www.guidepointsecurity.com Open in urlscan Pro
107.154.76.199 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.guidepointsecurity.com/blog/ldap-injection-in-forgerock-openam-exploiting-cve-2021-29156/
Submission: On December 14 via api (December 14th 2021, 2:15:20 pm UTC) from US — Scanned from DE

Summary HTTP 78 Redirects Links 11 Behaviour Indicators

Summary

This website contacted 18 IPs in 4 countries across 17 domains to perform 78 HTTP transactions. The main IP is 107.154.76.199, located in United States and belongs to INCAPSULA, US. The main domain is www.guidepointsecurity.com.
TLS certificate: Issued by GlobalSign Atlas R3 DV TLS CA H2 2021 on December 12th 2021. Valid for: 6 months.

This is the only time www.guidepointsecurity.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
31	107.154.76.199 107.154.76.199	19551 (INCAPSULA) (INCAPSULA)
2	2a00:1450:400... 2a00:1450:4001:80f::200a	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:811::2008	15169 (GOOGLE) (GOOGLE)
6	104.17.72.206 104.17.72.206	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	2a00:1450:400... 2a00:1450:4001:830::2003	15169 (GOOGLE) (GOOGLE)
2	104.111.234.67 104.111.234.67	16625 (AKAMAI-AS) (AKAMAI-AS)
1	34.197.253.42 34.197.253.42	14618 (AMAZON-AES) (AMAZON-AES)
1	13.224.189.106 13.224.189.106	16509 (AMAZON-02) (AMAZON-02)
5	89.187.169.47 89.187.169.47	60068 (CDN77 ^_^) (CDN77 ^_^)
1	192.28.144.124 192.28.144.124	15224 (OMNITURE) (OMNITURE)
2	23.22.90.252 23.22.90.252	14618 (AMAZON-AES) (AMAZON-AES)
2	172.217.16.130 172.217.16.130	15169 (GOOGLE) (GOOGLE)
2	13.225.87.47 13.225.87.47	16509 (AMAZON-02) (AMAZON-02)
4	2a00:1450:400... 2a00:1450:4001:812::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c0c::9d	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:809::2004	15169 (GOOGLE) (GOOGLE)
1	178.128.135.233 178.128.135.233	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
78	18

31 107.154.76.199 (United States)

ASN19551 (INCAPSULA, US)
PTR: 107.154.76.199.ip.incapdns.net

www.guidepointsecurity.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:811::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.17.72.206 (None, )

ASN13335 (CLOUDFLARENET, US)

go.guidepointsecurity.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.111.234.67 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-234-67.deploy.static.akamaitechnologies.com

munchkin.marketo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.197.253.42 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-197-253-42.compute-1.amazonaws.com

lltrck.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.189.106 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-189-106.fra2.r.cloudfront.net

static.oktopost.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 89.187.169.47 (Frankfurt am Main, Germany)

ASN60068 (CDN77 ^_^, GB)
PTR: unn-89-187-169-47.cdn77.com

a.omappapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.28.144.124 (United States)

ASN15224 (OMNITURE, US)

995-mtm-359.mktoresp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.22.90.252 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-23-22-90-252.compute-1.amazonaws.com

okt.to	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.16.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra15s46-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.225.87.47 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-87-47.fra2.r.cloudfront.net

api.omappapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:812::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0c::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.128.135.233 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)

z.omappapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
37	guidepointsecurity.com www.guidepointsecurity.com go.guidepointsecurity.com	970 KB
8	omappapi.com a.omappapi.com api.omappapi.com z.omappapi.com	156 KB
7	gstatic.com fonts.gstatic.com	181 KB
4	google-analytics.com www.google-analytics.com	20 KB
3	googletagmanager.com www.googletagmanager.com	162 KB
2	googleadservices.com www.googleadservices.com 607356108.privacysandbox.googleadservices.com Failed	16 KB
2	okt.to okt.to	504 B
2	marketo.net munchkin.marketo.net	6 KB
2	googleapis.com fonts.googleapis.com	2 KB
1	google.com www.google.com	501 B
1	doubleclick.net stats.g.doubleclick.net	450 B
1	mktoresp.com 995-mtm-359.mktoresp.com	311 B
1	oktopost.com static.oktopost.com	4 KB
1	lltrck.com lltrck.com
0	google.de Failed www.google.de Failed
0	ads-twitter.com Failed static.ads-twitter.com Failed
0	licdn.com Failed snap.licdn.com Failed
78	17

