bsso.blpprofessional.com Open in urlscan Pro
69.187.20.87 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://corp.blpnexi.com/
Effective URL:
https://bsso.blpprofessional.com/idp/HYdV1/resumeSAML20/idp/SSO.ping
Submission: On September 01 via manual (September 1st 2020, 5:10:48 pm UTC) from US

Summary HTTP 14 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 14 HTTP transactions. The main IP is 69.187.20.87, located in United States and belongs to BLOOMBERG-NET, US. The main domain is bsso.blpprofessional.com.
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on February 19th 2020. Valid for: 2 years.

This is the only time bsso.blpprofessional.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 2	69.191.241.168 69.191.241.168	10361 (BLOOMBERG...) (BLOOMBERG-NET)
1 14	69.187.20.87 69.187.20.87	10361 (BLOOMBERG...) (BLOOMBERG-NET)
14	2

2 69.191.241.168 (United States) 1 redirects

ASN10361 (BLOOMBERG-NET, US)
PTR: portaltest.blpnexi.com

corp.blpnexi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 69.187.20.87 (United States) 1 redirects

ASN10361 (BLOOMBERG-NET, US)

bsso.blpprofessional.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	blpprofessional.com 1 redirects bsso.blpprofessional.com	408 KB
2	blpnexi.com 1 redirects corp.blpnexi.com	3 KB
14	2

	Domain	Requested by
14	bsso.blpprofessional.com	1 redirects bsso.blpprofessional.com
2	corp.blpnexi.com	1 redirects
14	2

This site contains links to these domains. Also see Links.

Domain
sprsrv.admin.bloomberg.com

Subject Issuer	Validity	Valid
*.blpnexi.com DigiCert SHA2 Secure Server CA	`2017-10-05` - `2020-10-09`	3 years	crt.sh
bsso.blpprofessional.com DigiCert SHA2 Extended Validation Server CA	`2020-02-19` - `2022-05-06`	2 years	crt.sh

This page contains 1 frames:

Primary Page: https://bsso.blpprofessional.com/idp/HYdV1/resumeSAML20/idp/SSO.ping
Frame ID: 6063759CD2C1149A0118C955E1B3601C
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://corp.blpnexi.com/ HTTP 302
https://corp.blpnexi.com/saml/login/ Page URL
https://bsso.blpprofessional.com/idp/SSO.saml2 HTTP 302
https://bsso.blpprofessional.com/idp/HYdV1/resumeSAML20/idp/SSO.ping Page URL

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+(?:([\d.]+)\/)?(?:css\/)?font-awesome(?:\.min)?\.css/i

Page Statistics

14
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

410 kB
Transfer

402 kB
Size

1
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://sprsrv.admin.bloomberg.com/
Title: Forgot your password?

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://corp.blpnexi.com/ HTTP 302
https://corp.blpnexi.com/saml/login/ Page URL
https://bsso.blpprofessional.com/idp/SSO.saml2 HTTP 302
https://bsso.blpprofessional.com/idp/HYdV1/resumeSAML20/idp/SSO.ping Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://corp.blpnexi.com/ HTTP 302
https://corp.blpnexi.com/saml/login/

14 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Cookie set / Show response
corp.blpnexi.com/saml/login/
Redirect Chain

https://corp.blpnexi.com/
https://corp.blpnexi.com/saml/login/

4 KB
3 KB

94ms
94ms

Document
text/html

69.191.241.168
BLOOMBERG-NET

General

Check archive.org

Show headers Download Go to

Full URL

https://corp.blpnexi.com/saml/login/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

69.191.241.168 , United States, ASN10361 (BLOOMBERG-NET, US),

Reverse DNS

portaltest.blpnexi.com

Software

Apache /

Resource Hash

2287c065b28ae4658ffadce868292a204383e0c925764e5a11de4f7dd9869a20

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Host: corp.blpnexi.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 01 Sep 2020 17:10:32 GMT
Server: Apache
Cache-control: no-cache, no-store
Pragma: no-cache
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self'
Vary: Accept-Encoding
Content-Encoding: gzip
Set-Cookie: JSESSIONID=5EC3E2EEE078A3DA67BBB00E7BADA4F6; Path=/; Secure; HttpOnly;HttpOnly
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html;charset=UTF-8

