pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev Open in urlscan Pro
2606:4700::6812:223 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://t.co/wPoeqzDDLo?aron.murphy
Effective URL:
https://pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev/Employment%20Hero.html
Submission: On August 26 via manual (August 26th 2024, 12:03:00 am UTC) from AU — Scanned from GB

Summary HTTP 21 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 11 IPs in 4 countries across 8 domains to perform 21 HTTP transactions. The main IP is 2606:4700::6812:223, located in United States and belongs to CLOUDFLARENET, US. The main domain is pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev.
TLS certificate: Issued by E6 on August 1st 2024. Valid for: 3 months.

This is the only time pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Cloudflare (Online)

Domain & IP information

	IP Address	AS Autonomous System
1	93.184.221.165 93.184.221.165	15133 (EDGECAST) (EDGECAST)
1 8	2606:4700::68... 2606:4700::6812:223	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:275... 2600:9000:275b:fa00:17:62f0:2dc0:93a1	16509 (AMAZON-02) (AMAZON-02)
3	2a00:1450:400... 2a00:1450:4001:828::200e	15169 (GOOGLE) (GOOGLE)
1	54.231.170.129 54.231.170.129	16509 (AMAZON-02) (AMAZON-02)
1	104.18.72.113 104.18.72.113	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:812::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:830::2008	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
4	54.243.14.195 54.243.14.195	14618 (AMAZON-AES) (AMAZON-AES)
21	11

1 93.184.221.165 (London, United Kingdom)

ASN15133 (EDGECAST, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2606:4700::6812:223 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:275b:fa00:17:62f0:2dc0:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.raygun.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:828::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.231.170.129 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1-w.amazonaws.com

keypay-prod.s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.72.113 (None, )

ASN13335 (CLOUDFLARENET, US)

static.zdassets.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 54.243.14.195 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-243-14-195.compute-1.amazonaws.com

api.raygun.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	r2.dev 1 redirects pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev	6 MB
5	raygun.io cdn.raygun.io — Cisco Umbrella Rank: 19857 api.raygun.io — Cisco Umbrella Rank: 10372	23 KB
4	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 104 region1.google-analytics.com — Cisco Umbrella Rank: 3123	21 KB
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 112	95 KB
1	gstatic.com www.gstatic.com	210 KB
1	zdassets.com static.zdassets.com — Cisco Umbrella Rank: 3854	72 KB
1	amazonaws.com keypay-prod.s3.amazonaws.com	871 KB
1	t.co t.co — Cisco Umbrella Rank: 979	593 B
21	8

	Domain	Requested by
8	pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev	1 redirects t.co pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev
4	api.raygun.io	cdn.raygun.io pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev
3	www.google-analytics.com	pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev cdn.raygun.io
1	region1.google-analytics.com	pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev
1	www.googletagmanager.com	pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev
1	www.gstatic.com	pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev
1	static.zdassets.com	pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev
1	keypay-prod.s3.amazonaws.com	pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev
1	cdn.raygun.io	pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev
1	t.co
21	10

This site contains links to these domains. Also see Links.

Domain
employmenthero.com

Subject Issuer	Validity	Valid
t.co DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-05-08` - `2025-05-07`	a year	crt.sh
*.r2.dev E6	`2024-08-01` - `2024-10-30`	3 months	crt.sh
*.raygun.io Amazon RSA 2048 M02	`2024-08-11` - `2025-09-09`	a year	crt.sh
*.google-analytics.com WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
*.s3.amazonaws.com Amazon RSA 2048 M01	`2024-04-22` - `2025-04-07`	a year	crt.sh
zdassets.com E6	`2024-06-29` - `2024-09-27`	3 months	crt.sh
*.gstatic.com WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev/Employment%20Hero.html
Frame ID: ABF6345A96DECA60B621D183B0CDBCBE
Requests: 23 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Employment Hero

Page URL History Show full URLs

https://t.co/wPoeqzDDLo?aron.murphy Page URL
https://pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev/Employment%20Hero.html Page URL
https://pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev/cdn-cgi/phish-bypass?atok=G85uYhlrBwcTIsVYu5JCZDbQrFtnWuLxohULdWMMjpY-172463... HTTP 301
https://pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev/Employment%20Hero.html Page URL