	Domain	Requested by
31	www.guidepointsecurity.com	www.guidepointsecurity.com
7	fonts.gstatic.com	fonts.googleapis.com
6	go.guidepointsecurity.com	www.guidepointsecurity.com go.guidepointsecurity.com
5	a.omappapi.com	www.guidepointsecurity.com a.omappapi.com
4	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
3	www.googletagmanager.com	www.guidepointsecurity.com www.googletagmanager.com
2	api.omappapi.com	a.omappapi.com
2	www.googleadservices.com	www.googletagmanager.com www.googleadservices.com
2	okt.to	static.oktopost.com
2	munchkin.marketo.net	www.guidepointsecurity.com munchkin.marketo.net
2	fonts.googleapis.com	www.guidepointsecurity.com a.omappapi.com
1	z.omappapi.com	a.omappapi.com
1	www.google.com	www.guidepointsecurity.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	995-mtm-359.mktoresp.com	munchkin.marketo.net
1	static.oktopost.com	www.guidepointsecurity.com
1	lltrck.com	www.guidepointsecurity.com
0	www.google.de Failed	www.guidepointsecurity.com
0	607356108.privacysandbox.googleadservices.com Failed	www.guidepointsecurity.com
0	static.ads-twitter.com Failed	www.googletagmanager.com
0	snap.licdn.com Failed	www.googletagmanager.com
78	21

This site contains links to these domains. Also see Links.

Domain
nvd.nist.gov
github.com
portswigger.net
twitter.com
facebook.com
www.linkedin.com
www.facebook.com
www.youtube.com

Subject Issuer	Validity	Valid
imperva.com GlobalSign Atlas R3 DV TLS CA H2 2021	`2021-12-12` - `2022-06-13`	6 months	crt.sh
upload.video.google.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-11-08` - `2022-01-31`	3 months	crt.sh
go.guidepointsecurity.com Cloudflare Inc ECC CA-3	`2021-06-03` - `2022-06-02`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2021-11-08` - `2022-01-31`	3 months	crt.sh
*.marketo.net DigiCert SHA2 Secure Server CA	`2021-03-29` - `2022-04-06`	a year	crt.sh
lltrck.com Go Daddy Secure Certificate Authority - G2	`2021-07-25` - `2022-08-26`	a year	crt.sh
*.oktopost.com Sectigo RSA Organization Validation Secure Server CA	`2021-09-02` - `2022-09-29`	a year	crt.sh
a.omappapi.com R3	`2021-12-12` - `2022-03-12`	3 months	crt.sh
*.mktoresp.com DigiCert SHA2 Secure Server CA	`2020-01-17` - `2022-01-21`	2 years	crt.sh
okt.to R3	`2021-10-11` - `2022-01-09`	3 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2021-11-08` - `2022-01-31`	3 months	crt.sh
api.opmnstr.com Amazon	`2021-03-11` - `2022-04-09`	a year	crt.sh
*.googleadservices.com GTS CA 1C3	`2021-11-08` - `2022-01-31`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-11-08` - `2022-01-31`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-11-08` - `2022-01-31`	3 months	crt.sh
z.omappapi.com R3	`2021-11-09` - `2022-02-07`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://www.guidepointsecurity.com/blog/ldap-injection-in-forgerock-openam-exploiting-cve-2021-29156/
Frame ID: 68C62AA5F88A2E88DBDD8B242D75DABC
Requests: 84 HTTP requests in this frame

Frame: https://go.guidepointsecurity.com/index.php/form/XDFrame
Frame ID: FB3D02EECE3548198E0AB383B0A7108D
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

