![](/screenshots/85666bf4-a020-4db1-900d-4aa65cde79de.png)
auth.tiaa.org
Open in
urlscan Pro
104.90.154.61
Public Scan
Effective URL: https://auth.tiaa.org/idp/SSO.saml2?SAMLRequest=jZJbc6owFIX%2FCpN3ENG2mCl2uHjhHKipAbW%2BOIgBkUskCVb99aX1dKbnPHTOnslDZu...
Submission: On February 16 via api from US — Scanned from DE
Summary
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on January 24th 2022. Valid for: 9 months.
This is the only time auth.tiaa.org was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 3 | 13.110.0.55 13.110.0.55 | 14340 (SALESFORCE) (SALESFORCE) | |
6 | 104.90.154.61 104.90.154.61 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
6 | 1 |
ASN14340 (SALESFORCE, US)
PTR: dcl1-ncg0-phx3.na84-ph2.my.salesforce.com
tiaa-cref.my.salesforce.com |
ASN16625 (AKAMAI-AS, US)
PTR: a104-90-154-61.deploy.static.akamaitechnologies.com
auth.tiaa.org |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
tiaa.org
auth.tiaa.org — Cisco Umbrella Rank: 136000 |
27 KB |
3 |
salesforce.com
3 redirects
tiaa-cref.my.salesforce.com |
4 KB |
6 | 2 |
Domain | Requested by | |
---|---|---|
6 | auth.tiaa.org |
auth.tiaa.org
|
3 | tiaa-cref.my.salesforce.com | 3 redirects |
6 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.tiaa.org DigiCert SHA2 Extended Validation Server CA |
2022-01-24 - 2022-10-22 |
9 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://auth.tiaa.org/idp/SSO.saml2?SAMLRequest=jZJbc6owFIX%2FCpN3ENG2mCl2uHjhHKipAbW%2BOIgBkUskCVb99aX1dKbnPHTOnslDZu%2BstWbne3w6l4V0IoxntDJAV1GBRKqY7rIqNUAYjGUdPA0feVQWR2g2Yl%2FNSd0QLqT2XcXhZ8MADasgjXjGYRWVhEMRQ2z6HtQUFR4ZFTSmBZBMzgkTrZFNK96UhGHCTllMwrlngL0QRw47HZFFkRwzkijlReFRQXhCWUyUmJZPnBqq6uzUWxFCMiA5bZisisRn%2Fi%2BRqE2qfCgplKWdbHfsYDxTPsJqQHIdA2w022xrJYf5ODj4jvn27%2FloP0wZshAPeRo%2Fcz9mLnY8N7rgUE%2BsszsV%2BXTkk5qst3r%2FqB96tscynYrUdMvTAiUj5NYp3qb1uVceRC4afbIanJpX%2FoB%2Bm7NNr1dcR%2F44S2J214yxr7JLU6z6S%2F1VDy5rXCyv2CGbWZIgVFekHgx2nr4lEx%2BHm6WFrGN%2FMXLvooH%2BaicPeOOTube2Zii2i4MX9Jx0ldw3ee0GG6q%2FpOqkmdi4%2ByvYXiNkhvuFNdF4%2FjZ9tvPxyxmn1r4ow%2F26DHfL%2FEBl74yZH1%2F387d2W5w3xK24iCphAE3VNFnV5O59oHWhOoBaV%2Bn3tDWQ0J9vtrLqBs9PTGxvQxxOgwDJaIYDIC2%2BIGwHwA05%2BGnOvrH2s2z0BRgY%2FgdOj51vHsPb7W%2FIh%2B8%3D&RelayState=%2Fsetup%2