urlscan.io logo urlscan.io
SecurityTrails logo

capitalone.vera.com Open in urlscan Pro
2606:4700::6810:e8e5  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://capitalone.vera.com/
Effective URL: https://capitalone.vera.com/
Submission: On May 18 via api from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 2 countries across 5 domains to perform 18 HTTP transactions. The main IP is 2606:4700::6810:e8e5, located in United States and belongs to CLOUDFLARENET, US. The main domain is capitalone.vera.com.
TLS certificate: Issued by Thawte RSA CA 2018 on February 14th 2020. Valid for: 2 years.
This is the only time capitalone.vera.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 11 2606:4700::68... 13335 (CLOUDFLAR...)
3 52.222.182.67 16509 (AMAZON-02)
1 52.222.189.193 16509 (AMAZON-02)
3 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
18 6
11    2606:4700::6810:e8e5 (United States)

ASN13335 (CLOUDFLARENET, US)
capitalone.vera.com
3    52.222.182.67 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-182-67.ham50.r.cloudfront.net
d2tc4pyewq5nzw.cloudfront.net
1    52.222.189.193 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-189-193.ham50.r.cloudfront.net
api.mapbox.com
3    2a00:1450:4001:821::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
maps.google.com
1    2a00:1450:4001:820::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
maps.googleapis.com
Domain Requested by
11 capitalone.vera.com 1 redirects d2tc4pyewq5nzw.cloudfront.net
capitalone.vera.com
3 maps.google.com capitalone.vera.com
maps.google.com
3 d2tc4pyewq5nzw.cloudfront.net capitalone.vera.com
1 maps.googleapis.com maps.google.com
1 api.mapbox.com capitalone.vera.com
18 5

This site contains no links.

Subject Issuer Validity Valid
*.vera.com
Thawte RSA CA 2018		 2020-02-14 -
2022-03-14		 2 years crt.sh
*.cloudfront.net
DigiCert Global CA G2		 2019-07-17 -
2020-07-05		 a year crt.sh
api.mapbox.com
Amazon		 2020-03-05 -
2021-04-05		 a year crt.sh
*.google.com
GTS CA 1O1		 2020-04-28 -
2020-07-21		 3 months crt.sh
upload.video.google.com
GTS CA 1O1		 2020-04-28 -
2020-07-21		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://capitalone.vera.com/
Frame ID: DD9D75358B20507579F319D0934E86BB
Requests: 11 HTTP requests in this frame

Frame: https://capitalone.vera.com/res/authinit/index.html?source=portal
Frame ID: AE9218DDF52F722EF79150755772AE10
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://capitalone.vera.com/ HTTP 301
    https://capitalone.vera.com/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • script /\/\/maps\.googleapis\.com\/maps\/api\/js/i
Overall confidence: 100%
Detected patterns
  • html /<[^>]+data-react/i
Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i

Page Statistics

18
Requests

100 %
HTTPS

60 %
IPv6

5
Domains

5
Subdomains

6
IPs

2
Countries

2218 kB
Transfer

9745 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://capitalone.vera.com/ HTTP 301
    https://capitalone.vera.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
capitalone.vera.com/
Redirect Chain
  • http://capitalone.vera.com/
  • https://capitalone.vera.com/
3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://capitalone.vera.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2606:4700::6810:e8e5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
27eaf2b500f5abf75a167ea85e177c490cc903eb526c38f5ccd13b74f84ed0c3
Security Headers
Name Value
Content-Security-Policy default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data: blob: http://127.0.0.1:43421
Strict-Transport-Security max-age=60
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

:method
GET
:authority
capitalone.vera.com
:scheme
https
:path
/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
200
date
Mon, 18 May 2020 00:13:43 GMT
content-type
text/html;charset=utf-8
set-cookie
__cfduid=d3fcfc60fe17355c5f32a1448afb2c5e21589760822; expires=Wed, 17-Jun-20 00:13:42 GMT; path=/; domain=.vera.com; HttpOnly; SameSite=Lax
cache-control
no-cache, no-store, must-revalidate
content-security-policy
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data: blob: http://127.0.0.1:43421
expires
Thu, 01 Jan 1970 00:00:00 UTC
strict-transport-security
max-age=60
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-vera-id
59515fb5bfdec2f4-FRA
x-xss-protection
1
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
59515fb5bfdec2f4-FRA
content-encoding
gzip
cf-request-id
02c6ba25960000c2f4c4813200000001

