urlscan.io logo urlscan.io
SecurityTrails logo

shibb-idp.georgetown.edu Open in urlscan Pro
141.161.99.110  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://salesforcetestcommunity2.georgetown.edu/
Effective URL: https://shibb-idp.georgetown.edu/idp/profile/SAML2/POST/SSO?execution=e1s1
Submission Tags: phishingrod
Submission: On July 16 via api from DE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 7 HTTP transactions. The main IP is 141.161.99.110, located in Washington, United States and belongs to GU, US. The main domain is shibb-idp.georgetown.edu. The Cisco Umbrella rank of the primary domain is 647370.
TLS certificate: Issued by InCommon RSA Server CA 2 on December 11th 2023. Valid for: a year.
This is the only time shibb-idp.georgetown.edu was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 35.158.127.52 16509 (AMAZON-02)
3 44.241.154.132 16509 (AMAZON-02)
1 5 141.161.99.110 11318 (GU)
7 3
Apex Domain
Subdomains		 Transfer
6 georgetown.edu
salesforcetestcommunity2.georgetown.edu
shibb-idp.georgetown.edu — Cisco Umbrella Rank: 647370
26 KB
3 salesforce.com
gu360.my.salesforce.com
12 KB
7 2
Domain Requested by
5 shibb-idp.georgetown.edu 1 redirects shibb-idp.georgetown.edu
3 gu360.my.salesforce.com gu360.my.salesforce.com
1 salesforcetestcommunity2.georgetown.edu 1 redirects
7 3

This site contains links to these domains. Also see Links.

Domain
password.georgetown.edu
Subject Issuer Validity Valid
usa562.sfdc-lywfpd.salesforce.com
DigiCert TLS RSA SHA256 2020 CA1		 2024-07-15 -
2025-07-15		 a year crt.sh
shibb-idp.georgetown.edu
InCommon RSA Server CA 2		 2023-12-11 -
2024-12-10		 a year crt.sh

This page contains 1 frames:

Primary Page: https://shibb-idp.georgetown.edu/idp/profile/SAML2/POST/SSO?execution=e1s1
Frame ID: FDA1DDD9C6EBF4E2B990FE3CA59363A0
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Single Signon - Georgetown University

Page URL History Show full URLs

  1. https://salesforcetestcommunity2.georgetown.edu/ HTTP 302
    https://gu360.my.salesforce.com/0I41Q0000008PJP Page URL
  2. https://gu360.my.salesforce.com/saml/authn-request.jsp?saml_request_id=_2CAAAAZFJqvMfMDAwMDAwMDAwMDAwMDAwAAA... Page URL
  3. https://shibb-idp.georgetown.edu/idp/profile/SAML2/POST/SSO HTTP 302
    https://shibb-idp.georgetown.edu/idp/profile/SAML2/POST/SSO?execution=e1s1 Page URL

Page Statistics

7
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

3
Subdomains

3
IPs

2
Countries

36 kB
Transfer

38 kB
Size

7
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://salesforcetestcommunity2.georgetown.edu/ HTTP 302
    https://gu360.my.salesforce.com/0I41Q0000008PJP Page URL
  2. https://gu360.my.salesforce.com/saml/authn-request.jsp?saml_request_id=_2CAAAAZFJqvMfMDAwMDAwMDAwMDAwMDAwAAAA-hBNMiW5MauHtKT2EAjjvW0AKYWF3jNTLed48TlHxZNb6pZRC6ElbwWHZ8HaFN079pqUaY5MZq90n0UaWCTzg1Gxi4Y2Fb5sMuMYZK6-X6SrZyL8tJ2Z2hJ_ISRSk6YQWNRlPZNL1d2J3NAsx59pUukJFUW_YjlnMoDKN5zo-7ISNaFCcar_10ZTl8zWeRSxykyE_90jtbSbFsHOnXd2B9taKSWZ73q3-7cudKafwdqgdlE4VCNhJ3ultHZqLtiQZg&saml_acs=https%3A%2F%2Fgu360.my.salesforce.com%3Fso%3D00D36000000rQpz&saml_binding_type=HttpPost&Issuer=https%3A%2F%2Fgu360.my.salesforce.com&samlSsoConfig=0LE36000000PO5g&RelayState=%2F0I41Q0000008PJP Page URL
  3. https://shibb-idp.georgetown.edu/idp/profile/SAML2/POST/SSO HTTP 302
    https://shibb-idp.georgetown.edu/idp/profile/SAML2/POST/SSO?execution=e1s1 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://salesforcetestcommunity2.georgetown.edu/ HTTP 302
  • https://gu360.my.salesforce.com/0I41Q0000008PJP

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
0I41Q0000008PJP
gu360.my.salesforce.com/
Redirect Chain
  • https://salesforcetestcommunity2.georgetown.edu/
  • https://gu360.my.salesforce.com/0I41Q0000008PJP
2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://gu360.my.salesforce.com/0I41Q0000008PJP
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
44.241.154.132 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-44-241-154-132.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

cache-control
must-revalidate,no-cache,no-store
content-encoding
gzip
content-security-policy
upgrade-insecure-requests
content-type
text/html; charset=UTF-8
date
Tue, 16 Jul 2024 02:57:05 GMT
origin-trial
AqlAE64ET63tVSana3qdVkfkPAgyUhY8GwcehUlpqv067CevOpumeNUlx9YouLkBxJ0CT+EwIb8/SiNbF2NGvwYAAABfeyJvcmlnaW4iOiJodHRwczovL3NhbGVzZm9yY2UuY29tOjQ0MyIsImZlYXR1cmUiOiJUcGNkIiwiZXhwaXJ5IjoxNzM1MzQzOTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
referrer-policy
origin-when-cross-origin
strict-transport-security
max-age=63072000; includeSubDomains
vary
Accept-Encoding
x-content-type-options
nosniff
x-robots-tag
none

Redirect headers

cache-control
no-cache,must-revalidate,max-age=0,no-store,private
content-length
0
content-type
text/html; charset=UTF-8
date
Tue, 16 Jul 2024 02:57:05 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
location
https://gu360.my.salesforce.com/0I41Q0000008PJP
server
sfdcedge
x-robots-tag
nofollow, noindex, noarchive, nosnippet
x-sfdc-request-id
be291ad7da1a03d3c81ec588bb680892
authn-request.jsp
gu360.my.salesforce.com/saml/ 		7 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://gu360.my.salesforce.com/saml/authn-request.jsp?saml_request_id=_2CAAAAZFJqvMfMDAwMDAwMDAwMDAwMDAwAAAA-hBNMiW5MauHtKT2EAjjvW0AKYWF3jNTLed48TlHxZNb6pZRC6ElbwWHZ8HaFN079pqUaY5MZq90n0UaWCTzg1Gxi4Y2Fb5sMuMYZK6-X6SrZyL8tJ2Z2hJ_ISRSk6YQWNRlPZNL1d2J3NAsx59pUukJFUW_YjlnMoDKN5zo-7ISNaFCcar_10ZTl8zWeRSxykyE_90jtbSbFsHOnXd2B9taKSWZ73q3-7cudKafwdqgdlE4VCNhJ3ultHZqLtiQZg&saml_acs=https%3A%2F%2Fgu360.my.salesforce.com%3Fso%3D00D36000000rQpz&saml_binding_type=HttpPost&Issuer=https%3A%2F%2Fgu360.my.salesforce.com&samlSsoConfig=0LE36000000PO5g&RelayState=%2F0I41Q0000008PJP
Requested by
Host: gu360.my.salesforce.com
URL: https://gu360.my.salesforce.com/0I41Q0000008PJP
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
44.241.154.132 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-44-241-154-132.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://gu360.my.salesforce.com/0I41Q0000008PJP
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

