billbot.win Open in urlscan Pro
2.25.214.85 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://billbot.win/
Submission: On December 06 via automatic, source certstream-suspicious (December 6th 2024, 8:47:25 pm UTC) — Scanned from GB

Summary HTTP 8 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 8 HTTP transactions. The main IP is 2.25.214.85, located in Eastbourne, United Kingdom and belongs to EE EE Limited, GB. The main domain is billbot.win.
TLS certificate: Issued by E6 on December 6th 2024. Valid for: 3 months.

This is the only time billbot.win was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
6	2.25.214.85 2.25.214.85	12576 (EE EE Lim...) (EE EE Limited)
1	142.250.185.234 142.250.185.234	15169 (GOOGLE) (GOOGLE)
1	142.250.181.227 142.250.181.227	15169 (GOOGLE) (GOOGLE)
8	3

6 2.25.214.85 (Eastbourne, United Kingdom)

ASN12576 (EE EE Limited, GB)

billbot.win	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.234 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f10.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.181.227 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f3.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	billbot.win billbot.win	207 KB
1	gstatic.com fonts.gstatic.com	36 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 29	1 KB
8	3

	Domain	Requested by
6	billbot.win	billbot.win
1	fonts.gstatic.com	fonts.googleapis.com
1	fonts.googleapis.com	billbot.win
8	3

This site contains no links.

Subject Issuer	Validity	Valid
billbot.win E6	`2024-12-06` - `2025-03-06`	3 months	crt.sh
upload.video.google.com WR2	`2024-11-04` - `2025-01-27`	3 months	crt.sh
*.gstatic.com WR2	`2024-11-04` - `2025-01-27`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://billbot.win/
Frame ID: F6CFDFBAE9BA352CB8D759C768C8BB93
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

TestBot 2

Page Statistics

8
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

244 kB
Transfer

248 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
billbot.win/ 899 B
991 B 281ms
91ms Document
text/html 2.25.214.85
EE EE Limited

General

Check archive.org

Show headers Download Go to

Full URL: https://billbot.win/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2.25.214.85 Eastbourne, United Kingdom, ASN12576 (EE EE Limited, GB),
Reverse DNS
Software: hypercorn-h2 /
Resource Hash: a1bd677a0a0339f4b93cf9f352633ac149d152f417ce235165315f03cf5badbc

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

content-length: 899
content-type: text/html; charset=utf-8
date: Fri, 06 Dec 2024 20:47:20 GMT
server: hypercorn-h2

GET
H2 200 style.css
billbot.win/ 4 KB
4 KB 96ms
96ms Stylesheet
text/css 2.25.214.85
EE EE Limited

General

Check archive.org

Show headers Download Go to

Full URL: https://billbot.win/style.css?i=33
Requested by: Host: billbot.win
URL: https://billbot.win/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2.25.214.85 Eastbourne, United Kingdom, ASN12576 (EE EE Limited, GB),
Reverse DNS
Software: hypercorn-h2 /
Resource Hash: f98dcec45ea35755d7510b86a854495bda3cab0b5f07f2f0d8ff0a8d321d357b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://billbot.win/

Response headers

cache-control: public, max-age=43200
etag: "1733045090.3250756-3633-737152770"
expires: Sat, 07 Dec 2024 08:47:20 GMT
content-length: 3633
date: Fri, 06 Dec 2024 20:47:20 GMT
content-type: text/css; charset=utf-8
last-modified: Sun, 01 Dec 2024 09:24:50 GMT
server: hypercorn-h2

GET
H2 200 auto-auth.js Show response
billbot.win/src/ 2 KB
2 KB 126ms
125ms Script
text/javascript 2.25.214.85
EE EE Limited

General

Check archive.org

Show headers Download Go to

Full URL: https://billbot.win/src/auto-auth.js?i=3
Requested by: Host: billbot.win
URL: https://billbot.win/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2.25.214.85 Eastbourne, United Kingdom, ASN12576 (EE EE Limited, GB),
Reverse DNS
Software: hypercorn-h2 /
Resource Hash: 390c49ca5c2ade181f3913cdba37833d9a95b1236c7f07406539b12bcc97e05e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://billbot.win/

Response headers

cache-control: public, max-age=43200
etag: "1733045090.2210767-2331-1506611197"
expires: Sat, 07 Dec 2024 08:47:20 GMT
content-length: 2331
date: Fri, 06 Dec 2024 20:47:20 GMT
content-type: text/javascript; charset=utf-8
last-modified: Sun, 01 Dec 2024 09:24:50 GMT
server: hypercorn-h2

GET
H2 200 bg.webp
billbot.win/src/ 26 KB
26 KB 127ms
126ms Image
image/webp 2.25.214.85
EE EE Limited

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://billbot.win/src/bg.webp
Requested by: Host: billbot.win
URL: https://billbot.win/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2.25.214.85 Eastbourne, United Kingdom, ASN12576 (EE EE Limited, GB),
Reverse DNS
Software: hypercorn-h2 /
Resource Hash: 18d779add62f901224462f9029b068e13088ca15f827ea9ba3d2167e7f1f0a89

