urlscan.io logo urlscan.io
SecurityTrails logo

sso.fedrepsol.com Open in urlscan Pro
185.145.231.63  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://repsolna.boreal-is.com/
Effective URL: https://sso.fedrepsol.com/idp/SSO.saml2?SAMLRequest=nVLLbsIwEPwVy%2Fe8XJCCBUEUDkWiApG0h14qk2zAUmKnXgfx%2BQ0JaXNoOXD17szOw9...
Submission: On December 29 via api from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 6 HTTP transactions. The main IP is 185.145.231.63, located in Las Rozas de Madrid, Spain and belongs to REPSOL, ES. The main domain is sso.fedrepsol.com. The Cisco Umbrella rank of the primary domain is 476796.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on June 1st 2022. Valid for: a year.
This is the only time sso.fedrepsol.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 3 158.69.146.9 16276 (OVH)
5 185.145.231.63 62043 (REPSOL)
6 2
Apex Domain
Subdomains		 Transfer
5 fedrepsol.com
sso.fedrepsol.com — Cisco Umbrella Rank: 476796
187 KB
3 boreal-is.com
repsolna.boreal-is.com
5 KB
6 2
Domain Requested by
5 sso.fedrepsol.com repsolna.boreal-is.com
sso.fedrepsol.com
3 repsolna.boreal-is.com 2 redirects
6 2

This site contains no links.

Subject Issuer Validity Valid
*.boreal-is.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-06-07 -
2023-07-08		 a year crt.sh
sso.fedrepsol.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-06-01 -
2023-06-07		 a year crt.sh

This page contains 1 frames:

Primary Page: https://sso.fedrepsol.com/idp/SSO.saml2?SAMLRequest=nVLLbsIwEPwVy%2Fe8XJCCBUEUDkWiApG0h14qk2zAUmKnXgfx%2BQ0JaXNoOXD17szOw9P5pSzIGQxKrWY0cH06j6YoyqLii9qe1B6%2BakBLmjWFvB3MaG0U1wIlciVKQG5THi9eN5y5Pq%2BMtjrVBSXr1Yx%2BBhCEGWOpH4bhJGcsyEdPlLz3BxtEs4hYw1qhFco2Tz5jTsAcNkkCxscTHoxdfzT6oGR3o36WKpPqeF%2FHoVtC%2FpIkO2e3jRNKVo0TqYRtT5%2BsrZB7HqJ2c8gMVKgLN9WlJ7PKi%2BOte3XLKFkggrlillphXYKJwZxlCm%2F7zS9LB1fCPWgDonAktlSFPkpFu0R569MMorzvQPR3afQ3%2B9Qb0Pat3QqDrK2vkWzh8lB9S11Wwki8ZgUXkdrexpB4WTQq95A%2FYMqLOv3%2FSP6ZDr9h9A0%3D&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=td4oiKSMa2u9im4A9%2BTOERxUX6ccJQY7PT0NDtGJOyFc3iw2JawhqVMhYRAHCqSoZjFabCx727LEY0PkaifUC4o%2BCZQmrjsQn8xs0%2FdFwlhJfpr878jYhR4j3Am6kiGlHXSnCh6gNecqPCCjDlPQdQqAZFwmlkFwakf0EFHc1xWnYci4MYo2hEUAJ8UA%2BUMud47j4%2FqvvmWvvLwjlYL4ZiupCCtlfmFJK4Ox%2FFayrA976V%2BjT2gRWfPWHE5hed%2FtL6difOEgyiJbCOyjy9TTgRSPb3mamUU9ydUOW7UoHvywmuTIpgH9o%2FxQk6Q4wI20ORpCp9oSnvpV2q3cyb5zLQ%3D%3D
Frame ID: EFE75D2255777364CC8D1267F9CDC705
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Sign On

Page URL History Show full URLs

  1. http://repsolna.boreal-is.com/ HTTP 301
    https://repsolna.boreal-is.com/ Page URL
  2. https://repsolna.boreal-is.com/login HTTP 302
    https://sso.fedrepsol.com/idp/SSO.saml2?SAMLRequest=nVLLbsIwEPwVy%2Fe8XJCCBUEUDkWiApG0h14qk2zAUmKnXgfx... Page URL

