urlscan.io logo urlscan.io
SecurityTrails logo

accounts.cardconnect.com Open in urlscan Pro
66.22.22.228  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://accounts.cardconnect.com/auth/realms/cardconnect/protocol/openid-connect/auth?response_type=code&client_id=copilot&scope=...
Effective URL: https://accounts.cardconnect.com/auth/realms/cardconnect/protocol/openid-connect/auth?response_type=code&client_id=copilot&scope=...
Submission: On March 21 via manual from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 1 countries across 2 domains to perform 12 HTTP transactions. The main IP is 66.22.22.228, located in United States and belongs to RADWARE-CLOUD-SERVICES, US. The main domain is accounts.cardconnect.com. The Cisco Umbrella rank of the primary domain is 336497.
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on January 5th 2024. Valid for: a year.
This is the only time accounts.cardconnect.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
6 66.22.22.228 25773 (RADWARE-C...)
2 4 198.62.138.17 11121 (FIRSTDATA...)
1 130.211.29.114 396982 (GOOGLE-CL...)
2 35.241.15.240 396982 (GOOGLE-CL...)
12 5
Apex Domain
Subdomains		 Transfer
10 cardconnect.com
accounts.cardconnect.com — Cisco Umbrella Rank: 336497
copilot.cardconnect.com — Cisco Umbrella Rank: 896862 Failed
502 KB
3 perfdrive.com
cdn.perfdrive.com — Cisco Umbrella Rank: 33002
cas.avalon.perfdrive.com — Cisco Umbrella Rank: 11327
9 KB
12 2
Domain Requested by
6 accounts.cardconnect.com accounts.cardconnect.com
copilot.cardconnect.com
4 copilot.cardconnect.com accounts.cardconnect.com
2 cas.avalon.perfdrive.com cdn.perfdrive.com
1 cdn.perfdrive.com accounts.cardconnect.com
12 4

This site contains no links.

Subject Issuer Validity Valid
*.cardconnect.com
Go Daddy Secure Certificate Authority - G2		 2024-01-05 -
2025-02-05		 a year crt.sh
*.perfdrive.com
Go Daddy Secure Certificate Authority - G2		 2023-09-21 -
2024-09-26		 a year crt.sh
cas.avalon.perfdrive.com
Go Daddy Secure Certificate Authority - G2		 2023-07-24 -
2024-08-05		 a year crt.sh

This page contains 1 frames:

Primary Page: https://accounts.cardconnect.com/auth/realms/cardconnect/protocol/openid-connect/auth?response_type=code&client_id=copilot&scope=openid&state=dXTK3MgHm9aPotRBJqRHYUm4_i7qqJ7tAR5Hs2yFgkM%3D&redirect_uri=https://copilot.cardconnect.com/copilot/login/oauth2/code/copilot&nonce=2N_enT5lgpXyv6kKgq6HF-H_I-LxT81Jj-mIF8OBnEo
Frame ID: FC651D6960D8114C1074F6850C9763B9
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Log into Copilot

Page URL History Show full URLs

  1. https://accounts.cardconnect.com/auth/realms/cardconnect/protocol/openid-connect/auth?response_type=code&clie... Page URL
  2. https://copilot.cardconnect.com/ HTTP 302
    https://copilot.cardconnect.com/copilot Page URL
  3. https://copilot.cardconnect.com/copilot/oauth2/authorization/copilot HTTP 302
    https://accounts.cardconnect.com/auth/realms/cardconnect/protocol/openid-connect/auth?response_type=code&clie... Page URL

