heartlandpaymentservices.net Open in urlscan Pro
65.118.49.90 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://click.relay.corestream.com/?qs=76c4b1184d085f8a4bacab81ccf185674ea3ff4254946039edb03e2565f3af4d4ccbcc76c7ddb9fc3cdd6c516546...
Effective URL:
https://heartlandpaymentservices.net/WebPayments/Corestream/bills?utm_source=MarketingCloud&utm_medium=Email&utm_campaign=LWOP+Email+...
Submission: On January 24 via manual (January 24th 2022, 11:06:53 am UTC) from IN — Scanned from DE

Summary HTTP 12 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 4 domains to perform 12 HTTP transactions. The main IP is 65.118.49.90, located in United States and belongs to GLOBAL-PAYMENTS-1, US. The main domain is heartlandpaymentservices.net. The Cisco Umbrella rank of the primary domain is 490526.
TLS certificate: Issued by Entrust Certification Authority - L1M on March 30th 2020. Valid for: 2 years.

This is the only time heartlandpaymentservices.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	13.111.234.83 13.111.234.83	22606 (EXACT-7) (EXACT-7)
10	65.118.49.90 65.118.49.90	16931 (GLOBAL-PA...) (GLOBAL-PAYMENTS-1)
1	2a00:1450:400... 2a00:1450:4001:82b::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:810::200e	15169 (GOOGLE) (GOOGLE)
12	3

1 13.111.234.83 (United States) 1 redirects

ASN22606 (EXACT-7, US)
PTR: click.relay.corestream.com

click.relay.corestream.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 65.118.49.90 (United States)

ASN16931 (GLOBAL-PAYMENTS-1, US)

heartlandpaymentservices.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	heartlandpaymentservices.net heartlandpaymentservices.net — Cisco Umbrella Rank: 490526	1 MB
1	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 42	20 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 47	1 KB
1	corestream.com 1 redirects click.relay.corestream.com	354 B
12	4

	Domain	Requested by
10	heartlandpaymentservices.net	heartlandpaymentservices.net
1	www.google-analytics.com	heartlandpaymentservices.net
1	fonts.googleapis.com	heartlandpaymentservices.net
1	click.relay.corestream.com	1 redirects
12	4

This site contains links to these domains. Also see Links.

Domain
corp.corestream.com

Subject Issuer	Validity	Valid
heartlandpaymentservices.net Entrust Certification Authority - L1M	`2020-03-30` - `2022-04-26`	2 years	crt.sh
upload.video.google.com GTS CA 1C3	`2021-12-27` - `2022-03-21`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-12-27` - `2022-03-21`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://heartlandpaymentservices.net/WebPayments/Corestream/bills?utm_source=MarketingCloud&utm_medium=Email&utm_campaign=LWOP+Email+For+Journey&utm_content=please+click+this+link
Frame ID: 0F66D20FC9D34A7679A1C158C7EA11B4
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Home Page - HPS.BillerDirect.WebPayments

Page URL History Show full URLs

https://click.relay.corestream.com/?qs=76c4b1184d085f8a4bacab81ccf185674ea3ff4254946039edb03e2565f3af4d4ccbcc76... HTTP 302
https://heartlandpaymentservices.net/WebPayments/Corestream/bills?utm_source=MarketingCloud&utm_medium=Email&utm_... Page URL

Detected technologies

React (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

<[^>]+data-react

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Page Statistics

12
Requests

100 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

3
IPs

2
Countries

1166 kB
Transfer

3023 kB
Size

3
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://corp.corestream.com/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://click.relay.corestream.com/?qs=76c4b1184d085f8a4bacab81ccf185674ea3ff4254946039edb03e2565f3af4d4ccbcc76c7ddb9fc3cdd6c516546df1264a4bbe7d1ec1ee2 HTTP 302
https://heartlandpaymentservices.net/WebPayments/Corestream/bills?utm_source=MarketingCloud&utm_medium=Email&utm_campaign=LWOP+Email+For+Journey&utm_content=please+click+this+link Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request bills Show response
heartlandpaymentservices.net/WebPayments/Corestream/
Redirect Chain

https://click.relay.corestream.com/?qs=76c4b1184d085f8a4bacab81ccf185674ea3ff4254946039edb03e2565f3af4d4ccbcc76c7ddb9fc3cdd6c516546df1264a4bbe7d1ec1ee2
https://heartlandpaymentservices.net/WebPayments/Corestream/bills?utm_source=MarketingCloud&utm_medium=Email&utm_campaign=LWOP+Email+For+Journey&utm_content=please+click+this+link

