sso.fedrepsol.com - urlscan.io

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 6 HTTP transactions. The main IP is 185.145.230.166, located in Madrid, Spain and belongs to REPSOL, ES. The main domain is sso.fedrepsol.com. The Cisco Umbrella rank of the primary domain is 413230.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on June 1st 2022. Valid for: a year.

This is the only time sso.fedrepsol.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 3	158.69.146.9 158.69.146.9	16276 (OVH) (OVH)
5	185.145.230.166 185.145.230.166	62043 (REPSOL) (REPSOL)
6	2

3 158.69.146.9 (Montreal, Canada) 2 redirects

ASN16276 (OVH, FR)
PTR: vip1-bhs.boreal-is.com

repsolna.boreal-is.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 185.145.230.166 (Madrid, Spain)

ASN62043 (REPSOL, ES)
PTR: 185.145.230.166.rad.tsai.es

sso.fedrepsol.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	fedrepsol.com sso.fedrepsol.com — Cisco Umbrella Rank: 413230	187 KB
3	boreal-is.com 2 redirects repsolna.boreal-is.com	5 KB
6	2

	Domain	Requested by
5	sso.fedrepsol.com	repsolna.boreal-is.com sso.fedrepsol.com
3	repsolna.boreal-is.com	2 redirects
6	2

This site contains no links.

Subject Issuer	Validity	Valid
*.boreal-is.com DigiCert TLS RSA SHA256 2020 CA1	`2022-06-07` - `2023-07-08`	a year	crt.sh
sso.fedrepsol.com DigiCert TLS RSA SHA256 2020 CA1	`2022-06-01` - `2023-06-07`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://sso.fedrepsol.com/idp/SSO.saml2?SAMLRequest=nVJNb4JAEP0rZO98Fg1sEGP1UBMbjdAeemkWGHUT2KU7i%2FHnF0FaDq0Hrzvz3ryPjeaXqjTOoJBLMSOu5ZB5HCGrypouGn0Se%2FhqALXRrgmk3WBGGiWoZMiRClYBUp3TZPG6oZ7l0FpJLXNZEmO9mpHP%2FMk%2FBL4%2FnWRuVoTBdJpPQmK8DwdbRLuI2MBaoGZCt0%2BO55mua3pB6np0ElDHt8Ig%2FCDG7kb9zEXBxfG%2BjqxfQvqSpjtzt01SYqxaJ1ww3Z0%2BaV0jtW1EaR2gUFCjLK1cVjYvajtJttbVrUeMBSKoK2YpBTYVqATUmefwtt%2F8svRwwaxMKmClybGjKuWRC9InSjufahTlfQdsuEviv9kje0Q7tHYrDIquvlayhstD9S1lVTPF8ZoVXFiuBxtj4mXZqtzD4QFTdtzr%2F0fyz3T8DeNv&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=DqcOjXJnuIYBCHRbjR8LkcZvIY4q4NJLDZrQboHgxYvoQRyn3JreT5VMCobe0mQyNlgbGHrlpK%2FxmJWAj5txX1N6XhqehzITpROMLDXYgCMYfUFG7O1ITe2LTClL823iUrpLdwelJnYqWvR%2F37wR3MLBjQ0zyGpkXDpXcUWaXWrDxIAcmlMlgCfa6FhEx9Exc5DMPkVxIaQ9rt7bHmNTF%2BaJzMDFSsgSf3oVUATQw4CMGbV%2B8hmH3nhelFRSC0ucXUqwBC3b0HbZ4dKXo%2FDj8aVnW5B4%2BQhLekz2C4PbEhYxf%2FyugyZCrzg%2BH27H50rScoA4ahz4sIbR7eaMNFdK%2Fg%3D%3D
Frame ID: DA8CAABEE7910E480757E50877BC980F
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sign On

Page URL History Show full URLs

http://repsolna.boreal-is.com/ HTTP 301
https://repsolna.boreal-is.com/ Page URL
https://repsolna.boreal-is.com/login HTTP 302
https://sso.fedrepsol.com/idp/SSO.saml2?SAMLRequest=nVJNb4JAEP0rZO98Fg1sEGP1UBMbjdAeemkWGHUT2KU7i%2FHn... Page URL

