balfourbeatty.msitecloud.com Open in urlscan Pro
3.9.236.92 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://balfourbeatty.msitecloud.com/
Submission: On August 25 via manual (August 25th 2022, 4:06:43 pm UTC) from GB — Scanned from GB

Summary HTTP 48 Redirects Behaviour Indicators

Summary

This website contacted 11 IPs in 4 countries across 8 domains to perform 48 HTTP transactions. The main IP is 3.9.236.92, located in London, United Kingdom and belongs to AMAZON-02, US. The main domain is balfourbeatty.msitecloud.com.
TLS certificate: Issued by Amazon on October 14th 2021. Valid for: a year.

This is the only time balfourbeatty.msitecloud.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Email (Online)

Domain & IP information

	IP Address	AS Autonomous System
19	3.9.236.92 3.9.236.92	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:400e:80f::200a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:829::2003	15169 (GOOGLE) (GOOGLE)
1 7	3.8.246.184 3.8.246.184	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:827::200a	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:800::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:806::200e	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:803::2003	15169 (GOOGLE) (GOOGLE)
4	52.95.149.80 52.95.149.80	16509 (AMAZON-02) (AMAZON-02)
2	2606:4700::68... 2606:4700::6812:acf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:190e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
48	11

19 3.9.236.92 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-9-236-92.eu-west-2.compute.amazonaws.com

balfourbeatty.msitecloud.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400e:80f::200a (Ireland)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 3.8.246.184 (London, United Kingdom) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-8-246-184.eu-west-2.compute.amazonaws.com

balfourbeatty.web.msitecloud.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:800::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:806::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:803::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.95.149.80 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: s3.eu-west-2.amazonaws.com

s3-eu-west-2.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:acf (United States)

ASN13335 (CLOUDFLARENET, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
26	msitecloud.com 1 redirects balfourbeatty.msitecloud.com balfourbeatty.web.msitecloud.com	685 KB
7	gstatic.com fonts.gstatic.com www.gstatic.com	597 KB
4	amazonaws.com s3-eu-west-2.amazonaws.com	497 KB
4	google.com www.google.com — Cisco Umbrella Rank: 9	25 KB
3	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 54 ajax.googleapis.com — Cisco Umbrella Rank: 286	81 KB
2	bootstrapcdn.com maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 727	83 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 45	20 KB
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 219	27 KB
48	8

	Domain	Requested by
19	balfourbeatty.msitecloud.com	balfourbeatty.msitecloud.com
7	balfourbeatty.web.msitecloud.com	1 redirects balfourbeatty.msitecloud.com balfourbeatty.web.msitecloud.com
5	www.gstatic.com	www.google.com
4	s3-eu-west-2.amazonaws.com	ajax.googleapis.com s3-eu-west-2.amazonaws.com
4	www.google.com	balfourbeatty.web.msitecloud.com www.gstatic.com www.google.com
2	maxcdn.bootstrapcdn.com	s3-eu-west-2.amazonaws.com maxcdn.bootstrapcdn.com
2	www.google-analytics.com	balfourbeatty.web.msitecloud.com www.google-analytics.com
2	fonts.gstatic.com	fonts.googleapis.com
2	fonts.googleapis.com	balfourbeatty.msitecloud.com s3-eu-west-2.amazonaws.com
1	cdnjs.cloudflare.com	s3-eu-west-2.amazonaws.com
1	ajax.googleapis.com	balfourbeatty.web.msitecloud.com
48	11

This site contains no links.

Subject Issuer	Validity	Valid
*.msitecloud.com Amazon	`2021-10-14` - `2022-11-11`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-08-08` - `2022-10-31`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-08-01` - `2022-10-24`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-08-08` - `2022-10-31`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-08-01` - `2022-10-24`	3 months	crt.sh
*.s3.eu-west-2.amazonaws.com Amazon	`2021-12-09` - `2022-11-24`	a year	crt.sh
*.google.com GTS CA 1C3	`2022-08-08` - `2022-10-31`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-01-29` - `2023-01-29`	a year	crt.sh

This page contains 5 frames:

Primary Page: https://balfourbeatty.msitecloud.com/
Frame ID: AEA81045190B309BBB2FA0ED7B48E856
Requests: 21 HTTP requests in this frame

Frame: https://balfourbeatty.web.msitecloud.com/Account/Login?ReturnUrl=%2f
Frame ID: 4679E1293CE74F629126B03F4267BE52
Requests: 11 HTTP requests in this frame

Frame: https://s3-eu-west-2.amazonaws.com/mslive-public/LoginMedia/BalfourBeatty/index.html
Frame ID: DA4304C61F8CAD3B43A971BE88A87722
Requests: 9 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfCyBgUAAAAAKHmjESi5mM5VgEyCCpjqLqNDx5a&co=aHR0cHM6Ly9iYWxmb3VyYmVhdHR5LndlYi5tc2l0ZWNsb3VkLmNvbTo0NDM.&hl=en&v=PRMRaAwB3KlylGQR57Dyk-pF&size=normal&cb=f3szahpme4kh
Frame ID: 25AD9437F7259075F942747DF0BA52C7
Requests: 4 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=en&v=PRMRaAwB3KlylGQR57Dyk-pF&k=6LfCyBgUAAAAAKHmjESi5mM5VgEyCCpjqLqNDx5a
Frame ID: 8DC238721C8B685572E8DEF6C4D3DC04
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

MSite - Login

Detected technologies

Blazor (Web frameworks) Expand

Overall confidence: 100%
Detected patterns

blazor\.server\.js

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

48
Requests

100 %
HTTPS

73 %
IPv6

8
Domains

11
Subdomains

11
IPs

4
Countries

2014 kB
Transfer

3370 kB
Size

5
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 19

https://balfourbeatty.web.msitecloud.com/ HTTP 302
https://balfourbeatty.web.msitecloud.com/Account/Login?ReturnUrl=%2f

48 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
balfourbeatty.msitecloud.com/ 4 KB
4 KB 147ms
39ms Document
text/html 3.9.236.92
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://balfourbeatty.msitecloud.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.9.236.92 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-9-236-92.eu-west-2.compute.amazonaws.com
Software: Kestrel /
Resource Hash: 536694c815f506afda9ffad6431d2b1ea03d5eabf709d411c92aa0aa229afbf4

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

cache-control: no-store
content-type: text/html; charset=utf-8
date: Thu, 25 Aug 2022 16:06:37 GMT
server: Kestrel

GET
H2 200 bootstrap.min.css
balfourbeatty.msitecloud.com/css/bootstrap/ 152 KB
153 KB 77ms
75ms Stylesheet
text/css 3.9.236.92
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://balfourbeatty.msitecloud.com/css/bootstrap/bootstrap.min.css
Requested by: Host: balfourbeatty.msitecloud.com
URL: https://balfourbeatty.msitecloud.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.9.236.92 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-9-236-92.eu-west-2.compute.amazonaws.com
Software: Kestrel /
Resource Hash: ae576713bc196098f7438dede6ff1f835a23291c32b745ad7e6fb6db809a719b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://balfourbeatty.msitecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 25 Aug 2022 16:06:37 GMT
last-modified: Mon, 08 Aug 2022 02:04:45 GMT
server: Kestrel
etag: "1d8aacb3ad9bcf4"
content-type: text/css
cache-control: no-cache
accept-ranges: bytes
content-length: 155764

GET
H2 200 all.min.css
balfourbeatty.msitecloud.com/lib/font-awesome/css/ 58 KB
59 KB 75ms
73ms Stylesheet
text/css 3.9.236.92
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://balfourbeatty.msitecloud.com/lib/font-awesome/css/all.min.css
Requested by: Host: balfourbeatty.msitecloud.com
URL: https://balfourbeatty.msitecloud.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.9.236.92 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-9-236-92.eu-west-2.compute.amazonaws.com
Software: Kestrel /
Resource Hash: f6d1a8f876519eb7886b39c712c34bf11301da28736c79accc6bb1de6b5cd829

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://balfourbeatty.msitecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 25 Aug 2022 16:06:37 GMT
last-modified: Mon, 08 Aug 2022 02:04:45 GMT
server: Kestrel
etag: "1d8aacb3adb3b54"
content-type: text/css
cache-control: no-cache
accept-ranges: bytes
content-length: 59348

GET
H2 200 hrs-fonticons-v1-7.css
balfourbeatty.msitecloud.com/lib/hrs-fonticons/css/ 3 KB
3 KB 40ms
39ms Stylesheet
text/css 3.9.236.92
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://balfourbeatty.msitecloud.com/lib/hrs-fonticons/css/hrs-fonticons-v1-7.css
Requested by: Host: balfourbeatty.msitecloud.com
URL: https://balfourbeatty.msitecloud.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.9.236.92 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-9-236-92.eu-west-2.compute.amazonaws.com
Software: Kestrel /
Resource Hash: 4dc929a558235a5a44893cef1d0d1565c166fd89e25914b94cc2e9447ef61742

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://balfourbeatty.msitecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 25 Aug 2022 16:06:37 GMT
last-modified: Mon, 08 Aug 2022 02:04:45 GMT
server: Kestrel
etag: "1d8aacb3adbd08d"
content-type: text/css
cache-control: no-cache
accept-ranges: bytes
content-length: 3085