Page Statistics

6
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

189 kB
Transfer

185 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://repsolna.boreal-is.com/ HTTP 301
    https://repsolna.boreal-is.com/ Page URL
  2. https://repsolna.boreal-is.com/login HTTP 302
    https://sso.fedrepsol.com/idp/SSO.saml2?SAMLRequest=nVLLbsIwEPwVy%2Fe8XJCCBUEUDkWiApG0h14qk2zAUmKnXgfx%2BQ0JaXNoOXD17szOw9P5pSzIGQxKrWY0cH06j6YoyqLii9qe1B6%2BakBLmjWFvB3MaG0U1wIlciVKQG5THi9eN5y5Pq%2BMtjrVBSXr1Yx%2BBhCEGWOpH4bhJGcsyEdPlLz3BxtEs4hYw1qhFco2Tz5jTsAcNkkCxscTHoxdfzT6oGR3o36WKpPqeF%2FHoVtC%2FpIkO2e3jRNKVo0TqYRtT5%2BsrZB7HqJ2c8gMVKgLN9WlJ7PKi%2BOte3XLKFkggrlillphXYKJwZxlCm%2F7zS9LB1fCPWgDonAktlSFPkpFu0R569MMorzvQPR3afQ3%2B9Qb0Pat3QqDrK2vkWzh8lB9S11Wwki8ZgUXkdrexpB4WTQq95A%2FYMqLOv3%2FSP6ZDr9h9A0%3D&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=td4oiKSMa2u9im4A9%2BTOERxUX6ccJQY7PT0NDtGJOyFc3iw2JawhqVMhYRAHCqSoZjFabCx727LEY0PkaifUC4o%2BCZQmrjsQn8xs0%2FdFwlhJfpr878jYhR4j3Am6kiGlHXSnCh6gNecqPCCjDlPQdQqAZFwmlkFwakf0EFHc1xWnYci4MYo2hEUAJ8UA%2BUMud47j4%2FqvvmWvvLwjlYL4ZiupCCtlfmFJK4Ox%2FFayrA976V%2BjT2gRWfPWHE5hed%2FtL6difOEgyiJbCOyjy9TTgRSPb3mamUU9ydUOW7UoHvywmuTIpgH9o%2FxQk6Q4wI20ORpCp9oSnvpV2q3cyb5zLQ%3D%3D Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://repsolna.boreal-is.com/ HTTP 301
  • https://repsolna.boreal-is.com/

6 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
repsolna.boreal-is.com/
Redirect Chain
  • http://repsolna.boreal-is.com/
  • https://repsolna.boreal-is.com/
710 B
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://repsolna.boreal-is.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
158.69.146.9 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS
vip1-bhs.boreal-is.com
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' browser.sentry-cdn.com syndication.twitter.com cdn.syndication.twimg.com platform.twitter.com appsforoffice.microsoft.com ajax.aspnetcdn.com www.google.com www.gstatic.com www.google-analytics.com *.googleapis.com assets.zendesk.com static.zdassets.com cdn.heapanalytics.com fast.appcues.com w.chatlio.com; connect-src 'self' *.boreal-is.com borealis.zendesk.com ekr.zdassets.com *.googleapis.com www.google-analytics.com heapanalytics.com fast.appcues.com api.appcues.net wss://api.appcues.net notify.bugsnag.com; img-src 'self' data: blob: *.googleapis.com *.ggpht.com ton.twimg.com pbs.twimg.com platform.twitter.com abs.twimg.com syndication.twitter.com online.swagger.io www.google.ca www.google.com www.google-analytics.com a.tiles.mapbox.com b.tiles.mapbox.com c.tiles.mapbox.com d.tiles.mapbox.com csi.gstatic.com maps.gstatic.com helpdesk.boreal-is.com helpcenter-assets.boreal-is.com heapanalytics.com vulpix.appcues.com res.cloudinary.com stats.g.doubleclick.net; style-src 'self' 'unsafe-inline' ton.twimg.com platform.twitter.com fonts.googleapis.com gitcdn.link fast.appcues.com; font-src 'self' fonts.gstatic.com; frame-src 'self' twitter.com syndication.twitter.com platform.twitter.com www.google.com my.appcues.com www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