Page Statistics

6
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

189 kB
Transfer

185 kB
Size

5
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://repsolna.boreal-is.com/ HTTP 301
https://repsolna.boreal-is.com/ Page URL
https://repsolna.boreal-is.com/login HTTP 302
https://sso.fedrepsol.com/idp/SSO.saml2?SAMLRequest=nVJNb4JAEP0rZO98Fg1sEGP1UBMbjdAeemkWGHUT2KU7i%2FHnF0FaDq0Hrzvz3ryPjeaXqjTOoJBLMSOu5ZB5HCGrypouGn0Se%2FhqALXRrgmk3WBGGiWoZMiRClYBUp3TZPG6oZ7l0FpJLXNZEmO9mpHP%2FMk%2FBL4%2FnWRuVoTBdJpPQmK8DwdbRLuI2MBaoGZCt0%2BO55mua3pB6np0ElDHt8Ig%2FCDG7kb9zEXBxfG%2BjqxfQvqSpjtzt01SYqxaJ1ww3Z0%2BaV0jtW1EaR2gUFCjLK1cVjYvajtJttbVrUeMBSKoK2YpBTYVqATUmefwtt%2F8svRwwaxMKmClybGjKuWRC9InSjufahTlfQdsuEviv9kje0Q7tHYrDIquvlayhstD9S1lVTPF8ZoVXFiuBxtj4mXZqtzD4QFTdtzr%2F0fyz3T8DeNv&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=DqcOjXJnuIYBCHRbjR8LkcZvIY4q4NJLDZrQboHgxYvoQRyn3JreT5VMCobe0mQyNlgbGHrlpK%2FxmJWAj5txX1N6XhqehzITpROMLDXYgCMYfUFG7O1ITe2LTClL823iUrpLdwelJnYqWvR%2F37wR3MLBjQ0zyGpkXDpXcUWaXWrDxIAcmlMlgCfa6FhEx9Exc5DMPkVxIaQ9rt7bHmNTF%2BaJzMDFSsgSf3oVUATQw4CMGbV%2B8hmH3nhelFRSC0ucXUqwBC3b0HbZ4dKXo%2FDj8aVnW5B4%2BQhLekz2C4PbEhYxf%2FyugyZCrzg%2BH27H50rScoA4ahz4sIbR7eaMNFdK%2Fg%3D%3D Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://repsolna.boreal-is.com/ HTTP 301
https://repsolna.boreal-is.com/

6 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

/
repsolna.boreal-is.com/
Redirect Chain

http://repsolna.boreal-is.com/
https://repsolna.boreal-is.com/

710 B
2 KB

279ms
105ms

Document
text/html

158.69.146.9
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://repsolna.boreal-is.com/

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

158.69.146.9 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

vip1-bhs.boreal-is.com

Software

/

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' browser.sentry-cdn.com syndication.twitter.com cdn.syndication.twimg.com platform.twitter.com appsforoffice.microsoft.com ajax.aspnetcdn.com www.google.com www.gstatic.com www.google-analytics.com .googleapis.com assets.zendesk.com static.zdassets.com cdn.heapanalytics.com fast.appcues.com w.chatlio.com; connect-src 'self' .boreal-is.com borealis.zendesk.com ekr.zdassets.com .googleapis.com www.google-analytics.com heapanalytics.com fast.appcues.com api.appcues.net wss://api.appcues.net notify.bugsnag.com; img-src 'self' data: blob: .googleapis.com *.ggpht.com ton.twimg.com pbs.twimg.com platform.twitter.com abs.twimg.com syndication.twitter.com online.swagger.io www.google.ca www.google.com www.google-analytics.com a.tiles.mapbox.com b.tiles.mapbox.com c.tiles.mapbox.com d.tiles.mapbox.com csi.gstatic.com maps.gstatic.com helpdesk.boreal-is.com helpcenter-assets.boreal-is.com heapanalytics.com vulpix.appcues.com res.cloudinary.com stats.g.doubleclick.net; style-src 'self' 'unsafe-inline' ton.twimg.com platform.twitter.com fonts.googleapis.com gitcdn.link fast.appcues.com; font-src 'self' fonts.gstatic.com; frame-src 'self' twitter.com syndication.twitter.com platform.twitter.com www.google.com my.appcues.com www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self';
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

cache-control: no-cache, must-revalidate
content-encoding: gzip
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' browser.sentry-cdn.com syndication.twitter.com cdn.syndication.twimg.com platform.twitter.com appsforoffice.microsoft.com ajax.aspnetcdn.com www.google.com www.gstatic.com www.google-analytics.com *.googleapis.com assets.zendesk.com static.zdassets.com cdn.heapanalytics.com fast.appcues.com w.chatlio.com; connect-src 'self' *.boreal-is.com borealis.zendesk.com ekr.zdassets.com *.googleapis.com www.google-analytics.com heapanalytics.com fast.appcues.com api.appcues.net wss://api.appcues.net notify.bugsnag.com; img-src 'self' data: blob: *.googleapis.com *.ggpht.com ton.twimg.com pbs.twimg.com platform.twitter.com abs.twimg.com syndication.twitter.com online.swagger.io www.google.ca www.google.com www.google-analytics.com a.tiles.mapbox.com b.tiles.mapbox.com c.tiles.mapbox.com d.tiles.mapbox.com csi.gstatic.com maps.gstatic.com helpdesk.boreal-is.com helpcenter-assets.boreal-is.com heapanalytics.com vulpix.appcues.com res.cloudinary.com stats.g.doubleclick.net; style-src 'self' 'unsafe-inline' ton.twimg.com platform.twitter.com fonts.googleapis.com gitcdn.link fast.appcues.com; font-src 'self' fonts.gstatic.com; frame-src 'self' twitter.com syndication.twitter.com platform.twitter.com www.google.com my.appcues.com www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self';
content-type: text/html; charset=utf-8
date: Mon, 28 Nov 2022 12:58:04 GMT
etag: W/"2c6-K61YaeAokDjWwGoKQmmq6LybemE"
expires: Sat, 26 Jul 1997 05:00:00 GMT
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

Redirect headers

Connection: keep-alive
Content-Length: 162
Content-Type: text/html
Date: Mon, 28 Nov 2022 12:58:04 GMT
Location: https://repsolna.boreal-is.com/
Referrer-Policy: strict-origin-when-cross-origin
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block

GET
H/1.1

200
OK

Primary Request SSO.saml2 Show response
sso.fedrepsol.com/idp/
Redirect Chain

https://repsolna.boreal-is.com/login
https://sso.fedrepsol.com/idp/SSO.saml2?SAMLRequest=nVJNb4JAEP0rZO98Fg1sEGP1UBMbjdAeemkWGHUT2KU7i%2FHnF0FaDq0Hrzvz3ryPjeaXqjTOoJBLMSOu5ZB5HCGrypouGn0Se%2FhqALXRrgmk3WBGGiWoZMiRClYBUp3TZPG6oZ7l0FpJL...

9 KB
10 KB

1131ms
224ms

Document
text/html

185.145.230.166
REPSOL

General

Check archive.org

Show headers Download Go to

Full URL

https://sso.fedrepsol.com/idp/SSO.saml2?SAMLRequest=nVJNb4JAEP0rZO98Fg1sEGP1UBMbjdAeemkWGHUT2KU7i%2FHnF0FaDq0Hrzvz3ryPjeaXqjTOoJBLMSOu5ZB5HCGrypouGn0Se%2FhqALXRrgmk3WBGGiWoZMiRClYBUp3TZPG6oZ7l0FpJLXNZEmO9mpHP%2FMk%2FBL4%2FnWRuVoTBdJpPQmK8DwdbRLuI2MBaoGZCt0%2BO55mua3pB6np0ElDHt8Ig%2FCDG7kb9zEXBxfG%2BjqxfQvqSpjtzt01SYqxaJ1ww3Z0%2BaV0jtW1EaR2gUFCjLK1cVjYvajtJttbVrUeMBSKoK2YpBTYVqATUmefwtt%2F8svRwwaxMKmClybGjKuWRC9InSjufahTlfQdsuEviv9kje0Q7tHYrDIquvlayhstD9S1lVTPF8ZoVXFiuBxtj4mXZqtzD4QFTdtzr%2F0fyz3T8DeNv&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=DqcOjXJnuIYBCHRbjR8LkcZvIY4q4NJLDZrQboHgxYvoQRyn3JreT5VMCobe0mQyNlgbGHrlpK%2FxmJWAj5txX1N6XhqehzITpROMLDXYgCMYfUFG7O1ITe2LTClL823iUrpLdwelJnYqWvR%2F37wR3MLBjQ0zyGpkXDpXcUWaXWrDxIAcmlMlgCfa6FhEx9Exc5DMPkVxIaQ9rt7bHmNTF%2BaJzMDFSsgSf3oVUATQw4CMGbV%2B8hmH3nhelFRSC0ucXUqwBC3b0HbZ4dKXo%2FDj8aVnW5B4%2BQhLekz2C4PbEhYxf%2FyugyZCrzg%2BH27H50rScoA4ahz4sIbR7eaMNFdK%2Fg%3D%3D

