app-staplespay.quill.com Open in urlscan Pro
23.45.109.235  Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response app-staplespay.quill.com/STPayWeb/views/card/addNew/QUILLWEBPRD01/6tgt6kap8g7jkv/3QPdZEzAudReuBgL7lrADE0KXjD3dFjeTof6ghe7uTs14syddD3vmXBg9I0ZcxNRxbk_SlwgvVjVCYIOUCAbbY36et9odc8svoyajXP2olp71pBlD0sl...	4 KB 3 KB	1575ms 1474ms	Document text/html	23.45.109.235 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://app-staplespay.quill.com/STPayWeb/views/card/addNew/QUILLWEBPRD01/6tgt6kap8g7jkv/3QPdZEzAudReuBgL7lrADE0KXjD3dFjeTof6ghe7uTs14syddD3vmXBg9I0ZcxNRxbk_SlwgvVjVCYIOUCAbbY36et9odc8svoyajXP2olp71pBlD0slkFFu37QQGCGsU9QjHoBgtk2YULjfJVsLyBVIMUeZRkaPrShefz2701H9eTgU5TEkmmkZWsXod_kkOQ-InvalDGXPZf8F5rDs8CiGoRKRILBr9jQ4JNLLEpU=/?expiry=1&viewmode=checkout&cvv=1&getcvv=1&tranID=QUILLC7FA8362D1F44AB6BC39495BDC60486F&noCors=1 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 23.45.109.235 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-45-109-235.deploy.static.akamaitechnologies.com Software Apache/2.4.6 (Red Hat Enterprise Linux) / Resource Hash b10635d7a30792b60db39212ec64bb49375a1f303f83af266c87b4ee7e117d1b Security Headers Name Value Content-Security-Policy default-src 'self' https; script-src https: 'self' 'unsafe-inline'; connect-src https: 'self' api.staplespay.com api-staplespay.staplesadvantage.com api-staplespay.ediversitynetwork.com easyapi.staples.com pgidm.staplespay.com api-staplespay.hitouchbusinessservices.com; img-src https: data: 'self'; style-src https: 'self' 'unsafe-inline'; child-src https: 'self'; frame-ancestors https: 'self' *.staples.com *.staplesadvantage.com *.bureauengrosprivilege.ca *.staplespreferred.ca *.bluetarp.com *.quill.com *.quillcorp.com *.quillcorp.com *.hitouchbusinessservices.com; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers Server Apache/2.4.6 (Red Hat Enterprise Linux) Content-Type text/html;charset=ISO-8859-1 Content-Language de-DE Vary Accept-Encoding Content-Encoding gzip Cache-Control max-age=3600 Expires Wed, 02 Feb 2022 19:18:35 GMT X-XSS-Protection 1; mode=block X-Content-Type-Options nosniff Strict-Transport-Security max-age=31536000; includeSubDomains Content-Security-Policy default-src 'self' https; script-src https: 'self' 'unsafe-inline'; connect-src https: 'self' api.staplespay.com api-staplespay.staplesadvantage.com api-staplespay.ediversitynetwork.com easyapi.staples.com pgidm.staplespay.com api-staplespay.hitouchbusinessservices.com; img-src https: data: 'self'; style-src https: 'self' 'unsafe-inline'; child-src https: 'self'; frame-ancestors https: 'self' *.staples.com *.staplesadvantage.com *.bureauengrosprivilege.ca *.staplespreferred.ca *.bluetarp.com *.quill.com *.quillcorp.com *.quillcorp.com *.hitouchbusinessservices.com; Content-Length 1609 Date Wed, 02 Feb 2022 18:18:36 GMT Connection keep-alive
GET H/1.1	200 OK	staplesPay.min.js Show response app-staplespay.quill.com/STPayWeb/view/QUILLWEBPRD01/js/desktop/	22 KB 6 KB	14ms 14ms	Script application/javascript	23.45.109.235 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://app-staplespay.quill.com/STPayWeb/view/QUILLWEBPRD01/js/desktop/staplesPay.min.js Requested by Host: app-staplespay.quill.com URL: https://app-staplespay.quill.com/STPayWeb/views/card/addNew/QUILLWEBPRD01/6tgt6kap8g7jkv/3QPdZEzAudReuBgL7lrADE0KXjD3dFjeTof6ghe7uTs14syddD3vmXBg9I0ZcxNRxbk_SlwgvVjVCYIOUCAbbY36et9odc8svoyajXP2olp71pBlD0slkFFu37QQGCGsU9QjHoBgtk2YULjfJVsLyBVIMUeZRkaPrShefz2701H9eTgU5TEkmmkZWsXod_kkOQ-InvalDGXPZf8F5rDs8CiGoRKRILBr9jQ4JNLLEpU=/?expiry=1&viewmode=checkout&cvv=1&getcvv=1&tranID=QUILLC7FA8362D1F44AB6BC39495BDC60486F&noCors=1 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 23.45.109.235 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-45-109-235.deploy.static.akamaitechnologies.com Software Apache/2.4.6 (Red Hat Enterprise Linux) / Resource Hash 4f44211abeddf707daa552e57fb528a4bcb29818e278377f9f8b8dfda700578a Security Headers Name Value Content-Security-Policy default-src 'self' https; script-src https: 'self' 'unsafe-inline'; connect-src https: 'self' api.staplespay.com api-staplespay.staplesadvantage.com api-staplespay.ediversitynetwork.com easyapi.staples.com pgidm.staplespay.com api-staplespay.hitouchbusinessservices.com; img-src https: data: 'self'; style-src https: 'self' 'unsafe-inline'; child-src https: 'self'; frame-ancestors https: 'self' *.staples.com *.staplesadvantage.com *.bureauengrosprivilege.ca *.staplespreferred.ca *.bluetarp.com *.quill.com *.quillcorp.com *.hitouchbusinessservices.com; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Accept-Language de-DE,de;q=0.9 Referer https://app-staplespay.quill.com/STPayWeb/views/card/addNew/QUILLWEBPRD01/6tgt6kap8g7jkv/3QPdZEzAudReuBgL7lrADE0KXjD3dFjeTof6ghe7uTs14syddD3vmXBg9I0ZcxNRxbk_SlwgvVjVCYIOUCAbbY36et9odc8svoyajXP2olp71pBlD0slkFFu37QQGCGsU9QjHoBgtk2YULjfJVsLyBVIMUeZRkaPrShefz2701H9eTgU5TEkmmkZWsXod_kkOQ-InvalDGXPZf8F5rDs8CiGoRKRILBr9jQ4JNLLEpU=/?expiry=1&viewmode=checkout&cvv=1&getcvv=1&tranID=QUILLC7FA8362D1F44AB6BC39495BDC60486F&noCors=1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Strict-Transport-Security max-age=31536000; includeSubDomains Content-Encoding gzip X-Content-Type-Options nosniff Last-Modified Tue, 23 Nov 2021 04:04:58 GMT Server Apache/2.4.6 (Red Hat Enterprise Linux) Date Wed, 02 Feb 2022 18:18:36 GMT Vary Accept-Encoding Content-Type application/javascript Cache-Control max-age=245918 Content-Security-Policy default-src 'self' https; script-src https: 'self' 'unsafe-inline'; connect-src https: 'self' api.staplespay.com api-staplespay.staplesadvantage.com api-staplespay.ediversitynetwork.com easyapi.staples.com pgidm.staplespay.com api-staplespay.hitouchbusinessservices.com; img-src https: data: 'self'; style-src https: 'self' 'unsafe-inline'; child-src https: 'self'; frame-ancestors https: 'self' *.staples.com *.staplesadvantage.com *.bureauengrosprivilege.ca *.staplespreferred.ca *.bluetarp.com *.quill.com *.quillcorp.com *.hitouchbusinessservices.com; Connection keep-alive Accept-Ranges bytes Content-Length 4821 X-XSS-Protection 1; mode=block Expires Sat, 05 Feb 2022 14:37:14 GMT
