dadayforcehcm.com Open in urlscan Pro
104.21.95.219  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response dadayforcehcm.com/online/	22 KB 5 KB	335ms 278ms	Document text/html	104.21.95.219 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://dadayforcehcm.com/online/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.21.95.219 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash a1ab31799c77183f530c9f3901fdd4b3ca7dd9cffc5b74891a4d22f2af3dcfa8 Request headers Accept-Language en-CA,en;q=0.9;q=0.9 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 89868cbff9b5ab2a-YYZ content-encoding br content-type text/html date Sun, 23 Jun 2024 18:30:31 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3fve0jVyG2Q96MFJjszBtNAAsX9LBHN%2BVHBGiRCB1qC5V3jENiR9Ir69KrsdJB2LQRL%2Bycd%2FRqO54A%2F%2FP%2BAVzxKuV00bpstmwAViqiEHhosZPlENtibunZQIegJkLmD6LIs4EA%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare
GET H2	200	rebrandedCss.css dadayforcehcm.com/online/css/	172 KB 28 KB	410ms 409ms	Stylesheet text/css	104.21.95.219 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://dadayforcehcm.com/online/css/rebrandedCss.css Requested by Host: dadayforcehcm.com URL: https://dadayforcehcm.com/online/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.21.95.219 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash d591e1854d64badfc972c10c750d4298aa065f7d5a96d36c38c8b908603fa137 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://dadayforcehcm.com/online/ Accept-Language en-CA,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Sun, 23 Jun 2024 18:30:32 GMT content-encoding gzip cf-cache-status MISS last-modified Tue, 18 Jun 2024 10:42:42 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"667164a2-2b01e" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VCR5v9LaQcDKe0rT8VgfRQWo31XDKZDxSToI9Ul2sEI7UtVNK5cRbz%2F4jC1WornBXA0QlHqsOFVs1J%2BiAGWgGUF5ahJo3Kri7C%2Bg%2FsEoU489XFCQQeBmP1rbXprT8FRqGBrHkA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=86400 cf-ray 89868cc1bb5cab2a-YYZ alt-svc h3=":443"; ma=86400 expires Mon, 24 Jun 2024 18:30:32 GMT
GET H2	200	Dayforce_2023_Blue.svg dadayforcehcm.com/online/css/	4 KB 2 KB	276ms 276ms	Image image/svg+xml	104.21.95.219 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://dadayforcehcm.com/online/css/Dayforce_2023_Blue.svg Requested by Host: dadayforcehcm.com URL: https://dadayforcehcm.com/online/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.21.95.219 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dff8f7e61502e2a12f3fa8f7eacb7519e7f0ca9ce056411635f9b8aec5042570 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://dadayforcehcm.com/online/ Accept-Language en-CA,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Sun, 23 Jun 2024 18:30:32 GMT content-encoding gzip cf-cache-status MISS last-modified Tue, 18 Jun 2024 10:42:42 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"667164a2-ee1" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Da4aKTb3ThuePWbn1YxhQjunjEk4jWHAzE5FS8XFq04ng65K3Fi1gXNWGImQFkTjx3A6ifjlmnxssOqIHp8VLifICaZYOAzDjwxZjth4zqdAT56sY%2FGV%2FZpz2JxIfz6ztszA4g%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml cache-control max-age=86400 cf-ray 89868cc1bb5fab2a-YYZ alt-svc h3=":443"; ma=86400 expires Mon, 24 Jun 2024 18:30:32 GMT
GET H2	200	EverestError.svg dadayforcehcm.com/online/css/	821 B 673 B	278ms 278ms	Image image/svg+xml	104.21.95.219 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://dadayforcehcm.com/online/css/EverestError.svg Requested by Host: dadayforcehcm.com URL: https://dadayforcehcm.com/online/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.21.95.219 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 5022f2c8fe2f6934cc1f4a2010525ca23d789905641f523357c82ed026987314 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://dadayforcehcm.com/online/ Accept-Language en-CA,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Sun, 23 Jun 2024 18:30:32 GMT content-encoding gzip cf-cache-status MISS last-modified Tue, 18 Jun 2024 10:42:42 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"667164a2-335" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NlPvlCCxQiLW%2FVJwnF1b8hJuoycpCQWt1QDSZXWftKRhWTRhGvX8Yt5pNsKZoNEJUr767232a5qKqbpGjbV1WHdr7Ih0IUdib%2BpxfYIVqJFTm70tvnOTfmkVqvktG0PjCGlcLw%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml cache-control max-age=86400 cf-ray 89868cc1bb60ab2a-YYZ alt-svc h3=":443"; ma=86400 expires Mon, 24 Jun 2024 18:30:32 GMT
GET H3	200	circle-loading-gif.gif www.wpfaster.org/wp-content/uploads/2013/06/	239 KB 240 KB	65ms 33ms	Image image/webp	172.67.72.245 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.wpfaster.org/wp-content/uploads/2013/06/circle-loading-gif.gif Requested by Host: dadayforcehcm.com URL: https://dadayforcehcm.com/online/ Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.72.245 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e9f8d46aae198d5db87825a5310438bd3f70c4311dc0497d9b51195904ba07c9 Security Headers Name Value Strict-Transport-Security max-age=15552000; includeSubDomains; preload Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://dadayforcehcm.com/online/ Accept-Language en-CA,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Sun, 23 Jun 2024 18:30:32 GMT strict-transport-security max-age=15552000; includeSubDomains; preload cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 55319 cf-polished origFmt=gif, origSize=245347 content-disposition inline; filename="circle-loading-gif.webp" alt-svc h3=":443"; ma=86400 content-length 244594 cf-bgj imgq:85,h2pri last-modified Sun, 17 Jul 2016 13:33:24 GMT server cloudflare vary Accept report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EPgfveob3w6ZDxatf0Lchywp1ipUIjQbwmzii%2F%2F8LEVvRGUgAiNPDsIEHnNpvzk%2F%2BBnWdV2ZU1leCGfSnt8OD8dZf%2FujTLtH530w5f2vQzpDvVq0jcI5z%2BTBgOe6%2BFyvXuE%3D"}],"group":"cf-nel","max_age":604800} content-type image/webp cache-control max-age=10368000, public accept-ranges bytes cf-ray 89868cc20e2ba223-YYZ expires Fri, 18 Oct 2024 15:20:32 GMT
GET H2	200	jquery-3.7.0.min.js Show response code.jquery.com/	85 KB 30 KB	55ms 18ms	Script application/javascript	151.101.130.137 FASTLY
General Check archive.org Show headers Download Go to Full URL https://code.jquery.com/jquery-3.7.0.min.js Requested by Host: dadayforcehcm.com URL: https://dadayforcehcm.com/online/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.130.137 San Francisco, United States, ASN54113 (FASTLY, US), Reverse DNS Software nginx / Resource Hash d8f9afbf492e4c139e9d2bcb9ba6ef7c14921eb509fb703bc7a3f911b774eff8 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://dadayforcehcm.com/online/ Accept-Language en-CA,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Sun, 23 Jun 2024 18:30:32 GMT content-encoding gzip via 1.1 varnish, 1.1 varnish age 5023661 x-cache HIT, HIT content-length 30308 x-served-by cache-lga13623-LGA, cache-yyz4551-YYZ last-modified Fri, 18 Oct 1991 12:00:00 GMT server nginx x-timer S1719167432.012358,VS0,VE0 etag W/"28feccc0-155a6" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=31536000, stale-while-revalidate=604800 accept-ranges bytes x-cache-hits 37, 9701
GET H2	200	pusher.min.js Show response js.pusher.com/7.2/	69 KB 19 KB	110ms 30ms	Script application/javascript	13.225.192.75 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.pusher.com/7.2/pusher.min.js Requested by Host: dadayforcehcm.com URL: https://dadayforcehcm.com/online/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.192.75 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-192-75.yul62.r.cloudfront.net Software AmazonS3 / Resource Hash b39f0b274992d4d7c19b5ce5b56e9020dd1666ad1ee7fc4a378d26679efc6029 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://dadayforcehcm.com/online/ Accept-Language en-CA,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Sun, 26 May 2024 07:34:18 GMT content-encoding gzip via 1.1 0af7b45c1245bf01064b3a3ce0d489f6.cloudfront.net (CloudFront) last-modified Fri, 15 Jul 2022 13:45:32 GMT server AmazonS3 x-amz-cf-pop YUL62-C1 age 2458575 etag W/"99f7f95a02d32c6b8587afa7e7440d3f" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * x-cache Hit from cloudfront cache-control max-age=2592000 x-amz-cf-id 7mf7Mf9cuW1ciEP-yDvdPfyo8Agsh56EKz_CyXviSSFO0EOIPhNJGw==
GET H3	404	saved_resource.html Show response dadayforcehcm.com/online/css/ Frame 9AF4	228 B 601 B	299ms 299ms	Document text/html	104.21.95.219 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://dadayforcehcm.com/online/css/saved_resource.html Requested by Host: dadayforcehcm.com URL: https://dadayforcehcm.com/online/ Protocol H3 Security QUIC, , AES_128_GCM Server 104.21.95.219 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 5fc900614a8d8e6c5ed61a762641849d8aa2cb95819c62c05a59a39495f35463 Request headers Accept-Language en-CA,en;q=0.9;q=0.9 Referer https://dadayforcehcm.com/online/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 89868cc47a5cab69-YYZ content-encoding br content-type text/html; charset=iso-8859-1 date Sun, 23 Jun 2024 18:30:32 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7N5aEmT3HpKD7AKULRF2fJ7hJJ151WYSdrYQk1hr8ZZkGtcqib1l%2F32yjeTIFGQyj2H%2FTM%2Bg7QgiZolI%2BG6Ko7c2ZyiFxdy1tr%2BO2eJk%2BAyrj%2BUu0N2x3kNO0Q95jZd2K%2Bv91A%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare
GET H3	404	saved_resource(1).html Show response dadayforcehcm.com/online/css/ Frame EBF0	231 B 636 B	279ms 278ms	Document text/html	104.21.95.219 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://dadayforcehcm.com/online/css/saved_resource(1).html Requested by Host: dadayforcehcm.com URL: https://dadayforcehcm.com/online/ Protocol H3 Security QUIC, , AES_128_GCM Server 104.21.95.219 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 8a4c425e1bb5fb1b7ad6a4be3e55b36865b9a632c3ca5dd66a90a6b99e9c905f Request headers Accept-Language en-CA,en;q=0.9;q=0.9 Referer https://dadayforcehcm.com/online/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 89868cc47a60ab69-YYZ content-encoding br content-type text/html; charset=iso-8859-1 date Sun, 23 Jun 2024 18:30:32 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vEGCpfnc%2F0TNh3KyK9GPT%2BH9b2ujHIxS5Ec7DN1yRFglShJThuHqBAKeKFaAYaG3dU7Aj3AexTD3YfIcwHGQzHN9T%2FBprtNGEDNlyOy8HygtL0GhlWQf8L39wyW2zbZxEWWJIw%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare
GET H3	404	favicon.ico dadayforcehcm.com/	209 B 602 B	288ms 288ms	Other text/html	104.21.95.219 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://dadayforcehcm.com/favicon.ico Protocol H3 Security QUIC, , AES_128_GCM Server 104.21.95.219 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b6682cab65d3243b5b75efb7279dbf49491957484780f2ba0a87632cc0e25642 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://dadayforcehcm.com/online/ Accept-Language en-CA,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Sun, 23 Jun 2024 18:30:32 GMT content-encoding br cf-cache-status EXPIRED nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cmut5hBbJu3NzzZ9CKRTB1C2nGe1ft8CGMfiuwh2PuXruQihAMpOGzB4LvH0Db2Co5xS3MkxBZlsvYL4K7Ym0WXTrazqjfaK5h3w%2BmBKbHk4qsRgdv1U7iQu%2B29u%2B0tKHivwzg%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=iso-8859-1 cache-control max-age=14400 cf-ray 89868cc66c42ab69-YYZ alt-svc h3=":443"; ma=86400

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Dayforce (Online)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 undefined| event object| fence object| sharedStorage object| element function| $ function| jQuery function| Pusher

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://dadayforcehcm.com/online/css/saved_resource(1).html Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://dadayforcehcm.com/online/css/saved_resource.html Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://dadayforcehcm.com/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

code.jquery.com
dadayforcehcm.com
js.pusher.com
www.wpfaster.org
104.21.95.219
13.225.192.75
151.101.130.137
172.67.72.245
5022f2c8fe2f6934cc1f4a2010525ca23d789905641f523357c82ed026987314
5fc900614a8d8e6c5ed61a762641849d8aa2cb95819c62c05a59a39495f35463
8a4c425e1bb5fb1b7ad6a4be3e55b36865b9a632c3ca5dd66a90a6b99e9c905f
a1ab31799c77183f530c9f3901fdd4b3ca7dd9cffc5b74891a4d22f2af3dcfa8
b39f0b274992d4d7c19b5ce5b56e9020dd1666ad1ee7fc4a378d26679efc6029
b6682cab65d3243b5b75efb7279dbf49491957484780f2ba0a87632cc0e25642
d591e1854d64badfc972c10c750d4298aa065f7d5a96d36c38c8b908603fa137
d8f9afbf492e4c139e9d2bcb9ba6ef7c14921eb509fb703bc7a3f911b774eff8
dff8f7e61502e2a12f3fa8f7eacb7519e7f0ca9ce056411635f9b8aec5042570
e9f8d46aae198d5db87825a5310438bd3f70c4311dc0497d9b51195904ba07c9