urlscan.io logo urlscan.io
SecurityTrails logo

smart-auth.gep.com Open in urlscan Pro
20.231.240.137  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://nexxe.gep.com/boa
Effective URL: https://smart-auth.gep.com/login/callback?connection=boa
Submission: On November 16 via manual from CA — Scanned from CA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 1 countries across 2 domains to perform 5 HTTP transactions. The main IP is 20.231.240.137, located in Tappahannock, United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is smart-auth.gep.com. The Cisco Umbrella rank of the primary domain is 214486.
TLS certificate: Issued by DigiCert Global G2 TLS RSA SHA256 202... on June 10th 2023. Valid for: a year.
This is the only time smart-auth.gep.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
3 5 13.107.246.40 8075 (MICROSOFT...)
2 4 20.231.240.137 8075 (MICROSOFT...)
1 171.161.146.123 10794 (BANKAMERICA)
5 3
Apex Domain
Subdomains		 Transfer
9 gep.com
nexxe.gep.com — Cisco Umbrella Rank: 479418
smart-sts.gep.com — Cisco Umbrella Rank: 233599
smart-auth.gep.com — Cisco Umbrella Rank: 214486
smartdev.gep.com
29 KB
1 bankofamerica.com
fedsso.bankofamerica.com — Cisco Umbrella Rank: 250962
6 KB
5 2
Domain Requested by
4 smart-auth.gep.com 2 redirects nexxe.gep.com
3 smart-sts.gep.com 3 redirects
1 smartdev.gep.com smart-auth.gep.com
1 fedsso.bankofamerica.com
1 nexxe.gep.com
5 5

This site contains links to these domains. Also see Links.

Domain
success.gep.com
Subject Issuer Validity Valid
Nexxe.gep.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-10-09 -
2024-10-22		 a year crt.sh
smart-auth.gep.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-06-10 -
2024-06-10		 a year crt.sh
fedsso-rtx-ext.bankofamerica.com
Entrust Certification Authority - L1M		 2023-05-19 -
2024-05-18		 a year crt.sh
smartdev.gep.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-07-12 -
2024-08-11		 a year crt.sh

This page contains 1 frames:

Primary Page: https://smart-auth.gep.com/login/callback?connection=boa
Frame ID: B9B973EBF8FC4F8C9A5EC38A98028B3A
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Error - Gep

Page URL History Show full URLs

  1. https://nexxe.gep.com/boa Page URL
  2. https://smart-sts.gep.com/?gepoa=OASignIn&wtrealm=https%3A%2F%2FNexxe.gep.com%2FHome%3Frux%3Dscm%26_PA... HTTP 302
    https://smart-sts.gep.com/login?ReturnUrl=http%3a%2f%2fsmart-sts.gep.com%2f%3fgepoa%3dOASignIn%26wtrea... HTTP 302
    https://smart-sts.gep.com/Authenticate?ReturnUrl=https://smart-auth.gep.com/samlp/AYLKmwM5BaTn3lyCQDvs... HTTP 302
    https://smart-auth.gep.com/connect/authorize?client_id=urn%3Asmart-auth.gep.com&redirect_uri=https%3A%2... HTTP 302
    https://smart-auth.gep.com/External?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Durn%253As... HTTP 302
    https://smart-auth.gep.com/External/Challenge?scheme=boa&returnUrl=%2Fconnect%2Fauthorize%2Fcallback%3F... Page URL
  3. https://fedsso.bankofamerica.com/idp/SSO.saml2 Page URL
  4. https://smart-auth.gep.com/login/callback?connection=boa Page URL