Requested by

Host: repsolna.boreal-is.com
URL: https://repsolna.boreal-is.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

185.145.230.166 Madrid, Spain, ASN62043 (REPSOL, ES),

Reverse DNS

185.145.230.166.rad.tsai.es

Software

/

Resource Hash

dce7258e692b5b4c8b0fa74b1946b68de7c813f2dd668e483b3a0138aa0b5908

Security Headers

Name	Value
Content-Security-Policy	script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self'; style-src 'self'; base-uri 'self'; object-src 'self'; frame-ancestors 'self' https://gesdoceyg.rg.repsol.com https://teams.microsoft.com https://repsol.lightning.force.com https://repsol--desesfv.my.salesforce.com https://repsol--desesfv.sandbox.lightning.force.com https://repsol--desesfv.sandbox.my.salesforce.com;

Request headers

Referer: https://repsolna.boreal-is.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

Cache-Control: no-cache, no-store
Content-Length: 9168
Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self'; style-src 'self'; base-uri 'self'; object-src 'self'; frame-ancestors 'self' https://gesdoceyg.rg.repsol.com https://teams.microsoft.com https://repsol.lightning.force.com https://repsol--desesfv.my.salesforce.com https://repsol--desesfv.sandbox.lightning.force.com https://repsol--desesfv.sandbox.my.salesforce.com;
Content-Type: text/html;charset=utf-8
Date: Mon, 28 Nov 2022 12:58:06 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Referrer-Policy: origin

