paynow.cardx.com Open in urlscan Pro
2606:4700::6812:9ce Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://cardx.com/pay-performanceengineered
Effective URL:
https://paynow.cardx.com/performanceengineered
Submission Tags: falconsandbox
Submission: On September 24 via api (September 24th 2024, 11:47:48 pm UTC) from US — Scanned from DE

Summary HTTP 47 Redirects Behaviour Indicators

Summary

This website contacted 15 IPs in 3 countries across 10 domains to perform 47 HTTP transactions. The main IP is 2606:4700::6812:9ce, located in United States and belongs to CLOUDFLARENET, US. The main domain is paynow.cardx.com.
TLS certificate: Issued by E6 on September 1st 2024. Valid for: 3 months.

This is the only time paynow.cardx.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 21	2606:4700::68... 2606:4700::6812:9ce	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:827::200a	15169 (GOOGLE) (GOOGLE)
5	23.213.161.201 23.213.161.201	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	142.250.185.100 142.250.185.100	15169 (GOOGLE) (GOOGLE)
1	216.58.206.35 216.58.206.35	15169 (GOOGLE) (GOOGLE)
1	188.114.97.3 188.114.97.3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	13.33.219.205 13.33.219.205	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:831::2008	15169 (GOOGLE) (GOOGLE)
3	142.250.186.163 142.250.186.163	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:806::200e	15169 (GOOGLE) (GOOGLE)
1	13.35.58.23 13.35.58.23	16509 (AMAZON-02) (AMAZON-02)
3	2600:1f16:abe... 2600:1f16:abe:c800:3c0c:2567:194d:59a5	16509 (AMAZON-02) (AMAZON-02)
1	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
2	3.15.36.125 3.15.36.125	16509 (AMAZON-02) (AMAZON-02)
47	15

21 2606:4700::6812:9ce (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

cardx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
paynow.cardx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
lightbox.cardx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
api.lightbox.cardx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cardfield.cardx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static.cardx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 23.213.161.201 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-213-161-201.deploy.static.akamaitechnologies.com

src.mastercard.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.185.100 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.58.206.35 (United States)

ASN15169 (GOOGLE, US)
PTR: lcfraa-aa-in-f3.1e100.net

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 188.114.97.3 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)

cdn.lr-ingest.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.33.219.205 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-33-219-205.fra60.r.cloudfront.net

www.datadoghq-browser-agent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.186.163 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f3.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:806::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.35.58.23 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-35-58-23.fra60.r.cloudfront.net

sdk.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:1f16:abe:c800:3c0c:2567:194d:59a5 (Columbus, United States)

ASN16509 (AMAZON-02, US)

cognito-identity.us-east-2.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.15.36.125 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-15-36-125.us-east-2.compute.amazonaws.com

firehose.us-east-2.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
21	cardx.com 2 redirects cardx.com — Cisco Umbrella Rank: 649169 paynow.cardx.com lightbox.cardx.com — Cisco Umbrella Rank: 901885 api.lightbox.cardx.com cardfield.cardx.com static.cardx.com	1 MB
6	amazonaws.com sdk.amazonaws.com — Cisco Umbrella Rank: 17374 cognito-identity.us-east-2.amazonaws.com — Cisco Umbrella Rank: 42327 firehose.us-east-2.amazonaws.com — Cisco Umbrella Rank: 37048	330 KB
5	mastercard.com src.mastercard.com — Cisco Umbrella Rank: 35872	422 KB
4	gstatic.com www.gstatic.com fonts.gstatic.com	269 KB
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 52 region1.google-analytics.com — Cisco Umbrella Rank: 3391	21 KB
3	google.com www.google.com — Cisco Umbrella Rank: 3	2 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 57	175 KB
2	datadoghq-browser-agent.com www.datadoghq-browser-agent.com — Cisco Umbrella Rank: 1460	12 KB
1	lr-ingest.io cdn.lr-ingest.io — Cisco Umbrella Rank: 21526	168 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 46	1 KB
47	10

	Domain	Requested by
7	lightbox.cardx.com	paynow.cardx.com lightbox.cardx.com
5	src.mastercard.com	lightbox.cardx.com paynow.cardx.com cardfield.cardx.com
4	static.cardx.com	lightbox.cardx.com
4	api.lightbox.cardx.com	1 redirects lightbox.cardx.com
3	cognito-identity.us-east-2.amazonaws.com	lightbox.cardx.com
3	fonts.gstatic.com	fonts.googleapis.com
3	cardfield.cardx.com	lightbox.cardx.com cardfield.cardx.com
3	www.google.com	lightbox.cardx.com www.gstatic.com
2	firehose.us-east-2.amazonaws.com	lightbox.cardx.com
2	www.google-analytics.com	www.googletagmanager.com lightbox.cardx.com
2	www.googletagmanager.com	lightbox.cardx.com www.google-analytics.com
2	www.datadoghq-browser-agent.com	lightbox.cardx.com cardfield.cardx.com
2	paynow.cardx.com
1	region1.google-analytics.com	lightbox.cardx.com
1	sdk.amazonaws.com	www.googletagmanager.com
1	cdn.lr-ingest.io	lightbox.cardx.com
1	www.gstatic.com	www.google.com
1	fonts.googleapis.com	lightbox.cardx.com
1	cardx.com	1 redirects
47	19

This site contains no links.

Subject Issuer	Validity	Valid
cardx.com E6	`2024-09-01` - `2024-11-30`	3 months	crt.sh
upload.video.google.com WR2	`2024-08-26` - `2024-11-18`	3 months	crt.sh
src.mastercard.com Entrust Certification Authority - L1K	`2024-07-10` - `2025-07-10`	a year	crt.sh
*.google.com WR2	`2024-08-26` - `2024-11-18`	3 months	crt.sh
*.gstatic.com WR2	`2024-08-26` - `2024-11-18`	3 months	crt.sh
lr-ingest.io WE1	`2024-09-23` - `2024-12-22`	3 months	crt.sh
*.datadoghq-browser-agent.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-07-30` - `2025-08-03`	a year	crt.sh
*.google-analytics.com WR2	`2024-08-26` - `2024-11-18`	3 months	crt.sh
sdk.amazonaws.com Amazon RSA 2048 M02	`2024-09-23` - `2025-10-22`	a year	crt.sh
cognito-identity.us-east-2.amazonaws.com Amazon RSA 2048 M03	`2024-04-07` - `2025-05-06`	a year	crt.sh
firehose.us-east-2.amazonaws.com Amazon RSA 2048 M01	`2024-02-26` - `2025-02-06`	a year	crt.sh

This page contains 4 frames:

Primary Page: https://paynow.cardx.com/performanceengineered
Frame ID: 29BB8E382DA217263EC08A50FE272F50
Requests: 4 HTTP requests in this frame

Frame: https://lightbox.cardx.com/index.html?&account=performep1&openonload=true&hideoverlay=true&hideCloseButton=true&billingInclude=false&accountIdentifierEditable=true&invoiceIdentifierRequired=true&companyNameLabel=Company%20Name&companyNameRequired=true&billingRequired=false&accountIdentifierLabel=PO%20Number&companyNameEditable=true&invoiceIdentifierLabel=Invoice%20Number&invoiceIdentifierEditable=true&accountIdentifierRequired=false&displayConfirmation=true&sessionID=c497ec31-7a7e-47e6-bbba-9ae496afb4b3
Frame ID: 7225BC5A518A48D8C86177663D3DED65
Requests: 34 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lc_i_UpAAAAACdkBSgbcue7zhWKvI5PSLDO_pid&co=aHR0cHM6Ly9saWdodGJveC5jYXJkeC5jb206NDQz&hl=de&v=EGbODne6buzpTnWrrBprcfAY&size=invisible&cb=g4dtti3f5hdf
Frame ID: 9D25F928E51986C6688BFD5A12354C8D
Requests: 1 HTTP requests in this frame

Frame: https://cardfield.cardx.com/?account=performep1&mode=payment&amount=0&session=66F34FA2666699F47ACF11EF83EDBE68DC42F2BC0DD&sessionID=c497ec31-7a7e-47e6-bbba-9ae496afb4b3&awsEnvironment=prd&preferCardxPricing=false&gateway=PnP
Frame ID: 96F4E1932D77462198F55FE1EBEB062E
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://cardx.com/pay-performanceengineered HTTP 301
https://paynow.cardx.com/performanceengineered Page URL

Detected technologies

RequireJS (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

require.*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Lightbox (JavaScript Libraries) Expand

LogRocket (Analytics) Expand

Overall confidence: 100%
Detected patterns

cdn\.lr-ingest\.io

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

47
Requests

98 %
HTTPS

43 %
IPv6

10
Domains

19
Subdomains

15
IPs

3
Countries

2726 kB
Transfer

13909 kB
Size

10
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://cardx.com/pay-performanceengineered HTTP 301
https://paynow.cardx.com/performanceengineered Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 18

https://api.lightbox.cardx.com/v1/redirect?&amount=0&account=performep1&mode=payment&token=&maskedNumber=&sessionID=c497ec31-7a7e-47e6-bbba-9ae496afb4b3&preferCardxPricing=false&gateway=PnP HTTP 302
https://cardfield.cardx.com/?account=performep1&mode=payment&amount=0&session=66F34FA2666699F47ACF11EF83EDBE68DC42F2BC0DD&sessionID=c497ec31-7a7e-47e6-bbba-9ae496afb4b3&awsEnvironment=prd&preferCardxPricing=false&gateway=PnP

47 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request performanceengineered Show response
paynow.cardx.com/
Redirect Chain

https://cardx.com/pay-performanceengineered
https://paynow.cardx.com/performanceengineered

1 KB
1 KB

476ms
463ms

Document
text/html

2606:4700::6812:9ce
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://paynow.cardx.com/performanceengineered

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:9ce , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4cded695ea9b62af3bf96c34af04858fcba9b54c756afb5f3c1cff33762bf8a4

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cf-cache-status: DYNAMIC
cf-ray: 8c86a9470a2f3a60-FRA
content-encoding: gzip
content-type: text/html
date: Tue, 24 Sep 2024 23:47:44 GMT
server: cloudflare
strict-transport-security: max-age=0; includeSubDomains; preload
via: 1.1 6fc439c8bc0a64a7ab978ce699795274.cloudfront.net (CloudFront)
x-amz-apigw-id: eolhEFMoCYcEFNg=
x-amz-cf-id: x6PGlUHQwh1uNy7TKWOQpfbja8u4C05jpw9Y7q9RKdCutemWGZmdhQ==
x-amz-cf-pop: FRA60-P3
x-amzn-requestid: 0222332e-b243-45a4-bfd8-3795b189bcbc
x-amzn-trace-id: Root=1-66f34fa0-05e36f4442e20ecb5240b9f7;Parent=11251fd19b533ce3;Sampled=0;Lineage=1:60044c1f:0
x-cache: Miss from cloudfront
x-cardx-environment: prd
x-cardx-invocation: 05338558-a742-486d-ae3d-27891361238c
x-content-type-options: nosniff

