    https://idp.workhuman.com/sp/startSSO.ping?PartnerIdpId=https%3A%2F%2Fpingfed.merck.com%2Fsaml2%2Fidp&... Page URL
  2. https://pingfed.merck.com/idp/SSO.saml2 HTTP 307
    https://pingfed.msd.com/idp/SSO.saml2 Page URL
  3. https://idp.workhuman.com/sp/ACS.saml2 Page URL

Page Statistics

4
Requests

100 %
HTTPS

0 %
IPv6

4
Domains

5
Subdomains

3
IPs

1
Countries

10 kB
Transfer

9 kB
Size

7
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://cloud.workhuman.com/microsites/t/il/merck/myord HTTP 301
    https://cloud.workhuman.com/microsites/t/il/merck/myord HTTP 302
    https://idp.workhuman.com/sp/startSSO.ping?PartnerIdpId=https%3A%2F%2Fpingfed.merck.com%2Fsaml2%2Fidp&TARGET=https%3A%2F%2Fcloud.workhuman.com%2Fmicrosites%2Fmotivation%2FSSOEntryPoint%3Fclient%3Dmerck%26TARGET%3D Page URL
  2. https://pingfed.merck.com/idp/SSO.saml2 HTTP 307
    https://pingfed.msd.com/idp/SSO.saml2 Page URL
  3. https://idp.workhuman.com/sp/ACS.saml2 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://cloud.workhuman.com/microsites/t/il/merck/myord HTTP 301
  • https://cloud.workhuman.com/microsites/t/il/merck/myord HTTP 302
  • https://idp.workhuman.com/sp/startSSO.ping?PartnerIdpId=https%3A%2F%2Fpingfed.merck.com%2Fsaml2%2Fidp&TARGET=https%3A%2F%2Fcloud.workhuman.com%2Fmicrosites%2Fmotivation%2FSSOEntryPoint%3Fclient%3Dmerck%26TARGET%3D
Request Chain 1
  • https://pingfed.merck.com/idp/SSO.saml2 HTTP 307
  • https://pingfed.msd.com/idp/SSO.saml2

4 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
startSSO.ping
idp.workhuman.com/sp/
Redirect Chain
  • http://cloud.workhuman.com/microsites/t/il/merck/myord
  • https://cloud.workhuman.com/microsites/t/il/merck/myord
  • https://idp.workhuman.com/sp/startSSO.ping?PartnerIdpId=https%3A%2F%2Fpingfed.merck.com%2Fsaml2%2Fidp&TARGET=https%3A%2F%2Fcloud.workhuman.com%2Fmicrosites%2Fmotivation%2FSSOEntryPoint%3Fclient%3Dm...
1 KB
2 KB
Document
General
Full URL
https://idp.workhuman.com/sp/startSSO.ping?PartnerIdpId=https%3A%2F%2Fpingfed.merck.com%2Fsaml2%2Fidp&TARGET=https%3A%2F%2Fcloud.workhuman.com%2Fmicrosites%2Fmotivation%2FSSOEntryPoint%3Fclient%3Dmerck%26TARGET%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.66.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-66-115.fra56.r.cloudfront.net
Software
/
Resource Hash
cbe53ae1802299c86ce92faba5f0ae97c6c241e138df098fe70d88b4c57fd5f1
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache, no-store
content-length
1323
content-type
text/html;charset=utf-8
date
Wed, 04 Jan 2023 23:23:56 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
pragma
no-cache
referrer-policy
origin
via
1.1 c359abeab0060e721cfaac65ce34b1cc.cloudfront.net (CloudFront)
x-amz-cf-id
x7ggZDXW62D9kPipJ8gXJIDgrvQbk1Ru8zmYlA6rrCZmjlj2ev9uig==
x-amz-cf-pop
FRA56-C1
x-cache
Miss from cloudfront
x-frame-options
SAMEORIGIN

