urlscan.io logo urlscan.io
SecurityTrails logo

customerportal.cardcomplete.com Open in urlscan Pro
99.86.4.5  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://customerportal.cardcomplete.com/
Effective URL: https://customerportal.cardcomplete.com/
Submission: On June 14 via manual from IT — Scanned from IT
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 10 HTTP transactions. The main IP is 99.86.4.5, located in United States and belongs to AMAZON-02, US. The main domain is customerportal.cardcomplete.com.
TLS certificate: Issued by Amazon RSA 2048 M02 on February 28th 2023. Valid for: 7 months.
This is the only time customerportal.cardcomplete.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 99.86.4.12 16509 (AMAZON-02)
10 99.86.4.5 16509 (AMAZON-02)
10 1
Apex Domain
Subdomains		 Transfer
11 cardcomplete.com
customerportal.cardcomplete.com
2 MB
10 1
Domain Requested by
11 customerportal.cardcomplete.com 1 redirects customerportal.cardcomplete.com
10 1

This site contains links to these domains. Also see Links.

Domain
storeidentifier.customerportal.cardcomplete.com
www.cardcomplete.com
Subject Issuer Validity Valid
customerportal.cardcomplete.com
Amazon RSA 2048 M02		 2023-02-28 -
2023-09-14		 7 months crt.sh

This page contains 1 frames:

Primary Page: https://customerportal.cardcomplete.com/
Frame ID: EBCE684BC6D27F1F2CCD43358EBB6E32
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

complete Control

Page URL History Show full URLs

  1. http://customerportal.cardcomplete.com/ HTTP 301
    https://customerportal.cardcomplete.com/ Page URL

Page Statistics

10
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

2122 kB
Transfer

4714 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://customerportal.cardcomplete.com/ HTTP 301
    https://customerportal.cardcomplete.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
customerportal.cardcomplete.com/
Redirect Chain
  • http://customerportal.cardcomplete.com/
  • https://customerportal.cardcomplete.com/
2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://customerportal.cardcomplete.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-5.fra6.r.cloudfront.net
Software
server /
Resource Hash
b19535123c17eb15ea1b18b197894a9256b6dbeb40cca46bc194350a867fa136
Security Headers
Name Value
Content-Security-Policy default-src 'none'; font-src 'self' fonts.gstatic.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; connect-src 'self'; img-src 'self' www.gstatic.com cf.api.cardcomplete.opentech.com maps.googleapis.com data:; style-src 'self' 'unsafe-inline' www.gstatic.com blob:; manifest-src 'self'; frame-src 'self' www.google.com; frame-ancestors 'self' https://customerportal.cardcomplete.com https://adminportal.cardcomplete.com;
Strict-Transport-Security max-age=7776000
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://customerportal.cardcomplete.com
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
it-IT,it;q=0.9

Response headers

age
22
cache-control
max-age=0 no-cache="set-cookie"
content-encoding
gzip
content-security-policy
default-src 'none'; font-src 'self' fonts.gstatic.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; connect-src 'self'; img-src 'self' www.gstatic.com cf.api.cardcomplete.opentech.com maps.googleapis.com data:; style-src 'self' 'unsafe-inline' www.gstatic.com blob:; manifest-src 'self'; frame-src 'self' www.google.com; frame-ancestors 'self' https://customerportal.cardcomplete.com https://adminportal.cardcomplete.com;
content-type
text/html; charset=UTF-8
date
Wed, 14 Jun 2023 08:59:43 GMT
etag
W/"1735-1684748456000"
expires
Wed, 14 Jun 2023 08:59:44 GMT
last-modified
Mon, 22 May 2023 09:40:56 GMT
referrer-policy
no-referrer-when-downgrade
server
server
strict-transport-security
max-age=7776000
vary
Accept-Encoding
via
1.1 9bca546700a965c9c77ef5b8dbe65cc4.cloudfront.net (CloudFront)
x-amz-cf-id
VHHa3DnC-Pz9lNKotLjyxpXyIoGmcnE56q7lgA1kvfjWQ5f49CF7Zw==
x-amz-cf-pop
FRA6-C1
x-cache
Hit from cloudfront
x-content-type-options
nosniff
x-frame-options
ALLOW-FROM https://customerportal.cardcomplete.com
x-xss-protection
1; mode=block