LDAP Injection in ForgeRock OpenAM: Exploiting CVE-2021-29156Icon - Application Security - LargeIcon - Application Security - LargeIcon - Data Security - LargeIcon - Data Security - LargeIcon - Email Security - LargeIcon - Email Security - LargeIcon - Endpoint Security - LargeIcon - Endpoint Security - LargeIcon - Compliance - LargeIcon - Compliance - LargeIcon - Identity Management - LargeIcon - Identity Management - LargeIcon - Network Security - LargeIcon - Network Security - LargeIcon - Security Response - LargeIcon - Security Response - LargeIcon - Staff Augmentation - LargeIcon - Staff Augmentation - LargeIcon - Staff Augmentation - LargeIcon - Penetration Test - LargeIcon - Penetration Test - LargeIcon - Managed Security - LargeIcon - Managed Security - Large

Page URL History Show full URLs

https://www.guidepointsecurity.com/blog/ldap-injection-in-forgerock-openam-exploiting-cve-2021-29156/ Page URL
https://www.guidepointsecurity.com/blog/ldap-injection-in-forgerock-openam-exploiting-cve-2021-29156/ Page URL

Page Statistics

78
Requests

92 %
HTTPS

35 %
IPv6

17
Domains

21
Subdomains

18
IPs

4
Countries

1519 kB
Transfer

3305 kB
Size

19
Cookies

11 Outgoing links

These are links going to different origins than the main page.

URL: https://nvd.nist.gov/vuln/detail/CVE-2021-29156
Title: CVE-2021-29156

Search URL Search Domain Scan URL

URL: https://github.com/OpenIdentityPlatform/OpenAM/releases/tag/13.0.0
Title: v13.0.0

Search URL Search Domain Scan URL

URL: https://github.com/guidepointsecurity/CVE-2021-29156
Title: https://github.com/guidepointsecurity/CVE-2021-29156

Search URL Search Domain Scan URL

URL: https://portswigger.net/research/hidden-oauth-attack-vectors
Title: excellent writeup

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet/?url=https%3A%2F%2Fwww.guidepointsecurity.com%2Fblog%2Fldap-injection-in-forgerock-openam-exploiting-cve-2021-29156%2F&text=LDAP+Injection+in+ForgeRock+OpenAM%3A+Exploiting+CVE-2021-29156&via=GuidePointSec
Title: Share on Twitter

Search URL Search Domain Scan URL

URL: https://facebook.com/sharer.php?u=https%3A%2F%2Fwww.guidepointsecurity.com%2Fblog%2Fldap-injection-in-forgerock-openam-exploiting-cve-2021-29156%2F
Title: Share on Facebook

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.guidepointsecurity.com%2Fblog%2Fldap-injection-in-forgerock-openam-exploiting-cve-2021-29156%2F&title=LDAP+Injection+in+ForgeRock+OpenAM%3A+Exploiting+CVE-2021-29156&summary=Published+12%2F14%2F21%2C+9%3A00am+Today%2C+GuidePoint+Security+is+pleased+to+release+a+functional+Proof-of-Concept+tool+for+CVE-2021-29156%2C+an+LDAP+injection+vulnerability+%5B%26hellip%3B%5D&source=GuidePoint+Security
Title: Share on LinkedIn

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/guidepointsec
Title: linkedin

Search URL Search Domain Scan URL

URL: https://twitter.com/GuidePointSec
Title: twitter

Search URL Search Domain Scan URL

URL: https://www.facebook.com/GuidePointSec
Title: facebook

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCkajuS7JqEN3UGy6SXVhnfg
Title: youtube

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.guidepointsecurity.com/blog/ldap-injection-in-forgerock-openam-exploiting-cve-2021-29156/ Page URL
https://www.guidepointsecurity.com/blog/ldap-injection-in-forgerock-openam-exploiting-cve-2021-29156/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 67

