rthfsocprq.trafficsdoctor.org Open in urlscan Pro
172.67.149.243 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://email.app.bamboohr.com/c/eJyMkE1r4zAYhH-NdLOxPvx10CGbbEBhs6VtQkouQXotVSqWZGylkH9f0vbYQ28DMww8D6QQrtGDyj7Fix-EYgNXzPKCcA...
Effective URL:
https://rthfsocprq.trafficsdoctor.org/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3...
Submission: On May 17 via api (May 17th 2024, 3:22:36 pm UTC) from AU — Scanned from AU

Summary HTTP 9 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 9 HTTP transactions. The main IP is 172.67.149.243, located in United States and belongs to CLOUDFLARENET, US. The main domain is rthfsocprq.trafficsdoctor.org.
TLS certificate: Issued by E1 on May 12th 2024. Valid for: 3 months.

This is the only time rthfsocprq.trafficsdoctor.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	104.17.246.112 104.17.246.112	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3 6	172.67.149.243 172.67.149.243	13335 (CLOUDFLAR...) (CLOUDFLARENET)
9	2

1 104.17.246.112 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

email.app.bamboohr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 172.67.149.243 (United States) 3 redirects

ASN13335 (CLOUDFLARENET, US)

rthfsmeheff.trafficsdoctor.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
rthfsocprq.trafficsdoctor.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
rthfshefbew.trafficsdoctor.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
rthfsdjrhte.trafficsdoctor.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	trafficsdoctor.org 3 redirects rthfsmeheff.trafficsdoctor.org rthfsocprq.trafficsdoctor.org rthfshefbew.trafficsdoctor.org rthfsdjrhte.trafficsdoctor.org Failed	63 KB
1	bamboohr.com 1 redirects email.app.bamboohr.com — Cisco Umbrella Rank: 108018	987 B
9	2

	Domain	Requested by
3	rthfsocprq.trafficsdoctor.org	1 redirects rthfsocprq.trafficsdoctor.org rthfsdjrhte.trafficsdoctor.org
1	rthfsdjrhte.trafficsdoctor.org	rthfsocprq.trafficsdoctor.org
1	rthfshefbew.trafficsdoctor.org	1 redirects
1	rthfsmeheff.trafficsdoctor.org	1 redirects
1	email.app.bamboohr.com	1 redirects
9	5

This site contains no links.

Subject Issuer	Validity	Valid
trafficsdoctor.org E1	`2024-05-12` - `2024-08-10`	3 months	crt.sh

This page contains 1 frames:

Frame: https://rthfsocprq.trafficsdoctor.org/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638515561492657391.YTUzZmFkNDQtYzUwYi00MjE2LWJjMDUtZmY2MzFjMTkxMjAxZjFjMDAwYTYtMTcyZi00MzFiLTlmNmQtNzc5ZWRjZWYwYThm&ui_locales=en-AU&mkt=en-AU&client-request-id=2eadf4b5-4b9a-4759-a31d-f7d635954390&state=q0_lfEMvgeVhTWsp_91J_H7AsE876UGLNAx0WQLXVS9b8Vz5YUcHVvsp8tEI03iP7hN3vz907oc8yo3__-CqKWUuqUIoNtTu_IaYGFhDtK3BrUP3ISqfMcdDuZP09jQwhZlAEpr7SSMTij7mygd4feADn9xq6ILV1TfETziC3BHiMdXFOxUOKotin8oJqdAs9EyXaOQT5pCDm4WzUS9avCWae5x0GCJhMWIyLVG-mO0OJQVzy5VIFv7c25RlXxgH4p3kC9X5L6P6_PNF0jmb9g&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0&sso_reload=true
Frame ID: 1753234E4AD858795E5FBA457DD26C4E
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://email.app.bamboohr.com/c/eJyMkE1r4zAYhH-NdLOxPvx10CGbbEBhs6VtQkouQXotVSqWZGylkH9f0vbYQ28DMww8D6QQrt... HTTP 302
https://rthfsmeheff.trafficsdoctor.org/o365 HTTP 302
https://rthfsocprq.trafficsdoctor.org/ HTTP 302
https://rthfshefbew.trafficsdoctor.org/login HTTP 302
https://rthfsocprq.trafficsdoctor.org/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&... Page URL

