cir2login.b2clogin.com
Open in
urlscan Pro
2603:1037:1:130::5
Public Scan
Effective URL: https://cir2login.b2clogin.com/cir2login.onmicrosoft.com/B2C_1A_Signin_Without_SSPR_SAML_Idp_Salesforce/generic/login?EntityId=...
Submission: On March 17 via api from US — Scanned from US
Summary
TLS certificate: Issued by DigiCert SHA2 Secure Server CA on February 7th 2024. Valid for: a year.
This is the only time cir2login.b2clogin.com was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 54.70.164.87 54.70.164.87 | 16509 (AMAZON-02) (AMAZON-02) | |
1 2 | 44.240.120.143 44.240.120.143 | 16509 (AMAZON-02) (AMAZON-02) | |
4 | 2603:1037:1:1... 2603:1037:1:130::5 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
3 | 20.209.37.66 20.209.37.66 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
8 | 3 |
ASN16509 (AMAZON-02, US)
PTR: ec2-54-70-164-87.us-west-2.compute.amazonaws.com
cir--dfsle.vf.force.com |
ASN16509 (AMAZON-02, US)
PTR: ec2-44-240-120-143.us-west-2.compute.amazonaws.com
cir.my.salesforce.com |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
cir2login.b2clogin.com |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
prodcir2sso.blob.core.windows.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
b2clogin.com
cir2login.b2clogin.com — Cisco Umbrella Rank: 410950 |
918 KB |
3 |
windows.net
prodcir2sso.blob.core.windows.net — Cisco Umbrella Rank: 550269 |
512 KB |
2 |
salesforce.com
1 redirects
cir.my.salesforce.com — Cisco Umbrella Rank: 671096 |
5 KB |
1 |
force.com
1 redirects
cir--dfsle.vf.force.com |
616 B |
8 | 4 |
Domain | Requested by | |
---|---|---|
4 | cir2login.b2clogin.com |
cir2login.b2clogin.com
|
3 | prodcir2sso.blob.core.windows.net |
cir2login.b2clogin.com
|
2 | cir.my.salesforce.com | 1 redirects |
1 | cir--dfsle.vf.force.com | 1 redirects |
8 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
usa364.sfdc-lywfpd.salesforce.com DigiCert TLS RSA SHA256 2020 CA1 |
2023-06-19 - 2024-06-18 |
a year | crt.sh |
graph.windows.net DigiCert SHA2 Secure Server CA |
2024-02-07 - 2025-02-07 |
a year | crt.sh |
*.blob.core.windows.net Microsoft Azure TLS Issuing CA 01 |
2024-01-13 - 2024-06-27 |
5 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://cir2login.b2clogin.com/cir2login.onmicrosoft.com/B2C_1A_Signin_Without_SSPR_SAML_Idp_Salesforce/generic/login?EntityId=https://cir.my.salesforce.com
Frame ID: 66655704DC75A36805855938B0ED077E
Requests: 8 HTTP requests in this frame
Screenshot
Page Title
Cambridge Log InPage URL History Show full URLs
-
https://cir--dfsle.vf.force.com/
HTTP 302
https://cir.my.salesforce.com/ HTTP 302
https://cir.my.salesforce.com/saml/authn-request.jsp?saml_request_id=_2CAAAAY7cmM9rMDAwMDAwMDAwMDAwMDAwAAA... Page URL
- https://cir2login.b2clogin.com/cir2login.onmicrosoft.com/B2C_1A_Signin_Without_SSPR_SAML_Idp_Salesforce/gen... Page URL
Detected technologies
jQuery (JavaScript Libraries) ExpandDetected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://cir--dfsle.vf.force.com/
HTTP 302
https://cir.my.salesforce.com/ HTTP 302