Detected technologies

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Page Statistics

21
Requests

100 %
HTTPS

60 %
IPv6

8
Domains

10
Subdomains

11
IPs

4
Countries

7564 kB
Transfer

8310 kB
Size

7
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://employmenthero.com/upgrade/
Title: Request an Employment Hero Payroll Demo

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://t.co/wPoeqzDDLo?aron.murphy Page URL
https://pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev/Employment%20Hero.html Page URL
https://pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev/cdn-cgi/phish-bypass?atok=G85uYhlrBwcTIsVYu5JCZDbQrFtnWuLxohULdWMMjpY-1724630568-0.0.1.1-%2FEmployment%2520Hero.html HTTP 301
https://pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev/Employment%20Hero.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

21 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 wPoeqzDDLo Show response
t.co/ 377 B
593 B 214ms
145ms Document
text/html 93.184.221.165
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://t.co/wPoeqzDDLo?aron.murphy

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

93.184.221.165 London, United Kingdom, ASN15133 (EDGECAST, US),

Reverse DNS

Software

tsa_f /

Resource Hash

5ae30a85d9080b40f8867eedad78c78881313bad3addce1b1fdaece00367e86f

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

cache-control: private,max-age=300
content-encoding: gzip
content-length: 222
content-type: text/html; charset=utf-8
date: Mon, 26 Aug 2024 00:02:48 GMT
expires: Mon, 26 Aug 2024 00:07:48 GMT
perf: 7402827104
server: tsa_f
strict-transport-security: max-age=0
vary: Origin
x-connection-hash: 57df2f473920e08d414943aa13c532c470da83b6edf3ba6bb83e60cf9f22e33c
x-response-time: 117
x-transaction-id: 162605063f2a77b8
x-xss-protection: 0

GET
H/1.1 200
OK Employment%20Hero.html Show response
pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev/ 4 KB
5 KB 94ms
29ms Document
text/html 2606:4700::6812:223
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev/Employment%20Hero.html

Requested by

Host: t.co
URL: https://t.co/wPoeqzDDLo?aron.murphy

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:223 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0951656ac6eb37e69635c3477906023b2e5277bcc0534e70902b4eb8e56edc0a

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://t.co/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

CF-RAY: 8b8f8e1c4c9f775c-LHR
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Date: Mon, 26 Aug 2024 00:02:48 GMT
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN

GET
H/1.1 200
OK cf.errors.css
pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev/cdn-cgi/styles/ 23 KB
5 KB 26ms
26ms Stylesheet
text/css 2606:4700::6812:223
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev/cdn-cgi/styles/cf.errors.css

Requested by

Host: pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev
URL: https://pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev/Employment%20Hero.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:223 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev/Employment%20Hero.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date: Mon, 26 Aug 2024 00:02:48 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Wed, 21 Aug 2024 12:07:35 GMT
Server: cloudflare
ETag: W/"66c5d887-5df3"
Transfer-Encoding: chunked
X-Frame-Options: DENY
Content-Type: text/css
Vary: Accept-Encoding
Cache-Control: max-age=7200, public
Connection: keep-alive
CF-RAY: 8b8f8e1c8cc4775c-LHR
Expires: Mon, 26 Aug 2024 02:02:48 GMT

GET
H/1.1 200
OK icon-exclamation.png
pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev/cdn-cgi/images/ 452 B
889 B 27ms
27ms Image
image/png 2606:4700::6812:223
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev/cdn-cgi/images/icon-exclamation.png?1376755637

Requested by

Host: pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev
URL: https://pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev/cdn-cgi/styles/cf.errors.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:223 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev/cdn-cgi/styles/cf.errors.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date: Mon, 26 Aug 2024 00:02:48 GMT
X-Content-Type-Options: nosniff
Last-Modified: Wed, 21 Aug 2024 12:07:35 GMT
Server: cloudflare
ETag: "66c5d887-1c4"
X-Frame-Options: DENY
Vary: Accept-Encoding
Content-Type: image/png
Cache-Control: max-age=7200, public
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 8b8f8e1cbcdc775c-LHR
Content-Length: 452
Expires: Mon, 26 Aug 2024 02:02:48 GMT

