urlscan.io logo urlscan.io
SecurityTrails logo

express-eexpresshome.sabacloud.com Open in urlscan Pro
12.130.57.27  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://express-eexpresshome.sabacloud.com/Saba/Web_spf/PRODTNT011/common/messag%20ehometreeview/forum000000000001000/bbmsg000000000021110
Effective URL: https://express-eexpresshome.sabacloud.com/Saba/Web_spf/PRODTNT011/common/messag%20ehometreeview/forum000000000001000/bbmsg000000000021110
Submission: On September 09 via manual from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 2 HTTP transactions. The main IP is 12.130.57.27, located in United States and belongs to ATT-CERFNET-BLOCK - AT&T Enhanced Network Services, US. The main domain is express-eexpresshome.sabacloud.com.
TLS certificate: Issued by Entrust Certification Authority - L1K on August 25th 2017. Valid for: 3 years.
This is the only time express-eexpresshome.sabacloud.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 3 12.130.57.27 17225 (ATT-CERFN...)
1 2 104.111.241.235 16625 (AKAMAI-AS)
2 2
Apex Domain
Subdomains		 Transfer
3 sabacloud.com
express-eexpresshome.sabacloud.com
5 KB
2 express.com
sso.express.com
615 B
2 2
Domain Requested by
3 express-eexpresshome.sabacloud.com 2 redirects
2 sso.express.com 1 redirects express-eexpresshome.sabacloud.com
2 2

This site contains no links.

Subject Issuer Validity Valid
*.sabacloud.com
Entrust Certification Authority - L1K		 2017-08-25 -
2020-09-27		 3 years crt.sh
www.express.com
GeoTrust RSA CA 2018		 2019-06-04 -
2019-12-28		 7 months crt.sh

This page contains 1 frames:

Frame: https://sso.express.com/adfs/ls/wia?SAMLRequest=fZFPb4JAEMXv%2FRRk77LL%2BgfdCMbWmJrYSAR76KVZYUEa2KU7i%2FHjF0RSvZjMZZI3v3l5b764lIV1FhpyJT3k2ARZQsYqyWXmoUO0HkzRwn%2BZAy8LWrFlbU5yL35rAcZaAghtmrs3JaEuhQ6FPuexOOy3HjoZUwHDWFwqLQBs4EceF6pO7FiVOGw23DJxGO4wL3IOvbLSyTdUyFo1L3LJzdVXTwNQdk9sOTxJAReAkbVWOhZXex5KeQECWZuVhzglGZ8cHTdznWycEkfQoTuNf2aTlI9o0ogg4AD5WfyfAdRiI8FwaTxEiTMbkHYiShidsOHYHrnkC1mBVkbFqnjNZZdWrSVTHHJgkpcCmIlZuPzYMmoTduxEwN6jKBgEuzBC1mefOm1Tb3qQwLqcn7Oq22Pkd7Wwq2N9T3gO4H1xyH8IfY7vef5tfWzd%2FwM%3D&RelayState=a31378c6-b9b6-415f-98c0-ebcbab3623d2
Frame ID: 8DA29296E5A08321824371D11F1CC334
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Statistics

2
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

3 kB
Transfer

7 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://express-eexpresshome.sabacloud.com/Saba/Web_wdk/PRODTNT011/index/prelogin.rdf?spfUrl=%2FSaba%2FWeb_spf%2FPRODTNT011%2Fcommon%2Fmessag%2520ehometreeview%2Fforum000000000001000%2Fbbmsg000000000021110 HTTP 302
  • https://express-eexpresshome.sabacloud.com/Saba/saml/login/alias/expressprd_sp/sp?token=a31378c6-b9b6-415f-98c0-ebcbab3623d2&idp=http%3A%2F%2Fsso.express.com%2Fadfs%2Fservices%2Ftrust&ESigRequest=false HTTP 302
  • https://sso.express.com/adfs/ls/?SAMLRequest=fZFPb4JAEMXv%2FRRk77LL%2BgfdCMbWmJrYSAR76KVZYUEa2KU7i%2FHjF0RSvZjMZZI3v3l5b764lIV1FhpyJT3k2ARZQsYqyWXmoUO0HkzRwn%2BZAy8LWrFlbU5yL35rAcZaAghtmrs3JaEuhQ6FPuexOOy3HjoZUwHDWFwqLQBs4EceF6pO7FiVOGw23DJxGO4wL3IOvbLSyTdUyFo1L3LJzdVXTwNQdk9sOTxJAReAkbVWOhZXex5KeQECWZuVhzglGZ8cHTdznWycEkfQoTuNf2aTlI9o0ogg4AD5WfyfAdRiI8FwaTxEiTMbkHYiShidsOHYHrnkC1mBVkbFqnjNZZdWrSVTHHJgkpcCmIlZuPzYMmoTduxEwN6jKBgEuzBC1mefOm1Tb3qQwLqcn7Oq22Pkd7Wwq2N9T3gO4H1xyH8IfY7vef5tfWzd%2FwM%3D&RelayState=a31378c6-b9b6-415f-98c0-ebcbab3623d2 HTTP 302
  • https://sso.express.com/adfs/ls/wia?SAMLRequest=fZFPb4JAEMXv%2FRRk77LL%2BgfdCMbWmJrYSAR76KVZYUEa2KU7i%2FHjF0RSvZjMZZI3v3l5b764lIV1FhpyJT3k2ARZQsYqyWXmoUO0HkzRwn%2BZAy8LWrFlbU5yL35rAcZaAghtmrs3JaEuhQ6FPuexOOy3HjoZUwHDWFwqLQBs4EceF6pO7FiVOGw23DJxGO4wL3IOvbLSyTdUyFo1L3LJzdVXTwNQdk9sOTxJAReAkbVWOhZXex5KeQECWZuVhzglGZ8cHTdznWycEkfQoTuNf2aTlI9o0ogg4AD5WfyfAdRiI8FwaTxEiTMbkHYiShidsOHYHrnkC1mBVkbFqnjNZZdWrSVTHHJgkpcCmIlZuPzYMmoTduxEwN6jKBgEuzBC1mefOm1Tb3qQwLqcn7Oq22Pkd7Wwq2N9T3gO4H1xyH8IfY7vef5tfWzd%2FwM%3D&RelayState=a31378c6-b9b6-415f-98c0-ebcbab3623d2