GET
H2 200 BlazorSass.min.css
balfourbeatty.msitecloud.com/css/ 16 KB
16 KB 112ms
111ms Stylesheet
text/css 3.9.236.92
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://balfourbeatty.msitecloud.com/css/BlazorSass.min.css
Requested by: Host: balfourbeatty.msitecloud.com
URL: https://balfourbeatty.msitecloud.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.9.236.92 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-9-236-92.eu-west-2.compute.amazonaws.com
Software: Kestrel /
Resource Hash: b8770c78c94583be83781708671c799ece8e477744794574bd7708f1fc04e96b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://balfourbeatty.msitecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 25 Aug 2022 16:06:37 GMT
last-modified: Mon, 08 Aug 2022 02:04:45 GMT
server: Kestrel
etag: "1d8aacb3adbe2a3"
content-type: text/css
cache-control: no-cache
accept-ranges: bytes
content-length: 15907

GET
H2 200 site.min.css
balfourbeatty.msitecloud.com/css/ 113 B
601 B 39ms
38ms Stylesheet
text/css 3.9.236.92
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://balfourbeatty.msitecloud.com/css/site.min.css
Requested by: Host: balfourbeatty.msitecloud.com
URL: https://balfourbeatty.msitecloud.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.9.236.92 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-9-236-92.eu-west-2.compute.amazonaws.com
Software: Kestrel /
Resource Hash: 100f30cfaabf0ed76201c02d530f80fed34fe1f1d415e811ee1896497ae719d2

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://balfourbeatty.msitecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 25 Aug 2022 16:06:37 GMT
last-modified: Mon, 08 Aug 2022 02:04:45 GMT
server: Kestrel
etag: "1d8aacb3adbdcf1"
content-type: text/css
cache-control: no-cache
accept-ranges: bytes
content-length: 113

GET
H2 200 ios-iphone-fix-uiwrapper.css
balfourbeatty.msitecloud.com/css/ 113 B
599 B 111ms
110ms Stylesheet
text/css 3.9.236.92
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://balfourbeatty.msitecloud.com/css/ios-iphone-fix-uiwrapper.css
Requested by: Host: balfourbeatty.msitecloud.com
URL: https://balfourbeatty.msitecloud.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.9.236.92 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-9-236-92.eu-west-2.compute.amazonaws.com
Software: Kestrel /
Resource Hash: e89df94117d9c71eebb52fe649a4bbb71fbe6f38e3df1be54b8ffb5f8fb97a2c

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://balfourbeatty.msitecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 25 Aug 2022 16:06:37 GMT
last-modified: Mon, 08 Aug 2022 02:04:45 GMT
server: Kestrel
etag: "1d8aacb3adbdcf1"
content-type: text/css
cache-control: no-cache
accept-ranges: bytes
content-length: 113

GET
H2 200 MSiteLogoWhiteOrange.svg
balfourbeatty.msitecloud.com/images/ 3 KB
4 KB 91ms
91ms Image
image/svg+xml 3.9.236.92
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://balfourbeatty.msitecloud.com/images/MSiteLogoWhiteOrange.svg
Requested by: Host: balfourbeatty.msitecloud.com
URL: https://balfourbeatty.msitecloud.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.9.236.92 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-9-236-92.eu-west-2.compute.amazonaws.com
Software: Kestrel /
Resource Hash: c241c31b96ccce2be3cc420afed781ac065eda947a87e8a317268da78ed11460

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://balfourbeatty.msitecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 25 Aug 2022 16:06:37 GMT
last-modified: Mon, 08 Aug 2022 02:04:45 GMT
server: Kestrel
etag: "1d8aacb3adbd021"
content-type: image/svg+xml
cache-control: no-cache
accept-ranges: bytes
content-length: 3233

GET
H2 200 js.cookie-2.2.1.min.js Show response
balfourbeatty.msitecloud.com/js/ 2 KB
2 KB 92ms
90ms Script
application/javascript 3.9.236.92
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://balfourbeatty.msitecloud.com/js/js.cookie-2.2.1.min.js
Requested by: Host: balfourbeatty.msitecloud.com
URL: https://balfourbeatty.msitecloud.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.9.236.92 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-9-236-92.eu-west-2.compute.amazonaws.com
Software: Kestrel /
Resource Hash: 3c2eed95477b5811ac48e9da8f6a71f936c2ded06ff5303f0b30fbd18f3333a8

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://balfourbeatty.msitecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 25 Aug 2022 16:06:37 GMT
last-modified: Mon, 08 Aug 2022 02:04:45 GMT
server: Kestrel
etag: "1d8aacb3adbdaec"
content-type: application/javascript
cache-control: no-cache
accept-ranges: bytes
content-length: 1644

GET
H2 200 JsInterop.js Show response
balfourbeatty.msitecloud.com/js/ 3 KB
4 KB 91ms
90ms Script
application/javascript 3.9.236.92
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://balfourbeatty.msitecloud.com/js/JsInterop.js
Requested by: Host: balfourbeatty.msitecloud.com
URL: https://balfourbeatty.msitecloud.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.9.236.92 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-9-236-92.eu-west-2.compute.amazonaws.com
Software: Kestrel /
Resource Hash: 66361302e500c8edf61857a755eccfe8b97975a59e2a4354db5c4e3d53587fc5

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://balfourbeatty.msitecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 25 Aug 2022 16:06:37 GMT
last-modified: Mon, 08 Aug 2022 02:04:45 GMT
server: Kestrel
etag: "1d8aacb3adbd023"
content-type: application/javascript
cache-control: no-cache
accept-ranges: bytes
content-length: 3235

GET
H2 200 site.js Show response
balfourbeatty.msitecloud.com/js/ 194 B
687 B 90ms
89ms Script
application/javascript 3.9.236.92
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://balfourbeatty.msitecloud.com/js/site.js
Requested by: Host: balfourbeatty.msitecloud.com
URL: https://balfourbeatty.msitecloud.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.9.236.92 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-9-236-92.eu-west-2.compute.amazonaws.com
Software: Kestrel /
Resource Hash: 99f8e3ad34f0b6719f95c595fe89b154f0cc68f9ad86d72b7112d7e4359f54af

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://balfourbeatty.msitecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 25 Aug 2022 16:06:37 GMT
last-modified: Mon, 08 Aug 2022 02:04:45 GMT
server: Kestrel
etag: "1d8aacb3adbdc42"
content-type: application/javascript
cache-control: no-cache
accept-ranges: bytes
content-length: 194

GET
H2 200 blazor.server.js Show response
balfourbeatty.msitecloud.com/_framework/ 237 KB
238 KB 125ms
124ms Script
application/javascript 3.9.236.92
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://balfourbeatty.msitecloud.com/_framework/blazor.server.js
Requested by: Host: balfourbeatty.msitecloud.com
URL: https://balfourbeatty.msitecloud.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.9.236.92 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-9-236-92.eu-west-2.compute.amazonaws.com
Software: Kestrel /
Resource Hash: 777e823004fad725588f1489396f837cb7283f25ccfc00372b319317fd88b710

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://balfourbeatty.msitecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 25 Aug 2022 16:06:37 GMT
last-modified: Thu, 16 Jun 2022 20:24:36 GMT
server: Kestrel
etag: "1d881bf18a92981"
content-type: application/javascript
cache-control: no-cache
accept-ranges: bytes
content-length: 242561

GET
H2 200 open-iconic-bootstrap.min.css
balfourbeatty.msitecloud.com/css/open-iconic/font/css/ 9 KB
10 KB 39ms
38ms Stylesheet
text/css 3.9.236.92
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://balfourbeatty.msitecloud.com/css/open-iconic/font/css/open-iconic-bootstrap.min.css
Requested by: Host: balfourbeatty.msitecloud.com
URL: https://balfourbeatty.msitecloud.com/css/BlazorSass.min.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.9.236.92 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-9-236-92.eu-west-2.compute.amazonaws.com
Software: Kestrel /
Resource Hash: 049fc6f9efb2edb41dad8912d91053c8d7c11e903d22e19a3e67fd86db9be4c4

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://balfourbeatty.msitecloud.com/css/BlazorSass.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 25 Aug 2022 16:06:37 GMT
last-modified: Mon, 08 Aug 2022 02:04:45 GMT
server: Kestrel
etag: "1d8aacb3adbf833"
content-type: text/css
cache-control: no-cache
accept-ranges: bytes
content-length: 9395

GET
H2 200 css
fonts.googleapis.com/ 13 KB
1 KB 116ms
42ms Stylesheet
text/css 2a00:1450:400e:80f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700,800,900

Requested by

Host: balfourbeatty.msitecloud.com
URL: https://balfourbeatty.msitecloud.com/css/BlazorSass.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400e:80f::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

cba6172988c4f2a636c28d2c46741ebbb03873f482eb038b51ee0c4840c9d13f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://balfourbeatty.msitecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 25 Aug 2022 14:06:45 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 25 Aug 2022 16:06:37 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 25 Aug 2022 16:06:37 GMT

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v34/ 44 KB
44 KB 131ms
41ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700,800,900

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://balfourbeatty.msitecloud.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 18:50:24 GMT
x-content-type-options: nosniff
age: 249373
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44856
x-xss-protection: 0
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 22 Aug 2023 18:50:24 GMT

GET
H2 204 authentication Show response
balfourbeatty.msitecloud.com/api/ 0
366 B 40ms
40ms XHR
text/plain 3.9.236.92
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://balfourbeatty.msitecloud.com/api/authentication
Requested by: Host: balfourbeatty.msitecloud.com
URL: https://balfourbeatty.msitecloud.com/js/JsInterop.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.9.236.92 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-9-236-92.eu-west-2.compute.amazonaws.com
Software: Kestrel /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://balfourbeatty.msitecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 25 Aug 2022 16:06:37 GMT
server: Kestrel

