idselect.idm.cit.cornell.edu Open in urlscan Pro
54.174.83.142 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://secure.provost.cornell.edu/
Effective URL:
https://idselect.idm.cit.cornell.edu/idselect/select.html?entityID=https%3A%2F%2Fbrand.cornell.edu%2FShibboleth&return=https%3A%2F%2F...
Submission: On July 12 via automatic, source certstream-suspicious (July 12th 2022, 4:40:17 pm UTC) — Scanned from DE

Summary HTTP 17 Redirects Links 8 Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 3 domains to perform 17 HTTP transactions. The main IP is 54.174.83.142, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is idselect.idm.cit.cornell.edu.
TLS certificate: Issued by Amazon on March 31st 2022. Valid for: a year.

This is the only time idselect.idm.cit.cornell.edu was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	20.42.25.107 20.42.25.107	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
11	54.174.83.142 54.174.83.142	14618 (AMAZON-AES) (AMAZON-AES)
4	2a02:26f0:350... 2a02:26f0:3500:16::215:14a0	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a00:1450:400... 2a00:1450:4001:80e::200a	15169 (GOOGLE) (GOOGLE)
1	2a02:26f0:350... 2a02:26f0:3500:16::215:148b	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
17	4

1 20.42.25.107 (Tappahannock, United States) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

secure.provost.cornell.edu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 54.174.83.142 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-174-83-142.compute-1.amazonaws.com

idselect.idm.cit.cornell.edu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:26f0:3500:16::215:14a0 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

use.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:16::215:148b (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

p.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	cornell.edu 1 redirects secure.provost.cornell.edu idselect.idm.cit.cornell.edu	288 KB
5	typekit.net use.typekit.net — Cisco Umbrella Rank: 666 p.typekit.net — Cisco Umbrella Rank: 786	97 KB
1	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 350	34 KB
17	3

	Domain	Requested by
11	idselect.idm.cit.cornell.edu	idselect.idm.cit.cornell.edu
4	use.typekit.net	idselect.idm.cit.cornell.edu use.typekit.net
1	p.typekit.net	use.typekit.net
1	ajax.googleapis.com	idselect.idm.cit.cornell.edu
1	secure.provost.cornell.edu	1 redirects
17	5

This site contains links to these domains. Also see Links.

Domain
www.cornell.edu
secure.provost.cornell.edu
netid.cornell.edu
its.weill.cornell.edu
it.cornell.edu

Subject Issuer	Validity	Valid
idselect.idm.cit.cornell.edu Amazon	`2022-03-31` - `2023-04-29`	a year	crt.sh
use.typekit.net DigiCert TLS RSA SHA256 2020 CA1	`2022-03-07` - `2023-04-07`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://idselect.idm.cit.cornell.edu/idselect/select.html?entityID=https%3A%2F%2Fbrand.cornell.edu%2FShibboleth&return=https%3A%2F%2Fsecure.provost.cornell.edu%2FShibboleth.sso%2FLogin%3FSAMLDS%3D1%26target%3Dss%253Amem%253A458260f7fe93bd8fbe2be2a81ba46541e191b6de45a9944a8ac7d89f42022a52
Frame ID: 4F7504229A63C60BD767FFE607981E16
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Choose Your Campus Location to Sign In | Cornell University

Page URL History Show full URLs

https://secure.provost.cornell.edu/ HTTP 302
https://idselect.idm.cit.cornell.edu/idselect/select.html?entityID=https%3A%2F%2Fbrand.cornell.edu%2FShibboleth&r... Page URL

Detected technologies

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Typekit (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*href="[^"]+use\.typekit\.(?:net|com)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

17
Requests

100 %
HTTPS

60 %
IPv6

3
Domains

5
Subdomains

4
IPs

2
Countries

418 kB
Transfer

484 kB
Size

4
Cookies

8 Outgoing links

These are links going to different origins than the main page.

