2u.onelogin.com
Open in
urlscan Pro
18.216.23.70
Public Scan
Effective URL: https://2u.onelogin.com/login2/?return=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmkiOiJodHRwczovLzJ1Lm9uZWxvZ2luLmNvbS90...
Submission: On June 03 via api from US
Summary
TLS certificate: Issued by COMODO RSA Domain Validation Secure S... on June 6th 2017. Valid for: 3 years.
This is the only time 2u.onelogin.com was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 | 13.110.66.49 13.110.66.49 | 14340 (SALESFORCE) (SALESFORCE) | |
1 1 | 18.216.23.72 18.216.23.72 | 16509 (AMAZON-02) (AMAZON-02) | |
2 8 | 18.216.23.70 18.216.23.70 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 2a00:1450:400... 2a00:1450:4001:821::200a | 15169 (GOOGLE) (GOOGLE) | |
3 | 13.224.95.117 13.224.95.117 | 16509 (AMAZON-02) (AMAZON-02) | |
3 | 2600:9000:20e... 2600:9000:20eb:7600:18:b15c:ee80:93a1 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 2a00:1450:400... 2a00:1450:4001:81e::2003 | 15169 (GOOGLE) (GOOGLE) | |
16 | 7 |
ASN14340 (SALESFORCE, US)
PTR: dcl3-ncg1-c6-iad5.na123-ia5.my.salesforce.com
2u-corp-pmx.my.salesforce.com |
ASN16509 (AMAZON-02, US)
PTR: ec2-18-216-23-72.us-east-2.compute.amazonaws.com
app.onelogin.com |
ASN16509 (AMAZON-02, US)
PTR: ec2-18-216-23-70.us-east-2.compute.amazonaws.com
2u.onelogin.com |
ASN16509 (AMAZON-02, US)
PTR: server-13-224-95-117.zrh50.r.cloudfront.net
cdn.onelogin.com |
ASN16509 (AMAZON-02, US)
web-login-v2-cdn.onelogin.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
15 |
onelogin.com
3 redirects
app.onelogin.com 2u.onelogin.com cdn.onelogin.com web-login-v2-cdn.onelogin.com |
1 MB |
2 |
salesforce.com
2u-corp-pmx.my.salesforce.com |
7 KB |
1 |
gstatic.com
fonts.gstatic.com |
11 KB |
1 |
googleapis.com
fonts.googleapis.com |
773 B |
16 | 4 |
Domain | Requested by | |
---|---|---|
8 | 2u.onelogin.com |
2 redirects
2u-corp-pmx.my.salesforce.com
2u.onelogin.com web-login-v2-cdn.onelogin.com cdn.onelogin.com |
3 | web-login-v2-cdn.onelogin.com |
2u.onelogin.com
|
3 | cdn.onelogin.com |
2u.onelogin.com
|
2 | 2u-corp-pmx.my.salesforce.com |
2u-corp-pmx.my.salesforce.com
|
1 | fonts.gstatic.com | |
1 | fonts.googleapis.com |
2u.onelogin.com
|
1 | app.onelogin.com | 1 redirects |
16 | 7 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.onelogin.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.my.salesforce.com DigiCert SHA2 Secure Server CA |
2017-12-03 - 2020-12-02 |
3 years | crt.sh |
*.onelogin.com COMODO RSA Domain Validation Secure Server CA |
2017-06-06 - 2020-06-05 |
3 years | crt.sh |
upload.video.google.com GTS CA 1O1 |
2020-05-05 - 2020-07-28 |
3 months | crt.sh |
cdn.onelogin.com Amazon |
2020-05-31 - 2021-06-30 |
a year | crt.sh |
*.gstatic.com GTS CA 1O1 |
2020-05-05 - 2020-07-28 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://2u.onelogin.com/login2/?return=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmkiOiJodHRwczovLzJ1Lm9uZWxvZ2luLmNvbS90cnVzdC9zYW1sMi9odHRwLXBvc3Qvc3NvLzM3MjE4Mj9zYW1sX3JlcXVlc3RfcGFyYW1zX3Rva2VuPWY5N2ZiNjgwNDIuNDQ3ZmRmZTAwNzFmNjRhYTllODUzZTQyMjAzMmU0ZGEyOTU5N2UxMC5PbXNqNE1qYUZLczJFQnJ0M1NyYXRsZHpaZnFnU3ZIZl9QMFh3aUNBamt3JTNEIiwibm90aWZpY2F0aW9uIjp7Im1lc3NhZ2UiOiJDb25uZWN0aW5nIHRvIEFwcGxpY2F0aW9uIiwiaWNvbiI6ImNvbm5lY3Rpb24iLCJ0eXBlIjoiaW5mbyJ9LCJpc3MiOiJNT05PUkFJTCIsImF1ZCI6IkFDQ0VTUyIsImV4cCI6MTU5MTIxODYwMSwicGFyYW1zIjp7fSwibWV0aG9kIjoiZ2V0In0.LpLCo2N04_2kf9LE2TfMf3UbEkDcIjGS8mvSKmKHjss
Frame ID: 771026B05640A672C1F7B0270CD57D78
Requests: 17 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://2u-corp-pmx.my.salesforce.com/articles/FAQ/How-do-I-Clear-Browser-Cookies-and-Cache Page URL
- https://2u-corp-pmx.my.salesforce.com/saml/authn-request.jsp?saml_request_id=_2CAAAAXMMNER0ME8wM3QwMDAwMDA4T0k3AAA... Page URL
-
https://app.onelogin.com/trust/saml2/http-post/sso/372182
HTTP 307
https://2u.onelogin.com/trust/saml2/http-post/sso/372182 Page URL
-
https://2u.onelogin.com/trust/saml2/http-post/sso/372182
HTTP 302
https://2u.onelogin.com/login HTTP 302
https://2u.onelogin.com/login2/?return=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmkiOiJodHRwczovLzJ1... Page URL
Detected technologies
Google Font API (Font Scripts) ExpandDetected patterns
- html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i
Page Statistics
3 Outgoing links
These are links going to different origins than the main page.
Title: Powered by OneLogin
Search URL Search Domain Scan URL
Title: Terms
Search URL Search Domain Scan URL
Title: Privacy Policy
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://2u-corp-pmx.my.salesforce.com/articles/FAQ/How-do-I-Clear-Browser-Cookies-and-Cache Page URL
- https://2u-corp-pmx.my.salesforce.com/saml/authn-request.jsp?saml_request_id=_2CAAAAXMMNER0ME8wM3QwMDAwMDA4T0k3AAAA3pvCFDXtohoFQifO7HvNASVEmaLKWcC1UHv-f1tjqUXsuwvuLy7UeSgnaonIQCtqs2_PWgp3rNGAw_sUrfxIHDmveru0CcwtBK8uj6wIUosjcXw2j2VA5uB-dvYUDHs2j27iFITbMJQGJxD0kJ3cfbnG0qgck3kroW6PMHc0RW31ukq6fiWv6vkvWFskPjR25khP-5Y1ghpgQMkRKnoN1_adTya7RfgHAyiNK7cDedJSeu6PKpeclBfJkBqN0x9mMQ&saml_acs=https%3A%2F%2F2u-corp-pmx.my.salesforce.com%3Fso%3D00Dd0000000iKQA&saml_binding_type=HttpPost&Issuer=https%3A%2F%2Fsaml.salesforce.com&samlSsoConfig=0LEd0000000Kynw&RelayState=%2Farticles%2FFAQ%2FHow-do-I-Clear-Browser-Cookies-and-Cache Page URL
-
https://app.onelogin.com/trust/saml2/http-post/sso/372182
HTTP 307
https://2u.onelogin.com/trust/saml2/http-post/sso/372182 Page URL
-
https://2u.onelogin.com/trust/saml2/http-post/sso/372182
HTTP 302
https://2u.onelogin.com/login HTTP 302
https://2u.onelogin.com/login2/?return=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmkiOiJodHRwczovLzJ1Lm9uZWxvZ2luLmNvbS90cnVzdC9zYW1sMi9odHRwLXBvc3Qvc3NvLzM3MjE4Mj9zYW1sX3JlcXVlc3RfcGFyYW1zX3Rva2VuPWY5N2ZiNjgwNDIuNDQ3ZmRmZTAwNzFmNjRhYTllODUzZTQyMjAzMmU0ZGEyOTU5N2UxMC5PbXNqNE1qYUZLczJFQnJ0M1NyYXRsZHpaZnFnU3ZIZl9QMFh3aUNBamt3JTNEIiwibm90aWZpY2F0aW9uIjp7Im1lc3NhZ2UiOiJDb25uZWN0aW5nIHRvIEFwcGxpY2F0aW9uIiwiaWNvbiI6ImNvbm5lY3Rpb24iLCJ0eXBlIjoiaW5mbyJ9LCJpc3MiOiJNT05PUkFJTCIsImF1ZCI6IkFDQ0VTUyIsImV4cCI6MTU5MTIxODYwMSwicGFyYW1zIjp7fSwibWV0aG9kIjoiZ2V0In0.LpLCo2N04_2kf9LE2TfMf3UbEkDcIjGS8mvSKmKHjss Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 2- https://app.onelogin.com/trust/saml2/http-post/sso/372182 HTTP 307
- https://2u.onelogin.com/trust/saml2/http-post/sso/372182
16 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Cookie set
How-do-I-Clear-Browser-Cookies-and-Cache
2u-corp-pmx.my.salesforce.com/articles/FAQ/ |
2 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
authn-request.jsp
2u-corp-pmx.my.salesforce.com/saml/ |
7 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
372182
2u.onelogin.com/trust/saml2/http-post/sso/ Redirect Chain
|
7 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
/
2u.onelogin.com/login2/ Redirect Chain
|
3 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
5 KB 773 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
onelogin-vigilance.min.js
cdn.onelogin.com/ |
361 KB 362 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vendor73d5c36158503229be9a5c758ef0999c2345157c.js
web-login-v2-cdn.onelogin.com/login2/ |
177 KB 56 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
intl73d5c36158503229be9a5c758ef0999c2345157c.js
web-login-v2-cdn.onelogin.com/login2/ |
44 KB 13 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app73d5c36158503229be9a5c758ef0999c2345157c.js
web-login-v2-cdn.onelogin.com/login2/ |
2 MB 539 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
auth
2u.onelogin.com/access/ |
1 KB 2 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
branding.json
2u.onelogin.com/api/v1/ |
2 KB 3 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
nonce
2u.onelogin.com/access/ |
128 B 659 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ae3de26a2b6913b8b37e7f932f3b1cd8ef37857e.png
cdn.onelogin.com/images/brands/logos/login/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
e68f14a890296eaf277d66d1f60208698b19a7bf.jpg
cdn.onelogin.com/images/brands/backgrounds/login/ |
484 KB 485 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v20/ |
11 KB 11 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
nonce_verify
2u.onelogin.com/access/ |
63 B 695 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
15 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate object| thisdata function| webpackJsonp object| IntlPolyfill object| core object| __core-js_shared__ object| global object| System function| asap function| Observable function| setImmediate function| clearImmediate object| regeneratorRuntime boolean| _babelPolyfill1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
2u.onelogin.com/ | Name: sub_session_onelogin.com Value: BAh7CCIfYnJvd3Nlcl92ZXJpZmljYXRpb25fdG9rZW4iRTNhNWZlNmUxNTUxZmVmN2YxYTkzMmRmYTI1MTM5MWIyZTNhODVmNzgxZjc3NDdmNjRiZDZkNTYxNmJkYzNkYzY6DnJldHVybl90byIBtWh0dHBzOi8vMnUub25lbG9naW4uY29tL3RydXN0L3NhbWwyL2h0dHAtcG9zdC9zc28vMzcyMTgyP3NhbWxfcmVxdWVzdF9wYXJhbXNfdG9rZW49Zjk3ZmI2ODA0Mi40NDdmZGZlMDA3MWY2NGFhOWU4NTNlNDIyMDMyZTRkYTI5NTk3ZTEwLk9tc2o0TWphRktzMkVCcnQzU3JhdGxkelpmcWdTdkhmX1AwWHdpQ0Fqa3clM0Q6D3Nlc3Npb25faWQiKTRiMTFiZGZiLWRlYTgtNGI2Zi1iYmI1LWQzNmQzMDRkNmU2OQ%3D%3D--e9d699a658d1c553207b94d12edb5f858658d5ef |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31536002; includeSubDomains |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
2u-corp-pmx.my.salesforce.com
2u.onelogin.com
app.onelogin.com
cdn.onelogin.com
fonts.googleapis.com
fonts.gstatic.com
web-login-v2-cdn.onelogin.com
13.110.66.49
13.224.95.117
18.216.23.70
18.216.23.72
2600:9000:20eb:7600:18:b15c:ee80:93a1
2a00:1450:4001:81e::2003
2a00:1450:4001:821::200a
034b11c0395a807730f997b0dc72fc806150e45cf3bc13783d50b01a8aaf0792
0a9febe71475578c520802a11d22ba8f9c5a99245883894e2a3ca7fbdedce008
24d0f1a6204054b74fca7e28b53d0cf6128a6285956a758365d5b46f005f4279
2b5ef628b0372e608ccff13d79961f463c9368cb3966df0f8d048c7740529119
3a6d674fc37c523470f3447cc9f4e30df82addc5a83beaefe324a4c317cf90d8
3c6a944bde80428fa7d39994335aee2b045ad37d97d8aec99e590afbc95c801c
43f2734bc3320bac86cdb7134b71ad42969d326200ebcac9f18c0971deeeb1f3
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
61c17a0a43e3bb49fe83c952eabf3eefa28f66c4e75ac0fc136b93539f9cb066
6e2edadb5e50825ca8ded82275599a2ca7736ba6be8e3c50ca30e2b0b51db3af
70a7a2fa5d77f61eb61f019169c41ad152f90fdab7da30d6f21232fb807138dd
75a4a6d3e7adddfa098eef1bc4e343fb971414f6c5866a328d72d773eb3314e1
b4f0c1a077a279a40a3c93132cb60b529c799fa20c32f03436369cd818b305bc
c4a7b4babd8d76af2ddc0840bda733cd5a0b409895bb74d5302ff1155c9b32bc
df6b74293ea2ce01f5e392b37f9d500e10a1c2c40662296308514d930b151566
e2e33adc4b4b1fd09f4385641a21d78dfca6b96629827f0e6a30829587815cde
eef376d9ba561b179c4d943f37c824d7453c6dd2d415ef98543234d2fedd3f37