GET
H2 200 MSiteLogoWhiteOrange.svg
balfourbeatty.msitecloud.com/images/ 3 KB
4 KB 37ms
37ms Image
image/svg+xml 3.9.236.92
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://balfourbeatty.msitecloud.com/images/MSiteLogoWhiteOrange.svg
Requested by: Host: balfourbeatty.msitecloud.com
URL: https://balfourbeatty.msitecloud.com/_framework/blazor.server.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.9.236.92 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-9-236-92.eu-west-2.compute.amazonaws.com
Software: Kestrel /
Resource Hash: c241c31b96ccce2be3cc420afed781ac065eda947a87e8a317268da78ed11460

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://balfourbeatty.msitecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 25 Aug 2022 16:06:37 GMT
last-modified: Mon, 08 Aug 2022 02:04:45 GMT
server: Kestrel
etag: "1d8aacb3adbd021"
content-type: image/svg+xml
cache-control: no-cache
accept-ranges: bytes
content-length: 3233

GET
H2 204 authentication Show response
balfourbeatty.msitecloud.com/api/ 0
370 B 41ms
40ms XHR
text/plain 3.9.236.92
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://balfourbeatty.msitecloud.com/api/authentication
Requested by: Host: balfourbeatty.msitecloud.com
URL: https://balfourbeatty.msitecloud.com/js/JsInterop.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.9.236.92 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-9-236-92.eu-west-2.compute.amazonaws.com
Software: Kestrel /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://balfourbeatty.msitecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 25 Aug 2022 16:06:37 GMT
server: Kestrel

GET
H2 204 authentication Show response
balfourbeatty.msitecloud.com/api/ 0
371 B 41ms
41ms XHR
text/plain 3.9.236.92
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://balfourbeatty.msitecloud.com/api/authentication
Requested by: Host: balfourbeatty.msitecloud.com
URL: https://balfourbeatty.msitecloud.com/js/JsInterop.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.9.236.92 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-9-236-92.eu-west-2.compute.amazonaws.com
Software: Kestrel /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://balfourbeatty.msitecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 25 Aug 2022 16:06:37 GMT
server: Kestrel

GET
H2 204 authentication Show response
balfourbeatty.msitecloud.com/api/ 0
369 B 41ms
40ms XHR
text/plain 3.9.236.92
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://balfourbeatty.msitecloud.com/api/authentication
Requested by: Host: balfourbeatty.msitecloud.com
URL: https://balfourbeatty.msitecloud.com/js/JsInterop.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.9.236.92 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-9-236-92.eu-west-2.compute.amazonaws.com
Software: Kestrel /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://balfourbeatty.msitecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 25 Aug 2022 16:06:38 GMT
server: Kestrel

GET
H2

200

https://balfourbeatty.web.msitecloud.com/
https://balfourbeatty.web.msitecloud.com/Account/Login?ReturnUrl=%2f

9 KB
5 KB

45ms
45ms

Document
text/html

3.8.246.184
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://balfourbeatty.web.msitecloud.com/Account/Login?ReturnUrl=%2f

Requested by

Host: balfourbeatty.msitecloud.com
URL: https://balfourbeatty.msitecloud.com/js/JsInterop.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.8.246.184 London, United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-8-246-184.eu-west-2.compute.amazonaws.com

Software

Resource Hash

a70a4311e72c87185fff8606d8a57f038fe2a8be7528c6285279cd8c3134b1e0

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' https://ssl.p.jwpcdn.com https://cdn.walkme.com https://.msitecloud.com https://maps.googleapis.com/ https://ajax.googleapis.com https://www.google.com/jsapi https://www.google.com/recaptcha/ https://static.zdassets.com http://www.google-analytics.com https://assets.zendesk.com https://www.gstatic.com https://.msecnd.net https://cdn.jsdelivr.net 'unsafe-eval' 'unsafe-inline'; connect-src 'self' https://.msitecloud.com https://.msitecloud.com:* https://.cloudfront.net https://.amazonaws.com https://dc.services.visualstudio.com/ https://ec.walkme.com/ https://maps.googleapis.com/ https://cdn.walkme.com/ http://www.google-analytics.com https://ekr.zdassets.com https://.zendesk.com; frame-src http://localhost: https://www.google.com/ https://cdn.walkme.com/ https://.msitecloud.com https://.cloudfront.net https://.amazonaws.com msite:; img-src 'self' 'unsafe-inline' https://jwpltx.com https://maps.gstatic.com/ https://maps.googleapis.com/ https://.cloudfront.net https://.amazonaws.com data:; style-src 'self' 'unsafe-eval' 'unsafe-inline' https://fonts.googleapis.com/ https://cdn.walkme.com/ https://www.gstatic.com; font-src fonts.gstatic.com https://ssl.p.jwpcdn.com 'self' data:; media-src https://.cloudfront.net https://*.amazonaws.com;
Strict-Transport-Security	max-age=16070400; includeSubDomains
X-Content-Type-Options	nosniff nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: about:blank
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

cache-control: no-cache, no-store
content-encoding: gzip
content-length: 3971
content-security-policy: default-src 'self'; script-src 'self' https://ssl.p.jwpcdn.com https://cdn.walkme.com https://*.msitecloud.com https://maps.googleapis.com/ https://ajax.googleapis.com https://www.google.com/jsapi https://www.google.com/recaptcha/ https://static.zdassets.com http://www.google-analytics.com https://assets.zendesk.com https://www.gstatic.com https://*.msecnd.net https://cdn.jsdelivr.net 'unsafe-eval' 'unsafe-inline'; connect-src 'self' https://*.msitecloud.com https://*.msitecloud.com:* https://*.cloudfront.net https://*.amazonaws.com https://dc.services.visualstudio.com/ https://ec.walkme.com/ https://maps.googleapis.com/ https://cdn.walkme.com/ http://www.google-analytics.com https://ekr.zdassets.com https://*.zendesk.com; frame-src http://localhost:* https://www.google.com/ https://cdn.walkme.com/ https://*.msitecloud.com https://*.cloudfront.net https://*.amazonaws.com msite:; img-src 'self' 'unsafe-inline' https://jwpltx.com https://maps.gstatic.com/ https://maps.googleapis.com/ https://*.cloudfront.net https://*.amazonaws.com data:; style-src 'self' 'unsafe-eval' 'unsafe-inline' https://fonts.googleapis.com/ https://cdn.walkme.com/ https://www.gstatic.com; font-src fonts.gstatic.com https://ssl.p.jwpcdn.com 'self' data:; media-src https://*.cloudfront.net https://*.amazonaws.com;
content-type: text/html; charset=utf-8
date: Thu, 25 Aug 2022 16:06:38 GMT
expires: -1
feature-policy: autoplay 'self'; geolocation 'self'; midi 'none'; notifications 'self'; push 'self'; sync-xhr 'self' https://localhost https://*.msitecloud.com; microphone 'none'; camera 'self'; Magnetometer 'none'; gyroscope 'none'; speaker 'self'; vibrate 'none'; fullscreen 'self'; payment 'none';
pragma: no-cache
referrer-policy: same-origin
strict-transport-security: max-age=16070400; includeSubDomains
vary: Accept-Encoding
x-content-type-options: nosniff nosniff
x-xss-protection: 1; mode=block

Redirect headers

cache-control: private
content-length: 145
content-security-policy: default-src 'self'; script-src 'self' https://ssl.p.jwpcdn.com https://cdn.walkme.com https://*.msitecloud.com https://maps.googleapis.com/ https://ajax.googleapis.com https://www.google.com/jsapi https://www.google.com/recaptcha/ https://static.zdassets.com http://www.google-analytics.com https://assets.zendesk.com https://www.gstatic.com https://*.msecnd.net https://cdn.jsdelivr.net 'unsafe-eval' 'unsafe-inline'; connect-src 'self' https://*.msitecloud.com https://*.msitecloud.com:* https://*.cloudfront.net https://*.amazonaws.com https://dc.services.visualstudio.com/ https://ec.walkme.com/ https://maps.googleapis.com/ https://cdn.walkme.com/ http://www.google-analytics.com https://ekr.zdassets.com https://*.zendesk.com; frame-src http://localhost:* https://www.google.com/ https://cdn.walkme.com/ https://*.msitecloud.com https://*.cloudfront.net https://*.amazonaws.com msite:; img-src 'self' 'unsafe-inline' https://jwpltx.com https://maps.gstatic.com/ https://maps.googleapis.com/ https://*.cloudfront.net https://*.amazonaws.com data:; style-src 'self' 'unsafe-eval' 'unsafe-inline' https://fonts.googleapis.com/ https://cdn.walkme.com/ https://www.gstatic.com; font-src fonts.gstatic.com https://ssl.p.jwpcdn.com 'self' data:; media-src https://*.cloudfront.net https://*.amazonaws.com;
content-type: text/html; charset=utf-8
date: Thu, 25 Aug 2022 16:06:38 GMT
feature-policy: autoplay 'self'; geolocation 'self'; midi 'none'; notifications 'self'; push 'self'; sync-xhr 'self' https://localhost https://*.msitecloud.com; microphone 'none'; camera 'self'; Magnetometer 'none'; gyroscope 'none'; speaker 'self'; vibrate 'none'; fullscreen 'self'; payment 'none';
location: /Account/Login?ReturnUrl=%2f
referrer-policy: same-origin
strict-transport-security: max-age=16070400; includeSubDomains
x-content-type-options: nosniff nosniff
x-xss-protection: 1; mode=block

GET
H2 200 embedded
balfourbeatty.web.msitecloud.com/bundles/css/ Frame 4679 352 KB
84 KB 73ms
71ms Stylesheet
text/css 3.8.246.184
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://balfourbeatty.web.msitecloud.com/bundles/css/embedded?v=-xk6C5M3hGQcHe5FqtzEhPfVV2uJoK38pCY2WEVzwK01

Requested by

Host: balfourbeatty.web.msitecloud.com
URL: https://balfourbeatty.web.msitecloud.com/Account/Login?ReturnUrl=%2f

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.8.246.184 London, United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-8-246-184.eu-west-2.compute.amazonaws.com

Software

Resource Hash

aa3190ba7edbe06a4ed3600b6631800215e022377f634f6c174e013d04287e04

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' https://ssl.p.jwpcdn.com https://cdn.walkme.com https://.msitecloud.com https://maps.googleapis.com/ https://ajax.googleapis.com https://www.google.com/jsapi https://www.google.com/recaptcha/ https://static.zdassets.com http://www.google-analytics.com https://assets.zendesk.com https://www.gstatic.com https://.msecnd.net https://cdn.jsdelivr.net 'unsafe-eval' 'unsafe-inline'; connect-src 'self' https://.msitecloud.com https://.msitecloud.com:* https://.cloudfront.net https://.amazonaws.com https://dc.services.visualstudio.com/ https://ec.walkme.com/ https://maps.googleapis.com/ https://cdn.walkme.com/ http://www.google-analytics.com https://ekr.zdassets.com https://.zendesk.com; frame-src http://localhost: https://www.google.com/ https://cdn.walkme.com/ https://.msitecloud.com https://.cloudfront.net https://.amazonaws.com msite:; img-src 'self' 'unsafe-inline' https://jwpltx.com https://maps.gstatic.com/ https://maps.googleapis.com/ https://.cloudfront.net https://.amazonaws.com data:; style-src 'self' 'unsafe-eval' 'unsafe-inline' https://fonts.googleapis.com/ https://cdn.walkme.com/ https://www.gstatic.com; font-src fonts.gstatic.com https://ssl.p.jwpcdn.com 'self' data:; media-src https://.cloudfront.net https://*.amazonaws.com;
Strict-Transport-Security	max-age=16070400; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://balfourbeatty.web.msitecloud.com/Account/Login?ReturnUrl=%2f
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 25 Aug 2022 16:06:38 GMT
content-encoding: gzip
referrer-policy: same-origin
last-modified: Thu, 25 Aug 2022 16:06:38 GMT
vary: User-Agent,Accept-Encoding
content-type: text/css; charset=utf-8
x-xss-protection: 1; mode=block
cache-control: public
feature-policy: autoplay 'self'; geolocation 'self'; midi 'none'; notifications 'self'; push 'self'; sync-xhr 'self' https://localhost https://*.msitecloud.com; microphone 'none'; camera 'self'; Magnetometer 'none'; gyroscope 'none'; speaker 'self'; vibrate 'none'; fullscreen 'self'; payment 'none';
content-security-policy: default-src 'self'; script-src 'self' https://ssl.p.jwpcdn.com https://cdn.walkme.com https://*.msitecloud.com https://maps.googleapis.com/ https://ajax.googleapis.com https://www.google.com/jsapi https://www.google.com/recaptcha/ https://static.zdassets.com http://www.google-analytics.com https://assets.zendesk.com https://www.gstatic.com https://*.msecnd.net https://cdn.jsdelivr.net 'unsafe-eval' 'unsafe-inline'; connect-src 'self' https://*.msitecloud.com https://*.msitecloud.com:* https://*.cloudfront.net https://*.amazonaws.com https://dc.services.visualstudio.com/ https://ec.walkme.com/ https://maps.googleapis.com/ https://cdn.walkme.com/ http://www.google-analytics.com https://ekr.zdassets.com https://*.zendesk.com; frame-src http://localhost:* https://www.google.com/ https://cdn.walkme.com/ https://*.msitecloud.com https://*.cloudfront.net https://*.amazonaws.com msite:; img-src 'self' 'unsafe-inline' https://jwpltx.com https://maps.gstatic.com/ https://maps.googleapis.com/ https://*.cloudfront.net https://*.amazonaws.com data:; style-src 'self' 'unsafe-eval' 'unsafe-inline' https://fonts.googleapis.com/ https://cdn.walkme.com/ https://www.gstatic.com; font-src fonts.gstatic.com https://ssl.p.jwpcdn.com 'self' data:; media-src https://*.cloudfront.net https://*.amazonaws.com;
strict-transport-security: max-age=16070400; includeSubDomains
x-content-type-options: nosniff, nosniff
expires: Fri, 25 Aug 2023 16:06:38 GMT

GET
H2 200 login
balfourbeatty.web.msitecloud.com/bundles/css/ Frame 4679 4 KB
3 KB 38ms
37ms Stylesheet
text/css 3.8.246.184
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://balfourbeatty.web.msitecloud.com/bundles/css/login?v=D365T-JuQOqFyaIwRFzTh_EY600kZavy-tqGqONmYiU1

Requested by

Host: balfourbeatty.web.msitecloud.com
URL: https://balfourbeatty.web.msitecloud.com/Account/Login?ReturnUrl=%2f

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.8.246.184 London, United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-8-246-184.eu-west-2.compute.amazonaws.com

Software

Resource Hash

4cd840730613b1dfb747f1227ae72d8ec7d00c83d0345ec0df39e6768bc15791

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' https://ssl.p.jwpcdn.com https://cdn.walkme.com https://.msitecloud.com https://maps.googleapis.com/ https://ajax.googleapis.com https://www.google.com/jsapi https://www.google.com/recaptcha/ https://static.zdassets.com http://www.google-analytics.com https://assets.zendesk.com https://www.gstatic.com https://.msecnd.net https://cdn.jsdelivr.net 'unsafe-eval' 'unsafe-inline'; connect-src 'self' https://.msitecloud.com https://.msitecloud.com:* https://.cloudfront.net https://.amazonaws.com https://dc.services.visualstudio.com/ https://ec.walkme.com/ https://maps.googleapis.com/ https://cdn.walkme.com/ http://www.google-analytics.com https://ekr.zdassets.com https://.zendesk.com; frame-src http://localhost: https://www.google.com/ https://cdn.walkme.com/ https://.msitecloud.com https://.cloudfront.net https://.amazonaws.com msite:; img-src 'self' 'unsafe-inline' https://jwpltx.com https://maps.gstatic.com/ https://maps.googleapis.com/ https://.cloudfront.net https://.amazonaws.com data:; style-src 'self' 'unsafe-eval' 'unsafe-inline' https://fonts.googleapis.com/ https://cdn.walkme.com/ https://www.gstatic.com; font-src fonts.gstatic.com https://ssl.p.jwpcdn.com 'self' data:; media-src https://.cloudfront.net https://*.amazonaws.com;
Strict-Transport-Security	max-age=16070400; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://balfourbeatty.web.msitecloud.com/Account/Login?ReturnUrl=%2f
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 25 Aug 2022 16:06:38 GMT
content-encoding: gzip
referrer-policy: same-origin
last-modified: Thu, 25 Aug 2022 16:06:38 GMT
vary: User-Agent,Accept-Encoding
content-type: text/css; charset=utf-8
x-xss-protection: 1; mode=block
cache-control: public
feature-policy: autoplay 'self'; geolocation 'self'; midi 'none'; notifications 'self'; push 'self'; sync-xhr 'self' https://localhost https://*.msitecloud.com; microphone 'none'; camera 'self'; Magnetometer 'none'; gyroscope 'none'; speaker 'self'; vibrate 'none'; fullscreen 'self'; payment 'none';
content-security-policy: default-src 'self'; script-src 'self' https://ssl.p.jwpcdn.com https://cdn.walkme.com https://*.msitecloud.com https://maps.googleapis.com/ https://ajax.googleapis.com https://www.google.com/jsapi https://www.google.com/recaptcha/ https://static.zdassets.com http://www.google-analytics.com https://assets.zendesk.com https://www.gstatic.com https://*.msecnd.net https://cdn.jsdelivr.net 'unsafe-eval' 'unsafe-inline'; connect-src 'self' https://*.msitecloud.com https://*.msitecloud.com:* https://*.cloudfront.net https://*.amazonaws.com https://dc.services.visualstudio.com/ https://ec.walkme.com/ https://maps.googleapis.com/ https://cdn.walkme.com/ http://www.google-analytics.com https://ekr.zdassets.com https://*.zendesk.com; frame-src http://localhost:* https://www.google.com/ https://cdn.walkme.com/ https://*.msitecloud.com https://*.cloudfront.net https://*.amazonaws.com msite:; img-src 'self' 'unsafe-inline' https://jwpltx.com https://maps.gstatic.com/ https://maps.googleapis.com/ https://*.cloudfront.net https://*.amazonaws.com data:; style-src 'self' 'unsafe-eval' 'unsafe-inline' https://fonts.googleapis.com/ https://cdn.walkme.com/ https://www.gstatic.com; font-src fonts.gstatic.com https://ssl.p.jwpcdn.com 'self' data:; media-src https://*.cloudfront.net https://*.amazonaws.com;
strict-transport-security: max-age=16070400; includeSubDomains
content-length: 1449
x-content-type-options: nosniff, nosniff
expires: Fri, 25 Aug 2023 16:06:38 GMT

GET
H2 200 jquery.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.3.1/ Frame 4679 265 KB
80 KB 131ms
42ms Script
text/javascript 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.js

Requested by

Host: balfourbeatty.web.msitecloud.com
URL: https://balfourbeatty.web.msitecloud.com/Account/Login?ReturnUrl=%2f

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d8aa24ecc6cecb1a60515bc093f1c9da38a0392612d9ab8ae0f7f36e6eee1fad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
Origin: https://balfourbeatty.web.msitecloud.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 23 Aug 2022 12:52:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 184460
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 80667
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 23 Aug 2023 12:52:18 GMT

GET
H2 200 login Show response
balfourbeatty.web.msitecloud.com/bundles/js/ Frame 4679 14 KB
7 KB 39ms
38ms Script
text/javascript 3.8.246.184
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://balfourbeatty.web.msitecloud.com/bundles/js/login?v=__S0S87R5184m4yPMeCpQl_I-sXZjr4joPSGgz4KUuk1

Requested by

Host: balfourbeatty.web.msitecloud.com
URL: https://balfourbeatty.web.msitecloud.com/Account/Login?ReturnUrl=%2f

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.8.246.184 London, United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-8-246-184.eu-west-2.compute.amazonaws.com

Software

Resource Hash

02765b0b2831521d44154dfa3521b454c4d9566dbab9f4d687662f779abb9935

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' https://ssl.p.jwpcdn.com https://cdn.walkme.com https://.msitecloud.com https://maps.googleapis.com/ https://ajax.googleapis.com https://www.google.com/jsapi https://www.google.com/recaptcha/ https://static.zdassets.com http://www.google-analytics.com https://assets.zendesk.com https://www.gstatic.com https://.msecnd.net https://cdn.jsdelivr.net 'unsafe-eval' 'unsafe-inline'; connect-src 'self' https://.msitecloud.com https://.msitecloud.com:* https://.cloudfront.net https://.amazonaws.com https://dc.services.visualstudio.com/ https://ec.walkme.com/ https://maps.googleapis.com/ https://cdn.walkme.com/ http://www.google-analytics.com https://ekr.zdassets.com https://.zendesk.com; frame-src http://localhost: https://www.google.com/ https://cdn.walkme.com/ https://.msitecloud.com https://.cloudfront.net https://.amazonaws.com msite:; img-src 'self' 'unsafe-inline' https://jwpltx.com https://maps.gstatic.com/ https://maps.googleapis.com/ https://.cloudfront.net https://.amazonaws.com data:; style-src 'self' 'unsafe-eval' 'unsafe-inline' https://fonts.googleapis.com/ https://cdn.walkme.com/ https://www.gstatic.com; font-src fonts.gstatic.com https://ssl.p.jwpcdn.com 'self' data:; media-src https://.cloudfront.net https://*.amazonaws.com;
Strict-Transport-Security	max-age=16070400; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://balfourbeatty.web.msitecloud.com/Account/Login?ReturnUrl=%2f
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 25 Aug 2022 16:06:38 GMT
content-encoding: gzip
referrer-policy: same-origin
last-modified: Thu, 25 Aug 2022 16:06:38 GMT
vary: User-Agent,Accept-Encoding
content-type: text/javascript; charset=utf-8
x-xss-protection: 1; mode=block
cache-control: public
feature-policy: autoplay 'self'; geolocation 'self'; midi 'none'; notifications 'self'; push 'self'; sync-xhr 'self' https://localhost https://*.msitecloud.com; microphone 'none'; camera 'self'; Magnetometer 'none'; gyroscope 'none'; speaker 'self'; vibrate 'none'; fullscreen 'self'; payment 'none';
content-security-policy: default-src 'self'; script-src 'self' https://ssl.p.jwpcdn.com https://cdn.walkme.com https://*.msitecloud.com https://maps.googleapis.com/ https://ajax.googleapis.com https://www.google.com/jsapi https://www.google.com/recaptcha/ https://static.zdassets.com http://www.google-analytics.com https://assets.zendesk.com https://www.gstatic.com https://*.msecnd.net https://cdn.jsdelivr.net 'unsafe-eval' 'unsafe-inline'; connect-src 'self' https://*.msitecloud.com https://*.msitecloud.com:* https://*.cloudfront.net https://*.amazonaws.com https://dc.services.visualstudio.com/ https://ec.walkme.com/ https://maps.googleapis.com/ https://cdn.walkme.com/ http://www.google-analytics.com https://ekr.zdassets.com https://*.zendesk.com; frame-src http://localhost:* https://www.google.com/ https://cdn.walkme.com/ https://*.msitecloud.com https://*.cloudfront.net https://*.amazonaws.com msite:; img-src 'self' 'unsafe-inline' https://jwpltx.com https://maps.gstatic.com/ https://maps.googleapis.com/ https://*.cloudfront.net https://*.amazonaws.com data:; style-src 'self' 'unsafe-eval' 'unsafe-inline' https://fonts.googleapis.com/ https://cdn.walkme.com/ https://www.gstatic.com; font-src fonts.gstatic.com https://ssl.p.jwpcdn.com 'self' data:; media-src https://*.cloudfront.net https://*.amazonaws.com;
strict-transport-security: max-age=16070400; includeSubDomains
content-length: 5773
x-content-type-options: nosniff, nosniff
expires: Fri, 25 Aug 2023 16:06:38 GMT

GET
H2 200 api.js Show response
www.google.com/recaptcha/ Frame 4679 850 B
971 B 140ms
50ms Script
text/javascript 2a00:1450:4001:800::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js

Requested by

Host: balfourbeatty.web.msitecloud.com
URL: https://balfourbeatty.web.msitecloud.com/Account/Login?ReturnUrl=%2f

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

ceb417cb7d856fe6f03f32e07c09c894a4dcc077bb8e0ce762773d67824bd0f9

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 25 Aug 2022 16:06:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 558
x-xss-protection: 1; mode=block
expires: Thu, 25 Aug 2022 16:06:38 GMT

GET
H2 200 BrandingSiteLoginImage
balfourbeatty.web.msitecloud.com/Account/ Frame 4679 5 KB
7 KB 37ms
36ms Image
image/jpeg 3.8.246.184
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://balfourbeatty.web.msitecloud.com/Account/BrandingSiteLoginImage

Requested by

Host: balfourbeatty.web.msitecloud.com
URL: https://balfourbeatty.web.msitecloud.com/Account/Login?ReturnUrl=%2f

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.8.246.184 London, United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-8-246-184.eu-west-2.compute.amazonaws.com

Software

Resource Hash

52c607c83e5de7f9609a40708b1a31d96aa71ac3922b857bc304428f3e9114e3

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' https://ssl.p.jwpcdn.com https://cdn.walkme.com https://.msitecloud.com https://maps.googleapis.com/ https://ajax.googleapis.com https://www.google.com/jsapi https://www.google.com/recaptcha/ https://static.zdassets.com http://www.google-analytics.com https://assets.zendesk.com https://www.gstatic.com https://.msecnd.net https://cdn.jsdelivr.net 'unsafe-eval' 'unsafe-inline'; connect-src 'self' https://.msitecloud.com https://.msitecloud.com:* https://.cloudfront.net https://.amazonaws.com https://dc.services.visualstudio.com/ https://ec.walkme.com/ https://maps.googleapis.com/ https://cdn.walkme.com/ http://www.google-analytics.com https://ekr.zdassets.com https://.zendesk.com; frame-src http://localhost: https://www.google.com/ https://cdn.walkme.com/ https://.msitecloud.com https://.cloudfront.net https://.amazonaws.com msite:; img-src 'self' 'unsafe-inline' https://jwpltx.com https://maps.gstatic.com/ https://maps.googleapis.com/ https://.cloudfront.net https://.amazonaws.com data:; style-src 'self' 'unsafe-eval' 'unsafe-inline' https://fonts.googleapis.com/ https://cdn.walkme.com/ https://www.gstatic.com; font-src fonts.gstatic.com https://ssl.p.jwpcdn.com 'self' data:; media-src https://.cloudfront.net https://*.amazonaws.com;
Strict-Transport-Security	max-age=16070400; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://balfourbeatty.web.msitecloud.com/Account/Login?ReturnUrl=%2f
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 25 Aug 2022 16:06:38 GMT
referrer-policy: same-origin
last-modified: Thu, 25 Aug 2022 16:06:29 GMT
x-xss-protection: 1; mode=block
vary: *
content-type: image/jpeg
content-disposition: attachment; filename=280be026-4ee6-4a69-b9fd-fc4f65528c7c
cache-control: public, max-age=3590
feature-policy: autoplay 'self'; geolocation 'self'; midi 'none'; notifications 'self'; push 'self'; sync-xhr 'self' https://localhost https://*.msitecloud.com; microphone 'none'; camera 'self'; Magnetometer 'none'; gyroscope 'none'; speaker 'self'; vibrate 'none'; fullscreen 'self'; payment 'none';
content-security-policy: default-src 'self'; script-src 'self' https://ssl.p.jwpcdn.com https://cdn.walkme.com https://*.msitecloud.com https://maps.googleapis.com/ https://ajax.googleapis.com https://www.google.com/jsapi https://www.google.com/recaptcha/ https://static.zdassets.com http://www.google-analytics.com https://assets.zendesk.com https://www.gstatic.com https://*.msecnd.net https://cdn.jsdelivr.net 'unsafe-eval' 'unsafe-inline'; connect-src 'self' https://*.msitecloud.com https://*.msitecloud.com:* https://*.cloudfront.net https://*.amazonaws.com https://dc.services.visualstudio.com/ https://ec.walkme.com/ https://maps.googleapis.com/ https://cdn.walkme.com/ http://www.google-analytics.com https://ekr.zdassets.com https://*.zendesk.com; frame-src http://localhost:* https://www.google.com/ https://cdn.walkme.com/ https://*.msitecloud.com https://*.cloudfront.net https://*.amazonaws.com msite:; img-src 'self' 'unsafe-inline' https://jwpltx.com https://maps.gstatic.com/ https://maps.googleapis.com/ https://*.cloudfront.net https://*.amazonaws.com data:; style-src 'self' 'unsafe-eval' 'unsafe-inline' https://fonts.googleapis.com/ https://cdn.walkme.com/ https://www.gstatic.com; font-src fonts.gstatic.com https://ssl.p.jwpcdn.com 'self' data:; media-src https://*.cloudfront.net https://*.amazonaws.com;
strict-transport-security: max-age=16070400; includeSubDomains
content-length: 5480
x-content-type-options: nosniff, nosniff
expires: Thu, 25 Aug 2022 17:06:29 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ Frame 4679 49 KB
20 KB 364ms
40ms Script
text/javascript 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: balfourbeatty.web.msitecloud.com
URL: https://balfourbeatty.web.msitecloud.com/Account/Login?ReturnUrl=%2f