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/607356108/?random=1695318595&cv=9&fst=1639491306239&num=1&value=0&label=evMjCOqv_OMBEMyJzqEC&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wgc10&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.guidepointsecurity.com%2Fblog%2Fldap-injection-in-forgerock-openam-exploiting-cve-2021-29156%2F&ref=https%3A%2F%2Fwww.guidepointsecurity.com%2Fblog%2Fldap-injection-in-forgerock-openam-exploiting-cve-2021-29156%2F&tiba=LDAP%20Injection%20in%20ForgeRock%20OpenAM%3A%20Exploiting%20CVE-2021-29156&auid=555533925.1639491306&capi=1&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=6qa4YcWVE7PhzAbk-6W4Aw&sscte=1&crd=CNPgGw&eitems=ChEIgJ7hjQYQ7LDOlI7U-J20ARIdADmdPEUlRWeNerjI9l3EgjK2iDHIKoODXdr-JXQ HTTP 302
https://www.google.com/pagead/1p-conversion/607356108/?random=1695318595&cv=9&fst=1639491306239&num=1&value=0&label=evMjCOqv_OMBEMyJzqEC&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wgc10&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.guidepointsecurity.com%2Fblog%2Fldap-injection-in-forgerock-openam-exploiting-cve-2021-29156%2F&ref=https%3A%2F%2Fwww.guidepointsecurity.com%2Fblog%2Fldap-injection-in-forgerock-openam-exploiting-cve-2021-29156%2F&tiba=LDAP%20Injection%20in%20ForgeRock%20OpenAM%3A%20Exploiting%20CVE-2021-29156&auid=555533925.1639491306&capi=1&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=CNPgGw&is_vtc=1&ocp_id=6qa4YcWVE7PhzAbk-6W4Aw&eitems=ChEIgJ7hjQYQ7LDOlI7U-J20ARIdADmdPEUY1ThxxwzGEzgYzOXWSrRJy4cSHxB3NaU&random=914718938&resp=GooglemKTybQhCsO HTTP 0
https://www.google.de/pagead/1p-conversion/607356108/?random=1695318595&cv=9&fst=1639491306239&num=1&value=0&label=evMjCOqv_OMBEMyJzqEC&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wgc10&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.guidepointsecurity.com%2Fblog%2Fldap-injection-in-forgerock-openam-exploiting-cve-2021-29156%2F&ref=https%3A%2F%2Fwww.guidepointsecurity.com%2Fblog%2Fldap-injection-in-forgerock-openam-exploiting-cve-2021-29156%2F&tiba=LDAP%20Injection%20in%20ForgeRock%20OpenAM%3A%20Exploiting%20CVE-2021-29156&auid=555533925.1639491306&capi=1&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=CNPgGw&is_vtc=1&ocp_id=6qa4YcWVE7PhzAbk-6W4Aw&eitems=ChEIgJ7hjQYQ7LDOlI7U-J20ARIdADmdPEUY1ThxxwzGEzgYzOXWSrRJy4cSHxB3NaU&random=914718938&resp=GooglemKTybQhCsO&ipr=y&prhg=0

78 HTTP transactions
8 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK / Show response
www.guidepointsecurity.com/blog/ldap-injection-in-forgerock-openam-exploiting-cve-2021-29156/ 212 B
736 B 72ms
15ms Document
text/html 107.154.76.199
INCAPSULA