cache-control
no-cache, must-revalidate
content-encoding
gzip
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' browser.sentry-cdn.com syndication.twitter.com cdn.syndication.twimg.com platform.twitter.com appsforoffice.microsoft.com ajax.aspnetcdn.com www.google.com www.gstatic.com www.google-analytics.com *.googleapis.com assets.zendesk.com static.zdassets.com cdn.heapanalytics.com fast.appcues.com w.chatlio.com; connect-src 'self' *.boreal-is.com borealis.zendesk.com ekr.zdassets.com *.googleapis.com www.google-analytics.com heapanalytics.com fast.appcues.com api.appcues.net wss://api.appcues.net notify.bugsnag.com; img-src 'self' data: blob: *.googleapis.com *.ggpht.com ton.twimg.com pbs.twimg.com platform.twitter.com abs.twimg.com syndication.twitter.com online.swagger.io www.google.ca www.google.com www.google-analytics.com a.tiles.mapbox.com b.tiles.mapbox.com c.tiles.mapbox.com d.tiles.mapbox.com csi.gstatic.com maps.gstatic.com helpdesk.boreal-is.com helpcenter-assets.boreal-is.com heapanalytics.com vulpix.appcues.com res.cloudinary.com stats.g.doubleclick.net; style-src 'self' 'unsafe-inline' ton.twimg.com platform.twitter.com fonts.googleapis.com gitcdn.link fast.appcues.com; font-src 'self' fonts.gstatic.com; frame-src 'self' twitter.com syndication.twitter.com platform.twitter.com www.google.com my.appcues.com www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self';
content-type
text/html; charset=utf-8
date
Thu, 29 Dec 2022 12:59:14 GMT
etag
W/"2c6-K61YaeAokDjWwGoKQmmq6LybemE"
expires
Sat, 26 Jul 1997 05:00:00 GMT
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block

