ottermedicine.com Open in urlscan Pro
162.144.6.146 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://ottermedicine.com/shabe/uiowa/HawkID.htm
Submission: On October 25 via manual (October 25th 2018, 4:57:12 pm UTC) from US

Summary HTTP 36 Redirects Links 5 Behaviour Indicators

Summary

This website contacted 6 IPs in 2 countries across 7 domains to perform 36 HTTP transactions. The main IP is 162.144.6.146, located in Provo, United States and belongs to UNIFIEDLAYER-AS-1 - Unified Layer, US. The main domain is ottermedicine.com.

This is the only time ottermedicine.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: US Universities (Education) University of Iowa (Education)

Domain & IP information

	IP Address	AS Autonomous System
8	162.144.6.146 162.144.6.146	46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1 - Unified Layer)
2	209.197.3.7 209.197.3.7	20446 (HIGHWINDS3) (HIGHWINDS3 - Highwinds Network Group)
3	2a00:1450:400... 2a00:1450:4001:820::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
7	209.126.103.139 209.126.103.139	30083 (HEG-US) (HEG-US - HEG US Inc.)
2	2a00:1450:400... 2a00:1450:4001:819::200a	15169 (GOOGLE) (GOOGLE - Google LLC)
36	6

8 162.144.6.146 (Provo, United States)

ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US)
PTR: gator3133.hostgator.com

ottermedicine.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 209.197.3.7 (Phoenix, United States)

ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US)
PTR: vip0x007.map2.ssl.hwcdn.net

e2b8u3v8.map2.ssl.hwcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:820::200e (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 209.126.103.139 (Saint Louis, United States)

ASN30083 (HEG-US - HEG US Inc., US)
PTR: condor2710.startdedicated.com

srv1.clk-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
king.contentssl.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:819::200a (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	ottermedicine.com ottermedicine.com	131 KB
6	contentssl.com king.contentssl.com	1 KB
3	google-analytics.com www.google-analytics.com	34 KB
2	googleapis.com ajax.googleapis.com	31 KB
2	hwcdn.net e2b8u3v8.map2.ssl.hwcdn.net	30 KB
1	clk-analytics.com srv1.clk-analytics.com	2 KB
0	Failed function sub() { [native code] }. Failed
36	7

	Domain	Requested by
8	ottermedicine.com	ottermedicine.com
6	king.contentssl.com	srv1.clk-analytics.com
3	www.google-analytics.com	ottermedicine.com e2b8u3v8.map2.ssl.hwcdn.net
2	ajax.googleapis.com	ottermedicine.com
2	e2b8u3v8.map2.ssl.hwcdn.net	ottermedicine.com
1	srv1.clk-analytics.com	ottermedicine.com
0	cipmepknanmbbaneimacddfemfbfgpgo Failed	ottermedicine.com
36	7

This site contains links to these domains. Also see Links.

Domain
apps.its.uiowa.edu
myui.uiowa.edu

Subject Issuer	Validity	Valid
*.map2.ssl.hwcdn.net COMODO RSA Domain Validation Secure Server CA	`2018-04-10` - `2020-04-09`	2 years	crt.sh
*.google-analytics.com Google Internet Authority G3	`2018-10-09` - `2019-01-01`	3 months	crt.sh
srv1.clk-analytics.com Let's Encrypt Authority X3	`2018-10-08` - `2019-01-06`	3 months	crt.sh
*.googleapis.com Google Internet Authority G3	`2018-10-09` - `2019-01-01`	3 months	crt.sh
king.contentssl.com Let's Encrypt Authority X3	`2018-07-14` - `2018-10-12`	3 months	crt.sh

This page contains 1 frames:

Primary Page: http://ottermedicine.com/shabe/uiowa/HawkID.htm
Frame ID: BCE9A0F9EF6309F1824A83075DD50178
Requests: 36 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|(analytics))\.js/i
env /^gaGlobal$/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
script /jquery.*\.js/i
env /^jQuery$/i

Twitter Bootstrap () Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+?href="[^"]+bootstrap(?:\.min)?\.css/i

Page Statistics

36
Requests

19 %
HTTPS

40 %
IPv6

7
Domains

7
Subdomains

6
IPs

2
Countries

229 kB
Transfer

577 kB
Size

7
Cookies

5 Outgoing links

These are links going to different origins than the main page.

URL: https://apps.its.uiowa.edu/pwtool/reset
Title: Forgot your HawkID password?

Search URL Search Domain Scan URL

URL: https://myui.uiowa.edu/my-ui/guest-login.page
Title: Click here for the guest login page

Search URL Search Domain Scan URL

URL: https://myui.uiowa.edu/my-ui/courses/dashboard.page
Title: Courses

Search URL Search Domain Scan URL

URL: https://myui.uiowa.edu/my-ui/help/dashboard.page
Title: Help

Search URL Search Domain Scan URL

URL: https://myui.uiowa.edu/my-ui/home.page
Title: News & Information

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 19

http://www.google-analytics.com/ga.js HTTP 307
https://www.google-analytics.com/ga.js

Request Chain 25

http://www.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=674076763&utmhn=ottermedicine.com&utmcs=windows-1252&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=HawkID%20Login%20for%20myUI&utmhid=932022064&utmr=-&utmp=%2Fshabe%2Fuiowa%2FHawkID.htm&utmht=1540486622046&utmac=UA-21427431-1&utmcc=__utma%3D122534485.1375775657.1540486622.1540486622.1540486622.1%3B%2B__utmz%3D122534485.1540486622.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=864503748&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~ HTTP 307
https://www.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=674076763&utmhn=ottermedicine.com&utmcs=windows-1252&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=HawkID%20Login%20for%20myUI&utmhid=932022064&utmr=-&utmp=%2Fshabe%2Fuiowa%2FHawkID.htm&utmht=1540486622046&utmac=UA-21427431-1&utmcc=__utma%3D122534485.1375775657.1540486622.1540486622.1540486622.1%3B%2B__utmz%3D122534485.1540486622.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=864503748&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~

36 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request HawkID.htm Show response
ottermedicine.com/shabe/uiowa/ 14 KB
4 KB 636ms
291ms Document
text/html 162.144.6.146
Unified Layer

General

Check archive.org

Show headers Download Go to

Full URL: http://ottermedicine.com/shabe/uiowa/HawkID.htm
Protocol: HTTP/1.1
Server: 162.144.6.146 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US),
Reverse DNS: gator3133.hostgator.com
Software: nginx/1.14.0 /
Resource Hash: e73ec758c4da39298816c8e87058029d84beb14bd29d502d4f72af110f869bd7

Request headers

Host: ottermedicine.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Server: nginx/1.14.0
Date: Thu, 25 Oct 2018 16:57:01 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 01 Mar 2018 04:11:02 GMT
Content-Encoding: gzip

GET
H/1.1 200
OK bootstrap.min.css
ottermedicine.com/shabe/uiowa/HawkID_files/ 97 KB
21 KB 190ms
189ms Stylesheet
text/css 162.144.6.146
Unified Layer

General

Check archive.org

Show headers Download Go to

Full URL: http://ottermedicine.com/shabe/uiowa/HawkID_files/bootstrap.min.css
Requested by: Host: ottermedicine.com
URL: http://ottermedicine.com/shabe/uiowa/HawkID.htm
Protocol: HTTP/1.1
Server: 162.144.6.146 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US),
Reverse DNS: gator3133.hostgator.com
Software: nginx/1.14.0 /
Resource Hash: 46a2de362f54e3c988cc8c9fbf68fe12018c8ae42fe11509a747f52f17834466

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: ottermedicine.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://ottermedicine.com/shabe/uiowa/HawkID.htm
Connection: keep-alive
Cache-Control: no-cache
Referer: http://ottermedicine.com/shabe/uiowa/HawkID.htm
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 25 Oct 2018 16:57:01 GMT
Content-Encoding: gzip
Last-Modified: Thu, 01 Mar 2018 03:46:04 GMT
Server: nginx/1.14.0
Connection: keep-alive
Transfer-Encoding: chunked
Content-Type: text/css

GET
H/1.1 200
OK simple-login.css
ottermedicine.com/shabe/uiowa/HawkID_files/ 3 KB
1 KB 170ms
170ms Stylesheet
text/css 162.144.6.146
Unified Layer

General

Check archive.org

Show headers Download Go to

Full URL: http://ottermedicine.com/shabe/uiowa/HawkID_files/simple-login.css
Requested by: Host: ottermedicine.com
URL: http://ottermedicine.com/shabe/uiowa/HawkID.htm
Protocol: HTTP/1.1
Server: 162.144.6.146 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US),
Reverse DNS: gator3133.hostgator.com
Software: nginx/1.14.0 /
Resource Hash: 23436568dc11cdeaa51ac4bcaf83529fb196d8fd5e9e1e423b5d7c808adf0556

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: ottermedicine.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://ottermedicine.com/shabe/uiowa/HawkID.htm
Connection: keep-alive
Cache-Control: no-cache
Referer: http://ottermedicine.com/shabe/uiowa/HawkID.htm
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 25 Oct 2018 16:57:01 GMT
Content-Encoding: gzip
Last-Modified: Thu, 01 Mar 2018 03:46:04 GMT
Server: nginx/1.14.0
Connection: keep-alive
Transfer-Encoding: chunked
Content-Type: text/css

