app.staplespay.com Open in urlscan Pro
23.45.109.235  Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	500 Internal Server Error	Primary Request / Show response app.staplespay.com/	386 B 2 KB	1016ms 939ms	Document text/html	23.45.109.235 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL http://app.staplespay.com/ Protocol HTTP/1.1 Server 23.45.109.235 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-45-109-235.deploy.static.akamaitechnologies.com Software AkamaiGHost / Resource Hash 3bd70c971feb240f47e1dcb3aaf3fe66aa5df295a2b3410f9de3c1fac0cb15da Security Headers Name Value Content-Security-Policy default-src 'self'; script-src https: 'self' oppwa.com 'unsafe-inline' 'unsafe-eval'; connect-src https: 'self' oppwa.com; img-src https: 'self' oppwa.com; style-src https: 'self' oppwa.com 'unsafe-inline'; child-src https: 'self' oppwa.com; frame-ancestors https: 'self' *.staples.com *.staplesadvantage.com *.bureauengrosprivilege.ca *.staplespreferred.ca *.bluetarp.com *.quill.com *.quillcorp.com *.hitouchbusinessservices.com; Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers Server AkamaiGHost Mime-Version 1.0 Content-Type text/html Expires Wed, 17 Nov 2021 00:48:34 GMT Date Wed, 17 Nov 2021 00:48:34 GMT Connection close Content-Security-Policy default-src 'self'; script-src https: 'self' oppwa.com 'unsafe-inline' 'unsafe-eval'; connect-src https: 'self' oppwa.com; img-src https: 'self' oppwa.com; style-src https: 'self' oppwa.com 'unsafe-inline'; child-src https: 'self' oppwa.com; frame-ancestors https: 'self' *.staples.com *.staplesadvantage.com *.bureauengrosprivilege.ca *.staplespreferred.ca *.bluetarp.com *.quill.com *.quillcorp.com *.hitouchbusinessservices.com;
GET H/1.1	200 OK	1g3azsB Show response app.staplespay.com/SIEqu-QuPxcmF409krWI/Li3w2NY1Yk/Yy41AxIr/ZhJiS/	74 KB 20 KB	43ms 37ms	Script application/javascript	23.45.109.235 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL http://app.staplespay.com/SIEqu-QuPxcmF409krWI/Li3w2NY1Yk/Yy41AxIr/ZhJiS/1g3azsB Requested by Host: app.staplespay.com URL: http://app.staplespay.com/ Protocol HTTP/1.1 Server 23.45.109.235 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-45-109-235.deploy.static.akamaitechnologies.com Software / Resource Hash d28fcb63f244f9fc0347fc8efaaa91ccc5b6c0f63a94281e826d4e4329dce19a Security Headers Name Value Content-Security-Policy default-src 'self'; script-src https: 'self' oppwa.com 'unsafe-inline' 'unsafe-eval'; connect-src https: 'self' oppwa.com; img-src https: 'self' oppwa.com; style-src https: 'self' oppwa.com 'unsafe-inline'; child-src https: 'self' oppwa.com; frame-ancestors https: 'self' *.staples.com *.staplesadvantage.com *.bureauengrosprivilege.ca *.staplespreferred.ca *.bluetarp.com *.quill.com *.quillcorp.com *.hitouchbusinessservices.com; Request headers Accept-Language de-DE,de;q=0.9 Referer http://app.staplespay.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers Date Wed, 17 Nov 2021 00:48:34 GMT Content-Encoding gzip Last-Modified Mon, 08 Mar 2021 19:03:25 GMT ETag "d3caf572c192c8eeac2bc593a3b79aa0d20f9585b44afb7c04b08e353363cc30" Vary Accept-Encoding Content-Type application/javascript Cache-Control max-age=21600 Content-Security-Policy default-src 'self'; script-src https: 'self' oppwa.com 'unsafe-inline' 'unsafe-eval'; connect-src https: 'self' oppwa.com; img-src https: 'self' oppwa.com; style-src https: 'self' oppwa.com 'unsafe-inline'; child-src https: 'self' oppwa.com; frame-ancestors https: 'self' *.staples.com *.staplesadvantage.com *.bureauengrosprivilege.ca *.staplespreferred.ca *.bluetarp.com *.quill.com *.quillcorp.com *.hitouchbusinessservices.com; Connection keep-alive Content-Length 19129 Expires Thu, 16 Dec 2021 13:31:23 GMT