Page Statistics

5
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

5
Subdomains

3
IPs

1
Countries

27 kB
Transfer

17 kB
Size

11
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://nexxe.gep.com/boa Page URL
  2. https://smart-sts.gep.com/?gepoa=OASignIn&wtrealm=https%3A%2F%2FNexxe.gep.com%2FHome%3Frux%3Dscm%26_PATH%3DHome&ru=%2Fboa&wreply=https%3A%2F%2FNexxe.gep.com%2FHome%3Frux%3Dscm%26_PATH%3DHome HTTP 302
    https://smart-sts.gep.com/login?ReturnUrl=http%3a%2f%2fsmart-sts.gep.com%2f%3fgepoa%3dOASignIn%26wtrealm%3dhttps%3a%2f%2fNexxe.gep.com%2fHome%3frux%3dscm%26_PATH%3dHome%26ru%3d%2fboa%26wreply%3dhttps%3a%2f%2fNexxe.gep.com%2fHome%3frux%3dscm%26_PATH%3dHome HTTP 302
    https://smart-sts.gep.com/Authenticate?ReturnUrl=https://smart-auth.gep.com/samlp/AYLKmwM5BaTn3lyCQDvs0W6wP16lZ9K1?connection=boa&RelayState=https%3a%2f%2fNexxe.gep.com%2fHome%3frux%3dscm%26_PATH%3dHome HTTP 302
    https://smart-auth.gep.com/connect/authorize?client_id=urn%3Asmart-auth.gep.com&redirect_uri=https%3A%2F%2Fsmart-sts.gep.com%2Fsignin-oidc&response_type=code&scope=openid%20profile%20email&code_challenge=3JaysjNovikFCNEK8nVy0WnZsKFEkzQ24rQBTKUO0f4&code_challenge_method=S256&response_mode=form_post&nonce=638357480164039896.YmUyMWU0MzQtZDllNS00MTM2LTlkZjAtOWY3Zjk1NDAyYjg2YTVhNjA3MDAtYzJiNi00MDVhLWIyZTUtNDNkM2Q2Y2UzM2Y5&acr_values=tenant%3Aboa%20returnto%3Ahttps%253a%252f%252fNexxe.gep.com%252fHome%253frux%253dscm%2526_PATH%253dHome&state=sGugf4e8d7lVIGVp5FI8wf3EUUDryZr-y2JCTSCjrkiPd6JCWyyC3L7Oc2BAnIBTmSCwOrQbfVWZ7ihHgAjqiFlSPi18kO6VJKADtrINyx8TJ3gg3VDY3iXepp-ilcYJphNHp0B-VIBHsI_N2jvY3whk_pPS7fa72J-Aj0_pyVx7_Ductfv0EaAo_jGr6Mx_QANceyrL2G_aeu3xU2AfBN7vqbvj-l80gRX_cVJLqdAKVyYNAjpfvecyxD-KfUOQDAPoY7ctsqzdasU0cF3gyeAYuWVU80kdDGxLF_16LUxKeqqx7SYzSpNL71j2YLHNvrTDqfzM4rN5FSQytA93u6NkmG_p33VuMuEkD3_vYKXG1j9V0iy7IR6lnWG0tBA_6WtduAf3BpF8UWzqveEymgKv1snXYBOK8zBCzsvGi-OqwZDZFyUeAJhkTlAKaKsQLQNAhc2mkb4NH6Rc6GOsNdyB02bSMfbxqHxUYukf_DHAcPA_zT1Yqq6i_tPVwD5B&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=5.5.0.0 HTTP 302
    https://smart-auth.gep.com/External?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Durn%253Asmart-auth.gep.com%26redirect_uri%3Dhttps%253A%252F%252Fsmart-sts.gep.com%252Fsignin-oidc%26response_type%3Dcode%26scope%3Dopenid%2520profile%2520email%26code_challenge%3D3JaysjNovikFCNEK8nVy0WnZsKFEkzQ24rQBTKUO0f4%26code_challenge_method%3DS256%26response_mode%3Dform_post%26nonce%3D638357480164039896.YmUyMWU0MzQtZDllNS00MTM2LTlkZjAtOWY3Zjk1NDAyYjg2YTVhNjA3MDAtYzJiNi00MDVhLWIyZTUtNDNkM2Q2Y2UzM2Y5%26acr_values%3Dtenant%253Aboa%2520returnto%253Ahttps%25253a%25252f%25252fNexxe.gep.com%25252fHome%25253frux%25253dscm%252526_PATH%25253dHome%26state%3DsGugf4e8d7lVIGVp5FI8wf3EUUDryZr-y2JCTSCjrkiPd6JCWyyC3L7Oc2BAnIBTmSCwOrQbfVWZ7ihHgAjqiFlSPi18kO6VJKADtrINyx8TJ3gg3VDY3iXepp-ilcYJphNHp0B-VIBHsI_N2jvY3whk_pPS7fa72J-Aj0_pyVx7_Ductfv0EaAo_jGr6Mx_QANceyrL2G_aeu3xU2AfBN7vqbvj-l80gRX_cVJLqdAKVyYNAjpfvecyxD-KfUOQDAPoY7ctsqzdasU0cF3gyeAYuWVU80kdDGxLF_16LUxKeqqx7SYzSpNL71j2YLHNvrTDqfzM4rN5FSQytA93u6NkmG_p33VuMuEkD3_vYKXG1j9V0iy7IR6lnWG0tBA_6WtduAf3BpF8UWzqveEymgKv1snXYBOK8zBCzsvGi-OqwZDZFyUeAJhkTlAKaKsQLQNAhc2mkb4NH6Rc6GOsNdyB02bSMfbxqHxUYukf_DHAcPA_zT1Yqq6i_tPVwD5B%26x-client-SKU%3DID_NETSTANDARD2_0%26x-client-ver%3D5.5.0.0 HTTP 302
    https://smart-auth.gep.com/External/Challenge?scheme=boa&returnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Durn%253Asmart-auth.gep.com%26redirect_uri%3Dhttps%253A%252F%252Fsmart-sts.gep.com%252Fsignin-oidc%26response_type%3Dcode%26scope%3Dopenid%2520profile%2520email%26code_challenge%3D3JaysjNovikFCNEK8nVy0WnZsKFEkzQ24rQBTKUO0f4%26code_challenge_method%3DS256%26response_mode%3Dform_post%26nonce%3D638357480164039896.YmUyMWU0MzQtZDllNS00MTM2LTlkZjAtOWY3Zjk1NDAyYjg2YTVhNjA3MDAtYzJiNi00MDVhLWIyZTUtNDNkM2Q2Y2UzM2Y5%26acr_values%3Dtenant%253Aboa%2520returnto%253Ahttps%25253a%25252f%25252fNexxe.gep.com%25252fHome%25253frux%25253dscm%252526_PATH%25253dHome%26state%3DsGugf4e8d7lVIGVp5FI8wf3EUUDryZr-y2JCTSCjrkiPd6JCWyyC3L7Oc2BAnIBTmSCwOrQbfVWZ7ihHgAjqiFlSPi18kO6VJKADtrINyx8TJ3gg3VDY3iXepp-ilcYJphNHp0B-VIBHsI_N2jvY3whk_pPS7fa72J-Aj0_pyVx7_Ductfv0EaAo_jGr6Mx_QANceyrL2G_aeu3xU2AfBN7vqbvj-l80gRX_cVJLqdAKVyYNAjpfvecyxD-KfUOQDAPoY7ctsqzdasU0cF3gyeAYuWVU80kdDGxLF_16LUxKeqqx7SYzSpNL71j2YLHNvrTDqfzM4rN5FSQytA93u6NkmG_p33VuMuEkD3_vYKXG1j9V0iy7IR6lnWG0tBA_6WtduAf3BpF8UWzqveEymgKv1snXYBOK8zBCzsvGi-OqwZDZFyUeAJhkTlAKaKsQLQNAhc2mkb4NH6Rc6GOsNdyB02bSMfbxqHxUYukf_DHAcPA_zT1Yqq6i_tPVwD5B%26x-client-SKU%3DID_NETSTANDARD2_0%26x-client-ver%3D5.5.0.0 Page URL