GET
H/1.1 404
Not Found favicon.ico
pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev/ 27 KB
27 KB 896ms
896ms Other
text/html 2606:4700::6812:223
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev/favicon.ico
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:223 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9eb52ee46c7ab5ea4ca0982415da99fded1b7d7354f75e50847bdae6cb44eb66

Request headers

Referer: https://pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev/Employment%20Hero.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date: Mon, 26 Aug 2024 00:02:49 GMT
Server: cloudflare
Connection: keep-alive
CF-RAY: 8b8f8e1cecfd775c-LHR
Content-Length: 27150
Vary: Accept-Encoding
Content-Type: text/html

GET
H/1.1

200
OK

Primary Request Employment%20Hero.html Show response
pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev/
Redirect Chain

https://pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev/cdn-cgi/phish-bypass?atok=G85uYhlrBwcTIsVYu5JCZDbQrFtnWuLxohULdWMMjpY-1724630568-0.0.1.1-%2FEmployment%2520Hero.html
https://pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev/Employment%20Hero.html

6 MB
6 MB

1248ms
1248ms

Document
text/html

2606:4700::6812:223
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev/Employment%20Hero.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:223 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d5d55c21610b8e57b991f54ba4c6554859cac96d3f248cc03aab52110679b24c

Request headers

Referer: https://pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev/Employment%20Hero.html
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Accept-Ranges: bytes
CF-RAY: 8b8f8e357eff775c-LHR
Connection: keep-alive
Content-Length: 6340241
Content-Type: text/html
Date: Mon, 26 Aug 2024 00:02:53 GMT
ETag: "016b1aaf05ffcf4ed0ee7562fbba0b02"
Last-Modified: Mon, 19 Aug 2024 10:12:31 GMT
Server: cloudflare
Vary: Accept-Encoding

Redirect headers

CF-RAY: 8b8f8e354ee0775c-LHR
Cache-Control: private, no-cache
Connection: keep-alive
Content-Length: 167
Content-Type: text/html
Date: Mon, 26 Aug 2024 00:02:52 GMT
Location: https://pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev/Employment%20Hero.html
Server: cloudflare
X-Content-Type-Options: nosniff
X-Frame-Options: DENY

GET
DATA 200
OK truncated
/ 0
0 Stylesheet
text/css

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Content-Type: text/css

GET
H2 200 raygun.min.js Show response
cdn.raygun.io/raygun4js/ 71 KB
23 KB 125ms
43ms Script
application/javascript 2600:9000:275b:fa00:17:62f0:2dc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.raygun.io/raygun4js/raygun.min.js
Requested by: Host: pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev
URL: https://pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev/Employment%20Hero.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:275b:fa00:17:62f0:2dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ed642c6b25aa07aac326cf44d71e974c830e68a7b67c0546859f5294f17e93aa

Request headers

Referer: https://pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 25 Aug 2024 01:54:00 GMT
content-encoding: gzip
via: 1.1 d0a36dbd6f5cc87855296f2852cab3ec.cloudfront.net (CloudFront)
last-modified: Tue, 20 Aug 2024 23:36:09 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P7
age: 79735
x-amz-server-side-encryption: AES256
etag: W/"b60d592b2a32163c27122bcda89420dd"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: ZS_BpAsVoWjxELsBcGOZtJHK-gE0_UfPNv7JrmqDBNE_zczgS1LLUQ==

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1324606aaf8ef53ee67674b67a926e754e097d6ddf96ef40affab18c8390e8f9

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 42 KB
42 KB Font
font/woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: deb5f91849b497278d28ee1a2691dc4a31d3327f4d456c362d926b2a075da281

Request headers

Referer
Origin: https://pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Content-Type: font/woff2

GET
H/1.1 404
Not Found 6.97f2a79891426448f070.chunk.js
pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev/Scripts/bundle/ 0
0 376ms
330ms Script
text/html 2606:4700::6812:223
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev/Scripts/bundle/6.97f2a79891426448f070.chunk.js
Requested by: Host: pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev
URL: https://pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev/Employment%20Hero.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:223 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev/Employment%20Hero.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date: Mon, 26 Aug 2024 00:02:55 GMT
Server: cloudflare
Connection: keep-alive
CF-RAY: 8b8f8e457a70775c-LHR
Content-Length: 27150
Vary: Accept-Encoding
Content-Type: text/html

