idp.sans.org
Open in
urlscan Pro
45.60.31.34
Public Scan
Effective URL: https://idp.sans.org/simplesaml/module.php/core/loginuserpass.php?AuthState=_7f9a1df21963ba3cc6134b579519fcde30e6bf7c...
Submission: On January 30 via manual from IN — Scanned from DE
Summary
TLS certificate: Issued by GlobalSign Atlas R3 DV TLS CA 2022 Q4 on December 15th 2022. Valid for: 6 months.
This is the only time idp.sans.org was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 136.147.189.155 136.147.189.155 | 22606 (EXACT-7) (EXACT-7) | |
1 11 | 45.60.31.34 45.60.31.34 | 19551 (INCAPSULA) (INCAPSULA) | |
1 | 2a02:26f0:10e... 2a02:26f0:10e::6860:5bb2 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 2a02:26f0:11a... 2a02:26f0:11a::6867:4832 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
3 | 104.17.208.240 104.17.208.240 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 1 | 45.60.33.34 45.60.33.34 | 19551 (INCAPSULA) (INCAPSULA) | |
15 | 4 |
ASN22606 (EXACT-7, US)
PTR: click.email.sans.org
click.email.sans.org |
ASN13335 (CLOUDFLARENET, US)
zn7weq3ulla03svlp-sans.siteintercept.qualtrics.com | |
siteintercept.qualtrics.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
giac.org
exams.giac.org www.giac.org — Cisco Umbrella Rank: 611717 |
857 KB |
6 |
sans.org
3 redirects
click.email.sans.org — Cisco Umbrella Rank: 211263 auth.sans.org idp.sans.org — Cisco Umbrella Rank: 460222 |
32 KB |
3 |
qualtrics.com
zn7weq3ulla03svlp-sans.siteintercept.qualtrics.com siteintercept.qualtrics.com — Cisco Umbrella Rank: 978 |
24 KB |
2 |
typekit.net
use.typekit.net — Cisco Umbrella Rank: 436 p.typekit.net — Cisco Umbrella Rank: 598 |
2 KB |
15 | 4 |
Domain | Requested by | |
---|---|---|
6 | exams.giac.org |
exams.giac.org
|
4 | idp.sans.org |
1 redirects
exams.giac.org
idp.sans.org |
2 | siteintercept.qualtrics.com |
zn7weq3ulla03svlp-sans.siteintercept.qualtrics.com
siteintercept.qualtrics.com |
1 | auth.sans.org | 1 redirects |
1 | www.giac.org |
exams.giac.org
|
1 | zn7weq3ulla03svlp-sans.siteintercept.qualtrics.com |
exams.giac.org
|
1 | p.typekit.net |
use.typekit.net
|
1 | use.typekit.net |
exams.giac.org
|
1 | click.email.sans.org | 1 redirects |
15 | 9 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.sans.org |
Subject Issuer | Validity | Valid | |
---|---|---|---|
imperva.com GlobalSign Atlas R3 DV TLS CA 2022 Q4 |
2022-12-15 - 2023-06-13 |
6 months | crt.sh |
use.typekit.net DigiCert TLS Hybrid ECC SHA384 2020 CA1 |
2022-09-14 - 2023-10-15 |
a year | crt.sh |
*.qualtrics.com DigiCert TLS RSA SHA256 2020 CA1 |
2022-05-04 - 2023-05-04 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://idp.sans.org/simplesaml/module.php/core/loginuserpass.php?AuthState=_7f9a1df21963ba3cc6134b579519fcde30e6bf7c8b%3Ahttps%3A%2F%2Fidp.sans.org%2Fsimplesaml%2Fsaml2%2Fidp%2FSSOService.php%3Fspentityid%3Durn%253Aamazon%253Acognito%253Asp%253Aus-east-1_13HwBeeI8%26RelayState%3DH4sIAAAAAAAAAC2QW2_iMBCF_4ufMcRJIDhvNK0gYlsWwi1UFTLOOHcnjUMIVP3va6R9O3POp9HM-UEMueiqMDDVYnIm1uL2AuBP0QBddMKubYIVNF3KAStWFjiNap1xnZHKaqHoJlcmaWtNsy4XWW1ETm5rINJA0ra1ckcj6FmphnHK-LBq4tFzZ9WkD9AYaIxX0VMKLYPZ-x8tY-R-IihZWuihqkGmkRZ1U4m0APQ1QLlmF_QRnkQAXtZ7J68u94VzPNy77DA73kLgffH-CuL1Sla7x8e87_bnKv_-G3I5W6Sb1fxjIZeWf78rT97Ph5bHmZOFnoouhmTrU-gbDKvse7Ntlyah58ixs20ycehqF3f-sjSm1D9u8_lmXU3Xbzkk9mFfbGTKe9vcgZeQFxi_BcegaWQbzAx9fPG_zKFiUj1r0F6JXDJxxoZDqGnp_5ArWKFggBoNXwhE_OKMsW0Jim1BTMy4TTA1hXY5mXBB0e8_wWjD4cABAAA.H4sIAAAAAAAAAAEgAN__1MH21Fr7-4bn7OOW4KEam02ubyiQ8nsU4Ag-K5G0DXf9aMJqIAAAAA.4%26cookieTime%3D1675071924
Frame ID: 8D89FED9FB6ED435461EBBC044BB89DF
Requests: 15 HTTP requests in this frame
Screenshot
Page Title
SANS LoginPage URL History Show full URLs
-
https://click.email.sans.org/?qs=e30eb8a48d7ea30fe44b0da750f00dc77fe90b1a0597e5f472178048311a5b708bd9e248...