757 B
1 KB

1472ms
156ms

Document
text/html

65.118.49.90
GLOBAL-PAYMENTS-1

General

Check archive.org

Show headers Download Go to

Full URL

https://heartlandpaymentservices.net/WebPayments/Corestream/bills?utm_source=MarketingCloud&utm_medium=Email&utm_campaign=LWOP+Email+For+Journey&utm_content=please+click+this+link

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

65.118.49.90 , United States, ASN16931 (GLOBAL-PAYMENTS-1, US),

Reverse DNS

Software

Resource Hash

b3a336c53abea07f51d01101eea15a7ac6f09aaa164054a7a1b5a974718e79c9

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self'; script-src .heartlandpaymentservices.net .google-analytics.com .google.com .gstatic.com 127.0.0.1:* blob: data: 'self'; style-src .googleapis.com data: blob: 'self'; font-src .gstatic.com data: blob: 'self'; frame-src *.google.com 'self';
Strict-Transport-Security	max-age=3153600; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

Cache-Control: no-cache, no-store
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Vary: Accept-Encoding
Server
Content-Security-Policy: default-src data: blob: 'self'; script-src *.heartlandpaymentservices.net *.google-analytics.com *.google.com *.gstatic.com 127.0.0.1:* blob: data: 'self'; style-src *.googleapis.com data: blob: 'self'; font-src *.gstatic.com data: blob: 'self'; frame-src *.google.com 'self';
Strict-Transport-Security: max-age=3153600; includeSubDomains
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Robots-Tag: noindex
Date: Mon, 24 Jan 2022 11:06:45 GMT

Redirect headers

Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: https://heartlandpaymentservices.net/WebPayments/Corestream/bills?utm_source=MarketingCloud&utm_medium=Email&utm_campaign=LWOP+Email+For+Journey&utm_content=please+click+this+link
Date: Mon, 24 Jan 2022 11:06:44 GMT
Connection: close
Content-Length: 308

GET
H/1.1 200
OK vendor.css
heartlandpaymentservices.net/WebPayments/dist/ 283 KB
181 KB 132ms
132ms Stylesheet
text/css 65.118.49.90
GLOBAL-PAYMENTS-1

General

Check archive.org

Show headers Download Go to

Full URL

https://heartlandpaymentservices.net/WebPayments/dist/vendor.css?v=vf4TTnOiCp20iU10Tf4anf3dbOl_Mg07hxsMkGL_Rdw

Requested by

Host: heartlandpaymentservices.net
URL: https://heartlandpaymentservices.net/WebPayments/Corestream/bills?utm_source=MarketingCloud&utm_medium=Email&utm_campaign=LWOP+Email+For+Journey&utm_content=please+click+this+link

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

65.118.49.90 , United States, ASN16931 (GLOBAL-PAYMENTS-1, US),

Reverse DNS

Software

Resource Hash

bdfe134e73a20a9db4894d744dfe1a9dfddd6ce97f320d3b871b0c9062ff45dc

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self'; script-src .heartlandpaymentservices.net .google-analytics.com .google.com .gstatic.com 127.0.0.1:* blob: data: 'self'; style-src .googleapis.com data: blob: 'self'; font-src .gstatic.com data: blob: 'self'; frame-src *.google.com 'self';
Strict-Transport-Security	max-age=3153600; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://heartlandpaymentservices.net/WebPayments/Corestream/bills?utm_source=MarketingCloud&utm_medium=Email&utm_campaign=LWOP+Email+For+Journey&utm_content=please+click+this+link
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Mon, 24 Jan 2022 11:06:45 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 17 Dec 2021 04:02:28 GMT
Server
X-Frame-Options: SAMEORIGIN
ETag: "1d7f2fae816c886"
Strict-Transport-Security: max-age=3153600; includeSubDomains
Content-Type: text/css
Cache-Control: no-cache, no-store
Content-Security-Policy: default-src data: blob: 'self'; script-src *.heartlandpaymentservices.net *.google-analytics.com *.google.com *.gstatic.com 127.0.0.1:* blob: data: 'self'; style-src *.googleapis.com data: blob: 'self'; font-src *.gstatic.com data: blob: 'self'; frame-src *.google.com 'self';
Accept-Ranges: bytes
X-Robots-Tag: noindex

