www.bill.userver.info Open in urlscan Pro
37.153.158.3 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.bill.userver.info/
Effective URL:
https://www.bill.userver.info/install/
Submission: On September 03 via automatic, source certstream-suspicious (September 3rd 2023, 9:44:39 pm UTC) — Scanned from DE

Summary HTTP 8 Redirects Links 5 Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 8 HTTP transactions. The main IP is 37.153.158.3, located in Germany and belongs to SERVERHUB-NL, US. The main domain is www.bill.userver.info.
TLS certificate: Issued by R3 on September 3rd 2023. Valid for: 3 months.

This is the only time www.bill.userver.info was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address		AS Autonomous System
3 11	37.153.158.3 37.153.158.3		49532 (SERVERHUB-NL) (SERVERHUB-NL)
8	1

11 37.153.158.3 (Germany) 3 redirects

ASN49532 (SERVERHUB-NL, US)

www.bill.userver.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	userver.info 3 redirects www.bill.userver.info	405 KB
8	1

	Domain	Requested by
11	www.bill.userver.info	3 redirects www.bill.userver.info
8	1

This site contains links to these domains. Also see Links.

Domain
billar.gainhq.com

Subject Issuer	Validity	Valid
bill.userver.info R3	`2023-09-03` - `2023-12-02`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://www.bill.userver.info/install/
Frame ID: 3C68681DBF9BFC8D93C235820DCEF0A3
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Install

Page URL History Show full URLs

https://www.bill.userver.info/ HTTP 302
https://www.bill.userver.info/admin/users/login HTTP 302
https://www.bill.userver.info/install HTTP 301
https://www.bill.userver.info/install/ Page URL

Detected technologies

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Page Statistics

8
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

403 kB
Transfer

1397 kB
Size

3
Cookies

5 Outgoing links

These are links going to different origins than the main page.

URL: https://billar.gainhq.com/documentation/server-requirement.html#php_version
Title: Need help?

Search URL Search Domain Scan URL

URL: https://billar.gainhq.com/documentation/server-requirement.html#php_environment
Title: Need help?

Search URL Search Domain Scan URL

URL: https://billar.gainhq.com/documentation/server-requirement.html#php_option
Title: Need help?

Search URL Search Domain Scan URL

URL: https://billar.gainhq.com/documentation/server-requirement.html#mysql_version
Title: Need help?

Search URL Search Domain Scan URL

URL: https://billar.gainhq.com/documentation/server-requirement.html#folder_permission
Title: Need help?

