urlscan.io logo urlscan.io
SecurityTrails logo

deloitte-hr.work Open in urlscan Pro
2606:4700:3035::ac43:94b1  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://deloitte-hr.work/
Effective URL: https://deloitte-hr.work/
Submission Tags: threatview.io malwar3ninja rule: suspicious named domain automated-submission Search All
Submission: On September 17 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 2 countries across 5 domains to perform 17 HTTP transactions. The main IP is 2606:4700:3035::ac43:94b1, located in United States and belongs to CLOUDFLARENET, US. The main domain is deloitte-hr.work.
TLS certificate: Issued by WE1 on August 17th 2024. Valid for: 3 months.
This is the only time deloitte-hr.work was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Cloudflare (Online)

Domain & IP information

IP Address AS Autonomous System
1 7 2606:4700:303... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
3 205.234.175.175 30081 (CACHENETW...)
1 2a00:1450:400... 15169 (GOOGLE)
6 2a00:1450:400... 15169 (GOOGLE)
17 5
7    2606:4700:3035::ac43:94b1 (United States)

ASN13335 (CLOUDFLARENET, US)
deloitte-hr.work
1    2a00:1450:4001:80f::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
3    205.234.175.175 (United States)

ASN30081 (CACHENETWORKS, US)
PTR: vip1.G-anycast1.cachefly.net
img.sedoparking.com
1    2a00:1450:4001:800::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
partner.googleadservices.com
6    2a00:1450:4001:82a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
syndicatedsearch.goog
Apex Domain
Subdomains		 Transfer
7 deloitte-hr.work
deloitte-hr.work
17 KB
6 syndicatedsearch.goog
syndicatedsearch.goog — Cisco Umbrella Rank: 3245
1 KB
3 sedoparking.com
img.sedoparking.com — Cisco Umbrella Rank: 69528
58 KB
1 googleadservices.com
partner.googleadservices.com — Cisco Umbrella Rank: 5261
266 B
1 google.com
www.google.com — Cisco Umbrella Rank: 3
55 KB
17 5
Domain Requested by
7 deloitte-hr.work 1 redirects deloitte-hr.work
6 syndicatedsearch.goog www.google.com
3 img.sedoparking.com deloitte-hr.work
1 partner.googleadservices.com www.google.com
1 www.google.com deloitte-hr.work
17 5

This site contains links to these domains. Also see Links.

Domain
www.namesilo.com
www.sedo.com
Subject Issuer Validity Valid
deloitte-hr.work
WE1		 2024-08-17 -
2024-11-15		 3 months crt.sh
*.google.com
WR2		 2024-08-12 -
2024-11-04		 3 months crt.sh
*.cachefly.net
GlobalSign RSA OV SSL CA 2018		 2023-11-13 -
2024-12-14		 a year crt.sh
*.googleadservices.com
WR2		 2024-08-12 -
2024-11-04		 3 months crt.sh
syndicatedsearch.goog
WR2		 2024-08-12 -
2024-11-04		 3 months crt.sh

This page contains 3 frames:

Primary Page: https://deloitte-hr.work/
Frame ID: A13195A1B39946858125F6194AD2C98A
Requests: 15 HTTP requests in this frame

Frame: https://syndicatedsearch.goog/afs/ads/i/iframe.html
Frame ID: 10D2E80FF2E6D53C7D8070B6B2C8780E
Requests: 1 HTTP requests in this frame

