shib.ncsu.edu
Open in
urlscan Pro
35.170.168.182
Public Scan
Effective URL: https://shib.ncsu.edu/idp/profile/SAML2/POST/SSO?execution=e1s2
Submission: On November 01 via automatic, source certstream-suspicious — Scanned from DE
Summary
TLS certificate: Issued by InCommon RSA Server CA 2 on July 25th 2024. Valid for: a year.
This is the only time shib.ncsu.edu was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 | 152.46.3.102 152.46.3.102 | 81 (NCREN) (NCREN) | |
2 6 | 35.170.168.182 35.170.168.182 | 14618 (AMAZON-AES) (AMAZON-AES) | |
7 | 2600:9000:26d... 2600:9000:26db:8e00:17:820a:e680:93a1 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 2a00:1450:400... 2a00:1450:4001:830::200a | 15169 (GOOGLE) (GOOGLE) | |
2 | 2a00:1450:400... 2a00:1450:4001:829::2003 | 15169 (GOOGLE) (GOOGLE) | |
1 | 2600:9000:225... 2600:9000:2251:7c00:18:1a2e:2c00:93a1 | 16509 (AMAZON-02) (AMAZON-02) | |
17 | 6 |
ASN81 (NCREN, US)
PTR: p01-mdl-rstr-01.delta.ncsu.edu
moodle-restore.delta.ncsu.edu |
ASN14618 (AMAZON-AES, US)
PTR: ec2-35-170-168-182.compute-1.amazonaws.com
shib.ncsu.edu |
Apex Domain Subdomains |
Transfer | |
---|---|---|
16 |
ncsu.edu
2 redirects
moodle-restore.delta.ncsu.edu shib.ncsu.edu — Cisco Umbrella Rank: 496333 cdn.ncsu.edu — Cisco Umbrella Rank: 127336 www.ncsu.edu — Cisco Umbrella Rank: 373250 |
150 KB |
2 |
gstatic.com
fonts.gstatic.com |
22 KB |
1 |
googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 412 |
29 KB |
17 | 3 |
Domain | Requested by | |
---|---|---|
7 | cdn.ncsu.edu |
shib.ncsu.edu
cdn.ncsu.edu |
6 | shib.ncsu.edu |
2 redirects
shib.ncsu.edu
|
2 | fonts.gstatic.com |
cdn.ncsu.edu
|
2 | moodle-restore.delta.ncsu.edu | |
1 | www.ncsu.edu | |
1 | ajax.googleapis.com |
shib.ncsu.edu
|
17 | 6 |
This site contains links to these domains. Also see Links.
Domain |
---|
go.ncsu.edu |
help.ncsu.edu |
oit.ncsu.edu |
ncsu.edu |
accessibility.ncsu.edu |
www.ncsu.edu |
policies.ncsu.edu |
Subject Issuer | Validity | Valid | |
---|---|---|---|
p20-moodle-restore-01.delta.ncsu.edu InCommon ECC Server CA 2 |
2023-12-30 - 2024-12-29 |
a year | crt.sh |
shib.ncsu.edu InCommon RSA Server CA 2 |
2024-07-25 - 2025-08-25 |
a year | crt.sh |
cdn.ncsu.edu InCommon RSA Server CA 2 |
2023-12-18 - 2025-01-17 |
a year | crt.sh |
upload.video.google.com WR2 |
2024-10-07 - 2024-12-30 |
3 months | crt.sh |
*.gstatic.com WR2 |
2024-10-07 - 2024-12-30 |
3 months | crt.sh |
www.ncsu.edu InCommon RSA Server CA 2 |
2024-01-25 - 2025-02-24 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://shib.ncsu.edu/idp/profile/SAML2/POST/SSO?execution=e1s2
Frame ID: C6975F4EFD3EDDDF446D770C5E303920
Requests: 17 HTTP requests in this frame
Screenshot
Page Title
NC State Shibboleth LoginPage URL History Show full URLs
- https://moodle-restore.delta.ncsu.edu/ Page URL
-
https://shib.ncsu.edu/idp/profile/SAML2/POST/SSO
HTTP 302
https://shib.ncsu.edu/idp/profile/SAML2/POST/SSO?execution=e1s1 Page URL
-
https://shib.ncsu.edu/idp/profile/SAML2/POST/SSO?execution=e1s1
HTTP 302
https://shib.ncsu.edu/idp/profile/SAML2/POST/SSO?execution=e1s2 Page URL
Detected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
jQuery (JavaScript Libraries) Expand
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
10 Outgoing links
These are links going to different origins than the main page.
Title: Password?
