apps.utdallas.edu Open in urlscan Pro
104.17.222.144 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.sharestion.com/nam/8d281d1d-9c4d-4bf7-b16e-032d15de9f6c/909560dc-3e26-48fc-8886-c3d87963da69/d87f7c10-7316-43dd...
Effective URL:
https://apps.utdallas.edu/infosecurity/internal-phishing/landing_StudentJobScam.html
Submission: On September 21 via manual (September 21st 2023, 2:41:59 pm UTC) from US — Scanned from DE

Summary HTTP 12 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 5 IPs in 3 countries across 5 domains to perform 12 HTTP transactions. The main IP is 104.17.222.144, located in and belongs to CLOUDFLARENET, US. The main domain is apps.utdallas.edu.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on December 12th 2022. Valid for: a year.

This is the only time apps.utdallas.edu was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	13.107.213.65 13.107.213.65	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
3	104.17.222.144 104.17.222.144	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.17.226.144 104.17.226.144	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	169.150.247.39 169.150.247.39	60068 (CDN77 ^_^) (CDN77 ^_^)
1	104.16.56.101 104.16.56.101	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	52.216.113.187 52.216.113.187	16509 (AMAZON-02) (AMAZON-02)
12	5

1 13.107.213.65 (United States) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.sharestion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.17.222.144 (None, )

ASN13335 (CLOUDFLARENET, US)

apps.utdallas.edu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.17.226.144 (None, )

ASN13335 (CLOUDFLARENET, US)

websvcs.utdallas.edu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 169.150.247.39 (Frankfurt am Main, Germany)

ASN60068 (CDN77 ^_^, GB)
PTR: 169-150-247-39.bunnyinfra.net

bpb-us-e2.wpmucdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.56.101 (None, )

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 52.216.113.187 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1-w.amazonaws.com

helpimg.s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	amazonaws.com helpimg.s3.amazonaws.com — Cisco Umbrella Rank: 416730	617 KB
4	utdallas.edu apps.utdallas.edu websvcs.utdallas.edu — Cisco Umbrella Rank: 480050	5 KB
2	wpmucdn.com bpb-us-e2.wpmucdn.com — Cisco Umbrella Rank: 173114	112 KB
1	cloudflareinsights.com static.cloudflareinsights.com — Cisco Umbrella Rank: 1476	7 KB
1	sharestion.com 1 redirects www.sharestion.com	315 B
12	5

	Domain	Requested by
5	helpimg.s3.amazonaws.com	websvcs.utdallas.edu
3	apps.utdallas.edu	apps.utdallas.edu static.cloudflareinsights.com
2	bpb-us-e2.wpmucdn.com	apps.utdallas.edu
1	static.cloudflareinsights.com	apps.utdallas.edu
1	websvcs.utdallas.edu	apps.utdallas.edu
1	www.sharestion.com	1 redirects
12	6

This site contains links to these domains. Also see Links.

Domain
infosecurity.utdallas.edu

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-12-12` - `2023-12-12`	a year	crt.sh
bpb-us-e2.wpmucdn.com R3	`2023-08-29` - `2023-11-27`	3 months	crt.sh
*.s3.amazonaws.com Amazon RSA 2048 M01	`2023-03-21` - `2023-12-19`	9 months	crt.sh

This page contains 1 frames:

Primary Page: https://apps.utdallas.edu/infosecurity/internal-phishing/landing_StudentJobScam.html
Frame ID: AA3607DF0F2F4F4D16AAC66CD7CE0349
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://www.sharestion.com/nam/8d281d1d-9c4d-4bf7-b16e-032d15de9f6c/909560dc-3e26-48fc-8886-c3d87963da6... HTTP 302
https://apps.utdallas.edu/infosecurity/internal-phishing/landing_StudentJobScam.html Page URL

Detected technologies

Cloudflare Browser Insights (Analytics) Expand

Overall confidence: 100%
Detected patterns

static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

Page Statistics

12
Requests

100 %
HTTPS

0 %
IPv6

5
Domains

6
Subdomains

5
IPs

3
Countries

741 kB
Transfer

760 kB
Size

1
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://infosecurity.utdallas.edu/
Title: infosecurity.utdallas.edu

