billing.whoisfreaks.com Open in urlscan Pro
172.233.38.245 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://billing.whoisfreaks.com/
Effective URL:
https://billing.whoisfreaks.com/login
Submission: On July 07 via automatic, source certstream-suspicious (July 7th 2024, 12:15:00 am UTC) — Scanned from NL

Summary HTTP 12 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 3 domains to perform 12 HTTP transactions. The main IP is 172.233.38.245, located in Amsterdam, Netherlands and belongs to AKAMAI-LINODE-AP Akamai Connected Cloud, SG. The main domain is billing.whoisfreaks.com.
TLS certificate: Issued by E6 on July 6th 2024. Valid for: 3 months.

This is the only time billing.whoisfreaks.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 9	172.233.38.245 172.233.38.245	63949 (AKAMAI-LI...) (AKAMAI-LINODE-AP Akamai Connected Cloud)
1	2606:4700::68... 2606:4700::6812:bcf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:401... 2a00:1450:4013:c14::54	15169 (GOOGLE) (GOOGLE)
12	4

9 172.233.38.245 (Amsterdam, Netherlands) 1 redirects

ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG)
PTR: 172-233-38-245.ip.linodeusercontent.com

billing.whoisfreaks.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
whoisfreaks.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:bcf (United States)

ASN13335 (CLOUDFLARENET, US)

netdna.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4013:c14::54 (Groningen, Netherlands)

ASN15169 (GOOGLE, US)

accounts.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	whoisfreaks.com 1 redirects billing.whoisfreaks.com whoisfreaks.com	280 KB
3	google.com accounts.google.com — Cisco Umbrella Rank: 49	84 KB
1	bootstrapcdn.com netdna.bootstrapcdn.com — Cisco Umbrella Rank: 6755	5 KB
12	3

	Domain	Requested by
8	billing.whoisfreaks.com	1 redirects billing.whoisfreaks.com
3	accounts.google.com	billing.whoisfreaks.com accounts.google.com
1	whoisfreaks.com	billing.whoisfreaks.com
1	netdna.bootstrapcdn.com	billing.whoisfreaks.com
12	4

This site contains links to these domains. Also see Links.

Domain
ipgeolocation.io
currencyfreaks.com

Subject Issuer	Validity	Valid
billing.whoisfreaks.com E6	`2024-07-06` - `2024-10-04`	3 months	crt.sh
bootstrapcdn.com GTS CA 1P5	`2024-05-25` - `2024-08-23`	3 months	crt.sh
accounts.google.com WR2	`2024-06-13` - `2024-09-05`	3 months	crt.sh
whoisfreaks.com E6	`2024-07-06` - `2024-10-04`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://billing.whoisfreaks.com/login
Frame ID: B2ED4A325B819C2C57D34412CB582532
Requests: 12 HTTP requests in this frame

Frame: https://accounts.google.com/gsi/button?type=standard&shape=rectangular&theme=outline&text=signin_with&size=large&logo_alignment=center&client_id=1061150260493-hkg1cku9maek48983jk0th26l6djm5k2.apps.googleusercontent.com&iframe_id=gsi_291781_637633&as=PNli9RG7E62nCNOIG1MMfQ
Frame ID: 251BD6C13F3C322658E2EB221494FAB6
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sign in to WhoisFeaks Api Account

Page URL History Show full URLs

https://billing.whoisfreaks.com/ HTTP 302
http://billing.whoisfreaks.com/login HTTP 307
https://billing.whoisfreaks.com/login Page URL

Detected technologies

Google Sign-in (Social logins) Expand

Overall confidence: 100%
Detected patterns

accounts\.google\.com/gsi/client

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Page Statistics

12
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

4
Subdomains

4
IPs

2
Countries

368 kB
Transfer

538 kB
Size

1
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://ipgeolocation.io/

Search URL Search Domain Scan URL

URL: https://currencyfreaks.com/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://billing.whoisfreaks.com/ HTTP 302
http://billing.whoisfreaks.com/login HTTP 307
https://billing.whoisfreaks.com/login Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request login Show response
billing.whoisfreaks.com/
Redirect Chain

https://billing.whoisfreaks.com/
http://billing.whoisfreaks.com/login
https://billing.whoisfreaks.com/login

