urlscan.io logo urlscan.io
SecurityTrails logo

webpayments.billmatrix.com Open in urlscan Pro
67.148.77.10  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://webpayments.billmatrix.com/AlabamaPower/Payment/PaymentInformation
Effective URL: https://webpayments.billmatrix.com/AlabamaPower/Payment/Timeout
Submission: On August 14 via api from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 13 HTTP transactions. The main IP is 67.148.77.10, located in United States and belongs to FISERV-EFT, US. The main domain is webpayments.billmatrix.com.
TLS certificate: Issued by DigiCert SHA2 Secure Server CA on October 9th 2018. Valid for: 2 years.
This is the only time webpayments.billmatrix.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 12 67.148.77.10 26144 (FISERV-EFT)
2 2a00:1450:400... 15169 (GOOGLE)
13 2
Apex Domain
Subdomains		 Transfer
12 billmatrix.com
webpayments.billmatrix.com
314 KB
2 google.com
pay.google.com
28 KB
13 2
Domain Requested by
12 webpayments.billmatrix.com 1 redirects webpayments.billmatrix.com
2 pay.google.com webpayments.billmatrix.com
pay.google.com
13 2

This site contains links to these domains. Also see Links.

Domain
customerservice2.southerncompany.com
Subject Issuer Validity Valid
*.billmatrix.com
DigiCert SHA2 Secure Server CA		 2018-10-09 -
2020-10-09		 2 years crt.sh
*.google.com
GTS CA 1O1		 2020-07-15 -
2020-10-07		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://webpayments.billmatrix.com/AlabamaPower/Payment/Timeout
Frame ID: F6D2B41793D0C96484E096B257D2FC1E
Requests: 12 HTTP requests in this frame

Frame: https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fwebpayments.billmatrix.com&mid=
Frame ID: FD6D5F07EBEB764D48CF4D9579D23E60
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://webpayments.billmatrix.com/AlabamaPower/Payment/PaymentInformation HTTP 302
    https://webpayments.billmatrix.com/AlabamaPower/Payment/Timeout Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • script /(?:\/([\d.]+))?(?:\/js)?\/bootstrap(?:\.min)?\.js/i
Overall confidence: 100%
Detected patterns
  • headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i

Page Statistics

13
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

342 kB
Transfer

939 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://webpayments.billmatrix.com/AlabamaPower/Payment/PaymentInformation HTTP 302
    https://webpayments.billmatrix.com/AlabamaPower/Payment/Timeout Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Cookie set Timeout
webpayments.billmatrix.com/AlabamaPower/Payment/
Redirect Chain
  • https://webpayments.billmatrix.com/AlabamaPower/Payment/PaymentInformation
  • https://webpayments.billmatrix.com/AlabamaPower/Payment/Timeout
10 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://webpayments.billmatrix.com/AlabamaPower/Payment/Timeout
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
67.148.77.10 , United States, ASN26144 (FISERV-EFT, US),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
f142b6af3154328e567593948b5a6dcb8225f7c31b57861e6d09d3f4b0f9edb3
Security Headers
Name Value
Strict-Transport-Security max-age=157680000; includeSubDomains; preload

Request headers

Host
webpayments.billmatrix.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
OD4WebCookie=69d046b9e10146ce851fb4bbf5d9c559
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Cache-Control
no-cache, no-store
Pragma
no-cache
Content-Type
text/html; charset=utf-8
Content-Encoding
gzip
Expires
-1
Vary
Accept-Encoding
Server
Microsoft-IIS/8.5
Set-Cookie
SessionItem::Identifiers::SecureSessionCookie=101-a130a5d5a3a236a7bc0cd0715a714135-0139073092-7bc6918fb37f3a1989a6814fdac64dac$$; path=/AlabamaPower; secure; HttpOnly OD4WebCookie=69d046b9e10146ce851fb4bbf5d9c559; expires=Fri, 14-Aug-2020 04:56:09 GMT; path=/AlabamaPower; SameSite=None __RequestVerificationToken=s4h2T2RNoElIgt7pUnp4mq1rgnVGdLdoYzzEQCvtdzfZmHcGwQIhWCERC8GvYmKBm_tLsWZN_7_FgW2QNLk5qXUoRFZjBrtDY7jE_xTxmARTVzM7shRUHxMFN8WI2Ax9wtSAEg2; path=/; secure; HttpOnly
Date
Fri, 14 Aug 2020 05:16:09 GMT
Content-Length
4062
Strict-Transport-Security
max-age=157680000; includeSubDomains; preload

