![](/screenshots/cc36632d-17e1-4e22-ba8b-30b073cccf18.png)
publictools.tiaa-cref.org
Open in
urlscan Pro
104.117.223.170
Malicious Activity!
Public Scan
Submission: On July 29 via manual from US
Summary
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on February 2nd 2021. Valid for: a year.
This is the only time publictools.tiaa-cref.org was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: TIAA (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 104.117.223.170 104.117.223.170 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
1 | 2a00:1450:400... 2a00:1450:4001:828::200e | 15169 (GOOGLE) (GOOGLE) | |
1 | 216.58.212.166 216.58.212.166 | 15169 (GOOGLE) (GOOGLE) | |
13 | 104.117.207.26 104.117.207.26 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
16 | 4 |
ASN16625 (AKAMAI-AS, US)
PTR: a104-117-223-170.deploy.static.akamaitechnologies.com
publictools.tiaa-cref.org |
ASN15169 (GOOGLE, US)
www.google-analytics.com |
ASN15169 (GOOGLE, US)
PTR: ams15s22-in-f166.1e100.net
fls.doubleclick.net |
ASN16625 (AKAMAI-AS, US)
PTR: a104-117-207-26.deploy.static.akamaitechnologies.com
www.tiaa.org |
Apex Domain Subdomains |
Transfer | |
---|---|---|
13 |
tiaa.org
www.tiaa.org |
452 KB |
1 |
doubleclick.net
fls.doubleclick.net |
230 B |
1 |
google-analytics.com
www.google-analytics.com |
19 KB |
1 |
tiaa-cref.org
publictools.tiaa-cref.org |
5 KB |
16 | 4 |
Domain | Requested by | |
---|---|---|
13 | www.tiaa.org |
publictools.tiaa-cref.org
www.tiaa.org |
1 | fls.doubleclick.net |
publictools.tiaa-cref.org
|
1 | www.google-analytics.com |
publictools.tiaa-cref.org
|
1 | publictools.tiaa-cref.org | |
16 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
ais2.tiaa-cref.org DigiCert SHA2 Extended Validation Server CA |
2021-02-02 - 2022-02-13 |
a year | crt.sh |
*.google-analytics.com GTS CA 1C3 |
2021-06-28 - 2021-09-20 |
3 months | crt.sh |
*.doubleclick.net GTS CA 1C3 |
2021-06-28 - 2021-09-20 |
3 months | crt.sh |
www.tiaa.org DigiCert SHA2 Extended Validation Server CA |
2021-04-27 - 2022-01-19 |
9 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://publictools.tiaa-cref.org/idp/startSSO.ping?PartnerSpId=Cornerstone
Frame ID: 823D5F6A6F663F298858E5873A269C60
Requests: 16 HTTP requests in this frame
Screenshot
![](/screenshots/cc36632d-17e1-4e22-ba8b-30b073cccf18.png)
Detected technologies
Detected patterns
- script /https?:\/\/fls\.doubleclick\.net/i
Detected patterns
- script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
16 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
startSSO.ping
publictools.tiaa-cref.org/idp/ |
10 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics.js
www.google-analytics.com/ |
48 KB 19 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
json
fls.doubleclick.net/ |
40 B 230 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
boomerang.js
www.tiaa.org/public/js/ |
29 KB 10 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tiaa-global.css
www.tiaa.org/public/ui/shared-components/css/ |
552 KB 95 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tiaa-header.min.js
www.tiaa.org/public/ui/shared-components/js/ |
116 KB 42 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
20000183344188.svg
www.tiaa.org/public/images/334/4188/ |
3 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon-nav-search.png
www.tiaa.org/public/ui/shared-components/images/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo.svg
www.tiaa.org/public/ui/shared-components/images/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tiaa-footer.min.js
www.tiaa.org/public/ui/shared-components/js/ |
560 KB 153 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tiaa-global-print.css
www.tiaa.org/public/ui/shared-components/css/ |
19 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tiaa-icon-font.ttf
www.tiaa.org/public/ui/shared-components/fonts/ |
16 KB 16 KB |
Font
application/font-sfnt |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
84083fa0-6a9d-40f7-806f-63add8cde800.woff2
www.tiaa.org/public/ui/shared-components/fonts/ |
31 KB 31 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
285ba495-2172-479d-86ad-c20c8ee7ff3b-3.woff
www.tiaa.org/public/ui/shared-components/fonts/ |
30 KB 30 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ea7dcf5e-c101-46d3-a553-bb46f78ca7e4.woff2
www.tiaa.org/public/ui/shared-components/fonts/ |
17 KB 18 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
LyonTextWeb-Regular.woff2
www.tiaa.org/public/ui/shared-components/fonts/ |
48 KB 49 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: TIAA (Financial)34 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated object| google_tag_data function| ga object| gaplugins object| s_4_Integrate_DFA_get_0 function| FWBind object| html5 object| Modernizr function| $ function| jQuery function| picturefill object| lazySizesConfig object| lazySizes function| BOOMR_check_doc_domain object| BOOMR boolean| BOOMR_log function| EventEmitter2 boolean| googlemap_flag object| tiaa object| F2_instance object| F2 object| globalEvents string| value boolean| _loaded0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
fls.doubleclick.net
publictools.tiaa-cref.org
www.google-analytics.com
www.tiaa.org
104.117.207.26
104.117.223.170
216.58.212.166
2a00:1450:4001:828::200e
11e89fae565177fb43c74ad842a3f3376cdaef33e642217c90755eb5bb44cb4f
13b59ca6f35e8b7ece53d5b1fbf0fd28a602d5fcfd4d19f6dadd25c1dd65a757
178abb0bad55ac294e77e0e2a6841f5366cd97d9ab91fc659826a12188563230
22a72c49d58b2c6bd78b290079203116c9f248f5e25a13f8ed89fb218da7e7a2
66f03932ca43cfdc4bf34cc163fb4cedeb8d79d1ac6dcc1bae3dee08e50bca3c
677124c6ff82c130411d65036ee11e1e8b381579caa9ae685bff492504fbcb5b
80fc2f0d9c307b5cc0439ae0bc77463fc2bcffef390543ef5ebe5d07b16f3244
91dd0000398d3d82d837c493ce319541659d663aef2e382d99c128f683e11330
9bfa08b9d1f8c51f6337ae3f979cec4b36aa88cdb444a1e2363fc429a257db9b
9df003fad45bc80cdc412dbbd7d46f5e218fc67b14e8500b1b6db06a5c03fde9
bd796e21c6e305065b0c34a808be2ec6383bb0fe32eefac728d444442a422aad
c35b1d0cf5b5f84d82973e9c229c84dcc384865c74ce31923b5cf3d6ada26285
cc2defe7428131bfd8cebada43c3f88d4f9261f04a10e706fa3c885610a0bbfa
ccde3bfe20979e058d91f0281119bf55d660ef3264b89d6e52f73e8cc70d255d
db60b4734e812bf8a424b3e34fc48382931f421f1bb094e6511509e82c6e5ff3
e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd