urlscan.io logo urlscan.io
SecurityTrails logo

sso.bah.com Open in urlscan Pro
128.229.4.195  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://boozallen.avature.net/
Effective URL: https://sso.bah.com/idp/SSO.saml2
Submission: On February 01 via manual from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 12 HTTP transactions. The main IP is 128.229.4.195, located in United States and belongs to BOOZ-AS, US. The main domain is sso.bah.com. The Cisco Umbrella rank of the primary domain is 890902.
TLS certificate: Issued by GlobalSign RSA OV SSL CA 2018 on September 1st 2022. Valid for: a year.
This is the only time sso.bah.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 3 209.137.158.205 4459 (KDDIA-NET)
10 128.229.4.195 7281 (BOOZ-AS)
12 2
Apex Domain
Subdomains		 Transfer
10 bah.com
sso.bah.com — Cisco Umbrella Rank: 890902
1 MB
3 avature.net
boozallen.avature.net
3 KB
12 2
Domain Requested by
10 sso.bah.com sso.bah.com
3 boozallen.avature.net 1 redirects boozallen.avature.net
12 2

This site contains links to these domains. Also see Links.

Domain
policylibrary.bah.com
Subject Issuer Validity Valid
*.avature.net
DigiCert TLS RSA SHA256 2020 CA1		 2022-03-14 -
2023-04-14		 a year crt.sh
sso.bah.com
GlobalSign RSA OV SSL CA 2018		 2022-09-01 -
2023-10-03		 a year crt.sh

This page contains 1 frames:

Primary Page: https://sso.bah.com/idp/SSO.saml2
Frame ID: 8B34B3E6F2A1D933E2ADE27CAD3F8941
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Select Authentication System

Page URL History Show full URLs

  1. http://boozallen.avature.net/ HTTP 301
    https://boozallen.avature.net/ Page URL
  2. https://boozallen.avature.net/Login/ Page URL
  3. https://sso.bah.com/idp/SSO.saml2 Page URL

Page Statistics

12
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

1484 kB
Transfer

1479 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://boozallen.avature.net/ HTTP 301
    https://boozallen.avature.net/ Page URL
  2. https://boozallen.avature.net/Login/ Page URL
  3. https://sso.bah.com/idp/SSO.saml2 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://boozallen.avature.net/ HTTP 301
  • https://boozallen.avature.net/

12 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
boozallen.avature.net/
Redirect Chain
  • http://boozallen.avature.net/
  • https://boozallen.avature.net/
884 B
880 B 		Document
General
Check archive.org
Download Go to
Full URL
https://boozallen.avature.net/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
209.137.158.205 Irvine, United States, ASN4459 (KDDIA-NET, US),
Reverse DNS
p205.158.137.209.vs77100.net
Software
nginx /
Resource Hash
8655096666039301663a77db7f88f7c3cb0db6536f9da53e39a6c094de469df7
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Wed, 01 Feb 2023 19:42:50 GMT
expires
Mon, 26 Jul 1997 05:00:00 GMT
last-modified
Wed, 01 Feb 2023 19:42:50 GMT
p3p
CP="STA"
pragma
no-cache
server
nginx
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff

Redirect headers

Connection
keep-alive
Content-Length
178
Content-Type
text/html
Date
Wed, 01 Feb 2023 19:42:50 GMT
Location
https://boozallen.avature.net:443/
Server
nginx
/
boozallen.avature.net/Login/ 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://boozallen.avature.net/Login/
Requested by
Host: boozallen.avature.net
URL: https://boozallen.avature.net/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
209.137.158.205 Irvine, United States, ASN4459 (KDDIA-NET, US),
Reverse DNS
p205.158.137.209.vs77100.net
Software
nginx /
Resource Hash
4f492e0a7d7f151a4b7297937c49179cf58dc347950924a9478a7cbf1cdeb174
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://boozallen.avature.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Wed, 01 Feb 2023 19:42:51 GMT
expires
Mon, 26 Jul 1997 05:00:00 GMT
last-modified
Wed, 01 Feb 2023 19:42:51 GMT
p3p
CP="STA"
pragma
no-cache
server
nginx
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
Primary Request SSO.saml2
sso.bah.com/idp/ 		14 KB
15 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://sso.bah.com/idp/SSO.saml2
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
128.229.4.195 , United States, ASN7281 (BOOZ-AS, US),
Reverse DNS
sso.bah.com
Software
/
Resource Hash
66fbf8408364940fa5af75a159596e7b2ce4784a73f85ddfc41423e4f835833a
Security Headers
Name Value
Content-Security-Policy script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; base-uri 'self'; object-src 'self'; frame-ancestors 'self' sso.bah.com radardiscovery-build.bah.com radardiscovery.bah.com otis.crm.dynamics.com auth.bah.com zone.bah.com boozallen.sharepoint.com bol.bah.com cdw.com tmids.bah.com analytics-hub.bahtestase01.bahtest.bah.com bahtstanalyticshub20webapp.bahase01.bah.com bahprdanalyticshibwebapp.bahprodasev30.bah.com;
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://boozallen.avature.net
Referer
https://boozallen.avature.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-cache, no-store
Content-Length
14227
Content-Security-Policy
script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; base-uri 'self'; object-src 'self'; frame-ancestors 'self' sso.bah.com radardiscovery-build.bah.com radardiscovery.bah.com otis.crm.dynamics.com auth.bah.com zone.bah.com boozallen.sharepoint.com bol.bah.com cdw.com tmids.bah.com analytics-hub.bahtestase01.bahtest.bah.com bahtstanalyticshub20webapp.bahase01.bah.com bahprdanalyticshibwebapp.bahprodasev30.bah.com;
Content-Type
text/html;charset=utf-8
Date
Wed, 01 Feb 2023 19:42:51 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Pragma
no-cache
Referrer-Policy
origin
Strict-Transport-Security
max-age=31536000; includeSubDomains
BAHmain.css
sso.bah.com/assets/css/ 		127 KB
127 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://sso.bah.com/assets/css/BAHmain.css
Requested by
Host: sso.bah.com
URL: https://sso.bah.com/idp/SSO.saml2
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
128.229.4.195 , United States, ASN7281 (BOOZ-AS, US),
Reverse DNS
sso.bah.com
Software
/
Resource Hash
f3850d2b0e6965ceed2f0547c63112eb1aa3cad7991d6adfc60a8b5d6c42fb17
Security Headers
Name Value
Content-Security-Policy script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; base-uri 'self'; object-src 'self'; frame-ancestors 'self' sso.bah.com radardiscovery-build.bah.com radardiscovery.bah.com otis.crm.dynamics.com auth.bah.com zone.bah.com boozallen.sharepoint.com bol.bah.com cdw.com tmids.bah.com analytics-hub.bahtestase01.bahtest.bah.com bahtstanalyticshub20webapp.bahase01.bah.com bahprdanalyticshibwebapp.bahprodasev30.bah.com;
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://sso.bah.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date
Wed, 01 Feb 2023 19:42:52 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
