urlscan.io logo urlscan.io
SecurityTrails logo

login.gatech.pro Open in urlscan Pro
185.199.110.153  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://login.gatech.pro/
Submission: On January 30 via automatic, source certstream-suspicious
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 5 HTTP transactions. The main IP is 185.199.110.153, located in United States and belongs to FASTLY, US. The main domain is login.gatech.pro.
TLS certificate: Issued by DigiCert SHA2 High Assurance Server CA on May 6th 2020. Valid for: 2 years.
This is the only time login.gatech.pro was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: US Universities (Education)

Domain & IP information

IP Address AS Autonomous System
4 185.199.110.153 54113 (FASTLY)
1 130.207.160.55 2637 (GEORGIA-TECH)
5 2
Apex Domain
Subdomains		 Transfer
4 gatech.pro
login.gatech.pro
47 KB
1 gatech.edu
login.gatech.edu
3 KB
5 2
Domain Requested by
4 login.gatech.pro login.gatech.pro
1 login.gatech.edu login.gatech.pro
5 2

This site contains links to these domains. Also see Links.

Domain
b.gatech.edu
passport.gatech.edu
techsupport.gatech.edu
iam.gatech.edu
www.gatech.edu
hr.gatech.edu
Subject Issuer Validity Valid
www.github.com
DigiCert SHA2 High Assurance Server CA		 2020-05-06 -
2022-04-14		 2 years crt.sh
login.gatech.edu
InCommon RSA Server CA		 2021-01-06 -
2022-01-06		 a year crt.sh

This page contains 1 frames:

Primary Page: https://login.gatech.pro/
Frame ID: 307899F004E5D287235E6AC6047C6016
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^GitHub\.com$/i
Overall confidence: 100%
Detected patterns
  • headers via /varnish(?: \(Varnish\/([\d.]+)\))?/i
Overall confidence: 100%
Detected patterns
  • headers server /^GitHub\.com$/i
Overall confidence: 100%
Detected patterns
  • headers server /^GitHub\.com$/i

Page Statistics

5
Requests

20 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

50 kB
Transfer

144 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
login.gatech.pro/ 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://login.gatech.pro/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.199.110.153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
GitHub.com /
Resource Hash
87c3b9238584781128d57a3d147ef3265261084203e69b50d1b802758e7a4fc7

Request headers

:method
GET
:authority
login.gatech.pro
:scheme
https
:path
/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-type
text/html; charset=utf-8
server
GitHub.com
last-modified
Sat, 30 Jan 2021 08:12:24 GMT
access-control-allow-origin
*
etag
W/"601514e8-b7b"
expires
Sat, 30 Jan 2021 08:23:38 GMT
cache-control
max-age=600
content-encoding
gzip
x-proxy-cache
MISS
x-github-request-id
0862:A7D9:2C1CB2:2EADA8:60151531
accept-ranges
bytes
date
Sat, 30 Jan 2021 08:13:38 GMT
via
1.1 varnish
age
0
x-served-by
cache-hhn4053-HHN
x-cache
MISS
x-cache-hits
0
x-timer
S1611994418.024851,VS0,VE87
vary
Accept-Encoding
x-fastly-request-id
e8c996aa27d3ac775924b58c2e39f33b621debcb
content-length
1485
main.66ffcf68.chunk.css
login.gatech.pro/static/css/ 		3 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://login.gatech.pro/static/css/main.66ffcf68.chunk.css
Requested by
Host: login.gatech.pro
URL: https://login.gatech.pro/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.199.110.153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
GitHub.com /
Resource Hash
b164717c42e8753d43ddb23b471731f3e70b78fcb927173640a80cd64e63ca08

