urlscan.io logo urlscan.io
SecurityTrails logo

sofacteuspro-e58ea7.ingress-haven.ewp.live Open in urlscan Pro
63.250.43.145  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://391622.seu2.cleverreach.com/cp/96084343/0a256ff41-sf8cep
Effective URL: https://sofacteuspro-e58ea7.ingress-haven.ewp.live/wp-content/themes/twentytwentyfour/transferwe4ae/
Submission: On July 25 via manual from FR — Scanned from FR
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 3 countries across 6 domains to perform 23 HTTP transactions. The main IP is 63.250.43.145, located in United States and belongs to NAMECHEAP-NET, US. The main domain is sofacteuspro-e58ea7.ingress-haven.ewp.live.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on December 2nd 2023. Valid for: a year.
This is the only time sofacteuspro-e58ea7.ingress-haven.ewp.live was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Sharepoint (Online)

Domain & IP information

IP Address AS Autonomous System
1 1 34.254.149.13 16509 (AMAZON-02)
15 172.64.152.105 13335 (CLOUDFLAR...)
2 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
2 2606:4700:440... 13335 (CLOUDFLAR...)
2 63.250.43.145 22612 (NAMECHEAP...)
23 6
1    34.254.149.13 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-254-149-13.eu-west-1.compute.amazonaws.com
391622.seu2.cleverreach.com
15    172.64.152.105 (San Francisco, United States)

ASN13335 (CLOUDFLARENET, US)
selectionvalidesrv.mydurable.com
2    2a00:1450:4001:80e::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
2    2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
2    2606:4700:4400::ac40:979a (United States)

ASN13335 (CLOUDFLARENET, US)
api.durable.co
2    63.250.43.145 (United States)

ASN22612 (NAMECHEAP-NET, US)
PTR: ingress-haven.ewp.live
sofacteuspro-e58ea7.ingress-haven.ewp.live
Domain Requested by
15 selectionvalidesrv.mydurable.com selectionvalidesrv.mydurable.com
2 sofacteuspro-e58ea7.ingress-haven.ewp.live selectionvalidesrv.mydurable.com
2 api.durable.co selectionvalidesrv.mydurable.com
2 fonts.gstatic.com fonts.googleapis.com
2 fonts.googleapis.com selectionvalidesrv.mydurable.com
1 391622.seu2.cleverreach.com 1 redirects
23 6

This site contains no links.

Subject Issuer Validity Valid
mydurable.com
E5		 2024-07-05 -
2024-10-03		 3 months crt.sh
upload.video.google.com
WR2		 2024-07-01 -
2024-09-23		 3 months crt.sh
*.gstatic.com
WR2		 2024-07-01 -
2024-09-23		 3 months crt.sh
*.durable.co
E1		 2024-05-30 -
2024-08-28		 3 months crt.sh
*.ingress-haven.ewp.live
Sectigo RSA Domain Validation Secure Server CA		 2023-12-02 -
2024-12-02		 a year crt.sh

This page contains 1 frames:

Primary Page: https://sofacteuspro-e58ea7.ingress-haven.ewp.live/wp-content/themes/twentytwentyfour/transferwe4ae/
Frame ID: EC7FBB0E5D5EEECA11D1E42C496F0380
Requests: 26 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Wetransfer - Partage de document.

Page URL History Show full URLs

  1. https://391622.seu2.cleverreach.com/cp/96084343/0a256ff41-sf8cep HTTP 302
    https://selectionvalidesrv.mydurable.com/?pt=NjYxY2RlNDE3ZjUwMWU4NWM3ZGVmMTg2OjE3MTc5NjcyMDIuNTI6cHJldmlldw== Page URL
  2. https://sofacteuspro-e58ea7.ingress-haven.ewp.live/wp-content/themes/twentytwentyfour/transferwe4ae/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /wp-(?:content|includes)/

Page Statistics

23
Requests

100 %
HTTPS

50 %
IPv6

6
Domains

6
Subdomains

6
IPs

3
Countries

469 kB
Transfer

1424 kB
Size

8
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://391622.seu2.cleverreach.com/cp/96084343/0a256ff41-sf8cep HTTP 302
    https://selectionvalidesrv.mydurable.com/?pt=NjYxY2RlNDE3ZjUwMWU4NWM3ZGVmMTg2OjE3MTc5NjcyMDIuNTI6cHJldmlldw== Page URL
  2. https://sofacteuspro-e58ea7.ingress-haven.ewp.live/wp-content/themes/twentytwentyfour/transferwe4ae/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://391622.seu2.cleverreach.com/cp/96084343/0a256ff41-sf8cep HTTP 302
  • https://selectionvalidesrv.mydurable.com/?pt=NjYxY2RlNDE3ZjUwMWU4NWM3ZGVmMTg2OjE3MTc5NjcyMDIuNTI6cHJldmlldw==

23 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
selectionvalidesrv.mydurable.com/
Redirect Chain
  • https://391622.seu2.cleverreach.com/cp/96084343/0a256ff41-sf8cep
  • https://selectionvalidesrv.mydurable.com/?pt=NjYxY2RlNDE3ZjUwMWU4NWM3ZGVmMTg2OjE3MTc5NjcyMDIuNTI6cHJldmlldw==
24 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://selectionvalidesrv.mydurable.com/?pt=NjYxY2RlNDE3ZjUwMWU4NWM3ZGVmMTg2OjE3MTc5NjcyMDIuNTI6cHJldmlldw==
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.152.105 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Next.js
Resource Hash
194910d5893901fe3ea8d5fa35b1720515b1e9c269fd0e6c918adbad7a9ae87f
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: http: https: 'self' https://*.durable.co 'unsafe-inline' *.durable.co 'unsafe-eval';
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options ALLOWALL
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
private, no-cache, no-store, max-age=0, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
8a8c6c25f96588c2-LHR
content-encoding
br
content-security-policy
default-src * data: blob: http: https: 'self' https://*.durable.co 'unsafe-inline' *.durable.co 'unsafe-eval';
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
unsafe-none
cross-origin-opener-policy
cross-origin
cross-origin-resource-policy
cross-origin
date
Thu, 25 Jul 2024 13:16:05 GMT
permissions-policy
fullscreen=*
referrer-policy
same-origin
server
cloudflare
strict-transport-security
max-age=63072000
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
ALLOWALL
x-powered-by
Next.js
x-xss-protection
1; mode=block