Referrer-Policy
origin
Content-Security-Policy
script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; base-uri 'self'; object-src 'self'; frame-ancestors 'self' sso.bah.com radardiscovery-build.bah.com radardiscovery.bah.com otis.crm.dynamics.com auth.bah.com zone.bah.com boozallen.sharepoint.com bol.bah.com cdw.com tmids.bah.com analytics-hub.bahtestase01.bahtest.bah.com bahtstanalyticshub20webapp.bahase01.bah.com bahprdanalyticshibwebapp.bahprodasev30.bah.com;
Last-Modified
Fri, 24 Jun 2022 00:35:43 GMT
Content-Type
text/css
Cache-Control
max-age=0, must-revalidate
Content-Length
129664
bluebird.min.js
sso.bah.com/assets/scripts/ 		76 KB
76 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sso.bah.com/assets/scripts/bluebird.min.js
Requested by
Host: sso.bah.com
URL: https://sso.bah.com/idp/SSO.saml2
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
128.229.4.195 , United States, ASN7281 (BOOZ-AS, US),
Reverse DNS
sso.bah.com
Software
/
Resource Hash
d9b2fe47829128ad00ad322ce1773f608ad6f2f2c6c92b6508284a221056cca0
Security Headers
Name Value
Content-Security-Policy script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; base-uri 'self'; object-src 'self'; frame-ancestors 'self' sso.bah.com radardiscovery-build.bah.com radardiscovery.bah.com otis.crm.dynamics.com auth.bah.com zone.bah.com boozallen.sharepoint.com bol.bah.com cdw.com tmids.bah.com analytics-hub.bahtestase01.bahtest.bah.com bahtstanalyticshub20webapp.bahase01.bah.com bahprdanalyticshibwebapp.bahprodasev30.bah.com;
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://sso.bah.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date
Wed, 01 Feb 2023 19:42:52 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
Referrer-Policy
origin
Content-Security-Policy
script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; base-uri 'self'; object-src 'self'; frame-ancestors 'self' sso.bah.com radardiscovery-build.bah.com radardiscovery.bah.com otis.crm.dynamics.com auth.bah.com zone.bah.com boozallen.sharepoint.com bol.bah.com cdw.com tmids.bah.com analytics-hub.bahtestase01.bahtest.bah.com bahtstanalyticshub20webapp.bahase01.bah.com bahprdanalyticshibwebapp.bahprodasev30.bah.com;
Last-Modified
Fri, 24 Jun 2022 01:14:06 GMT
Content-Type
application/javascript
Cache-Control
max-age=0, must-revalidate
Content-Length
77368
BoozAllenStacked_black.png
sso.bah.com/assets/images/ 		16 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sso.bah.com/assets/images/BoozAllenStacked_black.png
Requested by
Host: sso.bah.com
URL: https://sso.bah.com/idp/SSO.saml2
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
128.229.4.195 , United States, ASN7281 (BOOZ-AS, US),
Reverse DNS
sso.bah.com
Software
/
Resource Hash
42e71abc711c06e420bcef5957f00cef8949d5eb49365f6222f7115fcfd3059e
Security Headers
Name Value
Content-Security-Policy script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; base-uri 'self'; object-src 'self'; frame-ancestors 'self' sso.bah.com radardiscovery-build.bah.com radardiscovery.bah.com otis.crm.dynamics.com auth.bah.com zone.bah.com boozallen.sharepoint.com bol.bah.com cdw.com tmids.bah.com analytics-hub.bahtestase01.bahtest.bah.com bahtstanalyticshub20webapp.bahase01.bah.com bahprdanalyticshibwebapp.bahprodasev30.bah.com;
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://sso.bah.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date
Wed, 01 Feb 2023 19:42:52 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
Referrer-Policy
origin
Content-Security-Policy
script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; base-uri 'self'; object-src 'self'; frame-ancestors 'self' sso.bah.com radardiscovery-build.bah.com radardiscovery.bah.com otis.crm.dynamics.com auth.bah.com zone.bah.com boozallen.sharepoint.com bol.bah.com cdw.com tmids.bah.com analytics-hub.bahtestase01.bahtest.bah.com bahtstanalyticshub20webapp.bahase01.bah.com bahprdanalyticshibwebapp.bahprodasev30.bah.com;