Request headers

Referer
https://login.gatech.pro/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-fastly-request-id
02b33024884a02497f941581ee53d4d23e30c160
date
Sat, 30 Jan 2021 08:13:38 GMT
content-encoding
gzip
age
0
x-cache
MISS
content-length
1038
x-served-by
cache-hhn4053-HHN
access-control-allow-origin
*
last-modified
Sat, 30 Jan 2021 08:12:24 GMT
server
GitHub.com
x-github-request-id
9ACE:EDCC:2C0EF6:2EA32A:60151531
x-timer
S1611994418.140383,VS0,VE88
etag
W/"601514e8-ada"
vary
Accept-Encoding
content-type
text/css; charset=utf-8
via
1.1 varnish
expires
Sat, 30 Jan 2021 08:23:38 GMT
cache-control
max-age=600
accept-ranges
bytes
x-proxy-cache
MISS
x-cache-hits
0
2.37f7f33b.chunk.js
login.gatech.pro/static/js/ 		130 KB
42 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://login.gatech.pro/static/js/2.37f7f33b.chunk.js
Requested by
Host: login.gatech.pro
URL: https://login.gatech.pro/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.199.110.153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
GitHub.com /
Resource Hash
39902c964144e92504075935f02a0b1c5b4f9859d65c480460087f7fe63e8c6c

Request headers

Referer
https://login.gatech.pro/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-fastly-request-id
bec76993556f94289191c040d2eff9239c9bb743
date
Sat, 30 Jan 2021 08:13:38 GMT
content-encoding
gzip
age
0
x-cache
MISS
content-length
43211
x-served-by
cache-hhn4053-HHN
access-control-allow-origin
*
last-modified
Sat, 30 Jan 2021 08:12:24 GMT
server
GitHub.com
x-github-request-id
79A8:13E3B:157A02:16E334:60151531
x-timer
S1611994418.140496,VS0,VE96
etag
W/"601514e8-20867"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
via
1.1 varnish
expires
Sat, 30 Jan 2021 08:23:38 GMT
cache-control
max-age=600
accept-ranges
bytes
x-origin-cache
HIT
x-proxy-cache
MISS
x-cache-hits
0
main.2b904c4a.chunk.js
login.gatech.pro/static/js/ 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://login.gatech.pro/static/js/main.2b904c4a.chunk.js
Requested by
Host: login.gatech.pro
URL: https://login.gatech.pro/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.199.110.153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
GitHub.com /
Resource Hash
6e6158bad5afb841ff0426b2e7a87a9ceefac937ca0cfdc1b84ea4b4da5267d9

Request headers

Referer
https://login.gatech.pro/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-fastly-request-id
3329b7f1a247ba05d0e410ba97e46b2c64372bd2
date
Sat, 30 Jan 2021 08:13:38 GMT
content-encoding
gzip
age
0
x-cache
MISS
content-length
2002
x-served-by
cache-hhn4053-HHN
access-control-allow-origin
*
last-modified
Sat, 30 Jan 2021 08:12:24 GMT
server
GitHub.com
x-github-request-id
C6F6:6B25:95A9F:A1C4C:60151531
x-timer
S1611994418.140475,VS0,VE89
etag
W/"601514e8-1890"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
via
1.1 varnish
expires
Sat, 30 Jan 2021 08:23:38 GMT
cache-control
max-age=600
accept-ranges
bytes
x-proxy-cache
MISS
x-cache-hits
0
logo-gt-cropped.png
login.gatech.edu/cas/images/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://login.gatech.edu/cas/images/logo-gt-cropped.png
Requested by
Host: login.gatech.pro
URL: https://login.gatech.pro/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
130.207.160.55 Atlanta, United States, ASN2637 (GEORGIA-TECH, US),
Reverse DNS
login.bcdc.gatech.edu
Software
Apache-Coyote/1.1 /
Resource Hash
72ede2775dc5a4c59c9ca711471e82490d70fed38fc0d20a018478c9aedda922
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
https://login.gatech.pro/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sat, 30 Jan 2021 08:13:38 GMT
Last-Modified
Fri, 18 Sep 2020 03:43:46 GMT
Server
Apache-Coyote/1.1
ETag
W/"2257-1600400626000"
Strict-Transport-Security
max-age=15552000
Content-Type
image/png;charset=UTF-8
X-Pool-Member
/webauth/cas 130.207.165.24 8080
Accept-Ranges
bytes
Content-Length
2257

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: US Universities (Education)

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated object| webpackJsonpmy-app

0 Cookies