HTTP 302
https://exams.giac.org/pages/attempts?is=f52f851df0f7519c8fad66c5e822ec2c1ec84493e7b8355fdc09385af2... Page URL
-
https://auth.sans.org/oauth2/authorize?client_id=1o3telv6uan9t38jvkfjp0d7k4&scope=email%20openid%2...
HTTP 302
https://idp.sans.org/simplesaml/saml2/idp/SSOService.php?SAMLRequest=fZHLbsIwEEX3%2FYrIeyd2ElSwSB... HTTP 302
https://idp.sans.org/simplesaml/module.php/core/loginuserpass.php?AuthState=_7f9a1df21963ba3cc613... Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
Google Tag Manager (Tag Managers) Expand
Detected patterns
- googletagmanager\.com/ns\.html[^>]+></iframe>
- <!-- (?:End )?Google Tag Manager -->
Imperva (Security) Expand
Detected patterns
- /_Incapsula_Resource
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: Create a SANS account
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://click.email.sans.org/?qs=e30eb8a48d7ea30fe44b0da750f00dc77fe90b1a0597e5f472178048311a5b708bd9e2484ba1681850b0528c0387ba637ed5889160da9bb5
HTTP 302
https://exams.giac.org/pages/attempts?is=f52f851df0f7519c8fad66c5e822ec2c1ec84493e7b8355fdc09385af25ac8d9 Page URL
-
https://auth.sans.org/oauth2/authorize?client_id=1o3telv6uan9t38jvkfjp0d7k4&scope=email%20openid%20profile&identity_provider=auth-service-saml-idp&response_type=CODE&redirect_uri=https%3A%2F%2Fexams.giac.org%2Fauthorize
HTTP 302
https://idp.sans.org/simplesaml/saml2/idp/SSOService.php?SAMLRequest=fZHLbsIwEEX3%2FYrIeyd2ElSwSBAtQkWiqtRAF90gk0zBUmK7Hoc%2Bvr7hpcKGpUf3zLXODEffTR3swKEyOiM8ZCQAXZpK6U1Glosp7ZNRfjdE2dSxFePWb%2FUrfLaAPhgjgvMd92g0tg24AtxOlbB8nWdk671FEUWyI0KUGkPjNtFhTaQq6wBtRwEJJt0qpaU%2F9J%2BpLnEBqcbWsEf%2F%2BagoXk51od1aEswmGVmxcsCT%2FppTlq7vaRonnA5YWtG1lIz34l7a68suitjCTKOX2mckZnFCGacJW7CBSHsiTsIBZ%2B8keDtbifdWOk8axdFDRlqnhZGoUGjZAApfimL8PBddVFhnvClNTfKjNnEodMHUuEb62%2Bx%2Boir6cYgK0F75n6vu27g8n4Tk%2B5hs5K%2FRojQbrbwRaEWLFCR6ylc8efp6AJj1h9HlL%2FPT8%2FrW%2BR8%3D&RelayState=H4sIAAAAAAAAAC2QW2_iMBCF_4ufMcRJIDhvNK0gYlsWwi1UFTLOOHcnjUMIVP3va6R9O3POp9HM-UEMueiqMDDVYnIm1uL2AuBP0QBddMKubYIVNF3KAStWFjiNap1xnZHKaqHoJlcmaWtNsy4XWW1ETm5rINJA0ra1ckcj6FmphnHK-LBq4tFzZ9WkD9AYaIxX0VMKLYPZ-x8tY-R-IihZWuihqkGmkRZ1U4m0APQ1QLlmF_QRnkQAXtZ7J68u94VzPNy77DA73kLgffH-CuL1Sla7x8e87_bnKv_-G3I5W6Sb1fxjIZeWf78rT97Ph5bHmZOFnoouhmTrU-gbDKvse7Ntlyah58ixs20ycehqF3f-sjSm1D9u8_lmXU3Xbzkk9mFfbGTKe9vcgZeQFxi_BcegaWQbzAx9fPG_zKFiUj1r0F6JXDJxxoZDqGnp_5ArWKFggBoNXwhE_OKMsW0Jim1BTMy4TTA1hXY5mXBB0e8_wWjD4cABAAA.H4sIAAAAAAAAAAEgAN__1MH21Fr7-4bn7OOW4KEam02ubyiQ8nsU4Ag-K5G0DXf9aMJqIAAAAA.4 HTTP 302
