ttdc.ge
Open in
urlscan Pro
78.46.102.215
Malicious Activity!
Public Scan
Submission: On July 08 via automatic, source openphish
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on May 1st 2019. Valid for: 3 months.
This is the only time ttdc.ge was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: GoDaddy (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 78.46.102.215 78.46.102.215 | 24940 (HETZNER-AS) (HETZNER-AS) | |
13 | 2.20.21.198 2.20.21.198 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
2 | 95.101.45.84 95.101.45.84 | 16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies) | |
1 | 151.101.14.110 151.101.14.110 | 54113 (FASTLY) (FASTLY - Fastly) | |
1 4 | 23.8.8.215 23.8.8.215 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 162.247.242.21 162.247.242.21 | 23467 (NEWRELIC-...) (NEWRELIC-AS-1 - New Relic) | |
21 | 7 |
ASN20940 (AKAMAI-ASN1, US)
PTR: a2-20-21-198.deploy.static.akamaitechnologies.com
img1.wsimg.com |
ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a95-101-45-84.deploy.static.akamaitechnologies.com
api-godaddy.nd.nudatasecurity.com |
ASN20940 (AKAMAI-ASN1, US)
PTR: a23-8-8-215.deploy.static.akamaitechnologies.com
events.secureserver.net |
ASN23467 (NEWRELIC-AS-1 - New Relic, US)
PTR: bam-9.nr-data.net
bam.nr-data.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
13 |
wsimg.com
img1.wsimg.com |
517 KB |
4 |
secureserver.net
1 redirects
events.secureserver.net |
3 KB |
2 |
nudatasecurity.com
api-godaddy.nd.nudatasecurity.com |
17 KB |
1 |
nr-data.net
bam.nr-data.net |
261 B |
1 |
newrelic.com
js-agent.newrelic.com |
9 KB |
1 |
ttdc.ge
ttdc.ge |
28 KB |
21 | 6 |
Domain | Requested by | |
---|---|---|
13 | img1.wsimg.com |
ttdc.ge
|
4 | events.secureserver.net | 1 redirects |
2 | api-godaddy.nd.nudatasecurity.com |
ttdc.ge
|
1 | bam.nr-data.net |
js-agent.newrelic.com
|
1 | js-agent.newrelic.com |
ttdc.ge
|
1 | ttdc.ge | |
21 | 6 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.godaddy.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
ttdc.ge cPanel, Inc. Certification Authority |
2019-05-01 - 2019-07-30 |
3 months | crt.sh |
*.wsimg.com Starfield Secure Certificate Authority - G2 |
2018-09-25 - 2020-09-25 |
2 years | crt.sh |
*.nd.nudatasecurity.com DigiCert SHA2 Secure Server CA |
2019-01-22 - 2020-04-22 |
a year | crt.sh |
f4.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3 |
2019-04-10 - 2020-03-21 |
a year | crt.sh |
*.secureserver.net Starfield Secure Certificate Authority - G2 |
2016-11-01 - 2019-11-01 |
3 years | crt.sh |
*.nr-data.net GeoTrust RSA CA 2018 |
2018-01-11 - 2020-03-17 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://ttdc.ge/wp-includes/js/www.godaddy.com.validation/godaddy/
Frame ID: 99B6469CA8B12BD4ADC1EF418776F8C3
Requests: 22 HTTP requests in this frame
Screenshot
Detected technologies
WordPress (CMS) ExpandDetected patterns
- script /\/wp-(?:content|includes)\//i
PHP (Programming Languages) Expand
Detected patterns
- script /\/wp-(?:content|includes)\//i
MySQL (Databases) Expand
Detected patterns
- script /\/wp-(?:content|includes)\//i
LiteSpeed (Web Servers) Expand
Detected patterns
- headers server /^LiteSpeed$/i
Page Statistics
2 Outgoing links
These are links going to different origins than the main page.
Title:
Search URL Search Domain Scan URL
Title: Privacy Policy
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 17- https://events.secureserver.net/image.aspx?timestamp=1562562300131&corrid=2125354547&event_type=page.request&page=%2Fwp-includes%2Fjs%2Fwww.godaddy.com.validation%2Fgodaddy&hw=2&browx=1600&browy=1200&resx=1600&resy=1200&cdepth=24&cv=3.6.83&hit_id=ae4622ae-8489-5f45-a542-22fcf3355325&referrer=&vs=visible&rand=965493758&sitename=ttdc.ge&location=https%3A%2F%2Fttdc.ge%2Fwp-includes%2Fjs%2Fwww.godaddy.com.validation%2Fgodaddy%2F&visitor_guid=cdb06bde-e3a2-53e6-b30e-091e48c940ef&environment_name=prod HTTP 302
- https://events.secureserver.net/image.aspx?timestamp=1562562300131&corrid=2125354547&event_type=page.request&page=%2Fwp-includes%2Fjs%2Fwww.godaddy.com.validation%2Fgodaddy&hw=2&browx=1600&browy=1200&resx=1600&resy=1200&cdepth=24&cv=3.6.83&hit_id=ae4622ae-8489-5f45-a542-22fcf3355325&referrer=&vs=visible&rand=965493758&sitename=ttdc.ge&location=https%3A%2F%2Fttdc.ge%2Fwp-includes%2Fjs%2Fwww.godaddy.com.validation%2Fgodaddy%2F&visitor_guid=cdb06bde-e3a2-53e6-b30e-091e48c940ef&environment_name=prod&CookieTest=1
21 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
ttdc.ge/wp-includes/js/www.godaddy.com.validation/godaddy/ |
120 KB 28 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
uxfont.woff2
img1.wsimg.com/ux/fonts/uxfont/1.4/ |
13 KB 13 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
uxfont-2.woff2
img1.wsimg.com/ux/fonts/uxfont/1.4/ |
28 KB 29 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Boing-Bold.woff2
img1.wsimg.com/ux/fonts/boing/1.0/ |
28 KB 28 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gdsherpa-bold.woff2
img1.wsimg.com/ux/fonts/sherpa/1.0/ |
25 KB 25 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gdsherpa-regular.woff2
img1.wsimg.com/ux/fonts/sherpa/1.0/ |
26 KB 26 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
api-godaddy.nd.nudatasecurity.com/2.2/w/w-158965/init/js/ |
482 B 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
api-godaddy.nd.nudatasecurity.com/2.2/w/w-158965/sync/js/ |
43 KB 15 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
nr-1123.min.js
js-agent.newrelic.com/ |
24 KB 9 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
uxcore2.min.css
img1.wsimg.com/wrhs/be3e97cdc2fca6bf051d3cf09d8c2819/ |
243 KB 39 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
utilityheader.min.css
img1.wsimg.com/wrhs/029679ad6891c17dd3b80292b2da7cce/ |
57 KB 12 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tcc.min.js
img1.wsimg.com/wrhs/73973f408f9cf9f15823cc736b592def/ |
94 KB 25 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
polyfill.min.js
img1.wsimg.com/poly/v3/ |
72 B 563 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vendor.min.js
img1.wsimg.com/wrhs/8cb36bd60ad5db1a5950fb0863a1627c/ |
221 KB 61 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
uxcore2.min.js
img1.wsimg.com/wrhs/251e75fec32f764d7b566fb589f7a9e0/ |
236 KB 60 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
utilityheader.min.js
img1.wsimg.com/wrhs/c1831e62e7d61d6aa00274c4f3e24288/ |
170 KB 42 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login-panel.js
img1.wsimg.com/auth/v1/static/2446/react/bundles/ |
458 KB 155 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
image.aspx
events.secureserver.net/ Redirect Chain
|
43 B 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
4549d38e45
bam.nr-data.net/1/ |
57 B 261 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
pageEvents.aspx
events.secureserver.net/ |
43 B 628 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
b.aspx
events.secureserver.net/ |
43 B 628 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: GoDaddy (Online)111 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask string| ndjsStaticVersion object| nslyyidtyi object| nslgf function| nsbopifkzi boolean| nsdwhx number| nsviymjoy number| nsbopifk object| nsbopi object| nsgukk object| nscav object| nsgukkebk object| nsviymjoyg object| nslyyidt boolean| nsfkgjo function| nslyyidty string| nscavjy object| nds object| nscavj number| numQueries object| returned string| version undefined| nslyyid string| nsdwhxu function| nslgfnpyxj string| nsviym string| nsviy function| nsviymjo string| nsfkgjoq function| nslgfn string| nsdwhxurq string| nsfkgjoqr function| nslgfnpyx object| nsdwhxur object| nsfkgj function| nsdwhxurqd function| nslgfnp function| nsguk function| ndwts function| nscavjyd function| nsfkg function| nsfkgjoqrf function| nslyy function| nsbop function| nslgfnpy function| nsviymj function| nsdwh function| nsbopif function| nscavjydj function| nsbopifkz function| nsgukkeb function| nsgukkebkh function| nscavjydje function| nstukyiv function| nsukswwaaw function| nstnag function| nstukyivz function| nsuksww function| nstuky function| nsabtnem function| ndwti function| nsejsn function| nsemfiievb function| nseyqly function| nstukyi function| nseyqlyrf function| nstnagvvl object| nsgukke function| nseyqlyr function| nstna function| ndoGetObjectKeys function| nsemfii function| nseyql boolean| nslyyi function| nsabtnemt function| HashUtil function| nsukswwa object| ndsapi object| NREUM object| newrelic function| __nr_require boolean| _tccPageReqFired object| _tccInternal object| _analyticsDataLayer object| _expDataLayer object| _trfq object| tcc object| babelHelpers object| ux object| React object| ReactDOM object| PropTypes object| ReactTransitionGroup object| UtilityHeader object| _gaDataLayer function| fire_virtual_page function| fire_virtual_event object| sso object| __core-js_shared__ object| core object| global object| System function| asap function| Observable function| setImmediate function| clearImmediate object| regeneratorRuntime boolean| _babelPolyfill function| iFrameResize3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.ttdc.ge/ | Name: visitor Value: vid=cdb06bde-e3a2-53e6-b30e-091e48c940ef |
|
.ttdc.ge/ | Name: fb_sessiontraffic Value: S_TOUCH=&pathway=cdb06bde-e3a2-53e6-b30e-091e48c940ef&V_DATE=&pc=0 |
|
.ttdc.ge/ | Name: pathway Value: cdb06bde-e3a2-53e6-b30e-091e48c940ef |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
api-godaddy.nd.nudatasecurity.com
bam.nr-data.net
events.secureserver.net
img1.wsimg.com
js-agent.newrelic.com
ttdc.ge
151.101.14.110
162.247.242.21
2.20.21.198
23.8.8.215
78.46.102.215
95.101.45.84
04adb0e2860fdd124a73368cc84dea289de7f635205de258c908a04ea96ff046
239edf05003538bea9651a772befc74fa34d79b23d2e30642e93589e498d8a0d
2ded7c7b8ce3c10842fb6d0527a098f2cde9e15f38cb7e723a04a2dbf55419d2
2ed3bfbad14aa95968f7c0ab2e2ad07a7aeb6f090d9d3e71f7a71b715e7583ff
316798ddb9d835066f727ac3af8969a5ca00adfe3b0042c0d8076bc5ab05567e
33c3bf91a25c2b7a355ab82043af5b30efd739892586c6fef51a740c1429265d
49f6c1034e3661e29c5de12d1c97e489565c7d55fec513c2668a57329367e082
4e729cb03aae3843f08d49b187de566cce586da0b384787cc304dbe43a713b70
5b0c3751ddb564021545312bf8a6af661483d8409e7e3e82fc4ee779b8236379
5f73c1085a148252ab29b22969537ec73f530db0a3261bc9b79f221f00d5db6e
6b69943f04073abc72d9377997e42af177a85330e0633822379b60f9f5b4c209
8a5947101f5caa7fd5a45d09881b7a4ac536e92612e5d0b0e09c4a16028b457c
94cdf5b7f868883de0e1248cd80b42dd84e3f38685f2b234747550c02190dc82
a976c28db56ea7a1e01ccb2b67f9ad923a0cfae8e0be17d0037b29ebb0e6c270
aaecd144d2b8763b2fa5c91f09778294363cef363c10504205f4203922644d11
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
bc7a88c4938b474aea4b89b595390ee55b2bdac4455337c90842b049f7b9d756
c411caa5ab9b692f195f2d450a95e7e4e93d9febaf78adf1636183a332b7204a
d99830821f7edcd8afb9046bbfe5feaf295118920bc5cdeba338fb8f3b06d179
ff2b18fa1e758d5d886fd13dba0187c707ac8c8c8cacbab8b8e80d2da6aa5782