GET H/1.1	200 OK	staplesPay.min.css app-staplespay.quill.com/STPayWeb/view/QUILLWEBPRD01/css/desktop/	10 KB 4 KB	28ms 15ms	Stylesheet text/css	23.45.109.235 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://app-staplespay.quill.com/STPayWeb/view/QUILLWEBPRD01/css/desktop/staplesPay.min.css Requested by Host: app-staplespay.quill.com URL: https://app-staplespay.quill.com/STPayWeb/views/card/addNew/QUILLWEBPRD01/6tgt6kap8g7jkv/3QPdZEzAudReuBgL7lrADE0KXjD3dFjeTof6ghe7uTs14syddD3vmXBg9I0ZcxNRxbk_SlwgvVjVCYIOUCAbbY36et9odc8svoyajXP2olp71pBlD0slkFFu37QQGCGsU9QjHoBgtk2YULjfJVsLyBVIMUeZRkaPrShefz2701H9eTgU5TEkmmkZWsXod_kkOQ-InvalDGXPZf8F5rDs8CiGoRKRILBr9jQ4JNLLEpU=/?expiry=1&viewmode=checkout&cvv=1&getcvv=1&tranID=QUILLC7FA8362D1F44AB6BC39495BDC60486F&noCors=1 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 23.45.109.235 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-45-109-235.deploy.static.akamaitechnologies.com Software Apache-Coyote/1.1 / Resource Hash 6dc782384b223d83b95cd8d26e471bb920e811f728a13883fe9e9204eacc9b30 Security Headers Name Value Content-Security-Policy default-src 'self' https; script-src https: 'self' 'unsafe-inline'; connect-src https: 'self' api.staplespay.com api-staplespay.staplesadvantage.com api-staplespay.ediversitynetwork.com easyapi.staples.com pgidm.staplespay.com api-staplespay.hitouchbusinessservices.com; img-src https: data: 'self'; style-src https: 'self' 'unsafe-inline'; child-src https: 'self'; frame-ancestors https: 'self' *.staples.com *.staplesadvantage.com *.bureauengrosprivilege.ca *.staplespreferred.ca *.bluetarp.com *.quill.com *.quillcorp.com *.hitouchbusinessservices.com; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Accept-Language de-DE,de;q=0.9 Referer https://app-staplespay.quill.com/STPayWeb/views/card/addNew/QUILLWEBPRD01/6tgt6kap8g7jkv/3QPdZEzAudReuBgL7lrADE0KXjD3dFjeTof6ghe7uTs14syddD3vmXBg9I0ZcxNRxbk_SlwgvVjVCYIOUCAbbY36et9odc8svoyajXP2olp71pBlD0slkFFu37QQGCGsU9QjHoBgtk2YULjfJVsLyBVIMUeZRkaPrShefz2701H9eTgU5TEkmmkZWsXod_kkOQ-InvalDGXPZf8F5rDs8CiGoRKRILBr9jQ4JNLLEpU=/?expiry=1&viewmode=checkout&cvv=1&getcvv=1&tranID=QUILLC7FA8362D1F44AB6BC39495BDC60486F&noCors=1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Strict-Transport-Security max-age=31536000; includeSubDomains Content-Encoding gzip X-Content-Type-Options nosniff Last-Modified Tue, 23 Nov 2021 04:04:56 GMT Server Apache-Coyote/1.1 Date Wed, 02 Feb 2022 18:18:36 GMT Vary Accept-Encoding Content-Type text/css Cache-Control max-age=323892 Content-Security-Policy default-src 'self' https; script-src https: 'self' 'unsafe-inline'; connect-src https: 'self' api.staplespay.com api-staplespay.staplesadvantage.com api-staplespay.ediversitynetwork.com easyapi.staples.com pgidm.staplespay.com api-staplespay.hitouchbusinessservices.com; img-src https: data: 'self'; style-src https: 'self' 'unsafe-inline'; child-src https: 'self'; frame-ancestors https: 'self' *.staples.com *.staplesadvantage.com *.bureauengrosprivilege.ca *.staplespreferred.ca *.bluetarp.com *.quill.com *.quillcorp.com *.hitouchbusinessservices.com; Connection keep-alive Accept-Ranges bytes Content-Length 2579 X-XSS-Protection 1; mode=block Expires Sun, 06 Feb 2022 12:16:48 GMT