GET
H/1.1 200
OK ga.js.download Show response
ottermedicine.com/shabe/uiowa/HawkID_files/ 45 KB
19 KB 533ms
185ms Script
application/javascript 162.144.6.146
Unified Layer

General

Check archive.org

Show headers Download Go to

Full URL: http://ottermedicine.com/shabe/uiowa/HawkID_files/ga.js.download
Requested by: Host: ottermedicine.com
URL: http://ottermedicine.com/shabe/uiowa/HawkID.htm
Protocol: HTTP/1.1
Server: 162.144.6.146 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US),
Reverse DNS: gator3133.hostgator.com
Software: nginx/1.14.0 /
Resource Hash: 7c2c58fc24e2d3458b88680cfad4577011697df9a1406808f2f7d8f46060d8a7

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: ottermedicine.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: http://ottermedicine.com/shabe/uiowa/HawkID.htm
Connection: keep-alive
Cache-Control: no-cache
Referer: http://ottermedicine.com/shabe/uiowa/HawkID.htm
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 25 Oct 2018 16:57:01 GMT
Content-Encoding: gzip
Last-Modified: Thu, 01 Mar 2018 03:46:04 GMT
Server: nginx/1.14.0
Connection: keep-alive
Transfer-Encoding: chunked
Content-Type: application/javascript

GET
H/1.1 200
OK fb9e66ea-4707-4278-8469-574fc4263123.js.download Show response
ottermedicine.com/shabe/uiowa/HawkID_files/ 35 KB
18 KB 345ms
175ms Script
application/javascript 162.144.6.146
Unified Layer

General

Check archive.org

Show headers Download Go to

Full URL: http://ottermedicine.com/shabe/uiowa/HawkID_files/fb9e66ea-4707-4278-8469-574fc4263123.js.download
Requested by: Host: ottermedicine.com
URL: http://ottermedicine.com/shabe/uiowa/HawkID.htm
Protocol: HTTP/1.1
Server: 162.144.6.146 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US),
Reverse DNS: gator3133.hostgator.com
Software: nginx/1.14.0 /
Resource Hash: aa99efb299ea82cf5f741a65d1949694a2a6353c7ebc7a8a54b52857061a56f0

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: ottermedicine.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: http://ottermedicine.com/shabe/uiowa/HawkID.htm
Connection: keep-alive
Cache-Control: no-cache
Referer: http://ottermedicine.com/shabe/uiowa/HawkID.htm
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 25 Oct 2018 16:57:01 GMT
Content-Encoding: gzip
Last-Modified: Thu, 01 Mar 2018 03:46:04 GMT
Server: nginx/1.14.0
Connection: keep-alive
Transfer-Encoding: chunked
Content-Type: application/javascript

GET
H/1.1 200
OK jquery.min.js.download Show response
ottermedicine.com/shabe/uiowa/HawkID_files/ 84 KB
34 KB 588ms
237ms Script
application/javascript 162.144.6.146
Unified Layer

General

Check archive.org

Show headers Download Go to

Full URL: http://ottermedicine.com/shabe/uiowa/HawkID_files/jquery.min.js.download
Requested by: Host: ottermedicine.com
URL: http://ottermedicine.com/shabe/uiowa/HawkID.htm
Protocol: HTTP/1.1
Server: 162.144.6.146 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US),
Reverse DNS: gator3133.hostgator.com
Software: nginx/1.14.0 /
Resource Hash: 05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: ottermedicine.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: http://ottermedicine.com/shabe/uiowa/HawkID.htm
Connection: keep-alive
Cache-Control: no-cache
Referer: http://ottermedicine.com/shabe/uiowa/HawkID.htm
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 25 Oct 2018 16:57:01 GMT
Content-Encoding: gzip
Last-Modified: Thu, 01 Mar 2018 03:46:04 GMT
Server: nginx/1.14.0
Connection: keep-alive
Transfer-Encoding: chunked
Content-Type: application/javascript

GET
H/1.1 200
OK jz6rmF.js.download Show response
ottermedicine.com/shabe/uiowa/HawkID_files/ 35 KB
15 KB 168ms
168ms Script
application/javascript 162.144.6.146
Unified Layer