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.sharestion.com/nam/8d281d1d-9c4d-4bf7-b16e-032d15de9f6c/909560dc-3e26-48fc-8886-c3d87963da69/d87f7c10-7316-43dd-93cd-3a00ff9ef3c8/landing?id=NzdxdUw3cUc2WU02UWdDK0xOMGF5UllsbXo0VlZJUTc1TFZXMmNGM3RYeExkbytxcjFoeDNNbFBCL1F1bzUwU3F4SXBMOHl5TGxpWitId056bjlnczRKSmg0VGZFeXp0WSs4dHplSGRpaTRtUEduSGRLMmVmN3pDTjkxcGJnelJuNmYyejdIOGw2NnBpVFhpN3VRSUhWb0E3dnFpMWc5bU5veFhEc05rVm1jZ2lVODFsZjc2dTJHRzQzTUh1VWc5dERic3d0akVYbk9PbnpaR1dvWFlNT1lEYzN6SHdNSDZLK2xEK01kSStISUtocUtwcHpoWVlNcVJFa0tsRy9nUXdyMHYzUzFRRldlN0lLWHlmdi9oOWRWYjN0elVFMVhLZWR5YlZZeUtuUnAzZ2x4Szd4SHgyRExxU0pKK2h0S0VqWHA2V1NibHg5WFZ4dk8wQjNjTWR6VU1MTHgwaXJKbjNxaHJPUWFoWS9ybGZBNEpUa2JhYVVxNks0RzlWY0FP HTTP 302
https://apps.utdallas.edu/infosecurity/internal-phishing/landing_StudentJobScam.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request landing_StudentJobScam.html Show response
apps.utdallas.edu/infosecurity/internal-phishing/
Redirect Chain

https://www.sharestion.com/nam/8d281d1d-9c4d-4bf7-b16e-032d15de9f6c/909560dc-3e26-48fc-8886-c3d87963da69/d87f7c10-7316-43dd-93cd-3a00ff9ef3c8/landing?id=NzdxdUw3cUc2WU02UWdDK0xOMGF5UllsbXo0VlZJUTc1...
https://apps.utdallas.edu/infosecurity/internal-phishing/landing_StudentJobScam.html

4 KB
2 KB

1133ms
651ms

Document
text/html

104.17.222.144
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://apps.utdallas.edu/infosecurity/internal-phishing/landing_StudentJobScam.html
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.17.222.144 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e0a15b7cfa5382b49564c225bc8e48adf3f83bfa3436796bc2244231577d4edb

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cf-cache-status: DYNAMIC
cf-ray: 80a31252992f9b51-FRA
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Thu, 21 Sep 2023 14:41:53 GMT
server: cloudflare
vary: Accept-Encoding

Redirect headers

content-length: 0
content-security-policy: img-src https: data: ; style-src 'self' 'unsafe-inline'; script-src 'self'
date: Thu, 21 Sep 2023 14:41:52 GMT
location: https://apps.utdallas.edu/infosecurity/internal-phishing/landing_StudentJobScam.html
request-context: appId=
strict-transport-security: max-age=2592000
x-azure-ref: 20230921T144150Z-bbyfb1txup55p83kg83zqc3tbs000000044000000001h2he
x-cache: CONFIG_NOCACHE

GET
H2 200 campaign.css
websvcs.utdallas.edu/templates/infosecurity/ 9 KB
2 KB 1055ms
715ms Stylesheet
text/css 104.17.226.144
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://websvcs.utdallas.edu/templates/infosecurity/campaign.css
Requested by: Host: apps.utdallas.edu
URL: https://apps.utdallas.edu/infosecurity/internal-phishing/landing_StudentJobScam.html
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.17.226.144 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 59ccc529fa4396c3cc7a48812b9089da6ec45c46252f8d446dea2065a312c80c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://apps.utdallas.edu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 14:41:54 GMT
content-encoding: gzip
cf-cache-status: MISS
last-modified: Tue, 09 Jun 2020 22:19:29 GMT
server: cloudflare
etag: "2570-5a7ae1efc01cd"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 80a31258de133832-FRA
content-length: 2217
expires: Thu, 21 Sep 2023 18:41:54 GMT

GET
H2 200 utdEmblemGreenCircle.png
bpb-us-e2.wpmucdn.com/sites.utdallas.edu/dist/6/1343/files/2023/04/ 41 KB
42 KB 498ms
139ms Image
image/png 169.150.247.39
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bpb-us-e2.wpmucdn.com/sites.utdallas.edu/dist/6/1343/files/2023/04/utdEmblemGreenCircle.png
Requested by: Host: apps.utdallas.edu
URL: https://apps.utdallas.edu/infosecurity/internal-phishing/landing_StudentJobScam.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 169.150.247.39 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: 169-150-247-39.bunnyinfra.net
Software: BunnyCDN-DE1-1082 /
Resource Hash: f28148048e782ac3587486655f6012978d4799b0172b6dd9d87b611beb895169

