cr05828.tw1.ru Open in urlscan Pro
2a03:6f00:6:1::517:321b Public Scan

Go To Rescan
Add Verdict Report

URL:
http://cr05828.tw1.ru/Login/authentication.html
Submission: On August 25 via manual (August 25th 2023, 9:02:42 pm UTC) from US — Scanned from DE

Summary HTTP 54 Redirects Links 11 Behaviour Indicators

Summary

This website contacted 19 IPs in 4 countries across 16 domains to perform 54 HTTP transactions. The main IP is 2a03:6f00:6:1::517:321b, located in Warsaw, Poland and belongs to TIMEWEB-AS, RU. The main domain is cr05828.tw1.ru.

This is the only time cr05828.tw1.ru was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
5	2a03:6f00:6:1... 2a03:6f00:6:1::517:321b	9123 (TIMEWEB-AS) (TIMEWEB-AS)
13	104.64.120.226 104.64.120.226	16625 (AKAMAI-AS) (AKAMAI-AS)
9	2606:4700::68... 2606:4700::6812:83ec	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:801::2008	15169 (GOOGLE) (GOOGLE)
5	23.37.54.239 23.37.54.239	16625 (AKAMAI-AS) (AKAMAI-AS)
1	54.156.245.251 54.156.245.251	14618 (AMAZON-AES) (AMAZON-AES)
1	2606:4700:440... 2606:4700:4400::ac40:9b77	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a02:26f0:310... 2a02:26f0:3100::1735:2a20	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a00:1450:400... 2a00:1450:4001:809::2002	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f08... 2a03:2880:f084:105:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2600:9000:224... 2600:9000:2248:4000:2:53b2:240:93a1	16509 (AMAZON-02) (AMAZON-02)
4 4	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a00:1450:400... 2a00:1450:4001:810::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80e::2003	15169 (GOOGLE) (GOOGLE)
2	151.101.2.137 151.101.2.137	54113 (FASTLY) (FASTLY)
2	2a03:2880:f17... 2a03:2880:f176:181:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
4	162.247.241.14 162.247.241.14	23467 (NEWRELIC-...) (NEWRELIC-AS-1)
54	19

5 2a03:6f00:6:1::517:321b (Warsaw, Poland)

ASN9123 (TIMEWEB-AS, RU)

cr05828.tw1.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 104.64.120.226 (Prague, Czech Republic)

ASN16625 (AKAMAI-AS, US)
PTR: a104-64-120-226.deploy.static.akamaitechnologies.com

hcm.paycor.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2606:4700::6812:83ec (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:801::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 23.37.54.239 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-37-54-239.deploy.static.akamaitechnologies.com

secure.paycor.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.156.245.251 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-156-245-251.compute-1.amazonaws.com

999.paycor.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::ac40:9b77 (United States)

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3100::1735:2a20 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f084:105:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2248:4000:2:53b2:240:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.linkedin.oribi.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:1ec:21::14 (United States) 4 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.2.137 (United States)

ASN54113 (FASTLY, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f176:181:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 162.247.241.14 (Portland, United States)

ASN23467 (NEWRELIC-AS-1, US)

bam.nr-data.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
19	paycor.com hcm.paycor.com — Cisco Umbrella Rank: 32035 secure.paycor.com — Cisco Umbrella Rank: 37025 999.paycor.com	677 KB
9	cookielaw.org cdn.cookielaw.org — Cisco Umbrella Rank: 354	154 KB
5	linkedin.com 4 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 357 www.linkedin.com — Cisco Umbrella Rank: 582 px4.ads.linkedin.com — Cisco Umbrella Rank: 6211	5 KB
5	tw1.ru cr05828.tw1.ru	52 KB
4	nr-data.net bam.nr-data.net — Cisco Umbrella Rank: 246	2 KB
3	bing.com bat.bing.com — Cisco Umbrella Rank: 356	13 KB
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 110	239 B
2	newrelic.com js-agent.newrelic.com — Cisco Umbrella Rank: 401	67 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 165	78 KB
1	google.de www.google.de — Cisco Umbrella Rank: 6490	455 B
1	google.com www.google.com — Cisco Umbrella Rank: 2	455 B
1	oribi.io cdn.linkedin.oribi.io — Cisco Umbrella Rank: 859	377 B
1	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 42	2 KB
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 772	5 KB
1	onetrust.com geolocation.onetrust.com — Cisco Umbrella Rank: 596	295 B
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 48	73 KB
54	16

	Domain	Requested by
13	hcm.paycor.com	cr05828.tw1.ru hcm.paycor.com
9	cdn.cookielaw.org	cr05828.tw1.ru hcm.paycor.com
5	secure.paycor.com	cr05828.tw1.ru secure.paycor.com
5	cr05828.tw1.ru	cr05828.tw1.ru
4	bam.nr-data.net	secure.paycor.com hcm.paycor.com
3	px.ads.linkedin.com	3 redirects
3	bat.bing.com	hcm.paycor.com cr05828.tw1.ru
2	www.facebook.com	cr05828.tw1.ru
2	js-agent.newrelic.com	secure.paycor.com hcm.paycor.com
2	connect.facebook.net	hcm.paycor.com
1	www.google.de	cr05828.tw1.ru
1	www.google.com	cr05828.tw1.ru
1	px4.ads.linkedin.com	cr05828.tw1.ru
1	www.linkedin.com	1 redirects
1	cdn.linkedin.oribi.io	hcm.paycor.com
1	googleads.g.doubleclick.net	hcm.paycor.com
1	snap.licdn.com	hcm.paycor.com
1	geolocation.onetrust.com	hcm.paycor.com
1	999.paycor.com	cr05828.tw1.ru
1	www.googletagmanager.com	hcm.paycor.com
54	20

This site contains links to these domains. Also see Links.

Domain
www.paycor.com
go.paycor.com
www.entrust.net
cookiepedia.co.uk
www.onetrust.com

Subject Issuer	Validity	Valid
demo.paycor.com GeoTrust RSA CA 2018	`2023-07-18` - `2024-06-13`	a year	crt.sh
cookielaw.org Cloudflare Inc ECC CA-3	`2023-04-01` - `2024-03-31`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-08-07` - `2023-10-30`	3 months	crt.sh
secure.paycor.com DigiCert SHA2 Extended Validation Server CA	`2023-02-08` - `2024-02-10`	a year	crt.sh
onetrust.com Cloudflare Inc ECC CA-3	`2022-12-13` - `2023-12-13`	a year	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-02-01` - `2024-01-31`	a year	crt.sh
www.bing.com Microsoft Azure TLS Issuing CA 05	`2023-07-26` - `2024-01-22`	6 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-08-07` - `2023-10-30`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-06-04` - `2023-09-02`	3 months	crt.sh
linkedin.oribi.io Amazon RSA 2048 M01	`2023-06-08` - `2024-07-07`	a year	crt.sh
www.google.com GTS CA 1C3	`2023-08-07` - `2023-10-30`	3 months	crt.sh
www.google.de GTS CA 1C3	`2023-08-07` - `2023-10-30`	3 months	crt.sh
js-agent.newrelic.com GlobalSign Atlas R3 DV TLS CA 2023 Q2	`2023-04-13` - `2024-05-14`	a year	crt.sh
*.nr-data.net DigiCert TLS RSA SHA256 2020 CA1	`2022-11-18` - `2023-12-19`	a year	crt.sh

This page contains 3 frames:

Primary Page: http://cr05828.tw1.ru/Login/authentication.html
Frame ID: 9D37EA64A2236EB79ED110E55B71A889
Requests: 41 HTTP requests in this frame

Frame: https://secure.paycor.com/accounts/content/clearstate.html
Frame ID: 5BC2D1558054CB10F34DDC8CDA09F0EA
Requests: 8 HTTP requests in this frame

Frame: https://hcm.paycor.com/paycorapp/xoss.html
Frame ID: ABB01CB485BDA4F3BCBAAEFA165EF1FC
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Paycor Secure Access Employee LoginBack ButtonSearch IconFilter Icon

Detected technologies

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

54
Requests

87 %
HTTPS

68 %
IPv6

16
Domains

20
Subdomains

19
IPs

4
Countries

1124 kB
Transfer

2596 kB
Size

16
Cookies

11 Outgoing links

These are links going to different origins than the main page.

URL: http://www.paycor.com/

Search URL Search Domain Scan URL

URL: http://www.paycor.com/search

Search URL Search Domain Scan URL

URL: http://www.paycor.com/contact
Title: Contact Us

Search URL Search Domain Scan URL

URL: http://go.paycor.com/demo
Title: Watch Demo

Search URL Search Domain Scan URL

URL: http://www.paycor.com/faqs
Title: ?