Redirect headers

Connection
keep-alive
Content-Length
162
Content-Type
text/html
Date
Thu, 29 Dec 2022 12:59:14 GMT
Location
https://repsolna.boreal-is.com/
Referrer-Policy
strict-origin-when-cross-origin
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-XSS-Protection
1; mode=block
Primary Request SSO.saml2
sso.fedrepsol.com/idp/
Redirect Chain
  • https://repsolna.boreal-is.com/login
  • https://sso.fedrepsol.com/idp/SSO.saml2?SAMLRequest=nVLLbsIwEPwVy%2Fe8XJCCBUEUDkWiApG0h14qk2zAUmKnXgfx%2BQ0JaXNoOXD17szOw9P5pSzIGQxKrWY0cH06j6YoyqLii9qe1B6%2BakBLmjWFvB3MaG0U1wIlciVKQG5THi9eN5y5Pq%...
9 KB
10 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://sso.fedrepsol.com/idp/SSO.saml2?SAMLRequest=nVLLbsIwEPwVy%2Fe8XJCCBUEUDkWiApG0h14qk2zAUmKnXgfx%2BQ0JaXNoOXD17szOw9P5pSzIGQxKrWY0cH06j6YoyqLii9qe1B6%2BakBLmjWFvB3MaG0U1wIlciVKQG5THi9eN5y5Pq%2BMtjrVBSXr1Yx%2BBhCEGWOpH4bhJGcsyEdPlLz3BxtEs4hYw1qhFco2Tz5jTsAcNkkCxscTHoxdfzT6oGR3o36WKpPqeF%2FHoVtC%2FpIkO2e3jRNKVo0TqYRtT5%2BsrZB7HqJ2c8gMVKgLN9WlJ7PKi%2BOte3XLKFkggrlillphXYKJwZxlCm%2F7zS9LB1fCPWgDonAktlSFPkpFu0R569MMorzvQPR3afQ3%2B9Qb0Pat3QqDrK2vkWzh8lB9S11Wwki8ZgUXkdrexpB4WTQq95A%2FYMqLOv3%2FSP6ZDr9h9A0%3D&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=td4oiKSMa2u9im4A9%2BTOERxUX6ccJQY7PT0NDtGJOyFc3iw2JawhqVMhYRAHCqSoZjFabCx727LEY0PkaifUC4o%2BCZQmrjsQn8xs0%2FdFwlhJfpr878jYhR4j3Am6kiGlHXSnCh6gNecqPCCjDlPQdQqAZFwmlkFwakf0EFHc1xWnYci4MYo2hEUAJ8UA%2BUMud47j4%2FqvvmWvvLwjlYL4ZiupCCtlfmFJK4Ox%2FFayrA976V%2BjT2gRWfPWHE5hed%2FtL6difOEgyiJbCOyjy9TTgRSPb3mamUU9ydUOW7UoHvywmuTIpgH9o%2FxQk6Q4wI20ORpCp9oSnvpV2q3cyb5zLQ%3D%3D
Requested by
Host: repsolna.boreal-is.com
URL: https://repsolna.boreal-is.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.145.231.63 Las Rozas de Madrid, Spain, ASN62043 (REPSOL, ES),
Reverse DNS
185.145.231.63.rad.tsai.es
Software
/
Resource Hash
6e276d3488c5669467dfa40826811b4aee68fbf8d89622d936bf5a5f8f7c6cb8
Security Headers
Name Value
Content-Security-Policy script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self'; style-src 'self'; base-uri 'self'; object-src 'self'; frame-ancestors 'self' https://gesdoceyg.rg.repsol.com https://repsol.lightning.force.com https://repsol--desesfv.my.salesforce.com https://repsol--desesfv.sandbox.lightning.force.com https://repsol--desesfv.sandbox.my.salesforce.com https://lms.rg.repsol.com;

Request headers

Referer
https://repsolna.boreal-is.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

Cache-Control
no-cache, no-store
Content-Length
9168
Content-Security-Policy
script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self'; style-src 'self'; base-uri 'self'; object-src 'self'; frame-ancestors 'self' https://gesdoceyg.rg.repsol.com https://repsol.lightning.force.com https://repsol--desesfv.my.salesforce.com https://repsol--desesfv.sandbox.lightning.force.com https://repsol--desesfv.sandbox.my.salesforce.com https://lms.rg.repsol.com;
Content-Type
text/html;charset=utf-8
Date
Thu, 29 Dec 2022 12:59:16 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Pragma
no-cache
Referrer-Policy
origin