Redirect headers

content-length: 0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' browser.sentry-cdn.com syndication.twitter.com cdn.syndication.twimg.com platform.twitter.com appsforoffice.microsoft.com ajax.aspnetcdn.com www.google.com www.gstatic.com www.google-analytics.com *.googleapis.com assets.zendesk.com static.zdassets.com cdn.heapanalytics.com fast.appcues.com w.chatlio.com; connect-src 'self' *.boreal-is.com borealis.zendesk.com ekr.zdassets.com *.googleapis.com www.google-analytics.com heapanalytics.com fast.appcues.com api.appcues.net wss://api.appcues.net notify.bugsnag.com; img-src 'self' data: blob: *.googleapis.com *.ggpht.com ton.twimg.com pbs.twimg.com platform.twitter.com abs.twimg.com syndication.twitter.com online.swagger.io www.google.ca www.google.com www.google-analytics.com a.tiles.mapbox.com b.tiles.mapbox.com c.tiles.mapbox.com d.tiles.mapbox.com csi.gstatic.com maps.gstatic.com helpdesk.boreal-is.com helpcenter-assets.boreal-is.com heapanalytics.com vulpix.appcues.com res.cloudinary.com stats.g.doubleclick.net; style-src 'self' 'unsafe-inline' ton.twimg.com platform.twitter.com fonts.googleapis.com gitcdn.link fast.appcues.com; font-src 'self' fonts.gstatic.com; frame-src 'self' twitter.com syndication.twitter.com platform.twitter.com www.google.com my.appcues.com www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self';
date: Mon, 28 Nov 2022 12:58:05 GMT
location: https://sso.fedrepsol.com/idp/SSO.saml2?SAMLRequest=nVJNb4JAEP0rZO98Fg1sEGP1UBMbjdAeemkWGHUT2KU7i%2FHnF0FaDq0Hrzvz3ryPjeaXqjTOoJBLMSOu5ZB5HCGrypouGn0Se%2FhqALXRrgmk3WBGGiWoZMiRClYBUp3TZPG6oZ7l0FpJLXNZEmO9mpHP%2FMk%2FBL4%2FnWRuVoTBdJpPQmK8DwdbRLuI2MBaoGZCt0%2BO55mua3pB6np0ElDHt8Ig%2FCDG7kb9zEXBxfG%2BjqxfQvqSpjtzt01SYqxaJ1ww3Z0%2BaV0jtW1EaR2gUFCjLK1cVjYvajtJttbVrUeMBSKoK2YpBTYVqATUmefwtt%2F8svRwwaxMKmClybGjKuWRC9InSjufahTlfQdsuEviv9kje0Q7tHYrDIquvlayhstD9S1lVTPF8ZoVXFiuBxtj4mXZqtzD4QFTdtzr%2F0fyz3T8DeNv&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=DqcOjXJnuIYBCHRbjR8LkcZvIY4q4NJLDZrQboHgxYvoQRyn3JreT5VMCobe0mQyNlgbGHrlpK%2FxmJWAj5txX1N6XhqehzITpROMLDXYgCMYfUFG7O1ITe2LTClL823iUrpLdwelJnYqWvR%2F37wR3MLBjQ0zyGpkXDpXcUWaXWrDxIAcmlMlgCfa6FhEx9Exc5DMPkVxIaQ9rt7bHmNTF%2BaJzMDFSsgSf3oVUATQw4CMGbV%2B8hmH3nhelFRSC0ucXUqwBC3b0HbZ4dKXo%2FDj8aVnW5B4%2BQhLekz2C4PbEhYxf%2FyugyZCrzg%2BH27H50rScoA4ahz4sIbR7eaMNFdK%2Fg%3D%3D
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK StyleSheet3.css
sso.fedrepsol.com/assets/css/ 121 KB
122 KB 163ms
162ms Stylesheet
text/css 185.145.230.166
REPSOL

General

Check archive.org

Show headers Download Go to

Full URL

https://sso.fedrepsol.com/assets/css/StyleSheet3.css

Requested by

Host: sso.fedrepsol.com
URL: https://sso.fedrepsol.com/idp/SSO.saml2?SAMLRequest=nVJNb4JAEP0rZO98Fg1sEGP1UBMbjdAeemkWGHUT2KU7i%2FHnF0FaDq0Hrzvz3ryPjeaXqjTOoJBLMSOu5ZB5HCGrypouGn0Se%2FhqALXRrgmk3WBGGiWoZMiRClYBUp3TZPG6oZ7l0FpJLXNZEmO9mpHP%2FMk%2FBL4%2FnWRuVoTBdJpPQmK8DwdbRLuI2MBaoGZCt0%2BO55mua3pB6np0ElDHt8Ig%2FCDG7kb9zEXBxfG%2BjqxfQvqSpjtzt01SYqxaJ1ww3Z0%2BaV0jtW1EaR2gUFCjLK1cVjYvajtJttbVrUeMBSKoK2YpBTYVqATUmefwtt%2F8svRwwaxMKmClybGjKuWRC9InSjufahTlfQdsuEviv9kje0Q7tHYrDIquvlayhstD9S1lVTPF8ZoVXFiuBxtj4mXZqtzD4QFTdtzr%2F0fyz3T8DeNv&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=DqcOjXJnuIYBCHRbjR8LkcZvIY4q4NJLDZrQboHgxYvoQRyn3JreT5VMCobe0mQyNlgbGHrlpK%2FxmJWAj5txX1N6XhqehzITpROMLDXYgCMYfUFG7O1ITe2LTClL823iUrpLdwelJnYqWvR%2F37wR3MLBjQ0zyGpkXDpXcUWaXWrDxIAcmlMlgCfa6FhEx9Exc5DMPkVxIaQ9rt7bHmNTF%2BaJzMDFSsgSf3oVUATQw4CMGbV%2B8hmH3nhelFRSC0ucXUqwBC3b0HbZ4dKXo%2FDj8aVnW5B4%2BQhLekz2C4PbEhYxf%2FyugyZCrzg%2BH27H50rScoA4ahz4sIbR7eaMNFdK%2Fg%3D%3D