Search URL Search Domain Scan URL

URL: https://www.entrust.net/customer/profile.cfm?domain=secure.paycor.com&lang=en

Search URL Search Domain Scan URL

URL: http://www.paycor.com/help
Title: FAQ

Search URL Search Domain Scan URL

URL: http://www.paycor.com/system-requirements
Title: System Requirements

Search URL Search Domain Scan URL

URL: http://www.paycor.com/privacy-policy
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://cookiepedia.co.uk/giving-consent-to-cookies
Title: More information

Search URL Search Domain Scan URL

URL: https://www.onetrust.com/products/cookie-consent/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 24

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=10318&time=1692997356801&url=http%3A%2F%2Fcr05828.tw1.ru%2FLogin%2Fauthentication.html HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=10318&time=1692997356801&url=http%3A%2F%2Fcr05828.tw1.ru%2FLogin%2Fauthentication.html&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D10318%26time%3D1692997356801%26url%3Dhttp%253A%252F%252Fcr05828.tw1.ru%252FLogin%252Fauthentication.html%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=10318&time=1692997356801&url=http%3A%2F%2Fcr05828.tw1.ru%2FLogin%2Fauthentication.html&cookiesTest=true&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=10318&time=1692997356801&url=http%3A%2F%2Fcr05828.tw1.ru%2FLogin%2Fauthentication.html&cookiesTest=true&liSync=true&e_ipv6=AQLA4YUkYSpvjwAAAYougY8LnY2QedS5aIkLN1MPxY2oP36Zv0mUGW3bTdVUQZWKsGcRS2WD8ycQOg

54 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request authentication.html Show response
cr05828.tw1.ru/Login/ 17 KB
5 KB 311ms
103ms Document
text/html 2a03:6f00:6:1::517:321b
TIMEWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://cr05828.tw1.ru/Login/authentication.html
Protocol: HTTP/1.1
Server: 2a03:6f00:6:1::517:321b Warsaw, Poland, ASN9123 (TIMEWEB-AS, RU),
Reverse DNS
Software: nginx/1.22.1 /
Resource Hash: fcceaec68d4f07978f76ab4e812699ab050baaa9c220304d42d62bb9dbef3982

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=utf-8
Date: Fri, 25 Aug 2023 21:02:35 GMT
ETag: W/"4417-603be80986c7b"
Last-Modified: Fri, 25 Aug 2023 12:29:56 GMT
Server: nginx/1.22.1
Transfer-Encoding: chunked
Vary: Accept-Encoding

GET
H/1.1 200
OK newrelic.js Show response
hcm.paycor.com/authentication/Content/Scripts/ 31 KB
14 KB 228ms
93ms Script
application/x-javascript 104.64.120.226
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hcm.paycor.com/authentication/Content/Scripts/newrelic.js
Requested by: Host: cr05828.tw1.ru
URL: http://cr05828.tw1.ru/Login/authentication.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.64.120.226 Prague, Czech Republic, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-64-120-226.deploy.static.akamaitechnologies.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 5fee16176f94e4a1d8a3a6d7b5e87d6a293928d0fda42d6f27647a6dcedd27d4

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://cr05828.tw1.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

Date: Fri, 25 Aug 2023 21:02:35 GMT
Content-Encoding: gzip
Last-Modified: Wed, 29 Jun 2022 01:11:36 GMT
Server: Microsoft-IIS/10.0
ETag: "9613cd2d558bd81:0"
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: application/x-javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 13509

GET
H/1.1 200
OK index.js Show response
cr05828.tw1.ru/Login/ 160 KB
46 KB 70ms
70ms Script
application/x-javascript 2a03:6f00:6:1::517:321b
TIMEWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://cr05828.tw1.ru/Login/index.js
Requested by: Host: cr05828.tw1.ru
URL: http://cr05828.tw1.ru/Login/authentication.html
Protocol: HTTP/1.1
Server: 2a03:6f00:6:1::517:321b Warsaw, Poland, ASN9123 (TIMEWEB-AS, RU),
Reverse DNS
Software: nginx/1.22.1 /
Resource Hash: 4376db26e990d8631fec3bf2a547a5a5501eaaa02335707cb838ede82267b51b

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://cr05828.tw1.ru/Login/authentication.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

Date: Fri, 25 Aug 2023 21:02:35 GMT
Content-Encoding: gzip
Last-Modified: Fri, 25 Aug 2023 12:02:15 GMT
Server: nginx/1.22.1
ETag: W/"64e89847-27f8e"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: max-age=2678400
Connection: keep-alive
Expires: Mon, 25 Sep 2023 21:02:35 GMT

GET
H/1.1 200
OK signin
hcm.paycor.com/authentication/bundles/styles/ 116 KB
30 KB 909ms
787ms Stylesheet
text/css 104.64.120.226
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hcm.paycor.com/authentication/bundles/styles/signin?v=1TMBwjc_FcDQdFI94Oxx3Pc2mnULbreTT8VsQhWRsSM1
Requested by: Host: cr05828.tw1.ru
URL: http://cr05828.tw1.ru/Login/authentication.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.64.120.226 Prague, Czech Republic, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-64-120-226.deploy.static.akamaitechnologies.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 16e31e698ad86dd88a847fabe992d98514011cd9a0cb70e3c40fb113d4b5a753

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://cr05828.tw1.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

Date: Fri, 25 Aug 2023 21:02:36 GMT
Content-Encoding: gzip
Last-Modified: Fri, 25 Aug 2023 21:02:35 GMT
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Vary: User-Agent,Accept-Encoding
Content-Type: text/css; charset=utf-8
Cache-Control: public
Connection: keep-alive
Content-Length: 29294
Expires: Sat, 24 Aug 2024 21:02:35 GMT

GET
H/1.1 404
Not Found jquery
cr05828.tw1.ru/authentication/bundles/signin/ 0
0 91ms
91ms Script
text/html 2a03:6f00:6:1::517:321b
TIMEWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://cr05828.tw1.ru/authentication/bundles/signin/jquery?v=OogFi3g5HLuGIHAgSqPk_6zluJg3HjxNAuUL0uNC8a81
Requested by: Host: cr05828.tw1.ru
URL: http://cr05828.tw1.ru/Login/authentication.html
Protocol: HTTP/1.1
Server: 2a03:6f00:6:1::517:321b Warsaw, Poland, ASN9123 (TIMEWEB-AS, RU),
Reverse DNS
Software: nginx/1.22.1 /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://cr05828.tw1.ru/Login/authentication.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

Date: Fri, 25 Aug 2023 21:02:35 GMT
Server: nginx/1.22.1
Connection: keep-alive
Content-Length: 196
Content-Type: text/html; charset=iso-8859-1

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ 21 KB
7 KB 83ms
31ms Script
application/javascript 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Host: cr05828.tw1.ru
URL: http://cr05828.tw1.ru/Login/authentication.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b97b49ee323dbccf9a13f15fa3d93188d01681652d52b1ed40ad00c32dfb0513

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://cr05828.tw1.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 25 Aug 2023 21:02:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: X1C0PY0lSDg1JSpsyFxfYA==
age: 16115
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 6837
x-ms-lease-status: unlocked
last-modified: Thu, 24 Aug 2023 03:26:19 GMT
server: cloudflare
etag: 0x8DBA451E24AF8F1
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: ea25a7a5-301e-0079-61c3-d6c5a7000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7fc6c6e15b159b51-FRA

GET
H/1.1 200
OK icons8-search-30.png
cr05828.tw1.ru/ 550 B
860 B 63ms
63ms Image
image/png 2a03:6f00:6:1::517:321b
TIMEWEB-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://cr05828.tw1.ru/icons8-search-30.png
Requested by: Host: cr05828.tw1.ru
URL: http://cr05828.tw1.ru/Login/authentication.html
Protocol: HTTP/1.1
Server: 2a03:6f00:6:1::517:321b Warsaw, Poland, ASN9123 (TIMEWEB-AS, RU),
Reverse DNS
Software: nginx/1.22.1 /
Resource Hash: f09cf56b5a3e9d8595c3618e9bfdd57babb67b3305b856fd5e06f3f4da766dad

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://cr05828.tw1.ru/Login/authentication.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

Date: Fri, 25 Aug 2023 21:02:35 GMT
Last-Modified: Fri, 25 Aug 2023 12:14:27 GMT
Server: nginx/1.22.1
ETag: "64e89b23-226"
Content-Type: image/png
Cache-Control: max-age=2678400
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 550
Expires: Mon, 25 Sep 2023 21:02:35 GMT

GET
H/1.1 200
OK utilities.latest.min.js Show response
hcm.paycor.com/paycorapp/ 92 KB
31 KB 73ms
72ms Script
application/x-javascript 104.64.120.226
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hcm.paycor.com/paycorapp/utilities.latest.min.js
Requested by: Host: cr05828.tw1.ru
URL: http://cr05828.tw1.ru/Login/authentication.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.64.120.226 Prague, Czech Republic, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-64-120-226.deploy.static.akamaitechnologies.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: c016ff6c8c355a8c2a99923c0421f6f58e5cc07a08943b1b4a4e4a80e72f3bbf

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://cr05828.tw1.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

Date: Fri, 25 Aug 2023 21:02:35 GMT
Content-Encoding: gzip
Last-Modified: Thu, 17 Aug 2023 19:32:02 GMT
Server: Microsoft-IIS/10.0
ETag: "0a51f7f41d1d91:0"
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: public,max-age=604800,no-cache
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 31267

GET
H/1.1 404
Not Found 2RqUDM
cr05828.tw1.ru/w1JHcNSa8fohKe_PrkkZzynt/mOau6XrV2QEmuY/GiAcSikD/QhhPK/ 0
0 82ms
82ms Script
text/html 2a03:6f00:6:1::517:321b
TIMEWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://cr05828.tw1.ru/w1JHcNSa8fohKe_PrkkZzynt/mOau6XrV2QEmuY/GiAcSikD/QhhPK/2RqUDM
Requested by: Host: cr05828.tw1.ru
URL: http://cr05828.tw1.ru/Login/authentication.html
Protocol: HTTP/1.1
Server: 2a03:6f00:6:1::517:321b Warsaw, Poland, ASN9123 (TIMEWEB-AS, RU),
Reverse DNS
Software: nginx/1.22.1 /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://cr05828.tw1.ru/Login/authentication.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