Page Statistics

12
Requests

92 %
HTTPS

0 %
IPv6

2
Domains

4
Subdomains

5
IPs

1
Countries

508 kB
Transfer

993 kB
Size

17
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://accounts.cardconnect.com/auth/realms/cardconnect/protocol/openid-connect/auth?response_type=code&client_id=copilot&scope=openid&state=g-lidGV9ojKMwxHn7eoSOh2gAAtGRlv6y25m0hONhug%3D&redirect_uri=https://copilot.cardpointe.com/copilot/login/oauth2/code/copilot&nonce=N9tSSgahf0_S2bZhfRhM3VudaZJ1wDy2jwhi5hZRJqw Page URL
  2. https://copilot.cardconnect.com/ HTTP 302
    https://copilot.cardconnect.com/copilot Page URL
  3. https://copilot.cardconnect.com/copilot/oauth2/authorization/copilot HTTP 302
    https://accounts.cardconnect.com/auth/realms/cardconnect/protocol/openid-connect/auth?response_type=code&client_id=copilot&scope=openid&state=dXTK3MgHm9aPotRBJqRHYUm4_i7qqJ7tAR5Hs2yFgkM%3D&redirect_uri=https://copilot.cardconnect.com/copilot/login/oauth2/code/copilot&nonce=2N_enT5lgpXyv6kKgq6HF-H_I-LxT81Jj-mIF8OBnEo Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 3
  • https://copilot.cardconnect.com/ HTTP 302
  • https://copilot.cardconnect.com/copilot

12 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
auth
accounts.cardconnect.com/auth/realms/cardconnect/protocol/openid-connect/ 		5 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://accounts.cardconnect.com/auth/realms/cardconnect/protocol/openid-connect/auth?response_type=code&client_id=copilot&scope=openid&state=g-lidGV9ojKMwxHn7eoSOh2gAAtGRlv6y25m0hONhug%3D&redirect_uri=https://copilot.cardpointe.com/copilot/login/oauth2/code/copilot&nonce=N9tSSgahf0_S2bZhfRhM3VudaZJ1wDy2jwhi5hZRJqw
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
66.22.22.228 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
0b23cdd86119f0a570754f2592e02193fbca394bd78ef1c59e3c245552fa1ae4
Security Headers
Name Value
Content-Security-Policy frame-src 'self'; frame-ancestors 'self'; object-src 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Encoding
gzip
Content-Language
en
Content-Security-Policy
frame-src 'self'; frame-ancestors 'self'; object-src 'none';
Content-Type
text/html;charset=utf-8
Date
Thu, 21 Mar 2024 11:47:28 GMT
Referrer-Policy
no-referrer
Strict-Transport-Security
max-age=31536000; includeSubDomains
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-Robots-Tag
none
X-XSS-Protection
1; mode=block
login.0.0.22.css
accounts.cardconnect.com/auth/resources/prcgb/login/cardconnect/css/ 		291 KB
56 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://accounts.cardconnect.com/auth/resources/prcgb/login/cardconnect/css/login.0.0.22.css
Requested by
Host: accounts.cardconnect.com
URL: https://accounts.cardconnect.com/auth/realms/cardconnect/protocol/openid-connect/auth?response_type=code&client_id=copilot&scope=openid&state=g-lidGV9ojKMwxHn7eoSOh2gAAtGRlv6y25m0hONhug%3D&redirect_uri=https://copilot.cardpointe.com/copilot/login/oauth2/code/copilot&nonce=N9tSSgahf0_S2bZhfRhM3VudaZJ1wDy2jwhi5hZRJqw
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
66.22.22.228 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
17d3faa6cc4201e611c5fc505ce13012101544264e18490f3c2fd30e1d7f2aa7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Date
Thu, 21 Mar 2024 11:47:28 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
Referrer-Policy
no-referrer
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/css;charset=UTF-8
Cache-Control
max-age=2592000
Connection
keep-alive
X-XSS-Protection
1; mode=block
copilot_logo.png
copilot.cardconnect.com/copilot/logos/branding/ 		0
0
copilot
copilot.cardconnect.com/
Redirect Chain
  • https://copilot.cardconnect.com/
  • https://copilot.cardconnect.com/copilot
656 B
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://copilot.cardconnect.com/copilot
Requested by
Host: accounts.cardconnect.com
URL: https://accounts.cardconnect.com/auth/realms/cardconnect/protocol/openid-connect/auth?response_type=code&client_id=copilot&scope=openid&state=g-lidGV9ojKMwxHn7eoSOh2gAAtGRlv6y25m0hONhug%3D&redirect_uri=https://copilot.cardpointe.com/copilot/login/oauth2/code/copilot&nonce=N9tSSgahf0_S2bZhfRhM3VudaZJ1wDy2jwhi5hZRJqw
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
198.62.138.17 , United States, ASN11121 (FIRSTDATACORP-DB, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self'; frame-ancestors 'none'; img-src 'self' cardconnect.com *.cardconnect.com cardpointe.com *.cardpointe.com merchantinfoonline.com *.merchantinfoonline.com *.clover.com fast.trychameleon.com fast.chmln-cdn.com www.google-analytics.com data:; connect-src 'self' www.google-analytics.com maps.googleapis.com fast.trychameleon.com *.perfdrive.com https://*.cardpointe.com https://*.cardconnect.com https://*.cardconnect.com:6443 https://*.cardconnect.com:8443 https://*.prinpay.com https://*.prinpay.com:6443 https://*.prinpay.com:8443; style-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com cdnjs.cloudflare.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com maps.googleapis.com fast.trychameleon.com *.perfdrive.com; form-action 'self'; font-src 'self' cdnjs.cloudflare.com fast.chmln-cdn.com fonts.gstatic.com; object-src 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://accounts.cardconnect.com/auth/realms/cardconnect/protocol/openid-connect/auth?response_type=code&client_id=copilot&scope=openid&state=g-lidGV9ojKMwxHn7eoSOh2gAAtGRlv6y25m0hONhug%3D&redirect_uri=https://copilot.cardpointe.com/copilot/login/oauth2/code/copilot&nonce=N9tSSgahf0_S2bZhfRhM3VudaZJ1wDy2jwhi5hZRJqw
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Connection
keep-alive
Content-Length
656
Content-Security-Policy
default-src 'self'; frame-ancestors 'none'; img-src 'self' cardconnect.com *.cardconnect.com cardpointe.com *.cardpointe.com merchantinfoonline.com *.merchantinfoonline.com *.clover.com fast.trychameleon.com fast.chmln-cdn.com www.google-analytics.com data:; connect-src 'self' www.google-analytics.com maps.googleapis.com fast.trychameleon.com *.perfdrive.com https://*.cardpointe.com https://*.cardconnect.com https://*.cardconnect.com:6443 https://*.cardconnect.com:8443 https://*.prinpay.com https://*.prinpay.com:6443 https://*.prinpay.com:8443; style-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com cdnjs.cloudflare.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com maps.googleapis.com fast.trychameleon.com *.perfdrive.com; form-action 'self'; font-src 'self' cdnjs.cloudflare.com fast.chmln-cdn.com fonts.gstatic.com; object-src 'none';
Content-Type
text/html;charset=UTF-8
Date
Thu, 21 Mar 2024 11:47:28 GMT
Expires
0
Keep-Alive
timeout=60
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
Vary
Origin Access-Control-Request-Method Access-Control-Request-Headers, Accept-Encoding
X-Content-Type-Options
nosniff
X-Frame-Options
DENY
X-XSS-Protection
0