  3. https://fedsso.bankofamerica.com/idp/SSO.saml2 Page URL
  4. https://smart-auth.gep.com/login/callback?connection=boa Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1
  • https://smart-sts.gep.com/?gepoa=OASignIn&wtrealm=https%3A%2F%2FNexxe.gep.com%2FHome%3Frux%3Dscm%26_PATH%3DHome&ru=%2Fboa&wreply=https%3A%2F%2FNexxe.gep.com%2FHome%3Frux%3Dscm%26_PATH%3DHome HTTP 302
  • https://smart-sts.gep.com/login?ReturnUrl=http%3a%2f%2fsmart-sts.gep.com%2f%3fgepoa%3dOASignIn%26wtrealm%3dhttps%3a%2f%2fNexxe.gep.com%2fHome%3frux%3dscm%26_PATH%3dHome%26ru%3d%2fboa%26wreply%3dhttps%3a%2f%2fNexxe.gep.com%2fHome%3frux%3dscm%26_PATH%3dHome HTTP 302
  • https://smart-sts.gep.com/Authenticate?ReturnUrl=https://smart-auth.gep.com/samlp/AYLKmwM5BaTn3lyCQDvs0W6wP16lZ9K1?connection=boa&RelayState=https%3a%2f%2fNexxe.gep.com%2fHome%3frux%3dscm%26_PATH%3dHome HTTP 302
  • https://smart-auth.gep.com/connect/authorize?client_id=urn%3Asmart-auth.gep.com&redirect_uri=https%3A%2F%2Fsmart-sts.gep.com%2Fsignin-oidc&response_type=code&scope=openid%20profile%20email&code_challenge=3JaysjNovikFCNEK8nVy0WnZsKFEkzQ24rQBTKUO0f4&code_challenge_method=S256&response_mode=form_post&nonce=638357480164039896.YmUyMWU0MzQtZDllNS00MTM2LTlkZjAtOWY3Zjk1NDAyYjg2YTVhNjA3MDAtYzJiNi00MDVhLWIyZTUtNDNkM2Q2Y2UzM2Y5&acr_values=tenant%3Aboa%20returnto%3Ahttps%253a%252f%252fNexxe.gep.com%252fHome%253frux%253dscm%2526_PATH%253dHome&state=sGugf4e8d7lVIGVp5FI8wf3EUUDryZr-y2JCTSCjrkiPd6JCWyyC3L7Oc2BAnIBTmSCwOrQbfVWZ7ihHgAjqiFlSPi18kO6VJKADtrINyx8TJ3gg3VDY3iXepp-ilcYJphNHp0B-VIBHsI_N2jvY3whk_pPS7fa72J-Aj0_pyVx7_Ductfv0EaAo_jGr6Mx_QANceyrL2G_aeu3xU2AfBN7vqbvj-l80gRX_cVJLqdAKVyYNAjpfvecyxD-KfUOQDAPoY7ctsqzdasU0cF3gyeAYuWVU80kdDGxLF_16LUxKeqqx7SYzSpNL71j2YLHNvrTDqfzM4rN5FSQytA93u6NkmG_p33VuMuEkD3_vYKXG1j9V0iy7IR6lnWG0tBA_6WtduAf3BpF8UWzqveEymgKv1snXYBOK8zBCzsvGi-OqwZDZFyUeAJhkTlAKaKsQLQNAhc2mkb4NH6Rc6GOsNdyB02bSMfbxqHxUYukf_DHAcPA_zT1Yqq6i_tPVwD5B&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=5.5.0.0 HTTP 302
  • https://smart-auth.gep.com/External?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Durn%253Asmart-auth.gep.com%26redirect_uri%3Dhttps%253A%252F%252Fsmart-sts.gep.com%252Fsignin-oidc%26response_type%3Dcode%26scope%3Dopenid%2520profile%2520email%26code_challenge%3D3JaysjNovikFCNEK8nVy0WnZsKFEkzQ24rQBTKUO0f4%26code_challenge_method%3DS256%26response_mode%3Dform_post%26nonce%3D638357480164039896.YmUyMWU0MzQtZDllNS00MTM2LTlkZjAtOWY3Zjk1NDAyYjg2YTVhNjA3MDAtYzJiNi00MDVhLWIyZTUtNDNkM2Q2Y2UzM2Y5%26acr_values%3Dtenant%253Aboa%2520returnto%253Ahttps%25253a%25252f%25252fNexxe.gep.com%25252fHome%25253frux%25253dscm%252526_PATH%25253dHome%26state%3DsGugf4e8d7lVIGVp5FI8wf3EUUDryZr-y2JCTSCjrkiPd6JCWyyC3L7Oc2BAnIBTmSCwOrQbfVWZ7ihHgAjqiFlSPi18kO6VJKADtrINyx8TJ3gg3VDY3iXepp-ilcYJphNHp0B-VIBHsI_N2jvY3whk_pPS7fa72J-Aj0_pyVx7_Ductfv0EaAo_jGr6Mx_QANceyrL2G_aeu3xU2AfBN7vqbvj-l80gRX_cVJLqdAKVyYNAjpfvecyxD-KfUOQDAPoY7ctsqzdasU0cF3gyeAYuWVU80kdDGxLF_16LUxKeqqx7SYzSpNL71j2YLHNvrTDqfzM4rN5FSQytA93u6NkmG_p33VuMuEkD3_vYKXG1j9V0iy7IR6lnWG0tBA_6WtduAf3BpF8UWzqveEymgKv1snXYBOK8zBCzsvGi-OqwZDZFyUeAJhkTlAKaKsQLQNAhc2mkb4NH6Rc6GOsNdyB02bSMfbxqHxUYukf_DHAcPA_zT1Yqq6i_tPVwD5B%26x-client-SKU%3DID_NETSTANDARD2_0%26x-client-ver%3D5.5.0.0 HTTP 302
  • https://smart-auth.gep.com/External/Challenge?scheme=boa&returnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Durn%253Asmart-auth.gep.com%26redirect_uri%3Dhttps%253A%252F%252Fsmart-sts.gep.com%252Fsignin-oidc%26response_type%3Dcode%26scope%3Dopenid%2520profile%2520email%26code_challenge%3D3JaysjNovikFCNEK8nVy0WnZsKFEkzQ24rQBTKUO0f4%26code_challenge_method%3DS256%26response_mode%3Dform_post%26nonce%3D638357480164039896.YmUyMWU0MzQtZDllNS00MTM2LTlkZjAtOWY3Zjk1NDAyYjg2YTVhNjA3MDAtYzJiNi00MDVhLWIyZTUtNDNkM2Q2Y2UzM2Y5%26acr_values%3Dtenant%253Aboa%2520returnto%253Ahttps%25253a%25252f%25252fNexxe.gep.com%25252fHome%25253frux%25253dscm%252526_PATH%25253dHome%26state%3DsGugf4e8d7lVIGVp5FI8wf3EUUDryZr-y2JCTSCjrkiPd6JCWyyC3L7Oc2BAnIBTmSCwOrQbfVWZ7ihHgAjqiFlSPi18kO6VJKADtrINyx8TJ3gg3VDY3iXepp-ilcYJphNHp0B-VIBHsI_N2jvY3whk_pPS7fa72J-Aj0_pyVx7_Ductfv0EaAo_jGr6Mx_QANceyrL2G_aeu3xU2AfBN7vqbvj-l80gRX_cVJLqdAKVyYNAjpfvecyxD-KfUOQDAPoY7ctsqzdasU0cF3gyeAYuWVU80kdDGxLF_16LUxKeqqx7SYzSpNL71j2YLHNvrTDqfzM4rN5FSQytA93u6NkmG_p33VuMuEkD3_vYKXG1j9V0iy7IR6lnWG0tBA_6WtduAf3BpF8UWzqveEymgKv1snXYBOK8zBCzsvGi-OqwZDZFyUeAJhkTlAKaKsQLQNAhc2mkb4NH6Rc6GOsNdyB02bSMfbxqHxUYukf_DHAcPA_zT1Yqq6i_tPVwD5B%26x-client-SKU%3DID_NETSTANDARD2_0%26x-client-ver%3D5.5.0.0

