sso-c4ef42a7.sso.duosecurity.com
Open in
urlscan Pro
75.2.30.150
Public Scan
Effective URL: https://sso-c4ef42a7.sso.duosecurity.com/email_first?authkey=ASXWBUMAFXXVPF1GDV74&aid=50cfb039cccd4c39ad37def01f22b8f4
Submission: On February 14 via automatic, source certstream-suspicious — Scanned from DE
Summary
TLS certificate: Issued by Amazon on June 24th 2021. Valid for: a year.
This is the only time sso-c4ef42a7.sso.duosecurity.com was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 3 | 71.80.32.91 71.80.32.91 | 20115 (CHARTER-2...) (CHARTER-20115) | |
1 7 | 75.2.30.150 75.2.30.150 | 16509 (AMAZON-02) (AMAZON-02) | |
6 | 1 |
ASN20115 (CHARTER-20115, US)
PTR: 071-080-032-091.biz.spectrum.com
rdc.bankoftennessee.net | |
duo.bankoftennessee.net |
ASN16509 (AMAZON-02, US)
PTR: afb043b6cb0f8a076.awsglobalaccelerator.com
sso-c4ef42a7.sso.duosecurity.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
duosecurity.com
1 redirects
sso-c4ef42a7.sso.duosecurity.com |
282 KB |
3 |
bankoftennessee.net
3 redirects
rdc.bankoftennessee.net duo.bankoftennessee.net |
3 KB |
6 | 2 |
Domain | Requested by | |
---|---|---|
7 | sso-c4ef42a7.sso.duosecurity.com |
1 redirects
sso-c4ef42a7.sso.duosecurity.com
|
2 | duo.bankoftennessee.net | 2 redirects |
1 | rdc.bankoftennessee.net | 1 redirects |
6 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.login.duosecurity.com Amazon |
2021-06-24 - 2022-07-23 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://sso-c4ef42a7.sso.duosecurity.com/email_first?authkey=ASXWBUMAFXXVPF1GDV74&aid=50cfb039cccd4c39ad37def01f22b8f4
Frame ID: 7401A505025A87B1A23AA165D2A35ADC
Requests: 6 HTTP requests in this frame
Screenshot
Page Title
LoginPage URL History Show full URLs
-
https://rdc.bankoftennessee.net/
HTTP 302
https://duo.bankoftennessee.net/check?final_redirect=eyJ1cmwiOiAiaHR0cHM6Ly9yZGMuYmFua29mdGVubmVzc2VlLm5ldC8... HTTP 302
https://duo.bankoftennessee.net/login?final_redirect=eyJ1cmwiOiAiaHR0cHM6Ly9yZGMuYmFua29mdGVubmVzc2VlLm5ldC8... HTTP 302
https://sso-c4ef42a7.sso.duosecurity.com/saml2/sp/DITCVKKFJTKA1EP7EW6T/sso?SAMLRequest=hVPLbtswELznKwTd9aBM%2BUHYBlw7... HTTP 302
https://sso-c4ef42a7.sso.duosecurity.com/email_first?authkey=ASXWBUMAFXXVPF1GDV74&aid=50cfb039cccd4c39ad37def01f22b8f4 Page URL
Detected technologies
Lodash (JavaScript Libraries) ExpandDetected patterns
- lodash.*\.js
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://rdc.bankoftennessee.net/
HTTP 302
https://duo.bankoftennessee.net/check?final_redirect=eyJ1cmwiOiAiaHR0cHM6Ly9yZGMuYmFua29mdGVubmVzc2VlLm5ldC8iLCAic3ZjIjogInJkYy5iYW5rb2Z0ZW5uZXNzZWUubmV0In0%3D%7C84.19.175.184%7C1644848657%7C0381696e35e2c0a73b26210617c241ee071a7c7e HTTP 302
https://duo.bankoftennessee.net/login?final_redirect=eyJ1cmwiOiAiaHR0cHM6Ly9yZGMuYmFua29mdGVubmVzc2VlLm5ldC8iLCAic3ZjIjogInJkYy5iYW5rb2Z0ZW5uZXNzZWUubmV0In0%3D%7C84.19.175.184%7C1644848657%7C0381696e35e2c0a73b26210617c241ee071a7c7e HTTP 302
https://sso-c4ef42a7.sso.duosecurity.com/saml2/sp/DITCVKKFJTKA1EP7EW6T/sso?SAMLRequest=hVPLbtswELznKwTd9aBM%2BUHYBlw7QV2njWArKdBLQZOrhqhEqiSVOH9fUnFqB2hdXQQtZ2Znh6upoU3dkkVnH%2BUWfnVg7FUQHJpaGtIfzcJOS6KoEYZI2oAhlpHd4vMtyeKUtFpZxVQdviNd5lBjQFuhpCetV7NwdX%2F3HSY4x8BwWuUYZUO2R9kgz9BgnHLEMOcYD%2FI9Z5PhCAOlNB2wCZ4MMcorlDNOx17rAbRxsrPQdem1jelgLY2l0rpimmVRmkUIlwiTDBM0%2FuZRKzeykNT2zEdrW0OSxBgVMQwVzugodh8x75QB1mlhX2KmmsSPmSWmTVbrcvmw2dx8KjcLdF2Mrr8OS0%2F30sUxnQ9CciF%2FXI5l%2Fwoy5GNZFlFxtyu9xOItrKWSpmtA70A%2FCQb329uTW2cu3lP5U1UWpARHgViCTSgzSTh3KkEw9YZJn4ie%2F4%2FXgKWcWppMk3PaSaglX5z%2F9apQtWAvfd0%2FN0o31P57TBSjviJ4VPVQ0knTAhOVAB7%2BkVnUtXpeaqAWZqHVHYRB8q75cVGB92vrkrFwsMFSNS3Vwvh7hANl9jj6afxz%2BLJ2e7iFan5xVRlhHufKhXs9K839nQJzvUtNnXml7TGkv4q%2Fuk4u2J5fvR2f%2F4Pz3w%3D%3D&RelayState=7La860Y6GyUiKcY31IH0FZeoy3zBFwo26BOGsE3i HTTP 302
