urlscan.io logo urlscan.io
SecurityTrails logo

origin-auth-st2.test.tiaa.org Open in urlscan Pro
143.165.139.124  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://tiaa.centrical.me/api/account/externallogin/saml
Effective URL: https://origin-auth-st2.test.tiaa.org/idp/SSO.saml2?SAMLRequest=fVHLbsIwEPyVyPfEweJRLECiRWqRaEFN2kNvjrMJlhI79W4Qn18TVJVeuPi1M96Z2QWqtu...
Submission: On February 14 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 3 domains to perform 3 HTTP transactions. The main IP is 143.165.139.124, located in United States and belongs to AS-TIAA-NET, US. The main domain is origin-auth-st2.test.tiaa.org.
TLS certificate: Issued by Sectigo RSA Organization Validation S... on October 26th 2023. Valid for: a year.
This is the only time origin-auth-st2.test.tiaa.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 18.245.60.26 16509 (AMAZON-02)
1 143.165.139.124 2923 (AS-TIAA-NET)
3 2
Apex Domain
Subdomains		 Transfer
1 tiaa.org
origin-auth-st2.test.tiaa.org
5 KB
1 centrical.me
tiaa.centrical.me
2 KB
0 tiaa-cref.org Failed
loginsso-dev.test.tiaa-cref.org Failed
3 3
Domain Requested by
1 origin-auth-st2.test.tiaa.org origin-auth-st2.test.tiaa.org
1 tiaa.centrical.me 1 redirects
0 loginsso-dev.test.tiaa-cref.org Failed
3 3

This site contains no links.

Subject Issuer Validity Valid
origin-auth-st2.test.tiaa.org
Sectigo RSA Organization Validation Secure Server CA		 2023-10-26 -
2024-10-25		 a year crt.sh

This page contains 1 frames:

Frame: https://loginsso-dev.test.tiaa-cref.org/idp/SSO.saml2
Frame ID: 5D002ED64F7C6FD2B0E0D805FD2FD5C4
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://tiaa.centrical.me/api/account/externallogin/saml HTTP 302
    https://origin-auth-st2.test.tiaa.org/idp/SSO.saml2?SAMLRequest=fVHLbsIwEPyVyPfEweJRLECiRWqRaEFN2kNvjrMJlhI79W4Qn1... Page URL

Page Statistics

3
Requests

33 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

2
IPs

1
Countries

5 kB
Transfer

3 kB
Size

7
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://tiaa.centrical.me/api/account/externallogin/saml HTTP 302
    https://origin-auth-st2.test.tiaa.org/idp/SSO.saml2?SAMLRequest=fVHLbsIwEPyVyPfEweJRLECiRWqRaEFN2kNvjrMJlhI79W4Qn18TVJVeuPi1M96Z2QWqtunkuqejfYfvHpCic9tYlENhyXpvpVNoUFrVAkrSMlu%2F7qRIUtl5R067ht1Q7jMUIngyzrLoEzyGw5KFdxYdvDuZEvxboCzZc1irCjSZE7Bou1myuo3HuphVRTEVqZqNhS6LMp1V5WguiuJhMi%2BnAYjYw9YiKUvh31SM41TEo3E%2Bmsp0Jifii0Wb4NBYRUPrI1GHknPnTW1srEIKMZJIKIASMkolztfclB3Psn1ysScGqYPrR2NLY%2Bv7hosrCOVLnh%2Fiwz7LWbT%2BDeHJWexb8Bn4k9Hw8b77kzR012DJG62apAWuOsOV1q63xOFM4K1qGhd084swtlpcNjlk4Ff1TYLDXMSC39avt%2F%2BDX%2F0A&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1&Signature=TXTsd84RVPKyaS2OPkFukvtZL0KXwfZ4C5VMK5F8%2FnjDqTygk1wD%2FZm3Fe7vIQ%2F8cDtUZCVKa8XGG22Mhsf7mQwZ0vCCkMTFmWSKxB4Of3Z7fUEXO8YUaCyOedRsyUuqOoAamlFnsfUlNb2l0Vo1wwmGw6ktsMxGDmsLcPD96rpUgDVn%2FtLsEAWur9f5dAh49M3qhXeszb57o35ARaS8U3d5bgTVsuVWa9MtFH3Dvi4jFroA%2BE6WKBaHGORjnNFg%2BM9F%2FNamobHzGSBZt%2BOSkSLiDZYaBBXXS2Y1nCeEB5AckUcUEBesR81n%2BYbT2n2TM2wkKnQ1rqKrKa0h0ZIaKg%3D%3D Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

