freddiemac.my.salesforce.com
Open in
urlscan Pro
13.110.0.49
Public Scan
Effective URL: https://freddiemac.my.salesforce.com/saml/authn-request.jsp?Issuer=https%3A%2F%2Ffreddiemac.my.salesforce.com&RelayState=%2Fidp%2Flog...
Submission: On May 03 via manual from US
Summary
TLS certificate: Issued by DigiCert SHA2 Secure Server CA on December 3rd 2017. Valid for: 3 years.
This is the only time freddiemac.my.salesforce.com was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 8 | 142.0.160.11 142.0.160.11 | 7160 (NETDYNAMICS) (NETDYNAMICS - Oracle Corporation) | |
1 | 142.0.160.10 142.0.160.10 | 7160 (NETDYNAMICS) (NETDYNAMICS - Oracle Corporation) | |
1 | 68.232.35.38 68.232.35.38 | 15133 (EDGECAST) (EDGECAST - MCI Communications Services) | |
1 2 | 13.110.0.177 13.110.0.177 | 14340 (SALESFORCE) (SALESFORCE - Salesforce.com) | |
2 | 13.110.0.49 13.110.0.49 | 14340 (SALESFORCE) (SALESFORCE - Salesforce.com) | |
1 | 13.110.3.48 13.110.3.48 | 14340 (SALESFORCE) (SALESFORCE - Salesforce.com) | |
15 | 7 |
ASN7160 (NETDYNAMICS - Oracle Corporation, US)
login.eloqua.com |
ASN7160 (NETDYNAMICS - Oracle Corporation, US)
secure.p03.eloqua.com |
ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US)
g.3gl.net |
ASN14340 (SALESFORCE - Salesforce.com, Inc., US)
PTR: dcl2-ncg0-phx3.na82-ph2.my.salesforce.com
freddiemac.my.salesforce.com |
ASN14340 (SALESFORCE - Salesforce.com, Inc., US)
PTR: dcl1-ncg0-phx3.na82-ph2.my.salesforce.com
freddiemac.my.salesforce.com |
ASN14340 (SALESFORCE - Salesforce.com, Inc., US)
PTR: dcl7-ncg0-phx3.na82-ph2.force.com
freddiemac.secure.force.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
eloqua.com
1 redirects
login.eloqua.com secure.p03.eloqua.com |
62 KB |
4 |
salesforce.com
1 redirects
freddiemac.my.salesforce.com |
13 KB |
1 |
force.com
freddiemac.secure.force.com |
2 KB |
1 |
3gl.net
g.3gl.net r.3gl.net Failed |
8 KB |
0 |
fhlmc.com
Failed
sso.3dns.fhlmc.com Failed |
|
15 | 5 |
Domain | Requested by | |
---|---|---|
8 | login.eloqua.com |
1 redirects
login.eloqua.com
|
4 | freddiemac.my.salesforce.com |
1 redirects
login.eloqua.com
freddiemac.my.salesforce.com freddiemac.secure.force.com |
1 | freddiemac.secure.force.com |
freddiemac.my.salesforce.com
|
1 | g.3gl.net |
login.eloqua.com
|
1 | secure.p03.eloqua.com |
login.eloqua.com
|
0 | sso.3dns.fhlmc.com Failed |
freddiemac.my.salesforce.com
|
0 | r.3gl.net Failed |
g.3gl.net
|
15 | 7 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
login.eloqua.com DigiCert SHA2 Secure Server CA |
2018-02-01 - 2020-02-01 |
2 years | crt.sh |
*.p03.eloqua.com DigiCert SHA2 Secure Server CA |
2019-01-14 - 2021-03-14 |
2 years | crt.sh |
s10.wac.edgecastcdn.net DigiCert SHA2 Secure Server CA |
2018-11-02 - 2020-07-20 |
2 years | crt.sh |
*.my.salesforce.com DigiCert SHA2 Secure Server CA |
2017-12-03 - 2020-12-02 |
3 years | crt.sh |
*.na82.force.com DigiCert SHA2 Secure Server CA |
2018-04-25 - 2020-04-25 |
2 years | crt.sh |
This page contains 2 frames:
Frame:
https://sso.3dns.fhlmc.com/FIM/sps/IntIDPsso/saml20/login
Frame ID: 08133CD3207E53A7DA732AD8555A18C1
Requests: 12 HTTP requests in this frame
Frame:
https://login.eloqua.com/Scripts/catchpointpatch.js
Frame ID: 3BAE2B8B54A0454B10B53571809BF06E
Requests: 3 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://login.eloqua.com/auth/saml2/autologin?LoginPrefix=FRED&ReturnUrl=/apps/salesTools/profiler?em...