Redirect headers

cache-control
no-store, no-cache, must-revalidate
content-length
419
content-type
text/html; charset=UTF-8
date
Thu, 25 Jul 2024 13:16:05 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
location
https://selectionvalidesrv.mydurable.com/?pt=NjYxY2RlNDE3ZjUwMWU4NWM3ZGVmMTg2OjE3MTc5NjcyMDIuNTI6cHJldmlldw==
pragma
no-cache
server
Apache
x-cr-i
stats-eu2-i-064a4a6472b5d400e D=97077 t=1721913365253284
0f2bea922db6fa31.css
selectionvalidesrv.mydurable.com/_next/static/css/ 		72 KB
14 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://selectionvalidesrv.mydurable.com/_next/static/css/0f2bea922db6fa31.css
Requested by
Host: selectionvalidesrv.mydurable.com
URL: https://selectionvalidesrv.mydurable.com/?pt=NjYxY2RlNDE3ZjUwMWU4NWM3ZGVmMTg2OjE3MTc5NjcyMDIuNTI6cHJldmlldw==
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.152.105 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
391c4d15ed3af47997e00cd18881cb97877898dbb8eebe5033b28a72311679d0
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: http: https: 'self' https://*.durable.co 'unsafe-inline' *.durable.co 'unsafe-eval';
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options ALLOWALL
X-Xss-Protection 1; mode=block

Request headers

Referer
https://selectionvalidesrv.mydurable.com/?pt=NjYxY2RlNDE3ZjUwMWU4NWM3ZGVmMTg2OjE3MTc5NjcyMDIuNTI6cHJldmlldw==
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 13:16:05 GMT
content-security-policy
default-src * data: blob: http: https: 'self' https://*.durable.co 'unsafe-inline' *.durable.co 'unsafe-eval';
x-content-type-options
nosniff
strict-transport-security
max-age=63072000
cf-cache-status
HIT
age
61025
cross-origin-embedder-policy
unsafe-none
content-encoding
br
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
same-origin
cf-bgj
minify
last-modified
Thu, 18 Jul 2024 23:29:46 GMT
cross-origin-opener-policy
cross-origin
server
cloudflare
etag
W/"11ed9-190c82e28f4"
vary
Accept-Encoding
x-frame-options
ALLOWALL
content-type
text/css; charset=UTF-8
cache-control
public, max-age=31536000
permissions-policy
fullscreen=*
cf-ray
8a8c6c271b0188c2-LHR
expires
Fri, 25 Jul 2025 13:16:05 GMT
6ad5f70cb56137d7.css
selectionvalidesrv.mydurable.com/_next/static/css/ 		11 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://selectionvalidesrv.mydurable.com/_next/static/css/6ad5f70cb56137d7.css
Requested by
Host: selectionvalidesrv.mydurable.com
URL: https://selectionvalidesrv.mydurable.com/?pt=NjYxY2RlNDE3ZjUwMWU4NWM3ZGVmMTg2OjE3MTc5NjcyMDIuNTI6cHJldmlldw==
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.152.105 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b98d67a1ccd7e915daf33d3c906fc5a3768735ace1dae3782bea62b3e937405f
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: http: https: 'self' https://*.durable.co 'unsafe-inline' *.durable.co 'unsafe-eval';
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options ALLOWALL
X-Xss-Protection 1; mode=block

Request headers

Referer
https://selectionvalidesrv.mydurable.com/?pt=NjYxY2RlNDE3ZjUwMWU4NWM3ZGVmMTg2OjE3MTc5NjcyMDIuNTI6cHJldmlldw==
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 13:16:05 GMT
content-security-policy
default-src * data: blob: http: https: 'self' https://*.durable.co 'unsafe-inline' *.durable.co 'unsafe-eval';
x-content-type-options
nosniff
strict-transport-security
max-age=63072000
cf-cache-status
HIT
age
61025
cross-origin-embedder-policy
unsafe-none
cf-polished
origSize=11055
content-encoding
br
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
same-origin
cf-bgj
minify
last-modified
Thu, 18 Jul 2024 23:29:46 GMT
cross-origin-opener-policy
cross-origin
server
cloudflare
etag
W/"2b2f-190c82e28f4"
vary
Accept-Encoding
x-frame-options
ALLOWALL
content-type
text/css; charset=UTF-8
cache-control
public, max-age=31536000
permissions-policy
fullscreen=*
cf-ray
8a8c6c272b1b88c2-LHR
expires
Fri, 25 Jul 2025 13:16:05 GMT
7626.ac0639dd20ca5967.js
selectionvalidesrv.mydurable.com/_next/static/chunks/ 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://selectionvalidesrv.mydurable.com/_next/static/chunks/7626.ac0639dd20ca5967.js
Requested by
Host: selectionvalidesrv.mydurable.com
URL: https://selectionvalidesrv.mydurable.com/?pt=NjYxY2RlNDE3ZjUwMWU4NWM3ZGVmMTg2OjE3MTc5NjcyMDIuNTI6cHJldmlldw==
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.152.105 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6a9bc714444335a36de0317bd9e1d2a87a11c638dc38283d4a9903b2ca5fa6a9
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: http: https: 'self' https://*.durable.co 'unsafe-inline' *.durable.co 'unsafe-eval';
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options ALLOWALL
X-Xss-Protection 1; mode=block