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.bill.userver.info/ HTTP 302
https://www.bill.userver.info/admin/users/login HTTP 302
https://www.bill.userver.info/install HTTP 301
https://www.bill.userver.info/install/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H3	200	Primary Request / Show response www.bill.userver.info/install/ Redirect Chain https://www.bill.userver.info/ https://www.bill.userver.info/admin/users/login https://www.bill.userver.info/install https://www.bill.userver.info/install/	15 KB 2 KB	1046ms 1045ms	Document text/html	37.153.158.3 SERVERHUB-NL
General Check archive.org Show headers Download Go to Full URL https://www.bill.userver.info/install/ Protocol H3 Security QUIC, , AES_128_GCM Server 37.153.158.3 , Germany, ASN49532 (SERVERHUB-NL, US), Reverse DNS Software LiteSpeed / Resource Hash `8a596c06f29700898adeefdf4ac6cf6a1d0cfabb9689d85b801806e24cb899b8` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers alt-svc h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" cache-control no-store, no-cache, must-revalidate content-encoding gzip content-length 1802 content-type text/html; charset=UTF-8 date Sun, 03 Sep 2023 21:44:34 GMT expires Thu, 19 Nov 1981 08:52:00 GMT pragma no-cache server LiteSpeed vary Accept-Encoding Redirect headers alt-svc h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" content-encoding gzip content-type text/html date Sun, 03 Sep 2023 21:44:33 GMT location https://www.bill.userver.info/install/ server LiteSpeed vary Accept-Encoding
GET H3	200	core.css www.bill.userver.info/css/	681 KB 63 KB	40ms 39ms	Stylesheet text/css	37.153.158.3 SERVERHUB-NL
General Check archive.org Show headers Download Go to Full URL https://www.bill.userver.info/css/core.css Requested by Host: www.bill.userver.info URL: https://www.bill.userver.info/install/ Protocol H3 Security QUIC, , AES_128_GCM Server 37.153.158.3 , Germany, ASN49532 (SERVERHUB-NL, US), Reverse DNS Software LiteSpeed / Resource Hash `4fe632abdb06b0424b45cdfbc874da417783a15f90ef139e31d6df7ea05b54bf` Request headers accept-language de-DE,de;q=0.9 Referer https://www.bill.userver.info/install/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers date Sun, 03 Sep 2023 21:44:34 GMT content-encoding br last-modified Mon, 18 Jul 2022 21:50:30 GMT server LiteSpeed etag "aa2db-62d5d5a6-e3e51;br" vary Accept-Encoding content-type text/css cache-control public, max-age=604800 accept-ranges bytes alt-svc h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" content-length 64846 expires Sun, 10 Sep 2023 21:44:34 GMT
GET H3	200	fontawesome.css www.bill.userver.info/css/	59 KB 12 KB	93ms 92ms	Stylesheet text/css	37.153.158.3 SERVERHUB-NL
General Check archive.org Show headers Download Go to Full URL https://www.bill.userver.info/css/fontawesome.css Requested by Host: www.bill.userver.info URL: https://www.bill.userver.info/install/ Protocol H3 Security QUIC, , AES_128_GCM Server 37.153.158.3 , Germany, ASN49532 (SERVERHUB-NL, US), Reverse DNS Software LiteSpeed / Resource Hash `60f2c1ff08f8cd2617c65f09187d7d389acc9efe1979b39550596f5ea5a7123d` Request headers accept-language de-DE,de;q=0.9 Referer https://www.bill.userver.info/install/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers date Sun, 03 Sep 2023 21:44:34 GMT content-encoding br last-modified Mon, 18 Jul 2022 21:50:30 GMT server LiteSpeed etag "ed07-62d5d5a6-e3e55;br" vary Accept-Encoding content-type text/css cache-control public, max-age=604800 accept-ranges bytes alt-svc h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" content-length 12736 expires Sun, 10 Sep 2023 21:44:34 GMT
GET H3	200	vendor.js Show response www.bill.userver.info/js/	324 KB 95 KB	136ms 135ms	Script application/x-javascript	37.153.158.3 SERVERHUB-NL
General Check archive.org Show headers Download Go to Full URL https://www.bill.userver.info/js/vendor.js Requested by Host: www.bill.userver.info URL: https://www.bill.userver.info/install/ Protocol H3 Security QUIC, , AES_128_GCM Server 37.153.158.3 , Germany, ASN49532 (SERVERHUB-NL, US), Reverse DNS Software LiteSpeed / Resource Hash `3b74ec1b03f4fea1b2a8fae51f42e66be81423beede3896d2097e0f19fc85523` Request headers accept-language de-DE,de;q=0.9 Referer https://www.bill.userver.info/install/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers date Sun, 03 Sep 2023 21:44:34 GMT content-encoding br last-modified Mon, 18 Jul 2022 21:50:32 GMT server LiteSpeed etag "50e99-62d5d5a8-e095e;br" vary Accept-Encoding content-type application/x-javascript cache-control public, max-age=604800 accept-ranges bytes alt-svc h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" content-length 97182 expires Sun, 10 Sep 2023 21:44:34 GMT