Redirect headers

Cache-Control
no-cache, no-store
Pragma
no-cache
Content-Type
text/html; charset=utf-8
Expires
-1
Location
/AlabamaPower/Payment/Timeout
Server
Microsoft-IIS/8.5
Set-Cookie
OD4WebCookie=69d046b9e10146ce851fb4bbf5d9c559; expires=Fri, 14-Aug-2020 05:16:10 GMT; path=/AlabamaPower; secure; HttpOnly SessionItem::Identifiers::SecureSessionCookie=101-b3fd6b8ee6eb3bf49df6829342062c1e-0139073091-7bc6918fb37f3a1989a6814fdac64dac$$; expires=Fri, 14-Aug-2020 04:56:09 GMT; path=/AlabamaPower; secure; HttpOnly
Date
Fri, 14 Aug 2020 05:16:09 GMT
Content-Length
146
Strict-Transport-Security
max-age=157680000; includeSubDomains; preload
pay.js
pay.google.com/gp/p/js/ 		84 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pay.google.com/gp/p/js/pay.js
Requested by
Host: webpayments.billmatrix.com
URL: https://webpayments.billmatrix.com/AlabamaPower/Payment/Timeout
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c06::5c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
731cbb52fdd6816bbd67ed1c127b4554411802ba3d504f0a7e1086d2c0f604e6
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-hurE0vUZnG2zK6l8IwqYhw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendHttp/cspreport;worker-src 'self', script-src 'nonce-hurE0vUZnG2zK6l8IwqYhw' 'self' 'unsafe-eval' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://webpayments.billmatrix.com/AlabamaPower/Payment/Timeout
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 14 Aug 2020 05:16:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
server
ESF
x-frame-options
SAMEORIGIN
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
status
200
cache-control
private, max-age=600
content-security-policy
script-src 'report-sample' 'nonce-hurE0vUZnG2zK6l8IwqYhw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendHttp/cspreport;worker-src 'self', script-src 'nonce-hurE0vUZnG2zK6l8IwqYhw' 'self' 'unsafe-eval' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendHttp/cspreport
content-type
application/javascript; charset=utf-8
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-xss-protection
0
expires
Fri, 14 Aug 2020 05:16:10 GMT
jquery
webpayments.billmatrix.com/AlabamaPower/StaticContent/bundles/ 		389 KB
150 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://webpayments.billmatrix.com/AlabamaPower/StaticContent/bundles/jquery
Requested by
Host: webpayments.billmatrix.com
URL: https://webpayments.billmatrix.com/AlabamaPower/Payment/Timeout
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
67.148.77.10 , United States, ASN26144 (FISERV-EFT, US),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
4e17dc62ff3b0d7c143aa415cdc3b6436342661608bd889096cc39d9a89c866b
Security Headers
Name Value
Strict-Transport-Security max-age=157680000; includeSubDomains; preload

Request headers

Referer
https://webpayments.billmatrix.com/AlabamaPower/Payment/Timeout
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 14 Aug 2020 05:16:09 GMT
Content-Encoding
gzip
Server
Microsoft-IIS/8.5
Vary
Accept-Encoding
Content-Type
text/javascript; charset=utf-8
Cache-Control
no-cache
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=157680000; includeSubDomains; preload
Expires
-1
All
webpayments.billmatrix.com/AlabamaPower/StaticContent/Content/CSS/ 		273 KB
64 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://webpayments.billmatrix.com/AlabamaPower/StaticContent/Content/CSS/All
Requested by
Host: webpayments.billmatrix.com
URL: https://webpayments.billmatrix.com/AlabamaPower/Payment/Timeout
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
67.148.77.10 , United States, ASN26144 (FISERV-EFT, US),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
3e1e421ef46a4304251f24e82c2f367401ae24822eff3741e00a493f8f9086f2
Security Headers
Name Value
Strict-Transport-Security max-age=157680000; includeSubDomains; preload

Request headers

Referer
https://webpayments.billmatrix.com/AlabamaPower/Payment/Timeout
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 14 Aug 2020 05:16:10 GMT
Content-Encoding
gzip
Server
Microsoft-IIS/8.5
Vary
Accept-Encoding
Content-Type
text/css; charset=utf-8
Cache-Control
no-cache
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=157680000; includeSubDomains; preload
Expires
-1
bootstrap.min.js
webpayments.billmatrix.com/AlabamaPower/StaticContent/Scripts/bootstrap/ 		25 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://webpayments.billmatrix.com/AlabamaPower/StaticContent/Scripts/bootstrap/bootstrap.min.js
Requested by
Host: webpayments.billmatrix.com
URL: https://webpayments.billmatrix.com/AlabamaPower/Payment/Timeout
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
67.148.77.10 , United States, ASN26144 (FISERV-EFT, US),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
ce2bbbaf95b6dd0b302b495c5eac1f04b58b954fd531cb2928d6fcbd2f099658
Security Headers
Name Value
Strict-Transport-Security max-age=157680000; includeSubDomains; preload

Request headers

Referer
https://webpayments.billmatrix.com/AlabamaPower/Payment/Timeout
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 14 Aug 2020 05:16:10 GMT
Content-Encoding
gzip
Last-Modified
Mon, 18 May 2020 04:57:34 GMT
Server
Microsoft-IIS/8.5
ETag
"0b3d6d7d02cd61:0"
Vary
Accept-Encoding
Content-Type
application/javascript
Strict-Transport-Security
max-age=157680000; includeSubDomains; preload
Accept-Ranges
bytes
Content-Length
6789
Biller.Alabama.CSS
webpayments.billmatrix.com/AlabamaPower/StaticContent/BillerCSS/ 		21 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://webpayments.billmatrix.com/AlabamaPower/StaticContent/BillerCSS/Biller.Alabama.CSS
Requested by
Host: webpayments.billmatrix.com
URL: https://webpayments.billmatrix.com/AlabamaPower/Payment/Timeout
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
67.148.77.10 , United States, ASN26144 (FISERV-EFT, US),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
08fef2cfb11848ef98570e1e8d1a7146cf55a91f473c677f4b3ef254bbc84b72
Security Headers
Name Value
Strict-Transport-Security max-age=157680000; includeSubDomains; preload

Request headers

Referer
https://webpayments.billmatrix.com/AlabamaPower/Payment/Timeout
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 14 Aug 2020 05:16:10 GMT
Content-Encoding
gzip
Last-Modified
Fri, 13 Sep 2019 06:45:41 GMT
Server
Microsoft-IIS/8.5
ETag
"145781dcfe69d51:0"
Vary
Accept-Encoding
Content-Type
text/css
Strict-Transport-Security
max-age=157680000; includeSubDomains; preload
Accept-Ranges
bytes
Content-Length
5649
ThemeSupport
webpayments.billmatrix.com/AlabamaPower/StaticContent/Scripts/ 		50 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://webpayments.billmatrix.com/AlabamaPower/StaticContent/Scripts/ThemeSupport
Requested by
Host: webpayments.billmatrix.com
URL: https://webpayments.billmatrix.com/AlabamaPower/Payment/Timeout
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
67.148.77.10 , United States, ASN26144 (FISERV-EFT, US),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
a8f856df78cad7ad2661fda296a6e53ca0ad9ea0f01724e989f4e2964782f035
Security Headers
Name Value
Strict-Transport-Security max-age=157680000; includeSubDomains; preload

Request headers

Referer
https://webpayments.billmatrix.com/AlabamaPower/Payment/Timeout
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 14 Aug 2020 05:16:09 GMT
Content-Encoding
gzip
Server
Microsoft-IIS/8.5
Vary
Accept-Encoding
Content-Type
text/javascript; charset=utf-8
Cache-Control
no-cache
Strict-Transport-Security
max-age=157680000; includeSubDomains; preload
Content-Length
12506
Expires
-1
alabamapower.png
webpayments.billmatrix.com/AlabamaPower/StaticContent/billerlogo/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://webpayments.billmatrix.com/AlabamaPower/StaticContent/billerlogo/alabamapower.png
Requested by
Host: webpayments.billmatrix.com
URL: https://webpayments.billmatrix.com/AlabamaPower/Payment/Timeout
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
67.148.77.10 , United States, ASN26144 (FISERV-EFT, US),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
ef3554827b492f1b93c6db492962af700ba187956eab607109f4f1a1c5afc1af
Security Headers
Name Value
Strict-Transport-Security max-age=157680000; includeSubDomains; preload

Request headers

Referer
https://webpayments.billmatrix.com/AlabamaPower/Payment/Timeout
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 14 Aug 2020 05:16:10 GMT
Last-Modified
Fri, 13 Sep 2019 06:45:41 GMT
Server
Microsoft-IIS/8.5
ETag
"145781dcfe69d51:0"
Strict-Transport-Security
max-age=157680000; includeSubDomains; preload
Content-Type
image/png
Accept-Ranges
bytes
Content-Length
2022
loading_icon.gif
webpayments.billmatrix.com/AlabamaPower/StaticContent/Content/Images/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://webpayments.billmatrix.com/AlabamaPower/StaticContent/Content/Images/loading_icon.gif
Requested by
Host: webpayments.billmatrix.com
URL: https://webpayments.billmatrix.com/AlabamaPower/Payment/Timeout
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
67.148.77.10 , United States, ASN26144 (FISERV-EFT, US),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
2306f3039c1dc28476489f02f1094fd1c09c00d50af6303482cde6717db2e913
Security Headers
Name Value
Strict-Transport-Security max-age=157680000; includeSubDomains; preload

Request headers

Referer
https://webpayments.billmatrix.com/AlabamaPower/Payment/Timeout
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 14 Aug 2020 05:16:10 GMT
Last-Modified
Mon, 29 Jun 2020 04:43:41 GMT
Server
Microsoft-IIS/8.5
ETag
"1f5a26ddcf4dd61:0"
Strict-Transport-Security
max-age=157680000; includeSubDomains; preload
Content-Type
image/gif
Accept-Ranges
bytes
Content-Length
7364
GooglePay.js
webpayments.billmatrix.com/AlabamaPower/StaticContent/Scripts/ODWebPages/ 		12 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://webpayments.billmatrix.com/AlabamaPower/StaticContent/Scripts/ODWebPages/GooglePay.js
Requested by
Host: webpayments.billmatrix.com
URL: https://webpayments.billmatrix.com/AlabamaPower/Payment/Timeout
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
67.148.77.10 , United States, ASN26144 (FISERV-EFT, US),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
9e39be472528dab33d2006877dcd9734393fb33e71366fc7b3008890aa4e5aa5
Security Headers
Name Value
Strict-Transport-Security max-age=157680000; includeSubDomains; preload

Request headers

Referer
https://webpayments.billmatrix.com/AlabamaPower/Payment/Timeout
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 14 Aug 2020 05:16:10 GMT
Content-Encoding
gzip
Last-Modified
Mon, 29 Jun 2020 04:40:33 GMT
Server
Microsoft-IIS/8.5
ETag
"80f69f6ccf4dd61:0"
Vary
Accept-Encoding
Content-Type
application/javascript
Strict-Transport-Security
max-age=157680000; includeSubDomains; preload
Accept-Ranges
bytes
Content-Length
3473
Layout
webpayments.billmatrix.com/AlabamaPower/StaticContent/Scripts/ODWebPages/ 		18 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://webpayments.billmatrix.com/AlabamaPower/StaticContent/Scripts/ODWebPages/Layout
Requested by
Host: webpayments.billmatrix.com
URL: https://webpayments.billmatrix.com/AlabamaPower/Payment/Timeout
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
67.148.77.10 , United States, ASN26144 (FISERV-EFT, US),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
4bb9479090f482b96939e98173316de0d844159e8a13d78fa2e73d6ee51cb0c3
Security Headers
Name Value
Strict-Transport-Security max-age=157680000; includeSubDomains; preload

Request headers

Referer
https://webpayments.billmatrix.com/AlabamaPower/Payment/Timeout
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 14 Aug 2020 05:16:10 GMT
Content-Encoding
gzip
Server
Microsoft-IIS/8.5
Vary
Accept-Encoding
Content-Type
text/javascript; charset=utf-8
Cache-Control
no-cache
Strict-Transport-Security
max-age=157680000; includeSubDomains; preload
Content-Length
6202
Expires
-1
icons-sprite.png
webpayments.billmatrix.com/AlabamaPower/StaticContent/Content/images/ 		49 KB
49 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://webpayments.billmatrix.com/AlabamaPower/StaticContent/Content/images/icons-sprite.png
Requested by
Host: webpayments.billmatrix.com
URL: https://webpayments.billmatrix.com/AlabamaPower/Payment/Timeout
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
67.148.77.10 , United States, ASN26144 (FISERV-EFT, US),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
79a528362e45811293c9cdd95c5e47f499ab0bebaa4823a3b35f95f564c6b489
Security Headers
Name Value
Strict-Transport-Security max-age=157680000; includeSubDomains; preload

Request headers

Referer
https://webpayments.billmatrix.com/AlabamaPower/StaticContent/Content/CSS/All
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 14 Aug 2020 05:16:10 GMT
Last-Modified
Mon, 29 Jun 2020 04:43:41 GMT
Server
Microsoft-IIS/8.5
ETag
"b7f723ddcf4dd61:0"
Strict-Transport-Security
max-age=157680000; includeSubDomains; preload
Content-Type
image/png
Accept-Ranges
bytes
Content-Length
49815
payframe
pay.google.com/gp/p/ui/ Frame FD6D 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fwebpayments.billmatrix.com&mid=
Requested by
Host: pay.google.com
URL: https://pay.google.com/gp/p/js/pay.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c06::5c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-axpBrL2WytHNzFQ/UXtyBA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport;worker-src 'self' script-src 'nonce-axpBrL2WytHNzFQ/UXtyBA' 'self' 'unsafe-eval' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
pay.google.com
:scheme
https
:path
/gp/p/ui/payframe?origin=https%3A%2F%2Fwebpayments.billmatrix.com&mid=
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://webpayments.billmatrix.com/AlabamaPower/Payment/Timeout
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
NID=204=wnnh3hlN9P4Sekp2UzzJ4Mji54R1svA3Y-gxpTi7_ZhZHQ_pUtvZ01wKkvTDP4gEaTzENvWOvRH1jpLwBOXBKtn3wEX1o5BlatMSq0fDwKh119zx5c2EQfsC7wiwz399bd6C7zggjKh3ZRFtmMf4EfZ_f5TAiXllPcBzgop-7IU
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://webpayments.billmatrix.com/AlabamaPower/Payment/Timeout

Response headers

status
200
content-type
text/html; charset=utf-8
x-ua-compatible
IE=edge
expires
Fri, 14 Aug 2020 05:16:11 GMT
date
Fri, 14 Aug 2020 05:16:11 GMT
cache-control
private, max-age=3600
content-security-policy
script-src 'report-sample' 'nonce-axpBrL2WytHNzFQ/UXtyBA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport;worker-src 'self' script-src 'nonce-axpBrL2WytHNzFQ/UXtyBA' 'self' 'unsafe-eval' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport
content-encoding
gzip
server
ESF
x-xss-protection
0
x-content-type-options
nosniff
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Verdicts & Comments Add Verdict or Comment

112 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| a object| b object| c string| d object| whitelistedDomainsHashedValueListForGpayButtonWithCardInfo object| google object| tooltip_options object| tooltip function| $ function| jQuery function| qQ function| ne string| ScheduledPayment_MaximumStartIntervalInDays string| ScheduledPayment_MaximumScheduleDurationInDays string| Recurring_MaximumStartIntervalInDays string| Recurring_MaximumScheduleDurationInDays string| IsAutoFocus string| COOKIE_IS_SUPPORTED string| PaymentInformation_EmailAddress_Required string| GetSystemStringDateWithTimeOffset string| NewGuid string| userInActivityUrl string| timeOutUrl string| sessionTimeoutVal number| timeToDisplayTimeoutScreen string| logOutUrl string| welcomePageUrl string| stayLoggedInUrl string| profilePageURL string| maskCharacter string| isGooglePayEnabledCW function| printDiv function| Themes function| BaseTheme object| themes string| IsConcurrentSessionPopupVisible string| IsFormPostUser string| CardSwapSupportedLayout string| CardSwapNonActivexDevice string| showSessionTimeout string| CardSwipeDeviceConnectivityMessage string| MaxPaymentAmount string| MinPaymentAmount string| WalletExpiresSoonMessage string| WalletExpiredMessage object| antiClickjack function| manageWalletExpirationCue function| showExpireSoonMessage function| mainNavToggle function| preventDrag object| securityToken object| billerShortName object| billerSupportedNetwork object| ApplePayTouchIdDeviceError object| ApplePayDeviceSupportUnavailable object| serviceConfigurationBiller object| tokenizationSpecification object| baseCardPaymentMethod object| cardPaymentMethod object| feeAmount object| GooglePayProtocolVersion object| GooglePayPublicKey object| GooglePayAllowedCardNetworks object| GooglePayMerchantId object| GooglePayApiVersion object| GooglePayApiVersionMinor object| GooglePayEnvironment function| getGoogleIsReadyToPayRequest function| getGooglePaymentDataRequest function| getGooglePaymentsClient function| onPaymentAuthorized function| addGooglePayButton function| getGoogleTransactionInfo function| getPaymentAmount function| prefetchGooglePaymentData function| onGooglePaymentButtonClicked function| GetCalculatedFeeValue function| processPayment function| setCookie function| CreateBrowserObjectForJquery function| CheckSubmit function| RedirecttoMainPage function| RedirecttoPopuporMainPage function| HideConfirmationPopUp function| HidePopUp function| OnLoading function| OnLoadComplete function| showProgress function| isSessionTimedOut function| GetCurrentBrowser function| IsCookieSupported function| setSessionTimeoutTicks function| Logout function| MaskTextBox function| UnmaskTextBox function| IsUndefinedOrNull function| MaskNumber function| RegisterMaskCardNumberEvents function| RegisterMaskAccountNumberEvents function| validateEmailReceiptInput function| DoValidation function| DaysInMonth function| addCommas undefined| setCountDown undefined| countDownId object| userInactivityDiv boolean| skipTimeOnAjaxStart boolean| displayTnC function| startCountDownForTimeoutScreen undefined| theme object| matched object| browser

5 Cookies

Domain/Path Name / Value
.pay.google.com/ Name: _gid
Value: GA1.3.1123286582.1597382171
webpayments.billmatrix.com/ Name: __RequestVerificationToken
Value: s4h2T2RNoElIgt7pUnp4mq1rgnVGdLdoYzzEQCvtdzfZmHcGwQIhWCERC8GvYmKBm_tLsWZN_7_FgW2QNLk5qXUoRFZjBrtDY7jE_xTxmARTVzM7shRUHxMFN8WI2Ax9wtSAEg2
.pay.google.com/ Name: _ga
Value: GA1.3.377660557.1597382171
.google.com/ Name: NID
Value: 204=wnnh3hlN9P4Sekp2UzzJ4Mji54R1svA3Y-gxpTi7_ZhZHQ_pUtvZ01wKkvTDP4gEaTzENvWOvRH1jpLwBOXBKtn3wEX1o5BlatMSq0fDwKh119zx5c2EQfsC7wiwz399bd6C7zggjKh3ZRFtmMf4EfZ_f5TAiXllPcBzgop-7IU
webpayments.billmatrix.com/AlabamaPower Name: SessionItem::Identifiers::SecureSessionCookie
Value: 101-a130a5d5a3a236a7bc0cd0715a714135-0139073092-7bc6918fb37f3a1989a6814fdac64dac$$

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=157680000; includeSubDomains; preload