Redirect headers

content-length
0
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' browser.sentry-cdn.com syndication.twitter.com cdn.syndication.twimg.com platform.twitter.com appsforoffice.microsoft.com ajax.aspnetcdn.com www.google.com www.gstatic.com www.google-analytics.com *.googleapis.com assets.zendesk.com static.zdassets.com cdn.heapanalytics.com fast.appcues.com w.chatlio.com; connect-src 'self' *.boreal-is.com borealis.zendesk.com ekr.zdassets.com *.googleapis.com www.google-analytics.com heapanalytics.com fast.appcues.com api.appcues.net wss://api.appcues.net notify.bugsnag.com; img-src 'self' data: blob: *.googleapis.com *.ggpht.com ton.twimg.com pbs.twimg.com platform.twitter.com abs.twimg.com syndication.twitter.com online.swagger.io www.google.ca www.google.com www.google-analytics.com a.tiles.mapbox.com b.tiles.mapbox.com c.tiles.mapbox.com d.tiles.mapbox.com csi.gstatic.com maps.gstatic.com helpdesk.boreal-is.com helpcenter-assets.boreal-is.com heapanalytics.com vulpix.appcues.com res.cloudinary.com stats.g.doubleclick.net; style-src 'self' 'unsafe-inline' ton.twimg.com platform.twitter.com fonts.googleapis.com gitcdn.link fast.appcues.com; font-src 'self' fonts.gstatic.com; frame-src 'self' twitter.com syndication.twitter.com platform.twitter.com www.google.com my.appcues.com www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self';
date
Thu, 29 Dec 2022 12:59:15 GMT
location
https://sso.fedrepsol.com/idp/SSO.saml2?SAMLRequest=nVLLbsIwEPwVy%2Fe8XJCCBUEUDkWiApG0h14qk2zAUmKnXgfx%2BQ0JaXNoOXD17szOw9P5pSzIGQxKrWY0cH06j6YoyqLii9qe1B6%2BakBLmjWFvB3MaG0U1wIlciVKQG5THi9eN5y5Pq%2BMtjrVBSXr1Yx%2BBhCEGWOpH4bhJGcsyEdPlLz3BxtEs4hYw1qhFco2Tz5jTsAcNkkCxscTHoxdfzT6oGR3o36WKpPqeF%2FHoVtC%2FpIkO2e3jRNKVo0TqYRtT5%2BsrZB7HqJ2c8gMVKgLN9WlJ7PKi%2BOte3XLKFkggrlillphXYKJwZxlCm%2F7zS9LB1fCPWgDonAktlSFPkpFu0R569MMorzvQPR3afQ3%2B9Qb0Pat3QqDrK2vkWzh8lB9S11Wwki8ZgUXkdrexpB4WTQq95A%2FYMqLOv3%2FSP6ZDr9h9A0%3D&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=td4oiKSMa2u9im4A9%2BTOERxUX6ccJQY7PT0NDtGJOyFc3iw2JawhqVMhYRAHCqSoZjFabCx727LEY0PkaifUC4o%2BCZQmrjsQn8xs0%2FdFwlhJfpr878jYhR4j3Am6kiGlHXSnCh6gNecqPCCjDlPQdQqAZFwmlkFwakf0EFHc1xWnYci4MYo2hEUAJ8UA%2BUMud47j4%2FqvvmWvvLwjlYL4ZiupCCtlfmFJK4Ox%2FFayrA976V%2BjT2gRWfPWHE5hed%2FtL6difOEgyiJbCOyjy9TTgRSPb3mamUU9ydUOW7UoHvywmuTIpgH9o%2FxQk6Q4wI20ORpCp9oSnvpV2q3cyb5zLQ%3D%3D
referrer-policy
strict-origin-when-cross-origin
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
StyleSheet3.css
sso.fedrepsol.com/assets/css/ 		121 KB
122 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://sso.fedrepsol.com/assets/css/StyleSheet3.css
Requested by
Host: sso.fedrepsol.com
URL: https://sso.fedrepsol.com/idp/SSO.saml2?SAMLRequest=nVLLbsIwEPwVy%2Fe8XJCCBUEUDkWiApG0h14qk2zAUmKnXgfx%2BQ0JaXNoOXD17szOw9P5pSzIGQxKrWY0cH06j6YoyqLii9qe1B6%2BakBLmjWFvB3MaG0U1wIlciVKQG5THi9eN5y5Pq%2BMtjrVBSXr1Yx%2BBhCEGWOpH4bhJGcsyEdPlLz3BxtEs4hYw1qhFco2Tz5jTsAcNkkCxscTHoxdfzT6oGR3o36WKpPqeF%2FHoVtC%2FpIkO2e3jRNKVo0TqYRtT5%2BsrZB7HqJ2c8gMVKgLN9WlJ7PKi%2BOte3XLKFkggrlillphXYKJwZxlCm%2F7zS9LB1fCPWgDonAktlSFPkpFu0R569MMorzvQPR3afQ3%2B9Qb0Pat3QqDrK2vkWzh8lB9S11Wwki8ZgUXkdrexpB4WTQq95A%2FYMqLOv3%2FSP6ZDr9h9A0%3D&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=td4oiKSMa2u9im4A9%2BTOERxUX6ccJQY7PT0NDtGJOyFc3iw2JawhqVMhYRAHCqSoZjFabCx727LEY0PkaifUC4o%2BCZQmrjsQn8xs0%2FdFwlhJfpr878jYhR4j3Am6kiGlHXSnCh6gNecqPCCjDlPQdQqAZFwmlkFwakf0EFHc1xWnYci4MYo2hEUAJ8UA%2BUMud47j4%2FqvvmWvvLwjlYL4ZiupCCtlfmFJK4Ox%2FFayrA976V%2BjT2gRWfPWHE5hed%2FtL6difOEgyiJbCOyjy9TTgRSPb3mamUU9ydUOW7UoHvywmuTIpgH9o%2FxQk6Q4wI20ORpCp9oSnvpV2q3cyb5zLQ%3D%3D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.145.231.63 Las Rozas de Madrid, Spain, ASN62043 (REPSOL, ES),
Reverse DNS
185.145.231.63.rad.tsai.es
Software
/
Resource Hash
19db6c41608301baf0bcbaec6ba13216b2d71f71f808cda2f7f1255430ea5daa
Security Headers
Name Value
Content-Security-Policy script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self'; style-src 'self'; base-uri 'self'; object-src 'self'; frame-ancestors 'self' https://gesdoceyg.rg.repsol.com https://repsol.lightning.force.com https://repsol--desesfv.my.salesforce.com https://repsol--desesfv.sandbox.lightning.force.com https://repsol--desesfv.sandbox.my.salesforce.com https://lms.rg.repsol.com;