Redirect headers

Date: Tue, 01 Sep 2020 17:10:31 GMT
Server: Apache
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self'
Location: /saml/login/
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive

GET
H/1.1

200
OK

Primary Request

Cookie set SSO.ping Show response
bsso.blpprofessional.com/idp/HYdV1/resumeSAML20/idp/
Redirect Chain

https://bsso.blpprofessional.com/idp/SSO.saml2
https://bsso.blpprofessional.com/idp/HYdV1/resumeSAML20/idp/SSO.ping

5 KB
6 KB

337ms
164ms

Document
text/html

69.187.20.87
BLOOMBERG-NET

General

Check archive.org

Show headers Download Go to

Full URL

https://bsso.blpprofessional.com/idp/HYdV1/resumeSAML20/idp/SSO.ping

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

69.187.20.87 , United States, ASN10361 (BLOOMBERG-NET, US),

Reverse DNS

Software

Resource Hash

91888d40c1419ebbe1d75769882eb5e5b6d738b6a9d442571fd7a4deaa0b14c5

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'self'; font-src 'self' data:;frame-src data:;img-src *;frame-src 'self' data:;frame-ancestors 'self' https://staging.bloomberg.com ;
Strict-Transport-Security	Strict-Transport-Security: max-age=31536000; includeSubDomains; preload max-age=31536000
X-Frame-Options	SAMEORIGIN

Request headers

Host: bsso.blpprofessional.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: document
Referer: https://corp.blpnexi.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: PF=PBOoeSr6BPNiymEHNA0rNvc5KSNd2x3cu8XHziuvjFB2
Upgrade-Insecure-Requests: 1
Origin: https://corp.blpnexi.com
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://corp.blpnexi.com/

Response headers

Strict-Transport-Security: Strict-Transport-Security: max-age=31536000; includeSubDomains; preload max-age=31536000
Date: Tue, 01 Sep 2020 17:10:33 GMT
X-Frame-Options: SAMEORIGIN
Referrer-Policy: origin
Content-Security-Policy: default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'self'; font-src 'self' data:;frame-src data:;img-src *;frame-src 'self' data:;frame-ancestors 'self' https://staging.bloomberg.com ;
Connection: close
Cache-Control: no-cache, no-store
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=utf-8
Set-Cookie: PF=PBOoeSr6BPNiymEHNA0rNvRj44ZoIQmvI5T5yqTXVb1W;Path=/;Secure;HttpOnly;SameSite=None
Content-Length: 5116

Redirect headers

Strict-Transport-Security: Strict-Transport-Security: max-age=31536000; includeSubDomains; preload max-age=31536000
Date: Tue, 01 Sep 2020 17:10:32 GMT
X-Frame-Options: SAMEORIGIN
Referrer-Policy: origin
Content-Security-Policy: default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'self'; font-src 'self' data:;frame-src data:;img-src *;frame-src 'self' data:;frame-ancestors 'self' https://staging.bloomberg.com ;
Connection: close
Cache-Control: no-cache, no-store
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=utf-8
Set-Cookie: PF=PBOoeSr6BPNiymEHNA0rNvc5KSNd2x3cu8XHziuvjFB2;Path=/;Secure;HttpOnly;SameSite=None
Location: https://bsso.blpprofessional.com/idp/HYdV1/resumeSAML20/idp/SSO.ping
Content-Length: 0

GET
H/1.1 200
OK font-awesome.min.css
bsso.blpprofessional.com/assets/portal/css/ 26 KB
27 KB 326ms
154ms Stylesheet
text/css 69.187.20.87
BLOOMBERG-NET

General

Check archive.org

Show headers Download Go to

Full URL

https://bsso.blpprofessional.com/assets/portal/css/font-awesome.min.css

Requested by

Host: bsso.blpprofessional.com
URL: https://bsso.blpprofessional.com/idp/HYdV1/resumeSAML20/idp/SSO.ping

