urlscan.io logo urlscan.io
SecurityTrails logo

ahramexpress.com Open in urlscan Pro
108.167.159.118  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://7epxx.app.link/sZvLyLwgB0
Effective URL: https://ahramexpress.com/images/bg/uiowa/HawkID.php?_branch_match_id=710112597722266481&utm_medium=marketing
Submission: On October 08 via manual from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 2 countries across 6 domains to perform 28 HTTP transactions. The main IP is 108.167.159.118, located in Houston, United States and belongs to UNIFIEDLAYER-AS-1 - Unified Layer, US. The main domain is ahramexpress.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on September 13th 2019. Valid for: 3 months.
This is the only time ahramexpress.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: US Universities (Education) University of Iowa (Education)

Domain & IP information

IP Address AS Autonomous System
1 1 2600:9000:20a... 16509 (AMAZON-02)
8 108.167.159.118 46606 (UNIFIEDLA...)
2 209.197.3.7 20446 (HIGHWINDS3)
2 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
28 6
1    2600:9000:20ac:e800:19:9934:6a80:93a1 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
7epxx.app.link
8    108.167.159.118 (Houston, United States)

ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US)
PTR: calicartel.co
ahramexpress.com
2    209.197.3.7 (Phoenix, United States)

ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US)
PTR: vip0x007.map2.ssl.hwcdn.net
e2b8u3v8.map2.ssl.hwcdn.net
2    2a00:1450:4001:825::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
ssl.google-analytics.com
1    2a00:1450:4001:816::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
ajax.googleapis.com
1    2a00:1450:4001:80b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
www.google-analytics.com
Domain Requested by
8 ahramexpress.com ahramexpress.com
2 ssl.google-analytics.com ahramexpress.com
2 e2b8u3v8.map2.ssl.hwcdn.net ahramexpress.com
1 www.google-analytics.com e2b8u3v8.map2.ssl.hwcdn.net
1 ajax.googleapis.com ahramexpress.com
1 7epxx.app.link 1 redirects
0 cipmepknanmbbaneimacddfemfbfgpgo Failed ahramexpress.com
28 7

This site contains links to these domains. Also see Links.

Domain
apps.its.uiowa.edu
myui.uiowa.edu
Subject Issuer Validity Valid
ahramexpress.com
Let's Encrypt Authority X3		 2019-09-13 -
2019-12-12		 3 months crt.sh
*.map2.ssl.hwcdn.net
COMODO RSA Domain Validation Secure Server CA		 2018-04-10 -
2020-04-09		 2 years crt.sh
*.google-analytics.com
GTS CA 1O1		 2019-09-17 -
2019-12-10		 3 months crt.sh
*.googleapis.com
GTS CA 1O1		 2019-09-17 -
2019-12-10		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://ahramexpress.com/images/bg/uiowa/HawkID.php?_branch_match_id=710112597722266481&utm_medium=marketing
Frame ID: 5F4B0A41A1670A7D5A4BFE973A22672F
Requests: 28 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://7epxx.app.link/sZvLyLwgB0 HTTP 307
    https://ahramexpress.com/images/bg/uiowa/HawkID.php?_branch_match_id=710112597722266481&utm_medium=ma... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i
Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i
Overall confidence: 100%
Detected patterns
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

28
Requests

50 %
HTTPS

67 %
IPv6

6
Domains

7
Subdomains

6
IPs

2
Countries

205 kB
Transfer

492 kB
Size

7
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://7epxx.app.link/sZvLyLwgB0 HTTP 307
    https://ahramexpress.com/images/bg/uiowa/HawkID.php?_branch_match_id=710112597722266481&utm_medium=marketing Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

28 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request HawkID.php
ahramexpress.com/images/bg/uiowa/
Redirect Chain
  • https://7epxx.app.link/sZvLyLwgB0
  • https://ahramexpress.com/images/bg/uiowa/HawkID.php?_branch_match_id=710112597722266481&utm_medium=marketing
14 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ahramexpress.com/images/bg/uiowa/HawkID.php?_branch_match_id=710112597722266481&utm_medium=marketing
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
108.167.159.118 Houston, United States, ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US),
Reverse DNS
calicartel.co
Software
Apache /
Resource Hash
e73ec758c4da39298816c8e87058029d84beb14bd29d502d4f72af110f869bd7

