fs.lendlease.com
Open in
urlscan Pro
8.22.192.161
Public Scan
Effective URL: https://fs.lendlease.com/adfs/ls/IdpInitiatedSignon.aspx?loginToRp=https://www.benefex.co.uk/saml/flex/
Submission: On January 21 via manual from US
Summary
TLS certificate: Issued by Entrust Certification Authority - L1K on December 3rd 2018. Valid for: a year.
This is the only time fs.lendlease.com was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 104.16.230.163 104.16.230.163 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
1 | 2606:4700:30:... 2606:4700:30::681f:5183 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
1 1 | 8.22.192.154 8.22.192.154 | 3356 (LEVEL3) (LEVEL3 - Level 3 Parent) | |
4 | 8.22.192.161 8.22.192.161 | 3356 (LEVEL3) (LEVEL3 - Level 3 Parent) | |
6 | 3 |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
r.benefitmail.co.uk |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
sibautomation.com |
ASN3356 (LEVEL3 - Level 3 Parent, LLC, US)
www.llpreference.co.uk |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
lendlease.com
fs.lendlease.com |
244 KB |
1 |
llpreference.co.uk
1 redirects
www.llpreference.co.uk |
207 B |
1 |
sibautomation.com
sibautomation.com |
|
1 |
benefitmail.co.uk
r.benefitmail.co.uk |
879 B |
6 | 4 |
Domain | Requested by | |
---|---|---|
4 | fs.lendlease.com |
r.benefitmail.co.uk
fs.lendlease.com |
1 | www.llpreference.co.uk | 1 redirects |
1 | sibautomation.com |
r.benefitmail.co.uk
|
1 | r.benefitmail.co.uk | |
6 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
lendlease.service-now.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni117763.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2 |
2018-12-30 - 2019-07-08 |
6 months | crt.sh |
fs.lendlease.com Entrust Certification Authority - L1K |
2018-12-03 - 2020-03-04 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://fs.lendlease.com/adfs/ls/IdpInitiatedSignon.aspx?loginToRp=https://www.benefex.co.uk/saml/flex/
Frame ID: 5AAE31DF01075CF26EA7059BAE07B90A
Requests: 5 HTTP requests in this frame
Frame:
https://sibautomation.com/cm.html?id=1588432
Frame ID: 33EDB15073E0CD91EC3749DC71999E12
Requests: 1 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- http://r.benefitmail.co.uk/tr/cl/MEcxgiKHydW-vlX4V_e-LShpLaECu3GWG7uOiTsz7UHFlfdOQr_p82SLLlKaYYeBu573hc... Page URL
-
http://www.llpreference.co.uk/
HTTP 301
https://fs.lendlease.com/adfs/ls/IdpInitiatedSignon.aspx?loginToRp=https://www.benefex.co.uk/saml/flex/ Page URL
Detected technologies
CloudFlare (CDN) ExpandDetected patterns
- headers server /cloudflare/i
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: ServiceNow
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://r.benefitmail.co.uk/tr/cl/MEcxgiKHydW-vlX4V_e-LShpLaECu3GWG7uOiTsz7UHFlfdOQr_p82SLLlKaYYeBu573hcA3GVV6a47chdvjpju2KNbtQ9yECfBVA8OHA_UDvu2nGL6nEm-46h6MgG3lX8AJQmc7O_EL3Brl8ipt5cTSmz7kj8IHybq4xXUl_avlMdpR5NG8_A Page URL
-
http://www.llpreference.co.uk/
HTTP 301
https://fs.lendlease.com/adfs/ls/IdpInitiatedSignon.aspx?loginToRp=https://www.benefex.co.uk/saml/flex/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
6 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Cookie set
MEcxgiKHydW-vlX4V_e-LShpLaECu3GWG7uOiTsz7UHFlfdOQr_p82SLLlKaYYeBu573hcA3GVV6a47chdvjpju2KNbtQ9yECfBVA8OHA_UDvu2nGL6nEm-46h6MgG3lX8AJQmc7O_EL3Brl8ipt5cTSmz7kj8IHybq4xXUl_avlMdpR5NG8_A
r.benefitmail.co.uk/tr/cl/ |
