www.employees-portals.com Open in urlscan Pro
207.244.235.129 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.employees-portals.com/
Submission: On July 11 via automatic, source certstream-suspicious (July 11th 2022, 10:38:14 am UTC) — Scanned from DE

Summary HTTP 16 Redirects Behaviour Indicators

Summary

This website contacted 11 IPs in 2 countries across 11 domains to perform 16 HTTP transactions. The main IP is 207.244.235.129, located in St Louis, United States and belongs to CONTABO, US. The main domain is www.employees-portals.com.
TLS certificate: Issued by R3 on July 11th 2022. Valid for: 3 months.

This is the only time www.employees-portals.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
6	207.244.235.129 207.244.235.129	40021 (CONTABO) (CONTABO)
1	2a06:98c1:312... 2a06:98c1:3121::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a04:4e42:400... 2a04:4e42:400::645	54113 (FASTLY) (FASTLY)
1	38.146.40.53 38.146.40.53	395717 (BLUEARCHI...) (BLUEARCHIVE-ZONE-1)
1	104.122.25.97 104.122.25.97	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2a00:1450:400... 2a00:1450:4001:801::2001	15169 (GOOGLE) (GOOGLE)
1	3.18.93.174 3.18.93.174	16509 (AMAZON-02) (AMAZON-02)
1 2	198.72.10.5 198.72.10.5	46887 (LIGHTOWER) (LIGHTOWER)
1	2a00:1450:400... 2a00:1450:4001:812::2016	15169 (GOOGLE) (GOOGLE)
1	2606:4700:303... 2606:4700:3031::6815:1477	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	45.79.189.31 45.79.189.31	63949 (LINODE-AP...) (LINODE-AP Linode)
16	11

6 207.244.235.129 (St Louis, United States)

ASN40021 (CONTABO, US)
PTR: vmi929661.contaboserver.net

www.employees-portals.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a06:98c1:3121::3 (United States)

ASN13335 (CLOUDFLARENET, US)

csufportals.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:400::645 (United States)

ASN54113 (FASTLY, US)

sfgov.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 38.146.40.53 (United States)

ASN395717 (BLUEARCHIVE-ZONE-1, US)

s3.us-west-1.wasabisys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.122.25.97 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-122-25-97.deploy.static.akamaitechnologies.com

www.transitchicago.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:801::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

lh3.googleusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.18.93.174 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-18-93-174.us-east-2.compute.amazonaws.com

www.careermd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 198.72.10.5 (Kings Park, United States) 1 redirects

ASN46887 (LIGHTOWER, US)
PTR: webprod.sunysuffolk.edu

sunysuffolk.edu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.sunysuffolk.edu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::2016 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

i.ytimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3031::6815:1477 (United States)

ASN13335 (CLOUDFLARENET, US)

www.addresources.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 45.79.189.31 (Cedar Knolls, United States)

ASN63949 (LINODE-AP Linode, LLC, US)
PTR: li1288-31.members.linode.com

www.questtrustcompany.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	employees-portals.com www.employees-portals.com	514 KB
2	sunysuffolk.edu 1 redirects sunysuffolk.edu — Cisco Umbrella Rank: 728557 www.sunysuffolk.edu	362 KB
1	questtrustcompany.com www.questtrustcompany.com	339 KB
1	addresources.org www.addresources.org	8 KB
1	ytimg.com i.ytimg.com — Cisco Umbrella Rank: 135	44 KB
1	careermd.com www.careermd.com	399 KB
1	googleusercontent.com lh3.googleusercontent.com — Cisco Umbrella Rank: 143	14 KB
1	transitchicago.com www.transitchicago.com — Cisco Umbrella Rank: 282695	12 KB
1	wasabisys.com s3.us-west-1.wasabisys.com — Cisco Umbrella Rank: 87502	5 KB
1	sfgov.org sfgov.org — Cisco Umbrella Rank: 240016	47 KB
1	csufportals.com csufportals.com	7 KB
16	11

	Domain	Requested by
6	www.employees-portals.com	www.employees-portals.com
1	www.questtrustcompany.com	www.employees-portals.com
1	www.addresources.org	www.employees-portals.com
1	i.ytimg.com	www.employees-portals.com
1	www.sunysuffolk.edu	www.employees-portals.com
1	sunysuffolk.edu	1 redirects
1	www.careermd.com	www.employees-portals.com
1	lh3.googleusercontent.com	www.employees-portals.com
1	www.transitchicago.com	www.employees-portals.com
1	s3.us-west-1.wasabisys.com	www.employees-portals.com
1	sfgov.org	www.employees-portals.com
1	csufportals.com	www.employees-portals.com
16	12

This site contains no links.