Frame: https://syndicatedsearch.goog/afs/ads?adsafe=low&adtest=off&psid=9330244380&channel=exp-0051%2Cauxa-control-1%2C35961519&client=dp-sedo85_3ph&r=m&hl=de&ivt=0&rpbu=https%3A%2F%2Fdeloitte-hr.work%2Fcaf%2F%3Fses%3DY3JlPTE3MjY1NDAzMjEmdGNpZD1kZWxvaXR0ZS1oci53b3JrNjZlOGVhMjE2M2YxZTUuMzgxMDg3MTImdGFzaz1zZWFyY2gmZG9tYWluPWRlbG9pdHRlLWhyLndvcmsmYV9pZD0zJnNlc3Npb249aUxGc1kzWjh0eGNkM2g4TjQyTl8%3D&type=3&uiopt=false&swp=as-drid-2249301175844733&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301431%2C17301433%2C17301436%2C17301511%2C17301516%2C17301266&format=r3%7Cs&nocache=7771726540321498&num=0&output=afd_ads&domain_name=deloitte-hr.work&v=3&bsl=8&pac=0&u_his=2&u_tz=120&dt=1726540321503&u_w=1600&u_h=1200&biw=1600&bih=1200&psw=1600&psh=985&frm=0&uio=--&cont=rb-default&drt=0&jsid=caf&nfp=1&jsv=672656862&rurl=https%3A%2F%2Fdeloitte-hr.work%2F&referer=https%3A%2F%2Fdeloitte-hr.work%2F
Frame ID: 4704D42713BE0A4E8DB0CD0E4545D4BA
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

deloitte-hr.work - Informationen zum Thema deloitte hr.

Page URL History Show full URLs

  1. http://deloitte-hr.work/ HTTP 307
    https://deloitte-hr.work/ Page URL
  2. https://deloitte-hr.work/cdn-cgi/phish-bypass?atok=bLJZKNVQA2C9woUXvPFTk7fJsz58RR5HPZhTXqWeh7A-172654... HTTP 301
    https://deloitte-hr.work/ Page URL

Page Statistics

17
Requests

100 %
HTTPS

80 %
IPv6

5
Domains

5
Subdomains

5
IPs

2
Countries

131 kB
Transfer

261 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://deloitte-hr.work/ HTTP 307
    https://deloitte-hr.work/ Page URL
  2. https://deloitte-hr.work/cdn-cgi/phish-bypass?atok=bLJZKNVQA2C9woUXvPFTk7fJsz58RR5HPZhTXqWeh7A-1726540317-0.0.1.1-%2F HTTP 301
    https://deloitte-hr.work/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://deloitte-hr.work/ HTTP 307
  • https://deloitte-hr.work/

17 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
deloitte-hr.work/
Redirect Chain
  • http://deloitte-hr.work/
  • https://deloitte-hr.work/
4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://deloitte-hr.work/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::ac43:94b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f9b7584acdc4120bf67a78d23a4adda38382862b381b74e9b5415e738733d7f2
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

cf-ray
8c45aed6ae0518eb-FRA
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Tue, 17 Sep 2024 02:31:57 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jWe5N1jJGpxTG%2FCiZNIjJyTTVbcm4bZFg%2BHd%2BFQMzOUIiabZyZboUpK%2FnubksvmztYglt53DVjNlUKBovIP6WCjNETZ0CPwTzL0Hx9BnW4nKrBstMu4MsEXj3JzUFR0rcNVvLpTJbIwRWtqPkfhD"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-frame-options
SAMEORIGIN

