billing-sky-account.com
Open in
urlscan Pro
81.16.28.66
Malicious Activity!
Public Scan
Effective URL: http://billing-sky-account.com/login?session=fdg5467dsdfjij43994u39jfsdiknmfgisut45ry745yhdfhfgfg&secure=true&time=234264874553...
Submission: On January 12 via api from US
Summary
This is the only time billing-sky-account.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Sky (Entertainment)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 9 | 81.16.28.66 81.16.28.66 | 47583 (AS-HOSTINGER) (AS-HOSTINGER) | |
6 | 2.16.186.10 2.16.186.10 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
2 5 | 63.32.152.233 63.32.152.233 | 16509 (AMAZON-02) (AMAZON-02) | |
5 | 2a02:26f0:6c0... 2a02:26f0:6c00:28a::1e80 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
2 | 15.237.136.106 15.237.136.106 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 90.216.151.142 90.216.151.142 | 5607 (BSKYB-BRO...) (BSKYB-BROADBAND-AS) | |
1 | 2.16.186.82 2.16.186.82 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
2 2 | 34.250.153.194 34.250.153.194 | 16509 (AMAZON-02) (AMAZON-02) | |
28 | 8 |
ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-16-186-10.deploy.static.akamaitechnologies.com
skyidassets-a.akamaihd.net |
ASN16509 (AMAZON-02, US)
PTR: ec2-63-32-152-233.eu-west-1.compute.amazonaws.com
dpm.demdex.net |
ASN16509 (AMAZON-02, US)
PTR: ec2-15-237-136-106.eu-west-3.compute.amazonaws.com
metrics.sky.com |
ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-16-186-82.deploy.static.akamaitechnologies.com
fast.bskyb.demdex.net |
ASN16509 (AMAZON-02, US)
PTR: ec2-34-250-153-194.eu-west-1.compute.amazonaws.com
cm.everesttech.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
billing-sky-account.com
1 redirects
billing-sky-account.com |
98 KB |
6 |
demdex.net
2 redirects
dpm.demdex.net fast.bskyb.demdex.net |
5 KB |
6 |
akamaihd.net
skyidassets-a.akamaihd.net |
122 KB |
5 |
adobedtm.com
assets.adobedtm.com |
17 KB |
3 |
sky.com
skyidapp.sky.com Failed metrics.sky.com analytics.faw.sky.com |
1 KB |
2 |
everesttech.net
2 redirects
cm.everesttech.net |
772 B |
28 | 6 |
Domain | Requested by | |
---|---|---|
9 | billing-sky-account.com |
1 redirects
billing-sky-account.com
|
6 | skyidassets-a.akamaihd.net |
billing-sky-account.com
skyidassets-a.akamaihd.net |
5 | assets.adobedtm.com |
billing-sky-account.com
|
5 | dpm.demdex.net |
2 redirects
billing-sky-account.com
|
2 | cm.everesttech.net | 2 redirects |
2 | metrics.sky.com |
billing-sky-account.com
|
1 | fast.bskyb.demdex.net |
billing-sky-account.com
|
1 | analytics.faw.sky.com |
billing-sky-account.com
|
0 | skyidapp.sky.com Failed |
billing-sky-account.com
|
28 | 9 |
This site contains links to these domains. Also see Links.
Domain |
---|
skyid.sky.com |
help.sky.com |
contactus.sky.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
a248.e.akamai.net DigiCert Secure Site ECC CA-1 |
2020-07-15 - 2021-09-13 |
a year | crt.sh |
*.demdex.net DigiCert SHA2 High Assurance Server CA |
2018-01-09 - 2021-02-12 |
3 years | crt.sh |
This page contains 2 frames:
Primary Page:
http://billing-sky-account.com/login?session=fdg5467dsdfjij43994u39jfsdiknmfgisut45ry745yhdfhfgfg&secure=true&time=2342648745534&origin=cdgdj8uw3984u9jsdfm
Frame ID: BD7F2792B380587FCF53CEFB1107AC21
Requests: 26 HTTP requests in this frame
Frame:
http://fast.bskyb.demdex.net/dest5.html?d_nsid=0
Frame ID: 2D0044C2E6CB535FCE5A07F84E607550
Requests: 1 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://billing-sky-account.com/
HTTP 302
http://billing-sky-account.com/login?session=fdg5467dsdfjij43994u39jfsdiknmfgisut45ry745yhdfhfgfg&secure=tr... Page URL
Detected technologies
LiteSpeed (Web Servers) ExpandDetected patterns
- headers server /^LiteSpeed$/i
Page Statistics
6 Outgoing links
These are links going to different origins than the main page.
Title: username
Search URL Search Domain Scan URL
Title: password
Search URL Search Domain Scan URL
Title: Sky iD
Search URL Search Domain Scan URL
Title: Sign up
Search URL Search Domain Scan URL
Title: Terms & Conditions
Search URL Search Domain Scan URL
Title: Feedback
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://billing-sky-account.com/
HTTP 302
http://billing-sky-account.com/login?session=fdg5467dsdfjij43994u39jfsdiknmfgisut45ry745yhdfhfgfg&secure=true&time=2342648745534&origin=cdgdj8uw3984u9jsdfm Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 8- http://dpm.demdex.net/id?d_visid_ver=2.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=0ABA4673527831C00A490D45%40AdobeOrg&d_nsid=0&ts=1610432438050 HTTP 302
- http://dpm.demdex.net/id/rd?d_visid_ver=2.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=0ABA4673527831C00A490D45%40AdobeOrg&d_nsid=0&ts=1610432438050
- http://cm.everesttech.net/cm/dd?d_uuid=78920356647711289113493437006751937816 HTTP 301
- https://cm.everesttech.net/cm/dd?d_uuid=78920356647711289113493437006751937816 HTTP 302
- https://dpm.demdex.net/ibs:dpid=411&dpuuid=X-0-tgAAAKTnwx__ HTTP 302
- https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=X-0-tgAAAKTnwx__
28 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
login
billing-sky-account.com/ Redirect Chain
|
14 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ea8b05805335bbbe5843bc504517194c8ae74941-satelliteLib-06eeb9be0284a71b31aab4f156d032c9030e9923.js
billing-sky-account.com/js/ |
126 KB 39 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
QjyzioJJZjz8O1q5RkwhlDPjsvDry6GxoIBAeF15gLp.css
skyidassets-a.akamaihd.net/static/ |
47 KB 11 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
static-UJV7iOsxki67G1nYOvkLgPFXxoEXsBVSLDkuas9DgdH.jpg
billing-sky-account.com/images/ |
11 KB 12 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
static-epDLKEvTpRZYOiD2w29vt3DOw198EhGhV5cywQQaquu.jpg
billing-sky-account.com/images/ |
9 KB 9 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
static-EolNvX32g5NoyosbMdF4pogG8MRmSJaQsOFZAoilz0r.png
billing-sky-account.com/images/ |
22 KB 22 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
prod-sky-tags-without-adobe.min.js
billing-sky-account.com/js/ |
21 KB 8 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
static-HQt1BGVGet6ST9VxjCzKhtzcMGmcSQcdEmG3EU9GXbt.js
billing-sky-account.com/js/ |
806 B 880 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
static-9MOOiLZ9SFLsTRGuPhRlf8TVftTeHSn9QYuMOmkRP20.js
billing-sky-account.com/js/ |
3 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
rd
dpm.demdex.net/id/ Redirect Chain
|
110 B 755 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
satellite-59affd8464746d38320038dd.js
assets.adobedtm.com/ea8b05805335bbbe5843bc504517194c8ae74941/scripts/ |
4 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
satellite-59affd8464746d38320038de.js
assets.adobedtm.com/ea8b05805335bbbe5843bc504517194c8ae74941/scripts/ |
1 KB 1 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
xHpll40dbF9BMsE7egl2idRGsurOeBbOXtKviRiGrm2.png
skyidassets-a.akamaihd.net/static/ |
46 KB 45 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
HPllq1vv8AsuCJwr5ezgsYljUhmEbdekGpgj48DEVo7.gif
skyidassets-a.akamaihd.net/static/ |
160 B 564 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cW2nZACmUCcbAe28OZ5GElwF2V5EImQ8E8LQhohW5Or.gif
skyidassets-a.akamaihd.net/static/ |
159 B 563 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
REkKelj2D2GvZY4MaUR6fTkbGvBN7kwvTAnTStBBugV.woff
skyidassets-a.akamaihd.net/static/ |
33 KB 33 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Kl19rKAxTpqVT6864M1WJ3tt1cfX05KvbebLTrenuJQ.woff
skyidassets-a.akamaihd.net/static/ |
33 KB 33 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
session
skyidapp.sky.com/threatmetrix/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
s-code-contents-c560fad7adb98b342af16d0df18fe12f31346d29.js
assets.adobedtm.com/ea8b05805335bbbe5843bc504517194c8ae74941/ |
35 KB 13 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
id
metrics.sky.com/ |
48 B 891 B |
XHR
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
id
dpm.demdex.net/ |
6 KB 2 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H/1.1 |
408
analytics.faw.sky.com/ingest/web-view-message/ Frame |
0 0 |
Other
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
satellite-59affd9164746d4b1b006bb6.js
assets.adobedtm.com/ea8b05805335bbbe5843bc504517194c8ae74941/scripts/ |
160 B 637 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
satellite-59affd9164746d4b1b006bb7.js
assets.adobedtm.com/ea8b05805335bbbe5843bc504517194c8ae74941/scripts/ |
711 B 842 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST |
408
analytics.faw.sky.com/ingest/web-view-message/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
dest5.html
fast.bskyb.demdex.net/ Frame 2D00 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
s4337300697206
metrics.sky.com/b/ss/bskybdtmskycomprod/1/JS-2.4.0-D7QN/ |
43 B 598 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
demconf.jpg
dpm.demdex.net/ Redirect Chain
|
42 B 915 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- skyidapp.sky.com
- URL
- https://skyidapp.sky.com/threatmetrix/session
- Domain
- analytics.faw.sky.com
- URL
- https://analytics.faw.sky.com/ingest/web-view-message/408
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Sky (Entertainment)31 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| trustedTypes boolean| crossOriginIsolated function| Visitor object| _satellite object| s_c_il number| s_c_in object| skyTags boolean| dtmAnalyticsLoaded object| dtmUtils object| SkyIdAnalytics object| ThreatmetrixCommonLib object| SkyIdThreatMetrix function| processSkyTagsClickEvent boolean| testmode function| checkSubmitEnable object| SKY_ANALYTICS string| s_account function| AppMeasurement_Module_ActivityMap function| AppMeasurement function| s_gi function| s_pgicq number| s_objectID number| s_giq object| dtm object| dtmFlat object| s_i_bskybdtmskycomprod function| delete_cookie5 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.billing-sky-account.com/ | Name: s_cc Value: true |
|
billing-sky-account.com/ | Name: AMCV_0ABA4673527831C00A490D45%40AdobeOrg Value: 1406116232%7CMCIDTS%7C18640%7CMCMID%7C79217016337418999893463975406482482050%7CMCAID%7CNONE%7CMCOPTOUT-1610439638s%7CNONE%7CMCAAMLH-1611037238%7C6%7CMCAAMB-1611037238%7Cj8Odv6LonN4r3an7LhD3WZrU1bUpAkFkkiY1ncBR96t2PTI%7CvVersion%7C2.5.0 |
|
billing-sky-account.com/ | Name: AMCVS_0ABA4673527831C00A490D45%40AdobeOrg Value: 1 |
|
.billing-sky-account.com/ | Name: uuid Value: 632612bc12e0257f0808a94ffd889319 |
|
billing-sky-account.com/ | Name: PHPSESSID Value: 1e45c09061a82a4470a9d85bf8a8fd2b |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Content-Type-Options | nosniff |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
analytics.faw.sky.com
assets.adobedtm.com
billing-sky-account.com
cm.everesttech.net
dpm.demdex.net
fast.bskyb.demdex.net
metrics.sky.com
skyidapp.sky.com
skyidassets-a.akamaihd.net
analytics.faw.sky.com
skyidapp.sky.com
15.237.136.106
2.16.186.10
2.16.186.82
2a02:26f0:6c00:28a::1e80
34.250.153.194
63.32.152.233
81.16.28.66
90.216.151.142
0bc22c357d7250c8086a5fcdcee4dd0e00101015266dace4b13d975ba3913095
0f67d434a88592431f3853cdebed4349e7e4fd5637a34cd77cf768f1c816b116
11ebcb2de3ecc09708a9b0d568f250f1b64af15547c14a9a4179103b5c52380c
19802e9fd0568b61652d1e4e325d4198d3832dc428d301c76149dbaa454d24ab
63410d8eeb7df4a75b82e7726a7f70308951530a9a7d02b8719eee7df7631202
70bc07179947fd4924d122a1139d8af85aad52869ff24d98a9f163de5c25b81c
70ffecbbe6fa4dc00201af3d7abdf262cbdd4092e7692e01d5a9fbc9c03f38fe
77ae0fe1d7aa093df53788c194d8579eb92d1cc02f7dbe07e2c9fc1b21bc8c5e
7f7a3b22d1b0d9afeeeaf00f233fab5a8d54e074374a5a106772954d8f131f75
84382a2a3b6a6fac3b3d15f002f06bc4cf25f65909414a56fd484a5bbacc2951
844c03d557fe64d55f2720b37aeda5e46e00f2e525315a09700425fea430a83b
857b9a6aa1fe47cad60a170cce153eca29ce04c203a3692cc423f3feec7637e3
8ee0881b4a688dbea90c734e0876eb4a223ea5567c93debd2090f9926f51f282
9f4d56ee2803674d3f2766519e21c2201a5103fbb2c0fa463659a557eeb68e17
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a56e82f34c03b1bed67b86e8b09d36303d6204eeb04b968f8fe38077753606ca
ada4304cd44c1de0d147e176ee5e3e73ce85cd153e7557586390e028b8274201
baac77397183ec1f6d089955f36b94151a00c7619931bc53ca1bf8a1f4d56331
bbeace0963aa447c06caff27a15c367e13e059d2ef587ec09539fb24d81ddcf9
c49952eea66519aa4c366522dc899902f952b0cdfc4d4d2d1d7756d930040b1c
d4d25696e41b27b243e7682bbb4b7a0373367791535d1af16ebd42ec81e9bed5
ee0d2e7610cad444c7ab07952efb064fffab7e3a36d00fc2e18adebbdf227cb4
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
fa203ede2edfe3e4bdf50e64e4b1d584e9019d58e47107908cd37c2857c8a1ca