origin-auth-st2.test.tiaa.org
Open in
urlscan Pro
143.165.139.124
Public Scan
Effective URL: https://origin-auth-st2.test.tiaa.org/idp/SSO.saml2?SAMLRequest=fVHLboMwEPwV5DvYOISoVoiUNlIbKW2iQnvozYAhlsCm3iXK59chqppecvFrZ7wzs0uQfT...
Submission: On January 31 via api from US — Scanned from DE
Summary
TLS certificate: Issued by Sectigo RSA Organization Validation S... on October 26th 2023. Valid for: a year.
This is the only time origin-auth-st2.test.tiaa.org was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 52.222.149.101 52.222.149.101 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 143.165.139.124 143.165.139.124 | 2923 (AS-TIAA-NET) (AS-TIAA-NET) | |
3 | 2 |
ASN16509 (AMAZON-02, US)
PTR: server-52-222-149-101.cdg52.r.cloudfront.net
tiaa.centrical.me |
ASN2923 (AS-TIAA-NET, US)
PTR: vip-cobmsdt01eb1lbe01-02-origin-auth-st2.test.tiaa.org
origin-auth-st2.test.tiaa.org |
Apex Domain Subdomains |
Transfer | |
---|---|---|
1 |
tiaa.org
origin-auth-st2.test.tiaa.org |
5 KB |
1 |
centrical.me
1 redirects
tiaa.centrical.me |
2 KB |
0 |
tiaa-cref.org
Failed
loginsso-dev.test.tiaa-cref.org Failed |
|
3 | 3 |
Domain | Requested by | |
---|---|---|
1 | origin-auth-st2.test.tiaa.org |
origin-auth-st2.test.tiaa.org
|
1 | tiaa.centrical.me | 1 redirects |
0 | loginsso-dev.test.tiaa-cref.org Failed | |
3 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
origin-auth-st2.test.tiaa.org Sectigo RSA Organization Validation Secure Server CA |
2023-10-26 - 2024-10-25 |
a year | crt.sh |
This page contains 1 frames:
Frame:
https://loginsso-dev.test.tiaa-cref.org/idp/SSO.saml2
Frame ID: 4C9D5DF3ECBB75D9F11D35999ECE87FF
Requests: 3 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://tiaa.centrical.me/api/account/externallogin/saml
HTTP 302
https://origin-auth-st2.test.tiaa.org/idp/SSO.saml2?SAMLRequest=fVHLboMwEPwV5DvYOISoVoiUNlIbKW2iQnvozYAhlsCm3iXK59... Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://tiaa.centrical.me/api/account/externallogin/saml
HTTP 302
https://origin-auth-st2.test.tiaa.org/idp/SSO.saml2?SAMLRequest=fVHLboMwEPwV5DvYOISoVoiUNlIbKW2iQnvozYAhlsCm3iXK59chqppecvFrZ7wzs0uQfTeI9YhH866%2BRwUYnPvOgJgKGRmdEVaCBmFkr0BgJfL1607wiInBWbSV7cgN5T5DAiiH2hoSfCoH%2FpAR%2F06Cg7MnXSv35ikZefZr06gK9UmRYLvJSNuHi0bOJZds0XCWzOqyZLN6nqQPLE3rmJWxBwKMamsApUH%2FL%2BNJyOJwFhc8FiwVSfxFgo13qI3EqfURcQBBqXW61SaUPoUQkEfoQRFqKSPrWqrrgeb5PrrY45PUyfWjNrU27X3D5RUE4qUoDuFhnxckWP%2BG8GQNjL1yuXInXamP992fpKl7pQw6Xcku6hWVg6ayquxokKozKmdk11mvm16EkdXysokpA7dqbxKc5sKX9LZ%2Bvf0f%2FOoH&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1&Signature=MuYvrBqZ0B4gkoB0VLn8DATXsl4ZNoUs4l%2BIG%2Ff58FWjGxGVj2Qu0teHWizf37i5aQ0dYAMxIRUizeBStEpqydWzZ%2F%2FyVwuLqBwdZecnLTN8ZQHd%2FbLM4NcmgsKqMOty6ZOqmBPlRjZwZmUa1t0TjKiKieiU7o3v2ZBaISvWFUXgMrNQ2UPw%2B%2BwVuTXXKy53HBHO%2FLemk7B41kOEf3PlP2Ua8c9twzZcjFoXsS%2BMDIyjuOLjmn9NyRHwCRVCKbxt%2Bd5kIWWhUuXoNl2unlcbqOYJJBBeZqx%2Bdmy8vT4C0OZUgVL4H%2BnwDlVxkAwgdt2Iak72wuypA4Oo%2FlEn%2BabSQQ%3D%3D Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
3 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
SSO.saml2
origin-auth-st2.test.tiaa.org/idp/ Redirect Chain
|
3 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
ruxitagentjs_ICA2NQVfghqru_10281231207105659.js
origin-auth-st2.test.tiaa.org/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
POST |
SSO.saml2
loginsso-dev.test.tiaa-cref.org/idp/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- origin-auth-st2.test.tiaa.org
- URL
- https://origin-auth-st2.test.tiaa.org/ruxitagentjs_ICA2NQVfghqru_10281231207105659.js
- Domain
- loginsso-dev.test.tiaa-cref.org
- URL
- https://loginsso-dev.test.tiaa-cref.org/idp/SSO.saml2
Verdicts & Comments Add Verdict or Comment
0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
7 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
origin-auth-st2.test.tiaa.org/ | Name: PF Value: pNZzenOM2Hf7NsyyUw1ZuH |
|
origin-auth-st2.test.tiaa.org/ | Name: BIGipServerpublictools-st2_pool_9030_federation_dev-b Value: 3391155978.17955.0000 |
|
.tiaa.org/ | Name: dtCookie Value: v_4_srv_1_sn_C7624F259024329674629CAD12AFDC8A_perc_100000_ol_0_mul_1_app-3A5dda29ad4a61437d_1_rcs-3Acss_0 |
|
origin-auth-st2.test.tiaa.org/ | Name: BIGipServerpool_origin-auth-st2_7700_dev-b Value: 621080330.5150.0000 |
|
origin-auth-st2.test.tiaa.org/ | Name: tiaa_dc Value: cobmb |
|
origin-auth-st2.test.tiaa.org/ | Name: TS010984ce Value: 01e85d03c877636209eb462b638038c4e1895f67f8e93762643c45931f8a4cc99276ab8c8845012d0df8167a976be242aa13a529a79372c82a7d7ddf29d6da07037d3f8f1014f8f6565ef69dd11c61cffb0ebadc44693b15eb6a2a25bfc005950c184c0928a0a60801e8b6aeb2cce4c40507ae09e2 |
|
.tiaa.org/ | Name: TS01b94e3a Value: 01e85d03c8a020d1b3fc20d5da9eeb9c6c9d19bd00e93762643c45931f8a4cc99276ab8c8830d3556a65ea164629254a8053b11d1b1b1a6e9e1b85d49895423dc7924e3a51 |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
loginsso-dev.test.tiaa-cref.org
origin-auth-st2.test.tiaa.org
tiaa.centrical.me
loginsso-dev.test.tiaa-cref.org
origin-auth-st2.test.tiaa.org
143.165.139.124
52.222.149.101
bdce215cbbf7a81273571332c076d51fc92569555f517264ed7b15d5e944eb85