urlscan.io logo urlscan.io
SecurityTrails logo

backoffice-tax.dpd.com Open in urlscan Pro
2606:4700::6812:b41b  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://backoffice-tax.dpd.com/
Effective URL: https://backoffice-tax.dpd.com/login
Submission: On February 08 via manual from AT — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 6 HTTP transactions. The main IP is 2606:4700::6812:b41b, located in United States and belongs to CLOUDFLARENET, US. The main domain is backoffice-tax.dpd.com.
TLS certificate: Issued by Thawte RSA CA 2018 on September 15th 2022. Valid for: a year.
This is the only time backoffice-tax.dpd.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 8 2606:4700::68... 13335 (CLOUDFLAR...)
6 2
Apex Domain
Subdomains		 Transfer
8 dpd.com
backoffice-tax.dpd.com
665 KB
6 1
Domain Requested by
8 backoffice-tax.dpd.com 2 redirects backoffice-tax.dpd.com
6 1

This site contains no links.

Subject Issuer Validity Valid
dpd.com
Thawte RSA CA 2018		 2022-09-15 -
2023-09-17		 a year crt.sh

This page contains 1 frames:

Primary Page: https://backoffice-tax.dpd.com/login
Frame ID: DE3D7F3241D11F488286A74554A7FDC8
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Duties API - 1.12.22

Page URL History Show full URLs

  1. http://backoffice-tax.dpd.com/ HTTP 301
    https://backoffice-tax.dpd.com/ HTTP 302
    https://backoffice-tax.dpd.com/login Page URL

Page Statistics

6
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

664 kB
Transfer

2271 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://backoffice-tax.dpd.com/ HTTP 301
    https://backoffice-tax.dpd.com/ HTTP 302
    https://backoffice-tax.dpd.com/login Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request login
backoffice-tax.dpd.com/
Redirect Chain
  • http://backoffice-tax.dpd.com/
  • https://backoffice-tax.dpd.com/
  • https://backoffice-tax.dpd.com/login
57 KB
22 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://backoffice-tax.dpd.com/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:b41b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
37e449ad11eaf039573a057f212b4dd01b15631585079d545a7b248dfc8eef60
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1 mode=block always

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache, private private, no-cache, no-store
cf-cache-status
DYNAMIC
cf-ray
7964ac104a17699b-FRA
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Wed, 08 Feb 2023 13:22:05 GMT
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1 mode=block always

Redirect headers

access-control-allow-credentials
true
access-control-allow-headers
x-csrf-token,x-requested-with,x-xsrf-token,content-type
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin
https://tax.dpd.com
cache-control
no-cache, private private, no-cache, no-store
cf-cache-status
DYNAMIC
cf-ray
7964ac0e9fef699b-FRA
content-type
text/html; charset=UTF-8
date
Wed, 08 Feb 2023 13:22:05 GMT
location
https://backoffice-tax.dpd.com/login
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1 mode=block always
app.js
backoffice-tax.dpd.com/js/ 		2 MB
519 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://backoffice-tax.dpd.com/js/app.js?id=f5987d08afd0e7f5d6ad
Requested by
Host: backoffice-tax.dpd.com
URL: https://backoffice-tax.dpd.com/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:b41b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4e186e56d15fad0b1a0d3d8e4caad8246b3ae15737b8522005787bde6e37e55c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1 mode=block always

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date
Wed, 08 Feb 2023 13:22:05 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
MISS
last-modified
Mon, 02 Jan 2023 09:40:12 GMT
server
cloudflare
content-encoding
gzip
etag
W/"63b2a67c-1c06b0"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
private, no-cache, no-store
cf-ray
7964ac119b95699b-FRA
x-xss-protection
1 mode=block always
feather.min.js
backoffice-tax.dpd.com/feather/ 		66 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://backoffice-tax.dpd.com/feather/feather.min.js
Requested by
Host: backoffice-tax.dpd.com
URL: https://backoffice-tax.dpd.com/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:b41b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ee7d60cfd87cb5be769c5372991f4ab7d2ff88b8d6315c3d66f79e7c2444f0a0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1 mode=block always