Request headers

accept-language
en-US,en;q=0.9
Referer
https://sso.fedrepsol.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date
Thu, 29 Dec 2022 12:59:17 GMT
Content-Security-Policy
script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self'; style-src 'self'; base-uri 'self'; object-src 'self'; frame-ancestors 'self' https://gesdoceyg.rg.repsol.com https://repsol.lightning.force.com https://repsol--desesfv.my.salesforce.com https://repsol--desesfv.sandbox.lightning.force.com https://repsol--desesfv.sandbox.my.salesforce.com https://lms.rg.repsol.com;
Referrer-Policy
origin
Last-Modified
Mon, 29 Jan 2018 11:41:06 GMT
Cache-Control
max-age=0, must-revalidate
Content-Length
123849
Content-Type
text/css
logo_repsol_portal_home.png
sso.fedrepsol.com/assets/images/ 		8 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sso.fedrepsol.com/assets/images/logo_repsol_portal_home.png
Requested by
Host: sso.fedrepsol.com
URL: https://sso.fedrepsol.com/idp/SSO.saml2?SAMLRequest=nVLLbsIwEPwVy%2Fe8XJCCBUEUDkWiApG0h14qk2zAUmKnXgfx%2BQ0JaXNoOXD17szOw9P5pSzIGQxKrWY0cH06j6YoyqLii9qe1B6%2BakBLmjWFvB3MaG0U1wIlciVKQG5THi9eN5y5Pq%2BMtjrVBSXr1Yx%2BBhCEGWOpH4bhJGcsyEdPlLz3BxtEs4hYw1qhFco2Tz5jTsAcNkkCxscTHoxdfzT6oGR3o36WKpPqeF%2FHoVtC%2FpIkO2e3jRNKVo0TqYRtT5%2BsrZB7HqJ2c8gMVKgLN9WlJ7PKi%2BOte3XLKFkggrlillphXYKJwZxlCm%2F7zS9LB1fCPWgDonAktlSFPkpFu0R569MMorzvQPR3afQ3%2B9Qb0Pat3QqDrK2vkWzh8lB9S11Wwki8ZgUXkdrexpB4WTQq95A%2FYMqLOv3%2FSP6ZDr9h9A0%3D&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=td4oiKSMa2u9im4A9%2BTOERxUX6ccJQY7PT0NDtGJOyFc3iw2JawhqVMhYRAHCqSoZjFabCx727LEY0PkaifUC4o%2BCZQmrjsQn8xs0%2FdFwlhJfpr878jYhR4j3Am6kiGlHXSnCh6gNecqPCCjDlPQdQqAZFwmlkFwakf0EFHc1xWnYci4MYo2hEUAJ8UA%2BUMud47j4%2FqvvmWvvLwjlYL4ZiupCCtlfmFJK4Ox%2FFayrA976V%2BjT2gRWfPWHE5hed%2FtL6difOEgyiJbCOyjy9TTgRSPb3mamUU9ydUOW7UoHvywmuTIpgH9o%2FxQk6Q4wI20ORpCp9oSnvpV2q3cyb5zLQ%3D%3D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.145.231.63 Las Rozas de Madrid, Spain, ASN62043 (REPSOL, ES),
Reverse DNS
185.145.231.63.rad.tsai.es
Software
/
Resource Hash
ede9675bbcdc0434640a00a673aeebf2fd23563e04d8b568cad47f418efe9caa
Security Headers
Name Value
Content-Security-Policy script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self'; style-src 'self'; base-uri 'self'; object-src 'self'; frame-ancestors 'self' https://gesdoceyg.rg.repsol.com https://repsol.lightning.force.com https://repsol--desesfv.my.salesforce.com https://repsol--desesfv.sandbox.lightning.force.com https://repsol--desesfv.sandbox.my.salesforce.com https://lms.rg.repsol.com;