GET H/1.1	200 OK	staplesPayAllCommon.min.js Show response app-staplespay.quill.com/STPayWeb/view/STAPLES01/js/desktop/	4 KB 2 KB	32ms 19ms	Script application/javascript	23.45.109.235 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://app-staplespay.quill.com/STPayWeb/view/STAPLES01/js/desktop/staplesPayAllCommon.min.js Requested by Host: app-staplespay.quill.com URL: https://app-staplespay.quill.com/STPayWeb/views/card/addNew/QUILLWEBPRD01/6tgt6kap8g7jkv/3QPdZEzAudReuBgL7lrADE0KXjD3dFjeTof6ghe7uTs14syddD3vmXBg9I0ZcxNRxbk_SlwgvVjVCYIOUCAbbY36et9odc8svoyajXP2olp71pBlD0slkFFu37QQGCGsU9QjHoBgtk2YULjfJVsLyBVIMUeZRkaPrShefz2701H9eTgU5TEkmmkZWsXod_kkOQ-InvalDGXPZf8F5rDs8CiGoRKRILBr9jQ4JNLLEpU=/?expiry=1&viewmode=checkout&cvv=1&getcvv=1&tranID=QUILLC7FA8362D1F44AB6BC39495BDC60486F&noCors=1 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 23.45.109.235 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-45-109-235.deploy.static.akamaitechnologies.com Software Apache/2.4.6 (Red Hat Enterprise Linux) / Resource Hash 691de41c4f3eb56508a845eaa879540cda86550415eb14f65962b1c76d60e51f Security Headers Name Value Content-Security-Policy default-src 'self' https; script-src https: 'self' 'unsafe-inline'; connect-src https: 'self' api.staplespay.com api-staplespay.staplesadvantage.com api-staplespay.ediversitynetwork.com easyapi.staples.com pgidm.staplespay.com api-staplespay.hitouchbusinessservices.com; img-src https: data: 'self'; style-src https: 'self' 'unsafe-inline'; child-src https: 'self'; frame-ancestors https: 'self' *.staples.com *.staplesadvantage.com *.bureauengrosprivilege.ca *.staplespreferred.ca *.bluetarp.com *.quill.com *.quillcorp.com *.hitouchbusinessservices.com; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Accept-Language de-DE,de;q=0.9 Referer https://app-staplespay.quill.com/STPayWeb/views/card/addNew/QUILLWEBPRD01/6tgt6kap8g7jkv/3QPdZEzAudReuBgL7lrADE0KXjD3dFjeTof6ghe7uTs14syddD3vmXBg9I0ZcxNRxbk_SlwgvVjVCYIOUCAbbY36et9odc8svoyajXP2olp71pBlD0slkFFu37QQGCGsU9QjHoBgtk2YULjfJVsLyBVIMUeZRkaPrShefz2701H9eTgU5TEkmmkZWsXod_kkOQ-InvalDGXPZf8F5rDs8CiGoRKRILBr9jQ4JNLLEpU=/?expiry=1&viewmode=checkout&cvv=1&getcvv=1&tranID=QUILLC7FA8362D1F44AB6BC39495BDC60486F&noCors=1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Strict-Transport-Security max-age=31536000; includeSubDomains Content-Encoding gzip X-Content-Type-Options nosniff Last-Modified Sat, 06 Nov 2021 03:52:06 GMT Server Apache/2.4.6 (Red Hat Enterprise Linux) Date Wed, 02 Feb 2022 18:18:36 GMT Vary Accept-Encoding Content-Type application/javascript Cache-Control max-age=334249 Content-Security-Policy default-src 'self' https; script-src https: 'self' 'unsafe-inline'; connect-src https: 'self' api.staplespay.com api-staplespay.staplesadvantage.com api-staplespay.ediversitynetwork.com easyapi.staples.com pgidm.staplespay.com api-staplespay.hitouchbusinessservices.com; img-src https: data: 'self'; style-src https: 'self' 'unsafe-inline'; child-src https: 'self'; frame-ancestors https: 'self' *.staples.com *.staplesadvantage.com *.bureauengrosprivilege.ca *.staplespreferred.ca *.bluetarp.com *.quill.com *.quillcorp.com *.hitouchbusinessservices.com; Connection keep-alive Accept-Ranges bytes Content-Length 1269 X-XSS-Protection 1; mode=block Expires Sun, 06 Feb 2022 15:09:25 GMT