GET
H/1.1 200
OK site.css
heartlandpaymentservices.net/WebPayments/dist/ 393 KB
135 KB 390ms
132ms Stylesheet
text/css 65.118.49.90
GLOBAL-PAYMENTS-1

General

Check archive.org

Show headers Download Go to

Full URL

https://heartlandpaymentservices.net/WebPayments/dist/site.css?v=PJNE8u4th0pmvAdgATFCYsT8PXbI4aWl8lkafosV6so

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

65.118.49.90 , United States, ASN16931 (GLOBAL-PAYMENTS-1, US),

Reverse DNS

Software

Resource Hash

3c9344f2ee2d874a66bc076001314262c4fc3d76c8e1a5a5f2591a7e8b15eaca

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self'; script-src .heartlandpaymentservices.net .google-analytics.com .google.com .gstatic.com 127.0.0.1:* blob: data: 'self'; style-src .googleapis.com data: blob: 'self'; font-src .gstatic.com data: blob: 'self'; frame-src *.google.com 'self';
Strict-Transport-Security	max-age=3153600; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://heartlandpaymentservices.net/WebPayments/Corestream/bills?utm_source=MarketingCloud&utm_medium=Email&utm_campaign=LWOP+Email+For+Journey&utm_content=please+click+this+link
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Mon, 24 Jan 2022 11:06:45 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 17 Dec 2021 04:03:46 GMT
Server
X-Frame-Options: SAMEORIGIN
ETag: "1d7f2fb16965efa"
Strict-Transport-Security: max-age=3153600; includeSubDomains
Content-Type: text/css
Cache-Control: no-cache, no-store
Content-Security-Policy: default-src data: blob: 'self'; script-src *.heartlandpaymentservices.net *.google-analytics.com *.google.com *.gstatic.com 127.0.0.1:* blob: data: 'self'; style-src *.googleapis.com data: blob: 'self'; font-src *.gstatic.com data: blob: 'self'; frame-src *.google.com 'self';
Accept-Ranges: bytes
X-Robots-Tag: noindex

GET
H/1.1 200
OK vendor.js Show response
heartlandpaymentservices.net/WebPayments/dist/ 449 KB
173 KB 396ms
133ms Script
application/javascript 65.118.49.90
GLOBAL-PAYMENTS-1

General

Check archive.org

Show headers Download Go to

Full URL

https://heartlandpaymentservices.net/WebPayments/dist/vendor.js?v=MqfhnCvRZKKichkb0Fk70-KKMa2g3kvo5GhXNmiZCps

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

65.118.49.90 , United States, ASN16931 (GLOBAL-PAYMENTS-1, US),

Reverse DNS

Software

Resource Hash

32a7e19c2bd164a2a272191bd0593bd3e28a31ada0de4be8e468573668990a9b

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self'; script-src .heartlandpaymentservices.net .google-analytics.com .google.com .gstatic.com 127.0.0.1:* blob: data: 'self'; style-src .googleapis.com data: blob: 'self'; font-src .gstatic.com data: blob: 'self'; frame-src *.google.com 'self';
Strict-Transport-Security	max-age=3153600; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://heartlandpaymentservices.net/WebPayments/Corestream/bills?utm_source=MarketingCloud&utm_medium=Email&utm_campaign=LWOP+Email+For+Journey&utm_content=please+click+this+link
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Mon, 24 Jan 2022 11:06:45 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 17 Dec 2021 04:02:28 GMT
Server
X-Frame-Options: SAMEORIGIN
ETag: "1d7f2fae815a032"
Strict-Transport-Security: max-age=3153600; includeSubDomains
Content-Type: application/javascript
Cache-Control: no-cache, no-store
Content-Security-Policy: default-src data: blob: 'self'; script-src *.heartlandpaymentservices.net *.google-analytics.com *.google.com *.gstatic.com 127.0.0.1:* blob: data: 'self'; style-src *.googleapis.com data: blob: 'self'; font-src *.gstatic.com data: blob: 'self'; frame-src *.google.com 'self';
Accept-Ranges: bytes
X-Robots-Tag: noindex

GET
H/1.1 200
OK main-client.js Show response
heartlandpaymentservices.net/WebPayments/dist/ 2 MB
548 KB 397ms
134ms Script
application/javascript 65.118.49.90
GLOBAL-PAYMENTS-1