Redirect headers

cache-control: max-age=3600
cf-ray: 8c86a946ea243a60-FRA
content-length: 167
content-type: text/html
date: Tue, 24 Sep 2024 23:47:43 GMT
expires: Wed, 25 Sep 2024 00:47:43 GMT
location: https://paynow.cardx.com/performanceengineered
server: cloudflare
strict-transport-security: max-age=0; includeSubDomains; preload
vary: Accept-Encoding
x-content-type-options: nosniff

GET
H2 200 lightbox.min.js Show response
lightbox.cardx.com/v1/ 41 KB
9 KB 414ms
404ms Script
application/javascript 2606:4700::6812:9ce
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://lightbox.cardx.com/v1/lightbox.min.js

Requested by

Host: paynow.cardx.com
URL: https://paynow.cardx.com/performanceengineered

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:9ce , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d7b88e62a0f6d08977e37ad2c35091dd51ce010e46cb7c0c773df0cdb0fe475c

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://paynow.cardx.com/

Response headers

content-encoding: gzip
cf-cache-status: MISS
etag: W/"8fef4ca607fcd4e4b7bd0703f1248d8d"
x-content-type-options: nosniff
x-cache: RefreshHit from cloudfront
x-amz-cf-id: 3CQor26oL52xIz9nZ25nAXfZg7AnRPd8XqabLITPV6FN8BR8WLLb6Q==
date: Tue, 24 Sep 2024 23:47:44 GMT
content-type: application/javascript
last-modified: Wed, 11 Sep 2024 14:08:09 GMT
vary: Accept-Encoding
strict-transport-security: max-age=0; includeSubDomains; preload
cache-control: no-cache
via: 1.1 7f26f4279546775ace8410d89a15a960.cloudfront.net (CloudFront)
cf-ray: 8c86a94a0bd23a60-FRA
x-amz-cf-pop: FRA56-P12
server: cloudflare

GET
H2 200 performep1 Show response
api.lightbox.cardx.com/v1/merchant-settings/ 2 KB
2 KB 517ms
487ms XHR
application/json 2606:4700::6812:9ce
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.lightbox.cardx.com/v1/merchant-settings/performep1

Requested by

Host: lightbox.cardx.com
URL: https://lightbox.cardx.com/v1/lightbox.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:9ce , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1b21d0dfad8f4d09e9a1649d6a16e3577e340a78ccbacbeec6250a43ba20113d

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://paynow.cardx.com/

Response headers

x-cardx-environment: prd
x-cardx-invocation: 46b1ed59-4278-46b8-82f0-28b975958550
content-encoding: gzip
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
x-amzn-requestid: 07a2f84b-b71f-4cc3-8d59-fda638f48c8a
x-cache: Miss from cloudfront
x-amz-cf-id: Gv66K4CS95BAktuhP2XjrdRtnxW2BoxuRNs0LJi1hFKCXmp7CI4Anw==
date: Tue, 24 Sep 2024 23:47:45 GMT
content-type: application/json
access-control-allow-headers: Content-Type,Accept,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Gateway-Session,X-Gateway-Account,X-Cardx-Session,X-Stax-Id,X-Portal-Emulate-Merchant,X-Portal-Emulate-Role,X-Portal-Emulate-User
strict-transport-security: max-age=0; includeSubDomains; preload
cache-control: max-age=0, no-cache, must-revalidate, proxy-revalidate
x-amz-apigw-id: eolhOEA5CYcEGMw=
x-amzn-trace-id: Root=1-66f34fa1-7ed09b6222057b0a0df8d33c;Parent=2c4e4b300214b05f;Sampled=0;Lineage=1:aa175166:0
via: 1.1 cce339e34372cea758a4181fcf4e7c14.cloudfront.net (CloudFront)
cf-ray: 8c86a94ccba02be6-FRA
access-control-allow-origin: https://paynow.cardx.com
x-amz-cf-pop: FRA60-P7
server: cloudflare

GET
H2 200 index.html Show response
lightbox.cardx.com/ Frame 7225 3 KB
1 KB 279ms
278ms Document
text/html 2606:4700::6812:9ce
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://lightbox.cardx.com/index.html?&account=performep1&openonload=true&hideoverlay=true&hideCloseButton=true&billingInclude=false&accountIdentifierEditable=true&invoiceIdentifierRequired=true&companyNameLabel=Company%20Name&companyNameRequired=true&billingRequired=false&accountIdentifierLabel=PO%20Number&companyNameEditable=true&invoiceIdentifierLabel=Invoice%20Number&invoiceIdentifierEditable=true&accountIdentifierRequired=false&displayConfirmation=true&sessionID=c497ec31-7a7e-47e6-bbba-9ae496afb4b3

Requested by

Host: lightbox.cardx.com
URL: https://lightbox.cardx.com/v1/lightbox.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:9ce , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5ec0e52be39ffb84f43ea25470dafcf47cf4812a84f96b36c597f2e84a089964

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://paynow.cardx.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cache-control: no-cache
cf-cache-status: DYNAMIC
cf-ray: 8c86a94c9d523a60-FRA
content-encoding: gzip
content-type: text/html
date: Tue, 24 Sep 2024 23:47:45 GMT
last-modified: Wed, 11 Sep 2024 14:08:08 GMT
server: cloudflare
strict-transport-security: max-age=0; includeSubDomains; preload
vary: Accept-Encoding
via: 1.1 1876576d09e30dc7b468e90ff448f1f8.cloudfront.net (CloudFront)
x-amz-cf-id: M6E0xe9Qyzfruye3z7CLWvEX_hNizxrLZwfDv8q9rQSYNMkgLcXr3A==
x-amz-cf-pop: FRA56-P12
x-cache: RefreshHit from cloudfront
x-content-type-options: nosniff

GET
H2 200 css
fonts.googleapis.com/ Frame 7225 9 KB
1 KB 48ms
17ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:300,400,500,700

Requested by

Host: lightbox.cardx.com
URL: https://lightbox.cardx.com/index.html?&account=performep1&openonload=true&hideoverlay=true&hideCloseButton=true&billingInclude=false&accountIdentifierEditable=true&invoiceIdentifierRequired=true&companyNameLabel=Company%20Name&companyNameRequired=true&billingRequired=false&accountIdentifierLabel=PO%20Number&companyNameEditable=true&invoiceIdentifierLabel=Invoice%20Number&invoiceIdentifierEditable=true&accountIdentifierRequired=false&displayConfirmation=true&sessionID=c497ec31-7a7e-47e6-bbba-9ae496afb4b3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4dd49d1f89345b2f261ee71d4ce0020ec9abceecf6048b443f3bc4d6386c546f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://lightbox.cardx.com/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Tue, 24 Sep 2024 23:47:45 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 24 Sep 2024 23:47:45 GMT
content-type: text/css; charset=utf-8
last-modified: Tue, 24 Sep 2024 23:10:37 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H2 200 lib.js Show response
src.mastercard.com/srci/integration/2/ Frame 7225 2 MB
414 KB 53ms
22ms Script
application/x-javascript 23.213.161.201
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://src.mastercard.com/srci/integration/2/lib.js?locale=en_US

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.213.161.201 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-213-161-201.deploy.static.akamaitechnologies.com

Software

undisclosed /

Resource Hash

efc26b9628ce89621856b332f2f8036d6cb217ca8658f21b01d604afe9bb6865

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400 ; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://lightbox.cardx.com/

Response headers

strict-transport-security: max-age=86400 ; includeSubDomains
cache-control: max-age=0, no-cache
content-encoding: gzip
etag: "878e35893282f9fa7ac5a61fd96c94ad:1725541448.155213"
pragma: no-cache
expires: Tue, 24 Sep 2024 23:47:45 GMT
accept-ranges: bytes
content-length: 423776
date: Tue, 24 Sep 2024 23:47:45 GMT
content-type: application/x-javascript
last-modified: Thu, 05 Sep 2024 12:40:35 GMT
vary: Accept-Encoding
server: undisclosed

GET
H2 200 src-ui-kit.esm.js Show response
src.mastercard.com/srci/integration/components/src-ui-kit/ Frame 7225 4 KB
2 KB 51ms
21ms Script
application/x-javascript 23.213.161.201
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://src.mastercard.com/srci/integration/components/src-ui-kit/src-ui-kit.esm.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.213.161.201 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-213-161-201.deploy.static.akamaitechnologies.com

Software

undisclosed /

Resource Hash

10dc8d7e0f36ad69ad5acf524d0bde7a90e0eef97f011e85c8290cdd25f73f69

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400 ; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://lightbox.cardx.com
Referer: https://lightbox.cardx.com/

Response headers

strict-transport-security: max-age=86400 ; includeSubDomains
cache-control: max-age=0, no-cache, no-store
content-encoding: gzip
etag: "b09ecfc3d0f4e58c4398062e60db3976:1726694147.890471"
pragma: no-cache
expires: Tue, 24 Sep 2024 23:47:45 GMT
accept-ranges: bytes
access-control-allow-origin: *
content-length: 1574
date: Tue, 24 Sep 2024 23:47:45 GMT
content-type: application/x-javascript
last-modified: Wed, 18 Sep 2024 21:01:24 GMT
vary: Accept-Encoding
server: undisclosed

GET
H2 200 src-ui-kit.css
src.mastercard.com/srci/integration/components/src-ui-kit/ Frame 7225 24 B
304 B 53ms
23ms Stylesheet
text/css 23.213.161.201
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://src.mastercard.com/srci/integration/components/src-ui-kit/src-ui-kit.css

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.213.161.201 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-213-161-201.deploy.static.akamaitechnologies.com

Software

undisclosed /

Resource Hash

069de3eb2e0f5d02852dabf0d0e125221adcb1a2f9e40c45cd4b34f883a244ac

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400 ; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://lightbox.cardx.com/

Response headers

strict-transport-security: max-age=86400 ; includeSubDomains
cache-control: max-age=0, no-cache, no-store
content-encoding: gzip
etag: "b09ecfc3d0f4e58c4398062e60db3976:1726694147.890471"
pragma: no-cache
expires: Tue, 24 Sep 2024 23:47:45 GMT
accept-ranges: bytes
access-control-allow-origin: *
content-length: 44
date: Tue, 24 Sep 2024 23:47:45 GMT
content-type: text/css
last-modified: Wed, 18 Sep 2024 21:01:24 GMT
vary: Accept-Encoding
server: undisclosed

GET
H2 200 app.js Show response
lightbox.cardx.com/js/ Frame 7225 5 MB
1 MB 267ms
267ms Script
application/javascript 2606:4700::6812:9ce
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://lightbox.cardx.com/js/app.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:9ce , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

056419e49abaa5d19133876c0f98152b27424c8d20fe0c366fde6674290ff516

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://lightbox.cardx.com
Referer: https://lightbox.cardx.com/index.html?&account=performep1&openonload=true&hideoverlay=true&hideCloseButton=true&billingInclude=false&accountIdentifierEditable=true&invoiceIdentifierRequired=true&companyNameLabel=Company%20Name&companyNameRequired=true&billingRequired=false&accountIdentifierLabel=PO%20Number&companyNameEditable=true&invoiceIdentifierLabel=Invoice%20Number&invoiceIdentifierEditable=true&accountIdentifierRequired=false&displayConfirmation=true&sessionID=c497ec31-7a7e-47e6-bbba-9ae496afb4b3