Femailverif%3Foid%3D00Dd0000000eeei%26k%3DCj4KNQoPMDBEZDAwMDAwMDBlZWVpEg8wMkcwQjAwMDAwMEREbjgaDzAwNWQwMDAwMDAwa2ljbiAFGO6zs5vwLxIQ6c2F03nU_0kBUayNuRr6FxoMl4FuGRB9Rfu3giZLImYtiUdFL6nDuj-MAm-S55WTQozenglmUZNPfRc4mpfx18jRaoNGPBMehuFGO_N7U9eu8kY5JgKXNwdLUg7mGqIPJ5pyiLC2IcWtJrk3jAFMLD3zpuY4We_dFqx9rKFp1AKWD3eg7Cg%253D&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=gSJ8a5zHcURAeBIIxEagvMuiC3W8gkhJWiWHaPWSSGj%2FLOORQkBzOWn%2FoUjYyKjrg1Y4woeUPXWu%2FTCIXSx%2Fzv8grpZKxlyJ%2FbkskMoDTbPKq7eVYTidN0WW8TlVuSnpE%2Bul3Wq96C4zv0BpzrzW6Sh8w9kRLYVz%2FGf7aMKTVDxYWZQV7xQ9ZJDrhnaGJXRZ0fUfRTrMX%2FyBcOaQlg1%2FVvwfvlsbGE86XWyvNovNj4AjfhuQIGTDIOL5OV2yx1pJXk8gK9qcWqihbDL9xC1%2BSiJc1FVbIQs%2FwNii5ENy%2FMx0VwAB9Q%2Bxdemj%2F23QuJpiF9rrsKy70zzILoozpD6Z8w%3D%3D
Frame ID: 784CBCB611FB6EE9F3A86DAC5DC66B36
Requests: 6 HTTP requests in this frame
Screenshot
![](/screenshots/85666bf4-a020-4db1-900d-4aa65cde79de.png)
Page Title
Select Authentication SystemPage URL History Show full URLs
-
https://tiaa-cref.my.salesforce.com/setup/emailverif?oid=00Dd0000000eeei&k=Cj4KNQoPMDBEZDAwMDAwMDBlZWVpEg8wMkcwQ...
HTTP 302
https://tiaa-cref.my.salesforce.com/?startURL=%2Fsetup%2Femailverif%3Foid%3D00Dd0000000eeei%26k%3DCj4KNQoPMDBEZD... HTTP 302
https://tiaa-cref.my.salesforce.com/saml/authn-request.jsp?saml_request_id=_2CAAAAX-UkFTjMDAwMDAwMDAwMDAwMDAwAAA... HTTP 302
https://auth.tiaa.org/idp/SSO.saml2?SAMLRequest=jZJbc6owFIX%2FCpN3ENG2mCl2uHjhHKipAbW%2BOIgBkUskCV... Page URL
Detected technologies
Detected patterns
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://tiaa-cref.my.salesforce.com/setup/emailverif?oid=00Dd0000000eeei&k=Cj4KNQoPMDBEZDAwMDAwMDBlZWVpEg8wMkcwQjAwMDAwMEREbjgaDzAwNWQwMDAwMDAwa2ljbiAFGO6zs5vwLxIQ6c2F03nU_0kBUayNuRr6FxoMl4FuGRB9Rfu3giZLImYtiUdFL6nDuj-MAm-S55WTQozenglmUZNPfRc4mpfx18jRaoNGPBMehuFGO_N7U9eu8kY5JgKXNwdLUg7mGqIPJ5pyiLC2IcWtJrk3jAFMLD3zpuY4We_dFqx9rKFp1AKWD3eg7Cg%3D
HTTP 302
https://tiaa-cref.my.salesforce.com/?startURL=%2Fsetup%2Femailverif%3Foid%3D00Dd0000000eeei%26k%3DCj4KNQoPMDBEZDAwMDAwMDBlZWVpEg8wMkcwQjAwMDAwMEREbjgaDzAwNWQwMDAwMDAwa2ljbiAFGO6zs5vwLxIQ6c2F03nU_0kBUayNuRr6FxoMl4FuGRB9Rfu3giZLImYtiUdFL6nDuj-MAm-S55WTQozenglmUZNPfRc4mpfx18jRaoNGPBMehuFGO_N7U9eu8kY5JgKXNwdLUg7mGqIPJ5pyiLC2IcWtJrk3jAFMLD3zpuY4We_dFqx9rKFp1AKWD3eg7Cg%253D&login_hint=csegal%40tiaachatter.org&ec=302&sdtd=1 HTTP 302