Page Statistics

9
Requests

33 %
HTTPS

0 %
IPv6

2
Domains

5
Subdomains

2
IPs

2
Countries

60 kB
Transfer

159 kB
Size

14
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://email.app.bamboohr.com/c/eJyMkE1r4zAYhH-NdLOxPvx10CGbbEBhs6VtQkouQXotVSqWZGylkH9f0vbYQ28DMww8D6QQrtGDyj7Fix-EYgNXzPKCcAIFIcYWuqdNwRvgFnillekxpDCpeLvvwQ8X2pC6rTBcl5yCMLdddT7VTsen3XktG_km6f5wZPu1XGT4_65f_jgdxx-62unT0T94eZMb6e0jYhvENngQwFtsBGlJ3dO-awl2olN9xSwjGrrOsMr2HbCODBw4p71qOux_hYJ4paap1CrolNxcQgp4FC7naUFshegW0e2cnV2CccbaMs_KWg_LkCCnuUzzK6LbxJoazyIoHxGv9JjiEJQfP8-yWB2eL3_3K_kPZxNVzHdr3-lL3EcAAAD__6hTea8 HTTP 302
https://rthfsmeheff.trafficsdoctor.org/o365 HTTP 302
https://rthfsocprq.trafficsdoctor.org/ HTTP 302
https://rthfshefbew.trafficsdoctor.org/login HTTP 302
https://rthfsocprq.trafficsdoctor.org/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638515561492657391.YTUzZmFkNDQtYzUwYi00MjE2LWJjMDUtZmY2MzFjMTkxMjAxZjFjMDAwYTYtMTcyZi00MzFiLTlmNmQtNzc5ZWRjZWYwYThm&ui_locales=en-AU&mkt=en-AU&client-request-id=2eadf4b5-4b9a-4759-a31d-f7d635954390&state=q0_lfEMvgeVhTWsp_91J_H7AsE876UGLNAx0WQLXVS9b8Vz5YUcHVvsp8tEI03iP7hN3vz907oc8yo3__-CqKWUuqUIoNtTu_IaYGFhDtK3BrUP3ISqfMcdDuZP09jQwhZlAEpr7SSMTij7mygd4feADn9xq6ILV1TfETziC3BHiMdXFOxUOKotin8oJqdAs9EyXaOQT5pCDm4WzUS9avCWae5x0GCJhMWIyLVG-mO0OJQVzy5VIFv7c25RlXxgH4p3kC9X5L6P6_PNF0jmb9g&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H3	200	Primary Request authorize Show response rthfsocprq.trafficsdoctor.org/common/oauth2/v2.0/ Redirect Chain https://email.app.bamboohr.com/c/eJyMkE1r4zAYhH-NdLOxPvx10CGbbEBhs6VtQkouQXotVSqWZGylkH9f0vbYQ28DMww8D6QQrtGDyj7Fix-EYgNXzPKCcAIFIcYWuqdNwRvgFnillekxpDCpeLvvwQ8X2pC6rTBcl5yCMLdddT7VTsen3XktG_km6f5w... https://rthfsmeheff.trafficsdoctor.org/o365 https://rthfsocprq.trafficsdoctor.org/ https://rthfshefbew.trafficsdoctor.org/login https://rthfsocprq.trafficsdoctor.org/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token...	21 KB 10 KB	1429ms 1428ms	Document text/html	172.67.149.243 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://rthfsocprq.trafficsdoctor.org/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638515561492657391.YTUzZmFkNDQtYzUwYi00MjE2LWJjMDUtZmY2MzFjMTkxMjAxZjFjMDAwYTYtMTcyZi00MzFiLTlmNmQtNzc5ZWRjZWYwYThm&ui_locales=en-AU&mkt=en-AU&client-request-id=2eadf4b5-4b9a-4759-a31d-f7d635954390&state=q0_lfEMvgeVhTWsp_91J_H7AsE876UGLNAx0WQLXVS9b8Vz5YUcHVvsp8tEI03iP7hN3vz907oc8yo3__-CqKWUuqUIoNtTu_IaYGFhDtK3BrUP3ISqfMcdDuZP09jQwhZlAEpr7SSMTij7mygd4feADn9xq6ILV1TfETziC3BHiMdXFOxUOKotin8oJqdAs9EyXaOQT5pCDm4WzUS9avCWae5x0GCJhMWIyLVG-mO0OJQVzy5VIFv7c25RlXxgH4p3kC9X5L6P6_PNF0jmb9g&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0 Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.149.243 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `c913f9ddd5c6577225c9fde190742d68b9d040d03d83aeaf979a854e983abeb6` Request headers Accept-Language en-AU,en;q=0.9;q=0.9 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers alt-svc h3=":443"; ma=86400 cache-control no-store, no-cache cf-cache-status DYNAMIC cf-ray 88549a704e926a45-SYD content-encoding br content-type text/html; charset=utf-8 date Fri, 17 May 2024 15:22:31 GMT expires -1 nel {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0} p3p CP="DSP CUR OTPi IND OTRi ONL FIN" pragma no-cache referrer-policy strict-origin-when-cross-origin report-to {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+SEC"}]} server cloudflare vary Accept-Encoding x-ms-clitelem 1,50168,0,, x-ms-ests-server 2.1.18077.3 - NEULR1 ProdSlices x-ms-request-id 8de83fee-a453-4545-978f-e3e00bd83c00 x-ms-srs 1.P Redirect headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 88549a67baad6a45-SYD content-type text/html; charset=utf-8 date Fri, 17 May 2024 15:22:29 GMT location https://rthfsocprq.trafficsdoctor.org/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638515561492657391.YTUzZmFkNDQtYzUwYi00MjE2LWJjMDUtZmY2MzFjMTkxMjAxZjFjMDAwYTYtMTcyZi00MzFiLTlmNmQtNzc5ZWRjZWYwYThm&ui_locales=en-AU&mkt=en-AU&client-request-id=2eadf4b5-4b9a-4759-a31d-f7d635954390&state=q0_lfEMvgeVhTWsp_91J_H7AsE876UGLNAx0WQLXVS9b8Vz5YUcHVvsp8tEI03iP7hN3vz907oc8yo3__-CqKWUuqUIoNtTu_IaYGFhDtK3BrUP3ISqfMcdDuZP09jQwhZlAEpr7SSMTij7mygd4feADn9xq6ILV1TfETziC3BHiMdXFOxUOKotin8oJqdAs9EyXaOQT5pCDm4WzUS9avCWae5x0GCJhMWIyLVG-mO0OJQVzy5VIFv7c25RlXxgH4p3kC9X5L6P6_PNF0jmb9g&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} referrer-policy strict-origin-when-cross-origin report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5VPrs4dwBRniYwdxxHx2FfBje51cmwpEHd3zxWN%2FnDThHwMb5hAaMijsLVNuvLMmWFoqGMTRZNJ3nIe8DwcmXc%2FwgD0nlOhquLyd3GaN2vnJGsY3ioE9Ube0%2BvA%2BgZUFp3uJ%2BKgmygN19VodT2h1frQ%3D"}],"group":"cf-nel","max_age":604800} request-context appId= server cloudflare vary Accept-Encoding x-cache CONFIG_NOCACHE x-msedge-ref Ref A: 49DCA266415449F19207F03ABFDB7F1A Ref B: HEL01EDGE1820 Ref C: 2024-05-17T15:22:29Z x-ua-compatible IE=edge,chrome=1
GET		BssoInterrupt_Core_RY3pVDLvjU_KKLtTKxjDFA2.js rthfsdjrhte.trafficsdoctor.org/shared/1.0/content/js/	0 0

