URL: http://updatesite.my.sabre.com/updatesite/installers/newprov/sabrered.win32.x86.release.exe.html
Submission Tags: falconsandbox
Submission: On July 03 via api from US — Scanned from DE

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 4 HTTP transactions. The main IP is 45.223.20.235, located in United States and belongs to INCAPSULA, US. The main domain is updatesite.my.sabre.com. The Cisco Umbrella rank of the primary domain is 831117.
This is the only time updatesite.my.sabre.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Downloads These files were downloaded by the website

Size: 166 MB (174327764 bytes, 0% done)
Downloaded from: http://updatesite.my.sabre.com/updatesite/installers/newprov/Sabre%20Red%20Workspace%20Installer-2.22.4.exe

Domain & IP information

IP Address AS Autonomous System
4 45.223.20.235 19551 (INCAPSULA)
4 1
Apex Domain
Subdomains
Transfer
4 sabre.com
updatesite.my.sabre.com — Cisco Umbrella Rank: 831117
21 KB
4 1
Domain Requested by
4 updatesite.my.sabre.com updatesite.my.sabre.com
4 1

This site contains no links.

Subject Issuer Validity Valid

This page contains 1 frames:

Frame: http://updatesite.my.sabre.com/updatesite/installers/newprov/Sabre%20Red%20Workspace%20Installer-2.22.4.exe
Frame ID: 3629D32E086B51F9C8EF1DACB3AC6F3A
Requests: 4 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • /_Incapsula_Resource

Page Statistics

4
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

21 kB
Transfer

143 kB
Size

3
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request sabrered.win32.x86.release.exe.html
updatesite.my.sabre.com/updatesite/installers/newprov/
520 B
1 KB
Document
General
Full URL
http://updatesite.my.sabre.com/updatesite/installers/newprov/sabrered.win32.x86.release.exe.html
Protocol
HTTP/1.1
Server
45.223.20.235 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
257e4d19efce447791d7e150b9cc59913e99b2de425eb284ecb24c6ce98f2708

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
max-age=86400, public
Content-Encoding
gzip
Content-Length
299
Content-Type
text/html
Date
Sun, 03 Jul 2022 11:59:57 GMT
Etag
"181-5dc9ff7089980"
Expires
Mon, 04 Jul 2022 11:59:57 GMT
Last-Modified
Thu, 14 Apr 2022 16:41:26 GMT
X-CDN
Imperva
X-Iinfo
14-122208607-122208608 NVNN CT(126 -1 0) RT(1656849597237 0) q(0 0 1 0) r(2 2)
_Incapsula_Resource
updatesite.my.sabre.com/
143 KB
20 KB
Script
General
Full URL
http://updatesite.my.sabre.com/_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3&ns=1&cb=1302488113
Requested by
Host: updatesite.my.sabre.com
URL: http://updatesite.my.sabre.com/updatesite/installers/newprov/sabrered.win32.x86.release.exe.html
Protocol
HTTP/1.1
Server
45.223.20.235 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
e37a784e4cc15b82f0b0f5ed15a00e5be945626fa10ddb7119c9388a94d93ce6

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://updatesite.my.sabre.com/updatesite/installers/newprov/sabrered.win32.x86.release.exe.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Encoding
gzip
Cache-Control
no-cache, no-store
X-Robots-Tag
noindex
Content-Length
20495
Content-Type
application/javascript
_Incapsula_Resource
updatesite.my.sabre.com/
1 B
123 B
Image
General
Full URL
http://updatesite.my.sabre.com/_Incapsula_Resource?SWKMTFSR=1&e=0.2352925390996783
Requested by
Host: updatesite.my.sabre.com
URL: http://updatesite.my.sabre.com/updatesite/installers/newprov/sabrered.win32.x86.release.exe.html
Protocol
HTTP/1.1
Server
45.223.20.235 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://updatesite.my.sabre.com/updatesite/installers/newprov/sabrered.win32.x86.release.exe.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Cache-Control
no-cache, no-store
X-Robots-Tag
noindex
Content-Length
1
Content-Type
text/plain
Sabre%20Red%20Workspace%20Installer-2.22.4.exe
updatesite.my.sabre.com/updatesite/installers/newprov/
0
0
Document
General
Full URL
http://updatesite.my.sabre.com/updatesite/installers/newprov/Sabre%20Red%20Workspace%20Installer-2.22.4.exe
Protocol
HTTP/1.1
Server
45.223.20.235 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
Apache /
Resource Hash

Request headers

Referer
http://updatesite.my.sabre.com/updatesite/installers/newprov/sabrered.win32.x86.release.exe.html
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
Keep-Alive
Content-Length
174327764
Content-Type
application/x-msdownload
Date
Sun, 03 Jul 2022 11:59:58 GMT
ETag
"a6407d4-5dc9ff782ab80"
Keep-Alive
timeout=1, max=99
Last-Modified
Thu, 14 Apr 2022 16:41:34 GMT
Server
Apache
X-CDN
Imperva
X-Iinfo
14-122208607-122208608 SNNN RT(1656849597237 372) q(0 0 0 -1) r(1 1) U3

Verdicts & Comments Add Verdict or Comment

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch object| navigation

3 Cookies

Domain/Path Name / Value
.my.sabre.com/ Name: visid_incap_1859519
Value: 0GQXdVHBSWi2eSxH7wUnUb2EwWIAAAAAQUIPAAAAAAAM0B6aue4yCjBoT8HHXAea
.my.sabre.com/ Name: nlbi_1859519
Value: i3t2Ql6ZpSTRh/LSAMjEHwAAAABHNZoAacPUiLaQYDQmmweY
.my.sabre.com/ Name: incap_ses_8219_1859519
Value: ApfPS30XEx3gwT5PZsEPcr2EwWIAAAAAR50pKbpmgIvL5RVyjcA0jQ==

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

updatesite.my.sabre.com
45.223.20.235
257e4d19efce447791d7e150b9cc59913e99b2de425eb284ecb24c6ce98f2708
e37a784e4cc15b82f0b0f5ed15a00e5be945626fa10ddb7119c9388a94d93ce6
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855