Request headers

accept-language
en-US,en;q=0.9
Referer
https://sso.fedrepsol.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date
Thu, 29 Dec 2022 12:59:17 GMT
Content-Security-Policy
script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self'; style-src 'self'; base-uri 'self'; object-src 'self'; frame-ancestors 'self' https://gesdoceyg.rg.repsol.com https://repsol.lightning.force.com https://repsol--desesfv.my.salesforce.com https://repsol--desesfv.sandbox.lightning.force.com https://repsol--desesfv.sandbox.my.salesforce.com https://lms.rg.repsol.com;
Referrer-Policy
origin
Last-Modified
Tue, 02 Dec 2014 14:35:38 GMT
Cache-Control
max-age=0, must-revalidate
Content-Length
8668
Content-Type
image/png
logo_repsol_portal_home2_no_title.png
sso.fedrepsol.com/assets/images/ 		46 KB
46 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sso.fedrepsol.com/assets/images/logo_repsol_portal_home2_no_title.png
Requested by
Host: sso.fedrepsol.com
URL: https://sso.fedrepsol.com/assets/css/StyleSheet3.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.145.231.63 Las Rozas de Madrid, Spain, ASN62043 (REPSOL, ES),
Reverse DNS
185.145.231.63.rad.tsai.es
Software
/
Resource Hash
2824b57306ea6d7bc16c516fdefc59e71c981ddbc146c1b54a69a6a5c9ff0415
Security Headers
Name Value
Content-Security-Policy script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self'; style-src 'self'; base-uri 'self'; object-src 'self'; frame-ancestors 'self' https://gesdoceyg.rg.repsol.com https://repsol.lightning.force.com https://repsol--desesfv.my.salesforce.com https://repsol--desesfv.sandbox.lightning.force.com https://repsol--desesfv.sandbox.my.salesforce.com https://lms.rg.repsol.com;

Request headers

accept-language
en-US,en;q=0.9
Referer
https://sso.fedrepsol.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date
Thu, 29 Dec 2022 12:59:17 GMT
Content-Security-Policy
script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self'; style-src 'self'; base-uri 'self'; object-src 'self'; frame-ancestors 'self' https://gesdoceyg.rg.repsol.com https://repsol.lightning.force.com https://repsol--desesfv.my.salesforce.com https://repsol--desesfv.sandbox.lightning.force.com https://repsol--desesfv.sandbox.my.salesforce.com https://lms.rg.repsol.com;
Referrer-Policy
origin
Last-Modified
Mon, 27 Aug 2018 07:51:42 GMT
Cache-Control
max-age=0, must-revalidate
Content-Length
46793
Content-Type
image/png
RepsolBold.woff
sso.fedrepsol.com/assets/fonts/repsol-regular/ 		0
0 		Font
General
Check archive.org
Download Go to
Full URL
https://sso.fedrepsol.com/assets/fonts/repsol-regular/RepsolBold.woff
Requested by
Host: sso.fedrepsol.com
URL: https://sso.fedrepsol.com/assets/css/StyleSheet3.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.145.231.63 Las Rozas de Madrid, Spain, ASN62043 (REPSOL, ES),
Reverse DNS
185.145.231.63.rad.tsai.es
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self'; style-src 'self'; base-uri 'self'; object-src 'self'; frame-ancestors 'self' https://gesdoceyg.rg.repsol.com https://repsol.lightning.force.com https://repsol--desesfv.my.salesforce.com https://repsol--desesfv.sandbox.lightning.force.com https://repsol--desesfv.sandbox.my.salesforce.com https://lms.rg.repsol.com;