Redirect headers

Date
Mon, 18 May 2020 00:13:42 GMT
Transfer-Encoding
chunked
Connection
keep-alive
Cache-Control
max-age=3600
Expires
Mon, 18 May 2020 01:13:42 GMT
Location
https://capitalone.vera.com/
Vary
Accept-Encoding
Server
cloudflare
CF-RAY
59515fb58b3d175e-FRA
cf-request-id
02c6ba25700000175e8c31c200000001
lib.d27e1815af7a04.css
d2tc4pyewq5nzw.cloudfront.net/css/ 		193 KB
38 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://d2tc4pyewq5nzw.cloudfront.net/css/lib.d27e1815af7a04.css
Requested by
Host: capitalone.vera.com
URL: https://capitalone.vera.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.182.67 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-182-67.ham50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
8d1d830acff98d5b5959656aecc22e24c10cd89e9bc8924d844c7bf47b00ca9c

Request headers

Referer
https://capitalone.vera.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 18 May 2020 00:13:45 GMT
Content-Encoding
gzip
Last-Modified
Mon, 13 Apr 2020 06:43:26 GMT
Server
AmazonS3
x-amz-meta-s3cmd-attrs
atime:1582256879/ctime:1586760229/gid:1001/gname:vera/md5:99c1365de5dc8317152fe0d1b84aeeda/mode:33204/mtime:1582256879/uid:1001/uname:vera
X-Amz-Cf-Pop
HAM50-C1
Vary
Accept-Encoding
X-Cache
Miss from cloudfront
Content-Type
text/css
Via
1.1 5fbb28bff7a0b15518cded51f089f259.cloudfront.net (CloudFront)
Transfer-Encoding
chunked
Connection
keep-alive
X-Amz-Cf-Id
XpsctCO6CnSTW4x6w2jgBLoGJJD2tbfO2wQyeWNtVuxnDvrHTzvqOg==
app.d27e1815af7a04.css
d2tc4pyewq5nzw.cloudfront.net/css/ 		356 KB
60 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://d2tc4pyewq5nzw.cloudfront.net/css/app.d27e1815af7a04.css
Requested by
Host: capitalone.vera.com
URL: https://capitalone.vera.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.182.67 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-182-67.ham50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
a53dc065ec156e859645d6557d2dbb3fa24cd7c29fdb3fe05a116dd30bd34be1

Request headers

Referer
https://capitalone.vera.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 18 May 2020 00:13:45 GMT
Content-Encoding
gzip
Last-Modified
Mon, 13 Apr 2020 06:43:26 GMT
Server
AmazonS3
x-amz-meta-s3cmd-attrs
atime:1582256879/ctime:1586760229/gid:1001/gname:vera/md5:cc7baa7f34aad9917cff19e555775e2f/mode:33204/mtime:1582256879/uid:1001/uname:vera
X-Amz-Cf-Pop
HAM50-C1
Vary
Accept-Encoding
X-Cache
Miss from cloudfront
Content-Type
text/css
Via
1.1 d66ba6ddafce2f17d4194c66f1af89fc.cloudfront.net (CloudFront)
Transfer-Encoding
chunked
Connection
keep-alive
X-Amz-Cf-Id
KX93jDjdgrhOMEW_tM05R2KbPucCsTlKVxB6W-Sp7LkltAxCh6LqyQ==
app.d27e1815af7a04.js
d2tc4pyewq5nzw.cloudfront.net/js/ 		5 MB
1 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://d2tc4pyewq5nzw.cloudfront.net/js/app.d27e1815af7a04.js
Requested by
Host: capitalone.vera.com
URL: https://capitalone.vera.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.182.67 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-182-67.ham50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
0079363542ebf3ef19b3e79164926ed8c7b8928ec80623740b31b000cbd2b042

Request headers

Referer
https://capitalone.vera.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 18 May 2020 00:13:45 GMT
Content-Encoding
gzip
Last-Modified
Mon, 13 Apr 2020 06:43:48 GMT
Server
AmazonS3
x-amz-meta-s3cmd-attrs
atime:1586760218/ctime:1586760229/gid:1001/gname:vera/md5:d2b2678167364b1bd7322f0ed0c33124/mode:33204/mtime:1586760218/uid:1001/uname:vera
X-Amz-Cf-Pop
HAM50-C1
Vary
Accept-Encoding
X-Cache
Miss from cloudfront
Content-Type
application/javascript
Via
1.1 acc2c574ca468bfb1281581bb9fd9e8a.cloudfront.net (CloudFront)
Transfer-Encoding
chunked
Connection
keep-alive
X-Amz-Cf-Id
gnOzLGLyjQ9ySCPLjnXqJVHSh-TtSYbf1uuaUeQlimVN9ZHcmPfCqw==
mapbox.css
api.mapbox.com/mapbox.js/v2.4.0/ 		28 KB
10 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://api.mapbox.com/mapbox.js/v2.4.0/mapbox.css
Requested by
Host: capitalone.vera.com
URL: https://capitalone.vera.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.189.193 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-189-193.ham50.r.cloudfront.net
Software
/ Express
Resource Hash
e682a8e18ca34b39cdead590d31a14243b776045571517434222c584738dbf17

Request headers

Referer
https://capitalone.vera.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 08 Apr 2020 00:06:46 GMT
Content-Encoding
gzip
Age
3456418
X-Powered-By
Express
Transfer-Encoding
chunked
X-Cache
Hit from cloudfront
Connection
keep-alive
Access-Control-Allow-Origin
*
Last-Modified
Wed Mar 30 2016 19:54:09 GMT+0000 (Coordinated Universal Time)
ETag
"3ea47f2364a246c2c0471231659bcf29"
Vary
Accept-Encoding
Content-Type
text/css; charset=utf-8
Via
1.1 f1d5d7779515e0233ce392877610b704.cloudfront.net (CloudFront)
Cache-Control
max-age=31536000
X-Amz-Cf-Pop
HAM50-C2
X-Amz-Cf-Id
jwo2Zl1-r9bIoFPnv0wMLo7279ZgHSB1AkhND8AqQCeSVj3W2pyi2Q==
js
maps.google.com/maps/api/ 		114 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maps.google.com/maps/api/js?sensor=true
Requested by
Host: capitalone.vera.com
URL: https://capitalone.vera.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:821::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
mafe /
Resource Hash
f25f5035666d70458a0640f9673d45d0f545a81d2402bc3c86a46063a5221127
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://capitalone.vera.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 18 May 2020 00:13:43 GMT
content-encoding
gzip
vary
Accept-Language
server
mafe
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
status
200
cache-control
public, max-age=1800
server-timing
gfet4t7; dur=11
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38345
x-xss-protection
0
expires
Mon, 18 May 2020 00:43:43 GMT
capitalone.vera.com
capitalone.vera.com/api/tenant/discover/ 		69 B
313 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capitalone.vera.com/api/tenant/discover/capitalone.vera.com
Requested by
Host: d2tc4pyewq5nzw.cloudfront.net
URL: https://d2tc4pyewq5nzw.cloudfront.net/js/app.d27e1815af7a04.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2606:4700::6810:e8e5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
