Submitted URL: https://itunes.hshl.de/
Effective URL: https://idp.hshl.de/idp/profile/SAML2/Redirect/SSO?execution=e1s1
Submission: On June 20 via api from US — Scanned from DE

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 4 HTTP transactions. The main IP is 93.180.77.164, located in Schmallenberg, Germany and belongs to AHD-AS, DE. The main domain is idp.hshl.de.
TLS certificate: Issued by GEANT OV RSA CA 4 on June 11th 2024. Valid for: a year.
This is the only time idp.hshl.de was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
4 4 93.180.77.21 197965 (AHD-AS)
1 5 93.180.77.164 197965 (AHD-AS)
4 1
Apex Domain
Subdomains
Transfer
9 hshl.de
itunes.hshl.de
eduassist-test2.hshl.de
idp.hshl.de
12 KB
4 1
Domain Requested by
5 idp.hshl.de 1 redirects idp.hshl.de
3 eduassist-test2.hshl.de 3 redirects
1 itunes.hshl.de 1 redirects
4 3

This site contains links to these domains. Also see Links.

Domain
my.hshl.de
fs.hshl.de
www.hshl.de
Subject Issuer Validity Valid
idp.hshl.de
GEANT OV RSA CA 4
2024-06-11 -
2025-06-11
a year crt.sh

This page contains 1 frames:

Primary Page: https://idp.hshl.de/idp/profile/SAML2/Redirect/SSO?execution=e1s1
Frame ID: EC44BB48F5B3A335D232316856E9F2A1
Requests: 4 HTTP requests in this frame

Screenshot

Page Title

Web Anmeldedienst für Mitglieder der HSHL

Page URL History Show full URLs

  1. https://itunes.hshl.de/ HTTP 301
    https://eduassist-test2.hshl.de/ HTTP 302
    https://eduassist-test2.hshl.de/wp-login.php?redirect_to=https%3A%2F%2Feduassist-test2.hshl.de%2F&action=shi... HTTP 302
    https://eduassist-test2.hshl.de/Shibboleth.sso/Login?target=https%3A%2F%2Feduassist-test2.hshl.de%2Fwp-login... HTTP 302
    https://idp.hshl.de/idp/profile/SAML2/Redirect/SSO?SAMLRequest=hZLLboMwFER%2FBXkPNgSixApINFk0Utp... HTTP 302
    https://idp.hshl.de/idp/profile/SAML2/Redirect/SSO?execution=e1s1 Page URL

Page Statistics

4
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

3
Subdomains

1
IPs

1
Countries

9 kB
Transfer

11 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://itunes.hshl.de/ HTTP 301
    https://eduassist-test2.hshl.de/ HTTP 302
    https://eduassist-test2.hshl.de/wp-login.php?redirect_to=https%3A%2F%2Feduassist-test2.hshl.de%2F&action=shibboleth HTTP 302
    https://eduassist-test2.hshl.de/Shibboleth.sso/Login?target=https%3A%2F%2Feduassist-test2.hshl.de%2Fwp-login.php%3Faction%3Dshibboleth%26redirect_to%3Dhttps%253A%252F%252Feduassist-test2.hshl.de%252F HTTP 302
    https://idp.hshl.de/idp/profile/SAML2/Redirect/SSO?SAMLRequest=hZLLboMwFER%2FBXkPNgSixApINFk0UtpEIe2im8rAbbFkbOpr%2Bvj7kkfTdJPuLHnmjGfkGYpWdTzvXaO38NYDOu%2BzVRr54SIlvdXcCJTItWgBuat4kd%2BteBQw3lnjTGUU8XJEsE4aPTca%2BxZsAfZdVvCwXaWkca5DTinUvcCB5Hw3xERBg40KaqBFI8vSKHBNgGjoHh%2FRzbrYEW8xCKUWe%2FIvR9bd2Tuc6fCMF6ngZNxCLS1UjhbFmnjLRUqe6zphIozFFMbhpCyTBGIWj0U8qdloVLLJIEPsYanRCe1SErEo9tnYj9guHHEW8mT6RLzNqe2N1LXUr9enKY8i5Le73cY%2FlnkEi4cig4Bks%2F3A%2FBBsLya%2FjhU%2FO5Psv1XxvOqMXkQdczt%2BP7CXi41RsvrycqXMx9yCcJCSkNDsaPn7L7Jv&RelayState=ss%3Amem%3Abfe29fe95f50f0dd0e86a22e6f056dd6948221f94db8181d5e45f0b48414f23e HTTP 302
    https://idp.hshl.de/idp/profile/SAML2/Redirect/SSO?execution=e1s1 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request SSO
idp.hshl.de/idp/profile/SAML2/Redirect/
Redirect Chain
  • https://itunes.hshl.de/
  • https://eduassist-test2.hshl.de/
  • https://eduassist-test2.hshl.de/wp-login.php?redirect_to=https%3A%2F%2Feduassist-test2.hshl.de%2F&action=shibboleth
  • https://eduassist-test2.hshl.de/Shibboleth.sso/Login?target=https%3A%2F%2Feduassist-test2.hshl.de%2Fwp-login.php%3Faction%3Dshibboleth%26redirect_to%3Dhttps%253A%252F%252Feduassist-test2.hshl.de%252F
  • https://idp.hshl.de/idp/profile/SAML2/Redirect/SSO?SAMLRequest=hZLLboMwFER%2FBXkPNgSixApINFk0UtpEIe2im8rAbbFkbOpr%2Bvj7kkfTdJPuLHnmjGfkGYpWdTzvXaO38NYDOu%2BzVRr54SIlvdXcCJTItWgBuat4kd%2BteBQw3lnjTG...
  • https://idp.hshl.de/idp/profile/SAML2/Redirect/SSO?execution=e1s1
3 KB
1 KB
Document
General
Full URL
https://idp.hshl.de/idp/profile/SAML2/Redirect/SSO?execution=e1s1
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
93.180.77.164 Schmallenberg, Germany, ASN197965 (AHD-AS, DE),
Reverse DNS
Software
Apache/2.4.52 (Ubuntu) /
Resource Hash
f072f32a99cc554029fcea50ce067c9edcb2cb995394c98f9a7d76c326c87024
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none';
Strict-Transport-Security max-age=0
X-Frame-Options SAMEORIGIN DENY