General

Check archive.org

Show headers Download Go to

Full URL: http://ottermedicine.com/shabe/uiowa/HawkID_files/jz6rmF.js.download
Requested by: Host: ottermedicine.com
URL: http://ottermedicine.com/shabe/uiowa/HawkID.htm
Protocol: HTTP/1.1
Server: 162.144.6.146 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US),
Reverse DNS: gator3133.hostgator.com
Software: nginx/1.14.0 /
Resource Hash: 476981d3a31a5348ff22f410c2c65ef9960c2cff9f9fa64f5749d05aa4e597b4

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: ottermedicine.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: http://ottermedicine.com/shabe/uiowa/HawkID.htm
Connection: keep-alive
Cache-Control: no-cache
Referer: http://ottermedicine.com/shabe/uiowa/HawkID.htm
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 25 Oct 2018 16:57:02 GMT
Content-Encoding: gzip
Last-Modified: Thu, 01 Mar 2018 03:46:04 GMT
Server: nginx/1.14.0
Connection: keep-alive
Transfer-Encoding: chunked
Content-Type: application/javascript

GET
H/1.1 200
OK uiowa-dome.png
ottermedicine.com/shabe/uiowa/HawkID_files/ 18 KB
19 KB 234ms
234ms Image
image/png 162.144.6.146
Unified Layer

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://ottermedicine.com/shabe/uiowa/HawkID_files/uiowa-dome.png
Requested by: Host: ottermedicine.com
URL: http://ottermedicine.com/shabe/uiowa/HawkID.htm
Protocol: HTTP/1.1
Server: 162.144.6.146 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US),
Reverse DNS: gator3133.hostgator.com
Software: nginx/1.14.0 /
Resource Hash: 5790171db3ebcf4215667322c8fda796f3157b872b53d45bf153cca7aa1d75bc

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: ottermedicine.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://ottermedicine.com/shabe/uiowa/HawkID.htm
Connection: keep-alive
Cache-Control: no-cache
Referer: http://ottermedicine.com/shabe/uiowa/HawkID.htm
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 25 Oct 2018 16:57:02 GMT
Last-Modified: Thu, 01 Mar 2018 03:46:04 GMT
Server: nginx/1.14.0
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 18909
Content-Type: image/png

GET web-search-content.png
cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/ 0
0

GET video-search-content.png
cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/ 0
0

GET google-images-content.png
cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/ 0
0

GET google-translate-content.png
cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/ 0
0

GET wikipedia-content.png
cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/ 0
0

GET btn_settings.png
cipmepknanmbbaneimacddfemfbfgpgo/images/content/ 0
0

GET facebook-share-content.png
cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/ 0
0

GET twitter-content.png
cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/ 0
0

GET pinterest-content.png
cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/ 0
0

GET google-plus-center-content.png
cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/ 0
0

GET linkedin-content.png
cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/ 0
0

GET
H/1.1 200
OK fb9e66ea-4707-4278-8469-574fc4263123.js Show response
e2b8u3v8.map2.ssl.hwcdn.net/s/ 34 KB
16 KB 51ms
8ms Script
text/javascript 209.197.3.7
Highwinds Network...

General

Check archive.org

Show headers Download Go to

Full URL: https://e2b8u3v8.map2.ssl.hwcdn.net/s/fb9e66ea-4707-4278-8469-574fc4263123.js?cb=19256
Requested by: Host: ottermedicine.com
URL: http://ottermedicine.com/shabe/uiowa/HawkID.htm
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 209.197.3.7 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS: vip0x007.map2.ssl.hwcdn.net
Software: /
Resource Hash: ab7821d6322bc15b1a3d40209a610a91f06fa1f4728f68190edf9ae6a91f001d

Request headers

Referer: http://ottermedicine.com/shabe/uiowa/HawkID.htm
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 25 Oct 2018 16:57:02 GMT
Content-Encoding: gzip
X-HW: 1540486622.dop022.fr8.t,1540486622.cds036.fr8.shn,1540486622.dop022.fr8.t,1540486622.cds021.fr8.c
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=11000
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 16000

GET
S

200

ga.js Show response
www.google-analytics.com/
Redirect Chain

http://www.google-analytics.com/ga.js
https://www.google-analytics.com/ga.js

45 KB
17 KB

6ms
5ms

Script
text/javascript

2a00:1450:4001:820::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/ga.js

Requested by

Host: ottermedicine.com
URL: http://ottermedicine.com/shabe/uiowa/HawkID.htm

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:820::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://ottermedicine.com/shabe/uiowa/HawkID.htm
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 11 Oct 2018 19:41:26 GMT
server: Golfe2
age: 1628
date: Thu, 25 Oct 2018 16:29:54 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 17168
expires: Thu, 25 Oct 2018 18:29:54 GMT

Redirect headers

Location: https://www.google-analytics.com/ga.js
Non-Authoritative-Reason: HSTS

GET
H/1.1 200
OK / Show response
srv1.clk-analytics.com/i/ 4 KB
2 KB 501ms
141ms Script
application/javascript 209.126.103.139
HEG US Inc.