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://apps.utdallas.edu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 14:41:54 GMT
cdn-edgestorageid: 1081
cdn-cachedat: 09/21/2023 14:41:54
cdn-pullzone: 1057727
content-length: 42278
last-modified: Mon, 03 Apr 2023 16:30:27 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: "96c18df2702bc72bea5edb41070ced04"
content-type: image/png
access-control-allow-origin: *
cdn-cache: MISS
cdn-uid: 778bbc1f-fc99-4e43-843d-a54ddaa69624
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: 46a3b82a44e9995ead692cf5deedf730
accept-ranges: bytes
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 iso4_colorFlip.png
bpb-us-e2.wpmucdn.com/sites.utdallas.edu/dist/6/1343/files/2023/04/ 69 KB
70 KB 1053ms
694ms Image
image/png 169.150.247.39
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bpb-us-e2.wpmucdn.com/sites.utdallas.edu/dist/6/1343/files/2023/04/iso4_colorFlip.png
Requested by: Host: apps.utdallas.edu
URL: https://apps.utdallas.edu/infosecurity/internal-phishing/landing_StudentJobScam.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 169.150.247.39 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: 169-150-247-39.bunnyinfra.net
Software: BunnyCDN-DE1-1082 /
Resource Hash: 2ed8042b02d631e637c60fb101c315133088ed9a4922e5f35feb287e088b4b61

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://apps.utdallas.edu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 14:41:54 GMT
cdn-edgestorageid: 1080
cdn-cachedat: 09/21/2023 14:41:54
cdn-pullzone: 1057727
content-length: 70587
last-modified: Mon, 03 Apr 2023 17:04:27 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: "134856a77c13112c1f2fed3b8310d196"
content-type: image/png
access-control-allow-origin: *
cdn-cache: MISS
cdn-uid: 778bbc1f-fc99-4e43-843d-a54ddaa69624
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: c383946e1f89160e7617c15dbd8002a4
accept-ranges: bytes
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 email-decode.min.js Show response
apps.utdallas.edu/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
847 B 13ms
12ms Script
application/javascript 104.17.222.144
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://apps.utdallas.edu/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: apps.utdallas.edu
URL: https://apps.utdallas.edu/infosecurity/internal-phishing/landing_StudentJobScam.html

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.222.144 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://apps.utdallas.edu/infosecurity/internal-phishing/landing_StudentJobScam.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 14:41:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 19 Sep 2023 09:47:05 GMT
server: cloudflare
etag: W/"65096e19-4d7"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript
cache-control: max-age=172800, public
cf-ray: 80a31256bf0d9b51-FRA
expires: Sat, 23 Sep 2023 14:41:53 GMT

GET
H2 200 v8b253dfea2ab4077af8c6f58422dfbfd1689876627854 Show response
static.cloudflareinsights.com/beacon.min.js/ 20 KB
7 KB 370ms
45ms Script
text/javascript 104.16.56.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/v8b253dfea2ab4077af8c6f58422dfbfd1689876627854
Requested by: Host: apps.utdallas.edu
URL: https://apps.utdallas.edu/infosecurity/internal-phishing/landing_StudentJobScam.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.56.101 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c235f21017bcc11fcaa31d7dfd9855aaebcbf5f6d7ee9bf9f2e98a910907c391

Request headers

Referer: https://apps.utdallas.edu/
Origin: https://apps.utdallas.edu
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 14:41:54 GMT
content-encoding: gzip
last-modified: Thu, 20 Jul 2023 18:10:27 GMT
server: cloudflare
etag: W/"2023.7.1"
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 80a31258bb0c9073-FRA

GET
H/1.1 403
Forbidden OpenSans-regular.ttf
helpimg.s3.amazonaws.com/landing_pages/serf/fonts/ 0
0 356ms
126ms Font
application/xml 52.216.113.187
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://helpimg.s3.amazonaws.com/landing_pages/serf/fonts/OpenSans-regular.ttf
Requested by: Host: websvcs.utdallas.edu
URL: https://websvcs.utdallas.edu/templates/infosecurity/campaign.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.113.187 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash

Request headers

Referer: https://websvcs.utdallas.edu/
Origin: https://apps.utdallas.edu
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