4 KB
2 KB

17ms
16ms

Document
text/html

172.233.38.245
AKAMAI-LINODE-AP ...

General

Check archive.org

Show headers Download Go to

Full URL

https://billing.whoisfreaks.com/login

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.233.38.245 Amsterdam, Netherlands, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),

Reverse DNS

172-233-38-245.ip.linodeusercontent.com

Software

nginx/1.26.0 /

Resource Hash

e1e8701b3fe40010f397ef113022ec88f1ae93e4623452444f6e9fbc301ba922

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: nl-NL,nl;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-language: nl-NL
content-type: text/html;charset=UTF-8
date: Sun, 07 Jul 2024 00:14:51 GMT
expires: 0
pragma: no-cache
server: nginx/1.26.0
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-robots-tag: noindex, nofollow
x-xss-protection: 1; mode=block

Redirect headers

Location: https://billing.whoisfreaks.com/login
Non-Authoritative-Reason: HttpsUpgrades

GET
H2 200 style.css
billing.whoisfreaks.com/css/ 22 KB
7 KB 48ms
42ms Stylesheet
text/css 172.233.38.245
AKAMAI-LINODE-AP ...

General

Check archive.org

Show headers Download Go to

Full URL

https://billing.whoisfreaks.com/css/style.css

Requested by

Host: billing.whoisfreaks.com
URL: https://billing.whoisfreaks.com/login

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.233.38.245 Amsterdam, Netherlands, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),

Reverse DNS

172-233-38-245.ip.linodeusercontent.com

Software

nginx/1.26.0 /

Resource Hash

e07583dfb67321bccfff12179974381093798b4654cfa188e9fe3d9dbb7cbded

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://billing.whoisfreaks.com/login
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Sun, 07 Jul 2024 00:14:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 28 Jun 2024 15:49:12 GMT
server: nginx/1.26.0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-frame-options: SAMEORIGIN
content-type: text/css
cache-control: no-cache, no-store, max-age=0, must-revalidate
x-robots-tag: noindex, nofollow
x-xss-protection: 1; mode=block
expires: 0

GET
H2 200 font-awesome.min.css
netdna.bootstrapcdn.com/font-awesome/3.2.0/css/ 21 KB
5 KB 91ms
26ms Stylesheet
text/css 2606:4700::6812:bcf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://netdna.bootstrapcdn.com/font-awesome/3.2.0/css/font-awesome.min.css

Requested by

Host: billing.whoisfreaks.com
URL: https://billing.whoisfreaks.com/login

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bbb102718687334c9562f1048617e79c04e1a0f281aafafa919b597e4cdb0178

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://billing.whoisfreaks.com/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 00:14:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 1048
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 9967295
cdn-cachedat: 11/11/2022 03:35:02
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 25 Jan 2021 22:04:51 GMT
cdn-proxyver: 1.03
cdn-requestpullcode: 200
server: cloudflare
etag: W/"434ee8a423ad3b195f5ca65b81fb2226"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: 10052e0daf344167c04f012e6bd2061b
timing-allow-origin: *
cdn-requestcountrycode: DE
cdn-status: 200
cf-ray: 89f3a304cd7f9b40-FRA
cdn-requestpullsuccess: True

GET
H2 200 Oauth2.js Show response
billing.whoisfreaks.com/js/ 375 B
595 B 47ms
43ms Script
text/javascript 172.233.38.245
AKAMAI-LINODE-AP ...