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
server: Golfe2
age: 3878
date: Thu, 25 Aug 2022 15:02:00 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Thu, 25 Aug 2022 17:02:00 GMT

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/PRMRaAwB3KlylGQR57Dyk-pF/ Frame 4679 387 KB
154 KB 295ms
43ms Script
text/javascript 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/PRMRaAwB3KlylGQR57Dyk-pF/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d519d7c7ed0ef60bdff019860cb18b309245d9dd8450acb3ce173f5fe4ff3bc7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
Origin: https://balfourbeatty.web.msitecloud.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 25 Aug 2022 09:14:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 24716
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 157275
x-xss-protection: 0
last-modified: Mon, 15 Aug 2022 20:03:29 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 25 Aug 2023 09:14:42 GMT

GET
H2 200 fa-solid-900.woff2
balfourbeatty.web.msitecloud.com/Content/Fonts/ Frame 4679 76 KB
78 KB 37ms
36ms Font
application/font-woff2 3.8.246.184
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://balfourbeatty.web.msitecloud.com/Content/Fonts/fa-solid-900.woff2

Requested by

Host: balfourbeatty.web.msitecloud.com
URL: https://balfourbeatty.web.msitecloud.com/bundles/css/embedded?v=-xk6C5M3hGQcHe5FqtzEhPfVV2uJoK38pCY2WEVzwK01

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.8.246.184 London, United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-8-246-184.eu-west-2.compute.amazonaws.com

Software

Microsoft-IIS/10.0 /

Resource Hash

d0b4256abed72481585662971262eabee345c19f837af00d7ce24239d3b40eef

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' https://ssl.p.jwpcdn.com https://cdn.walkme.com https://.msitecloud.com https://maps.googleapis.com/ https://ajax.googleapis.com https://www.google.com/jsapi https://www.google.com/recaptcha/ https://static.zdassets.com http://www.google-analytics.com https://assets.zendesk.com https://www.gstatic.com https://.msecnd.net https://cdn.jsdelivr.net 'unsafe-eval' 'unsafe-inline'; connect-src 'self' https://.msitecloud.com https://.msitecloud.com:* https://.cloudfront.net https://.amazonaws.com https://dc.services.visualstudio.com/ https://ec.walkme.com/ https://maps.googleapis.com/ https://cdn.walkme.com/ http://www.google-analytics.com https://ekr.zdassets.com https://.zendesk.com; frame-src http://localhost: https://www.google.com/ https://cdn.walkme.com/ https://.msitecloud.com https://.cloudfront.net https://.amazonaws.com msite:; img-src 'self' 'unsafe-inline' https://jwpltx.com https://maps.gstatic.com/ https://maps.googleapis.com/ https://.cloudfront.net https://.amazonaws.com data:; style-src 'self' 'unsafe-eval' 'unsafe-inline' https://fonts.googleapis.com/ https://cdn.walkme.com/ https://www.gstatic.com; font-src fonts.gstatic.com https://ssl.p.jwpcdn.com 'self' data:; media-src https://.cloudfront.net https://*.amazonaws.com;
Strict-Transport-Security	max-age=16070400; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://balfourbeatty.web.msitecloud.com/bundles/css/embedded?v=-xk6C5M3hGQcHe5FqtzEhPfVV2uJoK38pCY2WEVzwK01
Origin: https://balfourbeatty.web.msitecloud.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 25 Aug 2022 16:06:38 GMT
referrer-policy: same-origin
last-modified: Mon, 22 Aug 2022 14:19:06 GMT
server: Microsoft-IIS/10.0
etag: "069b2332b6d81:0"
strict-transport-security: max-age=16070400; includeSubDomains
content-type: application/font-woff2
x-xss-protection: 1; mode=block
cache-control: private,max-age=86400
feature-policy: autoplay 'self'; geolocation 'self'; midi 'none'; notifications 'self'; push 'self'; sync-xhr 'self' https://localhost https://*.msitecloud.com; microphone 'none'; camera 'self'; Magnetometer 'none'; gyroscope 'none'; speaker 'self'; vibrate 'none'; fullscreen 'self'; payment 'none';
content-security-policy: default-src 'self'; script-src 'self' https://ssl.p.jwpcdn.com https://cdn.walkme.com https://*.msitecloud.com https://maps.googleapis.com/ https://ajax.googleapis.com https://www.google.com/jsapi https://www.google.com/recaptcha/ https://static.zdassets.com http://www.google-analytics.com https://assets.zendesk.com https://www.gstatic.com https://*.msecnd.net https://cdn.jsdelivr.net 'unsafe-eval' 'unsafe-inline'; connect-src 'self' https://*.msitecloud.com https://*.msitecloud.com:* https://*.cloudfront.net https://*.amazonaws.com https://dc.services.visualstudio.com/ https://ec.walkme.com/ https://maps.googleapis.com/ https://cdn.walkme.com/ http://www.google-analytics.com https://ekr.zdassets.com https://*.zendesk.com; frame-src http://localhost:* https://www.google.com/ https://cdn.walkme.com/ https://*.msitecloud.com https://*.cloudfront.net https://*.amazonaws.com msite:; img-src 'self' 'unsafe-inline' https://jwpltx.com https://maps.gstatic.com/ https://maps.googleapis.com/ https://*.cloudfront.net https://*.amazonaws.com data:; style-src 'self' 'unsafe-eval' 'unsafe-inline' https://fonts.googleapis.com/ https://cdn.walkme.com/ https://www.gstatic.com; font-src fonts.gstatic.com https://ssl.p.jwpcdn.com 'self' data:; media-src https://*.cloudfront.net https://*.amazonaws.com;
accept-ranges: bytes
content-length: 78196
x-content-type-options: nosniff

GET
H/1.1 200
OK index.html Show response
s3-eu-west-2.amazonaws.com/mslive-public/LoginMedia/BalfourBeatty/ Frame DA43 741 B
1 KB 220ms
60ms Document
text/html 52.95.149.80
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s3-eu-west-2.amazonaws.com/mslive-public/LoginMedia/BalfourBeatty/index.html
Requested by: Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.95.149.80 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: s3.eu-west-2.amazonaws.com
Software: AmazonS3 /
Resource Hash: 728077a730582b18f4b961f027db023c140a3c86d9061ca45794801a5f97ac02

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

Accept-Ranges: bytes
Content-Length: 741
Content-Type: text/html
Date: Thu, 25 Aug 2022 16:06:40 GMT
ETag: "78f99911984e11581766c90d0206cdd1"
Last-Modified: Tue, 11 Dec 2018 11:51:15 GMT
Server: AmazonS3
x-amz-id-2: HsmMwOt0rPWTVleQsCCI2eMT4/nxYS7wM7fRz2GU/5R8NBldI2r4RnO5E3+l3uMGKpV6yAIJhnI=
x-amz-request-id: 3NZ4SZ2Z7VK2ZVCK

POST
H2 200 collect Show response
www.google-analytics.com/j/ Frame 4679 2 B
219 B 49ms
48ms XHR
text/plain 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1680244703&t=pageview&_s=1&dl=https%3A%2F%2Fbalfourbeatty.web.msitecloud.com%2FAccount%2FLogin%3FReturnUrl%3D%252f&ul=en-us&de=UTF-8&dt=MSite%20-%20Login&sd=24-bit&sr=1600x1200&vp=1600x1135&je=0&_u=IEBAAEABAAAAAC~&jid=661164661&gjid=1287919134&cid=1895624113.1661443599&tid=UA-6722164-3&_gid=2071278451.1661443599&_r=1&_slc=1&z=1537106179

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 25 Aug 2022 16:06:38 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://balfourbeatty.web.msitecloud.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 anchor Show response
www.google.com/recaptcha/api2/ Frame 25AD 43 KB
22 KB 151ms
65ms Document
text/html 2a00:1450:4001:800::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfCyBgUAAAAAKHmjESi5mM5VgEyCCpjqLqNDx5a&co=aHR0cHM6Ly9iYWxmb3VyYmVhdHR5LndlYi5tc2l0ZWNsb3VkLmNvbTo0NDM.&hl=en&v=PRMRaAwB3KlylGQR57Dyk-pF&size=normal&cb=f3szahpme4kh

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/PRMRaAwB3KlylGQR57Dyk-pF/recaptcha__en.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