https://tiaa-cref.my.salesforce.com/saml/authn-request.jsp?saml_request_id=_2CAAAAX-UkFTjMDAwMDAwMDAwMDAwMDAwAAAA7HrPBPsUsgcNsMcrISDLIaySU8fBxIHtkHEMeqeZb84p8j3CLri8otgAImvVPfEPIqgSbgqx3mjtktu8GX9vuYs7PKAO_33lzEMFifcr5uFSM0ryulX4W8Y8TyZSlWzSDe_OffPPqneq99dL8beGMSU_WBPBp4VEI5a98YCf7S_MeRLZBOPcCljLT3DgXf6ukqIT_o8Qg0GuGCS1JTbzaPAUhVBG2skwHNCkFQxSgBhlmUhZmUdWkjo-LxSrMczhRw&saml_acs=https%3A%2F%2Ftiaa-cref.my.salesforce.com%3Fso%3D00Dd0000000eeei&saml_binding_type=HttpRedirect&Issuer=https%3A%2F%2Ftiaa-cref.my.salesforce.com&samlSsoConfig=0LE0B000000PB6j&RelayState=%2Fsetup%2Femailverif%3Foid%3D00Dd0000000eeei%26k%3DCj4KNQoPMDBEZDAwMDAwMDBlZWVpEg8wMkcwQjAwMDAwMEREbjgaDzAwNWQwMDAwMDAwa2ljbiAFGO6zs5vwLxIQ6c2F03nU_0kBUayNuRr6FxoMl4FuGRB9Rfu3giZLImYtiUdFL6nDuj-MAm-S55WTQozenglmUZNPfRc4mpfx18jRaoNGPBMehuFGO_N7U9eu8kY5JgKXNwdLUg7mGqIPJ5pyiLC2IcWtJrk3jAFMLD3zpuY4We_dFqx9rKFp1AKWD3eg7Cg%253D HTTP 302
https://auth.tiaa.org/idp/SSO.saml2?SAMLRequest=jZJbc6owFIX%2FCpN3ENG2mCl2uHjhHKipAbW%2BOIgBkUskCVb99aX1dKbnPHTOnslDZu%2BstWbne3w6l4V0IoxntDJAV1GBRKqY7rIqNUAYjGUdPA0feVQWR2g2Yl%2FNSd0QLqT2XcXhZ8MADasgjXjGYRWVhEMRQ2z6HtQUFR4ZFTSmBZBMzgkTrZFNK96UhGHCTllMwrlngL0QRw47HZFFkRwzkijlReFRQXhCWUyUmJZPnBqq6uzUWxFCMiA5bZisisRn%2Fi%2BRqE2qfCgplKWdbHfsYDxTPsJqQHIdA2w022xrJYf5ODj4jvn27%2FloP0wZshAPeRo%2Fcz9mLnY8N7rgUE%2BsszsV%2BXTkk5qst3r%2FqB96tscynYrUdMvTAiUj5NYp3qb1uVceRC4afbIanJpX%2FoB%2Bm7NNr1dcR%2F44S2J214yxr7JLU6z6S%2F1VDy5rXCyv2CGbWZIgVFekHgx2nr4lEx%2BHm6WFrGN%2FMXLvooH%2BaicPeOOTube2Zii2i4MX9Jx0ldw3ee0GG6q%2FpOqkmdi4%2ByvYXiNkhvuFNdF4%2FjZ9tvPxyxmn1r4ow%2F26DHfL%2FEBl74yZH1%2F387d2W5w3xK24iCphAE3VNFnV5O59oHWhOoBaV%2Bn3tDWQ0J9vtrLqBs9PTGxvQxxOgwDJaIYDIC2%2BIGwHwA05%2BGnOvrH2s2z0BRgY%2FgdOj51vHsPb7W%2FIh%2B8%3D&RelayState=%2Fsetup%2Femailverif%3Foid%3D00Dd0000000eeei%26k%3DCj4KNQoPMDBEZDAwMDAwMDBlZWVpEg8wMkcwQjAwMDAwMEREbjgaDzAwNWQwMDAwMDAwa2ljbiAFGO6zs5vwLxIQ6c2F03nU_0kBUayNuRr6FxoMl4FuGRB9Rfu3giZLImYtiUdFL6nDuj-MAm-S55WTQozenglmUZNPfRc4mpfx18jRaoNGPBMehuFGO_N7U9eu8kY5JgKXNwdLUg7mGqIPJ5pyiLC2IcWtJrk3jAFMLD3zpuY4We_dFqx9rKFp1AKWD3eg7Cg%253D&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