POST H/1.1	201 Created	1g3azsB Show response app.staplespay.com/SIEqu-QuPxcmF409krWI/Li3w2NY1Yk/Yy41AxIr/ZhJiS/	341 B 2 KB	10ms 10ms	XHR application/json	23.45.109.235 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL http://app.staplespay.com/SIEqu-QuPxcmF409krWI/Li3w2NY1Yk/Yy41AxIr/ZhJiS/1g3azsB Requested by Host: app.staplespay.com URL: http://app.staplespay.com/SIEqu-QuPxcmF409krWI/Li3w2NY1Yk/Yy41AxIr/ZhJiS/1g3azsB Protocol HTTP/1.1 Server 23.45.109.235 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-45-109-235.deploy.static.akamaitechnologies.com Software / Resource Hash c1e9303e96d6362a865dedfe991026e7d695dc5f0ee1de87834cb4d9fca320f8 Security Headers Name Value Content-Security-Policy default-src 'self'; script-src https: 'self' oppwa.com 'unsafe-inline' 'unsafe-eval'; connect-src https: 'self' oppwa.com; img-src https: 'self' oppwa.com; style-src https: 'self' oppwa.com 'unsafe-inline'; child-src https: 'self' oppwa.com; frame-ancestors https: 'self' *.staples.com *.staplesadvantage.com *.bureauengrosprivilege.ca *.staplespreferred.ca *.bluetarp.com *.quill.com *.quillcorp.com *.hitouchbusinessservices.com; Request headers Referer http://app.staplespay.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers Date Wed, 17 Nov 2021 00:48:34 GMT Mime-Version 1.0 Vary Origin Content-Type application/json Access-Control-Allow-Origin http://app.staplespay.com Access-Control-Allow-Credentials true Content-Security-Policy default-src 'self'; script-src https: 'self' oppwa.com 'unsafe-inline' 'unsafe-eval'; connect-src https: 'self' oppwa.com; img-src https: 'self' oppwa.com; style-src https: 'self' oppwa.com 'unsafe-inline'; child-src https: 'self' oppwa.com; frame-ancestors https: 'self' *.staples.com *.staplesadvantage.com *.bureauengrosprivilege.ca *.staplespreferred.ca *.bluetarp.com *.quill.com *.quillcorp.com *.hitouchbusinessservices.com; Connection close Access-Control-Allow-Headers Content-Type Content-Length 341
POST H/1.1	201 Created	1g3azsB Show response app.staplespay.com/SIEqu-QuPxcmF409krWI/Li3w2NY1Yk/Yy41AxIr/ZhJiS/	341 B 2 KB	16ms 9ms	XHR application/json	23.45.109.235 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL http://app.staplespay.com/SIEqu-QuPxcmF409krWI/Li3w2NY1Yk/Yy41AxIr/ZhJiS/1g3azsB Requested by Host: app.staplespay.com URL: http://app.staplespay.com/SIEqu-QuPxcmF409krWI/Li3w2NY1Yk/Yy41AxIr/ZhJiS/1g3azsB Protocol HTTP/1.1 Server 23.45.109.235 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-45-109-235.deploy.static.akamaitechnologies.com Software / Resource Hash 2dcbdf5e722f89f4dcf247c70c86a9d76ffc87c6329e6c7d6b539280449dba4a Security Headers Name Value Content-Security-Policy default-src 'self'; script-src https: 'self' oppwa.com 'unsafe-inline' 'unsafe-eval'; connect-src https: 'self' oppwa.com; img-src https: 'self' oppwa.com; style-src https: 'self' oppwa.com 'unsafe-inline'; child-src https: 'self' oppwa.com; frame-ancestors https: 'self' *.staples.com *.staplesadvantage.com *.bureauengrosprivilege.ca *.staplespreferred.ca *.bluetarp.com *.quill.com *.quillcorp.com *.hitouchbusinessservices.com; Request headers Referer http://app.staplespay.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers Date Wed, 17 Nov 2021 00:48:34 GMT Mime-Version 1.0 Vary Origin Content-Type application/json Access-Control-Allow-Origin http://app.staplespay.com Access-Control-Allow-Credentials true Content-Security-Policy default-src 'self'; script-src https: 'self' oppwa.com 'unsafe-inline' 'unsafe-eval'; connect-src https: 'self' oppwa.com; img-src https: 'self' oppwa.com; style-src https: 'self' oppwa.com 'unsafe-inline'; child-src https: 'self' oppwa.com; frame-ancestors https: 'self' *.staples.com *.staplesadvantage.com *.bureauengrosprivilege.ca *.staplespreferred.ca *.bluetarp.com *.quill.com *.quillcorp.com *.hitouchbusinessservices.com; Connection close Access-Control-Allow-Headers Content-Type Content-Length 341

