urlscan.io logo urlscan.io
SecurityTrails logo

sso.us.baesystems.com Open in urlscan Pro
149.32.227.46  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://bae.coupahost.com/supplier_invoices/09528642fd8f07fe1995b7bf2c70d20a67f0df05/create_invoice_from_po_via_email
Effective URL: https://sso.us.baesystems.com/idp/SSO.saml2
Submission Tags: falconsandbox
Submission: On March 17 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 6 HTTP transactions. The main IP is 149.32.227.46, located in United States and belongs to BAESYSTEMS, US. The main domain is sso.us.baesystems.com.
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on May 10th 2022. Valid for: a year.
This is the only time sso.us.baesystems.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
3 3 3.248.216.138 16509 (AMAZON-02)
1 54.244.45.191 16509 (AMAZON-02)
5 149.32.227.46 26577 (BAESYSTEMS)
6 2
Apex Domain
Subdomains		 Transfer
5 baesystems.com
sso.us.baesystems.com
198 KB
4 coupahost.com
bae.coupahost.com
prdsso40.coupahost.com — Cisco Umbrella Rank: 127090
5 KB
6 2
Domain Requested by
5 sso.us.baesystems.com sso.us.baesystems.com
3 bae.coupahost.com 3 redirects
1 prdsso40.coupahost.com
6 3

This site contains no links.

Subject Issuer Validity Valid
*.coupahost.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-01-03 -
2024-01-02		 a year crt.sh
sso.us.baesystems.com
Go Daddy Secure Certificate Authority - G2		 2022-05-10 -
2023-05-15		 a year crt.sh

This page contains 1 frames:

Primary Page: https://sso.us.baesystems.com/idp/SSO.saml2
Frame ID: B53CBAC44C1FD1477E7C11E8D8722218
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Sign in

Page URL History Show full URLs

  1. https://bae.coupahost.com/supplier_invoices/09528642fd8f07fe1995b7bf2c70d20a67f0df05/create_invoice_fr... HTTP 302
    https://bae.coupahost.com/supplier_order_headers HTTP 302
    https://bae.coupahost.com/sessions/new HTTP 302
    https://prdsso40.coupahost.com/sp/startSSO.ping?PartnerIdpId=fs:bae:saml2:entityid&TARGET=https://bae.coupa... Page URL
  2. https://sso.us.baesystems.com/idp/SSO.saml2 Page URL

Page Statistics

6
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

3
Subdomains

2
IPs

2
Countries

200 kB
Transfer

197 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://bae.coupahost.com/supplier_invoices/09528642fd8f07fe1995b7bf2c70d20a67f0df05/create_invoice_from_po_via_email HTTP 302
    https://bae.coupahost.com/supplier_order_headers HTTP 302
    https://bae.coupahost.com/sessions/new HTTP 302
    https://prdsso40.coupahost.com/sp/startSSO.ping?PartnerIdpId=fs:bae:saml2:entityid&TARGET=https://bae.coupahost.com/sessions/saml_post Page URL
  2. https://sso.us.baesystems.com/idp/SSO.saml2 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://bae.coupahost.com/supplier_invoices/09528642fd8f07fe1995b7bf2c70d20a67f0df05/create_invoice_from_po_via_email HTTP 302
  • https://bae.coupahost.com/supplier_order_headers HTTP 302
  • https://bae.coupahost.com/sessions/new HTTP 302
  • https://prdsso40.coupahost.com/sp/startSSO.ping?PartnerIdpId=fs:bae:saml2:entityid&TARGET=https://bae.coupahost.com/sessions/saml_post

6 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
startSSO.ping
prdsso40.coupahost.com/sp/
Redirect Chain
  • https://bae.coupahost.com/supplier_invoices/09528642fd8f07fe1995b7bf2c70d20a67f0df05/create_invoice_from_po_via_email
  • https://bae.coupahost.com/supplier_order_headers
  • https://bae.coupahost.com/sessions/new
  • https://prdsso40.coupahost.com/sp/startSSO.ping?PartnerIdpId=fs:bae:saml2:entityid&TARGET=https://bae.coupahost.com/sessions/saml_post
1 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://prdsso40.coupahost.com/sp/startSSO.ping?PartnerIdpId=fs:bae:saml2:entityid&TARGET=https://bae.coupahost.com/sessions/saml_post
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
54.244.45.191 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
srv6a-191.in-addr.coupahost.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains;
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-cache, no-store
Content-Length
1335
Content-Type
text/html;charset=utf-8
Date
Fri, 17 Mar 2023 02:36:45 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Pragma
no-cache
Referrer-Policy
origin
Strict-Transport-Security
max-age=31536000; includeSubDomains;
X-Frame-Options
SAMEORIGIN