HTTP 301
https://login.eloqua.com/auth/saml2/autologin?LoginPrefix=FRED&ReturnUrl=/apps/salesTools/profiler?em... Page URL
- https://login.eloqua.com/auth/saml2/autologin?LoginPrefix=FRED&ReturnUrl=%2Fapps%2FsalesTools%2Fprofi... Page URL
-
https://freddiemac.my.salesforce.com/idp/endpoint/HttpPost
HTTP 302
https://freddiemac.my.salesforce.com/idp/login?app=0sp36000000k9bh&RelayState=ReturnUrl%3D%252Fapps%252FsalesTool... Page URL
- https://freddiemac.my.salesforce.com/saml/authn-request.jsp?saml_request_id=_2CAAAAWsOW5CUME8wMzYwMDAwMDA0Qzk1AAA... Page URL
- https://freddiemac.secure.force.com/router Page URL
- https://freddiemac.my.salesforce.com/saml/authn-request.jsp?Issuer=https%3A%2F%2Ffreddiemac.my.salesforce.com&Rel... Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://login.eloqua.com/auth/saml2/autologin?LoginPrefix=FRED&ReturnUrl=/apps/salesTools/profiler?emailAddress=springvalleybank@cinci.rr.com
HTTP 301
https://login.eloqua.com/auth/saml2/autologin?LoginPrefix=FRED&ReturnUrl=/apps/salesTools/profiler?emailAddress=springvalleybank@cinci.rr.com Page URL
- https://login.eloqua.com/auth/saml2/autologin?LoginPrefix=FRED&ReturnUrl=%2Fapps%2FsalesTools%2Fprofiler%3FemailAddress%3Dspringvalleybank%40cinci.rr.com&CheckFrame=false Page URL
-
https://freddiemac.my.salesforce.com/idp/endpoint/HttpPost
HTTP 302
https://freddiemac.my.salesforce.com/idp/login?app=0sp36000000k9bh&RelayState=ReturnUrl%3D%252Fapps%252FsalesTools%252Fprofiler%253FemailAddress%253Dspringvalleybank%2540cinci.rr.com&binding=HttpPost&inresponseto=_a15b3e05-2b3f-43e9-bb69-c48b3541bb52 Page URL
- https://freddiemac.my.salesforce.com/saml/authn-request.jsp?saml_request_id=_2CAAAAWsOW5CUME8wMzYwMDAwMDA0Qzk1AAAA2qtoTMf4oJ0ZfC02pbZhx1RK2o6LRPTpiECsORgjTmwW5F_8sTZ38JFETgwVyjj539BN5ddDXvJ0CNLesXU5xefYuXX7otTISv-ZyIjnDLVKV6z5xpHanfjBR9QE6Bp_21Q-s8IfmRGOnvsZ7aYtxa33P-zEsgt--1x23Lw0qsPpQN4FCgnXuFWqu862IRJcl95zK_5LJUY2rB1O6MZ8BokAEhNFeDDHkAi5GJBSMCWAaEBViLdCmSxifVL1sMpXkA&saml_acs=https%3A%2F%2Ffreddiemac.my.salesforce.com%3Fso%3D00D36000001EOpm&saml_binding_type=HttpPost&Issuer=https%3A%2F%2Ffreddiemac.prod.my.salesforce.com&samlSsoConfig=0LE36000000XZRG&RelayState=%2Fidp%2Flogin%3Fapp%3D0sp36000000k9bh%26binding%3DHttpPost%26RelayState%3DReturnUrl%253D%25252Fapps%25252FsalesTools%25252Fprofiler%25253FemailAddress%25253Dspringvalleybank%252540cinci.rr.com%26inresponseto%3D_a15b3e05-2b3f-43e9-bb69-c48b3541bb52 Page URL
- https://freddiemac.secure.force.com/router Page URL
- https://freddiemac.my.salesforce.com/saml/authn-request.jsp?Issuer=https%3A%2F%2Ffreddiemac.my.salesforce.com&RelayState=%2Fidp%2Flogin%3Fapp%3D0sp36000000k9bh%26binding%3DHttpPost%26RelayState%3DReturnUrl%253D%25252Fapps%25252FsalesTools%25252Fprofiler%25253FemailAddress%25253Dspringvalleybank%252540cinci.rr.com%26inresponseto%3D_a15b3e05-2b3f-43e9-bb69-c48b3541bb52&saml_acs=https%3A%2F%2Ffreddiemac.my.salesforce.com%3Fso%3D00D36000001EOpm&saml_binding_type=HttpPost&saml_request_id=_2CAAAAWsOW5iWME8wMzYwMDAwMDA0Qzk1AAAA2hy3l6GJbxSI8_D3DwWEyoMxF94mwhp3ifNeEI2nvJx8b0vx_0hOGf5J1PH3lPH2ZxE_vWUZjKUZlwkXXbGDvgBbP90Sjb8DAwi5o_211teSPRVE6MKe4qo5tOfJaB5w-74yBuM-EdDdHAyHhThsselwc7QgGYeWh1u2flKVz7sI6yequCjBk4v0rSwYjI6kFAM9vq-olnv04pPSsiiHTPm21VJ_QQ-raBETOIzibscz-M_H4fM5LZXKnDtLJNcKwQ&samlSsoConfig=0LE36000000H1We Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://login.eloqua.com/auth/saml2/autologin?LoginPrefix=FRED&ReturnUrl=/apps/salesTools/profiler?emailAddress=springvalleybank@cinci.rr.com HTTP 301
