publictools.tiaa-cref.org Open in urlscan Pro
104.117.223.170  Malicious Activity! Public Scan

URL: https://publictools.tiaa-cref.org/idp/startSSO.ping?PartnerSpId=Cornerstone
Submission: On July 29 via manual from US

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 16 HTTP transactions. The main IP is 104.117.223.170, located in Frankfurt am Main, Germany and belongs to AKAMAI-AS, US. The main domain is publictools.tiaa-cref.org.
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on February 2nd 2021. Valid for: a year.
This is the only time publictools.tiaa-cref.org was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: TIAA (Financial)

Domain & IP information

IP Address AS Autonomous System
1 104.117.223.170 16625 (AKAMAI-AS)
1 2a00:1450:400... 15169 (GOOGLE)
1 216.58.212.166 15169 (GOOGLE)
13 104.117.207.26 16625 (AKAMAI-AS)
16 4
Domain Requested by
13 www.tiaa.org publictools.tiaa-cref.org
www.tiaa.org
1 fls.doubleclick.net publictools.tiaa-cref.org
1 www.google-analytics.com publictools.tiaa-cref.org
1 publictools.tiaa-cref.org
16 4

This site contains no links.

Subject Issuer Validity Valid
ais2.tiaa-cref.org
DigiCert SHA2 Extended Validation Server CA
2021-02-02 -
2022-02-13
a year crt.sh
*.google-analytics.com
GTS CA 1C3
2021-06-28 -
2021-09-20
3 months crt.sh
*.doubleclick.net
GTS CA 1C3
2021-06-28 -
2021-09-20
3 months crt.sh
www.tiaa.org
DigiCert SHA2 Extended Validation Server CA
2021-04-27 -
2022-01-19
9 months crt.sh

This page contains 1 frames:

Primary Page: https://publictools.tiaa-cref.org/idp/startSSO.ping?PartnerSpId=Cornerstone
Frame ID: 823D5F6A6F663F298858E5873A269C60
Requests: 16 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • script /https?:\/\/fls\.doubleclick\.net/i

Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Page Statistics

16
Requests

100 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

477 kB
Transfer

1485 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request startSSO.ping
publictools.tiaa-cref.org/idp/
10 KB
5 KB
Document
General
Full URL
https://publictools.tiaa-cref.org/idp/startSSO.ping?PartnerSpId=Cornerstone
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.117.223.170 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-117-223-170.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
13b59ca6f35e8b7ece53d5b1fbf0fd28a602d5fcfd4d19f6dadd25c1dd65a757

Request headers

:method
GET
:authority
publictools.tiaa-cref.org
:scheme
https
:path
/idp/startSSO.ping?PartnerSpId=Cornerstone
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