cache-control
no-cache,must-revalidate,max-age=0,no-store,private
content-encoding
gzip
content-security-policy
upgrade-insecure-requests
content-type
text/html;charset=UTF-8
date
Tue, 16 Jul 2024 02:57:06 GMT
origin-trial
AqlAE64ET63tVSana3qdVkfkPAgyUhY8GwcehUlpqv067CevOpumeNUlx9YouLkBxJ0CT+EwIb8/SiNbF2NGvwYAAABfeyJvcmlnaW4iOiJodHRwczovL3NhbGVzZm9yY2UuY29tOjQ0MyIsImZlYXR1cmUiOiJUcGNkIiwiZXhwaXJ5IjoxNzM1MzQzOTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
pragma
no-cache
referrer-policy
origin-when-cross-origin
strict-transport-security
max-age=63072000; includeSubDomains
vary
Accept-Encoding
x-content-type-options
nosniff
x-robots-tag
none
Primary Request SSO
shibb-idp.georgetown.edu/idp/profile/SAML2/POST/
Redirect Chain
  • https://shibb-idp.georgetown.edu/idp/profile/SAML2/POST/SSO
  • https://shibb-idp.georgetown.edu/idp/profile/SAML2/POST/SSO?execution=e1s1
2 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://shibb-idp.georgetown.edu/idp/profile/SAML2/POST/SSO?execution=e1s1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
141.161.99.110 Washington, United States, ASN11318 (GU, US),
Reverse DNS
shibb-idp.georgetown.edu
Software
/
Resource Hash
1b16c7c8abecf8cc3c3131a1903640d2f78f4a0288d46b2e6e4b38b9fb05a9c3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://gu360.my.salesforce.com
Referer
https://gu360.my.salesforce.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Cache-Control
no-store
Connection
keep-alive
Content-Length
2511
Content-Type
text/html;charset=utf-8
Date
Tue, 16 Jul 2024 02:57:06 GMT
Keep-Alive
timeout=60
Strict-Transport-Security
max-age=31536000

Redirect headers

Cache-Control
no-store
Connection
keep-alive
Content-Length
0
Date
Tue, 16 Jul 2024 02:57:06 GMT
Keep-Alive
timeout=60
Location
/idp/profile/SAML2/POST/SSO?execution=e1s1
Strict-Transport-Security
max-age=31536000
favicon.ico
gu360.my.salesforce.com/ 		5 KB
5 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://gu360.my.salesforce.com/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
44.241.154.132 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-44-241-154-132.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://gu360.my.salesforce.com/saml/authn-request.jsp?saml_request_id=_2CAAAAZFJqvMfMDAwMDAwMDAwMDAwMDAwAAAA-hBNMiW5MauHtKT2EAjjvW0AKYWF3jNTLed48TlHxZNb6pZRC6ElbwWHZ8HaFN079pqUaY5MZq90n0UaWCTzg1Gxi4Y2Fb5sMuMYZK6-X6SrZyL8tJ2Z2hJ_ISRSk6YQWNRlPZNL1d2J3NAsx59pUukJFUW_YjlnMoDKN5zo-7ISNaFCcar_10ZTl8zWeRSxykyE_90jtbSbFsHOnXd2B9taKSWZ73q3-7cudKafwdqgdlE4VCNhJ3ultHZqLtiQZg&saml_acs=https%3A%2F%2Fgu360.my.salesforce.com%3Fso%3D00D36000000rQpz&saml_binding_type=HttpPost&Issuer=https%3A%2F%2Fgu360.my.salesforce.com&samlSsoConfig=0LE36000000PO5g&RelayState=%2F0I41Q0000008PJP
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Tue, 16 Jul 2024 02:57:06 GMT
strict-transport-security
max-age=63072000; includeSubDomains
x-content-type-options
nosniff
referrer-policy
origin-when-cross-origin
content-type
image/x-icon
cache-control
public,max-age=3888000
origin-trial
AqlAE64ET63tVSana3qdVkfkPAgyUhY8GwcehUlpqv067CevOpumeNUlx9YouLkBxJ0CT+EwIb8/SiNbF2NGvwYAAABfeyJvcmlnaW4iOiJodHRwczovL3NhbGVzZm9yY2UuY29tOjQ0MyIsImZlYXR1cmUiOiJUcGNkIiwiZXhwaXJ5IjoxNzM1MzQzOTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
x-robots-tag
none
expires
Fri, 30 Aug 2024 02:57:06 GMT
main.css
shibb-idp.georgetown.edu/idp/css/ 		8 KB
9 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://shibb-idp.georgetown.edu/idp/css/main.css
Requested by
Host: shibb-idp.georgetown.edu
URL: https://shibb-idp.georgetown.edu/idp/profile/SAML2/POST/SSO?execution=e1s1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
141.161.99.110 Washington, United States, ASN11318 (GU, US),
Reverse DNS
shibb-idp.georgetown.edu
Software
/
Resource Hash
97acee86b25e8b41ed0079f38fcc7360765b6b1ac545d1cb9155ebee73dc7879