Redirect headers

Connection
Keep-Alive
Content-Length
0
Location
/copilot
Server
CardConnect
Primary Request auth
accounts.cardconnect.com/auth/realms/cardconnect/protocol/openid-connect/
Redirect Chain
  • https://copilot.cardconnect.com/copilot/oauth2/authorization/copilot
  • https://accounts.cardconnect.com/auth/realms/cardconnect/protocol/openid-connect/auth?response_type=code&client_id=copilot&scope=openid&state=dXTK3MgHm9aPotRBJqRHYUm4_i7qqJ7tAR5Hs2yFgkM%3D&redirect...
5 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://accounts.cardconnect.com/auth/realms/cardconnect/protocol/openid-connect/auth?response_type=code&client_id=copilot&scope=openid&state=dXTK3MgHm9aPotRBJqRHYUm4_i7qqJ7tAR5Hs2yFgkM%3D&redirect_uri=https://copilot.cardconnect.com/copilot/login/oauth2/code/copilot&nonce=2N_enT5lgpXyv6kKgq6HF-H_I-LxT81Jj-mIF8OBnEo
Requested by
Host: copilot.cardconnect.com
URL: https://copilot.cardconnect.com/copilot
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
66.22.22.228 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
655329f73cfc29226b9b3ad102871fca299202094a7b844cd60532c4212097e3
Security Headers
Name Value
Content-Security-Policy frame-src 'self'; frame-ancestors 'self'; object-src 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://copilot.cardconnect.com/copilot
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Encoding
gzip
Content-Language
en
Content-Security-Policy
frame-src 'self'; frame-ancestors 'self'; object-src 'none';
Content-Type
text/html;charset=utf-8
Date
Thu, 21 Mar 2024 11:47:29 GMT
Referrer-Policy
no-referrer
Strict-Transport-Security
max-age=31536000; includeSubDomains
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-Robots-Tag
none
X-XSS-Protection
1; mode=block