- https://login.eloqua.com/auth/saml2/autologin?LoginPrefix=FRED&ReturnUrl=/apps/salesTools/profiler?emailAddress=springvalleybank@cinci.rr.com
- https://freddiemac.my.salesforce.com/idp/endpoint/HttpPost HTTP 302
- https://freddiemac.my.salesforce.com/idp/login?app=0sp36000000k9bh&RelayState=ReturnUrl%3D%252Fapps%252FsalesTools%252Fprofiler%253FemailAddress%253Dspringvalleybank%2540cinci.rr.com&binding=HttpPost&inresponseto=_a15b3e05-2b3f-43e9-bb69-c48b3541bb52
15 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Cookie set
autologin
login.eloqua.com/auth/saml2/ Redirect Chain
|
7 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login-1-custom-bootstrap.min.css
login.eloqua.com/Content/alta/ |
55 KB 11 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-2.2.3.min.js
secure.p03.eloqua.com/static/scripts/ |
84 KB 30 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
catchpoint.js
login.eloqua.com/Scripts/ |
6 KB 3 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
custom-bootstrap.min.js
login.eloqua.com/Scripts/ |
39 KB 11 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
catchpointpatch.js
login.eloqua.com/Scripts/ Frame 3BAE |
248 B 696 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Cookie set
autologin
login.eloqua.com/auth/saml2/ |
5 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
M
g.3gl.net/jp/345/v3/ Frame 3BAE |
24 KB 8 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST |
r.p
r.3gl.net/hawklogserver/ Frame 3BAE |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
saml2-httppost-formcode.js
login.eloqua.com/Scripts/ |
197 B 677 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login
freddiemac.my.salesforce.com/idp/ Redirect Chain
|
2 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
authn-request.jsp
freddiemac.my.salesforce.com/saml/ |
6 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
Cookie set
router
freddiemac.secure.force.com/ |
1 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
Cookie set
authn-request.jsp
freddiemac.my.salesforce.com/saml/ |
8 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST |
login
sso.3dns.fhlmc.com/FIM/sps/IntIDPsso/saml20/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- r.3gl.net
- URL
- https://r.3gl.net/hawklogserver/r.p
- Domain
- sso.3dns.fhlmc.com
- URL
- https://sso.3dns.fhlmc.com/FIM/sps/IntIDPsso/saml20/login
Verdicts & Comments Add Verdict or Comment
0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | connect-src 'self' r.3gl.net;default-src 'self';script-src 'self' secure.p03.eloqua.com g.3gl.net 'nonce-ODU5YmUwOWFmMWM1NDE2NDk5MTVhZTZjZTQwNmMyNTI=';style-src 'self' 'nonce-NjkyZGM1ZjcyYWYzNDNjMmEwMzM0NWMxNmU1ODM0OTA=';upgrade-insecure-requests |
Strict-Transport-Security | max-age=31536000; includeSubDomains |
X-Content-Type-Options | nosniff |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
freddiemac.my.salesforce.com
freddiemac.secure.force.com
g.3gl.net
login.eloqua.com
r.3gl.net
secure.p03.eloqua.com
sso.3dns.fhlmc.com
r.3gl.net
sso.3dns.fhlmc.com
13.110.0.177
13.110.0.49
13.110.3.48
142.0.160.10
142.0.160.11
68.232.35.38
04a777f72f72f587bf1a6fb13bc7f3677ba73adc178bd500fd87585b03240e0c
63322ebbc581e835472f7f66d664a1208b2d8f5ba87561794237f9fa1b54da4b
71b111c0838c7472ac2bdc85f4f6536961e8b62bdb8cb3f7511d671673da402e
7254af57d6b76391e98cefa68ca3b1175f6775a072e84a730fcab4a87ea2e423
876efa317e7fb23bc1f7f093db85dd89f0a95ee781ae929577d1bdcca6df8691
8bbf50778ed73453fcc8581f616f1461575c860b6e8d74bc040e7029b888d832
b0bdfeba1b88e80f72534f4e730317bcf67b949aa1593613a1303b327923d110