gw.ticketapt.website
Open in
urlscan Pro
2606:4700:3033::6815:5c2f
Malicious Activity!
Public Scan
Submission: On September 07 via api from US — Scanned from US
Summary
TLS certificate: Issued by E1 on August 3rd 2023. Valid for: 3 months.
This is the only time gw.ticketapt.website was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Cloudflare (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 5 | 2606:4700:303... 2606:4700:3033::6815:5c2f | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 208.91.196.46 208.91.196.46 | 40034 (CONFLUENC...) (CONFLUENCE-NETWORK-INC) | |
2 | 23.215.130.162 23.215.130.162 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
11 | 34.111.53.1 34.111.53.1 | 396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM) | |
1 | 2600:1901:0:3... 2600:1901:0:3c2f:: | 15169 (GOOGLE) (GOOGLE) | |
1 | 151.101.194.137 151.101.194.137 | 54113 (FASTLY) (FASTLY) | |
2 | 162.247.241.14 162.247.241.14 | 23467 (NEWRELIC-...) (NEWRELIC-AS-1) | |
34 | 8 |
ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-215-130-162.deploy.static.akamaitechnologies.com
pxlgnpgecom-a.akamaihd.net |
ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 1.53.111.34.bc.googleusercontent.com
dts.gnpge.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
12 |
gnpge.com
dts.gnpge.com — Cisco Umbrella Rank: 112131 dts6.gnpge.com — Cisco Umbrella Rank: 131238 |
2 KB |
5 |
ticketapt.website
1 redirects
gw.ticketapt.website |
35 KB |
2 |
nr-data.net
bam.nr-data.net — Cisco Umbrella Rank: 261 |
877 B |
2 |
akamaihd.net
pxlgnpgecom-a.akamaihd.net — Cisco Umbrella Rank: 116295 |
43 KB |
2 |
iyfodr.com
iyfodr.com |
1 KB |
1 |
newrelic.com
js-agent.newrelic.com — Cisco Umbrella Rank: 460 |
26 KB |
0 |
cdn-image.com
Failed
i2.cdn-image.com Failed |
|
34 | 7 |
Domain | Requested by | |
---|---|---|
11 | dts.gnpge.com |
pxlgnpgecom-a.akamaihd.net
gw.ticketapt.website |
5 | gw.ticketapt.website |
1 redirects
gw.ticketapt.website
|
2 | bam.nr-data.net |
gw.ticketapt.website
|
2 | pxlgnpgecom-a.akamaihd.net |
gw.ticketapt.website
|
2 | iyfodr.com |
gw.ticketapt.website
|
1 | js-agent.newrelic.com |
gw.ticketapt.website
|
1 | dts6.gnpge.com |
gw.ticketapt.website
|
0 | i2.cdn-image.com Failed |
gw.ticketapt.website
|
34 | 8 |
This site contains links to these domains. Also see Links.
Domain |
---|
ticketapt.website |
iyfodr.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
ticketapt.website E1 |
2023-08-03 - 2023-11-01 |
3 months | crt.sh |
iyfodr.com R3 |
2023-08-28 - 2023-11-26 |
3 months | crt.sh |
a248.e.akamai.net DigiCert TLS RSA SHA256 2020 CA1 |
2023-05-16 - 2024-05-15 |
a year | crt.sh |
dts.gnpge.com GTS CA 1D4 |
2023-07-16 - 2023-10-14 |
3 months | crt.sh |
js-agent.newrelic.com GlobalSign Atlas R3 DV TLS CA 2023 Q2 |
2023-04-13 - 2024-05-14 |
a year | crt.sh |
*.nr-data.net DigiCert TLS RSA SHA256 2020 CA1 |
2022-11-18 - 2023-12-19 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://gw.ticketapt.website/
Frame ID: CDE7C625803011EC81BA42D7BF1626B1
Requests: 32 HTTP requests in this frame
Frame:
https://pxlgnpgecom-a.akamaihd.net/javascripts/bfp_ssn.js?templateId=10
Frame ID: 2F2B6B10DE4050921B4E925114EB7B7D
Requests: 2 HTTP requests in this frame
Screenshot
Page Title
Ticketapt.websitePage URL History Show full URLs
- https://gw.ticketapt.website/ Page URL
-
https://gw.ticketapt.website/cdn-cgi/phish-bypass?atok=b7LOa8OjwS_BBX.PBBaUk8ZTrZd1aOwbSyPeqqpOdig-169408...
HTTP 301
https://gw.ticketapt.website/ Page URL
Page Statistics
7 Outgoing links
These are links going to different origins than the main page.
Title: Ticketapt.website
Search URL Search Domain Scan URL
Title: Printable Theatre Tickets
Search URL Search Domain Scan URL
Title: Dinner Theatre
Search URL Search Domain Scan URL
Title: Get Concert Tickets
Search URL Search Domain Scan URL
Title: Rose Quarter Jobs
Search URL Search Domain Scan URL
Title: Soccer Tickets
Search URL Search Domain Scan URL
Title: Privacy Policy
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://gw.ticketapt.website/ Page URL
-
https://gw.ticketapt.website/cdn-cgi/phish-bypass?atok=b7LOa8OjwS_BBX.PBBaUk8ZTrZd1aOwbSyPeqqpOdig-1694086219-0-%2F
HTTP 301
https://gw.ticketapt.website/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
34 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
gw.ticketapt.website/ |
5 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cf.errors.css
gw.ticketapt.website/cdn-cgi/styles/ |
24 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
icon-exclamation.png
gw.ticketapt.website/cdn-cgi/images/ |
452 B 671 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Primary Request
/
gw.ticketapt.website/ Redirect Chain
|
83 KB 28 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
px.js
iyfodr.com/ |
346 B 628 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
px.js
iyfodr.com/ |
346 B 628 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
min.js
i2.cdn-image.com/__media__/js/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
browserfp.min.js
pxlgnpgecom-a.akamaihd.net/javascripts/ |
118 KB 39 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
montserrat-regular.woff
i2.cdn-image.com/__media__/fonts/montserrat-regular/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
montserrat-regular.woff2
i2.cdn-image.com/__media__/fonts/montserrat-regular/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
montserrat-regular.ttf
i2.cdn-image.com/__media__/fonts/montserrat-regular/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
montserrat-regular.otf
i2.cdn-image.com/__media__/fonts/montserrat-regular/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
montserrat-bold.woff
i2.cdn-image.com/__media__/fonts/montserrat-bold/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
montserrat-bold.woff2
i2.cdn-image.com/__media__/fonts/montserrat-bold/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
montserrat-bold.ttf
i2.cdn-image.com/__media__/fonts/montserrat-bold/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
montserrat-bold.otf
i2.cdn-image.com/__media__/fonts/montserrat-bold/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
bg1.png
i2.cdn-image.com/__media__/pics/29590/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
arrrow.png
i2.cdn-image.com/__media__/pics/28905/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bfp_ssn.js
pxlgnpgecom-a.akamaihd.net/javascripts/ Frame 2F2B |
12 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
ptmdP
dts.gnpge.com/ |
7 B 366 B |
Ping
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cenw.js
dts.gnpge.com/ |
36 B 356 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ptmdDual
dts6.gnpge.com/ |
70 B 335 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ptmd
dts.gnpge.com/ |
70 B 140 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ptmd
dts.gnpge.com/ |
70 B 132 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
nr-spa.142f942f-1.239.1.min.js
js-agent.newrelic.com/ |
75 KB 26 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cenw.js
dts.gnpge.com/ Frame 2F2B |
36 B 125 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ptmd
dts.gnpge.com/ |
70 B 132 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
6bc175e1c8
bam.nr-data.net/1/ |
40 B 469 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ptmd
dts.gnpge.com/ |
70 B 132 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ptmd
dts.gnpge.com/ |
70 B 132 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
6bc175e1c8
bam.nr-data.net/events/1/ |
24 B 408 B |
XHR
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ptmd
dts.gnpge.com/ |
70 B 132 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
ptmdP
dts.gnpge.com/ |
7 B 72 B |
Ping
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ptmd
dts.gnpge.com/ |
70 B 132 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- i2.cdn-image.com
- URL
- https://i2.cdn-image.com/__media__/js/min.js?v2.3
- Domain
- i2.cdn-image.com
- URL
- http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff
- Domain
- i2.cdn-image.com
- URL
- http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff2
- Domain
- i2.cdn-image.com
- URL
- http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.ttf
- Domain
- i2.cdn-image.com
- URL
- http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.otf
- Domain
- i2.cdn-image.com
- URL
- http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff
- Domain
- i2.cdn-image.com
- URL
- http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff2
- Domain
- i2.cdn-image.com
- URL
- http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.ttf
- Domain
- i2.cdn-image.com
- URL
- http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.otf
- Domain
- i2.cdn-image.com
- URL
- https://i2.cdn-image.com/__media__/pics/29590/bg1.png
- Domain
- i2.cdn-image.com
- URL
- https://i2.cdn-image.com/__media__/pics/28905/arrrow.png
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Cloudflare (Online)34 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| documentPictureInPicture boolean| abp object| scripts object| script object| query object| params object| param function| handleABPDetect object| NREUM object| webpackChunk:NRBA-1.239.1.PROD object| newrelic function| _bpx_ object| __pp string| eti string| esi_ip string| esi_ua string| country_code object| hs string| adod string| sdod string| sdodi string| customerId number| templateId string| cp string| pd object| ad_regex string| noCookies number| cstSmpPer string| dl number| staging string| ver function| browserfp object| bfp_6.0.5529 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.gw.ticketapt.website/ | Name: __cf_mw_byp Value: b7LOa8OjwS_BBX.PBBaUk8ZTrZd1aOwbSyPeqqpOdig-1694086219-0-/ |
|
.ticketapt.website/ | Name: bfp_sn_rf_b10ce94cf299b167b74a6944e0aec9d4 Value: Direct/External |
|
.ticketapt.website/ | Name: bfp_sn_rt_b10ce94cf299b167b74a6944e0aec9d4 Value: 1694086224652 |
|
.ticketapt.website/ | Name: bfp_sn_pl Value: 1694086224|1_455734288133 |
|
.gw.ticketapt.website/ | Name: bafp Value: eff6b4b0-4d71-11ee-9761-992bf8902053 |
|
.pxlgnpgecom-a.akamaihd.net/ | Name: bfp_sn Value: 1694086224_455734288133 |
|
.pxlgnpgecom-a.akamaihd.net/ | Name: bfp_sn_t_b10ce94cf299b167b74a6944e0aec9d4 Value: 1694086224_455734288133_b10ce94cf299b167b74a6944e0aec9d4 |
|
.pxlgnpgecom-a.akamaihd.net/ | Name: bfp_sn_td_df49c5b79ad174b1da1bd228fc50e51f Value: 1694086224_455734288133_df49c5b79ad174b1da1bd228fc50e51f |
|
.pxlgnpgecom-a.akamaihd.net/ | Name: bafp_t Value: f0271380-4d71-11ee-9c92-09061a158666 |
14 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Frame-Options | SAMEORIGIN |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
bam.nr-data.net
dts.gnpge.com
dts6.gnpge.com
gw.ticketapt.website
i2.cdn-image.com
iyfodr.com
js-agent.newrelic.com
pxlgnpgecom-a.akamaihd.net
i2.cdn-image.com
151.101.194.137
162.247.241.14
208.91.196.46
23.215.130.162
2600:1901:0:3c2f::
2606:4700:3033::6815:5c2f
34.111.53.1
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
1103290e25ebda2712abe344a87facbac00ddaba712729be9fe5feef807bf91b
1f24080486c4ae1e63a5336e1e134511520bbe7d199a8c9d68819f8ef0656bc3
5c1d5fd46a88611c31ecbb8ffc1142a7e74ec7fb7d72bd3891131c880ef3f584
7ec5561af74114c3b4b8e0a3e4e2d6f0718e60449f99d4266d8c026bfba8ddcc
ae25f09a528eec10e214e197bce6f3d00b779dd0b641c8b83aa3fc90f5d2734d
aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
c2ba30422ddab440f6f03a27a43ada4d8b03d2ef3b06f8b6068a72ad192fa7bc
c414cd0e204de974f73753c7e28d7638e7b3691bb8b1a2bab6b25bb7fed7ce77
c831a58c25f63105a06a622b3435bc6761474664f87e8e7b6ef8dccafa0d890f
cdaf31a1071286676944848c1e53c284a611e39473e322a75caf358b1b24e19d
d932dca8e7744b4fd065b85ecdf506ee91086a267bc6b9c9413b1defa7905f39
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016
f41371ec7bd9015e42f7c81fa791893db19ebbccb3e2bb2e679db07879dfa748