urlscan.io logo urlscan.io
SecurityTrails logo

staging9.aplus-payments.com Open in urlscan Pro
82.221.74.75  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://staging9.aplus-payments.com/
Effective URL: https://staging9.aplus-payments.com/payment/login.php?view=views/login.xsl
Submission: On September 06 via automatic, source certstream-suspicious — Scanned from IS
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 10 HTTP transactions. The main IP is 82.221.74.75, located in Iceland and belongs to IS-ADVANIA Hosting operations, IS. The main domain is staging9.aplus-payments.com.
TLS certificate: Issued by R10 on August 30th 2024. Valid for: 3 months.
This is the only time staging9.aplus-payments.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
4 14 82.221.74.75 44515 (IS-ADVANI...)
10 1
Apex Domain
Subdomains		 Transfer
14 aplus-payments.com
staging9.aplus-payments.com
165 KB
10 1
Domain Requested by
14 staging9.aplus-payments.com 4 redirects staging9.aplus-payments.com
10 1

This site contains links to these domains. Also see Links.

Domain
www.aplus-payments.com
Subject Issuer Validity Valid
staging9.aplus-payments.com
R10		 2024-08-30 -
2024-11-28		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://staging9.aplus-payments.com/payment/login.php?view=views/login.xsl
Frame ID: B6EB13808156404E513429B00DB6EF86
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

A+ Payments. Pay with ease.

Page URL History Show full URLs

  1. https://staging9.aplus-payments.com/ HTTP 302
    https://staging9.aplus-payments.com/payment/phrame.php?action=displayIndex HTTP 302
    https://staging9.aplus-payments.com/payment/index.php?view=views/index.xsl HTTP 302
    https://staging9.aplus-payments.com/payment/phrame.php?action=login HTTP 302
    https://staging9.aplus-payments.com/payment/login.php?view=views/login.xsl Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)
Overall confidence: 100%
Detected patterns
  • (?:prototype|protoaculous)(?:-([\d.]*[\d]))?.*\.js
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

10
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

162 kB
Transfer

414 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://staging9.aplus-payments.com/ HTTP 302
    https://staging9.aplus-payments.com/payment/phrame.php?action=displayIndex HTTP 302
    https://staging9.aplus-payments.com/payment/index.php?view=views/index.xsl HTTP 302
    https://staging9.aplus-payments.com/payment/phrame.php?action=login HTTP 302
    https://staging9.aplus-payments.com/payment/login.php?view=views/login.xsl Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request login.php
staging9.aplus-payments.com/payment/
Redirect Chain
  • https://staging9.aplus-payments.com/
  • https://staging9.aplus-payments.com/payment/phrame.php?action=displayIndex
  • https://staging9.aplus-payments.com/payment/index.php?view=views/index.xsl
  • https://staging9.aplus-payments.com/payment/phrame.php?action=login
  • https://staging9.aplus-payments.com/payment/login.php?view=views/login.xsl
4 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://staging9.aplus-payments.com/payment/login.php?view=views/login.xsl
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
82.221.74.75 , Iceland, ASN44515 (IS-ADVANIA Hosting operations, IS),
Reverse DNS
Software
nginx /
Resource Hash
595b46dc9d043e859b1e4b9e3ebdc841dc2a9dad1bc746b543d45978fb90ba7d
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://staging9.aplus-payments.com https://piwik.aplus-payments.com https://js-agent.newrelic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://staging9.aplus-payments.com https://piwik.aplus-payments.com https://js-agent.newrelic.com; style-src 'self' 'unsafe-inline' https://staging9.aplus-payments.com https://piwik.aplus-payments.com https://js-agent.newrelic.com; img-src 'self' data: https://staging9.aplus-payments.com https://piwik.aplus-payments.com https://js-agent.newrelic.com; font-src 'self' data: https://staging9.aplus-payments.com https://piwik.aplus-payments.com https://js-agent.newrelic.com http://aplus-payments.com; connect-src https://staging9.aplus-payments.com https://piwik.aplus-payments.com https://js-agent.newrelic.com https://aplus-payments.com; child-src https://staging9.aplus-payments.com https://piwik.aplus-payments.com https://js-agent.newrelic.com https://aplus-payments.com; upgrade-instaging-requests; report-uri https://report.aplus-payments.com/r/default/csp/reportOnly
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Referer,Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since,X-Client-Version
access-control-allow-methods
GET, POST, PUT, PATCH, DELETE, OPTIONS
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-encoding
gzip
content-security-policy
default-src 'self' https://staging9.aplus-payments.com https://piwik.aplus-payments.com https://js-agent.newrelic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://staging9.aplus-payments.com https://piwik.aplus-payments.com https://js-agent.newrelic.com; style-src 'self' 'unsafe-inline' https://staging9.aplus-payments.com https://piwik.aplus-payments.com https://js-agent.newrelic.com; img-src 'self' data: https://staging9.aplus-payments.com https://piwik.aplus-payments.com https://js-agent.newrelic.com; font-src 'self' data: https://staging9.aplus-payments.com https://piwik.aplus-payments.com https://js-agent.newrelic.com http://aplus-payments.com; connect-src https://staging9.aplus-payments.com https://piwik.aplus-payments.com https://js-agent.newrelic.com https://aplus-payments.com; child-src https://staging9.aplus-payments.com https://piwik.aplus-payments.com https://js-agent.newrelic.com https://aplus-payments.com; upgrade-instaging-requests; report-uri https://report.aplus-payments.com/r/default/csp/reportOnly
content-type
text/html; charset=UTF-8
date
Fri, 06 Sep 2024 02:15:05 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
pragma
no-cache
server
nginx
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
x-xss-protection
1; mode=block