GET H3	200	BssoInterrupt_Core_RY3pVDLvjU_KKLtTKxjDFA2.js Show response rthfsdjrhte.trafficsdoctor.org/shared/1.0/content/js/	138 KB 50 KB	24ms 14ms	Script application/x-javascript	172.67.149.243 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://rthfsdjrhte.trafficsdoctor.org/shared/1.0/content/js/BssoInterrupt_Core_RY3pVDLvjU_KKLtTKxjDFA2.js Requested by Host: rthfsocprq.trafficsdoctor.org URL: https://rthfsocprq.trafficsdoctor.org/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638515561492657391.YTUzZmFkNDQtYzUwYi00MjE2LWJjMDUtZmY2MzFjMTkxMjAxZjFjMDAwYTYtMTcyZi00MzFiLTlmNmQtNzc5ZWRjZWYwYThm&ui_locales=en-AU&mkt=en-AU&client-request-id=2eadf4b5-4b9a-4759-a31d-f7d635954390&state=q0_lfEMvgeVhTWsp_91J_H7AsE876UGLNAx0WQLXVS9b8Vz5YUcHVvsp8tEI03iP7hN3vz907oc8yo3__-CqKWUuqUIoNtTu_IaYGFhDtK3BrUP3ISqfMcdDuZP09jQwhZlAEpr7SSMTij7mygd4feADn9xq6ILV1TfETziC3BHiMdXFOxUOKotin8oJqdAs9EyXaOQT5pCDm4WzUS9avCWae5x0GCJhMWIyLVG-mO0OJQVzy5VIFv7c25RlXxgH4p3kC9X5L6P6_PNF0jmb9g&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0 Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.149.243 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `4638fd8935d19192119469391e3befbb88f620ccd8eeeef2045cd5bdd3bba414` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://rthfsocprq.trafficsdoctor.org/ Origin https://rthfsocprq.trafficsdoctor.org Accept-Language en-AU,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-ms-blob-type BlockBlob date Fri, 17 May 2024 15:22:31 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 354293 x-cache TCP_HIT x-fd-int-roxy-purgeid 4554691 alt-svc h3=":443"; ma=86400 x-ms-lease-status unlocked last-modified Mon, 29 Apr 2024 17:13:55 GMT server cloudflare x-azure-ref 20240513T125737Z-17c898fb97f45g8sd8x73v56gs0000000ab000000000bmc5 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7WjAW8R8s91y1IrJ7UuBF%2F7TLaqV3GKppYMJbCe%2FWkrACF932Ys0bv4ssGWSFv4rBsfIaz7W3vFQA3xfrdjHK44Rdn0c6CI2WJxAc1SWF0bmw29HJRSUMTfOHCcGbHRtzlaBYaWyy4FAZYDyOH65dC0%3D"}],"group":"cf-nel","max_age":604800} content-type application/x-javascript access-control-allow-origin * x-ms-request-id 96054ab2-d01e-000b-4aa3-a4c089000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=31536000 x-ms-version 2009-09-19 vary Accept-Encoding cf-ray 88549a7a0ca779d2-SYD
GET		watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js rthfsdjrhte.trafficsdoctor.org/ests/2.1/content/cdnbundles/	0 0

GET		watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js rthfsdjrhte.trafficsdoctor.org/ests/2.1/content/cdnbundles/	0 0

GET		watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js rthfsdjrhte.trafficsdoctor.org/ests/2.1/content/cdnbundles/	0 0