Redirect headers

Cache-Control
no-cache, no-store, max-age=0, must-revalidate no-cache, no-store, max-age=0, must-revalidate
Connection
keep-alive
Content-Length
0
Content-Security-Policy
default-src 'self'; frame-ancestors 'none'; img-src 'self' cardconnect.com *.cardconnect.com cardpointe.com *.cardpointe.com merchantinfoonline.com *.merchantinfoonline.com *.clover.com fast.trychameleon.com fast.chmln-cdn.com www.google-analytics.com data:; connect-src 'self' www.google-analytics.com maps.googleapis.com fast.trychameleon.com *.perfdrive.com https://*.cardpointe.com https://*.cardconnect.com https://*.cardconnect.com:6443 https://*.cardconnect.com:8443 https://*.prinpay.com https://*.prinpay.com:6443 https://*.prinpay.com:8443; style-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com cdnjs.cloudflare.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com maps.googleapis.com fast.trychameleon.com *.perfdrive.com; form-action 'self'; font-src 'self' cdnjs.cloudflare.com fast.chmln-cdn.com fonts.gstatic.com; object-src 'none'; default-src 'self'; frame-ancestors 'none'; img-src 'self' cardconnect.com *.cardconnect.com cardpointe.com *.cardpointe.com merchantinfoonline.com *.merchantinfoonline.com www.google-analytics.com data:; connect-src 'self' www.google-analytics.com maps.googleapis.com fast.trychameleon.com https://*.cardconnect.com https://*.cardpointe.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com cdnjs.cloudflare.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com maps.googleapis.com fast.trychameleon.com; form-action 'self'; font-src 'self' cdnjs.cloudflare.com fonts.gstatic.com; object-src 'none';
Date
Thu, 21 Mar 2024 11:47:28 GMT
Expires
0
Keep-Alive
timeout=60
Location
https://accounts.cardconnect.com/auth/realms/cardconnect/protocol/openid-connect/auth?response_type=code&client_id=copilot&scope=openid&state=dXTK3MgHm9aPotRBJqRHYUm4_i7qqJ7tAR5Hs2yFgkM%3D&redirect_uri=https://copilot.cardconnect.com/copilot/login/oauth2/code/copilot&nonce=2N_enT5lgpXyv6kKgq6HF-H_I-LxT81Jj-mIF8OBnEo
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
Vary
Origin Access-Control-Request-Method Access-Control-Request-Headers
X-Content-Type-Options
nosniff no-sniff
X-Frame-Options
DENY DENY
X-XSS-Protection
0 1; mode=block
login.0.0.22.css
accounts.cardconnect.com/auth/resources/prcgb/login/cardconnect/css/ 		291 KB
56 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://accounts.cardconnect.com/auth/resources/prcgb/login/cardconnect/css/login.0.0.22.css
Requested by
Host: accounts.cardconnect.com
URL: https://accounts.cardconnect.com/auth/realms/cardconnect/protocol/openid-connect/auth?response_type=code&client_id=copilot&scope=openid&state=dXTK3MgHm9aPotRBJqRHYUm4_i7qqJ7tAR5Hs2yFgkM%3D&redirect_uri=https://copilot.cardconnect.com/copilot/login/oauth2/code/copilot&nonce=2N_enT5lgpXyv6kKgq6HF-H_I-LxT81Jj-mIF8OBnEo
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
66.22.22.228 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
17d3faa6cc4201e611c5fc505ce13012101544264e18490f3c2fd30e1d7f2aa7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Date
Thu, 21 Mar 2024 11:47:29 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
Referrer-Policy
no-referrer
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/css;charset=UTF-8
Cache-Control
max-age=2592000
Connection
keep-alive
X-XSS-Protection
1; mode=block
copilot_logo.png
copilot.cardconnect.com/copilot/logos/branding/ 		54 KB
56 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://copilot.cardconnect.com/copilot/logos/branding/copilot_logo.png