5 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
boa
nexxe.gep.com/ 		659 B
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://nexxe.gep.com/boa
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.107.246.40 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
689bb35e02ae6dfc508480a7a5f35c8baacb68b56cf56540a1683658f2f223f9
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' data: blob: wss: 'unsafe-eval' smart.gep.com static-nexxeuat.gep.com eu.smart.gep.com smartapac.gep.com nexxe.gep.com api-nexxe.gep.com api-smart.gep.com api-leo.gep.com api-click.gep.com d1icd6shlvmxi6.cloudfront.net js-agent.newrelic.com fonts.googleapis.com bam.nr-data.net fonts.gstatic.com static-smart.gep.com static-nexxe.gep.com cloudfront.net nexxeproddirectcdn.azureedge.net nexxecdn.gep.com static.gep.com smart-sts.gep.com smart-idp.gep.com js.pusher.com us-central1-bustling-psyche-221120.cloudfunctions.net cdn.ckeditor.com smartdevdirectstorage.blob.core.windows.net businessnetwork.gep.com businessnetwork-idp.gep.com businessnetwork-sts.gep.com Platform.gep.com Build.gep.com cdnjs.cloudflare.com static2-nexxe.gep.com api-leodsaks.gep.com us-east1-nexxe-ui-prod1.cloudfunctions.net us-east1-nexxe-ui-uat1.cloudfunctions.net us-east1-nexxe-ui-qc.cloudfunctions.net use.typekit.net fonts.googleapis.com plugin-nexxedev.gep.com plugin-nexxeqc.gep.com plugin-nexxeuat.gep.com plugin-nexxe.gep.com atlas.microsoft.com fonts.googleapis.com dc.services.visualstudio.com plugin-nexxeqc.gep.com api-click.gep.com api-clickeu.gep.com api-clickapac.gep.com static-azstorage-us.gep.com static-azstorage-eu.gep.com punchout.gep.com static-azstorage-apac.gep.com static-bofastorage.gep.com api-click.gep.com api-clickeu.gep.com api.ipify.org nexxedirectdatastore.blob.core.windows.net data.smartpendo.gep.com *.pusher.com api-leoaks.gep.com p.typekit.net content.smartpendo.gep.com sockjs-mt1.pusher.com ws-mt1.pusher.com sockjs-eu.pusher.com nexxedevdirectcdn.azureedge.net whatfix.com api-nexxeapac.gep.com api-smartapac.gep.com api-leoapac.gep.com api-leodsaksapac.gep.com api-nexxeeu.gep.com api-smarteu.gep.com api-leoeu.gep.com api-leodsakseu.gep.com nexxe.gep.com static-nexxe.gep.com static-bofastorage.gep.com cdn.whatfix.com m.media-amazon.com static.grainger.com static-doc-storage.gep.com images.staplesadvantage.com smartakseu.gep.com cdn.walkme.com ec.walkme.com s3.walkmeusercontent.com papi.walkme.com rapi.walkme.com playerserver.walkme.com gepsmartmtstorage.blob.core.windows.net nexxeprodapacdatastore.blob.core.windows.net nexxeprodeudatastore.blob.core.windows.net nexxeproddirectdatastore.blob.core.windows.net api-nexxeprodeu.gep.com smartapac.gep.com api-nexxeprodeu.gep.com api-clickuat.gep.com api-clickuateu.gep.com api-clickuatapac.gep.com; frame-src 'self' whatfix.com word-edit.officeapps.live.com cdn.walkme.com ffc-word-edit.officeapps.live.com ffc-onenote.officeapps.live.com FFC-excel.officeapps.live.com FFC-powerpoint.officeapps.live.com FFC-visio.officeapps.live.com FFC-word-view.officeapps.live.com onenote.officeapps.live.com excel.officeapps.live.com powerpoint.officeapps.live.com visio.officeapps.live.com word-view.officeapps.live.com static2.sharepointonline.com appsforoffice.microsoft.com blob: ;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,ocp-apim-subscription-key,EVENT,reference-code
access-control-allow-methods
GET, PUT, POST, DELETE, PATCH, OPTIONS
access-control-allow-origin
*.gep.com
access-control-max-age
1728000
cache-control
no-store
content-security-policy
default-src 'self' 'unsafe-inline' data: blob: wss: 'unsafe-eval' smart.gep.com static-nexxeuat.gep.com eu.smart.gep.com smartapac.gep.com nexxe.gep.com api-nexxe.gep.com api-smart.gep.com api-leo.gep.com api-click.gep.com d1icd6shlvmxi6.cloudfront.net js-agent.newrelic.com fonts.googleapis.com bam.nr-data.net fonts.gstatic.com static-smart.gep.com static-nexxe.gep.com cloudfront.net nexxeproddirectcdn.azureedge.net nexxecdn.gep.com static.gep.com smart-sts.gep.com smart-idp.gep.com js.pusher.com us-central1-bustling-psyche-221120.cloudfunctions.net cdn.ckeditor.com smartdevdirectstorage.blob.core.windows.net businessnetwork.gep.com businessnetwork-idp.gep.com businessnetwork-sts.gep.com Platform.gep.com Build.gep.com cdnjs.cloudflare.com static2-nexxe.gep.com api-leodsaks.gep.com us-east1-nexxe-ui-prod1.cloudfunctions.net us-east1-nexxe-ui-uat1.cloudfunctions.net us-east1-nexxe-ui-qc.cloudfunctions.net use.typekit.net fonts.googleapis.com plugin-nexxedev.gep.com plugin-nexxeqc.gep.com plugin-nexxeuat.gep.com plugin-nexxe.gep.com atlas.microsoft.com fonts.googleapis.com dc.services.visualstudio.com plugin-nexxeqc.gep.com api-click.gep.com api-clickeu.gep.com api-clickapac.gep.com static-azstorage-us.gep.com static-azstorage-eu.gep.com punchout.gep.com static-azstorage-apac.gep.com static-bofastorage.gep.com api-click.gep.com api-clickeu.gep.com api.ipify.org nexxedirectdatastore.blob.core.windows.net data.smartpendo.gep.com *.pusher.com api-leoaks.gep.com p.typekit.net content.smartpendo.gep.com sockjs-mt1.pusher.com ws-mt1.pusher.com sockjs-eu.pusher.com nexxedevdirectcdn.azureedge.net whatfix.com api-nexxeapac.gep.com api-smartapac.gep.com api-leoapac.gep.com api-leodsaksapac.gep.com api-nexxeeu.gep.com api-smarteu.gep.com api-leoeu.gep.com api-leodsakseu.gep.com nexxe.gep.com static-nexxe.gep.com static-bofastorage.gep.com cdn.whatfix.com m.media-amazon.com static.grainger.com static-doc-storage.gep.com images.staplesadvantage.com smartakseu.gep.com cdn.walkme.com ec.walkme.com s3.walkmeusercontent.com papi.walkme.com rapi.walkme.com playerserver.walkme.com gepsmartmtstorage.blob.core.windows.net nexxeprodapacdatastore.blob.core.windows.net nexxeprodeudatastore.blob.core.windows.net nexxeproddirectdatastore.blob.core.windows.net api-nexxeprodeu.gep.com smartapac.gep.com api-nexxeprodeu.gep.com api-clickuat.gep.com api-clickuateu.gep.com api-clickuatapac.gep.com; frame-src 'self' whatfix.com word-edit.officeapps.live.com cdn.walkme.com ffc-word-edit.officeapps.live.com ffc-onenote.officeapps.live.com FFC-excel.officeapps.live.com FFC-powerpoint.officeapps.live.com FFC-visio.officeapps.live.com FFC-word-view.officeapps.live.com onenote.officeapps.live.com excel.officeapps.live.com powerpoint.officeapps.live.com visio.officeapps.live.com word-view.officeapps.live.com static2.sharepointonline.com appsforoffice.microsoft.com blob: ;
date
Thu, 16 Nov 2023 16:13:36 GMT
permissions-policy
geolocation=(self "https://*.gep.com")
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-azure-ref
20231116T161335Z-7mnu6b6h9x6hfc91cp22qqggc800000008tg000000023hbf
x-cache
CONFIG_NOCACHE
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
Challenge
smart-auth.gep.com/External/
Redirect Chain
  • https://smart-sts.gep.com/?gepoa=OASignIn&wtrealm=https%3A%2F%2FNexxe.gep.com%2FHome%3Frux%3Dscm%26_PATH%3DHome&ru=%2Fboa&wreply=https%3A%2F%2FNexxe.gep.com%2FHome%3Frux%3Dscm%26_PATH%3DHome
  • https://smart-sts.gep.com/login?ReturnUrl=http%3a%2f%2fsmart-sts.gep.com%2f%3fgepoa%3dOASignIn%26wtrealm%3dhttps%3a%2f%2fNexxe.gep.com%2fHome%3frux%3dscm%26_PATH%3dHome%26ru%3d%2fboa%26wreply%3dhtt...
  • https://smart-sts.gep.com/Authenticate?ReturnUrl=https://smart-auth.gep.com/samlp/AYLKmwM5BaTn3lyCQDvs0W6wP16lZ9K1?connection=boa&RelayState=https%3a%2f%2fNexxe.gep.com%2fHome%3frux%3dscm%26_PATH%3...
  • https://smart-auth.gep.com/connect/authorize?client_id=urn%3Asmart-auth.gep.com&redirect_uri=https%3A%2F%2Fsmart-sts.gep.com%2Fsignin-oidc&response_type=code&scope=openid%20profile%20email&code_cha...
  • https://smart-auth.gep.com/External?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Durn%253Asmart-auth.gep.com%26redirect_uri%3Dhttps%253A%252F%252Fsmart-sts.gep.com%252Fsignin-oidc%26res...
  • https://smart-auth.gep.com/External/Challenge?scheme=boa&returnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Durn%253Asmart-auth.gep.com%26redirect_uri%3Dhttps%253A%252F%252Fsmart-sts.gep.com%...
1 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://smart-auth.gep.com/External/Challenge?scheme=boa&returnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Durn%253Asmart-auth.gep.com%26redirect_uri%3Dhttps%253A%252F%252Fsmart-sts.gep.com%252Fsignin-oidc%26response_type%3Dcode%26scope%3Dopenid%2520profile%2520email%26code_challenge%3D3JaysjNovikFCNEK8nVy0WnZsKFEkzQ24rQBTKUO0f4%26code_challenge_method%3DS256%26response_mode%3Dform_post%26nonce%3D638357480164039896.YmUyMWU0MzQtZDllNS00MTM2LTlkZjAtOWY3Zjk1NDAyYjg2YTVhNjA3MDAtYzJiNi00MDVhLWIyZTUtNDNkM2Q2Y2UzM2Y5%26acr_values%3Dtenant%253Aboa%2520returnto%253Ahttps%25253a%25252f%25252fNexxe.gep.com%25252fHome%25253frux%25253dscm%252526_PATH%25253dHome%26state%3DsGugf4e8d7lVIGVp5FI8wf3EUUDryZr-y2JCTSCjrkiPd6JCWyyC3L7Oc2BAnIBTmSCwOrQbfVWZ7ihHgAjqiFlSPi18kO6VJKADtrINyx8TJ3gg3VDY3iXepp-ilcYJphNHp0B-VIBHsI_N2jvY3whk_pPS7fa72J-Aj0_pyVx7_Ductfv0EaAo_jGr6Mx_QANceyrL2G_aeu3xU2AfBN7vqbvj-l80gRX_cVJLqdAKVyYNAjpfvecyxD-KfUOQDAPoY7ctsqzdasU0cF3gyeAYuWVU80kdDGxLF_16LUxKeqqx7SYzSpNL71j2YLHNvrTDqfzM4rN5FSQytA93u6NkmG_p33VuMuEkD3_vYKXG1j9V0iy7IR6lnWG0tBA_6WtduAf3BpF8UWzqveEymgKv1snXYBOK8zBCzsvGi-OqwZDZFyUeAJhkTlAKaKsQLQNAhc2mkb4NH6Rc6GOsNdyB02bSMfbxqHxUYukf_DHAcPA_zT1Yqq6i_tPVwD5B%26x-client-SKU%3DID_NETSTANDARD2_0%26x-client-ver%3D5.5.0.0
Requested by
Host: nexxe.gep.com
URL: https://nexxe.gep.com/boa
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.231.240.137 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
38fa9b88869e67125e6add1404111700fcb57ba79b39e3a0518c1579717e977f
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self';
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Security-Policy upgrade-insecure-requests default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self';
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://nexxe.gep.com/boa
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,ocp-apim-subscription-key,EVENT,reference-code,x-gep-transaction-scope-id
access-control-allow-methods
GET, PUT, POST, DELETE, PATCH, OPTIONS
access-control-allow-origin
*
access-control-max-age
1728000
cache-control
no-cache
content-length
1298
content-security-policy
upgrade-insecure-requests default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self';
content-type
text/html;charset=UTF-8
date
Thu, 16 Nov 2023 16:13:36 GMT
expires
-1
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
strict-transport-security
max-age=15724800; includeSubDomains
x-content-security-policy
upgrade-insecure-requests default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self';
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block

