weblogin.med.umich.edu Open in urlscan Pro
141.214.9.172 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://splunk-es.med.umich.edu/
Effective URL:
https://weblogin.med.umich.edu/nidp/saml2/sso
Submission: On June 28 via api (June 28th 2024, 3:55:26 pm UTC) from US — Scanned from ES

Summary HTTP 15 Redirects Links 3 Behaviour Indicators

Summary

This website contacted 4 IPs in 1 countries across 2 domains to perform 15 HTTP transactions. The main IP is 141.214.9.172, located in Ypsilanti, United States and belongs to UMICH-AS-5, US. The main domain is weblogin.med.umich.edu. The Cisco Umbrella rank of the primary domain is 605219.
TLS certificate: Issued by InCommon RSA Server CA 2 on January 5th 2024. Valid for: a year.

This is the only time weblogin.med.umich.edu was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
3 6	23.23.46.132 23.23.46.132	14618 (AMAZON-AES) (AMAZON-AES)
10	141.214.9.172 141.214.9.172	36375 (UMICH-AS-5) (UMICH-AS-5)
1	2a04:4e42:200... 2a04:4e42:200::485	54113 (FASTLY) (FASTLY)
15	4

6 23.23.46.132 (Ashburn, United States) 3 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-23-23-46-132.compute-1.amazonaws.com

splunk-es.med.umich.edu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 141.214.9.172 (Ypsilanti, United States)

ASN36375 (UMICH-AS-5, US)
PTR: weblogin.med.umich.edu

weblogin.med.umich.edu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:200::485 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
16	umich.edu 3 redirects splunk-es.med.umich.edu weblogin.med.umich.edu — Cisco Umbrella Rank: 605219	192 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 381	26 KB
15	2

	Domain	Requested by
10	weblogin.med.umich.edu	weblogin.med.umich.edu
6	splunk-es.med.umich.edu	3 redirects splunk-es.med.umich.edu
1	cdn.jsdelivr.net	weblogin.med.umich.edu
15	3

This site contains links to these domains. Also see Links.

Domain
lvl2.med.umich.edu
spg.umich.edu
safecomputing.umich.edu

Subject Issuer	Validity	Valid
*.michmed.splunkcloud.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-21` - `2024-09-21`	a year	crt.sh
weblogin.med.umich.edu InCommon RSA Server CA 2	`2024-01-05` - `2025-01-04`	a year	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2023 Q3	`2023-09-27` - `2024-10-28`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://weblogin.med.umich.edu/nidp/saml2/sso
Frame ID: 78AA53C8C4951FBE1EB3321F0F538635
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Access Manager

Page URL History Show full URLs

https://splunk-es.med.umich.edu/ HTTP 303
https://splunk-es.med.umich.edu/en-US/ HTTP 303
https://splunk-es.med.umich.edu/en-US/account/login?return_to=%2Fen-US%2F Page URL
https://weblogin.med.umich.edu/nidp/saml2/sso Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
//cdn\.jsdelivr\.net/

Page Statistics

15
Requests

73 %
HTTPS

33 %
IPv6

2
Domains

3
Subdomains

4
IPs

1
Countries

216 kB
Transfer

345 kB
Size

3
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: https://lvl2.med.umich.edu/
Title: Need Help?

Search URL Search Domain Scan URL

URL: https://spg.umich.edu/policy/601.07
Title: SPG 601.07

Search URL Search Domain Scan URL

URL: https://safecomputing.umich.edu/dataguide/
Title: Permitted

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://splunk-es.med.umich.edu/ HTTP 303
https://splunk-es.med.umich.edu/en-US/ HTTP 303
https://splunk-es.med.umich.edu/en-US/account/login?return_to=%2Fen-US%2F Page URL
https://weblogin.med.umich.edu/nidp/saml2/sso Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://splunk-es.med.umich.edu/ HTTP 303
https://splunk-es.med.umich.edu/en-US/ HTTP 303
https://splunk-es.med.umich.edu/en-US/account/login?return_to=%2Fen-US%2F

Request Chain 2

https://splunk-es.med.umich.edu/favicon.ico HTTP 303
https://splunk-es.med.umich.edu/en-US/favicon.ico

15 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

https://splunk-es.med.umich.edu/
https://splunk-es.med.umich.edu/en-US/
https://splunk-es.med.umich.edu/en-US/account/login?return_to=%2Fen-US%2F