Date: Fri, 25 Aug 2023 21:02:35 GMT
Server: nginx/1.22.1
Connection: keep-alive
Content-Length: 196
Content-Type: text/html; charset=iso-8859-1

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 199 KB
73 KB 239ms
32ms Script
application/javascript 2a00:1450:4001:801::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-WD22DQG

Requested by

Host: hcm.paycor.com
URL: https://hcm.paycor.com/authentication/Content/Scripts/newrelic.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

0db2edef2307ac57bc3182ab2fe125cb77bd4f594ddb98482ee5307441a88567

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://cr05828.tw1.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Fri, 25 Aug 2023 21:02:36 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 73949
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 25 Aug 2023 21:02:36 GMT

GET
H/1.1 200
OK clearstate.html Show response
secure.paycor.com/accounts/content/ Frame 5BC2 32 KB
13 KB 482ms
281ms Document
text/html 23.37.54.239
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.paycor.com/accounts/content/clearstate.html
Requested by: Host: cr05828.tw1.ru
URL: http://cr05828.tw1.ru/Login/authentication.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.37.54.239 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-54-239.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 2e2b4ffae714b58b912875ba253a4996daa4347d49c8614835d5788e994abd8b

Request headers

Referer: http://cr05828.tw1.ru/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Cache-Control: private
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 11350
Content-Type: text/html
Cteonnt-Length: 32173
Date: Fri, 25 Aug 2023 21:02:36 GMT
ETag: "04f30a719d5d91:0"
Last-Modified: Tue, 22 Aug 2023 16:56:54 GMT
Vary: Accept-Encoding
X-Akamai-Request-ID: 11dfd36
X-Akamai-Transformed: 9 11815 0 pmb=mTOE,1

GET
DATA 200
OK truncated
/ 26 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://cr05828.tw1.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK xoss.html Show response
hcm.paycor.com/paycorapp/ Frame ABB0 251 B
2 KB 853ms
853ms Document
text/html 104.64.120.226
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hcm.paycor.com/paycorapp/xoss.html
Requested by: Host: hcm.paycor.com
URL: https://hcm.paycor.com/authentication/Content/Scripts/newrelic.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.64.120.226 Prague, Czech Republic, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-64-120-226.deploy.static.akamaitechnologies.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 8ac28aefc2f0ca15566e4876daa56e4947be11c4bb5f827c998e3f8a0ed35ab3

Request headers

Referer: http://cr05828.tw1.ru/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Cache-Control: public,max-age=3600
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 206
Content-Type: text/html
Date: Fri, 25 Aug 2023 21:02:36 GMT
ETag: "012544eeeb8d91:0"
Last-Modified: Mon, 17 Jul 2023 20:36:04 GMT
Server: Microsoft-IIS/10.0
Vary: Accept-Encoding
X-Akamai-Transformed: 9 219 0 pmb=mTOE,1
X-Powered-By: ASP.NET

GET
H2 200 90119edf-b883-42d3-b82f-97977849d151-test.json Show response
cdn.cookielaw.org/consent/90119edf-b883-42d3-b82f-97977849d151-test/ 4 KB
2 KB 79ms
36ms XHR
application/x-javascript 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/90119edf-b883-42d3-b82f-97977849d151-test/90119edf-b883-42d3-b82f-97977849d151-test.json

Requested by

Host: hcm.paycor.com
URL: https://hcm.paycor.com/authentication/Content/Scripts/newrelic.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

493caf2148e30a0095b0a31f596e9feac88d5c253eeeb873872f3b136b66f2cb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://cr05828.tw1.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 25 Aug 2023 21:02:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 6753
content-md5: CR1f8CUL8Qdja0ydX0bi4A==
content-length: 1476
x-ms-lease-status: unlocked
last-modified: Tue, 03 Jan 2023 15:37:02 GMT
server: cloudflare
etag: 0x8DAEDA05C4B1C89
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: b2c57aa8-501e-009b-5980-d7f886000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7fc6c6e5ba1435f8-FRA

GET
H/1.1 200
OK logo.gif
999.paycor.com/images/glvomt4226ouabrl0x4yu6hlw/ 43 B
160 B 534ms
168ms Image
image/gif 54.156.245.251
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://999.paycor.com/images/glvomt4226ouabrl0x4yu6hlw/logo.gif?l=http://cr05828.tw1.ru/Login/authentication.html&r=
Requested by: Host: cr05828.tw1.ru
URL: http://cr05828.tw1.ru/Login/authentication.html
Protocol: HTTP/1.1
Server: 54.156.245.251 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-156-245-251.compute-1.amazonaws.com
Software: Apache /
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://cr05828.tw1.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

Date: Fri, 25 Aug 2023 21:02:36 GMT
Server: Apache
Content-Length: 43
Content-Type: image/gif

GET
H/1.1 200
OK paycor-logo.png
hcm.paycor.com/authentication/content/Images/Logo/ 3 KB
4 KB 112ms
112ms Image
image/png 104.64.120.226
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hcm.paycor.com/authentication/content/Images/Logo/paycor-logo.png
Requested by: Host: cr05828.tw1.ru
URL: http://cr05828.tw1.ru/Login/authentication.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.64.120.226 Prague, Czech Republic, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-64-120-226.deploy.static.akamaitechnologies.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: f3ad6b8b82f6e9c8067edb141866f5954813a29f6e7a6bdf35186e7b09e9f758

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://cr05828.tw1.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

Date: Fri, 25 Aug 2023 21:02:36 GMT
Last-Modified: Wed, 18 Mar 2020 19:17:48 GMT
Server: Microsoft-IIS/10.0
ETag: "056fbe859fdd51:0"
X-Powered-By: ASP.NET
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3567

GET
H/1.1 200
OK entrust_site_seal_small.png
hcm.paycor.com/authentication/content/Images/ 8 KB
8 KB 142ms
65ms Image
image/png 104.64.120.226
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hcm.paycor.com/authentication/content/Images/entrust_site_seal_small.png
Requested by: Host: cr05828.tw1.ru
URL: http://cr05828.tw1.ru/Login/authentication.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.64.120.226 Prague, Czech Republic, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-64-120-226.deploy.static.akamaitechnologies.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: c399c0d0bc5b2d6cafb63d4218e38f81ea8f15216687643e34ddf1a5c48e15f9

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://cr05828.tw1.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

Date: Fri, 25 Aug 2023 21:02:36 GMT
Last-Modified: Wed, 18 Mar 2020 19:17:48 GMT
Server: Microsoft-IIS/10.0
ETag: "056fbe859fdd51:0"
X-Powered-By: ASP.NET
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 8430

GET
H/1.1 200
OK 1.jpg
hcm.paycor.com/authentication/content/Images/background/ 325 KB
325 KB 166ms
89ms Image
image/jpeg 104.64.120.226
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hcm.paycor.com/authentication/content/Images/background/1.jpg?v=05.24.2017
Requested by: Host: hcm.paycor.com
URL: https://hcm.paycor.com/authentication/bundles/styles/signin?v=1TMBwjc_FcDQdFI94Oxx3Pc2mnULbreTT8VsQhWRsSM1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.64.120.226 Prague, Czech Republic, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-64-120-226.deploy.static.akamaitechnologies.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 30b706fd61a5aa40dc318351fa02449014901e6019357f8e4d6a6cd1c16ff72a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hcm.paycor.com/authentication/bundles/styles/signin?v=1TMBwjc_FcDQdFI94Oxx3Pc2mnULbreTT8VsQhWRsSM1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

Date: Fri, 25 Aug 2023 21:02:36 GMT
Last-Modified: Wed, 18 Mar 2020 19:17:48 GMT
Server: Microsoft-IIS/10.0
ETag: "056fbe859fdd51:0"
X-Powered-By: ASP.NET
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 332982

GET
H/1.1 200
OK 1Mobile.jpg
hcm.paycor.com/authentication/content/Images/background/ 77 KB
77 KB 169ms
89ms Image
image/jpeg 104.64.120.226
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hcm.paycor.com/authentication/content/Images/background/1Mobile.jpg?v=05.24.2017
Requested by: Host: hcm.paycor.com
URL: https://hcm.paycor.com/authentication/bundles/styles/signin?v=1TMBwjc_FcDQdFI94Oxx3Pc2mnULbreTT8VsQhWRsSM1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.64.120.226 Prague, Czech Republic, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-64-120-226.deploy.static.akamaitechnologies.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: b9db2b33d8143e860615a43dd62dd1b604e2a7e4bafba887299e1f3dcd650720

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hcm.paycor.com/authentication/bundles/styles/signin?v=1TMBwjc_FcDQdFI94Oxx3Pc2mnULbreTT8VsQhWRsSM1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

Date: Fri, 25 Aug 2023 21:02:36 GMT
Last-Modified: Wed, 18 Mar 2020 19:17:48 GMT
Server: Microsoft-IIS/10.0
ETag: "056fbe859fdd51:0"
X-Powered-By: ASP.NET
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 78839