Redirect headers

access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,ocp-apim-subscription-key,EVENT,reference-code,x-gep-transaction-scope-id
access-control-allow-methods
GET, PUT, POST, DELETE, PATCH, OPTIONS
access-control-allow-origin
*
access-control-max-age
1728000
cache-control
no-cache, no-store
content-length
0
content-security-policy
upgrade-insecure-requests default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self';
date
Thu, 16 Nov 2023 16:13:36 GMT
location
/External/Challenge?scheme=boa&returnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Durn%253Asmart-auth.gep.com%26redirect_uri%3Dhttps%253A%252F%252Fsmart-sts.gep.com%252Fsignin-oidc%26response_type%3Dcode%26scope%3Dopenid%2520profile%2520email%26code_challenge%3D3JaysjNovikFCNEK8nVy0WnZsKFEkzQ24rQBTKUO0f4%26code_challenge_method%3DS256%26response_mode%3Dform_post%26nonce%3D638357480164039896.YmUyMWU0MzQtZDllNS00MTM2LTlkZjAtOWY3Zjk1NDAyYjg2YTVhNjA3MDAtYzJiNi00MDVhLWIyZTUtNDNkM2Q2Y2UzM2Y5%26acr_values%3Dtenant%253Aboa%2520returnto%253Ahttps%25253a%25252f%25252fNexxe.gep.com%25252fHome%25253frux%25253dscm%252526_PATH%25253dHome%26state%3DsGugf4e8d7lVIGVp5FI8wf3EUUDryZr-y2JCTSCjrkiPd6JCWyyC3L7Oc2BAnIBTmSCwOrQbfVWZ7ihHgAjqiFlSPi18kO6VJKADtrINyx8TJ3gg3VDY3iXepp-ilcYJphNHp0B-VIBHsI_N2jvY3whk_pPS7fa72J-Aj0_pyVx7_Ductfv0EaAo_jGr6Mx_QANceyrL2G_aeu3xU2AfBN7vqbvj-l80gRX_cVJLqdAKVyYNAjpfvecyxD-KfUOQDAPoY7ctsqzdasU0cF3gyeAYuWVU80kdDGxLF_16LUxKeqqx7SYzSpNL71j2YLHNvrTDqfzM4rN5FSQytA93u6NkmG_p33VuMuEkD3_vYKXG1j9V0iy7IR6lnWG0tBA_6WtduAf3BpF8UWzqveEymgKv1snXYBOK8zBCzsvGi-OqwZDZFyUeAJhkTlAKaKsQLQNAhc2mkb4NH6Rc6GOsNdyB02bSMfbxqHxUYukf_DHAcPA_zT1Yqq6i_tPVwD5B%26x-client-SKU%3DID_NETSTANDARD2_0%26x-client-ver%3D5.5.0.0
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
strict-transport-security
max-age=15724800; includeSubDomains
x-content-security-policy
upgrade-insecure-requests default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self';
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
SSO.saml2
fedsso.bankofamerica.com/idp/ 		4 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://fedsso.bankofamerica.com/idp/SSO.saml2
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
171.161.146.123 , United States, ASN10794 (BANKAMERICA, US),
Reverse DNS
fedsso-pf-rtx-ext-vip.bankofamerica.com
Software
/
Resource Hash
b9ff6a83356f6daaa551f39ade761e448a8f92d2a60c3fb5daf2e4bd351e05f5
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Strict-Transport-Security max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://smart-auth.gep.com
Referer
https://smart-auth.gep.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