Response headers

content-encoding: gzip
cf-cache-status: MISS
etag: W/"2f3c6054c4d3e313f369c93ff4ef6c26"
x-content-type-options: nosniff
x-cache: RefreshHit from cloudfront
x-amz-cf-id: CU_uB11ANOz-0wXjFbtujeUnrRdId4LtpwdLBUS7iA5N9oXMSXCB-g==
date: Tue, 24 Sep 2024 23:47:45 GMT
content-type: application/javascript
last-modified: Wed, 11 Sep 2024 14:08:08 GMT
vary: Accept-Encoding
strict-transport-security: max-age=0; includeSubDomains; preload
cache-control: no-cache
via: 1.1 e787a68a5271d06ea7b7e56fa6886dc8.cloudfront.net (CloudFront)
cf-ray: 8c86a94e6e503a60-FRA
x-amz-cf-pop: FRA56-P12
server: cloudflare

GET
H2 200 app.css
lightbox.cardx.com/css/ Frame 7225 81 KB
14 KB 325ms
325ms Stylesheet
text/css 2606:4700::6812:9ce
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://lightbox.cardx.com/css/app.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:9ce , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3f1ab954635b41451525eb1f5d429d33f83d4fd41257f3bcf907b1d0da802b46

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://lightbox.cardx.com/index.html?&account=performep1&openonload=true&hideoverlay=true&hideCloseButton=true&billingInclude=false&accountIdentifierEditable=true&invoiceIdentifierRequired=true&companyNameLabel=Company%20Name&companyNameRequired=true&billingRequired=false&accountIdentifierLabel=PO%20Number&companyNameEditable=true&invoiceIdentifierLabel=Invoice%20Number&invoiceIdentifierEditable=true&accountIdentifierRequired=false&displayConfirmation=true&sessionID=c497ec31-7a7e-47e6-bbba-9ae496afb4b3

Response headers

content-encoding: gzip
cf-cache-status: MISS
etag: W/"18da2f4c587241c83722331855a01ef1"
x-content-type-options: nosniff
x-cache: RefreshHit from cloudfront
x-amz-cf-id: HWCXHTyl11UCvFUlkYHJe5xXCmI-k1JyKT4IiI5ICj1Xw7hXzI9CKA==
date: Tue, 24 Sep 2024 23:47:45 GMT
content-type: text/css
last-modified: Wed, 11 Sep 2024 14:08:08 GMT
vary: Accept-Encoding
strict-transport-security: max-age=0; includeSubDomains; preload
cache-control: no-cache
via: 1.1 2148953aab7910c366395376a0db1450.cloudfront.net (CloudFront)
cf-ray: 8c86a94e6e4f3a60-FRA
x-amz-cf-pop: FRA56-P12
server: cloudflare

GET
H2 200 load_lightbox_configuration.js Show response
lightbox.cardx.com/v1/ Frame 7225 3 KB
1 KB 336ms
335ms Script
application/javascript 2606:4700::6812:9ce
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://lightbox.cardx.com/v1/load_lightbox_configuration.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:9ce , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2105a17e28ac6a33f66d1b40b684eb238b08ad36293c99eb6ca0a74ef197cfff

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://lightbox.cardx.com/index.html?&account=performep1&openonload=true&hideoverlay=true&hideCloseButton=true&billingInclude=false&accountIdentifierEditable=true&invoiceIdentifierRequired=true&companyNameLabel=Company%20Name&companyNameRequired=true&billingRequired=false&accountIdentifierLabel=PO%20Number&companyNameEditable=true&invoiceIdentifierLabel=Invoice%20Number&invoiceIdentifierEditable=true&accountIdentifierRequired=false&displayConfirmation=true&sessionID=c497ec31-7a7e-47e6-bbba-9ae496afb4b3

Response headers

content-encoding: gzip
cf-cache-status: MISS
etag: W/"1845595a38cfe5c877b8091fdf7a2711"
x-content-type-options: nosniff
x-cache: RefreshHit from cloudfront
x-amz-cf-id: 82zRRHT85BKYXWBmVZE5QkqGrUvxdZMw4ZTrqyNND43H9-7gLC3n3g==
date: Tue, 24 Sep 2024 23:47:45 GMT
content-type: application/javascript
last-modified: Wed, 11 Sep 2024 14:08:09 GMT
vary: Accept-Encoding
strict-transport-security: max-age=0; includeSubDomains; preload
cache-control: no-cache
via: 1.1 43be4ee3b8e339e1d27addbbdc49a4d4.cloudfront.net (CloudFront)
cf-ray: 8c86a94e6e523a60-FRA
x-amz-cf-pop: FRA56-P12
server: cloudflare

GET
H3 200 api.js Show response
www.google.com/recaptcha/ Frame 7225 1 KB
993 B 36ms
20ms Script
text/javascript 142.250.185.100
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?onload=vueRecaptchaApiLoaded&render=explicit

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.100 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f4.1e100.net

Software

ESF /

Resource Hash

0a51a36f00a9a0d999e9e1b0e405c4f5ad186b4405deb38d76d1f491c94cab17

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://lightbox.cardx.com/

Response headers

cache-control: private, max-age=300
content-encoding: gzip
cross-origin-resource-policy: cross-origin
report-to: {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
x-content-type-options: nosniff
expires: Tue, 24 Sep 2024 23:47:45 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cross-origin-opener-policy-report-only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
date: Tue, 24 Sep 2024 23:47:45 GMT
x-xss-protection: 0
content-type: text/javascript; charset=utf-8
server: ESF
x-frame-options: SAMEORIGIN

GET
H2 200 p-9f0570aa.js Show response
src.mastercard.com/srci/integration/components/src-ui-kit/ Frame 7225 12 KB
6 KB 55ms
55ms Script
application/x-javascript 23.213.161.201
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://src.mastercard.com/srci/integration/components/src-ui-kit/p-9f0570aa.js

Requested by

Host: paynow.cardx.com
URL: https://paynow.cardx.com/performanceengineered

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.213.161.201 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-213-161-201.deploy.static.akamaitechnologies.com

Software

undisclosed /

Resource Hash

bce944d7b7b36395aff9bd660b45b3cf5ec158aaa514273907ce9cb2b19a3dfe

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400 ; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://lightbox.cardx.com
Referer: https://src.mastercard.com/srci/integration/components/src-ui-kit/src-ui-kit.esm.js

Response headers

strict-transport-security: max-age=86400 ; includeSubDomains
cache-control: private, max-age=604800
content-encoding: gzip
etag: "b09ecfc3d0f4e58c4398062e60db3976:1726694147.890471"
expires: Tue, 01 Oct 2024 23:47:45 GMT
accept-ranges: bytes
access-control-allow-origin: *
content-length: 5728
date: Tue, 24 Sep 2024 23:47:45 GMT
content-type: application/x-javascript
last-modified: Wed, 18 Sep 2024 21:01:24 GMT
vary: Accept-Encoding
server: undisclosed

GET
H3 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/EGbODne6buzpTnWrrBprcfAY/ Frame 7225 541 KB
214 KB 39ms
7ms Script
text/javascript 216.58.206.35
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/EGbODne6buzpTnWrrBprcfAY/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?onload=vueRecaptchaApiLoaded&render=explicit

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.206.35 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcfraa-aa-in-f3.1e100.net

Software

sffe /

Resource Hash

a7ad2666cfdc2495ef3849d47ea1144f4a493efffa9aeeb4448e60488aec66d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://lightbox.cardx.com
Referer: https://lightbox.cardx.com/

Response headers

content-encoding: gzip
age: 72340
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
x-content-type-options: nosniff
expires: Wed, 24 Sep 2025 03:42:05 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 24 Sep 2024 03:42:05 GMT
last-modified: Tue, 03 Sep 2024 02:00:38 GMT
content-type: text/javascript
vary: Accept-Encoding
cache-control: public, max-age=31536000
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
accept-ranges: bytes
access-control-allow-origin: *
content-length: 219302
x-xss-protection: 0
server: sffe

GET
H3 200 logger-1.min.js Show response
cdn.lr-ingest.io/ Frame 7225 848 KB
168 KB 47ms
34ms Script
text/javascript 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.lr-ingest.io/logger-1.min.js

Requested by

Host: lightbox.cardx.com
URL: https://lightbox.cardx.com/js/app.js

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5bf160b9c0af6293fea77f288e76342b71146ade32ba6853ea5fd91f82249e3f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://lightbox.cardx.com/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"81f9d6c780f2bd34047c61de200d38cde555635b670ce0784e5ab26587196489-br"
age: 146
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eEOd%2BxEZFgRR9UQMLLC4%2BUodMcbzcMNBVl1vORVW5fEedQUqm5iGU6MYMQQdANNLSsdfyB4kHJrPccvhhkW36SGCR0DugwJdQgqAB9WPnWJFda3sib3KqpB0fwayn5Eyk%2FTU"}],"group":"cf-nel","max_age":604800}
x-cache: HIT
date: Tue, 24 Sep 2024 23:47:45 GMT
content-type: text/javascript; charset=utf-8
last-modified: Tue, 24 Sep 2024 21:14:47 GMT
x-served-by: cache-fra-eddf8230066-FRA
x-cache-hits: 1
vary: x-fh-requested-host, accept-encoding
strict-transport-security: max-age=31556926
cache-control: public, max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-timer: S1727212581.498653,VS0,VE1
cross-origin-resource-policy: cross-origin
cf-ray: 8c86a952bd272be2-FRA
access-control-allow-origin: *
server: cloudflare

GET
H2 200 datadog-logs-us.js Show response
www.datadoghq-browser-agent.com/ Frame 7225 33 KB
12 KB 37ms
10ms Script
application/javascript 13.33.219.205
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.datadoghq-browser-agent.com/datadog-logs-us.js
Requested by: Host: lightbox.cardx.com
URL: https://lightbox.cardx.com/js/app.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.219.205 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-33-219-205.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6ef43fd8aa0d64cceb10d6c478c94ef2e4049f165ac5edae88854cea85333230

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://lightbox.cardx.com/

Response headers

cache-control: max-age=14400, s-maxage=60
timing-allow-origin: *
content-encoding: gzip
etag: W/"db11d410d4863029081228535272ffd9"
age: 29
via: 1.1 0ccdc706b9b907d47a4960eec0e95f2a.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: 0PvlrcVZSPjwbz3xRfN9-eK0noi0BpL8gGYcMdAMl4Qzf7ybRnwN8g==
date: Tue, 24 Sep 2024 23:47:17 GMT
content-type: application/javascript
last-modified: Tue, 27 Jul 2021 15:01:21 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P10
vary: Accept-Encoding