referrer-policy
origin
cache-control
no-cache, no-store
pragma
no-cache
expires
Thu, 01 Jan 1970 00:00:00 GMT
content-type
text/html;charset=utf-8
x-edgeconnect-midmile-rtt
98
x-edgeconnect-origin-mex-latency
36
vary
Accept-Encoding
content-encoding
gzip
date
Thu, 29 Jul 2021 16:27:52 GMT
content-length
3298
set-cookie
PF=mNK5LZ6VzlQGzH0Kdu6Fmf;Path=/;Secure;HttpOnly;SameSite=None BIGipServerpool_publictools-ha-federation_9030_prod-a=1629521674.17955.0000; path=/; Httponly BIGipServerpool_origin-publictools-ha-federaton_7900_prod-a=335841034.62752.0000; path=/; Httponly; Secure tiaa_dc=nc89; Path=/; Expires=Thu, 29-Jul-2021 16:47:52 GMT TS010984ce=01a4258f70231dd0bb0986b7b77f9bef80d46a067afe3dd0bdbd80b61ddfa388f4ed3e51e2e19b34c9db5455a315e77f27fed3c5772dd20bf36a1c271987db927a0d519937edad26f68d3b3da15bdf9acaaa57a7a012915b92ba7515b3ccdbd57c2a9f85901944893a8a52983f4c727cd579a845bf; Path=/ _abck=C04CA5CAFE867F1DA9A40E5D098FBBF1~-1~YAAQl3p7XHUddqh6AQAACvoX8wY+N1zH3loDTKskpXQNYPFcGpLP0I2K2m3+0jHPdurtQoeENqqnSzByZe/35nKAqomsbfFcRASaTelXPU6PJupnOky9ROzpmdPTdvhiajBcuJevBDtde5esKZ34+RnyV5uIgkOz5SA+9p6N/HtCLA5Cnh+erz9dArAgNDTL3W/ZLjZB3oOUXQtHU34/UB+SrmKmw108MC38kiA0riUfbmjZXGrNa1G0tjh7gz0Wlje86w3MkAWk5JY7OPVtl4pFueZuIj8msjy6dtXF2cAY1RTt8G4YpamDmwEvwfWee23NK5HDwRO6BR8i2Es/csc5j9witOUfRHjLzfUud4Z4jnB2EklZHaCjTCs9OVs=~-1~-1~1627579619; Domain=.tiaa-cref.org; Path=/; Expires=Fri, 29 Jul 2022 16:27:52 GMT; Max-Age=31536000; Secure ak_bmsc=6FE1AD344F74F10A9AA4926B77D7E52E~000000000000000000000000000000~YAAQl3p7XHYddqh6AQAACvoX8wwG/CIZwm9AjDEacJ0tcS8HjeAi012st7HKoPMcQiOCIcy0zyLP3AeGGJyQA/fMiqALAvIRdh8Yq0bb984+aQhL9s+ejdY80iLhyyuskyd4EYWGl7/5cyug9m+sD0mkKCQObuqQwOpr4TSlOP1PTYFqFFej7/niS3a9uo3fjI1AqboxbQfr0j4GSDOu+u8E8+zmxaM74jkLWBk2K7rPYZN9bhdLdgdcU9n9u6UapU8xaYzXx5uoe0qmB9mGWmvRxuAvkGv7sQtLPjQawXM60f5OXduFrS0Hp6N7vZCqnegI4jRyTDR8J/XDYFkeLMqTojasJAHf6o2XjK6fDqVFzq6ppNMp/qoejeeJ1aJ6T+46OEcli/qO5Vu9Vg==; Domain=.tiaa-cref.org; Path=/; Expires=Thu, 29 Jul 2021 18:27:52 GMT; Max-Age=7200; HttpOnly bm_sz=4101CFED92E46F93701D34DE769A8311~YAAQl3p7XHcddqh6AQAACvoX8wySi6j6YAOan749oOhm19AzbA/AZLKeRSSMOFDdV0d13P0pN//VXFiezPLXxSPhP49yvMr7KVBE1kvpdU274ywjejOit4UHU9IgZRVLytCSwOAE/XjGQOeDg7POHCnWh8Ob+QM3Czqo8eu/C+RA9vEvFvILpiGoDQpKfvgjtfHmG0yUA44+RBdpJ6BVRexnLaHQzDM/YXOiGRBCA6N9o06cbNYuEA6dWBSJ3+7HcWfUCo99jzvgJ7HiTISyvtu62nb3liFjkI+UpjfCIvDprKyvCDM=~4342326~4408889; Domain=.tiaa-cref.org; Path=/; Expires=Thu, 29 Jul 2021 20:27:52 GMT; Max-Age=14400
analytics.js
www.google-analytics.com/
48 KB
19 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: publictools.tiaa-cref.org
URL: https://publictools.tiaa-cref.org/idp/startSSO.ping?PartnerSpId=Cornerstone
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://publictools.tiaa-cref.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 13 Jul 2021 18:24:06 GMT
server
Golfe2
age
7109
date
Thu, 29 Jul 2021 14:29:23 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
19672
expires
Thu, 29 Jul 2021 16:29:23 GMT
json
fls.doubleclick.net/
40 B
230 B
Script
General
Full URL
https://fls.doubleclick.net/json?spot=5367511&src=&var=s_4_Integrate_DFA_get_0&host=integrate.112.2o7.net%2Fdfa_echo%3Fvar%3Ds_4_Integrate_DFA_get_0%26AQE%3D1%26A2S%3D1&ord=1688607568451
Requested by
Host: publictools.tiaa-cref.org
URL: https://publictools.tiaa-cref.org/idp/startSSO.ping?PartnerSpId=Cornerstone
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.212.166 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
ams15s22-in-f166.1e100.net
Software
cafe /
Resource Hash
677124c6ff82c130411d65036ee11e1e8b381579caa9ae685bff492504fbcb5b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://publictools.tiaa-cref.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 29 Jul 2021 16:27:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
60
x-xss-protection
0
pragma
no-cache
server
cafe
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
no-cache, must-revalidate
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
boomerang.js
www.tiaa.org/public/js/
29 KB
10 KB
Script
General
Full URL
https://www.tiaa.org/public/js/boomerang.js
Requested by
Host: publictools.tiaa-cref.org
URL: https://publictools.tiaa-cref.org/idp/startSSO.ping?PartnerSpId=Cornerstone
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.117.207.26 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-117-207-26.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
ccde3bfe20979e058d91f0281119bf55d660ef3264b89d6e52f73e8cc70d255d

Request headers

Referer
https://publictools.tiaa-cref.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 29 Jul 2021 16:27:53 GMT
content-encoding
gzip
last-modified
Fri, 15 Dec 2017 02:06:42 GMT
etag
"759f-5605773a27080"
vary
Accept-Encoding
p3p
CP="ALL DSP COR CUR ADM TAI OUR IND COM NAV INT"
accept-ranges
bytes
content-type
application/javascript
content-length
9540
service-worker-allowed
/public/
tiaa-global.css
www.tiaa.org/public/ui/shared-components/css/
552 KB
95 KB
Stylesheet
General
Full URL
https://www.tiaa.org/public/ui/shared-components/css/tiaa-global.css
Requested by
Host: publictools.tiaa-cref.org
URL: https://publictools.tiaa-cref.org/idp/startSSO.ping?PartnerSpId=Cornerstone
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.117.207.26 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-117-207-26.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
db60b4734e812bf8a424b3e34fc48382931f421f1bb094e6511509e82c6e5ff3

Request headers

Referer
https://publictools.tiaa-cref.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-edgeconnect-origin-mex-latency
595, 595, 595
date
Thu, 29 Jul 2021 16:27:53 GMT
content-encoding
gzip
last-modified
Wed, 21 Jul 2021 00:23:12 GMT
x-edgeconnect-midmile-rtt
0, 3, 16
etag
"8a1c9-5c7972cf81c00"
vary
Accept-Encoding
p3p
CP="ALL DSP COR CUR ADM TAI OUR IND COM NAV INT"
accept-ranges
bytes
content-type
text/css
content-length
96557
service-worker-allowed
/public/
tiaa-header.min.js
www.tiaa.org/public/ui/shared-components/js/
116 KB
42 KB
Script
General
Full URL
https://www.tiaa.org/public/ui/shared-components/js/tiaa-header.min.js
Requested by
Host: publictools.tiaa-cref.org
URL: https://publictools.tiaa-cref.org/idp/startSSO.ping?PartnerSpId=Cornerstone
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.117.207.26 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-117-207-26.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
9df003fad45bc80cdc412dbbd7d46f5e218fc67b14e8500b1b6db06a5c03fde9

Request headers

Referer
https://publictools.tiaa-cref.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 29 Jul 2021 16:27:53 GMT
content-encoding
gzip
last-modified
Wed, 21 Jul 2021 00:23:12 GMT
etag
"1d1e6-5c7972cf81c00"
vary
Accept-Encoding
p3p
CP="ALL DSP COR CUR ADM TAI OUR IND COM NAV INT"
accept-ranges
bytes
content-type
application/javascript
content-length
42598
service-worker-allowed
/public/
20000183344188.svg
www.tiaa.org/public/images/334/4188/
3 KB
1 KB
Image
General
Full URL
https://www.tiaa.org/public/images/334/4188/20000183344188.svg
Requested by
Host: publictools.tiaa-cref.org
URL: https://publictools.tiaa-cref.org/idp/startSSO.ping?PartnerSpId=Cornerstone
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.117.207.26 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-117-207-26.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
9bfa08b9d1f8c51f6337ae3f979cec4b36aa88cdb444a1e2363fc429a257db9b

Request headers

Referer
https://publictools.tiaa-cref.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 29 Jul 2021 16:27:53 GMT
content-encoding
gzip
last-modified
Fri, 23 Jul 2021 14:51:14 GMT
etag
"c09-5c7cb8900686a"
vary
Accept-Encoding
p3p
CP="ALL DSP COR CUR ADM TAI OUR IND COM NAV INT"
accept-ranges
bytes
content-type
image/svg+xml
content-length
1116
service-worker-allowed
/public/
icon-nav-search.png
www.tiaa.org/public/ui/shared-components/images/
2 KB
2 KB
Image
General
Full URL
https://www.tiaa.org/public/ui/shared-components/images/icon-nav-search.png
Requested by
Host: publictools.tiaa-cref.org
URL: https://publictools.tiaa-cref.org/idp/startSSO.ping?PartnerSpId=Cornerstone
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.117.207.26 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-117-207-26.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
cc2defe7428131bfd8cebada43c3f88d4f9261f04a10e706fa3c885610a0bbfa

Request headers

Referer
https://publictools.tiaa-cref.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 29 Jul 2021 16:27:53 GMT
last-modified
Sun, 11 Mar 2018 11:06:09 GMT
etag
"6ca-567210335ea40"
p3p
CP="ALL DSP COR CUR ADM TAI OUR IND COM NAV INT"
accept-ranges
bytes
content-type
image/png
content-length
1738
service-worker-allowed
/public/
logo.svg
www.tiaa.org/public/ui/shared-components/images/
2 KB
1 KB
Image
General
Full URL
https://www.tiaa.org/public/ui/shared-components/images/logo.svg
Requested by
Host: publictools.tiaa-cref.org
URL: https://publictools.tiaa-cref.org/idp/startSSO.ping?PartnerSpId=Cornerstone
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.117.207.26 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-117-207-26.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
bd796e21c6e305065b0c34a808be2ec6383bb0fe32eefac728d444442a422aad

Request headers

Referer
https://publictools.tiaa-cref.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 29 Jul 2021 16:27:53 GMT
content-encoding
gzip
last-modified
Wed, 21 Jul 2021 00:23:12 GMT
etag
"97d-5c7972cf81c00"
vary
Accept-Encoding
p3p
CP="ALL DSP COR CUR ADM TAI OUR IND COM NAV INT"
accept-ranges
bytes
content-type
image/svg+xml
content-length
1001
service-worker-allowed
/public/
tiaa-footer.min.js
www.tiaa.org/public/ui/shared-components/js/
560 KB
153 KB
Script
General
Full URL
https://www.tiaa.org/public/ui/shared-components/js/tiaa-footer.min.js
Requested by
Host: publictools.tiaa-cref.org
URL: https://publictools.tiaa-cref.org/idp/startSSO.ping?PartnerSpId=Cornerstone
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.117.207.26 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-117-207-26.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
80fc2f0d9c307b5cc0439ae0bc77463fc2bcffef390543ef5ebe5d07b16f3244

Request headers

Referer
https://publictools.tiaa-cref.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-edgeconnect-origin-mex-latency
459
date
Thu, 29 Jul 2021 16:27:53 GMT
content-encoding
gzip
last-modified
Wed, 21 Jul 2021 00:23:12 GMT
x-edgeconnect-midmile-rtt
0
etag
"8bea3-5c7972cf81c00"
vary
Accept-Encoding
p3p
CP="ALL DSP COR CUR ADM TAI OUR IND COM NAV INT"
accept-ranges
bytes
content-type
application/javascript
content-length
156095
service-worker-allowed
/public/
tiaa-global-print.css
www.tiaa.org/public/ui/shared-components/css/
19 KB
4 KB
Stylesheet
General
Full URL
https://www.tiaa.org/public/ui/shared-components/css/tiaa-global-print.css
Requested by
Host: publictools.tiaa-cref.org
URL: https://publictools.tiaa-cref.org/idp/startSSO.ping?PartnerSpId=Cornerstone
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.117.207.26 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-117-207-26.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
11e89fae565177fb43c74ad842a3f3376cdaef33e642217c90755eb5bb44cb4f

Request headers

Referer
https://publictools.tiaa-cref.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-edgeconnect-origin-mex-latency
461, 461
date
Thu, 29 Jul 2021 16:27:53 GMT
content-encoding
gzip
last-modified
Wed, 21 Jul 2021 00:23:12 GMT
x-edgeconnect-midmile-rtt
0, 3
etag
"4d4f-5c7972cf81c00"
vary
Accept-Encoding
p3p
CP="ALL DSP COR CUR ADM TAI OUR IND COM NAV INT"
accept-ranges
bytes
content-type
text/css
content-length
3709
service-worker-allowed
/public/
tiaa-icon-font.ttf
www.tiaa.org/public/ui/shared-components/fonts/
16 KB
16 KB
Font
General
Full URL
https://www.tiaa.org/public/ui/shared-components/fonts/tiaa-icon-font.ttf?wmosbe
Requested by
Host: www.tiaa.org
URL: https://www.tiaa.org/public/ui/shared-components/css/tiaa-global.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.117.207.26 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-117-207-26.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
66f03932ca43cfdc4bf34cc163fb4cedeb8d79d1ac6dcc1bae3dee08e50bca3c

Request headers

Origin
https://publictools.tiaa-cref.org
Referer
https://www.tiaa.org/public/ui/shared-components/css/tiaa-global.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-edgeconnect-origin-mex-latency
450, 450, 450
date
Thu, 29 Jul 2021 16:27:53 GMT
last-modified
Wed, 21 Jul 2021 00:23:11 GMT
x-edgeconnect-midmile-rtt
0, 3, 0
etag
"3f1c-5c7972cf81c00:dtagent10217210531114014ef/b"
p3p
CP="ALL DSP COR CUR ADM TAI OUR IND COM NAV INT"
access-control-allow-origin
*
accept-ranges
bytes
content-type
application/font-sfnt
content-length
16156
service-worker-allowed
/public/
84083fa0-6a9d-40f7-806f-63add8cde800.woff2
www.tiaa.org/public/ui/shared-components/fonts/
31 KB
31 KB
Font
General
Full URL
https://www.tiaa.org/public/ui/shared-components/fonts/84083fa0-6a9d-40f7-806f-63add8cde800.woff2
Requested by
Host: www.tiaa.org
URL: https://www.tiaa.org/public/ui/shared-components/css/tiaa-global.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.117.207.26 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-117-207-26.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
178abb0bad55ac294e77e0e2a6841f5366cd97d9ab91fc659826a12188563230

Request headers

Origin
https://publictools.tiaa-cref.org
Referer
https://www.tiaa.org/public/ui/shared-components/css/tiaa-global.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-edgeconnect-origin-mex-latency
581, 581, 581
date
Thu, 29 Jul 2021 16:27:53 GMT
content-encoding
gzip
last-modified
Wed, 21 Jul 2021 00:23:11 GMT
x-edgeconnect-midmile-rtt
0, 3, 10
etag
"7b98-5c7972cf81c00:dtagent10217210531114014ef/b"
vary
Accept-Encoding
p3p
CP="ALL DSP COR CUR ADM TAI OUR IND COM NAV INT"
access-control-allow-origin
*
accept-ranges
bytes
content-length
31729
service-worker-allowed
/public/
285ba495-2172-479d-86ad-c20c8ee7ff3b-3.woff
www.tiaa.org/public/ui/shared-components/fonts/
30 KB
30 KB
Font
General
Full URL
https://www.tiaa.org/public/ui/shared-components/fonts/285ba495-2172-479d-86ad-c20c8ee7ff3b-3.woff
Requested by
Host: www.tiaa.org
URL: https://www.tiaa.org/public/ui/shared-components/css/tiaa-global.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.117.207.26 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-117-207-26.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
c35b1d0cf5b5f84d82973e9c229c84dcc384865c74ce31923b5cf3d6ada26285

Request headers

Origin
https://publictools.tiaa-cref.org
Referer
https://www.tiaa.org/public/ui/shared-components/css/tiaa-global.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-edgeconnect-origin-mex-latency
448
date
Thu, 29 Jul 2021 16:27:53 GMT
last-modified
Wed, 21 Jul 2021 00:23:11 GMT
x-edgeconnect-midmile-rtt
3
etag
"772b-5c7972cf81c00:dtagent10217210531114014ef/b"
p3p
CP="ALL DSP COR CUR ADM TAI OUR IND COM NAV INT"
access-control-allow-origin
*
accept-ranges
bytes
content-type
application/font-woff
content-length
30507
service-worker-allowed
/public/
ea7dcf5e-c101-46d3-a553-bb46f78ca7e4.woff2
www.tiaa.org/public/ui/shared-components/fonts/
17 KB
18 KB
Font
General
Full URL
https://www.tiaa.org/public/ui/shared-components/fonts/ea7dcf5e-c101-46d3-a553-bb46f78ca7e4.woff2
Requested by
Host: www.tiaa.org
URL: https://www.tiaa.org/public/ui/shared-components/css/tiaa-global.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.117.207.26 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-117-207-26.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
91dd0000398d3d82d837c493ce319541659d663aef2e382d99c128f683e11330

Request headers

Origin
https://publictools.tiaa-cref.org
Referer
https://www.tiaa.org/public/ui/shared-components/css/tiaa-global.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-edgeconnect-origin-mex-latency
567, 567
date
Thu, 29 Jul 2021 16:27:53 GMT
content-encoding
gzip
last-modified
Wed, 21 Jul 2021 00:23:11 GMT
x-edgeconnect-midmile-rtt
3, 3
etag
"4548-5c7972cf81c00:dtagent10217210531114014ef/b"
vary
Accept-Encoding
p3p
CP="ALL DSP COR CUR ADM TAI OUR IND COM NAV INT"
access-control-allow-origin
*
accept-ranges
bytes
content-length
17844
service-worker-allowed
/public/
LyonTextWeb-Regular.woff2
www.tiaa.org/public/ui/shared-components/fonts/
48 KB
49 KB
Font
General
Full URL
https://www.tiaa.org/public/ui/shared-components/fonts/LyonTextWeb-Regular.woff2
Requested by
Host: www.tiaa.org
URL: https://www.tiaa.org/public/ui/shared-components/css/tiaa-global.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.117.207.26 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-117-207-26.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
22a72c49d58b2c6bd78b290079203116c9f248f5e25a13f8ed89fb218da7e7a2

Request headers

Origin
https://publictools.tiaa-cref.org
Referer
https://www.tiaa.org/public/ui/shared-components/css/tiaa-global.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 29 Jul 2021 16:27:53 GMT
content-encoding
gzip
last-modified
Wed, 21 Jul 2021 00:23:11 GMT
etag
"c1dc-5c7972cf81c00:dtagent10217210531114014ef/b"
vary
Accept-Encoding
p3p
CP="ALL DSP COR CUR ADM TAI OUR IND COM NAV INT"
access-control-allow-origin
*
accept-ranges
bytes
content-length
49760
service-worker-allowed
/public/

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: TIAA (Financial)

34 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated object| google_tag_data function| ga object| gaplugins object| s_4_Integrate_DFA_get_0 function| FWBind object| html5 object| Modernizr function| $ function| jQuery function| picturefill object| lazySizesConfig object| lazySizes function| BOOMR_check_doc_domain object| BOOMR boolean| BOOMR_log function| EventEmitter2 boolean| googlemap_flag object| tiaa object| F2_instance object| F2 object| globalEvents string| value boolean| _loaded

0 Cookies