input.ninja
Open in
urlscan Pro
72.52.217.213
Malicious Activity!
Public Scan
Submission: On February 10 via api from US — Scanned from DE
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on February 1st 2022. Valid for: 3 months.
This is the only time input.ninja was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: DocuSign (Online) GDrive and other (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
21 | 72.52.217.213 72.52.217.213 | 32244 (LIQUIDWEB) (LIQUIDWEB) | |
1 | 104.219.248.46 104.219.248.46 | 22612 (NAMECHEAP...) (NAMECHEAP-NET) | |
22 | 2 |
ASN22612 (NAMECHEAP-NET, US)
PTR: server139-2.web-hosting.com
shopget24.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
21 |
input.ninja
input.ninja |
132 KB |
1 |
shopget24.com
shopget24.com |
176 B |
22 | 2 |
Domain | Requested by | |
---|---|---|
21 | input.ninja |
input.ninja
|
1 | shopget24.com |
input.ninja
|
22 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
input.ninja cPanel, Inc. Certification Authority |
2022-02-01 - 2022-05-02 |
3 months | crt.sh |
shopget24.com Sectigo RSA Domain Validation Secure Server CA |
2021-08-27 - 2022-08-27 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://input.ninja/ABS/DocuSign/auth/index2.php?ISAPI_8c75b50525gtfd8c
Frame ID: 8C408BDADA9580182470E8BAA776B423
Requests: 22 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
22 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
index2.php
input.ninja/ABS/DocuSign/auth/ |
7 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mobile-style.css
input.ninja/ABS/DocuSign/auth/css/ |
6 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dsgn.png
input.ninja/ABS/DocuSign/auth/img/ |
7 KB 8 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
em.png
input.ninja/ABS/DocuSign/auth/img/ |
517 B 573 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pl.png
input.ninja/ABS/DocuSign/auth/img/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
d2.png
input.ninja/ABS/DocuSign/auth/img/ |
921 B 953 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
s_seee.png
input.ninja/ABS/DocuSign/auth/img/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
owl.png
input.ninja/ABS/DocuSign/auth/img/ |
13 KB 13 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
look.png
input.ninja/ABS/DocuSign/auth/img/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
a_o_l.png
input.ninja/ABS/DocuSign/auth/img/ |
16 KB 17 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
a_l.png
input.ninja/ABS/DocuSign/auth/img/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
y_m.png
input.ninja/ABS/DocuSign/auth/img/ |
29 KB 29 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
y.png
input.ninja/ABS/DocuSign/auth/img/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index.png
input.ninja/ABS/DocuSign/auth/img/ |
8 KB 8 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
go.png
input.ninja/ABS/DocuSign/auth/img/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
365.png
input.ninja/ABS/DocuSign/auth/img/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
off.png
input.ninja/ABS/DocuSign/auth/img/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
spr.png
input.ninja/ABS/DocuSign/auth/img/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gm.png
input.ninja/ABS/DocuSign/auth/img/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
f.png
input.ninja/ABS/DocuSign/auth/img/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hack-run.png
shopget24.com/images/sampledata/ |
0 176 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
c.png
input.ninja/ABS/DocuSign/auth/css/ |
28 KB 28 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: DocuSign (Online) GDrive and other (Online)1 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| structuredClone0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
input.ninja
shopget24.com
104.219.248.46
72.52.217.213
0585f4a7ff97d36a7df69409bcc81c809f0e94723a89a32194cd432fe85358fb
09be398f7896ac38fa91056bfc3dc45d4845b328cfe0e71607b7aaac0fc569c2
2c851b274e54497e6290ce4e37686a435dfe7aa9a6f5380db0fdf5ae00481746
33f2eb65d5f07650ebd9de0121bea52909d8d22dcc73342f584bb6ca017216f9
341dc8a2f05f363511ccd444d63a96a8879b330eda50fabb581e1776751aa38d
4ecd1784399d6be5b0b70e1ccbdeaf187a6c7a16b6d55c13f57da78950bc185a
7b97b79b30f061007e3facc87d2b18059f2e4fd114a749273e6d9e41e09cd197
80a9e683a71c219894ce54a3642712b2e4a15e89fe5503d8ee3636bb21f782fa
8720a28a7f66196e39de136fb8ccbbf8c192391d78442ccc54a5796dcddfcae2
9af35f4bc12f609b907e306abdb1f1d702829402f99a3f7d1d860de8ec08b10e
9baa2501d93fcecd045572478652f3f5cf99d8dce4e53c2a074dde60bcb22f59
b43adb2cb8d9e0b37b8b965b86dac2831c24bc938ff2a0f6e7898c9fa3785b01
b7fca5ccbdbf84cc964dc316c9a4589ab77eb9fa04f0d76eb13fd79f2442e01d
bd4ef9821aedbe2cb59323ab96d6c55400c0fc0f56292d528a4338b4d922f47a
c7b07a0440ecfbd1f32110a6a5c7e92ecfe0200a65ba5fdd5660a98cf2294c09
c9084e7f83346452d61ead5861c79fc1c486ead52cb068b8492ee6e141c0e179
cc9ea448c8aab3d483e370221f8766c9b1686610a76997cbcc711feee32de804
d54889fee19017fe0fb248c07574250db3da567029868732074d3e450281c27c
de564746f96692beb6396032c64d25d989b3cc4f4e0d62edc212678d51da4861
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e923ccc327cca82406d93806b3b542703d1c3c9324e808d2257b0a4b72186972
fa2776137cbda7fb85aaa56be710f14e5d3d18e231756cfbe283a2938e7d6620