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 59 B
295 B 165ms
42ms XHR
application/json 2606:4700:4400::ac40:9b77
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: hcm.paycor.com
URL: https://hcm.paycor.com/authentication/Content/Scripts/newrelic.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9b77 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2157361193375a79ade3559e960f982daa8d599cf7f4a92d36e3eef257738f16

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept: application/json
Referer: http://cr05828.tw1.ru/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Fri, 25 Aug 2023 21:02:36 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
cf-ray: 7fc6c6e7ddc137e4-FRA
access-control-allow-headers: Content-Type

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 13 KB
5 KB 137ms
27ms Script
application/x-javascript 2a02:26f0:3100::1735:2a20
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: hcm.paycor.com
URL: https://hcm.paycor.com/authentication/Content/Scripts/newrelic.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3100::1735:2a20 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

fa53fcd8da139d256c0ca83b69cb37473ca627b6052368ed3327c80d9fb61e25

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://cr05828.tw1.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Fri, 25 Aug 2023 21:02:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 24 Jul 2023 09:07:54 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/x-javascript;charset=utf-8
cache-control: max-age=62142
accept-ranges: bytes
content-length: 4862

GET
H2 200 bat.js Show response
bat.bing.com/ 42 KB
13 KB 158ms
48ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: hcm.paycor.com
URL: https://hcm.paycor.com/authentication/Content/Scripts/newrelic.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

2f472251b6b4a4a8d7ceed7539cb6ebea71caf28bccc0beda7a6866a6847b53e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://cr05828.tw1.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Fri, 25 Aug 2023 21:02:36 GMT
last-modified: Fri, 28 Jul 2023 18:19:39 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 9D5646544F2447039360687D29AA3981 Ref B: FRA31EDGE0113 Ref C: 2023-08-25T21:02:36Z
etag: "806f3b1280c1d91:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 12469

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/944830538/ 3 KB
2 KB 139ms
33ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/944830538/?random=1692997356659&cv=11&fst=1692997356659&bg=ffffff&guid=ON&async=1&gtm=45He38n0&u_w=1600&u_h=1200&url=http%3A%2F%2Fcr05828.tw1.ru%2FLogin%2Fauthentication.html&hn=www.googleadservices.com&frm=0&tiba=Paycor%20Secure%20Access%20Employee%20Login&rfmt=3&fmt=4

Requested by

Host: hcm.paycor.com
URL: https://hcm.paycor.com/authentication/Content/Scripts/newrelic.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

43243e1e25643ac64e7cc5a8c32a512e4161afe4a44b4c306880145873ef083a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://cr05828.tw1.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Aug 2023 21:02:36 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1327
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 173 KB
47 KB 124ms
18ms Script
application/x-javascript 2a03:2880:f084:105:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: hcm.paycor.com
URL: https://hcm.paycor.com/authentication/Content/Scripts/newrelic.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

ec140ae8baa4b61226d96beba9277a0072e45b805004b8ea983c5d43402aeb66

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://cr05828.tw1.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Fri, 25 Aug 2023 21:02:36 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 47412
x-xss-protection: 0
pragma: public
x-fb-debug: 61dkI3GMQcqnvM7YanEu4/nQtNExhWhf9pZ9SVSx8RbhJXaGpBQHP9nwHSRsGegHE0S9Hx0U+GqAyn6pNmSKUw==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
x-fb-optimizer: 0
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 token Show response
cdn.linkedin.oribi.io/partner/10318/domain/cr05828.tw1.ru/ 36 B
377 B 91ms
33ms XHR
application/json 2600:9000:2248:4000:2:53b2:240:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.linkedin.oribi.io/partner/10318/domain/cr05828.tw1.ru/token
Requested by: Host: hcm.paycor.com
URL: https://hcm.paycor.com/authentication/Content/Scripts/newrelic.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2248:4000:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89

Request headers

Accept: *
Referer: http://cr05828.tw1.ru/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Fri, 25 Aug 2023 20:20:57 GMT
content-encoding: gzip
via: 1.1 fd9162e6f81538cdbf24b7df628b2bc6.cloudfront.net (CloudFront)
x-amz-cf-pop: MXP63-P3
age: 2499
vary: accept-encoding
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=3600
x-amz-cf-id: hF1AjP3ZT6jlmEHIh4GybNvV-CPiR0rw2gKxFVXJIQKB42Iqw9n2KA==

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=10318&time=1692997356801&url=http%3A%2F%2Fcr05828.tw1.ru%2FLogin%2Fauthentication.html
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=10318&time=1692997356801&url=http%3A%2F%2Fcr05828.tw1.ru%2FLogin%2Fauthentication.html&cookiesTest=true
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D10318%26time%3D1692997356801%26url%3Dhttp%253A%252F%252Fcr05828.tw1.ru%252FLogin%...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=10318&time=1692997356801&url=http%3A%2F%2Fcr05828.tw1.ru%2FLogin%2Fauthentication.html&cookiesTest=true&liSync=true
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=10318&time=1692997356801&url=http%3A%2F%2Fcr05828.tw1.ru%2FLogin%2Fauthentication.html&cookiesTest=true&liSync=true&e_ipv6=AQLA4YUkYSpvjwAAAYougY...

0
265 B

173ms
121ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=10318&time=1692997356801&url=http%3A%2F%2Fcr05828.tw1.ru%2FLogin%2Fauthentication.html&cookiesTest=true&liSync=true&e_ipv6=AQLA4YUkYSpvjwAAAYougY8LnY2QedS5aIkLN1MPxY2oP36Zv0mUGW3bTdVUQZWKsGcRS2WD8ycQOg
Requested by: Host: cr05828.tw1.ru
URL: http://cr05828.tw1.ru/Login/authentication.html
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://cr05828.tw1.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Fri, 25 Aug 2023 21:02:37 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 00D065390F4A47DCB4D35E7FE562DC40 Ref B: FRAEDGE1922 Ref C: 2023-08-25T21:02:37Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-lva1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYDxaoZWVJURyNhM/Ufkw==

Redirect headers

date: Fri, 25 Aug 2023 21:02:36 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: EB8293CFEC3441BEA3D4A3C322223881 Ref B: FRAEDGE1818 Ref C: 2023-08-25T21:02:37Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lva1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=10318&time=1692997356801&url=http%3A%2F%2Fcr05828.tw1.ru%2FLogin%2Fauthentication.html&cookiesTest=true&liSync=true&e_ipv6=AQLA4YUkYSpvjwAAAYougY8LnY2QedS5aIkLN1MPxY2oP36Zv0mUGW3bTdVUQZWKsGcRS2WD8ycQOg
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYDxaoWfPxl/6LCf+3OdA==

GET
H2 200 /
www.google.com/pagead/1p-user-list/944830538/ 42 B
455 B 83ms
35ms Image
image/gif 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/944830538/?random=1692997356659&cv=11&fst=1692997200000&bg=ffffff&guid=ON&async=1&gtm=45He38n0&u_w=1600&u_h=1200&url=http%3A%2F%2Fcr05828.tw1.ru%2FLogin%2Fauthentication.html&frm=0&tiba=Paycor%20Secure%20Access%20Employee%20Login&fmt=3&is_vtc=1&random=181639123&rmt_tld=0&ipr=y

Requested by

Host: cr05828.tw1.ru
URL: http://cr05828.tw1.ru/Login/authentication.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://cr05828.tw1.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Aug 2023 21:02:36 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/944830538/ 42 B
455 B 87ms
37ms Image
image/gif 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/944830538/?random=1692997356659&cv=11&fst=1692997200000&bg=ffffff&guid=ON&async=1&gtm=45He38n0&u_w=1600&u_h=1200&url=http%3A%2F%2Fcr05828.tw1.ru%2FLogin%2Fauthentication.html&frm=0&tiba=Paycor%20Secure%20Access%20Employee%20Login&fmt=3&is_vtc=1&random=181639123&rmt_tld=1&ipr=y

Requested by

Host: cr05828.tw1.ru
URL: http://cr05828.tw1.ru/Login/authentication.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://cr05828.tw1.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Aug 2023 21:02:36 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/202211.2.0/ 383 KB
92 KB 33ms
33ms Script
application/javascript 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202211.2.0/otBannerSdk.js

Requested by

Host: hcm.paycor.com
URL: https://hcm.paycor.com/authentication/Content/Scripts/newrelic.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

49582965b8ddcb8f728f5b4d33b2c73e138690f5c6815bd9918de94f62f4b80b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://cr05828.tw1.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 25 Aug 2023 21:02:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: uPFqyxtrxGqJsyAvB7RnSg==
age: 60630
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 93482
x-ms-lease-status: unlocked
last-modified: Mon, 12 Dec 2022 17:31:45 GMT
server: cloudflare
etag: 0x8DADC66BDFA5EC7
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: da60ad71-a01e-00f1-2de1-5a0975000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7fc6c6e829c59b51-FRA

GET
H/1.1 200
OK Okw Show response
secure.paycor.com/EcxnBnB5U/c/J8IbfNFg/G7YXfJkNbQcYY7/bC4gdQ8CAg/UB1rdgRX/ Frame 5BC2 207 KB
77 KB 33ms
33ms Script
application/javascript 23.37.54.239
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.paycor.com/EcxnBnB5U/c/J8IbfNFg/G7YXfJkNbQcYY7/bC4gdQ8CAg/UB1rdgRX/Okw
Requested by: Host: secure.paycor.com
URL: https://secure.paycor.com/accounts/content/clearstate.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.37.54.239 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-54-239.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 0b2a332cab2ae8062add23083a1055a9c6dc7c057a1ef9cf11132755d00db488