https://idp.sans.org/simplesaml/module.php/core/loginuserpass.php?AuthState=_7f9a1df21963ba3cc6134b579519fcde30e6bf7c8b%3Ahttps%3A%2F%2Fidp.sans.org%2Fsimplesaml%2Fsaml2%2Fidp%2FSSOService.php%3Fspentityid%3Durn%253Aamazon%253Acognito%253Asp%253Aus-east-1_13HwBeeI8%26RelayState%3DH4sIAAAAAAAAAC2QW2_iMBCF_4ufMcRJIDhvNK0gYlsWwi1UFTLOOHcnjUMIVP3va6R9O3POp9HM-UEMueiqMDDVYnIm1uL2AuBP0QBddMKubYIVNF3KAStWFjiNap1xnZHKaqHoJlcmaWtNsy4XWW1ETm5rINJA0ra1ckcj6FmphnHK-LBq4tFzZ9WkD9AYaIxX0VMKLYPZ-x8tY-R-IihZWuihqkGmkRZ1U4m0APQ1QLlmF_QRnkQAXtZ7J68u94VzPNy77DA73kLgffH-CuL1Sla7x8e87_bnKv_-G3I5W6Sb1fxjIZeWf78rT97Ph5bHmZOFnoouhmTrU-gbDKvse7Ntlyah58ixs20ycehqF3f-sjSm1D9u8_lmXU3Xbzkk9mFfbGTKe9vcgZeQFxi_BcegaWQbzAx9fPG_zKFiUj1r0F6JXDJxxoZDqGnp_5ArWKFggBoNXwhE_OKMsW0Jim1BTMy4TTA1hXY5mXBB0e8_wWjD4cABAAA.H4sIAAAAAAAAAAEgAN__1MH21Fr7-4bn7OOW4KEam02ubyiQ8nsU4Ag-K5G0DXf9aMJqIAAAAA.4%26cookieTime%3D1675071924 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://click.email.sans.org/?qs=e30eb8a48d7ea30fe44b0da750f00dc77fe90b1a0597e5f472178048311a5b708bd9e2484ba1681850b0528c0387ba637ed5889160da9bb5 HTTP 302
- https://exams.giac.org/pages/attempts?is=f52f851df0f7519c8fad66c5e822ec2c1ec84493e7b8355fdc09385af25ac8d9
15 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
attempts
exams.giac.org/pages/ Redirect Chain
|
2 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
xzz1jhx.css
use.typekit.net/ |
12 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.409597e3.js
exams.giac.org/static/js/ |
2 MB 533 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.301ba329.css
exams.giac.org/static/css/ |
927 B 701 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
_Incapsula_Resource
exams.giac.org/ |
153 KB 22 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
p.css
p.typekit.net/ |
5 B 181 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
_Incapsula_Resource
exams.giac.org/ |
1 B 41 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
zn7weq3ulla03svlp-sans.siteintercept.qualtrics.com/SIE/ |
7 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ClearSans-Regular.43ea7d2123718b0cfd2c.ttf
exams.giac.org/static/media/ |
297 KB 298 KB |
Font
font/ttf |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
admin
www.giac.org/remote-config/ |
551 B 1 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
13.80b1174311323ca5c15d.chunk.js
siteintercept.qualtrics.com/dxjsmodule/ |
62 KB 19 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
Targeting.php
siteintercept.qualtrics.com/WRSiteInterceptEngine/ |
1 KB 855 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
loginuserpass.php
idp.sans.org/simplesaml/module.php/core/ Redirect Chain
|
6 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.css
idp.sans.org/simplesaml/module.php/sans/sans-responsive/css/web2021/ |
10 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
_Incapsula_Resource
idp.sans.org/ |
154 KB 22 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
1 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontentvisibilityautostatechange13 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.giac.org/ | Name: visid_incap_1869983 Value: q3JgwnYtRp2C2Nwiir4xOrGR12MAAAAAQUIPAAAAAAAcHiKQJWtz8GaNOhcfGLI2 |
|