Subject Issuer	Validity	Valid
employees-portals.com R3	`2022-07-11` - `2022-10-09`	3 months	crt.sh
*.csufportals.com E1	`2022-07-04` - `2022-10-02`	3 months	crt.sh
sfgov.org R3	`2022-06-16` - `2022-09-14`	3 months	crt.sh
*.s3.us-west-1.wasabisys.com DigiCert TLS RSA SHA256 2020 CA1	`2021-09-17` - `2022-10-18`	a year	crt.sh
akamai.dv.americaneagle.com R3	`2022-05-18` - `2022-08-16`	3 months	crt.sh
*.googleusercontent.com GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
*.careermd.com Go Daddy Secure Certificate Authority - G2	`2022-04-11` - `2023-03-12`	a year	crt.sh
edgestatic.com GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-03-27` - `2023-03-27`	a year	crt.sh
www.questtrustcompany.com R3	`2022-05-21` - `2022-08-19`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://www.employees-portals.com/
Frame ID: 0452F7A5573BF0EBF02A8BAD89527F62
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

home Page | Page1

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Laravel (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Page Statistics

16
Requests

94 %
HTTPS

45 %
IPv6

11
Domains

12
Subdomains

11
IPs

2
Countries

1750 kB
Transfer

2734 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 9

https://sunysuffolk.edu/explore-academics/college-for-high-school-students/beacon-program/beacon-portal-registration-instructions/images/beacon-website-screenshot.png HTTP 301
https://www.sunysuffolk.edu/explore-academics/college-for-high-school-students/beacon-program/beacon-portal-registration-instructions/images/beacon-website-screenshot.png

16 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.employees-portals.com/ 25 KB
5 KB 628ms
208ms Document
text/html 207.244.235.129
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL

https://www.employees-portals.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

207.244.235.129 St Louis, United States, ASN40021 (CONTABO, US),

Reverse DNS

vmi929661.contaboserver.net

Software

nginx-rc /

Resource Hash

558d462549d84c97afa17807296a3bac1a1b83dbb9e01c63b92cec5d1b3ee9b7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private, must-revalidate
content-encoding: br
content-type: text/html; charset=UTF-8
date: Mon, 11 Jul 2022 10:38:09 GMT
expires: -1
pragma: no-cache
server: nginx-rc
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

GET
H2 200 all.min.js Show response
www.employees-portals.com/themes/DevBlog/assets/fontawesome/js/ 1 MB
409 KB 199ms
197ms Script
application/javascript 207.244.235.129
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL

https://www.employees-portals.com/themes/DevBlog/assets/fontawesome/js/all.min.js

Requested by

Host: www.employees-portals.com
URL: https://www.employees-portals.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

207.244.235.129 St Louis, United States, ASN40021 (CONTABO, US),

Reverse DNS

vmi929661.contaboserver.net

Software

nginx-rc /

Resource Hash

bb5d7f5d023603a9a95dad23d69d25d14a4edd9ba2313227194a9a4f62bd6564

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.employees-portals.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 11 Jul 2022 10:38:09 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Sat, 09 Jul 2022 09:43:19 GMT
server: nginx-rc
etag: W/"62c94db7-123dba"
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=2592000
vary: Accept-Encoding
x-xss-protection: 1; mode=block
expires: Wed, 10 Aug 2022 10:38:09 GMT

GET
H2 200 theme-1.css
www.employees-portals.com/themes/DevBlog/assets/css/ 178 KB
22 KB 199ms
198ms Stylesheet
text/css 207.244.235.129
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL

https://www.employees-portals.com/themes/DevBlog/assets/css/theme-1.css

Requested by

Host: www.employees-portals.com
URL: https://www.employees-portals.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

207.244.235.129 St Louis, United States, ASN40021 (CONTABO, US),

Reverse DNS

vmi929661.contaboserver.net

Software

nginx-rc /

Resource Hash

22281294f63f7dfaa7188fe6ca9357a28b9e2a66c4a74581d36f3bd4d39fa717

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.employees-portals.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 11 Jul 2022 10:38:09 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Sat, 09 Jul 2022 09:43:19 GMT
server: nginx-rc
etag: W/"62c94db7-2c840"
x-frame-options: SAMEORIGIN
content-type: text/css
cache-control: max-age=2592000
vary: Accept-Encoding
x-xss-protection: 1; mode=block
expires: Wed, 10 Aug 2022 10:38:09 GMT

GET
H2 200 profile.png
www.employees-portals.com/themes/DevBlog/assets/images/ 56 KB
56 KB 232ms
229ms Image
image/png 207.244.235.129
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.employees-portals.com/themes/DevBlog/assets/images/profile.png

Requested by

Host: www.employees-portals.com
URL: https://www.employees-portals.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

207.244.235.129 St Louis, United States, ASN40021 (CONTABO, US),

Reverse DNS

vmi929661.contaboserver.net

Software

nginx-rc /

Resource Hash

87c15ef693c07206e4b57ad6294158ff2a5393c816dafe5aa10bac9807fa1ad8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.employees-portals.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 11 Jul 2022 10:38:09 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Sat, 09 Jul 2022 09:43:19 GMT
server: nginx-rc
etag: W/"62c94db7-de5f"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=2592000
vary: Accept-Encoding
x-xss-protection: 1; mode=block
expires: Wed, 10 Aug 2022 10:38:09 GMT

GET
H2 200 CSUF-portals-300x183.jpg
csufportals.com/wp-content/uploads/2021/05/ 6 KB
7 KB 230ms
172ms Image
image/jpeg 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://csufportals.com/wp-content/uploads/2021/05/CSUF-portals-300x183.jpg
Requested by: Host: www.employees-portals.com
URL: https://www.employees-portals.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 159efa1a94ddab8c2f02ec4b55de2085c917659adac86b264f0569788592baac

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.employees-portals.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 11 Jul 2022 10:38:09 GMT
cf-cache-status: HIT
last-modified: Mon, 17 May 2021 22:08:49 GMT
server: cloudflare
etag: "60a2e971-195c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y7KR1D3BZy5PLmnALnCVuPaO9SoeD5hOk9AJkG51agrYdXuXuDCcqXACk49gZMW5kghOkilnIB49wheUiSiTOeFPTf6FqG%2BWH6rbBRQlDM%2BsePoBhVCqaBHgegD4vDRNXGDm9eynusTs3pyjtec%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=2592000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 7290e86cf85bbb62-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 6492

GET
H2 200 sf_employee_gateway_banner.jpg
sfgov.org/sfc/sites/default/files/Employee%20Gateway/ 46 KB
47 KB 396ms
114ms Image
image/jpeg 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sfgov.org/sfc/sites/default/files/Employee%20Gateway/sf_employee_gateway_banner.jpg

Requested by

Host: www.employees-portals.com
URL: https://www.employees-portals.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

14f385230e0d4048923c8d7519b9e8385c8928ea603beb5eaaa1ef33a188c9ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.employees-portals.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
etag: "5e130d33-b97b"
age: 134619
x-pantheon-styx-hostname: styx-fe2-a-c84d4fcb-4fljp
x-cache: HIT, MISS, MISS
x-cloud-trace-context: afe6ece980744513ac3d6edf7eb6b7e6/678653356397267123;o=0
content-length: 47483
x-served-by: cache-mdw17358-MDW, cache-hhn4022-HHN, cache-hhn4035-HHN
last-modified: Mon, 06 Jan 2020 10:34:27 GMT
server: nginx
traceparent: 00-afe6ece980744513ac3d6edf7eb6b7e6-096b0fa1c9af88b3-00
x-timer: S1657535890.659010,VS0,VE108
date: Mon, 11 Jul 2022 10:38:09 GMT
content-type: image/jpeg
x-styx-req-id: 499fdf2b-e71b-11ec-bed6-d28cca7ddd64
expires: Fri, 09 Jun 2023 11:08:12 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-cache-hits: 1, 0, 0

GET
H/1.1 200
OK n-next-employee-portal-login-n.jpg
s3.us-west-1.wasabisys.com/portalgodcom/ 5 KB
5 KB 602ms
153ms Image
image/jpeg 38.146.40.53
BLUEARCHIVE-ZONE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3.us-west-1.wasabisys.com/portalgodcom/n-next-employee-portal-login-n.jpg
Requested by: Host: www.employees-portals.com
URL: https://www.employees-portals.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 38.146.40.53 , United States, ASN395717 (BLUEARCHIVE-ZONE-1, US),
Reverse DNS
Software: WasabiS3/7.5.1035-2022-06-08-c4b39686a7 (head09) /
Resource Hash: 97d866a5a476aed23d20c9a8b45fe15b4c48c84d535b8db96dc9fe77f7cc0264

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.employees-portals.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Mon, 11 Jul 2022 10:38:09 GMT
Last-Modified: Wed, 09 Dec 2020 01:15:53 GMT
Server: WasabiS3/7.5.1035-2022-06-08-c4b39686a7 (head09)
x-amz-request-id: 6E3C932A7E36F538
ETag: "e74479468cbecade52a43365fed5817b"
Content-Type: image/jpeg
Accept-Ranges: bytes
Content-Length: 4949
x-amz-id-2: 2H8Ga/DavpPWO6AU53FOx4gMigEhgRivBNeMzB3wb7hmmF0sqn6K/xbusKVu0QNz41nP3NmX5Mgy

GET
H/1.1 200
OK og_cta_default.png
www.transitchicago.com/assets/1/6/ 12 KB
12 KB 981ms
839ms Image
image/png 104.122.25.97
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.transitchicago.com/assets/1/6/og_cta_default.png
Requested by: Host: www.employees-portals.com
URL: https://www.employees-portals.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.122.25.97 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-122-25-97.deploy.static.akamaitechnologies.com
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: d001dad94566e0f310fb49ca5d83679963af7a97eaaf4ab4c89a6a4415231442

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.employees-portals.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Mon, 11 Jul 2022 10:38:10 GMT
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Content-Type: image/png
Expires: Mon, 11 Jul 2022 10:43:10 GMT
Cache-Control: public, max-age=300
Connection: keep-alive
Content-Length: 11843
X-UA-Compatible: IE=edge,chrome=1

GET
H2 200 PM_XGQSKYqzEjc_4tZ68GDoPToTMZxnvpHNyiyxJ0jEkjaAA-2frjEjrfjfClNVurMw=w720-h310
lh3.googleusercontent.com/ 14 KB
14 KB 439ms
345ms Image
image/jpeg 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/PM_XGQSKYqzEjc_4tZ68GDoPToTMZxnvpHNyiyxJ0jEkjaAA-2frjEjrfjfClNVurMw=w720-h310

Requested by

Host: www.employees-portals.com
URL: https://www.employees-portals.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

d145c7667b690f4c0f747536e9fb9e67eadc3c6a84aadbbac14d3f670117439b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.employees-portals.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 11 Jul 2022 10:38:09 GMT
x-content-type-options: nosniff
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14112
x-xss-protection: 0
expires: Tue, 12 Jul 2022 10:38:09 GMT

GET
H2 200 Huntsville%20Hospital%20Health%20System%20-%20244441451.jpg
www.careermd.com/employers/uploadedlogos/ 399 KB
399 KB 367ms
109ms Image
image/jpeg 3.18.93.174
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.careermd.com/employers/uploadedlogos/Huntsville%20Hospital%20Health%20System%20-%20244441451.jpg

Requested by

Host: www.employees-portals.com
URL: https://www.employees-portals.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

3.18.93.174 Columbus, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-18-93-174.us-east-2.compute.amazonaws.com

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

a4e225e1f8be3193eaaab991c5957af4ebbeec350abefbd244a78935d2b04914

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.employees-portals.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Sat, 30 Jun 2018 13:48:16 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
etag: "ebfb6dff7810d41:0"
content-type: image/jpeg
date: Mon, 11 Jul 2022 10:38:49 GMT
accept-ranges: bytes
content-length: 408443

GET
H/1.1

200
OK

beacon-website-screenshot.png
www.sunysuffolk.edu/explore-academics/college-for-high-school-students/beacon-program/beacon-portal-registration-instructions/images/
Redirect Chain

https://sunysuffolk.edu/explore-academics/college-for-high-school-students/beacon-program/beacon-portal-registration-instructions/images/beacon-website-screenshot.png
https://www.sunysuffolk.edu/explore-academics/college-for-high-school-students/beacon-program/beacon-portal-registration-instructions/images/beacon-website-screenshot.png

