www.godaddy-servicenow.com
Open in
urlscan Pro
67.207.88.110
Malicious Activity!
Public Scan
Submission: On November 27 via automatic, source certstream-suspicious — Scanned from DE
Summary
TLS certificate: Issued by R3 on November 27th 2021. Valid for: 3 months.
This is the only time www.godaddy-servicenow.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: GoDaddy (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 67.207.88.110 67.207.88.110 | 14061 (DIGITALOC...) (DIGITALOCEAN-ASN) | |
6 | 65.9.71.34 65.9.71.34 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 2606:4700::68... 2606:4700::6810:135e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 13.35.253.122 13.35.253.122 | 16509 (AMAZON-02) (AMAZON-02) | |
2 | 143.204.207.64 143.204.207.64 | 16509 (AMAZON-02) (AMAZON-02) | |
12 | 5 |
ASN14061 (DIGITALOCEAN-ASN, US)
www.godaddy-servicenow.com |
ASN16509 (AMAZON-02, US)
PTR: server-65-9-71-34.fra56.r.cloudfront.net
ok5static.oktacdn.com |
ASN16509 (AMAZON-02, US)
PTR: server-13-35-253-122.fra6.r.cloudfront.net
ok2static.oktacdn.com |
ASN16509 (AMAZON-02, US)
PTR: server-143-204-207-64.fra53.r.cloudfront.net
login.okta.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
oktacdn.com
ok5static.oktacdn.com ok2static.oktacdn.com |
812 KB |
2 |
okta.com
login.okta.com |
97 KB |
1 |
cloudflare.com
cdnjs.cloudflare.com |
28 KB |
1 |
godaddy-servicenow.com
www.godaddy-servicenow.com |
13 KB |
12 | 4 |
Domain | Requested by | |
---|---|---|
6 | ok5static.oktacdn.com |
www.godaddy-servicenow.com
ok5static.oktacdn.com |
2 | login.okta.com |
www.godaddy-servicenow.com
login.okta.com |
2 | ok2static.oktacdn.com |
www.godaddy-servicenow.com
|
1 | cdnjs.cloudflare.com |
www.godaddy-servicenow.com
|
1 | www.godaddy-servicenow.com | |
12 | 5 |
This site contains links to these domains. Also see Links.
Domain |
---|
godaddy.okta.com |
www.okta.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
godaddy-servicenow.com R3 |
2021-11-27 - 2022-02-25 |
3 months | crt.sh |
*.oktacdn.com DigiCert TLS RSA SHA256 2020 CA1 |
2020-12-15 - 2022-01-15 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2021-09-21 - 2022-09-20 |
a year | crt.sh |
accounts.okta.com DigiCert TLS RSA SHA256 2020 CA1 |
2021-06-24 - 2022-07-25 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://www.godaddy-servicenow.com/
Frame ID: 74A3ED870E8BB5C7A35B9BA9CBC8AC33
Requests: 10 HTTP requests in this frame
Frame:
https://login.okta.com/discovery/iframe.html
Frame ID: 9D04C35956122E4A69EEA2890F7C2AFE
Requests: 2 HTTP requests in this frame
2 Outgoing links
These are links going to different origins than the main page.
Title: Help
Search URL Search Domain Scan URL
Title: Okta
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
www.godaddy-servicenow.com/ |
35 KB 13 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
okta-sign-in.min.css
ok5static.oktacdn.com/assets/js/sdk/okta-signin-widget/4.1.3/css/ |
187 KB 33 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
loginpage-theme.7138a0eb969c6a25c2d39004ad54df8a.css
ok5static.oktacdn.com/assets/loginpage/css/ |
2 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/ |
87 KB 28 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fs0nsswd3jjSr8CIv0x7
ok2static.oktacdn.com/fs/bco/1/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fs0rkn3rsiBb6Jojt0x7
ok2static.oktacdn.com/fs/bco/7/ |
720 KB 722 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
default.png
ok5static.oktacdn.com/assets/js/sdk/okta-signin-widget/4.1.3/img/security/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
checkbox-sign-in-widget.png
ok5static.oktacdn.com/assets/js/sdk/okta-signin-widget/4.1.3/img/ui/forms/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
montserrat-light-webfont.woff
ok5static.oktacdn.com/assets/js/sdk/okta-signin-widget/4.1.3/font/ |
22 KB 22 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
montserrat-regular-webfont.woff
ok5static.oktacdn.com/assets/js/sdk/okta-signin-widget/4.1.3/font/ |
21 KB 22 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
iframe.html
login.okta.com/discovery/ Frame 9D04 |
546 B 986 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
discoveryIframe-82e613074a3700abe11a.min.js
login.okta.com/lib/ Frame 9D04 |
96 KB 96 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: GoDaddy (Online)9 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler object| okta function| $ function| jQuery function| runLoginPage0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdnjs.cloudflare.com
login.okta.com
ok2static.oktacdn.com
ok5static.oktacdn.com
www.godaddy-servicenow.com
13.35.253.122
143.204.207.64
2606:4700::6810:135e
65.9.71.34
67.207.88.110
12ce4a5bd8334cf11a26b0bc98ac6da183c9fc117080608be5d2f218bc3db4f7
1d5325892ecf2dc3abd0caf2a1ef4eabf2477e2937c9a372760fd2acae8fddf3
40810b0318131f9ba52c83a17e633a0ac476ade66ea8a914d6c4980571397665
52bb469f7a29b2643914e7f930a2d8584fede9aa22c36602128309e9ef4957fe
5a3a868536ab7e98bd8ad3a179bbd79c6a71320fdab54dc920fc7b90386320bd
c71558cf94e0875c93b552d52dd5974ae4697ba14e5a8d7c3694247a291ca9b8
cf497593e5a8aa92eabe9c4f37151802ca00f6b1039a73732a50b994c722d107
da75c3f3ce27c081541dfb59edd7e756fefe054a9e0e976356c4b0d3778bb434
f785f5556c21cf194c575f6e70688fdf527de0efdba9aed9c004f2f40010b2b3
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
fd9902e60554d44f8f1e9e3b18a5b827a231fdbde415c02f91e7506e7ded1658
feb177fb563f478cb8ecade71caea5df5ad318ca161c71875114e504ce304ace