auth.tiaa.org
Open in
urlscan Pro
104.89.26.18
Public Scan
Effective URL: https://auth.tiaa.org/idp/SSO.saml2?SAMLRequest=hZJdc6owEIb%2FCpN7kQ9ByRQd%2FKqtKCgi1hsnYhROIcEk0OqvP1SPMz3nomdn9iKzm3...
Submission: On May 18 via api from US — Scanned from DE
Summary
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on January 24th 2022. Valid for: 9 months.
This is the only time auth.tiaa.org was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 2 | 13.109.184.181 13.109.184.181 | 14340 (SALESFORCE) (SALESFORCE) | |
6 | 104.89.26.18 104.89.26.18 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
7 | 2 |
ASN14340 (SALESFORCE, US)
PTR: dcl9-ncg1-c5-iad4.na160-ia4.my.salesforce.com
nuveen.my.salesforce.com |
ASN16625 (AKAMAI-AS, US)
PTR: a104-89-26-18.deploy.static.akamaitechnologies.com
auth.tiaa.org |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
tiaa.org
auth.tiaa.org — Cisco Umbrella Rank: 181957 |
29 KB |
2 |
salesforce.com
1 redirects
nuveen.my.salesforce.com |
5 KB |
7 | 2 |
Domain | Requested by | |
---|---|---|
6 | auth.tiaa.org |
nuveen.my.salesforce.com
auth.tiaa.org |
2 | nuveen.my.salesforce.com | 1 redirects |
7 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.my.salesforce.com DigiCert TLS RSA SHA256 2020 CA1 |
2021-07-09 - 2022-07-08 |
a year | crt.sh |
www.tiaa.org DigiCert SHA2 Extended Validation Server CA |
2022-01-24 - 2022-10-22 |
9 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://auth.tiaa.org/idp/SSO.saml2?SAMLRequest=hZJdc6owEIb%2FCpN7kQ9ByRQd%2FKqtKCgi1hsnYhROIcEk0OqvP1SPMz3nomdn9iKzm33f2X2eep95JlWY8ZQSG6iyAiRMYnpIyckG4Wrc6IBe94mjPCugU4qELPG5xFxI9T%2FC4a1gg5IRSBFPOSQoxxyKGAbOzIWarMCCUUFjmgHJ4RwzUQsNKOFljlmAWZXGOFy6NkiEKDhsNklZYUzk%2FCJzlGF%2BpCzGckzzHqe2ogzViXILz%2FJ8IA1rJylB4mb%2BMQHVNmWRIiRTdmqmh6IZBJ785VQD0svQBjtt4NTxNqb%2BtbWZDZ2Pf%2FOr3HY6TjRCWJzeL%2BbAMq5WFIVj52iqc9X1GqTMKp9fJuEomkfJYWNYyZqJxPOzadvdbdzR%2BPI%2B28ZnY1y210YxjY00W%2FSH7ITbi3C57W%2FTpTFQeaW9BJvlIRpMaOeZtT89n%2Bl%2BsjfbnWtlxl5QIPWNHcPjaq9jHH%2FMZsr1UiTaqbMo36fOOtAvlvmc65O%2BHy12izWv5u6oMhakRIV%2BvO6KV5qaDSRepyNr%2B5HhJLQIwWQfhmboBBs%2F9FvaMqze8l8441Y8Oe9PB3etH1F%2FfHbqbXFe4hfCBSLCBpqiaQ3FaKidlWrClg6VltxSjS2Q%2FD837qfkTs5PQOzvTRxOViu%2F4XvBCkjrB4F1A7jzBm%2Fi7BtoP49FD7pA938sPTW%2FCXTvr7%2Fx7v4G&RelayState=%2F_ui%2Fcore%2Ffeeds%2Fnotification%2FChatterEmailSettings%3Famp%253Bemkind%3DchatterPostNotification%26