Requested by
Host: accounts.cardconnect.com
URL: https://accounts.cardconnect.com/auth/realms/cardconnect/protocol/openid-connect/auth?response_type=code&client_id=copilot&scope=openid&state=dXTK3MgHm9aPotRBJqRHYUm4_i7qqJ7tAR5Hs2yFgkM%3D&redirect_uri=https://copilot.cardconnect.com/copilot/login/oauth2/code/copilot&nonce=2N_enT5lgpXyv6kKgq6HF-H_I-LxT81Jj-mIF8OBnEo
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
198.62.138.17 , United States, ASN11121 (FIRSTDATACORP-DB, US),
Reverse DNS
Software
/
Resource Hash
1907b2860b6eb7bbf7d155ddcc1bc59cc5b3542503d24204404f1d227b8e2dfe
Security Headers
Name Value
Content-Security-Policy default-src 'self'; frame-ancestors 'none'; img-src 'self' cardconnect.com *.cardconnect.com cardpointe.com *.cardpointe.com merchantinfoonline.com *.merchantinfoonline.com *.clover.com fast.trychameleon.com fast.chmln-cdn.com www.google-analytics.com data:; connect-src 'self' www.google-analytics.com maps.googleapis.com fast.trychameleon.com *.perfdrive.com https://*.cardpointe.com https://*.cardconnect.com https://*.cardconnect.com:6443 https://*.cardconnect.com:8443 https://*.prinpay.com https://*.prinpay.com:6443 https://*.prinpay.com:8443; style-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com cdnjs.cloudflare.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com maps.googleapis.com fast.trychameleon.com *.perfdrive.com; form-action 'self'; font-src 'self' cdnjs.cloudflare.com fast.chmln-cdn.com fonts.gstatic.com; object-src 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src 'self'; frame-ancestors 'none'; img-src 'self' cardconnect.com *.cardconnect.com cardpointe.com *.cardpointe.com merchantinfoonline.com *.merchantinfoonline.com *.clover.com fast.trychameleon.com fast.chmln-cdn.com www.google-analytics.com data:; connect-src 'self' www.google-analytics.com maps.googleapis.com fast.trychameleon.com *.perfdrive.com https://*.cardpointe.com https://*.cardconnect.com https://*.cardconnect.com:6443 https://*.cardconnect.com:8443 https://*.prinpay.com https://*.prinpay.com:6443 https://*.prinpay.com:8443; style-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com cdnjs.cloudflare.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com maps.googleapis.com fast.trychameleon.com *.perfdrive.com; form-action 'self'; font-src 'self' cdnjs.cloudflare.com fast.chmln-cdn.com fonts.gstatic.com; object-src 'none';
X-Content-Type-Options
nosniff
Date
Thu, 21 Mar 2024 11:47:29 GMT
Last-Modified
Wed, 14 Feb 2024 17:27:18 GMT
X-Frame-Options
DENY
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type
image/png
Transfer-Encoding
chunked
Cache-Control
public, max-age=604800
Connection
keep-alive
Keep-Alive
timeout=60
X-XSS-Protection
0
aperture.js
cdn.perfdrive.com/aperture/ 		26 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.perfdrive.com/aperture/aperture.js
Requested by
Host: accounts.cardconnect.com
URL: https://accounts.cardconnect.com/auth/realms/cardconnect/protocol/openid-connect/auth?response_type=code&client_id=copilot&scope=openid&state=dXTK3MgHm9aPotRBJqRHYUm4_i7qqJ7tAR5Hs2yFgkM%3D&redirect_uri=https://copilot.cardconnect.com/copilot/login/oauth2/code/copilot&nonce=2N_enT5lgpXyv6kKgq6HF-H_I-LxT81Jj-mIF8OBnEo
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
130.211.29.114 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
114.29.211.130.bc.googleusercontent.com
Software
nginx/1.24.0 /
Resource Hash
9fb91ff0e8c179aea40dbe6842b36fd201654f5647c21dcec41fd18be535d506

