urlscan.io logo urlscan.io
SecurityTrails logo

billing-config.nitrologistics.co Open in urlscan Pro
165.232.136.226  Public Scan

Go To Rescan Add Verdict Report
URL: https://billing-config.nitrologistics.co/
Submission Tags: phishingrod
Submission: On October 28 via api from DE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 8 HTTP transactions. The main IP is 165.232.136.226, located in Santa Clara, United States and belongs to DIGITALOCEAN-ASN, US. The main domain is billing-config.nitrologistics.co.
TLS certificate: Issued by R3 on October 28th 2022. Valid for: 3 months.
This is the only time billing-config.nitrologistics.co was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 165.232.136.226 14061 (DIGITALOC...)
1 2a00:1450:400... 15169 (GOOGLE)
6 13.224.189.94 16509 (AMAZON-02)
8 3
Apex Domain
Subdomains		 Transfer
6 plaid.com
cdn.plaid.com — Cisco Umbrella Rank: 15757
468 KB
1 googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 293
31 KB
1 nitrologistics.co
billing-config.nitrologistics.co
1 KB
8 3
Domain Requested by
6 cdn.plaid.com billing-config.nitrologistics.co
cdn.plaid.com
1 ajax.googleapis.com billing-config.nitrologistics.co
1 billing-config.nitrologistics.co
8 3

This site contains no links.

Subject Issuer Validity Valid
billing-config.nitrologistics.co
R3		 2022-10-28 -
2023-01-26		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2022-09-26 -
2022-12-19		 3 months crt.sh
secure.plaid.com
DigiCert SHA2 Extended Validation Server CA		 2022-03-08 -
2023-04-08		 a year crt.sh

This page contains 2 frames:

Primary Page: https://billing-config.nitrologistics.co/
Frame ID: 2DA8765D5359C1572004809AAB9F341C
Requests: 4 HTTP requests in this frame

Frame: https://cdn.plaid.com/link/v2/stable/link.html?isHostedTrustedAuth=false&isLinkInitialize=true&origin=https%3A%2F%2Fbilling-config.nitrologistics.co&token=link-production-4b4ed04a-6329-484e-905b-43802dc1bc11&uniqueId=1&version=2.0.1415
Frame ID: 87272AF2CC493461B8ECAFCFD6E0206F
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

8
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

500 kB
Transfer

1552 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
billing-config.nitrologistics.co/ 		3 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://billing-config.nitrologistics.co/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
165.232.136.226 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) / Express
Resource Hash
1b676621b170ad4afefa0d2a24828da93dc9ceba7415fa15be0f06f73db23705

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=utf-8
Date
Fri, 28 Oct 2022 19:46:47 GMT
ETag
W/"b57-sSGOt+t2agemVlb8iYORxoduD98"
Server
nginx/1.18.0 (Ubuntu)
Transfer-Encoding
chunked
X-Powered-By
Express
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.5.1/ 		87 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js
Requested by
Host: billing-config.nitrologistics.co
URL: https://billing-config.nitrologistics.co/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://billing-config.nitrologistics.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Fri, 28 Oct 2022 18:14:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
5544
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
31021
x-xss-protection
0
last-modified
Fri, 08 May 2020 07:05:03 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 28 Oct 2023 18:14:23 GMT
link-initialize.js
cdn.plaid.com/link/v2/stable/ 		97 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.plaid.com/link/v2/stable/link-initialize.js
Requested by
Host: billing-config.nitrologistics.co
URL: https://billing-config.nitrologistics.co/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.94 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-94.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
40760a32034bb52473c2a8f7d2206e18e5d7eee28bc4a12ddac315ccd530a49c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://billing-config.nitrologistics.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