https://sso-c4ef42a7.sso.duosecurity.com/email_first?authkey=ASXWBUMAFXXVPF1GDV74&aid=50cfb039cccd4c39ad37def01f22b8f4 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
6 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
email_first
sso-c4ef42a7.sso.duosecurity.com/ Redirect Chain
|
2 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
email-first.css
sso-c4ef42a7.sso.duosecurity.com/static/css/page/ |
72 KB 14 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-legacy.min.js
sso-c4ef42a7.sso.duosecurity.com/static/shared/lib/jquery/ |
144 KB 50 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
lodash.min.js
sso-c4ef42a7.sso.duosecurity.com/static/shared/lib/lodash/ |
26 KB 11 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
email-first.js
sso-c4ef42a7.sso.duosecurity.com/static/js/page/ |
682 KB 198 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo
sso-c4ef42a7.sso.duosecurity.com/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
7 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| structuredClone function| $ function| jQuery function| _ object| regeneratorRuntime object| _fallbackJedInstance object| _jedInstance3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
sso-c4ef42a7.sso.duosecurity.com/ | Name: sid Value: "MzhkYzRkMDA2ZWViNDBiM2I1OGYxYzkxOGZkMzRiOTc=|84.19.175.184|1644848694|3924af2045245b1fbf971532bc479aff83d01615" |
|
sso-c4ef42a7.sso.duosecurity.com/ | Name: sid-init-815e5a28ddfb4838a403a371153edd2c Value: "MzhkYzRkMDA2ZWViNDBiM2I1OGYxYzkxOGZkMzRiOTc=|84.19.175.184|1644848694|2f48c23d1081113bb7f33da480c033d435618343" |
|
sso-c4ef42a7.sso.duosecurity.com/ | Name: _xsrf Value: "MGExMGViYzYwNzQ0NGE5YjhjZmVhY2RmMWVjZjdhMDg=|84.19.175.184|1644848694|7d15297d4e174076e59a0bba64cc58657a6e749b" |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | default-src 'none'; style-src 'self' https://uw2.pwl.login.duosecurity.com; script-src 'self' https://uw2.pwl.login.duosecurity.com; font-src 'self'; frame-src 'self' com-duosecurity-devicehealth://*; frame-ancestors 'none'; img-src 'self' https://uw2.pwl.login.duosecurity.com; connect-src 'self' https://uw2.pwl.login.duosecurity.com https://127.0.0.1:53100 https://127.0.0.1:53101 https://127.0.0.1:53102 https://127.0.0.1:53103 https://127.0.0.1:53104 https://127.0.0.1:53105 http://127.0.0.1:53106 http://127.0.0.1:53107 http://127.0.0.1:53108 http://127.0.0.1:53109 http://127.0.0.1:53110 http://127.0.0.1:53111 https://localhost:53100 https://localhost:53101 https://localhost:53102 https://localhost:53103 https://localhost:53104 https://localhost:53105 |
Strict-Transport-Security | max-age=31536000 |
X-Content-Type-Options | nosniff |
X-Frame-Options | DENY |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
duo.bankoftennessee.net
rdc.bankoftennessee.net
sso-c4ef42a7.sso.duosecurity.com
71.80.32.91
75.2.30.150
11da5a3b113afed9b12e0faf1756fc495d36892facc9dfda4bd6ad69818edbdc
14516091eb8d2c89f743086fc7e770b3de538eac779b0cd69a612483547208c1
41f983ead41d80fe721d842c83211e5cc6ff0fb321cda9c934c915a447a5004f
5365b3ff10d5deced90e0efac63b7631455a389366dec42ffefe785f2eefe0d4
72e7b44ab6aaa3d7b3b572d710622f62afd4f13cc15e54fed26e0eb5c9418511
758bae1da5147b2f69e0032f787ae186644b27a8af5c2a45afaedff8bfa1c2c0