amp%253Bs1nid%3D000000000000000%26setupid%3DCollaborationEmailSettings%26amp%253Bs1oid%3D00D1H000000O9OP%26amp%253Bs1uid%3D0051H000009SAGJ%26amp%253BfromEmail%3D1%26amp%253Bs1ext%3D0%26amp%253Bemtm%3D1652881657246&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=H565iGKa%2BNYDtaT%2BAIrwtxr%2F0fKZVlZIytRJnvtkwnH9oY5OtgZnvW3eSwRts8zICNZgkILyyRvnRep63t%2Bv3rwkC3RLEkG3LuUdh8BcGvKYIhEw54P%2FymZC32%2Bw7PNQf5v%2F6fz1QjhHdAwpkxx7fFKXRIF%2BlCjkERdvvCwdhnds8klW2LWWyF%2BwBFT%2FLuSVx3HS%2F2BQsDodnn5uRvo%2Bzg2h0S0MNb0q3KiWp9dNswAlyzzabAby3NS5hILrnIRD5nbZV7TfAf9784k%2BNPH1NuNNgbLvZcHt5UiBbtDiArAqkdQejI6OtABlvsb%2BEACDqhzZIhM2TR%2Fu3IL1vjRvc4%2B7rWQ8AQqhjWsuTDyl8y114%2FEodgkUd6aj8Y9zEGi5NxHBL4qxHxY7zFeTp9XZqpKuxcYjf9RN1eYKyskknPzNBQB71KxtrLDuTT3EYk5%2BkQWj1Ci0iNyaZEURMR7KRC9ldfuOKMshWmES2I8wEfKgBf7ZDRGBNS11Ps15vsulsBwC8t1cfa49BBQ4o9USRqwwhWdNJZQWlz%2BqjV%2FJ8pjCwBIWINbQL4aJXuA3TzvZBPcIP48%2FqSkuUawRkc%2FIO0jsZaRhIMRP0DtDs8XncZoP9tI95CG%2FtvxD9nnGeGSaHxtvMZKErolbA0BfdS%2BZJfv05zl11aqfulQsfzs1Mmg%3D
Frame ID: 52F4257C5C7ADBECD93E9B37AD7D72AD
Requests: 7 HTTP requests in this frame
Screenshot
Page Title
Select Authentication SystemPage URL History Show full URLs
- https://nuveen.my.salesforce.com/_ui/core/feeds/notification/ChatterEmailSettings?setupid=CollaborationEmailS... Page URL
-
https://nuveen.my.salesforce.com/saml/authn-request.jsp?saml_request_id=_2CAAAAYFoPz4XMDAwMDAwMDAwMDAwMDAwAAA...
HTTP 302
https://auth.tiaa.org/idp/SSO.saml2?SAMLRequest=hZJdc6owEIb%2FCpN7kQ9ByRQd%2FKqtKCgi1hsnYhROIcEk0O... Page URL
Detected technologies
Akamai Bot Manager (Security) ExpandDetected patterns
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://nuveen.my.salesforce.com/_ui/core/feeds/notification/ChatterEmailSettings?setupid=CollaborationEmailSettings&fromEmail=1&s1oid=00D1H000000O9OP&s1nid=000000000000000&s1uid=0051H000009SAGJ&s1ext=0&emkind=chatterPostNotification&emtm=1652881657246 Page URL
-
https://nuveen.my.salesforce.com/saml/authn-request.jsp?saml_request_id=_2CAAAAYFoPz4XMDAwMDAwMDAwMDAwMDAwAAAA7A8AWEaetgky6C95z9WWUFAf61N1LO-nulvPsyHUEWNWhdX59hVrthOPlK7L_XLEFykMZcq5Fu7V5pKc5ilQBDrge7QURZBZiR5C1sv2ISXRdWCHo8Gr7xOPr3Phb678zv6cOSpa1YrfUfTb3eecwMM0zyph2g8QukKAVS3y96Gm3HBPWQ_QVsvNLEv5Qnuap3fz_pJoi6-atJKE9ZwlehU9nnenbUU6UASXPUP42RUvYmjels9cHqbgdLV3faBFqA&saml_acs=https%3A%2F%2Fnuveen.my.salesforce.com%3Fso%3D00D1H000000O9OP&saml