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

185.145.230.166 Madrid, Spain, ASN62043 (REPSOL, ES),

Reverse DNS

185.145.230.166.rad.tsai.es

Software

/

Resource Hash

19db6c41608301baf0bcbaec6ba13216b2d71f71f808cda2f7f1255430ea5daa

Security Headers

Name	Value
Content-Security-Policy	script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self'; style-src 'self'; base-uri 'self'; object-src 'self'; frame-ancestors 'self' https://gesdoceyg.rg.repsol.com https://teams.microsoft.com https://repsol.lightning.force.com https://repsol--desesfv.my.salesforce.com https://repsol--desesfv.sandbox.lightning.force.com https://repsol--desesfv.sandbox.my.salesforce.com;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://sso.fedrepsol.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

Date: Mon, 28 Nov 2022 12:58:06 GMT
Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self'; style-src 'self'; base-uri 'self'; object-src 'self'; frame-ancestors 'self' https://gesdoceyg.rg.repsol.com https://teams.microsoft.com https://repsol.lightning.force.com https://repsol--desesfv.my.salesforce.com https://repsol--desesfv.sandbox.lightning.force.com https://repsol--desesfv.sandbox.my.salesforce.com;
Referrer-Policy: origin
Last-Modified: Mon, 29 Jan 2018 11:41:06 GMT
Cache-Control: max-age=0, must-revalidate
Content-Length: 123849
Content-Type: text/css

GET
H/1.1 200
OK logo_repsol_portal_home.png
sso.fedrepsol.com/assets/images/ 8 KB
9 KB 482ms
164ms Image
image/png 185.145.230.166
REPSOL

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sso.fedrepsol.com/assets/images/logo_repsol_portal_home.png

Requested by

Host: sso.fedrepsol.com
URL: https://sso.fedrepsol.com/idp/SSO.saml2?SAMLRequest=nVJNb4JAEP0rZO98Fg1sEGP1UBMbjdAeemkWGHUT2KU7i%2FHnF0FaDq0Hrzvz3ryPjeaXqjTOoJBLMSOu5ZB5HCGrypouGn0Se%2FhqALXRrgmk3WBGGiWoZMiRClYBUp3TZPG6oZ7l0FpJLXNZEmO9mpHP%2FMk%2FBL4%2FnWRuVoTBdJpPQmK8DwdbRLuI2MBaoGZCt0%2BO55mua3pB6np0ElDHt8Ig%2FCDG7kb9zEXBxfG%2BjqxfQvqSpjtzt01SYqxaJ1ww3Z0%2BaV0jtW1EaR2gUFCjLK1cVjYvajtJttbVrUeMBSKoK2YpBTYVqATUmefwtt%2F8svRwwaxMKmClybGjKuWRC9InSjufahTlfQdsuEviv9kje0Q7tHYrDIquvlayhstD9S1lVTPF8ZoVXFiuBxtj4mXZqtzD4QFTdtzr%2F0fyz3T8DeNv&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=DqcOjXJnuIYBCHRbjR8LkcZvIY4q4NJLDZrQboHgxYvoQRyn3JreT5VMCobe0mQyNlgbGHrlpK%2FxmJWAj5txX1N6XhqehzITpROMLDXYgCMYfUFG7O1ITe2LTClL823iUrpLdwelJnYqWvR%2F37wR3MLBjQ0zyGpkXDpXcUWaXWrDxIAcmlMlgCfa6FhEx9Exc5DMPkVxIaQ9rt7bHmNTF%2BaJzMDFSsgSf3oVUATQw4CMGbV%2B8hmH3nhelFRSC0ucXUqwBC3b0HbZ4dKXo%2FDj8aVnW5B4%2BQhLekz2C4PbEhYxf%2FyugyZCrzg%2BH27H50rScoA4ahz4sIbR7eaMNFdK%2Fg%3D%3D