Last-Modified
Fri, 09 Dec 2022 01:28:42 GMT
Content-Type
image/png
Cache-Control
max-age=0, must-revalidate
Content-Length
16289
ic_report_problem_black_48px.svg
sso.bah.com/assets/images/ 		214 B
1004 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sso.bah.com/assets/images/ic_report_problem_black_48px.svg
Requested by
Host: sso.bah.com
URL: https://sso.bah.com/idp/SSO.saml2
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
128.229.4.195 , United States, ASN7281 (BOOZ-AS, US),
Reverse DNS
sso.bah.com
Software
/
Resource Hash
7fd812b9ca50464308dee6d764ea060a3ae93e615af19a9809fc611b8586a6f9
Security Headers
Name Value
Content-Security-Policy script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; base-uri 'self'; object-src 'self'; frame-ancestors 'self' sso.bah.com radardiscovery-build.bah.com radardiscovery.bah.com otis.crm.dynamics.com auth.bah.com zone.bah.com boozallen.sharepoint.com bol.bah.com cdw.com tmids.bah.com analytics-hub.bahtestase01.bahtest.bah.com bahtstanalyticshub20webapp.bahase01.bah.com bahprdanalyticshibwebapp.bahprodasev30.bah.com;
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://sso.bah.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date
Wed, 01 Feb 2023 19:42:52 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
Referrer-Policy
origin
Content-Security-Policy
script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; base-uri 'self'; object-src 'self'; frame-ancestors 'self' sso.bah.com radardiscovery-build.bah.com radardiscovery.bah.com otis.crm.dynamics.com auth.bah.com zone.bah.com boozallen.sharepoint.com bol.bah.com cdw.com tmids.bah.com analytics-hub.bahtestase01.bahtest.bah.com bahtstanalyticshub20webapp.bahase01.bah.com bahprdanalyticshibwebapp.bahprodasev30.bah.com;
Last-Modified
Fri, 24 Jun 2022 01:14:06 GMT
Content-Type
image/svg+xml
Cache-Control
max-age=0, must-revalidate
Content-Length
214
ProximaNova-Regular.otf
sso.bah.com/assets/fonts/proxima-nova/ 		0
0 		Font
General
Check archive.org
Download Go to
Full URL
https://sso.bah.com/assets/fonts/proxima-nova/ProximaNova-Regular.otf
Requested by
Host: sso.bah.com
URL: https://sso.bah.com/assets/css/BAHmain.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
128.229.4.195 , United States, ASN7281 (BOOZ-AS, US),
Reverse DNS
sso.bah.com
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; base-uri 'self'; object-src 'self'; frame-ancestors 'self' sso.bah.com radardiscovery-build.bah.com radardiscovery.bah.com otis.crm.dynamics.com auth.bah.com zone.bah.com boozallen.sharepoint.com bol.bah.com cdw.com tmids.bah.com analytics-hub.bahtestase01.bahtest.bah.com bahtstanalyticshub20webapp.bahase01.bah.com bahprdanalyticshibwebapp.bahprodasev30.bah.com;
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://sso.bah.com/
Origin
https://sso.bah.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type
text/html;charset=utf-8
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; base-uri 'self'; object-src 'self'; frame-ancestors 'self' sso.bah.com radardiscovery-build.bah.com radardiscovery.bah.com otis.crm.dynamics.com auth.bah.com zone.bah.com boozallen.sharepoint.com bol.bah.com cdw.com tmids.bah.com analytics-hub.bahtestase01.bahtest.bah.com bahtstanalyticshub20webapp.bahase01.bah.com bahprdanalyticshibwebapp.bahprodasev30.bah.com;
Referrer-Policy
origin
Cache-Control
must-revalidate,no-cache,no-store
Content-Length
3589
Expires
Thu, 01 Jan 1970 00:00:00 GMT
ProximaNova-Bold.otf
sso.bah.com/assets/fonts/proxima-nova/ 		0
0 		Font
General
Check archive.org
Download Go to
Full URL
https://sso.bah.com/assets/fonts/proxima-nova/ProximaNova-Bold.otf