GET H/1.1	200 OK	cc-brands-spritesheet-merge.png app-staplespay.quill.com/STPayWeb/view/QUILLWEBPRD01/images/desktop/	11 KB 11 KB	21ms 21ms	Image image/webp	23.45.109.235 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://app-staplespay.quill.com/STPayWeb/view/QUILLWEBPRD01/images/desktop/cc-brands-spritesheet-merge.png Requested by Host: app-staplespay.quill.com URL: https://app-staplespay.quill.com/STPayWeb/view/QUILLWEBPRD01/css/desktop/staplesPay.min.css Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 23.45.109.235 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-45-109-235.deploy.static.akamaitechnologies.com Software Akamai Image Manager / Resource Hash 74e04d21d74b2b0df632bfd3bb2d9e1eca97f5ea5f259d7315e7ee7cab4fd594 Security Headers Name Value Content-Security-Policy default-src 'self'; script-src https: 'self' oppwa.com 'unsafe-inline' 'unsafe-eval'; connect-src https: 'self' oppwa.com; img-src https: 'self' oppwa.com; style-src https: 'self' oppwa.com 'unsafe-inline'; child-src https: 'self' oppwa.com; frame-ancestors https: 'self' *.staples.com *.staplesadvantage.com *.bureauengrosprivilege.ca *.staplespreferred.ca *.bluetarp.com *.quill.com *.quillcorp.com *.hitouchbusinessservices.com; Request headers Accept-Language de-DE,de;q=0.9 Referer https://app-staplespay.quill.com/STPayWeb/view/QUILLWEBPRD01/css/desktop/staplesPay.min.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Date Wed, 02 Feb 2022 18:18:36 GMT Last-Modified Wed, 22 Dec 2021 14:12:48 GMT Server Akamai Image Manager Content-Type image/webp Cache-Control private, no-transform, max-age=1281258 Content-Security-Policy default-src 'self'; script-src https: 'self' oppwa.com 'unsafe-inline' 'unsafe-eval'; connect-src https: 'self' oppwa.com; img-src https: 'self' oppwa.com; style-src https: 'self' oppwa.com 'unsafe-inline'; child-src https: 'self' oppwa.com; frame-ancestors https: 'self' *.staples.com *.staplesadvantage.com *.bureauengrosprivilege.ca *.staplespreferred.ca *.bluetarp.com *.quill.com *.quillcorp.com *.hitouchbusinessservices.com; Connection keep-alive Content-Length 10850 Expires Thu, 17 Feb 2022 14:12:54 GMT
POST H/1.1	200 OK	logNew Show response app-staplespay.quill.com/STPayWeb/views/card/	0 838 B	284ms 284ms	XHR text/plain	23.45.109.235 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://app-staplespay.quill.com/STPayWeb/views/card/logNew Requested by Host: app-staplespay.quill.com URL: https://app-staplespay.quill.com/STPayWeb/view/QUILLWEBPRD01/js/desktop/staplesPay.min.js Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 23.45.109.235 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-45-109-235.deploy.static.akamaitechnologies.com Software Apache-Coyote/1.1 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Content-Security-Policy default-src 'self' https; script-src https: 'self' 'unsafe-inline'; connect-src https: 'self' api.staplespay.com api-staplespay.staplesadvantage.com api-staplespay.ediversitynetwork.com easyapi.staples.com