Redirect headers

access-control-allow-credentials
true
access-control-allow-headers
Referer,Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since,X-Client-Version
access-control-allow-methods
GET, POST, PUT, PATCH, DELETE, OPTIONS
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type
text/html; charset=UTF-8
date
Fri, 06 Sep 2024 02:15:05 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
location
login.php?view=views/login.xsl
pragma
no-cache
server
nginx
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-robots-tag
noindex, nofollow, nosnippet, noarchive
x-xss-protection
1; mode=block
jquery3.js
staging9.aplus-payments.com/payment/js/ 		85 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://staging9.aplus-payments.com/payment/js/jquery3.js
Requested by
Host: staging9.aplus-payments.com
URL: https://staging9.aplus-payments.com/payment/login.php?view=views/login.xsl
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
82.221.74.75 , Iceland, ASN44515 (IS-ADVANIA Hosting operations, IS),
Reverse DNS
Software
nginx /
Resource Hash
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://staging9.aplus-payments.com/payment/login.php?view=views/login.xsl
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Fri, 06 Sep 2024 02:15:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubdomains; preload
last-modified
Tue, 03 Sep 2024 15:48:03 GMT
server
nginx
etag
W/"66d72fb3-1538f"
x-frame-options
SAMEORIGIN, SAMEORIGIN
content-type
application/javascript
cache-control
max-age=15552000
x-robots-tag
noindex, nofollow, nosnippet, noarchive
x-xss-protection
1; mode=block
expires
Wed, 05 Mar 2025 02:15:05 GMT
index.js
staging9.aplus-payments.com/aplus-payments/assets/js/ 		798 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://staging9.aplus-payments.com/aplus-payments/assets/js/index.js
Requested by
Host: staging9.aplus-payments.com
URL: https://staging9.aplus-payments.com/payment/login.php?view=views/login.xsl
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
82.221.74.75 , Iceland, ASN44515 (IS-ADVANIA Hosting operations, IS),
Reverse DNS
Software
nginx /
Resource Hash
2c8e2f259aa8a4728bcc6bdc6211149c31cb8d717d978b84baf1deec5a7be358
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://staging9.aplus-payments.com/payment/login.php?view=views/login.xsl
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Fri, 06 Sep 2024 02:15:05 GMT
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
last-modified
Tue, 03 Sep 2024 15:48:03 GMT
server
nginx
etag
"66d72fb3-31e"
x-frame-options
SAMEORIGIN, SAMEORIGIN
content-type
application/javascript
cache-control
max-age=15552000
accept-ranges
bytes
x-robots-tag
noindex, nofollow, nosnippet, noarchive
content-length
798
x-xss-protection
1; mode=block
expires
Wed, 05 Mar 2025 02:15:05 GMT
layout2.css
staging9.aplus-payments.com/payment/views/ 		83 KB
16 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://staging9.aplus-payments.com/payment/views/layout2.css
Requested by
Host: staging9.aplus-payments.com
URL: https://staging9.aplus-payments.com/payment/login.php?view=views/login.xsl
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
82.221.74.75 , Iceland, ASN44515 (IS-ADVANIA Hosting operations, IS),
Reverse DNS
Software
nginx /
Resource Hash
1a2f41ba8ef802c151df3c4800dfa312ca671f30295f5fd4a8071d30268a8850
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://staging9.aplus-payments.com/payment/login.php?view=views/login.xsl
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Fri, 06 Sep 2024 02:15:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubdomains; preload
last-modified
Tue, 03 Sep 2024 15:48:03 GMT
server
nginx
etag
W/"66d72fb3-14a4a"
x-frame-options
SAMEORIGIN, SAMEORIGIN
content-type
text/css
cache-control
max-age=15552000
x-robots-tag
noindex, nofollow, nosnippet, noarchive
x-xss-protection
1; mode=block
expires
Wed, 05 Mar 2025 02:15:05 GMT
layout.css
staging9.aplus-payments.com/payment/views/ 		28 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://staging9.aplus-payments.com/payment/views/layout.css
Requested by
Host: staging9.aplus-payments.com
URL: https://staging9.aplus-payments.com/payment/login.php?view=views/login.xsl
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
82.221.74.75 , Iceland, ASN44515 (IS-ADVANIA Hosting operations, IS),
Reverse DNS
Software
nginx /
Resource Hash
a3908c10eef42a1e44af61aa2a53c9356dd7d4300d689f0716bb99949bffc0f9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://staging9.aplus-payments.com/payment/login.php?view=views/login.xsl
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Fri, 06 Sep 2024 02:15:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubdomains; preload
last-modified
Tue, 03 Sep 2024 15:48:03 GMT
server
nginx
etag
W/"66d72fb3-7138"
x-frame-options
SAMEORIGIN, SAMEORIGIN
content-type
text/css
cache-control
max-age=15552000
x-robots-tag
noindex, nofollow, nosnippet, noarchive
x-xss-protection
1; mode=block
expires
Wed, 05 Mar 2025 02:15:05 GMT
logo.png
staging9.aplus-payments.com/aplus-payments/assets/img/ 		16 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://staging9.aplus-payments.com/aplus-payments/assets/img/logo.png
Requested by
Host: staging9.aplus-payments.com
URL: https://staging9.aplus-payments.com/payment/login.php?view=views/login.xsl
