urlscan.io logo urlscan.io
SecurityTrails logo

kiwibank.login.sailpoint.com Open in urlscan Pro
3.27.98.38  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://kiwibank.cam.sailpoint.com/
Effective URL: https://kiwibank.login.sailpoint.com/saml/login/alias/kiwibank-sp?idp=https://sts.windows.net/4b41160f-15b3-4c74-9723-96d1838309dc/&r...
Submission: On July 07 via automatic, source certstream-suspicious — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 15 HTTP transactions. The main IP is 3.27.98.38, located in Sydney, Australia and belongs to AMAZON-02, US. The main domain is kiwibank.login.sailpoint.com.
TLS certificate: Issued by Amazon RSA 2048 M02 on February 18th 2024. Valid for: a year.
This is the only time kiwibank.login.sailpoint.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
10 2606:4700::68... 13335 (CLOUDFLAR...)
1 34.36.213.229 396982 (GOOGLE-CL...)
1 3 3.27.98.38 16509 (AMAZON-02)
15 4
Apex Domain
Subdomains		 Transfer
12 sailpoint.com
kiwibank.cam.sailpoint.com
kiwibank.login.sailpoint.com
800 KB
1 identitynow.com
kiwibank.api.identitynow.com
1 KB
1 pendo.io
cdn.pendo.io — Cisco Umbrella Rank: 990
157 KB
0 microsoftonline.com Failed
login.microsoftonline.com Failed
15 4
Domain Requested by
10 kiwibank.cam.sailpoint.com kiwibank.cam.sailpoint.com
2 kiwibank.login.sailpoint.com 1 redirects kiwibank.cam.sailpoint.com
1 kiwibank.api.identitynow.com kiwibank.cam.sailpoint.com
1 cdn.pendo.io kiwibank.cam.sailpoint.com
0 login.microsoftonline.com Failed
15 5

This site contains no links.

Subject Issuer Validity Valid
kiwibank.cam.sailpoint.com
WE1		 2024-07-06 -
2024-10-04		 3 months crt.sh
cdn.pendo.io
WR3		 2024-05-27 -
2024-08-25		 3 months crt.sh
*.api.identitynow.com
Amazon RSA 2048 M03		 2024-02-05 -
2025-03-05		 a year crt.sh
*.login.sailpoint.com
Amazon RSA 2048 M02		 2024-02-18 -
2025-03-18		 a year crt.sh

This page contains 1 frames:

Frame: https://login.microsoftonline.com/4b41160f-15b3-4c74-9723-96d1838309dc/saml2
Frame ID: 70FE37FACCB353C82A83F113298DF6EF
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://kiwibank.cam.sailpoint.com/ Page URL
  2. https://kiwibank.login.sailpoint.com/oauth/authorize?client_id=cam-ui&redirect_uri=https%3A%2F%2Fkiwibank.cam.sai... HTTP 302
    https://kiwibank.login.sailpoint.com/saml/login/alias/kiwibank-sp?idp=https://sts.windows.net/4b41160f-15b3-4c74-... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • lodash.*\.js

Page Statistics

15
Requests

87 %
HTTPS

33 %
IPv6

4
Domains

5
Subdomains

4
IPs

2
Countries

958 kB
Transfer

2714 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://kiwibank.cam.sailpoint.com/ Page URL
  2. https://kiwibank.login.sailpoint.com/oauth/authorize?client_id=cam-ui&redirect_uri=https%3A%2F%2Fkiwibank.cam.sailpoint.com&response_type=code&state=4828b5aa-3702-4be6-aa7f-48c2efd5206e HTTP 302
    https://kiwibank.login.sailpoint.com/saml/login/alias/kiwibank-sp?idp=https://sts.windows.net/4b41160f-15b3-4c74-9723-96d1838309dc/&relaystate=5354a874-e9be-4e06-aefc-2f002b4098e3 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
kiwibank.cam.sailpoint.com/ 		2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://kiwibank.cam.sailpoint.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:174f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
043f1e11596b2278b7fc55f107d3252d6bebe26c8d65380a8e322766f8264d75
Security Headers
Name Value
Content-Security-Policy img-src 'self' data: 'unsafe-eval' 'unsafe-inline' *.sailpoint.com *.identitysoon.com *.api.cloud.sailpoint.com *.identitynow.com *.pendo.io *.googleapis.com *.sailpointfedramp.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.pendo.io *.googleapis.com *.sailpointfedramp.com; default-src 'self' data: 'unsafe-inline' *.sailpoint.com *.identitysoon.com *.api.cloud.sailpoint.com *.identitynow.com *.pendo.io *.identitysoon-demo.com *.identitynow-demo.com *.sailpoint-demo.com *.cam-demo.sailpoint.com *.googleapis.com *.sailpointfedramp.com; frame-src app.pendo.io; child-src app.pendo.io;