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ Frame 7225 224 KB
79 KB 55ms
27ms Script
application/javascript 2a00:1450:4001:831::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-PT5QKXQ&gtm_auth=GGHWTI2ouTCUPfVDuvr4XQ&gtm_preview=env-1&gtm_cookies_win=x

Requested by

Host: lightbox.cardx.com
URL: https://lightbox.cardx.com/js/app.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

16073be3e8270933daa3339edcfd7a06d5bb58b9307e4d23bbfb539ddc4882f0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://lightbox.cardx.com/

Response headers

content-encoding: br
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 24 Sep 2024 23:47:45 GMT
content-type: application/javascript; charset=UTF-8
vary: *
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: *
content-length: 80014
x-xss-protection: 0
server: Google Tag Manager

GET
H3 200 api.js Show response
www.google.com/recaptcha/ Frame 7225 1 KB
993 B 20ms
20ms Script
text/javascript 142.250.185.100
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?onload=vueRecaptchaApiLoaded&render=explicit&hl=

Requested by

Host: lightbox.cardx.com
URL: https://lightbox.cardx.com/js/app.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.100 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f4.1e100.net

Software

ESF /

Resource Hash

0a51a36f00a9a0d999e9e1b0e405c4f5ad186b4405deb38d76d1f491c94cab17

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://lightbox.cardx.com/

Response headers

cache-control: private, max-age=300
content-encoding: gzip
cross-origin-resource-policy: cross-origin
report-to: {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
x-content-type-options: nosniff
expires: Tue, 24 Sep 2024 23:47:45 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cross-origin-opener-policy-report-only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
date: Tue, 24 Sep 2024 23:47:45 GMT
x-xss-protection: 0
content-type: text/javascript; charset=utf-8
server: ESF
x-frame-options: SAMEORIGIN

GET
H3 200 anchor
www.google.com/recaptcha/api2/ Frame 9D25 0
0 68ms
56ms Document
text/html 142.250.185.100
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lc_i_UpAAAAACdkBSgbcue7zhWKvI5PSLDO_pid&co=aHR0cHM6Ly9saWdodGJveC5jYXJkeC5jb206NDQz&hl=de&v=EGbODne6buzpTnWrrBprcfAY&size=invisible&cb=g4dtti3f5hdf

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/EGbODne6buzpTnWrrBprcfAY/recaptcha__de.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.100 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f4.1e100.net

Software

ESF /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-ERQZJoiR1qTddKirzxWB_g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://lightbox.cardx.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-ERQZJoiR1qTddKirzxWB_g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy-report-only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
cross-origin-resource-policy: cross-origin
date: Tue, 24 Sep 2024 23:47:45 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
server: ESF
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

/ Show response
cardfield.cardx.com/ Frame 96F4
Redirect Chain

https://api.lightbox.cardx.com/v1/redirect?&amount=0&account=performep1&mode=payment&token=&maskedNumber=&sessionID=c497ec31-7a7e-47e6-bbba-9ae496afb4b3&preferCardxPricing=false&gateway=PnP
https://cardfield.cardx.com/?account=performep1&mode=payment&amount=0&session=66F34FA2666699F47ACF11EF83EDBE68DC42F2BC0DD&sessionID=c497ec31-7a7e-47e6-bbba-9ae496afb4b3&awsEnvironment=prd&preferCar...

793 B
677 B

302ms
276ms

Document
text/html

2606:4700::6812:9ce
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cardfield.cardx.com/?account=performep1&mode=payment&amount=0&session=66F34FA2666699F47ACF11EF83EDBE68DC42F2BC0DD&sessionID=c497ec31-7a7e-47e6-bbba-9ae496afb4b3&awsEnvironment=prd&preferCardxPricing=false&gateway=PnP

Requested by

Host: lightbox.cardx.com
URL: https://lightbox.cardx.com/js/app.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:9ce , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e9c4b03ea1be99b31a93a49be01266e87c9644842379f93f8462b168d5e7ad8e

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://lightbox.cardx.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cache-control: no-cache
cf-cache-status: DYNAMIC
cf-ray: 8c86a9597cf33a60-FRA
content-encoding: gzip
content-type: text/html
date: Tue, 24 Sep 2024 23:47:47 GMT
last-modified: Fri, 21 Jun 2024 17:05:11 GMT
server: cloudflare
strict-transport-security: max-age=0; includeSubDomains; preload
vary: Accept-Encoding
via: 1.1 0ccdc706b9b907d47a4960eec0e95f2a.cloudfront.net (CloudFront)
x-amz-cf-id: kZ4sMnLC_0Fv66FKKCYXs4wHSSiTQ_sroapss2ZAr3I0e68U_OI0nw==
x-amz-cf-pop: FRA60-P10
x-cache: RefreshHit from cloudfront
x-content-type-options: nosniff

Redirect headers

cf-cache-status: DYNAMIC
cf-ray: 8c86a953bd29bb83-FRA
content-length: 0
content-type: application/json
date: Tue, 24 Sep 2024 23:47:46 GMT
location: https://cardfield.cardx.com?account=performep1&mode=payment&amount=0&session=66F34FA2666699F47ACF11EF83EDBE68DC42F2BC0DD&sessionID=c497ec31-7a7e-47e6-bbba-9ae496afb4b3&awsEnvironment=prd&preferCardxPricing=false&gateway=PnP
server: cloudflare
strict-transport-security: max-age=0; includeSubDomains; preload
via: 1.1 7a6b4cd1254095c5b4b5ec2c3af1870a.cloudfront.net (CloudFront)
x-amz-apigw-id: eolhYHiViYcEdkg=
x-amz-cf-id: H12axuKCneIok6t1r4OJYxKNDiVXq5ViKoXTV6F9sMKJMK0Wc62hrQ==
x-amz-cf-pop: FRA60-P7
x-amzn-requestid: 5bda91c8-030b-485a-89c5-f85661f664a9
x-amzn-trace-id: Root=1-66f34fa2-12c62d456897b15133340861;Parent=0bd43ed28cc5417e;Sampled=0;Lineage=1:1f765988:0
x-cache: Miss from cloudfront
x-cardx-environment: prd
x-cardx-invocation: 873ee5ea-d0a9-47df-bfd2-61682b69830e
x-content-type-options: nosniff

GET
H2 200 performep1 Show response
api.lightbox.cardx.com/v1/merchant-settings/ Frame 7225 2 KB
1 KB 436ms
435ms Fetch
application/json 2606:4700::6812:9ce
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.lightbox.cardx.com/v1/merchant-settings/performep1

Requested by

Host: lightbox.cardx.com
URL: https://lightbox.cardx.com/js/app.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:9ce , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

60a97f5a0cd03b9b14e0b639a76bd73a526c08c6ac1017709141336a9b31b465

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://lightbox.cardx.com/
X-CardX-Session: c497ec31-7a7e-47e6-bbba-9ae496afb4b3
X-Gateway-Account: performep1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

x-cardx-environment: prd
x-cardx-invocation: 46460c39-add5-4aad-83e6-84657827dfab
content-encoding: gzip
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
x-amzn-requestid: 740438d0-de38-4d31-a818-e50008a3d720
x-cache: Miss from cloudfront
x-amz-cf-id: GcCjkZ0XQrr_aHTGO9UTrwmIJhyOfazn6yOZ9wV7-h_z9_NUZA05JA==
date: Tue, 24 Sep 2024 23:47:46 GMT
content-type: application/json
access-control-allow-headers: Content-Type,Accept,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Gateway-Session,X-Gateway-Account,X-Cardx-Session,X-Stax-Id,X-Portal-Emulate-Merchant,X-Portal-Emulate-Role,X-Portal-Emulate-User
strict-transport-security: max-age=0; includeSubDomains; preload
cache-control: max-age=0, no-cache, must-revalidate, proxy-revalidate
x-amz-apigw-id: eolhbHCeiYcEl1g=
x-amzn-trace-id: Root=1-66f34fa2-31cc28e52a72eedb7c579802;Parent=1272ce626d964e44;Sampled=0;Lineage=1:aa175166:0
via: 1.1 cce339e34372cea758a4181fcf4e7c14.cloudfront.net (CloudFront)
cf-ray: 8c86a955dfab2be6-FRA
access-control-allow-origin: https://lightbox.cardx.com
x-amz-cf-pop: FRA60-P7
server: cloudflare

OPTIONS
H2 200 performep1
api.lightbox.cardx.com/v1/merchant-settings/ Frame 0
0 351ms
351ms Preflight
application/json 2606:4700::6812:9ce
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.lightbox.cardx.com/v1/merchant-settings/performep1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:9ce , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: x-cardx-session,x-gateway-account
Access-Control-Request-Method: GET
Origin: https://lightbox.cardx.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: Content-Type,Accept,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Gateway-Session,X-Gateway-Account,X-Cardx-Session,X-Stax-Id,X-Portal-Emulate-Merchant,X-Portal-Emulate-Role,X-Portal-Emulate-User
access-control-allow-origin: https://lightbox.cardx.com
cache-control: max-age=0, no-cache, must-revalidate, proxy-revalidate
cf-cache-status: DYNAMIC
cf-ray: 8c86a953aed52be6-FRA
content-length: 2
content-type: application/json
date: Tue, 24 Sep 2024 23:47:46 GMT
server: cloudflare
strict-transport-security: max-age=0; includeSubDomains; preload
via: 1.1 cce339e34372cea758a4181fcf4e7c14.cloudfront.net (CloudFront)
x-amz-apigw-id: eolhYHthCYcEB2Q=
x-amz-cf-id: 2wPVZZRPjt2xi4MiE5Ca_CbZ7PDIBa7SM11mqm__KmiwKaBtUMC4xw==
x-amz-cf-pop: FRA60-P7
x-amzn-requestid: 9b68a3a9-93e9-4e2b-a2ec-bbd4941ef9a1
x-amzn-trace-id: Root=1-66f34fa2-345d5d6c238efbdd135e43bf;Parent=6837cf3f26a0c4b8;Sampled=0;Lineage=1:aa175166:0
x-cache: Miss from cloudfront
x-cardx-environment: prd
x-cardx-invocation: 082000dd-648a-4890-b71d-f8f07bf53039
x-content-type-options: nosniff

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v32/ Frame 7225 18 KB
18 KB 22ms
7ms Font
font/woff2 142.250.186.163
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500,700

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.163 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f3.1e100.net

Software

sffe /

Resource Hash

89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://lightbox.cardx.com
Referer: https://fonts.googleapis.com/

Response headers

age: 56146
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Wed, 24 Sep 2025 08:11:59 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 24 Sep 2024 08:11:59 GMT
last-modified: Thu, 01 Aug 2024 20:41:24 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 18536
x-xss-protection: 0
server: sffe

GET 5cf120b3-e1a1-4646-b3fe-b62e0bb769d5
https://lightbox.cardx.com/ Frame 0
0

GET
H2 200 analytics.js Show response
www.google-analytics.com/ Frame 7225 52 KB
21 KB 39ms
7ms Script
text/javascript 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PT5QKXQ&gtm_auth=GGHWTI2ouTCUPfVDuvr4XQ&gtm_preview=env-1&gtm_cookies_win=x