Request headers

:method
GET
:authority
ahramexpress.com
:scheme
https
:path
/images/bg/uiowa/HawkID.php?_branch_match_id=710112597722266481&utm_medium=marketing
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode
navigate
sec-fetch-user
?1
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
none
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1

Response headers

status
200
date
Tue, 08 Oct 2019 13:44:23 GMT
server
Apache
vary
Accept-Encoding
content-encoding
gzip
content-length
4172
content-type
text/html; charset=UTF-8

Redirect headers

Content-Length
0
Connection
keep-alive
Server
openresty/1.13.6.2
Date
Tue, 08 Oct 2019 13:44:23 GMT
X-Powered-By
Express
Set-Cookie
_s=Plax5JiERvUaxpzN0P2vRV8ovvDA70mMfK%2FSLk8mBJdNo4Cbl16mKASy%2ByH0gqTb; Max-Age=31536000; Domain=.app.link; Path=/; Expires=Wed, 07 Oct 2020 13:44:23 GMT
Last-Modified
Tue, 08 Oct 2019 13:44:23 GMT
Location
https://ahramexpress.com/images/bg/uiowa/HawkID.php?_branch_match_id=710112597722266481&utm_medium=marketing
X-Cache
Miss from cloudfront
Via
1.1 6207b951a11da0467241aea4294b753b.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
PRG50
X-Amz-Cf-Id
OT6zoCVisypXX0m9B9ab4xDiOKyOFhF-mq-gVf9dS_z10z3_FHSBzw==
bootstrap.min.css
ahramexpress.com/images/bg/uiowa/HawkID_files/ 		97 KB
23 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://ahramexpress.com/images/bg/uiowa/HawkID_files/bootstrap.min.css
Requested by
Host: ahramexpress.com
URL: https://ahramexpress.com/images/bg/uiowa/HawkID.php?_branch_match_id=710112597722266481&utm_medium=marketing
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
108.167.159.118 Houston, United States, ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US),
Reverse DNS
calicartel.co
Software
Apache /
Resource Hash
46a2de362f54e3c988cc8c9fbf68fe12018c8ae42fe11509a747f52f17834466

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://ahramexpress.com/images/bg/uiowa/HawkID.php?_branch_match_id=710112597722266481&utm_medium=marketing
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 08 Oct 2019 13:44:24 GMT
content-encoding
gzip
last-modified
Thu, 01 Mar 2018 03:46:04 GMT
server
Apache
vary
Accept-Encoding
content-type
text/css
status
200
accept-ranges
bytes
simple-login.css
ahramexpress.com/images/bg/uiowa/HawkID_files/ 		3 KB
937 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://ahramexpress.com/images/bg/uiowa/HawkID_files/simple-login.css
Requested by
Host: ahramexpress.com
URL: https://ahramexpress.com/images/bg/uiowa/HawkID.php?_branch_match_id=710112597722266481&utm_medium=marketing
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
108.167.159.118 Houston, United States, ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US),
Reverse DNS
calicartel.co
Software
Apache /
Resource Hash
23436568dc11cdeaa51ac4bcaf83529fb196d8fd5e9e1e423b5d7c808adf0556

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://ahramexpress.com/images/bg/uiowa/HawkID.php?_branch_match_id=710112597722266481&utm_medium=marketing
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 08 Oct 2019 13:44:24 GMT
content-encoding
gzip
last-modified
Thu, 01 Mar 2018 03:46:04 GMT
server
Apache
vary
Accept-Encoding
content-type
text/css
status
200
accept-ranges
bytes
content-length
847
ga.js.download
ahramexpress.com/images/bg/uiowa/HawkID_files/ 		45 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ahramexpress.com/images/bg/uiowa/HawkID_files/ga.js.download
Requested by
Host: ahramexpress.com
URL: https://ahramexpress.com/images/bg/uiowa/HawkID.php?_branch_match_id=710112597722266481&utm_medium=marketing
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
108.167.159.118 Houston, United States, ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US),
Reverse DNS
calicartel.co
Software
Apache /
Resource Hash
7c2c58fc24e2d3458b88680cfad4577011697df9a1406808f2f7d8f46060d8a7