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

69.187.20.87 , United States, ASN10361 (BLOOMBERG-NET, US),

Reverse DNS

Software

Resource Hash

4fafd619f4c42bd22a4a7d617f495d50a23af4fe0032bea360badd3273a9825a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'self'; font-src 'self' data:;frame-src data:;img-src *;frame-src 'self' data:;frame-ancestors 'self' https://staging.bloomberg.com ;
Strict-Transport-Security	Strict-Transport-Security: max-age=31536000; includeSubDomains; preload, max-age=31536000
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://bsso.blpprofessional.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Strict-Transport-Security: Strict-Transport-Security: max-age=31536000; includeSubDomains; preload, max-age=31536000
Referrer-Policy: origin
Last-Modified: Fri, 31 Jul 2020 22:31:43 GMT
Date: Tue, 01 Sep 2020 17:10:33 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: text/css
Cache-Control: max-age=0, must-revalidate
Content-Security-Policy: default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'self'; font-src 'self' data:;frame-src data:;img-src *;frame-src 'self' data:;frame-ancestors 'self' https://staging.bloomberg.com ;
Connection: close
Content-Length: 26825

GET
H/1.1 200
OK main.css
bsso.blpprofessional.com/assets/portal/css/ 27 KB
28 KB 325ms
152ms Stylesheet
text/css 69.187.20.87
BLOOMBERG-NET

General

Check archive.org

Show headers Download Go to

Full URL

https://bsso.blpprofessional.com/assets/portal/css/main.css

Requested by

Host: bsso.blpprofessional.com
URL: https://bsso.blpprofessional.com/idp/HYdV1/resumeSAML20/idp/SSO.ping

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

69.187.20.87 , United States, ASN10361 (BLOOMBERG-NET, US),

Reverse DNS

Software

Resource Hash

4ad725bf313f199b15fc17334f14faba69db6afbb9b9a58bbaed6cb98527475f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'self'; font-src 'self' data:;frame-src data:;img-src *;frame-src 'self' data:;frame-ancestors 'self' https://staging.bloomberg.com ;
Strict-Transport-Security	Strict-Transport-Security: max-age=31536000; includeSubDomains; preload, max-age=31536000
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://bsso.blpprofessional.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Strict-Transport-Security: Strict-Transport-Security: max-age=31536000; includeSubDomains; preload, max-age=31536000
Referrer-Policy: origin
Last-Modified: Fri, 31 Jul 2020 22:31:43 GMT
Date: Tue, 01 Sep 2020 17:10:33 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: text/css
Cache-Control: max-age=0, must-revalidate
Content-Security-Policy: default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'self'; font-src 'self' data:;frame-src data:;img-src *;frame-src 'self' data:;frame-ancestors 'self' https://staging.bloomberg.com ;
Connection: close
Content-Length: 27827

GET
H/1.1 200
OK responsive.css
bsso.blpprofessional.com/assets/portal/css/ 6 KB
6 KB 323ms
150ms Stylesheet
text/css 69.187.20.87
BLOOMBERG-NET

General

Check archive.org

Show headers Download Go to

Full URL

https://bsso.blpprofessional.com/assets/portal/css/responsive.css

Requested by

Host: bsso.blpprofessional.com
URL: https://bsso.blpprofessional.com/idp/HYdV1/resumeSAML20/idp/SSO.ping

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

69.187.20.87 , United States, ASN10361 (BLOOMBERG-NET, US),

Reverse DNS

Software

Resource Hash

d251c439ee586fd578a43277a92f0cc6937cb7a43213c3bc436489b893c656c9

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'self'; font-src 'self' data:;frame-src data:;img-src *;frame-src 'self' data:;frame-ancestors 'self' https://staging.bloomberg.com ;
Strict-Transport-Security	Strict-Transport-Security: max-age=31536000; includeSubDomains; preload, max-age=31536000
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://bsso.blpprofessional.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Strict-Transport-Security: Strict-Transport-Security: max-age=31536000; includeSubDomains; preload, max-age=31536000
Referrer-Policy: origin
Last-Modified: Fri, 31 Jul 2020 22:31:43 GMT
Date: Tue, 01 Sep 2020 17:10:33 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: text/css
Cache-Control: max-age=0, must-revalidate
Content-Security-Policy: default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'self'; font-src 'self' data:;frame-src data:;img-src *;frame-src 'self' data:;frame-ancestors 'self' https://staging.bloomberg.com ;
Connection: close
Content-Length: 5694

GET
H/1.1 200
OK logo.png
bsso.blpprofessional.com/assets/portal/img/ 4 KB
5 KB 323ms
151ms Image
image/png 69.187.20.87
BLOOMBERG-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bsso.blpprofessional.com/assets/portal/img/logo.png