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

cf-cache-status
DYNAMIC
cf-ray
89f7b627cf482c4a-FRA
content-encoding
gzip
content-security-policy
img-src 'self' data: 'unsafe-eval' 'unsafe-inline' *.sailpoint.com *.identitysoon.com *.api.cloud.sailpoint.com *.identitynow.com *.pendo.io *.googleapis.com *.sailpointfedramp.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.pendo.io *.googleapis.com *.sailpointfedramp.com; default-src 'self' data: 'unsafe-inline' *.sailpoint.com *.identitysoon.com *.api.cloud.sailpoint.com *.identitynow.com *.pendo.io *.identitysoon-demo.com *.identitynow-demo.com *.sailpoint-demo.com *.cam-demo.sailpoint.com *.googleapis.com *.sailpointfedramp.com; frame-src app.pendo.io; child-src app.pendo.io;
content-type
text/html
date
Sun, 07 Jul 2024 12:06:59 GMT
last-modified
Thu, 28 Sep 2023 15:58:24 GMT
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
82867bba48.min.css
kiwibank.cam.sailpoint.com/ 		208 KB
47 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://kiwibank.cam.sailpoint.com/82867bba48.min.css?867bba48da27bdbca8e5
Requested by
Host: kiwibank.cam.sailpoint.com
URL: https://kiwibank.cam.sailpoint.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:174f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fad736458937798cd0ad2886f674f0f231e7e6e91c99c2988c0b22d25729c788
Security Headers
Name Value
Content-Security-Policy img-src 'self' data: 'unsafe-eval' 'unsafe-inline' *.sailpoint.com *.identitysoon.com *.api.cloud.sailpoint.com *.identitynow.com *.pendo.io *.googleapis.com *.sailpointfedramp.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.pendo.io *.googleapis.com *.sailpointfedramp.com; default-src 'self' data: 'unsafe-inline' *.sailpoint.com *.identitysoon.com *.api.cloud.sailpoint.com *.identitynow.com *.pendo.io *.identitysoon-demo.com *.identitynow-demo.com *.sailpoint-demo.com *.cam-demo.sailpoint.com *.googleapis.com *.sailpointfedramp.com; frame-src app.pendo.io; child-src app.pendo.io;

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://kiwibank.cam.sailpoint.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 07 Jul 2024 12:07:00 GMT
content-security-policy
img-src 'self' data: 'unsafe-eval' 'unsafe-inline' *.sailpoint.com *.identitysoon.com *.api.cloud.sailpoint.com *.identitynow.com *.pendo.io *.googleapis.com *.sailpointfedramp.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.pendo.io *.googleapis.com *.sailpointfedramp.com; default-src 'self' data: 'unsafe-inline' *.sailpoint.com *.identitysoon.com *.api.cloud.sailpoint.com *.identitynow.com *.pendo.io *.identitysoon-demo.com *.identitynow-demo.com *.sailpoint-demo.com *.cam-demo.sailpoint.com *.googleapis.com *.sailpointfedramp.com; frame-src app.pendo.io; child-src app.pendo.io;
referrer-policy
strict-origin-when-cross-origin
cf-cache-status
REVALIDATED
last-modified
Thu, 28 Sep 2023 15:58:24 GMT
server
cloudflare
content-encoding
gzip
etag
W/"6515a2a0-33f5e"
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=14400
cf-ray
89f7b62ebec32c4a-FRA
expires
Sun, 07 Jul 2024 16:07:00 GMT
main867bba48.min.css
kiwibank.cam.sailpoint.com/ 		111 KB
23 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://kiwibank.cam.sailpoint.com/main867bba48.min.css?867bba48da27bdbca8e5
Requested by
Host: kiwibank.cam.sailpoint.com
URL: https://kiwibank.cam.sailpoint.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:174f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5226988ba5730a7f459dc9110a76fb45b808fc82b7d69c82ac764d44eda6e731
Security Headers
Name Value
Content-Security-Policy img-src 'self' data: 'unsafe-eval' 'unsafe-inline' *.sailpoint.com *.identitysoon.com *.api.cloud.sailpoint.com *.identitynow.com *.pendo.io *.googleapis.com *.sailpointfedramp.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.pendo.io *.googleapis.com *.sailpointfedramp.com; default-src 'self' data: 'unsafe-inline' *.sailpoint.com *.identitysoon.com *.api.cloud.sailpoint.com *.identitynow.com *.pendo.io *.identitysoon-demo.com *.identitynow-demo.com *.sailpoint-demo.com *.cam-demo.sailpoint.com *.googleapis.com *.sailpointfedramp.com; frame-src app.pendo.io; child-src app.pendo.io;