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
82.221.74.75 , Iceland, ASN44515 (IS-ADVANIA Hosting operations, IS),
Reverse DNS
Software
nginx /
Resource Hash
ade4c89412da2f14cc46ad3c6c89f9a2ea819f630c49e0a81afe0e5157b817ab
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://staging9.aplus-payments.com/payment/login.php?view=views/login.xsl
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Fri, 06 Sep 2024 02:15:05 GMT
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
last-modified
Tue, 03 Sep 2024 15:48:03 GMT
server
nginx
etag
"66d72fb3-4151"
x-frame-options
SAMEORIGIN, SAMEORIGIN
content-type
image/png
cache-control
max-age=15552000
accept-ranges
bytes
x-robots-tag
noindex, nofollow, nosnippet, noarchive
content-length
16721
x-xss-protection
1; mode=block
expires
Wed, 05 Mar 2025 02:15:05 GMT
prototype.js
staging9.aplus-payments.com/payment/js/ 		141 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://staging9.aplus-payments.com/payment/js/prototype.js
Requested by
Host: staging9.aplus-payments.com
URL: https://staging9.aplus-payments.com/payment/login.php?view=views/login.xsl
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
82.221.74.75 , Iceland, ASN44515 (IS-ADVANIA Hosting operations, IS),
Reverse DNS
Software
nginx /
Resource Hash
2854cb94d138709859b2ff298d2b7ef15c77db5ac74d50232b856e666da400b5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://staging9.aplus-payments.com/payment/login.php?view=views/login.xsl
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Fri, 06 Sep 2024 02:15:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubdomains; preload
last-modified
Tue, 03 Sep 2024 15:48:03 GMT
server
nginx
etag
W/"66d72fb3-23558"
x-frame-options
SAMEORIGIN, SAMEORIGIN
content-type
application/javascript
cache-control
max-age=15552000
x-robots-tag
noindex, nofollow, nosnippet, noarchive
x-xss-protection
1; mode=block
expires
Wed, 05 Mar 2025 02:15:05 GMT
fingerprint.gif
staging9.aplus-payments.com/payment/images/common/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://staging9.aplus-payments.com/payment/images/common/fingerprint.gif
Requested by
Host: staging9.aplus-payments.com
URL: https://staging9.aplus-payments.com/payment/login.php?view=views/login.xsl
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
82.221.74.75 , Iceland, ASN44515 (IS-ADVANIA Hosting operations, IS),
Reverse DNS
Software
nginx /
Resource Hash
5b18b5c074bcda1eb75609366a451ada5d428201b99b4725acd6bb2df3150fc6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://staging9.aplus-payments.com/payment/login.php?view=views/login.xsl
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Fri, 06 Sep 2024 02:15:05 GMT
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
last-modified
Tue, 03 Sep 2024 15:48:03 GMT
server
nginx
etag
"66d72fb3-e18"
x-frame-options
SAMEORIGIN, SAMEORIGIN
content-type
image/gif
cache-control
max-age=15552000
accept-ranges
bytes
x-robots-tag
noindex, nofollow, nosnippet, noarchive
content-length
3608
x-xss-protection
1; mode=block
expires
Wed, 05 Mar 2025 02:15:05 GMT
AvenirNextW1G-Regular.woff
staging9.aplus-payments.com/aplus-payments/assets/fonts/ 		52 KB
52 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://staging9.aplus-payments.com/aplus-payments/assets/fonts/AvenirNextW1G-Regular.woff
Requested by
Host: staging9.aplus-payments.com
URL: https://staging9.aplus-payments.com/payment/views/layout2.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
82.221.74.75 , Iceland, ASN44515 (IS-ADVANIA Hosting operations, IS),
Reverse DNS
Software
nginx /
Resource Hash
992142edf83701ed4181ab8bc4e5c66f4ea9b30fbec9fe6fb4d0cde3556aeae4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://staging9.aplus-payments.com/payment/views/layout2.css
Origin
https://staging9.aplus-payments.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Fri, 06 Sep 2024 02:15:05 GMT
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
last-modified
Tue, 03 Sep 2024 15:48:03 GMT
server
nginx
etag
"66d72fb3-cf38"
x-frame-options
SAMEORIGIN, SAMEORIGIN
content-type
font/woff
cache-control
max-age=15552000
accept-ranges
bytes
x-robots-tag
noindex, nofollow, nosnippet, noarchive
content-length
53048
x-xss-protection
1; mode=block
expires
Wed, 05 Mar 2025 02:15:05 GMT
favicon.png
staging9.aplus-payments.com/aplus-payments/assets/img/ 		718 B
1 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://staging9.aplus-payments.com/aplus-payments/assets/img/favicon.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
82.221.74.75 , Iceland, ASN44515 (IS-ADVANIA Hosting operations, IS),
Reverse DNS
Software
nginx /
Resource Hash
ff16b53bc43b1249042bfa0ada0ee2d2407876f8bdf99d5a0379e3cb6cd68f82
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://staging9.aplus-payments.com/payment/login.php?view=views/login.xsl
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Fri, 06 Sep 2024 02:15:06 GMT
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
last-modified
Tue, 03 Sep 2024 15:48:03 GMT
server
nginx
etag
"66d72fb3-2ce"
x-frame-options
SAMEORIGIN, SAMEORIGIN
content-type
image/png
cache-control
max-age=15552000
accept-ranges
bytes
x-robots-tag
noindex, nofollow, nosnippet, noarchive
content-length
718
x-xss-protection
1; mode=block
expires
Wed, 05 Mar 2025 02:15:06 GMT