3 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request SSO.saml2
origin-auth-st2.test.tiaa.org/idp/
Redirect Chain
  • https://tiaa.centrical.me/api/account/externallogin/saml
  • https://origin-auth-st2.test.tiaa.org/idp/SSO.saml2?SAMLRequest=fVHLbsIwEPyVyPfEweJRLECiRWqRaEFN2kNvjrMJlhI79W4Qn18TVJVeuPi1M96Z2QWqtunkuqejfYfvHpCic9tYlENhyXpvpVNoUFrVAkrSMlu%2F7qRIUtl5R067ht1Q7jM...
3 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://origin-auth-st2.test.tiaa.org/idp/SSO.saml2?SAMLRequest=fVHLbsIwEPyVyPfEweJRLECiRWqRaEFN2kNvjrMJlhI79W4Qn18TVJVeuPi1M96Z2QWqtunkuqejfYfvHpCic9tYlENhyXpvpVNoUFrVAkrSMlu%2F7qRIUtl5R067ht1Q7jMUIngyzrLoEzyGw5KFdxYdvDuZEvxboCzZc1irCjSZE7Bou1myuo3HuphVRTEVqZqNhS6LMp1V5WguiuJhMi%2BnAYjYw9YiKUvh31SM41TEo3E%2Bmsp0Jifii0Wb4NBYRUPrI1GHknPnTW1srEIKMZJIKIASMkolztfclB3Psn1ysScGqYPrR2NLY%2Bv7hosrCOVLnh%2Fiwz7LWbT%2BDeHJWexb8Bn4k9Hw8b77kzR012DJG62apAWuOsOV1q63xOFM4K1qGhd084swtlpcNjlk4Ff1TYLDXMSC39avt%2F%2BDX%2F0A&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1&Signature=TXTsd84RVPKyaS2OPkFukvtZL0KXwfZ4C5VMK5F8%2FnjDqTygk1wD%2FZm3Fe7vIQ%2F8cDtUZCVKa8XGG22Mhsf7mQwZ0vCCkMTFmWSKxB4Of3Z7fUEXO8YUaCyOedRsyUuqOoAamlFnsfUlNb2l0Vo1wwmGw6ktsMxGDmsLcPD96rpUgDVn%2FtLsEAWur9f5dAh49M3qhXeszb57o35ARaS8U3d5bgTVsuVWa9MtFH3Dvi4jFroA%2BE6WKBaHGORjnNFg%2BM9F%2FNamobHzGSBZt%2BOSkSLiDZYaBBXXS2Y1nCeEB5AckUcUEBesR81n%2BYbT2n2TM2wkKnQ1rqKrKa0h0ZIaKg%3D%3D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.165.139.124 , United States, ASN2923 (AS-TIAA-NET, US),
Reverse DNS
vip-cobmsdt01eb1lbe01-02-origin-auth-st2.test.tiaa.org
Software
/
Resource Hash
e0ddc67a5e13f0eb3f3aa2f5a9096de19380068fb73ab230962810fd2512f7e6

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-cache, no-store
Connection
Keep-Alive
Content-Length
3384
Content-Type
text/html;charset=utf-8
Date
Wed, 14 Feb 2024 16:07:54 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive
timeout=5, max=100
Pragma
no-cache
Referrer-Policy
origin
Server-Timing
dtSInfo;desc="0", dtRpid;desc="-691062027"
X-OneAgent-JS-Injection
true