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date
Wed, 08 Feb 2023 13:22:05 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
MISS
last-modified
Mon, 02 Jan 2023 09:40:23 GMT
server
cloudflare
content-encoding
gzip
etag
W/"63b2a687-1074e"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
private, no-cache, no-store
cf-ray
7964ac119b9a699b-FRA
x-xss-protection
1 mode=block always
app.css
backoffice-tax.dpd.com/css/ 		276 KB
45 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://backoffice-tax.dpd.com/css/app.css
Requested by
Host: backoffice-tax.dpd.com
URL: https://backoffice-tax.dpd.com/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:b41b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c40f82ccf3a4a8f26efc51b0fa99c4b69260df08f6f02e27ee612c1ef92fa77a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1 mode=block always

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date
Wed, 08 Feb 2023 13:22:05 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
MISS
last-modified
Mon, 02 Jan 2023 09:40:12 GMT
server
cloudflare
content-encoding
gzip
etag
W/"63b2a67c-45107"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css
cache-control
private, no-cache, no-store
cf-ray
7964ac119b97699b-FRA
x-xss-protection
1 mode=block always
dpd.css
backoffice-tax.dpd.com/css/ 		189 B
279 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://backoffice-tax.dpd.com/css/dpd.css
Requested by
Host: backoffice-tax.dpd.com
URL: https://backoffice-tax.dpd.com/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:b41b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
beaf5950c016a7db26ca2d0561beca81878393eab5fae01a7ec0ea932003e94f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1 mode=block always

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date
Wed, 08 Feb 2023 13:22:05 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
MISS
last-modified
Mon, 02 Jan 2023 09:40:12 GMT
server
cloudflare
content-encoding
gzip
etag
W/"63b2a67c-bd"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css
cache-control
private, no-cache, no-store
cf-ray
7964ac119b99699b-FRA
x-xss-protection
1 mode=block always
truncated
/ 		19 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2533de2e7b3406c4f59756ce916f3b7e0f229dd821044900dcb2cd098a38ffc4

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

Content-Type
image/png
PlutoSansDPDLight-Web.woff
backoffice-tax.dpd.com/fonts/ 		59 KB
60 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://backoffice-tax.dpd.com/fonts/PlutoSansDPDLight-Web.woff
Requested by
Host: backoffice-tax.dpd.com
URL: https://backoffice-tax.dpd.com/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:b41b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9e462606602d426b676f2b6f9c0b6629b02f91204214898f7d4a56749c4e00d0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1 mode=block always

Request headers

Referer
https://backoffice-tax.dpd.com/login
Origin
https://backoffice-tax.dpd.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date
Wed, 08 Feb 2023 13:22:06 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
MISS
last-modified
Mon, 02 Jan 2023 09:40:12 GMT
server
cloudflare
etag
"63b2a67c-ed6d"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
font/woff
cache-control
private, no-cache, no-store
accept-ranges
bytes
cf-ray
7964ac145e95699b-FRA
content-length
60781
x-xss-protection
1 mode=block always

Verdicts & Comments Add Verdict or Comment

22 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| oncontentvisibilityautostatechange object| webpackChunk object| __core-js_shared__ function| _ function| Popper function| jQuery function| $ function| axios object| VueMarkdown object| VueProgressBarEventBus object| VueProgressBar function| moment object| mixinDuties object| gatewaySwitcher object| VueBootstrapTable object| fields object| dutiesTable function| Vue object| EventBus object| core object| feather

3 Cookies

Domain/Path Name / Value
backoffice-tax.dpd.com/ Name: duties_api_session
Value: 4NVLTW39hMW6WgqnMkAsim9UFOtdpGHou6NRk4SD
backoffice-tax.dpd.com/ Name: SERVERID
Value: s3
backoffice-tax.dpd.com/ Name: XSRF-TOKEN
Value: eyJpdiI6Ind2MGtycnRQcmF5eVNjVURCTGxiOFE9PSIsInZhbHVlIjoiZStMT3RnWEhCUElLME9aa2tlM2ZVdzlBMzBhcFBmZ0VYeUszcXZrd0FDUVMvcE8za0JydDB2Q2o5eE5raFRnUHZkSUdzYXNGSlBhUnExcm5uK2dIekZrL2JPam05b1dsN2Z5NDJFZXZuTVJmTmM0ZmZ0aFlLcUk0V01WalNFNG8iLCJtYWMiOiIyNzhhMjgxYWQwODM2MmIzODBiZTliNTg5MzlkYzJmNTI2ZTAxZDg1NmJhNzJiNGRiNmFlNTAyOGY3MzA3YjIzIiwidGFnIjoiIn0%3D

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1 mode=block always