33251dba2aef295bcf16255df4021121f65aab65108da4e5caeb5cbe4cba4eeb
Security Headers
Name Value
Content-Security-Policy default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data: blob: http://127.0.0.1:43421
Strict-Transport-Security max-age=60
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept
*/*
Referer
https://capitalone.vera.com/
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 18 May 2020 00:13:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
status
200
x-xss-protection
1
x-vera-id
59515fd59de5c2f4-FRA
server
cloudflare
x-frame-options
SAMEORIGIN
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=60
access-control-allow-methods
GET,POST,PUT,DELETE,OPTIONS
content-type
application/json
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
content-security-policy
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data: blob: http://127.0.0.1:43421
cf-request-id
02c6ba397b0000c2f4c495c200000001
cf-ray
59515fd59de5c2f4-FRA
access-control-allow-headers
Content-Type, Authorization
expires
Thu, 01 Jan 1970 00:00:00 UTC
bootstrap
capitalone.vera.com/api/portal/ 		28 KB
21 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://capitalone.vera.com/api/portal/bootstrap
Requested by
Host: d2tc4pyewq5nzw.cloudfront.net
URL: https://d2tc4pyewq5nzw.cloudfront.net/js/app.d27e1815af7a04.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2606:4700::6810:e8e5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2375a4035409bb2297fa5bd0500e22e5f84add79187a0af07563262676bd4725
Security Headers
Name Value
Content-Security-Policy default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data: blob: http://127.0.0.1:43421
Strict-Transport-Security max-age=60
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept
*/*
Referer
https://capitalone.vera.com/
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 18 May 2020 00:13:49 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
status
200
x-xss-protection
1
x-vera-id
59515fda4d13c2f4-FRA
server
cloudflare
x-frame-options
SAMEORIGIN
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=60
access-control-allow-methods
GET,POST,PUT,DELETE,OPTIONS
content-type
application/json
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
content-security-policy
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data: blob: http://127.0.0.1:43421
cf-request-id
02c6ba3c690000c2f4c4992200000001
cf-ray
59515fda4d13c2f4-FRA
access-control-allow-headers
Content-Type, Authorization
expires
Thu, 01 Jan 1970 00:00:00 UTC
index.html
capitalone.vera.com/res/authinit/ Frame AE92 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://capitalone.vera.com/res/authinit/index.html?source=portal
Requested by
Host: d2tc4pyewq5nzw.cloudfront.net
URL: https://d2tc4pyewq5nzw.cloudfront.net/js/app.d27e1815af7a04.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2606:4700::6810:e8e5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fd743afc3b136fed83471c547e6fb8b57b25e2b4ffead7f08b36a8c7b9d5f336
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

