urlscan.io logo urlscan.io
SecurityTrails logo

iasauthentication.bhp.com Open in urlscan Pro
2606:4700::6810:b70b  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://iasauthentication.bhp.com/
Effective URL: https://iasauthentication.bhp.com/saml2/idp/sso?sp=sp.accounts.sap.com&RelayState=https://iasauthentication.bhp.com/ui/protected/p...
Submission: On May 31 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 7 HTTP transactions. The main IP is 2606:4700::6810:b70b, located in United States and belongs to CLOUDFLARENET, US. The main domain is iasauthentication.bhp.com.
TLS certificate: Issued by E1 on April 8th 2024. Valid for: 3 months.
This is the only time iasauthentication.bhp.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 9 2606:4700::68... 13335 (CLOUDFLAR...)
7 2
Apex Domain
Subdomains		 Transfer
9 bhp.com
iasauthentication.bhp.com
307 KB
7 1
Domain Requested by
9 iasauthentication.bhp.com 2 redirects iasauthentication.bhp.com
7 1

This site contains no links.

Subject Issuer Validity Valid
bhp.com
E1		 2024-04-08 -
2024-07-07		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://iasauthentication.bhp.com/saml2/idp/sso?sp=sp.accounts.sap.com&RelayState=https://iasauthentication.bhp.com/ui/protected/profilemanagement
Frame ID: 4E4B7458CEC62CB71F90212BAC4C9632
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

User Profile: Anmelden

Page URL History Show full URLs

  1. http://iasauthentication.bhp.com/ HTTP 307
    https://iasauthentication.bhp.com/ HTTP 301
    https://iasauthentication.bhp.com/ui/protected/profilemanagement HTTP 302
    https://iasauthentication.bhp.com/saml2/idp/sso?sp=sp.accounts.sap.com&RelayState=https://iasauthentication.bh... Page URL

Page Statistics

7
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

306 kB
Transfer

647 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://iasauthentication.bhp.com/ HTTP 307
    https://iasauthentication.bhp.com/ HTTP 301
    https://iasauthentication.bhp.com/ui/protected/profilemanagement HTTP 302
    https://iasauthentication.bhp.com/saml2/idp/sso?sp=sp.accounts.sap.com&RelayState=https://iasauthentication.bhp.com/ui/protected/profilemanagement Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request sso
iasauthentication.bhp.com/saml2/idp/
Redirect Chain
  • http://iasauthentication.bhp.com/
  • https://iasauthentication.bhp.com/
  • https://iasauthentication.bhp.com/ui/protected/profilemanagement
  • https://iasauthentication.bhp.com/saml2/idp/sso?sp=sp.accounts.sap.com&RelayState=https://iasauthentication.bhp.com/ui/protected/profilemanagement
11 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://iasauthentication.bhp.com/saml2/idp/sso?sp=sp.accounts.sap.com&RelayState=https://iasauthentication.bhp.com/ui/protected/profilemanagement
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:b70b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
de1ee735ee3d189749559b21fe349e694d02503f0982c6c6fcb24a713b89ab04
Security Headers
Name Value
Content-Security-Policy base-uri 'self'; script-src consent.trustarc.com iasauthentication.bhp.com/universalui/assets/ 'nonce-+q31vz7FEsFDZRoRpXRU0N+hQhzwyuJpVTR2kCNVA6Y='
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

cache-control
private,no-cache,no-store
cf-cache-status
DYNAMIC
cf-ray
88c2d2e4b8959219-FRA
content-encoding
gzip
content-language
de-DE
content-security-policy
base-uri 'self'; script-src consent.trustarc.com iasauthentication.bhp.com/universalui/assets/ 'nonce-+q31vz7FEsFDZRoRpXRU0N+hQhzwyuJpVTR2kCNVA6Y='
content-type
text/html;charset=utf-8
date
Fri, 31 May 2024 00:24:56 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
pragma
no-cache
referrer-policy
origin
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
accept-encoding,X-CSP-STRIP
x-content-type-options
nosniff
x-ids-id
B057C9D8-7ABC-4718-91D6-0EEF6B4F2567
x-ids-landscape
azure-westus2
x-ids-node
http-5rt5k
x-ids-pool
purple
x-ids-project
prod
x-robots-tag
none
x-xss-protection
1; mode=block