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://lightbox.cardx.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=7200
content-encoding: gzip
age: 1058
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Wed, 25 Sep 2024 01:30:08 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
date: Tue, 24 Sep 2024 23:30:08 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
content-type: text/javascript
server: Golfe2
vary: Accept-Encoding

GET
H/1.1 200
OK aws-sdk-2.733.0.min.js Show response
sdk.amazonaws.com/js/ Frame 7225 2 MB
327 KB 33ms
9ms Script
application/javascript 13.35.58.23
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://sdk.amazonaws.com/js/aws-sdk-2.733.0.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PT5QKXQ&gtm_auth=GGHWTI2ouTCUPfVDuvr4XQ&gtm_preview=env-1&gtm_cookies_win=x

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

13.35.58.23 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-35-58-23.fra60.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

f38af2fc4770e8bcaaad557bd920fc17d2d0b22ac4e215737b6566cbba581da7

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; script-src 'self' 'unsafe-inline' .awsstatic.com .cdn.uis.awsstatic.com *.cdn.console.awsstatic.com docs.aws.amazon.com; object-src 'none'; frame-ancestors 'self'; base-uri 'none'
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://lightbox.cardx.com/

Response headers

Content-Encoding: gzip
ETag: W/"684375afc2f97b2f05d1987a3b8cf800"
Age: 29108
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: TYtrrHnke6R5J-tnDZ6yEP3A_DWFgDaorWyBrWZyKbmdTVOa_9ybLQ==
Date: Tue, 24 Sep 2024 15:42:39 GMT
Content-Type: application/javascript
Last-Modified: Thu, 13 Aug 2020 18:21:17 GMT
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=31536000
Content-Security-Policy: upgrade-insecure-requests; script-src 'self' 'unsafe-inline' *.awsstatic.com *.cdn.uis.awsstatic.com *.cdn.console.awsstatic.com docs.aws.amazon.com; object-src 'none'; frame-ancestors 'self'; base-uri 'none'
Connection: keep-alive
Via: 1.1 83f879b9257b55a619d0b5d3165412a6.cloudfront.net (CloudFront)
X-XSS-Protection: 1; mode=block
X-Amz-Cf-Pop: FRA60-P10
Server: AmazonS3

POST
H2 200 collect Show response
www.google-analytics.com/j/ Frame 7225 15 B
223 B 16ms
15ms XHR
text/plain 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1353920289&t=event&ni=0&_s=1&dl=https%3A%2F%2Flightbox.cardx.com%2Findex.html%3F%26account%3Dperformep1%26openonload%3Dtrue%26hideoverlay%3Dtrue%26hideCloseButton%3Dtrue%26billingInclude%3Dfalse%26accountIdentifierEditable%3Dtrue%26invoiceIdentifierRequired%3Dtrue%26companyNameLabel%3DCompany%2520Name%26companyNameRequired%3Dtrue%26billingRequired%3Dfalse%26accountIdentifierLabel%3DPO%2520Number%26companyNameEditable%3Dtrue%26invoiceIdentifierLabel%3DInvoice%2520Number%26invoiceIdentifierEditable%3Dtrue%26accountIdentifierRequired%3Dfalse%26displayConfirmation%3Dtrue%26sessionID%3Dc497ec31-7a7e-47e6-bbba-9ae496afb4b3&dr=https%3A%2F%2Fpaynow.cardx.com%2F&ul=de-de&de=UTF-8&dt=CardX%20Lightbox&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=lifecycle&ea=page%20loaded&el=performep1&ev=0&_u=YEBAAEABAAAAACAAI~&jid=128454064&gjid=1179769378&cid=1242849683.1727221666&tid=UA-164864639-1&_gid=195489219.1727221666&_r=1&_slc=1&gtm=45He49n0n81PT5QKXQv831226725za200&cd1=prd&cd2=payment&cd3=&cd6=0&cd7=0&cd8=0&cd9=0&cd10=&cd11=0&cd12=0&cd13=0&cd14=0&cd15=0&cd16=0&cd17=0&cd18=0&cd19=0&cd20=0&cd22=&cd23=&cd24=&cd26=&cd27=&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=0&npa=1&z=730245671

Requested by

Host: lightbox.cardx.com
URL: https://lightbox.cardx.com/js/app.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

91078512f0e905681d2ae495b923fb73e5d7ec1eafd5a68bac8906750f715ee6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://lightbox.cardx.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://lightbox.cardx.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15
date: Tue, 24 Sep 2024 23:47:46 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: text/plain
server: Golfe2

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ Frame 7225 277 KB
96 KB 29ms
28ms Script
application/javascript 2a00:1450:4001:831::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-73YYPMRY3Q&cx=c&_slc=1

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a937d31547259b084ecc7b75529ddef3b003c35d4ed095aa35f0fb9f93dbaf59

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://lightbox.cardx.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
content-encoding: br
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
expires: Tue, 24 Sep 2024 23:47:46 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 98219
date: Tue, 24 Sep 2024 23:47:46 GMT
x-xss-protection: 0
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
server: Google Tag Manager
access-control-allow-headers: Cache-Control

OPTIONS
H2 200 /
cognito-identity.us-east-2.amazonaws.com/ Frame 0
0 317ms
103ms Preflight 2600:1f16:abe:c800:3c0c:2567:194d:59a5
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cognito-identity.us-east-2.amazonaws.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1f16:abe:c800:3c0c:2567:194d:59a5 Columbus, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-amz-content-sha256,x-amz-target,x-amz-user-agent
Access-Control-Request-Method: POST
Origin: https://lightbox.cardx.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: content-type,x-amz-content-sha256,x-amz-target,x-amz-user-agent
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-expose-headers: x-amzn-RequestId,x-amzn-ErrorType,x-amzn-ErrorMessage,Date
access-control-max-age: 172800
content-length: 0
date: Tue, 24 Sep 2024 23:47:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-amzn-requestid: 53888d78-a90b-4bc2-bfbe-675f82095ec5

POST
H2 200 / Show response
cognito-identity.us-east-2.amazonaws.com/ Frame 7225 63 B
317 B 113ms
112ms XHR
application/x-amz-json-1.1 2600:1f16:abe:c800:3c0c:2567:194d:59a5
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cognito-identity.us-east-2.amazonaws.com/

Requested by

Host: lightbox.cardx.com
URL: https://lightbox.cardx.com/js/app.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1f16:abe:c800:3c0c:2567:194d:59a5 Columbus, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

9fe120920fb9448222d9f873e87934c86238f073d3153c25149576ec078be38f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

X-Amz-Content-Sha256: ad9f195d5a613cb7a0589a37799148ba754f7760f3f5ddb53feeb7c2478a2923
X-Amz-User-Agent: aws-sdk-js/2.733.0 callback
X-Amz-Target: AWSCognitoIdentityService.GetId
Referer: https://lightbox.cardx.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: application/x-amz-json-1.1

Response headers

x-amzn-requestid: af5488e9-5d8e-416a-bd49-c0839984b122
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
access-control-expose-headers: x-amzn-RequestId,x-amzn-ErrorType,x-amzn-ErrorMessage,Date
content-length: 63
date: Tue, 24 Sep 2024 23:47:46 GMT
content-type: application/x-amz-json-1.1

POST
H2 204 collect Show response
region1.google-analytics.com/g/ Frame 7225 0
256 B 43ms
15ms Fetch
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-73YYPMRY3Q&gtm=45je49n0v9119713892za200&_p=1727221665709&gcd=13l3l3l2l3l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101671034&ul=de-de&sr=1600x1200&cid=1242849683.1727221666&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=2&pscdl=noapi&_eu=EBAI&_s=1&dl=https%3A%2F%2Flightbox.cardx.com%2Findex.html%3F%26account%3Dperformep1%26openonload%3Dtrue%26hideoverlay%3Dtrue%26hideCloseButton%3Dtrue%26billingInclude%3Dfalse%26accountIdentifierEditable%3Dtrue%26invoiceIdentifierRequired%3Dtrue%26companyNameLabel%3DCompany%2520Name%26companyNameRequired%3Dtrue%26billingRequired%3Dfalse%26accountIdentifierLabel%3DPO%2520Number%26companyNameEditable%3Dtrue%26invoiceIdentifierLabel%3DInvoice%2520Number%26invoiceIdentifierEditable%3Dtrue%26accountIdentifierRequired%3Dfalse%26displayConfirmation%3Dtrue%26sessionID%3Dc497ec31-7a7e-47e6-bbba-9ae496afb4b3&dr=https%3A%2F%2Fpaynow.cardx.com%2F&dt=CardX%20Lightbox&sid=1727221666&sct=1&seg=0&en=page%20loaded&_fv=1&_ss=1&_ee=1&ep.ua_dimension_1=prd&ep.ua_dimension_2=payment&ep.ua_dimension_6=0&ep.ua_dimension_7=0&ep.ua_dimension_8=0&ep.ua_dimension_9=0&ep.ua_dimension_11=0&ep.ua_dimension_12=0&ep.ua_dimension_13=0&ep.ua_dimension_14=0&ep.ua_dimension_15=0&ep.ua_dimension_16=0&ep.ua_dimension_17=0&ep.ua_dimension_18=0&ep.ua_dimension_19=0&ep.ua_dimension_20=0&ep.event_category=lifecycle&ep.event_label=performep1&ep.value=0&tfd=1478
Requested by: Host: lightbox.cardx.com
URL: https://lightbox.cardx.com/js/app.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://lightbox.cardx.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://lightbox.cardx.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Tue, 24 Sep 2024 23:47:46 GMT
content-type: text/plain
server: Golfe2

POST
H2 200 / Show response
cognito-identity.us-east-2.amazonaws.com/ Frame 7225 2 KB
2 KB 128ms
127ms XHR
application/x-amz-json-1.1 2600:1f16:abe:c800:3c0c:2567:194d:59a5
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cognito-identity.us-east-2.amazonaws.com/

Requested by

Host: lightbox.cardx.com
URL: https://lightbox.cardx.com/js/app.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1f16:abe:c800:3c0c:2567:194d:59a5 Columbus, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

e258a2f392ed8be20716e4f09161e6d477beb255e0a384fc1589a9ed2892412c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

X-Amz-Content-Sha256: 9fe120920fb9448222d9f873e87934c86238f073d3153c25149576ec078be38f
X-Amz-User-Agent: aws-sdk-js/2.733.0 callback
X-Amz-Target: AWSCognitoIdentityService.GetCredentialsForIdentity
Referer: https://lightbox.cardx.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: application/x-amz-json-1.1

Response headers

x-amzn-requestid: 965ccc2c-1dba-42cf-a249-8aea6a5884a5
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
access-control-expose-headers: x-amzn-RequestId,x-amzn-ErrorType,x-amzn-ErrorMessage,Date
content-length: 1804
date: Tue, 24 Sep 2024 23:47:46 GMT
content-type: application/x-amz-json-1.1

GET
H2 200 mastercard.svg
static.cardx.com/images/card_brands/ Frame 7225 12 KB
5 KB 39ms
25ms Image
image/svg+xml 2606:4700::6812:9ce
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.cardx.com/images/card_brands/mastercard.svg

Requested by

Host: lightbox.cardx.com
URL: https://lightbox.cardx.com/css/app.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:9ce , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a5eecaccb435a425096b5ee93c07f72ebf6e8b4528f226df7240d83dca2b7dba

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://lightbox.cardx.com/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"f3f1a086047d9532e68cce0888b7c8ef"
age: 2946
x-content-type-options: nosniff
expires: Wed, 25 Sep 2024 03:47:46 GMT
x-cache: Hit from cloudfront
x-amz-cf-id: Hdc-xEXnSrpBFxrg5APSsBYfjwojYbhf0Ib9xdXUCaRardlE8W4leQ==
date: Tue, 24 Sep 2024 23:47:46 GMT
content-type: image/svg+xml
last-modified: Fri, 30 Apr 2021 13:18:03 GMT
vary: Accept-Encoding
strict-transport-security: max-age=0; includeSubDomains; preload
cache-control: public, max-age=14400
via: 1.1 82514a5a8cf35fb3132b0b5ab9cb724c.cloudfront.net (CloudFront)
cf-ray: 8c86a958dc9f3a60-FRA
x-amz-cf-pop: FRA56-P3
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 visa.svg
static.cardx.com/images/card_brands/ Frame 7225 3 KB
1 KB 38ms
23ms Image
image/svg+xml 2606:4700::6812:9ce
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.cardx.com/images/card_brands/visa.svg

Requested by

Host: lightbox.cardx.com
URL: https://lightbox.cardx.com/css/app.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:9ce , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

de8dcb9e3e77931f81e767d448bbc4cb884242d61c58c3b117094d9ea1a7e589

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://lightbox.cardx.com/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"ef59168cf5af7f238aa14b687a1de740"
age: 2946
x-content-type-options: nosniff
expires: Wed, 25 Sep 2024 03:47:46 GMT
x-cache: Hit from cloudfront
x-amz-cf-id: JN6Ur-NFSRkOKFiiiMUmBhl5VVNb00Us_uJRQfM10r2NiKzEyZVb6A==
date: Tue, 24 Sep 2024 23:47:46 GMT
content-type: image/svg+xml
last-modified: Fri, 30 Apr 2021 13:18:02 GMT
vary: Accept-Encoding
strict-transport-security: max-age=0; includeSubDomains; preload
cache-control: public, max-age=14400
via: 1.1 bf9e29084831d9a2b72227f617c2b80c.cloudfront.net (CloudFront)
cf-ray: 8c86a958cc9d3a60-FRA
x-amz-cf-pop: ARN53-P2
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 discover.svg
static.cardx.com/images/card_brands/ Frame 7225 6 KB
2 KB 41ms
26ms Image
image/svg+xml 2606:4700::6812:9ce
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.cardx.com/images/card_brands/discover.svg

Requested by

Host: lightbox.cardx.com
URL: https://lightbox.cardx.com/css/app.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:9ce , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

76eea222330e809641e05ba11b5ba1f1903d62e42c8bc27305a49ba91d469e30

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://lightbox.cardx.com/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"718eaa655cf429a4a6b2ac1443498830"
age: 2946
x-content-type-options: nosniff
expires: Wed, 25 Sep 2024 03:47:46 GMT
x-cache: Hit from cloudfront
x-amz-cf-id: 0sVSHXYfLdx6HlSC6YS8gvHZ-qVO4efLLhIttEAoMHvd99m9gU7Wmw==
date: Tue, 24 Sep 2024 23:47:46 GMT
content-type: image/svg+xml
last-modified: Fri, 30 Apr 2021 13:18:01 GMT
vary: Accept-Encoding
strict-transport-security: max-age=0; includeSubDomains; preload
cache-control: public, max-age=14400
via: 1.1 bafba29f1325f15932567e0ae2d444a4.cloudfront.net (CloudFront)
cf-ray: 8c86a958dc9e3a60-FRA
x-amz-cf-pop: FRA56-P3
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 amex.svg
static.cardx.com/images/card_brands/ Frame 7225 8 KB
3 KB 39ms
25ms Image
image/svg+xml 2606:4700::6812:9ce
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.cardx.com/images/card_brands/amex.svg

Requested by

Host: lightbox.cardx.com
URL: https://lightbox.cardx.com/css/app.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:9ce , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

661f86cd301ee59619bc200ebb2483a78526e16384f882f45d215d665221317e

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://lightbox.cardx.com/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"0f407bccde6eb1a77e3c5a10acceae05"
age: 2946
x-content-type-options: nosniff
expires: Wed, 25 Sep 2024 03:47:46 GMT
x-cache: Hit from cloudfront
x-amz-cf-id: 2s2Emqhs85vhWUN-9vNHNhdwoYLqndcrbvOaoIthvUG3h1-HUDbfxg==
date: Tue, 24 Sep 2024 23:47:46 GMT
content-type: image/svg+xml
last-modified: Fri, 30 Apr 2021 13:18:02 GMT
vary: Accept-Encoding
strict-transport-security: max-age=0; includeSubDomains; preload
cache-control: public, max-age=14400
via: 1.1 4f04fd3192b8e206f3b06830e1587d80.cloudfront.net (CloudFront)
cf-ray: 8c86a958dca13a60-FRA
x-amz-cf-pop: VIE50-P1
server: cloudflare
x-amz-server-side-encryption: AES256

GET
DATA 200
OK truncated
/ Frame 7225 187 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7fbd6599d1c93232e19b62f9a23cacb08b8b0abfb180edbf3f8098d32a78c351

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
H2 200 cardx-logo.svg
lightbox.cardx.com/img/ Frame 7225 3 KB
1 KB 266ms
265ms Image
image/svg+xml 2606:4700::6812:9ce
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lightbox.cardx.com/img/cardx-logo.svg

Requested by

Host: lightbox.cardx.com
URL: https://lightbox.cardx.com/css/app.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:9ce , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

247164272c2c97967994c15dc625fc7da1048c60d6f5f9cf7082c33254461da7

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://lightbox.cardx.com/css/app.css

Response headers

content-encoding: gzip
cf-cache-status: MISS
etag: W/"857358cc632c85616935a9635e74c83a"
x-content-type-options: nosniff
x-cache: RefreshHit from cloudfront
x-amz-cf-id: mFOIQCSJlDlhZzrliGaq8VpIiLEEFppvrAbYJqM_rCr0PDn5RnsijA==
date: Tue, 24 Sep 2024 23:47:46 GMT
content-type: image/svg+xml
last-modified: Wed, 11 Sep 2024 14:08:08 GMT
vary: Accept-Encoding
strict-transport-security: max-age=0; includeSubDomains; preload
cache-control: no-cache
via: 1.1 506bffda4b1949c4425629ce0bdce052.cloudfront.net (CloudFront)
cf-ray: 8c86a958bc8e3a60-FRA
x-amz-cf-pop: FRA56-P12
server: cloudflare

GET
H2 200 bg_lightbox.svg
lightbox.cardx.com/img/ Frame 7225 24 KB
5 KB 267ms
267ms Image
image/svg+xml 2606:4700::6812:9ce
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lightbox.cardx.com/img/bg_lightbox.svg

Requested by

Host: lightbox.cardx.com
URL: https://lightbox.cardx.com/css/app.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:9ce , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

33dd9e0d6a9f2b88c6e9edf1ca0c7ae3892368b946d26ea4c9cc884cd125da42

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://lightbox.cardx.com/css/app.css

Response headers

content-encoding: gzip
cf-cache-status: MISS
etag: W/"68d598aa08b8ee918d3c70da6d2f1f59"
x-content-type-options: nosniff
x-cache: RefreshHit from cloudfront
x-amz-cf-id: 7TkNTZTjUqGxFn5c3B2Sa81BK8hh2Nnpnq5at8b7NUY4KrZ4i0wM1A==
date: Tue, 24 Sep 2024 23:47:46 GMT
content-type: image/svg+xml
last-modified: Wed, 11 Sep 2024 14:08:08 GMT
vary: Accept-Encoding
strict-transport-security: max-age=0; includeSubDomains; preload
cache-control: no-cache
via: 1.1 e787a68a5271d06ea7b7e56fa6886dc8.cloudfront.net (CloudFront)
cf-ray: 8c86a958bc913a60-FRA
x-amz-cf-pop: FRA56-P12
server: cloudflare

GET
H3 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v32/ Frame 7225 18 KB
18 KB 7ms
7ms Font
font/woff2 142.250.186.163
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500,700

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.163 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f3.1e100.net

Software

sffe /

Resource Hash

ae0e442895406e9922237108496c2cd60f4947649a826463e2da9860b5c25dd6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://lightbox.cardx.com
Referer: https://fonts.googleapis.com/

Response headers

age: 55791
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Wed, 24 Sep 2025 08:17:55 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 24 Sep 2024 08:17:55 GMT
last-modified: Thu, 01 Aug 2024 20:41:24 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 18588
x-xss-protection: 0
server: sffe

GET
H3 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v32/ Frame 7225 18 KB
18 KB 8ms
8ms Font
font/woff2 142.250.186.163
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500,700

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.163 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f3.1e100.net

Software

sffe /

Resource Hash

d9bada3a44bb2ffa66dec5cc781cafc9ef17ed876cd9b0c5f7ef18228b63cebb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://lightbox.cardx.com
Referer: https://fonts.googleapis.com/

Response headers

age: 60526
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Wed, 24 Sep 2025 06:59:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 24 Sep 2024 06:59:00 GMT
last-modified: Thu, 01 Aug 2024 20:41:21 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 18596
x-xss-protection: 0
server: sffe

OPTIONS
H/1.1 200
OK /
firehose.us-east-2.amazonaws.com/ Frame 0
0 420ms
102ms Preflight 3.15.36.125
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://firehose.us-east-2.amazonaws.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 3.15.36.125 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-15-36-125.us-east-2.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,x-amz-content-sha256,x-amz-date,x-amz-security-token,x-amz-target,x-amz-user-agent
Access-Control-Request-Method: POST
Origin: https://lightbox.cardx.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Headers: authorization,content-type,x-amz-content-sha256,x-amz-date,x-amz-security-token,x-amz-target,x-amz-user-agent
Access-Control-Allow-Methods: POST
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: x-amzn-RequestId,x-amzn-ErrorType,x-amz-request-id,x-amz-id-2,x-amzn-ErrorMessage,Date
Access-Control-Max-Age: 172800
Content-Encoding: gzip
Content-Length: 20
Date: Tue, 24 Sep 2024 23:47:46 GMT
x-amzn-RequestId: cb37cb1f-ee85-566f-945a-9afcd8bf38b8

