urlscan.io logo urlscan.io
SecurityTrails logo

185.84.1.138 Open in urlscan Pro
185.84.1.138  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://185.84.1.138/
Effective URL: https://185.84.1.138/sabasamlsso/samlRequestRedirect.jsp
Submission: On May 17 via manual from GB
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 5 HTTP transactions. The main IP is 185.84.1.138, located in Netherlands and belongs to SABA-AS-001 - Saba Software Inc., US. The main domain is 185.84.1.138.
TLS certificate: Issued by COMODO RSA Organization Validation Se... on June 7th 2018. Valid for: 2 years.
This is the only time 185.84.1.138 was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
5 7 185.84.1.138 53930 (SABA-AS-001)
1 151.101.2.110 54113 (FASTLY)
5 3
Apex Domain
Subdomains		 Transfer
1 newrelic.com
js-agent.newrelic.com
4 KB
0 lloydsbanking.com Failed
adfsglobal1.lloydsbanking.com Failed
0 nr-data.net Failed
bam.nr-data.net Failed
5 3
Domain Requested by
1 js-agent.newrelic.com 185.84.1.138
0 adfsglobal1.lloydsbanking.com Failed 185.84.1.138
0 bam.nr-data.net Failed js-agent.newrelic.com
5 3

This site contains no links.

Subject Issuer Validity Valid
*.sabanow.net
COMODO RSA Organization Validation Secure Server CA		 2018-06-07 -
2020-06-06		 2 years crt.sh
f4.shared.global.fastly.net
GlobalSign CloudSSL CA - SHA256 - G3		 2019-04-10 -
2020-03-21		 a year crt.sh

This page contains 1 frames:

Frame: https://adfsglobal1.lloydsbanking.com/adfs/ls?SAMLRequest=fZLdTsJAEIVfpdl7WooxxA2QIMRIgtoAeuENmbZDu2V%2F6s5W5O3dFo2YKHeTmfnOzJzdEYGSNZ82rtQrfGuQXPChpCbeFcassZobIEFcg0LiLuPr6cOSD8I%2Br61xJjOSnSGXCSBC64TRLFjMx2yb6h2kolaFkYVUZV1WMgUjAERa5VhKVe2lzMqCBS9oyXNj5mU8TNTgQpMD7XyqH9%2F0%2Bte9eLjpD3kc88HVKwvm%2FhahwXVU6VxNPIog31EhTQoyDqU0x5xS0HuhizAzqqtGklgw%2Fd5zZjQ1Cu0a7bvI8Hm1%2FNGSCFa3KIEXMYdQo4vauPWByHTx1gfb9v6wopoFyZdlt0LnHr3sVnpqIn6%2F2SS95Gm9YZNRK867%2B%2B3krw1G0XnH6PS%2Bj157MU%2BMFNkxuDNWgft%2FdBzGXUbkvV3XyhtNNWZiJzD33njfDjOL4HDMnG2QRZPT0N%2F%2FaPIJ&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1&Signature=RgUzHEUf2hurmm4VOzdHliO%2Fl2FhhgTKYKSh8ihTkrHG2Y98JitCoepfLWhYKRoa5HktW3oC7k8AzKvBoqux6JOQWvCAn9eM7EZNyUSYdKYNDI7a9YWpLs3ARdiuGH7ZjL6dO4cBuBHYlDJeutrC6sNW4oStwOo7DbxiypfQsTeaF%2F4oHaGwMbcCqExnqlOkHzjVollhL7GL0V3ES5YL%2Bcd4FAfh5o52EISAr%2F2rgGMA7BHloY06md8S6g%2F5cMgdHYspm%2FE0z8O0W%2FZmwGK8Jg3CKb72WvjcAPCAy%2FRpXEHI5C0sLPZOg2Rjt1xFquhnoVDY9OGpAY1Ys0OS%2FHpl0g%3D%3D
Frame ID: 2983E0135A08D497B6EDC6FE44B549B7
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://185.84.1.138/ HTTP 302
    https://185.84.1.138/ HTTP 302
    https://185.84.1.138/Saba/Web/Main Page URL
  2. https://185.84.1.138/Saba/Web/j_security_check HTTP 302
    https://185.84.1.138/Saba/Web/Main HTTP 302
    https://185.84.1.138/Saba/Web/Main HTTP 302
    https://185.84.1.138/sabasamlsso/samlRequestRedirect.jsp Page URL