Redirect headers

Connection
keep-alive
Content-Length
167
Content-Type
text/html
Date
Wed, 14 Jun 2023 09:00:06 GMT
Location
https://customerportal.cardcomplete.com/
Server
CloudFront
Via
1.1 a350f357b825293e306b1b0a2cb490c0.cloudfront.net (CloudFront)
X-Amz-Cf-Id
3oVz0NAYICKnSNg5PuGVMWL3mkMjNIR18GMx1n6f43mxbbhyXyi2nA==
X-Amz-Cf-Pop
FRA6-C1
X-Cache
Redirect from cloudfront
main.js
customerportal.cardcomplete.com/static/js/ 		4 MB
2 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://customerportal.cardcomplete.com/static/js/main.js
Requested by
Host: customerportal.cardcomplete.com
URL: https://customerportal.cardcomplete.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-5.fra6.r.cloudfront.net
Software
server /
Resource Hash
c09117f3f908f0f13790409e3ca88082c7b908f217a76724ae1e888446a7a773
Security Headers
Name Value
Content-Security-Policy default-src 'none'; font-src 'self' fonts.gstatic.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; connect-src 'self'; img-src 'self' www.gstatic.com cf.api.cardcomplete.opentech.com maps.googleapis.com data:; style-src 'self' 'unsafe-inline' www.gstatic.com blob:; manifest-src 'self'; frame-src 'self' www.google.com; frame-ancestors 'self' https://customerportal.cardcomplete.com https://adminportal.cardcomplete.com;
Strict-Transport-Security max-age=7776000
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://customerportal.cardcomplete.com
X-Xss-Protection 1; mode=block

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://customerportal.cardcomplete.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-security-policy
default-src 'none'; font-src 'self' fonts.gstatic.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; connect-src 'self'; img-src 'self' www.gstatic.com cf.api.cardcomplete.opentech.com maps.googleapis.com data:; style-src 'self' 'unsafe-inline' www.gstatic.com blob:; manifest-src 'self'; frame-src 'self' www.google.com; frame-ancestors 'self' https://customerportal.cardcomplete.com https://adminportal.cardcomplete.com;
date
Wed, 14 Jun 2023 08:59:55 GMT
content-encoding
gzip
strict-transport-security
max-age=7776000
via
1.1 9bca546700a965c9c77ef5b8dbe65cc4.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
FRA6-C1
age
11
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 22 May 2023 09:40:56 GMT
server
server
etag
W/"4248916-1684748456000"
x-frame-options
ALLOW-FROM https://customerportal.cardcomplete.com
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=0, no-cache="set-cookie"
x-amz-cf-id
eRH9pvBEW24jf1VuNbuVeirjiGIWMqCBKrbu-NbV9tm-MK6UdHbY2w==
expires
Wed, 14 Jun 2023 08:59:55 GMT
cc-logo-web.261badff.svg
customerportal.cardcomplete.com/static/media/ 		31 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://customerportal.cardcomplete.com/static/media/cc-logo-web.261badff.svg
Requested by
Host: customerportal.cardcomplete.com
URL: https://customerportal.cardcomplete.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-5.fra6.r.cloudfront.net
Software
server /
Resource Hash
809a70a0bf8a97421bcd1fa8f05feb4cf45d263fc8e417c8921fc1245d7b3a83
Security Headers
Name Value
Content-Security-Policy default-src 'none'; font-src 'self' fonts.gstatic.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; connect-src 'self'; img-src 'self' www.gstatic.com cf.api.cardcomplete.opentech.com maps.googleapis.com data:; style-src 'self' 'unsafe-inline' www.gstatic.com blob:; manifest-src 'self'; frame-src 'self' www.google.com; frame-ancestors 'self' https://customerportal.cardcomplete.com https://adminportal.cardcomplete.com;
Strict-Transport-Security max-age=7776000
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://customerportal.cardcomplete.com
X-Xss-Protection 1; mode=block

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://customerportal.cardcomplete.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-security-policy
default-src 'none'; font-src 'self' fonts.gstatic.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; connect-src 'self'; img-src 'self' www.gstatic.com cf.api.cardcomplete.opentech.com maps.googleapis.com data:; style-src 'self' 'unsafe-inline' www.gstatic.com blob:; manifest-src 'self'; frame-src 'self' www.google.com; frame-ancestors 'self' https://customerportal.cardcomplete.com https://adminportal.cardcomplete.com;
date
Wed, 14 Jun 2023 09:00:07 GMT
content-encoding
gzip
strict-transport-security
max-age=7776000
via
1.1 9bca546700a965c9c77ef5b8dbe65cc4.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
FRA6-C1
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 22 May 2023 09:40:56 GMT
server
server
etag
W/"31557-1684748456000"
x-frame-options
ALLOW-FROM https://customerportal.cardcomplete.com
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=0, no-cache="set-cookie"
x-amz-cf-id
YblljC9cCvXqcCTeBJB81pNhrTdpgW-3kmRPLUQQrG6y5dsvJcL2WA==
expires
Wed, 14 Jun 2023 09:00:07 GMT
cc-icon-container-language-en.c60ba0fa.svg
customerportal.cardcomplete.com/static/media/ 		4 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://customerportal.cardcomplete.com/static/media/cc-icon-container-language-en.c60ba0fa.svg
Requested by
Host: customerportal.cardcomplete.com
URL: https://customerportal.cardcomplete.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-5.fra6.r.cloudfront.net
Software
server /
Resource Hash
52a2a2b5813b8da856f8a5587ebd0d97bcde2e64d8828431cfbcd3f99a735a10
Security Headers
Name Value
Content-Security-Policy default-src 'none'; font-src 'self' fonts.gstatic.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; connect-src 'self'; img-src 'self' www.gstatic.com cf.api.cardcomplete.opentech.com maps.googleapis.com data:; style-src 'self' 'unsafe-inline' www.gstatic.com blob:; manifest-src 'self'; frame-src 'self' www.google.com; frame-ancestors 'self' https://customerportal.cardcomplete.com https://adminportal.cardcomplete.com;
Strict-Transport-Security max-age=7776000
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://customerportal.cardcomplete.com
X-Xss-Protection 1; mode=block

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://customerportal.cardcomplete.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-security-policy
default-src 'none'; font-src 'self' fonts.gstatic.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; connect-src 'self'; img-src 'self' www.gstatic.com cf.api.cardcomplete.opentech.com maps.googleapis.com data:; style-src 'self' 'unsafe-inline' www.gstatic.com blob:; manifest-src 'self'; frame-src 'self' www.google.com; frame-ancestors 'self' https://customerportal.cardcomplete.com https://adminportal.cardcomplete.com;
date
Wed, 14 Jun 2023 09:00:07 GMT
content-encoding
gzip
strict-transport-security
max-age=7776000
via
1.1 9bca546700a965c9c77ef5b8dbe65cc4.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
FRA6-C1
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 22 May 2023 09:40:56 GMT
server
server
etag
W/"4520-1684748456000"
x-frame-options
ALLOW-FROM https://customerportal.cardcomplete.com
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=0, no-cache="set-cookie"
x-amz-cf-id
ZyWcmIHexd0yb42gS8748Mqqpm1_B9zGhhS2LKm8fLKtFua2zSaxMA==
expires
Wed, 14 Jun 2023 09:00:07 GMT
cc-store-ios.670c21b4.svg
customerportal.cardcomplete.com/static/media/ 		21 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://customerportal.cardcomplete.com/static/media/cc-store-ios.670c21b4.svg
Requested by
Host: customerportal.cardcomplete.com
URL: https://customerportal.cardcomplete.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-5.fra6.r.cloudfront.net
Software
server /
Resource Hash
5ec6e7a8a32e5e6cd178e3cea13fb3aa9c5d494cc21f9b91c9a8ad1cb7413d31
Security Headers
Name Value
Content-Security-Policy default-src 'none'; font-src 'self' fonts.gstatic.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; connect-src 'self'; img-src 'self' www.gstatic.com cf.api.cardcomplete.opentech.com maps.googleapis.com data:; style-src 'self' 'unsafe-inline' www.gstatic.com blob:; manifest-src 'self'; frame-src 'self' www.google.com; frame-ancestors 'self' https://customerportal.cardcomplete.com https://adminportal.cardcomplete.com;
Strict-Transport-Security max-age=7776000
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://customerportal.cardcomplete.com
X-Xss-Protection 1; mode=block

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://customerportal.cardcomplete.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-security-policy
default-src 'none'; font-src 'self' fonts.gstatic.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; connect-src 'self'; img-src 'self' www.gstatic.com cf.api.cardcomplete.opentech.com maps.googleapis.com data:; style-src 'self' 'unsafe-inline' www.gstatic.com blob:; manifest-src 'self'; frame-src 'self' www.google.com; frame-ancestors 'self' https://customerportal.cardcomplete.com https://adminportal.cardcomplete.com;
date
Wed, 14 Jun 2023 09:00:07 GMT
content-encoding
gzip
strict-transport-security
max-age=7776000
via
1.1 9bca546700a965c9c77ef5b8dbe65cc4.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
FRA6-C1
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 22 May 2023 09:40:56 GMT
server
server
etag
W/"21589-1684748456000"
x-frame-options
ALLOW-FROM https://customerportal.cardcomplete.com
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=0, no-cache="set-cookie"
x-amz-cf-id
64r7I9-WhKrzZhtK5ACfXzyNWKPXXYpoxKfR_fmcUeCnGlPUqxyWxw==
expires
Wed, 14 Jun 2023 09:00:07 GMT
cc-store-android.5f8fde63.svg
customerportal.cardcomplete.com/static/media/ 		14 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://customerportal.cardcomplete.com/static/media/cc-store-android.5f8fde63.svg
Requested by
Host: customerportal.cardcomplete.com
URL: https://customerportal.cardcomplete.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-5.fra6.r.cloudfront.net
Software
server /
Resource Hash
7ace308f036246db367b708860ec88e74ae762089f739eab39a2bb5661df79aa
Security Headers
Name Value
Content-Security-Policy default-src 'none'; font-src 'self' fonts.gstatic.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; connect-src 'self'; img-src 'self' www.gstatic.com cf.api.cardcomplete.opentech.com maps.googleapis.com data:; style-src 'self' 'unsafe-inline' www.gstatic.com blob:; manifest-src 'self'; frame-src 'self' www.google.com; frame-ancestors 'self' https://customerportal.cardcomplete.com https://adminportal.cardcomplete.com;
Strict-Transport-Security max-age=7776000
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://customerportal.cardcomplete.com
X-Xss-Protection 1; mode=block

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://customerportal.cardcomplete.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-security-policy
default-src 'none'; font-src 'self' fonts.gstatic.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; connect-src 'self'; img-src 'self' www.gstatic.com cf.api.cardcomplete.opentech.com maps.googleapis.com data:; style-src 'self' 'unsafe-inline' www.gstatic.com blob:; manifest-src 'self'; frame-src 'self' www.google.com; frame-ancestors 'self' https://customerportal.cardcomplete.com https://adminportal.cardcomplete.com;
date
Wed, 14 Jun 2023 09:00:07 GMT
content-encoding
gzip
strict-transport-security
max-age=7776000
via
1.1 9bca546700a965c9c77ef5b8dbe65cc4.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
FRA6-C1
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 22 May 2023 09:40:56 GMT
server
server
etag
W/"14591-1684748456000"
x-frame-options
ALLOW-FROM https://customerportal.cardcomplete.com
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=0, no-cache="set-cookie"
x-amz-cf-id
zRgwIoesudcAfE_GB3iL6gLifJS_lk1Ev9tijrsySvOXoQI66-GdeA==
expires
Wed, 14 Jun 2023 09:00:07 GMT
cc-store-harmony.44a6f466.svg
customerportal.cardcomplete.com/static/media/ 		44 KB
33 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://customerportal.cardcomplete.com/static/media/cc-store-harmony.44a6f466.svg
Requested by
Host: customerportal.cardcomplete.com
URL: https://customerportal.cardcomplete.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-5.fra6.r.cloudfront.net
Software
server /
Resource Hash
5f3c00a4b33ed7309818176922555a4ee75fb3990c717b674f437452c255a113
Security Headers
Name Value
Content-Security-Policy default-src 'none'; font-src 'self' fonts.gstatic.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; connect-src 'self'; img-src 'self' www.gstatic.com cf.api.cardcomplete.opentech.com maps.googleapis.com data:; style-src 'self' 'unsafe-inline' www.gstatic.com blob:; manifest-src 'self'; frame-src 'self' www.google.com; frame-ancestors 'self' https://customerportal.cardcomplete.com https://adminportal.cardcomplete.com;
Strict-Transport-Security max-age=7776000
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://customerportal.cardcomplete.com
X-Xss-Protection 1; mode=block

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://customerportal.cardcomplete.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-security-policy
default-src 'none'; font-src 'self' fonts.gstatic.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; connect-src 'self'; img-src 'self' www.gstatic.com cf.api.cardcomplete.opentech.com maps.googleapis.com data:; style-src 'self' 'unsafe-inline' www.gstatic.com blob:; manifest-src 'self'; frame-src 'self' www.google.com; frame-ancestors 'self' https://customerportal.cardcomplete.com https://adminportal.cardcomplete.com;
date
Wed, 14 Jun 2023 09:00:07 GMT
content-encoding
gzip
strict-transport-security
max-age=7776000
via
1.1 9bca546700a965c9c77ef5b8dbe65cc4.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
FRA6-C1
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 22 May 2023 09:40:56 GMT
server
server
etag
W/"45043-1684748456000"
x-frame-options
ALLOW-FROM https://customerportal.cardcomplete.com
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=0, no-cache="set-cookie"
x-amz-cf-id
rtIqevpV4-RnKDZRZZK-r5MBXWrULY6xICHBrTOR7PSGxB4r8TDTmA==
expires
Wed, 14 Jun 2023 09:00:07 GMT
cc-login-image-updated.d092c1bd.jpg
customerportal.cardcomplete.com/static/media/ 		311 KB
313 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://customerportal.cardcomplete.com/static/media/cc-login-image-updated.d092c1bd.jpg
Requested by
Host: customerportal.cardcomplete.com
URL: https://customerportal.cardcomplete.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-5.fra6.r.cloudfront.net
Software
server /
Resource Hash
895081c73da2a2f7a3d493429656d0399b05a731aa0e7c525d974d526d0affb4
Security Headers
Name Value
Content-Security-Policy default-src 'none'; font-src 'self' fonts.gstatic.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; connect-src 'self'; img-src 'self' www.gstatic.com cf.api.cardcomplete.opentech.com maps.googleapis.com data:; style-src 'self' 'unsafe-inline' www.gstatic.com blob:; manifest-src 'self'; frame-src 'self' www.google.com; frame-ancestors 'self' https://customerportal.cardcomplete.com https://adminportal.cardcomplete.com;
Strict-Transport-Security max-age=7776000
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://customerportal.cardcomplete.com
X-Xss-Protection 1; mode=block