Cache-Control
no-cache, no-store
Connection
Keep-Alive
Content-Length
3723
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Content-Type
text/html;charset=utf-8
Date
Thu, 16 Nov 2023 16:13:36 GMT
Expect-CT
max-age=3600, enforce
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive
timeout=5, max=20000
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Pragma
no-cache
Referrer-Policy
origin
Strict-Transport-Security
max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-XSS-Protection
1; mode=block
Primary Request callback
smart-auth.gep.com/login/ 		3 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://smart-auth.gep.com/login/callback?connection=boa
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.231.240.137 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
22e0519746133494d2cf9dddb9fff62e27a937b9647edd37a664452dd65cce8a
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self';
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Security-Policy upgrade-insecure-requests default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self';
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://fedsso.bankofamerica.com
Referer
https://fedsso.bankofamerica.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,ocp-apim-subscription-key,EVENT,reference-code,x-gep-transaction-scope-id
access-control-allow-methods
GET, PUT, POST, DELETE, PATCH, OPTIONS
access-control-allow-origin
*
access-control-max-age
1728000
cache-control
no-cache,no-store
content-security-policy
upgrade-insecure-requests default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self';
content-type
text/html; charset=utf-8
date
Thu, 16 Nov 2023 16:13:37 GMT
expires
-1
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
strict-transport-security
max-age=15724800; includeSubDomains
x-content-security-policy
upgrade-insecure-requests default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self';
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
smartGepLogo.jpg
smartdev.gep.com/Themes/globalAssets/desktop/images/ 		8 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://smartdev.gep.com/Themes/globalAssets/desktop/images/smartGepLogo.jpg
Requested by
Host: smart-auth.gep.com
URL: https://smart-auth.gep.com/login/callback?connection=boa
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.107.246.40 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
9e3f3b5948fb734d57b0e15795b1133cf5534c17af31bed50e00597b546737a7
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: wss: blob: 'unsafe-inline' 'unsafe-eval' plugin-nexxedev.gep.com use.typekit.net ec.walkme.com cdn.walkme.com fonts.googleapis.com smartdev.gep.com smart.gep.com scmdev.gep.com nexxedev.gep.com api-nexxedev.gep.com api-smartdev.gep.com js-agent.newrelic.com bam.nr-data.net static-smartdev.gep.com static-nexxedev.gep.com cloudfront.net nexxedevdirectcdn.azureedge.net smartdev-sts.gep.com smartdev-idp.gep.com js.pusher.com google.com gstatic.com cdn.pendo.io static-smart.gep.com content.smartpendo.gep.com ws-mt1.pusher.com sockjs-mt1.pusher.com data.smartpendo.gep.com stats.pusher.com pusher.com api-smartasfdev.gep.com gepdevmediaservice-aase.streaming.media.azure.net dsaksdev.gep.com smarteditor.gep.com gepckeditor01.gep.com powerpoint.officeapps.live.com excel.officeapps.live.com word-edit.officeapps.live.com smart-dev-auction-signleir.service.signalr.net www.highcharts.com smartdeverr.gep.com d1icd6shlvmxi6.cloudfront.net n2.mouseflow.com api-leoaksdev.gep.com p.typekit.net fonts.gstatic.com us-east1-nexxe-ui-qc.cloudfunctions.net us-east1-nexxe-ui-prod1.cloudfunctions.net us-east1-nexxe-ui-qc.cloudfunctions.net cdn.mouseflow.com smart-dev-plat-chatbot-sea.service.signalr.net gepmtstorage.blob.core.windows.net m.media-amazon.com ffc-word-edit.officeapps.live.com pusher.com smartdev-auth.gep.com 'report-sample' www.recaptcha.net static2-smartdev.gep.com code.jquery.com www.recaptcha.net go.microsoft.com ffc-onenote.officeapps.live.com FFC-excel.officeapps.live.com FFC-powerpoint.officeapps.live.com FFC-visio.officeapps.live.com FFC-word-view.officeapps.live.com onenote.officeapps.live.com excel.officeapps.live.com powerpoint.officeapps.live.com visio.officeapps.live.com word-view.officeapps.live.com static2.sharepointonline.com appsforoffice.microsoft.com;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://smart-auth.gep.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 16:13:37 GMT
content-security-policy
default-src 'self' data: wss: blob: 'unsafe-inline' 'unsafe-eval' plugin-nexxedev.gep.com use.typekit.net ec.walkme.com cdn.walkme.com fonts.googleapis.com smartdev.gep.com smart.gep.com scmdev.gep.com nexxedev.gep.com api-nexxedev.gep.com api-smartdev.gep.com js-agent.newrelic.com bam.nr-data.net static-smartdev.gep.com static-nexxedev.gep.com cloudfront.net nexxedevdirectcdn.azureedge.net smartdev-sts.gep.com smartdev-idp.gep.com js.pusher.com google.com gstatic.com cdn.pendo.io static-smart.gep.com content.smartpendo.gep.com ws-mt1.pusher.com sockjs-mt1.pusher.com data.smartpendo.gep.com stats.pusher.com pusher.com api-smartasfdev.gep.com gepdevmediaservice-aase.streaming.media.azure.net dsaksdev.gep.com smarteditor.gep.com gepckeditor01.gep.com powerpoint.officeapps.live.com excel.officeapps.live.com word-edit.officeapps.live.com smart-dev-auction-signleir.service.signalr.net www.highcharts.com smartdeverr.gep.com d1icd6shlvmxi6.cloudfront.net n2.mouseflow.com api-leoaksdev.gep.com p.typekit.net fonts.gstatic.com us-east1-nexxe-ui-qc.cloudfunctions.net us-east1-nexxe-ui-prod1.cloudfunctions.net us-east1-nexxe-ui-qc.cloudfunctions.net cdn.mouseflow.com smart-dev-plat-chatbot-sea.service.signalr.net gepmtstorage.blob.core.windows.net m.media-amazon.com ffc-word-edit.officeapps.live.com pusher.com smartdev-auth.gep.com 'report-sample' www.recaptcha.net static2-smartdev.gep.com code.jquery.com www.recaptcha.net go.microsoft.com ffc-onenote.officeapps.live.com FFC-excel.officeapps.live.com FFC-powerpoint.officeapps.live.com FFC-visio.officeapps.live.com FFC-word-view.officeapps.live.com onenote.officeapps.live.com excel.officeapps.live.com powerpoint.officeapps.live.com visio.officeapps.live.com word-view.officeapps.live.com static2.sharepointonline.com appsforoffice.microsoft.com;
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-cache
CONFIG_NOCACHE
public
OPTIONS, GET, HEAD, POST, DELETE, PUT
content-length
8145
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 09 Oct 2023 04:30:30 GMT
etag
"037ac5569fad91:0"
x-azure-ref
20231116T161337Z-zgp821fmxx1pxf939xyzbxdq3g000000029g00000002gd9b
allow
OPTIONS, GET, HEAD, POST, DELETE, PUT
content-type
image/jpeg
vary
Accept-Encoding
access-control-allow-origin
*
cache-control
max-age=86400
access-control-allow-methods
GET, PUT, POST, DELETE, PATCH, OPTIONS
permissions-policy
geolocation=(self "https://*.gep.com")
access-control-max-age
1728000
accept-ranges
bytes
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,ocp-apim-subscription-key,EVENT,reference-code,requestverificationtoken,userexecutioncontext,bpc
x-frame-options
SAMEORIGIN