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

185.145.230.166 Madrid, Spain, ASN62043 (REPSOL, ES),

Reverse DNS

185.145.230.166.rad.tsai.es

Software

/

Resource Hash

ede9675bbcdc0434640a00a673aeebf2fd23563e04d8b568cad47f418efe9caa

Security Headers

Name	Value
Content-Security-Policy	script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self'; style-src 'self'; base-uri 'self'; object-src 'self'; frame-ancestors 'self' https://gesdoceyg.rg.repsol.com https://teams.microsoft.com https://repsol.lightning.force.com https://repsol--desesfv.my.salesforce.com https://repsol--desesfv.sandbox.lightning.force.com https://repsol--desesfv.sandbox.my.salesforce.com;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://sso.fedrepsol.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

Date: Mon, 28 Nov 2022 12:58:06 GMT
Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self'; style-src 'self'; base-uri 'self'; object-src 'self'; frame-ancestors 'self' https://gesdoceyg.rg.repsol.com https://teams.microsoft.com https://repsol.lightning.force.com https://repsol--desesfv.my.salesforce.com https://repsol--desesfv.sandbox.lightning.force.com https://repsol--desesfv.sandbox.my.salesforce.com;
Referrer-Policy: origin
Last-Modified: Tue, 02 Dec 2014 14:35:38 GMT
Cache-Control: max-age=0, must-revalidate
Content-Length: 8668
Content-Type: image/png

GET
H/1.1 200
OK logo_repsol_portal_home2_no_title.png
sso.fedrepsol.com/assets/images/ 46 KB
46 KB 163ms
161ms Image
image/png 185.145.230.166
REPSOL

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sso.fedrepsol.com/assets/images/logo_repsol_portal_home2_no_title.png

Requested by

Host: sso.fedrepsol.com
URL: https://sso.fedrepsol.com/assets/css/StyleSheet3.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

185.145.230.166 Madrid, Spain, ASN62043 (REPSOL, ES),

Reverse DNS

185.145.230.166.rad.tsai.es

Software

/

Resource Hash

2824b57306ea6d7bc16c516fdefc59e71c981ddbc146c1b54a69a6a5c9ff0415

Security Headers

Name	Value
Content-Security-Policy	script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self'; style-src 'self'; base-uri 'self'; object-src 'self'; frame-ancestors 'self' https://gesdoceyg.rg.repsol.com https://teams.microsoft.com https://repsol.lightning.force.com https://repsol--desesfv.my.salesforce.com https://repsol--desesfv.sandbox.lightning.force.com https://repsol--desesfv.sandbox.my.salesforce.com;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://sso.fedrepsol.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

Date: Mon, 28 Nov 2022 12:58:06 GMT
Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self'; style-src 'self'; base-uri 'self'; object-src 'self'; frame-ancestors 'self' https://gesdoceyg.rg.repsol.com https://teams.microsoft.com https://repsol.lightning.force.com https://repsol--desesfv.my.salesforce.com https://repsol--desesfv.sandbox.lightning.force.com https://repsol--desesfv.sandbox.my.salesforce.com;
Referrer-Policy: origin
Last-Modified: Mon, 27 Aug 2018 07:51:42 GMT
Cache-Control: max-age=0, must-revalidate
Content-Length: 46793
Content-Type: image/png

GET
H/1.1 404
Not Found RepsolBold.woff
sso.fedrepsol.com/assets/fonts/repsol-regular/ 0
0 163ms
160ms Font
text/html 185.145.230.166
REPSOL

General

Check archive.org

Show headers Download Go to

Full URL

https://sso.fedrepsol.com/assets/fonts/repsol-regular/RepsolBold.woff

Requested by

Host: sso.fedrepsol.com
URL: https://sso.fedrepsol.com/assets/css/StyleSheet3.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

185.145.230.166 Madrid, Spain, ASN62043 (REPSOL, ES),

Reverse DNS

185.145.230.166.rad.tsai.es

Software

/

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self'; style-src 'self'; base-uri 'self'; object-src 'self'; frame-ancestors 'self' https://gesdoceyg.rg.repsol.com https://teams.microsoft.com https://repsol.lightning.force.com https://repsol--desesfv.my.salesforce.com https://repsol--desesfv.sandbox.lightning.force.com https://repsol--desesfv.sandbox.my.salesforce.com;

Request headers

Referer: https://sso.fedrepsol.com/
Origin: https://sso.fedrepsol.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