x-amz-version-id
Tlk5HsCBXVNJW1WqruQolYqrP4Dan7Lx
content-encoding
gzip
via
1.1 0f538ee832e1105649039b38ce89e882.cloudfront.net (CloudFront)
date
Fri, 28 Oct 2022 16:47:15 GMT
x-amz-request-id
GMK2ZK82QXGCV2RM
x-amz-cf-pop
FRA2-C1
x-amz-server-side-encryption
AES256
age
10773
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
x-amz-id-2
csNDGeOXccy3R/wkMPGyiIlg5mAc2xmBHNhxf2TWtXR8UKV+h6wHVEf0/etBC1/DK8rCCB6xb1cnw4DCxVUWwQ==
last-modified
Thu, 27 Oct 2022 16:15:18 GMT
server
AmazonS3
etag
W/"d0d9fa4f269495f49796f71627f61861"
vary
Accept-Encoding
content-type
application/javascript
cache-control
no-cache,must-revalidate,max-age=0
x-amz-cf-id
OpU4AMu1OFlXOcrdrumIat7Wi4FMnI6BthLvtWc2DG_MYHmJWw0KeQ==
link-dynamic-loader.js
cdn.plaid.com/link/2.0.1415/ 		0
43 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://cdn.plaid.com/link/2.0.1415/link-dynamic-loader.js
Requested by
Host: cdn.plaid.com
URL: https://cdn.plaid.com/link/v2/stable/link-initialize.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.94 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-94.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://billing-config.nitrologistics.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Fri, 28 Oct 2022 01:55:15 GMT
x-amz-version-id
ZjI7XQCHTKoRRtwqxAYEV0xxQ2t5FCeD
content-encoding
gzip
via
1.1 0f538ee832e1105649039b38ce89e882.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
age
64293
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Thu, 27 Oct 2022 16:15:18 GMT
server
AmazonS3
etag
W/"6db5eb79ef663a84d5d0604564a03bf5"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=10800
x-amz-cf-id
zywvXhuGMoV30njF1JO0mn4160xK2UWT81zpQt_NXDYEgK3wzJbebQ==
link.html
cdn.plaid.com/link/v2/stable/ Frame 8727 		2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://cdn.plaid.com/link/v2/stable/link.html?isHostedTrustedAuth=false&isLinkInitialize=true&origin=https%3A%2F%2Fbilling-config.nitrologistics.co&token=link-production-4b4ed04a-6329-484e-905b-43802dc1bc11&uniqueId=1&version=2.0.1415
Requested by
Host: cdn.plaid.com
URL: https://cdn.plaid.com/link/v2/stable/link-initialize.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.94 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-94.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
1c5afa0a152bd41dbd3f8e5b7c52a56004aa1332bc551dd9d1a2c32e2fb18c9f

Request headers

Referer
https://billing-config.nitrologistics.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
56096
cache-control
no-cache,must-revalidate,max-age=0
content-encoding
gzip
content-type
text/html
date
Fri, 28 Oct 2022 04:11:52 GMT
etag
W/"69cd92436fd96d7a076d8845c590873c"
last-modified
Thu, 27 Oct 2022 16:15:18 GMT
server
AmazonS3
vary
Accept-Encoding
via
1.1 0f538ee832e1105649039b38ce89e882.cloudfront.net (CloudFront)
x-amz-cf-id
CDRS2aH__AdBolhp_etIiYkxIjpx274wNHv6b5XfFHZ2sKMycP_jHg==
x-amz-cf-pop
FRA2-C1
x-amz-id-2
TLdvEQg2RIJjffzkIwb6fF1FwJNLoNynIpdctxF0Tk/S1rHPwPR+bKMhgPdPw7ibUGyDDNfgmfc=
x-amz-replication-status
COMPLETED
x-amz-request-id
58EMKHYHGS87EKT2
x-amz-server-side-encryption
AES256
x-amz-version-id
MRviLpFwgAFLMzQjApzppXONCjRyPx4o
x-cache
Hit from cloudfront
flink.css
cdn.plaid.com/link/2.0.1415/ Frame 8727 		72 KB
11 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.plaid.com/link/2.0.1415/flink.css
Requested by
Host: cdn.plaid.com
URL: https://cdn.plaid.com/link/v2/stable/link.html?isHostedTrustedAuth=false&isLinkInitialize=true&origin=https%3A%2F%2Fbilling-config.nitrologistics.co&token=link-production-4b4ed04a-6329-484e-905b-43802dc1bc11&uniqueId=1&version=2.0.1415
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.94 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-94.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c3cf63a42c7ced86dba118b6672e9389d42f85543fad59cba571d0bf86444d4f