GET
H/1.1 404
Not Found 3.350d69f6813bc46a4960.chunk.js
pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev/Scripts/bundle/ 0
0 310ms
295ms Script
text/html 2606:4700::6812:223
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev/Scripts/bundle/3.350d69f6813bc46a4960.chunk.js
Requested by: Host: pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev
URL: https://pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev/Employment%20Hero.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:223 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev/Employment%20Hero.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date: Mon, 26 Aug 2024 00:02:55 GMT
Server: cloudflare
Connection: keep-alive
CF-RAY: 8b8f8e45785494a2-LHR
Content-Length: 27150
Vary: Accept-Encoding
Content-Type: text/html

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 111ms
35ms Script
text/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev
URL: https://pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev/Employment%20Hero.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Sun, 25 Aug 2024 22:40:40 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 4935
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Mon, 26 Aug 2024 00:40:40 GMT

GET
H/1.1 200
OK AI_Image.png
keypay-prod.s3.amazonaws.com/content/22/24/ 871 KB
871 KB 357ms
129ms Image
image/png 54.231.170.129
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://keypay-prod.s3.amazonaws.com/content/22/24/AI_Image.png
Requested by: Host: pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev
URL: https://pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev/Employment%20Hero.html
Protocol: HTTP/1.1
Security: TLS 1.3, , CHACHA20_POLY1305
Server: 54.231.170.129 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: 8f96948e1b11ccc972ff1c1285a00d910ae39f971579c747506f51927605b49a

Request headers

Referer: https://pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date: Mon, 26 Aug 2024 00:02:56 GMT
Last-Modified: Sun, 19 Sep 2021 06:05:45 GMT
Server: AmazonS3
x-amz-request-id: E3MXNCSS9Z9DFDMP
ETag: "4ff911771a4dc1609fc9939fe8eb7c6d"
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 892008
x-amz-id-2: ZYEUcRaclnnoVxiXR6j4k4qupMGSHIeAduukwP1bepkNN8xnbc+fw3Erbht4QXMWnkNz77DLIno=

POST
H2 200 collect Show response
www.google-analytics.com/j/ 3 B
228 B 135ms
67ms XHR
text/plain 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=192257392&t=pageview&_s=1&dl=https%3A%2F%2Fpub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev%2FEmployment%2520Hero.html&ul=en-gb&de=UTF-8&dt=Employment%20Hero&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=KGDACEABFAAAACAAIC~&jid=1506427336&gjid=281663621&cid=258829996.1724630575&tid=UA-30174872-1&_gid=1010014765.1724630575&_r=1&_slc=1&z=1616748521

Requested by

Host: cdn.raygun.io
URL: https://cdn.raygun.io/raygun4js/raygun.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 26 Aug 2024 00:02:55 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 15 B
83 B 136ms
68ms XHR
text/plain 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=192257392&t=pageview&_s=1&dl=https%3A%2F%2Fpub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev%2FEmployment%2520Hero.html&ul=en-gb&de=UTF-8&dt=Employment%20Hero&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=KGDACEABFAAAACAAIC~&jid=1342826506&gjid=2147284192&cid=258829996.1724630575&tid=UA-30181625-1&_gid=1010014765.1724630575&_r=1&_slc=1&z=915710386

Requested by

Host: cdn.raygun.io
URL: https://cdn.raygun.io/raygun4js/raygun.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

ab8066daf198884db5a39ef05b687f44f1055fb16a10a392f55866f6aa61b4c9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 26 Aug 2024 00:02:55 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sentry-browser.min.js Show response
static.zdassets.com/ekr/ 225 KB
72 KB 102ms
46ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/ekr/sentry-browser.min.js

Requested by

Host: pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev
URL: https://pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev/Employment%20Hero.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aafb0a1fdbd778a20d4dca3075e834cfe92e7ed61efdc41f2f6a482a56c24e9d

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 26 Aug 2024 00:02:55 GMT
x-amz-version-id: et_7zSzcG0RZsQJ2wJIk4b1MB7PxcBmI
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: SY2GK2DTNR1KF8FD
age: 1911
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: PJPoOMfg7wofY4N0zhuR9IbriCkW75NNHmSQJEpEBEg82I858xn+1jGL+zkU0GQ80yYirr7rk0g+ryE8g9ERxE5idAjmCKVy
last-modified: Thu, 08 Aug 2024 15:49:46 GMT
server: cloudflare
etag: W/"4459b4cc3124ad60acd6fc2293b23c85"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y2M98IID%2Bnn5GDT4F%2FIVaXJAzC7H1HGZ99MC5CtoOzAJU9EFfqPeggXGHFneh%2FXY3sYheImtTm38jCcBaaBH5Beu%2F0x5sWKqYVfu1c3cc0qRC4nTkRzOERxfiCcjjR9l8SPFf8c%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=3600
access-control-max-age: 0
cf-ray: 8b8f8e480c066373-LHR
access-control-allow-headers: *

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/hfUfsXWZFeg83qqxrK27GB8P/ 531 KB
210 KB 113ms
36ms Script
text/javascript 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/hfUfsXWZFeg83qqxrK27GB8P/recaptcha__en.js

Requested by

Host: pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev
URL: https://pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev/Employment%20Hero.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e96a5e1e04ee3d7ffd8118f853ec2c0bcbf73b571cfa1c710238557baf5dd896

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev/
Origin: https://pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 22 Aug 2024 00:22:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 344414
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 214556
x-xss-protection: 0
last-modified: Mon, 29 Jul 2024 04:00:39 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 22 Aug 2025 00:22:41 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 267 KB
95 KB 131ms
52ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-C7CFC23K8T&cx=c&_slc=1

Requested by

Host: pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev
URL: https://pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev/Employment%20Hero.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

66df34d9a6ecbc0462a490b701e33901073f71c916c4da1cedaa502a277cefbb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 26 Aug 2024 00:02:55 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 96498
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 26 Aug 2024 00:02:55 GMT

POST
H2 204 collect Show response
region1.google-analytics.com/g/ 0
265 B 97ms
31ms Fetch
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-C7CFC23K8T&gtm=45je48l0v9135633108za200&_p=1724630575443&gcd=13l3l3l3l2l1&npa=0&dma=0&tag_exp=0&ul=en-gb&sr=1600x1200&cid=258829996.1724630575&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=ABAI&_s=1&dl=https%3A%2F%2Fpub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev%2FEmployment%2520Hero.html&dt=Employment%20Hero&sid=1724630575&sct=1&seg=0&en=page_view&_fv=1&_ss=1&_ee=1&tfd=3325
Requested by: Host: pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev
URL: https://pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev/Employment%20Hero.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 26 Aug 2024 00:02:55 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

OPTIONS
H2 200 ping
api.raygun.io/ 0
0 294ms
95ms Preflight 54.243.14.195
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.raygun.io/ping?apiKey=KqlVWfStpb7VvH2AcA%2FOqg%3D%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.243.14.195 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-243-14-195.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: Accept, Content-Type, X-ApiKey, content-type
access-control-allow-methods: OPTIONS, GET, POST, HEAD
access-control-allow-origin: *
allow: OPTIONS, GET, POST, HEAD
content-length: 0
date: Mon, 26 Aug 2024 00:02:56 GMT

POST
H2 202 entries Show response
api.raygun.io/ 2 B
97 B 389ms
186ms XHR
application/json 54.243.14.195
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.raygun.io/entries?apikey=KqlVWfStpb7VvH2AcA%2FOqg%3D%3D
Requested by: Host: cdn.raygun.io
URL: https://cdn.raygun.io/raygun4js/raygun.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.243.14.195 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-243-14-195.compute-1.amazonaws.com
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Referer: https://pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Mon, 26 Aug 2024 00:02:56 GMT
content-length: 2
content-type: application/json

POST
H2 202 entries Show response
api.raygun.io/ 2 B
97 B 390ms
185ms XHR
application/json 54.243.14.195
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.raygun.io/entries?apikey=KqlVWfStpb7VvH2AcA%2FOqg%3D%3D
Requested by: Host: cdn.raygun.io
URL: https://cdn.raygun.io/raygun4js/raygun.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.243.14.195 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-243-14-195.compute-1.amazonaws.com
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Referer: https://pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Mon, 26 Aug 2024 00:02:56 GMT
content-length: 2
content-type: application/json