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://customerportal.cardcomplete.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-security-policy
default-src 'none'; font-src 'self' fonts.gstatic.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; connect-src 'self'; img-src 'self' www.gstatic.com cf.api.cardcomplete.opentech.com maps.googleapis.com data:; style-src 'self' 'unsafe-inline' www.gstatic.com blob:; manifest-src 'self'; frame-src 'self' www.google.com; frame-ancestors 'self' https://customerportal.cardcomplete.com https://adminportal.cardcomplete.com;
date
Wed, 14 Jun 2023 09:00:06 GMT
x-content-type-options
nosniff
strict-transport-security
max-age=7776000
via
1.1 9bca546700a965c9c77ef5b8dbe65cc4.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1
x-cache
Miss from cloudfront
content-length
318593
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 22 May 2023 09:40:56 GMT
server
server
etag
W/"318593-1684748456000"
x-frame-options
ALLOW-FROM https://customerportal.cardcomplete.com
content-type
image/jpeg
cache-control
max-age=0, no-cache="set-cookie"
accept-ranges
bytes
x-amz-cf-id
Bqt0Tc3pgDn350wwmP_vcjF4FLErye4js89S4EB23bTqM4lzTalmdg==
expires
Wed, 14 Jun 2023 09:00:07 GMT
OpenSans-Semibold.bbb609cc.woff
customerportal.cardcomplete.com/static/media/ 		68 KB
69 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://customerportal.cardcomplete.com/static/media/OpenSans-Semibold.bbb609cc.woff
Requested by
Host: customerportal.cardcomplete.com
URL: https://customerportal.cardcomplete.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-5.fra6.r.cloudfront.net
Software
server /
Resource Hash
013b47f6cb111c5fa967a664fb93e315ec2296ee46064f13fc74721c10e17515
Security Headers
Name Value
Content-Security-Policy default-src 'none'; font-src 'self' fonts.gstatic.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; connect-src 'self'; img-src 'self' www.gstatic.com cf.api.cardcomplete.opentech.com maps.googleapis.com data:; style-src 'self' 'unsafe-inline' www.gstatic.com blob:; manifest-src 'self'; frame-src 'self' www.google.com; frame-ancestors 'self' https://customerportal.cardcomplete.com https://adminportal.cardcomplete.com;
Strict-Transport-Security max-age=7776000
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://customerportal.cardcomplete.com
X-Xss-Protection 1; mode=block

Request headers

Referer
https://customerportal.cardcomplete.com/
Origin
https://customerportal.cardcomplete.com
accept-language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-security-policy
default-src 'none'; font-src 'self' fonts.gstatic.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; connect-src 'self'; img-src 'self' www.gstatic.com cf.api.cardcomplete.opentech.com maps.googleapis.com data:; style-src 'self' 'unsafe-inline' www.gstatic.com blob:; manifest-src 'self'; frame-src 'self' www.google.com; frame-ancestors 'self' https://customerportal.cardcomplete.com https://adminportal.cardcomplete.com;
date
Wed, 14 Jun 2023 09:00:07 GMT
x-content-type-options
nosniff
strict-transport-security
max-age=7776000
via
1.1 9bca546700a965c9c77ef5b8dbe65cc4.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1
x-cache
Miss from cloudfront
content-length
69892
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 22 May 2023 09:40:56 GMT
server
server
etag
W/"69892-1684748456000"
x-frame-options
ALLOW-FROM https://customerportal.cardcomplete.com
content-type
application/x-font-woff
cache-control
max-age=0, no-cache="set-cookie"
accept-ranges
bytes
x-amz-cf-id
2YkzweyV1cNXigwiq5Fqch9xhRfGrI9q9uqR7fEzNWflZr9hR9dqHg==
expires
Wed, 14 Jun 2023 09:00:07 GMT
OpenSans-Bold.083790a2.woff
customerportal.cardcomplete.com/static/media/ 		69 KB
70 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://customerportal.cardcomplete.com/static/media/OpenSans-Bold.083790a2.woff
Requested by
Host: customerportal.cardcomplete.com
URL: https://customerportal.cardcomplete.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-5.fra6.r.cloudfront.net
Software
server /
Resource Hash
a0b3fed38681a39d8ba49fe0fb740e105693fe66ce59ee1395c7b9c91369eb7d
Security Headers
Name Value
Content-Security-Policy default-src 'none'; font-src 'self' fonts.gstatic.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; connect-src 'self'; img-src 'self' www.gstatic.com cf.api.cardcomplete.opentech.com maps.googleapis.com data:; style-src 'self' 'unsafe-inline' www.gstatic.com blob:; manifest-src 'self'; frame-src 'self' www.google.com; frame-ancestors 'self' https://customerportal.cardcomplete.com https://adminportal.cardcomplete.com;
Strict-Transport-Security max-age=7776000
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://customerportal.cardcomplete.com
X-Xss-Protection 1; mode=block

Request headers

Referer
https://customerportal.cardcomplete.com/
Origin
https://customerportal.cardcomplete.com
accept-language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-security-policy
default-src 'none'; font-src 'self' fonts.gstatic.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; connect-src 'self'; img-src 'self' www.gstatic.com cf.api.cardcomplete.opentech.com maps.googleapis.com data:; style-src 'self' 'unsafe-inline' www.gstatic.com blob:; manifest-src 'self'; frame-src 'self' www.google.com; frame-ancestors 'self' https://customerportal.cardcomplete.com https://adminportal.cardcomplete.com;
date
Wed, 14 Jun 2023 09:00:07 GMT
x-content-type-options
nosniff
strict-transport-security
max-age=7776000
via
1.1 9bca546700a965c9c77ef5b8dbe65cc4.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1
x-cache
Miss from cloudfront
content-length
70192
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 22 May 2023 09:40:56 GMT
server
server
etag
W/"70192-1684748456000"
x-frame-options
ALLOW-FROM https://customerportal.cardcomplete.com
content-type
application/x-font-woff
cache-control
max-age=0, no-cache="set-cookie"
accept-ranges
bytes
x-amz-cf-id
cxqMcDQ6EsrQZu_xvP6JtD0dZF1b3eZ-Cy_UQ_706UKnBqxiV53wIA==
expires
Wed, 14 Jun 2023 09:00:07 GMT

Verdicts & Comments Add Verdict or Comment

18 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| onbeforetoggle object| onscrollend function| JSEncrypt function| setImmediate function| clearImmediate function| swal function| sweetAlert number| 2f1acc6c3a606b082e5eef5e54414ffb object| core object| __core-js_shared__ object| global object| System function| asap function| Observable object| regeneratorRuntime boolean| _babelPolyfill object| cc_web_portal

3 Cookies

Domain/Path Name / Value
customerportal.cardcomplete.com/ Name: UUID
Value: 6b0d1ae0-989c-4ea6-9058-b776812b95ad
customerportal.cardcomplete.com/ Name: AWSELB
Value: 8FD95772D9727A4906333DC5900D2ECF74439A19703DE9598B80499332FB1568CE379BA446EF0027FB4880D8174C014909EE0395C90DF65A5489B761970BAB1685EFEAFB
customerportal.cardcomplete.com/ Name: AWSELBCORS
Value: 8FD95772D9727A4906333DC5900D2ECF74439A19703DE9598B80499332FB1568CE379BA446EF0027FB4880D8174C014909EE0395C90DF65A5489B761970BAB1685EFEAFB

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'none'; font-src 'self' fonts.gstatic.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; connect-src 'self'; img-src 'self' www.gstatic.com cf.api.cardcomplete.opentech.com maps.googleapis.com data:; style-src 'self' 'unsafe-inline' www.gstatic.com blob:; manifest-src 'self'; frame-src 'self' www.google.com; frame-ancestors 'self' https://customerportal.cardcomplete.com https://adminportal.cardcomplete.com;
Strict-Transport-Security max-age=7776000
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://customerportal.cardcomplete.com
X-Xss-Protection 1; mode=block