virtualcards-dev.business.hsbc.com Open in urlscan Pro
63.34.217.29  Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response virtualcards-dev.business.hsbc.com/	30 KB 8 KB	495ms 147ms	Document text/html	63.34.217.29 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://virtualcards-dev.business.hsbc.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 63.34.217.29 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-63-34-217-29.eu-west-1.compute.amazonaws.com Software theros / Resource Hash 9a9150389a488b6d89b24149e7a847be316a033f1c438a1faab210d896469db0 Security Headers Name Value Content-Security-Policy connect-src https://virtualcards-dev.business.hsbc.com https://api.virtualcards-dev.business.hsbc.com https://cards-gateway.eu-west-1.cards.cash.tradeshift.net https://gateway.virtualcards-dev.business.hsbc.com https://data.analytics.tradeshift.com https://sentry.io https://browser-intake-datadoghq.com;frame-ancestors 'self' chrome-extension://*;frame-src 'self' blob: https://www.youtube.com https://marketing.tradeshift.com;img-src 'self' blob: data: https://flagcdn.com/ https://dummyimage.com/ https://res.cloudinary.com/tradeshift-test/image/upload/ https://res.cloudinary.com/tradeshift/image/upload/ https://d5wfroyti11sa.cloudfront.net https://data.analytics.tradeshift.com https://marketing.tradeshift.com;media-src 'none';object-src 'self' blob:;script-src 'self' https://d5wfroyti11sa.cloudfront.net https://marketing.tradeshift.com 'nonce-O0Y6ABKirIfZv3jbUeRrsw==';script-src-attr 'self';default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Response headers Content-Encoding gzip Content-Security-Policy connect-src https://virtualcards-dev.business.hsbc.com https://api.virtualcards-dev.business.hsbc.com https://cards-gateway.eu-west-1.cards.cash.tradeshift.net https://gateway.virtualcards-dev.business.hsbc.com https://data.analytics.tradeshift.com https://sentry.io https://browser-intake-datadoghq.com;frame-ancestors 'self' chrome-extension://*;frame-src 'self' blob: https://www.youtube.com https://marketing.tradeshift.com;img-src 'self' blob: data: https://flagcdn.com/ https://dummyimage.com/ https://res.cloudinary.com/tradeshift-test/image/upload/ https://res.cloudinary.com/tradeshift/image/upload/ https://d5wfroyti11sa.cloudfront.net https://data.analytics.tradeshift.com https://marketing.tradeshift.com;media-src 'none';object-src 'self' blob:;script-src 'self' https://d5wfroyti11sa.cloudfront.net https://marketing.tradeshift.com 'nonce-O0Y6ABKirIfZv3jbUeRrsw==';script-src-attr 'self';default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests Content-Type text/html; charset=utf-8 Cross-Origin-Opener-Policy same-origin Cross-Origin-Resource-Policy same-origin Date Sat, 07 Dec 2024 22:45:39 GMT Etag W/"7653-ueZSQvUY1aKpiKKP6yqLbphx1D0" Origin-Agent-Cluster ?1 Referrer-Policy no-referrer Server theros Strict-Transport-Security max-age=31536000; includeSubDomains Transfer-Encoding chunked Vary Accept-Encoding X-Content-Type-Options nosniff X-Dns-Prefetch-Control off X-Download-Options noopen X-Frame-Options SAMEORIGIN X-Permitted-Cross-Domain-Policies none X-Request-Id 7b8f7851-7c16-476a-b5e4-0ec357267024 X-Xss-Protection 0
GET H2	200	ts-12.2.1.min.css d5wfroyti11sa.cloudfront.net/prod/client/	168 KB 52 KB	717ms 120ms	Stylesheet text/css	18.173.184.8 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://d5wfroyti11sa.cloudfront.net/prod/client/ts-12.2.1.min.css Requested by Host: virtualcards-dev.business.hsbc.com URL: https://virtualcards-dev.business.hsbc.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.173.184.8 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-173-184-8.muc50.r.cloudfront.net Software AmazonS3 / Resource Hash 0a6047c57ee92b024e9ef485d4436209ebd804731716fd624c0a40bb591daf25 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer Response headers access-control-max-age 3000 content-encoding gzip etag "977d29fcfefd8956f435e5716ce18a4c" age 5757454 access-control-allow-methods GET x-cache Hit from cloudfront x-amz-cf-id eSNwMYYd1u3x2MLIKvc8ChN5COmCGwtuSDj3yJ4Lg7CBEbtdEwUOeg== date Wed, 02 Oct 2024 07:28:07 GMT content-type text/css last-modified Mon, 01 Apr 2019 12:50:17 GMT cache-control max-age=29030400, public via 1.1 3d60650fd0c339e18e816ce29f9a0da0.cloudfront.net (CloudFront) accept-ranges bytes access-control-allow-origin * content-length 52711 x-amz-cf-pop MUC50-P4 server AmazonS3
GET H2	200	ts-12.2.1.min.js Show response d5wfroyti11sa.cloudfront.net/prod/client/	702 KB 235 KB	795ms 199ms	Script application/javascript	18.173.184.8 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://d5wfroyti11sa.cloudfront.net/prod/client/ts-12.2.1.min.js Requested by Host: virtualcards-dev.business.hsbc.com URL: https://virtualcards-dev.business.hsbc.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.173.184.8 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-173-184-8.muc50.r.cloudfront.net Software AmazonS3 / Resource Hash 5daa49521ad93ef585e702662acd125be5d1826cc41b18c40ab1919a8fe87d56 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer Response headers access-control-max-age 3000 content-encoding gzip etag "424bfc3912221ff602461eab705e5431" age 468932 access-control-allow-methods GET x-cache Hit from cloudfront x-amz-cf-id Xdf7LU8_1RwHrF6yLzLxJbus93_hCIpiwlb3v87r61ES7x_9FzyWYA== date Mon, 02 Dec 2024 12:30:08 GMT content-type application/javascript last-modified Mon, 01 Apr 2019 12:50:19 GMT cache-control max-age=29030400, public via 1.1 3d60650fd0c339e18e816ce29f9a0da0.cloudfront.net (CloudFront) accept-ranges bytes access-control-allow-origin * content-length 240059 x-amz-cf-pop MUC50-P4 server AmazonS3
GET H2	200	forms2.min.js Show response marketing.tradeshift.com/js/forms2/js/	199 KB 67 KB	846ms 343ms	Script application/x-javascript	104.17.72.206 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://marketing.tradeshift.com/js/forms2/js/forms2.min.js Requested by Host: virtualcards-dev.business.hsbc.com URL: https://virtualcards-dev.business.hsbc.com/ Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.17.72.206 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 0e1bfe53260b5fa35318df2850a20f74c97d41af88b7d233d331811d842f26d3 Security Headers Name Value X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer Response headers cache-control public, max-age=14400 content-encoding gzip cf-cache-status REVALIDATED etag "2e2c0a-31b73-6265f7fe844ce" x-content-type-options nosniff cf-ray 8ee80c1c8d7be456-OTP expires Sun, 08 Dec 2024 02:45:40 GMT date Sat, 07 Dec 2024 22:45:40 GMT content-type application/x-javascript last-modified Fri, 08 Nov 2024 04:51:09 GMT vary Accept-Encoding server cloudflare
GET H/1.1	200 OK	app-6bb21ea81269646bd9dd.css virtualcards-dev.business.hsbc.com/build/	46 KB 5 KB	99ms 99ms	Stylesheet text/css	63.34.217.29 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://virtualcards-dev.business.hsbc.com/build/app-6bb21ea81269646bd9dd.css Requested by Host: virtualcards-dev.business.hsbc.com URL: https://virtualcards-dev.business.hsbc.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 63.34.217.29 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-63-34-217-29.eu-west-1.compute.amazonaws.com Software theros / Resource Hash 529b3584f2e6579264930a8313e3a6f35005a064539e8b5a70ff1a78bc1cab78 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer Response headers X-Request-Id 76ce0d5b-0880-4b4d-9737-23c1f7bbef09 Content-Encoding gzip Etag "675163dc-12ee" Accept-Ranges bytes Content-Length 4846 Date Sat, 07 Dec 2024 22:45:39 GMT Content-Type text/css Last-Modified Thu, 05 Dec 2024 08:27:08 GMT Server theros
GET H/1.1	200 OK	vendor-2a0bc424adcb2a72253f.js Show response virtualcards-dev.business.hsbc.com/build/	7 MB 2 MB	201ms 101ms	Script application/javascript	63.34.217.29 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://virtualcards-dev.business.hsbc.com/build/vendor-2a0bc424adcb2a72253f.js Requested by Host: virtualcards-dev.business.hsbc.com URL: https://virtualcards-dev.business.hsbc.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 63.34.217.29 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-63-34-217-29.eu-west-1.compute.amazonaws.com Software theros / Resource Hash 059290b3d78610007c588d2a1934badcd481117fdba92c6e631da0839edfad11 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer Response headers X-Request-Id 7f3a7673-5edc-4811-9caa-7b384589e445 Content-Encoding gzip Etag "675163dc-1b7a7f" Accept-Ranges bytes Content-Length 1800831 Date Sat, 07 Dec 2024 22:45:39 GMT Content-Type application/javascript Last-Modified Thu, 05 Dec 2024 08:27:08 GMT Server theros
GET H/1.1	200 OK	app-cdaec83a2a80939f313d.js Show response virtualcards-dev.business.hsbc.com/build/	2 MB 1 MB	458ms 185ms	Script application/javascript	63.34.217.29 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://virtualcards-dev.business.hsbc.com/build/app-cdaec83a2a80939f313d.js Requested by Host: virtualcards-dev.business.hsbc.com URL: https://virtualcards-dev.business.hsbc.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 63.34.217.29 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-63-34-217-29.eu-west-1.compute.amazonaws.com Software theros / Resource Hash 6551bef56ac6741239e9675f264a32dc9f755a9cf85d86b1f32e5ae4cdf926e6 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer Response headers X-Request-Id 3bbc039f-8d7d-4d95-84fe-cf0c62c7f4e5 Content-Encoding gzip Etag "675163dc-119bbf" Accept-Ranges bytes Content-Length 1153983 Date Sat, 07 Dec 2024 22:45:39 GMT Content-Type application/javascript Last-Modified Thu, 05 Dec 2024 08:27:08 GMT Server theros
GET H2	200	201902081238.regular.latin.woff2 d5wfroyti11sa.cloudfront.net/prod/fonts/opensans/	9 KB 9 KB	706ms 120ms	Font binary/octet-stream	18.173.184.8 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://d5wfroyti11sa.cloudfront.net/prod/fonts/opensans/201902081238.regular.latin.woff2 Requested by Host: d5wfroyti11sa.cloudfront.net URL: https://d5wfroyti11sa.cloudfront.net/prod/client/ts-12.2.1.min.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.173.184.8 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-173-184-8.muc50.r.cloudfront.net Software AmazonS3 / Resource Hash 8868d2a2f803ea6802d54a11564b5b96c7d8be56117a328c8f605539d6dee167 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://virtualcards-dev.business.hsbc.com Referer https://d5wfroyti11sa.cloudfront.net/prod/client/ts-12.2.1.min.css Response headers access-control-max-age 3000 etag "8e3f978a77d191a9e7f94ff9e7090085" age 970027 access-control-allow-methods GET x-cache Hit from cloudfront x-amz-cf-id WCjWIn-vP8_RJFPj7_H83KS2maSYB98RWURNQxxNZs0GNRxS5e1xzA== date Tue, 26 Nov 2024 17:18:35 GMT content-type binary/octet-stream last-modified Fri, 16 Aug 2019 08:15:06 GMT cache-control max-age=29030400 via 1.1 455035b7b3ab5f564b775e2968249d3e.cloudfront.net (CloudFront) accept-ranges bytes access-control-allow-origin * content-length 8892 x-amz-cf-pop MUC50-P4 server AmazonS3

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| setImmediate object| gui object| edb object| ts object| edbml object| MktoForms2 object| config object| cardProvider object| webpackChunk object| __SENTRY__ function| _ string| __reactRouterVersion object| DD_RUM

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.marketing.tradeshift.com/	1970-01-21 01:33:33	Name: __cf_bm Value: C2dsaUyC2mQ2SO5mOoR7y63PKZJLAZMFKfThGfPWXSU-1733611540-1.0.1.1-mynBitjY9LB1dZZ54A5BZhFGFj4l1jJc3xVXLkbec1h2ZGd66ALcTwJbTvBIp1IVcX7G_.77e48nVXdlNPXlEg

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	connect-src https://virtualcards-dev.business.hsbc.com https://api.virtualcards-dev.business.hsbc.com https://cards-gateway.eu-west-1.cards.cash.tradeshift.net https://gateway.virtualcards-dev.business.hsbc.com https://data.analytics.tradeshift.com https://sentry.io https://browser-intake-datadoghq.com;frame-ancestors 'self' chrome-extension://*;frame-src 'self' blob: https://www.youtube.com https://marketing.tradeshift.com;img-src 'self' blob: data: https://flagcdn.com/ https://dummyimage.com/ https://res.cloudinary.com/tradeshift-test/image/upload/ https://res.cloudinary.com/tradeshift/image/upload/ https://d5wfroyti11sa.cloudfront.net https://data.analytics.tradeshift.com https://marketing.tradeshift.com;media-src 'none';object-src 'self' blob:;script-src 'self' https://d5wfroyti11sa.cloudfront.net https://marketing.tradeshift.com 'nonce-O0Y6ABKirIfZv3jbUeRrsw==';script-src-attr 'self';default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

d5wfroyti11sa.cloudfront.net
marketing.tradeshift.com
virtualcards-dev.business.hsbc.com
104.17.72.206
18.173.184.8
63.34.217.29
059290b3d78610007c588d2a1934badcd481117fdba92c6e631da0839edfad11
0a6047c57ee92b024e9ef485d4436209ebd804731716fd624c0a40bb591daf25
0e1bfe53260b5fa35318df2850a20f74c97d41af88b7d233d331811d842f26d3
529b3584f2e6579264930a8313e3a6f35005a064539e8b5a70ff1a78bc1cab78
5daa49521ad93ef585e702662acd125be5d1826cc41b18c40ab1919a8fe87d56
6551bef56ac6741239e9675f264a32dc9f755a9cf85d86b1f32e5ae4cdf926e6
8868d2a2f803ea6802d54a11564b5b96c7d8be56117a328c8f605539d6dee167
9a9150389a488b6d89b24149e7a847be316a033f1c438a1faab210d896469db0