General

Check archive.org

Show headers Download Go to

Full URL: https://srv1.clk-analytics.com/i/?tid=837&hash=6n21ye&subid=1167
Requested by: Host: ottermedicine.com
URL: http://ottermedicine.com/shabe/uiowa/HawkID_files/fb9e66ea-4707-4278-8469-574fc4263123.js.download
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 209.126.103.139 Saint Louis, United States, ASN30083 (HEG-US - HEG US Inc., US),
Reverse DNS: condor2710.startdedicated.com
Software: Apache/2.4.18 (Ubuntu) /
Resource Hash: 890ef9703f755eece6a9f2a3b221911989cb142d32a4ee61fcb4ff3bbe5e89c4

Request headers

Referer: http://ottermedicine.com/shabe/uiowa/HawkID.htm
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 25 Oct 2018 16:57:02 GMT
Content-Encoding: gzip
Server: Apache/2.4.18 (Ubuntu)
Connection: close
Content-Length: 1384
Vary: Accept-Encoding
Content-Type: application/javascript

GET dropToSearchHint.png
cipmepknanmbbaneimacddfemfbfgpgo/images/content/ 0
0

GET dropToShareHint.png
cipmepknanmbbaneimacddfemfbfgpgo/images/content/ 0
0

GET btn_settings.png
cipmepknanmbbaneimacddfemfbfgpgo/images/content/ 0
0

GET
H/1.1 404
Not Found openxtag.js Show response
ajax.googleapis.com/ajax/libs/ 2 KB
2 KB 19ms
13ms XHR
text/html 2a00:1450:4001:819::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

http://ajax.googleapis.com/ajax/libs/openxtag.js

Requested by

Host: ottermedicine.com
URL: http://ottermedicine.com/shabe/uiowa/HawkID_files/fb9e66ea-4707-4278-8469-574fc4263123.js.download

Protocol

HTTP/1.1

Server

2a00:1450:4001:819::200a , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

24e59526b5fc9816d6e16a670bf9603b1c01ecff1b432926cc3cd72eefaf502c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: http://ottermedicine.com/shabe/uiowa/HawkID.htm
Origin: http://ottermedicine.com

Response headers

Date: Thu, 25 Oct 2018 16:57:02 GMT
X-Content-Type-Options: nosniff
Server: sffe
Content-Type: text/html; charset=UTF-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Content-Length: 1582
X-XSS-Protection: 1; mode=block

GET
S

200

__utm.gif
www.google-analytics.com/r/
Redirect Chain

http://www.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=674076763&utmhn=ottermedicine.com&utmcs=windows-1252&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utm...
https://www.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=674076763&utmhn=ottermedicine.com&utmcs=windows-1252&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&ut...

35 B
111 B

13ms
13ms

Image
image/gif

2a00:1450:4001:820::200e
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=674076763&utmhn=ottermedicine.com&utmcs=windows-1252&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=HawkID%20Login%20for%20myUI&utmhid=932022064&utmr=-&utmp=%2Fshabe%2Fuiowa%2FHawkID.htm&utmht=1540486622046&utmac=UA-21427431-1&utmcc=__utma%3D122534485.1375775657.1540486622.1540486622.1540486622.1%3B%2B__utmz%3D122534485.1540486622.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=864503748&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~

Requested by

Host: ottermedicine.com
URL: http://ottermedicine.com/shabe/uiowa/HawkID.htm

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:820::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://ottermedicine.com/shabe/uiowa/HawkID.htm
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 25 Oct 2018 16:57:02 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://www.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=674076763&utmhn=ottermedicine.com&utmcs=windows-1252&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=HawkID%20Login%20for%20myUI&utmhid=932022064&utmr=-&utmp=%2Fshabe%2Fuiowa%2FHawkID.htm&utmht=1540486622046&utmac=UA-21427431-1&utmcc=__utma%3D122534485.1375775657.1540486622.1540486622.1540486622.1%3B%2B__utmz%3D122534485.1540486622.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=864503748&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~
Non-Authoritative-Reason: HSTS

GET
S 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/2.2.4/ 84 KB
29 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:819::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js

Requested by

Host: ottermedicine.com
URL: http://ottermedicine.com/shabe/uiowa/HawkID_files/fb9e66ea-4707-4278-8469-574fc4263123.js.download

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:819::200a , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://ottermedicine.com/shabe/uiowa/HawkID.htm
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 02 Oct 2018 06:22:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2025264
status: 200
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 30028
x-xss-protection: 1; mode=block
last-modified: Tue, 20 Dec 2016 18:17:03 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 02 Oct 2019 06:22:38 GMT

GET
H/1.1 200
OK jz6rmF.js Show response
e2b8u3v8.map2.ssl.hwcdn.net/k/709010/12c/ 35 KB
14 KB 15ms
6ms Script
text/javascript 209.197.3.7
Highwinds Network...