Requested by
Host: sso.bah.com
URL: https://sso.bah.com/assets/css/BAHmain.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
128.229.4.195 , United States, ASN7281 (BOOZ-AS, US),
Reverse DNS
sso.bah.com
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; base-uri 'self'; object-src 'self'; frame-ancestors 'self' sso.bah.com radardiscovery-build.bah.com radardiscovery.bah.com otis.crm.dynamics.com auth.bah.com zone.bah.com boozallen.sharepoint.com bol.bah.com cdw.com tmids.bah.com analytics-hub.bahtestase01.bahtest.bah.com bahtstanalyticshub20webapp.bahase01.bah.com bahprdanalyticshibwebapp.bahprodasev30.bah.com;
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://sso.bah.com/
Origin
https://sso.bah.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type
text/html;charset=utf-8
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; base-uri 'self'; object-src 'self'; frame-ancestors 'self' sso.bah.com radardiscovery-build.bah.com radardiscovery.bah.com otis.crm.dynamics.com auth.bah.com zone.bah.com boozallen.sharepoint.com bol.bah.com cdw.com tmids.bah.com analytics-hub.bahtestase01.bahtest.bah.com bahtstanalyticshub20webapp.bahase01.bah.com bahprdanalyticshibwebapp.bahprodasev30.bah.com;
Referrer-Policy
origin
Cache-Control
must-revalidate,no-cache,no-store
Content-Length
3589
Expires
Thu, 01 Jan 1970 00:00:00 GMT
3-mobile.jpg
sso.bah.com/assets/images/bg/ 		104 KB
104 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sso.bah.com/assets/images/bg/3-mobile.jpg
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
128.229.4.195 , United States, ASN7281 (BOOZ-AS, US),
Reverse DNS
sso.bah.com
Software
/
Resource Hash
593b0189ffb90eb62e2efb0c1b436fe98a1bc86566d4ef37c4fb5419a6c67225
Security Headers
Name Value
Content-Security-Policy script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; base-uri 'self'; object-src 'self'; frame-ancestors 'self' sso.bah.com radardiscovery-build.bah.com radardiscovery.bah.com otis.crm.dynamics.com auth.bah.com zone.bah.com boozallen.sharepoint.com bol.bah.com cdw.com tmids.bah.com analytics-hub.bahtestase01.bahtest.bah.com bahtstanalyticshub20webapp.bahase01.bah.com bahprdanalyticshibwebapp.bahprodasev30.bah.com;
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://sso.bah.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date
Wed, 01 Feb 2023 19:42:53 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
Referrer-Policy
origin
Content-Security-Policy
script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; base-uri 'self'; object-src 'self'; frame-ancestors 'self' sso.bah.com radardiscovery-build.bah.com radardiscovery.bah.com otis.crm.dynamics.com auth.bah.com zone.bah.com boozallen.sharepoint.com bol.bah.com cdw.com tmids.bah.com analytics-hub.bahtestase01.bahtest.bah.com bahtstanalyticshub20webapp.bahase01.bah.com bahprdanalyticshibwebapp.bahprodasev30.bah.com;
Last-Modified
Thu, 03 Nov 2022 01:32:21 GMT
Content-Type
image/jpeg
Cache-Control
max-age=0, must-revalidate
Content-Length
106097
3-2880.jpg
sso.bah.com/assets/images/bg/ 		569 KB
570 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sso.bah.com/assets/images/bg/3-2880.jpg
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
128.229.4.195 , United States, ASN7281 (BOOZ-AS, US),
Reverse DNS
sso.bah.com
Software
/
Resource Hash
3ed2ad1369ba1450157b1bb2b13ccf7b6a30998380d5b3aab77788069603cde7
Security Headers
Name Value
Content-Security-Policy script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; base-uri 'self'; object-src 'self'; frame-ancestors 'self' sso.bah.com radardiscovery-build.bah.com radardiscovery.bah.com otis.crm.dynamics.com auth.bah.com zone.bah.com boozallen.sharepoint.com bol.bah.com cdw.com tmids.bah.com analytics-hub.bahtestase01.bahtest.bah.com bahtstanalyticshub20webapp.bahase01.bah.com bahprdanalyticshibwebapp.bahprodasev30.bah.com;