:method
GET
:authority
capitalone.vera.com
:scheme
https
:path
/res/authinit/index.html?source=portal
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
same-origin
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://capitalone.vera.com/login
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
__cfduid=d3fcfc60fe17355c5f32a1448afb2c5e21589760822
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://capitalone.vera.com/login

Response headers

status
200
date
Mon, 18 May 2020 00:13:50 GMT
content-type
text/html; charset=UTF-8
cache-control
no-cache, no-store, must-revalidate
x-frame-options
SAMEORIGIN
x-xss-protection
1
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
59515fe02d61c2f4-FRA
content-encoding
gzip
cf-request-id
02c6ba40180000c2f4c49e2200000001
54d60d9c9928fa46d6ed.css
capitalone.vera.com/res/authinit/ Frame AE92 		417 KB
66 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://capitalone.vera.com/res/authinit/54d60d9c9928fa46d6ed.css
Requested by
Host: capitalone.vera.com
URL: https://capitalone.vera.com/res/authinit/index.html?source=portal
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2606:4700::6810:e8e5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
59f4f8dde5a8123ced710ff18492cbb052455f304b491c49f443322fe8035aa1
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Referer
https://capitalone.vera.com/res/authinit/index.html?source=portal
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 18 May 2020 00:13:50 GMT
content-encoding
gzip
vary
Accept-Encoding
cf-cache-status
HIT
age
866055
status
200
cf-request-id
02c6ba42ef0000c2f4c4a24200000001
server
cloudflare
etag
W/"68506"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options
SAMEORIGIN
content-type
text/css
x-xss-protection
1
cache-control
public, max-age=31536000
cf-ray
59515fe4bc3ac2f4-FRA
expires
Tue, 18 May 2021 00:13:50 GMT
54d60d9c9928fa46d6ed.js
capitalone.vera.com/res/authinit/ Frame AE92 		3 MB
681 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://capitalone.vera.com/res/authinit/54d60d9c9928fa46d6ed.js
Requested by
Host: capitalone.vera.com
URL: https://capitalone.vera.com/res/authinit/index.html?source=portal
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2606:4700::6810:e8e5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
24d3f37115614538d798538d6c58abd37f6020b42d613882ea5a7b3fa508033b
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Referer
https://capitalone.vera.com/res/authinit/index.html?source=portal
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 18 May 2020 00:13:50 GMT
content-encoding
gzip
vary
Accept-Encoding
cf-cache-status
HIT
age
173064
status
200
cf-request-id
02c6ba42f00000c2f4c4a25200000001
server
cloudflare
etag
W/"2a77bd"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options
SAMEORIGIN
content-type
text/javascript
x-xss-protection
1
cache-control
public, max-age=31536000
cf-ray
59515fe4bc3bc2f4-FRA
expires
Tue, 18 May 2021 00:13:50 GMT
platform
capitalone.vera.com/api/portal/access/ Frame AE92 		0
132 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capitalone.vera.com/api/portal/access/platform
Requested by
Host: capitalone.vera.com
URL: https://capitalone.vera.com/res/authinit/54d60d9c9928fa46d6ed.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2606:4700::6810:e8e5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data: blob: http://127.0.0.1:43421
Strict-Transport-Security max-age=60
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept
application/json
Referer
https://capitalone.vera.com/res/authinit/index.html?source=portal
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
application/json

Response headers

date
Mon, 18 May 2020 00:13:51 GMT
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
status
200
content-length
0
x-xss-protection
1
x-vera-id
59515fe8b99ac2f4-FRA
server
cloudflare
x-frame-options
SAMEORIGIN
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=60
access-control-allow-methods
GET,POST,PUT,DELETE,OPTIONS
content-type
text/plain; charset=UTF-8
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
content-security-policy
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data: blob: http://127.0.0.1:43421
cf-request-id
02c6ba45710000c2f4c4a42200000001
cf-ray
59515fe8b99ac2f4-FRA
access-control-allow-headers
Content-Type, Authorization
expires
Thu, 01 Jan 1970 00:00:00 UTC
ssession
capitalone.vera.com/api/ Frame AE92 		485 B
451 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capitalone.vera.com/api/ssession?enc=hex&ts=1589760831101
Requested by
Host: capitalone.vera.com
URL: https://capitalone.vera.com/res/authinit/54d60d9c9928fa46d6ed.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2606:4700::6810:e8e5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9136b52e43f8d5134ff79506b4f999074f2192e2eb8010205a1e430177a04b2b
Security Headers
Name Value
Content-Security-Policy default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data: blob: http://127.0.0.1:43421
Strict-Transport-Security max-age=60
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept
application/json
Referer
https://capitalone.vera.com/res/authinit/index.html?source=portal
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
application/json

Response headers

date
Mon, 18 May 2020 00:13:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
status
200
x-xss-protection
1
x-vera-id
59515fea6ba4c2f4-FRA
server
cloudflare
x-frame-options
SAMEORIGIN
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=60
access-control-allow-methods
GET,POST,PUT,DELETE,OPTIONS
content-type
application/json
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
content-security-policy
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data: blob: http://127.0.0.1:43421
cf-request-id
02c6ba467f0000c2f4c4a48200000001
cf-ray
59515fea6ba4c2f4-FRA
access-control-allow-headers
Content-Type, Authorization
expires
Thu, 01 Jan 1970 00:00:00 UTC
bootstrap
capitalone.vera.com/api/portal/ Frame AE92 		28 KB
21 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://capitalone.vera.com/api/portal/bootstrap
Requested by
Host: capitalone.vera.com
URL: https://capitalone.vera.com/res/authinit/54d60d9c9928fa46d6ed.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2606:4700::6810:e8e5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2375a4035409bb2297fa5bd0500e22e5f84add79187a0af07563262676bd4725
Security Headers
Name Value
Content-Security-Policy default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data: blob: http://127.0.0.1:43421
Strict-Transport-Security max-age=60
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept
application/json
Referer
https://capitalone.vera.com/res/authinit/index.html?source=portal
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
application/json

Response headers

date
Mon, 18 May 2020 00:13:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
status
200
x-xss-protection
1
x-vera-id
59515fefaa8cc2f4-FRA
server
cloudflare
x-frame-options
SAMEORIGIN
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=60
access-control-allow-methods
GET,POST,PUT,DELETE,OPTIONS
content-type
application/json
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
content-security-policy
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data: blob: http://127.0.0.1:43421
cf-request-id
02c6ba49ca0000c2f4c4a6c200000001
cf-ray
59515fefaa8cc2f4-FRA
access-control-allow-headers
Content-Type, Authorization
expires
Thu, 01 Jan 1970 00:00:00 UTC
common.js
maps.google.com/maps-api-v3/api/js/40/12/ 		77 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maps.google.com/maps-api-v3/api/js/40/12/common.js
Requested by
Host: maps.google.com
URL: https://maps.google.com/maps/api/js?sensor=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:821::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
577883ab78d528858b4661d48c37c13fef4d1a5d3ead50c068bdd7a0006b6a29
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://capitalone.vera.com/login
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 06 May 2020 19:54:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 05 May 2020 00:16:35 GMT
server
sffe
age
965969
vary
Accept-Encoding, Origin
content-type
text/javascript
status
200
cache-control
public, max-age=31536000
accept-ranges
bytes
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
29052
x-xss-protection
0
expires
Thu, 06 May 2021 19:54:23 GMT
util.js
maps.google.com/maps-api-v3/api/js/40/12/ 		144 KB
53 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maps.google.com/maps-api-v3/api/js/40/12/util.js
Requested by
Host: maps.google.com
URL: https://maps.google.com/maps/api/js?sensor=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:821::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8f6a9caa0a8dc7e1fe441797afed2828f72d394d008b780492b8bc00d7d31b0c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://capitalone.vera.com/login
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 06 May 2020 19:54:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 05 May 2020 00:16:35 GMT
server
sffe
age
965969
vary
Accept-Encoding, Origin
content-type
text/javascript
status
200
cache-control
public, max-age=31536000
accept-ranges
bytes
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
54116
x-xss-protection
0
expires
Thu, 06 May 2021 19:54:23 GMT
AuthenticationService.Authenticate
maps.googleapis.com/maps/api/js/ 		62 B
490 B 		Script
General
Check archive.org
Download Go to
Full URL
https://maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate?1shttps%3A%2F%2Fcapitalone.vera.com%2Flogin&5shttps%3A%2F%2Fcapitalone.vera.com%2Flogin&callback=_xdc_._oyv46k&token=51717
Requested by
Host: maps.google.com
URL: https://maps.google.com/maps-api-v3/api/js/40/12/common.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
mafe /
Resource Hash
18ef26b86333db62301e2d52d493828d7b88e87dddfef329b9f4d82c7c1c625c
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://capitalone.vera.com/login
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 18 May 2020 00:13:52 GMT
content-encoding
gzip
server
mafe
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
status
200
cache-control
no-cache, must-revalidate
content-disposition
attachment
server-timing
gfet4t7; dur=3
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
63
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
truncated
/ Frame AE92 		20 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a1cf35d1f8bb939918b594c4e8397ed5231f113e5bbfc2e0fa969ac0c880a645

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
icon-email.png
capitalone.vera.com/res/authinit/images/ Frame AE92 		364 B
541 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://capitalone.vera.com/res/authinit/images/icon-email.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2606:4700::6810:e8e5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0712eddbde7c6c23bb09bd7d112890bece339d4f9c270ffef1f2ce519cc3c378
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Referer
https://capitalone.vera.com/res/authinit/index.html?source=portal
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 18 May 2020 00:13:52 GMT
vary
Accept-Encoding
cf-cache-status
HIT
age
866052
cf-polished
origSize=1235
status
200
content-length
364
x-xss-protection
1
cf-bgj
imgq:100,h2pri
server
cloudflare
etag
"4d3"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
public, max-age=31536000
cf-request-id
02c6ba4d570000c2f4c4a90200000001
accept-ranges
bytes
cf-ray
59515ff55a1cc2f4-FRA
expires
Tue, 18 May 2021 00:13:52 GMT

Verdicts & Comments Add Verdict or Comment

27 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate object| __core-js_shared__ object| core object| global object| System function| asap function| Observable function| setImmediate function| clearImmediate object| regeneratorRuntime boolean| _babelPolyfill function| VeraIDK function| VeraEDK function| mobileLayout function| androidLayout function| Velocity function| enableLogs function| disableLogs object| L function| jQuery object| dust function| $ object| google object| module$contents$MapsEvent_MapsEvent object| module$contents$mapsapi$overlay$OverlayView_OverlayView object| _xdc_

1 Cookies

Domain/Path Name / Value
.vera.com/ Name: __cfduid
Value: d3fcfc60fe17355c5f32a1448afb2c5e21589760822

2 Console Messages

Source Level URL
Text
console-api warning URL: https://maps.google.com/maps-api-v3/api/js/40/12/util.js(Line 233)
Message:
Google Maps JavaScript API warning: NoApiKeys https://developers.google.com/maps/documentation/javascript/error-messages#no-api-keys
console-api warning URL: https://maps.google.com/maps-api-v3/api/js/40/12/util.js(Line 233)
Message:
Google Maps JavaScript API warning: SensorNotRequired https://developers.google.com/maps/documentation/javascript/error-messages#sensor-not-required

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data: blob: http://127.0.0.1:43421
Strict-Transport-Security max-age=60
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.mapbox.com
capitalone.vera.com
d2tc4pyewq5nzw.cloudfront.net
maps.google.com
maps.googleapis.com
2606:4700::6810:e8e5
2a00:1450:4001:820::200a
2a00:1450:4001:821::200e
52.222.182.67
52.222.189.193
0079363542ebf3ef19b3e79164926ed8c7b8928ec80623740b31b000cbd2b042
0712eddbde7c6c23bb09bd7d112890bece339d4f9c270ffef1f2ce519cc3c378
18ef26b86333db62301e2d52d493828d7b88e87dddfef329b9f4d82c7c1c625c
2375a4035409bb2297fa5bd0500e22e5f84add79187a0af07563262676bd4725
24d3f37115614538d798538d6c58abd37f6020b42d613882ea5a7b3fa508033b
27eaf2b500f5abf75a167ea85e177c490cc903eb526c38f5ccd13b74f84ed0c3
33251dba2aef295bcf16255df4021121f65aab65108da4e5caeb5cbe4cba4eeb
577883ab78d528858b4661d48c37c13fef4d1a5d3ead50c068bdd7a0006b6a29
59f4f8dde5a8123ced710ff18492cbb052455f304b491c49f443322fe8035aa1
8d1d830acff98d5b5959656aecc22e24c10cd89e9bc8924d844c7bf47b00ca9c
8f6a9caa0a8dc7e1fe441797afed2828f72d394d008b780492b8bc00d7d31b0c
9136b52e43f8d5134ff79506b4f999074f2192e2eb8010205a1e430177a04b2b
a1cf35d1f8bb939918b594c4e8397ed5231f113e5bbfc2e0fa969ac0c880a645
a53dc065ec156e859645d6557d2dbb3fa24cd7c29fdb3fe05a116dd30bd34be1
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e682a8e18ca34b39cdead590d31a14243b776045571517434222c584738dbf17
f25f5035666d70458a0640f9673d45d0f545a81d2402bc3c86a46063a5221127
fd743afc3b136fed83471c547e6fb8b57b25e2b4ffead7f08b36a8c7b9d5f336