General

Check archive.org

Show headers Download Go to

Full URL: https://e2b8u3v8.map2.ssl.hwcdn.net/k/709010/12c/jz6rmF.js
Requested by: Host: ottermedicine.com
URL: http://ottermedicine.com/shabe/uiowa/HawkID_files/fb9e66ea-4707-4278-8469-574fc4263123.js.download
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 209.197.3.7 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS: vip0x007.map2.ssl.hwcdn.net
Software: /
Resource Hash: 97f454e8dd422e2597ec098c1dfd5f13fc9fa19fa7467110e6ca66e34a56b0b1

Request headers

Referer: http://ottermedicine.com/shabe/uiowa/HawkID.htm
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 25 Oct 2018 16:57:02 GMT
Content-Encoding: gzip
X-HW: 1540486622.dop022.fr8.t,1540486622.cds036.fr8.shn,1540486622.dop022.fr8.t,1540486622.cds021.fr8.c
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=333300
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 13720

GET
S 200 analytics.js Show response
www.google-analytics.com/ 42 KB
17 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:820::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: e2b8u3v8.map2.ssl.hwcdn.net
URL: https://e2b8u3v8.map2.ssl.hwcdn.net/s/fb9e66ea-4707-4278-8469-574fc4263123.js?cb=19256

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:820::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8cb05b675fe6419a9e91eb587c60902c7ed1cb6c42b8cff8ce404ef89f635cde

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://ottermedicine.com/shabe/uiowa/HawkID.htm
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 11 Oct 2018 19:41:26 GMT
server: Golfe2
age: 1663
date: Thu, 25 Oct 2018 16:29:19 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 17301
expires: Thu, 25 Oct 2018 18:29:19 GMT

POST
H/1.1 200
OK stats.php Show response
king.contentssl.com/f/ 5 B
271 B 616ms
120ms XHR
text/html 209.126.103.139
HEG US Inc.

General

Check archive.org

Show headers Download Go to

Full URL: https://king.contentssl.com/f/stats.php
Requested by: Host: srv1.clk-analytics.com
URL: https://srv1.clk-analytics.com/i/?tid=837&hash=6n21ye&subid=1167
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 209.126.103.139 Saint Louis, United States, ASN30083 (HEG-US - HEG US Inc., US),
Reverse DNS: condor2710.startdedicated.com
Software: Apache/2.4.18 (Ubuntu) /
Resource Hash: fcbcf165908dd18a9e49f7ff27810176db8e9f63b4352213741664245224f8aa

Request headers

Referer: http://ottermedicine.com/shabe/uiowa/HawkID.htm
Origin: http://ottermedicine.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

Date: Thu, 25 Oct 2018 16:57:03 GMT
Content-Encoding: gzip
Server: Apache/2.4.18 (Ubuntu)
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Access-Control-Allow-Origin: *
Connection: close
Content-Length: 25

POST
H/1.1 200
OK stats.php Show response
king.contentssl.com/f/ 5 B
271 B 631ms
122ms XHR
text/html 209.126.103.139
HEG US Inc.

General

Check archive.org

Show headers Download Go to

Full URL: https://king.contentssl.com/f/stats.php
Requested by: Host: srv1.clk-analytics.com
URL: https://srv1.clk-analytics.com/i/?tid=837&hash=6n21ye&subid=1167
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 209.126.103.139 Saint Louis, United States, ASN30083 (HEG-US - HEG US Inc., US),
Reverse DNS: condor2710.startdedicated.com
Software: Apache/2.4.18 (Ubuntu) /
Resource Hash: fcbcf165908dd18a9e49f7ff27810176db8e9f63b4352213741664245224f8aa

Request headers

Referer: http://ottermedicine.com/shabe/uiowa/HawkID.htm
Origin: http://ottermedicine.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

Date: Thu, 25 Oct 2018 16:57:03 GMT
Content-Encoding: gzip
Server: Apache/2.4.18 (Ubuntu)
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Access-Control-Allow-Origin: *
Connection: close
Content-Length: 25

POST
H/1.1 200
OK stats.php Show response
king.contentssl.com/f/ 5 B
271 B 663ms
138ms XHR
text/html 209.126.103.139
HEG US Inc.

