de-rsso1.onbmc.com - urlscan.io

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 3 HTTP transactions. The main IP is 3.64.94.112, located in Frankfurt am Main, Germany and belongs to AMAZON-02, US. The main domain is de-rsso1.onbmc.com.
TLS certificate: Issued by DigiCert Global G2 TLS RSA SHA256 202... on January 8th 2024. Valid for: a year.

This is the only time de-rsso1.onbmc.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 4	3.64.94.112 3.64.94.112	16509 (AMAZON-02) (AMAZON-02)
1 2	212.36.6.13 212.36.6.13	8717 (A1) (A1)
3	2

4 3.64.94.112 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-64-94-112.eu-central-1.compute.amazonaws.com

a1-myit.onbmc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
de-rsso1.onbmc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 212.36.6.13 (Sofia, Bulgaria) 1 redirects

ASN8717 (A1, BG)

sts.mobiltel.bg	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	onbmc.com 2 redirects a1-myit.onbmc.com de-rsso1.onbmc.com	4 KB
2	mobiltel.bg 1 redirects sts.mobiltel.bg	1 KB
3	2

	Domain	Requested by
2	sts.mobiltel.bg	1 redirects
2	de-rsso1.onbmc.com	1 redirects
2	a1-myit.onbmc.com	1 redirects
3	3

This site contains no links.

Subject Issuer	Validity	Valid
*.onbmc.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-01-08` - `2025-02-07`	a year	crt.sh
sts.a1.bg DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-04-25` - `2024-05-01`	a year	crt.sh

This page contains 1 frames:

Frame: https://sts.mobiltel.bg/adfs/ls/wia?SAMLRequest=nVTLbtswELznKwTeJVryowBhG3BsBDWQtoKt9tBLQFGrhAAfKpdK0r8vpciIChg6mDcuF7OzMwOukWvVsF3rX8wJ%2FrSAPnrXyiDrHzakdYZZjhKZ4RqQecHOu2%2BPLEtmrHHWW2EViY6HDXla1dUcoF7GWQ0iXiwriMu0mscgstlSpGU5LwWJfoFDac2GBARyF105R8QWjgY9Nz60zbJFPMvi7EuRpixdsvkqWaWL3yQ6BLLScN%2BjvXjfIKMUPSballJ5UEn5THlVI1VISfRgnYB%2B0Q2puUIItDHniPIVLpWrfPJhzXtpKmmepzUpP5qQfS2KPM5%2FnIvroDtEcB31vTXYanBncK9SwM%2FT4%2BcyQUGHaNPEmlKLRFhNuzt1ICCwdpSncTChItt%2BxrrzjPXyuZGL04T5hQjZYvPUoV1Q13SEN5rQsO8B5XjIrZLi7y1xCVZo7qe7u4qs4rpvZU2XGvRgPIl2Stm3vQPug2%2FetUDof%2ByGHEPVmx309fB%2BU6r3VjfcSezypaWRutWD0p9qj2fsVRDzBPUt2k%2B2CSY66FDu8vpmXdVlEkTYsXDcYGOdH9y6xmdQh07Is727PI%2B%2Fgu0%2F&RelayState=_6fd3eef5-2fec-45de-b1d3-ec205c1bb3bc&client-request-id=6f4ef1d2-e0b7-448d-093a-0080010000f0
Frame ID: 7D5C9D1FCB0611F34C269B87AB127EE9
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://a1-myit.onbmc.com/ux/ HTTP 302
https://a1-myit.onbmc.com/ux/myitapp/ Page URL
https://de-rsso1.onbmc.com/rsso/start Page URL

Page Statistics

3
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

3
Subdomains

2
IPs

2
Countries

2 kB
Transfer

2 kB
Size

5
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://a1-myit.onbmc.com/ux/ HTTP 302
https://a1-myit.onbmc.com/ux/myitapp/ Page URL
https://de-rsso1.onbmc.com/rsso/start Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://a1-myit.onbmc.com/ux/ HTTP 302
https://a1-myit.onbmc.com/ux/myitapp/