6 KB
4 KB

132ms
131ms

Document
text/html

23.23.46.132
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://splunk-es.med.umich.edu/en-US/account/login?return_to=%2Fen-US%2F

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.23.46.132 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-23-23-46-132.compute-1.amazonaws.com

Software

nginx /

Resource Hash

1c2c60fd62cf87e2e9accb60c272a71595c19628c8d58e59bdd8fa3b92403a51

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: es-ES,es;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Fri, 28 Jun 2024 15:55:22 GMT
Expires: Thu, 26 Oct 1978 00:00:00 GMT
Server: nginx
Strict-Transport-Security: max-age=31536000; includeSubDomains
Transfer-Encoding: chunked
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN

Redirect headers

Connection: keep-alive
Content-Encoding: gzip
Content-Length: 134
Content-Type: text/html;charset=utf-8
Date: Fri, 28 Jun 2024 15:55:22 GMT
Location: https://splunk-es.med.umich.edu:443/en-US/account/login?return_to=%2Fen-US%2F
Server: nginx
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding, Cookie
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN

GET
H/1.1 200
OK progress-bar-animation.gif
splunk-es.med.umich.edu/en-US/static/@9/img/splunk/ 7 KB
7 KB 138ms
137ms Image
image/gif 23.23.46.132
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://splunk-es.med.umich.edu/en-US/static/@9/img/splunk/progress-bar-animation.gif

Requested by

Host: splunk-es.med.umich.edu
URL: https://splunk-es.med.umich.edu/en-US/account/login?return_to=%2Fen-US%2F

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.23.46.132 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-23-23-46-132.compute-1.amazonaws.com

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://splunk-es.med.umich.edu/en-US/account/login?return_to=%2Fen-US%2F
Accept-Language: es-ES,es;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Fri, 28 Jun 2024 15:55:22 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Last-Modified: Tue, 23 Apr 2024 22:42:16 GMT
Server: nginx
ETag: "12914D7F37F38CC8120E48C0B6123B1BB39B5E73"
Vary: Accept-Encoding
Content-Type: image/gif
Cache-Control: public, max-age=31536000
Connection: keep-alive
Content-Length: 6933
Expires: Fri, 28 Jun 2025 15:55:22 GMT

POST
H/1.1 200 Primary Request sso Show response
weblogin.med.umich.edu/nidp/saml2/ 17 KB
18 KB 1128ms
350ms Document
text/html 141.214.9.172
UMICH-AS-5

General

Check archive.org

Show headers Download Go to

Full URL

https://weblogin.med.umich.edu/nidp/saml2/sso

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

141.214.9.172 Ypsilanti, United States, ASN36375 (UMICH-AS-5, US),

Reverse DNS

weblogin.med.umich.edu

Software

Resource Hash

2e59299eb53c5660403414b582e028cf4bdc390e032e13ba77ba298f5b4cb6b1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: es-ES,es;q=0.9;q=0.9
Content-Type: application/x-www-form-urlencoded
Origin: https://splunk-es.med.umich.edu
Referer: https://splunk-es.med.umich.edu/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

Cache-Control: no-cache
Connection: keep-alive
Content-Type: text/html;charset=UTF-8
Date: Fri, 28 Jun 2024 15:55:22 GMT
Keep-Alive: timeout=60
Pragma: No-cache
Strict-Transport-Security: max-age=31536000
Transfer-Encoding: chunked
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block

GET
H/1.1

200
OK

favicon.ico
splunk-es.med.umich.edu/en-US/
Redirect Chain

https://splunk-es.med.umich.edu/favicon.ico
https://splunk-es.med.umich.edu/en-US/favicon.ico

21 KB
21 KB

136ms
136ms

Other
image/x-icon

23.23.46.132
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://splunk-es.med.umich.edu/en-US/favicon.ico

Protocol

HTTP/1.1

Server

23.23.46.132 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-23-23-46-132.compute-1.amazonaws.com

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: es-ES,es;q=0.9;q=0.9
Referer: https://splunk-es.med.umich.edu/en-US/account/login?return_to=%2Fen-US%2F
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date: Fri, 28 Jun 2024 15:55:22 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Last-Modified: Tue, 23 Apr 2024 22:42:16 GMT
Server: nginx
Vary: Accept-Encoding, Cookie
Content-Type: image/x-icon;charset=utf-8
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 21386

Redirect headers

Date: Fri, 28 Jun 2024 15:55:22 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Server: nginx
Vary: Accept-Language
X-Frame-Options: SAMEORIGIN
Content-Type: text/html; charset=UTF-8
Location: https://splunk-es.med.umich.edu/en-US/favicon.ico
Connection: keep-alive
Content-Length: 373

GET
H/1.1 200 jquery.min.js Show response
weblogin.med.umich.edu/nidp/javascript/ 87 KB
88 KB 172ms
172ms Script
text/javascript 141.214.9.172
UMICH-AS-5

General

Check archive.org

Show headers Download Go to

Full URL

https://weblogin.med.umich.edu/nidp/javascript/jquery.min.js

Requested by

Host: weblogin.med.umich.edu
URL: https://weblogin.med.umich.edu/nidp/saml2/sso

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

141.214.9.172 Ypsilanti, United States, ASN36375 (UMICH-AS-5, US),

Reverse DNS

weblogin.med.umich.edu

Software

Resource Hash

80f04717f32ea0320c5e8618fbacedd1fee3a8775ad8292140a6113551d4b5b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://weblogin.med.umich.edu/nidp/saml2/sso
Accept-Language: es-ES,es;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Strict-Transport-Security: max-age=31536000
Date: Fri, 28 Jun 2024 15:55:23 GMT
X-Content-Type-Options: nosniff
Last-Modified: Thu, 06 Oct 2022 10:54:00 GMT
ETag: W/"89500-1665053640000"
Content-Type: text/javascript
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=60
Content-Length: 89500
X-XSS-Protection: 1; mode=block

GET
H/1.1 200 smart-app-banner.css
weblogin.med.umich.edu/nidp/javascript/ 6 KB
6 KB 479ms
160ms Stylesheet
text/css 141.214.9.172
UMICH-AS-5

General

Check archive.org

Show headers Download Go to

Full URL

https://weblogin.med.umich.edu/nidp/javascript/smart-app-banner.css

Requested by

Host: weblogin.med.umich.edu
URL: https://weblogin.med.umich.edu/nidp/saml2/sso

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

141.214.9.172 Ypsilanti, United States, ASN36375 (UMICH-AS-5, US),

Reverse DNS

weblogin.med.umich.edu

Software

Resource Hash

5f5b83dcdacae574215b3f142339212c0b5f5449dea7f18e72fa45fb5382e3d2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://weblogin.med.umich.edu/nidp/saml2/sso
Accept-Language: es-ES,es;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Strict-Transport-Security: max-age=31536000
Date: Fri, 28 Jun 2024 15:55:23 GMT
X-Content-Type-Options: nosniff
Last-Modified: Thu, 06 Oct 2022 10:54:00 GMT
ETag: W/"6058-1665053640000"
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=60
Content-Length: 6058
X-XSS-Protection: 1; mode=block

GET
H/1.1 200 smart-app-banner.js Show response
weblogin.med.umich.edu/nidp/javascript/ 17 KB
17 KB 642ms
321ms Script
text/javascript 141.214.9.172
UMICH-AS-5

General

Check archive.org

Show headers Download Go to

Full URL

https://weblogin.med.umich.edu/nidp/javascript/smart-app-banner.js

Requested by

Host: weblogin.med.umich.edu
URL: https://weblogin.med.umich.edu/nidp/saml2/sso

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

141.214.9.172 Ypsilanti, United States, ASN36375 (UMICH-AS-5, US),

Reverse DNS

weblogin.med.umich.edu

Software

Resource Hash

421a48026eb519f50163e69113760bee7b507a253d0c80bb7f78c630ec77e972

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://weblogin.med.umich.edu/nidp/saml2/sso
Accept-Language: es-ES,es;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Strict-Transport-Security: max-age=31536000
Date: Fri, 28 Jun 2024 15:55:23 GMT
X-Content-Type-Options: nosniff
Last-Modified: Thu, 06 Oct 2022 10:54:00 GMT
ETag: W/"17107-1665053640000"
Content-Type: text/javascript
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=60
Content-Length: 17107
X-XSS-Protection: 1; mode=block

GET
H/1.1 200 ux_access.css
weblogin.med.umich.edu/nidp/css/ 9 KB
9 KB 480ms
161ms Stylesheet
text/css 141.214.9.172
UMICH-AS-5