General

Check archive.org

Show headers Download Go to

Full URL: https://king.contentssl.com/f/stats.php
Requested by: Host: srv1.clk-analytics.com
URL: https://srv1.clk-analytics.com/i/?tid=837&hash=6n21ye&subid=1167
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 209.126.103.139 Saint Louis, United States, ASN30083 (HEG-US - HEG US Inc., US),
Reverse DNS: condor2710.startdedicated.com
Software: Apache/2.4.18 (Ubuntu) /
Resource Hash: fcbcf165908dd18a9e49f7ff27810176db8e9f63b4352213741664245224f8aa

Request headers

Referer: http://ottermedicine.com/shabe/uiowa/HawkID.htm
Origin: http://ottermedicine.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

Date: Thu, 25 Oct 2018 16:57:03 GMT
Content-Encoding: gzip
Server: Apache/2.4.18 (Ubuntu)
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Access-Control-Allow-Origin: *
Connection: close
Content-Length: 25

POST
H/1.1 200
OK speed.php Show response
king.contentssl.com/f/ 0
198 B 661ms
130ms XHR
text/html 209.126.103.139
HEG US Inc.

General

Check archive.org

Show headers Download Go to

Full URL: https://king.contentssl.com/f/speed.php
Requested by: Host: srv1.clk-analytics.com
URL: https://srv1.clk-analytics.com/i/?tid=837&hash=6n21ye&subid=1167
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 209.126.103.139 Saint Louis, United States, ASN30083 (HEG-US - HEG US Inc., US),
Reverse DNS: condor2710.startdedicated.com
Software: Apache/2.4.18 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://ottermedicine.com/shabe/uiowa/HawkID.htm
Origin: http://ottermedicine.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

Access-Control-Allow-Origin: *
Date: Thu, 25 Oct 2018 16:57:03 GMT
Server: Apache/2.4.18 (Ubuntu)
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

POST
H/1.1 200
OK speed.php Show response
king.contentssl.com/f/ 0
198 B 639ms
120ms XHR
text/html 209.126.103.139
HEG US Inc.

General

Check archive.org

Show headers Download Go to

Full URL: https://king.contentssl.com/f/speed.php
Requested by: Host: srv1.clk-analytics.com
URL: https://srv1.clk-analytics.com/i/?tid=837&hash=6n21ye&subid=1167
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 209.126.103.139 Saint Louis, United States, ASN30083 (HEG-US - HEG US Inc., US),
Reverse DNS: condor2710.startdedicated.com
Software: Apache/2.4.18 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://ottermedicine.com/shabe/uiowa/HawkID.htm
Origin: http://ottermedicine.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

Access-Control-Allow-Origin: *
Date: Thu, 25 Oct 2018 16:57:03 GMT
Server: Apache/2.4.18 (Ubuntu)
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

POST
H/1.1 200
OK speed.php Show response
king.contentssl.com/f/ 0
198 B 621ms
120ms XHR
text/html 209.126.103.139
HEG US Inc.

General

Check archive.org

Show headers Download Go to

Full URL: https://king.contentssl.com/f/speed.php
Requested by: Host: srv1.clk-analytics.com
URL: https://srv1.clk-analytics.com/i/?tid=837&hash=6n21ye&subid=1167
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 209.126.103.139 Saint Louis, United States, ASN30083 (HEG-US - HEG US Inc., US),
Reverse DNS: condor2710.startdedicated.com
Software: Apache/2.4.18 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://ottermedicine.com/shabe/uiowa/HawkID.htm
Origin: http://ottermedicine.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

Access-Control-Allow-Origin: *
Date: Thu, 25 Oct 2018 16:57:03 GMT
Server: Apache/2.4.18 (Ubuntu)
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: cipmepknanmbbaneimacddfemfbfgpgo
URL: chrome-extension://cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/web-search-content.png

Domain: cipmepknanmbbaneimacddfemfbfgpgo
URL: chrome-extension://cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/video-search-content.png

Domain: cipmepknanmbbaneimacddfemfbfgpgo
URL: chrome-extension://cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/google-images-content.png

Domain: cipmepknanmbbaneimacddfemfbfgpgo
URL: chrome-extension://cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/google-translate-content.png

Domain: cipmepknanmbbaneimacddfemfbfgpgo
URL: chrome-extension://cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/wikipedia-content.png

Domain: cipmepknanmbbaneimacddfemfbfgpgo
URL: chrome-extension://cipmepknanmbbaneimacddfemfbfgpgo/images/content/btn_settings.png