16 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler object| _ac object| _cf object| bmak number| bm_counter object| bm_script undefined| scripts string| bm_url object| url_split string| obfus_state_field string| state_field_str string| _sd_trace function| op

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.staplespay.com/	1970-01-19 22:45:17	Name: ak_bmsc Value: F3FBF1470F98D80D00BC63133B82E5E5~000000000000000000000000000000~YAAQzF4OF7z4miZ9AQAAreddKw1GNcOyPaKO82r6b38HmbgG5Pmg0rIixo/9uicvtrO7eIFni0xeyBv85F1u3IRwIt4QO8iFiKp6XjYjs3sj6I3aK+N+UOJqd4g0cblXUwqb2frJ0Er/2BTpO8adP2cu9mY9x6RSPcH+TzMTtA/skOGWzV5kq4l083pY9gjfdv9viN4O/+UcNTaFLRSCWW5xgOPMwV2lIpe0DhVKcZNCwZ//v8I4rhFj5h25+hQQ+BapF0t/HOyW4zKrC0o2deZ1Ib+DpTIQ80Eml7ZGch0dCpljVaQx1rpa2XD9tSg/RPM54GaMqwpPqnM9
			.staplespay.com/	1970-01-20 07:30:46	Name: _abck Value: A18F7FDB80327C66655A512AB2170638~-1~YAAQzF4OF8D4miZ9AQAAIupdKwazo247HRIGTk7SqwEx4p5XxSx2GZkOFluDZg7XaHb15qJAuGXPg6Em0dV17nlPX3p5pZHqyXruEa3CGXwvKdXJXA06g+F5EWvpvyzfYalU10JZbRoIa9LcIWFUHdspyqba0itdXx/pUXHLqGMc7zo+aO39FpLmVYXCiSsvhLMjlx0TifHhS55M9BOAksP/ILn8sTjOky1zLIpn3Iewi6aJqzDIZvvos1W+P3Ecmcv0qDW49jxTE68kutyUekZDN7yh1ti4z90X7lgFywxYC+Lg7jT32QQTaP4qtmm+2FbhGqveYk9KUlCrpNTrUn8UabmZADc9yF7b8g8REhB7nfc4Ya78b0o=~-1~-1~1637113615
			.staplespay.com/	1970-01-19 22:45:12	Name: bm_sz Value: CD658960DDF9DB3FF7EBB86BD994AFC4~YAAQzF4OF8H4miZ9AQAAIupdKw1eb7p4neTvLYVC/YnJSxp3CkvwjFF7F/7QPTpnYt9k6YztK2TjULmeAtOd2jkPQuXP47JxTD44zsBL5fxeIPjrvbh81r0XSfV3gSFm13mBR4Vy5yjIn6rHfhExoBvoKnLz2+hNvAMSpVbdWxm76Cpa9qgXBTX4QK2KdiWo/Kkgi3Qz3UKHAbN7VwuZ5J1XSOtRhCcy465mO0KvyjSd0U7tAhvF3t/JBw8Qr/1l50ZmPU+DfG9lwN7AkSuGuJEXXQqkeHhbk4Ekgvq7vv8H3pUTuZzXBg==~4339768~4408632

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: http://app.staplespay.com/ Message: Failed to load resource: the server responded with a status of 500 (Internal Server Error)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header

Value

Content-Security-Policy

default-src 'self'; script-src https: 'self' oppwa.com 'unsafe-inline' 'unsafe-eval'; connect-src https: 'self' oppwa.com; img-src https: 'self' oppwa.com; style-src https: 'self' oppwa.com 'unsafe-inline'; child-src https: 'self' oppwa.com; frame-ancestors https: 'self' *.staples.com *.staplesadvantage.com *.bureauengrosprivilege.ca *.staplespreferred.ca *.bluetarp.com *.quill.com *.quillcorp.com *.hitouchbusinessservices.com;

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app.staplespay.com
23.45.109.235
2dcbdf5e722f89f4dcf247c70c86a9d76ffc87c6329e6c7d6b539280449dba4a
3bd70c971feb240f47e1dcb3aaf3fe66aa5df295a2b3410f9de3c1fac0cb15da
c1e9303e96d6362a865dedfe991026e7d695dc5f0ee1de87834cb4d9fca320f8
d28fcb63f244f9fc0347fc8efaaa91ccc5b6c0f63a94281e826d4e4329dce19a