cr05828.tw1.ru Open in urlscan Pro
2a03:6f00:6:1::517:321b Public Scan

Go To Rescan
Add Verdict Report

URL:
http://cr05828.tw1.ru/Login/authentication.html
Submission: On August 25 via manual (August 25th 2023, 6:32:51 pm UTC) from US — Scanned from DE

Summary HTTP 54 Redirects Links 11 Behaviour Indicators

Summary

This website contacted 19 IPs in 3 countries across 16 domains to perform 54 HTTP transactions. The main IP is 2a03:6f00:6:1::517:321b, located in Warsaw, Poland and belongs to TIMEWEB-AS, RU. The main domain is cr05828.tw1.ru.

This is the only time cr05828.tw1.ru was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
5	2a03:6f00:6:1... 2a03:6f00:6:1::517:321b	9123 (TIMEWEB-AS) (TIMEWEB-AS)
13	23.45.102.162 23.45.102.162	16625 (AKAMAI-AS) (AKAMAI-AS)
9	2606:4700::68... 2606:4700::6812:82ec	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:810::2008	15169 (GOOGLE) (GOOGLE)
5	23.37.54.239 23.37.54.239	16625 (AKAMAI-AS) (AKAMAI-AS)
1	54.156.245.251 54.156.245.251	14618 (AMAZON-AES) (AMAZON-AES)
1	2606:4700:440... 2606:4700:4400::ac40:9b77	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a02:26f0:310... 2a02:26f0:3100::1735:2a32	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a00:1450:400... 2a00:1450:4001:802::2002	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f08... 2a03:2880:f084:105:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2600:9000:20e... 2600:9000:20eb:ea00:2:53b2:240:93a1	16509 (AMAZON-02) (AMAZON-02)
4 4	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a00:1450:400... 2a00:1450:4001:82b::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:830::2003	15169 (GOOGLE) (GOOGLE)
2	151.101.130.137 151.101.130.137	54113 (FASTLY) (FASTLY)
2	2a03:2880:f17... 2a03:2880:f177:185:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
4	162.247.241.14 162.247.241.14	23467 (NEWRELIC-...) (NEWRELIC-AS-1)
54	19

5 2a03:6f00:6:1::517:321b (Warsaw, Poland)

ASN9123 (TIMEWEB-AS, RU)

cr05828.tw1.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 23.45.102.162 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-45-102-162.deploy.static.akamaitechnologies.com

hcm.paycor.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2606:4700::6812:82ec (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 23.37.54.239 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-37-54-239.deploy.static.akamaitechnologies.com

secure.paycor.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.156.245.251 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-156-245-251.compute-1.amazonaws.com

999.paycor.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::ac40:9b77 (United States)

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3100::1735:2a32 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:802::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f084:105:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:20eb:ea00:2:53b2:240:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.linkedin.oribi.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:1ec:21::14 (United States) 4 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.130.137 (United States)

ASN54113 (FASTLY, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f177:185:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 162.247.241.14 (Portland, United States)

ASN23467 (NEWRELIC-AS-1, US)

bam.nr-data.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
19	paycor.com hcm.paycor.com — Cisco Umbrella Rank: 32035 secure.paycor.com — Cisco Umbrella Rank: 37025 999.paycor.com	608 KB
9	cookielaw.org cdn.cookielaw.org — Cisco Umbrella Rank: 354	154 KB
5	linkedin.com 4 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 357 www.linkedin.com — Cisco Umbrella Rank: 582 px4.ads.linkedin.com — Cisco Umbrella Rank: 6211	5 KB
5	tw1.ru cr05828.tw1.ru	52 KB
4	nr-data.net bam.nr-data.net — Cisco Umbrella Rank: 246	2 KB
3	bing.com bat.bing.com — Cisco Umbrella Rank: 356	13 KB
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 110	239 B
2	newrelic.com js-agent.newrelic.com — Cisco Umbrella Rank: 401	67 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 165	78 KB
1	google.de www.google.de — Cisco Umbrella Rank: 6490	455 B
1	google.com www.google.com — Cisco Umbrella Rank: 2	455 B
1	oribi.io cdn.linkedin.oribi.io — Cisco Umbrella Rank: 859	369 B
1	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 42	2 KB
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 772	5 KB
1	onetrust.com geolocation.onetrust.com — Cisco Umbrella Rank: 596	312 B
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 48	73 KB
54	16

	Domain	Requested by
13	hcm.paycor.com	cr05828.tw1.ru hcm.paycor.com
9	cdn.cookielaw.org	cr05828.tw1.ru hcm.paycor.com
5	secure.paycor.com	cr05828.tw1.ru secure.paycor.com
5	cr05828.tw1.ru	cr05828.tw1.ru
4	bam.nr-data.net	secure.paycor.com hcm.paycor.com
3	px.ads.linkedin.com	3 redirects
3	bat.bing.com	hcm.paycor.com cr05828.tw1.ru
2	www.facebook.com	cr05828.tw1.ru
2	js-agent.newrelic.com	secure.paycor.com hcm.paycor.com
2	connect.facebook.net	hcm.paycor.com
1	www.google.de	cr05828.tw1.ru
1	www.google.com	cr05828.tw1.ru
1	px4.ads.linkedin.com	cr05828.tw1.ru
1	www.linkedin.com	1 redirects
1	cdn.linkedin.oribi.io	hcm.paycor.com
1	googleads.g.doubleclick.net	hcm.paycor.com
1	snap.licdn.com	hcm.paycor.com
1	geolocation.onetrust.com	hcm.paycor.com
1	999.paycor.com	cr05828.tw1.ru
1	www.googletagmanager.com	hcm.paycor.com
54	20

This site contains links to these domains. Also see Links.

Domain
www.paycor.com
go.paycor.com
www.entrust.net
cookiepedia.co.uk
www.onetrust.com

Subject Issuer	Validity	Valid
demo.paycor.com GeoTrust RSA CA 2018	`2023-07-18` - `2024-06-13`	a year	crt.sh
cookielaw.org Cloudflare Inc ECC CA-3	`2023-04-01` - `2024-03-31`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-08-07` - `2023-10-30`	3 months	crt.sh
secure.paycor.com DigiCert SHA2 Extended Validation Server CA	`2023-02-08` - `2024-02-10`	a year	crt.sh
onetrust.com Cloudflare Inc ECC CA-3	`2022-12-13` - `2023-12-13`	a year	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-02-01` - `2024-01-31`	a year	crt.sh
www.bing.com Microsoft Azure TLS Issuing CA 05	`2023-07-26` - `2024-01-22`	6 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-08-07` - `2023-10-30`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-06-04` - `2023-09-02`	3 months	crt.sh
linkedin.oribi.io Amazon RSA 2048 M01	`2023-06-08` - `2024-07-07`	a year	crt.sh
www.google.com GTS CA 1C3	`2023-08-07` - `2023-10-30`	3 months	crt.sh
www.google.de GTS CA 1C3	`2023-08-07` - `2023-10-30`	3 months	crt.sh
js-agent.newrelic.com GlobalSign Atlas R3 DV TLS CA 2023 Q2	`2023-04-13` - `2024-05-14`	a year	crt.sh
*.nr-data.net DigiCert TLS RSA SHA256 2020 CA1	`2022-11-18` - `2023-12-19`	a year	crt.sh

This page contains 3 frames:

Primary Page: http://cr05828.tw1.ru/Login/authentication.html
Frame ID: 98D7752FC3773D65879ED26BD0C025EE
Requests: 41 HTTP requests in this frame

Frame: https://secure.paycor.com/accounts/content/clearstate.html
Frame ID: 5937C5B5EDEC60C8AEADED316DB3AAA5
Requests: 8 HTTP requests in this frame

Frame: https://hcm.paycor.com/paycorapp/xoss.html
Frame ID: E61992D7C8E0E81948F18F50CCC4A34C
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Paycor Secure Access Employee LoginBack ButtonSearch IconFilter Icon

Detected technologies

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

54
Requests

87 %
HTTPS

68 %
IPv6

16
Domains

20
Subdomains

19
IPs

3
Countries

1055 kB
Transfer

2527 kB
Size

16
Cookies

11 Outgoing links

These are links going to different origins than the main page.

URL: http://www.paycor.com/

Search URL Search Domain Scan URL

URL: http://www.paycor.com/search

Search URL Search Domain Scan URL

URL: http://www.paycor.com/contact
Title: Contact Us

Search URL Search Domain Scan URL

URL: http://go.paycor.com/demo
Title: Watch Demo

Search URL Search Domain Scan URL

URL: http://www.paycor.com/faqs
Title: ?