Request Chain 1

https://de-rsso1.onbmc.com/rsso/start HTTP 302
https://sts.mobiltel.bg/adfs/ls/?SAMLRequest=nVTLbtswELznKwTeJVryowBhG3BsBDWQtoKt9tBLQFGrhAAfKpdK0r8vpciIChg6mDcuF7OzMwOukWvVsF3rX8wJ%2FrSAPnrXyiDrHzakdYZZjhKZ4RqQecHOu2%2BPLEtmrHHWW2EViY6HDXla1dUcoF7GWQ0iXiwriMu0mscgstlSpGU5LwWJfoFDac2GBARyF105R8QWjgY9Nz60zbJFPMvi7EuRpixdsvkqWaWL3yQ6BLLScN%2BjvXjfIKMUPSballJ5UEn5THlVI1VISfRgnYB%2B0Q2puUIItDHniPIVLpWrfPJhzXtpKmmepzUpP5qQfS2KPM5%2FnIvroDtEcB31vTXYanBncK9SwM%2FT4%2BcyQUGHaNPEmlKLRFhNuzt1ICCwdpSncTChItt%2BxrrzjPXyuZGL04T5hQjZYvPUoV1Q13SEN5rQsO8B5XjIrZLi7y1xCVZo7qe7u4qs4rpvZU2XGvRgPIl2Stm3vQPug2%2FetUDof%2ByGHEPVmx309fB%2BU6r3VjfcSezypaWRutWD0p9qj2fsVRDzBPUt2k%2B2CSY66FDu8vpmXdVlEkTYsXDcYGOdH9y6xmdQh07Is727PI%2B%2Fgu0%2F&RelayState=_6fd3eef5-2fec-45de-b1d3-ec205c1bb3bc HTTP 302
https://sts.mobiltel.bg/adfs/ls/wia?SAMLRequest=nVTLbtswELznKwTeJVryowBhG3BsBDWQtoKt9tBLQFGrhAAfKpdK0r8vpciIChg6mDcuF7OzMwOukWvVsF3rX8wJ%2FrSAPnrXyiDrHzakdYZZjhKZ4RqQecHOu2%2BPLEtmrHHWW2EViY6HDXla1dUcoF7GWQ0iXiwriMu0mscgstlSpGU5LwWJfoFDac2GBARyF105R8QWjgY9Nz60zbJFPMvi7EuRpixdsvkqWaWL3yQ6BLLScN%2BjvXjfIKMUPSballJ5UEn5THlVI1VISfRgnYB%2B0Q2puUIItDHniPIVLpWrfPJhzXtpKmmepzUpP5qQfS2KPM5%2FnIvroDtEcB31vTXYanBncK9SwM%2FT4%2BcyQUGHaNPEmlKLRFhNuzt1ICCwdpSncTChItt%2BxrrzjPXyuZGL04T5hQjZYvPUoV1Q13SEN5rQsO8B5XjIrZLi7y1xCVZo7qe7u4qs4rpvZU2XGvRgPIl2Stm3vQPug2%2FetUDof%2ByGHEPVmx309fB%2BU6r3VjfcSezypaWRutWD0p9qj2fsVRDzBPUt2k%2B2CSY66FDu8vpmXdVlEkTYsXDcYGOdH9y6xmdQh07Is727PI%2B%2Fgu0%2F&RelayState=_6fd3eef5-2fec-45de-b1d3-ec205c1bb3bc&client-request-id=6f4ef1d2-e0b7-448d-093a-0080010000f0

3 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

401

/ Show response
a1-myit.onbmc.com/ux/myitapp/
Redirect Chain

https://a1-myit.onbmc.com/ux/
https://a1-myit.onbmc.com/ux/myitapp/

1 KB
1 KB

11ms
11ms

Document
text/html

3.64.94.112
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://a1-myit.onbmc.com/ux/myitapp/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 3.64.94.112 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-64-94-112.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 70a90e001d6f8cac77cbca0891a7449e6c3be6f8c0a18b46672eeb8edb8332ae

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-cache, no-store, private
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html;charset=UTF-8
Date: Tue, 27 Feb 2024 11:15:36 GMT
Expires: Tue, 27 Feb 2024 11:15:36 GMT
Pragma: no-cache
Transfer-Encoding: chunked
vary: accept-encoding

Redirect headers

Connection: keep-alive
Content-Length: 0
Date: Tue, 27 Feb 2024 11:15:36 GMT
Location: /ux/myitapp/

POST
H/1.1 200 Primary Request start Show response
de-rsso1.onbmc.com/rsso/ 1 KB
1 KB 65ms
14ms Document
text/html 3.64.94.112
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://de-rsso1.onbmc.com/rsso/start

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

3.64.94.112 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-64-94-112.eu-central-1.compute.amazonaws.com

Software

/

Resource Hash

45a85ecda12ab75f30d13889ab2912835540d7657e52ebc14e6cc42678df744e

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' https://www.google.com https://www.gstatic.com 'nonce-UzAqQC2mXBxnF5HejSGhig=='; object-src 'none'; worker-src 'self' blob:; frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://a1-myit.onbmc.com
Referer: https://a1-myit.onbmc.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store
Connection: keep-alive
Content-Encoding: gzip
Content-Security-Policy: script-src 'self' https://www.google.com https://www.gstatic.com 'nonce-UzAqQC2mXBxnF5HejSGhig=='; object-src 'none'; worker-src 'self' blob:; frame-ancestors 'self'
Content-Type: text/html;charset=UTF-8
Date: Tue, 27 Feb 2024 11:15:36 GMT
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block

