urlscan.io logo urlscan.io
SecurityTrails logo

gocladdy.gq Open in urlscan Pro
23.254.230.115  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://bitflash.eu/M8YAa/?box=paul@creativeimages.com
Effective URL: https://gocladdy.gq/.godaddy/?zi=AAQkADM4Y2JlMDA2LTU1NDEtNDZlMC05NThjLWEzNGMxNjJhZjg3NwAQAFCHDhA2FEYMp8ZQ3BbWonQ&box...
Submission: On February 18 via manual from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 1 HTTP transactions. The main IP is 23.254.230.115, located in Seattle, United States and belongs to HOSTWINDS, US. The main domain is gocladdy.gq.
TLS certificate: Issued by cPanel, Inc. Certification Authority on February 12th 2020. Valid for: 3 months.
This is the only time gocladdy.gq was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: GoDaddy (Online)

Domain & IP information

IP Address AS Autonomous System
1 1 2606:4700:303... 13335 (CLOUDFLAR...)
1 2 23.254.230.115 54290 (HOSTWINDS)
1 2
Apex Domain
Subdomains		 Transfer
2 gocladdy.gq
gocladdy.gq
145 KB
1 bitflash.eu
bitflash.eu
482 B
1 2
Domain Requested by
2 gocladdy.gq 1 redirects
1 bitflash.eu 1 redirects
1 2
Subject Issuer Validity Valid
gocladdy.gq
cPanel, Inc. Certification Authority		 2020-02-12 -
2020-05-12		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://gocladdy.gq/.godaddy/?zi=AAQkADM4Y2JlMDA2LTU1NDEtNDZlMC05NThjLWEzNGMxNjJhZjg3NwAQAFCHDhA2FEYMp8ZQ3BbWonQ&box=paul@creativeimages.com&sion=3.2220.44.2764.3.3
Frame ID: D797EAACAEF00936FD25B3947D53DA6C
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://bitflash.eu/M8YAa/?box=paul@creativeimages.com HTTP 302
    https://gocladdy.gq/.godaddy/?zi=AAQkADM4Y2JlMDA2LTU1NDEtNDZlMC05NThjLWEzNGMxNjJhZjg3NwAQAFCHDhA... HTTP 302
    https://gocladdy.gq/.godaddy/?zi=AAQkADM4Y2JlMDA2LTU1NDEtNDZlMC05NThjLWEzNGMxNjJhZjg3NwAQAFCHDhA... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i

Page Statistics

1
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

208 kB
Transfer

208 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://bitflash.eu/M8YAa/?box=paul@creativeimages.com HTTP 302
    https://gocladdy.gq/.godaddy/?zi=AAQkADM4Y2JlMDA2LTU1NDEtNDZlMC05NThjLWEzNGMxNjJhZjg3NwAQAFCHDhA2FEYMp8ZQ3BbWonQ&box=paul@creativeimages.com HTTP 302
    https://gocladdy.gq/.godaddy/?zi=AAQkADM4Y2JlMDA2LTU1NDEtNDZlMC05NThjLWEzNGMxNjJhZjg3NwAQAFCHDhA2FEYMp8ZQ3BbWonQ&box=paul@creativeimages.com&sion=3.2220.44.2764.3.3 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

1 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
gocladdy.gq/.godaddy/
Redirect Chain
  • https://bitflash.eu/M8YAa/?box=paul@creativeimages.com
  • https://gocladdy.gq/.godaddy/?zi=AAQkADM4Y2JlMDA2LTU1NDEtNDZlMC05NThjLWEzNGMxNjJhZjg3NwAQAFCHDhA2FEYMp8ZQ3BbWonQ&box=paul@creativeimages.com
  • https://gocladdy.gq/.godaddy/?zi=AAQkADM4Y2JlMDA2LTU1NDEtNDZlMC05NThjLWEzNGMxNjJhZjg3NwAQAFCHDhA2FEYMp8ZQ3BbWonQ&box=paul@creativeimages.com&sion=3.2220.44.2764.3.3
145 KB
145 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://gocladdy.gq/.godaddy/?zi=AAQkADM4Y2JlMDA2LTU1NDEtNDZlMC05NThjLWEzNGMxNjJhZjg3NwAQAFCHDhA2FEYMp8ZQ3BbWonQ&box=paul@creativeimages.com&sion=3.2220.44.2764.3.3
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.254.230.115 Seattle, United States, ASN54290 (HOSTWINDS, US),
Reverse DNS
client-23-254-230-115.hostwindsdns.com
Software
Apache /
Resource Hash
f13c2e0cdef2a678c96205a18588c91d38e518f6bbc7c0de00a0706532f7bef9

Request headers

Host
gocladdy.gq
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
document
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
document

Response headers

Date
Tue, 18 Feb 2020 18:19:27 GMT
Server
Apache
Keep-Alive
timeout=5, max=99
Connection
Keep-Alive
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8

Redirect headers

Date
Tue, 18 Feb 2020 18:19:27 GMT
Server
Apache
Location
https://gocladdy.gq/.godaddy/?zi=AAQkADM4Y2JlMDA2LTU1NDEtNDZlMC05NThjLWEzNGMxNjJhZjg3NwAQAFCHDhA2FEYMp8ZQ3BbWonQ&box=paul@creativeimages.com&sion=3.2220.44.2764.3.3
Content-Length
0
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
truncated
/ 		26 KB
26 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4e729cb03aae3843f08d49b187de566cce586da0b384787cc304dbe43a713b70

Request headers

Origin
https://gocladdy.gq
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
application/font-woff2
truncated
/ 		12 KB
12 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
87c0f2934654d71243acb7e4fe45c610dc93eef0ccf6e1d5de01c1ef7f06daf5

Request headers

Origin
https://gocladdy.gq
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
application/font-woff2
truncated
/ 		25 KB
25 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a976c28db56ea7a1e01ccb2b67f9ad923a0cfae8e0be17d0037b29ebb0e6c270

Request headers

Origin
https://gocladdy.gq
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
application/font-woff2

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: GoDaddy (Online)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate

0 Cookies