Request headers

Referer
https://sso.fedrepsol.com/
Origin
https://sso.fedrepsol.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type
text/html;charset=utf-8
Date
Thu, 29 Dec 2022 12:59:17 GMT
Content-Security-Policy
script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self'; style-src 'self'; base-uri 'self'; object-src 'self'; frame-ancestors 'self' https://gesdoceyg.rg.repsol.com https://repsol.lightning.force.com https://repsol--desesfv.my.salesforce.com https://repsol--desesfv.sandbox.lightning.force.com https://repsol--desesfv.sandbox.my.salesforce.com https://lms.rg.repsol.com;
Referrer-Policy
origin
Cache-Control
must-revalidate,no-cache,no-store
Content-Length
1431
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontentvisibilityautostatechange function| postForgotPassword function| postRecoverUsername function| postAlternateAuthnSystem function| postRegistration function| postOk function| submitForm function| postCancel function| postOnReturn function| setFocus function| setMobile function| getScreenWidth object| bodyTag number| width boolean| remember

5 Cookies

Domain/Path Name / Value
repsolna.boreal-is.com/ Name: imsid
Value: s%3AlSv9uDKpcrpmFa4KtCBpc8rbYRSoSoZN.ZsEQr1HaDnMQYu8PmZ0OVhQKeqRZeMGwJc1K%2FFnXnNA
repsolna.boreal-is.com/ Name: _csrf_token
Value: 8Exn6kGf-KeRPy1BrW-t97bvfq15DiR5tuTM
repsolna.boreal-is.com/ Name: _has_saml
Value: yes
repsolna.boreal-is.com/ Name: _saml_post_login_redirect
Value: %2Fafter_external_login
sso.fedrepsol.com/ Name: PF
Value: qUUcpbHXFFY0IuDB4sKUyo

1 Console Messages

Source Level URL
Text
network error URL: https://sso.fedrepsol.com/assets/fonts/repsol-regular/RepsolBold.woff
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' browser.sentry-cdn.com syndication.twitter.com cdn.syndication.twimg.com platform.twitter.com appsforoffice.microsoft.com ajax.aspnetcdn.com www.google.com www.gstatic.com www.google-analytics.com *.googleapis.com assets.zendesk.com static.zdassets.com cdn.heapanalytics.com fast.appcues.com w.chatlio.com; connect-src 'self' *.boreal-is.com borealis.zendesk.com ekr.zdassets.com *.googleapis.com www.google-analytics.com heapanalytics.com fast.appcues.com api.appcues.net wss://api.appcues.net notify.bugsnag.com; img-src 'self' data: blob: *.googleapis.com *.ggpht.com ton.twimg.com pbs.twimg.com platform.twitter.com abs.twimg.com syndication.twitter.com online.swagger.io www.google.ca www.google.com www.google-analytics.com a.tiles.mapbox.com b.tiles.mapbox.com c.tiles.mapbox.com d.tiles.mapbox.com csi.gstatic.com maps.gstatic.com helpdesk.boreal-is.com helpcenter-assets.boreal-is.com heapanalytics.com vulpix.appcues.com res.cloudinary.com stats.g.doubleclick.net; style-src 'self' 'unsafe-inline' ton.twimg.com platform.twitter.com fonts.googleapis.com gitcdn.link fast.appcues.com; font-src 'self' fonts.gstatic.com; frame-src 'self' twitter.com syndication.twitter.com platform.twitter.com www.google.com my.appcues.com www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block