Redirect headers

access-control-allow-headers
accept, authorization, content-type, Cache-Control, P3P, GE-IGNORE-CACHE, Signature, fromMobile, ssoToken, fromAdmin, fromGameapp, fromGtv, ManagerOrgUnitUserName, ManagerOrgUnitId, g-s-x, g-s-x-t, g-s-i-i, User-Agent, Referer, Origin, Access-Control-Allow-Headers, x-cen-1, jwt, x-api-key, centri-request-id, session-id, centri-version, LoggedBy, test-name
access-control-allow-methods
GET, POST, PUT, OPTIONS, HEAD
cache-control
no-cache
content-length
0
date
Wed, 14 Feb 2024 16:07:52 GMT
expires
-1
location
https://origin-auth-st2.test.tiaa.org/idp/SSO.saml2?SAMLRequest=fVHLbsIwEPyVyPfEweJRLECiRWqRaEFN2kNvjrMJlhI79W4Qn18TVJVeuPi1M96Z2QWqtunkuqejfYfvHpCic9tYlENhyXpvpVNoUFrVAkrSMlu%2F7qRIUtl5R067ht1Q7jMUIngyzrLoEzyGw5KFdxYdvDuZEvxboCzZc1irCjSZE7Bou1myuo3HuphVRTEVqZqNhS6LMp1V5WguiuJhMi%2BnAYjYw9YiKUvh31SM41TEo3E%2Bmsp0Jifii0Wb4NBYRUPrI1GHknPnTW1srEIKMZJIKIASMkolztfclB3Psn1ysScGqYPrR2NLY%2Bv7hosrCOVLnh%2Fiwz7LWbT%2BDeHJWexb8Bn4k9Hw8b77kzR012DJG62apAWuOsOV1q63xOFM4K1qGhd084swtlpcNjlk4Ff1TYLDXMSC39avt%2F%2BDX%2F0A&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1&Signature=TXTsd84RVPKyaS2OPkFukvtZL0KXwfZ4C5VMK5F8%2FnjDqTygk1wD%2FZm3Fe7vIQ%2F8cDtUZCVKa8XGG22Mhsf7mQwZ0vCCkMTFmWSKxB4Of3Z7fUEXO8YUaCyOedRsyUuqOoAamlFnsfUlNb2l0Vo1wwmGw6ktsMxGDmsLcPD96rpUgDVn%2FtLsEAWur9f5dAh49M3qhXeszb57o35ARaS8U3d5bgTVsuVWa9MtFH3Dvi4jFroA%2BE6WKBaHGORjnNFg%2BM9F%2FNamobHzGSBZt%2BOSkSLiDZYaBBXXS2Y1nCeEB5AckUcUEBesR81n%2BYbT2n2TM2wkKnQ1rqKrKa0h0ZIaKg%3D%3D
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
pragma
no-cache
referrer-policy
same-origin
ssoredirect
https://origin-auth-st2.test.tiaa.org/idp/SSO.saml2?SAMLRequest=fVHLbsIwEPyVyPfEweJRLECiRWqRaEFN2kNvjrMJlhI79W4Qn18TVJVeuPi1M96Z2QWqtunkuqejfYfvHpCic9tYlENhyXpvpVNoUFrVAkrSMlu%2F7qRIUtl5R067ht1Q7jMUIngyzrLoEzyGw5KFdxYdvDuZEvxboCzZc1irCjSZE7Bou1myuo3HuphVRTEVqZqNhS6LMp1V5WguiuJhMi%2BnAYjYw9YiKUvh31SM41TEo3E%2Bmsp0Jifii0Wb4NBYRUPrI1GHknPnTW1srEIKMZJIKIASMkolztfclB3Psn1ysScGqYPrR2NLY%2Bv7hosrCOVLnh%2Fiwz7LWbT%2BDeHJWexb8Bn4k9Hw8b77kzR012DJG62apAWuOsOV1q63xOFM4K1qGhd084swtlpcNjlk4Ff1TYLDXMSC39avt%2F%2BDX%2F0A&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1&Signature=TXTsd84RVPKyaS2OPkFukvtZL0KXwfZ4C5VMK5F8%2FnjDqTygk1wD%2FZm3Fe7vIQ%2F8cDtUZCVKa8XGG22Mhsf7mQwZ0vCCkMTFmWSKxB4Of3Z7fUEXO8YUaCyOedRsyUuqOoAamlFnsfUlNb2l0Vo1wwmGw6ktsMxGDmsLcPD96rpUgDVn%2FtLsEAWur9f5dAh49M3qhXeszb57o35ARaS8U3d5bgTVsuVWa9MtFH3Dvi4jFroA%2BE6WKBaHGORjnNFg%2BM9F%2FNamobHzGSBZt%2BOSkSLiDZYaBBXXS2Y1nCeEB5AckUcUEBesR81n%2BYbT2n2TM2wkKnQ1rqKrKa0h0ZIaKg%3D%3D
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 76f18545659f3cecc2213d8e93d15fb2.cloudfront.net (CloudFront)
x-amz-cf-id
P589ER18qsfF7z9DM53TcdyQvm1x16ru-Wwl8YSOMh2MYu07sYPXmA==
x-amz-cf-pop
FRA60-P5
x-cache
Miss from cloudfront
x-content-type-options
nosniff
x-xss-protection
1; mode=block
ruxitagentjs_ICA2NQVfghqru_10283240117152214.js
origin-auth-st2.test.tiaa.org/ 		0
0
SSO.saml2
loginsso-dev.test.tiaa-cref.org/idp/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
origin-auth-st2.test.tiaa.org
URL
https://origin-auth-st2.test.tiaa.org/ruxitagentjs_ICA2NQVfghqru_10283240117152214.js
Domain
loginsso-dev.test.tiaa-cref.org
URL
https://loginsso-dev.test.tiaa-cref.org/idp/SSO.saml2