General

Domain/Path	Expires	Name / Value
.guidepointsecurity.com/	1970-01-20 08:10:08	Name: visid_incap_2146071 Value: X+u1lalnTu+rnDylJMmumuimuGEAAAAAQUIPAAAAAABCHCTjp5PyHzGUdSIFXTPC
.guidepointsecurity.com/	1969-12-31 23:59:59	Name: incap_ses_472_2146071 Value: fyzmX/LJVSR6f2shHuKMBuimuGEAAAAAlygwb0VYVjoPS3waftfP6w==
www.guidepointsecurity.com/	1970-01-19 23:24:53	Name: ppwp_wp_session Value: 17f01bc8e7efc4c1ce4e8dbe44ad5fe4%7C%7C1639493105%7C%7C1639492745
.guidepointsecurity.com/	1969-12-31 23:59:59	Name: nlbi_2146071 Value: e1UTVXUh40b7g/z+ISt1bQAAAABUR4DN2gHTu+ML898eCz/0
.go.guidepointsecurity.com/	1970-01-19 23:24:53	Name: __cf_bm Value: LC2uuNENtF6MK72QoKXOlaDwRW7xR32jQPlyjbBqzs4-1639491305-0-AaL82OqIDDWBafgvGCztuEUAxWXaVlPbIBZnpcgvt4XBbdEp1NNUIlba60sTd7NOf5U/cPtCZ3lEbGZi2eieKac=
.guidepointsecurity.com/	1970-01-20 16:56:03	Name: _mkto_trk Value: id:995-MTM-359&token:_mch-guidepointsecurity.com-1639491306034-51217
.guidepointsecurity.com/	1970-01-20 01:34:27	Name: _gcl_au Value: 1.1.555533925.1639491306
www.guidepointsecurity.com/	1970-01-23 23:23:24	Name: _omappvp Value: Nj9FBZ9atsyu2t2VaHsPHIMqGp4lBeqkvFR3JYi4YTooqs2dLDLRbFLIIRdt08fGvpaK4NyvRio8ZAZRPpznxNd9kuYT0IRy
www.guidepointsecurity.com/	1970-01-19 23:24:52	Name: _omappvs Value: 1639491306143
.guidepointsecurity.com/	1970-01-20 16:56:03	Name: _ga_QVDYN94XH5 Value: GS1.1.1639491306.1.0.1639491306.0
.guidepointsecurity.com/	1970-01-20 16:56:03	Name: _ga Value: GA1.2.222766420.1639491306
.guidepointsecurity.com/	1970-01-19 23:26:17	Name: _gid Value: GA1.2.366250881.1639491306
.guidepointsecurity.com/	1970-01-19 23:24:51	Name: _gat_gtag_UA_146819107_1 Value: 1
okt.to/	1970-01-20 08:10:27	Name: oktgid Value: NyKvEXPiPAx2TWKbIshb0MhrkhpWTCdM
okt.to/	1969-12-31 23:59:59	Name: oktsid Value: DoJgbTC0OJcoUf1Ls1P67OVBuZZCjKgm
go.guidepointsecurity.com/	1969-12-31 23:59:59	Name: BIGipServerab01web-nginx-app_https Value: !E67V+HpCEXwxTSHaQbCLRqc3TBcuilSOrxxxeP0oqtAeTZnQOMJz/MhmQwTAktGo+J8wNEUbIXXlTos=
.doubleclick.net/	1970-01-19 23:24:52	Name: test_cookie Value: CheckForPermission
www.guidepointsecurity.com/	1970-01-20 00:08:03	Name: omSeen-xtv2afjvf4wytfk6kv4f Value: 1639491307806
.guidepointsecurity.com/	1970-01-20 08:10:27	Name: _omra Value: %7B%22xtv2afjvf4wytfk6kv4f%22%3A%22view%22%7D

