urlscan.io logo urlscan.io
SecurityTrails logo

accounts.cardconnect.com Open in urlscan Pro
66.22.22.228  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://cardpointe.com/
Effective URL: https://accounts.cardconnect.com/auth/realms/cardconnect/protocol/openid-connect/auth?response_type=code&client_id=cardpointe&sco...
Submission: On February 23 via manual from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 1 countries across 3 domains to perform 9 HTTP transactions. The main IP is 66.22.22.228, located in United States and belongs to RADWARE-CLOUD-SERVICES, US. The main domain is accounts.cardconnect.com. The Cisco Umbrella rank of the primary domain is 114340.
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on January 5th 2024. Valid for: a year.
This is the only time accounts.cardconnect.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 4 198.62.138.16 11121 (FIRSTDATA...)
4 66.22.22.228 25773 (RADWARE-C...)
1 130.211.29.114 396982 (GOOGLE-CL...)
2 35.241.15.240 396982 (GOOGLE-CL...)
9 4
Apex Domain
Subdomains		 Transfer
4 cardconnect.com
accounts.cardconnect.com — Cisco Umbrella Rank: 114340
382 KB
4 cardpointe.com
cardpointe.com — Cisco Umbrella Rank: 65915
20 KB
3 perfdrive.com
cdn.perfdrive.com — Cisco Umbrella Rank: 19355
cas.avalon.perfdrive.com — Cisco Umbrella Rank: 9194
9 KB
9 3
Domain Requested by
4 accounts.cardconnect.com cardpointe.com
accounts.cardconnect.com
4 cardpointe.com 2 redirects accounts.cardconnect.com
2 cas.avalon.perfdrive.com cdn.perfdrive.com
1 cdn.perfdrive.com accounts.cardconnect.com
9 4

This site contains links to these domains. Also see Links.

Domain
cardpointe.com
Subject Issuer Validity Valid
*.cardpointe.com
Go Daddy Secure Certificate Authority - G2		 2023-03-18 -
2024-04-18		 a year crt.sh
*.cardconnect.com
Go Daddy Secure Certificate Authority - G2		 2024-01-05 -
2025-02-05		 a year crt.sh
*.perfdrive.com
Go Daddy Secure Certificate Authority - G2		 2023-09-21 -
2024-09-26		 a year crt.sh
cas.avalon.perfdrive.com
Go Daddy Secure Certificate Authority - G2		 2023-07-24 -
2024-08-05		 a year crt.sh

This page contains 1 frames:

Primary Page: https://accounts.cardconnect.com/auth/realms/cardconnect/protocol/openid-connect/auth?response_type=code&client_id=cardpointe&scope=openid&state=V6K5zsja-I1XqEoCjFVWE63JFLDRLyGNCrKlwc-3Wgw%3D&redirect_uri=https://cardpointe.com/account/login/oauth2/code/cardpointe&nonce=u7rYjZfx_A7ybDqaADwDd_8Yuxy6cwd75fhcHFKytvg
Frame ID: F3C605D2BC74C89FFD429EBC0E03B21B
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Log into CardPointe

Page URL History Show full URLs

  1. https://cardpointe.com/ HTTP 302
    https://cardpointe.com/account/ Page URL
  2. https://cardpointe.com/account/oauth2/authorization/cardpointe HTTP 302
    https://accounts.cardconnect.com/auth/realms/cardconnect/protocol/openid-connect/auth?response_type=code&clie... Page URL

Page Statistics

9
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

4
Subdomains

4
IPs

1
Countries

407 kB
Transfer

657 kB
Size

17
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://cardpointe.com/ HTTP 302
    https://cardpointe.com/account/ Page URL
  2. https://cardpointe.com/account/oauth2/authorization/cardpointe HTTP 302
    https://accounts.cardconnect.com/auth/realms/cardconnect/protocol/openid-connect/auth?response_type=code&client_id=cardpointe&scope=openid&state=V6K5zsja-I1XqEoCjFVWE63JFLDRLyGNCrKlwc-3Wgw%3D&redirect_uri=https://cardpointe.com/account/login/oauth2/code/cardpointe&nonce=u7rYjZfx_A7ybDqaADwDd_8Yuxy6cwd75fhcHFKytvg Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://cardpointe.com/ HTTP 302
  • https://cardpointe.com/account/

9 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
cardpointe.com/account/
Redirect Chain
  • https://cardpointe.com/
  • https://cardpointe.com/account/
666 B
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://cardpointe.com/account/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
198.62.138.16 , United States, ASN11121 (FIRSTDATACORP-DB, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self'; frame-ancestors 'none'; img-src 'self' cardconnect.com *.cardconnect.com cardpointe.com *.cardpointe.com merchantinfoonline.com *.merchantinfoonline.com *.clover.com fast.trychameleon.com fast.chmln-cdn.com www.google-analytics.com data:; connect-src 'self' www.google-analytics.com maps.googleapis.com fast.trychameleon.com *.perfdrive.com https://*.cardpointe.com https://*.cardconnect.com https://*.cardconnect.com:6443 https://*.cardconnect.com:8443 https://*.prinpay.com https://*.prinpay.com:6443 https://*.prinpay.com:8443; style-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com cdnjs.cloudflare.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com maps.googleapis.com fast.trychameleon.com *.perfdrive.com; form-action 'self'; font-src 'self' cdnjs.cloudflare.com fast.chmln-cdn.com fonts.gstatic.com; object-src 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Connection
keep-alive
Content-Length
666
Content-Security-Policy
default-src 'self'; frame-ancestors 'none'; img-src 'self' cardconnect.com *.cardconnect.com cardpointe.com *.cardpointe.com merchantinfoonline.com *.merchantinfoonline.com *.clover.com fast.trychameleon.com fast.chmln-cdn.com www.google-analytics.com data:; connect-src 'self' www.google-analytics.com maps.googleapis.com fast.trychameleon.com *.perfdrive.com https://*.cardpointe.com https://*.cardconnect.com https://*.cardconnect.com:6443 https://*.cardconnect.com:8443 https://*.prinpay.com https://*.prinpay.com:6443 https://*.prinpay.com:8443; style-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com cdnjs.cloudflare.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com maps.googleapis.com fast.trychameleon.com *.perfdrive.com; form-action 'self'; font-src 'self' cdnjs.cloudflare.com fast.chmln-cdn.com fonts.gstatic.com; object-src 'none';
Content-Type
text/html;charset=UTF-8
Date
Fri, 23 Feb 2024 15:11:34 GMT
Expires
0
Keep-Alive
timeout=60
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
Vary
Origin Access-Control-Request-Method Access-Control-Request-Headers, Accept-Encoding
X-Content-Type-Options
nosniff
X-Frame-Options
DENY
X-XSS-Protection
0

Redirect headers

Connection
Keep-Alive
Content-Length
0
Location
/account/
Server
CardConnect
Primary Request auth
accounts.cardconnect.com/auth/realms/cardconnect/protocol/openid-connect/
Redirect Chain
  • https://cardpointe.com/account/oauth2/authorization/cardpointe
  • https://accounts.cardconnect.com/auth/realms/cardconnect/protocol/openid-connect/auth?response_type=code&client_id=cardpointe&scope=openid&state=V6K5zsja-I1XqEoCjFVWE63JFLDRLyGNCrKlwc-3Wgw%3D&redir...
5 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://accounts.cardconnect.com/auth/realms/cardconnect/protocol/openid-connect/auth?response_type=code&client_id=cardpointe&scope=openid&state=V6K5zsja-I1XqEoCjFVWE63JFLDRLyGNCrKlwc-3Wgw%3D&redirect_uri=https://cardpointe.com/account/login/oauth2/code/cardpointe&nonce=u7rYjZfx_A7ybDqaADwDd_8Yuxy6cwd75fhcHFKytvg
Requested by
Host: cardpointe.com
URL: https://cardpointe.com/account/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
66.22.22.228 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
dd91b89b7e615b3c9b5ea1d2b40a0a328e0eb31575577d6b8bde29e18e443421
Security Headers
Name Value
Content-Security-Policy frame-src 'self'; frame-ancestors 'self'; object-src 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cardpointe.com/account/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

Cache-Control
no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Encoding
gzip
Content-Language
en
Content-Security-Policy
frame-src 'self'; frame-ancestors 'self'; object-src 'none';
Content-Type
text/html;charset=utf-8
Date
Fri, 23 Feb 2024 15:11:35 GMT
Referrer-Policy
no-referrer
Strict-Transport-Security
max-age=31536000; includeSubDomains
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-Robots-Tag
none
X-XSS-Protection
1; mode=block

Redirect headers

Cache-Control
no-cache, no-store, max-age=0, must-revalidate no-cache, no-store, max-age=0, must-revalidate
Connection
keep-alive
Content-Length
0
Content-Security-Policy
default-src 'self'; frame-ancestors 'none'; img-src 'self' cardconnect.com *.cardconnect.com cardpointe.com *.cardpointe.com merchantinfoonline.com *.merchantinfoonline.com *.clover.com fast.trychameleon.com fast.chmln-cdn.com www.google-analytics.com data:; connect-src 'self' www.google-analytics.com maps.googleapis.com fast.trychameleon.com *.perfdrive.com https://*.cardpointe.com https://*.cardconnect.com https://*.cardconnect.com:6443 https://*.cardconnect.com:8443 https://*.prinpay.com https://*.prinpay.com:6443 https://*.prinpay.com:8443; style-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com cdnjs.cloudflare.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com maps.googleapis.com fast.trychameleon.com *.perfdrive.com; form-action 'self'; font-src 'self' cdnjs.cloudflare.com fast.chmln-cdn.com fonts.gstatic.com; object-src 'none'; default-src 'self'; frame-ancestors 'none'; img-src 'self' cardconnect.com *.cardconnect.com cardpointe.com *.cardpointe.com merchantinfoonline.com *.merchantinfoonline.com www.google-analytics.com data:; connect-src 'self' www.google-analytics.com maps.googleapis.com fast.trychameleon.com https://*.cardconnect.com https://*.cardpointe.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com cdnjs.cloudflare.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com maps.googleapis.com fast.trychameleon.com; form-action 'self'; font-src 'self' cdnjs.cloudflare.com fonts.gstatic.com; object-src 'none';
Date
Fri, 23 Feb 2024 15:11:34 GMT
Expires
0
Keep-Alive
timeout=60
Location
https://accounts.cardconnect.com/auth/realms/cardconnect/protocol/openid-connect/auth?response_type=code&client_id=cardpointe&scope=openid&state=V6K5zsja-I1XqEoCjFVWE63JFLDRLyGNCrKlwc-3Wgw%3D&redirect_uri=https://cardpointe.com/account/login/oauth2/code/cardpointe&nonce=u7rYjZfx_A7ybDqaADwDd_8Yuxy6cwd75fhcHFKytvg
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
Vary
Origin Access-Control-Request-Method Access-Control-Request-Headers
X-Content-Type-Options
nosniff no-sniff
X-Frame-Options
DENY DENY
X-XSS-Protection
0 1; mode=block
login.0.0.22.css
accounts.cardconnect.com/auth/resources/prcgb/login/cardconnect/css/ 		291 KB
56 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://accounts.cardconnect.com/auth/resources/prcgb/login/cardconnect/css/login.0.0.22.css
Requested by
Host: accounts.cardconnect.com
URL: https://accounts.cardconnect.com/auth/realms/cardconnect/protocol/openid-connect/auth?response_type=code&client_id=cardpointe&scope=openid&state=V6K5zsja-I1XqEoCjFVWE63JFLDRLyGNCrKlwc-3Wgw%3D&redirect_uri=https://cardpointe.com/account/login/oauth2/code/cardpointe&nonce=u7rYjZfx_A7ybDqaADwDd_8Yuxy6cwd75fhcHFKytvg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
66.22.22.228 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
17d3faa6cc4201e611c5fc505ce13012101544264e18490f3c2fd30e1d7f2aa7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

Date
Fri, 23 Feb 2024 15:11:35 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
Referrer-Policy
no-referrer
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/css;charset=UTF-8
Cache-Control
max-age=2592000
Connection
keep-alive
X-XSS-Protection
1; mode=block
cardpointe_logo.png
cardpointe.com/i/fts/logos/ 		14 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cardpointe.com/i/fts/logos/cardpointe_logo.png
Requested by
Host: accounts.cardconnect.com
URL: https://accounts.cardconnect.com/auth/realms/cardconnect/protocol/openid-connect/auth?response_type=code&client_id=cardpointe&scope=openid&state=V6K5zsja-I1XqEoCjFVWE63JFLDRLyGNCrKlwc-3Wgw%3D&redirect_uri=https://cardpointe.com/account/login/oauth2/code/cardpointe&nonce=u7rYjZfx_A7ybDqaADwDd_8Yuxy6cwd75fhcHFKytvg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
198.62.138.16 , United States, ASN11121 (FIRSTDATACORP-DB, US),
Reverse DNS
Software
nginx/1.25.2 /
Resource Hash
0e5575d6889b2fdd3f6203cfc6a1ef4f458c273c30cda07530d76070259aa82a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

Date
Fri, 23 Feb 2024 15:11:35 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
Last-Modified
Thu, 31 Mar 2016 17:26:05 GMT
Server
nginx/1.25.2
ETag
"56fd5dad-38da"
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
14554
aperture.js
cdn.perfdrive.com/aperture/ 		26 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.perfdrive.com/aperture/aperture.js
Requested by
Host: accounts.cardconnect.com
URL: https://accounts.cardconnect.com/auth/realms/cardconnect/protocol/openid-connect/auth?response_type=code&client_id=cardpointe&scope=openid&state=V6K5zsja-I1XqEoCjFVWE63JFLDRLyGNCrKlwc-3Wgw%3D&redirect_uri=https://cardpointe.com/account/login/oauth2/code/cardpointe&nonce=u7rYjZfx_A7ybDqaADwDd_8Yuxy6cwd75fhcHFKytvg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
130.211.29.114 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
114.29.211.130.bc.googleusercontent.com
Software
nginx/1.24.0 /
Resource Hash
9fb91ff0e8c179aea40dbe6842b36fd201654f5647c21dcec41fd18be535d506

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 14:32:38 GMT
content-encoding
gzip
via
1.1 google
last-modified
Wed, 25 Oct 2023 04:29:09 GMT
server
nginx/1.24.0
age
2338
etag
W/"65389995-6844"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=3600,public
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
7938
MarkPro.otf
accounts.cardconnect.com/auth/resources/prcgb/login/cardconnect/css/fonts/ 		162 KB
162 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://accounts.cardconnect.com/auth/resources/prcgb/login/cardconnect/css/fonts/MarkPro.otf
Requested by
Host: accounts.cardconnect.com
URL: https://accounts.cardconnect.com/auth/resources/prcgb/login/cardconnect/css/login.0.0.22.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
66.22.22.228 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
eaa561f9f8ef5b69bd39e15e332dc3700decacebf48e08b0640ad3a5d8711f65
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
Origin
https://accounts.cardconnect.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

Date
Fri, 23 Feb 2024 15:11:35 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
Referrer-Policy
no-referrer
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
Content-Type
application/octet-stream
Cache-Control
max-age=2592000
Connection
keep-alive
X-XSS-Protection
1; mode=block
MarkPro-Medium.otf
accounts.cardconnect.com/auth/resources/prcgb/login/cardconnect/css/fonts/ 		158 KB
159 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://accounts.cardconnect.com/auth/resources/prcgb/login/cardconnect/css/fonts/MarkPro-Medium.otf
Requested by
Host: accounts.cardconnect.com
URL: https://accounts.cardconnect.com/auth/resources/prcgb/login/cardconnect/css/login.0.0.22.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
66.22.22.228 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
ad51841bf5cf5eb27ead0ae50f936f678eeb2d4e1be6035e83fce13b0e3b83bb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
Origin
https://accounts.cardconnect.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

Date
Fri, 23 Feb 2024 15:11:36 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
Referrer-Policy
no-referrer
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
Content-Type
application/octet-stream
Cache-Control
max-age=2592000
Connection
keep-alive
X-XSS-Protection
1; mode=block
jsdata
cas.avalon.perfdrive.com/ 		418 B
563 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://cas.avalon.perfdrive.com/jsdata?
Requested by
Host: cdn.perfdrive.com
URL: https://cdn.perfdrive.com/aperture/aperture.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.241.15.240 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
240.15.241.35.bc.googleusercontent.com
Software
/
Resource Hash
8a17e592195bd53fd519448cd9da844f00848785f6b208cf5eca4f3c97fd9713

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
*
x-response-time
0ms
date
Fri, 23 Feb 2024 15:11:36 GMT
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
418
content-type
text/plain; charset=UTF-8
jsdata
cas.avalon.perfdrive.com/ 		211 B
264 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://cas.avalon.perfdrive.com/jsdata?
Requested by
Host: cdn.perfdrive.com
URL: https://cdn.perfdrive.com/aperture/aperture.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.241.15.240 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
240.15.241.35.bc.googleusercontent.com
Software
/
Resource Hash
b1c983d059f02e4a1aea2d01d8dd26a104adbb6675869917aaf162db84e2aa27

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
*
x-response-time
0ms
date
Fri, 23 Feb 2024 15:11:36 GMT
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
211
content-type
text/plain; charset=UTF-8

Verdicts & Comments Add Verdict or Comment

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

undefined| url string| __uzdbm_1 string| __uzdbm_2 string| __uzdbm_3 string| __uzdbm_4 string| __uzdbm_5 string| __uzdbm_6 string| __uzdbm_7 object| SSJSConnectorObj object| ssTimeLogs object| BrowserStyle string| j function| ssJSActionTaker function| ssJSConnWriteCookies

17 Cookies

Domain/Path Name / Value
accounts.cardconnect.com/auth/realms/cardconnect/ Name: AUTH_SESSION_ID
Value: b68dc50d-42e3-4d05-990d-5602e9e1e40c.php1-keycloak-3
accounts.cardconnect.com/auth/realms/cardconnect/ Name: AUTH_SESSION_ID_LEGACY
Value: b68dc50d-42e3-4d05-990d-5602e9e1e40c.php1-keycloak-3
accounts.cardconnect.com/auth/realms/cardconnect/ Name: KC_RESTART
Value: eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI1ZDRlNmFiZi1jZTNkLTRlMDItOWJkOS1iNjcxZWQwODdkZjYifQ.eyJjaWQiOiJjYXJkcG9pbnRlIiwicHR5Ijoib3BlbmlkLWNvbm5lY3QiLCJydXJpIjoiaHR0cHM6Ly9jYXJkcG9pbnRlLmNvbS9hY2NvdW50L2xvZ2luL29hdXRoMi9jb2RlL2NhcmRwb2ludGUiLCJhY3QiOiJBVVRIRU5USUNBVEUiLCJub3RlcyI6eyJzY29wZSI6Im9wZW5pZCIsImlzcyI6Imh0dHBzOi8vYWNjb3VudHMuY2FyZGNvbm5lY3QuY29tL2F1dGgvcmVhbG1zL2NhcmRjb25uZWN0IiwicmVzcG9uc2VfdHlwZSI6ImNvZGUiLCJyZWRpcmVjdF91cmkiOiJodHRwczovL2NhcmRwb2ludGUuY29tL2FjY291bnQvbG9naW4vb2F1dGgyL2NvZGUvY2FyZHBvaW50ZSIsInN0YXRlIjoiVjZLNXpzamEtSTFYcUVvQ2pGVldFNjNKRkxEUkx5R05Dcktsd2MtM1dndz0iLCJub25jZSI6InU3cllqWmZ4X0E3eWJEcWFBRHdEZF84WXV4eTZjd2Q3NWZoY0hGS3l0dmcifX0.yiT_V0MSjzkLGRVUooq_vrTRs9BsKRd2xJH8oAJ-yGw
cardpointe.com/account Name: JSESSIONID
Value: FE2A257A766248AF27814BDE7AA560F3
cardpointe.com/ Name: BIGipServerphp-cardpointe-vip_1600
Value: !zc55L3j+yBBMWz2+E70Toal7hX3xbMYMZmuJrFlJMyvPu5DdGNz+hgh+PFg0nVRUCS+hTPa0pJZJ2Q==
accounts.cardconnect.com/ Name: __uzma
Value: ff2f3c33-7e98-4af2-910f-ce315a82fdc2
accounts.cardconnect.com/ Name: __uzmb
Value: 1708701095
accounts.cardconnect.com/ Name: __uzme
Value: 8719
accounts.cardconnect.com/ Name: __uzmc
Value: 945851069002
accounts.cardconnect.com/ Name: __uzmd
Value: 1708701095
.cardconnect.com/ Name: __ssds
Value: 2
.cardconnect.com/ Name: __ssuzjsr2
Value: a9be0cd8e
.cardconnect.com/ Name: __uzmaj2
Value: 8025cf64-1a8c-448d-a622-a0a73de1c7e0
.cardconnect.com/ Name: __uzmbj2
Value: 1708701096
.cardconnect.com/ Name: __uzmcj2
Value: 355181010614
.cardconnect.com/ Name: __uzmdj2
Value: 1708701096
accounts.cardconnect.com/ Name: BIGipServerphp1-keycloak-vip_8080
Value: !rWQyV1HxXIbEoMG+E70Toal7hX3xbEru303tSc6oKzrRopWa70Loaue7DwambFZbavWjG6I8k/XEerU=

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self'; frame-ancestors 'none'; img-src 'self' cardconnect.com *.cardconnect.com cardpointe.com *.cardpointe.com merchantinfoonline.com *.merchantinfoonline.com *.clover.com fast.trychameleon.com fast.chmln-cdn.com www.google-analytics.com data:; connect-src 'self' www.google-analytics.com maps.googleapis.com fast.trychameleon.com *.perfdrive.com https://*.cardpointe.com https://*.cardconnect.com https://*.cardconnect.com:6443 https://*.cardconnect.com:8443 https://*.prinpay.com https://*.prinpay.com:6443 https://*.prinpay.com:8443; style-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com cdnjs.cloudflare.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com maps.googleapis.com fast.trychameleon.com *.perfdrive.com; form-action 'self'; font-src 'self' cdnjs.cloudflare.com fast.chmln-cdn.com fonts.gstatic.com; object-src 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0