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://sso.bah.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date
Wed, 01 Feb 2023 19:42:53 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
Referrer-Policy
origin
Content-Security-Policy
script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; base-uri 'self'; object-src 'self'; frame-ancestors 'self' sso.bah.com radardiscovery-build.bah.com radardiscovery.bah.com otis.crm.dynamics.com auth.bah.com zone.bah.com boozallen.sharepoint.com bol.bah.com cdw.com tmids.bah.com analytics-hub.bahtestase01.bahtest.bah.com bahtstanalyticshub20webapp.bahase01.bah.com bahprdanalyticshibwebapp.bahprodasev30.bah.com;
Last-Modified
Thu, 03 Nov 2022 01:32:15 GMT
Content-Type
image/jpeg
Cache-Control
max-age=0, must-revalidate
Content-Length
583131
3-2880.jpg
sso.bah.com/assets/images/bg/ 		569 KB
570 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sso.bah.com/assets/images/bg/3-2880.jpg
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
128.229.4.195 , United States, ASN7281 (BOOZ-AS, US),
Reverse DNS
sso.bah.com
Software
/
Resource Hash
3ed2ad1369ba1450157b1bb2b13ccf7b6a30998380d5b3aab77788069603cde7
Security Headers
Name Value
Content-Security-Policy script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; base-uri 'self'; object-src 'self'; frame-ancestors 'self' sso.bah.com radardiscovery-build.bah.com radardiscovery.bah.com otis.crm.dynamics.com auth.bah.com zone.bah.com boozallen.sharepoint.com bol.bah.com cdw.com tmids.bah.com analytics-hub.bahtestase01.bahtest.bah.com bahtstanalyticshub20webapp.bahase01.bah.com bahprdanalyticshibwebapp.bahprodasev30.bah.com;
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://sso.bah.com/idp/SSO.saml2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date
Wed, 01 Feb 2023 19:42:53 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
Referrer-Policy
origin
Content-Security-Policy
script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; base-uri 'self'; object-src 'self'; frame-ancestors 'self' sso.bah.com radardiscovery-build.bah.com radardiscovery.bah.com otis.crm.dynamics.com auth.bah.com zone.bah.com boozallen.sharepoint.com bol.bah.com cdw.com tmids.bah.com analytics-hub.bahtestase01.bahtest.bah.com bahtstanalyticshub20webapp.bahase01.bah.com bahprdanalyticshibwebapp.bahprodasev30.bah.com;
Last-Modified
Thu, 03 Nov 2022 01:32:15 GMT
Content-Type
image/jpeg
Cache-Control
max-age=0, must-revalidate
Content-Length
583131

Verdicts & Comments Add Verdict or Comment

20 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontentvisibilityautostatechange function| P function| postOk function| submitForm function| postCancel function| postOnReturn function| setFocus function| setMobile function| getScreenWidth object| bodyTag number| width boolean| remember function| IsWebAuthnSupported function| isWebAuthnPlatformAuthenticatorAvailable function| onStart function| getTheme string| selectElementName string| adapterName1 string| adapterName2 string| adapterName3

3 Cookies

Domain/Path Name / Value
boozallen.avature.net/ Name: S
Value: hnquuqran1kodnpm3vcja6ugjk
sso.bah.com/ Name: PF
Value: gVC8re0GrsMaGW7ROyWXMt
.sso.bah.com/ Name: TS016aa534
Value: 01b560f2e91628690b0e9442a482bbb96647e7bff125ac3a914ade25efce0e226ad1d58317b2ab5250e2e0d3f9940993cd883f1c1207546e229de0421e172a78d7772d13ec

2 Console Messages

Source Level URL
Text
network error URL: https://sso.bah.com/assets/fonts/proxima-nova/ProximaNova-Bold.otf
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: https://sso.bah.com/assets/fonts/proxima-nova/ProximaNova-Regular.otf
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff