www.godaddy-servicenow.com Open in urlscan Pro
67.207.88.110 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.godaddy-servicenow.com/
Submission: On November 27 via automatic, source certstream-suspicious (November 27th 2021, 5:27:18 am UTC) — Scanned from DE

Summary HTTP 12 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 5 IPs in 1 countries across 4 domains to perform 12 HTTP transactions. The main IP is 67.207.88.110, located in North Bergen, United States and belongs to DIGITALOCEAN-ASN, US. The main domain is www.godaddy-servicenow.com.
TLS certificate: Issued by R3 on November 27th 2021. Valid for: 3 months.

This is the only time www.godaddy-servicenow.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: GoDaddy (Online)

Domain & IP information

	IP Address	AS Autonomous System
1	67.207.88.110 67.207.88.110	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
6	65.9.71.34 65.9.71.34	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6810:135e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	13.35.253.122 13.35.253.122	16509 (AMAZON-02) (AMAZON-02)
2	143.204.207.64 143.204.207.64	16509 (AMAZON-02) (AMAZON-02)
12	5

1 67.207.88.110 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)

www.godaddy-servicenow.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 65.9.71.34 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-71-34.fra56.r.cloudfront.net

ok5static.oktacdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:135e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.35.253.122 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-35-253-122.fra6.r.cloudfront.net

ok2static.oktacdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 143.204.207.64 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-207-64.fra53.r.cloudfront.net

login.okta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	oktacdn.com ok5static.oktacdn.com ok2static.oktacdn.com	812 KB
2	okta.com login.okta.com	97 KB
1	cloudflare.com cdnjs.cloudflare.com	28 KB
1	godaddy-servicenow.com www.godaddy-servicenow.com	13 KB
12	4

	Domain	Requested by
6	ok5static.oktacdn.com	www.godaddy-servicenow.com ok5static.oktacdn.com
2	login.okta.com	www.godaddy-servicenow.com login.okta.com
2	ok2static.oktacdn.com	www.godaddy-servicenow.com
1	cdnjs.cloudflare.com	www.godaddy-servicenow.com
1	www.godaddy-servicenow.com
12	5

This site contains links to these domains. Also see Links.

Domain
godaddy.okta.com
www.okta.com

Subject Issuer	Validity	Valid
godaddy-servicenow.com R3	`2021-11-27` - `2022-02-25`	3 months	crt.sh
*.oktacdn.com DigiCert TLS RSA SHA256 2020 CA1	`2020-12-15` - `2022-01-15`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-09-21` - `2022-09-20`	a year	crt.sh
accounts.okta.com DigiCert TLS RSA SHA256 2020 CA1	`2021-06-24` - `2022-07-25`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://www.godaddy-servicenow.com/
Frame ID: 74A3ED870E8BB5C7A35B9BA9CBC8AC33
Requests: 10 HTTP requests in this frame

Frame: https://login.okta.com/discovery/iframe.html
Frame ID: 9D04C35956122E4A69EEA2890F7C2AFE
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

GoDaddy - Prod - Sign In

Page Statistics

12
Requests

100 %
HTTPS

20 %
IPv6

4
Domains

5
Subdomains

5
IPs

1
Countries

950 kB
Transfer

1179 kB
Size

0
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://godaddy.okta.com/help/login
Title: Help

Search URL Search Domain Scan URL

URL: http://www.okta.com/
Title: Okta

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
www.godaddy-servicenow.com/ 35 KB
13 KB 381ms
188ms Document
text/html 67.207.88.110
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://www.godaddy-servicenow.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.207.88.110 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 12ce4a5bd8334cf11a26b0bc98ac6da183c9fc117080608be5d2f218bc3db4f7

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 27 Nov 2021 05:27:12 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: public, max-age=43200
Etag: W/"1637801828.0-35739-1164183332"
Expires: Sat, 27 Nov 2021 17:27:12 GMT
Last-Modified: Thu, 25 Nov 2021 00:57:08 GMT
Content-Encoding: gzip

GET
H2 200 okta-sign-in.min.css
ok5static.oktacdn.com/assets/js/sdk/okta-signin-widget/4.1.3/css/ 187 KB
33 KB 63ms
9ms Stylesheet
text/css 65.9.71.34
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ok5static.oktacdn.com/assets/js/sdk/okta-signin-widget/4.1.3/css/okta-sign-in.min.css

Requested by

Host: www.godaddy-servicenow.com
URL: https://www.godaddy-servicenow.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.71.34 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-71-34.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

52bb469f7a29b2643914e7f930a2d8584fede9aa22c36602128309e9ef4957fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=315360000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.godaddy-servicenow.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 22:32:59 GMT
content-encoding: gzip
vary: Accept-Encoding
age: 197653
x-cache: Hit from cloudfront
access-control-allow-origin: *
last-modified: Wed, 01 Jul 2020 00:44:05 GMT
server: nginx
etag: W/"e87be396456eb9272a1dbc79a02b7ee1"
strict-transport-security: max-age=315360000; includeSubDomains
content-type: text/css
via: 1.1 c2b4a332b09677da722930ae336c8bfc.cloudfront.net (CloudFront)
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
public-key-pins-report-only: pin-sha256="r5EfzZxQVvQpKo3AgYRaT7X2bDO/kj3ACwmxfdT2zt8="; pin-sha256="MaqlcUgk2mvY/RFSGeSwBRkI+rZ6/dxe/DuQfBT/vnQ="; pin-sha256="72G5IEvDEWn+EThf3qjR7/bQSWaS2ZSLqolhnO6iyJI="; pin-sha256="rrV6CLCCvqnk89gWibYT0JO6fNQ8cCit7GGoiVTjCOg="; max-age=60; report-uri="https://okta.report-uri.com/r/default/hpkp/reportOnly"
x-amz-cf-pop: FRA56-C1
x-amz-cf-id: lXkjRl599MC5T6HvQKpcm7Dg408K7o3w-iJsmHYJeWCtIvNcZ0JYAw==
expires: Thu, 24 Nov 2022 22:32:59 GMT

GET
H2 200 loginpage-theme.7138a0eb969c6a25c2d39004ad54df8a.css
ok5static.oktacdn.com/assets/loginpage/css/ 2 KB
2 KB 61ms
8ms Stylesheet
text/css 65.9.71.34
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ok5static.oktacdn.com/assets/loginpage/css/loginpage-theme.7138a0eb969c6a25c2d39004ad54df8a.css

Requested by

Host: www.godaddy-servicenow.com
URL: https://www.godaddy-servicenow.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.71.34 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-71-34.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

f785f5556c21cf194c575f6e70688fdf527de0efdba9aed9c004f2f40010b2b3

Security Headers

Name	Value
Strict-Transport-Security	max-age=315360000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.godaddy-servicenow.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 22:32:59 GMT
content-encoding: gzip
vary: Accept-Encoding
age: 197653
x-cache: Hit from cloudfront
access-control-allow-origin: *
last-modified: Tue, 12 Nov 2019 22:04:49 GMT
server: nginx
etag: W/"7138a0eb969c6a25c2d39004ad54df8a"
strict-transport-security: max-age=315360000; includeSubDomains
content-type: text/css
via: 1.1 c2b4a332b09677da722930ae336c8bfc.cloudfront.net (CloudFront)
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
public-key-pins-report-only: pin-sha256="r5EfzZxQVvQpKo3AgYRaT7X2bDO/kj3ACwmxfdT2zt8="; pin-sha256="MaqlcUgk2mvY/RFSGeSwBRkI+rZ6/dxe/DuQfBT/vnQ="; pin-sha256="72G5IEvDEWn+EThf3qjR7/bQSWaS2ZSLqolhnO6iyJI="; pin-sha256="rrV6CLCCvqnk89gWibYT0JO6fNQ8cCit7GGoiVTjCOg="; max-age=60; report-uri="https://okta.report-uri.com/r/default/hpkp/reportOnly"
x-amz-cf-pop: FRA56-C1
x-amz-cf-id: Q5HvKLGVQhO1kLptmRaC_UqCwpFuQf9s4l5SwCygLSuRBT_eqxkReQ==
expires: Thu, 24 Nov 2022 22:32:59 GMT

GET
H2 200 jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/ 87 KB
28 KB 31ms
13ms Script
application/javascript 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js

Requested by

Host: www.godaddy-servicenow.com
URL: https://www.godaddy-servicenow.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.godaddy-servicenow.com/
Origin: https://www.godaddy-servicenow.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 27 Nov 2021 05:27:12 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1320846
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 27958
timing-allow-origin: *
last-modified: Mon, 04 May 2020 23:01:39 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb09ed3-15d84"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wNoU26VTmjIYsuB9lb8ytGU92tfPUkJU7RTAqpKkngmZsZ7Aw3wokqfegwZRP4q52Qh6%2BJy59pw8FfMSi7WkBoqoXKDUz%2BFnPVZRcdC4XhxY1mcwuDIBuGPra5NoGNXCRMNpXxrSDeMNIZxM%2B1qx%2By39"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6b48f22ef88d68f8-FRA
expires: Thu, 17 Nov 2022 05:27:12 GMT

GET
H2 200 fs0nsswd3jjSr8CIv0x7
ok2static.oktacdn.com/fs/bco/1/ 4 KB
4 KB 45ms
9ms Image
image/png 13.35.253.122
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ok2static.oktacdn.com/fs/bco/1/fs0nsswd3jjSr8CIv0x7

Requested by

Host: www.godaddy-servicenow.com
URL: https://www.godaddy-servicenow.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.35.253.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-35-253-122.fra6.r.cloudfront.net

Software

nginx /

Resource Hash

cf497593e5a8aa92eabe9c4f37151802ca00f6b1039a73732a50b994c722d107

Security Headers

Name	Value
Strict-Transport-Security	max-age=315360000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.godaddy-servicenow.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=315360000; includeSubDomains
via: 1.1 d07eabeb1ed60c06da1457f35fb5c8c5.cloudfront.net (CloudFront)
etag: "c61925698cae7c1d4bc72bb9ebbace3b"
age: 86241
x-cache: Hit from cloudfront
content-length: 3726
last-modified: Wed, 15 Jan 2020 18:28:47 GMT
server: nginx
date: Fri, 26 Nov 2021 05:29:51 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
public-key-pins-report-only: pin-sha256="r5EfzZxQVvQpKo3AgYRaT7X2bDO/kj3ACwmxfdT2zt8="; pin-sha256="MaqlcUgk2mvY/RFSGeSwBRkI+rZ6/dxe/DuQfBT/vnQ="; pin-sha256="72G5IEvDEWn+EThf3qjR7/bQSWaS2ZSLqolhnO6iyJI="; pin-sha256="rrV6CLCCvqnk89gWibYT0JO6fNQ8cCit7GGoiVTjCOg="; max-age=60; report-uri="https://okta.report-uri.com/r/default/hpkp/reportOnly"
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
x-amz-cf-id: oV26-ecTBnGuuNLuMxX6aU3mrikS1TWc_2n9P-qxlHFFC4zstEp2ZQ==
expires: Sat, 26 Nov 2022 05:29:51 GMT

GET
H2 200 fs0rkn3rsiBb6Jojt0x7
ok2static.oktacdn.com/fs/bco/7/ 720 KB
722 KB 26ms
8ms Image
image/jpeg 13.35.253.122
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ok2static.oktacdn.com/fs/bco/7/fs0rkn3rsiBb6Jojt0x7

Requested by

Host: www.godaddy-servicenow.com
URL: https://www.godaddy-servicenow.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.35.253.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-35-253-122.fra6.r.cloudfront.net

Software

nginx /

Resource Hash

fd9902e60554d44f8f1e9e3b18a5b827a231fdbde415c02f91e7506e7ded1658

Security Headers

Name	Value
Strict-Transport-Security	max-age=315360000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.godaddy-servicenow.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 20:09:19 GMT
via: 1.1 d07eabeb1ed60c06da1457f35fb5c8c5.cloudfront.net (CloudFront)
age: 1243073
x-cache: Hit from cloudfront
content-length: 737641
last-modified: Wed, 19 May 2021 14:03:29 GMT
server: nginx
etag: "aa3311d60e169a146bac95ff9766114c"
strict-transport-security: max-age=315360000; includeSubDomains
public-key-pins-report-only: pin-sha256="r5EfzZxQVvQpKo3AgYRaT7X2bDO/kj3ACwmxfdT2zt8="; pin-sha256="MaqlcUgk2mvY/RFSGeSwBRkI+rZ6/dxe/DuQfBT/vnQ="; pin-sha256="72G5IEvDEWn+EThf3qjR7/bQSWaS2ZSLqolhnO6iyJI="; pin-sha256="rrV6CLCCvqnk89gWibYT0JO6fNQ8cCit7GGoiVTjCOg="; max-age=60; report-uri="https://okta.report-uri.com/r/default/hpkp/reportOnly"
access-control-allow-origin: *
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
content-type: image/jpeg
x-amz-cf-id: -uVnRuycYfgA-E-fpcE_rTAY_ivXR16TYvRSsaRxsxAKTJ9pD0Es4w==
expires: Sat, 12 Nov 2022 20:09:19 GMT

GET
H2 200 default.png
ok5static.oktacdn.com/assets/js/sdk/okta-signin-widget/4.1.3/img/security/ 2 KB
3 KB 8ms
7ms Image
image/png 65.9.71.34
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ok5static.oktacdn.com/assets/js/sdk/okta-signin-widget/4.1.3/img/security/default.png

Requested by

Host: ok5static.oktacdn.com
URL: https://ok5static.oktacdn.com/assets/js/sdk/okta-signin-widget/4.1.3/css/okta-sign-in.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.71.34 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-71-34.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

da75c3f3ce27c081541dfb59edd7e756fefe054a9e0e976356c4b0d3778bb434

Security Headers

Name	Value
Strict-Transport-Security	max-age=315360000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ok5static.oktacdn.com/assets/js/sdk/okta-signin-widget/4.1.3/css/okta-sign-in.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 22:33:00 GMT
via: 1.1 c2b4a332b09677da722930ae336c8bfc.cloudfront.net (CloudFront)
age: 197652
x-cache: Hit from cloudfront
content-length: 1800
last-modified: Wed, 01 Jul 2020 00:44:13 GMT
server: nginx
etag: "04eeeba5b3538c4524d8e6828ba2c405"
strict-transport-security: max-age=315360000; includeSubDomains
public-key-pins-report-only: pin-sha256="r5EfzZxQVvQpKo3AgYRaT7X2bDO/kj3ACwmxfdT2zt8="; pin-sha256="MaqlcUgk2mvY/RFSGeSwBRkI+rZ6/dxe/DuQfBT/vnQ="; pin-sha256="72G5IEvDEWn+EThf3qjR7/bQSWaS2ZSLqolhnO6iyJI="; pin-sha256="rrV6CLCCvqnk89gWibYT0JO6fNQ8cCit7GGoiVTjCOg="; max-age=60; report-uri="https://okta.report-uri.com/r/default/hpkp/reportOnly"
access-control-allow-origin: *
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
x-amz-cf-pop: FRA56-C1
accept-ranges: bytes
content-type: image/png
x-amz-cf-id: YD7QSgw2aObN5_K1d0fVvFqE8a0_CGOEM-kvHxsk6j4WM2PmBcX_Lw==
expires: Thu, 24 Nov 2022 22:33:00 GMT

GET
H2 200 checkbox-sign-in-widget.png
ok5static.oktacdn.com/assets/js/sdk/okta-signin-widget/4.1.3/img/ui/forms/ 3 KB
4 KB 8ms
8ms Image
image/png 65.9.71.34
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ok5static.oktacdn.com/assets/js/sdk/okta-signin-widget/4.1.3/img/ui/forms/checkbox-sign-in-widget.png

Requested by

Host: ok5static.oktacdn.com
URL: https://ok5static.oktacdn.com/assets/js/sdk/okta-signin-widget/4.1.3/css/okta-sign-in.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.71.34 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-71-34.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

40810b0318131f9ba52c83a17e633a0ac476ade66ea8a914d6c4980571397665

Security Headers

Name	Value
Strict-Transport-Security	max-age=315360000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ok5static.oktacdn.com/assets/js/sdk/okta-signin-widget/4.1.3/css/okta-sign-in.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 22:32:59 GMT
via: 1.1 c2b4a332b09677da722930ae336c8bfc.cloudfront.net (CloudFront)
age: 197652
x-cache: Hit from cloudfront
content-length: 3141
last-modified: Wed, 01 Jul 2020 00:44:13 GMT
server: nginx
etag: "7846b2f8c6d0a7ca69fdd3d3c294e92d"
strict-transport-security: max-age=315360000; includeSubDomains
public-key-pins-report-only: pin-sha256="r5EfzZxQVvQpKo3AgYRaT7X2bDO/kj3ACwmxfdT2zt8="; pin-sha256="MaqlcUgk2mvY/RFSGeSwBRkI+rZ6/dxe/DuQfBT/vnQ="; pin-sha256="72G5IEvDEWn+EThf3qjR7/bQSWaS2ZSLqolhnO6iyJI="; pin-sha256="rrV6CLCCvqnk89gWibYT0JO6fNQ8cCit7GGoiVTjCOg="; max-age=60; report-uri="https://okta.report-uri.com/r/default/hpkp/reportOnly"
access-control-allow-origin: *
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
x-amz-cf-pop: FRA56-C1
accept-ranges: bytes
content-type: image/png
x-amz-cf-id: fKIErSg2DhZ1X4lFgRI9B7qUAVbpqHC-P8ZNj-ozOzPiXG4mOT2HUw==
expires: Thu, 24 Nov 2022 22:32:59 GMT

GET
H2 200 montserrat-light-webfont.woff
ok5static.oktacdn.com/assets/js/sdk/okta-signin-widget/4.1.3/font/ 22 KB
22 KB 26ms
7ms Font
application/font-woff 65.9.71.34
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ok5static.oktacdn.com/assets/js/sdk/okta-signin-widget/4.1.3/font/montserrat-light-webfont.woff

Requested by

Host: ok5static.oktacdn.com
URL: https://ok5static.oktacdn.com/assets/js/sdk/okta-signin-widget/4.1.3/css/okta-sign-in.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.71.34 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-71-34.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

feb177fb563f478cb8ecade71caea5df5ad318ca161c71875114e504ce304ace

Security Headers

Name	Value
Strict-Transport-Security	max-age=315360000; includeSubDomains

Request headers

Referer: https://ok5static.oktacdn.com/assets/js/sdk/okta-signin-widget/4.1.3/css/okta-sign-in.min.css
Origin: https://www.godaddy-servicenow.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 22:33:02 GMT
via: 1.1 cae542650fb32c773cc494fc6e7e71e7.cloudfront.net (CloudFront)
age: 197650
x-cache: Hit from cloudfront
content-length: 22112
last-modified: Wed, 01 Jul 2020 00:44:27 GMT
server: nginx
etag: "6225f3ca44b83090833064727a09cc95"
strict-transport-security: max-age=315360000; includeSubDomains
public-key-pins-report-only: pin-sha256="r5EfzZxQVvQpKo3AgYRaT7X2bDO/kj3ACwmxfdT2zt8="; pin-sha256="MaqlcUgk2mvY/RFSGeSwBRkI+rZ6/dxe/DuQfBT/vnQ="; pin-sha256="72G5IEvDEWn+EThf3qjR7/bQSWaS2ZSLqolhnO6iyJI="; pin-sha256="rrV6CLCCvqnk89gWibYT0JO6fNQ8cCit7GGoiVTjCOg="; max-age=60; report-uri="https://okta.report-uri.com/r/default/hpkp/reportOnly"
access-control-allow-origin: *
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
x-amz-cf-pop: FRA56-C1
accept-ranges: bytes
content-type: application/font-woff
x-amz-cf-id: 0hiNTEWczNPEAZdxzgz32TxMA4ldIRPqWDtIJ7KkLDMRYh53Arz86w==
expires: Thu, 24 Nov 2022 22:33:02 GMT

GET
H2 200 montserrat-regular-webfont.woff
ok5static.oktacdn.com/assets/js/sdk/okta-signin-widget/4.1.3/font/ 21 KB
22 KB 23ms
8ms Font
application/font-woff 65.9.71.34
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ok5static.oktacdn.com/assets/js/sdk/okta-signin-widget/4.1.3/font/montserrat-regular-webfont.woff

Requested by

Host: ok5static.oktacdn.com
URL: https://ok5static.oktacdn.com/assets/js/sdk/okta-signin-widget/4.1.3/css/okta-sign-in.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.71.34 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-71-34.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

1d5325892ecf2dc3abd0caf2a1ef4eabf2477e2937c9a372760fd2acae8fddf3

Security Headers

Name	Value
Strict-Transport-Security	max-age=315360000; includeSubDomains

Request headers

Referer: https://ok5static.oktacdn.com/assets/js/sdk/okta-signin-widget/4.1.3/css/okta-sign-in.min.css
Origin: https://www.godaddy-servicenow.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 22:33:01 GMT
via: 1.1 cae542650fb32c773cc494fc6e7e71e7.cloudfront.net (CloudFront)
age: 197650
x-cache: Hit from cloudfront
content-length: 21980
last-modified: Wed, 01 Jul 2020 00:44:27 GMT
server: nginx
etag: "8f2822b73b5f9c106c6f2e0db820bcbb"
strict-transport-security: max-age=315360000; includeSubDomains
public-key-pins-report-only: pin-sha256="r5EfzZxQVvQpKo3AgYRaT7X2bDO/kj3ACwmxfdT2zt8="; pin-sha256="MaqlcUgk2mvY/RFSGeSwBRkI+rZ6/dxe/DuQfBT/vnQ="; pin-sha256="72G5IEvDEWn+EThf3qjR7/bQSWaS2ZSLqolhnO6iyJI="; pin-sha256="rrV6CLCCvqnk89gWibYT0JO6fNQ8cCit7GGoiVTjCOg="; max-age=60; report-uri="https://okta.report-uri.com/r/default/hpkp/reportOnly"
access-control-allow-origin: *
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
x-amz-cf-pop: FRA56-C1
accept-ranges: bytes
content-type: application/font-woff
x-amz-cf-id: VMXzk6gupLU-vyFPczUXNjSi5lpBZpofnjoP8tF53SFd8XTVsBoK6Q==
expires: Thu, 24 Nov 2022 22:33:01 GMT

GET
H/1.1 200
OK iframe.html Show response
login.okta.com/discovery/ Frame 9D04 546 B
986 B 67ms
7ms Document
text/html 143.204.207.64
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://login.okta.com/discovery/iframe.html
Requested by: Host: www.godaddy-servicenow.com
URL: https://www.godaddy-servicenow.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.207.64 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-207-64.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c71558cf94e0875c93b552d52dd5974ae4697ba14e5a8d7c3694247a291ca9b8

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.godaddy-servicenow.com/

Response headers

Content-Type: text/html
Content-Length: 546
Connection: keep-alive
Last-Modified: Thu, 18 Nov 2021 00:22:24 GMT
Server: AmazonS3
Date: Fri, 26 Nov 2021 23:43:59 GMT
ETag: "718a4c5e710186377bad84fea3c1ebec"
X-Cache: Hit from cloudfront
Via: 1.1 89cb19c6f2c9ed0983294d3b12e80e43.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA53-C1
X-Amz-Cf-Id: GKLFW4e78BppeAE-xBxiZuBI5eZN3rasxZ7JqsBDxPnDY300njdEOw==
Age: 20594

GET
H/1.1 200
OK discoveryIframe-82e613074a3700abe11a.min.js Show response
login.okta.com/lib/ Frame 9D04 96 KB
96 KB 8ms
7ms Script
application/javascript 143.204.207.64
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://login.okta.com/lib/discoveryIframe-82e613074a3700abe11a.min.js
Requested by: Host: login.okta.com
URL: https://login.okta.com/discovery/iframe.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.207.64 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-207-64.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5a3a868536ab7e98bd8ad3a179bbd79c6a71320fdab54dc920fc7b90386320bd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://login.okta.com/discovery/iframe.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Fri, 26 Nov 2021 19:06:17 GMT
Via: 1.1 89cb19c6f2c9ed0983294d3b12e80e43.cloudfront.net (CloudFront)
Last-Modified: Thu, 18 Nov 2021 00:22:25 GMT
Server: AmazonS3
Age: 37261
ETag: "2cd7262e97657040dfc71944325790e6"
X-Cache: Hit from cloudfront
Content-Type: application/javascript
Connection: keep-alive
X-Amz-Cf-Pop: FRA53-C1
Content-Length: 97948
X-Amz-Cf-Id: 0JFd2Lsats5ly8-C9PsQZeNi0jXu4xBJ8air43qhnoWQN1H09zzeHg==

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: GoDaddy (Online)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdnjs.cloudflare.com
login.okta.com
ok2static.oktacdn.com
ok5static.oktacdn.com
www.godaddy-servicenow.com
13.35.253.122
143.204.207.64
2606:4700::6810:135e
65.9.71.34
67.207.88.110
12ce4a5bd8334cf11a26b0bc98ac6da183c9fc117080608be5d2f218bc3db4f7
1d5325892ecf2dc3abd0caf2a1ef4eabf2477e2937c9a372760fd2acae8fddf3
40810b0318131f9ba52c83a17e633a0ac476ade66ea8a914d6c4980571397665
52bb469f7a29b2643914e7f930a2d8584fede9aa22c36602128309e9ef4957fe
5a3a868536ab7e98bd8ad3a179bbd79c6a71320fdab54dc920fc7b90386320bd
c71558cf94e0875c93b552d52dd5974ae4697ba14e5a8d7c3694247a291ca9b8
cf497593e5a8aa92eabe9c4f37151802ca00f6b1039a73732a50b994c722d107
da75c3f3ce27c081541dfb59edd7e756fefe054a9e0e976356c4b0d3778bb434
f785f5556c21cf194c575f6e70688fdf527de0efdba9aed9c004f2f40010b2b3
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
fd9902e60554d44f8f1e9e3b18a5b827a231fdbde415c02f91e7506e7ded1658
feb177fb563f478cb8ecade71caea5df5ad318ca161c71875114e504ce304ace

www.godaddy-servicenow.com Open in urlscan Pro 67.207.88.110 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

12 Requests

100 %HTTPS

20 %IPv6

4 Domains

5 Subdomains

5 IPs

1 Countries

950 kBTransfer

1179 kBSize

0 Cookies

2 Outgoing links

Redirected requests

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

9 JavaScript Global Variables

0 Cookies

Indicators

www.godaddy-servicenow.com Open in urlscan Pro
67.207.88.110 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

12
Requests

100 %
HTTPS

20 %
IPv6

4
Domains

5
Subdomains

5
IPs

1
Countries

950 kB
Transfer

1179 kB
Size

0
Cookies

12 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!