Requested by

Host: bsso.blpprofessional.com
URL: https://bsso.blpprofessional.com/idp/HYdV1/resumeSAML20/idp/SSO.ping

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

69.187.20.87 , United States, ASN10361 (BLOOMBERG-NET, US),

Reverse DNS

Software

Resource Hash

0e5bbfbd577ba781cfe1ae6387cf4af48ec504fdc2bf690c14ee797af63786ab

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'self'; font-src 'self' data:;frame-src data:;img-src *;frame-src 'self' data:;frame-ancestors 'self' https://staging.bloomberg.com ;
Strict-Transport-Security	Strict-Transport-Security: max-age=31536000; includeSubDomains; preload, max-age=31536000
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://bsso.blpprofessional.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Strict-Transport-Security: Strict-Transport-Security: max-age=31536000; includeSubDomains; preload, max-age=31536000
Referrer-Policy: origin
Last-Modified: Fri, 31 Jul 2020 22:31:43 GMT
Date: Tue, 01 Sep 2020 17:10:33 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=0, must-revalidate
Content-Security-Policy: default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'self'; font-src 'self' data:;frame-src data:;img-src *;frame-src 'self' data:;frame-ancestors 'self' https://staging.bloomberg.com ;
Connection: close
Content-Length: 4443

GET
H/1.1 200
OK utils-lite.js Show response
bsso.blpprofessional.com/assets/portal/js/library/ 3 KB
4 KB 322ms
150ms Script
application/javascript 69.187.20.87
BLOOMBERG-NET

General

Check archive.org

Show headers Download Go to

Full URL

https://bsso.blpprofessional.com/assets/portal/js/library/utils-lite.js

Requested by

Host: bsso.blpprofessional.com
URL: https://bsso.blpprofessional.com/idp/HYdV1/resumeSAML20/idp/SSO.ping

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

69.187.20.87 , United States, ASN10361 (BLOOMBERG-NET, US),

Reverse DNS

Software

Resource Hash

1408c57e79a8df2eeda8a98283ebb107f0dfca54ca7ab3d88de510d288c81236

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'self'; font-src 'self' data:;frame-src data:;img-src *;frame-src 'self' data:;frame-ancestors 'self' https://staging.bloomberg.com ;
Strict-Transport-Security	Strict-Transport-Security: max-age=31536000; includeSubDomains; preload, max-age=31536000
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://bsso.blpprofessional.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Strict-Transport-Security: Strict-Transport-Security: max-age=31536000; includeSubDomains; preload, max-age=31536000
Referrer-Policy: origin
Last-Modified: Fri, 31 Jul 2020 22:31:43 GMT
Date: Tue, 01 Sep 2020 17:10:33 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript
Cache-Control: max-age=0, must-revalidate
Content-Security-Policy: default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'self'; font-src 'self' data:;frame-src data:;img-src *;frame-src 'self' data:;frame-ancestors 'self' https://staging.bloomberg.com ;
Connection: close
Content-Length: 3027

GET
H/1.1 200
OK bg-left.png
bsso.blpprofessional.com/assets/portal/img/ 2 KB
3 KB 318ms
144ms Image
image/png 69.187.20.87
BLOOMBERG-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bsso.blpprofessional.com/assets/portal/img/bg-left.png

Requested by

Host: bsso.blpprofessional.com
URL: https://bsso.blpprofessional.com/assets/portal/css/main.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

69.187.20.87 , United States, ASN10361 (BLOOMBERG-NET, US),

Reverse DNS

Software

Resource Hash

3632f5c9e47019373d1bf2a4ee4e77c72623e0ef4c609038debbe0cb17427e0e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'self'; font-src 'self' data:;frame-src data:;img-src *;frame-src 'self' data:;frame-ancestors 'self' https://staging.bloomberg.com ;
Strict-Transport-Security	Strict-Transport-Security: max-age=31536000; includeSubDomains; preload, max-age=31536000
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://bsso.blpprofessional.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Strict-Transport-Security: Strict-Transport-Security: max-age=31536000; includeSubDomains; preload, max-age=31536000
Referrer-Policy: origin
Last-Modified: Fri, 31 Jul 2020 22:31:43 GMT
Date: Tue, 01 Sep 2020 17:10:33 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=0, must-revalidate
Content-Security-Policy: default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'self'; font-src 'self' data:;frame-src data:;img-src *;frame-src 'self' data:;frame-ancestors 'self' https://staging.bloomberg.com ;
Connection: close
Content-Length: 2491