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

7 Cookies

Domain/Path Name / Value
origin-auth-st2.test.tiaa.org/ Name: PF
Value: 1tOrjgQmEH1CuFYEVNWYMH
origin-auth-st2.test.tiaa.org/ Name: BIGipServerpublictools-st2_pool_9030_federation_dev-b
Value: 3407933194.17955.0000
.tiaa.org/ Name: dtCookie
Value: v_4_srv_5_sn_3B9E7ED871B73AD2F68BC70FE7C4DFC3_perc_100000_ol_0_mul_1_app-3A5dda29ad4a61437d_1_rcs-3Acss_0
origin-auth-st2.test.tiaa.org/ Name: BIGipServerpool_origin-auth-st2_7700_dev-b
Value: 621080330.5150.0000
origin-auth-st2.test.tiaa.org/ Name: tiaa_dc
Value: cobmb
origin-auth-st2.test.tiaa.org/ Name: TS010984ce
Value: 01e85d03c8428154a168e12fb8b464f59ba4597d6a94ea45fcb7bb5494408568fe9fb0f61998828e2bab3b0e9bb05aeb24bc83e1bc52a4a2970de5436e7d35421374636a10ba74967ca7e4bbe153b697bd1c019b18e4b323030b936c8fc1550f19ca783667a53e5ebd4dbd659c81972a9fdc18f062
.tiaa.org/ Name: TS01b94e3a
Value: 01e85d03c88d09a11e12ae46d2a46ce8b615b248a394ea45fcb7bb5494408568fe9fb0f619f23db44e51df3cbb44514702d864cb476c40d00f2d8236199b32abb87c18c98f

1 Console Messages

Source Level URL
Text
network error URL: https://origin-auth-st2.test.tiaa.org/ruxitagentjs_ICA2NQVfghqru_10283240117152214.js
Message:
Failed to load resource: net::ERR_CONNECTION_RESET

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

loginsso-dev.test.tiaa-cref.org
origin-auth-st2.test.tiaa.org
tiaa.centrical.me
loginsso-dev.test.tiaa-cref.org
origin-auth-st2.test.tiaa.org
143.165.139.124
18.245.60.26
e0ddc67a5e13f0eb3f3aa2f5a9096de19380068fb73ab230962810fd2512f7e6