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Thu, 21 Mar 2024 10:51:11 GMT
content-encoding
gzip
via
1.1 google
last-modified
Wed, 25 Oct 2023 04:29:09 GMT
server
nginx/1.24.0
age
3378
etag
W/"65389995-6844"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=3600,public
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
7938
MarkPro.otf
accounts.cardconnect.com/auth/resources/prcgb/login/cardconnect/css/fonts/ 		162 KB
162 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://accounts.cardconnect.com/auth/resources/prcgb/login/cardconnect/css/fonts/MarkPro.otf
Requested by
Host: accounts.cardconnect.com
URL: https://accounts.cardconnect.com/auth/resources/prcgb/login/cardconnect/css/login.0.0.22.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
66.22.22.228 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
eaa561f9f8ef5b69bd39e15e332dc3700decacebf48e08b0640ad3a5d8711f65
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
Origin
https://accounts.cardconnect.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Date
Thu, 21 Mar 2024 11:47:29 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
Referrer-Policy
no-referrer
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
Content-Type
application/octet-stream
Cache-Control
max-age=2592000
Connection
keep-alive
X-XSS-Protection
1; mode=block
MarkPro-Medium.otf
accounts.cardconnect.com/auth/resources/prcgb/login/cardconnect/css/fonts/ 		158 KB
159 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://accounts.cardconnect.com/auth/resources/prcgb/login/cardconnect/css/fonts/MarkPro-Medium.otf
Requested by
Host: accounts.cardconnect.com
URL: https://accounts.cardconnect.com/auth/resources/prcgb/login/cardconnect/css/login.0.0.22.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
66.22.22.228 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
ad51841bf5cf5eb27ead0ae50f936f678eeb2d4e1be6035e83fce13b0e3b83bb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
Origin
https://accounts.cardconnect.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Date
Thu, 21 Mar 2024 11:47:29 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
Referrer-Policy
no-referrer
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
Content-Type
application/octet-stream
Cache-Control
max-age=2592000
Connection
keep-alive
X-XSS-Protection
1; mode=block
jsdata
cas.avalon.perfdrive.com/ 		418 B
472 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://cas.avalon.perfdrive.com/jsdata?
Requested by
Host: cdn.perfdrive.com
URL: https://cdn.perfdrive.com/aperture/aperture.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.241.15.240 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
240.15.241.35.bc.googleusercontent.com
Software
/
Resource Hash
dcae8e769e99d11ee96ebf6fb5622808912270c7dac6fb54bdcb3d998f441bd3

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
*
x-response-time
1ms
date
Thu, 21 Mar 2024 11:47:29 GMT
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
418
content-type
text/plain; charset=UTF-8
jsdata
cas.avalon.perfdrive.com/ 		211 B
355 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://cas.avalon.perfdrive.com/jsdata?
Requested by
Host: cdn.perfdrive.com
URL: https://cdn.perfdrive.com/aperture/aperture.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.241.15.240 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
240.15.241.35.bc.googleusercontent.com
Software
/
Resource Hash
a4176a26e0da672a1ca9cf7503057ce95aaf2e667a0b11a0fdf0ad9c69b8f455

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
*
x-response-time
1ms
date
Thu, 21 Mar 2024 11:47:29 GMT
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
211
content-type
text/plain; charset=UTF-8

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
copilot.cardconnect.com
URL
https://copilot.cardconnect.com/copilot/logos/branding/copilot_logo.png

Verdicts & Comments Add Verdict or Comment

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

undefined| url string| __uzdbm_1 string| __uzdbm_2 string| __uzdbm_3 string| __uzdbm_4 string| __uzdbm_5 string| __uzdbm_6 string| __uzdbm_7 object| SSJSConnectorObj object| ssTimeLogs object| BrowserStyle string| j function| ssJSActionTaker function| ssJSConnWriteCookies