2 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Cookie set bbmsg000000000021110
express-eexpresshome.sabacloud.com/Saba/Web_spf/PRODTNT011/common/messag%20ehometreeview/forum000000000001000/ 		7 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://express-eexpresshome.sabacloud.com/Saba/Web_spf/PRODTNT011/common/messag%20ehometreeview/forum000000000001000/bbmsg000000000021110
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
12.130.57.27 , United States, ASN17225 (ATT-CERFNET-BLOCK - AT&T Enhanced Network Services, US),
Reverse DNS
Software
Saba Cloud /
Resource Hash
09edb1566a445a47df4816d375223dbed8648aba4515affe3f4dd6543a9bcf27
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

Host
express-eexpresshome.sabacloud.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site
none
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1

Response headers

X-Via
na1-P1-8290-n02
X-Requested-URL
https://express-eexpresshome.sabacloud.com/Saba/Web_spf/PRODTNT011/common/messag%20ehometreeview/forum000000000001000/bbmsg000000000021110
X-Request-Id
13500b3e-0e78-43bb-9829-40a6b9fdee17
X-Requested-Host
express-eexpresshome.sabacloud.com
Strict-Transport-Security
max-age=15552000; includeSubDomains
X-Vanity-URL
rl5m011z23hy
Set-Cookie
JSESSIONID=F54073F614CFCB9390E349F56A7DE7FC; Path=/Saba/; HttpOnly;Secure
Ajax-Location
/Saba/Web_wdk/PRODTNT011/index/startIndex.rdf
Cache-Control
Pragma
Content-Type
text/html;charset=UTF-8
Date
Mon, 09 Sep 2019 20:26:35 GMT
Server
Saba Cloud
Vary
Accept-Encoding
Content-Encoding
gzip
Content-Length
2282
Connection
Keep-Alive
wia
sso.express.com/adfs/ls/
Redirect Chain
  • https://express-eexpresshome.sabacloud.com/Saba/Web_wdk/PRODTNT011/index/prelogin.rdf?spfUrl=%2FSaba%2FWeb_spf%2FPRODTNT011%2Fcommon%2Fmessag%2520ehometreeview%2Fforum000000000001000%2Fbbmsg0000000...
  • https://express-eexpresshome.sabacloud.com/Saba/saml/login/alias/expressprd_sp/sp?token=a31378c6-b9b6-415f-98c0-ebcbab3623d2&idp=http%3A%2F%2Fsso.express.com%2Fadfs%2Fservices%2Ftrust&ESigRequest=f...
  • https://sso.express.com/adfs/ls/?SAMLRequest=fZFPb4JAEMXv%2FRRk77LL%2BgfdCMbWmJrYSAR76KVZYUEa2KU7i%2FHjF0RSvZjMZZI3v3l5b764lIV1FhpyJT3k2ARZQsYqyWXmoUO0HkzRwn%2BZAy8LWrFlbU5yL35rAcZaAghtmrs3JaEuhQ6F...
  • https://sso.express.com/adfs/ls/wia?SAMLRequest=fZFPb4JAEMXv%2FRRk77LL%2BgfdCMbWmJrYSAR76KVZYUEa2KU7i%2FHjF0RSvZjMZZI3v3l5b764lIV1FhpyJT3k2ARZQsYqyWXmoUO0HkzRwn%2BZAy8LWrFlbU5yL35rAcZaAghtmrs3JaEuh...
0
86 B 		Document
General
Check archive.org
Download Go to
Full URL
https://sso.express.com/adfs/ls/wia?SAMLRequest=fZFPb4JAEMXv%2FRRk77LL%2BgfdCMbWmJrYSAR76KVZYUEa2KU7i%2FHjF0RSvZjMZZI3v3l5b764lIV1FhpyJT3k2ARZQsYqyWXmoUO0HkzRwn%2BZAy8LWrFlbU5yL35rAcZaAghtmrs3JaEuhQ6FPuexOOy3HjoZUwHDWFwqLQBs4EceF6pO7FiVOGw23DJxGO4wL3IOvbLSyTdUyFo1L3LJzdVXTwNQdk9sOTxJAReAkbVWOhZXex5KeQECWZuVhzglGZ8cHTdznWycEkfQoTuNf2aTlI9o0ogg4AD5WfyfAdRiI8FwaTxEiTMbkHYiShidsOHYHrnkC1mBVkbFqnjNZZdWrSVTHHJgkpcCmIlZuPzYMmoTduxEwN6jKBgEuzBC1mefOm1Tb3qQwLqcn7Oq22Pkd7Wwq2N9T3gO4H1xyH8IfY7vef5tfWzd%2FwM%3D&RelayState=a31378c6-b9b6-415f-98c0-ebcbab3623d2