General

Check archive.org

Show headers Download Go to

Full URL

https://heartlandpaymentservices.net/WebPayments/dist/main-client.js?v=7YumVC6AE9z03ob9-NWg3yEyIHiTiQpgD8a8ECU3E5w

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

65.118.49.90 , United States, ASN16931 (GLOBAL-PAYMENTS-1, US),

Reverse DNS

Software

Resource Hash

ed8ba6542e8013dcf4de86fdf8d5a0df2132207893890a600fc6bc102537139c

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self'; script-src .heartlandpaymentservices.net .google-analytics.com .google.com .gstatic.com 127.0.0.1:* blob: data: 'self'; style-src .googleapis.com data: blob: 'self'; font-src .gstatic.com data: blob: 'self'; frame-src *.google.com 'self';
Strict-Transport-Security	max-age=3153600; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://heartlandpaymentservices.net/WebPayments/Corestream/bills?utm_source=MarketingCloud&utm_medium=Email&utm_campaign=LWOP+Email+For+Journey&utm_content=please+click+this+link
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Mon, 24 Jan 2022 11:06:45 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 17 Dec 2021 04:03:46 GMT
Server
X-Frame-Options: SAMEORIGIN
ETag: "1d7f2fb16890f42"
Strict-Transport-Security: max-age=3153600; includeSubDomains
Content-Type: application/javascript
Cache-Control: no-cache, no-store
Content-Security-Policy: default-src data: blob: 'self'; script-src *.heartlandpaymentservices.net *.google-analytics.com *.google.com *.gstatic.com 127.0.0.1:* blob: data: 'self'; style-src *.googleapis.com data: blob: 'self'; font-src *.gstatic.com data: blob: 'self'; frame-src *.google.com 'self';
Accept-Ranges: bytes
X-Robots-Tag: noindex

GET
H2 200 css
fonts.googleapis.com/ 3 KB
1 KB 41ms
17ms Stylesheet
text/css 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans

Requested by

Host: heartlandpaymentservices.net
URL: https://heartlandpaymentservices.net/WebPayments/dist/site.css?v=PJNE8u4th0pmvAdgATFCYsT8PXbI4aWl8lkafosV6so

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c99361c0d8561c7d88a237009bac83ecc149fe6f1f91c52dde79b7841b584c40

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://heartlandpaymentservices.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 24 Jan 2022 10:36:45 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 24 Jan 2022 11:06:47 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 24 Jan 2022 11:06:47 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 29ms
6ms Script
text/javascript 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: heartlandpaymentservices.net
URL: https://heartlandpaymentservices.net/WebPayments/dist/main-client.js?v=7YumVC6AE9z03ob9-NWg3yEyIHiTiQpgD8a8ECU3E5w

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://heartlandpaymentservices.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 5513
date: Mon, 24 Jan 2022 09:34:54 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Mon, 24 Jan 2022 11:34:54 GMT

GET
H/1.1 200
OK Init Show response
heartlandpaymentservices.net/webapi/api/ 5 KB
6 KB 572ms
572ms Fetch
application/json 65.118.49.90
GLOBAL-PAYMENTS-1

General

Check archive.org

Show headers Download Go to

Full URL

https://heartlandpaymentservices.net/webapi/api/Init?merchantName=Corestream

Requested by

Host: heartlandpaymentservices.net
URL: https://heartlandpaymentservices.net/WebPayments/dist/vendor.js?v=MqfhnCvRZKKichkb0Fk70-KKMa2g3kvo5GhXNmiZCps

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

65.118.49.90 , United States, ASN16931 (GLOBAL-PAYMENTS-1, US),

Reverse DNS

Software

Resource Hash

e67eeb46a6cbf8919ea87c99fe6db4b6069f9188558e82374b108ce1ede802ed

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security	max-age=3153600; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://heartlandpaymentservices.net/WebPayments/Corestream/bills?utm_source=MarketingCloud&utm_medium=Email&utm_campaign=LWOP+Email+For+Journey&utm_content=please+click+this+link
Accept-Language: de-DE,de;q=0.9
HTTP_X_FORWARDED_FOR: my browser
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Content-Security-Policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'
X-Content-Type-Options: nosniff
Server
Date: Mon, 24 Jan 2022 11:06:48 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: application/json; charset=utf-8
Cache-Control: no-cache,no-cache, no-store
Strict-Transport-Security: max-age=3153600; includeSubDomains
Content-Length: 5543
X-XSS-Protection: 1; mode=block
Expires: -1

