ateamadvertising.com Open in urlscan Pro
160.153.129.203 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://store-1m3vdgp0a9.mybigcommerce.com/sku/
Effective URL:
http://ateamadvertising.com/spex/Issued/5c1a0/
Submission Tags: @jcybersec_
Submission: On June 29 via api (June 29th 2020, 1:04:44 pm UTC) from GB

Summary HTTP 3 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 3 IPs in 1 countries across 2 domains to perform 3 HTTP transactions. The main IP is 160.153.129.203, located in Scottsdale, United States and belongs to GODADDY-AMS, DE. The main domain is ateamadvertising.com.

This is the only time ateamadvertising.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Spotify (Online)

Domain & IP information

	IP Address	AS Autonomous System
2	35.186.223.98 35.186.223.98	15169 (GOOGLE) (GOOGLE)
2 3	160.153.129.203 160.153.129.203	21501 (GODADDY-AMS) (GODADDY-AMS)
3	3

2 35.186.223.98 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: 98.223.186.35.bc.googleusercontent.com

store-1m3vdgp0a9.mybigcommerce.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 160.153.129.203 (Scottsdale, United States) 2 redirects

ASN21501 (GODADDY-AMS, DE)
PTR: ip-160-153-129-203.ip.secureserver.net

ateamadvertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	ateamadvertising.com 2 redirects ateamadvertising.com	262 KB
2	mybigcommerce.com store-1m3vdgp0a9.mybigcommerce.com	1 KB
3	2

	Domain	Requested by
3	ateamadvertising.com	2 redirects
2	store-1m3vdgp0a9.mybigcommerce.com	store-1m3vdgp0a9.mybigcommerce.com
3	2

This site contains links to these domains. Also see Links.

Domain
accounts.spotify.com

Subject Issuer	Validity	Valid
*.mybigcommerce.com DigiCert SHA2 High Assurance Server CA	`2018-08-14` - `2020-09-24`	2 years	crt.sh

This page contains 2 frames:

Primary Page: http://ateamadvertising.com/spex/Issued/5c1a0/
Frame ID: 4BF6565A38CB8F88D8C174A308425CAE
Requests: 8 HTTP requests in this frame

Frame: data://truncated
Frame ID: CB3C8EB885202AF9890153691DEAB55E
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://store-1m3vdgp0a9.mybigcommerce.com/sku/ Page URL
http://ateamadvertising.com/spex/Issued/ HTTP 302
http://ateamadvertising.com/spex/Issued/5c1a0 HTTP 301
http://ateamadvertising.com/spex/Issued/5c1a0/ Page URL

Detected technologies

Bigcommerce (Ecommerce) Expand

Overall confidence: 100%
Detected patterns

url /mybigcommerce\.com/i

Lua (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers server /openresty(?:\/([\d.]+))?/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /openresty(?:\/([\d.]+))?/i

OpenResty (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /openresty(?:\/([\d.]+))?/i

Page Statistics

3
Requests

67 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

1
Countries

508 kB
Transfer

625 kB
Size

0
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://accounts.spotify.com/en

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://store-1m3vdgp0a9.mybigcommerce.com/sku/ Page URL
http://ateamadvertising.com/spex/Issued/ HTTP 302
http://ateamadvertising.com/spex/Issued/5c1a0 HTTP 301
http://ateamadvertising.com/spex/Issued/5c1a0/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

3 HTTP transactions
8 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	/ Show response store-1m3vdgp0a9.mybigcommerce.com/sku/	815 B 1 KB	796ms 319ms	Document text/html	35.186.223.98 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://store-1m3vdgp0a9.mybigcommerce.com/sku/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 35.186.223.98 Mountain View, United States, ASN15169 (GOOGLE, US), Reverse DNS 98.223.186.35.bc.googleusercontent.com Software openresty / Resource Hash `fd23f61a56cc0bb90047a08a2a3e5794bf529c0d000f3f7af911fb67726fa376` Request headers :method GET :authority store-1m3vdgp0a9.mybigcommerce.com :scheme https :path /sku/ pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers status 200 server openresty date Mon, 29 Jun 2020 13:04:28 GMT content-type text/html; charset=UTF-8 cache-control no-store, no-cache, must-revalidate pragma no-cache expires Thu, 19 Nov 1981 08:52:00 GMT content-encoding gzip x-request-id 21c1eb847e8b202c9f8c8ce6cb02acf7 set-cookie SHOP_SESSION_TOKEN=h41lp9jeil3kc9rad1v2qnnl6c; Expires=Mon, 06 Jul 2020 13:04:28 GMT; Path=/; Secure; HttpOnly; SameSite=none fornax_anonymousId=301103a2-c664-446a-815c-2cb1d099cf21; Expires=Wed, 29 Jun 2022 13:04:28 GMT; Path=/; Secure; SameSite=none XSRF-TOKEN=c13f6543aca063df809b776eaad9364b8328c643855096c8f5df63af68bbb7da; Path=/; Secure; SameSite=none
POST H2	200	trigger-visit-event store-1m3vdgp0a9.mybigcommerce.com/events/	0 433 B	253ms 252ms	XHR text/html	35.186.223.98 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://store-1m3vdgp0a9.mybigcommerce.com/events/trigger-visit-event Requested by Host: store-1m3vdgp0a9.mybigcommerce.com URL: https://store-1m3vdgp0a9.mybigcommerce.com/sku/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 35.186.223.98 Mountain View, United States, ASN15169 (GOOGLE, US), Reverse DNS 98.223.186.35.bc.googleusercontent.com Software openresty / Resource Hash Request headers Referer https://store-1m3vdgp0a9.mybigcommerce.com/sku/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Content-Type application/json Response headers pragma no-cache date Mon, 29 Jun 2020 13:04:28 GMT content-encoding gzip server openresty content-type text/html; charset=UTF-8 status 200 cache-control no-store, no-cache, must-revalidate x-request-id 55eef8934f8a7317c42ba47fd201c9d8 expires Thu, 19 Nov 1981 08:52:00 GMT
GET H/1.1	200 OK	Primary Request / Show response ateamadvertising.com/spex/Issued/5c1a0/ Redirect Chain http://ateamadvertising.com/spex/Issued/ http://ateamadvertising.com/spex/Issued/5c1a0 http://ateamadvertising.com/spex/Issued/5c1a0/	373 KB 262 KB	53ms 52ms	Document text/html	160.153.129.203 GODADDY-AMS
General Check archive.org Show headers Download Go to Full URL http://ateamadvertising.com/spex/Issued/5c1a0/ Protocol HTTP/1.1 Server 160.153.129.203 Scottsdale, United States, ASN21501 (GODADDY-AMS, DE), Reverse DNS ip-160-153-129-203.ip.secureserver.net Software Apache / PHP/5.6.40 Resource Hash `b82f7172044b817ef46b897a6ab08970fd6b8f00e63dcee4f3b4c044d5990e0e` Request headers Host ateamadvertising.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding gzip, deflate Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer https://store-1m3vdgp0a9.mybigcommerce.com/sku/ Response headers Date Mon, 29 Jun 2020 13:04:31 GMT Server Apache X-Powered-By PHP/5.6.40 Vary Accept-Encoding,User-Agent Content-Encoding gzip Keep-Alive timeout=5 Connection Keep-Alive Transfer-Encoding chunked Content-Type text/html; charset=UTF-8 Redirect headers Date Mon, 29 Jun 2020 13:04:31 GMT Server Apache Location http://ateamadvertising.com/spex/Issued/5c1a0/ Content-Length 254 Keep-Alive timeout=5 Connection Keep-Alive Content-Type text/html; charset=iso-8859-1
GET DATA	200 OK	truncated /	4 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `f771fe217119432dbcdb59fe3d3ac37547eadd1a118d1646011d1d7ba7e053bf` Request headers Referer http://ateamadvertising.com/spex/Issued/5c1a0/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Content-Type image/svg+xml;charset=utf-8
GET DATA	200 OK	truncated /	68 KB 68 KB		Font application/font-woff
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `6384070e855e2ec15caefb6334ab2c4b1b9e798ce2e369cc00f0d47a41138e0d` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer http://ateamadvertising.com/spex/Issued/5c1a0/ Origin http://ateamadvertising.com Response headers Content-Type application/font-woff
GET DATA	200 OK	truncated /	353 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `372cd0fe98167ffc57b624aed00ab6f53e89bd8cf5690867c1a786983ceec95b` Request headers Referer http://ateamadvertising.com/spex/Issued/5c1a0/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Content-Type image/svg+xml;charset=utf-8
GET DATA	200 OK	truncated /	74 KB 74 KB		Font application/font-woff
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `fdf0e3938479eb6e108e7869436051b7072b9a18ecb98b3c6b49d1b29d8bc758` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer http://ateamadvertising.com/spex/Issued/5c1a0/ Origin http://ateamadvertising.com Response headers Content-Type application/font-woff
GET DATA	200 OK	truncated /	72 KB 72 KB		Font application/font-woff
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `d77456e48416e475066a580b2050cee4f86a3819556d0ddf90d81250f3af9de2` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer http://ateamadvertising.com/spex/Issued/5c1a0/ Origin http://ateamadvertising.com Response headers Content-Type application/font-woff
GET DATA	200 OK	truncated / Frame CB3C	2 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a` Request headers Referer http://ateamadvertising.com/spex/Issued/5c1a0/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated / Frame CB3C	15 KB 15 KB		Font font/woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer http://ateamadvertising.com/spex/Issued/5c1a0/ Origin null Response headers Content-Type font/woff2
GET DATA	200 OK	truncated / Frame CB3C	15 KB 15 KB		Font font/woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer http://ateamadvertising.com/spex/Issued/5c1a0/ Origin null Response headers Content-Type font/woff2

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Spotify (Online)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ateamadvertising.com
store-1m3vdgp0a9.mybigcommerce.com
160.153.129.203
35.186.223.98
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
372cd0fe98167ffc57b624aed00ab6f53e89bd8cf5690867c1a786983ceec95b
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
6384070e855e2ec15caefb6334ab2c4b1b9e798ce2e369cc00f0d47a41138e0d
b82f7172044b817ef46b897a6ab08970fd6b8f00e63dcee4f3b4c044d5990e0e
d77456e48416e475066a580b2050cee4f86a3819556d0ddf90d81250f3af9de2
f771fe217119432dbcdb59fe3d3ac37547eadd1a118d1646011d1d7ba7e053bf
fd23f61a56cc0bb90047a08a2a3e5794bf529c0d000f3f7af911fb67726fa376
fdf0e3938479eb6e108e7869436051b7072b9a18ecb98b3c6b49d1b29d8bc758

ateamadvertising.com Open in urlscan Pro 160.153.129.203 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

3 Requests

67 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

3 IPs

1 Countries

508 kBTransfer

625 kBSize

0 Cookies

1 Outgoing links

Page URL History

Redirected requests

3 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 8 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

0 Cookies

Indicators

ateamadvertising.com Open in urlscan Pro
160.153.129.203 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

3
Requests

67 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

1
Countries

508 kB
Transfer

625 kB
Size

0
Cookies

3 HTTP transactions
8 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!