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://kiwibank.cam.sailpoint.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 07 Jul 2024 12:07:00 GMT
content-security-policy
img-src 'self' data: 'unsafe-eval' 'unsafe-inline' *.sailpoint.com *.identitysoon.com *.api.cloud.sailpoint.com *.identitynow.com *.pendo.io *.googleapis.com *.sailpointfedramp.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.pendo.io *.googleapis.com *.sailpointfedramp.com; default-src 'self' data: 'unsafe-inline' *.sailpoint.com *.identitysoon.com *.api.cloud.sailpoint.com *.identitynow.com *.pendo.io *.identitysoon-demo.com *.identitynow-demo.com *.sailpoint-demo.com *.cam-demo.sailpoint.com *.googleapis.com *.sailpointfedramp.com; frame-src app.pendo.io; child-src app.pendo.io;
referrer-policy
strict-origin-when-cross-origin
cf-cache-status
REVALIDATED
last-modified
Thu, 28 Sep 2023 15:58:24 GMT
server
cloudflare
content-encoding
gzip
etag
W/"6515a2a0-1bb38"
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=14400
cf-ray
89f7b62ebec52c4a-FRA
expires
Sun, 07 Jul 2024 16:07:00 GMT
vendor.867bba48.min.js
kiwibank.cam.sailpoint.com/static/js/ 		1 MB
359 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://kiwibank.cam.sailpoint.com/static/js/vendor.867bba48.min.js?867bba48da27bdbca8e5
Requested by
Host: kiwibank.cam.sailpoint.com
URL: https://kiwibank.cam.sailpoint.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:174f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0ccf00abc82d444e25e2f3bd0d2d626c91d11f8e512f714af43ea8c7ba8afe27
Security Headers
Name Value
Content-Security-Policy img-src 'self' data: 'unsafe-eval' 'unsafe-inline' *.sailpoint.com *.identitysoon.com *.api.cloud.sailpoint.com *.identitynow.com *.pendo.io *.googleapis.com *.sailpointfedramp.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.pendo.io *.googleapis.com *.sailpointfedramp.com; default-src 'self' data: 'unsafe-inline' *.sailpoint.com *.identitysoon.com *.api.cloud.sailpoint.com *.identitynow.com *.pendo.io *.identitysoon-demo.com *.identitynow-demo.com *.sailpoint-demo.com *.cam-demo.sailpoint.com *.googleapis.com *.sailpointfedramp.com; frame-src app.pendo.io; child-src app.pendo.io;

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://kiwibank.cam.sailpoint.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 07 Jul 2024 12:07:00 GMT
content-security-policy
img-src 'self' data: 'unsafe-eval' 'unsafe-inline' *.sailpoint.com *.identitysoon.com *.api.cloud.sailpoint.com *.identitynow.com *.pendo.io *.googleapis.com *.sailpointfedramp.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.pendo.io *.googleapis.com *.sailpointfedramp.com; default-src 'self' data: 'unsafe-inline' *.sailpoint.com *.identitysoon.com *.api.cloud.sailpoint.com *.identitynow.com *.pendo.io *.identitysoon-demo.com *.identitynow-demo.com *.sailpoint-demo.com *.cam-demo.sailpoint.com *.googleapis.com *.sailpointfedramp.com; frame-src app.pendo.io; child-src app.pendo.io;
referrer-policy
strict-origin-when-cross-origin
cf-cache-status
REVALIDATED
last-modified
Thu, 28 Sep 2023 15:58:24 GMT
server
cloudflare
content-encoding
gzip
etag
W/"6515a2a0-124b87"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=14400
cf-ray
89f7b62ebec62c4a-FRA
expires
Sun, 07 Jul 2024 16:07:00 GMT
82.867bba48.min.js
kiwibank.cam.sailpoint.com/static/js/ 		34 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://kiwibank.cam.sailpoint.com/static/js/82.867bba48.min.js?867bba48da27bdbca8e5
Requested by
Host: kiwibank.cam.sailpoint.com
URL: https://kiwibank.cam.sailpoint.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:174f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
701e6cb4aaaf3ba661fee10095df6019bbaa7406b7027a32109b3c6afb4fd609
Security Headers
Name Value
Content-Security-Policy img-src 'self' data: 'unsafe-eval' 'unsafe-inline' *.sailpoint.com *.identitysoon.com *.api.cloud.sailpoint.com *.identitynow.com *.pendo.io *.googleapis.com *.sailpointfedramp.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.pendo.io *.googleapis.com *.sailpointfedramp.com; default-src 'self' data: 'unsafe-inline' *.sailpoint.com *.identitysoon.com *.api.cloud.sailpoint.com *.identitynow.com *.pendo.io *.identitysoon-demo.com *.identitynow-demo.com *.sailpoint-demo.com *.cam-demo.sailpoint.com *.googleapis.com *.sailpointfedramp.com; frame-src app.pendo.io; child-src app.pendo.io;

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://kiwibank.cam.sailpoint.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 07 Jul 2024 12:07:00 GMT
content-security-policy
img-src 'self' data: 'unsafe-eval' 'unsafe-inline' *.sailpoint.com *.identitysoon.com *.api.cloud.sailpoint.com *.identitynow.com *.pendo.io *.googleapis.com *.sailpointfedramp.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.pendo.io *.googleapis.com *.sailpointfedramp.com; default-src 'self' data: 'unsafe-inline' *.sailpoint.com *.identitysoon.com *.api.cloud.sailpoint.com *.identitynow.com *.pendo.io *.identitysoon-demo.com *.identitynow-demo.com *.sailpoint-demo.com *.cam-demo.sailpoint.com *.googleapis.com *.sailpointfedramp.com; frame-src app.pendo.io; child-src app.pendo.io;
referrer-policy
strict-origin-when-cross-origin
cf-cache-status
REVALIDATED
last-modified
Thu, 28 Sep 2023 15:58:24 GMT
server
cloudflare
content-encoding
gzip
etag
W/"6515a2a0-88e6"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=14400
cf-ray
89f7b62ebec82c4a-FRA
expires
Sun, 07 Jul 2024 16:07:00 GMT
commons-main-lodash.js.867bba48.min.js
kiwibank.cam.sailpoint.com/static/js/ 		69 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://kiwibank.cam.sailpoint.com/static/js/commons-main-lodash.js.867bba48.min.js?867bba48da27bdbca8e5
Requested by
Host: kiwibank.cam.sailpoint.com
URL: https://kiwibank.cam.sailpoint.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:174f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
347da45b837486fa989dcc9a8f18953868535ecf2cf5dd1af39bd7ad29748566
Security Headers
Name Value
Content-Security-Policy img-src 'self' data: 'unsafe-eval' 'unsafe-inline' *.sailpoint.com *.identitysoon.com *.api.cloud.sailpoint.com *.identitynow.com *.pendo.io *.googleapis.com *.sailpointfedramp.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.pendo.io *.googleapis.com *.sailpointfedramp.com; default-src 'self' data: 'unsafe-inline' *.sailpoint.com *.identitysoon.com *.api.cloud.sailpoint.com *.identitynow.com *.pendo.io *.identitysoon-demo.com *.identitynow-demo.com *.sailpoint-demo.com *.cam-demo.sailpoint.com *.googleapis.com *.sailpointfedramp.com; frame-src app.pendo.io; child-src app.pendo.io;

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://kiwibank.cam.sailpoint.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 07 Jul 2024 12:07:00 GMT
content-security-policy
img-src 'self' data: 'unsafe-eval' 'unsafe-inline' *.sailpoint.com *.identitysoon.com *.api.cloud.sailpoint.com *.identitynow.com *.pendo.io *.googleapis.com *.sailpointfedramp.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.pendo.io *.googleapis.com *.sailpointfedramp.com; default-src 'self' data: 'unsafe-inline' *.sailpoint.com *.identitysoon.com *.api.cloud.sailpoint.com *.identitynow.com *.pendo.io *.identitysoon-demo.com *.identitynow-demo.com *.sailpoint-demo.com *.cam-demo.sailpoint.com *.googleapis.com *.sailpointfedramp.com; frame-src app.pendo.io; child-src app.pendo.io;
referrer-policy
strict-origin-when-cross-origin
cf-cache-status
REVALIDATED
last-modified
Thu, 28 Sep 2023 15:58:24 GMT
server
cloudflare
content-encoding
gzip
etag
W/"6515a2a0-11408"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=14400
cf-ray
89f7b62ebec92c4a-FRA
expires
Sun, 07 Jul 2024 16:07:00 GMT
main.867bba48.min.js
kiwibank.cam.sailpoint.com/static/js/ 		423 KB
123 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://kiwibank.cam.sailpoint.com/static/js/main.867bba48.min.js?867bba48da27bdbca8e5
Requested by
Host: kiwibank.cam.sailpoint.com
URL: https://kiwibank.cam.sailpoint.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:174f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4e3a0216dfc8a22f744530e157475e00735a7d4a339adeebd1d0c442c875dbd7
Security Headers
Name Value
Content-Security-Policy img-src 'self' data: 'unsafe-eval' 'unsafe-inline' *.sailpoint.com *.identitysoon.com *.api.cloud.sailpoint.com *.identitynow.com *.pendo.io *.googleapis.com *.sailpointfedramp.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.pendo.io *.googleapis.com *.sailpointfedramp.com; default-src 'self' data: 'unsafe-inline' *.sailpoint.com *.identitysoon.com *.api.cloud.sailpoint.com *.identitynow.com *.pendo.io *.identitysoon-demo.com *.identitynow-demo.com *.sailpoint-demo.com *.cam-demo.sailpoint.com *.googleapis.com *.sailpointfedramp.com; frame-src app.pendo.io; child-src app.pendo.io;

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://kiwibank.cam.sailpoint.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 07 Jul 2024 12:07:00 GMT
content-security-policy
img-src 'self' data: 'unsafe-eval' 'unsafe-inline' *.sailpoint.com *.identitysoon.com *.api.cloud.sailpoint.com *.identitynow.com *.pendo.io *.googleapis.com *.sailpointfedramp.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.pendo.io *.googleapis.com *.sailpointfedramp.com; default-src 'self' data: 'unsafe-inline' *.sailpoint.com *.identitysoon.com *.api.cloud.sailpoint.com *.identitynow.com *.pendo.io *.identitysoon-demo.com *.identitynow-demo.com *.sailpoint-demo.com *.cam-demo.sailpoint.com *.googleapis.com *.sailpointfedramp.com; frame-src app.pendo.io; child-src app.pendo.io;
referrer-policy
strict-origin-when-cross-origin
cf-cache-status
REVALIDATED
last-modified
Thu, 28 Sep 2023 15:58:24 GMT
server
cloudflare
content-encoding
gzip
etag
W/"6515a2a0-69d1d"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=14400
cf-ray
89f7b62ebecc2c4a-FRA
expires
Sun, 07 Jul 2024 16:07:00 GMT
pendo.js
cdn.pendo.io/agent/static/50a1e02e-f8db-4efb-5d7b-c41908b1795e/ 		482 KB
157 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.pendo.io/agent/static/50a1e02e-f8db-4efb-5d7b-c41908b1795e/pendo.js
Requested by
Host: kiwibank.cam.sailpoint.com
URL: https://kiwibank.cam.sailpoint.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.36.213.229 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
229.213.36.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
c15d15f21ee449753780d68c61f84097f1940b7417fb02c6ae8cc1267930a98a
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://kiwibank.cam.sailpoint.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 07 Jul 2024 12:07:01 GMT
content-encoding
gzip
strict-transport-security
max-age=63072000; includeSubDomains
x-guploader-uploadid
ACJd0Nqz2XH-1M1UUzsop6it3Be3JQ-BoNAAhsLV0RtoGNcFC86lfigJVsK2t80HZtursvDyKg8
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
159945
last-modified
Thu, 30 May 2024 18:14:13 GMT
server
UploadServer
etag
"5d1005f6c0b190a0d86a01d117d7ed36"
vary
Accept-Encoding
x-goog-generation
1717092852858280
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-goog-hash
crc32c=R6S7fw==, md5=XRAF9sCxkKDYagHRF9ftNg==
access-control-expose-headers
*
cache-control
public,max-age=450
x-goog-stored-content-length
159945
accept-ranges
bytes
0fcd45fbfc419c42c8b9.ttf
kiwibank.cam.sailpoint.com/ 		168 KB
168 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://kiwibank.cam.sailpoint.com/0fcd45fbfc419c42c8b9.ttf
Requested by
Host: kiwibank.cam.sailpoint.com
URL: https://kiwibank.cam.sailpoint.com/main867bba48.min.css?867bba48da27bdbca8e5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:174f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy img-src 'self' data: 'unsafe-eval' 'unsafe-inline' *.sailpoint.com *.identitysoon.com *.api.cloud.sailpoint.com *.identitynow.com *.pendo.io *.googleapis.com *.sailpointfedramp.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.pendo.io *.googleapis.com *.sailpointfedramp.com; default-src 'self' data: 'unsafe-inline' *.sailpoint.com *.identitysoon.com *.api.cloud.sailpoint.com *.identitynow.com *.pendo.io *.identitysoon-demo.com *.identitynow-demo.com *.sailpoint-demo.com *.cam-demo.sailpoint.com *.googleapis.com *.sailpointfedramp.com; frame-src app.pendo.io; child-src app.pendo.io;

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://kiwibank.cam.sailpoint.com/main867bba48.min.css?867bba48da27bdbca8e5
Origin
https://kiwibank.cam.sailpoint.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 07 Jul 2024 12:07:02 GMT
content-security-policy
img-src 'self' data: 'unsafe-eval' 'unsafe-inline' *.sailpoint.com *.identitysoon.com *.api.cloud.sailpoint.com *.identitynow.com *.pendo.io *.googleapis.com *.sailpointfedramp.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.pendo.io *.googleapis.com *.sailpointfedramp.com; default-src 'self' data: 'unsafe-inline' *.sailpoint.com *.identitysoon.com *.api.cloud.sailpoint.com *.identitynow.com *.pendo.io *.identitysoon-demo.com *.identitynow-demo.com *.sailpoint-demo.com *.cam-demo.sailpoint.com *.googleapis.com *.sailpointfedramp.com; frame-src app.pendo.io; child-src app.pendo.io;
referrer-policy
strict-origin-when-cross-origin
cf-cache-status
MISS
last-modified
Thu, 28 Sep 2023 15:58:24 GMT
server
cloudflare
etag
"6515a2a0-2a020"
vary
Accept-Encoding
content-type
application/octet-stream
cache-control
public, max-age=14400
accept-ranges
bytes
cf-ray
89f7b637796f2c4a-FRA
content-length
172064
expires
Sun, 07 Jul 2024 16:07:02 GMT
auth
kiwibank.cam.sailpoint.com/v1/tenants/users/ 		321 B
350 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://kiwibank.cam.sailpoint.com/v1/tenants/users/auth?req_hdr.tid=91de1e07-6c81-41f4-9ab7-3d1e537cd2ec&
Requested by
Host: kiwibank.cam.sailpoint.com
URL: https://kiwibank.cam.sailpoint.com/static/js/main.867bba48.min.js?867bba48da27bdbca8e5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:174f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
44f0f0b6acacea49ff3b7f11c91ee64edb73aa353c8dacdb28ad73a51a946958

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referrer-Policy
strict-origin-when-cross-origin
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Accept
application/json
Referer
https://kiwibank.cam.sailpoint.com/
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 07 Jul 2024 12:07:01 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
server
cloudflare
content-type
application/json
grpc-metadata-content-type
application/grpc
cf-ray
89f7b637a9a42c4a-FRA
content-length
228
info
kiwibank.api.identitynow.com/oauth/ 		551 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://kiwibank.api.identitynow.com/oauth/info
Requested by
Host: kiwibank.cam.sailpoint.com
URL: https://kiwibank.cam.sailpoint.com/static/js/main.867bba48.min.js?867bba48da27bdbca8e5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.27.98.38 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-27-98-38.ap-southeast-2.compute.amazonaws.com
Software
nginx /
Resource Hash
d77e51a79b401e3a051da4fb77c61d97e44c0edbf5b12e9cab5aebf26b4f18d7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000 ; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept
application/json
Referer
https://kiwibank.cam.sailpoint.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 07 Jul 2024 12:07:02 GMT
strict-transport-security
max-age=31536000; includeSubDomains, max-age=31536000 ; includeSubDomains
slpt-request-id
56318d0350f848a18faad39e4650f3af
server
nginx
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
Transfer-Encoding,X-Content-Type-Options,Connection,Pragma,Date,X-Zuul-ServiceId,X-Frame-Options,Strict-Transport-Security,Cache-Control,Retry-After,Expires,SLPT-Request-ID,X-XSS-Protection,Content-Type
cache-control
no-cache, no-store, max-age=0, must-revalidate
x-robots-tag
none, noindex
Primary Request kiwibank-sp
kiwibank.login.sailpoint.com/saml/login/alias/
Redirect Chain
  • https://kiwibank.login.sailpoint.com/oauth/authorize?client_id=cam-ui&redirect_uri=https%3A%2F%2Fkiwibank.cam.sailpoint.com&response_type=code&state=4828b5aa-3702-4be6-aa7f-48c2efd5206e
  • https://kiwibank.login.sailpoint.com/saml/login/alias/kiwibank-sp?idp=https://sts.windows.net/4b41160f-15b3-4c74-9723-96d1838309dc/&relaystate=5354a874-e9be-4e06-aefc-2f002b4098e3
2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://kiwibank.login.sailpoint.com/saml/login/alias/kiwibank-sp?idp=https://sts.windows.net/4b41160f-15b3-4c74-9723-96d1838309dc/&relaystate=5354a874-e9be-4e06-aefc-2f002b4098e3
Requested by
Host: kiwibank.cam.sailpoint.com
URL: https://kiwibank.cam.sailpoint.com/static/js/main.867bba48.min.js?867bba48da27bdbca8e5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.27.98.38 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-27-98-38.ap-southeast-2.compute.amazonaws.com
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://kiwibank.cam.sailpoint.com/login
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

access-control-expose-headers
X-Content-Type-Options,Connection,Pragma,Date,X-Zuul-ServiceId,X-Frame-Options,Strict-Transport-Security,Cache-Control,Retry-After,Expires,SLPT-Request-ID,X-XSS-Protection,Content-Length,Content-Type
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-type
text/html;charset=ISO-8859-1
date
Sun, 07 Jul 2024 12:07:04 GMT
server
nginx
slpt-request-id
eaae0c04d7074168a9a92c73cf83f40b
strict-transport-security
max-age=31536000 ; includeSubDomains
vary
Accept-Encoding Origin Access-Control-Request-Method Access-Control-Request-Headers
x-robots-tag
none noindex

Redirect headers

access-control-expose-headers
X-Content-Type-Options,Connection,Pragma,Date,X-Zuul-ServiceId,X-Frame-Options,Strict-Transport-Security,Cache-Control,Retry-After,Set-Cookie,Expires,SLPT-Request-ID,X-XSS-Protection,Content-Length,Location
cache-control
no-cache, no-store, max-age=0, must-revalidate
date
Sun, 07 Jul 2024 12:07:03 GMT
location
https://kiwibank.login.sailpoint.com/saml/login/alias/kiwibank-sp?idp=https://sts.windows.net/4b41160f-15b3-4c74-9723-96d1838309dc/&relaystate=5354a874-e9be-4e06-aefc-2f002b4098e3
server
nginx
slpt-request-id
b61615fb8e674a9fb69bd7810f5482b0
strict-transport-security
max-age=31536000 ; includeSubDomains
vary
Origin Access-Control-Request-Method Access-Control-Request-Headers
x-robots-tag
none noindex
cff684e59ffb052d72cb.woff2
kiwibank.cam.sailpoint.com/ 		43 KB
43 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://kiwibank.cam.sailpoint.com/cff684e59ffb052d72cb.woff2
Requested by
Host: kiwibank.cam.sailpoint.com
URL: https://kiwibank.cam.sailpoint.com/main867bba48.min.css?867bba48da27bdbca8e5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:174f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy img-src 'self' data: 'unsafe-eval' 'unsafe-inline' *.sailpoint.com *.identitysoon.com *.api.cloud.sailpoint.com *.identitynow.com *.pendo.io *.googleapis.com *.sailpointfedramp.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.pendo.io *.googleapis.com *.sailpointfedramp.com; default-src 'self' data: 'unsafe-inline' *.sailpoint.com *.identitysoon.com *.api.cloud.sailpoint.com *.identitynow.com *.pendo.io *.identitysoon-demo.com *.identitynow-demo.com *.sailpoint-demo.com *.cam-demo.sailpoint.com *.googleapis.com *.sailpointfedramp.com; frame-src app.pendo.io; child-src app.pendo.io;

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://kiwibank.cam.sailpoint.com/main867bba48.min.css?867bba48da27bdbca8e5
Origin
https://kiwibank.cam.sailpoint.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 07 Jul 2024 12:07:03 GMT
content-security-policy
img-src 'self' data: 'unsafe-eval' 'unsafe-inline' *.sailpoint.com *.identitysoon.com *.api.cloud.sailpoint.com *.identitynow.com *.pendo.io *.googleapis.com *.sailpointfedramp.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.pendo.io *.googleapis.com *.sailpointfedramp.com; default-src 'self' data: 'unsafe-inline' *.sailpoint.com *.identitysoon.com *.api.cloud.sailpoint.com *.identitynow.com *.pendo.io *.identitysoon-demo.com *.identitynow-demo.com *.sailpoint-demo.com *.cam-demo.sailpoint.com *.googleapis.com *.sailpointfedramp.com; frame-src app.pendo.io; child-src app.pendo.io;
referrer-policy
strict-origin-when-cross-origin
cf-cache-status
MISS
last-modified
Thu, 28 Sep 2023 15:58:24 GMT
server
cloudflare
etag
"6515a2a0-ad0c"
vary
Accept-Encoding
content-type
font/woff2
cache-control
public, max-age=14400
accept-ranges
bytes
cf-ray
89f7b6403bea2c4a-FRA
content-length
44300
expires
Sun, 07 Jul 2024 16:07:03 GMT
saml2
login.microsoftonline.com/4b41160f-15b3-4c74-9723-96d1838309dc/ 		0
0
favicon.ico
kiwibank.login.sailpoint.com/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
login.microsoftonline.com
URL
https://login.microsoftonline.com/4b41160f-15b3-4c74-9723-96d1838309dc/saml2
Domain
kiwibank.login.sailpoint.com
URL
https://kiwibank.login.sailpoint.com/favicon.ico

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

undefined| event object| fence object| sharedStorage

2 Cookies

Domain/Path Name / Value
kiwibank.login.sailpoint.com/ Name: XSRF-TOKEN
Value: b2f1619f-69c7-400f-a045-cb1ea62b1ab4
kiwibank.login.sailpoint.com/ Name: SLPTLS
Value: NjYzZTNjMjgtNjNjMC00NDJiLWI1ZTMtY2I2MzQ1NDA3OWY0

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy img-src 'self' data: 'unsafe-eval' 'unsafe-inline' *.sailpoint.com *.identitysoon.com *.api.cloud.sailpoint.com *.identitynow.com *.pendo.io *.googleapis.com *.sailpointfedramp.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.pendo.io *.googleapis.com *.sailpointfedramp.com; default-src 'self' data: 'unsafe-inline' *.sailpoint.com *.identitysoon.com *.api.cloud.sailpoint.com *.identitynow.com *.pendo.io *.identitysoon-demo.com *.identitynow-demo.com *.sailpoint-demo.com *.cam-demo.sailpoint.com *.googleapis.com *.sailpointfedramp.com; frame-src app.pendo.io; child-src app.pendo.io;