General

Check archive.org

Show headers Download Go to

Full URL

https://weblogin.med.umich.edu/nidp/css/ux_access.css

Requested by

Host: weblogin.med.umich.edu
URL: https://weblogin.med.umich.edu/nidp/saml2/sso

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

141.214.9.172 Ypsilanti, United States, ASN36375 (UMICH-AS-5, US),

Reverse DNS

weblogin.med.umich.edu

Software

Resource Hash

5583adc0bc966885e846a19995e89fe5c81b23193299347b20d2e8d5cd5fc296

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://weblogin.med.umich.edu/nidp/saml2/sso
Accept-Language: es-ES,es;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Strict-Transport-Security: max-age=31536000
Date: Fri, 28 Jun 2024 15:55:23 GMT
X-Content-Type-Options: nosniff
Last-Modified: Tue, 29 Aug 2023 16:50:42 GMT
ETag: W/"8714-1693327842557"
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=60
Content-Length: 8714
X-XSS-Protection: 1; mode=block

GET
H/1.1 200 [NAM30IND41BDQydj5tXAceWQMDcykoQ3Aha2huFWtzMGppHmsFUwAzUVgd.png
weblogin.med.umich.edu/nidp/images/pool/[NAM30IND41BDQydj5tXAceWQMDcykoQ3Aha2huFWtzMGppHmsFUwAzUVgd/ 1 KB
1 KB 485ms
162ms Image
image/png 141.214.9.172
UMICH-AS-5

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://weblogin.med.umich.edu/nidp/images/pool/[NAM30IND41BDQydj5tXAceWQMDcykoQ3Aha2huFWtzMGppHmsFUwAzUVgd/[NAM30IND41BDQydj5tXAceWQMDcykoQ3Aha2huFWtzMGppHmsFUwAzUVgd.png

Requested by

Host: weblogin.med.umich.edu
URL: https://weblogin.med.umich.edu/nidp/saml2/sso

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

141.214.9.172 Ypsilanti, United States, ASN36375 (UMICH-AS-5, US),

Reverse DNS

weblogin.med.umich.edu

Software

Resource Hash

36fe791c39651515f68dcf1e21c6278c7e2fee2d296858bc910f6adffd3cb492

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://weblogin.med.umich.edu/nidp/saml2/sso
Accept-Language: es-ES,es;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Strict-Transport-Security: max-age=31536000
Date: Fri, 28 Jun 2024 15:55:23 GMT
X-Content-Type-Options: nosniff
Last-Modified: Thu, 20 Jun 2024 23:20:21 GMT
ETag: W/"1167-1718925621594"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=60
Content-Length: 1167
X-XSS-Protection: 1; mode=block

GET
H/1.1 200 [NAM30IND41LjR3biJyFAk~3D.jpg
weblogin.med.umich.edu/nidp/images/pool/[NAM30IND41KSlwe3R~2FU0w~3D/ 11 KB
11 KB 486ms
162ms Image
image/jpeg 141.214.9.172
UMICH-AS-5

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://weblogin.med.umich.edu/nidp/images/pool/[NAM30IND41KSlwe3R~2FU0w~3D/[NAM30IND41LjR3biJyFAk~3D.jpg

Requested by

Host: weblogin.med.umich.edu
URL: https://weblogin.med.umich.edu/nidp/saml2/sso

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

141.214.9.172 Ypsilanti, United States, ASN36375 (UMICH-AS-5, US),

Reverse DNS

weblogin.med.umich.edu

Software

Resource Hash

62453b00c98edb023972a0d346e39050defc81197027da6324cd96d936b664e1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://weblogin.med.umich.edu/nidp/saml2/sso
Accept-Language: es-ES,es;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Strict-Transport-Security: max-age=31536000
Date: Fri, 28 Jun 2024 15:55:23 GMT
X-Content-Type-Options: nosniff
Last-Modified: Fri, 18 Nov 2022 23:26:00 GMT
ETag: W/"11013-1668813960011"
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=60
Content-Length: 11013
X-XSS-Protection: 1; mode=block

GET
H/1.1 200 content.jsp Show response
weblogin.med.umich.edu/nidp/jsp/ 279 B
821 B 162ms
161ms XHR
text/html 141.214.9.172
UMICH-AS-5

