AlphaSSL CA - SHA256 - G4
What is AlphaSSL CA - SHA256 - G4?
Newer generation AlphaSSL intermediate chaining to GlobalSign Root R6.
Suspicious sites — confidence is not always 100%. Use for Threat Hunting or watchlists.
| Last check (UTC) | First seen (UTC) ▾ | URL | Screenshot | Flags | Details |
|---|
Suspicious sites — confidence is not always 100%. Use for Threat Hunting or watchlists.
| URL | Screenshot | Flags | Details |
|---|
Frequently asked questions about AlphaSSL CA - SHA256 - G4
What is AlphaSSL CA - SHA256 - G4?
AlphaSSL CA - SHA256 - G4 is a publicly trusted intermediate certificate authority operated by GlobalSign nv-sa (AlphaSSL brand) and chained to GlobalSign Root CA - R6. It is recognized by all mainstream browsers and operating system trust stores, so the certificate itself is not a phishing indicator - the same intermediate signs millions of legitimate sites. phishunt only flags the specific domains listed below as suspicious; AlphaSSL CA - SHA256 - G4 as a CA is fine.
Is AlphaSSL CA - SHA256 - G4 a legitimate certificate authority?
Yes. AlphaSSL CA - SHA256 - G4 is a publicly trusted intermediate CA operated by GlobalSign nv-sa (AlphaSSL brand), included in the Microsoft, Apple, Google and Mozilla root trust stores. Every mainstream browser automatically accepts certificates it signs. The intermediate itself is not a phishing signal — what matters is the specific domain. phishunt flags only the suspicious domains listed below; AlphaSSL CA - SHA256 - G4 keeps signing millions of legitimate sites.
Who runs the AlphaSSL CA - SHA256 - G4 certificate authority?
AlphaSSL CA - SHA256 - G4 is operated by GlobalSign nv-sa (AlphaSSL brand). It is a RSA intermediate that chains up to the GlobalSign Root CA - R6 root, which GlobalSign nv-sa (AlphaSSL brand) also owns. Anyone can look up the chain in the public Certificate Transparency logs; the same operator publishes a Certificate Policy / Certification Practice Statement (CP/CPS) describing how issuance and revocation work.
What does AlphaSSL CA - SHA256 - G4 mean when my browser shows it as the issuer?
When a browser shows AlphaSSL CA - SHA256 - G4 as the certificate issuer for a site, it means TLS was validated through GlobalSign nv-sa (AlphaSSL brand)'s RSA chain ending at GlobalSign Root CA - R6. That is normal for tens of millions of legitimate sites that use GlobalSign nv-sa (AlphaSSL brand)'s automated DV TLS. The certificate proves the connection is encrypted and that the certificate matches the hostname — it does not prove the site behind it is trustworthy. Always verify the domain name itself.
Why does AlphaSSL CA - SHA256 - G4 show up on phishing sites?
GlobalSign nv-sa (AlphaSSL brand) issues RSA domain-validated certificates automatically and at no cost (or very low cost), which is the exact workflow scammers need to put HTTPS on a throwaway domain. Domain validation only proves that the requester controls the domain name, not that the site behind it is trustworthy. phishunt lists the specific domains currently flagged below — those are the suspicious ones, not AlphaSSL CA - SHA256 - G4 itself.
How do I verify a certificate issued by AlphaSSL CA - SHA256 - G4?
In a desktop browser, click the padlock in the address bar and open the certificate viewer. Confirm the issuer chain ends at GlobalSign Root CA - R6, that the subject matches the domain you expect, and that the notAfter date has not passed. A valid AlphaSSL CA - SHA256 - G4 certificate only proves TLS was negotiated correctly — always verify the domain name itself belongs to the service you intended to visit.
What is the difference between AlphaSSL CA - SHA256 - G4 and AlphaSSL CA - SHA256 - G2?
AlphaSSL CA - SHA256 - G4 and its siblings (AlphaSSL CA - SHA256 - G2, GlobalSign Atlas R3 DV TLS CA H2 2021) share the same operator (GlobalSign nv-sa (AlphaSSL brand)) and roll up to the same root (GlobalSign Root CA - R6). CAs rotate multiple intermediates so that if one key ever has to be revoked, the damage is contained. As a user, you can treat all of them as the same trust anchor.