General

Check archive.org

Show headers Download Go to

Full URL

https://billing.whoisfreaks.com/js/Oauth2.js

Requested by

Host: billing.whoisfreaks.com
URL: https://billing.whoisfreaks.com/login

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.233.38.245 Amsterdam, Netherlands, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),

Reverse DNS

172-233-38-245.ip.linodeusercontent.com

Software

nginx/1.26.0 /

Resource Hash

4505f9e3b3339ca7df39aa25f07c74e6645e300d6cc089918442793ea352ed6c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://billing.whoisfreaks.com/login
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Sun, 07 Jul 2024 00:14:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 28 Jun 2024 15:49:14 GMT
server: nginx/1.26.0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-frame-options: SAMEORIGIN
content-type: text/javascript
cache-control: no-cache, no-store, max-age=0, must-revalidate
x-robots-tag: noindex, nofollow
x-xss-protection: 1; mode=block
expires: 0

GET
H2 200 client Show response
accounts.google.com/gsi/ 219 KB
83 KB 72ms
23ms Script
application/javascript 2a00:1450:4013:c14::54
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.google.com/gsi/client

Requested by

Host: billing.whoisfreaks.com
URL: https://billing.whoisfreaks.com/login

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4013:c14::54 Groningen, Netherlands, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

18ae8ec6640dd05e8a91afd56ca1631fe2cad825d5e4e2d739b0e4693df0835e

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, script-src 'report-sample' 'nonce-peFaPuL4sJD9jLVD-YNL7A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://billing.whoisfreaks.com/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 00:14:51 GMT
content-security-policy: require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, script-src 'report-sample' 'nonce-peFaPuL4sJD9jLVD-YNL7A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
x-frame-options: SAMEORIGIN
report-to: {"group":"coop_dd7de8473bddc59c6b748810a67a39b1","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/dd7de8473bddc59c6b748810a67a39b1"}]}
content-type: application/javascript; charset=utf-8
cache-control: private, max-age=1800
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="coop_dd7de8473bddc59c6b748810a67a39b1"
expires: Sun, 07 Jul 2024 00:14:51 GMT

GET
H2 200 singleSignOnBtn.css
billing.whoisfreaks.com/css/ 3 KB
2 KB 71ms
68ms Stylesheet
text/css 172.233.38.245
AKAMAI-LINODE-AP ...

General

Check archive.org

Show headers Download Go to

Full URL

https://billing.whoisfreaks.com/css/singleSignOnBtn.css

Requested by

Host: billing.whoisfreaks.com
URL: https://billing.whoisfreaks.com/login

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.233.38.245 Amsterdam, Netherlands, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),

Reverse DNS

172-233-38-245.ip.linodeusercontent.com

Software

nginx/1.26.0 /

Resource Hash

e4f74c41fccd34f36f70cd8a98bc2d9090f526c2bbef7ff82a3044efac57a657

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://billing.whoisfreaks.com/login
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Sun, 07 Jul 2024 00:14:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 28 Jun 2024 15:49:12 GMT
server: nginx/1.26.0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-frame-options: SAMEORIGIN
content-type: text/css
cache-control: no-cache, no-store, max-age=0, must-revalidate
x-robots-tag: noindex, nofollow
x-xss-protection: 1; mode=block
expires: 0

GET
H2 200 logo.svg
whoisfreaks.com/images/ 15 KB
15 KB 74ms
24ms Image
image/svg+xml 172.233.38.245
AKAMAI-LINODE-AP ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://whoisfreaks.com/images/logo.svg
Requested by: Host: billing.whoisfreaks.com
URL: https://billing.whoisfreaks.com/login
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.233.38.245 Amsterdam, Netherlands, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS: 172-233-38-245.ip.linodeusercontent.com
Software: nginx/1.26.0 /
Resource Hash: 57c566273669b9feca932a2c7985eee47767d325163e1268d1e4fe3cf0e87c04

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://billing.whoisfreaks.com/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 00:14:51 GMT
last-modified: Fri, 05 Jul 2024 10:52:26 GMT
server: nginx/1.26.0
etag: "6687d06a-3bec"
content-type: image/svg+xml
cache-control: public
accept-ranges: bytes
x-robots-tag: noindex
content-length: 15340

GET
H2 200 ip.webp
billing.whoisfreaks.com/images/ 106 KB
106 KB 56ms
55ms Image
image/webp 172.233.38.245
AKAMAI-LINODE-AP ...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://billing.whoisfreaks.com/images/ip.webp?v=0.1