pgidm.staplespay.com api-staplespay.hitouchbusinessservices.com; img-src https: data: 'self'; style-src https: 'self' 'unsafe-inline'; child-src https: 'self'; frame-ancestors https: 'self' *.staples.com *.staplesadvantage.com *.bureauengrosprivilege.ca *.staplespreferred.ca *.bluetarp.com *.quill.com *.quillcorp.com *.hitouchbusinessservices.com; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Accept application/json Timestamp 1643825916674 Referer https://app-staplespay.quill.com/STPayWeb/views/card/addNew/QUILLWEBPRD01/6tgt6kap8g7jkv/3QPdZEzAudReuBgL7lrADE0KXjD3dFjeTof6ghe7uTs14syddD3vmXBg9I0ZcxNRxbk_SlwgvVjVCYIOUCAbbY36et9odc8svoyajXP2olp71pBlD0slkFFu37QQGCGsU9QjHoBgtk2YULjfJVsLyBVIMUeZRkaPrShefz2701H9eTgU5TEkmmkZWsXod_kkOQ-InvalDGXPZf8F5rDs8CiGoRKRILBr9jQ4JNLLEpU=/?expiry=1&viewmode=checkout&cvv=1&getcvv=1&tranID=QUILLC7FA8362D1F44AB6BC39495BDC60486F&noCors=1 LogCategory windowLoad Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Content-Type application/json Response headers Content-Security-Policy default-src 'self' https; script-src https: 'self' 'unsafe-inline'; connect-src https: 'self' api.staplespay.com api-staplespay.staplesadvantage.com api-staplespay.ediversitynetwork.com easyapi.staples.com pgidm.staplespay.com api-staplespay.hitouchbusinessservices.com; img-src https: data: 'self'; style-src https: 'self' 'unsafe-inline'; child-src https: 'self'; frame-ancestors https: 'self' *.staples.com *.staplesadvantage.com *.bureauengrosprivilege.ca *.staplespreferred.ca *.bluetarp.com *.quill.com *.quillcorp.com *.hitouchbusinessservices.com; X-Content-Type-Options nosniff Server Apache-Coyote/1.1 Date Wed, 02 Feb 2022 18:18:36 GMT Strict-Transport-Security max-age=31536000; includeSubDomains Connection keep-alive Content-Length 0 X-XSS-Protection 1; mode=block
POST H/1.1	200 OK	logNew Show response app-staplespay.quill.com/STPayWeb/views/card/	0 860 B	119ms 119ms	XHR text/plain	23.45.109.235 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://app-staplespay.quill.com/STPayWeb/views/card/logNew Requested by Host: app-staplespay.quill.com URL: https://app-staplespay.quill.com/STPayWeb/view/QUILLWEBPRD01/js/desktop/staplesPay.min.js Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 23.45.109.235 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-45-109-235.deploy.static.akamaitechnologies.com Software Apache/2.4.6 (Red Hat Enterprise Linux) / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Content-Security-Policy default-src 'self' https; script-src https: 'self' 'unsafe-inline'; connect-src https: 'self' api.staplespay.com api-staplespay.staplesadvantage.com api-staplespay.ediversitynetwork.com easyapi.staples.com pgidm.staplespay.com api-staplespay.hitouchbusinessservices.com; img-src https: data: 'self'; style-src https: 'self' 'unsafe-inline'; child-src https: 'self'; frame-ancestors https: 'self' *.staples.com *.staplesadvantage.com *.bureauengrosprivilege.ca *.staplespreferred.ca *.bluetarp.com *.quill.com *.quillcorp.com *.hitouchbusinessservices.com; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Accept application/json Timestamp 