Domain: cipmepknanmbbaneimacddfemfbfgpgo
URL: chrome-extension://cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/facebook-share-content.png

Domain: cipmepknanmbbaneimacddfemfbfgpgo
URL: chrome-extension://cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/twitter-content.png

Domain: cipmepknanmbbaneimacddfemfbfgpgo
URL: chrome-extension://cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/pinterest-content.png

Domain: cipmepknanmbbaneimacddfemfbfgpgo
URL: chrome-extension://cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/google-plus-center-content.png

Domain: cipmepknanmbbaneimacddfemfbfgpgo
URL: chrome-extension://cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/linkedin-content.png

Domain: cipmepknanmbbaneimacddfemfbfgpgo
URL: chrome-extension://cipmepknanmbbaneimacddfemfbfgpgo/images/content/dropToSearchHint.png

Domain: cipmepknanmbbaneimacddfemfbfgpgo
URL: chrome-extension://cipmepknanmbbaneimacddfemfbfgpgo/images/content/dropToShareHint.png

Domain: cipmepknanmbbaneimacddfemfbfgpgo
URL: chrome-extension://cipmepknanmbbaneimacddfemfbfgpgo/images/content/btn_settings.png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: US Universities (Education) University of Iowa (Education)

18 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

7 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.ottermedicine.com/	1970-01-18 19:56:13	Name: _gid Value: GA1.2.564355811.1540486622
.ottermedicine.com/	1970-01-19 13:25:58	Name: _ga Value: GA1.2.1375775657.1540486622
.ottermedicine.com/	1970-01-19 13:25:58	Name: __utma Value: 122534485.1375775657.1540486622.1540486622.1540486622.1
.ottermedicine.com/	1970-01-19 00:17:34	Name: __utmz Value: 122534485.1540486622.1.1.utmcsr=(direct)\|utmccn=(direct)\|utmcmd=(none)
.ottermedicine.com/	1970-01-18 19:54:48	Name: __utmb Value: 122534485.1.10.1540486622
.ottermedicine.com/	1970-01-18 19:54:47	Name: __utmt Value: 1
.ottermedicine.com/	1969-12-31 23:59:59	Name: __utmc Value: 122534485

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
cipmepknanmbbaneimacddfemfbfgpgo
e2b8u3v8.map2.ssl.hwcdn.net
king.contentssl.com
ottermedicine.com
srv1.clk-analytics.com
www.google-analytics.com
cipmepknanmbbaneimacddfemfbfgpgo
162.144.6.146
209.126.103.139
209.197.3.7
2a00:1450:4001:819::200a
2a00:1450:4001:820::200e
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
23436568dc11cdeaa51ac4bcaf83529fb196d8fd5e9e1e423b5d7c808adf0556
24e59526b5fc9816d6e16a670bf9603b1c01ecff1b432926cc3cd72eefaf502c
46a2de362f54e3c988cc8c9fbf68fe12018c8ae42fe11509a747f52f17834466
476981d3a31a5348ff22f410c2c65ef9960c2cff9f9fa64f5749d05aa4e597b4
5790171db3ebcf4215667322c8fda796f3157b872b53d45bf153cca7aa1d75bc
7c2c58fc24e2d3458b88680cfad4577011697df9a1406808f2f7d8f46060d8a7
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
890ef9703f755eece6a9f2a3b221911989cb142d32a4ee61fcb4ff3bbe5e89c4
8cb05b675fe6419a9e91eb587c60902c7ed1cb6c42b8cff8ce404ef89f635cde
97f454e8dd422e2597ec098c1dfd5f13fc9fa19fa7467110e6ca66e34a56b0b1
aa99efb299ea82cf5f741a65d1949694a2a6353c7ebc7a8a54b52857061a56f0
ab7821d6322bc15b1a3d40209a610a91f06fa1f4728f68190edf9ae6a91f001d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e73ec758c4da39298816c8e87058029d84beb14bd29d502d4f72af110f869bd7
fcbcf165908dd18a9e49f7ff27810176db8e9f63b4352213741664245224f8aa

ottermedicine.com Open in urlscan Pro 162.144.6.146 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

36 Requests

19 %HTTPS

40 %IPv6

7 Domains

7 Subdomains

6 IPs

2 Countries

229 kBTransfer

577 kBSize

7 Cookies

5 Outgoing links

Redirected requests

36 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

18 JavaScript Global Variables

7 Cookies

Indicators

ottermedicine.com Open in urlscan Pro
162.144.6.146 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

36
Requests

19 %
HTTPS

40 %
IPv6

7
Domains

7
Subdomains

6
IPs

2
Countries

229 kB
Transfer

577 kB
Size

7
Cookies

36 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!