![](/screenshots/65d7c8a0-0e94-4e22-8b54-4d6cc894085c.png)
login.gatech.pro
Open in
urlscan Pro
185.199.110.153
Malicious Activity!
Public Scan
Submission: On January 30 via automatic, source certstream-suspicious
Summary
TLS certificate: Issued by DigiCert SHA2 High Assurance Server CA on May 6th 2020. Valid for: 2 years.
This is the only time login.gatech.pro was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: US Universities (Education)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
4 | 185.199.110.153 185.199.110.153 | 54113 (FASTLY) (FASTLY) | |
1 | 130.207.160.55 130.207.160.55 | 2637 (GEORGIA-TECH) (GEORGIA-TECH) | |
5 | 2 |
ASN2637 (GEORGIA-TECH, US)
PTR: login.bcdc.gatech.edu
login.gatech.edu |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
gatech.pro
login.gatech.pro |
47 KB |
1 |
gatech.edu
login.gatech.edu |
3 KB |
5 | 2 |
Domain | Requested by | |
---|---|---|
4 | login.gatech.pro |
login.gatech.pro
|
1 | login.gatech.edu |
login.gatech.pro
|
5 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
b.gatech.edu |
passport.gatech.edu |
techsupport.gatech.edu |
iam.gatech.edu |
www.gatech.edu |
hr.gatech.edu |
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.github.com DigiCert SHA2 High Assurance Server CA |
2020-05-06 - 2022-04-14 |
2 years | crt.sh |
login.gatech.edu InCommon RSA Server CA |
2021-01-06 - 2022-01-06 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://login.gatech.pro/
Frame ID: 307899F004E5D287235E6AC6047C6016
Requests: 5 HTTP requests in this frame
Screenshot
![](/screenshots/65d7c8a0-0e94-4e22-8b54-4d6cc894085c.png)
Detected technologies
![](/vendor/wappa/icons/Ruby.png)
Detected patterns
- headers server /^GitHub\.com$/i
Detected patterns
- headers via /varnish(?: \(Varnish\/([\d.]+)\))?/i
![](/vendor/wappa/icons/Ruby on Rails.png)
Detected patterns
- headers server /^GitHub\.com$/i
Detected patterns
- headers server /^GitHub\.com$/i
Page Statistics
12 Outgoing links
These are links going to different origins than the main page.
Title: http://b.gatech.edu/it-policies
Search URL Search Domain Scan URL
Title: I don't know my GT account
Search URL Search Domain Scan URL
Title: I don't know my password
Search URL Search Domain Scan URL
Title: My correct username and password aren't working
Search URL Search Domain Scan URL
Title: OIT Technology Support Center
Search URL Search Domain Scan URL
Title: Additional documentation including how to integrate your application with GT Login
Search URL Search Domain Scan URL
Title: Emergency Information
Search URL Search Domain Scan URL
Title: Legal & Privacy Information
Search URL Search Domain Scan URL
Title: Accessibility
Search URL Search Domain Scan URL
Title: Accountability
Search URL Search Domain Scan URL
Title: Accreditation
Search URL Search Domain Scan URL
Title: Employment
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
5 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
login.gatech.pro/ |
3 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.66ffcf68.chunk.css
login.gatech.pro/static/css/ |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
2.37f7f33b.chunk.js
login.gatech.pro/static/js/ |
130 KB 42 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.2b904c4a.chunk.js
login.gatech.pro/static/js/ |
6 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo-gt-cropped.png
login.gatech.edu/cas/images/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: US Universities (Education)10 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated object| webpackJsonpmy-app0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
login.gatech.edu
login.gatech.pro
130.207.160.55
185.199.110.153
39902c964144e92504075935f02a0b1c5b4f9859d65c480460087f7fe63e8c6c
6e6158bad5afb841ff0426b2e7a87a9ceefac937ca0cfdc1b84ea4b4da5267d9
72ede2775dc5a4c59c9ca711471e82490d70fed38fc0d20a018478c9aedda922
87c3b9238584781128d57a3d147ef3265261084203e69b50d1b802758e7a4fc7
b164717c42e8753d43ddb23b471731f3e70b78fcb927173640a80cd64e63ca08