Search URL Search Domain Scan URL

URL: https://www.entrust.net/customer/profile.cfm?domain=secure.paycor.com&lang=en

Search URL Search Domain Scan URL

URL: http://www.paycor.com/help
Title: FAQ

Search URL Search Domain Scan URL

URL: http://www.paycor.com/system-requirements
Title: System Requirements

Search URL Search Domain Scan URL

URL: http://www.paycor.com/privacy-policy
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://cookiepedia.co.uk/giving-consent-to-cookies
Title: More information

Search URL Search Domain Scan URL

URL: https://www.onetrust.com/products/cookie-consent/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 25

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=10318&time=1692988365090&url=http%3A%2F%2Fcr05828.tw1.ru%2FLogin%2Fauthentication.html HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=10318&time=1692988365090&url=http%3A%2F%2Fcr05828.tw1.ru%2FLogin%2Fauthentication.html&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D10318%26time%3D1692988365090%26url%3Dhttp%253A%252F%252Fcr05828.tw1.ru%252FLogin%252Fauthentication.html%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=10318&time=1692988365090&url=http%3A%2F%2Fcr05828.tw1.ru%2FLogin%2Fauthentication.html&cookiesTest=true&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=10318&time=1692988365090&url=http%3A%2F%2Fcr05828.tw1.ru%2FLogin%2Fauthentication.html&cookiesTest=true&liSync=true&e_ipv6=AQKYwihWI8AiewAAAYot-Fw3KdJDoFCd2wXkOGK96KZJ1ziBZhylX-eaQ_Gzz7_xk-_shU95

54 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request authentication.html Show response
cr05828.tw1.ru/Login/ 17 KB
5 KB 180ms
55ms Document
text/html 2a03:6f00:6:1::517:321b
TIMEWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://cr05828.tw1.ru/Login/authentication.html
Protocol: HTTP/1.1
Server: 2a03:6f00:6:1::517:321b Warsaw, Poland, ASN9123 (TIMEWEB-AS, RU),
Reverse DNS
Software: nginx/1.22.1 /
Resource Hash: fcceaec68d4f07978f76ab4e812699ab050baaa9c220304d42d62bb9dbef3982

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=utf-8
Date: Fri, 25 Aug 2023 18:32:43 GMT
ETag: W/"4417-603be80986c7b"
Last-Modified: Fri, 25 Aug 2023 12:29:56 GMT
Server: nginx/1.22.1
Transfer-Encoding: chunked
Vary: Accept-Encoding

GET
H/1.1 200
OK newrelic.js Show response
hcm.paycor.com/authentication/Content/Scripts/ 31 KB
14 KB 213ms
89ms Script
application/x-javascript 23.45.102.162
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hcm.paycor.com/authentication/Content/Scripts/newrelic.js
Requested by: Host: cr05828.tw1.ru
URL: http://cr05828.tw1.ru/Login/authentication.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.45.102.162 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-45-102-162.deploy.static.akamaitechnologies.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 5fee16176f94e4a1d8a3a6d7b5e87d6a293928d0fda42d6f27647a6dcedd27d4

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://cr05828.tw1.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

Date: Fri, 25 Aug 2023 18:32:44 GMT
Content-Encoding: gzip
Last-Modified: Wed, 29 Jun 2022 01:11:36 GMT
Server: Microsoft-IIS/10.0
ETag: "9613cd2d558bd81:0"
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: application/x-javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 13509

GET
H/1.1 200
OK index.js Show response
cr05828.tw1.ru/Login/ 160 KB
46 KB 46ms
46ms Script
application/x-javascript 2a03:6f00:6:1::517:321b
TIMEWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://cr05828.tw1.ru/Login/index.js
Requested by: Host: cr05828.tw1.ru
URL: http://cr05828.tw1.ru/Login/authentication.html
Protocol: HTTP/1.1
Server: 2a03:6f00:6:1::517:321b Warsaw, Poland, ASN9123 (TIMEWEB-AS, RU),
Reverse DNS
Software: nginx/1.22.1 /
Resource Hash: 4376db26e990d8631fec3bf2a547a5a5501eaaa02335707cb838ede82267b51b

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://cr05828.tw1.ru/Login/authentication.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

Date: Fri, 25 Aug 2023 18:32:43 GMT
Content-Encoding: gzip
Last-Modified: Fri, 25 Aug 2023 12:02:15 GMT
Server: nginx/1.22.1
ETag: W/"64e89847-27f8e"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: max-age=2678400
Connection: keep-alive
Expires: Mon, 25 Sep 2023 18:32:43 GMT

GET
H/1.1 200
OK signin
hcm.paycor.com/authentication/bundles/styles/ 116 KB
30 KB 690ms
566ms Stylesheet
text/css 23.45.102.162
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hcm.paycor.com/authentication/bundles/styles/signin?v=1TMBwjc_FcDQdFI94Oxx3Pc2mnULbreTT8VsQhWRsSM1
Requested by: Host: cr05828.tw1.ru
URL: http://cr05828.tw1.ru/Login/authentication.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.45.102.162 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-45-102-162.deploy.static.akamaitechnologies.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 16e31e698ad86dd88a847fabe992d98514011cd9a0cb70e3c40fb113d4b5a753

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://cr05828.tw1.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

Date: Fri, 25 Aug 2023 18:32:44 GMT
Content-Encoding: gzip
Last-Modified: Fri, 25 Aug 2023 18:32:44 GMT
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Vary: User-Agent,Accept-Encoding
Content-Type: text/css; charset=utf-8
Cache-Control: public
Connection: keep-alive
Content-Length: 29294
Expires: Sat, 24 Aug 2024 18:32:44 GMT

GET
H/1.1 404
Not Found jquery
cr05828.tw1.ru/authentication/bundles/signin/ 0
0 98ms
60ms Script
text/html 2a03:6f00:6:1::517:321b
TIMEWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://cr05828.tw1.ru/authentication/bundles/signin/jquery?v=OogFi3g5HLuGIHAgSqPk_6zluJg3HjxNAuUL0uNC8a81
Requested by: Host: cr05828.tw1.ru
URL: http://cr05828.tw1.ru/Login/authentication.html
Protocol: HTTP/1.1
Server: 2a03:6f00:6:1::517:321b Warsaw, Poland, ASN9123 (TIMEWEB-AS, RU),
Reverse DNS
Software: nginx/1.22.1 /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://cr05828.tw1.ru/Login/authentication.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

Date: Fri, 25 Aug 2023 18:32:44 GMT
Server: nginx/1.22.1
Connection: keep-alive
Content-Length: 196
Content-Type: text/html; charset=iso-8859-1

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ 21 KB
7 KB 155ms
25ms Script
application/javascript 2606:4700::6812:82ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Host: cr05828.tw1.ru
URL: http://cr05828.tw1.ru/Login/authentication.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:82ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b97b49ee323dbccf9a13f15fa3d93188d01681652d52b1ed40ad00c32dfb0513

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://cr05828.tw1.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 25 Aug 2023 18:32:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: X1C0PY0lSDg1JSpsyFxfYA==
age: 83022
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 6837
x-ms-lease-status: unlocked
last-modified: Wed, 23 Aug 2023 03:26:30 GMT
server: cloudflare
etag: 0x8DBA388BDFFAADC
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 3ecb945a-b01e-0048-37fa-d524b4000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7fc5eb607cde8ff4-FRA

GET
H/1.1 200
OK icons8-search-30.png
cr05828.tw1.ru/ 550 B
860 B 77ms
38ms Image
image/png 2a03:6f00:6:1::517:321b
TIMEWEB-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://cr05828.tw1.ru/icons8-search-30.png
Requested by: Host: cr05828.tw1.ru
URL: http://cr05828.tw1.ru/Login/authentication.html
Protocol: HTTP/1.1
Server: 2a03:6f00:6:1::517:321b Warsaw, Poland, ASN9123 (TIMEWEB-AS, RU),
Reverse DNS
Software: nginx/1.22.1 /
Resource Hash: f09cf56b5a3e9d8595c3618e9bfdd57babb67b3305b856fd5e06f3f4da766dad

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://cr05828.tw1.ru/Login/authentication.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

Date: Fri, 25 Aug 2023 18:32:44 GMT
Last-Modified: Fri, 25 Aug 2023 12:14:27 GMT
Server: nginx/1.22.1
ETag: "64e89b23-226"
Content-Type: image/png
Cache-Control: max-age=2678400
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 550
Expires: Mon, 25 Sep 2023 18:32:44 GMT

GET
H/1.1 200
OK utilities.latest.min.js Show response
hcm.paycor.com/paycorapp/ 92 KB
31 KB 17ms
17ms Script
application/x-javascript 23.45.102.162
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hcm.paycor.com/paycorapp/utilities.latest.min.js
Requested by: Host: cr05828.tw1.ru
URL: http://cr05828.tw1.ru/Login/authentication.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.45.102.162 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-45-102-162.deploy.static.akamaitechnologies.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: c016ff6c8c355a8c2a99923c0421f6f58e5cc07a08943b1b4a4e4a80e72f3bbf

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://cr05828.tw1.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

Date: Fri, 25 Aug 2023 18:32:44 GMT
Content-Encoding: gzip
Last-Modified: Thu, 17 Aug 2023 19:32:02 GMT
Server: Microsoft-IIS/10.0
ETag: "0a51f7f41d1d91:0"
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: public,max-age=604800,no-cache
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 31267

GET
H/1.1 404
Not Found 2RqUDM
cr05828.tw1.ru/w1JHcNSa8fohKe_PrkkZzynt/mOau6XrV2QEmuY/GiAcSikD/QhhPK/ 0
0 1059ms
1058ms Script
text/html 2a03:6f00:6:1::517:321b
TIMEWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://cr05828.tw1.ru/w1JHcNSa8fohKe_PrkkZzynt/mOau6XrV2QEmuY/GiAcSikD/QhhPK/2RqUDM
Requested by: Host: cr05828.tw1.ru
URL: http://cr05828.tw1.ru/Login/authentication.html
Protocol: HTTP/1.1
Server: 2a03:6f00:6:1::517:321b Warsaw, Poland, ASN9123 (TIMEWEB-AS, RU),
Reverse DNS
Software: nginx/1.22.1 /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://cr05828.tw1.ru/Login/authentication.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

