documentscert.email
Open in
urlscan Pro
198.54.125.171
Malicious Activity!
Public Scan
Submission: On December 05 via manual from IE
Summary
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on November 30th 2019. Valid for: a year.
This is the only time documentscert.email was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: GoDaddy (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
9 | 198.54.125.171 198.54.125.171 | 22612 (NAMECHEAP...) (NAMECHEAP-NET - Namecheap) | |
10 | 2.20.21.198 2.20.21.198 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 4 | 23.45.104.222 23.45.104.222 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
22 | 4 |
ASN22612 (NAMECHEAP-NET - Namecheap, Inc., US)
PTR: server261-3.web-hosting.com
documentscert.email |
ASN20940 (AKAMAI-ASN1, US)
PTR: a2-20-21-198.deploy.static.akamaitechnologies.com
img1.wsimg.com |
ASN20940 (AKAMAI-ASN1, US)
PTR: a23-45-104-222.deploy.static.akamaitechnologies.com
events.secureserver.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
wsimg.com
img1.wsimg.com |
303 KB |
9 |
documentscert.email
documentscert.email |
402 KB |
4 |
secureserver.net
1 redirects
events.secureserver.net |
3 KB |
22 | 3 |
Domain | Requested by | |
---|---|---|
10 | img1.wsimg.com |
documentscert.email
|
9 | documentscert.email |
documentscert.email
|
4 | events.secureserver.net |
1 redirects
documentscert.email
|
22 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.godaddy.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
documentscert.email Sectigo RSA Domain Validation Secure Server CA |
2019-11-30 - 2020-11-29 |
a year | crt.sh |
*.wsimg.com Starfield Secure Certificate Authority - G2 |
2018-09-25 - 2020-09-25 |
2 years | crt.sh |
*.secureserver.net Starfield Secure Certificate Authority - G2 |
2019-10-22 - 2021-10-22 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://documentscert.email/godaddy/
Frame ID: 077E87ACB2F8651BEFBCEDDDF2D98C42
Requests: 23 HTTP requests in this frame
2 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Title: Privacy Policy
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 13- https://events.secureserver.net/image.aspx?timestamp=1575539683692&corrid=540741468&event_type=page.request&page=%2Fgodaddy&hw=2&browx=1600&browy=1200&resx=1600&resy=1200&cdepth=24&cv=3.6.43&hit_id=412c59a3-ccff-5bb0-9556-30976ef75b1c&referrer=&vs=visible&rand=418347501&sitename=documentscert.email&visitor_guid=d05d268b-4500-533f-a5f8-75c69016cd38&page_url=https%3A%2F%2Fdocumentscert.email%2Fgodaddy%2F&environment_name=prod HTTP 302
- https://events.secureserver.net/image.aspx?timestamp=1575539683692&corrid=540741468&event_type=page.request&page=%2Fgodaddy&hw=2&browx=1600&browy=1200&resx=1600&resy=1200&cdepth=24&cv=3.6.43&hit_id=412c59a3-ccff-5bb0-9556-30976ef75b1c&referrer=&vs=visible&rand=418347501&sitename=documentscert.email&visitor_guid=d05d268b-4500-533f-a5f8-75c69016cd38&page_url=https%3A%2F%2Fdocumentscert.email%2Fgodaddy%2F&environment_name=prod&CookieTest=1
22 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
documentscert.email/godaddy/ |
98 KB 23 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
uxfont.woff2
img1.wsimg.com/ux/fonts/uxfont/1.4/ |
13 KB 13 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
uxfont-2.woff2
img1.wsimg.com/ux/fonts/uxfont/1.4/ |
28 KB 29 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Boing-Bold.woff2
img1.wsimg.com/ux/fonts/boing/1.0/ |
28 KB 28 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gdsherpa-bold.woff2
img1.wsimg.com/ux/fonts/sherpa/1.0/ |
25 KB 25 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gdsherpa-regular.woff2
img1.wsimg.com/ux/fonts/sherpa/1.0/ |
26 KB 26 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
uxcore2.css
documentscert.email/godaddy/index_files/ |
245 KB 37 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
utilityheader.css
documentscert.email/godaddy/index_files/ |
30 KB 8 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tcc.js
documentscert.email/godaddy/index_files/ |
89 KB 24 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
polyfill.js
documentscert.email/godaddy/index_files/ |
1 KB 686 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vendor.js
documentscert.email/godaddy/index_files/ |
208 KB 57 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
uxcore2.js
documentscert.email/godaddy/index_files/ |
234 KB 59 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
utilityheader.js
documentscert.email/godaddy/index_files/ |
164 KB 40 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login-panel.js
documentscert.email/godaddy/index_files/ |
446 KB 155 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
image.aspx
events.secureserver.net/ Redirect Chain
|
43 B 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tcc.min.js
img1.wsimg.com/wrhs-assets/ea64b4085c7bfad76b1465c699d51475/ |
89 KB 24 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
polyfill.min.js
img1.wsimg.com/poly/v2/ |
222 B 656 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vendor.min.js
img1.wsimg.com/wrhs-assets/07ff49f73fd6ce4ee12a346569fbf92e/ |
208 KB 58 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
uxcore2.min.js
img1.wsimg.com/wrhs-assets/60ba5f2afb5a6295fc83da1faa5da920/ |
234 KB 59 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
utilityheader.min.js
img1.wsimg.com/wrhs-assets/a441444ab751a5b4195d874cc29acbe1/ |
164 KB 40 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
b.aspx
events.secureserver.net/ |
43 B 640 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
pageEvents.aspx
events.secureserver.net/ |
43 B 640 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: GoDaddy (Online)30 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate boolean| _tccPageReqFired object| _tccInternal object| _analyticsDataLayer object| _expDataLayer object| _trfq object| tcc object| babelHelpers object| ux object| React object| ReactDOM object| PropTypes object| ReactTransitionGroup object| UtilityHeader object| _gaDataLayer function| fire_virtual_page function| fire_virtual_event object| sso object| __core-js_shared__ object| core object| global object| System function| asap function| Observable function| setImmediate function| clearImmediate object| regeneratorRuntime boolean| _babelPolyfill function| iFrameResize0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
documentscert.email
events.secureserver.net
img1.wsimg.com
198.54.125.171
2.20.21.198
23.45.104.222
141bc659999926e2ab965ab65b08b14de5f719919ab1bd66ff8331a7c4c5b6e5
2c65342c70d6d4776f938b7c77b7c23bef48ca040a277714912a0701b6dc8849
2ed3bfbad14aa95968f7c0ab2e2ad07a7aeb6f090d9d3e71f7a71b715e7583ff
316798ddb9d835066f727ac3af8969a5ca00adfe3b0042c0d8076bc5ab05567e
3a4f81bed00fdc8805daa141c63e028afcf1cd7976d7cb770aeaa80bae1a7e07
49f6c1034e3661e29c5de12d1c97e489565c7d55fec513c2668a57329367e082
4e729cb03aae3843f08d49b187de566cce586da0b384787cc304dbe43a713b70
5b148777bbfc5e30eec3d576f97e98987959597cf51f86ac4ed641a0bf0e042b
692251be1f314fd8c913af0772d47c5882189aed7300f8bb40cc73a7f9af9768
a976c28db56ea7a1e01ccb2b67f9ad923a0cfae8e0be17d0037b29ebb0e6c270
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
cad25a56214f7c5e2257ddde5d753a8bf670602c380f4aac96069b91d9ffeefa
cae897bdde94867960ad284a56b1631296eaceddf5710a2857127ca0aa2777d3
e3202572b8f9401cb142f5a5390d46c555972877b2b5efb6125b0cd60f7e0524
ea220ee7bf407833a92b004c75f284f7313f8bff65a52128adf0ea8981421def
ee9581e902a1c713fb058cce745cad969c58e0e738bb8137952f694ebb875af2
ff2b18fa1e758d5d886fd13dba0187c707ac8c8c8cacbab8b8e80d2da6aa5782