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://billbot.win/

Response headers

cache-control: public, max-age=43200
etag: "1733045090.2330766-26782-214175231"
expires: Sat, 07 Dec 2024 08:47:20 GMT
content-length: 26782
date: Fri, 06 Dec 2024 20:47:20 GMT
content-type: image/webp
last-modified: Sun, 01 Dec 2024 09:24:50 GMT
server: hypercorn-h2

GET
H2 200 page-root.js Show response
billbot.win/src/ 374 B
442 B 127ms
127ms Script
text/javascript 2.25.214.85
EE EE Limited

General

Check archive.org

Show headers Download Go to

Full URL: https://billbot.win/src/page-root.js?i=29
Requested by: Host: billbot.win
URL: https://billbot.win/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2.25.214.85 Eastbourne, United Kingdom, ASN12576 (EE EE Limited, GB),
Reverse DNS
Software: hypercorn-h2 /
Resource Hash: 721f436c11ddd2cd1a28c68f9977dcfba224743735650a10920e2bd12ef64a73

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://billbot.win/

Response headers

cache-control: public, max-age=43200
etag: "1733045090.3250756-374-1496518643"
expires: Sat, 07 Dec 2024 08:47:20 GMT
content-length: 374
date: Fri, 06 Dec 2024 20:47:20 GMT
content-type: text/javascript; charset=utf-8
last-modified: Sun, 01 Dec 2024 09:24:50 GMT
server: hypercorn-h2

GET
H2 200 css2
fonts.googleapis.com/ 6 KB
1 KB 528ms
67ms Stylesheet
text/css 142.250.185.234
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Noto+Sans:ital,wght@0,100..900;1,100..900&display=swap

Requested by

Host: billbot.win
URL: https://billbot.win/style.css?i=33

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.234 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f10.1e100.net

Software

ESF /

Resource Hash

364a9b4d57ac872a94e5d0e142d53fd947af91308a3823913fb33f3e4a468404

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://billbot.win/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Fri, 06 Dec 2024 20:47:21 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 06 Dec 2024 20:47:21 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Fri, 06 Dec 2024 19:27:23 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H2 200 o-0bIpQlx3QUlC5A4PNB6Ryti20_6n1iPHjc5a7duw.woff2
fonts.gstatic.com/s/notosans/v38/ 35 KB
36 KB 479ms
51ms Font
font/woff2 142.250.181.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/notosans/v38/o-0bIpQlx3QUlC5A4PNB6Ryti20_6n1iPHjc5a7duw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Noto+Sans:ital,wght@0,100..900;1,100..900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f3.1e100.net

Software

sffe /

Resource Hash

086bfcad0e112af1c9ac0cdea1744dfb11dfdda61906ceee1b32439437096add

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://billbot.win
Referer: https://fonts.googleapis.com/

Response headers

age: 219850
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Thu, 04 Dec 2025 07:43:12 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 04 Dec 2024 07:43:12 GMT
last-modified: Wed, 04 Dec 2024 06:43:31 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 35840
x-xss-protection: 0
server: sffe

GET
H2 200 favicon.ico
billbot.win/ 173 KB
174 KB 48ms
48ms Other
image/vnd.microsoft.icon 2.25.214.85
EE EE Limited

General

Check archive.org

Show headers Download Go to

Full URL: https://billbot.win/favicon.ico
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2.25.214.85 Eastbourne, United Kingdom, ASN12576 (EE EE Limited, GB),
Reverse DNS
Software: hypercorn-h2 /
Resource Hash: 0e319b8b8bdfe03ee429d2f09e91ad46e9d0cd1608c0581bb777faba425b2423

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://billbot.win/

Response headers

cache-control: public, max-age=43200
etag: "1733045090.2370765-177623-465964652"
expires: Sat, 07 Dec 2024 08:47:22 GMT
content-length: 177623
date: Fri, 06 Dec 2024 20:47:22 GMT
content-type: image/vnd.microsoft.icon
last-modified: Sun, 01 Dec 2024 09:24:50 GMT
server: hypercorn-h2

Verdicts & Comments Add Verdict or Comment

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

billbot.win
fonts.googleapis.com
fonts.gstatic.com
142.250.181.227
142.250.185.234
2.25.214.85
086bfcad0e112af1c9ac0cdea1744dfb11dfdda61906ceee1b32439437096add
0e319b8b8bdfe03ee429d2f09e91ad46e9d0cd1608c0581bb777faba425b2423
18d779add62f901224462f9029b068e13088ca15f827ea9ba3d2167e7f1f0a89
364a9b4d57ac872a94e5d0e142d53fd947af91308a3823913fb33f3e4a468404
390c49ca5c2ade181f3913cdba37833d9a95b1236c7f07406539b12bcc97e05e
721f436c11ddd2cd1a28c68f9977dcfba224743735650a10920e2bd12ef64a73
a1bd677a0a0339f4b93cf9f352633ac149d152f417ce235165315f03cf5badbc
f98dcec45ea35755d7510b86a854495bda3cab0b5f07f2f0d8ff0a8d321d357b

billbot.win Open in urlscan Pro 2.25.214.85 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

8 Requests

100 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

244 kBTransfer

248 kBSize

0 Cookies

0 Outgoing links

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

6 JavaScript Global Variables

0 Cookies

Indicators

billbot.win Open in urlscan Pro
2.25.214.85 Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

244 kB
Transfer

248 kB
Size

0
Cookies

8 HTTP transactions
0 data transactions