=gSJ8a5zHcURAeBIIxEagvMuiC3W8gkhJWiWHaPWSSGj%2FLOORQkBzOWn%2FoUjYyKjrg1Y4woeUPXWu%2FTCIXSx%2Fzv8grpZKxlyJ%2FbkskMoDTbPKq7eVYTidN0WW8TlVuSnpE%2Bul3Wq96C4zv0BpzrzW6Sh8w9kRLYVz%2FGf7aMKTVDxYWZQV7xQ9ZJDrhnaGJXRZ0fUfRTrMX%2FyBcOaQlg1%2FVvwfvlsbGE86XWyvNovNj4AjfhuQIGTDIOL5OV2yx1pJXk8gK9qcWqihbDL9xC1%2BSiJc1FVbIQs%2FwNii5ENy%2FMx0VwAB9Q%2Bxdemj%2F23QuJpiF9rrsKy70zzILoozpD6Z8w%3D%3D Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
6 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
SSO.saml2
auth.tiaa.org/idp/ Redirect Chain
|
4 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.css
auth.tiaa.org/assets/css/ |
8 KB 3 KB |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sIR1M
auth.tiaa.org/0x1WBHtkNE3XNSczEUrIok98/wE7EQ0OE/el0ZAQ/XkF7VS/ |
74 KB 19 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
sIR1M
auth.tiaa.org/0x1WBHtkNE3XNSczEUrIok98/wE7EQ0OE/el0ZAQ/XkF7VS/ |
18 B 674 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
sIR1M
auth.tiaa.org/0x1WBHtkNE3XNSczEUrIok98/wE7EQ0OE/el0ZAQ/XkF7VS/ |
18 B 664 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
sIR1M
auth.tiaa.org/0x1WBHtkNE3XNSczEUrIok98/wE7EQ0OE/el0ZAQ/XkF7VS/ |
18 B 655 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
13 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| structuredClone object| _ac object| _cf object| bmak number| bm_counter object| bm_script undefined| scripts string| bm_url object| url_split string| obfus_state_field string| state_field_str string| _sd_trace function| op13 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
tiaa-cref.my.salesforce.com/ | Name: CookieConsentPolicy Value: 0:1 |
|
tiaa-cref.my.salesforce.com/ | Name: LSKey-c$CookieConsentPolicy Value: 0:1 |
|
.salesforce.com/ | Name: BrowserId Value: tcMHl49sEeyEJcHllr2jKw |
|
.salesforce.com/ | Name: BrowserId_sec Value: tcMHl49sEeyEJcHllr2jKw |
|
auth.tiaa.org/ | Name: PF Value: lxpF5yKakoCTWPdfF8IGQN |
|
auth.tiaa.org/ | Name: BIGipServerpool_publictools-ha-federation_9030_prod-b Value: 1344310538.17955.0000 |
|
auth.tiaa.org/ | Name: BIGipServerpool_origin-auth-ha_7700_prod-b Value: 755272970.5150.0000 |
|
auth.tiaa.org/ | Name: tiaa_dc Value: nch1 |
|
auth.tiaa.org/ | Name: TS010984ce Value: 0197343aabfb43b82939abf63990b6a9e6552dff526bcc13f72545fc6ef2b1df6cf83f85b719c18daf2b865f5b227aa2a7795d3220230174895efd5effc9c524ade1b55b0939e91e2cb02d4f67787cd12697c413e9e6e9d4a089fe8df354462218b9940b67f0ce78da4e88e347545085a375f6b923 |
|
.tiaa.org/ | Name: ak_bmsc Value: 5CFC027EE12A00AE55C0F55947941116~000000000000000000000000000000~YAAQZ01lX9Ifle5+AQAA90heBA4dJGsVvCRo/K5AYKtCNs48/1tmI0CmkT6AUsO78BWhX3Q1K3mSs3EOVF91dqF+IR0hdPDJjWyVZn2oD2wrc9kDQgMWHJntzYwoKa4lP0SfNbmIb+3KFfNvb1/YvkXRv/MBYkoKl6e8FuhnJO8DGd6I7soiRe9hYnFj9vQu0QvHvYlOTVKbFx8NboHqfQ5TrXCZ99VPddIS2lOZZx/hb7H7ERjvCxHxCPy+AQzuAXpR+MDSe68bY8Y0Zo7rNeYxYbD4CEXLRQ07DajWNr7MtY/OI8D0/94mDS2lDqlWK/8ismaixGc4kIZA7l6UtrPu1g9X4Y6hGbcUQE1cNL9gkLw5cmua0MwjCcr/Gdn3B01i+aV7yA== |
|
.tiaa.org/ | Name: bm_sz Value: DE069550D05CE9C15D712A08B60A4BED~YAAQZ01lX9Mfle5+AQAA90heBA5bWIWRwHhCFf+aCqGf6QKOo0PUqOLAVOIYParJrdbpDPxxuj3BV7PNxjT+8/v+o2bwA85q3zBjPW9ET10jnooJAbUfn/Rr3Rcbwbi/sq6HNEiu9wbSR3yVk2Nad9YAcWLvBO/ClB6sCqOJoJez9k6aCDJNmoUGHn8mzaGF0ZhUVY9hIxVuNYhAUueDrGA5oe7AEKfDwTTDxwJHLmFPFvDgjmwsvX6XSsiGzAnK8UVxl/obCZ/aOPcPcUeRIYUWscIwaZoPVVASdr3SpJHm~3359028~3553078 |
|
.tiaa.org/ | Name: bm_sv Value: 6526276F1770C1E6879C19185004B541~yL7vjCTWzWBDbCyePv7rY8JHvDdg1I6mYsFCTx9LHROi+hC2F4SYoShKw3WVkQnXV/Oa37/MaGyo7ngtJhMVcAg81hY/vFNdsMg777wiL+oWz26mCaOGRxWtpvE7IItPpLF4ipYRelS8tfg6TT4lWg== |
|
.tiaa.org/ | Name: _abck Value: 738428B798DD681D59F1647D1D2F5456~-1~YAAQZ01lX9cfle5+AQAA6GNeBAc5OPGcU3o8AXAGwgblMDs6HEW4UYPr92gNwCKqN85/zRrfaKinM1Uru+PSlPS5E0GQD0OkQ/tub8gmsbQYANZ4q+repqwTdrheheH9ftxAZbgs2FYgElr1hEEdv4lQ+UBNjwCjVqNb274lugVMHOZQID/eEP2OyxsCr8mFMiqwisI2pmBwfDMHCNocpMmn71riONSMFLk0eABD4idJ3SOiEwRkIc5vfrrzqdfb7L4BEhv+h+0MoXT5+loaG8F/LHexIuD34EL1RZMvUgZnUOrh60XSYnurbOAAB31AxQIm8KBoOPEsA9uF0jL0Atqic5vYPveSw+o0KEvZeFhtPVrgJVH+IxEzjP8NF5e3BluNnmSySGk=~-1~-1~1645049314 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
auth.tiaa.org
tiaa-cref.my.salesforce.com
104.90.154.61
13.110.0.55
6127fb513ebc937a612b1ae5fe279a21b1fdfb699fdfc40ad52c6d728647764d
bef9393fcdfc7a7299c058ba2a69253c32e0964dd3e97834e17a8cdb5dce7cf6
cd363a92c15260d2f5ee47445316aa6adbbe8e819b7557387368ef680c6a9cfd
d28fcb63f244f9fc0347fc8efaaa91ccc5b6c0f63a94281e826d4e4329dce19a