POST		watson rthfsocprq.trafficsdoctor.org/common/handlers/	0 0

GET H3	200	authorize rthfsocprq.trafficsdoctor.org/common/oauth2/v2.0/	0 0	1139ms 1138ms	Document text/html	172.67.149.243 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://rthfsocprq.trafficsdoctor.org/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638515561492657391.YTUzZmFkNDQtYzUwYi00MjE2LWJjMDUtZmY2MzFjMTkxMjAxZjFjMDAwYTYtMTcyZi00MzFiLTlmNmQtNzc5ZWRjZWYwYThm&ui_locales=en-AU&mkt=en-AU&client-request-id=2eadf4b5-4b9a-4759-a31d-f7d635954390&state=q0_lfEMvgeVhTWsp_91J_H7AsE876UGLNAx0WQLXVS9b8Vz5YUcHVvsp8tEI03iP7hN3vz907oc8yo3__-CqKWUuqUIoNtTu_IaYGFhDtK3BrUP3ISqfMcdDuZP09jQwhZlAEpr7SSMTij7mygd4feADn9xq6ILV1TfETziC3BHiMdXFOxUOKotin8oJqdAs9EyXaOQT5pCDm4WzUS9avCWae5x0GCJhMWIyLVG-mO0OJQVzy5VIFv7c25RlXxgH4p3kC9X5L6P6_PNF0jmb9g&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0&sso_reload=true Requested by Host: rthfsdjrhte.trafficsdoctor.org URL: https://rthfsdjrhte.trafficsdoctor.org/shared/1.0/content/js/BssoInterrupt_Core_RY3pVDLvjU_KKLtTKxjDFA2.js Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.149.243 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Accept-Language en-AU,en;q=0.9;q=0.9 Referer https://rthfsocprq.trafficsdoctor.org/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638515561492657391.YTUzZmFkNDQtYzUwYi00MjE2LWJjMDUtZmY2MzFjMTkxMjAxZjFjMDAwYTYtMTcyZi00MzFiLTlmNmQtNzc5ZWRjZWYwYThm&ui_locales=en-AU&mkt=en-AU&client-request-id=2eadf4b5-4b9a-4759-a31d-f7d635954390&state=q0_lfEMvgeVhTWsp_91J_H7AsE876UGLNAx0WQLXVS9b8Vz5YUcHVvsp8tEI03iP7hN3vz907oc8yo3__-CqKWUuqUIoNtTu_IaYGFhDtK3BrUP3ISqfMcdDuZP09jQwhZlAEpr7SSMTij7mygd4feADn9xq6ILV1TfETziC3BHiMdXFOxUOKotin8oJqdAs9EyXaOQT5pCDm4WzUS9avCWae5x0GCJhMWIyLVG-mO0OJQVzy5VIFv7c25RlXxgH4p3kC9X5L6P6_PNF0jmb9g&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers alt-svc h3=":443"; ma=86400 cache-control no-store, no-cache cf-cache-status DYNAMIC cf-ray 88549a928cd96a45-SYD content-encoding br content-type text/html; charset=utf-8 date Fri, 17 May 2024 15:22:36 GMT expires -1 link <https://aadcdn.msauth.net>; rel=preconnect; crossorigin,<https://aadcdn.msauth.net>; rel=dns-prefetch,<https://aadcdn.msftauth.net>; rel=dns-prefetch nel {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0} p3p CP="DSP CUR OTPi IND OTRi ONL FIN" pragma no-cache referrer-policy strict-origin-when-cross-origin report-to {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+SEC"}]} server cloudflare vary Accept-Encoding x-dns-prefetch-control on x-ms-clitelem 1,0,0,, x-ms-ests-server 2.1.18077.3 - NEULR1 ProdSlices x-ms-request-id c14ef976-ffe6-48a0-94f4-598e9a1d8e01 x-ms-srs 1.P
GET		favicon.ico rthfsocprq.trafficsdoctor.org/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: rthfsdjrhte.trafficsdoctor.org
URL: https://rthfsdjrhte.trafficsdoctor.org/shared/1.0/content/js/BssoInterrupt_Core_RY3pVDLvjU_KKLtTKxjDFA2.js