Redirect headers

Location
https://deloitte-hr.work/
Non-Authoritative-Reason
HttpsUpgrades
cf.errors.css
deloitte-hr.work/cdn-cgi/styles/ 		23 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://deloitte-hr.work/cdn-cgi/styles/cf.errors.css
Requested by
Host: deloitte-hr.work
URL: https://deloitte-hr.work/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::ac43:94b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://deloitte-hr.work/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 17 Sep 2024 02:31:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 10 Sep 2024 18:11:09 GMT
server
cloudflare
etag
W/"66e08bbd-5df3"
x-frame-options
DENY
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=7200, public
cf-ray
8c45aed6ce1918eb-FRA
expires
Tue, 17 Sep 2024 04:31:57 GMT
icon-exclamation.png
deloitte-hr.work/cdn-cgi/images/ 		452 B
634 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://deloitte-hr.work/cdn-cgi/images/icon-exclamation.png?1376755637
Requested by
Host: deloitte-hr.work
URL: https://deloitte-hr.work/cdn-cgi/styles/cf.errors.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::ac43:94b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://deloitte-hr.work/cdn-cgi/styles/cf.errors.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 17 Sep 2024 02:31:57 GMT
x-content-type-options
nosniff
last-modified
Tue, 10 Sep 2024 18:11:09 GMT
server
cloudflare
etag
"66e08bbd-1c4"
x-frame-options
DENY
vary
Accept-Encoding
content-type
image/png
cache-control
max-age=7200, public
accept-ranges
bytes
cf-ray
8c45aed6de2818eb-FRA
content-length
452
expires
Tue, 17 Sep 2024 04:31:57 GMT
favicon.ico
deloitte-hr.work/ 		0
410 B 		Other
General
Check archive.org
Download Go to
Full URL
https://deloitte-hr.work/favicon.ico
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::ac43:94b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://deloitte-hr.work/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 17 Sep 2024 02:31:57 GMT
cf-cache-status
BYPASS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LMZ%2B2LkO6L5gZWu3nlmX5cfQrbSyOedBRjkt9zT74hyN4C1yit2lxVg%2FeNPlZysHjTuJaVEl%2BP0VUzOzZUWTGCR4hZhN%2B8mJkPZHcHrxjuysbGDVh6J%2FkBtJqTNoHZKSAllO%2BdFccUQkOXl2yEuE"}],"group":"cf-nel","max_age":604800}
cf-ray
8c45aed6fe3318eb-FRA
alt-svc
h3=":443"; ma=86400
content-length
0
Primary Request /
deloitte-hr.work/
Redirect Chain
  • https://deloitte-hr.work/cdn-cgi/phish-bypass?atok=bLJZKNVQA2C9woUXvPFTk7fJsz58RR5HPZhTXqWeh7A-1726540317-0.0.1.1-%2F
  • https://deloitte-hr.work/
24 KB
9 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://deloitte-hr.work/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::ac43:94b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9e78524befffb9400886ad38f28db595b9c5654a90bec0aa7fa7f0e8e71a5aca

Request headers

Referer
https://deloitte-hr.work/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-cache-status
DYNAMIC
cf-ray
8c45aef08d1818eb-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
date
Tue, 17 Sep 2024 02:32:01 GMT
expires
Mon, 26 Jul 1997 05:00:00 GMT
last-modified
Tue, 17 Sep 2024 02:32:01 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2SRT7VtfW8MvQi1byfRbThAQCsWWYRiO%2F0XindKMxLBocKCntykMekT%2FTlV5RsrPT9rERsHY3G6hMkEVh%2FgevAnvCmeeNVEUEsfznrrt5E2y%2BkNg5gRdE36LDhjEsdZfoahuAfYsbocGiNI%2BvIEo"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-adblock-key
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_gS2OpRUNyIvPfdOBj0rY/iaZXKFYXkcDwk0LBdf7Q3HP17CDId1f/+NiS8Z24yHjill4CJ4SVFJHAZqpoii+fA==
x-cache-miss-from
parking-7768d5b45d-n9dpb

Redirect headers

cache-control
private, no-cache
cf-ray
8c45aef07d0a18eb-FRA
content-length
167
content-type
text/html
date
Tue, 17 Sep 2024 02:32:01 GMT
location
https://deloitte-hr.work/
server
cloudflare
x-content-type-options
nosniff
x-frame-options
DENY
caf.js
www.google.com/adsense/domains/ 		151 KB
55 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/adsense/domains/caf.js?abp=1&YEr3CiF6AuQqLspNobyal3ji0SyqxBLn=true
Requested by
Host: deloitte-hr.work
URL: https://deloitte-hr.work/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
fc7dd3fe187d231e24606ea058ca987716033b253a5371e7648efee8b17b8a05
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://deloitte-hr.work/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 17 Sep 2024 02:32:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-afs-ui"
etag
"12708388092583553045"
vary
Accept-Encoding
report-to
{"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
accept-ranges
bytes
link
<https://syndicatedsearch.goog>; rel="preconnect"
expires
Tue, 17 Sep 2024 02:32:01 GMT
arrows.png
img.sedoparking.com/templates/bg/ 		12 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.sedoparking.com/templates/bg/arrows.png
Requested by
Host: deloitte-hr.work
URL: https://deloitte-hr.work/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
205.234.175.175 , United States, ASN30081 (CACHENETWORKS, US),
Reverse DNS
vip1.G-anycast1.cachefly.net
Software
CFS 1124 /
Resource Hash
3059fbd6cd3550047483dca4071c93e5cf4cc79ce8bafc4388166fbc5279644b

Request headers

Referer
https://deloitte-hr.work/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 17 Sep 2024 02:32:01 GMT
x-cf-tsc
1688391041
x-cf3
H
cf4ttl
31536000.000
x-cf1
11696:fE.waw1:cf:nom:cacheN.waw1-01:M
x-cf-reqid
2dec72678baa988fa544be0126306ade
content-length
12642
x-cf2
H
last-modified
Mon, 11 Oct 2021 05:39:44 GMT
server
CFS 1124
x-cff
B
content-type
image/png
access-control-allow-origin
*
x-cfhash
"6dc0bad9aa452ff871b282dabd47131e"
cache-control
max-age=604800
cf4age
0
accept-ranges
bytes
x-cf-rand
25.925
expires
Tue, 24 Sep 2024 02:32:01 GMT
NameSiloLogo.png
img.sedoparking.com/templates/bg/ 		30 KB
30 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.sedoparking.com/templates/bg/NameSiloLogo.png
Requested by
Host: deloitte-hr.work
URL: https://deloitte-hr.work/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
205.234.175.175 , United States, ASN30081 (CACHENETWORKS, US),
Reverse DNS
vip1.G-anycast1.cachefly.net
Software
CFS 1124 /
Resource Hash
4bbc784f1808bf25b1be7a0309b9e0b7ccd2c48e77ddcb270b67f18c7af55d9f

Request headers

Referer
https://deloitte-hr.work/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 17 Sep 2024 02:32:01 GMT
x-cf-tsc
1720530774
x-cf2
H
last-modified
Mon, 27 Feb 2023 08:54:36 GMT
x-cf3
H
server
CFS 1124
cf4ttl
31536000.000
x-cff
B
x-cf1
11696:fE.waw1:nom:cacheN.waw1-01:H
content-type
image/png
access-control-allow-origin
*
x-cf-reqid
3a428f441923cab465cee403efa45d4c
cf4age
0
accept-ranges
bytes
content-length
30661
cookie.js
partner.googleadservices.com/gampad/ 		386 B
266 B 		Script
General
Check archive.org
Download Go to
Full URL
https://partner.googleadservices.com/gampad/cookie.js?domain=deloitte-hr.work&client=dp-sedo85_3ph&product=SAS&callback=__sasCookie&cookie_types=v1%2Cv2
Requested by
Host: www.google.com
URL: https://www.google.com/adsense/domains/caf.js?abp=1&YEr3CiF6AuQqLspNobyal3ji0SyqxBLn=true
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
1a1fbc7948207d4b1eda6e04dd204079aaca1146fe81676c2755b21da80fa3ad
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://deloitte-hr.work/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 17 Sep 2024 02:32:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
text/javascript; charset=UTF-8
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
244
x-xss-protection
0
iframe.html
syndicatedsearch.goog/afs/ads/i/ Frame 10D2 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://syndicatedsearch.goog/afs/ads/i/iframe.html
Requested by
Host: www.google.com
URL: https://www.google.com/adsense/domains/caf.js?abp=1&YEr3CiF6AuQqLspNobyal3ji0SyqxBLn=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'nonce-Bdvf58NwNtMPD-RJO24V-A' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui; base-uri 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://deloitte-hr.work/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-encoding
gzip
content-length
729
content-security-policy
script-src 'nonce-Bdvf58NwNtMPD-RJO24V-A' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui; base-uri 'none'
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="ads-afs-ui"
cross-origin-resource-policy
cross-origin
date
Tue, 17 Sep 2024 02:32:01 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
last-modified
Tue, 12 Mar 2024 06:00:00 GMT
pragma
no-cache
report-to
{"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
ads
syndicatedsearch.goog/afs/ Frame 4704 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://syndicatedsearch.goog/afs/ads?adsafe=low&adtest=off&psid=9330244380&channel=exp-0051%2Cauxa-control-1%2C35961519&client=dp-sedo85_3ph&r=m&hl=de&ivt=0&rpbu=https%3A%2F%2Fdeloitte-hr.work%2Fcaf%2F%3Fses%3DY3JlPTE3MjY1NDAzMjEmdGNpZD1kZWxvaXR0ZS1oci53b3JrNjZlOGVhMjE2M2YxZTUuMzgxMDg3MTImdGFzaz1zZWFyY2gmZG9tYWluPWRlbG9pdHRlLWhyLndvcmsmYV9pZD0zJnNlc3Npb249aUxGc1kzWjh0eGNkM2g4TjQyTl8%3D&type=3&uiopt=false&swp=as-drid-2249301175844733&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301431%2C17301433%2C17301436%2C17301511%2C17301516%2C17301266&format=r3%7Cs&nocache=7771726540321498&num=0&output=afd_ads&domain_name=deloitte-hr.work&v=3&bsl=8&pac=0&u_his=2&u_tz=120&dt=1726540321503&u_w=1600&u_h=1200&biw=1600&bih=1200&psw=1600&psh=985&frm=0&uio=--&cont=rb-default&drt=0&jsid=caf&nfp=1&jsv=672656862&rurl=https%3A%2F%2Fdeloitte-hr.work%2F&referer=https%3A%2F%2Fdeloitte-hr.work%2F