Redirect headers

Cache-Control
no-cache
Content-Type
text/html; charset=utf-8
Date
Fri, 17 Mar 2023 02:36:44 GMT
Feature-Policy
camera 'none'; gyroscope 'none'; microphone 'none'; usb 'none'; fullscreen 'self'; payment 'self'
Front-End-Https
on
Location
https://prdsso40.coupahost.com/sp/startSSO.ping?PartnerIdpId=fs:bae:saml2:entityid&TARGET=https://bae.coupahost.com/sessions/saml_post
Referrer-Policy
strict-origin-when-cross-origin
Status
302 Found
Strict-Transport-Security
max-age=31536000; includeSubDomains;
Transfer-Encoding
chunked
X-COUPA-REQUEST-ID
56c4bb28-ab52-4a5e-9512-434ebd244978
X-Content-Type-Options
nosniff
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
X-Permitted-Cross-Domain-Policies
none
X-Request-Id
56c4bb28-ab52-4a5e-9512-434ebd244978
X-Robots-Tag
none
X-Runtime
0.069843
X-XSS-Protection
1; mode=block
Primary Request SSO.saml2
sso.us.baesystems.com/idp/ 		6 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://sso.us.baesystems.com/idp/SSO.saml2
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
149.32.227.46 , United States, ASN26577 (BAESYSTEMS, US),
Reverse DNS
Software
Apache /
Resource Hash
2c9f27ae71ba24b9bad88e2c0dc4553be83d06a5714fad5e6c111cd515356e0c
Security Headers
Name Value
Content-Security-Policy script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self'; style-src 'self'; base-uri 'self'; object-src 'self'; frame-ancestors 'self' https://ucm.resourcecenter.baesystems.com https://encode.us.baesystems.com ;

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://prdsso40.coupahost.com
Referer
https://prdsso40.coupahost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-cache, no-store
Connection
close
Content-Length
5827
Content-Security-Policy
script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self'; style-src 'self'; base-uri 'self'; object-src 'self'; frame-ancestors 'self' https://ucm.resourcecenter.baesystems.com https://encode.us.baesystems.com ;
Content-Type
text/html;charset=utf-8
Date
Fri, 17 Mar 2023 02:36:45 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Pragma
no-cache
Referrer-Policy
origin
Server
Apache
main.css
sso.us.baesystems.com/assets/css/ 		170 KB
171 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://sso.us.baesystems.com/assets/css/main.css
Requested by
Host: sso.us.baesystems.com
URL: https://sso.us.baesystems.com/idp/SSO.saml2
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
149.32.227.46 , United States, ASN26577 (BAESYSTEMS, US),
Reverse DNS
Software
Apache /
Resource Hash
a70cb484740dd0056335440ec7b1f85070a5fce3015e55aacd5bd2d806361981
Security Headers
Name Value
Content-Security-Policy script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self'; style-src 'self'; base-uri 'self'; object-src 'self'; frame-ancestors 'self' https://ucm.resourcecenter.baesystems.com https://encode.us.baesystems.com ;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://sso.us.baesystems.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Date
Fri, 17 Mar 2023 02:36:46 GMT
Content-Security-Policy
script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self'; style-src 'self'; base-uri 'self'; object-src 'self'; frame-ancestors 'self' https://ucm.resourcecenter.baesystems.com https://encode.us.baesystems.com ;
Referrer-Policy
origin
Last-Modified
Thu, 16 Jun 2022 01:21:04 GMT
Server
Apache
Content-Type
text/css
Cache-Control
max-age=0, must-revalidate
Connection
close
Content-Length
174355
img_logo_baesystems_page_header.png
sso.us.baesystems.com/assets/images/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sso.us.baesystems.com/assets/images/img_logo_baesystems_page_header.png
Requested by
Host: sso.us.baesystems.com
URL: https://sso.us.baesystems.com/idp/SSO.saml2
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
149.32.227.46 , United States, ASN26577 (BAESYSTEMS, US),
Reverse DNS
Software
Apache /
Resource Hash
2749c5baac5633dec35f24814526da94634bef74b8af29c92024b69b2828163b
Security Headers
Name Value
Content-Security-Policy script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self'; style-src 'self'; base-uri 'self'; object-src 'self'; frame-ancestors 'self' https://ucm.resourcecenter.baesystems.com https://encode.us.baesystems.com ;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://sso.us.baesystems.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Date
Fri, 17 Mar 2023 02:36:46 GMT
Content-Security-Policy
script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self'; style-src 'self'; base-uri 'self'; object-src 'self'; frame-ancestors 'self' https://ucm.resourcecenter.baesystems.com https://encode.us.baesystems.com ;
Referrer-Policy
origin
Last-Modified
Sat, 18 Jan 2020 03:45:30 GMT
Server
Apache
Content-Type
image/png
Cache-Control
max-age=0, must-revalidate
Connection
close
Content-Length
2145
DP_go3_2.jpg
sso.us.baesystems.com/assets/images/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sso.us.baesystems.com/assets/images/DP_go3_2.jpg
Requested by
Host: sso.us.baesystems.com
URL: https://sso.us.baesystems.com/idp/SSO.saml2
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
149.32.227.46 , United States, ASN26577 (BAESYSTEMS, US),
Reverse DNS
Software
Apache /
Resource Hash
557cd7c20b7f5083f423ca94498260b82776d56aef0d9ce1dc3b853793d804a7
Security Headers
Name Value
Content-Security-Policy script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self'; style-src 'self'; base-uri 'self'; object-src 'self'; frame-ancestors 'self' https://ucm.resourcecenter.baesystems.com https://encode.us.baesystems.com ;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://sso.us.baesystems.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Date
Fri, 17 Mar 2023 02:36:46 GMT
Content-Security-Policy
script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self'; style-src 'self'; base-uri 'self'; object-src 'self'; frame-ancestors 'self' https://ucm.resourcecenter.baesystems.com https://encode.us.baesystems.com ;
Referrer-Policy
origin
Last-Modified
Sat, 18 Jan 2020 03:45:30 GMT
Server
Apache
Content-Type
image/jpeg
Cache-Control
max-age=0, must-revalidate
Connection
close
Content-Length
4914
powered-by-ping-identity.svg
sso.us.baesystems.com/assets/images/ 		13 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sso.us.baesystems.com/assets/images/powered-by-ping-identity.svg
Requested by
Host: sso.us.baesystems.com
URL: https://sso.us.baesystems.com/assets/css/main.css
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
149.32.227.46 , United States, ASN26577 (BAESYSTEMS, US),
Reverse DNS
Software
Apache /
Resource Hash
2f26240300ee305559a12a3b92f36ba1ef6c64dbe62d6f593836e33219bf4b94
Security Headers
Name Value
Content-Security-Policy script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self'; style-src 'self'; base-uri 'self'; object-src 'self'; frame-ancestors 'self' https://ucm.resourcecenter.baesystems.com https://encode.us.baesystems.com ;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://sso.us.baesystems.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Date
Fri, 17 Mar 2023 02:36:47 GMT
Content-Security-Policy
script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self'; style-src 'self'; base-uri 'self'; object-src 'self'; frame-ancestors 'self' https://ucm.resourcecenter.baesystems.com https://encode.us.baesystems.com ;
Referrer-Policy
origin
Last-Modified
Thu, 16 Jun 2022 01:18:48 GMT
Server
Apache
Content-Type
image/svg+xml
Cache-Control
max-age=0, must-revalidate
Connection
close
Content-Length
13110

Verdicts & Comments Add Verdict or Comment

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless function| getForgotPasswordUrl function| postOk function| postCancel function| postOnReturn function| setFocus function| setMobile function| getScreenWidth object| bodyTag number| width boolean| remember

4 Cookies

Domain/Path Name / Value
bae.coupahost.com/ Name: _mkra_ctxt
Value: 5d99a686e31d878724eeb42d1b3a82e6--302
bae.coupahost.com/ Name: _coupa_session
Value: 60cb2b3797ff199b1b2d324780f8f7c1
prdsso40.coupahost.com/ Name: PF
Value: Q6Bi7h4e6Thzls5p5Oew5r
.us.baesystems.com/ Name: PF
Value: foGJAcHc7dTIeYaPEnlmfv

3 Console Messages

Source Level URL
Text
security error URL: https://sso.us.baesystems.com/idp/SSO.saml2(Line 33)
Message:
Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-CA/eh4+2R0J7cEQ14gBMtx834RIOjzMUqCM+evtrkp4='), or a nonce ('nonce-...') is required to enable inline execution. Note that hashes do not apply to event handlers, style attributes and javascript: navigations unless the 'unsafe-hashes' keyword is present.
security error URL: https://sso.us.baesystems.com/idp/SSO.saml2(Line 45)
Message:
Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-teYL5jwJS6nAiPJrLMEHOqbrvrFTXxV/0VohQOqU2ds='), or a nonce ('nonce-...') is required to enable inline execution. Note that hashes do not apply to event handlers, style attributes and javascript: navigations unless the 'unsafe-hashes' keyword is present.
security error URL: https://sso.us.baesystems.com/idp/SSO.saml2(Line 55)
Message:
Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-CA/eh4+2R0J7cEQ14gBMtx834RIOjzMUqCM+evtrkp4='), or a nonce ('nonce-...') is required to enable inline execution. Note that hashes do not apply to event handlers, style attributes and javascript: navigations unless the 'unsafe-hashes' keyword is present.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubDomains;
X-Frame-Options SAMEORIGIN