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture

11 Cookies

Domain/Path Name / Value
smart-sts.gep.com/signin-oidc Name: fedno.cGyUuZj4R2LOknE05saY1dpr_4PMAWgLtOqQ4r51kubbGzILKq-7hqa-K5TdrK098G0aU87FsNzgDaLPiEqeL_9S7Rz8hnCCp3fsAFYzYSq6tEIAlPyk9gyyeoL7FKet3EjwmX4MWHkQ_VrPaecymieqhS9AHuBE7ZgqrlgOBaA
Value: N
smart-sts.gep.com/signin-oidc Name: fedco.stsoidc.rp0mBPZ4YxzCNoYwiLfwuU9kuaTZDVCxofB5KwAMqNA
Value: N
smart-sts.gep.com/ Name: stsreturnurl
Value: https%3A%2F%2FNexxe.gep.com%2FHome%3Frux%3Dscm%26_PATH%3DHome
smart-auth.gep.com/ Name: returnto
Value: https%3A%2F%2Fnexxe.gep.com%2Fboa
smart-auth.gep.com/ Name: Saml2pCorrelation
Value: Wi7JR7kykVSrMTz7zbQ2Cw-aVqisI6H4BWOX3r8KbI1DiSqNs5g1HOKD1Gjqo0Wuk-rKYeTYJAD04c44gXrH48FTjgkm_K6QKSijMNZ-7dO8unl5eeUuwTjCDvJICELTDF1SZGOyiX1zDUntVBCTysHB5ceGKdzDamE_iJQlJbBiM3rq9G7NDUki9g4jiAa-QiQlOm8hjljFPOemtvSWffhAfthSeKJdW63ttJcBzknSNfqyBo8qvCasFdB0d1ADAzj1uWU5MBscLlHMcNxW2QRv-_WqMNm5M6Hbz70JmXaX7R_Z8SdwCfTm1e5CU71foOKUD-3OAdZerGFNvOszeKf9lo8hla6AZpr4fsYSO6nRVn69wR7B7QeKAaFRaYRUhGhFHxkMv8ffZmUZAf_xrJrikSq4C5R8k3cWwtwByyEh6ey-5n0nsBZqbrnOfkMLjvCttBSYJ-Kr5vdoCScFMP1YFZUT9dv-RIwi1dTKI1GlS6CB9JkJlVbwSk3e1RyASncCn28h_TioFSfpFjh1F31vQ0geDvZ-H6HW52jsFTaCp6q7bifjpTQjTAv-hPbkjzyo-vm5HgybFs4O5rD4M2osktp3ardqeR-E3MvsCqtUV6iereOc2U0pbQziWXMBhiBTv87ufO9oxldtPdNgbstQlHE-705OJvLXnNCF55C8d8kFwKnczsOonN4Zm0FujeNHJ5lTMm6j0NU2EDm7ExHHqq71gTWhK1fxZl4hFFmEXmgw119SFLl0w3StNp9l_E3w5fJ53V6qdh3WhZGi1ozkUJP-TzlJ4gJaL701_5qN7To_N1CoO2Up9PfXrYb2JETnjZa2NabA9UmFC5ksF2HKc-6HkIP1H_4jozo_uNcKZH1vgqMXVUp0Eke4w2-fDpPEl4cs_GCgwsLBUQDensXcWPuldaJrqjVi8RupoMVcIcMgA6b3mpg391HJQBwzoRV7b_AVFwlVLXOpW88koGsz1BhqWd643LEXlldpBOMzvpIF2dhtAHn-sRrztYBigujqriE7ntBkRoqEWGizHZV3rUWFgcPGlun1kqQgDFZ4IIDdsI9cYGxBw5E42MmFcGwayR08hgxlvB_VW2lT2GjSWp9BPNxkzJu_ze-YYN0VG_RmWpr1OH_Wh87nS1A13g3-2P8TXNgLRvN-WSV6-cSx2j8M2-aK1KQeIeToi77fRXzbAMPqPSEHB3ojaW84UARR5CKwyoRf57hcb19keYeT-1N9dRiv8Jvi5fqnY0v-oMRCSVlXQ34E_qFxGFGenGE8T0yf3Lc4H12BdyU3ViVgfr9YiCCmBeAdPCR9zUVGzln49r7zdOg1doT7bK9iOLy3NbfKpk2GrZH-gtbBIWnrJXoBAPN2qHW7Jp0F4ol9baZLPeM87sZhO0P4vH50pQHr8PfwCt-D45Fz1_T9AfvpyWVs8zCIge-tA8XhpIS2470ui_ZXYyD1xl9JU9KxVaW5BJkz8wCficM77kqCexCHTM3jCrAsW4jXfXHA_3n01ckmdRl5GUtghM9fcWVvRmBX2ciHIWefDGbyrMTXhd_k9lzjmig_dpju4aX7YFGJ5Hrg5HcGH26ZCrWAO0mOduaWBisDC6NA0xvaCNceuVc37GXe-JdS4uzf-7tHiYxIroJecfIPHGvN0Wo2l5Bc-hCeYouWgH20VIYjtMWA9x_CP4mQAbMoGAW_9-AI2lfcPJrk9uoPD5kBuRzzfygH3YLOxtM3eDq4JLzUUdaB10XzB05aMChg-mZglkmLQ3J045QIN9TDA2EqGFeMdIHch44lhkvMKx_i7U9WSau-sw
fedsso.bankofamerica.com/ Name: PF
Value: 74vpcTdXLmVEpZNrO2E9RT
fedsso.bankofamerica.com/ Name: bac_persist
Value: 358952357.24515.0000
.bankofamerica.com/ Name: _bofalid
Value: uZuoHBIF2teQW8lKCFlW0/Y1jDYWSUIk9M7BsmryOOQ=
.fedsso.bankofamerica.com/ Name: TS0193529a
Value: 01894c4cce94921cbc5650b9e450d13b40a8e6f2f131545f270f29e55499defa1675207fb98569f8a19655fa71ecfe9c070eabecf3
smart-auth.gep.com/ Name: .AspNetCore.Antiforgery.9TtSrW0hzOs
Value: On4xE7HKfz5SsvJ9qS28GNQmFKTt3jAb6WIuqdPQ9Nc
smart-auth.gep.com/ Name: XSRF-TOKEN
Value: On4xE7HKfz5SsvJ9qS28GJt309HSws3jlZIiz1RGBys