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

x-amz-version-id
QrD.ByTMSY2xiOtirlKq0lFAq_TJwW63
content-encoding
gzip
via
1.1 0f538ee832e1105649039b38ce89e882.cloudfront.net (CloudFront)
date
Fri, 28 Oct 2022 17:00:52 GMT
x-amz-cf-pop
FRA2-C1
age
10759
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Thu, 27 Oct 2022 16:15:18 GMT
server
AmazonS3
etag
W/"958a3ff060abddb79b0d5806088d1a0e"
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=10800
x-amz-cf-id
5GvJ4hADn7SUcHSMOgm52Ov2ko7kJHKmHHlW782DZgDfZRtLwht-OQ==
vendor.js
cdn.plaid.com/link/2.0.1415/ Frame 8727 		11 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.plaid.com/link/2.0.1415/vendor.js
Requested by
Host: cdn.plaid.com
URL: https://cdn.plaid.com/link/v2/stable/link.html?isHostedTrustedAuth=false&isLinkInitialize=true&origin=https%3A%2F%2Fbilling-config.nitrologistics.co&token=link-production-4b4ed04a-6329-484e-905b-43802dc1bc11&uniqueId=1&version=2.0.1415
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.94 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-94.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c037e17e9b88a9ad4c62b83fd44dd3929e12cbab7ea640ed063e3d276cdb4575

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

x-amz-version-id
dQSwN7n8mfk7Rlmwn6FPfa_t18ZKOmHH
content-encoding
gzip
via
1.1 0f538ee832e1105649039b38ce89e882.cloudfront.net (CloudFront)
date
Fri, 28 Oct 2022 16:54:58 GMT
x-amz-cf-pop
FRA2-C1
age
10759
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Thu, 27 Oct 2022 16:15:20 GMT
server
AmazonS3
etag
W/"4891d2fd84361b1e0aaaef726f1994fd"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=10800
x-amz-cf-id
CAdtJTr0ryEkk_Je3KnoOHYWAg9u-Nnv_069qctq2oVBP09IZOUUuA==
flink.js
cdn.plaid.com/link/2.0.1415/ Frame 8727 		1 MB
374 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.plaid.com/link/2.0.1415/flink.js
Requested by
Host: cdn.plaid.com
URL: https://cdn.plaid.com/link/v2/stable/link.html?isHostedTrustedAuth=false&isLinkInitialize=true&origin=https%3A%2F%2Fbilling-config.nitrologistics.co&token=link-production-4b4ed04a-6329-484e-905b-43802dc1bc11&uniqueId=1&version=2.0.1415
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.94 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-94.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c2e898728de52fb6a98ad49a5b9cab82f13cd300a04b3c6fae4f4b21de153d8d

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

x-amz-version-id
tItul8LMNUmjeXwYGxsVVanx9btnIbpa
content-encoding
gzip
via
1.1 0f538ee832e1105649039b38ce89e882.cloudfront.net (CloudFront)
date
Fri, 28 Oct 2022 17:00:52 GMT
x-amz-cf-pop
FRA2-C1
age
10759
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Thu, 27 Oct 2022 16:15:18 GMT
server
AmazonS3
etag
W/"4f59443a57620d4418a75947a30ba219"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=10800
x-amz-cf-id
DwAnekxMGI3-PUtGE2jR6S839NIY3RmaFyHsCiDiygbQpsncd_mtAQ==

Verdicts & Comments Add Verdict or Comment

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| $ function| jQuery object| Plaid object| webpackJsonpPlaid object| __core-js_shared__

0 Cookies