Redirect headers

cache-control
private,no-cache,no-store
cf-cache-status
DYNAMIC
cf-ray
88c2d2e39fa59219-FRA
content-length
0
date
Fri, 31 May 2024 00:24:55 GMT
expires
0
location
https://iasauthentication.bhp.com/saml2/idp/sso?sp=sp.accounts.sap.com&RelayState=https://iasauthentication.bhp.com/ui/protected/profilemanagement
pragma
no-cache
referrer-policy
origin
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
X-CSP-STRIP
x-content-type-options
nosniff
x-ids-id
6EE3C643-02BE-4CDE-BE84-1308A25D1AC2
x-ids-landscape
azure-westus2
x-ids-node
http-5rt5k
x-ids-pool
purple
x-ids-project
prod
x-robots-tag
none
x-xss-protection
1; mode=block
ids-6d474c2ade0a0da950ac47a63ab4c69221d866ec165172f84a8babd7f68dfd3f.css
iasauthentication.bhp.com/universalui/assets/ 		436 KB
235 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://iasauthentication.bhp.com/universalui/assets/ids-6d474c2ade0a0da950ac47a63ab4c69221d866ec165172f84a8babd7f68dfd3f.css
Requested by
Host: iasauthentication.bhp.com
URL: https://iasauthentication.bhp.com/saml2/idp/sso?sp=sp.accounts.sap.com&RelayState=https://iasauthentication.bhp.com/ui/protected/profilemanagement
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:b70b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6d474c2ade0a0da950ac47a63ab4c69221d866ec165172f84a8babd7f68dfd3f
Security Headers
Name Value
Content-Security-Policy base-uri 'self'; script-src consent.trustarc.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://iasauthentication.bhp.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 31 May 2024 00:24:56 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-security-policy
base-uri 'self'; script-src consent.trustarc.com
x-ids-project
prod
x-ids-pool
purple
content-length
239902
x-xss-protection
1; mode=block
referrer-policy
origin
last-modified
Thu, 16 May 2024 08:18:40 GMT
server
cloudflare
vary
Accept-Encoding,X-CSP-STRIP
content-type
text/css
x-ids-landscape
azure-westus2
cache-control
max-age=31536000, public
x-robots-tag
none
x-ids-node
http-d8sj9
cf-ray
88c2d2e629899219-FRA
RESOURCE_STYLESHEET
iasauthentication.bhp.com/ui/public/cached/BHP_IAS/v/2/ 		1 KB
716 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://iasauthentication.bhp.com/ui/public/cached/BHP_IAS/v/2/RESOURCE_STYLESHEET
Requested by
Host: iasauthentication.bhp.com
URL: https://iasauthentication.bhp.com/saml2/idp/sso?sp=sp.accounts.sap.com&RelayState=https://iasauthentication.bhp.com/ui/protected/profilemanagement
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:b70b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
188fbabf43bee587d2b31cbd7a788bab6bf60163a945b44fa914e24611bb9992
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'nonce--7332976763887863132', script-src 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://iasauthentication.bhp.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 31 May 2024 00:24:56 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
content-security-policy
script-src 'self' 'nonce--7332976763887863132', script-src 'none'
cf-cache-status
DYNAMIC
x-content-type-options
nosniff
x-ids-project
prod
x-ids-id
7937883E-CE09-4836-B48F-5660095AAA10
x-ids-pool
purple
content-length
489
referrer-policy
origin
server
cloudflare
vary
Accept-Encoding,X-CSP-STRIP
content-type
text/css;charset=UTF-8
x-ids-landscape
azure-westus2
cache-control
max-age=31536000
x-ids-node
http-5rt5k
x-robots-tag
none
cf-ray
88c2d2e6298a9219-FRA
expires
Sat, 31 May 2025 00:24:56 GMT
logo
iasauthentication.bhp.com/ui/public/cached/624d866387bde6408e4c8c2c/v/1/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://iasauthentication.bhp.com/ui/public/cached/624d866387bde6408e4c8c2c/v/1/logo
Requested by
Host: iasauthentication.bhp.com
URL: https://iasauthentication.bhp.com/saml2/idp/sso?sp=sp.accounts.sap.com&RelayState=https://iasauthentication.bhp.com/ui/protected/profilemanagement
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:b70b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2d894f33d99a0d2a9551cf618505e8b0f0b40ca1a9189e0ae93ce8868049a2f4
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'nonce--4784635672740228629', script-src 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://iasauthentication.bhp.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 31 May 2024 00:24:56 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
script-src 'self' 'nonce--4784635672740228629', script-src 'none'
cf-cache-status
DYNAMIC
x-ids-project
prod
x-ids-id
CEDD3AD4-35C6-44D8-81D3-BCADA597120F
x-ids-pool
purple
content-length
1608
referrer-policy
origin
server
cloudflare
vary
X-CSP-STRIP
content-type
image/png;charset=UTF-8
x-ids-landscape
azure-westus2
cache-control
max-age=31536000
x-ids-node
http-b9ltl
x-robots-tag
none
cf-ray
88c2d2e6298b9219-FRA
expires
Sat, 31 May 2025 00:24:56 GMT
tenant_logo
iasauthentication.bhp.com/ui/public/cached/tenant/v/1/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://iasauthentication.bhp.com/ui/public/cached/tenant/v/1/tenant_logo
Requested by
Host: iasauthentication.bhp.com
URL: https://iasauthentication.bhp.com/saml2/idp/sso?sp=sp.accounts.sap.com&RelayState=https://iasauthentication.bhp.com/ui/protected/profilemanagement
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:b70b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2d894f33d99a0d2a9551cf618505e8b0f0b40ca1a9189e0ae93ce8868049a2f4
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'nonce--7432788579651389681', script-src 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://iasauthentication.bhp.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 31 May 2024 00:24:56 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
script-src 'self' 'nonce--7432788579651389681', script-src 'none'
cf-cache-status
DYNAMIC
x-ids-project
prod
x-ids-id
FDAB2033-F0D4-4947-ABFB-7D3E52CB905F
x-ids-pool
purple
content-length
1608
referrer-policy
origin
server
cloudflare
vary
X-CSP-STRIP
content-type
image/png;charset=UTF-8
x-ids-landscape
azure-westus2
cache-control
max-age=31536000
x-ids-node
http-b9ltl
x-robots-tag
none
cf-ray
88c2d2e6298e9219-FRA
expires
Sat, 31 May 2025 00:24:56 GMT
application-bd53ac02832b0f62b898b9da777dc5f36ad8146c64a1571bb206b162efc33f9d.js
iasauthentication.bhp.com/universalui/assets/ 		193 KB
64 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://iasauthentication.bhp.com/universalui/assets/application-bd53ac02832b0f62b898b9da777dc5f36ad8146c64a1571bb206b162efc33f9d.js
Requested by
Host: iasauthentication.bhp.com
URL: https://iasauthentication.bhp.com/saml2/idp/sso?sp=sp.accounts.sap.com&RelayState=https://iasauthentication.bhp.com/ui/protected/profilemanagement
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:b70b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bd53ac02832b0f62b898b9da777dc5f36ad8146c64a1571bb206b162efc33f9d
Security Headers
Name Value
Content-Security-Policy base-uri 'self'; script-src consent.trustarc.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://iasauthentication.bhp.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 31 May 2024 00:24:56 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-security-policy
base-uri 'self'; script-src consent.trustarc.com
x-ids-project
prod
x-ids-pool
purple
content-length
64831
x-xss-protection
1; mode=block
referrer-policy
origin
last-modified
Thu, 16 May 2024 08:18:48 GMT
server
cloudflare
vary
Accept-Encoding,X-CSP-STRIP
content-type
application/javascript
x-ids-landscape
azure-westus2
cache-control
max-age=31536000, public
x-robots-tag
none
x-ids-node
http-d8sj9
cf-ray
88c2d2e649a29219-FRA
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
04f26483b1d98496c664d2e937cf2688b1552dd7adc3eafd0a8cf7a27c799867