GET
H/1.1 200
OK username.svg
bsso.blpprofessional.com/assets/portal/img/ 912 B
2 KB 318ms
145ms Image
image/svg+xml 69.187.20.87
BLOOMBERG-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bsso.blpprofessional.com/assets/portal/img/username.svg

Requested by

Host: bsso.blpprofessional.com
URL: https://bsso.blpprofessional.com/assets/portal/css/main.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

69.187.20.87 , United States, ASN10361 (BLOOMBERG-NET, US),

Reverse DNS

Software

Resource Hash

4eda4a2f961de4fb7a2fb5c43589a23240a67ffc7c6a401fbd65b2b12349aecc

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'self'; font-src 'self' data:;frame-src data:;img-src *;frame-src 'self' data:;frame-ancestors 'self' https://staging.bloomberg.com ;
Strict-Transport-Security	Strict-Transport-Security: max-age=31536000; includeSubDomains; preload, max-age=31536000
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://bsso.blpprofessional.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Strict-Transport-Security: Strict-Transport-Security: max-age=31536000; includeSubDomains; preload, max-age=31536000
Referrer-Policy: origin
Last-Modified: Fri, 31 Jul 2020 22:31:43 GMT
Date: Tue, 01 Sep 2020 17:10:33 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: image/svg+xml
Cache-Control: max-age=0, must-revalidate
Content-Security-Policy: default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'self'; font-src 'self' data:;frame-src data:;img-src *;frame-src 'self' data:;frame-ancestors 'self' https://staging.bloomberg.com ;
Connection: close
Content-Length: 912

GET
H/1.1 200
OK password.svg
bsso.blpprofessional.com/assets/portal/img/ 943 B
2 KB 316ms
144ms Image
image/svg+xml 69.187.20.87
BLOOMBERG-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bsso.blpprofessional.com/assets/portal/img/password.svg

Requested by

Host: bsso.blpprofessional.com
URL: https://bsso.blpprofessional.com/assets/portal/css/main.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

69.187.20.87 , United States, ASN10361 (BLOOMBERG-NET, US),

Reverse DNS

Software

Resource Hash

2091beb64ff7953f068013de72c7bc48f76482186589644bb2e602537512a3a2

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'self'; font-src 'self' data:;frame-src data:;img-src *;frame-src 'self' data:;frame-ancestors 'self' https://staging.bloomberg.com ;
Strict-Transport-Security	Strict-Transport-Security: max-age=31536000; includeSubDomains; preload, max-age=31536000
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://bsso.blpprofessional.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Strict-Transport-Security: Strict-Transport-Security: max-age=31536000; includeSubDomains; preload, max-age=31536000
Referrer-Policy: origin
Last-Modified: Fri, 31 Jul 2020 22:31:43 GMT
Date: Tue, 01 Sep 2020 17:10:33 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: image/svg+xml
Cache-Control: max-age=0, must-revalidate
Content-Security-Policy: default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'self'; font-src 'self' data:;frame-src data:;img-src *;frame-src 'self' data:;frame-ancestors 'self' https://staging.bloomberg.com ;
Connection: close
Content-Length: 943

GET
H/1.1 200
OK bg-right.png
bsso.blpprofessional.com/assets/portal/img/ 2 KB
2 KB 635ms
145ms Image
image/png 69.187.20.87
BLOOMBERG-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bsso.blpprofessional.com/assets/portal/img/bg-right.png

Requested by

Host: bsso.blpprofessional.com
URL: https://bsso.blpprofessional.com/assets/portal/css/main.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

69.187.20.87 , United States, ASN10361 (BLOOMBERG-NET, US),

Reverse DNS

Software

Resource Hash

ebe179e1b0610316311f1321a5f8d750f4209327d46b5a53dd0d05be64957740

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'self'; font-src 'self' data:;frame-src data:;img-src *;frame-src 'self' data:;frame-ancestors 'self' https://staging.bloomberg.com ;
Strict-Transport-Security	Strict-Transport-Security: max-age=31536000; includeSubDomains; preload, max-age=31536000
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://bsso.blpprofessional.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Strict-Transport-Security: Strict-Transport-Security: max-age=31536000; includeSubDomains; preload, max-age=31536000
Referrer-Policy: origin
Last-Modified: Fri, 31 Jul 2020 22:31:43 GMT
Date: Tue, 01 Sep 2020 17:10:34 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=0, must-revalidate
Content-Security-Policy: default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'self'; font-src 'self' data:;frame-src data:;img-src *;frame-src 'self' data:;frame-ancestors 'self' https://staging.bloomberg.com ;
Connection: close
Content-Length: 1553