Domain: rthfsdjrhte.trafficsdoctor.org
URL: https://rthfsdjrhte.trafficsdoctor.org/ests/2.1/content/cdnbundles/watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js

Domain: rthfsdjrhte.trafficsdoctor.org
URL: https://rthfsdjrhte.trafficsdoctor.org/ests/2.1/content/cdnbundles/watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js

Domain: rthfsdjrhte.trafficsdoctor.org
URL: https://rthfsdjrhte.trafficsdoctor.org/ests/2.1/content/cdnbundles/watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js

Domain: rthfsocprq.trafficsdoctor.org
URL: https://rthfsocprq.trafficsdoctor.org/common/handlers/watson

Domain: rthfsocprq.trafficsdoctor.org
URL: https://rthfsocprq.trafficsdoctor.org/favicon.ico

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

14 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.bamboohr.com/	1969-12-31 23:59:59	Name: _cfuvid Value: dklyPgJh58o7pfguYK47M08Ht_buMGLYTnKYblESu5w-1715959345089-0.0.1.1-604800000
.trafficsdoctor.org/	1970-01-20 20:39:22	Name: BUmc Value: 9cd607f6cace8c20fc874d6308b0672a5db3ed8cbec31264977286daeee0c3cc
rthfsocprq.trafficsdoctor.org/	1970-01-20 21:22:31	Name: fpc Value: ArqrNIavsgFAu8McCkYfHh8
.rthfsocprq.trafficsdoctor.org/	1969-12-31 23:59:59	Name: esctx Value: PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8nDQSsbU-Nj-MAIZEQE8a84B4xDbzv7SsZrTQJf4mDgQCFTdQKxku_nICVyD11OPkxC8EI_yOS3bFghfMn_67pUeMP2X_3pIlTO25wPHc5ek2gLFaLA0lW4mdU7fw8lWcbIRF6ml5SuFcRWuHFNXEynJyZqMrjfuOsN62IfGHE44gAA
rthfsocprq.trafficsdoctor.org/	1969-12-31 23:59:59	Name: x-ms-gateway-slice Value: estsfd
rthfsocprq.trafficsdoctor.org/	1969-12-31 23:59:59	Name: stsservicecookie Value: estsfd
rthfshefbew.trafficsdoctor.org/	1970-01-20 20:39:48	Name: OH.DCAffinity Value: OH-sec
rthfshefbew.trafficsdoctor.org/	1970-01-21 05:24:55	Name: OH.FLID Value: 270ecc06-4654-4ea9-886a-bfabd90ce39f
rthfshefbew.trafficsdoctor.org/	1970-01-20 20:39:20	Name: .AspNetCore.OpenIdConnect.Nonce.TeGfIyYSQDNwkgOo8DdwqOsuVwdwpXr38cz1AVgIloOfzH4Q6VILEA-dUyE5veEF4BxIiNaOY4rPWMaB45cgqbUijCwRyOK2_dr1A1wgF49_Ca3B8KAUwBlmIB9iLQxiQQuLbVWOHCAJXwUbOhoeEEBu33xXmwYZIBxV3U8kKen3aGQLpMNsUu62C8KQNmsygAREk1KHDm_pzl9lstfbMsmBoedIF1eWOy7MfgVFkQSBUEmHtM_JOlLL3kiPcmEt Value: N
rthfshefbew.trafficsdoctor.org/	1970-01-20 20:39:20	Name: .AspNetCore.Correlation.S-RpdfX4UWKtH8T1xwv8jJTQ3OfZUVbBNAm3KShYtwk Value: N
.trafficsdoctor.org/	1970-01-21 06:00:55	Name: MUID Value: 020FA5E06FBB61502968B1626E5E60D0
.rthfsocprq.trafficsdoctor.org/	1969-12-31 23:59:59	Name: esctx-9FG1BijfUIk Value: AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8NQkqcFxUopjQsaR3hO8GN88RRqWayF47wsapKyQ_SoWUT1b_3hsnHum-hLmOkw_pXCL4XolaVELzmFl7FSGwNWVC_ScWv8a57R1GMfPjK9otkEbvCvTXv_fX3NRfUBP4yGTzJNGZwkRX40xBuhkkVSAA
.rthfsocprq.trafficsdoctor.org/	1969-12-31 23:59:59	Name: AADSSO Value: NA\|NoExtension
rthfsocprq.trafficsdoctor.org/	1970-01-20 20:39:19	Name: SSOCOOKIEPULLED Value: 1