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://iasauthentication.bhp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf-8
favicon.ico
iasauthentication.bhp.com/ 		0
167 B 		Other
General
Check archive.org
Download Go to
Full URL
https://iasauthentication.bhp.com/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:b70b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'nonce--987215626052825698'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://iasauthentication.bhp.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
script-src 'self' 'nonce--987215626052825698'
date
Fri, 31 May 2024 00:24:57 GMT
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
cf-cache-status
DYNAMIC
x-ids-project
prod
x-ids-id
470E6689-93A5-4169-BEDB-3CC12668A6F2
x-ids-pool
purple
pragma
no-cache
referrer-policy
origin
server
cloudflare
vary
X-CSP-STRIP
x-ids-landscape
azure-westus2
cache-control
private,no-cache,no-store
x-ids-node
http-5rt5k
x-robots-tag
none
cf-ray
88c2d2ee8f2d9219-FRA
expires
Thu, 01 Jan 1970 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

29 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| idsClose function| idsShowHelp function| idsInputReveal function| idsShowInputHint function| idsExpand function| idsInputClear function| idsDetectWebAuthnSupport function| idsBufferEncode function| idsStringEncode function| idsConstructUserCredentials function| idsBuildFlashMessage function| idsWebAuthnRegister function| idsWebAuthnLogin function| $ function| jQuery object| html5 object| Modernizr function| _ object| Backbone function| FlashMessage function| EditableLinks function| HintPasswordValidate function| setPasswordRepeatValidator function| resize_overlay function| InputHintPageUpdater function| EventEmitter object| eventie function| imagesLoaded boolean| wro_flag

2 Cookies

Domain/Path Name / Value
iasauthentication.bhp.com/ Name: __HOST-XSRF_COOKIE
Value: NfSmzkNIZljym_XtJi_4aZX2BDct30s5bvclyNWtsMw6MTcxNzExNTA5NTg5OQ
iasauthentication.bhp.com/ Name: JSESSIONID
Value: D6E8E6C40DF937B2E9B2FA1A4D62037C

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy base-uri 'self'; script-src consent.trustarc.com iasauthentication.bhp.com/universalui/assets/ 'nonce-+q31vz7FEsFDZRoRpXRU0N+hQhzwyuJpVTR2kCNVA6Y='
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block