1643825916675 Referer https://app-staplespay.quill.com/STPayWeb/views/card/addNew/QUILLWEBPRD01/6tgt6kap8g7jkv/3QPdZEzAudReuBgL7lrADE0KXjD3dFjeTof6ghe7uTs14syddD3vmXBg9I0ZcxNRxbk_SlwgvVjVCYIOUCAbbY36et9odc8svoyajXP2olp71pBlD0slkFFu37QQGCGsU9QjHoBgtk2YULjfJVsLyBVIMUeZRkaPrShefz2701H9eTgU5TEkmmkZWsXod_kkOQ-InvalDGXPZf8F5rDs8CiGoRKRILBr9jQ4JNLLEpU=/?expiry=1&viewmode=checkout&cvv=1&getcvv=1&tranID=QUILLC7FA8362D1F44AB6BC39495BDC60486F&noCors=1 LogCategory windowLoad Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Content-Type application/json Response headers Content-Security-Policy default-src 'self' https; script-src https: 'self' 'unsafe-inline'; connect-src https: 'self' api.staplespay.com api-staplespay.staplesadvantage.com api-staplespay.ediversitynetwork.com easyapi.staples.com pgidm.staplespay.com api-staplespay.hitouchbusinessservices.com; img-src https: data: 'self'; style-src https: 'self' 'unsafe-inline'; child-src https: 'self'; frame-ancestors https: 'self' *.staples.com *.staplesadvantage.com *.bureauengrosprivilege.ca *.staplespreferred.ca *.bluetarp.com *.quill.com *.quillcorp.com *.hitouchbusinessservices.com; X-Content-Type-Options nosniff Server Apache/2.4.6 (Red Hat Enterprise Linux) Date Wed, 02 Feb 2022 18:18:36 GMT Strict-Transport-Security max-age=31536000; includeSubDomains Connection keep-alive Content-Length 0 X-XSS-Protection 1; mode=block

28 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| loadEventAlreadyHappened function| processLoadEvent object| $cc undefined| encrypCardDetails string| locale string| cvv string| getcvv string| expiryDate object| responseJSON undefined| cardBrand undefined| rebateCard string| mode object| errorAndLabels boolean| nexusErrorHandling string| tokenizationReqLogData function| sendLogEvent function| getQueryParam function| tokenize function| clearFields function| sendData function| toggleToolTip function| doPostMessageToParent object| allowedDomains function| sendMessage function| sendErrorMessage function| sendReadyMessage function| sendPerfMsg string| logUrl

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self' https; script-src https: 'self' 'unsafe-inline'; connect-src https: 'self' api.staplespay.com api-staplespay.staplesadvantage.com api-staplespay.ediversitynetwork.com easyapi.staples.com pgidm.staplespay.com api-staplespay.hitouchbusinessservices.com; img-src https: data: 'self'; style-src https: 'self' 'unsafe-inline'; child-src https: 'self'; frame-ancestors https: 'self' *.staples.com *.staplesadvantage.com *.bureauengrosprivilege.ca *.staplespreferred.ca *.bluetarp.com *.quill.com *.quillcorp.com *.quillcorp.com *.hitouchbusinessservices.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app-staplespay.quill.com
23.45.109.235
4f44211abeddf707daa552e57fb528a4bcb29818e278377f9f8b8dfda700578a
691de41c4f3eb56508a845eaa879540cda86550415eb14f65962b1c76d60e51f
6dc782384b223d83b95cd8d26e471bb920e811f728a13883fe9e9204eacc9b30
74e04d21d74b2b0df632bfd3bb2d9e1eca97f5ea5f259d7315e7ee7cab4fd594
b10635d7a30792b60db39212ec64bb49375a1f303f83af266c87b4ee7e117d1b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855