Requested by
Host: express-eexpresshome.sabacloud.com
URL: https://express-eexpresshome.sabacloud.com/Saba/Web_spf/PRODTNT011/common/messag%20ehometreeview/forum000000000001000/bbmsg000000000021110
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.241.235 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-241-235.deploy.static.akamaitechnologies.com
Software
Microsoft-HTTPAPI/2.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:method
GET
:authority
sso.express.com
:scheme
https
:path
/adfs/ls/wia?SAMLRequest=fZFPb4JAEMXv%2FRRk77LL%2BgfdCMbWmJrYSAR76KVZYUEa2KU7i%2FHjF0RSvZjMZZI3v3l5b764lIV1FhpyJT3k2ARZQsYqyWXmoUO0HkzRwn%2BZAy8LWrFlbU5yL35rAcZaAghtmrs3JaEuhQ6FPuexOOy3HjoZUwHDWFwqLQBs4EceF6pO7FiVOGw23DJxGO4wL3IOvbLSyTdUyFo1L3LJzdVXTwNQdk9sOTxJAReAkbVWOhZXex5KeQECWZuVhzglGZ8cHTdznWycEkfQoTuNf2aTlI9o0ogg4AD5WfyfAdRiI8FwaTxEiTMbkHYiShidsOHYHrnkC1mBVkbFqnjNZZdWrSVTHHJgkpcCmIlZuPzYMmoTduxEwN6jKBgEuzBC1mefOm1Tb3qQwLqcn7Oq22Pkd7Wwq2N9T3gO4H1xyH8IfY7vef5tfWzd%2FwM%3D&RelayState=a31378c6-b9b6-415f-98c0-ebcbab3623d2
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode
navigate
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
cross-site
referer
https://express-eexpresshome.sabacloud.com/Saba/Web_spf/PRODTNT011/common/messag%20ehometreeview/forum000000000001000/bbmsg000000000021110
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
navigate
Referer
https://express-eexpresshome.sabacloud.com/Saba/Web_spf/PRODTNT011/common/messag%20ehometreeview/forum000000000001000/bbmsg000000000021110

Response headers

status
401
content-length
0
server
Microsoft-HTTPAPI/2.0
www-authenticate
Negotiate NTLM
date
Mon, 09 Sep 2019 20:26:36 GMT

Redirect headers

status
302
content-length
0
content-type
text/html; charset=utf-8
location
https://sso.express.com:443/adfs/ls/wia?SAMLRequest=fZFPb4JAEMXv%2FRRk77LL%2BgfdCMbWmJrYSAR76KVZYUEa2KU7i%2FHjF0RSvZjMZZI3v3l5b764lIV1FhpyJT3k2ARZQsYqyWXmoUO0HkzRwn%2BZAy8LWrFlbU5yL35rAcZaAghtmrs3JaEuhQ6FPuexOOy3HjoZUwHDWFwqLQBs4EceF6pO7FiVOGw23DJxGO4wL3IOvbLSyTdUyFo1L3LJzdVXTwNQdk9sOTxJAReAkbVWOhZXex5KeQECWZuVhzglGZ8cHTdznWycEkfQoTuNf2aTlI9o0ogg4AD5WfyfAdRiI8FwaTxEiTMbkHYiShidsOHYHrnkC1mBVkbFqnjNZZdWrSVTHHJgkpcCmIlZuPzYMmoTduxEwN6jKBgEuzBC1mefOm1Tb3qQwLqcn7Oq22Pkd7Wwq2N9T3gO4H1xyH8IfY7vef5tfWzd%2FwM%3D&RelayState=a31378c6-b9b6-415f-98c0-ebcbab3623d2
server
Microsoft-HTTPAPI/2.0
date
Mon, 09 Sep 2019 20:26:36 GMT

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

express-eexpresshome.sabacloud.com
sso.express.com
104.111.241.235
12.130.57.27
09edb1566a445a47df4816d375223dbed8648aba4515affe3f4dd6543a9bcf27
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855