361 KB
361 KB

376ms
91ms

Image
image/png

198.72.10.5
LIGHTOWER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sunysuffolk.edu/explore-academics/college-for-high-school-students/beacon-program/beacon-portal-registration-instructions/images/beacon-website-screenshot.png

Requested by

Host: www.employees-portals.com
URL: https://www.employees-portals.com/

Protocol

HTTP/1.1

Server

198.72.10.5 Kings Park, United States, ASN46887 (LIGHTOWER, US),

Reverse DNS

webprod.sunysuffolk.edu

Software

Apache /

Resource Hash

aed40f80c83629580eeba76a847480ccda244152396751ac30e1b662c4cf6389

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: http:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: http:; style-src 'self' 'unsafe-inline' https: http:; img-src 'self' data: https: http:; frame-ancestors 'self' https://www.suny.edu http://a.cms.omniupdate.com; reflected-xss block;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.employees-portals.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Security-Policy: default-src 'self' https: http:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: http:; style-src 'self' 'unsafe-inline' https: http:; img-src 'self' data: https: http:; frame-ancestors 'self' https://www.suny.edu http://a.cms.omniupdate.com; reflected-xss block;
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Wed, 16 Sep 2020 14:09:00 GMT
Server: Apache
ETag: "e405a-5a2e4-5af6ecf2c7596"
Content-Type: image/png
Access-Control-Allow-Origin: *
Date: Mon, 11 Jul 2022 10:38:09 GMT
X-Content-Type-Options: nosniff
Connection: close
Accept-Ranges: bytes
Content-Length: 369380
X-Xss-Protection: 1; mode=block

Redirect headers

Date: Mon, 11 Jul 2022 10:38:09 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=iso-8859-1
Location: https://www.sunysuffolk.edu/explore-academics/college-for-high-school-students/beacon-program/beacon-portal-registration-instructions/images/beacon-website-screenshot.png
Connection: close
Content-Length: 283

GET
H2 200 maxresdefault.jpg
i.ytimg.com/vi/GYu4YKm0pBg/ 43 KB
44 KB 190ms
96ms Image
image/jpeg 2a00:1450:4001:812::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi/GYu4YKm0pBg/maxresdefault.jpg

Requested by

Host: www.employees-portals.com
URL: https://www.employees-portals.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3db23014efaca13903bd70791b9e9c0b0b321ab50abed6c3d582c91c2dab675f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.employees-portals.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 11 Jul 2022 10:38:09 GMT
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44246
x-xss-protection: 0
server: sffe
etag: "0"
vary: Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: image/jpeg
cache-control: public, max-age=7200
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Mon, 11 Jul 2022 12:38:09 GMT

GET
H2 200 1350467_1621458038_441427.jpeg
www.addresources.org/uploads/ 8 KB
8 KB 183ms
129ms Image
image/jpeg 2606:4700:3031::6815:1477
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.addresources.org/uploads/1350467_1621458038_441427.jpeg
Requested by: Host: www.employees-portals.com
URL: https://www.employees-portals.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::6815:1477 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d120f9f9a6da94d93456740253e22e3595c628868ebc9125090dcff81e4b51c6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.employees-portals.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 11 Jul 2022 10:38:09 GMT
cf-cache-status: HIT
last-modified: Wed, 19 May 2021 21:00:38 GMT
server: cloudflare
etag: "60a57c76-1e00"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NjXWt1zpVNtrw7kRClvfJullq%2BzaljW6FgBKD%2Bf1xz1dc4DQCLRMblnyd8iPLZjjyfDf2Fwu1v8UlLk1XYhpfVapEHSqqzPL0EJDD7%2FRC7HAsKFaQ7RtF%2FVCk8orSLWyNRWqFZcdodr%2Bg8i1HD%2BZQGAjWQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=2678400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 7290e86cfcd59134-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 7680

GET
H2 200 secure-upload.png
www.questtrustcompany.com/wp-content/uploads/2021/07/ 338 KB
339 KB 427ms
175ms Image
image/png 45.79.189.31
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.questtrustcompany.com/wp-content/uploads/2021/07/secure-upload.png
Requested by: Host: www.employees-portals.com
URL: https://www.employees-portals.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 45.79.189.31 Cedar Knolls, United States, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS: li1288-31.members.linode.com
Software: Flywheel/4.1.0 /
Resource Hash: 94a3920934f3647f1bd52b77aa5537bdb28afb6d1c7024dd1b921915e3c7ef3b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.employees-portals.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

x-fw-static: YES
date: Mon, 11 Jul 2022 10:38:09 GMT
x-cacheable: NO:Not Cacheable
x-fw-server: Flywheel/4.1.0
x-cache: MISS
content-length: 346193
x-fw-type: VISIT
pragma: public
last-modified: Tue, 20 Jul 2021 09:20:06 GMT
server: Flywheel/4.1.0
etag: "60f69546-54851"
x-fw-hash: 4aembek1jq
content-type: image/png
x-fw-serve: TRUE
cache-control: max-age=2592000, public
accept-ranges: bytes

GET
H2 200 popper.min.js Show response
www.employees-portals.com/themes/DevBlog/assets/plugins/ 18 KB
7 KB 232ms
228ms Script
application/javascript 207.244.235.129
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL

https://www.employees-portals.com/themes/DevBlog/assets/plugins/popper.min.js

Requested by

Host: www.employees-portals.com
URL: https://www.employees-portals.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

207.244.235.129 St Louis, United States, ASN40021 (CONTABO, US),

Reverse DNS

vmi929661.contaboserver.net

Software

nginx-rc /

Resource Hash

dd1617feba063690e3bf1621308e1af67c6cabcdb2602e5a1df3a14b02b94d05

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.employees-portals.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 11 Jul 2022 10:38:09 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Sat, 09 Jul 2022 09:43:19 GMT
server: nginx-rc
etag: W/"62c94db7-487a"
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=2592000
vary: Accept-Encoding
x-xss-protection: 1; mode=block
expires: Wed, 10 Aug 2022 10:38:09 GMT

GET
H2 200 bootstrap.min.js Show response
www.employees-portals.com/themes/DevBlog/assets/plugins/bootstrap/js/ 59 KB
15 KB 232ms
229ms Script
application/javascript 207.244.235.129
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL

https://www.employees-portals.com/themes/DevBlog/assets/plugins/bootstrap/js/bootstrap.min.js

Requested by

Host: www.employees-portals.com
URL: https://www.employees-portals.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

207.244.235.129 St Louis, United States, ASN40021 (CONTABO, US),

Reverse DNS

vmi929661.contaboserver.net

Software

nginx-rc /

Resource Hash

5c36e28c9a7bd864b673e223db7e1934923227536ffbdf871f58b6f09b9ac8c9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.employees-portals.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 11 Jul 2022 10:38:09 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Sat, 09 Jul 2022 09:43:19 GMT
server: nginx-rc
etag: W/"62c94db7-eab9"
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=2592000
vary: Accept-Encoding
x-xss-protection: 1; mode=block
expires: Wed, 10 Aug 2022 10:38:09 GMT

Verdicts & Comments Add Verdict or Comment

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			www.employees-portals.com/	1970-01-20 04:25:43	Name: XSRF-TOKEN Value: eyJpdiI6IlplN2hxZkJjQ0dwcjNXRWhFU25oT1E9PSIsInZhbHVlIjoieW9rNGE0QXYrYWg5MnZWSUJHMWRRemNsd1M4elZnaEcrZVFLSjRwWVBVK0dsQWM4Vk9TN0JkNkdYVytwZlh6cmp4ckVPaVZiOHF4VmNJL3d5d0NvZ2QrYXBKc0syeFJtMk8ycGRhZUR6ZFByNE41dDNWdDRuc1pBUW94MFRzUHgiLCJtYWMiOiJjMjU2NDNmYjk2NGE4NzAyMmU1YTI5M2U5NjAzN2IzZjYxMDUyMDNjYjUzZmIxYmYwNzA1NGMxYTlmNTdhNjc1IiwidGFnIjoiIn0%3D
			www.employees-portals.com/	1970-01-20 04:25:43	Name: laravel_session Value: eyJpdiI6IkVsQ0JJaG50a09aR1ZBWUNFTTd0bUE9PSIsInZhbHVlIjoib29tMXZWczZkbkVhNjYyemU4dHI0MFU5MW9XRVBzaThFR2NGdGpJelJUVU9IMlZSajVjcWg2c2Z1TlBmenNDWElNWldHZGRXd1BXWEtGNENVN3ovMWdoRGhtYWNUd2N0U0ZzY2JuR01UN3RuVURyY1d2R25NbTZIS0tnM2kwK1IiLCJtYWMiOiI0Njg1YTQ4OTg1NjBmZTU5OWE4YTQzOWM3NTU5YWY0ZWUxNDY1MDgwY2Y2Yzc5OTJlMTIyYTIzY2RhNzY0ZDg3IiwidGFnIjoiIn0%3D