GET H3	200	poppins.ttf www.bill.userver.info/fonts/	154 KB 65 KB	40ms 39ms	Font application/x-font-ttf	37.153.158.3 SERVERHUB-NL
General Check archive.org Show headers Download Go to Full URL https://www.bill.userver.info/fonts/poppins.ttf?8081832fc5cfbf634aa664a9eff0350e Requested by Host: www.bill.userver.info URL: https://www.bill.userver.info/css/core.css Protocol H3 Security QUIC, , AES_128_GCM Server 37.153.158.3 , Germany, ASN49532 (SERVERHUB-NL, US), Reverse DNS Software LiteSpeed / Resource Hash `78f127277756ae464f4eb665ce214cb6315746f6f4193e95b31f18f4b3e97527` Request headers Referer https://www.bill.userver.info/css/core.css Origin https://www.bill.userver.info accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers date Sun, 03 Sep 2023 21:44:35 GMT content-encoding br last-modified Mon, 18 Jul 2022 21:50:30 GMT server LiteSpeed etag "269f0-62d5d5a6-e3e59;br" vary Accept-Encoding content-type application/x-font-ttf cache-control public, max-age=604800 accept-ranges bytes alt-svc h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" content-length 66858 expires Sun, 10 Sep 2023 21:44:35 GMT
GET H3	200	webfa-brands-400.woff2 www.bill.userver.info/fonts/vendor/@fortawesome/fontawesome-free/	75 KB 75 KB	50ms 50ms	Font font/woff2	37.153.158.3 SERVERHUB-NL
General Check archive.org Show headers Download Go to Full URL https://www.bill.userver.info/fonts/vendor/@fortawesome/fontawesome-free/webfa-brands-400.woff2?d878b0a6a1144760244ff0665888404c Requested by Host: www.bill.userver.info URL: https://www.bill.userver.info/css/fontawesome.css Protocol H3 Security QUIC, , AES_128_GCM Server 37.153.158.3 , Germany, ASN49532 (SERVERHUB-NL, US), Reverse DNS Software LiteSpeed / Resource Hash `8ea8791754915a898a3100e63e32978a6d1763be6df8e73a39d3a90d691cdeef` Request headers Referer https://www.bill.userver.info/css/fontawesome.css Origin https://www.bill.userver.info accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers date Sun, 03 Sep 2023 21:44:35 GMT last-modified Mon, 18 Jul 2022 21:50:30 GMT server LiteSpeed etag "12bc0-62d5d5a6-e3e61;;;" content-type font/woff2 cache-control public, max-age=604800 accept-ranges bytes alt-svc h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" content-length 76736 expires Sun, 10 Sep 2023 21:44:35 GMT
GET H3	200	webfa-solid-900.woff2 www.bill.userver.info/fonts/vendor/@fortawesome/fontawesome-free/	76 KB 77 KB	61ms 61ms	Font font/woff2	37.153.158.3 SERVERHUB-NL
General Check archive.org Show headers Download Go to Full URL https://www.bill.userver.info/fonts/vendor/@fortawesome/fontawesome-free/webfa-solid-900.woff2?1551f4f60c37af51121f106501f69b80 Requested by Host: www.bill.userver.info URL: https://www.bill.userver.info/css/fontawesome.css Protocol H3 Security QUIC, , AES_128_GCM Server 37.153.158.3 , Germany, ASN49532 (SERVERHUB-NL, US), Reverse DNS Software LiteSpeed / Resource Hash `9834b82ad26e2a37583d22676a12dd2eb0fe7c80356a2114d0db1aa8b3899537` Request headers Referer https://www.bill.userver.info/css/fontawesome.css Origin https://www.bill.userver.info accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers date Sun, 03 Sep 2023 21:44:35 GMT last-modified Mon, 18 Jul 2022 21:50:30 GMT server LiteSpeed etag "131bc-62d5d5a6-e3e6b;;;" content-type font/woff2 cache-control public, max-age=604800 accept-ranges bytes alt-svc h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" content-length 78268 expires Sun, 10 Sep 2023 21:44:35 GMT
GET H3	200	webfa-regular-400.woff2 www.bill.userver.info/fonts/vendor/@fortawesome/fontawesome-free/	13 KB 13 KB	82ms 82ms	Font font/woff2	37.153.158.3 SERVERHUB-NL
General Check archive.org Show headers Download Go to Full URL https://www.bill.userver.info/fonts/vendor/@fortawesome/fontawesome-free/webfa-regular-400.woff2?7a3337626410ca2f40718481c755640f Requested by Host: www.bill.userver.info URL: https://www.bill.userver.info/css/fontawesome.css Protocol H3 Security QUIC, , AES_128_GCM Server 37.153.158.3 , Germany, ASN49532 (SERVERHUB-NL, US), Reverse DNS Software LiteSpeed / Resource Hash `e42a88444448ac3d60549cc7c1ff2c8a9cac721034c073d80a14a44e79730cca` Request headers Referer https://www.bill.userver.info/css/fontawesome.css Origin https://www.bill.userver.info accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers date Sun, 03 Sep 2023 21:44:35 GMT last-modified Mon, 18 Jul 2022 21:50:30 GMT server LiteSpeed etag "33a8-62d5d5a6-e3e66;;;" content-type font/woff2 cache-control public, max-age=604800 accept-ranges bytes alt-svc h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" content-length 13224 expires Sun, 10 Sep 2023 21:44:35 GMT