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.paycor.com/accounts/content/clearstate.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

X-Akamai-Request-ID: 11dfe92
Date: Fri, 25 Aug 2023 21:02:36 GMT
Content-Encoding: br
Last-Modified: Wed, 02 Aug 2023 16:14:17 GMT
ETag: "3453d8a4c9117996cd885f861a76d40870732f6f819d9109cb965aaf12b84a96"
Stored-Attribute-Sha-Checksum: 0b2a332cab2ae8062add23083a1055a9c6dc7c057a1ef9cf11132755d00db488
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=21600
Connection: keep-alive
Content-Length: 77907

GET
H2 200 1658281131098209 Show response
connect.facebook.net/signals/config/ 116 KB
31 KB 62ms
61ms Script
application/x-javascript 2a03:2880:f084:105:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1658281131098209?v=2.9.124&r=stable&domain=cr05828.tw1.ru

Requested by

Host: hcm.paycor.com
URL: https://hcm.paycor.com/authentication/Content/Scripts/newrelic.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

9cdd79d3fec4f5235efa8b885f4b649c6e26dbd29f386e1c353b5398c99f1c09

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://cr05828.tw1.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Fri, 25 Aug 2023 21:02:36 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
pragma: public
x-fb-debug: XguQkRfszfoOsMeVLJ3ljB4HjtIvxcONKYd0Bj/76Ml8mMlzzud8zXMZW9FJD24E4JgX9CUhieRWbiNyTGPMhA==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 204 5511164.js Show response
bat.bing.com/p/action/ 0
118 B 46ms
45ms Script
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/5511164.js

Requested by

Host: hcm.paycor.com
URL: https://hcm.paycor.com/authentication/Content/Scripts/newrelic.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://cr05828.tw1.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
date: Fri, 25 Aug 2023 21:02:36 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: E5BB29FA7F5E4E3181DEB6C16C0AC851 Ref B: FRA31EDGE0113 Ref C: 2023-08-25T21:02:36Z
x-cache: CONFIG_NOCACHE

GET
H2 204 0
bat.bing.com/action/ 0
287 B 62ms
62ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=5511164&tm=gtm002&Ver=2&mid=a9c353b7-8259-4405-baae-a8b2122c1aff&sid=b82631c0438a11ee9e5e7bb07e8cbebe&vid=b8265280438a11eeb04e45020eb34975&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=Paycor%20Secure%20Access%20Employee%20Login&p=http%3A%2F%2Fcr05828.tw1.ru%2FLogin%2Fauthentication.html&r=&lt=1732&evt=pageLoad&sv=1&rn=978199

Requested by

Host: cr05828.tw1.ru
URL: http://cr05828.tw1.ru/Login/authentication.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://cr05828.tw1.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Fri, 25 Aug 2023 21:02:36 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 8C0940F9614C43DBA66C69DFBB9FB7CF Ref B: FRA31EDGE0113 Ref C: 2023-08-25T21:02:36Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 en.json Show response
cdn.cookielaw.org/consent/90119edf-b883-42d3-b82f-97977849d151-test/9adb7314-bef2-4a0f-9eb2-78fe63d1bb19/ 143 KB
25 KB 67ms
67ms Fetch
application/x-javascript 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/90119edf-b883-42d3-b82f-97977849d151-test/9adb7314-bef2-4a0f-9eb2-78fe63d1bb19/en.json

Requested by

Host: hcm.paycor.com
URL: https://hcm.paycor.com/authentication/Content/Scripts/newrelic.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

374ba02b44412645b5db18a26b6b146c8c1b3b976992fa9be64d77df2ec7e9fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://cr05828.tw1.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 25 Aug 2023 21:02:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-md5: AU09UGtfHv1TvIF9132x5A==
content-length: 25309
x-ms-lease-status: unlocked
last-modified: Tue, 03 Jan 2023 15:37:07 GMT
server: cloudflare
etag: 0x8DAEDA05F1F350D
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 7e4d44e6-701e-0025-3197-d790ff000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
cf-ray: 7fc6c6e8ce4f35f8-FRA

POST
H/1.1 201
Created Okw Show response
secure.paycor.com/EcxnBnB5U/c/J8IbfNFg/G7YXfJkNbQcYY7/bC4gdQ8CAg/UB1rdgRX/ Frame 5BC2 18 B
1 KB 55ms
55ms XHR
application/json 23.37.54.239
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.paycor.com/EcxnBnB5U/c/J8IbfNFg/G7YXfJkNbQcYY7/bC4gdQ8CAg/UB1rdgRX/Okw
Requested by: Host: secure.paycor.com
URL: https://secure.paycor.com/accounts/content/clearstate.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.37.54.239 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-54-239.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d

Request headers

X-NewRelic-ID: VwIPUFdTCBAJVlRRAggEUFE=
tracestate: 1151945@nr=0-1-3481100-1103151828-126d93b00403ef61----1692997356991
traceparent: 00-2fbada34599c3c1c165a6161450d58ea-126d93b00403ef61-01
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjM0ODExMDAiLCJhcCI6IjExMDMxNTE4MjgiLCJpZCI6IjEyNmQ5M2IwMDQwM2VmNjEiLCJ0ciI6IjJmYmFkYTM0NTk5YzNjMWMxNjVhNjE2MTQ1MGQ1OGVhIiwidGkiOjE2OTI5OTczNTY5OTEsInRrIjoiMTE1MTk0NSJ9fQ==
Content-Type: text/plain;charset=UTF-8
Referer: https://secure.paycor.com/accounts/content/clearstate.html

Response headers

X-Akamai-Request-ID: 11dff25
Date: Fri, 25 Aug 2023 21:02:37 GMT
Vary: Origin
Content-Type: application/json
Access-Control-Allow-Origin: https://secure.paycor.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Content-Type
Content-Length: 18

GET
H2 200 nr-spa-1216.min.js Show response
js-agent.newrelic.com/ Frame 5BC2 49 KB
49 KB 80ms
19ms Script
application/javascript 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js-agent.newrelic.com/nr-spa-1216.min.js

Requested by

Host: secure.paycor.com
URL: https://secure.paycor.com/accounts/content/clearstate.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.137 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

545156adeae44dadc82b98d504f805ebe77fb79c928ef34eed1057bb9d4cb8fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.paycor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

x-amz-version-id: UU.F5jvoumAjQChriwTQHbisCFw_OInU
date: Fri, 25 Aug 2023 21:02:37 GMT
via: 1.1 varnish
strict-transport-security: max-age=300
x-amz-request-id: WPMFB0VJG75YV1Z7
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 50049
x-amz-id-2: FZGRs9jHoygJROiHGl6xMkWo6b2J8tT5vX+5wqPZ7xbNvPJpdkGEDO9l2DizwaxY1IJipLlFmJk=
x-served-by: cache-fra-etou8220084-FRA
last-modified: Thu, 14 Apr 2022 16:45:57 GMT
server: AmazonS3
x-timer: S1692997357.075107,VS0,VE0
etag: "63e2df852d15ab21d7ff8fc4363222e8"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 196

GET
H2 200 otFlat.json Show response
cdn.cookielaw.org/scripttemplates/202211.2.0/assets/ 13 KB
3 KB 37ms
37ms Fetch
application/json 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202211.2.0/assets/otFlat.json

Requested by

Host: hcm.paycor.com
URL: https://hcm.paycor.com/authentication/Content/Scripts/newrelic.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1df323c03e742ff217794c8ace2c647f3f0cf868c91d4396c166262ca1075acc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://cr05828.tw1.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 25 Aug 2023 21:02:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: vO8A/abKpoPacUrvSk9OSw==
age: 6752
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 3020
x-ms-lease-status: unlocked
last-modified: Mon, 12 Dec 2022 17:31:35 GMT
server: cloudflare
etag: 0x8DADC66B7AF38D0
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: a948cefc-701e-008c-3180-d7518d000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7fc6c6e96f2935f8-FRA

GET
H2 200 otPcCenter.json Show response
cdn.cookielaw.org/scripttemplates/202211.2.0/assets/ 62 KB
15 KB 40ms
40ms Fetch
application/json 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202211.2.0/assets/otPcCenter.json

Requested by

Host: hcm.paycor.com
URL: https://hcm.paycor.com/authentication/Content/Scripts/newrelic.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cef181b89850405f733232c050e35b633a648eacee98005f2663b481ac3b0db4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://cr05828.tw1.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 25 Aug 2023 21:02:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: MDgKSvnSO+c999jgSnUf4g==
age: 6752
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 14749
x-ms-lease-status: unlocked
last-modified: Mon, 12 Dec 2022 17:31:35 GMT
server: cloudflare
etag: 0x8DADC66B80F4BC7
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: a948ceff-701e-008c-3480-d7518d000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7fc6c6e96f2b35f8-FRA

GET
H2 200 otCommonStyles.css Show response
cdn.cookielaw.org/scripttemplates/202211.2.0/assets/ 21 KB
4 KB 47ms
46ms Fetch
text/css 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202211.2.0/assets/otCommonStyles.css

Requested by

Host: hcm.paycor.com
URL: https://hcm.paycor.com/authentication/Content/Scripts/newrelic.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