GET
H/1.1 200
OK AvenirNextPForBBG-Regular.otf
bsso.blpprofessional.com/assets/portal/fonts/AvenirNextPForBBG-Regular/ 107 KB
108 KB 319ms
150ms Font
application/vnd.oasis.opendocument.formula-template 69.187.20.87
BLOOMBERG-NET

General

Check archive.org

Show headers Download Go to

Full URL

https://bsso.blpprofessional.com/assets/portal/fonts/AvenirNextPForBBG-Regular/AvenirNextPForBBG-Regular.otf

Requested by

Host: bsso.blpprofessional.com
URL: https://bsso.blpprofessional.com/assets/portal/css/main.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

69.187.20.87 , United States, ASN10361 (BLOOMBERG-NET, US),

Reverse DNS

Software

Resource Hash

afe29f99e82acd9948d59487a164311dce4e8d9ad4ac89d380d0ce236a69ac4c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'self'; font-src 'self' data:;frame-src data:;img-src *;frame-src 'self' data:;frame-ancestors 'self' https://staging.bloomberg.com ;
Strict-Transport-Security	Strict-Transport-Security: max-age=31536000; includeSubDomains; preload, max-age=31536000
X-Frame-Options	SAMEORIGIN

Request headers

Origin: https://bsso.blpprofessional.com
Referer: https://bsso.blpprofessional.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Strict-Transport-Security: Strict-Transport-Security: max-age=31536000; includeSubDomains; preload, max-age=31536000
Referrer-Policy: origin
Last-Modified: Fri, 31 Jul 2020 22:31:43 GMT
Date: Tue, 01 Sep 2020 17:10:33 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: application/vnd.oasis.opendocument.formula-template
Cache-Control: max-age=0, must-revalidate
Content-Security-Policy: default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'self'; font-src 'self' data:;frame-src data:;img-src *;frame-src 'self' data:;frame-ancestors 'self' https://staging.bloomberg.com ;
Connection: close
Content-Length: 109676

GET
H/1.1 200
OK AvenirNextPForBBG-Demi.otf
bsso.blpprofessional.com/assets/portal/fonts/AvenirNextPForBBG-Demi/ 107 KB
108 KB 320ms
149ms Font
application/vnd.oasis.opendocument.formula-template 69.187.20.87
BLOOMBERG-NET

General

Check archive.org

Show headers Download Go to

Full URL

https://bsso.blpprofessional.com/assets/portal/fonts/AvenirNextPForBBG-Demi/AvenirNextPForBBG-Demi.otf

Requested by

Host: bsso.blpprofessional.com
URL: https://bsso.blpprofessional.com/assets/portal/css/main.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

69.187.20.87 , United States, ASN10361 (BLOOMBERG-NET, US),

Reverse DNS

Software

Resource Hash

89824ebaa3e536b50d357ac68fae0f2928d682c09fbaf5ed5e5c89540313cec9

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'self'; font-src 'self' data:;frame-src data:;img-src *;frame-src 'self' data:;frame-ancestors 'self' https://staging.bloomberg.com ;
Strict-Transport-Security	Strict-Transport-Security: max-age=31536000; includeSubDomains; preload, max-age=31536000
X-Frame-Options	SAMEORIGIN

Request headers

Origin: https://bsso.blpprofessional.com
Referer: https://bsso.blpprofessional.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Strict-Transport-Security: Strict-Transport-Security: max-age=31536000; includeSubDomains; preload, max-age=31536000
Referrer-Policy: origin
Last-Modified: Fri, 31 Jul 2020 22:31:43 GMT
Date: Tue, 01 Sep 2020 17:10:33 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: application/vnd.oasis.opendocument.formula-template
Cache-Control: max-age=0, must-revalidate
Content-Security-Policy: default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'self'; font-src 'self' data:;frame-src data:;img-src *;frame-src 'self' data:;frame-ancestors 'self' https://staging.bloomberg.com ;
Connection: close
Content-Length: 109784