18f975b08c1b9f129235b4f3120485a2fadbf1b27bdbe66f446aecd7aa57b6de

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-WgIY69dVwhI5YwPlVt2cYw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-length: 22914
content-security-policy: script-src 'report-sample' 'nonce-WgIY69dVwhI5YwPlVt2cYw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 25 Aug 2022 16:06:39 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK main.css
s3-eu-west-2.amazonaws.com/mslive-public/LoginMedia/BalfourBeatty/css/ Frame DA43 4 KB
4 KB 59ms
59ms Stylesheet
text/css 52.95.149.80
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s3-eu-west-2.amazonaws.com/mslive-public/LoginMedia/BalfourBeatty/css/main.css
Requested by: Host: s3-eu-west-2.amazonaws.com
URL: https://s3-eu-west-2.amazonaws.com/mslive-public/LoginMedia/BalfourBeatty/index.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.95.149.80 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: s3.eu-west-2.amazonaws.com
Software: AmazonS3 /
Resource Hash: b47a91f925ccf1b33be293ef538407aad1849e076f1ef717ab9effaea7480e55

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s3-eu-west-2.amazonaws.com/mslive-public/LoginMedia/BalfourBeatty/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date: Thu, 25 Aug 2022 16:06:40 GMT
Last-Modified: Tue, 11 Dec 2018 11:51:15 GMT
Server: AmazonS3
x-amz-request-id: 3NZB7TYHAG8S5QM9
ETag: "1ba831965d643d46071d51fdf3d8580c"
Content-Type: text/css
Accept-Ranges: bytes
Content-Length: 3646
x-amz-id-2: SszPih1gVRvhcTtH/YNXwqrqfBYqg1mAiuuYiIyFaHLZ4e5n7V4Fcc/yf7fGtBpX7knpi20S8M0=

GET
H2 200 font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/ Frame DA43 30 KB
7 KB 158ms
57ms Stylesheet
text/css 2606:4700::6812:acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css

Requested by

Host: s3-eu-west-2.amazonaws.com
URL: https://s3-eu-west-2.amazonaws.com/mslive-public/LoginMedia/BalfourBeatty/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s3-eu-west-2.amazonaws.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 25 Aug 2022 16:06:39 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 722, 617
age: 14503145
cdn-cachedat: 2021-03-10 20:26:20
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:04:55 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: e55ae71d8339ddb30e4376a027623d28
cf-ray: 7405937f4b790200-ZRH
cdn-requestcountrycode: CH
cdn-requestpullsuccess: True

GET
H2 200 jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/3.1.1/ Frame DA43 85 KB
27 KB 188ms
90ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/3.1.1/jquery.min.js

Requested by

Host: s3-eu-west-2.amazonaws.com
URL: https://s3-eu-west-2.amazonaws.com/mslive-public/LoginMedia/BalfourBeatty/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s3-eu-west-2.amazonaws.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 25 Aug 2022 16:06:39 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 672442
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 27192
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:11:48 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ec4-152b5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WIzXCT%2B35MFlNo0iXysxtuoshTitw%2FgUbANmLfElioHdPCXTZOQjCcJTdrSnp9As63AfswlB2MXK0Mp6j%2FAxNJdV7nJp5qKA7w29pQ3HYvu7Uh8wF8i%2Bycv%2Bf9H1bsETSOxmaPYIU2MjscWFrL%2BhZGaW"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 7405937f3fb3021d-ZRH
expires: Tue, 15 Aug 2023 16:06:39 GMT

GET
H/1.1 200
OK main.js Show response
s3-eu-west-2.amazonaws.com/mslive-public/LoginMedia/BalfourBeatty/js/ Frame DA43 2 KB
2 KB 112ms
52ms Script
application/javascript 52.95.149.80
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s3-eu-west-2.amazonaws.com/mslive-public/LoginMedia/BalfourBeatty/js/main.js
Requested by: Host: s3-eu-west-2.amazonaws.com
URL: https://s3-eu-west-2.amazonaws.com/mslive-public/LoginMedia/BalfourBeatty/index.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.95.149.80 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: s3.eu-west-2.amazonaws.com
Software: AmazonS3 /
Resource Hash: ba2b416c99832dd170ee1a9b9cf718dd7819cfb2f404d0a2400147f1286ee008

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s3-eu-west-2.amazonaws.com/mslive-public/LoginMedia/BalfourBeatty/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date: Thu, 25 Aug 2022 16:06:40 GMT
Last-Modified: Tue, 11 Dec 2018 11:51:15 GMT
Server: AmazonS3
x-amz-request-id: 3NZ4WG2ATY9SBYXP
ETag: "79c99f8bf1b80f10450e6e7c13fe2a90"
Content-Type: application/javascript
Accept-Ranges: bytes
Content-Length: 1538
x-amz-id-2: q8tAsHUe7GrDIBvFR23PbYxSe/KQv28qSU7iXv+0QWp0wngv5Gf6gMGPGkqRe+Ft5w7J4bxtOCM=

GET
H3 200 css
fonts.googleapis.com/ Frame DA43 5 KB
667 B 121ms
44ms Stylesheet
text/css 2a00:1450:400e:80f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:300,400

Requested by

Host: s3-eu-west-2.amazonaws.com
URL: https://s3-eu-west-2.amazonaws.com/mslive-public/LoginMedia/BalfourBeatty/css/main.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400e:80f::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c3baec46d1dd68b2a9d35ad4fa2f7883d122bb3e0af79cb0aea8e3c3ed529cd5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s3-eu-west-2.amazonaws.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 25 Aug 2022 14:34:53 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 25 Aug 2022 16:06:39 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 25 Aug 2022 16:06:39 GMT

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/PRMRaAwB3KlylGQR57Dyk-pF/ Frame 25AD 52 KB
24 KB 127ms
43ms Stylesheet
text/css 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/PRMRaAwB3KlylGQR57Dyk-pF/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfCyBgUAAAAAKHmjESi5mM5VgEyCCpjqLqNDx5a&co=aHR0cHM6Ly9iYWxmb3VyYmVhdHR5LndlYi5tc2l0ZWNsb3VkLmNvbTo0NDM.&hl=en&v=PRMRaAwB3KlylGQR57Dyk-pF&size=normal&cb=f3szahpme4kh

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

caf2650aa985d277b2dd131a6261888bc64e6c9bc15e5564bfb9b380bcf82a10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 25 Aug 2022 14:47:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4778
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24251
x-xss-protection: 0
last-modified: Mon, 15 Aug 2022 20:03:29 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 25 Aug 2023 14:47:01 GMT

GET
H3 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/PRMRaAwB3KlylGQR57Dyk-pF/ Frame 25AD 387 KB
154 KB 150ms
67ms Script
text/javascript 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/PRMRaAwB3KlylGQR57Dyk-pF/recaptcha__en.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d519d7c7ed0ef60bdff019860cb18b309245d9dd8450acb3ce173f5fe4ff3bc7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 25 Aug 2022 09:14:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 24717
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 157275
x-xss-protection: 0
last-modified: Mon, 15 Aug 2022 20:03:29 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 25 Aug 2023 09:14:42 GMT

GET
H/1.1 200
OK Main-BG.jpg
s3-eu-west-2.amazonaws.com/mslive-public/LoginMedia/BalfourBeatty/img/ Frame DA43 490 KB
490 KB 51ms
51ms Image
image/jpeg 52.95.149.80
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3-eu-west-2.amazonaws.com/mslive-public/LoginMedia/BalfourBeatty/img/Main-BG.jpg
Requested by: Host: s3-eu-west-2.amazonaws.com
URL: https://s3-eu-west-2.amazonaws.com/mslive-public/LoginMedia/BalfourBeatty/css/main.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.95.149.80 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: s3.eu-west-2.amazonaws.com
Software: AmazonS3 /
Resource Hash: e0c67121e539cea78177854e4515e9c47c26640ff77d3d7bc8f92a01847e5723

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s3-eu-west-2.amazonaws.com/mslive-public/LoginMedia/BalfourBeatty/css/main.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date: Thu, 25 Aug 2022 16:06:40 GMT
Last-Modified: Tue, 11 Dec 2018 11:51:15 GMT
Server: AmazonS3
x-amz-request-id: 3NZ0J412FX2NK5J1
ETag: "bc2935843ed83862abf5a4ba409c39a2"
Content-Type: image/jpeg
Accept-Ranges: bytes
Content-Length: 501450
x-amz-id-2: zFv3GebUAvfmF8jhuTDbloxJ1U6TkHsp7XAR6G9W+yTWofQrdjtl2sHJ2KuSiYIZlYKTD4Wrmwk=

GET
H3 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v34/ Frame DA43 44 KB
44 KB 125ms
41ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:300,400

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://s3-eu-west-2.amazonaws.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 18:50:24 GMT
x-content-type-options: nosniff
age: 249375
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44856
x-xss-protection: 0
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 22 Aug 2023 18:50:24 GMT

GET
H3 200 fontawesome-webfont.woff2
maxcdn.bootstrapcdn.com/font-awesome/4.7.0/fonts/ Frame DA43 75 KB
76 KB 119ms
67ms Font
font/woff2 2606:4700::6812:acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0

Requested by

Host: maxcdn.bootstrapcdn.com
URL: https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
Origin: https://s3-eu-west-2.amazonaws.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 25 Aug 2022 16:06:39 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 601
age: 3896
cdn-proxyver: 1.02
cdn-cachedat: 04/09/2022 08:19:45
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 77160
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:04:55 GMT
server: cloudflare
cdn-requestpullcode: 200
etag: "af7ae505a9eed503f8b8e6982036873e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: font/woff2
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: d393349f20453116aaf3531e0a282f7f
accept-ranges: bytes
cf-ray: 740593804f5a2355-ZRH
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
H3 200 webworker.js
www.google.com/recaptcha/api2/ Frame 25AD 102 B
134 B 53ms
52ms Other
text/javascript 2a00:1450:4001:800::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=PRMRaAwB3KlylGQR57Dyk-pF

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

99584f816df6714b39895e4032ede0c137cd7fd764abbb64845f25848ccc0565

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfCyBgUAAAAAKHmjESi5mM5VgEyCCpjqLqNDx5a&co=aHR0cHM6Ly9iYWxmb3VyYmVhdHR5LndlYi5tc2l0ZWNsb3VkLmNvbTo0NDM.&hl=en&v=PRMRaAwB3KlylGQR57Dyk-pF&size=normal&cb=f3szahpme4kh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 25 Aug 2022 16:06:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
cross-origin-embedder-policy: require-corp
x-frame-options: SAMEORIGIN
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 112
x-xss-protection: 1; mode=block
expires: Thu, 25 Aug 2022 16:06:39 GMT

GET
H3 200 bframe Show response
www.google.com/recaptcha/api2/ Frame 8DC2 7 KB
1 KB 56ms
55ms Document
text/html 2a00:1450:4001:800::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/bframe?hl=en&v=PRMRaAwB3KlylGQR57Dyk-pF&k=6LfCyBgUAAAAAKHmjESi5mM5VgEyCCpjqLqNDx5a

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/PRMRaAwB3KlylGQR57Dyk-pF/recaptcha__en.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

97d0f7233db86e7a4ab2052f0776982e345d334a1217d2c35fec026232aa2973

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-5ZDgZA2D502QiSxMz__F9g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-length: 1115
content-security-policy: script-src 'report-sample' 'nonce-5ZDgZA2D502QiSxMz__F9g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 25 Aug 2022 16:06:39 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 204 authentication Show response
balfourbeatty.msitecloud.com/api/ 0
370 B 43ms
42ms XHR
text/plain 3.9.236.92
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://balfourbeatty.msitecloud.com/api/authentication
Requested by: Host: balfourbeatty.msitecloud.com
URL: https://balfourbeatty.msitecloud.com/js/JsInterop.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.9.236.92 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-9-236-92.eu-west-2.compute.amazonaws.com
Software: Kestrel /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://balfourbeatty.msitecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 25 Aug 2022 16:06:39 GMT
server: Kestrel

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/PRMRaAwB3KlylGQR57Dyk-pF/ Frame 8DC2 52 KB
24 KB 46ms
45ms Stylesheet
text/css 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/PRMRaAwB3KlylGQR57Dyk-pF/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=en&v=PRMRaAwB3KlylGQR57Dyk-pF&k=6LfCyBgUAAAAAKHmjESi5mM5VgEyCCpjqLqNDx5a

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

caf2650aa985d277b2dd131a6261888bc64e6c9bc15e5564bfb9b380bcf82a10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 25 Aug 2022 14:47:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4778
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24251
x-xss-protection: 0
last-modified: Mon, 15 Aug 2022 20:03:29 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 25 Aug 2023 14:47:01 GMT

GET
H3 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/PRMRaAwB3KlylGQR57Dyk-pF/ Frame 8DC2 387 KB
154 KB 46ms
46ms Script
text/javascript 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/PRMRaAwB3KlylGQR57Dyk-pF/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=en&v=PRMRaAwB3KlylGQR57Dyk-pF&k=6LfCyBgUAAAAAKHmjESi5mM5VgEyCCpjqLqNDx5a

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d519d7c7ed0ef60bdff019860cb18b309245d9dd8450acb3ce173f5fe4ff3bc7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 25 Aug 2022 09:14:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 24717
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 157275
x-xss-protection: 0
last-modified: Mon, 15 Aug 2022 20:03:29 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 25 Aug 2023 09:14:42 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Email (Online)

17 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.msitecloud.com/	1969-12-31 23:59:59	Name: __RequestVerificationToken Value: hJ2rv5BVc7NzNje7A1yAP-rj0bzE4r2nZx4fxdoUNqnD3l1M2Mw1iD9ZMLDG7mVGvXts92Hlv8A2S0qB5_PuvIcQ5xg1
.msitecloud.com/	1970-01-20 15:06:43	Name: _ga Value: GA1.2.1895624113.1661443599
.msitecloud.com/	1970-01-20 05:32:09	Name: _gid Value: GA1.2.2071278451.1661443599
.msitecloud.com/	1970-01-20 05:30:43	Name: _gat Value: 1
balfourbeatty.msitecloud.com/	1970-01-20 05:40:48	Name: AWSALB Value: 96ZTcfvq92fGBT9pRDBDDugPOuqYSUMQxZOaVaNL13oDDRDJKT0YTvTDAswcWuqE3+CscZILGym8H7bE52bo/NpD5LVSSVkGRmza+Rwv534gDfP1UCNlEvdk63b7

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	Message: Error with Feature-Policy header: Unrecognized feature: 'notifications'.
security	warning	Message: Error with Feature-Policy header: Unrecognized feature: 'push'.
security	warning	Message: Error with Feature-Policy header: Unrecognized feature: 'Magnetometer'.
security	warning	Message: Error with Feature-Policy header: Unrecognized feature: 'speaker'.
security	warning	Message: Error with Feature-Policy header: Unrecognized feature: 'vibrate'.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
balfourbeatty.msitecloud.com
balfourbeatty.web.msitecloud.com
cdnjs.cloudflare.com
fonts.googleapis.com
fonts.gstatic.com
maxcdn.bootstrapcdn.com
s3-eu-west-2.amazonaws.com
www.google-analytics.com
www.google.com
www.gstatic.com
2606:4700::6811:190e
2606:4700::6812:acf
2a00:1450:4001:800::2004
2a00:1450:4001:803::2003
2a00:1450:4001:806::200e
2a00:1450:4001:827::200a
2a00:1450:4001:829::2003
2a00:1450:400e:80f::200a
3.8.246.184
3.9.236.92
52.95.149.80
02765b0b2831521d44154dfa3521b454c4d9566dbab9f4d687662f779abb9935
049fc6f9efb2edb41dad8912d91053c8d7c11e903d22e19a3e67fd86db9be4c4
100f30cfaabf0ed76201c02d530f80fed34fe1f1d415e811ee1896497ae719d2
18f975b08c1b9f129235b4f3120485a2fadbf1b27bdbe66f446aecd7aa57b6de
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
3c2eed95477b5811ac48e9da8f6a71f936c2ded06ff5303f0b30fbd18f3333a8
4cd840730613b1dfb747f1227ae72d8ec7d00c83d0345ec0df39e6768bc15791
4dc929a558235a5a44893cef1d0d1565c166fd89e25914b94cc2e9447ef61742
52c607c83e5de7f9609a40708b1a31d96aa71ac3922b857bc304428f3e9114e3
536694c815f506afda9ffad6431d2b1ea03d5eabf709d411c92aa0aa229afbf4
66361302e500c8edf61857a755eccfe8b97975a59e2a4354db5c4e3d53587fc5
728077a730582b18f4b961f027db023c140a3c86d9061ca45794801a5f97ac02
777e823004fad725588f1489396f837cb7283f25ccfc00372b319317fd88b710
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
97d0f7233db86e7a4ab2052f0776982e345d334a1217d2c35fec026232aa2973
99584f816df6714b39895e4032ede0c137cd7fd764abbb64845f25848ccc0565
99f8e3ad34f0b6719f95c595fe89b154f0cc68f9ad86d72b7112d7e4359f54af
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a70a4311e72c87185fff8606d8a57f038fe2a8be7528c6285279cd8c3134b1e0
aa3190ba7edbe06a4ed3600b6631800215e022377f634f6c174e013d04287e04
ae576713bc196098f7438dede6ff1f835a23291c32b745ad7e6fb6db809a719b
b47a91f925ccf1b33be293ef538407aad1849e076f1ef717ab9effaea7480e55
b8770c78c94583be83781708671c799ece8e477744794574bd7708f1fc04e96b
ba2b416c99832dd170ee1a9b9cf718dd7819cfb2f404d0a2400147f1286ee008
c241c31b96ccce2be3cc420afed781ac065eda947a87e8a317268da78ed11460
c3baec46d1dd68b2a9d35ad4fa2f7883d122bb3e0af79cb0aea8e3c3ed529cd5
caf2650aa985d277b2dd131a6261888bc64e6c9bc15e5564bfb9b380bcf82a10
cba6172988c4f2a636c28d2c46741ebbb03873f482eb038b51ee0c4840c9d13f
ceb417cb7d856fe6f03f32e07c09c894a4dcc077bb8e0ce762773d67824bd0f9
d0b4256abed72481585662971262eabee345c19f837af00d7ce24239d3b40eef
d519d7c7ed0ef60bdff019860cb18b309245d9dd8450acb3ce173f5fe4ff3bc7
d8aa24ecc6cecb1a60515bc093f1c9da38a0392612d9ab8ae0f7f36e6eee1fad
e0c67121e539cea78177854e4515e9c47c26640ff77d3d7bc8f92a01847e5723
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e89df94117d9c71eebb52fe649a4bbb71fbe6f38e3df1be54b8ffb5f8fb97a2c
f6d1a8f876519eb7886b39c712c34bf11301da28736c79accc6bb1de6b5cd829

balfourbeatty.msitecloud.com Open in urlscan Pro 3.9.236.92 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

48 Requests

100 %HTTPS

73 %IPv6

8 Domains

11 Subdomains

11 IPs

4 Countries

2014 kBTransfer

3370 kBSize

5 Cookies

0 Outgoing links

Redirected requests

48 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

balfourbeatty.msitecloud.com Open in urlscan Pro
3.9.236.92 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

48
Requests

100 %
HTTPS

73 %
IPv6

8
Domains

11
Subdomains

11
IPs

4
Countries

2014 kB
Transfer

3370 kB
Size

5
Cookies

48 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!