Request headers

Referer
https://selectionvalidesrv.mydurable.com/?pt=NjYxY2RlNDE3ZjUwMWU4NWM3ZGVmMTg2OjE3MTc5NjcyMDIuNTI6cHJldmlldw==
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 13:16:05 GMT
content-security-policy
default-src * data: blob: http: https: 'self' https://*.durable.co 'unsafe-inline' *.durable.co 'unsafe-eval';
x-content-type-options
nosniff
strict-transport-security
max-age=63072000
cf-cache-status
HIT
age
61025
cross-origin-embedder-policy
unsafe-none
content-encoding
br
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
same-origin
cf-bgj
minify
last-modified
Thu, 18 Jul 2024 23:29:46 GMT
cross-origin-opener-policy
cross-origin
server
cloudflare
etag
W/"169c-190c82e28f8"
vary
Accept-Encoding
x-frame-options
ALLOWALL
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000
permissions-policy
fullscreen=*
cf-ray
8a8c6c275b5b88c2-LHR
expires
Fri, 25 Jul 2025 13:16:05 GMT
866.6ab5c1abcdd1f57a.js
selectionvalidesrv.mydurable.com/_next/static/chunks/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://selectionvalidesrv.mydurable.com/_next/static/chunks/866.6ab5c1abcdd1f57a.js
Requested by
Host: selectionvalidesrv.mydurable.com
URL: https://selectionvalidesrv.mydurable.com/?pt=NjYxY2RlNDE3ZjUwMWU4NWM3ZGVmMTg2OjE3MTc5NjcyMDIuNTI6cHJldmlldw==
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.152.105 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a73261f1c70ffc1572b62d37199a2847242cb52538d5d9f2de7b3ba0a095a053
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: http: https: 'self' https://*.durable.co 'unsafe-inline' *.durable.co 'unsafe-eval';
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options ALLOWALL
X-Xss-Protection 1; mode=block

Request headers

Referer
https://selectionvalidesrv.mydurable.com/?pt=NjYxY2RlNDE3ZjUwMWU4NWM3ZGVmMTg2OjE3MTc5NjcyMDIuNTI6cHJldmlldw==
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 13:16:05 GMT
content-security-policy
default-src * data: blob: http: https: 'self' https://*.durable.co 'unsafe-inline' *.durable.co 'unsafe-eval';
x-content-type-options
nosniff
strict-transport-security
max-age=63072000
cf-cache-status
HIT
age
61025
cross-origin-embedder-policy
unsafe-none
content-encoding
br
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
same-origin
cf-bgj
minify
last-modified
Thu, 18 Jul 2024 23:29:46 GMT
cross-origin-opener-policy
cross-origin
server
cloudflare
etag
W/"173c-190c82e28f8"
vary
Accept-Encoding
x-frame-options
ALLOWALL
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000
permissions-policy
fullscreen=*
cf-ray
8a8c6c275b5e88c2-LHR
expires
Fri, 25 Jul 2025 13:16:05 GMT
webpack-3f1823125257c88e.js
selectionvalidesrv.mydurable.com/_next/static/chunks/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://selectionvalidesrv.mydurable.com/_next/static/chunks/webpack-3f1823125257c88e.js
Requested by
Host: selectionvalidesrv.mydurable.com
URL: https://selectionvalidesrv.mydurable.com/?pt=NjYxY2RlNDE3ZjUwMWU4NWM3ZGVmMTg2OjE3MTc5NjcyMDIuNTI6cHJldmlldw==
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.152.105 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5e14a5145c4880aea373a065870817137cccca748789450a3e7198b3dad05010
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: http: https: 'self' https://*.durable.co 'unsafe-inline' *.durable.co 'unsafe-eval';
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options ALLOWALL
X-Xss-Protection 1; mode=block

Request headers

Referer
https://selectionvalidesrv.mydurable.com/?pt=NjYxY2RlNDE3ZjUwMWU4NWM3ZGVmMTg2OjE3MTc5NjcyMDIuNTI6cHJldmlldw==
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 13:16:05 GMT
content-security-policy
default-src * data: blob: http: https: 'self' https://*.durable.co 'unsafe-inline' *.durable.co 'unsafe-eval';
x-content-type-options
nosniff
strict-transport-security
max-age=63072000
cf-cache-status
HIT
age
61025
cross-origin-embedder-policy
unsafe-none
content-encoding
br
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
same-origin
cf-bgj
minify
last-modified
Thu, 18 Jul 2024 23:29:46 GMT
cross-origin-opener-policy
cross-origin
server
cloudflare
etag
W/"190f-190c82e28f8"
vary
Accept-Encoding
x-frame-options
ALLOWALL
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000
permissions-policy
fullscreen=*
cf-ray
8a8c6c275b6288c2-LHR
expires
Fri, 25 Jul 2025 13:16:05 GMT
framework-d805b48c0466ba30.js
selectionvalidesrv.mydurable.com/_next/static/chunks/ 		127 KB
42 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://selectionvalidesrv.mydurable.com/_next/static/chunks/framework-d805b48c0466ba30.js
Requested by
Host: selectionvalidesrv.mydurable.com
URL: https://selectionvalidesrv.mydurable.com/?pt=NjYxY2RlNDE3ZjUwMWU4NWM3ZGVmMTg2OjE3MTc5NjcyMDIuNTI6cHJldmlldw==
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.152.105 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cb62819483372cbdc1a8c3ecfe97992226ab8481113fb9c5615cce42d484c079
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: http: https: 'self' https://*.durable.co 'unsafe-inline' *.durable.co 'unsafe-eval';
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options ALLOWALL
X-Xss-Protection 1; mode=block

Request headers

Referer
https://selectionvalidesrv.mydurable.com/?pt=NjYxY2RlNDE3ZjUwMWU4NWM3ZGVmMTg2OjE3MTc5NjcyMDIuNTI6cHJldmlldw==
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 13:16:05 GMT
content-security-policy
default-src * data: blob: http: https: 'self' https://*.durable.co 'unsafe-inline' *.durable.co 'unsafe-eval';
x-content-type-options
nosniff
strict-transport-security
max-age=63072000
cf-cache-status
HIT
age
61025
cross-origin-embedder-policy
unsafe-none
content-encoding
br
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
same-origin
cf-bgj
minify
last-modified
Thu, 18 Jul 2024 23:29:46 GMT
cross-origin-opener-policy
cross-origin
server
cloudflare
etag
W/"1fbd2-190c82e28fc"
vary
Accept-Encoding
x-frame-options
ALLOWALL
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000
permissions-policy
fullscreen=*
cf-ray
8a8c6c275b6688c2-LHR
expires
Fri, 25 Jul 2025 13:16:05 GMT
main-d23a437884bebb8d.js
selectionvalidesrv.mydurable.com/_next/static/chunks/ 		122 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://selectionvalidesrv.mydurable.com/_next/static/chunks/main-d23a437884bebb8d.js
Requested by
Host: selectionvalidesrv.mydurable.com
URL: https://selectionvalidesrv.mydurable.com/?pt=NjYxY2RlNDE3ZjUwMWU4NWM3ZGVmMTg2OjE3MTc5NjcyMDIuNTI6cHJldmlldw==
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.152.105 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1acc61b82103ea212459000b3b17d6bd28d21d8570861035f9dd29748e1cb351
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: http: https: 'self' https://*.durable.co 'unsafe-inline' *.durable.co 'unsafe-eval';
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options ALLOWALL
X-Xss-Protection 1; mode=block

Request headers

Referer
https://selectionvalidesrv.mydurable.com/?pt=NjYxY2RlNDE3ZjUwMWU4NWM3ZGVmMTg2OjE3MTc5NjcyMDIuNTI6cHJldmlldw==
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 13:16:05 GMT
content-security-policy
default-src * data: blob: http: https: 'self' https://*.durable.co 'unsafe-inline' *.durable.co 'unsafe-eval';
x-content-type-options
nosniff
strict-transport-security
max-age=63072000
cf-cache-status
HIT
age
61025
cross-origin-embedder-policy
unsafe-none
cf-polished
origSize=124745
content-encoding
br
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
same-origin
cf-bgj
minify
last-modified
Thu, 18 Jul 2024 23:29:46 GMT
cross-origin-opener-policy
cross-origin
server
cloudflare
etag
W/"1e749-190c82e28f4"
vary
Accept-Encoding
x-frame-options
ALLOWALL
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000
permissions-policy
fullscreen=*
cf-ray
8a8c6c275b6988c2-LHR
expires
Fri, 25 Jul 2025 13:16:05 GMT
_app-e4dda47183cac0dc.js
selectionvalidesrv.mydurable.com/_next/static/chunks/pages/ 		71 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://selectionvalidesrv.mydurable.com/_next/static/chunks/pages/_app-e4dda47183cac0dc.js
Requested by
Host: selectionvalidesrv.mydurable.com
URL: https://selectionvalidesrv.mydurable.com/?pt=NjYxY2RlNDE3ZjUwMWU4NWM3ZGVmMTg2OjE3MTc5NjcyMDIuNTI6cHJldmlldw==
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.152.105 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fbd5733811de096a626d68b4e272aa51533344104049733ff7f151e00cf9e60a
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: http: https: 'self' https://*.durable.co 'unsafe-inline' *.durable.co 'unsafe-eval';
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options ALLOWALL
X-Xss-Protection 1; mode=block

Request headers

Referer
https://selectionvalidesrv.mydurable.com/?pt=NjYxY2RlNDE3ZjUwMWU4NWM3ZGVmMTg2OjE3MTc5NjcyMDIuNTI6cHJldmlldw==
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 13:16:05 GMT
content-security-policy
default-src * data: blob: http: https: 'self' https://*.durable.co 'unsafe-inline' *.durable.co 'unsafe-eval';
x-content-type-options
nosniff
strict-transport-security
max-age=63072000
cf-cache-status
HIT
age
61025
cross-origin-embedder-policy
unsafe-none
content-encoding
br
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
same-origin
cf-bgj
minify
last-modified
Thu, 18 Jul 2024 23:29:46 GMT
cross-origin-opener-policy
cross-origin
server
cloudflare
etag
W/"11ddb-190c82e28f4"
vary
Accept-Encoding
x-frame-options
ALLOWALL
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000
permissions-policy
fullscreen=*
cf-ray
8a8c6c275b6c88c2-LHR
expires
Fri, 25 Jul 2025 13:16:05 GMT
4590-8e7742d8552824fb.js
selectionvalidesrv.mydurable.com/_next/static/chunks/ 		602 KB
156 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://selectionvalidesrv.mydurable.com/_next/static/chunks/4590-8e7742d8552824fb.js
Requested by
Host: selectionvalidesrv.mydurable.com
URL: https://selectionvalidesrv.mydurable.com/?pt=NjYxY2RlNDE3ZjUwMWU4NWM3ZGVmMTg2OjE3MTc5NjcyMDIuNTI6cHJldmlldw==
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.152.105 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6effe9c9237a05f3dbca39cba5048af941dbdbdd863928e8f5865fcb6fe0de6b
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: http: https: 'self' https://*.durable.co 'unsafe-inline' *.durable.co 'unsafe-eval';
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options ALLOWALL
X-Xss-Protection 1; mode=block

Request headers

Referer
https://selectionvalidesrv.mydurable.com/?pt=NjYxY2RlNDE3ZjUwMWU4NWM3ZGVmMTg2OjE3MTc5NjcyMDIuNTI6cHJldmlldw==
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 13:16:05 GMT
content-security-policy
default-src * data: blob: http: https: 'self' https://*.durable.co 'unsafe-inline' *.durable.co 'unsafe-eval';
x-content-type-options
nosniff
strict-transport-security
max-age=63072000
cf-cache-status
HIT
age
61025
cross-origin-embedder-policy
unsafe-none
cf-polished
origSize=616395
content-encoding
br
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
same-origin
cf-bgj
minify
last-modified
Thu, 18 Jul 2024 23:29:46 GMT
cross-origin-opener-policy
cross-origin
server
cloudflare
etag
W/"967cb-190c82e28fc"
vary
Accept-Encoding
x-frame-options
ALLOWALL
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000
permissions-policy
fullscreen=*
cf-ray
8a8c6c275b6d88c2-LHR
expires
Fri, 25 Jul 2025 13:16:05 GMT
1942-39acef23174e69da.js
selectionvalidesrv.mydurable.com/_next/static/chunks/ 		94 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://selectionvalidesrv.mydurable.com/_next/static/chunks/1942-39acef23174e69da.js
Requested by
Host: selectionvalidesrv.mydurable.com
URL: https://selectionvalidesrv.mydurable.com/?pt=NjYxY2RlNDE3ZjUwMWU4NWM3ZGVmMTg2OjE3MTc5NjcyMDIuNTI6cHJldmlldw==
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.152.105 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
42dc4801ea98d14e13edd4c5881fc5e43e6ec433ea279013cbc70d2d103e74a4
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: http: https: 'self' https://*.durable.co 'unsafe-inline' *.durable.co 'unsafe-eval';
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options ALLOWALL
X-Xss-Protection 1; mode=block

Request headers

Referer
https://selectionvalidesrv.mydurable.com/?pt=NjYxY2RlNDE3ZjUwMWU4NWM3ZGVmMTg2OjE3MTc5NjcyMDIuNTI6cHJldmlldw==
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 13:16:05 GMT
content-security-policy
default-src * data: blob: http: https: 'self' https://*.durable.co 'unsafe-inline' *.durable.co 'unsafe-eval';
x-content-type-options
nosniff
strict-transport-security
max-age=63072000
cf-cache-status
HIT
age
61025
cross-origin-embedder-policy
unsafe-none
content-encoding
br
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
same-origin
cf-bgj
minify
last-modified
Thu, 18 Jul 2024 23:29:46 GMT
cross-origin-opener-policy
cross-origin
server
cloudflare
etag
W/"17891-190c82e2900"
vary
Accept-Encoding
x-frame-options
ALLOWALL
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000
permissions-policy
fullscreen=*
cf-ray
8a8c6c275b7288c2-LHR
expires
Fri, 25 Jul 2025 13:16:05 GMT
%5B%5B...slug%5D%5D-fef3ca0b6e6347de.js
selectionvalidesrv.mydurable.com/_next/static/chunks/pages/ 		27 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://selectionvalidesrv.mydurable.com/_next/static/chunks/pages/%5B%5B...slug%5D%5D-fef3ca0b6e6347de.js
Requested by
Host: selectionvalidesrv.mydurable.com
URL: https://selectionvalidesrv.mydurable.com/?pt=NjYxY2RlNDE3ZjUwMWU4NWM3ZGVmMTg2OjE3MTc5NjcyMDIuNTI6cHJldmlldw==
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.152.105 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1189d6ac64084af93418d05a0acec1094de7cd3057cff6de2915fd740083277b
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: http: https: 'self' https://*.durable.co 'unsafe-inline' *.durable.co 'unsafe-eval';
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options ALLOWALL
X-Xss-Protection 1; mode=block

Request headers

Referer
https://selectionvalidesrv.mydurable.com/?pt=NjYxY2RlNDE3ZjUwMWU4NWM3ZGVmMTg2OjE3MTc5NjcyMDIuNTI6cHJldmlldw==
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 13:16:05 GMT
content-security-policy
default-src * data: blob: http: https: 'self' https://*.durable.co 'unsafe-inline' *.durable.co 'unsafe-eval';
x-content-type-options
nosniff
strict-transport-security
max-age=63072000
cf-cache-status
HIT
age
61025
cross-origin-embedder-policy
unsafe-none
content-encoding
br
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
same-origin
cf-bgj
minify
last-modified
Thu, 18 Jul 2024 23:29:46 GMT
cross-origin-opener-policy
cross-origin
server
cloudflare
etag
W/"6b03-190c82e28f4"
vary
Accept-Encoding
x-frame-options
ALLOWALL
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000
permissions-policy
fullscreen=*
cf-ray
8a8c6c275b7988c2-LHR
expires
Fri, 25 Jul 2025 13:16:05 GMT
_buildManifest.js
selectionvalidesrv.mydurable.com/_next/static/BH6kWXDmol3UXLkEuzQ7F/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://selectionvalidesrv.mydurable.com/_next/static/BH6kWXDmol3UXLkEuzQ7F/_buildManifest.js
Requested by
Host: selectionvalidesrv.mydurable.com
URL: https://selectionvalidesrv.mydurable.com/?pt=NjYxY2RlNDE3ZjUwMWU4NWM3ZGVmMTg2OjE3MTc5NjcyMDIuNTI6cHJldmlldw==
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.152.105 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ac67b804ddced33309ad16f8ea4b807335c81287bcaf8e41c7b0a7016a7c5772
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: http: https: 'self' https://*.durable.co 'unsafe-inline' *.durable.co 'unsafe-eval';
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options ALLOWALL
X-Xss-Protection 1; mode=block

Request headers

Referer
https://selectionvalidesrv.mydurable.com/?pt=NjYxY2RlNDE3ZjUwMWU4NWM3ZGVmMTg2OjE3MTc5NjcyMDIuNTI6cHJldmlldw==
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 13:16:05 GMT
content-security-policy
default-src * data: blob: http: https: 'self' https://*.durable.co 'unsafe-inline' *.durable.co 'unsafe-eval';
x-content-type-options
nosniff
strict-transport-security
max-age=63072000
cf-cache-status
HIT
age
61025
cross-origin-embedder-policy
unsafe-none
content-encoding
br
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
same-origin
cf-bgj
minify
last-modified
Thu, 18 Jul 2024 23:29:46 GMT
cross-origin-opener-policy
cross-origin
server
cloudflare
etag
W/"7e8-190c82e28f4"
vary
Accept-Encoding
x-frame-options
ALLOWALL
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000
permissions-policy
fullscreen=*
cf-ray
8a8c6c275b7d88c2-LHR
expires
Fri, 25 Jul 2025 13:16:05 GMT
_ssgManifest.js
selectionvalidesrv.mydurable.com/_next/static/BH6kWXDmol3UXLkEuzQ7F/ 		77 B
541 B 		Script
General
Check archive.org
Download Go to
Full URL
https://selectionvalidesrv.mydurable.com/_next/static/BH6kWXDmol3UXLkEuzQ7F/_ssgManifest.js
Requested by
Host: selectionvalidesrv.mydurable.com
URL: https://selectionvalidesrv.mydurable.com/?pt=NjYxY2RlNDE3ZjUwMWU4NWM3ZGVmMTg2OjE3MTc5NjcyMDIuNTI6cHJldmlldw==
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.152.105 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6f5b4aa00d2f8d6aed9935b471806bf7acef464d0c1d390260e5fe27f800c67e
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: http: https: 'self' https://*.durable.co 'unsafe-inline' *.durable.co 'unsafe-eval';
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options ALLOWALL
X-Xss-Protection 1; mode=block

Request headers

Referer
https://selectionvalidesrv.mydurable.com/?pt=NjYxY2RlNDE3ZjUwMWU4NWM3ZGVmMTg2OjE3MTc5NjcyMDIuNTI6cHJldmlldw==
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 13:16:05 GMT
content-security-policy
default-src * data: blob: http: https: 'self' https://*.durable.co 'unsafe-inline' *.durable.co 'unsafe-eval';
x-content-type-options
nosniff
strict-transport-security
max-age=63072000
cf-cache-status
HIT
age
61025
cross-origin-embedder-policy
unsafe-none
content-encoding
br
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
same-origin
cf-bgj
minify
last-modified
Thu, 18 Jul 2024 23:29:46 GMT
cross-origin-opener-policy
cross-origin
server
cloudflare
etag
W/"4d-190c82e28f4"
vary
Accept-Encoding
x-frame-options
ALLOWALL
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000
permissions-policy
fullscreen=*
cf-ray
8a8c6c275b7e88c2-LHR
expires
Fri, 25 Jul 2025 13:16:05 GMT
css2
fonts.googleapis.com/ 		9 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700&display=swap
Requested by
Host: selectionvalidesrv.mydurable.com
URL: https://selectionvalidesrv.mydurable.com/_next/static/css/0f2bea922db6fa31.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
77190354256d2bb6e2f740715bbc72c1af70ec722773ab27bd7ddd63dac90529
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Thu, 25 Jul 2024 13:16:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Thu, 25 Jul 2024 12:10:13 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 25 Jul 2024 13:16:05 GMT
UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
fonts.gstatic.com/s/inter/v13/ 		46 KB
46 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
88df0b5a7bc397dbc13a26bb8b3742cc62cd1c9b0dded57da7832416d6f52f42
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://selectionvalidesrv.mydurable.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Tue, 23 Jul 2024 11:48:26 GMT
x-content-type-options
nosniff
age
178059
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
46704
x-xss-protection
0
last-modified
Wed, 13 Sep 2023 23:49:07 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 23 Jul 2025 11:48:26 GMT
get-info-by-business
api.durable.co/office/ 		362 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.durable.co/office/get-info-by-business?idBusiness=661cde407f501e85c7def176
Requested by
Host: selectionvalidesrv.mydurable.com
URL: https://selectionvalidesrv.mydurable.com/_next/static/chunks/4590-8e7742d8552824fb.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700:4400::ac40:979a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
94d67d7666dad300d3635e82843907f118a485eea3250769603e7a7b0072a460
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
application/json
Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 13:16:06 GMT
content-security-policy
default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
cf-cache-status
DYNAMIC
x-permitted-cross-domain-policies
none
content-encoding
br
cross-origin-embedder-policy
require-corp
x-dns-prefetch-control
off
cross-origin-resource-policy
same-origin
x-xss-protection
0
referrer-policy
no-referrer
server
cloudflare
cross-origin-opener-policy
same-origin
etag
W/"16a-IL+wuQtazWQtWqNVI1oVnEOd310"
expect-ct
max-age=0
x-ratelimit-remaining
998
vary
Origin, Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://selectionvalidesrv.mydurable.com
origin-agent-cluster
?1
access-control-expose-headers
no-business,Transfer-Encoding,Connection,Keep-Alive,X-Accel-Buffering
x-frame-options
SAMEORIGIN
access-control-allow-credentials
true
permissions-policy
x-ratelimit-reset
1721913367
x-ratelimit-limit
1000
cf-ray
8a8c6c2dce949eb2-CDG
x-download-options
noopen
css2
fonts.googleapis.com/ 		34 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Ubuntu:wght@400;500;600;700;800&family=Open+Sans:wght@400;500;600;700;800&display=swap
Requested by
Host: selectionvalidesrv.mydurable.com
URL: https://selectionvalidesrv.mydurable.com/_next/static/chunks/main-d23a437884bebb8d.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
2666e8c3cd6b0f4053dffaa30fd83f064f79799270ce9e4901fb8aa844b355a1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Thu, 25 Jul 2024 13:16:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Thu, 25 Jul 2024 13:16:06 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 25 Jul 2024 13:16:06 GMT
favicon.ico
selectionvalidesrv.mydurable.com/ 		11 KB
4 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://selectionvalidesrv.mydurable.com/favicon.ico
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.152.105 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Next.js
Resource Hash
ee30b463dc454309fb7ed701dc6735727d385329f69c2829ba89d17d118f19fe
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: http: https: 'self' https://*.durable.co 'unsafe-inline' *.durable.co 'unsafe-eval';
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options ALLOWALL
X-Xss-Protection 1; mode=block

Request headers

Referer
https://selectionvalidesrv.mydurable.com/?pt=NjYxY2RlNDE3ZjUwMWU4NWM3ZGVmMTg2OjE3MTc5NjcyMDIuNTI6cHJldmlldw==
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 13:16:06 GMT
content-security-policy
default-src * data: blob: http: https: 'self' https://*.durable.co 'unsafe-inline' *.durable.co 'unsafe-eval';
x-content-type-options
nosniff
cf-cache-status
MISS
content-encoding
br
strict-transport-security
max-age=63072000
cross-origin-embedder-policy
unsafe-none
x-powered-by
Next.js
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
same-origin
server
cloudflare
cross-origin-opener-policy
cross-origin
x-frame-options
ALLOWALL
vary
Accept-Encoding
content-type
text/html; charset=utf-8
cache-control
private, no-cache, no-store, max-age=0, must-revalidate
permissions-policy
fullscreen=*
cf-ray
8a8c6c2d5b4c88c2-LHR
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v40/ 		47 KB
47 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Ubuntu:wght@400;500;600;700;800&family=Open+Sans:wght@400;500;600;700;800&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://selectionvalidesrv.mydurable.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Tue, 23 Jul 2024 14:56:39 GMT
x-content-type-options
nosniff
age
166767
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
48236
x-xss-protection
0
last-modified
Thu, 14 Dec 2023 02:08:40 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 23 Jul 2025 14:56:39 GMT
markup-local-business-images
api.durable.co/seo/ 		78 B
801 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.durable.co/seo/markup-local-business-images?idBusiness=661cde407f501e85c7def176
Requested by
Host: selectionvalidesrv.mydurable.com
URL: https://selectionvalidesrv.mydurable.com/_next/static/chunks/4590-8e7742d8552824fb.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700:4400::ac40:979a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d2161dce017ed2425a0765af0da54937b2f043fa76eedd23a082a7a2b3c9007d
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
application/json
Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 13:16:06 GMT
content-security-policy
default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
cf-cache-status
DYNAMIC
x-permitted-cross-domain-policies
none
content-encoding
br
cross-origin-embedder-policy
require-corp
x-dns-prefetch-control
off
content-security-policy-report-only
script-src 'none'; connect-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=0U.p4LCz8sI1q3OX1oB3PseDslVos0MCTzoMkp5Zjq4-1721913366-1.0.1.1-5U4ccJeiApAdUSCJX5MoLKwd1WXaBjcPl0iXNF8wHODbESVtf8ZD25L6pSp5w7ByMj2Y1TrhQLM4nYOIFj_HSH88.49Nrp5RW3GHy4cvQIRFTGYTMQ.WTzFpfuFa0zj3gGQ_qzZVqv5ZwQHuGBetMg; report-to cf-csp-endpoint
cross-origin-resource-policy
same-origin
x-xss-protection
0
referrer-policy
no-referrer
server
cloudflare
cross-origin-opener-policy
same-origin
etag
W/"4e-uplWGmkikHI2QjoId8fLTmxZkV4"
expect-ct
max-age=0
x-ratelimit-remaining
997
vary
Origin, Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://selectionvalidesrv.mydurable.com
origin-agent-cluster
?1
access-control-expose-headers
no-business,Transfer-Encoding,Connection,Keep-Alive,X-Accel-Buffering
x-frame-options
SAMEORIGIN
access-control-allow-credentials
true
permissions-policy
x-ratelimit-reset
1721913368
x-ratelimit-limit
1000
report-to
{"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=0U.p4LCz8sI1q3OX1oB3PseDslVos0MCTzoMkp5Zjq4-1721913366-1.0.1.1-5U4ccJeiApAdUSCJX5MoLKwd1WXaBjcPl0iXNF8wHODbESVtf8ZD25L6pSp5w7ByMj2Y1TrhQLM4nYOIFj_HSH88.49Nrp5RW3GHy4cvQIRFTGYTMQ.WTzFpfuFa0zj3gGQ_qzZVqv5ZwQHuGBetMg"}],"group":"cf-csp-endpoint","max_age":86400}
cf-ray
8a8c6c2e6f389eb2-CDG
x-download-options
noopen
Primary Request /
sofacteuspro-e58ea7.ingress-haven.ewp.live/wp-content/themes/twentytwentyfour/transferwe4ae/ 		65 KB
44 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://sofacteuspro-e58ea7.ingress-haven.ewp.live/wp-content/themes/twentytwentyfour/transferwe4ae/
Requested by
Host: selectionvalidesrv.mydurable.com
URL: https://selectionvalidesrv.mydurable.com/_next/static/chunks/7626.ac0639dd20ca5967.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
63.250.43.145 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
ingress-haven.ewp.live
Software
nginx /
Resource Hash
c30b96434a06bedceffa17c8e636276fc683a73870e20c9ebdb8725cff0e7c80
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
age
648
cache-control
no-store, no-cache, must-revalidate, public
content-encoding
gzip
content-length
44561
content-type
text/html; charset=UTF-8
date
Thu, 25 Jul 2024 13:05:20 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
nginx
strict-transport-security
max-age=15768000
vary
Accept-Encoding
x-cache
HIT
x-cacheable
YES
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
truncated
/ 		26 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
cd48f671930ab0900ed0ad0b62e2a68ad3a16e32b9b3d65d453724fabdd35a6d

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		7 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
db307fcef7f95139689007d7a623b340ec21282bd421c4e4b2ba09078f230545

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		9 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f3fd9c95b91ee26b801a180227a706bfe7812f90f5dfdb6f03624ac3f627fdb3

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
favicon.ico
sofacteuspro-e58ea7.ingress-haven.ewp.live/ 		0
145 B 		Other
General
Check archive.org
Download Go to
Full URL
https://sofacteuspro-e58ea7.ingress-haven.ewp.live/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
63.250.43.145 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
ingress-haven.ewp.live
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

Referer
https://sofacteuspro-e58ea7.ingress-haven.ewp.live/wp-content/themes/twentytwentyfour/transferwe4ae/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 13:05:23 GMT
strict-transport-security
max-age=15768000
server
nginx
age
645
x-cache
HIT
content-type
image/png
cache-control
max-age=315360000
expires
Thu, 31 Dec 2037 23:55:55 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Sharepoint (Online)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| showHide

8 Cookies

Domain/Path Name / Value
391622.seu2.cleverreach.com/ Name: PHPSESSID
Value: 8%2CmoeMUuYEAGZuXdHH5nUUu02nhJor%2CJn4ZknmuANPR4LQnJ
391622.seu2.cleverreach.com/ Name: cr_user
Value: 1
391622.seu2.cleverreach.com/ Name: cr_client
Value: 391622
391622.seu2.cleverreach.com/ Name: cr_mailing
Value: 15402749
selectionvalidesrv.mydurable.com/ Name: pt
Value: NjYxY2RlNDE3ZjUwMWU4NWM3ZGVmMTg2OjE3MTc5NjcyMDIuNTI6cHJldmlldw%3D%3D
selectionvalidesrv.mydurable.com/ Name: __cflb
Value: 02DiuH2r6T5i4sjob6QVCZZ79L4uYcDGbEaBYWmfdeFbJ
.durable.co/ Name: __cf_bm
Value: stpGeDOx8EjGCnrMQWXkHvZuhHcSz_t71BCNx2C47uU-1721913366-1.0.1.1-1Y8H6gew2Uq7_FCDPwAe5uArNJxglZB5Q5lGHsR4VF6QD53aygkmHMxw_h8nBSqHcmEV_I5PjMy4UWz2FUC3yg
api.durable.co/ Name: __cflb
Value: 0H28ustWbfGUSHkyDDZYvQjk86a1dP1U3krha6hsVLZ

1 Console Messages

Source Level URL
Text
recommendation verbose URL: https://sofacteuspro-e58ea7.ingress-haven.ewp.live/wp-content/themes/twentytwentyfour/transferwe4ae/
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src * data: blob: http: https: 'self' https://*.durable.co 'unsafe-inline' *.durable.co 'unsafe-eval';
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options ALLOWALL
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

391622.seu2.cleverreach.com
api.durable.co
fonts.googleapis.com
fonts.gstatic.com
selectionvalidesrv.mydurable.com
sofacteuspro-e58ea7.ingress-haven.ewp.live
172.64.152.105
2606:4700:4400::ac40:979a
2a00:1450:4001:80e::200a
2a00:1450:4001:829::2003
34.254.149.13
63.250.43.145
1189d6ac64084af93418d05a0acec1094de7cd3057cff6de2915fd740083277b
194910d5893901fe3ea8d5fa35b1720515b1e9c269fd0e6c918adbad7a9ae87f
1acc61b82103ea212459000b3b17d6bd28d21d8570861035f9dd29748e1cb351
2666e8c3cd6b0f4053dffaa30fd83f064f79799270ce9e4901fb8aa844b355a1
391c4d15ed3af47997e00cd18881cb97877898dbb8eebe5033b28a72311679d0
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
42dc4801ea98d14e13edd4c5881fc5e43e6ec433ea279013cbc70d2d103e74a4
5e14a5145c4880aea373a065870817137cccca748789450a3e7198b3dad05010
6a9bc714444335a36de0317bd9e1d2a87a11c638dc38283d4a9903b2ca5fa6a9
6effe9c9237a05f3dbca39cba5048af941dbdbdd863928e8f5865fcb6fe0de6b
6f5b4aa00d2f8d6aed9935b471806bf7acef464d0c1d390260e5fe27f800c67e
77190354256d2bb6e2f740715bbc72c1af70ec722773ab27bd7ddd63dac90529
88df0b5a7bc397dbc13a26bb8b3742cc62cd1c9b0dded57da7832416d6f52f42
94d67d7666dad300d3635e82843907f118a485eea3250769603e7a7b0072a460
a73261f1c70ffc1572b62d37199a2847242cb52538d5d9f2de7b3ba0a095a053
ac67b804ddced33309ad16f8ea4b807335c81287bcaf8e41c7b0a7016a7c5772
b98d67a1ccd7e915daf33d3c906fc5a3768735ace1dae3782bea62b3e937405f
c30b96434a06bedceffa17c8e636276fc683a73870e20c9ebdb8725cff0e7c80
cb62819483372cbdc1a8c3ecfe97992226ab8481113fb9c5615cce42d484c079
cd48f671930ab0900ed0ad0b62e2a68ad3a16e32b9b3d65d453724fabdd35a6d
d2161dce017ed2425a0765af0da54937b2f043fa76eedd23a082a7a2b3c9007d
db307fcef7f95139689007d7a623b340ec21282bd421c4e4b2ba09078f230545
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ee30b463dc454309fb7ed701dc6735727d385329f69c2829ba89d17d118f19fe
f3fd9c95b91ee26b801a180227a706bfe7812f90f5dfdb6f03624ac3f627fdb3
fbd5733811de096a626d68b4e272aa51533344104049733ff7f151e00cf9e60a