www.employees-portals.com Open in urlscan Pro
154.53.57.19 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.employees-portals.com/
Submission: On August 24 via automatic, source certstream-suspicious (August 24th 2024, 6:05:53 pm UTC) — Scanned from DE

Summary HTTP 18 Redirects Behaviour Indicators

Summary

This website contacted 10 IPs in 5 countries across 12 domains to perform 18 HTTP transactions. The main IP is 154.53.57.19, located in Seattle, United States and belongs to NL-811-40021, US. The main domain is www.employees-portals.com.
TLS certificate: Issued by R10 on August 24th 2024. Valid for: 3 months.

This is the only time www.employees-portals.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
6	154.53.57.19 154.53.57.19	40021 (NL-811-40021) (NL-811-40021)
1 1	199.48.133.250 199.48.133.250	36236 (NETACTUATE) (NETACTUATE)
1	18.165.183.56 18.165.183.56	16509 (AMAZON-02) (AMAZON-02)
1	23.41.180.191 23.41.180.191	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2a00:1450:400... 2a00:1450:4001:810::2016	15169 (GOOGLE) (GOOGLE)
1	192.0.77.2 192.0.77.2	2635 (AUTOMATTIC) (AUTOMATTIC)
1	173.249.3.75 173.249.3.75	51167 (CONTABO) (CONTABO)
1	103.224.182.238 103.224.182.238	133618 (TRELLIAN-...) (TRELLIAN-AS-AP Trellian Pty. Limited)
1	212.188.174.43 212.188.174.43	8426 (CLARANET-...) (CLARANET-AS ClaraNET LTD)
2	159.89.165.2 159.89.165.2	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
18	10

6 154.53.57.19 (Seattle, United States)

ASN40021 (NL-811-40021, US)
PTR: vmi934385.contaboserver.net

www.employees-portals.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.48.133.250 (Dallas, United States) 1 redirects

ASN36236 (NETACTUATE, US)
PTR: dns101.netops.sspdata.net

sfgov.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.165.183.56 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-165-183-56.zrh55.r.cloudfront.net

www.sfgov.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.41.180.191 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-41-180-191.deploy.static.akamaitechnologies.com

www.transitchicago.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2016 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

i.ytimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.77.2 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: i1.wp.com

i1.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 173.249.3.75 (Nuremberg, Germany)

ASN51167 (CONTABO, DE)
PTR: vmi202802.contaboserver.net

www.myservicesupport.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 103.224.182.238 (Australia)

ASN133618 (TRELLIAN-AS-AP Trellian Pty. Limited, AU)
PTR: lb-182-238.above.com

loginregistration.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 212.188.174.43 (Hounslow, United Kingdom)

ASN8426 (CLARANET-AS ClaraNET LTD, GB)

assets.markallengroup.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 159.89.165.2 (Bengaluru, India)

ASN14061 (DIGITALOCEAN-ASN, US)

analyzive.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	employees-portals.com www.employees-portals.com	514 KB
2	analyzive.com analyzive.com	21 KB
2	sfgov.org 1 redirects sfgov.org — Cisco Umbrella Rank: 459945 www.sfgov.org	47 KB
1	markallengroup.com assets.markallengroup.com	61 KB
1	loginregistration.com loginregistration.com	246 B
1	myservicesupport.com www.myservicesupport.com	16 KB
1	wp.com i1.wp.com — Cisco Umbrella Rank: 12322	95 KB
1	ytimg.com i.ytimg.com — Cisco Umbrella Rank: 117	44 KB
1	transitchicago.com www.transitchicago.com — Cisco Umbrella Rank: 417118	12 KB
0	addresources.org Failed www.addresources.org Failed
0	softiyo.com Failed www.softiyo.com Failed
0	questtrustcompany.com Failed www.questtrustcompany.com Failed
18	12

	Domain	Requested by
6	www.employees-portals.com	www.employees-portals.com
2	analyzive.com	www.employees-portals.com analyzive.com
1	assets.markallengroup.com	www.employees-portals.com
1	loginregistration.com	www.employees-portals.com
1	www.myservicesupport.com	www.employees-portals.com
1	i1.wp.com	www.employees-portals.com
1	i.ytimg.com	www.employees-portals.com
1	www.transitchicago.com	www.employees-portals.com
1	www.sfgov.org	www.employees-portals.com
1	sfgov.org	1 redirects
0	www.addresources.org Failed	www.employees-portals.com
0	www.softiyo.com Failed	www.employees-portals.com
0	www.questtrustcompany.com Failed	www.employees-portals.com
18	13

This site contains no links.