Redirect headers

content-length
0
content-security-policy
frame-ancestors 'self' *.quicksight.aws.amazon.com outlook.office365.com outlook.office.com teams.microsoft.com.mcas.ms teams.microsoft.com; report-uri https://68cebcfc7e2f58b08b59066f1.report-uri.com/r/d/csp/enforce
date
Wed, 04 Jan 2023 23:23:55 GMT
location
https://idp.workhuman.com/sp/startSSO.ping?PartnerIdpId=https%3A%2F%2Fpingfed.merck.com%2Fsaml2%2Fidp&TARGET=https%3A%2F%2Fcloud.workhuman.com%2Fmicrosites%2Fmotivation%2FSSOEntryPoint%3Fclient%3Dmerck%26TARGET%3D
server
Apache
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 c359abeab0060e721cfaac65ce34b1cc.cloudfront.net (CloudFront)
x-amz-cf-id
R_pfL2iclWUkxPz3uDehyjMCre4Fdw6Wk9dcVeaIw2dh59N7WLBbBQ==
x-amz-cf-pop
FRA56-C1
x-cache
Miss from cloudfront
x-content-type-options
nosniff
x-xss-protection
1; mode=block
SSO.saml2
pingfed.msd.com/idp/
Redirect Chain
  • https://pingfed.merck.com/idp/SSO.saml2
  • https://pingfed.msd.com/idp/SSO.saml2
5 KB
5 KB
Document
General
Full URL
https://pingfed.msd.com/idp/SSO.saml2
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.233.17.74 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-17-74.compute-1.amazonaws.com
Software
/
Resource Hash
771ad3f213a92c1aef848f1b14406d6a6de1dadf7e70de6f10b65d3e2481afca
Security Headers
Name Value
Content-Security-Policy script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self' https://*.merck.com http://*.merck.com; style-src 'self' https://*.merck.com http://*.merck.com; base-uri 'self' https://*.merck.com http://*.merck.com; object-src 'self' https://*.merck.com http://*.merck.com; frame-ancestors 'self' http://*.merck.com https://*.merck.com https://*.kneatgx.com https://*.kneatgxtest.com https://*.jaggaer.com https://merck-promomats-ghh.veevavault.com;

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://idp.workhuman.com
Referer
https://idp.workhuman.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-cache, no-store
Content-Length
4771
Content-Security-Policy
script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self' https://*.merck.com http://*.merck.com; style-src 'self' https://*.merck.com http://*.merck.com; base-uri 'self' https://*.merck.com http://*.merck.com; object-src 'self' https://*.merck.com http://*.merck.com; frame-ancestors 'self' http://*.merck.com https://*.merck.com https://*.kneatgx.com https://*.kneatgxtest.com https://*.jaggaer.com https://merck-promomats-ghh.veevavault.com;
Content-Type
text/html;charset=utf-8
Date
Wed, 04 Jan 2023 23:23:58 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Pragma
no-cache
Referrer-Policy
origin

Redirect headers

Connection
Keep-Alive
Content-Length
0
Location
https://pingfed.msd.com/idp/SSO.saml2
Server
BigIP
Primary Request ACS.saml2
idp.workhuman.com/sp/
3 KB
3 KB
Document
General
Full URL
https://idp.workhuman.com/sp/ACS.saml2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.66.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-66-115.fra56.r.cloudfront.net
Software
/
Resource Hash
d97c5aa94e4e20b94c7965ac485c9861e6e87e14c67e5d15330a42ea76ce73a9
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://pingfed.msd.com
Referer
https://pingfed.msd.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache, no-store
content-length
2650
content-type
text/html;charset=utf-8
date
Wed, 04 Jan 2023 23:23:58 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
pragma
no-cache
referrer-policy
origin
via
1.1 c359abeab0060e721cfaac65ce34b1cc.cloudfront.net (CloudFront)
x-amz-cf-id
EYNEZxs1_TLNBOZxZtFZgsbK_nXS2EckVTMK8Vhy2jhzD6ulKWKFMg==
x-amz-cf-pop
FRA56-C1
x-cache
Miss from cloudfront
x-frame-options
SAMEORIGIN
main.css
idp.globoforce.net/assets/css/
0
0
Stylesheet
General
Full URL
https://idp.globoforce.net/assets/css/main.css
Requested by
Host: idp.workhuman.com
URL: https://idp.workhuman.com/sp/ACS.saml2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.240.62 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-240-62.vie50.r.cloudfront.net
Software
/
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://idp.workhuman.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontentvisibilityautostatechange

7 Cookies

Domain/Path Name / Value
cloud.workhuman.com/ Name: AWSALB
Value: pQx2gaPd8NB5hx0Y1x9h2uJZBeatAxvYaZZTMtnbsIbjdVbCkRWPY8qSSEI9ZcoqxhT7ZMScqUI0dXo5Ps/HF3x6Ylb+1HTVwsgliJFZjDKTHSkjzy6LV6d7XsDs
cloud.workhuman.com/ Name: AWSALBCORS
Value: pQx2gaPd8NB5hx0Y1x9h2uJZBeatAxvYaZZTMtnbsIbjdVbCkRWPY8qSSEI9ZcoqxhT7ZMScqUI0dXo5Ps/HF3x6Ylb+1HTVwsgliJFZjDKTHSkjzy6LV6d7XsDs
cloud.workhuman.com/ Name: JSESSIONID
Value: 5AB6DA58421EA42B093965E3022CFF49
cloud.workhuman.com/ Name: cf_client
Value: merck
cloud.workhuman.com/ Name: GFDL
Value: %2Fstore%2F%23%21merck%2Forders
idp.workhuman.com/ Name: PF
Value: Al34nJMP4Eg4s2gNAGIRDw
pingfed.msd.com/ Name: PF
Value: IxZW7flolbAFxM7v6mh4u7

1 Console Messages

Source Level URL
Text
network error URL: https://idp.globoforce.net/assets/css/main.css
Message:
Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Frame-Options SAMEORIGIN