https://cir.my.salesforce.com/saml/authn-request.jsp?saml_request_id=_2CAAAAY7cmM9rMDAwMDAwMDAwMDAwMDAwAAAA-OjOZpLJ8MNoUaI2pdT8Gh9Gw39g1GVU69BKRGFnkS96UuYkEoXfN9-6qsmqCcEsSYH7NHeQ_g6xBnQvLbAXiYVq8YdAxxzoDZb7nieovdrbBhNRZWl87jevanB1t9X4kc7P1HQojse98fH8bwLDTJ0O472uG5plsPCb2Vpv50SJ8KQCTheZ8wWY59ByNRkDKXI-SYddWk23umczNVS_6PHZf1PxcHdbUepwnitktWas7UGO4KHynASYKY1KKsEsFg&saml_acs=https%3A%2F%2Fcir.my.salesforce.com%3Fso%3D00D4100000129cj&saml_binding_type=HttpPost&Issuer=https%3A%2F%2Fcir.my.salesforce.com&samlSsoConfig=0LE1K0000000SeL&RelayState=%2F Page URL
- https://cir2login.b2clogin.com/cir2login.onmicrosoft.com/B2C_1A_Signin_Without_SSPR_SAML_Idp_Salesforce/generic/login?EntityId=https://cir.my.salesforce.com Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://cir--dfsle.vf.force.com/ HTTP 302
- https://cir.my.salesforce.com/ HTTP 302
- https://cir.my.salesforce.com/saml/authn-request.jsp?saml_request_id=_2CAAAAY7cmM9rMDAwMDAwMDAwMDAwMDAwAAAA-OjOZpLJ8MNoUaI2pdT8Gh9Gw39g1GVU69BKRGFnkS96UuYkEoXfN9-6qsmqCcEsSYH7NHeQ_g6xBnQvLbAXiYVq8YdAxxzoDZb7nieovdrbBhNRZWl87jevanB1t9X4kc7P1HQojse98fH8bwLDTJ0O472uG5plsPCb2Vpv50SJ8KQCTheZ8wWY59ByNRkDKXI-SYddWk23umczNVS_6PHZf1PxcHdbUepwnitktWas7UGO4KHynASYKY1KKsEsFg&saml_acs=https%3A%2F%2Fcir.my.salesforce.com%3Fso%3D00D4100000129cj&saml_binding_type=HttpPost&Issuer=https%3A%2F%2Fcir.my.salesforce.com&samlSsoConfig=0LE1K0000000SeL&RelayState=%2F
8 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
authn-request.jsp
cir.my.salesforce.com/saml/ Redirect Chain
|
6 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
Primary Request
login
cir2login.b2clogin.com/cir2login.onmicrosoft.com/B2C_1A_Signin_Without_SSPR_SAML_Idp_Salesforce/generic/ |
82 KB 29 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-bundle-1.10.2.min.js
cir2login.b2clogin.com/static/bundles/ |
100 KB 100 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
custom_idpSelector_Without_SSPR.cshtml
prodcir2sso.blob.core.windows.net/cir2sso/ |
32 KB 33 KB |
XHR
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cambridgelogo.svg
prodcir2sso.blob.core.windows.net/cir2sso/ |
7 KB 7 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Background.jpg
prodcir2sso.blob.core.windows.net/cir2sso/ |
472 KB 472 KB |
Image
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
segoeui.WOFF
cir2login.b2clogin.com/static/tenant/templates/fonts/ |
399 KB 400 KB |
Font
font/x-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
segoeui_bold.WOFF
cir2login.b2clogin.com/static/tenant/templates/fonts/ |
389 KB 389 KB |
Font
font/x-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
22 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery object| CP object| SA_FIELDS object| CONTENT object| SETTINGS string| staticHost string| targetSlice string| targetDc number| initializationTimeout boolean| diagsAlways number| maxTrace function| $trace object| $diags object| $santizer object| $cors object| $i2e object| $element boolean| pageReady object| Handlebars boolean| contentReady boolean| bodyReady11 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
cir--dfsle.vf.force.com/ | Name: CookieConsentPolicy Value: 0:1 |
|
cir--dfsle.vf.force.com/ | Name: LSKey-c$CookieConsentPolicy Value: 0:1 |
|
.force.com/ | Name: BrowserId Value: gN3oGuRaEe6i13-cWw0bYg |
|
.force.com/ | Name: BrowserId_sec Value: gN3oGuRaEe6i13-cWw0bYg |
|
cir.my.salesforce.com/ | Name: CookieConsentPolicy Value: 0:1 |
|
cir.my.salesforce.com/ | Name: LSKey-c$CookieConsentPolicy Value: 0:1 |
|
.salesforce.com/ | Name: BrowserId Value: gRTWuuRaEe6CUAWRqCOErQ |
|
.salesforce.com/ | Name: BrowserId_sec Value: gRTWuuRaEe6CUAWRqCOErQ |
|
.cir2login.b2clogin.com/ | Name: x-ms-cpim-csrf Value: STZvVk9KV211RHk4azFOY1hnQ0E0SlN6bTlzR1M4SGdKYjd4T0Q4Q29ibjNmNzdsMGVvVmNRcHVBcmkwNkx4aGxKcG9mN1BmWnFMTm4rSFlTTFZoNHc9PTsyMDI0LTAzLTE3VDEyOjMzOjA4LjI1OTE1ODRaO2VxMUFtNWg2ZTYyQ1JXMkg2bUJWcEE9PTt7Ik9yY2hlc3RyYXRpb25TdGVwIjoxfQ== |
|
.cir2login.b2clogin.com/ | Name: x-ms-cpim-cache|p6ijamb1d0mdtddmnhvokq_0 Value: m1.SQEloAOGUb8Dex6V.tsdLj/bYc/H4NLaefY88uw==.0.+Rz7reMjIt9LsGDIKz5ZOc99uO4GnLCfJKwJ2PEY9qmEfy8KqbtiVmcxRVeuze3PyXSCwQ87wk97PqkO9Ql7VWzC4eNSDNFrenP8LdPai5+R938XZr2yenyXlMkGC7p89+xCJq0Lt3g+ynBC7vgz+zns9YeS8zr4kQ4oX1+BuDIS3ylDZ2kkPAGF1C2n1UBqV/TolXVjbpNwJPU3ZWewIWOTua7R0OxfQvmQp9dMXLRag8he18rboFRG5XRK2H8sYYpZuKdYOMiUGByqOX1b88l6KyihQmCkuKtaGyFZSxULD1/lIcjBhTc/15rpI/P018mwVqr/cyusQagbQJU3IpP6q5fmNmbJ5a5hMTVFGF8JDBwcN91tcwrFGZSZBOgmHeA6wqZDt+HIfvVe+y3POkJtIQsP8jdChrLCgqJjimRT6dfrfeq8Kacfj9BuSWxctsW37fWQWX3Z46/i74hacogflWMqOFHHvEKZ9XX6WRlbz/15H0gJ6xXgDLCzD+qw8iI296asqlLPDVjbfoF6x1M8lx5ZuTJdXysIQ988WORRXtdb02AIPrL6E57AGtn87+DfIyyARf1iOLDWHHjqsxpF/EEzcnZRfRRCZHxGpMX5+JGJXo70kPFdY9FOYM/K6ogG7uMXsTpWYM7zth7wA4z7ot8wqYXaBn7g0mWPH38Mbj6ikLFH2fCqdPcJf9Uk+iQFpsU0Xi3ilcjXtRknFDLSkFRldb+iLMYZfT8x2uQHvpV1Mw2/8+1qVVXxFI3ozChw2yPuguZKhPea/uD/MHlPGPM= |
|
.cir2login.b2clogin.com/ | Name: x-ms-cpim-trans Value: eyJUX0RJQyI6W3siSSI6IjAwYTNhOGE3LWY1YzYtNDkwZi05ZDRjLTM3NjY5ZTFiY2U5MSIsIlQiOiJjaXIybG9naW4ub25taWNyb3NvZnQuY29tIiwiUCI6IkIyQ18xQV9TaWduaW5fV2l0aG91dF9TU1BSX1NBTUxfSWRwX1NhbGVzZm9yY2UiLCJDIjoiODZmYjYyZGYtNzRiYy00ZjE3LTg4MGItNDc4ZDQ0YTNjZWFmIiwiUyI6MSwiTSI6e30sIkQiOjAsIkUiOiJodHRwczovL2Npci5teS5zYWxlc2ZvcmNlLmNvbSJ9XSwiQ19JRCI6IjAwYTNhOGE3LWY1YzYtNDkwZi05ZDRjLTM3NjY5ZTFiY2U5MSJ9 |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | upgrade-insecure-requests |
Strict-Transport-Security | max-age=63072000; includeSubDomains |
X-Content-Type-Options | nosniff |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cir--dfsle.vf.force.com
cir.my.salesforce.com
cir2login.b2clogin.com
prodcir2sso.blob.core.windows.net
20.209.37.66
2603:1037:1:130::5
44.240.120.143
54.70.164.87
01fd91e1d22f75cf9af8f478b0edb0f78d52c9069e9d7e6b566b4d44d76f86ba
2f5a484619800aca399402b488c93d7a2d4e3d93dadfe05966cf56e57ef14de3
7fba89da5e63a6ab5e138c7fc2ae7f70d97081c4117b7a97814155b1ad220ef6
85b46e8d14cc144f2e94d660deebd04c7f703a9a2f86c8e22eb7aebe6a35c2fe
a035f5bc873960a65bcb6493b4d18782247a5a5d8cad443d297c853b09ea7bb4
b6042231476473cd446768f85add8d8d63162d88cd5113a7d6c2398a0406320c
d67cf35acfee5772a089548cd07350dd574ae23059c6be5a189dc9447d12f115
f9dae63354f5905bd27f301d0ac3299a77ca7fd4136c47cfd40edb6ac29f71c4