Subject Issuer	Validity	Valid
employees-portals.com R10	`2024-08-24` - `2024-11-22`	3 months	crt.sh
akamai.dv.americaneagle.com R3	`2024-06-06` - `2024-09-04`	3 months	crt.sh
edgestatic.com WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
*.wp.com Sectigo ECC Domain Validation Secure Server CA	`2023-11-28` - `2024-12-28`	a year	crt.sh
myservicesupport.com R11	`2024-06-07` - `2024-09-05`	3 months	crt.sh
hexapower-ksa.com R11	`2024-07-12` - `2024-10-10`	3 months	crt.sh
assets.markallengroup.com R11	`2024-08-14` - `2024-11-12`	3 months	crt.sh
analyzive.com R11	`2024-08-16` - `2024-11-14`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://www.employees-portals.com/
Frame ID: 04C0EACD2EA52E4F36DAA5E2021BC4CF
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Employees Portals Directory and QA Service | Page1

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Laravel (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Page Statistics

18
Requests

78 %
HTTPS

10 %
IPv6

12
Domains

13
Subdomains

10
IPs

5
Countries

809 kB
Transfer

1842 kB
Size

4
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 3

https://sfgov.org/sfc/sites/default/files/Employee%20Gateway/sf_employee_gateway_banner.jpg HTTP 302
https://www.sfgov.org/sfc/sites/default/files/Employee%20Gateway/sf_employee_gateway_banner.jpg

Request Chain 6

https://www.questtrustcompany.com/wp-content/uploads/2021/07/secure-upload.png HTTP 301
https://www.questtrustcompany.com/

18 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.employees-portals.com/ 28 KB
5 KB 1100ms
444ms Document
text/html 154.53.57.19
NL-811-40021

General

Check archive.org

Show headers Download Go to

Full URL

https://www.employees-portals.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

154.53.57.19 Seattle, United States, ASN40021 (NL-811-40021, US),

Reverse DNS

vmi934385.contaboserver.net

Software

nginx-rc /

Resource Hash

a0cb345852ded411eeb1e7b426337064f459bf3c81eb01859300d93d0108ae13

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

cache-control: no-cache, private
content-encoding: br
content-type: text/html; charset=UTF-8
date: Sat, 24 Aug 2024 18:05:47 GMT
server: nginx-rc
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

GET
H2 200 all.min.js Show response
www.employees-portals.com/themes/DevBlog/assets/fontawesome/js/ 1 MB
409 KB 261ms
260ms Script
text/javascript 154.53.57.19
NL-811-40021

General

Check archive.org

Show headers Download Go to

Full URL

https://www.employees-portals.com/themes/DevBlog/assets/fontawesome/js/all.min.js

Requested by

Host: www.employees-portals.com
URL: https://www.employees-portals.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

154.53.57.19 Seattle, United States, ASN40021 (NL-811-40021, US),

Reverse DNS

vmi934385.contaboserver.net

Software

nginx-rc /

Resource Hash

bb5d7f5d023603a9a95dad23d69d25d14a4edd9ba2313227194a9a4f62bd6564

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.employees-portals.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 24 Aug 2024 18:05:47 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Fri, 05 Aug 2022 08:06:10 GMT
server: nginx-rc
etag: W/"62eccf72-123dba"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/javascript
cache-control: max-age=2592000
x-xss-protection: 1; mode=block
expires: Mon, 23 Sep 2024 18:05:47 GMT