General

Check archive.org

Show headers Download Go to

Full URL

https://weblogin.med.umich.edu/nidp/jsp/content.jsp?sid=0&login_hint&id=level2_umhs_and_duoframe%40med.umich.edu&uiDestination=contentDiv

Requested by

Host: weblogin.med.umich.edu
URL: https://weblogin.med.umich.edu/nidp/javascript/jquery.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

141.214.9.172 Ypsilanti, United States, ASN36375 (UMICH-AS-5, US),

Reverse DNS

weblogin.med.umich.edu

Software

Resource Hash

4c77c74613758a7605089c24ca00ee64fc3d2aaa0d9e9017fe4effb458e797a8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: es-ES,es;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Accept: */*
Referer: https://weblogin.med.umich.edu/nidp/saml2/sso
X-Requested-With: XMLHttpRequest
sec-ch-ua-platform: "Win32"

Response headers

Pragma: No-cache
Strict-Transport-Security: max-age=31536000
Date: Fri, 28 Jun 2024 15:55:23 GMT
X-Content-Type-Options: nosniff
via-ESP: null,NIDPLOGGING.600105004 session33-9886415BD22FAD52B89B25159F253D17, null,NIDPLOGGING.600105004 session33-9886415BD22FAD52B89B25159F253D17,NIDPLOGGING.600105002 session220-9886415BD22FAD52B89B25159F253D17
Content-Type: text/html;charset=UTF-8
Cache-Control: no-cache
Connection: keep-alive
Keep-Alive: timeout=60
Content-Length: 279
X-XSS-Protection: 1; mode=block

GET
H/1.1 404 favicon.ico
weblogin.med.umich.edu/ 120 B
408 B 161ms
161ms Other
text/html 141.214.9.172
UMICH-AS-5

General

Check archive.org

Show headers Download Go to

Full URL

https://weblogin.med.umich.edu/favicon.ico

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

141.214.9.172 Ypsilanti, United States, ASN36375 (UMICH-AS-5, US),

Reverse DNS

weblogin.med.umich.edu

Software

Resource Hash

67037b80c615b13fefdbd77e334aa36111cfa60d80fb4e387358fd589b686eec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://weblogin.med.umich.edu/nidp/saml2/sso
Accept-Language: es-ES,es;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Strict-Transport-Security: max-age=31536000
Date: Fri, 28 Jun 2024 15:55:23 GMT
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Type: text/html
Connection: keep-alive
Keep-Alive: timeout=60
Content-Length: 120
X-XSS-Protection: 1; mode=block

GET
H/1.1 200 sso Show response
weblogin.med.umich.edu/nidp/saml2/ 6 KB
6 KB 162ms
162ms XHR
text/html 141.214.9.172
UMICH-AS-5

General

Check archive.org

Show headers Download Go to

Full URL

https://weblogin.med.umich.edu/nidp/saml2/sso?login_hint=&id=level2_umhs_and_duoframe@med.umich.edu&sid=0&option=credential&sid=0&uiDestination=contentDiv

Requested by

Host: weblogin.med.umich.edu
URL: https://weblogin.med.umich.edu/nidp/javascript/jquery.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

141.214.9.172 Ypsilanti, United States, ASN36375 (UMICH-AS-5, US),

Reverse DNS

weblogin.med.umich.edu

Software

Resource Hash

a0173a8acc04d73584a6fcf5da8591821b83bb0b91665e9d0110b8f1d4a835a7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: es-ES,es;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Accept: */*
Referer: https://weblogin.med.umich.edu/nidp/saml2/sso
X-Requested-With: XMLHttpRequest
sec-ch-ua-platform: "Win32"

Response headers

Pragma: No-cache
Strict-Transport-Security: max-age=31536000
Date: Fri, 28 Jun 2024 15:55:23 GMT
X-Content-Type-Options: nosniff
via-ESP: null,NIDPLOGGING.600105004 session33-9886415BD22FAD52B89B25159F253D17, null,NIDPLOGGING.600105004 session33-9886415BD22FAD52B89B25159F253D17,NIDPLOGGING.600105002 session220-9886415BD22FAD52B89B25159F253D17
Content-Type: text/html;charset=UTF-8
Cache-Control: no-cache
Connection: keep-alive
Keep-Alive: timeout=60
Content-Length: 5772
X-XSS-Protection: 1; mode=block