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	URL: https://www.employees-portals.com/ Message: Mixed Content: The page at 'https://www.employees-portals.com/' was loaded over HTTPS, but requested an insecure element 'http://www.transitchicago.com/assets/1/6/og_cta_default.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://www.employees-portals.com/(Line 281) Message: Mixed Content: The page at 'https://www.employees-portals.com/' was loaded over HTTPS, but requested an insecure element 'http://www.transitchicago.com/assets/1/6/og_cta_default.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

csufportals.com
i.ytimg.com
lh3.googleusercontent.com
s3.us-west-1.wasabisys.com
sfgov.org
sunysuffolk.edu
www.addresources.org
www.careermd.com
www.employees-portals.com
www.questtrustcompany.com
www.sunysuffolk.edu
www.transitchicago.com
104.122.25.97
198.72.10.5
207.244.235.129
2606:4700:3031::6815:1477
2a00:1450:4001:801::2001
2a00:1450:4001:812::2016
2a04:4e42:400::645
2a06:98c1:3121::3
3.18.93.174
38.146.40.53
45.79.189.31
14f385230e0d4048923c8d7519b9e8385c8928ea603beb5eaaa1ef33a188c9ca
159efa1a94ddab8c2f02ec4b55de2085c917659adac86b264f0569788592baac
22281294f63f7dfaa7188fe6ca9357a28b9e2a66c4a74581d36f3bd4d39fa717
3db23014efaca13903bd70791b9e9c0b0b321ab50abed6c3d582c91c2dab675f
558d462549d84c97afa17807296a3bac1a1b83dbb9e01c63b92cec5d1b3ee9b7
5c36e28c9a7bd864b673e223db7e1934923227536ffbdf871f58b6f09b9ac8c9
87c15ef693c07206e4b57ad6294158ff2a5393c816dafe5aa10bac9807fa1ad8
94a3920934f3647f1bd52b77aa5537bdb28afb6d1c7024dd1b921915e3c7ef3b
97d866a5a476aed23d20c9a8b45fe15b4c48c84d535b8db96dc9fe77f7cc0264
a4e225e1f8be3193eaaab991c5957af4ebbeec350abefbd244a78935d2b04914
aed40f80c83629580eeba76a847480ccda244152396751ac30e1b662c4cf6389
bb5d7f5d023603a9a95dad23d69d25d14a4edd9ba2313227194a9a4f62bd6564
d001dad94566e0f310fb49ca5d83679963af7a97eaaf4ab4c89a6a4415231442
d120f9f9a6da94d93456740253e22e3595c628868ebc9125090dcff81e4b51c6
d145c7667b690f4c0f747536e9fb9e67eadc3c6a84aadbbac14d3f670117439b
dd1617feba063690e3bf1621308e1af67c6cabcdb2602e5a1df3a14b02b94d05

www.employees-portals.com Open in urlscan Pro 207.244.235.129 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

16 Requests

94 %HTTPS

45 %IPv6

11 Domains

12 Subdomains

11 IPs

2 Countries

1750 kBTransfer

2734 kBSize

2 Cookies

0 Outgoing links

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

14 JavaScript Global Variables

2 Cookies

2 Console Messages

Security Headers

Indicators

www.employees-portals.com Open in urlscan Pro
207.244.235.129 Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

94 %
HTTPS

45 %
IPv6

11
Domains

12
Subdomains

11
IPs

2
Countries

1750 kB
Transfer

2734 kB
Size

2
Cookies

16 HTTP transactions
0 data transactions