GET
H2 200 theme-5.css
www.employees-portals.com/themes/DevBlog/assets/css/ 178 KB
22 KB 261ms
260ms Stylesheet
text/css 154.53.57.19
NL-811-40021

General

Check archive.org

Show headers Download Go to

Full URL

https://www.employees-portals.com/themes/DevBlog/assets/css/theme-5.css

Requested by

Host: www.employees-portals.com
URL: https://www.employees-portals.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

154.53.57.19 Seattle, United States, ASN40021 (NL-811-40021, US),

Reverse DNS

vmi934385.contaboserver.net

Software

nginx-rc /

Resource Hash

4954be2ede283944f3946dfbbdce01db612df3f706a608c0df42ef32a802df76

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.employees-portals.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 24 Aug 2024 18:05:47 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Fri, 05 Aug 2022 08:06:10 GMT
server: nginx-rc
etag: W/"62eccf72-2c842"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
cache-control: max-age=2592000
x-xss-protection: 1; mode=block
expires: Mon, 23 Sep 2024 18:05:47 GMT

GET
H2 200 profile.png
www.employees-portals.com/themes/DevBlog/assets/images/ 56 KB
56 KB 260ms
260ms Image
image/png 154.53.57.19
NL-811-40021

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.employees-portals.com/themes/DevBlog/assets/images/profile.png

Requested by

Host: www.employees-portals.com
URL: https://www.employees-portals.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

154.53.57.19 Seattle, United States, ASN40021 (NL-811-40021, US),

Reverse DNS

vmi934385.contaboserver.net

Software

nginx-rc /

Resource Hash

87c15ef693c07206e4b57ad6294158ff2a5393c816dafe5aa10bac9807fa1ad8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.employees-portals.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 24 Aug 2024 18:05:47 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Sat, 09 Jul 2022 09:43:19 GMT
server: nginx-rc
etag: W/"62c94db7-de5f"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=2592000
x-xss-protection: 1; mode=block
expires: Mon, 23 Sep 2024 18:05:47 GMT

GET
H2

200

sf_employee_gateway_banner.jpg
www.sfgov.org/sfc/sites/default/files/Employee%20Gateway/
Redirect Chain

https://sfgov.org/sfc/sites/default/files/Employee%20Gateway/sf_employee_gateway_banner.jpg
https://www.sfgov.org/sfc/sites/default/files/Employee%20Gateway/sf_employee_gateway_banner.jpg

46 KB
47 KB

976ms
71ms

Image
image/jpeg

18.165.183.56
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.sfgov.org/sfc/sites/default/files/Employee%20Gateway/sf_employee_gateway_banner.jpg
Requested by: Host: www.employees-portals.com
URL: https://www.employees-portals.com/
Protocol: H2
Server: 18.165.183.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-165-183-56.zrh55.r.cloudfront.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 14f385230e0d4048923c8d7519b9e8385c8928ea603beb5eaaa1ef33a188c9ca

Request headers

Referer: https://www.employees-portals.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 12 Aug 2024 16:19:07 GMT
via: 1.1 9d47bedfe2d83b5ed14a7d02ea9ca902.cloudfront.net (CloudFront), 1.1 e042bf1e56617a2fbe098f111a30b514.cloudfront.net (CloudFront)
last-modified: Thu, 08 Aug 2024 22:31:10 GMT
server: nginx/1.18.0 (Ubuntu)
x-amz-cf-pop: SFO53-C1, ZRH55-P1
age: 1296516
etag: "66b5472e-b97b"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=315360000
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 47483
x-amz-cf-id: YitwvL5hyEk9o0-KGZlJdiFmjvyUnjwNWa_1-vwuu4rVexXsGpvJQQ==
expires: Thu, 31 Dec 2037 23:55:55 GMT