596 B 879 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cm.html
sibautomation.com/ Frame 33ED |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
Cookie set
IdpInitiatedSignon.aspx
fs.lendlease.com/adfs/ls/ Redirect Chain
|
16 KB 18 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.css
fs.lendlease.com/adfs/portal/css/ |
8 KB 8 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.png
fs.lendlease.com/adfs/portal/logo/ |
19 KB 19 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
illustration.jpg
fs.lendlease.com/adfs/portal/illustration/ |
198 KB 199 KB |
Image
image/jpg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
13 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask function| LoginErrors number| maxPasswordLength function| InputUtil function| SelectOption function| Login undefined| emails undefined| msViewportStyle undefined| viewport function| getStyle function| computeLoadIllustration3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
fs.lendlease.com/ | Name: TS0145feac Value: 0137176c1c075151f5a8c5f2b91647229958202a5f62c258e67b3b6821d7f720e75401a46b |
|
fs.lendlease.com/adfs | Name: TS01a98002 Value: 0137176c1cb8b4f7bc037ccc9b1a796223437de477a97720c091026745876544c80107f0dc98d82f42d98bfce0bcd8569fb13b3071 |
|
fs.lendlease.com/adfs | Name: MSISSamlRequest Value: QmFzZVVybD1odHRwcyUzYSUyZiUyZmZzLmxlbmRsZWFzZS5jb20lMmZhZGZzJTJmbHMlMmZcU0FNTFJlcXVlc3Q9bFZKQmFzTXdFUHlLMGQyVzdjU09MUnlEYVM2QjlwS1dIbm9waXJRbW9yYmthcVVtejYlMmJjMElaU0d1aE5HbVoyZG9adGtJJTJmRHhEcnZEbm9IN3g3UVJkdk5tcnlXYWM2clF1empudGM4WHVhaWppc0pWUXg5dHFybG9paVdaVVdpWjdDb2pGNlRQRWxKdEVYMHNOWG91SFlCU3JNNlRyTTR6NTd5bktVWkt4Wkp1U3BmU0xRSkxrcHpkMVllbkp1UVVkcGpNb0NXQTNDRVJKaVJjdGtqSFpDUzZNNW9oSG1rdDVvWmpncVo1aU1nYzRJOWRnJTJmM0xMZ3pjU0V4cjNFQ29Yb0Zra1NuY2RESXpobHZxeWRybkJGbUlHMXpUbUV2MHRzaWpnaDJUa0hhT2NXZklRTHJRd2xBNnF4SDE5Q0xROXVFWEZMTmV2eW5XOU41cVVBTDJJVW1yUkl6ZWdYYnIwcVB4Mk95QncwOW5NSXlpWCUyYmpjeE8wSCUyYkJFRyUyZnBOdno1JTJmaktQWDljTG45NTIwbnclM2QlM2RcUHJvdG9jb2xCaW5kaW5nPXVybiUzYW9hc2lzJTNhbmFtZXMlM2F0YyUzYVNBTUwlM2EyLjAlM2FiaW5kaW5ncyUzYUhUVFAtUmVkaXJlY3RcU2lnbmF0dXJlPXZHMnNxMkNibzQwV0FiN2Zubnd5Sk4lMmJDOGUlMmZhYzJadmc1bGFkVU53VEh5RUxuSXU2Qm90RHZObUV3MVNiRVBaR0F0RkhrQW9hWmFtNDJYejUlMmYxYzE1MSUyYlp4JTJmNjNZMzJHWVNGQjFIYWU2U1JVJTJiVHZRaEJ2ZFZMWk1CekNRTjl5aHRwaSUyZk1DeTBSUVd5ZHpEOUwlMmJnUU8xRExiMDdRTUxYTWE5V0lZY0xjblRLWUIzTVhOMWg2JTJiTEJoQTdMcmxPUjhSVU1zWkk0bXFncUFLejdKMVE0M2dURlJnaUolMmZJMnZiaFZYaE5MRVcwaVFvSkNhZFNDYWZJMTExV1ZITm9IekN2cVJiWFM5Q0hxY0olMmIzVTAwNFozWHlqZk9nVUw3Mk0lMmZBMmNkUGFOWUtBVDJVRDVyTiUyZklIVjJ1TFdkeVphTVlDMjlJWnV2Y0F5dmNLeGcwc0owdDd3JTNkJTNkXFNpZ0FsZz1odHRwJTNhJTJmJTJmd3d3LnczLm9yZyUyZjIwMDElMmYwNCUyZnhtbGRzaWctbW9yZSUyM3JzYS1zaGEyNTZcUXVlcnlTdHJpbmdIYXNoPTI2JTJiRzR4UXc1QkxQTVRVajF3UzVtREVhOXUxdENicUdidk4yamxSMjZKSSUzZA== |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Content-Type-Options | nosniff |
X-Xss-Protection | 1 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
fs.lendlease.com
r.benefitmail.co.uk
sibautomation.com
www.llpreference.co.uk
104.16.230.163
2606:4700:30::681f:5183
8.22.192.154
8.22.192.161
1679920b034e03b00c13b197bc9d3fd399841fa288afcc15dc921eb14dee5f90
2694924a71553378acd1b1d2d1137078e47a34dc3db925156ed5ddd5564d5afb
a0f8df99f2a8f412a40e87e54ccc2375a2e09dcaade3acdc5028cf2335bd9b81
d74d4d6943f32ae6f7f11d14d601dbb0e1a58919176ee512150366b6279aaf99
e62998ec3f5dbe50491b6ceb06afd9a88dd176c5ee026492a698ffe18335c044