GET
H/1.1 200
OK AvenirNextPForBBG-Medium.otf
bsso.blpprofessional.com/assets/portal/fonts/AvenirNextPForBBG-Medium/ 107 KB
108 KB 321ms
149ms Font
application/vnd.oasis.opendocument.formula-template 69.187.20.87
BLOOMBERG-NET

General

Check archive.org

Show headers Download Go to

Full URL

https://bsso.blpprofessional.com/assets/portal/fonts/AvenirNextPForBBG-Medium/AvenirNextPForBBG-Medium.otf

Requested by

Host: bsso.blpprofessional.com
URL: https://bsso.blpprofessional.com/assets/portal/css/main.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

69.187.20.87 , United States, ASN10361 (BLOOMBERG-NET, US),

Reverse DNS

Software

Resource Hash

6be5794709fb7560cb4e041ba3244609d71c1c9cfe0603e6c69f44c41b6e69b9

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'self'; font-src 'self' data:;frame-src data:;img-src *;frame-src 'self' data:;frame-ancestors 'self' https://staging.bloomberg.com ;
Strict-Transport-Security	Strict-Transport-Security: max-age=31536000; includeSubDomains; preload, max-age=31536000
X-Frame-Options	SAMEORIGIN

Request headers

Origin: https://bsso.blpprofessional.com
Referer: https://bsso.blpprofessional.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Strict-Transport-Security: Strict-Transport-Security: max-age=31536000; includeSubDomains; preload, max-age=31536000
Referrer-Policy: origin
Last-Modified: Fri, 31 Jul 2020 22:31:43 GMT
Date: Tue, 01 Sep 2020 17:10:33 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: application/vnd.oasis.opendocument.formula-template
Cache-Control: max-age=0, must-revalidate
Content-Security-Policy: default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'self'; font-src 'self' data:;frame-src data:;img-src *;frame-src 'self' data:;frame-ancestors 'self' https://staging.bloomberg.com ;
Connection: close
Content-Length: 109664

Verdicts & Comments Add Verdict or Comment

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			bsso.blpprofessional.com/	1969-12-31 23:59:59	Name: PF Value: PBOoeSr6BPNiymEHNA0rNvRj44ZoIQmvI5T5yqTXVb1W

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bsso.blpprofessional.com
corp.blpnexi.com
69.187.20.87
69.191.241.168
0e5bbfbd577ba781cfe1ae6387cf4af48ec504fdc2bf690c14ee797af63786ab
1408c57e79a8df2eeda8a98283ebb107f0dfca54ca7ab3d88de510d288c81236
2091beb64ff7953f068013de72c7bc48f76482186589644bb2e602537512a3a2
2287c065b28ae4658ffadce868292a204383e0c925764e5a11de4f7dd9869a20
3632f5c9e47019373d1bf2a4ee4e77c72623e0ef4c609038debbe0cb17427e0e
4ad725bf313f199b15fc17334f14faba69db6afbb9b9a58bbaed6cb98527475f
4eda4a2f961de4fb7a2fb5c43589a23240a67ffc7c6a401fbd65b2b12349aecc
4fafd619f4c42bd22a4a7d617f495d50a23af4fe0032bea360badd3273a9825a
6be5794709fb7560cb4e041ba3244609d71c1c9cfe0603e6c69f44c41b6e69b9
89824ebaa3e536b50d357ac68fae0f2928d682c09fbaf5ed5e5c89540313cec9
91888d40c1419ebbe1d75769882eb5e5b6d738b6a9d442571fd7a4deaa0b14c5
afe29f99e82acd9948d59487a164311dce4e8d9ad4ac89d380d0ce236a69ac4c
d251c439ee586fd578a43277a92f0cc6937cb7a43213c3bc436489b893c656c9
ebe179e1b0610316311f1321a5f8d750f4209327d46b5a53dd0d05be64957740

bsso.blpprofessional.com Open in urlscan Pro 69.187.20.87 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

14 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

410 kBTransfer

402 kBSize

1 Cookies

1 Outgoing links

Page URL History

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

10 JavaScript Global Variables

1 Cookies

Security Headers

Indicators

bsso.blpprofessional.com Open in urlscan Pro
69.187.20.87 Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

410 kB
Transfer

402 kB
Size

1
Cookies

14 HTTP transactions
0 data transactions