GET
H/1.1

401
Unauthorized

wia Show response
sts.mobiltel.bg/adfs/ls/
Redirect Chain

https://de-rsso1.onbmc.com/rsso/start
https://sts.mobiltel.bg/adfs/ls/?SAMLRequest=nVTLbtswELznKwTeJVryowBhG3BsBDWQtoKt9tBLQFGrhAAfKpdK0r8vpciIChg6mDcuF7OzMwOukWvVsF3rX8wJ%2FrSAPnrXyiDrHzakdYZZjhKZ4RqQecHOu2%2BPLEtmrHHWW2EViY6HDXla1dUc...
https://sts.mobiltel.bg/adfs/ls/wia?SAMLRequest=nVTLbtswELznKwTeJVryowBhG3BsBDWQtoKt9tBLQFGrhAAfKpdK0r8vpciIChg6mDcuF7OzMwOukWvVsF3rX8wJ%2FrSAPnrXyiDrHzakdYZZjhKZ4RqQecHOu2%2BPLEtmrHHWW2EViY6HDXla1...

0
169 B

32ms
32ms

Document
text/plain

212.36.6.13
A1

General

Check archive.org

Show headers Download Go to

Full URL: https://sts.mobiltel.bg/adfs/ls/wia?SAMLRequest=nVTLbtswELznKwTeJVryowBhG3BsBDWQtoKt9tBLQFGrhAAfKpdK0r8vpciIChg6mDcuF7OzMwOukWvVsF3rX8wJ%2FrSAPnrXyiDrHzakdYZZjhKZ4RqQecHOu2%2BPLEtmrHHWW2EViY6HDXla1dUcoF7GWQ0iXiwriMu0mscgstlSpGU5LwWJfoFDac2GBARyF105R8QWjgY9Nz60zbJFPMvi7EuRpixdsvkqWaWL3yQ6BLLScN%2BjvXjfIKMUPSballJ5UEn5THlVI1VISfRgnYB%2B0Q2puUIItDHniPIVLpWrfPJhzXtpKmmepzUpP5qQfS2KPM5%2FnIvroDtEcB31vTXYanBncK9SwM%2FT4%2BcyQUGHaNPEmlKLRFhNuzt1ICCwdpSncTChItt%2BxrrzjPXyuZGL04T5hQjZYvPUoV1Q13SEN5rQsO8B5XjIrZLi7y1xCVZo7qe7u4qs4rpvZU2XGvRgPIl2Stm3vQPug2%2FetUDof%2ByGHEPVmx309fB%2BU6r3VjfcSezypaWRutWD0p9qj2fsVRDzBPUt2k%2B2CSY66FDu8vpmXdVlEkTYsXDcYGOdH9y6xmdQh07Is727PI%2B%2Fgu0%2F&RelayState=_6fd3eef5-2fec-45de-b1d3-ec205c1bb3bc&client-request-id=6f4ef1d2-e0b7-448d-093a-0080010000f0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 212.36.6.13 Sofia, Bulgaria, ASN8717 (A1, BG),
Reverse DNS
Software: Microsoft-HTTPAPI/2.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://de-rsso1.onbmc.com
Referer: https://de-rsso1.onbmc.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Content-Length: 0
Date: Tue, 27 Feb 2024 11:15:36 GMT
Server: Microsoft-HTTPAPI/2.0
WWW-Authenticate: Negotiate NTLM

Redirect headers

Content-Length: 0
Content-Type: text/html; charset=utf-8
Date: Tue, 27 Feb 2024 11:15:36 GMT
Location: https://sts.mobiltel.bg:443/adfs/ls/wia?SAMLRequest=nVTLbtswELznKwTeJVryowBhG3BsBDWQtoKt9tBLQFGrhAAfKpdK0r8vpciIChg6mDcuF7OzMwOukWvVsF3rX8wJ%2FrSAPnrXyiDrHzakdYZZjhKZ4RqQecHOu2%2BPLEtmrHHWW2EViY6HDXla1dUcoF7GWQ0iXiwriMu0mscgstlSpGU5LwWJfoFDac2GBARyF105R8QWjgY9Nz60zbJFPMvi7EuRpixdsvkqWaWL3yQ6BLLScN%2BjvXjfIKMUPSballJ5UEn5THlVI1VISfRgnYB%2B0Q2puUIItDHniPIVLpWrfPJhzXtpKmmepzUpP5qQfS2KPM5%2FnIvroDtEcB31vTXYanBncK9SwM%2FT4%2BcyQUGHaNPEmlKLRFhNuzt1ICCwdpSncTChItt%2BxrrzjPXyuZGL04T5hQjZYvPUoV1Q13SEN5rQsO8B5XjIrZLi7y1xCVZo7qe7u4qs4rpvZU2XGvRgPIl2Stm3vQPug2%2FetUDof%2ByGHEPVmx309fB%2BU6r3VjfcSezypaWRutWD0p9qj2fsVRDzBPUt2k%2B2CSY66FDu8vpmXdVlEkTYsXDcYGOdH9y6xmdQh07Is727PI%2B%2Fgu0%2F&RelayState=_6fd3eef5-2fec-45de-b1d3-ec205c1bb3bc&client-request-id=6f4ef1d2-e0b7-448d-093a-0080010000f0
Server: Microsoft-HTTPAPI/2.0