GET
H/1.1 200
OK corestream.css
heartlandpaymentservices.net/Repository//Corestream/web/content/ 145 KB
32 KB 187ms
187ms Stylesheet
text/css 65.118.49.90
GLOBAL-PAYMENTS-1

General

Check archive.org

Show headers Download Go to

Full URL

https://heartlandpaymentservices.net/Repository//Corestream/web/content/corestream.css

Requested by

Host: heartlandpaymentservices.net
URL: https://heartlandpaymentservices.net/WebPayments/dist/vendor.js?v=MqfhnCvRZKKichkb0Fk70-KKMa2g3kvo5GhXNmiZCps

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

65.118.49.90 , United States, ASN16931 (GLOBAL-PAYMENTS-1, US),

Reverse DNS

Software

Resource Hash

aec09031fb4211076692c562fb2e99953ab769063f88da50e7e4170d3158ca45

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security	max-age=3153600; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://heartlandpaymentservices.net/WebPayments/Corestream/bills?utm_source=MarketingCloud&utm_medium=Email&utm_campaign=LWOP+Email+For+Journey&utm_content=please+click+this+link
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Security-Policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Tue, 06 Jul 2021 21:26:56 GMT
Server
ETag: "c373e3a5ad72d71:0"
X-Frame-Options: SAMEORIGIN
Content-Type: text/css
Cache-Control: no-cache, no-store
Date: Mon, 24 Jan 2022 11:06:48 GMT
Strict-Transport-Security: max-age=3153600; includeSubDomains
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 32082
X-XSS-Protection: 1; mode=block

POST
H/1.1 200
OK BillTypeImage Show response
heartlandpaymentservices.net/webapi/api/ 4 B
524 B 157ms
157ms Fetch
application/json 65.118.49.90
GLOBAL-PAYMENTS-1

General

Check archive.org

Show headers Download Go to

Full URL

https://heartlandpaymentservices.net/webapi/api/BillTypeImage?merchantName=Corestream&language=1

Requested by

Host: heartlandpaymentservices.net
URL: https://heartlandpaymentservices.net/WebPayments/dist/vendor.js?v=MqfhnCvRZKKichkb0Fk70-KKMa2g3kvo5GhXNmiZCps

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

65.118.49.90 , United States, ASN16931 (GLOBAL-PAYMENTS-1, US),

Reverse DNS

Software

Resource Hash

74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security	max-age=3153600; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://heartlandpaymentservices.net/WebPayments/Corestream/bills?utm_source=MarketingCloud&utm_medium=Email&utm_campaign=LWOP+Email+For+Journey&utm_content=please+click+this+link
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: application/json

Response headers

Pragma: no-cache
Content-Security-Policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'
X-Content-Type-Options: nosniff
Server
Date: Mon, 24 Jan 2022 11:06:48 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://heartlandpaymentservices.net
Cache-Control: no-cache,no-cache, no-store
Strict-Transport-Security: max-age=3153600; includeSubDomains
Content-Length: 4
X-XSS-Protection: 1; mode=block
Expires: -1

GET
H/1.1 200
OK Logo.png
heartlandpaymentservices.net/Repository//Corestream/web/content/ 63 KB
64 KB 146ms
145ms Image
image/png 65.118.49.90
GLOBAL-PAYMENTS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://heartlandpaymentservices.net/Repository//Corestream/web/content/Logo.png

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

65.118.49.90 , United States, ASN16931 (GLOBAL-PAYMENTS-1, US),

Reverse DNS

Software

Resource Hash

83c0a3a4b5c15bc2445ff769acfafdedab401c791870670c5f711310a1bdc033

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security	max-age=3153600; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://heartlandpaymentservices.net/WebPayments/Corestream/bills?utm_source=MarketingCloud&utm_medium=Email&utm_campaign=LWOP+Email+For+Journey&utm_content=please+click+this+link
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Security-Policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'
X-Content-Type-Options: nosniff
Last-Modified: Tue, 06 Jul 2021 21:12:22 GMT
Server
ETag: "c954ce9cab72d71:0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: no-cache, no-store
Date: Mon, 24 Jan 2022 11:06:48 GMT
Strict-Transport-Security: max-age=3153600; includeSubDomains
Accept-Ranges: bytes
Content-Length: 64856
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK HPSaGPCLogo.png
heartlandpaymentservices.net/Repository//Heartland/web/content/ 4 KB
4 KB 140ms
140ms Image
image/png 65.118.49.90
GLOBAL-PAYMENTS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://heartlandpaymentservices.net/Repository//Heartland/web/content/HPSaGPCLogo.png