Requested by
Host: www.google.com
URL: https://www.google.com/adsense/domains/caf.js?abp=1&YEr3CiF6AuQqLspNobyal3ji0SyqxBLn=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
gws /
Resource Hash
Security Headers
Name Value
Content-Security-Policy object-src 'none';base-uri 'self';script-src 'nonce-DIKDu0Q3wM6uX3Mp82Ix5g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
X-Xss-Protection 0

Request headers

Referer
https://deloitte-hr.work/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=3600
content-disposition
inline
content-encoding
br
content-length
3150
content-security-policy
object-src 'none';base-uri 'self';script-src 'nonce-DIKDu0Q3wM6uX3Mp82Ix5g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
content-type
text/html; charset=UTF-8
cross-origin-opener-policy
same-origin-allow-popups; report-to="gws"
date
Tue, 17 Sep 2024 02:32:01 GMT
expires
Tue, 17 Sep 2024 02:32:01 GMT
report-to
{"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
server
gws
x-xss-protection
0
tsc.php
deloitte-hr.work/search/ 		0
445 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://deloitte-hr.work/search/tsc.php?ses=ogcoHhLEWtqMS7MkA5x3vrga3CLBpVGzQr41aoOgvnmol63pLJOS5i53Tn256s0WTW3ntjV-lz3GqdhX1MZ-p_STsUtjMhBuegJzLcISVV7FmXHrspiY1VPNMM3TFMhjRV2cUwbHCRUwja2DdA2nPwC9bw2-x3zdaorMcyIPCG935tzqqUYQYjqPt9Ej2WTHzcg6GvM67EoOAz8chIzYJrI1kej1jU6jena187-rA-haQS116qj6egMqX4L4ZBFGRv-rlwrgGGSLlrEUs4-ANBH4iLaKZisIFsdKhuxZ5F8xQJIemjgc7dei6ipUx4dv8WHQMsVy1RxfgGUW1R9JXelJES6u1_vFXNQU7K7-yBdQ9w6t3mHPvzIL4Z0O98P&cv=2
Requested by
Host: deloitte-hr.work
URL: https://deloitte-hr.work/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::ac43:94b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://deloitte-hr.work/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 17 Sep 2024 02:32:01 GMT
content-encoding
br
cf-cache-status
DYNAMIC
x-cache-miss-from
parking-7768d5b45d-xz77z
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=S35dJKlbCCTvRrAj1cASHviLXxt5ho%2B5bgO5Vp1Lm8y8TvKPnmtKDOxtLCMm15IHa%2FpWpPOibWcMtfDqEgiNot4X0F245GAqVtV1Cma4rZ2GMxcIyFP7%2FXwl9N0WQ5s8bYh40%2FvYxHYLq8KJqlgo"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=UTF-8
cf-ray
8c45aef17d9518eb-FRA
alt-svc
h3=":443"; ma=86400
sedo_logo.png
img.sedoparking.com/templates/logos/ 		15 KB
15 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://img.sedoparking.com/templates/logos/sedo_logo.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
205.234.175.175 , United States, ASN30081 (CACHENETWORKS, US),
Reverse DNS
vip1.G-anycast1.cachefly.net
Software
CFS 1124 /
Resource Hash
95c427fa3143b1896faf42a6406686ce7602cb39052081bb32d12b51c9e047e4