Date: Fri, 25 Aug 2023 18:32:45 GMT
Server: nginx/1.22.1
Connection: keep-alive
Content-Length: 196
Content-Type: text/html; charset=iso-8859-1

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 199 KB
73 KB 180ms
51ms Script
application/javascript 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-WD22DQG

Requested by

Host: hcm.paycor.com
URL: https://hcm.paycor.com/authentication/Content/Scripts/newrelic.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

12380e0ee243fbc7e3ea272d7145d661f5c04ab5c3909da639abf9c03a9c017a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://cr05828.tw1.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Fri, 25 Aug 2023 18:32:44 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 73951
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 18:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 25 Aug 2023 18:32:44 GMT

GET
H/1.1 200
OK clearstate.html Show response
secure.paycor.com/accounts/content/ Frame 5937 32 KB
13 KB 243ms
175ms Document
text/html 23.37.54.239
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.paycor.com/accounts/content/clearstate.html
Requested by: Host: cr05828.tw1.ru
URL: http://cr05828.tw1.ru/Login/authentication.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.37.54.239 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-54-239.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: f4cb33841682827d96b169f4d4b7c8b78aa11fd1a9673dcd202550003b4ced4e

Request headers

Referer: http://cr05828.tw1.ru/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Cache-Control: private
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 11348
Content-Type: text/html
Cteonnt-Length: 32173
Date: Fri, 25 Aug 2023 18:32:45 GMT
ETag: "04f30a719d5d91:0"
Last-Modified: Tue, 22 Aug 2023 16:56:54 GMT
Vary: Accept-Encoding
X-Akamai-Request-ID: 4c69b9
X-Akamai-Transformed: 9 11813 0 pmb=mTOE,1

GET
DATA 200
OK truncated
/ 26 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://cr05828.tw1.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK xoss.html Show response
hcm.paycor.com/paycorapp/ Frame E619 251 B
2 KB 187ms
187ms Document
text/html 23.45.102.162
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hcm.paycor.com/paycorapp/xoss.html
Requested by: Host: hcm.paycor.com
URL: https://hcm.paycor.com/authentication/Content/Scripts/newrelic.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.45.102.162 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-45-102-162.deploy.static.akamaitechnologies.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 8ac28aefc2f0ca15566e4876daa56e4947be11c4bb5f827c998e3f8a0ed35ab3

Request headers

Referer: http://cr05828.tw1.ru/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Cache-Control: public,max-age=3600
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 206
Content-Type: text/html
Date: Fri, 25 Aug 2023 18:32:45 GMT
ETag: "012544eeeb8d91:0"
Last-Modified: Mon, 17 Jul 2023 20:36:04 GMT
Server: Microsoft-IIS/10.0
Vary: Accept-Encoding
X-Akamai-Transformed: 9 219 0 pmb=mTOE,1
X-Powered-By: ASP.NET

GET
H/1.1 200
OK logo.gif
999.paycor.com/images/glvomt4226ouabrl0x4yu6hlw/ 43 B
160 B 677ms
112ms Image
image/gif 54.156.245.251
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://999.paycor.com/images/glvomt4226ouabrl0x4yu6hlw/logo.gif?l=http://cr05828.tw1.ru/Login/authentication.html&r=
Requested by: Host: cr05828.tw1.ru
URL: http://cr05828.tw1.ru/Login/authentication.html
Protocol: HTTP/1.1
Server: 54.156.245.251 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-156-245-251.compute-1.amazonaws.com
Software: Apache /
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://cr05828.tw1.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

Date: Fri, 25 Aug 2023 18:32:45 GMT
Server: Apache
Content-Length: 43
Content-Type: image/gif

GET
H2 200 90119edf-b883-42d3-b82f-97977849d151-test.json Show response
cdn.cookielaw.org/consent/90119edf-b883-42d3-b82f-97977849d151-test/ 4 KB
2 KB 62ms
47ms XHR
application/x-javascript 2606:4700::6812:82ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/90119edf-b883-42d3-b82f-97977849d151-test/90119edf-b883-42d3-b82f-97977849d151-test.json

Requested by

Host: hcm.paycor.com
URL: https://hcm.paycor.com/authentication/Content/Scripts/newrelic.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:82ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

493caf2148e30a0095b0a31f596e9feac88d5c253eeeb873872f3b136b66f2cb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://cr05828.tw1.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 25 Aug 2023 18:32:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-md5: CR1f8CUL8Qdja0ydX0bi4A==
content-length: 1476
x-ms-lease-status: unlocked
last-modified: Tue, 03 Jan 2023 15:37:02 GMT
server: cloudflare
etag: 0x8DAEDA05C4B1C89
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: b2c57aa8-501e-009b-5980-d7f886000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7fc5eb60cd241cc5-FRA

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 66 B
312 B 75ms
36ms XHR
application/json 2606:4700:4400::ac40:9b77
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: hcm.paycor.com
URL: https://hcm.paycor.com/authentication/Content/Scripts/newrelic.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9b77 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f90d159c7a961f8d49cf0197de9f4a31f91310b5cd03edc042f82beae766c88b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept: application/json
Referer: http://cr05828.tw1.ru/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Fri, 25 Aug 2023 18:32:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
cf-ray: 7fc5eb615da018f9-FRA
access-control-allow-headers: Content-Type

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 13 KB
5 KB 67ms
36ms Script
application/x-javascript 2a02:26f0:3100::1735:2a32
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: hcm.paycor.com
URL: https://hcm.paycor.com/authentication/Content/Scripts/newrelic.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3100::1735:2a32 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

fa53fcd8da139d256c0ca83b69cb37473ca627b6052368ed3327c80d9fb61e25

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://cr05828.tw1.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Fri, 25 Aug 2023 18:32:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 24 Jul 2023 09:07:54 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/x-javascript;charset=utf-8
cache-control: max-age=71075
accept-ranges: bytes
content-length: 4862

GET
H2 200 bat.js Show response
bat.bing.com/ 42 KB
13 KB 52ms
34ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: hcm.paycor.com
URL: https://hcm.paycor.com/authentication/Content/Scripts/newrelic.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

2f472251b6b4a4a8d7ceed7539cb6ebea71caf28bccc0beda7a6866a6847b53e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://cr05828.tw1.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Fri, 25 Aug 2023 18:32:44 GMT
last-modified: Fri, 28 Jul 2023 18:19:39 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 378C943FDB884EF080E5C817E9F764B2 Ref B: FRAEDGE1410 Ref C: 2023-08-25T18:32:45Z
etag: "806f3b1280c1d91:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 12469

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/944830538/ 3 KB
2 KB 167ms
77ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/944830538/?random=1692988365020&cv=11&fst=1692988365020&bg=ffffff&guid=ON&async=1&gtm=45He38n0&u_w=1600&u_h=1200&url=http%3A%2F%2Fcr05828.tw1.ru%2FLogin%2Fauthentication.html&hn=www.googleadservices.com&frm=0&tiba=Paycor%20Secure%20Access%20Employee%20Login&rfmt=3&fmt=4

Requested by

Host: hcm.paycor.com
URL: https://hcm.paycor.com/authentication/Content/Scripts/newrelic.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

19964702f8ca9a1f9dc75e07f39ce827f2c585d8ac628985158b0da4e916740d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://cr05828.tw1.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Aug 2023 18:32:45 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1330
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 173 KB
47 KB 24ms
8ms Script
application/x-javascript 2a03:2880:f084:105:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: hcm.paycor.com
URL: https://hcm.paycor.com/authentication/Content/Scripts/newrelic.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

ec140ae8baa4b61226d96beba9277a0072e45b805004b8ea983c5d43402aeb66

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://cr05828.tw1.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Fri, 25 Aug 2023 18:32:45 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 47412
x-xss-protection: 0
pragma: public
x-fb-debug: YCeskFa58+OtqUti2Q5IoZmlc9l6dCq/VymrgzxU9HS70hHB0QXrrv76Om9NXkuj3tN7dfDgVAiExk6FivX7hw==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/202211.2.0/ 383 KB
92 KB 24ms
23ms Script
application/javascript 2606:4700::6812:82ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202211.2.0/otBannerSdk.js

Requested by

Host: hcm.paycor.com
URL: https://hcm.paycor.com/authentication/Content/Scripts/newrelic.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:82ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

49582965b8ddcb8f728f5b4d33b2c73e138690f5c6815bd9918de94f62f4b80b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://cr05828.tw1.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 25 Aug 2023 18:32:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: uPFqyxtrxGqJsyAvB7RnSg==
age: 49717
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 93482
x-ms-lease-status: unlocked
last-modified: Mon, 12 Dec 2022 17:31:45 GMT
server: cloudflare
etag: 0x8DADC66BDFA5EC7
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: da60ad71-a01e-00f1-2de1-5a0975000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7fc5eb619dc88ff4-FRA

GET
H/1.1 200
OK utilities.xoss.min.js Show response
hcm.paycor.com/paycorapp/ Frame E619 23 KB
9 KB 26ms
26ms Script
application/x-javascript 23.45.102.162
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hcm.paycor.com/paycorapp/utilities.xoss.min.js
Requested by: Host: hcm.paycor.com
URL: https://hcm.paycor.com/paycorapp/xoss.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.45.102.162 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-45-102-162.deploy.static.akamaitechnologies.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 7da7dbe5e7b031a5d0ef1f0274346ef2dda1340b89616d90a9364b1453005239

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hcm.paycor.com/paycorapp/xoss.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

Date: Fri, 25 Aug 2023 18:32:45 GMT
Content-Encoding: gzip
Last-Modified: Fri, 10 Mar 2023 01:24:08 GMT
Server: Microsoft-IIS/10.0
ETag: "0acb12ef52d91:0"
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: public,max-age=604800,no-cache
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 9009

GET
H/1.1 200
OK 2RqUDM Show response
hcm.paycor.com/w1JHcNSa8fohKe_PrkkZzynt/mOau6XrV2QEmuY/GiAcSikD/QhhPK/ Frame E619 207 KB
77 KB 35ms
35ms Script
application/javascript 23.45.102.162
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hcm.paycor.com/w1JHcNSa8fohKe_PrkkZzynt/mOau6XrV2QEmuY/GiAcSikD/QhhPK/2RqUDM
Requested by: Host: hcm.paycor.com
URL: https://hcm.paycor.com/paycorapp/xoss.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.45.102.162 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-45-102-162.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 0b2a332cab2ae8062add23083a1055a9c6dc7c057a1ef9cf11132755d00db488

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hcm.paycor.com/paycorapp/xoss.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

Date: Fri, 25 Aug 2023 18:32:45 GMT
Content-Encoding: br
Last-Modified: Wed, 02 Aug 2023 16:14:17 GMT
ETag: "3453d8a4c9117996cd885f861a76d40870732f6f819d9109cb965aaf12b84a96"
Stored-Attribute-Sha-Checksum: 0b2a332cab2ae8062add23083a1055a9c6dc7c057a1ef9cf11132755d00db488
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=21600
Connection: keep-alive
Content-Length: 77907

GET
H2 200 1658281131098209 Show response
connect.facebook.net/signals/config/ 116 KB
30 KB 128ms
128ms Script
application/x-javascript 2a03:2880:f084:105:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1658281131098209?v=2.9.124&r=stable&domain=cr05828.tw1.ru

Requested by

Host: hcm.paycor.com
URL: https://hcm.paycor.com/authentication/Content/Scripts/newrelic.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

9cdd79d3fec4f5235efa8b885f4b649c6e26dbd29f386e1c353b5398c99f1c09

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://cr05828.tw1.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Fri, 25 Aug 2023 18:32:45 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
pragma: public
x-fb-debug: K5BZYmcjgkWhLqDKu/A51WP3dBYsWB1xJEavTPBTcshtrloj7dVl6jD1R5qNNy65hxlZeV5hNfUxKMbtjg3irA==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 204 5511164.js Show response
bat.bing.com/p/action/ 0
116 B 35ms
35ms Script
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/5511164.js

Requested by

Host: hcm.paycor.com
URL: https://hcm.paycor.com/authentication/Content/Scripts/newrelic.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://cr05828.tw1.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
date: Fri, 25 Aug 2023 18:32:45 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: FA058A9E89CF441D98885618C532F53C Ref B: FRAEDGE1410 Ref C: 2023-08-25T18:32:45Z
x-cache: CONFIG_NOCACHE

GET
H2 200 token Show response
cdn.linkedin.oribi.io/partner/10318/domain/cr05828.tw1.ru/ 36 B
369 B 187ms
157ms XHR
application/json 2600:9000:20eb:ea00:2:53b2:240:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.linkedin.oribi.io/partner/10318/domain/cr05828.tw1.ru/token
Requested by: Host: hcm.paycor.com
URL: https://hcm.paycor.com/authentication/Content/Scripts/newrelic.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:ea00:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89

Request headers

Accept: *
Referer: http://cr05828.tw1.ru/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Fri, 25 Aug 2023 18:32:45 GMT
content-encoding: gzip
via: 1.1 cb33a7a4640adbb55df3e0d143601558.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
vary: accept-encoding
x-cache: Miss from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=3600
x-amz-cf-id: FKGj6-n7FifZ6ZNSP7bQ5snll_wlZe3ECjEznBd2bxzB3-mD6GPfIQ==

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=10318&time=1692988365090&url=http%3A%2F%2Fcr05828.tw1.ru%2FLogin%2Fauthentication.html
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=10318&time=1692988365090&url=http%3A%2F%2Fcr05828.tw1.ru%2FLogin%2Fauthentication.html&cookiesTest=true
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D10318%26time%3D1692988365090%26url%3Dhttp%253A%252F%252Fcr05828.tw1.ru%252FLogin%...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=10318&time=1692988365090&url=http%3A%2F%2Fcr05828.tw1.ru%2FLogin%2Fauthentication.html&cookiesTest=true&liSync=true
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=10318&time=1692988365090&url=http%3A%2F%2Fcr05828.tw1.ru%2FLogin%2Fauthentication.html&cookiesTest=true&liSync=true&e_ipv6=AQKYwihWI8AiewAAAYot-F...

0
481 B

228ms
200ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=10318&time=1692988365090&url=http%3A%2F%2Fcr05828.tw1.ru%2FLogin%2Fauthentication.html&cookiesTest=true&liSync=true&e_ipv6=AQKYwihWI8AiewAAAYot-Fw3KdJDoFCd2wXkOGK96KZJ1ziBZhylX-eaQ_Gzz7_xk-_shU95
Requested by: Host: cr05828.tw1.ru
URL: http://cr05828.tw1.ru/Login/authentication.html
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://cr05828.tw1.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Fri, 25 Aug 2023 18:32:46 GMT
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 5BFDF2BA08A9409D916B1FB0E085A1A8 Ref B: FRAEDGE1205 Ref C: 2023-08-25T18:32:46Z
linkedin-action: 1
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
content-type: application/javascript
x-li-fabric: prod-lor1
x-cache: CONFIG_NOCACHE
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYDw5IrU6He2TFHLlNAZg==

Redirect headers

date: Fri, 25 Aug 2023 18:32:45 GMT
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 4984D6113884464480D71D3986351C91 Ref B: FRAEDGE2013 Ref C: 2023-08-25T18:32:45Z
linkedin-action: 1
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
x-li-fabric: prod-lor1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=10318&time=1692988365090&url=http%3A%2F%2Fcr05828.tw1.ru%2FLogin%2Fauthentication.html&cookiesTest=true&liSync=true&e_ipv6=AQKYwihWI8AiewAAAYot-Fw3KdJDoFCd2wXkOGK96KZJ1ziBZhylX-eaQ_Gzz7_xk-_shU95
x-cache: CONFIG_NOCACHE
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYDw5IoH2II/M/1/ysRog==

GET
H2 200 en.json Show response
cdn.cookielaw.org/consent/90119edf-b883-42d3-b82f-97977849d151-test/9adb7314-bef2-4a0f-9eb2-78fe63d1bb19/ 143 KB
25 KB 51ms
50ms Fetch
application/x-javascript 2606:4700::6812:82ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/90119edf-b883-42d3-b82f-97977849d151-test/9adb7314-bef2-4a0f-9eb2-78fe63d1bb19/en.json

Requested by

Host: hcm.paycor.com
URL: https://hcm.paycor.com/authentication/Content/Scripts/newrelic.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:82ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

374ba02b44412645b5db18a26b6b146c8c1b3b976992fa9be64d77df2ec7e9fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://cr05828.tw1.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 25 Aug 2023 18:32:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-md5: AU09UGtfHv1TvIF9132x5A==
content-length: 25309
x-ms-lease-status: unlocked
last-modified: Tue, 03 Jan 2023 15:37:07 GMT
server: cloudflare
etag: 0x8DAEDA05F1F350D
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: ea779d12-c01e-006d-5f82-d78dc8000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
cf-ray: 7fc5eb620f141cc5-FRA

GET
H/1.1 200
OK Okw Show response
secure.paycor.com/EcxnBnB5U/c/J8IbfNFg/G7YXfJkNbQcYY7/bC4gdQ8CAg/UB1rdgRX/ Frame 5937 207 KB
77 KB 16ms
16ms Script
application/javascript 23.37.54.239
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.paycor.com/EcxnBnB5U/c/J8IbfNFg/G7YXfJkNbQcYY7/bC4gdQ8CAg/UB1rdgRX/Okw
Requested by: Host: secure.paycor.com
URL: https://secure.paycor.com/accounts/content/clearstate.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.37.54.239 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-54-239.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 0b2a332cab2ae8062add23083a1055a9c6dc7c057a1ef9cf11132755d00db488

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.paycor.com/accounts/content/clearstate.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

X-Akamai-Request-ID: 4c6a69
Date: Fri, 25 Aug 2023 18:32:45 GMT
Content-Encoding: br
Last-Modified: Wed, 02 Aug 2023 16:14:17 GMT
ETag: "3453d8a4c9117996cd885f861a76d40870732f6f819d9109cb965aaf12b84a96"
Stored-Attribute-Sha-Checksum: 0b2a332cab2ae8062add23083a1055a9c6dc7c057a1ef9cf11132755d00db488
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=21600
Connection: keep-alive
Content-Length: 77907

POST
H/1.1 201
Created 2RqUDM Show response
hcm.paycor.com/w1JHcNSa8fohKe_PrkkZzynt/mOau6XrV2QEmuY/GiAcSikD/QhhPK/ Frame E619 18 B
1 KB 28ms
27ms XHR
application/json 23.45.102.162
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hcm.paycor.com/w1JHcNSa8fohKe_PrkkZzynt/mOau6XrV2QEmuY/GiAcSikD/QhhPK/2RqUDM
Requested by: Host: hcm.paycor.com
URL: https://hcm.paycor.com/w1JHcNSa8fohKe_PrkkZzynt/mOau6XrV2QEmuY/GiAcSikD/QhhPK/2RqUDM
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.45.102.162 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-45-102-162.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d

Request headers

Referer: https://hcm.paycor.com/paycorapp/xoss.html
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Fri, 25 Aug 2023 18:32:45 GMT
Vary: Origin
Content-Type: application/json
Access-Control-Allow-Origin: https://hcm.paycor.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Content-Type
Content-Length: 18

GET
H/1.1 200
OK paycor-logo.png
hcm.paycor.com/authentication/content/Images/Logo/ 3 KB
4 KB 18ms
18ms Image
image/png 23.45.102.162
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hcm.paycor.com/authentication/content/Images/Logo/paycor-logo.png
Requested by: Host: cr05828.tw1.ru
URL: http://cr05828.tw1.ru/Login/authentication.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.45.102.162 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-45-102-162.deploy.static.akamaitechnologies.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: f3ad6b8b82f6e9c8067edb141866f5954813a29f6e7a6bdf35186e7b09e9f758

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://cr05828.tw1.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

Date: Fri, 25 Aug 2023 18:32:45 GMT
Last-Modified: Wed, 18 Mar 2020 19:17:48 GMT
Server: Microsoft-IIS/10.0
ETag: "056fbe859fdd51:0"
X-Powered-By: ASP.NET
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3567

GET
H/1.1 200
OK entrust_site_seal_small.png
hcm.paycor.com/authentication/content/Images/ 8 KB
8 KB 29ms
29ms Image
image/png 23.45.102.162
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hcm.paycor.com/authentication/content/Images/entrust_site_seal_small.png
Requested by: Host: cr05828.tw1.ru
URL: http://cr05828.tw1.ru/Login/authentication.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.45.102.162 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-45-102-162.deploy.static.akamaitechnologies.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: c399c0d0bc5b2d6cafb63d4218e38f81ea8f15216687643e34ddf1a5c48e15f9

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://cr05828.tw1.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

Date: Fri, 25 Aug 2023 18:32:45 GMT
Last-Modified: Wed, 18 Mar 2020 19:17:48 GMT
Server: Microsoft-IIS/10.0
ETag: "056fbe859fdd51:0"
X-Powered-By: ASP.NET
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 8430

GET
H/1.1 200
OK 2.jpg
hcm.paycor.com/authentication/content/Images/background/ 264 KB
265 KB 32ms
18ms Image
image/jpeg 23.45.102.162
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hcm.paycor.com/authentication/content/Images/background/2.jpg?v=05.24.2017
Requested by: Host: hcm.paycor.com
URL: https://hcm.paycor.com/authentication/bundles/styles/signin?v=1TMBwjc_FcDQdFI94Oxx3Pc2mnULbreTT8VsQhWRsSM1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.45.102.162 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-45-102-162.deploy.static.akamaitechnologies.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 390cea42d05687a86cdb0309c9552e5c401cf815b02df170b7c75b897553b7f0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hcm.paycor.com/authentication/bundles/styles/signin?v=1TMBwjc_FcDQdFI94Oxx3Pc2mnULbreTT8VsQhWRsSM1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

Date: Fri, 25 Aug 2023 18:32:45 GMT
Last-Modified: Wed, 18 Mar 2020 19:17:48 GMT
Server: Microsoft-IIS/10.0
ETag: "056fbe859fdd51:0"
X-Powered-By: ASP.NET
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 270832

GET
H/1.1 200
OK 2Mobile.jpg
hcm.paycor.com/authentication/content/Images/background/ 69 KB
69 KB 31ms
18ms Image
image/jpeg 23.45.102.162
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hcm.paycor.com/authentication/content/Images/background/2Mobile.jpg?v=05.24.2017
Requested by: Host: hcm.paycor.com
URL: https://hcm.paycor.com/authentication/bundles/styles/signin?v=1TMBwjc_FcDQdFI94Oxx3Pc2mnULbreTT8VsQhWRsSM1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.45.102.162 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-45-102-162.deploy.static.akamaitechnologies.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 422d908ca79fcb614760939956fd4e8aba8fe75d78278f7fe10f43517e2afd78

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hcm.paycor.com/authentication/bundles/styles/signin?v=1TMBwjc_FcDQdFI94Oxx3Pc2mnULbreTT8VsQhWRsSM1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

Date: Fri, 25 Aug 2023 18:32:45 GMT
Last-Modified: Wed, 18 Mar 2020 19:17:48 GMT
Server: Microsoft-IIS/10.0
ETag: "056fbe859fdd51:0"
X-Powered-By: ASP.NET
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 70349

GET
H2 200 otFlat.json Show response
cdn.cookielaw.org/scripttemplates/202211.2.0/assets/ 13 KB
3 KB 77ms
77ms Fetch
application/json 2606:4700::6812:82ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202211.2.0/assets/otFlat.json

Requested by

Host: hcm.paycor.com
URL: https://hcm.paycor.com/authentication/Content/Scripts/newrelic.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:82ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1df323c03e742ff217794c8ace2c647f3f0cf868c91d4396c166262ca1075acc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://cr05828.tw1.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 25 Aug 2023 18:32:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: vO8A/abKpoPacUrvSk9OSw==
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 3020
x-ms-lease-status: unlocked
last-modified: Mon, 12 Dec 2022 17:31:35 GMT
server: cloudflare
etag: 0x8DADC66B7AF38D0
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: a948cefc-701e-008c-3180-d7518d000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7fc5eb62f86b1cc5-FRA

GET
H2 200 otPcCenter.json Show response
cdn.cookielaw.org/scripttemplates/202211.2.0/assets/ 62 KB
15 KB 46ms
46ms Fetch
application/json 2606:4700::6812:82ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202211.2.0/assets/otPcCenter.json

Requested by

Host: hcm.paycor.com
URL: https://hcm.paycor.com/authentication/Content/Scripts/newrelic.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:82ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cef181b89850405f733232c050e35b633a648eacee98005f2663b481ac3b0db4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://cr05828.tw1.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 25 Aug 2023 18:32:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: MDgKSvnSO+c999jgSnUf4g==
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 14749
x-ms-lease-status: unlocked
last-modified: Mon, 12 Dec 2022 17:31:35 GMT
server: cloudflare
etag: 0x8DADC66B80F4BC7
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: a948ceff-701e-008c-3480-d7518d000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7fc5eb62f86c1cc5-FRA

GET
H2 200 otCommonStyles.css Show response
cdn.cookielaw.org/scripttemplates/202211.2.0/assets/ 21 KB
4 KB 47ms
46ms Fetch
text/css 2606:4700::6812:82ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202211.2.0/assets/otCommonStyles.css

Requested by

Host: hcm.paycor.com
URL: https://hcm.paycor.com/authentication/Content/Scripts/newrelic.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:82ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

930239150e702d9d4bf43c3881aa70f8ad5fd9068dcbecb7c8bcca654784f7f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://cr05828.tw1.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 25 Aug 2023 18:32:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: XcxlleAcPGO2n5kTZrHH2Q==
x-ms-lease-status: unlocked
last-modified: Mon, 12 Dec 2022 17:31:50 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: b4728ef9-a01e-0036-3680-d7b4f3000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 7fc5eb62f86d1cc5-FRA

POST
H/1.1 201
Created Okw Show response
secure.paycor.com/EcxnBnB5U/c/J8IbfNFg/G7YXfJkNbQcYY7/bC4gdQ8CAg/UB1rdgRX/ Frame 5937 18 B
1 KB 187ms
187ms XHR
application/json 23.37.54.239
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.paycor.com/EcxnBnB5U/c/J8IbfNFg/G7YXfJkNbQcYY7/bC4gdQ8CAg/UB1rdgRX/Okw
Requested by: Host: secure.paycor.com
URL: https://secure.paycor.com/accounts/content/clearstate.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.37.54.239 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-54-239.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d

Request headers

X-NewRelic-ID: VwIPUFdTCBAJVlRRAggEUFE=
tracestate: 1151945@nr=0-1-3481100-1103151828-73ab2c8751f94c4b----1692988365361
traceparent: 00-0fbf1330d22f84fe8f6b91f9ef854d8b-73ab2c8751f94c4b-01
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjM0ODExMDAiLCJhcCI6IjExMDMxNTE4MjgiLCJpZCI6IjczYWIyYzg3NTFmOTRjNGIiLCJ0ciI6IjBmYmYxMzMwZDIyZjg0ZmU4ZjZiOTFmOWVmODU0ZDhiIiwidGkiOjE2OTI5ODgzNjUzNjEsInRrIjoiMTE1MTk0NSJ9fQ==
Content-Type: text/plain;charset=UTF-8
Referer: https://secure.paycor.com/accounts/content/clearstate.html

Response headers

X-Akamai-Request-ID: 4c6a9e
Date: Fri, 25 Aug 2023 18:32:45 GMT
Vary: Origin
Content-Type: application/json
Access-Control-Allow-Origin: https://secure.paycor.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Content-Type
Content-Length: 18

GET
H2 204 0
bat.bing.com/action/ 0
284 B 33ms
32ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=5511164&tm=gtm002&Ver=2&mid=2f7cf4ce-4d1b-41b3-83a9-ca084934b0ac&sid=c8c516d0437511ee9d1e53dcbb0dffb6&vid=c8c52170437511ee8afaf5d095b15596&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=Paycor%20Secure%20Access%20Employee%20Login&p=http%3A%2F%2Fcr05828.tw1.ru%2FLogin%2Fauthentication.html&r=&lt=1601&evt=pageLoad&sv=1&rn=293800

Requested by

Host: cr05828.tw1.ru
URL: http://cr05828.tw1.ru/Login/authentication.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://cr05828.tw1.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Fri, 25 Aug 2023 18:32:45 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: A1E913D71A5F498A9C832161003F4D2D Ref B: FRAEDGE1410 Ref C: 2023-08-25T18:32:45Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/944830538/ 42 B
455 B 133ms
49ms Image
image/gif 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/944830538/?random=1692988365020&cv=11&fst=1692986400000&bg=ffffff&guid=ON&async=1&gtm=45He38n0&u_w=1600&u_h=1200&url=http%3A%2F%2Fcr05828.tw1.ru%2FLogin%2Fauthentication.html&frm=0&tiba=Paycor%20Secure%20Access%20Employee%20Login&fmt=3&is_vtc=1&random=2304205654&rmt_tld=0&ipr=y

Requested by

Host: cr05828.tw1.ru
URL: http://cr05828.tw1.ru/Login/authentication.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://cr05828.tw1.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Aug 2023 18:32:45 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/944830538/ 42 B
455 B 129ms
51ms Image
image/gif 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/944830538/?random=1692988365020&cv=11&fst=1692986400000&bg=ffffff&guid=ON&async=1&gtm=45He38n0&u_w=1600&u_h=1200&url=http%3A%2F%2Fcr05828.tw1.ru%2FLogin%2Fauthentication.html&frm=0&tiba=Paycor%20Secure%20Access%20Employee%20Login&fmt=3&is_vtc=1&random=2304205654&rmt_tld=1&ipr=y

Requested by

Host: cr05828.tw1.ru
URL: http://cr05828.tw1.ru/Login/authentication.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://cr05828.tw1.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Aug 2023 18:32:45 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 nr-spa-1216.min.js Show response
js-agent.newrelic.com/ Frame 5937 49 KB
49 KB 32ms
6ms Script
application/javascript 151.101.130.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js-agent.newrelic.com/nr-spa-1216.min.js

Requested by

Host: secure.paycor.com
URL: https://secure.paycor.com/accounts/content/clearstate.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.130.137 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

545156adeae44dadc82b98d504f805ebe77fb79c928ef34eed1057bb9d4cb8fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.paycor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

x-amz-version-id: UU.F5jvoumAjQChriwTQHbisCFw_OInU
date: Fri, 25 Aug 2023 18:32:45 GMT
via: 1.1 varnish
strict-transport-security: max-age=300
x-amz-request-id: WPMFB0VJG75YV1Z7
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 50049
x-amz-id-2: FZGRs9jHoygJROiHGl6xMkWo6b2J8tT5vX+5wqPZ7xbNvPJpdkGEDO9l2DizwaxY1IJipLlFmJk=
x-served-by: cache-fra-eddf8230046-FRA
last-modified: Thu, 14 Apr 2022 16:45:57 GMT
server: AmazonS3
x-timer: S1692988365.461932,VS0,VE0
etag: "63e2df852d15ab21d7ff8fc4363222e8"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 819

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 23ms
7ms Image
text/plain 2a03:2880:f177:185:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1658281131098209&ev=PageView&dl=http%3A%2F%2Fcr05828.tw1.ru%2FLogin%2Fauthentication.html&rl=&if=false&ts=1692988365445&sw=1600&sh=1200&v=2.9.124&r=stable&ec=0&o=30&fbp=fb.1.1692988365443.1095812965&it=1692988365073&coo=false&rqm=GET

Requested by

Host: cr05828.tw1.ru
URL: http://cr05828.tw1.ru/Login/authentication.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://cr05828.tw1.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Fri, 25 Aug 2023 18:32:45 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 ot_company_logo.png
cdn.cookielaw.org/logos/static/ 4 KB
4 KB 25ms
24ms Image
image/png 2606:4700::6812:82ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/static/ot_company_logo.png

Requested by

Host: cr05828.tw1.ru
URL: http://cr05828.tw1.ru/Login/authentication.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:82ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a335fc1da4a5ffc1fcacfa3eab57506faa41f026954496becb59cf5fbcd99d0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://cr05828.tw1.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 25 Aug 2023 18:32:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: E8+sk/ECzKgTUVtDLikiIA==
age: 58934
content-length: 4036
x-ms-lease-status: unlocked
last-modified: Wed, 23 Aug 2023 03:26:36 GMT
server: cloudflare
etag: 0x8DBA388C1E25CBD
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
x-ms-request-id: 8ccdec8e-101e-00a5-6c30-d66ff9000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7fc5eb6438478ff4-FRA

GET
H2 200 powered_by_logo.svg
cdn.cookielaw.org/logos/static/ 5 KB
2 KB 26ms
24ms Image
image/svg+xml 2606:4700::6812:82ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/static/powered_by_logo.svg

Requested by

Host: cr05828.tw1.ru
URL: http://cr05828.tw1.ru/Login/authentication.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:82ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://cr05828.tw1.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 25 Aug 2023 18:32:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: Y+c301RBZNK39PvKQWrIBw==
age: 3311
x-ms-lease-status: unlocked
last-modified: Thu, 24 Aug 2023 03:26:27 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 2b6086b3-901e-002d-50b5-d68af0000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 7fc5eb64384a8ff4-FRA

GET
H/1.1 200
OK NRBR-ae85938b008f49eb85b Show response
bam.nr-data.net/1/ Frame 5937 56 B
622 B 305ms
242ms Script
text/javascript 162.247.241.14
NEWRELIC-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.nr-data.net/1/NRBR-ae85938b008f49eb85b?a=925359365&v=1216.487a282&to=YV0EbRRTV0ZUVk0NCVgXM0sPHVhWVlpMChJFFwVWCEZcW0EaWggDV0oVTQdGXBtdQVQI&rst=735&ck=1&ref=https://secure.paycor.com/accounts/content/clearstate.html&be=451&fe=685&dc=685&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1692988364748,%22n%22:0,%22f%22:121,%22dn%22:122,%22dne%22:167,%22c%22:167,%22s%22:172,%22ce%22:189,%22rq%22:190,%22rp%22:364,%22rpe%22:366,%22dl%22:388,%22di%22:685,%22ds%22:685,%22de%22:685,%22dc%22:685,%22l%22:685,%22le%22:686%7D,%22navigation%22:%7B%7D%7D&jsonp=NREUM.setToken
Requested by: Host: secure.paycor.com
URL: https://secure.paycor.com/accounts/content/clearstate.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.247.241.14 Portland, United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f9745c48d0b4c918d466da4acdb3f786ef5cda4c69ac0b6009d76cff67e6325d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.paycor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

Date: Fri, 25 Aug 2023 18:32:45 GMT
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
Server: cloudflare
Transfer-Encoding: chunked
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Vary: Accept-Encoding
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
Connection: keep-alive
CF-Ray: 7fc5eb64be6cbb50-FRA

POST
H/1.1 201
Created 2RqUDM Show response
hcm.paycor.com/w1JHcNSa8fohKe_PrkkZzynt/mOau6XrV2QEmuY/GiAcSikD/QhhPK/ Frame E619 18 B
1 KB 101ms
101ms XHR
application/json 23.45.102.162
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hcm.paycor.com/w1JHcNSa8fohKe_PrkkZzynt/mOau6XrV2QEmuY/GiAcSikD/QhhPK/2RqUDM
Requested by: Host: hcm.paycor.com
URL: https://hcm.paycor.com/w1JHcNSa8fohKe_PrkkZzynt/mOau6XrV2QEmuY/GiAcSikD/QhhPK/2RqUDM
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.45.102.162 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-45-102-162.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d

Request headers

Referer: https://hcm.paycor.com/paycorapp/xoss.html
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Fri, 25 Aug 2023 18:32:45 GMT
Vary: Origin
Content-Type: application/json
Access-Control-Allow-Origin: https://hcm.paycor.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Content-Type
Content-Length: 18

POST
H/1.1 201
Created Okw Show response
secure.paycor.com/EcxnBnB5U/c/J8IbfNFg/G7YXfJkNbQcYY7/bC4gdQ8CAg/UB1rdgRX/ Frame 5937 18 B
1 KB 26ms
26ms XHR
application/json 23.37.54.239
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.paycor.com/EcxnBnB5U/c/J8IbfNFg/G7YXfJkNbQcYY7/bC4gdQ8CAg/UB1rdgRX/Okw
Requested by: Host: secure.paycor.com
URL: https://secure.paycor.com/accounts/content/clearstate.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.37.54.239 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-54-239.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d

Request headers

X-NewRelic-ID: VwIPUFdTCBAJVlRRAggEUFE=
tracestate: 1151945@nr=0-1-3481100-1103151828-c56017e50fa36ec1----1692988365947
traceparent: 00-78400ce632b2d92d58af0087bdf4211f-c56017e50fa36ec1-01
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjM0ODExMDAiLCJhcCI6IjExMDMxNTE4MjgiLCJpZCI6ImM1NjAxN2U1MGZhMzZlYzEiLCJ0ciI6Ijc4NDAwY2U2MzJiMmQ5MmQ1OGFmMDA4N2JkZjQyMTFmIiwidGkiOjE2OTI5ODgzNjU5NDcsInRrIjoiMTE1MTk0NSJ9fQ==
Content-Type: text/plain;charset=UTF-8
Referer: https://secure.paycor.com/accounts/content/clearstate.html

Response headers

X-Akamai-Request-ID: 4c6c7c
Date: Fri, 25 Aug 2023 18:32:45 GMT
Vary: Origin
Content-Type: application/json
Access-Control-Allow-Origin: https://secure.paycor.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Content-Type
Content-Length: 18

POST
H/1.1 200
OK NRBR-ae85938b008f49eb85b Show response
bam.nr-data.net/events/1/ Frame 5937 24 B
405 B 230ms
230ms XHR
image/gif 162.247.241.14
NEWRELIC-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.nr-data.net/events/1/NRBR-ae85938b008f49eb85b?a=925359365&v=1216.487a282&to=YV0EbRRTV0ZUVk0NCVgXM0sPHVhWVlpMChJFFwVWCEZcW0EaWggDV0oVTQdGXBtdQVQI&rst=1232&ck=1&ref=https://secure.paycor.com/accounts/content/clearstate.html
Requested by: Host: secure.paycor.com
URL: https://secure.paycor.com/accounts/content/clearstate.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.247.241.14 Portland, United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300

Request headers

Referer: https://secure.paycor.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36
content-type: text/plain

Response headers

Date: Fri, 25 Aug 2023 18:32:46 GMT
CF-Cache-Status: DYNAMIC
Server: cloudflare
Vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: https://secure.paycor.com
access-control-allow-credentials: true
Connection: keep-alive
CF-Ray: 7fc5eb676981bb50-FRA
Content-Length: 24

POST
H/1.1 201
Created 2RqUDM Show response
hcm.paycor.com/w1JHcNSa8fohKe_PrkkZzynt/mOau6XrV2QEmuY/GiAcSikD/QhhPK/ Frame E619 18 B
1 KB 124ms
123ms XHR
application/json 23.45.102.162
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hcm.paycor.com/w1JHcNSa8fohKe_PrkkZzynt/mOau6XrV2QEmuY/GiAcSikD/QhhPK/2RqUDM
Requested by: Host: hcm.paycor.com
URL: https://hcm.paycor.com/w1JHcNSa8fohKe_PrkkZzynt/mOau6XrV2QEmuY/GiAcSikD/QhhPK/2RqUDM
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.45.102.162 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-45-102-162.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d

Request headers

Referer: https://hcm.paycor.com/paycorapp/xoss.html
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Fri, 25 Aug 2023 18:32:46 GMT
Vary: Origin
Content-Type: application/json
Access-Control-Allow-Origin: https://hcm.paycor.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Content-Type
Content-Length: 18

GET
H2 200 nr-spa-1215.min.js Show response
js-agent.newrelic.com/ 47 KB
18 KB 8ms
8ms Script
application/javascript 151.101.130.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js-agent.newrelic.com/nr-spa-1215.min.js

Requested by

Host: hcm.paycor.com
URL: https://hcm.paycor.com/authentication/Content/Scripts/newrelic.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.130.137 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

dd2d8d288526b88b0eae53168e31b4092acf39ed38d40ffcbc6d0ab2f7a4aa66

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://cr05828.tw1.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

x-amz-version-id: zcmP9QP8YWQtiPZETZozJGQXbXQvWuWT
content-encoding: br
via: 1.1 varnish
date: Fri, 25 Aug 2023 18:32:46 GMT
strict-transport-security: max-age=300
x-amz-request-id: V166JT3N7FSR6XS0
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 18245
x-amz-id-2: LN7zcp0+pwOpnsActKd0tgRVUiT4T7Cz8KidljCWYvgL1uEEVgWS6vCq+ToPh9xE5G8GTt8zVjrAiAJPrqRFnA==
x-served-by: cache-fra-eddf8230046-FRA
last-modified: Mon, 24 Jan 2022 22:13:54 GMT
server: AmazonS3
x-timer: S1692988366.237287,VS0,VE0
etag: "7e1862f7a390ed9fc02c299216395547"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 1592

GET
H/1.1 200
OK NRBR-7784dc3f05e7c9bd31b Show response
bam.nr-data.net/1/ 56 B
622 B 236ms
235ms Script
text/javascript 162.247.241.14
NEWRELIC-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.nr-data.net/1/NRBR-7784dc3f05e7c9bd31b?a=1103143923&sa=1&v=1215.1253ab8&t=Unnamed%20Transaction&rst=2585&ck=1&ref=http://cr05828.tw1.ru/Login/authentication.html&be=421&fe=2571&dc=1547&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1692988363662,%22n%22:0,%22f%22:0,%22dn%22:1,%22dne%22:88,%22c%22:88,%22ce%22:126,%22rq%22:126,%22rp%22:181,%22rpe%22:182,%22dl%22:183,%22di%22:1546,%22ds%22:1547,%22de%22:1601,%22dc%22:2571,%22l%22:2571,%22le%22:2572%7D,%22navigation%22:%7B%7D%7D&fp=1141&fcp=1141&jsonp=NREUM.setToken
Requested by: Host: hcm.paycor.com
URL: https://hcm.paycor.com/authentication/Content/Scripts/newrelic.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.247.241.14 Portland, United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f9745c48d0b4c918d466da4acdb3f786ef5cda4c69ac0b6009d76cff67e6325d

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://cr05828.tw1.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

Date: Fri, 25 Aug 2023 18:32:46 GMT
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
Server: cloudflare
Transfer-Encoding: chunked
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Vary: Accept-Encoding
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
Connection: keep-alive
CF-Ray: 7fc5eb690b34bb50-FRA

POST
H/1.1 201
Created Okw Show response
secure.paycor.com/EcxnBnB5U/c/J8IbfNFg/G7YXfJkNbQcYY7/bC4gdQ8CAg/UB1rdgRX/ Frame 5937 18 B
1 KB 22ms
21ms XHR
application/json 23.37.54.239
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.paycor.com/EcxnBnB5U/c/J8IbfNFg/G7YXfJkNbQcYY7/bC4gdQ8CAg/UB1rdgRX/Okw
Requested by: Host: secure.paycor.com
URL: https://secure.paycor.com/accounts/content/clearstate.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.37.54.239 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-54-239.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d

Request headers

X-NewRelic-ID: VwIPUFdTCBAJVlRRAggEUFE=
tracestate: 1151945@nr=0-1-3481100-1103151828-89c37e66d887a88a----1692988366415
traceparent: 00-16c7a1ded8cc83134940646e15eae70a-89c37e66d887a88a-01
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjM0ODExMDAiLCJhcCI6IjExMDMxNTE4MjgiLCJpZCI6Ijg5YzM3ZTY2ZDg4N2E4OGEiLCJ0ciI6IjE2YzdhMWRlZDhjYzgzMTM0OTQwNjQ2ZTE1ZWFlNzBhIiwidGkiOjE2OTI5ODgzNjY0MTUsInRrIjoiMTE1MTk0NSJ9fQ==
Content-Type: text/plain;charset=UTF-8
Referer: https://secure.paycor.com/accounts/content/clearstate.html

Response headers

X-Akamai-Request-ID: 4c6e60
Date: Fri, 25 Aug 2023 18:32:46 GMT
Vary: Origin
Content-Type: application/json
Access-Control-Allow-Origin: https://secure.paycor.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Content-Type
Content-Length: 18

POST
H/1.1 200
OK NRBR-7784dc3f05e7c9bd31b Show response
bam.nr-data.net/events/1/ 24 B
401 B 246ms
246ms XHR
image/gif 162.247.241.14
NEWRELIC-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.nr-data.net/events/1/NRBR-7784dc3f05e7c9bd31b?a=1103143923&sa=1&v=1215.1253ab8&t=Unnamed%20Transaction&rst=2829&ck=1&ref=http://cr05828.tw1.ru/Login/authentication.html
Requested by: Host: hcm.paycor.com
URL: https://hcm.paycor.com/authentication/Content/Scripts/newrelic.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.247.241.14 Portland, United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300

Request headers

Referer: http://cr05828.tw1.ru/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36
content-type: text/plain

Response headers

Date: Fri, 25 Aug 2023 18:32:46 GMT
CF-Cache-Status: DYNAMIC
Server: cloudflare
Vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: http://cr05828.tw1.ru
access-control-allow-credentials: true
Connection: keep-alive
CF-Ray: 7fc5eb6a9cc2bb50-FRA
Content-Length: 24

GET
H2 200 /
www.facebook.com/tr/ 0
54 B 7ms
7ms Image
text/plain 2a03:2880:f177:185:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1658281131098209&ev=Microdata&dl=http%3A%2F%2Fcr05828.tw1.ru%2FLogin%2Fauthentication.html&rl=&if=false&ts=1692988366951&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Paycor%20Secure%20Access%20Employee%20Login%22%7D&cd[OpenGraph]=%7B%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.124&r=stable&ec=1&o=30&fbp=fb.1.1692988365443.1095812965&it=1692988365073&coo=false&es=automatic&tm=3&rqm=GET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://cr05828.tw1.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Fri, 25 Aug 2023 18:32:46 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

Verdicts & Comments Add Verdict or Comment

40 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

16 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.doubleclick.net/	1970-01-20 14:16:29	Name: test_cookie Value: CheckForPermission
.linkedin.com/	1970-01-20 16:26:04	Name: li_sugr Value: 5850b841-bccd-4eda-ba7d-16809d928955
.linkedin.com/	1970-01-20 23:02:04	Name: bcookie Value: "v=2&565387cf-71fd-46fb-8773-2d02c0e8c89d"
.linkedin.com/	1970-01-20 14:17:54	Name: lidc Value: "b=OGST04:s=O:r=O:a=O:p=O:g=2950:u=1:x=1:i=1692988365:t=1693074765:v=2:sig=AQGT-Fc_S6r4_SPLqFRwUzTQezOGy2VH"
.tw1.ru/	1970-01-20 14:17:54	Name: _uetsid Value: c8c516d0437511ee9d1e53dcbb0dffb6
.tw1.ru/	1970-01-20 23:38:04	Name: _uetvid Value: c8c52170437511ee8afaf5d095b15596
.bing.com/	1970-01-20 23:38:04	Name: MUID Value: 22E7830FB2226ABF20799077B3496B8F
cr05828.tw1.ru/	1969-12-31 23:59:59	Name: paycordfp Value: 7bb3ae3715e3900ab2ef5801c7a47da0
cr05828.tw1.ru/	1970-01-20 14:17:54	Name: ln_or Value: eyIxMDMxOCI6ImQifQ%3D%3D
.tw1.ru/	1970-01-20 16:26:04	Name: _fbp Value: fb.1.1692988365443.1095812965
cr05828.tw1.ru/	1970-01-20 23:02:04	Name: OptanonConsent Value: isGpcEnabled=0&datestamp=Fri+Aug+25+2023+20%3A32%3A45+GMT%2B0200+(Central+European+Summer+Time)&version=202211.2.0&isIABGlobal=false&hosts=&landingPath=http%3A%2F%2Fcr05828.tw1.ru%2FLogin%2Fauthentication.html&groups=C0004%3A1%2CC0002%3A1%2CC0003%3A1%2CC0001%3A1
.linkedin.com/	1970-01-20 14:59:40	Name: UserMatchHistory Value: AQJQqZBqrOJPgAAAAYot-FrCay1md3YqtNcLkC-UBZtUOiiw1yjlmqF5V1VdoyzFT-wm10g8bZ2W9w
.linkedin.com/	1970-01-20 14:59:40	Name: AnalyticsSyncHistory Value: AQIXqcX3WW3DHAAAAYot-FrCqhqf1rBWZMakGKl5pDnCqRssI6bQhKsICfle_u4esz5soPJRcOoRv_HCyjXNWA
.www.linkedin.com/	1970-01-20 23:02:04	Name: bscookie Value: "v=1&20230825183245997c9ea7-b8f0-4b9f-8197-5ce6a59b5656AQHkNh41HdMh7ZPEFepoNBCgdAYP0Yx0"
.linkedin.com/	1970-01-20 18:35:40	Name: li_gc Value: MTswOzE2OTI5ODgzNjU7MjswMjFuRN6Ftx/ymaqGFyoMV65RVAiL92q8fRDVmq4P7oJZtQ==
.nr-data.net/	1969-12-31 23:59:59	Name: JSESSIONID Value: 2077df299f1e3ed4

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: http://cr05828.tw1.ru/authentication/bundles/signin/jquery?v=OogFi3g5HLuGIHAgSqPk_6zluJg3HjxNAuUL0uNC8a81 Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: http://cr05828.tw1.ru/w1JHcNSa8fohKe_PrkkZzynt/mOau6XrV2QEmuY/GiAcSikD/QhhPK/2RqUDM Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

999.paycor.com
bam.nr-data.net
bat.bing.com
cdn.cookielaw.org
cdn.linkedin.oribi.io
connect.facebook.net
cr05828.tw1.ru
geolocation.onetrust.com
googleads.g.doubleclick.net
hcm.paycor.com
js-agent.newrelic.com
px.ads.linkedin.com
px4.ads.linkedin.com
secure.paycor.com
snap.licdn.com
www.facebook.com
www.google.com
www.google.de
www.googletagmanager.com
www.linkedin.com
13.107.42.14
151.101.130.137
162.247.241.14
23.37.54.239
23.45.102.162
2600:9000:20eb:ea00:2:53b2:240:93a1
2606:4700:4400::ac40:9b77
2606:4700::6812:82ec
2620:1ec:21::14
2620:1ec:c11::200
2a00:1450:4001:802::2002
2a00:1450:4001:810::2008
2a00:1450:4001:82b::2004
2a00:1450:4001:830::2003
2a02:26f0:3100::1735:2a32
2a03:2880:f084:105:face:b00c:0:3
2a03:2880:f177:185:face:b00c:0:25de
2a03:6f00:6:1::517:321b
54.156.245.251
0b2a332cab2ae8062add23083a1055a9c6dc7c057a1ef9cf11132755d00db488
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
12380e0ee243fbc7e3ea272d7145d661f5c04ab5c3909da639abf9c03a9c017a
16e31e698ad86dd88a847fabe992d98514011cd9a0cb70e3c40fb113d4b5a753
19964702f8ca9a1f9dc75e07f39ce827f2c585d8ac628985158b0da4e916740d
1df323c03e742ff217794c8ace2c647f3f0cf868c91d4396c166262ca1075acc
2f472251b6b4a4a8d7ceed7539cb6ebea71caf28bccc0beda7a6866a6847b53e
374ba02b44412645b5db18a26b6b146c8c1b3b976992fa9be64d77df2ec7e9fe
390cea42d05687a86cdb0309c9552e5c401cf815b02df170b7c75b897553b7f0
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
422d908ca79fcb614760939956fd4e8aba8fe75d78278f7fe10f43517e2afd78
4376db26e990d8631fec3bf2a547a5a5501eaaa02335707cb838ede82267b51b
493caf2148e30a0095b0a31f596e9feac88d5c253eeeb873872f3b136b66f2cb
49582965b8ddcb8f728f5b4d33b2c73e138690f5c6815bd9918de94f62f4b80b
545156adeae44dadc82b98d504f805ebe77fb79c928ef34eed1057bb9d4cb8fe
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
5fee16176f94e4a1d8a3a6d7b5e87d6a293928d0fda42d6f27647a6dcedd27d4
7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89
7da7dbe5e7b031a5d0ef1f0274346ef2dda1340b89616d90a9364b1453005239
8ac28aefc2f0ca15566e4876daa56e4947be11c4bb5f827c998e3f8a0ed35ab3
930239150e702d9d4bf43c3881aa70f8ad5fd9068dcbecb7c8bcca654784f7f1
9cdd79d3fec4f5235efa8b885f4b649c6e26dbd29f386e1c353b5398c99f1c09
a335fc1da4a5ffc1fcacfa3eab57506faa41f026954496becb59cf5fbcd99d0e
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b97b49ee323dbccf9a13f15fa3d93188d01681652d52b1ed40ad00c32dfb0513
c016ff6c8c355a8c2a99923c0421f6f58e5cc07a08943b1b4a4e4a80e72f3bbf
c399c0d0bc5b2d6cafb63d4218e38f81ea8f15216687643e34ddf1a5c48e15f9
cef181b89850405f733232c050e35b633a648eacee98005f2663b481ac3b0db4
dd2d8d288526b88b0eae53168e31b4092acf39ed38d40ffcbc6d0ab2f7a4aa66
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ec140ae8baa4b61226d96beba9277a0072e45b805004b8ea983c5d43402aeb66
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f09cf56b5a3e9d8595c3618e9bfdd57babb67b3305b856fd5e06f3f4da766dad
f3ad6b8b82f6e9c8067edb141866f5954813a29f6e7a6bdf35186e7b09e9f758
f4cb33841682827d96b169f4d4b7c8b78aa11fd1a9673dcd202550003b4ced4e
f90d159c7a961f8d49cf0197de9f4a31f91310b5cd03edc042f82beae766c88b
f9745c48d0b4c918d466da4acdb3f786ef5cda4c69ac0b6009d76cff67e6325d
fa53fcd8da139d256c0ca83b69cb37473ca627b6052368ed3327c80d9fb61e25
fcceaec68d4f07978f76ab4e812699ab050baaa9c220304d42d62bb9dbef3982
fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d

cr05828.tw1.ru Open in urlscan Pro 2a03:6f00:6:1::517:321b Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

54 Requests

87 %HTTPS

68 %IPv6

16 Domains

20 Subdomains

19 IPs

3 Countries

1055 kBTransfer

2527 kBSize

16 Cookies

11 Outgoing links

Redirected requests

54 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

cr05828.tw1.ru Open in urlscan Pro
2a03:6f00:6:1::517:321b Public Scan

Screenshot
Live screenshot

Full Image

54
Requests

87 %
HTTPS

68 %
IPv6

16
Domains

20
Subdomains

19
IPs

3
Countries

1055 kB
Transfer

2527 kB
Size

16
Cookies

54 HTTP transactions
1 data transactions