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

65.118.49.90 , United States, ASN16931 (GLOBAL-PAYMENTS-1, US),

Reverse DNS

Software

Resource Hash

e9d92a852f906d0fe3cabfaf526e05983b6f04d70bcb96d23b035a9774b21d48

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security	max-age=3153600; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://heartlandpaymentservices.net/WebPayments/Corestream/bills?utm_source=MarketingCloud&utm_medium=Email&utm_campaign=LWOP+Email+For+Journey&utm_content=please+click+this+link
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Security-Policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'
X-Content-Type-Options: nosniff
Last-Modified: Tue, 17 Apr 2018 18:04:38 GMT
Server
ETag: "c7ebec8c76d6d31:0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: no-cache, no-store
Date: Mon, 24 Jan 2022 11:06:48 GMT
Strict-Transport-Security: max-age=3153600; includeSubDomains
Accept-Ranges: bytes
Content-Length: 3867
X-XSS-Protection: 1; mode=block

Verdicts & Comments Add Verdict or Comment

22 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
heartlandpaymentservices.net/WebPayments/Corestream	1970-01-20 09:09:18	Name: webpayments_device_id Value: acf90a1c-1fc3-40f0-b1ee-ca480650f51e
.heartlandpaymentservices.net/	1970-01-20 17:54:54	Name: _ga Value: GA1.2.538793601.1643022408
.heartlandpaymentservices.net/	1970-01-20 00:25:08	Name: _gid Value: GA1.2.979616597.1643022408

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src data: blob: 'self'; script-src .heartlandpaymentservices.net .google-analytics.com .google.com .gstatic.com 127.0.0.1:* blob: data: 'self'; style-src .googleapis.com data: blob: 'self'; font-src .gstatic.com data: blob: 'self'; frame-src *.google.com 'self';
Strict-Transport-Security	max-age=3153600; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

click.relay.corestream.com
fonts.googleapis.com
heartlandpaymentservices.net
www.google-analytics.com
13.111.234.83
2a00:1450:4001:810::200e
2a00:1450:4001:82b::200a
65.118.49.90
32a7e19c2bd164a2a272191bd0593bd3e28a31ada0de4be8e468573668990a9b
3c9344f2ee2d874a66bc076001314262c4fc3d76c8e1a5a5f2591a7e8b15eaca
74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b
83c0a3a4b5c15bc2445ff769acfafdedab401c791870670c5f711310a1bdc033
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
aec09031fb4211076692c562fb2e99953ab769063f88da50e7e4170d3158ca45
b3a336c53abea07f51d01101eea15a7ac6f09aaa164054a7a1b5a974718e79c9
bdfe134e73a20a9db4894d744dfe1a9dfddd6ce97f320d3b871b0c9062ff45dc
c99361c0d8561c7d88a237009bac83ecc149fe6f1f91c52dde79b7841b584c40
e67eeb46a6cbf8919ea87c99fe6db4b6069f9188558e82374b108ce1ede802ed
e9d92a852f906d0fe3cabfaf526e05983b6f04d70bcb96d23b035a9774b21d48
ed8ba6542e8013dcf4de86fdf8d5a0df2132207893890a600fc6bc102537139c

heartlandpaymentservices.net Open in urlscan Pro 65.118.49.90 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

12 Requests

100 %HTTPS

50 %IPv6

4 Domains

4 Subdomains

3 IPs

2 Countries

1166 kBTransfer

3023 kBSize

3 Cookies

1 Outgoing links

Page URL History

Redirected requests

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

22 JavaScript Global Variables

3 Cookies

Security Headers

Indicators

heartlandpaymentservices.net Open in urlscan Pro
65.118.49.90 Public Scan

Screenshot
Live screenshot

Full Image

12
Requests

100 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

3
IPs

2
Countries

1166 kB
Transfer

3023 kB
Size

3
Cookies

12 HTTP transactions
0 data transactions