Content-Type: text/html;charset=utf-8
Date: Mon, 28 Nov 2022 12:58:06 GMT
Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self'; style-src 'self'; base-uri 'self'; object-src 'self'; frame-ancestors 'self' https://gesdoceyg.rg.repsol.com https://teams.microsoft.com https://repsol.lightning.force.com https://repsol--desesfv.my.salesforce.com https://repsol--desesfv.sandbox.lightning.force.com https://repsol--desesfv.sandbox.my.salesforce.com;
Referrer-Policy: origin
Cache-Control: must-revalidate,no-cache,no-store
Content-Length: 1431
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
repsolna.boreal-is.com/	1969-12-31 23:59:59	Name: imsid Value: s%3AmiM5l5_GOrub4RFzC3YesoSwd0aZQeO4.%2BytztfsIShYAEkS8hD31eZu6vCIRLj34HfBhMxqf91I
repsolna.boreal-is.com/	1969-12-31 23:59:59	Name: _csrf_token Value: ujTSQoiI-ZWPqnpPRfg-2gmyzu3zep-KobxI
repsolna.boreal-is.com/	1969-12-31 23:59:59	Name: _has_saml Value: yes
repsolna.boreal-is.com/	1969-12-31 23:59:59	Name: _saml_post_login_redirect Value: %2Fafter_external_login
sso.fedrepsol.com/	1969-12-31 23:59:59	Name: PF Value: AOcg5ujz3lZpzfaxpMOUXS

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://sso.fedrepsol.com/assets/fonts/repsol-regular/RepsolBold.woff Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' browser.sentry-cdn.com syndication.twitter.com cdn.syndication.twimg.com platform.twitter.com appsforoffice.microsoft.com ajax.aspnetcdn.com www.google.com www.gstatic.com www.google-analytics.com .googleapis.com assets.zendesk.com static.zdassets.com cdn.heapanalytics.com fast.appcues.com w.chatlio.com; connect-src 'self' .boreal-is.com borealis.zendesk.com ekr.zdassets.com .googleapis.com www.google-analytics.com heapanalytics.com fast.appcues.com api.appcues.net wss://api.appcues.net notify.bugsnag.com; img-src 'self' data: blob: .googleapis.com *.ggpht.com ton.twimg.com pbs.twimg.com platform.twitter.com abs.twimg.com syndication.twitter.com online.swagger.io www.google.ca www.google.com www.google-analytics.com a.tiles.mapbox.com b.tiles.mapbox.com c.tiles.mapbox.com d.tiles.mapbox.com csi.gstatic.com maps.gstatic.com helpdesk.boreal-is.com helpcenter-assets.boreal-is.com heapanalytics.com vulpix.appcues.com res.cloudinary.com stats.g.doubleclick.net; style-src 'self' 'unsafe-inline' ton.twimg.com platform.twitter.com fonts.googleapis.com gitcdn.link fast.appcues.com; font-src 'self' fonts.gstatic.com; frame-src 'self' twitter.com syndication.twitter.com platform.twitter.com www.google.com my.appcues.com www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self';
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

repsolna.boreal-is.com
sso.fedrepsol.com
158.69.146.9
185.145.230.166
19db6c41608301baf0bcbaec6ba13216b2d71f71f808cda2f7f1255430ea5daa
2824b57306ea6d7bc16c516fdefc59e71c981ddbc146c1b54a69a6a5c9ff0415
dce7258e692b5b4c8b0fa74b1946b68de7c813f2dd668e483b3a0138aa0b5908
ede9675bbcdc0434640a00a673aeebf2fd23563e04d8b568cad47f418efe9caa

sso.fedrepsol.com Open in urlscan Pro 185.145.230.166 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

6 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

189 kBTransfer

185 kBSize

5 Cookies

0 Outgoing links

Page URL History

Redirected requests

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

14 JavaScript Global Variables

5 Cookies

1 Console Messages

Security Headers

Indicators

sso.fedrepsol.com Open in urlscan Pro
185.145.230.166 Public Scan

Screenshot
Live screenshot

Full Image

6
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

189 kB
Transfer

185 kB
Size

5
Cookies

6 HTTP transactions
0 data transactions