Page Statistics

5
Requests

20 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

6 kB
Transfer

13 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://185.84.1.138/ HTTP 302
    https://185.84.1.138/ HTTP 302
    https://185.84.1.138/Saba/Web/Main Page URL
  2. https://185.84.1.138/Saba/Web/j_security_check HTTP 302
    https://185.84.1.138/Saba/Web/Main HTTP 302
    https://185.84.1.138/Saba/Web/Main HTTP 302
    https://185.84.1.138/sabasamlsso/samlRequestRedirect.jsp Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://185.84.1.138/ HTTP 302
  • https://185.84.1.138/ HTTP 302
  • https://185.84.1.138/Saba/Web/Main

5 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Cookie set Main
185.84.1.138/Saba/Web/
Redirect Chain
  • http://185.84.1.138/
  • https://185.84.1.138/
  • https://185.84.1.138/Saba/Web/Main
1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://185.84.1.138/Saba/Web/Main
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
185.84.1.138 , Netherlands, ASN53930 (SABA-AS-001 - Saba Software Inc., US),
Reverse DNS
Software
/
Resource Hash
f999c789d1c145000f71877ab9e3040a0de505527816bc11f281d7ce14bc0986

Request headers

Host
185.84.1.138
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Powered-By
Pragma
Cache-Control
Expires
Thu, 01 Jan 1970 01:00:00 GMT
Set-Cookie
JSESSIONID=3B1ABA98DB5ACE5671F64AF3F5EFBE9F.node06; Path=/Saba; HttpOnly;Secure
Content-Type
text/html;charset=UTF-8
Content-Length
803
Date
Fri, 17 May 2019 07:11:23 GMT
Vary
Accept-Encoding
Content-Encoding
gzip
Connection
Keep-Alive

Redirect headers

Location
https://185.84.1.138/Saba/Web/Main
Connection
Keep-Alive
Content-Length
0
nr-100.js
js-agent.newrelic.com/ 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js-agent.newrelic.com/nr-100.js
Requested by
Host: 185.84.1.138
URL: https://185.84.1.138/Saba/Web/Main
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.2.110 , United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash

Request headers

Referer
https://185.84.1.138/Saba/Web/Main
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 17 May 2019 07:11:23 GMT
content-encoding
gzip
x-amz-request-id
E5DCA6A1E273C29D
x-cache
HIT
status
200
content-length
3318
x-amz-id-2
yBW6wq72OpUUzr5BVZC7OQ3Xd7MaWDToYn+JABKXPABJ6IcwYuSpKIJuAGSdO2uKwu2SuSTlKYk=
x-served-by
cache-hhn1525-HHN
last-modified
Wed, 28 Feb 2018 23:33:30 GMT
server
AmazonS3
x-timer
S1558077084.707502,VS0,VE0
etag
"d650235bc408d454223f87f23b0b4a2d"
vary
Accept-Encoding
content-type
application/javascript
via
1.1 varnish
cache-control
public, max-age=7200, stale-if-error=604800
accept-ranges
bytes
x-cache-hits
158778
Primary Request Cookie set samlRequestRedirect.jsp
185.84.1.138/sabasamlsso/
Redirect Chain
  • https://185.84.1.138/Saba/Web/j_security_check
  • https://185.84.1.138/Saba/Web/Main
  • https://185.84.1.138/Saba/Web/Main
  • https://185.84.1.138/sabasamlsso/samlRequestRedirect.jsp
2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://185.84.1.138/sabasamlsso/samlRequestRedirect.jsp
Requested by
Host: 185.84.1.138
URL: https://185.84.1.138/Saba/Web/Main
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
185.84.1.138 , Netherlands, ASN53930 (SABA-AS-001 - Saba Software Inc., US),
Reverse DNS
Software
/
Resource Hash

Request headers

Host
185.84.1.138
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Referer
https://185.84.1.138/Saba/Web/Main
Accept-Encoding
gzip, deflate, br
Origin
https://185.84.1.138
Upgrade-Insecure-Requests
1
Content-Type
application/x-www-form-urlencoded
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://185.84.1.138/Saba/Web/Main

