origin-auth-st2.test.tiaa.org

Summary

This website contacted 2 IPs in 1 countries across 3 domains to perform 3 HTTP transactions. The main IP is 143.165.139.124, located in Statesville, United States and belongs to AS-TIAA-NET, US. The main domain is origin-auth-st2.test.tiaa.org.
TLS certificate: Issued by Sectigo RSA Organization Validation S... on October 26th 2023. Valid for: a year.

This is the only time origin-auth-st2.test.tiaa.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	52.222.149.101 52.222.149.101	16509 (AMAZON-02) (AMAZON-02)
1	143.165.139.124 143.165.139.124	2923 (AS-TIAA-NET) (AS-TIAA-NET)
3	2

1 52.222.149.101 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-52-222-149-101.cdg52.r.cloudfront.net

tiaa.centrical.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.165.139.124 (Statesville, United States)

ASN2923 (AS-TIAA-NET, US)
PTR: vip-cobmsdt01eb1lbe01-02-origin-auth-st2.test.tiaa.org

origin-auth-st2.test.tiaa.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
1	tiaa.org origin-auth-st2.test.tiaa.org	5 KB
1	centrical.me 1 redirects tiaa.centrical.me	2 KB
0	tiaa-cref.org Failed loginsso-dev.test.tiaa-cref.org Failed
3	3

	Domain	Requested by
1	origin-auth-st2.test.tiaa.org	origin-auth-st2.test.tiaa.org
1	tiaa.centrical.me	1 redirects
0	loginsso-dev.test.tiaa-cref.org Failed
3	3

This site contains no links.

Subject Issuer	Validity	Valid
origin-auth-st2.test.tiaa.org Sectigo RSA Organization Validation Secure Server CA	`2023-10-26` - `2024-10-25`	a year	crt.sh

This page contains 1 frames:

Frame: https://loginsso-dev.test.tiaa-cref.org/idp/SSO.saml2
Frame ID: 4C9D5DF3ECBB75D9F11D35999ECE87FF
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://tiaa.centrical.me/api/account/externallogin/saml HTTP 302
https://origin-auth-st2.test.tiaa.org/idp/SSO.saml2?SAMLRequest=fVHLboMwEPwV5DvYOISoVoiUNlIbKW2iQnvozYAhlsCm3iXK59... Page URL

Page Statistics

3
Requests

33 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

2
IPs

1
Countries

5 kB
Transfer

3 kB
Size

7
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://tiaa.centrical.me/api/account/externallogin/saml HTTP 302
https://origin-auth-st2.test.tiaa.org/idp/SSO.saml2?SAMLRequest=fVHLboMwEPwV5DvYOISoVoiUNlIbKW2iQnvozYAhlsCm3iXK59chqppecvFrZ7wzs0uQfTeI9YhH866%2BRwUYnPvOgJgKGRmdEVaCBmFkr0BgJfL1607wiInBWbSV7cgN5T5DAiiH2hoSfCoH%2FpAR%2F06Cg7MnXSv35ikZefZr06gK9UmRYLvJSNuHi0bOJZds0XCWzOqyZLN6nqQPLE3rmJWxBwKMamsApUH%2FL%2BNJyOJwFhc8FiwVSfxFgo13qI3EqfURcQBBqXW61SaUPoUQkEfoQRFqKSPrWqrrgeb5PrrY45PUyfWjNrU27X3D5RUE4qUoDuFhnxckWP%2BG8GQNjL1yuXInXamP992fpKl7pQw6Xcku6hWVg6ayquxokKozKmdk11mvm16EkdXysokpA7dqbxKc5sKX9LZ%2Bvf0f%2FOoH&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1&Signature=MuYvrBqZ0B4gkoB0VLn8DATXsl4ZNoUs4l%2BIG%2Ff58FWjGxGVj2Qu0teHWizf37i5aQ0dYAMxIRUizeBStEpqydWzZ%2F%2FyVwuLqBwdZecnLTN8ZQHd%2FbLM4NcmgsKqMOty6ZOqmBPlRjZwZmUa1t0TjKiKieiU7o3v2ZBaISvWFUXgMrNQ2UPw%2B%2BwVuTXXKy53HBHO%2FLemk7B41kOEf3PlP2Ua8c9twzZcjFoXsS%2BMDIyjuOLjmn9NyRHwCRVCKbxt%2Bd5kIWWhUuXoNl2unlcbqOYJJBBeZqx%2Bdmy8vT4C0OZUgVL4H%2BnwDlVxkAwgdt2Iak72wuypA4Oo%2FlEn%2BabSQQ%3D%3D Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