POST
H/1.1 200
OK / Show response
firehose.us-east-2.amazonaws.com/ Frame 7225 257 B
706 B 121ms
120ms XHR
application/x-amz-json-1.1 3.15.36.125
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://firehose.us-east-2.amazonaws.com/
Requested by: Host: lightbox.cardx.com
URL: https://lightbox.cardx.com/js/app.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 3.15.36.125 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-15-36-125.us-east-2.compute.amazonaws.com
Software: /
Resource Hash: 733f93c69cc907d0f54faa558aecd686b31769d7c3ae7c47ee1f80e3630c53f1

Request headers

X-Amz-Content-Sha256: 6403fd0de051056d3205142bc2785a619b75e9d8ae622750f6ec0491da1db73e
X-Amz-User-Agent: aws-sdk-js/2.733.0 callback
Authorization: AWS4-HMAC-SHA256 Credential=ASIAZ6PACFBVRC57UHZW/20240924/us-east-2/firehose/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date;x-amz-security-token;x-amz-target;x-amz-user-agent, Signature=45f69308f60383f5681edc797dab796a889b3782d04f0641d93b95a83f64069c
Referer: https://lightbox.cardx.com/
x-amz-security-token: IQoJb3JpZ2luX2VjEKj//////////wEaCXVzLWVhc3QtMiJHMEUCIQCqFQGKsj5y1r7dmVZjNOTixgSLUdKq2hgOaYdd4LaEgQIgWVO1U+ecg2AdP7NfiEe9abkBNgCjkJ+etUlL3Aif2d4q1AUI4f//////////ARAFGgw2ODM5MDY1NzQ0NDMiDLxMHm2LKxBpAzpDKSqoBbAEUOj7tz9ph4WOo0w3qPROlZFYwzoui2cX0EhmNFL/bAOueKvjSNrN78CNcKPvRcHBHLj1tAkciuLRL6dVzSmyu49mvgRq5XMKCgYNrEyuT4EqYvwfVzxWq+d902quihQJyZVD4ZmGC9mSIc7hkgvlPliTrgMX2RPmYX7FDBlutBQ5PBcdoxXuaGqKx2PFprr6mQn//ZRIPYUt7z4pynV0iIn4xlHyCN3YZS5kIMtMHoBMv3tJsBcZpMm2zpDuEkFn8Hv42gJUGrLciRDW++JrA7z9iYgGmAcPh2XLdRZEc0jJJf2m02NbSVYe2/m7MZZqgIUiONYOsaOeHnM9wlQXDxvMfSF9FQDuxKDHuzQlTvZXIo4OydnUtMnAuqsQ0nH3zqca75/NrtN0o8XS2QdjC7WpblcSfAxUnlvDnTCmEWdo66HHWYWI+eWlaQGeUf/7cxQ4OPgWaQZZLnYrn0xSgdFn9BinZGDhMwoE8tuJsJ9L50RZSB0ZunqBQu5YFwTS7iA4jgU7FNcdMdsGa7y8beoq9AoYvf1xaYeVXBv45goX37vzw2pbOWp7UDeq8Hl9Q/0iPBv5rBp6Y48d4SkxgHgfXpkG8fIu4bzOXxYmX/nv4pecUG69avns+iU/y8f+Ics9EYqEV90/vLRr1xlNqpX7/nsmrXeYVsr0q8DUxWuwqhG7JncGzyenbpm0tHp0zKdBjYMx9EYbyhAjVOjZwjEn1Q3eEZADGjIpTclKcqGO7HcSSau521P1QXiES2VUT+e6tDOHLPzhalvN377CGcK8eEDoi/0Qubs6zdLe+qcuZ9UBfb/X1J6XlFXQjQM2RKvqPYqIGxCBDMLgO9tkZZO2W0sPnwkz6WX1C4MoNl5teOBsq0B0XHq8z8j0X/GyMvZyKBO7MKKfzbcGOtsCBzW7tM3z69CZeXEsTpatbCVp3k8NGmzY7klSHuiYf3vQYqNqLfOnPf1S6ductsesOwfJm+QsV0Uk3HY6eYtHjOJQK+Q9MXAPHxgpJe/g1wNlcaZZI/NBtxxB7sVAuaUcnLJi9CKu35JrZBUkF5vtXN0bsTHwM4iKmK19S0SK4e8hCcXiIEBSKLTCBwxdq6GuEerHTcOPF8j9momIqrRcPn+1nHWZBBCErJufRx+ELaHlVRwyQmdu5R5mNiMfTkeZFZdWYg7FJ4DYXJUBOazbdK2tSO2nYzaaDiwmJmZaN7iVd75jD7hxgrxxqARtfJGxryAuz8m0t1NRrKqNI/pUzrFuyY/B7XCM65lOCWpCKAtE17Ik+RV+pg8geOngrY7LNAf+bY/aQZ/6S9uNPAXirdAgg/njU5Vj1AnMFJA6uzQBMxlv8enY++pEPFAMVZYnawfT73g81oqM1yA=
X-Amz-Target: Firehose_20150804.PutRecord
X-Amz-Date: 20240924T234746Z
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: application/x-amz-json-1.1

Response headers

Access-Control-Expose-Headers: x-amzn-RequestId,x-amzn-ErrorType,x-amz-request-id,x-amz-id-2,x-amzn-ErrorMessage,Date
Content-Encoding: gzip
x-amzn-RequestId: f6763649-24f4-aa2f-a91b-67aa12cec4f8
Access-Control-Allow-Origin: *
Content-Length: 246
Date: Tue, 24 Sep 2024 23:47:47 GMT
Content-Type: application/x-amz-json-1.1
x-amz-id-2: wAV8hI1L1AyA92MN5dtrmOGCNtRzgHAht1ulzKNHXsq3LXsy+ay7LHjBE9Jtwn8QOc7waGzBdk/xpW8cGAL2FmQGAUPC43iy

GET
H2 200 lib.js Show response
src.mastercard.com/srci/integration/2/ Frame 96F4 2 MB
220 B 34ms
33ms Script
application/x-javascript 23.213.161.201
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://src.mastercard.com/srci/integration/2/lib.js?locale=en_US

Requested by

Host: cardfield.cardx.com
URL: https://cardfield.cardx.com/?account=performep1&mode=payment&amount=0&session=66F34FA2666699F47ACF11EF83EDBE68DC42F2BC0DD&sessionID=c497ec31-7a7e-47e6-bbba-9ae496afb4b3&awsEnvironment=prd&preferCardxPricing=false&gateway=PnP

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.213.161.201 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-213-161-201.deploy.static.akamaitechnologies.com

Software

undisclosed /

Resource Hash

efc26b9628ce89621856b332f2f8036d6cb217ca8658f21b01d604afe9bb6865

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400 ; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://cardfield.cardx.com/

Response headers

strict-transport-security: max-age=86400 ; includeSubDomains
cache-control: max-age=0, no-cache
content-encoding: gzip
pragma: no-cache
etag: "878e35893282f9fa7ac5a61fd96c94ad:1725541448.155213"
expires: Tue, 24 Sep 2024 23:47:47 GMT
accept-ranges: bytes
content-length: 423776
date: Tue, 24 Sep 2024 23:47:47 GMT
last-modified: Thu, 05 Sep 2024 12:40:35 GMT
content-type: application/x-javascript
server: undisclosed
vary: Accept-Encoding

GET
H2 200 app.css
cardfield.cardx.com/css/ Frame 96F4 31 KB
6 KB 446ms
446ms Stylesheet
text/css 2606:4700::6812:9ce
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cardfield.cardx.com/css/app.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:9ce , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

93f1be7c2cb7ad849075be8cd4b63e655689c526315cf5abb866dee1802cf103

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://cardfield.cardx.com/?account=performep1&mode=payment&amount=0&session=66F34FA2666699F47ACF11EF83EDBE68DC42F2BC0DD&sessionID=c497ec31-7a7e-47e6-bbba-9ae496afb4b3&awsEnvironment=prd&preferCardxPricing=false&gateway=PnP

Response headers

content-encoding: gzip
cf-cache-status: MISS
etag: W/"baca8840e4bedc4c1db1e3229bceaa95"
x-content-type-options: nosniff
x-cache: RefreshHit from cloudfront
x-amz-cf-id: DppbPHdIGCdwzJsbUicC9RJRbqDlDJsBPbwDSEVOYA52O7GgVBBT2Q==
date: Tue, 24 Sep 2024 23:47:47 GMT
content-type: text/css
last-modified: Fri, 21 Jun 2024 17:05:11 GMT
vary: Accept-Encoding
strict-transport-security: max-age=0; includeSubDomains; preload
cache-control: no-cache
via: 1.1 f1b6636265d2ca44d8a0ca5488a5ec0c.cloudfront.net (CloudFront)
cf-ray: 8c86a95b3de33a60-FRA
x-amz-cf-pop: FRA60-P10
server: cloudflare

GET
H2 200 app.js Show response
cardfield.cardx.com/js/ Frame 96F4 475 KB
141 KB 288ms
287ms Script
application/javascript 2606:4700::6812:9ce
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cardfield.cardx.com/js/app.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:9ce , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3a71c71d836644fb3097c7c91000dbe6adaf8d4c8c44fc41f48dc8863b61165a

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://cardfield.cardx.com/?account=performep1&mode=payment&amount=0&session=66F34FA2666699F47ACF11EF83EDBE68DC42F2BC0DD&sessionID=c497ec31-7a7e-47e6-bbba-9ae496afb4b3&awsEnvironment=prd&preferCardxPricing=false&gateway=PnP

Response headers

content-encoding: gzip
cf-cache-status: MISS
etag: W/"1e7175086656551b48a2dd9ec296f365"
x-content-type-options: nosniff
x-cache: RefreshHit from cloudfront
x-amz-cf-id: 9YeLOJiFQQcw1SM96Js4QlO7yiCuUOLAsN5l8LyHupRqn_rdFZPk7Q==
date: Tue, 24 Sep 2024 23:47:47 GMT
content-type: application/javascript
last-modified: Fri, 21 Jun 2024 17:05:11 GMT
vary: Accept-Encoding
strict-transport-security: max-age=0; includeSubDomains; preload
cache-control: no-cache
via: 1.1 83f879b9257b55a619d0b5d3165412a6.cloudfront.net (CloudFront)
cf-ray: 8c86a95b3de53a60-FRA
x-amz-cf-pop: FRA60-P10
server: cloudflare

GET
H2 200 datadog-logs-us.js Show response
www.datadoghq-browser-agent.com/ Frame 96F4 33 KB
0 0ms
0ms Script
application/javascript 13.33.219.205
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.datadoghq-browser-agent.com/datadog-logs-us.js
Requested by: Host: cardfield.cardx.com
URL: https://cardfield.cardx.com/js/app.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.219.205 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-33-219-205.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6ef43fd8aa0d64cceb10d6c478c94ef2e4049f165ac5edae88854cea85333230