GET idm_ux_access.css
weblogin.med.umich.edu/nidp/images/ 0
0

GET
H2 200 bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@4.6.0/dist/css/ 158 KB
26 KB 127ms
38ms Stylesheet
text/css 2a04:4e42:200::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/bootstrap@4.6.0/dist/css/bootstrap.min.css

Requested by

Host: weblogin.med.umich.edu
URL: https://weblogin.med.umich.edu/nidp/javascript/jquery.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:200::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

4ffcc598ee6cff4692c1cea272cd8a2f195f6dec32473e94370d6cdcfa5fe601

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://weblogin.med.umich.edu/
Origin: https://weblogin.med.umich.edu
Accept-Language: es-ES,es;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Fri, 28 Jun 2024 15:55:24 GMT
x-content-type-options: nosniff
content-encoding: br
age: 11508644
x-jsd-version: 4.6.0
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 26291
x-served-by: cache-fra-etou8220126-FRA, cache-mad22022-MAD
x-jsd-version-type: version
etag: W/"27681-LKxK/BIJg5IUESlr1Oj9ipS6I34"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: weblogin.med.umich.edu
URL: https://weblogin.med.umich.edu/nidp/images/idm_ux_access.css

Verdicts & Comments Add Verdict or Comment

26 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
weblogin.med.umich.edu/nidp	1969-12-31 23:59:59	Name: JSESSIONID Value: 9886415BD22FAD52B89B25159F253D17
weblogin.med.umich.edu/nidp	1969-12-31 23:59:59	Name: UrnNovellNidpClusterMemberId Value: ~03~02fdf~1B~16~11utw
splunk-es.med.umich.edu/	1970-01-20 21:39:53	Name: session_id_8443 Value: 1ad09edfac5da7c896fe36c82044cc81c3eec939

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://weblogin.med.umich.edu/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()
recommendation	verbose	URL: https://weblogin.med.umich.edu/nidp/saml2/sso Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o
security	error	URL: https://weblogin.med.umich.edu/nidp/saml2/sso Message: Refused to apply style from 'https://weblogin.med.umich.edu/nidp/images/idm_ux_access.css' because its MIME type ('text/html') is not a supported stylesheet MIME type, and strict MIME checking is enabled.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.jsdelivr.net
splunk-es.med.umich.edu
weblogin.med.umich.edu
weblogin.med.umich.edu
141.214.9.172
23.23.46.132
2a04:4e42:200::485
1c2c60fd62cf87e2e9accb60c272a71595c19628c8d58e59bdd8fa3b92403a51
2e59299eb53c5660403414b582e028cf4bdc390e032e13ba77ba298f5b4cb6b1
36fe791c39651515f68dcf1e21c6278c7e2fee2d296858bc910f6adffd3cb492
421a48026eb519f50163e69113760bee7b507a253d0c80bb7f78c630ec77e972
4c77c74613758a7605089c24ca00ee64fc3d2aaa0d9e9017fe4effb458e797a8
4ffcc598ee6cff4692c1cea272cd8a2f195f6dec32473e94370d6cdcfa5fe601
5583adc0bc966885e846a19995e89fe5c81b23193299347b20d2e8d5cd5fc296
5f5b83dcdacae574215b3f142339212c0b5f5449dea7f18e72fa45fb5382e3d2
62453b00c98edb023972a0d346e39050defc81197027da6324cd96d936b664e1
67037b80c615b13fefdbd77e334aa36111cfa60d80fb4e387358fd589b686eec
80f04717f32ea0320c5e8618fbacedd1fee3a8775ad8292140a6113551d4b5b0
a0173a8acc04d73584a6fcf5da8591821b83bb0b91665e9d0110b8f1d4a835a7

weblogin.med.umich.edu Open in urlscan Pro 141.214.9.172 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

15 Requests

73 %HTTPS

33 %IPv6

2 Domains

3 Subdomains

4 IPs

1 Countries

216 kBTransfer

345 kBSize

3 Cookies

3 Outgoing links

Page URL History

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

26 JavaScript Global Variables

3 Cookies

3 Console Messages

Security Headers

Indicators

weblogin.med.umich.edu Open in urlscan Pro
141.214.9.172 Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

73 %
HTTPS

33 %
IPv6

2
Domains

3
Subdomains

4
IPs

1
Countries

216 kB
Transfer

345 kB
Size

3
Cookies

15 HTTP transactions
0 data transactions