Requested by

Host: billing.whoisfreaks.com
URL: https://billing.whoisfreaks.com/login

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.233.38.245 Amsterdam, Netherlands, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),

Reverse DNS

172-233-38-245.ip.linodeusercontent.com

Software

nginx/1.26.0 /

Resource Hash

f8a89bf3ec4532309c3eaf7af825e2eab6050540c8e2918899bc6250a7f76f2a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://billing.whoisfreaks.com/login
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Sun, 07 Jul 2024 00:14:51 GMT
x-content-type-options: nosniff
last-modified: Fri, 28 Jun 2024 15:49:08 GMT
server: nginx/1.26.0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-frame-options: SAMEORIGIN
content-type: image/webp
cache-control: no-cache, no-store, max-age=0, must-revalidate
accept-ranges: bytes
x-robots-tag: noindex, nofollow
content-length: 108068
x-xss-protection: 1; mode=block
expires: 0

GET
H2 200 cf.webp
billing.whoisfreaks.com/images/ 130 KB
131 KB 15ms
15ms Image
image/webp 172.233.38.245
AKAMAI-LINODE-AP ...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://billing.whoisfreaks.com/images/cf.webp?v=0.1

Requested by

Host: billing.whoisfreaks.com
URL: https://billing.whoisfreaks.com/login

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.233.38.245 Amsterdam, Netherlands, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),

Reverse DNS

172-233-38-245.ip.linodeusercontent.com

Software

nginx/1.26.0 /

Resource Hash

7fc22ffdd8e00d4297537325200d4cfb741ba01b7574f2434ffe85777e2a8d09

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://billing.whoisfreaks.com/login
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Sun, 07 Jul 2024 00:14:51 GMT
x-content-type-options: nosniff
last-modified: Fri, 28 Jun 2024 15:49:08 GMT
server: nginx/1.26.0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-frame-options: SAMEORIGIN
content-type: image/webp
cache-control: no-cache, no-store, max-age=0, must-revalidate
accept-ranges: bytes
x-robots-tag: noindex, nofollow
content-length: 133616
x-xss-protection: 1; mode=block
expires: 0

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1c1f05c674ea0a435402288ac1e6c494b0ddcb914197b4d4a5717ab16d31f02

Request headers

Accept-Language: nl-NL,nl;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 style
accounts.google.com/gsi/ 533 B
584 B 23ms
22ms Stylesheet
text/css 2a00:1450:4013:c14::54
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.google.com/gsi/style

Requested by

Host: accounts.google.com
URL: https://accounts.google.com/gsi/client

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4013:c14::54 Groningen, Netherlands, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

1c4e7e389d73c6acf7f19cc812514e71230740791fde8a018c1d7edccf1590ae

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-V13l9a68LACewlqNJo6ucA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://billing.whoisfreaks.com/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 00:14:51 GMT
content-security-policy: script-src 'report-sample' 'nonce-V13l9a68LACewlqNJo6ucA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
x-frame-options: SAMEORIGIN
report-to: {"group":"coop_dd7de8473bddc59c6b748810a67a39b1","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/dd7de8473bddc59c6b748810a67a39b1"}]}
content-type: text/css; charset=utf-8
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="coop_dd7de8473bddc59c6b748810a67a39b1"
expires: Sun, 07 Jul 2024 00:14:51 GMT

GET
H2 200 button
accounts.google.com/gsi/ Frame 251B 0
0 83ms
53ms Document
text/html 2a00:1450:4013:c14::54
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.google.com/gsi/button?type=standard&shape=rectangular&theme=outline&text=signin_with&size=large&logo_alignment=center&client_id=1061150260493-hkg1cku9maek48983jk0th26l6djm5k2.apps.googleusercontent.com&iframe_id=gsi_291781_637633&as=PNli9RG7E62nCNOIG1MMfQ

Requested by

Host: accounts.google.com
URL: https://accounts.google.com/gsi/client

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4013:c14::54 Groningen, Netherlands, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-iz3xypa8H-11boZMAupcfQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: nl-NL,nl;q=0.9;q=0.9
Referer: https://billing.whoisfreaks.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-iz3xypa8H-11boZMAupcfQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy-report-only: same-origin; report-to="coop_dd7de8473bddc59c6b748810a67a39b1"
cross-origin-resource-policy: same-site
date: Sun, 07 Jul 2024 00:14:51 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"coop_dd7de8473bddc59c6b748810a67a39b1","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/dd7de8473bddc59c6b748810a67a39b1"}]}
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 favicon.ico
billing.whoisfreaks.com/images/ 15 KB
15 KB 16ms
16ms Other
image/x-icon 172.233.38.245
AKAMAI-LINODE-AP ...

