ateamadvertising.com
Open in
urlscan Pro
160.153.129.203
Malicious Activity!
Public Scan
Effective URL: http://ateamadvertising.com/spex/Issued/5c1a0/
Submission Tags: @jcybersec_
Submission: On June 29 via api from GB
Summary
This is the only time ateamadvertising.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Spotify (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 | 35.186.223.98 35.186.223.98 | 15169 (GOOGLE) (GOOGLE) | |
2 3 | 160.153.129.203 160.153.129.203 | 21501 (GODADDY-AMS) (GODADDY-AMS) | |
3 | 3 |
ASN15169 (GOOGLE, US)
PTR: 98.223.186.35.bc.googleusercontent.com
store-1m3vdgp0a9.mybigcommerce.com |
ASN21501 (GODADDY-AMS, DE)
PTR: ip-160-153-129-203.ip.secureserver.net
ateamadvertising.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
3 |
ateamadvertising.com
2 redirects
ateamadvertising.com |
262 KB |
2 |
mybigcommerce.com
store-1m3vdgp0a9.mybigcommerce.com |
1 KB |
3 | 2 |
Domain | Requested by | |
---|---|---|
3 | ateamadvertising.com | 2 redirects |
2 | store-1m3vdgp0a9.mybigcommerce.com |
store-1m3vdgp0a9.mybigcommerce.com
|
3 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
accounts.spotify.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.mybigcommerce.com DigiCert SHA2 High Assurance Server CA |
2018-08-14 - 2020-09-24 |
2 years | crt.sh |
This page contains 2 frames:
Primary Page:
http://ateamadvertising.com/spex/Issued/5c1a0/
Frame ID: 4BF6565A38CB8F88D8C174A308425CAE
Requests: 8 HTTP requests in this frame
Frame:
data://truncated
Frame ID: CB3C8EB885202AF9890153691DEAB55E
Requests: 3 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://store-1m3vdgp0a9.mybigcommerce.com/sku/ Page URL
-
http://ateamadvertising.com/spex/Issued/
HTTP 302
http://ateamadvertising.com/spex/Issued/5c1a0 HTTP 301
http://ateamadvertising.com/spex/Issued/5c1a0/ Page URL
Detected technologies
Bigcommerce (Ecommerce) ExpandDetected patterns
- url /mybigcommerce\.com/i
Lua (Programming Languages) Expand
Detected patterns
- headers server /openresty(?:\/([\d.]+))?/i
Nginx (Web Servers) Expand
Detected patterns
- headers server /openresty(?:\/([\d.]+))?/i
OpenResty (Web Servers) Expand
Detected patterns
- headers server /openresty(?:\/([\d.]+))?/i
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://store-1m3vdgp0a9.mybigcommerce.com/sku/ Page URL
-
http://ateamadvertising.com/spex/Issued/
HTTP 302
http://ateamadvertising.com/spex/Issued/5c1a0 HTTP 301
http://ateamadvertising.com/spex/Issued/5c1a0/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
3 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
store-1m3vdgp0a9.mybigcommerce.com/sku/ |
815 B 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
trigger-visit-event
store-1m3vdgp0a9.mybigcommerce.com/events/ |
0 433 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
/
ateamadvertising.com/spex/Issued/5c1a0/ Redirect Chain
|
373 KB 262 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
4 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
68 KB 68 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
353 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
74 KB 74 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
72 KB 72 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame CB3C |
2 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame CB3C |
15 KB 15 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame CB3C |
15 KB 15 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Spotify (Online)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ateamadvertising.com
store-1m3vdgp0a9.mybigcommerce.com
160.153.129.203
35.186.223.98
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
372cd0fe98167ffc57b624aed00ab6f53e89bd8cf5690867c1a786983ceec95b
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
6384070e855e2ec15caefb6334ab2c4b1b9e798ce2e369cc00f0d47a41138e0d
b82f7172044b817ef46b897a6ab08970fd6b8f00e63dcee4f3b4c044d5990e0e
d77456e48416e475066a580b2050cee4f86a3819556d0ddf90d81250f3af9de2
f771fe217119432dbcdb59fe3d3ac37547eadd1a118d1646011d1d7ba7e053bf
fd23f61a56cc0bb90047a08a2a3e5794bf529c0d000f3f7af911fb67726fa376
fdf0e3938479eb6e108e7869436051b7072b9a18ecb98b3c6b49d1b29d8bc758