Redirect headers

Location: https://www.sfgov.org/sfc/sites/default/files/Employee Gateway/sf_employee_gateway_banner.jpg
Date: Sat, 24 Aug 2024 18:05:48 GMT
Server: Apache/2.4.62 (FreeBSD) OpenSSL/1.1.1w-freebsd
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
Content-Length: 277
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 200
OK og_cta_default.png
www.transitchicago.com/assets/1/6/ 12 KB
12 KB 1516ms
743ms Image
image/png 23.41.180.191
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.transitchicago.com/assets/1/6/og_cta_default.png
Requested by: Host: www.employees-portals.com
URL: https://www.employees-portals.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.41.180.191 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-41-180-191.deploy.static.akamaitechnologies.com
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: d001dad94566e0f310fb49ca5d83679963af7a97eaaf4ab4c89a6a4415231442

Request headers

Referer: https://www.employees-portals.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Expires: Sat, 24 Aug 2024 18:10:33 GMT
Date: Sat, 24 Aug 2024 18:05:49 GMT
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Content-Type: image/png
Cache-Control: public, max-age=284
Connection: keep-alive
Content-Length: 11843
X-UA-Compatible: IE=edge,chrome=1

GET
H2 200 maxresdefault.jpg
i.ytimg.com/vi/GYu4YKm0pBg/ 43 KB
44 KB 184ms
129ms Image
image/jpeg 2a00:1450:4001:810::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi/GYu4YKm0pBg/maxresdefault.jpg

Requested by

Host: www.employees-portals.com
URL: https://www.employees-portals.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3db23014efaca13903bd70791b9e9c0b0b321ab50abed6c3d582c91c2dab675f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.employees-portals.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 24 Aug 2024 18:05:48 GMT
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 44246
x-xss-protection: 0
server: sffe
etag: "0"
vary: Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: image/jpeg
cache-control: public, max-age=7200
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Sat, 24 Aug 2024 20:05:48 GMT

GET

/
www.questtrustcompany.com/
Redirect Chain

https://www.questtrustcompany.com/wp-content/uploads/2021/07/secure-upload.png
https://www.questtrustcompany.com/

0
0

GET
H2 200 UPS-Employee-Portal-Login.jpg
i1.wp.com/www.insurancegist.com/wp-content/uploads/2017/11/ 94 KB
95 KB 72ms
21ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/www.insurancegist.com/wp-content/uploads/2017/11/UPS-Employee-Portal-Login.jpg?fit=1151%2C441&ssl=1

Requested by

Host: www.employees-portals.com
URL: https://www.employees-portals.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

81ce78d98769e8826ac1223397243a5ba1ad315c0d9af2de71b9ca2e0a7caf12

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.employees-portals.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 24 Aug 2024 18:05:48 GMT
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
content-length: 96480
x-nc: HIT hhn 1
last-modified: Wed, 21 Aug 2024 03:59:13 GMT
server: nginx
etag: "9fc5a997b2e9844d"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://www.insurancegist.com/wp-content/uploads/2017/11/UPS-Employee-Portal-Login.jpg>; rel="canonical"
expires: Fri, 21 Aug 2026 15:59:13 GMT

GET 1_20210614_221645_0000-1024x1024.png
www.softiyo.com/wp-content/uploads/2021/06/ 0
0

GET
H/1.1 200
OK image-240320180328ucb8.jpeg
www.myservicesupport.com/wp-content/uploads/images/ 15 KB
16 KB 443ms
105ms Image
image/jpeg 173.249.3.75
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.myservicesupport.com/wp-content/uploads/images/image-240320180328ucb8.jpeg
Requested by: Host: www.employees-portals.com
URL: https://www.employees-portals.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 173.249.3.75 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi202802.contaboserver.net
Software: nginx/1.20.2 /
Resource Hash: daf3b01133cf829ed77ec6596046d12fc8f442233b4892b63ef74d24f13e7279

Request headers

Referer: https://www.employees-portals.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date: Sat, 24 Aug 2024 18:05:48 GMT
Last-Modified: Fri, 07 Jun 2019 17:17:31 GMT
Server: nginx/1.20.2
ETag: "5cfa9c2b-3d8b"
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 15755