Date: Thu, 21 Sep 2023 14:41:54 GMT
Server: AmazonS3
x-amz-request-id: TQPPC9QEM0K44C91
Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag
Transfer-Encoding: chunked
Content-Type: application/xml
x-amz-id-2: 0Z7L80AnvmD/167blk2QtOGyom83soREQADpi6Ph+65iTo7rlwFiVlJ3CY7idfXXtSs+cXhRxRk=

GET
H/1.1 200
OK americantypewriter.ttf
helpimg.s3.amazonaws.com/landing_pages/serf/fonts/ 396 KB
397 KB 352ms
122ms Font
binary/octet-stream 52.216.113.187
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://helpimg.s3.amazonaws.com/landing_pages/serf/fonts/americantypewriter.ttf
Requested by: Host: websvcs.utdallas.edu
URL: https://websvcs.utdallas.edu/templates/infosecurity/campaign.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.113.187 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: d7f0978dca94accb0b9dae4cb6ad5fec2880d1fe330d3bd0f49969be71aaaf12

Request headers

Referer: https://websvcs.utdallas.edu/
Origin: https://apps.utdallas.edu
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

Date: Thu, 21 Sep 2023 14:41:56 GMT
x-amz-version-id: mZQdT71ccbvkWUyH7rX09cZdT3HZIl_3
x-amz-request-id: TQPXX3RW63D3009G
x-amz-replication-status: COMPLETED
Content-Length: 405440
x-amz-id-2: n2CxJELTFEiDRCxgnOlHKUC+55IuLPaIOKjYTBF/dOHeURe1a3fk15UDZsJ4sXky9huN2kwTTRc=
Last-Modified: Wed, 28 Aug 2019 19:44:24 GMT
Server: AmazonS3
ETag: "15edd62c16f64956c75ce0f47dc70fde"
Access-Control-Max-Age: 3000
Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag
Content-Type: binary/octet-stream
Accept-Ranges: bytes

GET
H/1.1 403
Forbidden OpenSans-SemiBold.ttf
helpimg.s3.amazonaws.com/landing_pages/serf/fonts/ 0
0 351ms
121ms Font
application/xml 52.216.113.187
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://helpimg.s3.amazonaws.com/landing_pages/serf/fonts/OpenSans-SemiBold.ttf
Requested by: Host: websvcs.utdallas.edu
URL: https://websvcs.utdallas.edu/templates/infosecurity/campaign.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.113.187 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash

Request headers

Referer: https://websvcs.utdallas.edu/
Origin: https://apps.utdallas.edu
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

Date: Thu, 21 Sep 2023 14:41:54 GMT
Server: AmazonS3
x-amz-request-id: TQPGKWQP0JHXVFN9
Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag
Transfer-Encoding: chunked
Content-Type: application/xml
x-amz-id-2: bOWimExhJJkWeSZBVgRe17GAtLoCbmdfgw0F8u0PnfiKAYOCgjnZBWEAy6a/l7fv9NV+6GlzSVA=

GET
H/1.1 200
OK OpenSans-Bold.ttf
helpimg.s3.amazonaws.com/landing_pages/serf/fonts/ 219 KB
220 KB 354ms
125ms Font
binary/octet-stream 52.216.113.187
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://helpimg.s3.amazonaws.com/landing_pages/serf/fonts/OpenSans-Bold.ttf
Requested by: Host: websvcs.utdallas.edu
URL: https://websvcs.utdallas.edu/templates/infosecurity/campaign.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.113.187 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: 1a6bc6775358bfed0e4191b6f2c4d7d75d122f0c6e5a255f264ab455c67237b7

Request headers

Referer: https://websvcs.utdallas.edu/
Origin: https://apps.utdallas.edu
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

Date: Thu, 21 Sep 2023 14:41:56 GMT
x-amz-version-id: GUArudcgsXmvr.gNpsEL4tVOMyNBjeX6
x-amz-request-id: TQPX1CDAC37W62VG
x-amz-replication-status: COMPLETED
Content-Length: 224592
x-amz-id-2: Wtp1bTdbe8/Dhgq9NgW/Zuu7HpBqOUEgnj1WEcIuvA9nQGaP388HcIwFaeEmHp6niXJ2whMTKUg=
Last-Modified: Wed, 28 Aug 2019 19:44:23 GMT
Server: AmazonS3
ETag: "7d86d474397b74ecc2595ca86193fbb3"
Access-Control-Max-Age: 3000
Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag
Content-Type: binary/octet-stream
Accept-Ranges: bytes