POST
H2 202 ping Show response
api.raygun.io/ 2 B
97 B 98ms
97ms Fetch
application/json 54.243.14.195
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.raygun.io/ping?apiKey=KqlVWfStpb7VvH2AcA%2FOqg%3D%3D
Requested by: Host: pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev
URL: https://pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev/Employment%20Hero.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.243.14.195 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-243-14-195.compute-1.amazonaws.com
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Referer: https://pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

access-control-allow-origin: *
date: Mon, 26 Aug 2024 00:02:56 GMT
content-length: 2
content-type: application/json

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Cloudflare (Online)

39 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

7 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.t.co/	1970-01-21 08:34:04	Name: muc Value: 3552b573-10b0-4b3d-ab96-f4ffb6d1d975
.pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev/	1970-01-20 23:05:16	Name: __cf_mw_byp Value: G85uYhlrBwcTIsVYu5JCZDbQrFtnWuLxohULdWMMjpY-1724630568-0.0.1.1-/Employment%20Hero.html
.pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev/	1970-01-20 23:03:57	Name: _ga Value: GA1.3.258829996.1724630575
.pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev/	1970-01-20 23:03:57	Name: _gid Value: GA1.3.1010014765.1724630575
.pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev/	1970-01-20 23:03:57	Name: _gat Value: 1
.pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev/	1970-01-20 23:03:57	Name: _gat_newTracker Value: 1
.pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev/	1970-01-20 23:03:57	Name: _ga_C7CFC23K8T Value: GS1.3.1724630575.1.0.1724630575.0.0.0

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev/favicon.ico Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev/Scripts/bundle/3.350d69f6813bc46a4960.chunk.js Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev/Scripts/bundle/6.97f2a79891426448f070.chunk.js Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=0
X-Xss-Protection	0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.raygun.io
cdn.raygun.io
keypay-prod.s3.amazonaws.com
pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev
region1.google-analytics.com
static.zdassets.com
t.co
www.google-analytics.com
www.googletagmanager.com
www.gstatic.com
104.18.72.113
2001:4860:4802:32::36
2600:9000:275b:fa00:17:62f0:2dc0:93a1
2606:4700::6812:223
2a00:1450:4001:812::2003
2a00:1450:4001:828::200e
2a00:1450:4001:830::2008
54.231.170.129
54.243.14.195
93.184.221.165
0951656ac6eb37e69635c3477906023b2e5277bcc0534e70902b4eb8e56edc0a
1324606aaf8ef53ee67674b67a926e754e097d6ddf96ef40affab18c8390e8f9
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
5ae30a85d9080b40f8867eedad78c78881313bad3addce1b1fdaece00367e86f
66df34d9a6ecbc0462a490b701e33901073f71c916c4da1cedaa502a277cefbb
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
8f96948e1b11ccc972ff1c1285a00d910ae39f971579c747506f51927605b49a
9eb52ee46c7ab5ea4ca0982415da99fded1b7d7354f75e50847bdae6cb44eb66
aafb0a1fdbd778a20d4dca3075e834cfe92e7ed61efdc41f2f6a482a56c24e9d
ab8066daf198884db5a39ef05b687f44f1055fb16a10a392f55866f6aa61b4c9
d5d55c21610b8e57b991f54ba4c6554859cac96d3f248cc03aab52110679b24c
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
deb5f91849b497278d28ee1a2691dc4a31d3327f4d456c362d926b2a075da281
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e96a5e1e04ee3d7ffd8118f853ec2c0bcbf73b571cfa1c710238557baf5dd896
ed642c6b25aa07aac326cf44d71e974c830e68a7b67c0546859f5294f17e93aa
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev Open in urlscan Pro 2606:4700::6812:223 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

21 Requests

100 %HTTPS

60 %IPv6

8 Domains

10 Subdomains

11 IPs

4 Countries

7564 kBTransfer

8310 kBSize

7 Cookies

1 Outgoing links

Page URL History

Redirected requests

21 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

39 JavaScript Global Variables

7 Cookies

3 Console Messages

Security Headers

Indicators

pub-fded6a2f8aa246c6aef5576acbe3e672.r2.dev Open in urlscan Pro
2606:4700::6812:223 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

21
Requests

100 %
HTTPS

60 %
IPv6

8
Domains

10
Subdomains

11
IPs

4
Countries

7564 kB
Transfer

8310 kB
Size

7
Cookies

21 HTTP transactions
3 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!