8 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: https://rthfsocprq.trafficsdoctor.org/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638515561492657391.YTUzZmFkNDQtYzUwYi00MjE2LWJjMDUtZmY2MzFjMTkxMjAxZjFjMDAwYTYtMTcyZi00MzFiLTlmNmQtNzc5ZWRjZWYwYThm&ui_locales=en-AU&mkt=en-AU&client-request-id=2eadf4b5-4b9a-4759-a31d-f7d635954390&state=q0_lfEMvgeVhTWsp_91J_H7AsE876UGLNAx0WQLXVS9b8Vz5YUcHVvsp8tEI03iP7hN3vz907oc8yo3__-CqKWUuqUIoNtTu_IaYGFhDtK3BrUP3ISqfMcdDuZP09jQwhZlAEpr7SSMTij7mygd4feADn9xq6ILV1TfETziC3BHiMdXFOxUOKotin8oJqdAs9EyXaOQT5pCDm4WzUS9avCWae5x0GCJhMWIyLVG-mO0OJQVzy5VIFv7c25RlXxgH4p3kC9X5L6P6_PNF0jmb9g&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0 Message: Access to script at 'https://rthfsdjrhte.trafficsdoctor.org/shared/1.0/content/js/BssoInterrupt_Core_RY3pVDLvjU_KKLtTKxjDFA2.js' from origin 'https://rthfsocprq.trafficsdoctor.org' has been blocked by CORS policy: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'.
network	error	URL: https://rthfsdjrhte.trafficsdoctor.org/shared/1.0/content/js/BssoInterrupt_Core_RY3pVDLvjU_KKLtTKxjDFA2.js Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://rthfsocprq.trafficsdoctor.org/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638515561492657391.YTUzZmFkNDQtYzUwYi00MjE2LWJjMDUtZmY2MzFjMTkxMjAxZjFjMDAwYTYtMTcyZi00MzFiLTlmNmQtNzc5ZWRjZWYwYThm&ui_locales=en-AU&mkt=en-AU&client-request-id=2eadf4b5-4b9a-4759-a31d-f7d635954390&state=q0_lfEMvgeVhTWsp_91J_H7AsE876UGLNAx0WQLXVS9b8Vz5YUcHVvsp8tEI03iP7hN3vz907oc8yo3__-CqKWUuqUIoNtTu_IaYGFhDtK3BrUP3ISqfMcdDuZP09jQwhZlAEpr7SSMTij7mygd4feADn9xq6ILV1TfETziC3BHiMdXFOxUOKotin8oJqdAs9EyXaOQT5pCDm4WzUS9avCWae5x0GCJhMWIyLVG-mO0OJQVzy5VIFv7c25RlXxgH4p3kC9X5L6P6_PNF0jmb9g&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0 Message: Access to script at 'https://rthfsdjrhte.trafficsdoctor.org/ests/2.1/content/cdnbundles/watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js' from origin 'https://rthfsocprq.trafficsdoctor.org' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://rthfsdjrhte.trafficsdoctor.org/ests/2.1/content/cdnbundles/watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://rthfsocprq.trafficsdoctor.org/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638515561492657391.YTUzZmFkNDQtYzUwYi00MjE2LWJjMDUtZmY2MzFjMTkxMjAxZjFjMDAwYTYtMTcyZi00MzFiLTlmNmQtNzc5ZWRjZWYwYThm&ui_locales=en-AU&mkt=en-AU&client-request-id=2eadf4b5-4b9a-4759-a31d-f7d635954390&state=q0_lfEMvgeVhTWsp_91J_H7AsE876UGLNAx0WQLXVS9b8Vz5YUcHVvsp8tEI03iP7hN3vz907oc8yo3__-CqKWUuqUIoNtTu_IaYGFhDtK3BrUP3ISqfMcdDuZP09jQwhZlAEpr7SSMTij7mygd4feADn9xq6ILV1TfETziC3BHiMdXFOxUOKotin8oJqdAs9EyXaOQT5pCDm4WzUS9avCWae5x0GCJhMWIyLVG-mO0OJQVzy5VIFv7c25RlXxgH4p3kC9X5L6P6_PNF0jmb9g&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0 