3 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request SSO.saml2 Show response origin-auth-st2.test.tiaa.org/idp/ Redirect Chain https://tiaa.centrical.me/api/account/externallogin/saml https://origin-auth-st2.test.tiaa.org/idp/SSO.saml2?SAMLRequest=fVHLboMwEPwV5DvYOISoVoiUNlIbKW2iQnvozYAhlsCm3iXK59chqppecvFrZ7wzs0uQfTeI9YhH866%2BRwUYnPvOgJgKGRmdEVaCBmFkr0BgJfL1607wiInBWbSV7cgN5T5...	3 KB 5 KB	1216ms 238ms	Document text/html	143.165.139.124 AS-TIAA-NET
General Check archive.org Show headers Download Go to Full URL https://origin-auth-st2.test.tiaa.org/idp/SSO.saml2?SAMLRequest=fVHLboMwEPwV5DvYOISoVoiUNlIbKW2iQnvozYAhlsCm3iXK59chqppecvFrZ7wzs0uQfTeI9YhH866%2BRwUYnPvOgJgKGRmdEVaCBmFkr0BgJfL1607wiInBWbSV7cgN5T5DAiiH2hoSfCoH%2FpAR%2F06Cg7MnXSv35ikZefZr06gK9UmRYLvJSNuHi0bOJZds0XCWzOqyZLN6nqQPLE3rmJWxBwKMamsApUH%2FL%2BNJyOJwFhc8FiwVSfxFgo13qI3EqfURcQBBqXW61SaUPoUQkEfoQRFqKSPrWqrrgeb5PrrY45PUyfWjNrU27X3D5RUE4qUoDuFhnxckWP%2BG8GQNjL1yuXInXamP992fpKl7pQw6Xcku6hWVg6ayquxokKozKmdk11mvm16EkdXysokpA7dqbxKc5sKX9LZ%2Bvf0f%2FOoH&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1&Signature=MuYvrBqZ0B4gkoB0VLn8DATXsl4ZNoUs4l%2BIG%2Ff58FWjGxGVj2Qu0teHWizf37i5aQ0dYAMxIRUizeBStEpqydWzZ%2F%2FyVwuLqBwdZecnLTN8ZQHd%2FbLM4NcmgsKqMOty6ZOqmBPlRjZwZmUa1t0TjKiKieiU7o3v2ZBaISvWFUXgMrNQ2UPw%2B%2BwVuTXXKy53HBHO%2FLemk7B41kOEf3PlP2Ua8c9twzZcjFoXsS%2BMDIyjuOLjmn9NyRHwCRVCKbxt%2Bd5kIWWhUuXoNl2unlcbqOYJJBBeZqx%2Bdmy8vT4C0OZUgVL4H%2BnwDlVxkAwgdt2Iak72wuypA4Oo%2FlEn%2BabSQQ%3D%3D Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 143.165.139.124 Statesville, United States, ASN2923 (AS-TIAA-NET, US), Reverse DNS vip-cobmsdt01eb1lbe01-02-origin-auth-st2.test.tiaa.org Software / Resource Hash `bdce215cbbf7a81273571332c076d51fc92569555f517264ed7b15d5e944eb85` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Cache-Control no-cache, no-store Connection Keep-Alive Content-Length 3386 Content-Type text/html;charset=utf-8 Date Wed, 31 Jan 2024 21:06:42 GMT Expires Thu, 01 Jan 1970 00:00:00 GMT Keep-Alive timeout=5, max=100 Pragma no-cache Referrer-Policy origin Server-Timing dtSInfo;desc="0", dtRpid;desc="1800234741" X-OneAgent-JS-Injection true Redirect headers access-control-allow-headers accept, authorization, content-type, Cache-Control, P3P, GE-IGNORE-CACHE, Signature, fromMobile, ssoToken, fromAdmin, fromGameapp, fromGtv, ManagerOrgUnitUserName, ManagerOrgUnitId, g-s-x, g-s-x-t, g-s-i-i, User-Agent, Referer, Origin, Access-Control-Allow-Headers, x-cen-1, jwt, x-api-key, centri-request-id, session-id, centri-version, LoggedBy