General

Check archive.org

Show headers Download Go to

Full URL

https://billing.whoisfreaks.com/images/favicon.ico

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.233.38.245 Amsterdam, Netherlands, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),

Reverse DNS

172-233-38-245.ip.linodeusercontent.com

Software

nginx/1.26.0 /

Resource Hash

defacc4eacac69e9236b799a70a508ec4c2ca126da8ae88f341a08c1abc34137

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://billing.whoisfreaks.com/login
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Sun, 07 Jul 2024 00:14:51 GMT
x-content-type-options: nosniff
last-modified: Fri, 28 Jun 2024 15:49:08 GMT
server: nginx/1.26.0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-frame-options: SAMEORIGIN
content-type: image/x-icon
cache-control: no-cache, no-store, max-age=0, must-revalidate
accept-ranges: bytes
x-robots-tag: noindex, nofollow
content-length: 15406
x-xss-protection: 1; mode=block
expires: 0

Verdicts & Comments Add Verdict or Comment

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.whoisfreaks.com/	1969-12-31 23:59:59	Name: WF_SESSION Value: MTc3ZmQxN2ItMWRhNi00YTg2LTlhODktNTZlMTdkMzZhOTE5

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	error	URL: https://billing.whoisfreaks.com/login Message: Provider's accounts list is empty.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accounts.google.com
billing.whoisfreaks.com
netdna.bootstrapcdn.com
whoisfreaks.com
172.233.38.245
2606:4700::6812:bcf
2a00:1450:4013:c14::54
18ae8ec6640dd05e8a91afd56ca1631fe2cad825d5e4e2d739b0e4693df0835e
1c4e7e389d73c6acf7f19cc812514e71230740791fde8a018c1d7edccf1590ae
4505f9e3b3339ca7df39aa25f07c74e6645e300d6cc089918442793ea352ed6c
57c566273669b9feca932a2c7985eee47767d325163e1268d1e4fe3cf0e87c04
7fc22ffdd8e00d4297537325200d4cfb741ba01b7574f2434ffe85777e2a8d09
b1c1f05c674ea0a435402288ac1e6c494b0ddcb914197b4d4a5717ab16d31f02
bbb102718687334c9562f1048617e79c04e1a0f281aafafa919b597e4cdb0178
defacc4eacac69e9236b799a70a508ec4c2ca126da8ae88f341a08c1abc34137
e07583dfb67321bccfff12179974381093798b4654cfa188e9fe3d9dbb7cbded
e1e8701b3fe40010f397ef113022ec88f1ae93e4623452444f6e9fbc301ba922
e4f74c41fccd34f36f70cd8a98bc2d9090f526c2bbef7ff82a3044efac57a657
f8a89bf3ec4532309c3eaf7af825e2eab6050540c8e2918899bc6250a7f76f2a

billing.whoisfreaks.com Open in urlscan Pro 172.233.38.245 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

12 Requests

100 %HTTPS

67 %IPv6

3 Domains

4 Subdomains

4 IPs

2 Countries

368 kBTransfer

538 kBSize

1 Cookies

2 Outgoing links

Page URL History

Redirected requests

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

12 JavaScript Global Variables

1 Cookies

1 Console Messages

Security Headers

Indicators

billing.whoisfreaks.com Open in urlscan Pro
172.233.38.245 Public Scan

Screenshot
Live screenshot

Full Image

12
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

4
Subdomains

4
IPs

2
Countries

368 kB
Transfer

538 kB
Size

1
Cookies

12 HTTP transactions
1 data transactions