Verdicts & Comments Add Verdict or Comment

28 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery function| getOption object| Prototype object| Abstract object| Try object| Class function| PeriodicalExecuter function| Template object| $break object| Enumerable function| $A function| $w function| $H function| Hash function| $R function| ObjectRange object| Ajax function| Selector function| $$ object| Form object| Field function| $F object| Toggle object| Insertion object| $continue object| Position function| change

1 Cookies

Domain/Path Name / Value
.staging9.aplus-payments.com/ Name: sid
Value: tj5arqmqnt8l7tfjcie402h8i4

2 Console Messages

Source Level URL
Text
security error URL: https://staging9.aplus-payments.com/payment/login.php?view=views/login.xsl
Message:
Unrecognized Content-Security-Policy directive 'upgrade-instaging-requests'.
recommendation verbose URL: https://staging9.aplus-payments.com/payment/login.php?view=views/login.xsl
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' https://staging9.aplus-payments.com https://piwik.aplus-payments.com https://js-agent.newrelic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://staging9.aplus-payments.com https://piwik.aplus-payments.com https://js-agent.newrelic.com; style-src 'self' 'unsafe-inline' https://staging9.aplus-payments.com https://piwik.aplus-payments.com https://js-agent.newrelic.com; img-src 'self' data: https://staging9.aplus-payments.com https://piwik.aplus-payments.com https://js-agent.newrelic.com; font-src 'self' data: https://staging9.aplus-payments.com https://piwik.aplus-payments.com https://js-agent.newrelic.com http://aplus-payments.com; connect-src https://staging9.aplus-payments.com https://piwik.aplus-payments.com https://js-agent.newrelic.com https://aplus-payments.com; child-src https://staging9.aplus-payments.com https://piwik.aplus-payments.com https://js-agent.newrelic.com https://aplus-payments.com; upgrade-instaging-requests; report-uri https://report.aplus-payments.com/r/default/csp/reportOnly
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block