access-control-allow-methods GET, POST, PUT, OPTIONS, HEAD cache-control no-cache content-length 0 date Wed, 31 Jan 2024 21:06:41 GMT expires -1 location https://origin-auth-st2.test.tiaa.org/idp/SSO.saml2?SAMLRequest=fVHLboMwEPwV5DvYOISoVoiUNlIbKW2iQnvozYAhlsCm3iXK59chqppecvFrZ7wzs0uQfTeI9YhH866%2BRwUYnPvOgJgKGRmdEVaCBmFkr0BgJfL1607wiInBWbSV7cgN5T5DAiiH2hoSfCoH%2FpAR%2F06Cg7MnXSv35ikZefZr06gK9UmRYLvJSNuHi0bOJZds0XCWzOqyZLN6nqQPLE3rmJWxBwKMamsApUH%2FL%2BNJyOJwFhc8FiwVSfxFgo13qI3EqfURcQBBqXW61SaUPoUQkEfoQRFqKSPrWqrrgeb5PrrY45PUyfWjNrU27X3D5RUE4qUoDuFhnxckWP%2BG8GQNjL1yuXInXamP992fpKl7pQw6Xcku6hWVg6ayquxokKozKmdk11mvm16EkdXysokpA7dqbxKc5sKX9LZ%2Bvf0f%2FOoH&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1&Signature=MuYvrBqZ0B4gkoB0VLn8DATXsl4ZNoUs4l%2BIG%2Ff58FWjGxGVj2Qu0teHWizf37i5aQ0dYAMxIRUizeBStEpqydWzZ%2F%2FyVwuLqBwdZecnLTN8ZQHd%2FbLM4NcmgsKqMOty6ZOqmBPlRjZwZmUa1t0TjKiKieiU7o3v2ZBaISvWFUXgMrNQ2UPw%2B%2BwVuTXXKy53HBHO%2FLemk7B41kOEf3PlP2Ua8c9twzZcjFoXsS%2BMDIyjuOLjmn9NyRHwCRVCKbxt%2Bd5kIWWhUuXoNl2unlcbqOYJJBBeZqx%2Bdmy8vT4C0OZUgVL4H%2BnwDlVxkAwgdt2Iak72wuypA4Oo%2FlEn%2BabSQQ%3D%3D p3p CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" pragma no-cache referrer-policy same-origin ssoredirect https://origin-auth-st2.test.tiaa.org/idp/SSO.saml2?SAMLRequest=fVHLboMwEPwV5DvYOISoVoiUNlIbKW2iQnvozYAhlsCm3iXK59chqppecvFrZ7wzs0uQfTeI9YhH866%2BRwUYnPvOgJgKGRmdEVaCBmFkr0BgJfL1607wiInBWbSV7cgN5T5DAiiH2hoSfCoH%2FpAR%2F06Cg7MnXSv35ikZefZr06gK9UmRYLvJSNuHi0bOJZds0XCWzOqyZLN6nqQPLE3rmJWxBwKMamsApUH%2FL%2BNJyOJwFhc8FiwVSfxFgo13qI3EqfURcQBBqXW61SaUPoUQkEfoQRFqKSPrWqrrgeb5PrrY45PUyfWjNrU27X3D5RUE4qUoDuFhnxckWP%2BG8GQNjL1yuXInXamP992fpKl7pQw6Xcku6hWVg6ayquxokKozKmdk11mvm16EkdXysokpA7dqbxKc5sKX9LZ%2Bvf0f%2FOoH&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1&Signature=MuYvrBqZ0B4gkoB0VLn8DATXsl4ZNoUs4l%2BIG%2Ff58FWjGxGVj2Qu0teHWizf37i5aQ0dYAMxIRUizeBStEpqydWzZ%2F%2FyVwuLqBwdZecnLTN8ZQHd%2FbLM4NcmgsKqMOty6ZOqmBPlRjZwZmUa1t0TjKiKieiU7o3v2ZBaISvWFUXgMrNQ2UPw%2B%2BwVuTXXKy53HBHO%2FLemk7B41kOEf3PlP2Ua8c9twzZcjFoXsS%2BMDIyjuOLjmn9NyRHwCRVCKbxt%2Bd5kIWWhUuXoNl2unlcbqOYJJBBeZqx%2Bdmy8vT4C0OZUgVL4H%2BnwDlVxkAwgdt2Iak72wuypA4Oo%2FlEn%2BabSQQ%3D%3D strict-transport-security max-age=31536000; includeSubDomains via 1.1 07a270ab1aab3273835b92a016f8a5dc.cloudfront.net (CloudFront) x-amz-cf-id wK-OBrErL2Dg1rMbnaAFTRWffOc9EzIDzzZfu-Cb2XjF7FPxepAamQ== x-amz-cf-pop CDG52-P1 x-cache Miss from cloudfront x-content-type-options nosniff x-xss-protection 1; mode=block
GET		ruxitagentjs_ICA2NQVfghqru_10281231207105659.js origin-auth-st2.test.tiaa.org/	0 0