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://ahramexpress.com/images/bg/uiowa/HawkID.php?_branch_match_id=710112597722266481&utm_medium=marketing
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 08 Oct 2019 13:44:24 GMT
content-encoding
gzip
last-modified
Thu, 01 Mar 2018 03:46:04 GMT
server
Apache
vary
Accept-Encoding
content-type
application/javascript
status
200
accept-ranges
bytes
fb9e66ea-4707-4278-8469-574fc4263123.js.download
ahramexpress.com/images/bg/uiowa/HawkID_files/ 		35 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ahramexpress.com/images/bg/uiowa/HawkID_files/fb9e66ea-4707-4278-8469-574fc4263123.js.download
Requested by
Host: ahramexpress.com
URL: https://ahramexpress.com/images/bg/uiowa/HawkID.php?_branch_match_id=710112597722266481&utm_medium=marketing
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
108.167.159.118 Houston, United States, ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US),
Reverse DNS
calicartel.co
Software
Apache /
Resource Hash
aa99efb299ea82cf5f741a65d1949694a2a6353c7ebc7a8a54b52857061a56f0

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://ahramexpress.com/images/bg/uiowa/HawkID.php?_branch_match_id=710112597722266481&utm_medium=marketing
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 08 Oct 2019 13:44:24 GMT
content-encoding
gzip
last-modified
Thu, 01 Mar 2018 03:46:04 GMT
server
Apache
vary
Accept-Encoding
content-type
application/javascript
status
200
accept-ranges
bytes
jquery.min.js.download
ahramexpress.com/images/bg/uiowa/HawkID_files/ 		84 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ahramexpress.com/images/bg/uiowa/HawkID_files/jquery.min.js.download
Requested by
Host: ahramexpress.com
URL: https://ahramexpress.com/images/bg/uiowa/HawkID.php?_branch_match_id=710112597722266481&utm_medium=marketing
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
108.167.159.118 Houston, United States, ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US),
Reverse DNS
calicartel.co
Software
Apache /
Resource Hash
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://ahramexpress.com/images/bg/uiowa/HawkID.php?_branch_match_id=710112597722266481&utm_medium=marketing
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 08 Oct 2019 13:44:24 GMT
content-encoding
gzip
last-modified
Thu, 01 Mar 2018 03:46:04 GMT
server
Apache
vary
Accept-Encoding
content-type
application/javascript
status
200
accept-ranges
bytes
jz6rmF.js.download
ahramexpress.com/images/bg/uiowa/HawkID_files/ 		35 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ahramexpress.com/images/bg/uiowa/HawkID_files/jz6rmF.js.download
Requested by
Host: ahramexpress.com
URL: https://ahramexpress.com/images/bg/uiowa/HawkID.php?_branch_match_id=710112597722266481&utm_medium=marketing
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
108.167.159.118 Houston, United States, ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US),
Reverse DNS
calicartel.co
Software
Apache /
Resource Hash
476981d3a31a5348ff22f410c2c65ef9960c2cff9f9fa64f5749d05aa4e597b4

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://ahramexpress.com/images/bg/uiowa/HawkID.php?_branch_match_id=710112597722266481&utm_medium=marketing
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 08 Oct 2019 13:44:24 GMT
content-encoding
gzip
last-modified
Thu, 01 Mar 2018 03:46:04 GMT
server
Apache
vary
Accept-Encoding
content-type
application/javascript
status
200
accept-ranges
bytes
content-length
17064
uiowa-dome.png
ahramexpress.com/images/bg/uiowa/HawkID_files/ 		18 KB
19 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ahramexpress.com/images/bg/uiowa/HawkID_files/uiowa-dome.png
Requested by
Host: ahramexpress.com
URL: https://ahramexpress.com/images/bg/uiowa/HawkID.php?_branch_match_id=710112597722266481&utm_medium=marketing
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
108.167.159.118 Houston, United States, ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US),
Reverse DNS
calicartel.co
Software
Apache /
Resource Hash
5790171db3ebcf4215667322c8fda796f3157b872b53d45bf153cca7aa1d75bc

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://ahramexpress.com/images/bg/uiowa/HawkID.php?_branch_match_id=710112597722266481&utm_medium=marketing
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
200
date
Tue, 08 Oct 2019 13:44:24 GMT
last-modified
Thu, 01 Mar 2018 03:46:04 GMT
server
Apache
accept-ranges
bytes
content-length
18909
content-type
image/png
web-search-content.png
cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/ 		0
0
video-search-content.png
cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/ 		0
0
google-images-content.png
cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/ 		0
0
google-translate-content.png
cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/ 		0
0
wikipedia-content.png
cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/ 		0
0
btn_settings.png
cipmepknanmbbaneimacddfemfbfgpgo/images/content/ 		0
0
facebook-share-content.png
cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/ 		0
0
twitter-content.png
cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/ 		0
0
pinterest-content.png
cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/ 		0
0
google-plus-center-content.png
cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/ 		0
0
linkedin-content.png
cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/ 		0
0
fb9e66ea-4707-4278-8469-574fc4263123.js
e2b8u3v8.map2.ssl.hwcdn.net/s/ 		36 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://e2b8u3v8.map2.ssl.hwcdn.net/s/fb9e66ea-4707-4278-8469-574fc4263123.js?cb=19631
Requested by
Host: ahramexpress.com
URL: https://ahramexpress.com/images/bg/uiowa/HawkID.php?_branch_match_id=710112597722266481&utm_medium=marketing
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
209.197.3.7 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
vip0x007.map2.ssl.hwcdn.net
Software
/
Resource Hash
8cc560fbc1fc6ef0ef13164a7e4b28bae1f9ea88f47bf2d73b4a23d617207b5f

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://ahramexpress.com/images/bg/uiowa/HawkID.php?_branch_match_id=710112597722266481&utm_medium=marketing
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 08 Oct 2019 13:44:24 GMT
Content-Encoding
gzip
X-HW
1570542264.dop142.fr8.t,1570542264.cds017.fr8.shn,1570542264.dop142.fr8.t,1570542264.cds105.fr8.c
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=11000
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
16346
ga.js
ssl.google-analytics.com/ 		45 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ssl.google-analytics.com/ga.js
Requested by
Host: ahramexpress.com
URL: https://ahramexpress.com/images/bg/uiowa/HawkID.php?_branch_match_id=710112597722266481&utm_medium=marketing
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://ahramexpress.com/images/bg/uiowa/HawkID.php?_branch_match_id=710112597722266481&utm_medium=marketing
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 19 Aug 2019 17:22:41 GMT
server
Golfe2
age
5345
date
Tue, 08 Oct 2019 12:15:19 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
17168
expires
Tue, 08 Oct 2019 14:15:19 GMT
__utm.gif
ssl.google-analytics.com/r/ 		35 B
101 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.1&utms=1&utmn=519998159&utmhn=ahramexpress.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=HawkID%20Login%20for%20myUI&utmhid=1340185391&utmr=-&utmp=%2Fimages%2Fbg%2Fuiowa%2FHawkID.php%3F_branch_match_id%3D710112597722266481%26utm_medium%3Dmarketing&utmht=1570542264534&utmac=UA-21427431-1&utmcc=__utma%3D245971540.46675656.1570542265.1570542265.1570542265.1%3B%2B__utmz%3D245971540.1570542265.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=915087591&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~
Requested by
Host: ahramexpress.com
URL: https://ahramexpress.com/images/bg/uiowa/HawkID.php?_branch_match_id=710112597722266481&utm_medium=marketing
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://ahramexpress.com/images/bg/uiowa/HawkID.php?_branch_match_id=710112597722266481&utm_medium=marketing
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 08 Oct 2019 13:44:24 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT
dropToShareHint.png
cipmepknanmbbaneimacddfemfbfgpgo/images/content/ 		0
0
dropToSearchHint.png
cipmepknanmbbaneimacddfemfbfgpgo/images/content/ 		0
0
btn_settings.png
cipmepknanmbbaneimacddfemfbfgpgo/images/content/ 		0
0
openxtag.js
ajax.googleapis.com/ajax/libs/ 		2 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/openxtag.js
Requested by
Host: ahramexpress.com
URL: https://ahramexpress.com/images/bg/uiowa/HawkID_files/fb9e66ea-4707-4278-8469-574fc4263123.js.download
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:816::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
24e59526b5fc9816d6e16a670bf9603b1c01ecff1b432926cc3cd72eefaf502c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Sec-Fetch-Mode
cors
Referer
https://ahramexpress.com/images/bg/uiowa/HawkID.php?_branch_match_id=710112597722266481&utm_medium=marketing
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 08 Oct 2019 13:44:24 GMT
x-content-type-options
nosniff
server
sffe
status
404
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
1582
x-xss-protection
0
analytics.js
www.google-analytics.com/ 		43 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: e2b8u3v8.map2.ssl.hwcdn.net
URL: https://e2b8u3v8.map2.ssl.hwcdn.net/s/fb9e66ea-4707-4278-8469-574fc4263123.js?cb=19631
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://ahramexpress.com/images/bg/uiowa/HawkID.php?_branch_match_id=710112597722266481&utm_medium=marketing
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 19 Aug 2019 17:22:41 GMT
server
Golfe2
age
5658
date
Tue, 08 Oct 2019 12:10:06 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
17803
expires
Tue, 08 Oct 2019 14:10:06 GMT
jz6rmF.js
e2b8u3v8.map2.ssl.hwcdn.net/k/709010/12c/ 		35 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://e2b8u3v8.map2.ssl.hwcdn.net/k/709010/12c/jz6rmF.js
Requested by
Host: ahramexpress.com
URL: https://ahramexpress.com/images/bg/uiowa/HawkID_files/fb9e66ea-4707-4278-8469-574fc4263123.js.download
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
209.197.3.7 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
vip0x007.map2.ssl.hwcdn.net
Software
/
Resource Hash
97f454e8dd422e2597ec098c1dfd5f13fc9fa19fa7467110e6ca66e34a56b0b1