GET
H/1.1 200
OK KNTDFm96kJEqJKVJph5V5.jpeg
loginregistration.com/screenshots/ 0
246 B 1050ms
192ms Image
text/html 103.224.182.238
TRELLIAN-AS-AP Tr...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://loginregistration.com/screenshots/KNTDFm96kJEqJKVJph5V5.jpeg
Requested by: Host: www.employees-portals.com
URL: https://www.employees-portals.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 103.224.182.238 , Australia, ASN133618 (TRELLIAN-AS-AP Trellian Pty. Limited, AU),
Reverse DNS: lb-182-238.above.com
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.employees-portals.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 24 Aug 2024 18:05:49 GMT
server: Apache
connection: close
content-length: 0
content-type: text/html; charset=UTF-8

GET
H2 200 1d7b63cf-06e7-42e3-8b09b66b0579465b-jpg_popup.jpg
assets.markallengroup.com/article-images/94015/ 61 KB
61 KB 369ms
48ms Image
image/jpeg 212.188.174.43
CLARANET-AS Clara...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.markallengroup.com/article-images/94015/1d7b63cf-06e7-42e3-8b09b66b0579465b-jpg_popup.jpg
Requested by: Host: www.employees-portals.com
URL: https://www.employees-portals.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 212.188.174.43 Hounslow, United Kingdom, ASN8426 (CLARANET-AS ClaraNET LTD, GB),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: b548e005f43e1e490cebbe0c5d680e1bd77624a048f306a1e6b36625157a9266

Request headers

Referer: https://www.employees-portals.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 24 Aug 2024 18:05:47 GMT
last-modified: Tue, 22 Sep 2015 09:20:11 GMT
server: Microsoft-IIS/10.0
etag: "1330a5e117f5d01:0"
x-powered-by: ASP.NET
content-type: image/jpeg
accept-ranges: bytes
content-length: 62358

GET 7782864_1621455068_8113892.jpeg
www.addresources.org/uploads/ 0
0

GET
H2 200 popper.min.js Show response
www.employees-portals.com/themes/DevBlog/assets/plugins/ 18 KB
7 KB 476ms
473ms Script
text/javascript 154.53.57.19
NL-811-40021

General

Check archive.org

Show headers Download Go to

Full URL

https://www.employees-portals.com/themes/DevBlog/assets/plugins/popper.min.js

Requested by

Host: www.employees-portals.com
URL: https://www.employees-portals.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

154.53.57.19 Seattle, United States, ASN40021 (NL-811-40021, US),

Reverse DNS

vmi934385.contaboserver.net

Software

nginx-rc /

Resource Hash

dd1617feba063690e3bf1621308e1af67c6cabcdb2602e5a1df3a14b02b94d05

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.employees-portals.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 24 Aug 2024 18:05:48 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Fri, 05 Aug 2022 08:06:10 GMT
server: nginx-rc
etag: W/"62eccf72-487a"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/javascript
cache-control: max-age=2592000
x-xss-protection: 1; mode=block
expires: Mon, 23 Sep 2024 18:05:48 GMT

GET
H2 200 bootstrap.min.js Show response
www.employees-portals.com/themes/DevBlog/assets/plugins/bootstrap/js/ 59 KB
15 KB 476ms
474ms Script
text/javascript 154.53.57.19
NL-811-40021

General

Check archive.org

Show headers Download Go to

Full URL

https://www.employees-portals.com/themes/DevBlog/assets/plugins/bootstrap/js/bootstrap.min.js

Requested by

Host: www.employees-portals.com
URL: https://www.employees-portals.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

154.53.57.19 Seattle, United States, ASN40021 (NL-811-40021, US),

Reverse DNS

vmi934385.contaboserver.net

Software

nginx-rc /

Resource Hash

5c36e28c9a7bd864b673e223db7e1934923227536ffbdf871f58b6f09b9ac8c9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.employees-portals.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 24 Aug 2024 18:05:48 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Fri, 05 Aug 2022 08:06:10 GMT
server: nginx-rc
etag: W/"62eccf72-eab9"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/javascript
cache-control: max-age=2592000
x-xss-protection: 1; mode=block
expires: Mon, 23 Sep 2024 18:05:48 GMT