Request headers

Referer
https://deloitte-hr.work/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 17 Sep 2024 02:32:01 GMT
x-cf-tsc
1724165697
x-cf3
H
cf4ttl
31536000.000
x-cf1
11696:fE.waw1:cf:nom:cacheN.waw1-01:H
x-cf-reqid
71d925d37c6add50b2f7899b19030181
content-length
15086
x-cf2
H
last-modified
Mon, 11 Jan 2021 07:44:34 GMT
server
CFS 1124
x-cff
B
content-type
image/png
access-control-allow-origin
*
x-cfhash
"def00c11b1596db4efee6a9fbe64fc27"
cache-control
max-age=604800
cf4age
0
accept-ranges
bytes
expires
Tue, 24 Sep 2024 02:32:01 GMT
gen_204
syndicatedsearch.goog/afs/ 		0
212 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://syndicatedsearch.goog/afs/gen_204?client=dp-sedo85_3ph&output=uds_ads_only&zx=6wxceafcfcc0&aqid=IeroZvqaIsKljuwP58qV2QY&psid=9330244380&pbt=bs&adbx=513.328125&adby=134.625&adbh=615&adbw=573&adbah=212%2C171%2C212&adbn=master-1&eawp=partner-dp-sedo85_3ph&errv=672656862&csala=7%7C0%7C107%7C28%7C8&lle=0&ifv=1&hpt=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
gws /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy object-src 'none';base-uri 'self';script-src 'nonce-hdzxuMDWjgd3kh7OCuC_VA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://deloitte-hr.work/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy
object-src 'none';base-uri 'self';script-src 'nonce-hdzxuMDWjgd3kh7OCuC_VA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
date
Tue, 17 Sep 2024 02:32:03 GMT
server
gws
cross-origin-opener-policy
same-origin-allow-popups; report-to="gws"
x-frame-options
SAMEORIGIN
report-to
{"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
content-type
text/html; charset=UTF-8
permissions-policy
unload=()
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
gen_204
syndicatedsearch.goog/afs/ 		0
509 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://syndicatedsearch.goog/afs/gen_204?client=dp-sedo85_3ph&output=uds_ads_only&zx=ax2s9qp73fj&aqid=IeroZvqaIsKljuwP58qV2QY&pbt=bs&adbx=650&adby=807.625&adbh=16&adbw=300&adbn=slave-1-1&eawp=partner-dp-sedo85_3ph&errv=672656862&csala=2%7C0%7C112%7C28%7C9&lle=0&ifv=1&hpt=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
gws /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy object-src 'none';base-uri 'self';script-src 'nonce-yMO4ls2aDUxscjeOXHykxg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://deloitte-hr.work/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy
object-src 'none';base-uri 'self';script-src 'nonce-yMO4ls2aDUxscjeOXHykxg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
date
Tue, 17 Sep 2024 02:32:03 GMT
server
gws
cross-origin-opener-policy
same-origin-allow-popups; report-to="gws"
x-frame-options
SAMEORIGIN
report-to
{"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
content-type
text/html; charset=UTF-8
permissions-policy
unload=()
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
gen_204
syndicatedsearch.goog/afs/ 		0
211 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://syndicatedsearch.goog/afs/gen_204?client=dp-sedo85_3ph&output=uds_ads_only&zx=mfqhyfkaunv2&aqid=IeroZvqaIsKljuwP58qV2QY&psid=9330244380&pbt=bv&adbx=513.328125&adby=134.625&adbh=615&adbw=573&adbah=212%2C171%2C212&adbn=master-1&eawp=partner-dp-sedo85_3ph&errv=672656862&csala=7%7C0%7C107%7C28%7C8&lle=0&ifv=1&hpt=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
gws /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy object-src 'none';base-uri 'self';script-src 'nonce-k-wwVzb6_LiScJpVe_or5Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://deloitte-hr.work/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy
object-src 'none';base-uri 'self';script-src 'nonce-k-wwVzb6_LiScJpVe_or5Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
date
Tue, 17 Sep 2024 02:32:03 GMT
server
gws
cross-origin-opener-policy
same-origin-allow-popups; report-to="gws"
x-frame-options
SAMEORIGIN
report-to
{"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
content-type
text/html; charset=UTF-8
permissions-policy
unload=()
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
gen_204
syndicatedsearch.goog/afs/ 		0
211 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://syndicatedsearch.goog/afs/gen_204?client=dp-sedo85_3ph&output=uds_ads_only&zx=mwrrma1zvzwo&aqid=IeroZvqaIsKljuwP58qV2QY&pbt=bv&adbx=650&adby=807.625&adbh=16&adbw=300&adbn=slave-1-1&eawp=partner-dp-sedo85_3ph&errv=672656862&csala=2%7C0%7C112%7C28%7C9&lle=0&ifv=1&hpt=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
gws /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy object-src 'none';base-uri 'self';script-src 'nonce-MvVglThkla5JCl5FX4luxg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://deloitte-hr.work/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy
object-src 'none';base-uri 'self';script-src 'nonce-MvVglThkla5JCl5FX4luxg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
date
Tue, 17 Sep 2024 02:32:03 GMT
server
gws
cross-origin-opener-policy
same-origin-allow-popups; report-to="gws"
x-frame-options
SAMEORIGIN
report-to
{"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
content-type
text/html; charset=UTF-8
permissions-policy
unload=()
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Cloudflare (Online)

26 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| dto number| googleNDT_ number| googleAltLoader object| google object| cafRL object| cafEl string| onclick_param_l string| onclick_value_l string| onclick_param_v string| onclick_value_v string| fb string| fb_token string| pu string| pus number| tlt boolean| dsb object| pdto function| tscCall function| isFacebookCookieSet function| executeTrackingPixel function| getCookieExpirationTime function| saveParkingCookie function| createCaf function| __sasCookie

2 Cookies

Domain/Path Name / Value
.deloitte-hr.work/ Name: __cf_mw_byp
Value: bLJZKNVQA2C9woUXvPFTk7fJsz58RR5HPZhTXqWeh7A-1726540317-0.0.1.1-/
.deloitte-hr.work/ Name: __gsas
Value: ID=8157de7b1efa3028:T=1726540321:RT=1726540321:S=ALNI_MbDIM9Jvj2Br3evQpqibGRrWS6RaA

1 Console Messages

Source Level URL
Text
network error URL: https://deloitte-hr.work/favicon.ico
Message:
Failed to load resource: the server responded with a status of 441 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Frame-Options SAMEORIGIN