URL: https://www.cornell.edu/

Search URL Search Domain Scan URL

URL: https://secure.provost.cornell.edu/Shibboleth.sso/Login?SAMLDS=1&target=ss%3Amem%3A458260f7fe93bd8fbe2be2a81ba46541e191b6de45a9944a8ac7d89f42022a52&entityID=https%3A%2F%2Fshibidp.cit.cornell.edu%2Fidp%2Fshibboleth
Title: Cornell NetID

Search URL Search Domain Scan URL

URL: https://netid.cornell.edu/
Title: More information about NetID

Search URL Search Domain Scan URL

URL: https://secure.provost.cornell.edu/Shibboleth.sso/Login?SAMLDS=1&target=ss%3Amem%3A458260f7fe93bd8fbe2be2a81ba46541e191b6de45a9944a8ac7d89f42022a52&entityID=https%3A%2F%2Flogin.weill.cornell.edu%2Fidp
Title: Weill Cornell Medicine CWID

Search URL Search Domain Scan URL

URL: https://its.weill.cornell.edu/services/accounts-and-access/center-wide-id
Title: More information about WCM CWID

Search URL Search Domain Scan URL

URL: https://it.cornell.edu/support
Title: Contact the Cornell IT Service Desk

Search URL Search Domain Scan URL

URL: https://its.weill.cornell.edu/
Title: Contact Weill Cornell Medicine Information Technologies and Services

Search URL Search Domain Scan URL

URL: http://it.cornell.edu/support/
Title: IT Service Desk

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://secure.provost.cornell.edu/ HTTP 302
https://idselect.idm.cit.cornell.edu/idselect/select.html?entityID=https%3A%2F%2Fbrand.cornell.edu%2FShibboleth&return=https%3A%2F%2Fsecure.provost.cornell.edu%2FShibboleth.sso%2FLogin%3FSAMLDS%3D1%26target%3Dss%253Amem%253A458260f7fe93bd8fbe2be2a81ba46541e191b6de45a9944a8ac7d89f42022a52 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request select.html Show response
idselect.idm.cit.cornell.edu/idselect/
Redirect Chain

https://secure.provost.cornell.edu/
https://idselect.idm.cit.cornell.edu/idselect/select.html?entityID=https%3A%2F%2Fbrand.cornell.edu%2FShibboleth&return=https%3A%2F%2Fsecure.provost.cornell.edu%2FShibboleth.sso%2FLogin%3FSAMLDS%3D1...

7 KB
8 KB

438ms
99ms

Document
text/html

54.174.83.142
AMAZON-AES

General

Domain/Path	Expires	Name / Value
idselect.idm.cit.cornell.edu/idselect	1969-12-31 23:59:59	Name: JSESSIONID Value: C6164E307983C9AE2BBAF4A471BDC06F
.secure.provost.cornell.edu/	1969-12-31 23:59:59	Name: UNIVP-ARRAffinity Value: b95c322641bd099cbea3debfd3539ee9acf74562d3cba1ef45a4043bb81fea51
idselect.idm.cit.cornell.edu/	1970-01-20 04:37:28	Name: AWSALB Value: v0fzAAbM2inMi6Avz52GRxEUtpvAzYvpNxXK9UChXV0Y9Mo1fNOSAcKuuDLEnt/zz14n40T7e7DKajIAxW6NHlBRVYZDTFPa3YTwptk8azAuAzQOXypx9uza2Ibn
idselect.idm.cit.cornell.edu/	1970-01-20 04:37:28	Name: AWSALBCORS Value: v0fzAAbM2inMi6Avz52GRxEUtpvAzYvpNxXK9UChXV0Y9Mo1fNOSAcKuuDLEnt/zz14n40T7e7DKajIAxW6NHlBRVYZDTFPa3YTwptk8azAuAzQOXypx9uza2Ibn

idselect.idm.cit.cornell.edu Open in urlscan Pro 54.174.83.142 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

17 Requests

100 %HTTPS

60 %IPv6

3 Domains

5 Subdomains

4 IPs

2 Countries

418 kBTransfer

484 kBSize

4 Cookies

8 Outgoing links

Page URL History

Redirected requests

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

10 JavaScript Global Variables

4 Cookies

Indicators

idselect.idm.cit.cornell.edu Open in urlscan Pro
54.174.83.142 Public Scan

Screenshot
Live screenshot

Full Image

17
Requests

100 %
HTTPS

60 %
IPv6

3
Domains

5
Subdomains

4
IPs

2
Countries

418 kB
Transfer

484 kB
Size

4
Cookies

17 HTTP transactions
0 data transactions