.giac.org/ | Name: incap_ses_892_1869983 Value: Ylj4HIoJxkRtt8XmwQhhDLGR12MAAAAASUe9j1kVhUfjzgfk90Ziew== |
|
.giac.org/ | Name: nlbi_1869983_2666078 Value: a3hCcd5keRXLQwYeWJ9KewAAAAAuomE1XwoLdgq5i3OThdQQ |
|
auth.sans.org/ | Name: XSRF-TOKEN Value: 038822cd-8353-439a-87cd-dbe1fb5b7ed9 |
|
auth.sans.org/ | Name: csrf-state Value: H9zYZfSeCjxCZCpmVl7XWyvjWAXwYecxlMDefDu1OUzNGxvV_okqPYcnAHiROGNHnK3IyysCny_Wtcgj7jYCsdb0naQZYI0a-sjqRTtK219_d74jTh679OUgvIKm089IXTkGRQo8QEkeh4WVlRnicx42UeCh1Be5ESXSrrntSA0 |
|
auth.sans.org/ | Name: csrf-state-legacy Value: H9zYZfSeCjxCZCpmVl7XWyvjWAXwYecxlMDefDu1OUzNGxvV_okqPYcnAHiROGNHnK3IyysCny_Wtcgj7jYCsdb0naQZYI0a-sjqRTtK219_d74jTh679OUgvIKm089IXTkGRQo8QEkeh4WVlRnicx42UeCh1Be5ESXSrrntSA0 |
|
auth.sans.org/ | Name: visid_incap_2802314 Value: qVAsKWMeQQ+0QbKW05u4/bOR12MAAAAAQUIPAAAAAAB9eDVen8vHX8Jv8tU80upL |
|
auth.sans.org/ | Name: nlbi_2802314 Value: XogvW/NaMz0B/hobjpAu6QAAAAAARqCur0T/GSZrXSopjuWo |
|
auth.sans.org/ | Name: incap_ses_273_2802314 Value: E7khFWp/swmjxCNO2OTJA7OR12MAAAAANDsTDscDD1WzZ7zHraqAvg== |
|
.idp.sans.org/ | Name: SANS_FEDERATED_AUTH Value: 6fb793adc96bedb86a9f63359e8a8720 |
|
idp.sans.org/ | Name: visid_incap_2295456 Value: FKtsKsKDSc+v+8GZPwHcLrOR12MAAAAAQUIPAAAAAAAWLym4f4SEzK7fp45b/tEQ |
|
idp.sans.org/ | Name: nlbi_2295456_2680373 Value: DH0KUIJyV2OqbCsrzgnhKAAAAAC4/sVliK+4VObB6kn4poX5 |
|
idp.sans.org/ | Name: incap_ses_892_2295456 Value: VJkkXfNSWjVHuMXmwQhhDLOR12MAAAAAPCCJLBdheDABgY7IpaHQbw== |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31556926; includeSubdomains |
X-Content-Type-Options | nosniff |
X-Frame-Options | SAMEORIGIN |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
auth.sans.org
click.email.sans.org
exams.giac.org
idp.sans.org
p.typekit.net
siteintercept.qualtrics.com
use.typekit.net
www.giac.org
zn7weq3ulla03svlp-sans.siteintercept.qualtrics.com
104.17.208.240
136.147.189.155
2a02:26f0:10e::6860:5bb2
2a02:26f0:11a::6867:4832
45.60.31.34
45.60.33.34
0da52b52866aea4080eb933b68b1975f81e4fa413d9debd3f0d4a39520ca3076
188d124c2bd22049ae71d30bfedb361e9511d0b83682800b0826bd32bb9c59ad
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb
51a8a6f923c27fd0e66efca07d223b95ee9cd4263257d2ed560ee767804bd1b7
6248f8dc5b8767a4ca2b3c15e8c4699168a0cf984bd746271e60a97561da3c68
7b1ef192f9be418a856962a58ec9a4fe5107562c26cec241c80d39d0f9ef6a7c
7b7fd9317afda8bf133a2375cba8b55a27815be810cb308baf7149fe69a21854
8284f35e4504de5b0b9e671f590b32e010dec9771a465fcd41ea1153d36d4997
a8cc5b37b8e84d5f0b9dec16adea89571e6eb1124ac2edfb9240b104adc5ae42
bb811af889b6a3984944678f04b033a4805c49a66f06cde62ef29902e8f0f06f
be5e4a544d1b4cd4686c6e8223a3c753a5aa41c5ca571b7031b638d07d55271d
c2f68f57b0b3e6f0ea6d20e11af0be191fc9fb733e1560cb67e14bf785f5c7c3
dd581effa1b3f11825266bdfda9b0e6cb5fbb26c2ef1ba47739a926f3a9396ca
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855