GET
H/1.1 403
Forbidden OpenSans-SemiBoldItalic.ttf
helpimg.s3.amazonaws.com/landing_pages/serf/fonts/ 0
0 351ms
121ms Font
application/xml 52.216.113.187
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://helpimg.s3.amazonaws.com/landing_pages/serf/fonts/OpenSans-SemiBoldItalic.ttf
Requested by: Host: websvcs.utdallas.edu
URL: https://websvcs.utdallas.edu/templates/infosecurity/campaign.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.113.187 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash

Request headers

Referer: https://websvcs.utdallas.edu/
Origin: https://apps.utdallas.edu
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

Date: Thu, 21 Sep 2023 14:41:55 GMT
Server: AmazonS3
x-amz-request-id: TQPWMVGKP3V7XRYZ
Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag
Transfer-Encoding: chunked
Content-Type: application/xml
x-amz-id-2: tqBVlN/slXaGfWmtwBX4rX9cky31Gg2q3dOukRSOP7Pk5AKBBTxbkcSFCc/CjIKIbBO7CEtW79A=

POST
H2 204 rum Show response
apps.utdallas.edu/cdn-cgi/ 0
166 B 12ms
12ms XHR
text/plain 104.17.222.144
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://apps.utdallas.edu/cdn-cgi/rum?

Requested by

Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/v8b253dfea2ab4077af8c6f58422dfbfd1689876627854

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.222.144 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://apps.utdallas.edu/infosecurity/internal-phishing/landing_StudentJobScam.html
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36
content-type: application/json

Response headers

date: Thu, 21 Sep 2023 14:41:55 GMT
x-content-type-options: nosniff
server: cloudflare
vary: Origin
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://apps.utdallas.edu
x-frame-options: DENY
access-control-allow-credentials: true
cf-ray: 80a31261fef69b51-FRA

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture object| __cfBeacon

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			apps.utdallas.edu/	1969-12-31 23:59:59	Name: utd1P Value: !0JhFGBVWd+7x7itb7sNLloLqAyCWngS1ZwYqyBXZ2b90c8Qpiu31VBnhrkgEmvOMLmb3V0uaEc0FwWs=

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://helpimg.s3.amazonaws.com/landing_pages/serf/fonts/OpenSans-SemiBold.ttf Message: Failed to load resource: the server responded with a status of 403 (Forbidden)
network	error	URL: https://helpimg.s3.amazonaws.com/landing_pages/serf/fonts/OpenSans-SemiBoldItalic.ttf Message: Failed to load resource: the server responded with a status of 403 (Forbidden)
network	error	URL: https://helpimg.s3.amazonaws.com/landing_pages/serf/fonts/OpenSans-regular.ttf Message: Failed to load resource: the server responded with a status of 403 (Forbidden)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

apps.utdallas.edu
bpb-us-e2.wpmucdn.com
helpimg.s3.amazonaws.com
static.cloudflareinsights.com
websvcs.utdallas.edu
www.sharestion.com
104.16.56.101
104.17.222.144
104.17.226.144
13.107.213.65
169.150.247.39
52.216.113.187
1a6bc6775358bfed0e4191b6f2c4d7d75d122f0c6e5a255f264ab455c67237b7
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
2ed8042b02d631e637c60fb101c315133088ed9a4922e5f35feb287e088b4b61
59ccc529fa4396c3cc7a48812b9089da6ec45c46252f8d446dea2065a312c80c
c235f21017bcc11fcaa31d7dfd9855aaebcbf5f6d7ee9bf9f2e98a910907c391
d7f0978dca94accb0b9dae4cb6ad5fec2880d1fe330d3bd0f49969be71aaaf12
e0a15b7cfa5382b49564c225bc8e48adf3f83bfa3436796bc2244231577d4edb
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f28148048e782ac3587486655f6012978d4799b0172b6dd9d87b611beb895169

apps.utdallas.edu Open in urlscan Pro 104.17.222.144 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

12 Requests

100 %HTTPS

0 %IPv6

5 Domains

6 Subdomains

5 IPs

3 Countries

741 kBTransfer

760 kBSize

1 Cookies

1 Outgoing links

Page URL History

Redirected requests

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

1 Cookies

3 Console Messages

Indicators

apps.utdallas.edu Open in urlscan Pro
104.17.222.144 Public Scan

Screenshot
Live screenshot

Full Image

12
Requests

100 %
HTTPS

0 %
IPv6

5
Domains

6
Subdomains

5
IPs

3
Countries

741 kB
Transfer

760 kB
Size

1
Cookies

12 HTTP transactions
0 data transactions