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture object| webpackChunk_gainhq_billar

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.bill.userver.info/	1970-01-20 14:29:44	Name: XSRF-TOKEN Value: eyJpdiI6IlRYdTFWdTFLZ0dORnJQQSsyb2U5M2c9PSIsInZhbHVlIjoiYi9Hd0VScG1Xa0lVTGZvQVNxQmU2SHNWWWVGUTcycEpuMndEc2dNbjdFV2dyUzAyTTl2SXNrQWVlRkdrK1g5NHdVSVl3RVBTL2wyL2p5WTg1Nm13dHA4dWJWUGllWjJQN3UzZDJRU0hNL2VlVEp2RjFOR0s4Rm1md2szRjF6bEkiLCJtYWMiOiIzMTU4MTMzNTM2M2M5NGU1NzBkMjNlZDNlMDU0NmMxMmE0OTJiMDcwYzE2MWVlMmUzYjZjZTkyYWJmNDAyYzI3IiwidGFnIjoiIn0%3D
www.bill.userver.info/	1970-01-20 14:29:44	Name: billar_session Value: eyJpdiI6IkowOFNNWHRoQXNoaUUwcXpuelFDdVE9PSIsInZhbHVlIjoiZTE4RW5NRW1FbTE5SHkvVlZaV3FoQkF1Rm1WNnU4bEc2Ykx1OVFMcGFaY0hMVWtwbmVJUUVXbDZPdUphK2xxeVVaZkRCeFY2SnBXTmhkSnRTRUhqSjdZUXZIL1VPVnh2YlU0U3o0UXVzRVdnS2ZSM3pPVFNQVTZsZmdWa205NysiLCJtYWMiOiIwODE3MmZiYTMwODQ5YjcxZTFiN2ZlYjQwZTgxNTY0MDg0YjM2ZjkzMmEyODYxMDZhOTFiNDM0MzE5MmMzYmU5IiwidGFnIjoiIn0%3D
www.bill.userver.info/	1969-12-31 23:59:59	Name: PHPSESSID Value: 8v4eclci7shea5lho7mnocqlq8

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

www.bill.userver.info
37.153.158.3
3b74ec1b03f4fea1b2a8fae51f42e66be81423beede3896d2097e0f19fc85523
4fe632abdb06b0424b45cdfbc874da417783a15f90ef139e31d6df7ea05b54bf
60f2c1ff08f8cd2617c65f09187d7d389acc9efe1979b39550596f5ea5a7123d
78f127277756ae464f4eb665ce214cb6315746f6f4193e95b31f18f4b3e97527
8a596c06f29700898adeefdf4ac6cf6a1d0cfabb9689d85b801806e24cb899b8
8ea8791754915a898a3100e63e32978a6d1763be6df8e73a39d3a90d691cdeef
9834b82ad26e2a37583d22676a12dd2eb0fe7c80356a2114d0db1aa8b3899537
e42a88444448ac3d60549cc7c1ff2c8a9cac721034c073d80a14a44e79730cca

www.bill.userver.info Open in urlscan Pro 37.153.158.3 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

8 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

403 kBTransfer

1397 kBSize

3 Cookies

5 Outgoing links

Page URL History

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

3 Cookies

Indicators

www.bill.userver.info Open in urlscan Pro
37.153.158.3 Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

403 kB
Transfer

1397 kB
Size

3
Cookies

8 HTTP transactions
0 data transactions