Response headers

X-Powered-By
Set-Cookie
JSESSIONID=C4C171FE514C4F257C747A1B4B3B9B9D.node01; Path=/sabasamlsso; HttpOnly;Secure
Cache-Control
no-cache
Pragma
no-cache
Content-Type
text/html;charset=UTF-8
Content-Length
1408
Date
Fri, 17 May 2019 07:11:23 GMT
Vary
Accept-Encoding
Content-Encoding
gzip
Connection
Keep-Alive

Redirect headers

X-Powered-By
Pragma
No-cache
Cache-Control
no-cache
Expires
Thu, 01 Jan 1970 01:00:00 GMT
Location
https://185.84.1.138/sabasamlsso/samlRequestRedirect.jsp
Content-Length
0
Date
Fri, 17 May 2019 07:11:23 GMT
42f71b1f39
bam.nr-data.net/1/ 		0
0
ls
adfsglobal1.lloydsbanking.com/adfs/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
bam.nr-data.net
URL
https://bam.nr-data.net/1/42f71b1f39?a=2432281&be=238&qt=0&ap=1&dc=0&fe=1&to=ZFdaZUtSW0YABhdZWV0dbUNQHGZUAwRMZ1NRHXVQUF0%3D&v=42&jsonp=NREUM.setToken&perf=%7B%22timing%22%3A%7B%22of%22%3A1558077083461%2C%20%22n%22%3A0%2C%20%22dl%22%3A234%2C%20%22di%22%3A238%2C%20%22ds%22%3A238%2C%20%22de%22%3A238%2C%20%22dc%22%3A239%2C%20%22l%22%3A239%2C%20%22le%22%3A240%2C%20%22f%22%3A208%2C%20%22dn%22%3A208%2C%20%22dne%22%3A208%2C%20%22c%22%3A208%2C%20%22ce%22%3A208%2C%20%22rq%22%3A209%2C%20%22rp%22%3A231%2C%20%22rpe%22%3A232%7D%2C%20%22navigation%22%3A%7B%7D%7D
Domain
adfsglobal1.lloydsbanking.com
URL
https://adfsglobal1.lloydsbanking.com/adfs/ls?SAMLRequest=fZLdTsJAEIVfpdl7WooxxA2QIMRIgtoAeuENmbZDu2V%2F6s5W5O3dFo2YKHeTmfnOzJzdEYGSNZ82rtQrfGuQXPChpCbeFcassZobIEFcg0LiLuPr6cOSD8I%2Br61xJjOSnSGXCSBC64TRLFjMx2yb6h2kolaFkYVUZV1WMgUjAERa5VhKVe2lzMqCBS9oyXNj5mU8TNTgQpMD7XyqH9%2F0%2Bte9eLjpD3kc88HVKwvm%2FhahwXVU6VxNPIog31EhTQoyDqU0x5xS0HuhizAzqqtGklgw%2Fd5zZjQ1Cu0a7bvI8Hm1%2FNGSCFa3KIEXMYdQo4vauPWByHTx1gfb9v6wopoFyZdlt0LnHr3sVnpqIn6%2F2SS95Gm9YZNRK867%2B%2B3krw1G0XnH6PS%2Bj157MU%2BMFNkxuDNWgft%2FdBzGXUbkvV3XyhtNNWZiJzD33njfDjOL4HDMnG2QRZPT0N%2F%2FaPIJ&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1&Signature=RgUzHEUf2hurmm4VOzdHliO%2Fl2FhhgTKYKSh8ihTkrHG2Y98JitCoepfLWhYKRoa5HktW3oC7k8AzKvBoqux6JOQWvCAn9eM7EZNyUSYdKYNDI7a9YWpLs3ARdiuGH7ZjL6dO4cBuBHYlDJeutrC6sNW4oStwOo7DbxiypfQsTeaF%2F4oHaGwMbcCqExnqlOkHzjVollhL7GL0V3ES5YL%2Bcd4FAfh5o52EISAr%2F2rgGMA7BHloY06md8S6g%2F5cMgdHYspm%2FE0z8O0W%2FZmwGK8Jg3CKb72WvjcAPCAy%2FRpXEHI5C0sLPZOg2Rjt1xFquhnoVDY9OGpAY1Ys0OS%2FHpl0g%3D%3D

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adfsglobal1.lloydsbanking.com
bam.nr-data.net
js-agent.newrelic.com
adfsglobal1.lloydsbanking.com
bam.nr-data.net
151.101.2.110
185.84.1.138
f999c789d1c145000f71877ab9e3040a0de505527816bc11f281d7ce14bc0986