17 Cookies

Domain/Path Name / Value
accounts.cardconnect.com/auth/realms/cardconnect/ Name: AUTH_SESSION_ID
Value: 9f0e1ebd-35d0-4b3d-975c-6a866fd039c6.php1-keycloak-4
accounts.cardconnect.com/auth/realms/cardconnect/ Name: AUTH_SESSION_ID_LEGACY
Value: 9f0e1ebd-35d0-4b3d-975c-6a866fd039c6.php1-keycloak-4
accounts.cardconnect.com/auth/realms/cardconnect/ Name: KC_RESTART
Value: eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI1ZDRlNmFiZi1jZTNkLTRlMDItOWJkOS1iNjcxZWQwODdkZjYifQ.eyJjaWQiOiJjb3BpbG90IiwicHR5Ijoib3BlbmlkLWNvbm5lY3QiLCJydXJpIjoiaHR0cHM6Ly9jb3BpbG90LmNhcmRjb25uZWN0LmNvbS9jb3BpbG90L2xvZ2luL29hdXRoMi9jb2RlL2NvcGlsb3QiLCJhY3QiOiJBVVRIRU5USUNBVEUiLCJub3RlcyI6eyJzY29wZSI6Im9wZW5pZCIsImlzcyI6Imh0dHBzOi8vYWNjb3VudHMuY2FyZGNvbm5lY3QuY29tL2F1dGgvcmVhbG1zL2NhcmRjb25uZWN0IiwicmVzcG9uc2VfdHlwZSI6ImNvZGUiLCJyZWRpcmVjdF91cmkiOiJodHRwczovL2NvcGlsb3QuY2FyZGNvbm5lY3QuY29tL2NvcGlsb3QvbG9naW4vb2F1dGgyL2NvZGUvY29waWxvdCIsInN0YXRlIjoiZFhUSzNNZ0htOWFQb3RSQkpxUkhZVW00X2k3cXFKN3RBUjVIczJ5RmdrTT0iLCJub25jZSI6IjJOX2VuVDVsZ3BYeXY2a0tncTZIRi1IX0ktTHhUODFKai1tSUY4T0JuRW8ifX0.WzFMrL2gQ_TJ_Z9blYgXkxOFEjqgFfCmOogUBRpE32g
copilot.cardconnect.com/copilot Name: JSESSIONID
Value: 65C97422F4120017D476AA665B385C59
accounts.cardconnect.com/ Name: __uzma
Value: 88f7dc78-47ad-4130-9f53-d846501f58d8
accounts.cardconnect.com/ Name: __uzmb
Value: 1711021648
accounts.cardconnect.com/ Name: __uzme
Value: 5979
accounts.cardconnect.com/ Name: __uzmc
Value: 133991376759
accounts.cardconnect.com/ Name: __uzmd
Value: 1711021649
copilot.cardconnect.com/ Name: BIGipServerphp-copilot-vip_1700
Value: !HA+b5Zpc9oTQxt++E70Toal7hX3xbOhzo/3X+d6cfnpfDZj6sT/QoA/c9xN9oJztB1ZVQYOiiMwj5AQ=
.cardconnect.com/ Name: __ssds
Value: 2
.cardconnect.com/ Name: __ssuzjsr2
Value: a9be0cd8e
.cardconnect.com/ Name: __uzmaj2
Value: 909b2489-b1d2-4c9f-b20e-444a753bf3a3
.cardconnect.com/ Name: __uzmbj2
Value: 1711021649
.cardconnect.com/ Name: __uzmcj2
Value: 920401017668
.cardconnect.com/ Name: __uzmdj2
Value: 1711021649
accounts.cardconnect.com/ Name: BIGipServerphp1-keycloak-vip_8080
Value: !3PUMNZQTiqxs5uS+E70Toal7hX3xbPCfqnLRNkvrYr2qzdZer/0fvLnMkoNdF9amQE0eFteKPTQ7VuE=

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-src 'self'; frame-ancestors 'self'; object-src 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block