Request headers

Referer
https://shibb-idp.georgetown.edu/idp/profile/SAML2/POST/SSO?execution=e1s1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date
Tue, 16 Jul 2024 02:57:06 GMT
Last-Modified
Mon, 18 Jan 2021 18:40:24 GMT
ETag
W/"8661-1610995224000"
Content-Type
text/css;charset=UTF-8
Cache-Control
private
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=60
Content-Length
8661
login-screen-header.png
shibb-idp.georgetown.edu/idp/images/ 		12 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://shibb-idp.georgetown.edu/idp/images/login-screen-header.png
Requested by
Host: shibb-idp.georgetown.edu
URL: https://shibb-idp.georgetown.edu/idp/profile/SAML2/POST/SSO?execution=e1s1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
141.161.99.110 Washington, United States, ASN11318 (GU, US),
Reverse DNS
shibb-idp.georgetown.edu
Software
/
Resource Hash
d92dfa0476c608b9e60eda0881a1f8c9b1013a8e9b353b7e8ac4e5a36f4a8370

Request headers

Referer
https://shibb-idp.georgetown.edu/idp/profile/SAML2/POST/SSO?execution=e1s1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date
Tue, 16 Jul 2024 02:57:06 GMT
Last-Modified
Wed, 18 Apr 2018 10:02:58 GMT
ETag
W/"11821-1524045778000"
Content-Type
image/png;charset=UTF-8
Cache-Control
private
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=60
Content-Length
11821
truncated
/ 		592 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b8f8bc4a350555ab15fbf6f6125bca2d5b340c4459d23d460595ac0d217c931f

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
favicon.ico
shibb-idp.georgetown.edu/ 		694 B
1 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://shibb-idp.georgetown.edu/favicon.ico
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
141.161.99.110 Washington, United States, ASN11318 (GU, US),
Reverse DNS
shibb-idp.georgetown.edu
Software
/
Resource Hash
b6d81a2070ce191647440e50167d59f727803f424d39f7cc25a232f429da3f5c

Request headers

Referer
https://shibb-idp.georgetown.edu/idp/profile/SAML2/POST/SSO?execution=e1s1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Language
de
Date
Tue, 16 Jul 2024 02:57:06 GMT
Connection
keep-alive
Keep-Alive
timeout=60
Content-Length
694
Content-Type
text/html;charset=utf-8

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

7 Cookies

Domain/Path Name / Value
salesforcetestcommunity2.georgetown.edu/ Name: CookieConsentPolicy
Value: 0:0
salesforcetestcommunity2.georgetown.edu/ Name: LSKey-c$CookieConsentPolicy
Value: 0:0
gu360.my.salesforce.com/ Name: CookieConsentPolicy
Value: 0:1
gu360.my.salesforce.com/ Name: LSKey-c$CookieConsentPolicy
Value: 0:1
.salesforce.com/ Name: BrowserId
Value: FaZsmkMfEe-S3331x5W97Q
shibb-idp.georgetown.edu/ Name: __Host-JSESSIONID
Value: 0F03678BA57BD14286372138818E9BDD
shibb-idp.georgetown.edu/ Name: SHIBBP
Value: !Jo3aeN3qr8oubK+vsw436a7/tiRn+e+dvW/4KcPTZ5vGI/9IrcaRAmm1d8K9wkdQdnXmEU015C5C7g==

2 Console Messages

Source Level URL
Text
recommendation verbose URL: https://shibb-idp.georgetown.edu/idp/profile/SAML2/POST/SSO?execution=e1s1
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o
network error URL: https://shibb-idp.georgetown.edu/favicon.ico
Message:
Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff