www.billing.tax.demo.bluetd.com

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 4 HTTP transactions. The main IP is 159.69.160.206, located in Germany and belongs to HETZNER-AS, DE. The main domain is www.billing.tax.demo.bluetd.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on January 17th 2020. Valid for: 3 months.

This is the only time www.billing.tax.demo.bluetd.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address		AS Autonomous System
1 5	159.69.160.206 159.69.160.206		24940 (HETZNER-AS) (HETZNER-AS)
4	1

5 159.69.160.206 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: box58.bluetd.com

www.billing.tax.demo.bluetd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	bluetd.com 1 redirects www.billing.tax.demo.bluetd.com	468 KB
4	1

	Domain	Requested by
5	www.billing.tax.demo.bluetd.com	1 redirects www.billing.tax.demo.bluetd.com
4	1

This site contains no links.

Subject Issuer	Validity	Valid
billing.tax.demo.bluetd.com cPanel, Inc. Certification Authority	`2020-01-17` - `2020-04-16`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://www.billing.tax.demo.bluetd.com/login
Frame ID: 1DD7888D749E9CE4CE083A729BDBEA66
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://www.billing.tax.demo.bluetd.com/ HTTP 302
https://www.billing.tax.demo.bluetd.com/login Page URL

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

4
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

467 kB
Transfer

466 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.billing.tax.demo.bluetd.com/ HTTP 302
https://www.billing.tax.demo.bluetd.com/login Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request Cookie set login Show response www.billing.tax.demo.bluetd.com/ Redirect Chain https://www.billing.tax.demo.bluetd.com/ https://www.billing.tax.demo.bluetd.com/login	2 KB 2 KB	60ms 59ms	Document text/html	159.69.160.206 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://www.billing.tax.demo.bluetd.com/login Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 159.69.160.206 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS box58.bluetd.com Software Apache / Resource Hash `ffca0987352f135d63d14d7cba7bc32f2608c8f9d3e4babd6617b42ce0f994ea` Request headers Host www.billing.tax.demo.bluetd.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest document Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site none Sec-Fetch-Mode navigate Sec-Fetch-User ?1 Accept-Encoding gzip, deflate, br Accept-Language en-US Cookie XSRF-TOKEN=eyJpdiI6ImJZMWZEc09pK2lWdnVBdHFSUVBvS2c9PSIsInZhbHVlIjoiNkZHU2prOFRhM3V2OEFXTUFHT3NGTDk0MFA1bFhkNkhOTFYrcTE3c3hISmZKcjAxMFdGZmRcL0xIdFhlMDZ2ckJNV2V4Y1J6ZGVTUDRaV05wOGJzXC9TQT09IiwibWFjIjoiZjkzZjE3YjRmNDIxMzQ3Njc0MGI4YWFlZDM4M2M1NjE4ZDMyNjQ4M2YzOTgzN2M2OTk3ZWFmZGU1NDQ0MTcwOSJ9; laravel_session=eyJpdiI6IjlUQThyeWxaZHRXSkFMR0RvdmNuNnc9PSIsInZhbHVlIjoiQ1Z5RnMxdGRGOTdvVEVRaVB6b1RmRXdOZ1ZFcVdXb1lZVkhFZzN6eHYxcjcxZ3AzSnVjTGJyRFg5VUExODhjdmM2TEVsTW5KcnhPVjFzRmdyV3ROOEE9PSIsIm1hYyI6IjNkNzQ4OGRmN2M4NDNjMDViM2M2NTAzZmM0ZTY3ZWEwZDY5Y2JmZTNhY2M4ZGRjMjQzMTc0MDk2YzAwNTU2YzUifQ%3D%3D Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest document Response headers Date Thu, 02 Apr 2020 21:34:33 GMT Server Apache Cache-Control no-cache max-age=0, no-cache Set-Cookie XSRF-TOKEN=eyJpdiI6IkhIQ2VKWnJURVhyQWhpaTdxTlNRNUE9PSIsInZhbHVlIjoibXF5ZG54VmZLbVJ0a2ZNVFI2Q0tFXC9IUFB1UldaM3M4MUxvZm5KZ1wvdjBGZzdHQzRvXC9sXC85Z0hES0dcL2tPcjh6eFdWOUZlSzhrWktReFRzSHJMNnFadz09IiwibWFjIjoiNTNjMThjODJjZDdhZGVmNGY5YThlODUyZjk0YjNlNTVhOGNlNDhhYzhlMGQyZDdiZmQ2YTYzYTk5YzQwM2Q0NSJ9; expires=Thu, 02-Apr-2020 23:34:33 GMT; Max-Age=7200; path=/ laravel_session=eyJpdiI6IlFPN1BpYTJMVkNxN21WdFBuc3JMaUE9PSIsInZhbHVlIjoidVdQd2IyMFhWdFBXSTBjbzdMS2NuYVFNTXp1aVB4ZnRTMWw5WUd2U2dNSTVLQzJHdW1tRW1yTExOdVplV2pybmM0bjErSmx3Q2dnMUtVWndHdTk3ZFE9PSIsIm1hYyI6IjUxMTljZWUxY2M5YjA5MGEyN2Y1NzM2ZTMyNjVhMzUxNmNiMzBmNjczMTNhNGNlZjA4M2Q4OWMyMjNkNGExNjMifQ%3D%3D; expires=Thu, 02-Apr-2020 23:34:33 GMT; Max-Age=7200; path=/; httponly X-Mod-Pagespeed 1.13.35.2-0 Vary Accept-Encoding Content-Encoding gzip Content-Length 778 Keep-Alive timeout=5 Connection Keep-Alive Content-Type text/html; charset=UTF-8 Redirect headers Date Thu, 02 Apr 2020 21:34:33 GMT Server Apache Cache-Control no-cache s-maxage=10 Set-Cookie XSRF-TOKEN=eyJpdiI6ImJZMWZEc09pK2lWdnVBdHFSUVBvS2c9PSIsInZhbHVlIjoiNkZHU2prOFRhM3V2OEFXTUFHT3NGTDk0MFA1bFhkNkhOTFYrcTE3c3hISmZKcjAxMFdGZmRcL0xIdFhlMDZ2ckJNV2V4Y1J6ZGVTUDRaV05wOGJzXC9TQT09IiwibWFjIjoiZjkzZjE3YjRmNDIxMzQ3Njc0MGI4YWFlZDM4M2M1NjE4ZDMyNjQ4M2YzOTgzN2M2OTk3ZWFmZGU1NDQ0MTcwOSJ9; expires=Thu, 02-Apr-2020 23:34:33 GMT; Max-Age=7200; path=/ laravel_session=eyJpdiI6IjlUQThyeWxaZHRXSkFMR0RvdmNuNnc9PSIsInZhbHVlIjoiQ1Z5RnMxdGRGOTdvVEVRaVB6b1RmRXdOZ1ZFcVdXb1lZVkhFZzN6eHYxcjcxZ3AzSnVjTGJyRFg5VUExODhjdmM2TEVsTW5KcnhPVjFzRmdyV3ROOEE9PSIsIm1hYyI6IjNkNzQ4OGRmN2M4NDNjMDViM2M2NTAzZmM0ZTY3ZWEwZDY5Y2JmZTNhY2M4ZGRjMjQzMTc0MDk2YzAwNTU2YzUifQ%3D%3D; expires=Thu, 02-Apr-2020 23:34:33 GMT; Max-Age=7200; path=/; httponly Location https://www.billing.tax.demo.bluetd.com/login Keep-Alive timeout=5 Connection Keep-Alive Transfer-Encoding chunked Content-Type text/html; charset=UTF-8
GET H/1.1	200 OK	app-92c73da358.css www.billing.tax.demo.bluetd.com/build/css/	194 KB 194 KB	28ms 27ms	Stylesheet text/css	159.69.160.206 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://www.billing.tax.demo.bluetd.com/build/css/app-92c73da358.css Requested by Host: www.billing.tax.demo.bluetd.com URL: https://www.billing.tax.demo.bluetd.com/login Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 159.69.160.206 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS box58.bluetd.com Software Apache / Resource Hash `ee64c9f6a6f1e6bb181c08d041e445256ac2b05d7bac5b561a90e32cec0931b0` Request headers Referer https://www.billing.tax.demo.bluetd.com/login User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest style Response headers Date Thu, 02 Apr 2020 21:34:33 GMT Last-Modified Sun, 20 Mar 2016 10:44:08 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5 Content-Length 198632
GET H/1.1	200 OK	app-5a0eab4e5f.js Show response www.billing.tax.demo.bluetd.com/build/js/	208 KB 208 KB	74ms 26ms	Script application/javascript	159.69.160.206 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://www.billing.tax.demo.bluetd.com/build/js/app-5a0eab4e5f.js Requested by Host: www.billing.tax.demo.bluetd.com URL: https://www.billing.tax.demo.bluetd.com/login Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 159.69.160.206 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS box58.bluetd.com Software Apache / Resource Hash `9b88dc008d7d43865cb6c303c3b5b9d749c1ec487877686f2d5989737d51b2d8` Request headers Referer https://www.billing.tax.demo.bluetd.com/login User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest script Response headers Date Thu, 02 Apr 2020 21:34:33 GMT Last-Modified Sun, 20 Mar 2016 10:44:08 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5 Content-Length 212895
GET H/1.1	200 OK	TitilliumWeb-Regular.ttf www.billing.tax.demo.bluetd.com/build/fonts/	62 KB 63 KB	26ms 25ms	Font font/ttf	159.69.160.206 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://www.billing.tax.demo.bluetd.com/build/fonts/TitilliumWeb-Regular.ttf Requested by Host: www.billing.tax.demo.bluetd.com URL: https://www.billing.tax.demo.bluetd.com/login Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 159.69.160.206 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS box58.bluetd.com Software Apache / Resource Hash `89535fa5e2d707abc3a5becff17810789d73c827916ca8be714cfe6504ef9974` Request headers Referer https://www.billing.tax.demo.bluetd.com/build/css/app-92c73da358.css Origin https://www.billing.tax.demo.bluetd.com Sec-Fetch-Dest font User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 02 Apr 2020 21:34:33 GMT Last-Modified Wed, 09 Mar 2016 03:56:29 GMT Server Apache Content-Type font/ttf Cache-Control s-maxage=10 Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5 Content-Length 63752

Verdicts & Comments Add Verdict or Comment

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			www.billing.tax.demo.bluetd.com/	1970-01-19 08:31:10	Name: laravel_session Value: eyJpdiI6IlFPN1BpYTJMVkNxN21WdFBuc3JMaUE9PSIsInZhbHVlIjoidVdQd2IyMFhWdFBXSTBjbzdMS2NuYVFNTXp1aVB4ZnRTMWw5WUd2U2dNSTVLQzJHdW1tRW1yTExOdVplV2pybmM0bjErSmx3Q2dnMUtVWndHdTk3ZFE9PSIsIm1hYyI6IjUxMTljZWUxY2M5YjA5MGEyN2Y1NzM2ZTMyNjVhMzUxNmNiMzBmNjczMTNhNGNlZjA4M2Q4OWMyMjNkNGExNjMifQ%3D%3D
			www.billing.tax.demo.bluetd.com/	1970-01-19 08:31:10	Name: XSRF-TOKEN Value: eyJpdiI6IkhIQ2VKWnJURVhyQWhpaTdxTlNRNUE9PSIsInZhbHVlIjoibXF5ZG54VmZLbVJ0a2ZNVFI2Q0tFXC9IUFB1UldaM3M4MUxvZm5KZ1wvdjBGZzdHQzRvXC9sXC85Z0hES0dcL2tPcjh6eFdWOUZlSzhrWktReFRzSHJMNnFadz09IiwibWFjIjoiNTNjMThjODJjZDdhZGVmNGY5YThlODUyZjk0YjNlNTVhOGNlNDhhYzhlMGQyZDdiZmQ2YTYzYTk5YzQwM2Q0NSJ9

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

www.billing.tax.demo.bluetd.com
159.69.160.206
89535fa5e2d707abc3a5becff17810789d73c827916ca8be714cfe6504ef9974
9b88dc008d7d43865cb6c303c3b5b9d749c1ec487877686f2d5989737d51b2d8
ee64c9f6a6f1e6bb181c08d041e445256ac2b05d7bac5b561a90e32cec0931b0
ffca0987352f135d63d14d7cba7bc32f2608c8f9d3e4babd6617b42ce0f994ea

www.billing.tax.demo.bluetd.com Open in urlscan Pro 159.69.160.206 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

4 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

467 kBTransfer

466 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

4 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

6 JavaScript Global Variables

2 Cookies

Indicators

www.billing.tax.demo.bluetd.com Open in urlscan Pro
159.69.160.206 Public Scan

Screenshot
Live screenshot

Full Image

4
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

467 kB
Transfer

466 kB
Size

2
Cookies

4 HTTP transactions
0 data transactions