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
de-rsso1.onbmc.com/rsso	1969-12-31 23:59:59	Name: hroute_ds9jgaqo6v Value: 1709032537.58.17809.203479
a1-myit.onbmc.com/	1969-12-31 23:59:59	Name: route Value: 1709032537.486.17807.197848
a1-myit.onbmc.com/	1969-12-31 23:59:59	Name: JSESSIONID Value: DCAEF0BA7A66D2A05238A8B46D23F0BA
a1-myit.onbmc.com/	1969-12-31 23:59:59	Name: onbmc_pool Value: !pOb3aXelCLY5vfsZZC5K4Ikvz8SCJE0WseDvE3RiEfPf6seTMQxnuLcS9E66Nv+57fkkAQLK5jRC8HM=
de-rsso1.onbmc.com/	1969-12-31 23:59:59	Name: onbmc_pool Value: !+9dNgFKC5/Ceyb4ZZC5K4Ikvz8SCJJe4Fpwa3ipcDkRqg8nGsy70kcRghKIkSQ66H9tigY7RFaF1/SI=

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://a1-myit.onbmc.com/ux/myitapp/ Message: Failed to load resource: the server responded with a status of 401 ()
network	error	URL: https://sts.mobiltel.bg/adfs/ls/wia?SAMLRequest=nVTLbtswELznKwTeJVryowBhG3BsBDWQtoKt9tBLQFGrhAAfKpdK0r8vpciIChg6mDcuF7OzMwOukWvVsF3rX8wJ%2FrSAPnrXyiDrHzakdYZZjhKZ4RqQecHOu2%2BPLEtmrHHWW2EViY6HDXla1dUcoF7GWQ0iXiwriMu0mscgstlSpGU5LwWJfoFDac2GBARyF105R8QWjgY9Nz60zbJFPMvi7EuRpixdsvkqWaWL3yQ6BLLScN%2BjvXjfIKMUPSballJ5UEn5THlVI1VISfRgnYB%2B0Q2puUIItDHniPIVLpWrfPJhzXtpKmmepzUpP5qQfS2KPM5%2FnIvroDtEcB31vTXYanBncK9SwM%2FT4%2BcyQUGHaNPEmlKLRFhNuzt1ICCwdpSncTChItt%2BxrrzjPXyuZGL04T5hQjZYvPUoV1Q13SEN5rQsO8B5XjIrZLi7y1xCVZo7qe7u4qs4rpvZU2XGvRgPIl2Stm3vQPug2%2FetUDof%2ByGHEPVmx309fB%2BU6r3VjfcSezypaWRutWD0p9qj2fsVRDzBPUt2k%2B2CSY66FDu8vpmXdVlEkTYsXDcYGOdH9y6xmdQh07Is727PI%2B%2Fgu0%2F&RelayState=_6fd3eef5-2fec-45de-b1d3-ec205c1bb3bc&client-request-id=6f4ef1d2-e0b7-448d-093a-0080010000f0 Message: Failed to load resource: the server responded with a status of 401 (Unauthorized)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a1-myit.onbmc.com
de-rsso1.onbmc.com
sts.mobiltel.bg
212.36.6.13
3.64.94.112
45a85ecda12ab75f30d13889ab2912835540d7657e52ebc14e6cc42678df744e
70a90e001d6f8cac77cbca0891a7449e6c3be6f8c0a18b46672eeb8edb8332ae
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

de-rsso1.onbmc.com Open in urlscan Pro 3.64.94.112 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

3 Requests

100 %HTTPS

0 %IPv6

2 Domains

3 Subdomains

2 IPs

2 Countries

2 kBTransfer

2 kBSize

5 Cookies

0 Outgoing links

Page URL History

Redirected requests

3 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

5 Cookies

2 Console Messages

Indicators

de-rsso1.onbmc.com Open in urlscan Pro
3.64.94.112 Public Scan

Screenshot
Live screenshot

Full Image

3
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

3
Subdomains

2
IPs

2
Countries

2 kB
Transfer

2 kB
Size

5
Cookies

3 HTTP transactions
0 data transactions