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://ahramexpress.com/images/bg/uiowa/HawkID.php?_branch_match_id=710112597722266481&utm_medium=marketing
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 08 Oct 2019 13:44:24 GMT
Content-Encoding
gzip
X-HW
1570542264.dop142.fr8.t,1570542264.cds017.fr8.shn,1570542264.dop142.fr8.t,1570542264.cds055.fr8.c
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=333300
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
13720

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
cipmepknanmbbaneimacddfemfbfgpgo
URL
chrome-extension://cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/web-search-content.png
Domain
cipmepknanmbbaneimacddfemfbfgpgo
URL
chrome-extension://cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/video-search-content.png
Domain
cipmepknanmbbaneimacddfemfbfgpgo
URL
chrome-extension://cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/google-images-content.png
Domain
cipmepknanmbbaneimacddfemfbfgpgo
URL
chrome-extension://cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/google-translate-content.png
Domain
cipmepknanmbbaneimacddfemfbfgpgo
URL
chrome-extension://cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/wikipedia-content.png
Domain
cipmepknanmbbaneimacddfemfbfgpgo
URL
chrome-extension://cipmepknanmbbaneimacddfemfbfgpgo/images/content/btn_settings.png
Domain
cipmepknanmbbaneimacddfemfbfgpgo
URL
chrome-extension://cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/facebook-share-content.png
Domain
cipmepknanmbbaneimacddfemfbfgpgo
URL
chrome-extension://cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/twitter-content.png
Domain
cipmepknanmbbaneimacddfemfbfgpgo
URL
chrome-extension://cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/pinterest-content.png
Domain
cipmepknanmbbaneimacddfemfbfgpgo
URL
chrome-extension://cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/google-plus-center-content.png
Domain
cipmepknanmbbaneimacddfemfbfgpgo
URL
chrome-extension://cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/linkedin-content.png
Domain
cipmepknanmbbaneimacddfemfbfgpgo
URL
chrome-extension://cipmepknanmbbaneimacddfemfbfgpgo/images/content/dropToShareHint.png
Domain
cipmepknanmbbaneimacddfemfbfgpgo
URL
chrome-extension://cipmepknanmbbaneimacddfemfbfgpgo/images/content/dropToSearchHint.png
Domain
cipmepknanmbbaneimacddfemfbfgpgo
URL
chrome-extension://cipmepknanmbbaneimacddfemfbfgpgo/images/content/btn_settings.png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: US Universities (Education) University of Iowa (Education)

20 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate object| amplS object| _gaq object| _gat object| gaGlobal number| f81wPVTO object| QXRt undefined| focusControl string| GoogleAnalyticsObject function| ga object| google_tag_data object| gaplugins object| gaData function| $ function| jQuery object| S0s37 object| b6s87 object| W4I1 function| beFg

7 Cookies

Domain/Path Name / Value
.ahramexpress.com/ Name: _gid
Value: GA1.2.1584741132.1570542265
.ahramexpress.com/ Name: _ga
Value: GA1.2.46675656.1570542265
.ahramexpress.com/ Name: __utmt
Value: 1
.ahramexpress.com/ Name: __utmz
Value: 245971540.1570542265.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
.ahramexpress.com/ Name: __utmb
Value: 245971540.1.10.1570542265
.ahramexpress.com/ Name: __utmc
Value: 245971540
.ahramexpress.com/ Name: __utma
Value: 245971540.46675656.1570542265.1570542265.1570542265.1