POST		SSO.saml2 loginsso-dev.test.tiaa-cref.org/idp/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: origin-auth-st2.test.tiaa.org
URL: https://origin-auth-st2.test.tiaa.org/ruxitagentjs_ICA2NQVfghqru_10281231207105659.js

Domain: loginsso-dev.test.tiaa-cref.org
URL: https://loginsso-dev.test.tiaa-cref.org/idp/SSO.saml2

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

7 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
origin-auth-st2.test.tiaa.org/	1969-12-31 23:59:59	Name: PF Value: pNZzenOM2Hf7NsyyUw1ZuH
origin-auth-st2.test.tiaa.org/	1969-12-31 23:59:59	Name: BIGipServerpublictools-st2_pool_9030_federation_dev-b Value: 3391155978.17955.0000
.tiaa.org/	1969-12-31 23:59:59	Name: dtCookie Value: v_4_srv_1_sn_C7624F259024329674629CAD12AFDC8A_perc_100000_ol_0_mul_1_app-3A5dda29ad4a61437d_1_rcs-3Acss_0
origin-auth-st2.test.tiaa.org/	1969-12-31 23:59:59	Name: BIGipServerpool_origin-auth-st2_7700_dev-b Value: 621080330.5150.0000
origin-auth-st2.test.tiaa.org/	1970-01-20 18:05:36	Name: tiaa_dc Value: cobmb
origin-auth-st2.test.tiaa.org/	1969-12-31 23:59:59	Name: TS010984ce Value: 01e85d03c877636209eb462b638038c4e1895f67f8e93762643c45931f8a4cc99276ab8c8845012d0df8167a976be242aa13a529a79372c82a7d7ddf29d6da07037d3f8f1014f8f6565ef69dd11c61cffb0ebadc44693b15eb6a2a25bfc005950c184c0928a0a60801e8b6aeb2cce4c40507ae09e2
.tiaa.org/	1969-12-31 23:59:59	Name: TS01b94e3a Value: 01e85d03c8a020d1b3fc20d5da9eeb9c6c9d19bd00e93762643c45931f8a4cc99276ab8c8830d3556a65ea164629254a8053b11d1b1b1a6e9e1b85d49895423dc7924e3a51

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://origin-auth-st2.test.tiaa.org/ruxitagentjs_ICA2NQVfghqru_10281231207105659.js Message: Failed to load resource: net::ERR_CONNECTION_RESET

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

loginsso-dev.test.tiaa-cref.org
origin-auth-st2.test.tiaa.org
tiaa.centrical.me
loginsso-dev.test.tiaa-cref.org
origin-auth-st2.test.tiaa.org
143.165.139.124
52.222.149.101
bdce215cbbf7a81273571332c076d51fc92569555f517264ed7b15d5e944eb85

origin-auth-st2.test.tiaa.org Open in urlscan Pro 143.165.139.124 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

3 Requests

33 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

2 IPs

1 Countries

5 kBTransfer

3 kBSize

7 Cookies

0 Outgoing links

Page URL History

Redirected requests

3 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Failed requests

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

7 Cookies

1 Console Messages

Indicators

origin-auth-st2.test.tiaa.org Open in urlscan Pro
143.165.139.124 Public Scan

Screenshot
Live screenshot

Full Image

3
Requests

33 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

2
IPs

1
Countries

5 kB
Transfer

3 kB
Size

7
Cookies

3 HTTP transactions
0 data transactions