GET
H2 200 matomo.js Show response
analyzive.com/ 65 KB
21 KB 792ms
190ms Script
text/javascript 159.89.165.2
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://analyzive.com/matomo.js

Requested by

Host: www.employees-portals.com
URL: https://www.employees-portals.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

159.89.165.2 Bengaluru, India, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

nginx-rc /

Resource Hash

3f4a994a950f7c027cceb0aa6152c54b93ef427c746d59f1832e890048717775

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.employees-portals.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 24 Aug 2024 18:05:49 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
last-modified: Thu, 04 May 2023 08:55:01 GMT
server: nginx-rc
content-encoding: br
etag: W/"645372e5-104c2"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/javascript
cache-control: max-age=2592000
x-xss-protection: 1; mode=block
expires: Mon, 23 Sep 2024 18:05:49 GMT

POST
H2 204 matomo.php
analyzive.com/ 0
237 B 212ms
212ms Ping
text/plain 159.89.165.2
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://analyzive.com/matomo.php?action_name=Employees%20Portals%20Directory%20and%20QA%20Service%20%7C%20Page1&idsite=142&rec=1&r=597444&h=20&m=5&s=49&url=https%3A%2F%2Fwww.employees-portals.com%2F&_id=87f023ec693fcc83&_idn=1&send_image=0&_refts=0&pdf=1&qt=0&realp=0&wma=0&fla=0&java=0&ag=0&cookie=1&res=1600x1200&pv_id=6KKU84&nwefftype=4g&pf_net=656&pf_srv=443&pf_tfr=3&pf_dm1=1095&uadata=%7B%22fullVersionList%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%7D

Requested by

Host: analyzive.com
URL: https://analyzive.com/matomo.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

159.89.165.2 Bengaluru, India, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

nginx-rc /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.employees-portals.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=utf-8

Response headers

date: Sat, 24 Aug 2024 18:05:49 GMT
content-encoding: none
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
server: nginx-rc
x-frame-options: SAMEORIGIN
access-control-allow-origin: https://www.employees-portals.com
access-control-allow-credentials: true
x-xss-protection: 1; mode=block

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.questtrustcompany.com
URL: https://www.questtrustcompany.com/

Domain: www.softiyo.com
URL: https://www.softiyo.com/wp-content/uploads/2021/06/1_20210614_221645_0000-1024x1024.png

Domain: www.addresources.org
URL: https://www.addresources.org/uploads/7782864_1621455068_8113892.jpeg

Verdicts & Comments Add Verdict or Comment

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.employees-portals.com/	1970-01-20 23:02:09	Name: XSRF-TOKEN Value: eyJpdiI6InFyYjZubk5wS1FuUjIzL2RpaFQrWHc9PSIsInZhbHVlIjoiK2x5OEtIbmhWM3Awb0hzdmNUbzIwUjlZSUpqY0RtcG1OcWxQUmtNVytzTEVDcjNub0hRMlBuejIrenJBV2tRSlpJYlFmQXBNTkJOb0I5VThOMkRHaEZMWitkNUN3RHZvUkMxcUFKeDVRM1IyaWtuc3VpT0JGN3I0UmUvVmVoc0QiLCJtYWMiOiIyYzJmZTc5MWE0NDYwODAwMTU2OGEzOTZjZTA3MDUwYTRmMDMxNjY0ZTU4NTI0OGYyMTAzOTUwYThkOGJjYWJkIiwidGFnIjoiIn0%3D
www.employees-portals.com/	1970-01-20 23:02:09	Name: laravel_session Value: eyJpdiI6ImZNSTVHTDdjeWdDdm9MVzN0YVhFS1E9PSIsInZhbHVlIjoieEhHaUJZRGV0Z2RiWGczTy9iN0pMUndwK0lvR2Zrd2hESCtnWGNLZ0NDT1F3RnlOQnlTZnlyN3AwVkM1UzBabDluTmhlVkkwTU5NNDZ5dkUwNGtMNDQ4T0RqVzhyVGg0cE5YcWlNMHdvTEhpb1hKWmlRckZlWDhmVDB6OWZSQlAiLCJtYWMiOiI2YjBiNjQwZjc1OTk2YWQyN2JlOTRhNDk2NjllOTIzNjcyNjZhNTM2YmZhYzUxNGFkMTMyZmVjNzU3ODVkZDM2IiwidGFnIjoiIn0%3D
www.employees-portals.com/	1970-01-21 08:27:57	Name: _pk_id.142.3317 Value: 87f023ec693fcc83.1724522749.
www.employees-portals.com/	1970-01-20 23:02:04	Name: _pk_ses.142.3317 Value: 1