930239150e702d9d4bf43c3881aa70f8ad5fd9068dcbecb7c8bcca654784f7f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://cr05828.tw1.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 25 Aug 2023 21:02:37 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: XcxlleAcPGO2n5kTZrHH2Q==
age: 6752
x-ms-lease-status: unlocked
last-modified: Mon, 12 Dec 2022 17:31:50 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: b4728ef9-a01e-0036-3680-d7b4f3000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 7fc6c6e96f2c35f8-FRA

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 91ms
19ms Image
text/plain 2a03:2880:f176:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1658281131098209&ev=PageView&dl=http%3A%2F%2Fcr05828.tw1.ru%2FLogin%2Fauthentication.html&rl=&if=false&ts=1692997357020&sw=1600&sh=1200&v=2.9.124&r=stable&ec=0&o=30&fbp=fb.1.1692997357019.2132703154&it=1692997356904&coo=false&rqm=GET

Requested by

Host: cr05828.tw1.ru
URL: http://cr05828.tw1.ru/Login/authentication.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://cr05828.tw1.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Fri, 25 Aug 2023 21:02:37 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 ot_company_logo.png
cdn.cookielaw.org/logos/static/ 4 KB
4 KB 29ms
28ms Image
image/png 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/static/ot_company_logo.png

Requested by

Host: cr05828.tw1.ru
URL: http://cr05828.tw1.ru/Login/authentication.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a335fc1da4a5ffc1fcacfa3eab57506faa41f026954496becb59cf5fbcd99d0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://cr05828.tw1.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 25 Aug 2023 21:02:37 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: E8+sk/ECzKgTUVtDLikiIA==
age: 61599
content-length: 4036
x-ms-lease-status: unlocked
last-modified: Thu, 24 Aug 2023 03:26:26 GMT
server: cloudflare
etag: 0x8DBA451E672EB19
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
x-ms-request-id: 1e7c4bd8-501e-00a4-54f9-d63025000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7fc6c6e9cb4e9b51-FRA

GET
H2 200 powered_by_logo.svg
cdn.cookielaw.org/logos/static/ 5 KB
2 KB 38ms
38ms Image
image/svg+xml 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/static/powered_by_logo.svg

Requested by

Host: cr05828.tw1.ru
URL: http://cr05828.tw1.ru/Login/authentication.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://cr05828.tw1.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 25 Aug 2023 21:02:37 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: Y+c301RBZNK39PvKQWrIBw==
age: 8969
x-ms-lease-status: unlocked
last-modified: Thu, 24 Aug 2023 03:26:27 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 2b6086b3-901e-002d-50b5-d68af0000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 7fc6c6e9db529b51-FRA

GET
H/1.1 200
OK NRBR-ae85938b008f49eb85b Show response
bam.nr-data.net/1/ Frame 5BC2 56 B
627 B 654ms
587ms Script
text/javascript 162.247.241.14
NEWRELIC-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.nr-data.net/1/NRBR-ae85938b008f49eb85b?a=925359365&v=1216.487a282&to=YV0EbRRTV0ZUVk0NCVgXM0sPHVhWVlpMChJFFwVWCEZcW0EaWggDV0oVTQdGXBtdQVQI&rst=761&ck=1&ref=https://secure.paycor.com/accounts/content/clearstate.html&ap=2&be=541&fe=654&dc=653&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1692997356352,%22n%22:0,%22f%22:0,%22dn%22:1,%22dne%22:33,%22c%22:33,%22s%22:50,%22ce%22:201,%22rq%22:202,%22rp%22:483,%22rpe%22:483,%22dl%22:522,%22di%22:653,%22ds%22:653,%22de%22:653,%22dc%22:653,%22l%22:653,%22le%22:654%7D,%22navigation%22:%7B%7D%7D&jsonp=NREUM.setToken
Requested by: Host: secure.paycor.com
URL: https://secure.paycor.com/accounts/content/clearstate.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.247.241.14 Portland, United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f9745c48d0b4c918d466da4acdb3f786ef5cda4c69ac0b6009d76cff67e6325d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.paycor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

Date: Fri, 25 Aug 2023 21:02:37 GMT
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
Server: cloudflare
Transfer-Encoding: chunked
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Vary: Accept-Encoding
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
Connection: keep-alive
CF-Ray: 7fc6c6ea684391e4-FRA

GET
H/1.1 200
OK utilities.xoss.min.js Show response
hcm.paycor.com/paycorapp/ Frame ABB0 23 KB
9 KB 60ms
60ms Script
application/x-javascript 104.64.120.226
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hcm.paycor.com/paycorapp/utilities.xoss.min.js
Requested by: Host: hcm.paycor.com
URL: https://hcm.paycor.com/paycorapp/xoss.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.64.120.226 Prague, Czech Republic, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-64-120-226.deploy.static.akamaitechnologies.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 7da7dbe5e7b031a5d0ef1f0274346ef2dda1340b89616d90a9364b1453005239

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hcm.paycor.com/paycorapp/xoss.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

Date: Fri, 25 Aug 2023 21:02:37 GMT
Content-Encoding: gzip
Last-Modified: Fri, 10 Mar 2023 01:24:08 GMT
Server: Microsoft-IIS/10.0
ETag: "0acb12ef52d91:0"
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: public,max-age=604800,no-cache
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 9009

GET
H/1.1 200
OK 2RqUDM Show response
hcm.paycor.com/w1JHcNSa8fohKe_PrkkZzynt/mOau6XrV2QEmuY/GiAcSikD/QhhPK/ Frame ABB0 207 KB
77 KB 297ms
297ms Script
application/javascript 104.64.120.226
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hcm.paycor.com/w1JHcNSa8fohKe_PrkkZzynt/mOau6XrV2QEmuY/GiAcSikD/QhhPK/2RqUDM
Requested by: Host: hcm.paycor.com
URL: https://hcm.paycor.com/paycorapp/xoss.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.64.120.226 Prague, Czech Republic, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-64-120-226.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 0b2a332cab2ae8062add23083a1055a9c6dc7c057a1ef9cf11132755d00db488

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hcm.paycor.com/paycorapp/xoss.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

Date: Fri, 25 Aug 2023 21:02:37 GMT
Content-Encoding: br
Last-Modified: Wed, 02 Aug 2023 16:14:17 GMT
ETag: "3453d8a4c9117996cd885f861a76d40870732f6f819d9109cb965aaf12b84a96"
Stored-Attribute-Sha-Checksum: 0b2a332cab2ae8062add23083a1055a9c6dc7c057a1ef9cf11132755d00db488
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=21600
Connection: keep-alive
Content-Length: 77907

POST
H/1.1 201
Created Okw Show response
secure.paycor.com/EcxnBnB5U/c/J8IbfNFg/G7YXfJkNbQcYY7/bC4gdQ8CAg/UB1rdgRX/ Frame 5BC2 18 B
1 KB 40ms
40ms XHR
application/json 23.37.54.239
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.paycor.com/EcxnBnB5U/c/J8IbfNFg/G7YXfJkNbQcYY7/bC4gdQ8CAg/UB1rdgRX/Okw
Requested by: Host: secure.paycor.com
URL: https://secure.paycor.com/accounts/content/clearstate.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.37.54.239 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-54-239.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d

Request headers

X-NewRelic-ID: VwIPUFdTCBAJVlRRAggEUFE=
tracestate: 1151945@nr=0-1-3481100-1103151828-aa9f094e39471ecb----1692997357587
traceparent: 00-cffd936423915ee8959bc50478ced83c-aa9f094e39471ecb-01
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjM0ODExMDAiLCJhcCI6IjExMDMxNTE4MjgiLCJpZCI6ImFhOWYwOTRlMzk0NzFlY2IiLCJ0ciI6ImNmZmQ5MzY0MjM5MTVlZTg5NTliYzUwNDc4Y2VkODNjIiwidGkiOjE2OTI5OTczNTc1ODcsInRrIjoiMTE1MTk0NSJ9fQ==
Content-Type: text/plain;charset=UTF-8
Referer: https://secure.paycor.com/accounts/content/clearstate.html

Response headers

X-Akamai-Request-ID: 11dffd1
Date: Fri, 25 Aug 2023 21:02:37 GMT
Vary: Origin
Content-Type: application/json
Access-Control-Allow-Origin: https://secure.paycor.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Content-Type
Content-Length: 18

POST
H/1.1 201
Created 2RqUDM Show response
hcm.paycor.com/w1JHcNSa8fohKe_PrkkZzynt/mOau6XrV2QEmuY/GiAcSikD/QhhPK/ Frame ABB0 18 B
1 KB 56ms
56ms XHR
application/json 104.64.120.226
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hcm.paycor.com/w1JHcNSa8fohKe_PrkkZzynt/mOau6XrV2QEmuY/GiAcSikD/QhhPK/2RqUDM
Requested by: Host: hcm.paycor.com
URL: https://hcm.paycor.com/w1JHcNSa8fohKe_PrkkZzynt/mOau6XrV2QEmuY/GiAcSikD/QhhPK/2RqUDM
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.64.120.226 Prague, Czech Republic, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-64-120-226.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d

Request headers

Referer: https://hcm.paycor.com/paycorapp/xoss.html
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Fri, 25 Aug 2023 21:02:37 GMT
Vary: Origin
Content-Type: application/json
Access-Control-Allow-Origin: https://hcm.paycor.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Content-Type
Content-Length: 18