Search URL Search Domain Scan URL
Title: help.ncsu.edu
Search URL Search Domain Scan URL
Title: go.ncsu.edu/2FASupport
Search URL Search Domain Scan URL
Title: 2FA Bypass Code Tool
Search URL Search Domain Scan URL
Title: Shibboleth
Search URL Search Domain Scan URL
Title: Office of Information Technology
Search URL Search Domain Scan URL
Title: NC State University
Search URL Search Domain Scan URL
Title: Accessibility
Search URL Search Domain Scan URL
Title: Privacy
Search URL Search Domain Scan URL
Title: University Policies
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://moodle-restore.delta.ncsu.edu/ Page URL
-
https://shib.ncsu.edu/idp/profile/SAML2/POST/SSO
HTTP 302
https://shib.ncsu.edu/idp/profile/SAML2/POST/SSO?execution=e1s1 Page URL
-
https://shib.ncsu.edu/idp/profile/SAML2/POST/SSO?execution=e1s1
HTTP 302
https://shib.ncsu.edu/idp/profile/SAML2/POST/SSO?execution=e1s2 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 1- https://shib.ncsu.edu/idp/profile/SAML2/POST/SSO HTTP 302
- https://shib.ncsu.edu/idp/profile/SAML2/POST/SSO?execution=e1s1
17 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
moodle-restore.delta.ncsu.edu/ |
5 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
SSO
shib.ncsu.edu/idp/profile/SAML2/POST/ Redirect Chain
|
3 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
favicon.ico
moodle-restore.delta.ncsu.edu/ |
5 KB 6 KB |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
placeholder.css
shib.ncsu.edu/idp/css/ |
15 KB 15 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
SSO
shib.ncsu.edu/idp/profile/SAML2/POST/ Redirect Chain
|
8 KB 9 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon.ico
shib.ncsu.edu/ |
1 KB 2 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
cdn.ncsu.edu/brand-assets/bootstrap/css/ |
124 KB 19 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style_405.css
cdn.ncsu.edu/shibboleth/css/ |
6 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
toggle.js
cdn.ncsu.edu/shibboleth/inc/ |
170 B 691 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ncstate-brick-2x1.jpg
cdn.ncsu.edu/brand-assets/logos/ |
57 KB 58 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tower-150ppi.png
cdn.ncsu.edu/shibboleth/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/2.1.0/ |
82 KB 29 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js
cdn.ncsu.edu/brand-assets/bootstrap/js/ |
29 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
KFOlCnqEu92Fr1MmSU5fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v29/ |
11 KB 11 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQk6YvM.woff2
fonts.gstatic.com/s/robotocondensed/v19/ |
11 KB 11 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ncsu-icons.woff
cdn.ncsu.edu/brand-assets/icons/ |
6 KB 6 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon.ico
www.ncsu.edu/ |
27 KB 13 KB |
Other
image/vnd.microsoft.icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| togglePassword function| oneClickSubmit function| $ function| jQuery6 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
moodle-restore.delta.ncsu.edu/ | Name: _opensaml_req_ss%3Amem%3Ab4ff2b4f07eb67d2122c5695ce996352d202ef1e0c659cbca5cec86ce9209030 Value: _899e197892b42df38c6139bb96ca6943 |
|
moodle-restore.delta.ncsu.edu/ | Name: _opensaml_req_ss%3Amem%3Afe6f22a41379456429ae74cd608056405822323a15943ff4e971cb8255a39f71 Value: _fbd8818d11ba318d4501336c02822a9c |
|
shib.ncsu.edu/ | Name: __Host-JSESSIONID Value: node01cqmp3oqwhgzm1eebketj86vpk552509.node0 |
|
shib.ncsu.edu/ | Name: AWSALB Value: qQhWv3TkuyVcR1pWkJqKlholaZ6lOq46xjdtlSty8qK0WfMVItDvcyBXf7Ie1eRwgyzP0TtLpMuq2PTpAj9qyQOZf8v/0Kg2BjAr9Vmede4NHllD5D7c+xN+ED87 |
|
shib.ncsu.edu/ | Name: AWSALBCORS Value: qQhWv3TkuyVcR1pWkJqKlholaZ6lOq46xjdtlSty8qK0WfMVItDvcyBXf7Ie1eRwgyzP0TtLpMuq2PTpAj9qyQOZf8v/0Kg2BjAr9Vmede4NHllD5D7c+xN+ED87 |
|
www.ncsu.edu/ | Name: flb Value: iws-wsproxy-200|ZxFhO |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
cdn.ncsu.edu
fonts.gstatic.com
moodle-restore.delta.ncsu.edu
shib.ncsu.edu
www.ncsu.edu
152.46.3.102
2600:9000:2251:7c00:18:1a2e:2c00:93a1
2600:9000:26db:8e00:17:820a:e680:93a1
2a00:1450:4001:829::2003
2a00:1450:4001:830::200a
35.170.168.182
022b58917dd93465780bc82645c08507757db8e591b7270f35471b86aa3b66e9
05534abd627fa5d6612b5f8b7800d0ffcbc06c698b3587a934de1ff9a88f9d83
2f07d57d8b93ece8e58b79238826df36fd306ab2e78d5943384962070d080cb7
49a1b4e1296645aa2f513c87a0e5fe56a305a7ed678c2f6499631ec1f3b35856
4b276a3df6dcdcd6c00183988721ddac6786ef8ffbc664e87e8c34dac70ca199
5b62980197fdc4923ab5171bc88492dad5e09751875665d6249a1187525ee884
5d76559b66ab54a9719d500f56a39c7a64480d4826cca319fdd39c751678cb52
85fd2cd4a855b1a6708a2c85f1b66a960a432168577fe5cd10cb2ae831d07cf7
a556ab569c49e643e27b938e048f53d89af95c53aeab395f43e6e02419664c3d
b223921cf364ccf6e6f54047544ee5001b9bf42d0ffd430222f5e353ba68946e
b5ec1f60dde94e414e0c205bba2636933595c64d6a4b61baf5cd90350f9fbb04
c93a51d8dd2b8a15d7ac940e6d9ac27af352b90aa4f90f4f1ba88e28dff7c1db
f284353a7cc4d97f6fe20a5155131bd43587a0f1c98a56eeaf52cff72910f47d
f82ca9c95147d2daff19bb83e99d143b87e6ebb4d49a0881f34aaaf4f678e239