5 Console Messages

Source Level URL
Text
security error URL: https://smart-auth.gep.com/External/Challenge?scheme=boa&returnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Durn%253Asmart-auth.gep.com%26redirect_uri%3Dhttps%253A%252F%252Fsmart-sts.gep.com%252Fsignin-oidc%26response_type%3Dcode%26scope%3Dopenid%2520profile%2520email%26code_challenge%3D3JaysjNovikFCNEK8nVy0WnZsKFEkzQ24rQBTKUO0f4%26code_challenge_method%3DS256%26response_mode%3Dform_post%26nonce%3D638357480164039896.YmUyMWU0MzQtZDllNS00MTM2LTlkZjAtOWY3Zjk1NDAyYjg2YTVhNjA3MDAtYzJiNi00MDVhLWIyZTUtNDNkM2Q2Y2UzM2Y5%26acr_values%3Dtenant%253Aboa%2520returnto%253Ahttps%25253a%25252f%25252fNexxe.gep.com%25252fHome%25253frux%25253dscm%252526_PATH%25253dHome%26state%3DsGugf4e8d7lVIGVp5FI8wf3EUUDryZr-y2JCTSCjrkiPd6JCWyyC3L7Oc2BAnIBTmSCwOrQbfVWZ7ihHgAjqiFlSPi18kO6VJKADtrINyx8TJ3gg3VDY3iXepp-ilcYJphNHp0B-VIBHsI_N2jvY3whk_pPS7fa72J-Aj0_pyVx7_Ductfv0EaAo_jGr6Mx_QANceyrL2G_aeu3xU2AfBN7vqbvj-l80gRX_cVJLqdAKVyYNAjpfvecyxD-KfUOQDAPoY7ctsqzdasU0cF3gyeAYuWVU80kdDGxLF_16LUxKeqqx7SYzSpNL71j2YLHNvrTDqfzM4rN5FSQytA93u6NkmG_p33VuMuEkD3_vYKXG1j9V0iy7IR6lnWG0tBA_6WtduAf3BpF8UWzqveEymgKv1snXYBOK8zBCzsvGi-OqwZDZFyUeAJhkTlAKaKsQLQNAhc2mkb4NH6Rc6GOsNdyB02bSMfbxqHxUYukf_DHAcPA_zT1Yqq6i_tPVwD5B%26x-client-SKU%3DID_NETSTANDARD2_0%26x-client-ver%3D5.5.0.0
Message:
The Content Security Policy directive 'upgrade-insecure-requests' should be empty, but was delivered with a value of 'default-src 'self''. The directive has been applied, and the value ignored.
security warning URL: https://smart-auth.gep.com/External/Challenge?scheme=boa&returnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Durn%253Asmart-auth.gep.com%26redirect_uri%3Dhttps%253A%252F%252Fsmart-sts.gep.com%252Fsignin-oidc%26response_type%3Dcode%26scope%3Dopenid%2520profile%2520email%26code_challenge%3D3JaysjNovikFCNEK8nVy0WnZsKFEkzQ24rQBTKUO0f4%26code_challenge_method%3DS256%26response_mode%3Dform_post%26nonce%3D638357480164039896.YmUyMWU0MzQtZDllNS00MTM2LTlkZjAtOWY3Zjk1NDAyYjg2YTVhNjA3MDAtYzJiNi00MDVhLWIyZTUtNDNkM2Q2Y2UzM2Y5%26acr_values%3Dtenant%253Aboa%2520returnto%253Ahttps%25253a%25252f%25252fNexxe.gep.com%25252fHome%25253frux%25253dscm%252526_PATH%25253dHome%26state%3DsGugf4e8d7lVIGVp5FI8wf3EUUDryZr-y2JCTSCjrkiPd6JCWyyC3L7Oc2BAnIBTmSCwOrQbfVWZ7ihHgAjqiFlSPi18kO6VJKADtrINyx8TJ3gg3VDY3iXepp-ilcYJphNHp0B-VIBHsI_N2jvY3whk_pPS7fa72J-Aj0_pyVx7_Ductfv0EaAo_jGr6Mx_QANceyrL2G_aeu3xU2AfBN7vqbvj-l80gRX_cVJLqdAKVyYNAjpfvecyxD-KfUOQDAPoY7ctsqzdasU0cF3gyeAYuWVU80kdDGxLF_16LUxKeqqx7SYzSpNL71j2YLHNvrTDqfzM4rN5FSQytA93u6NkmG_p33VuMuEkD3_vYKXG1j9V0iy7IR6lnWG0tBA_6WtduAf3BpF8UWzqveEymgKv1snXYBOK8zBCzsvGi-OqwZDZFyUeAJhkTlAKaKsQLQNAhc2mkb4NH6Rc6GOsNdyB02bSMfbxqHxUYukf_DHAcPA_zT1Yqq6i_tPVwD5B%26x-client-SKU%3DID_NETSTANDARD2_0%26x-client-ver%3D5.5.0.0
Message:
An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.
network error URL: https://smart-auth.gep.com/login/callback?connection=boa
Message:
Failed to load resource: the server responded with a status of 500 ()
security error URL: https://smart-auth.gep.com/login/callback?connection=boa
Message:
The Content Security Policy directive 'upgrade-insecure-requests' should be empty, but was delivered with a value of 'default-src 'self''. The directive has been applied, and the value ignored.
security warning URL: https://smart-auth.gep.com/login/callback?connection=boa
Message:
An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' 'unsafe-inline' data: blob: wss: 'unsafe-eval' smart.gep.com static-nexxeuat.gep.com eu.smart.gep.com smartapac.gep.com nexxe.gep.com api-nexxe.gep.com api-smart.gep.com api-leo.gep.com api-click.gep.com d1icd6shlvmxi6.cloudfront.net js-agent.newrelic.com fonts.googleapis.com bam.nr-data.net fonts.gstatic.com static-smart.gep.com static-nexxe.gep.com cloudfront.net nexxeproddirectcdn.azureedge.net nexxecdn.gep.com static.gep.com smart-sts.gep.com smart-idp.gep.com js.pusher.com us-central1-bustling-psyche-221120.cloudfunctions.net cdn.ckeditor.com smartdevdirectstorage.blob.core.windows.net businessnetwork.gep.com businessnetwork-idp.gep.com businessnetwork-sts.gep.com Platform.gep.com Build.gep.com cdnjs.cloudflare.com static2-nexxe.gep.com api-leodsaks.gep.com us-east1-nexxe-ui-prod1.cloudfunctions.net us-east1-nexxe-ui-uat1.cloudfunctions.net us-east1-nexxe-ui-qc.cloudfunctions.net use.typekit.net fonts.googleapis.com plugin-nexxedev.gep.com plugin-nexxeqc.gep.com plugin-nexxeuat.gep.com plugin-nexxe.gep.com atlas.microsoft.com fonts.googleapis.com dc.services.visualstudio.com plugin-nexxeqc.gep.com api-click.gep.com api-clickeu.gep.com api-clickapac.gep.com static-azstorage-us.gep.com static-azstorage-eu.gep.com punchout.gep.com static-azstorage-apac.gep.com static-bofastorage.gep.com api-click.gep.com api-clickeu.gep.com api.ipify.org nexxedirectdatastore.blob.core.windows.net data.smartpendo.gep.com *.pusher.com api-leoaks.gep.com p.typekit.net content.smartpendo.gep.com sockjs-mt1.pusher.com ws-mt1.pusher.com sockjs-eu.pusher.com nexxedevdirectcdn.azureedge.net whatfix.com api-nexxeapac.gep.com api-smartapac.gep.com api-leoapac.gep.com api-leodsaksapac.gep.com api-nexxeeu.gep.com api-smarteu.gep.com api-leoeu.gep.com api-leodsakseu.gep.com nexxe.gep.com static-nexxe.gep.com static-bofastorage.gep.com cdn.whatfix.com m.media-amazon.com static.grainger.com static-doc-storage.gep.com images.staplesadvantage.com smartakseu.gep.com cdn.walkme.com ec.walkme.com s3.walkmeusercontent.com papi.walkme.com rapi.walkme.com playerserver.walkme.com gepsmartmtstorage.blob.core.windows.net nexxeprodapacdatastore.blob.core.windows.net nexxeprodeudatastore.blob.core.windows.net nexxeproddirectdatastore.blob.core.windows.net api-nexxeprodeu.gep.com smartapac.gep.com api-nexxeprodeu.gep.com api-clickuat.gep.com api-clickuateu.gep.com api-clickuatapac.gep.com; frame-src 'self' whatfix.com word-edit.officeapps.live.com cdn.walkme.com ffc-word-edit.officeapps.live.com ffc-onenote.officeapps.live.com FFC-excel.officeapps.live.com FFC-powerpoint.officeapps.live.com FFC-visio.officeapps.live.com FFC-word-view.officeapps.live.com onenote.officeapps.live.com excel.officeapps.live.com powerpoint.officeapps.live.com visio.officeapps.live.com word-view.officeapps.live.com static2.sharepointonline.com appsforoffice.microsoft.com blob: ;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block