Source	Level	URL Text
deprecation	warning	Message: Synchronous XMLHttpRequest on the main thread is deprecated because of its detrimental effects to the end user's experience. For more help, check https://xhr.spec.whatwg.org/.
security	error	URL: https://www.googletagmanager.com/gtm.js?id=GTM-M3WXW77(Line 68) Message: Refused to load the script 'https://snap.licdn.com/li.lms-analytics/insight.min.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval' .wistia.com .wistia.net src.litix.io lltrck.com .marketo.com .marketo.net .hotjar.com www.googleadservices.com www.googletagmanager.com www.google-analytics.com okt.to static.oktopost.com cdn.callrail.com global.oktacdn.com .typekit.net .omwpapi.com .omappapi.com *.atlassian.net go.guidepointsecurity.com www.google.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://www.googletagmanager.com/gtm.js?id=GTM-M3WXW77(Line 68) Message: Refused to load the script 'https://static.ads-twitter.com/uwt.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval' .wistia.com .wistia.net src.litix.io lltrck.com .marketo.com .marketo.net .hotjar.com www.googleadservices.com www.googletagmanager.com www.google-analytics.com okt.to static.oktopost.com cdn.callrail.com global.oktacdn.com .typekit.net .omwpapi.com .omappapi.com *.atlassian.net go.guidepointsecurity.com www.google.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://www.guidepointsecurity.com/blog/ldap-injection-in-forgerock-openam-exploiting-cve-2021-29156/ Message: Refused to load the image 'https://607356108.privacysandbox.googleadservices.com/pagead/privacysandbox/conversion/607356108/?random=1639491306239&cv=9&fst=1639491306239&num=1&fmt=3&value=0&label=evMjCOqv_OMBEMyJzqEC&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wgc10&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.guidepointsecurity.com%2Fblog%2Fldap-injection-in-forgerock-openam-exploiting-cve-2021-29156%2F&ref=https%3A%2F%2Fwww.guidepointsecurity.com%2Fblog%2Fldap-injection-in-forgerock-openam-exploiting-cve-2021-29156%2F&tiba=LDAP%20Injection%20in%20ForgeRock%20OpenAM%3A%20Exploiting%20CVE-2021-29156&auid=555533925.1639491306&capi=1&hn=www.googleadservices.com&bttype=purchase&async=1' because it violates the following Content Security Policy directive: "img-src 'self' data: embedwistia-a.akamaihd.net .wistia.com .wistia.net lltrck.com www.google-analytics.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net www.google.com global.oktacdn.com .googleusercontent.com .typekit.net .omwpapi.com .omappapi.com go.guidepointsecurity.com *.gravatar.com".
network	error	URL: https://lltrck.com/lt-v2.min.js Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://api.omappapi.com/v2/embed/82125/nfzzoxtovsmgz3i3stqa Message: Failed to load resource: the server responded with a status of 404 ()
security	error	URL: https://www.guidepointsecurity.com/blog/ldap-injection-in-forgerock-openam-exploiting-cve-2021-29156/ Message: Refused to load the image 'https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-146819107-1&cid=222766420.1639491306&jid=1830753399&_u=YADAAUAAAAAAAC~&z=323654715' because it violates the following Content Security Policy directive: "img-src 'self' data: embedwistia-a.akamaihd.net .wistia.com .wistia.net lltrck.com www.google-analytics.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net www.google.com global.oktacdn.com .googleusercontent.com .typekit.net .omwpapi.com .omappapi.com go.guidepointsecurity.com *.gravatar.com".
security	error	URL: https://www.guidepointsecurity.com/blog/ldap-injection-in-forgerock-openam-exploiting-cve-2021-29156/ Message: Refused to load the image 'https://www.google.de/pagead/1p-conversion/607356108/?random=1695318595&cv=9&fst=1639491306239&num=1&value=0&label=evMjCOqv_OMBEMyJzqEC&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wgc10&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.guidepointsecurity.com%2Fblog%2Fldap-injection-in-forgerock-openam-exploiting-cve-2021-29156%2F&ref=https%3A%2F%2Fwww.guidepointsecurity.com%2Fblog%2Fldap-injection-in-forgerock-openam-exploiting-cve-2021-29156%2F&tiba=LDAP%20Injection%20in%20ForgeRock%20OpenAM%3A%20Exploiting%20CVE-2021-29156&auid=555533925.1639491306&capi=1&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=CNPgGw&is_vtc=1&ocp_id=6qa4YcWVE7PhzAbk-6W4Aw&eitems=ChEIgJ7hjQYQ7LDOlI7U-J20ARIdADmdPEUY1ThxxwzGEzgYzOXWSrRJy4cSHxB3NaU&random=914718938&resp=GooglemKTybQhCsO&ipr=y&prhg=0' because it violates the following Content Security Policy directive: "img-src 'self' data: embedwistia-a.akamaihd.net .wistia.com .wistia.net lltrck.com www.google-analytics.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net www.google.com global.oktacdn.com .googleusercontent.com .typekit.net .omwpapi.com .omappapi.com go.guidepointsecurity.com *.gravatar.com".

www.guidepointsecurity.com Open in urlscan Pro 107.154.76.199 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

78 Requests

92 %HTTPS

35 %IPv6

17 Domains

21 Subdomains

18 IPs

4 Countries

1519 kBTransfer

3305 kBSize

19 Cookies

11 Outgoing links

Page URL History

Redirected requests

78 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 8 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.guidepointsecurity.com Open in urlscan Pro
107.154.76.199 Public Scan

Screenshot
Live screenshot

Full Image

78
Requests

92 %
HTTPS

35 %
IPv6

17
Domains

21
Subdomains

18
IPs

4
Countries

1519 kB
Transfer

3305 kB
Size

19
Cookies

78 HTTP transactions
8 data transactions