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://cardfield.cardx.com/

Response headers

cache-control: max-age=14400, s-maxage=60
timing-allow-origin: *
content-encoding: gzip
etag: W/"db11d410d4863029081228535272ffd9"
age: 29
via: 1.1 0ccdc706b9b907d47a4960eec0e95f2a.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: 0PvlrcVZSPjwbz3xRfN9-eK0noi0BpL8gGYcMdAMl4Qzf7ybRnwN8g==
date: Tue, 24 Sep 2024 23:47:17 GMT
content-type: application/javascript
last-modified: Tue, 27 Jul 2021 15:01:21 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P10
vary: Accept-Encoding

GET
H2 404 favicon.ico
paynow.cardx.com/ 71 B
1 KB 21ms
20ms Other
application/json 2606:4700::6812:9ce
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://paynow.cardx.com/favicon.ico

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:9ce , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5c8cb169258225f4f844c877b9d92b07dd3bfc75802af4932fafdeadeda26d9e

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://paynow.cardx.com/performanceengineered

Response headers

x-cardx-environment: prd
x-cardx-invocation: 2ec07fa8-ac9b-4d2d-b96f-d64cb5f5f25d
content-encoding: gzip
cf-cache-status: HIT
age: 32
report-to: {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=EY_Pvm1hO.zQL6ule_oqThWdozE94BIN.U0AI1Ha5KM-1727221667-1.0.1.1-nUkRq9EzeMWt7FdXHq6eFMKJsHWkCIBD8UB4iHLO0gAB3dTSuOYMX8UAcIPnzXKUQBqOqWf1Xj_T4.qf2DUf7uqMzvaaO37whmIApJcGFdiaGozGaP9h5wI_GzmTGVSghNiEGK4zfDFZu38f33S_18ZVmExyo30NTN5Y8LypSo0"}],"group":"cf-csp-endpoint","max_age":86400}
x-content-type-options: nosniff
x-amzn-requestid: 008d93e4-22e2-4142-ae77-e3628622c0d6
expires: Wed, 25 Sep 2024 03:47:47 GMT
x-cache: Error from cloudfront
x-amz-cf-id: PfKvIncHRBdPZ47lT-GdgQoKbp2DUQt1yNKbFD5lknFcZU1EE-ZUgg==
date: Tue, 24 Sep 2024 23:47:47 GMT
content-type: application/json
vary: Accept-Encoding
strict-transport-security: max-age=0; includeSubDomains; preload
cache-control: public, max-age=14400
x-amz-apigw-id: eolclHs7iYcEEPA=
x-amzn-trace-id: Root=1-66f34f83-4fbf189e4e74e4c149470a14;Parent=10e14e48a4f0c54a;Sampled=0;Lineage=1:60044c1f:0
content-security-policy-report-only: script-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=EY_Pvm1hO.zQL6ule_oqThWdozE94BIN.U0AI1Ha5KM-1727221667-1.0.1.1-nUkRq9EzeMWt7FdXHq6eFMKJsHWkCIBD8UB4iHLO0gAB3dTSuOYMX8UAcIPnzXKUQBqOqWf1Xj_T4.qf2DUf7uqMzvaaO37whmIApJcGFdiaGozGaP9h5wI_GzmTGVSghNiEGK4zfDFZu38f33S_18ZVmExyo30NTN5Y8LypSo0; report-to cf-csp-endpoint
via: 1.1 797e08d987207122bff536abc6502d6c.cloudfront.net (CloudFront)
cf-ray: 8c86a95e48313a60-FRA
x-amz-cf-pop: ARN56-P1
server: cloudflare

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: lightbox.cardx.com
URL: blob:https://lightbox.cardx.com/5cf120b3-e1a1-4646-b3fe-b62e0bb769d5

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| handleResponse object| CardX

10 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.cardx.com/	1970-01-20 23:47:03	Name: __cf_bm Value: swIak1L0BTnadwdfho98lSxszje9F3nzfssON522qD8-1727221664-1.0.1.1-96isWxHEKC1Kpfxg1VOm_o3wJyzRkrWXHXqTGuxDKGepFmsxRkY99na2B0W4L4j.iNyVqwjPjCg6vc10SbjKKw
lightbox.cardx.com/	1970-01-20 23:47:02	Name: _dd_s Value: logs=1&id=d37fff51-2375-401c-9af1-0f68f090b6fa&created=1727221665996&expire=1727222565996
lightbox.cardx.com/	1970-01-20 23:48:28	Name: _lr_tabs_-xksw0w%2Flightbox Value: {%22sessionID%22:0%2C%22recordingID%22:%225-37821f92-23f4-4a36-b1bc-0630093a5c18%22%2C%22lastActivity%22:1727221666040}
lightbox.cardx.com/	1970-01-20 23:48:28	Name: _lr_hb_-xksw0w%2Flightbox Value: {%22heartbeat%22:1727221666040}
lightbox.cardx.com/	1969-12-31 23:59:59	Name: _lr_uf_-xksw0w Value: 6f7f3a76-cc6c-4b93-b0eb-5092b171dee4
.cardx.com/	1970-01-21 09:23:01	Name: _ga Value: GA1.2.1242849683.1727221666
.cardx.com/	1970-01-20 23:48:28	Name: _gid Value: GA1.2.195489219.1727221666
.cardx.com/	1970-01-20 23:47:01	Name: _gat_UA-164864639-1 Value: 1
.cardx.com/	1970-01-21 09:23:01	Name: _ga_73YYPMRY3Q Value: GS1.2.1727221666.1.0.1727221666.0.0.0
cardfield.cardx.com/	1970-01-20 23:47:02	Name: _dd_s Value: logs=1&id=2c11567b-12b9-4e95-96e3-d13646a260e2&created=1727221667555&expire=1727222567555

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://paynow.cardx.com/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.lightbox.cardx.com
cardfield.cardx.com
cardx.com
cdn.lr-ingest.io
cognito-identity.us-east-2.amazonaws.com
firehose.us-east-2.amazonaws.com
fonts.googleapis.com
fonts.gstatic.com
lightbox.cardx.com
paynow.cardx.com
region1.google-analytics.com
sdk.amazonaws.com
src.mastercard.com
static.cardx.com
www.datadoghq-browser-agent.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.gstatic.com
lightbox.cardx.com
13.33.219.205
13.35.58.23
142.250.185.100
142.250.186.163
188.114.97.3
2001:4860:4802:32::36
216.58.206.35
23.213.161.201
2600:1f16:abe:c800:3c0c:2567:194d:59a5
2606:4700::6812:9ce
2a00:1450:4001:806::200e
2a00:1450:4001:827::200a
2a00:1450:4001:831::2008
3.15.36.125
056419e49abaa5d19133876c0f98152b27424c8d20fe0c366fde6674290ff516
069de3eb2e0f5d02852dabf0d0e125221adcb1a2f9e40c45cd4b34f883a244ac
0a51a36f00a9a0d999e9e1b0e405c4f5ad186b4405deb38d76d1f491c94cab17
10dc8d7e0f36ad69ad5acf524d0bde7a90e0eef97f011e85c8290cdd25f73f69
16073be3e8270933daa3339edcfd7a06d5bb58b9307e4d23bbfb539ddc4882f0
1b21d0dfad8f4d09e9a1649d6a16e3577e340a78ccbacbeec6250a43ba20113d
2105a17e28ac6a33f66d1b40b684eb238b08ad36293c99eb6ca0a74ef197cfff
247164272c2c97967994c15dc625fc7da1048c60d6f5f9cf7082c33254461da7
33dd9e0d6a9f2b88c6e9edf1ca0c7ae3892368b946d26ea4c9cc884cd125da42
3a71c71d836644fb3097c7c91000dbe6adaf8d4c8c44fc41f48dc8863b61165a
3f1ab954635b41451525eb1f5d429d33f83d4fd41257f3bcf907b1d0da802b46
4cded695ea9b62af3bf96c34af04858fcba9b54c756afb5f3c1cff33762bf8a4
4dd49d1f89345b2f261ee71d4ce0020ec9abceecf6048b443f3bc4d6386c546f
5bf160b9c0af6293fea77f288e76342b71146ade32ba6853ea5fd91f82249e3f
5c8cb169258225f4f844c877b9d92b07dd3bfc75802af4932fafdeadeda26d9e
5ec0e52be39ffb84f43ea25470dafcf47cf4812a84f96b36c597f2e84a089964
60a97f5a0cd03b9b14e0b639a76bd73a526c08c6ac1017709141336a9b31b465
661f86cd301ee59619bc200ebb2483a78526e16384f882f45d215d665221317e
6ef43fd8aa0d64cceb10d6c478c94ef2e4049f165ac5edae88854cea85333230
733f93c69cc907d0f54faa558aecd686b31769d7c3ae7c47ee1f80e3630c53f1
76eea222330e809641e05ba11b5ba1f1903d62e42c8bc27305a49ba91d469e30
7fbd6599d1c93232e19b62f9a23cacb08b8b0abfb180edbf3f8098d32a78c351
89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571
91078512f0e905681d2ae495b923fb73e5d7ec1eafd5a68bac8906750f715ee6
93f1be7c2cb7ad849075be8cd4b63e655689c526315cf5abb866dee1802cf103
9fe120920fb9448222d9f873e87934c86238f073d3153c25149576ec078be38f
a5eecaccb435a425096b5ee93c07f72ebf6e8b4528f226df7240d83dca2b7dba
a7ad2666cfdc2495ef3849d47ea1144f4a493efffa9aeeb4448e60488aec66d3
a937d31547259b084ecc7b75529ddef3b003c35d4ed095aa35f0fb9f93dbaf59
ae0e442895406e9922237108496c2cd60f4947649a826463e2da9860b5c25dd6
bce944d7b7b36395aff9bd660b45b3cf5ec158aaa514273907ce9cb2b19a3dfe
d7b88e62a0f6d08977e37ad2c35091dd51ce010e46cb7c0c773df0cdb0fe475c
d9bada3a44bb2ffa66dec5cc781cafc9ef17ed876cd9b0c5f7ef18228b63cebb
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
de8dcb9e3e77931f81e767d448bbc4cb884242d61c58c3b117094d9ea1a7e589
e258a2f392ed8be20716e4f09161e6d477beb255e0a384fc1589a9ed2892412c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e9c4b03ea1be99b31a93a49be01266e87c9644842379f93f8462b168d5e7ad8e
efc26b9628ce89621856b332f2f8036d6cb217ca8658f21b01d604afe9bb6865
f38af2fc4770e8bcaaad557bd920fc17d2d0b22ac4e215737b6566cbba581da7

paynow.cardx.com Open in urlscan Pro 2606:4700::6812:9ce Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

47 Requests

98 %HTTPS

43 %IPv6

10 Domains

19 Subdomains

15 IPs

3 Countries

2726 kBTransfer

13909 kBSize

10 Cookies

0 Outgoing links

Page URL History

Redirected requests

47 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

paynow.cardx.com Open in urlscan Pro
2606:4700::6812:9ce Public Scan

Screenshot
Live screenshot

Full Image

47
Requests

98 %
HTTPS

43 %
IPv6

10
Domains

19
Subdomains

15
IPs

3
Countries

2726 kB
Transfer

13909 kB
Size

10
Cookies

47 HTTP transactions
1 data transactions