_binding_type=HttpRedirect&Issuer=https%3A%2F%2Fnuveen.my.salesforce.com&samlSsoConfig=0LE1H000000g95u&RelayState=%2F_ui%2Fcore%2Ffeeds%2Fnotification%2FChatterEmailSettings%3Famp%253Bemkind%3DchatterPostNotification%26amp%253Bs1nid%3D000000000000000%26setupid%3DCollaborationEmailSettings%26amp%253Bs1oid%3D00D1H000000O9OP%26amp%253Bs1uid%3D0051H000009SAGJ%26amp%253BfromEmail%3D1%26amp%253Bs1ext%3D0%26amp%253Bemtm%3D1652881657246
HTTP 302
https://auth.tiaa.org/idp/SSO.saml2?SAMLRequest=hZJdc6owEIb%2FCpN7kQ9ByRQd%2FKqtKCgi1hsnYhROIcEk0OqvP1SPMz3nomdn9iKzm33f2X2eep95JlWY8ZQSG6iyAiRMYnpIyckG4Wrc6IBe94mjPCugU4qELPG5xFxI9T%2FC4a1gg5IRSBFPOSQoxxyKGAbOzIWarMCCUUFjmgHJ4RwzUQsNKOFljlmAWZXGOFy6NkiEKDhsNklZYUzk%2FCJzlGF%2BpCzGckzzHqe2ogzViXILz%2FJ8IA1rJylB4mb%2BMQHVNmWRIiRTdmqmh6IZBJ785VQD0svQBjtt4NTxNqb%2BtbWZDZ2Pf%2FOr3HY6TjRCWJzeL%2BbAMq5WFIVj52iqc9X1GqTMKp9fJuEomkfJYWNYyZqJxPOzadvdbdzR%2BPI%2B28ZnY1y210YxjY00W%2FSH7ITbi3C57W%2FTpTFQeaW9BJvlIRpMaOeZtT89n%2Bl%2BsjfbnWtlxl5QIPWNHcPjaq9jHH%2FMZsr1UiTaqbMo36fOOtAvlvmc65O%2BHy12izWv5u6oMhakRIV%2BvO6KV5qaDSRepyNr%2B5HhJLQIwWQfhmboBBs%2F9FvaMqze8l8441Y8Oe9PB3etH1F%2FfHbqbXFe4hfCBSLCBpqiaQ3FaKidlWrClg6VltxSjS2Q%2FD837qfkTs5PQOzvTRxOViu%2F4XvBCkjrB4F1A7jzBm%2Fi7BtoP49FD7pA938sPTW%2FCXTvr7%2Fx7v4G&RelayState=%2F_ui%2Fcore%2Ffeeds%2Fnotification%2FChatterEmailSettings%3Famp%253Bemkind%3DchatterPostNotification%26amp%253Bs1nid%3D000000000000000%26setupid%3DCollaborationEmailSettings%26amp%253Bs1oid%3D00D1H000000O9OP%26amp%253Bs1uid%3D0051H000009SAGJ%26amp%253BfromEmail%3D1%26amp%253Bs1ext%3D0%26amp%253Bemtm%3D1652881657246&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=H565iGKa%2BNYDtaT%2BAIrwtxr%2F0fKZVlZIytRJnvtkwnH9oY5OtgZnvW3eSwRts8zICNZgkILyyRvnRep63t%2Bv3rwkC3RLEkG3LuUdh8BcGvKYIhEw54P%2FymZC32%2Bw7PNQf5v%2F6fz1QjhHdAwpkxx7fFKXRIF%2BlCjkERdvvCwdhnds8klW2LWWyF%2BwBFT%2FLuSVx3HS%2F2BQsDodnn5uRvo%2Bzg2h0S0MNb0q3KiWp9dNswAlyzzabAby3NS5hILrnIRD5nbZV7TfAf9784k%2BNPH1NuNNgbLvZcHt5UiBbtDiArAqkdQejI6OtABlvsb%2BEACDqhzZIhM2TR%2Fu3IL1vjRvc4%2B7rWQ8AQqhjWsuTDyl8y114%2FEodgkUd6aj8Y9zEGi5NxHBL4qxHxY7zFeTp9XZqpKuxcYjf9RN1eYKyskknPzNBQB71KxtrLDuTT3EYk5%2BkQWj1Ci0iNyaZEURMR7KRC9ldfuOKMshWmES2I8wEfKgBf7ZDRGBNS11Ps15vsulsBwC8t1cfa49BBQ4o9USRqwwhWdNJZQWlz%2BqjV%2FJ8pjCwBIWINbQL4aJXuA3TzvZBPcIP48%2FqSkuUawRkc%2FIO0jsZaRhIMRP0DtDs8XncZoP9tI95CG%2FtvxD9nnGeGSaHxtvMZKErolbA0BfdS%2BZJfv05zl11aqfulQsfzs1Mmg%3D Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
7 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
ChatterEmailSettings
nuveen.my.salesforce.com/_ui/core/feeds/notification/ |
2 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
SSO.saml2
auth.tiaa.org/idp/ Redirect Chain
|
4 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.css
auth.tiaa.org/assets/css/ |
8 KB 3 KB |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
2OW4
auth.tiaa.org/mIrZBF7duQ/f0yoXU/YXFS/w5SOXD3L5Gih/Ay9OAQ/VwQzfnZ/ |
84 KB 21 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
2OW4
auth.tiaa.org/mIrZBF7duQ/f0yoXU/YXFS/w5SOXD3L5Gih/Ay9OAQ/VwQzfnZ/ |
18 B 679 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
2OW4
auth.tiaa.org/mIrZBF7duQ/f0yoXU/YXFS/w5SOXD3L5Gih/Ay9OAQ/VwQzfnZ/ |
18 B 679 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
2OW4
auth.tiaa.org/mIrZBF7duQ/f0yoXU/YXFS/w5SOXD3L5Gih/Ay9OAQ/VwQzfnZ/ |
18 B 661 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
15 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone function| getScreenDetails object| _acxj object| _cf object| bmak undefined| bm_counter object| bm_script undefined| scripts string| bm_url object| url_split string| obfus_state_field string| state_field_str string| _sd_trace14 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
nuveen.my.salesforce.com/ | Name: CookieConsentPolicy Value: 0:1 |
|
nuveen.my.salesforce.com/ | Name: LSKey-c$CookieConsentPolicy Value: 0:1 |
|
.salesforce.com/ | Name: BrowserId Value: llf1P9bJEeyusQ0umIDLmQ |
|
.salesforce.com/ | Name: BrowserId_sec Value: llf1P9bJEeyusQ0umIDLmQ |
|
auth.tiaa.org/ | Name: PF Value: Jm5JI78xnljMj7jJqnhHLL |
|
auth.tiaa.org/ | Name: BIGipServerpool_publictools-ha-federation_9030_prod-b Value: 1344310538.17955.0000 |
|
auth.tiaa.org/ | Name: BIGipServerpool_origin-auth-ha_7700_prod-b Value: 218402058.5150.0000 |
|
auth.tiaa.org/ | Name: tiaa_dc Value: nch1 |
|
auth.tiaa.org/ | Name: TS010984ce Value: 01305a3a9c581d8a480264bcf2516a8db84a97194bcbedf46015035edac3f1c83de7deb2da4f1cdf01d1173a1ac0994531c39ee85f18667e99fcbdf14b72cf8a8dd9eb624c6d3c3b38f81afa4d53a43fe9e8c39c75a73c17653ef72534cb3d00ffff779ac01a04290a861d302cd85578f6ceb7d7e5 |
|
auth.tiaa.org/ | Name: TS6938356b027 Value: 083ff657f1ab20009a4a59121c0ed939712213115dc70f4053d079dc5c9d3e41f630ab9eb897303208584c1c12113000aa2d562c305e5031efe4d5ad1904119659ea15f52e96efc5fb5e759387ac5b38cae793b8c97114e1b168407094659847 |
|
.tiaa.org/ | Name: ak_bmsc Value: 767B930EB29748BE8A6905428E275377~000000000000000000000000000000~YAAQbeF7XIDqftCAAQAAmjIN2A9iRLP1/esKVisFm123vYFOK+ZvpuIiii8B/zFyg9qzDujfwAYeV+s3agA3b1Amh7i1rV+eEiI9/Z4OQKgy5LclXuoPWoDYGAxmBOkdQvjY+5mqD4qsJFQ0lkZ18rSxrZV+lg3tPTpjTtIcuHUUr3FSMVwMN3bVZf5cAghRUsZvxlc6WBLleEtfZF/rL721gUUuIGE4FVpErdIA/fS5PvpHSp+gvnEUS+7IWXXCM3CpRrpEVso54a5YiQyoXdDMz5ZcnCGOWUZujxn3UN6DUvksVOAuvFsyDXy7cnzaQrTeUAriZckW23jxA7R+7uTJWeTiuC6rYHdOIJJlEzn5TgyP1U/8ticK26SpiNwifW0dpNg= |
|
.tiaa.org/ | Name: bm_sz Value: 676B8DE7ABEC58A8E2EFBA3DDEFC506B~YAAQbeF7XIHqftCAAQAAmjIN2A9vscDyq3y+mMFlNaUtS3VxrRuzzLDi9UerW9mylTMa8BVelYy6jyDqMFMGHLQrzquc1CBcZFXWRZcplzH4qlHnJuf7R6gnTGH/bkPb752nXAwNCy0yBrdLe65vqKr+QM3Y5VkyA7tgnaKA0T35kFommk4vWichp7Q0p1IpIIziRVk3AkcuxqbrV28sJZfJAnHOlnpWnqjzWgSulyvpP5CSuDgyhZnJ0qBLpT6OlMxz301wgWeEeEd3heUJ675maGkuLJIgvBKmUsKCg29y~3356482~4534580 |
|
.tiaa.org/ | Name: bm_sv Value: C9E7CB12D01C872B964FC59AE5CCC254~YAAQbeF7XI/qftCAAQAAkEUN2A8tyFLcCvDJOWBMoqsTg1MX2axcIpmfwiM/iouf1a+D3+cYio95Srxs0aIesEn3cKNsk62inXHJr6dQa0GFW3FBWt+qXnhgyWf9e8Oibp5B6vOBwyyH93IJDWzoVBzzRPtx1gpENVd5DM+gWUvm249XXGJinzmPRIaD6jh8EjrT1GfQ9vMBRKJO71TRYOtrFDY6p47VyHztoPBupV0f+1prqZvvFoaDjLuexw==~1 |
|
.tiaa.org/ | Name: _abck Value: B7B431D04BF3084828E0F31B9B9B9617~-1~YAAQbeF7XJPqftCAAQAAu0kN2Ae+p0pF4sq0af5pu9YBf8w6D7lHSc7MGrK5tXZ+Hqi5hTamlEbyKWTPQexFs3Zgf5M1qO373Qcv1SLTCHA0FBoa4kyFe2erGjQMt5IdBwscVAQ53AiESGKpmdhF/QflSWr3bsfhw/siIHsn6lLRW8nm+jGxVcS3HuR04s3Mv9qqD0ToXfNN3jNsNS3KGfWLTKXxASDGj7dHWmaSt33HvHDDH5yu5pl6qDSdmtRMzd/C+9AsdA0Hmtsuu0VUi+PXl4DdaTCw0g7iL9MBUd3M0QtH7p+sfcGnJWC/g3lY6FbiQLWMjT6+24m9rA7wybZIIc+9BtTyIEAg9iKvmX3rvqPKXpCvGDO6Unly6NPnmXgD4FDMsD8=~-1~||-1||~1652895764 |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | upgrade-insecure-requests |
Strict-Transport-Security | max-age=63072000; includeSubDomains |
X-Content-Type-Options | nosniff |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
auth.tiaa.org
nuveen.my.salesforce.com
104.89.26.18
13.109.184.181
1b87b941eb970a488a2d4fe99b644e63cf5f2d1afaeb5f67b63c53b982d78d9e
bef9393fcdfc7a7299c058ba2a69253c32e0964dd3e97834e17a8cdb5dce7cf6
fa43fd4073d3976c0bc94de0d58e6f81290443515528b60e80aa889fa38f80c2
fdf828be6d95d2a69bebfaff7f7eaac783d84722328c47ba623f617e78824699