GET
H2 200 nr-spa-1215.min.js Show response
js-agent.newrelic.com/ 47 KB
18 KB 21ms
21ms Script
application/javascript 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js-agent.newrelic.com/nr-spa-1215.min.js

Requested by

Host: hcm.paycor.com
URL: https://hcm.paycor.com/authentication/Content/Scripts/newrelic.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.137 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

dd2d8d288526b88b0eae53168e31b4092acf39ed38d40ffcbc6d0ab2f7a4aa66

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://cr05828.tw1.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

x-amz-version-id: zcmP9QP8YWQtiPZETZozJGQXbXQvWuWT
content-encoding: br
via: 1.1 varnish
date: Fri, 25 Aug 2023 21:02:37 GMT
strict-transport-security: max-age=300
x-amz-request-id: V166JT3N7FSR6XS0
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 18245
x-amz-id-2: LN7zcp0+pwOpnsActKd0tgRVUiT4T7Cz8KidljCWYvgL1uEEVgWS6vCq+ToPh9xE5G8GTt8zVjrAiAJPrqRFnA==
x-served-by: cache-fra-etou8220084-FRA
last-modified: Mon, 24 Jan 2022 22:13:54 GMT
server: AmazonS3
x-timer: S1692997358.652454,VS0,VE0
etag: "7e1862f7a390ed9fc02c299216395547"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 401

GET
H/1.1 200
OK NRBR-7784dc3f05e7c9bd31b Show response
bam.nr-data.net/1/ 56 B
627 B 293ms
249ms Script
text/javascript 162.247.241.14
NEWRELIC-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.nr-data.net/1/NRBR-7784dc3f05e7c9bd31b?a=1103143923&sa=1&v=1215.1253ab8&t=Unnamed%20Transaction&rst=2805&ck=1&ref=http://cr05828.tw1.ru/Login/authentication.html&be=565&fe=2775&dc=1516&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1692997354868,%22n%22:0,%22f%22:1,%22dn%22:1,%22dne%22:149,%22c%22:149,%22ce%22:209,%22rq%22:210,%22rp%22:312,%22rpe%22:313,%22dl%22:315,%22di%22:1516,%22ds%22:1516,%22de%22:1732,%22dc%22:2776,%22l%22:2776,%22le%22:2776%7D,%22navigation%22:%7B%7D%7D&fp=1522&fcp=1522&jsonp=NREUM.setToken
Requested by: Host: hcm.paycor.com
URL: https://hcm.paycor.com/authentication/Content/Scripts/newrelic.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.247.241.14 Portland, United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f9745c48d0b4c918d466da4acdb3f786ef5cda4c69ac0b6009d76cff67e6325d

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://cr05828.tw1.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

Date: Fri, 25 Aug 2023 21:02:37 GMT
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
Server: cloudflare
Transfer-Encoding: chunked
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Vary: Accept-Encoding
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
Connection: keep-alive
CF-Ray: 7fc6c6edc8b2925b-FRA

POST
H/1.1 200
OK NRBR-ae85938b008f49eb85b Show response
bam.nr-data.net/events/1/ Frame 5BC2 24 B
405 B 250ms
250ms XHR
image/gif 162.247.241.14
NEWRELIC-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.nr-data.net/events/1/NRBR-ae85938b008f49eb85b?a=925359365&v=1216.487a282&to=YV0EbRRTV0ZUVk0NCVgXM0sPHVhWVlpMChJFFwVWCEZcW0EaWggDV0oVTQdGXBtdQVQI&rst=1423&ck=1&ref=https://secure.paycor.com/accounts/content/clearstate.html
Requested by: Host: secure.paycor.com
URL: https://secure.paycor.com/accounts/content/clearstate.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.247.241.14 Portland, United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300

Request headers

Referer: https://secure.paycor.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36
content-type: text/plain

Response headers

Date: Fri, 25 Aug 2023 21:02:38 GMT
CF-Cache-Status: DYNAMIC
Server: cloudflare
Vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: https://secure.paycor.com
access-control-allow-credentials: true
Connection: keep-alive
CF-Ray: 7fc6c6ee2ca491e4-FRA
Content-Length: 24

POST
H/1.1 200
OK NRBR-7784dc3f05e7c9bd31b Show response
bam.nr-data.net/events/1/ 24 B
401 B 263ms
262ms XHR
image/gif 162.247.241.14
NEWRELIC-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.nr-data.net/events/1/NRBR-7784dc3f05e7c9bd31b?a=1103143923&sa=1&v=1215.1253ab8&t=Unnamed%20Transaction&rst=3108&ck=1&ref=http://cr05828.tw1.ru/Login/authentication.html
Requested by: Host: hcm.paycor.com
URL: https://hcm.paycor.com/authentication/Content/Scripts/newrelic.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.247.241.14 Portland, United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300

Request headers

Referer: http://cr05828.tw1.ru/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36
content-type: text/plain

Response headers

Date: Fri, 25 Aug 2023 21:02:38 GMT
CF-Cache-Status: DYNAMIC
Server: cloudflare
Vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: http://cr05828.tw1.ru
access-control-allow-credentials: true
Connection: keep-alive
CF-Ray: 7fc6c6ef69d7925b-FRA
Content-Length: 24

POST
H/1.1 201
Created Okw Show response
secure.paycor.com/EcxnBnB5U/c/J8IbfNFg/G7YXfJkNbQcYY7/bC4gdQ8CAg/UB1rdgRX/ Frame 5BC2 18 B
1 KB 35ms
35ms XHR
application/json 23.37.54.239
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.paycor.com/EcxnBnB5U/c/J8IbfNFg/G7YXfJkNbQcYY7/bC4gdQ8CAg/UB1rdgRX/Okw
Requested by: Host: secure.paycor.com
URL: https://secure.paycor.com/accounts/content/clearstate.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.37.54.239 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-54-239.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d

Request headers

X-NewRelic-ID: VwIPUFdTCBAJVlRRAggEUFE=
tracestate: 1151945@nr=0-1-3481100-1103151828-f4a49e0320a45cca----1692997358029
traceparent: 00-7c13c2a3f012686a232029f5dacd973c-f4a49e0320a45cca-01
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjM0ODExMDAiLCJhcCI6IjExMDMxNTE4MjgiLCJpZCI6ImY0YTQ5ZTAzMjBhNDVjY2EiLCJ0ciI6IjdjMTNjMmEzZjAxMjY4NmEyMzIwMjlmNWRhY2Q5NzNjIiwidGkiOjE2OTI5OTczNTgwMjksInRrIjoiMTE1MTk0NSJ9fQ==
Content-Type: text/plain;charset=UTF-8
Referer: https://secure.paycor.com/accounts/content/clearstate.html

Response headers

X-Akamai-Request-ID: 11e0365
Date: Fri, 25 Aug 2023 21:02:38 GMT
Vary: Origin
Content-Type: application/json
Access-Control-Allow-Origin: https://secure.paycor.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Content-Type
Content-Length: 18

POST
H/1.1 201
Created 2RqUDM Show response
hcm.paycor.com/w1JHcNSa8fohKe_PrkkZzynt/mOau6XrV2QEmuY/GiAcSikD/QhhPK/ Frame ABB0 18 B
1 KB 184ms
184ms XHR
application/json 104.64.120.226
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hcm.paycor.com/w1JHcNSa8fohKe_PrkkZzynt/mOau6XrV2QEmuY/GiAcSikD/QhhPK/2RqUDM
Requested by: Host: hcm.paycor.com
URL: https://hcm.paycor.com/w1JHcNSa8fohKe_PrkkZzynt/mOau6XrV2QEmuY/GiAcSikD/QhhPK/2RqUDM
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.64.120.226 Prague, Czech Republic, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-64-120-226.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d

Request headers

Referer: https://hcm.paycor.com/paycorapp/xoss.html
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Fri, 25 Aug 2023 21:02:38 GMT
Vary: Origin
Content-Type: application/json
Access-Control-Allow-Origin: https://hcm.paycor.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Content-Type
Content-Length: 18

GET
H2 200 /
www.facebook.com/tr/ 0
54 B 19ms
19ms Image
text/plain 2a03:2880:f176:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1658281131098209&ev=Microdata&dl=http%3A%2F%2Fcr05828.tw1.ru%2FLogin%2Fauthentication.html&rl=&if=false&ts=1692997358592&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Paycor%20Secure%20Access%20Employee%20Login%22%7D&cd[OpenGraph]=%7B%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.124&r=stable&ec=1&o=30&fbp=fb.1.1692997357019.2132703154&it=1692997356904&coo=false&es=automatic&tm=3&rqm=GET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://cr05828.tw1.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Fri, 25 Aug 2023 21:02:38 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

POST
H/1.1 201
Created 2RqUDM Show response
hcm.paycor.com/w1JHcNSa8fohKe_PrkkZzynt/mOau6XrV2QEmuY/GiAcSikD/QhhPK/ Frame ABB0 18 B
1 KB 53ms
52ms XHR
application/json 104.64.120.226
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hcm.paycor.com/w1JHcNSa8fohKe_PrkkZzynt/mOau6XrV2QEmuY/GiAcSikD/QhhPK/2RqUDM
Requested by: Host: hcm.paycor.com
URL: https://hcm.paycor.com/w1JHcNSa8fohKe_PrkkZzynt/mOau6XrV2QEmuY/GiAcSikD/QhhPK/2RqUDM
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.64.120.226 Prague, Czech Republic, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-64-120-226.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d

Request headers

Referer: https://hcm.paycor.com/paycorapp/xoss.html
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Fri, 25 Aug 2023 21:02:38 GMT
Vary: Origin
Content-Type: application/json
Access-Control-Allow-Origin: https://hcm.paycor.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Content-Type
Content-Length: 18

Verdicts & Comments Add Verdict or Comment

40 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

16 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
cr05828.tw1.ru/	1969-12-31 23:59:59	Name: paycordfp Value: 7bb3ae3715e3900ab2ef5801c7a47da0
.doubleclick.net/	1970-01-20 14:16:38	Name: test_cookie Value: CheckForPermission
cr05828.tw1.ru/	1970-01-20 14:18:03	Name: ln_or Value: eyIxMDMxOCI6ImQifQ%3D%3D
.tw1.ru/	1970-01-20 14:18:03	Name: _uetsid Value: b82631c0438a11ee9e5e7bb07e8cbebe
.tw1.ru/	1970-01-20 23:38:13	Name: _uetvid Value: b8265280438a11eeb04e45020eb34975
.linkedin.com/	1970-01-20 16:26:13	Name: li_sugr Value: 32c2a839-8588-42c4-9912-1964af75e2d0
.linkedin.com/	1970-01-20 23:02:13	Name: bcookie Value: "v=2&7d40f449-dedd-4a98-8689-b83d2a404ee2"
.linkedin.com/	1970-01-20 14:18:03	Name: lidc Value: "b=VGST02:s=V:r=V:a=V:p=V:g=2970:u=1:x=1:i=1692997356:t=1693083756:v=2:sig=AQEeLs9GP2PXlExtdwtqGtvJt75cd11o"
.bing.com/	1970-01-20 23:38:13	Name: MUID Value: 0C0714E4CBE960503A43079CCA456172
.tw1.ru/	1970-01-20 16:26:13	Name: _fbp Value: fb.1.1692997357019.2132703154
cr05828.tw1.ru/	1970-01-20 23:02:13	Name: OptanonConsent Value: isGpcEnabled=0&datestamp=Fri+Aug+25+2023+23%3A02%3A37+GMT%2B0200+(Central+European+Summer+Time)&version=202211.2.0&isIABGlobal=false&hosts=&landingPath=http%3A%2F%2Fcr05828.tw1.ru%2FLogin%2Fauthentication.html&groups=C0004%3A1%2CC0002%3A1%2CC0003%3A1%2CC0001%3A1
.linkedin.com/	1970-01-20 14:59:49	Name: UserMatchHistory Value: AQI45vTqCqEJ6AAAAYougY3_ebZroK16qKzZUs7Js_3vomIW000azVmtYpuRlym3XcOP4MNBdv9viQ
.linkedin.com/	1970-01-20 14:59:49	Name: AnalyticsSyncHistory Value: AQIsOTAzLtPLXAAAAYougY3_uEkESh1m-LgAHLi4ZkOuzITNXyeJ8gYrPy21Mwh5Cs-ja6VOVEeh2rksJhfc2A
.www.linkedin.com/	1970-01-20 23:02:13	Name: bscookie Value: "v=1&202308252102371e65cabd-ce2a-4ee2-8de3-882058506346AQG7x-v8rSUPs_TV_0Ely_GNWCNdNQAG"
.linkedin.com/	1970-01-20 18:35:49	Name: li_gc Value: MTswOzE2OTI5OTczNTc7MjswMjHrqKcSGkp3klZrYwAA4F3r7qbqNVJTxq5Pze9Cq5gKzw==
.nr-data.net/	1969-12-31 23:59:59	Name: JSESSIONID Value: a2f9f2eb92744611

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: http://cr05828.tw1.ru/w1JHcNSa8fohKe_PrkkZzynt/mOau6XrV2QEmuY/GiAcSikD/QhhPK/2RqUDM Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: http://cr05828.tw1.ru/authentication/bundles/signin/jquery?v=OogFi3g5HLuGIHAgSqPk_6zluJg3HjxNAuUL0uNC8a81 Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

999.paycor.com
bam.nr-data.net
bat.bing.com
cdn.cookielaw.org
cdn.linkedin.oribi.io
connect.facebook.net
cr05828.tw1.ru
geolocation.onetrust.com
googleads.g.doubleclick.net
hcm.paycor.com
js-agent.newrelic.com
px.ads.linkedin.com
px4.ads.linkedin.com
secure.paycor.com
snap.licdn.com
www.facebook.com
www.google.com
www.google.de
www.googletagmanager.com
www.linkedin.com
104.64.120.226
13.107.42.14
151.101.2.137
162.247.241.14
23.37.54.239
2600:9000:2248:4000:2:53b2:240:93a1
2606:4700:4400::ac40:9b77
2606:4700::6812:83ec
2620:1ec:21::14
2620:1ec:c11::200
2a00:1450:4001:801::2008
2a00:1450:4001:809::2002
2a00:1450:4001:80e::2003
2a00:1450:4001:810::2004
2a02:26f0:3100::1735:2a20
2a03:2880:f084:105:face:b00c:0:3
2a03:2880:f176:181:face:b00c:0:25de
2a03:6f00:6:1::517:321b
54.156.245.251
0b2a332cab2ae8062add23083a1055a9c6dc7c057a1ef9cf11132755d00db488
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
0db2edef2307ac57bc3182ab2fe125cb77bd4f594ddb98482ee5307441a88567
16e31e698ad86dd88a847fabe992d98514011cd9a0cb70e3c40fb113d4b5a753
1df323c03e742ff217794c8ace2c647f3f0cf868c91d4396c166262ca1075acc
2157361193375a79ade3559e960f982daa8d599cf7f4a92d36e3eef257738f16
2e2b4ffae714b58b912875ba253a4996daa4347d49c8614835d5788e994abd8b
2f472251b6b4a4a8d7ceed7539cb6ebea71caf28bccc0beda7a6866a6847b53e
30b706fd61a5aa40dc318351fa02449014901e6019357f8e4d6a6cd1c16ff72a
374ba02b44412645b5db18a26b6b146c8c1b3b976992fa9be64d77df2ec7e9fe
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
43243e1e25643ac64e7cc5a8c32a512e4161afe4a44b4c306880145873ef083a
4376db26e990d8631fec3bf2a547a5a5501eaaa02335707cb838ede82267b51b
493caf2148e30a0095b0a31f596e9feac88d5c253eeeb873872f3b136b66f2cb
49582965b8ddcb8f728f5b4d33b2c73e138690f5c6815bd9918de94f62f4b80b
545156adeae44dadc82b98d504f805ebe77fb79c928ef34eed1057bb9d4cb8fe
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
5fee16176f94e4a1d8a3a6d7b5e87d6a293928d0fda42d6f27647a6dcedd27d4
7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89
7da7dbe5e7b031a5d0ef1f0274346ef2dda1340b89616d90a9364b1453005239
8ac28aefc2f0ca15566e4876daa56e4947be11c4bb5f827c998e3f8a0ed35ab3
930239150e702d9d4bf43c3881aa70f8ad5fd9068dcbecb7c8bcca654784f7f1
9cdd79d3fec4f5235efa8b885f4b649c6e26dbd29f386e1c353b5398c99f1c09
a335fc1da4a5ffc1fcacfa3eab57506faa41f026954496becb59cf5fbcd99d0e
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b97b49ee323dbccf9a13f15fa3d93188d01681652d52b1ed40ad00c32dfb0513
b9db2b33d8143e860615a43dd62dd1b604e2a7e4bafba887299e1f3dcd650720
c016ff6c8c355a8c2a99923c0421f6f58e5cc07a08943b1b4a4e4a80e72f3bbf
c399c0d0bc5b2d6cafb63d4218e38f81ea8f15216687643e34ddf1a5c48e15f9
cef181b89850405f733232c050e35b633a648eacee98005f2663b481ac3b0db4
dd2d8d288526b88b0eae53168e31b4092acf39ed38d40ffcbc6d0ab2f7a4aa66
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ec140ae8baa4b61226d96beba9277a0072e45b805004b8ea983c5d43402aeb66
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f09cf56b5a3e9d8595c3618e9bfdd57babb67b3305b856fd5e06f3f4da766dad
f3ad6b8b82f6e9c8067edb141866f5954813a29f6e7a6bdf35186e7b09e9f758
f9745c48d0b4c918d466da4acdb3f786ef5cda4c69ac0b6009d76cff67e6325d
fa53fcd8da139d256c0ca83b69cb37473ca627b6052368ed3327c80d9fb61e25
fcceaec68d4f07978f76ab4e812699ab050baaa9c220304d42d62bb9dbef3982
fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d

cr05828.tw1.ru Open in urlscan Pro 2a03:6f00:6:1::517:321b Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

54 Requests

87 %HTTPS

68 %IPv6

16 Domains

20 Subdomains

19 IPs

4 Countries

1124 kBTransfer

2596 kBSize

16 Cookies

11 Outgoing links

Redirected requests

54 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

cr05828.tw1.ru Open in urlscan Pro
2a03:6f00:6:1::517:321b Public Scan

Screenshot
Live screenshot

Full Image

54
Requests

87 %
HTTPS

68 %
IPv6

16
Domains

20
Subdomains

19
IPs

4
Countries

1124 kB
Transfer

2596 kB
Size

16
Cookies

54 HTTP transactions
1 data transactions