leadingt-d.co.za
Open in
urlscan Pro
196.220.60.200
Malicious Activity!
Public Scan
Submission Tags: @ipnigh
Submission: On April 29 via api from GB
Summary
This is the only time leadingt-d.co.za was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: GoDaddy (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
5 | 196.220.60.200 196.220.60.200 | 36943 (Gridhost) (Gridhost) | |
1 | 185.225.208.133 185.225.208.133 | 13213 (UK2NET-AS) (UK2NET-AS) | |
1 | 104.111.235.54 104.111.235.54 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
1 | 67.202.94.94 67.202.94.94 | 32748 (STEADFAST) (STEADFAST) | |
8 | 5 |
ASN36943 (Gridhost, ZA)
PTR: win20.wadns.net
leadingt-d.co.za |
ASN16625 (AKAMAI-AS, US)
PTR: a104-111-235-54.deploy.static.akamaitechnologies.com
img1.wsimg.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
leadingt-d.co.za
leadingt-d.co.za |
310 KB |
1 |
amung.us
whos.amung.us |
212 B |
1 |
wsimg.com
img1.wsimg.com |
28 KB |
1 |
waust.at
waust.at |
7 KB |
8 | 4 |
Domain | Requested by | |
---|---|---|
5 | leadingt-d.co.za |
leadingt-d.co.za
|
1 | whos.amung.us |
waust.at
|
1 | img1.wsimg.com |
leadingt-d.co.za
|
1 | waust.at |
leadingt-d.co.za
|
8 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.godaddy.com |
whos.amung.us |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.wsimg.com Starfield Secure Certificate Authority - G2 |
2018-09-25 - 2020-09-25 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
http://leadingt-d.co.za/Resources/GoDaddy/sso.godaddy.com/Sign_In.htm
Frame ID: F8B21D91AE3A3A2F2D390846EE08CDAD
Requests: 10 HTTP requests in this frame
Screenshot
Detected technologies
Windows Server (Operating Systems) ExpandDetected patterns
- headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i
IIS (Web Servers) Expand
Detected patterns
- headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i
React (JavaScript Frameworks) Expand
Detected patterns
- html /<[^>]+data-react/i
Page Statistics
2 Outgoing links
These are links going to different origins than the main page.
Title: Privacy Policy
Search URL Search Domain Scan URL
Title: 1
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
8 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
Sign_In.htm
leadingt-d.co.za/Resources/GoDaddy/sso.godaddy.com/ |
50 KB 33 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
uxcore2.css
leadingt-d.co.za/Resources/GoDaddy/sso.godaddy.com/SignIn_files/ |
141 KB 141 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
utilityheader.css
leadingt-d.co.za/Resources/GoDaddy/sso.godaddy.com/SignIn_files/ |
37 KB 38 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fb_f.png
leadingt-d.co.za/Resources/GoDaddy/sso.godaddy.com/SignIn_files/ |
969 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
d.js
waust.at/ |
13 KB 7 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
29 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bg.jpg
leadingt-d.co.za/Resources/GoDaddy/sso.godaddy.com/SignIn_files/ |
96 KB 96 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Boing-Bold.woff2
img1.wsimg.com/ux/fonts/boing/1.0/ |
28 KB 28 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
whos.amung.us/pingjs/ |
28 B 212 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: GoDaddy (Online)18 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate object| _wau string| wau_w_col string| wau_w_siz object| WAU_ren function| WAU_dynamic function| WAU_dynamic_request function| WAU_r_d function| WAU_insert function| WAU_la function| WAU_addCommas function| WAU_lrd function| WAU_cps function| docReady object| x string| x1 string| x20 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
img1.wsimg.com
leadingt-d.co.za
waust.at
whos.amung.us
104.111.235.54
185.225.208.133
196.220.60.200
67.202.94.94
47be94f69233c789d72e595cac9a05c47a223fb5e0609afffbde24597854a730
49f6c1034e3661e29c5de12d1c97e489565c7d55fec513c2668a57329367e082
5e20c1d9ad55a21a9d078ea6aabc137b3a1466c11386c5843e2947989f997d70
6f4587fb64cd2e7ce26ba21941c80f3ab8d28c257b73d04a87c949b32e4cde2d
7bcb5b03bc6a1974823660487b69e32963cec35b045b8d3991666c6d7c7f3074
8444ed256a85e2cfb1d950e56289ae69acd6a00d98080682f05ac5d9a7e78370
c98fba38d13019430865faf47448c13ea2209392f58451c0003f19c221e06b3f
cbae28bfe2c048aec0e240d06d9942309a731b8c2f59d15bb60f763d57df9c05
e0435b7d2869ef2da9c06934a39e6d6428063d7b67756355e876700e6d49f0ab
f7a00843c4f6a4d7e4941b093a2c9991a5d2c2bf75174dbb3644764a132fc368