Message: Access to script at 'https://rthfsdjrhte.trafficsdoctor.org/ests/2.1/content/cdnbundles/watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js' from origin 'https://rthfsocprq.trafficsdoctor.org' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://rthfsdjrhte.trafficsdoctor.org/ests/2.1/content/cdnbundles/watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://rthfsocprq.trafficsdoctor.org/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638515561492657391.YTUzZmFkNDQtYzUwYi00MjE2LWJjMDUtZmY2MzFjMTkxMjAxZjFjMDAwYTYtMTcyZi00MzFiLTlmNmQtNzc5ZWRjZWYwYThm&ui_locales=en-AU&mkt=en-AU&client-request-id=2eadf4b5-4b9a-4759-a31d-f7d635954390&state=q0_lfEMvgeVhTWsp_91J_H7AsE876UGLNAx0WQLXVS9b8Vz5YUcHVvsp8tEI03iP7hN3vz907oc8yo3__-CqKWUuqUIoNtTu_IaYGFhDtK3BrUP3ISqfMcdDuZP09jQwhZlAEpr7SSMTij7mygd4feADn9xq6ILV1TfETziC3BHiMdXFOxUOKotin8oJqdAs9EyXaOQT5pCDm4WzUS9avCWae5x0GCJhMWIyLVG-mO0OJQVzy5VIFv7c25RlXxgH4p3kC9X5L6P6_PNF0jmb9g&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0 Message: Access to script at 'https://rthfsdjrhte.trafficsdoctor.org/ests/2.1/content/cdnbundles/watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js' from origin 'https://rthfsocprq.trafficsdoctor.org' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://rthfsdjrhte.trafficsdoctor.org/ests/2.1/content/cdnbundles/watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js Message: Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

email.app.bamboohr.com
rthfsdjrhte.trafficsdoctor.org
rthfshefbew.trafficsdoctor.org
rthfsmeheff.trafficsdoctor.org
rthfsocprq.trafficsdoctor.org
rthfsdjrhte.trafficsdoctor.org
rthfsocprq.trafficsdoctor.org
104.17.246.112
172.67.149.243
4638fd8935d19192119469391e3befbb88f620ccd8eeeef2045cd5bdd3bba414
c913f9ddd5c6577225c9fde190742d68b9d040d03d83aeaf979a854e983abeb6

rthfsocprq.trafficsdoctor.org Open in urlscan Pro 172.67.149.243 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

9 Requests

33 %HTTPS

0 %IPv6

2 Domains

5 Subdomains

2 IPs

2 Countries

60 kBTransfer

159 kBSize

14 Cookies

0 Outgoing links

Page URL History

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

14 Cookies

8 Console Messages

Indicators

rthfsocprq.trafficsdoctor.org Open in urlscan Pro
172.67.149.243 Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

33 %
HTTPS

0 %
IPv6

2
Domains

5
Subdomains

2
IPs

2
Countries

60 kB
Transfer

159 kB
Size

14
Cookies

9 HTTP transactions
0 data transactions