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

Cache-Control
no-store
Connection
Keep-Alive
Content-Encoding
gzip
Content-Length
990
Content-Security-Policy
frame-ancestors 'none';
Content-Type
text/html;charset=utf-8
Date
Thu, 20 Jun 2024 13:01:59 GMT
Keep-Alive
timeout=5, max=99
Server
Apache/2.4.52 (Ubuntu)
Strict-Transport-Security
max-age=0
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN DENY

Redirect headers

Cache-Control
no-store
Connection
Keep-Alive
Content-Length
0
Content-Security-Policy
frame-ancestors 'none';
Date
Thu, 20 Jun 2024 13:01:59 GMT
Keep-Alive
timeout=5, max=100
Location
/idp/profile/SAML2/Redirect/SSO?execution=e1s1
Server
Apache/2.4.52 (Ubuntu)
Strict-Transport-Security
max-age=0
X-Frame-Options
SAMEORIGIN DENY
main.css
idp.hshl.de/idp/css/
3 KB
1 KB
Stylesheet
General
Full URL
https://idp.hshl.de/idp/css/main.css
Requested by
Host: idp.hshl.de
URL: https://idp.hshl.de/idp/profile/SAML2/Redirect/SSO?execution=e1s1
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
93.180.77.164 Schmallenberg, Germany, ASN197965 (AHD-AS, DE),
Reverse DNS
Software
Apache/2.4.52 (Ubuntu) /
Resource Hash
58900325f663a8d308aa7c25a9c54ce334a6bd28b4784a2993a20c5d1ef03ee1
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://idp.hshl.de/idp/profile/SAML2/Redirect/SSO?execution=e1s1
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 20 Jun 2024 13:02:00 GMT
Content-Encoding
gzip
Last-Modified
Thu, 15 Aug 2019 14:26:40 GMT
Server
Apache/2.4.52 (Ubuntu)
ETag
W/"2828-1565879200000-gzip"
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding
Content-Type
text/css;charset=UTF-8
Cache-Control
private
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
942
hshl.jpg
idp.hshl.de/idp/images/
5 KB
6 KB
Image
General
Full URL
https://idp.hshl.de/idp/images/hshl.jpg
Requested by
Host: idp.hshl.de
URL: https://idp.hshl.de/idp/profile/SAML2/Redirect/SSO?execution=e1s1
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
93.180.77.164 Schmallenberg, Germany, ASN197965 (AHD-AS, DE),
Reverse DNS
Software
Apache/2.4.52 (Ubuntu) /
Resource Hash
f6c2a931cbe0dd5f9c7f4e2bd7f469018e59be0ff0f40258be2fd386ebaeea58
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://idp.hshl.de/idp/profile/SAML2/Redirect/SSO?execution=e1s1
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 20 Jun 2024 13:02:00 GMT
Last-Modified
Thu, 15 Aug 2019 14:26:40 GMT
Server
Apache/2.4.52 (Ubuntu)
ETag
W/"5618-1565879200000"
X-Frame-Options
SAMEORIGIN
Transfer-Encoding
chunked
Content-Type
image/jpeg;charset=UTF-8
Cache-Control
private
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
favicon.ico
idp.hshl.de/
274 B
519 B
Other
General
Full URL
https://idp.hshl.de/favicon.ico
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
93.180.77.164 Schmallenberg, Germany, ASN197965 (AHD-AS, DE),
Reverse DNS
Software
Apache/2.4.52 (Ubuntu) /
Resource Hash
ba7a00d148844bdd33cb79a6b416ac02c5fde3c6dbbed38522b2f666524991ea
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://idp.hshl.de/idp/profile/SAML2/Redirect/SSO?execution=e1s1
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 20 Jun 2024 13:02:00 GMT
Server
Apache/2.4.52 (Ubuntu)
Connection
Keep-Alive
Keep-Alive
timeout=5, max=99
Content-Length
274
X-Frame-Options
SAMEORIGIN
Content-Type
text/html; charset=iso-8859-1

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

undefined| event object| fence object| sharedStorage

4 Cookies

Domain/Path Name / Value
idp.hshl.de/idp Name: JSESSIONID
Value: 845C19F3A360262AC87B15AB9DC7EB7B
itunes.hshl.de/ Name: PHPSESSID
Value: 9keu82i11kegnfl6gpk3svsv4m
eduassist-test2.hshl.de/ Name: PHPSESSID
Value: 7ocj0esdjn1qe8nbvg94himhcm
eduassist-test2.hshl.de/ Name: wordpress_test_cookie
Value: WP%20Cookie%20check

2 Console Messages

Source Level URL
Text
recommendation verbose URL: https://idp.hshl.de/idp/profile/SAML2/Redirect/SSO?execution=e1s1
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o
network error URL: https://idp.hshl.de/favicon.ico
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-ancestors 'none';
Strict-Transport-Security max-age=0
X-Frame-Options SAMEORIGIN DENY