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	URL: https://www.employees-portals.com/ Message: Mixed Content: The page at 'https://www.employees-portals.com/' was loaded over HTTPS, but requested an insecure element 'http://www.transitchicago.com/assets/1/6/og_cta_default.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://www.employees-portals.com/(Line 536) Message: Mixed Content: The page at 'https://www.employees-portals.com/' was loaded over HTTPS, but requested an insecure element 'http://www.transitchicago.com/assets/1/6/og_cta_default.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
network	error	URL: https://www.softiyo.com/wp-content/uploads/2021/06/1_20210614_221645_0000-1024x1024.png Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analyzive.com
assets.markallengroup.com
i.ytimg.com
i1.wp.com
loginregistration.com
sfgov.org
www.addresources.org
www.employees-portals.com
www.myservicesupport.com
www.questtrustcompany.com
www.sfgov.org
www.softiyo.com
www.transitchicago.com
www.addresources.org
www.questtrustcompany.com
www.softiyo.com
103.224.182.238
154.53.57.19
159.89.165.2
173.249.3.75
18.165.183.56
192.0.77.2
199.48.133.250
212.188.174.43
23.41.180.191
2a00:1450:4001:810::2016
14f385230e0d4048923c8d7519b9e8385c8928ea603beb5eaaa1ef33a188c9ca
3db23014efaca13903bd70791b9e9c0b0b321ab50abed6c3d582c91c2dab675f
3f4a994a950f7c027cceb0aa6152c54b93ef427c746d59f1832e890048717775
4954be2ede283944f3946dfbbdce01db612df3f706a608c0df42ef32a802df76
5c36e28c9a7bd864b673e223db7e1934923227536ffbdf871f58b6f09b9ac8c9
81ce78d98769e8826ac1223397243a5ba1ad315c0d9af2de71b9ca2e0a7caf12
87c15ef693c07206e4b57ad6294158ff2a5393c816dafe5aa10bac9807fa1ad8
a0cb345852ded411eeb1e7b426337064f459bf3c81eb01859300d93d0108ae13
b548e005f43e1e490cebbe0c5d680e1bd77624a048f306a1e6b36625157a9266
bb5d7f5d023603a9a95dad23d69d25d14a4edd9ba2313227194a9a4f62bd6564
d001dad94566e0f310fb49ca5d83679963af7a97eaaf4ab4c89a6a4415231442
daf3b01133cf829ed77ec6596046d12fc8f442233b4892b63ef74d24f13e7279
dd1617feba063690e3bf1621308e1af67c6cabcdb2602e5a1df3a14b02b94d05
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

www.employees-portals.com Open in urlscan Pro 154.53.57.19 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

18 Requests

78 %HTTPS

10 %IPv6

12 Domains

13 Subdomains

10 IPs

5 Countries

809 kBTransfer

1842 kBSize

4 Cookies

0 Outgoing links

Redirected requests

18 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

11 JavaScript Global Variables

4 Cookies

3 Console Messages

Security Headers

Indicators

www.employees-portals.com Open in urlscan Pro
154.53.57.19 Public Scan

Screenshot
Live screenshot

Full Image

18
Requests

78 %
HTTPS

10 %
IPv6

12
Domains

13
Subdomains

10
IPs

5
Countries

809 kB
Transfer

1842 kB
Size

4
Cookies

18 HTTP transactions
0 data transactions