aureus.nyc
Open in
urlscan Pro
166.62.27.148
Malicious Activity!
Public Scan
Effective URL: https://aureus.nyc/includesBTusruk/Login.php?sslchannel=true&sessionid=7EX8xSRmhu9vksK5II8fl6XuOsZXg2hnHewe7nAoSKUc...
Submission: On June 22 via api from CA
Summary
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on July 21st 2017. Valid for: 2 years.
This is the only time aureus.nyc was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: BT (Telecommunication)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 198.71.165.55 198.71.165.55 | 26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com) | |
13 | 166.62.27.148 166.62.27.148 | 26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com) | |
1 | 2a00:1450:400... 2a00:1450:4001:821::200a | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
1 | 185.225.208.133 185.225.208.133 | 13213 (UK2NET-AS) (UK2NET-AS) | |
1 | 67.202.94.93 67.202.94.93 | 32748 (STEADFAST) (STEADFAST - Steadfast) | |
19 | 6 |
ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US)
PTR: ip-198-71-165-55.ip.secureserver.net
burkeenterprise.com |
ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US)
PTR: ip-166-62-27-148.ip.secureserver.net
aureus.nyc |
ASN32748 (STEADFAST - Steadfast, US)
PTR: amung.us
whos.amung.us |
Apex Domain Subdomains |
Transfer | |
---|---|---|
13 |
aureus.nyc
aureus.nyc |
126 KB |
1 |
amung.us
whos.amung.us |
161 B |
1 |
waust.at
waust.at |
7 KB |
1 |
googleapis.com
ajax.googleapis.com |
33 KB |
1 |
burkeenterprise.com
burkeenterprise.com |
525 B |
0 |
jqueryvalidation.org
Failed
jqueryvalidation.org Failed |
|
0 |
jsdelivr.net
Failed
cdn.jsdelivr.net Failed |
|
19 | 7 |
Domain | Requested by | |
---|---|---|
13 | aureus.nyc |
aureus.nyc
ajax.googleapis.com |
1 | whos.amung.us |
waust.at
|
1 | waust.at |
aureus.nyc
|
1 | ajax.googleapis.com |
aureus.nyc
|
1 | burkeenterprise.com | |
0 | jqueryvalidation.org Failed |
aureus.nyc
|
0 | cdn.jsdelivr.net Failed |
aureus.nyc
|
19 | 7 |
This site contains links to these domains. Also see Links.
Domain |
---|
whos.amung.us |
Subject Issuer | Validity | Valid | |
---|---|---|---|
aureus.nyc Go Daddy Secure Certificate Authority - G2 |
2017-07-21 - 2019-07-21 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://aureus.nyc/includesBTusruk/Login.php?sslchannel=true&sessionid=7EX8xSRmhu9vksK5II8fl6XuOsZXg2hnHewe7nAoSKUccEhUnqaJw7elzdiPgzdXOJcW6MlYwfbJUtDi
Frame ID: 718E52D7A96F34C4F28E4595793F7558
Requests: 21 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- http://burkeenterprise.com/orderscorporationuk/ Page URL
- https://aureus.nyc/includesBTusruk/ Page URL
- https://aureus.nyc/includesBTusruk/Login.php?sslchannel=true&sessionid=7EX8xSRmhu9vksK5II8fl6Xu... Page URL
Detected technologies
Windows Server (Operating Systems) ExpandDetected patterns
- headers server /IIS(?:\/([\d.]+))?/i
IIS (Web Servers) Expand
Detected patterns
- headers server /IIS(?:\/([\d.]+))?/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
- script /jquery.*\.js/i
- env /^jQuery$/i
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: 1
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://burkeenterprise.com/orderscorporationuk/ Page URL
- https://aureus.nyc/includesBTusruk/ Page URL
- https://aureus.nyc/includesBTusruk/Login.php?sslchannel=true&sessionid=7EX8xSRmhu9vksK5II8fl6XuOsZXg2hnHewe7nAoSKUccEhUnqaJw7elzdiPgzdXOJcW6MlYwfbJUtDi Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
19 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
burkeenterprise.com/orderscorporationuk/ |
84 B 525 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Cookie set
/
aureus.nyc/includesBTusruk/ |
204 B 655 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
Login.php
aureus.nyc/includesBTusruk/ |
18 KB 8 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.css
aureus.nyc/includesBTusruk/assets/css/ |
189 KB 30 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
common-reset.css
aureus.nyc/includesBTusruk/assets/css/ |
63 KB 35 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
override.css
aureus.nyc/includesBTusruk/assets/css/ |
6 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cookies.css
aureus.nyc/includesBTusruk/assets/css/ |
10 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.8.3/ |
91 KB 33 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.png
aureus.nyc/includesBTusruk/assets/img/ |
4 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ad1.jpg
aureus.nyc/includesBTusruk/assets/img/ |
37 KB 37 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
d.js
waust.at/ |
12 KB 7 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
jquery.validate.js
cdn.jsdelivr.net/jquery.validation/1.14.0/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
additional-methods.min.js
jqueryvalidation.org/files/dist/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
input-bg.png
aureus.nyc/includesBTusruk/assets/img/ |
966 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
grey-btn.png
aureus.nyc/includesBTusruk/assets/img/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
42 KB 0 |
Font
font/truetype |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
back.png
aureus.nyc/includesBTusruk/assets/img/ |
279 B 620 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
LoginButtonBg.png
aureus.nyc/includesBTusruk/assets/img/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
footer.jpg
aureus.nyc/includesBTusruk/assets/img/ |
396 B 738 B |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
/
whos.amung.us/pingjs/ |
28 B 161 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headersResponse headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- cdn.jsdelivr.net
- URL
- http://cdn.jsdelivr.net/jquery.validation/1.14.0/jquery.validate.js
- Domain
- jqueryvalidation.org
- URL
- http://jqueryvalidation.org/files/dist/additional-methods.min.js
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: BT (Telecommunication)18 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery object| _wau string| wau_w_col string| wau_w_siz object| WAU_ren function| WAU_dynamic function| WAU_r_d function| WAU_insert function| WAU_la function| WAU_addCommas function| WAU_lrd function| WAU_cps function| docReady object| x string| x1 string| x2 object| Tynt0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
aureus.nyc
burkeenterprise.com
cdn.jsdelivr.net
jqueryvalidation.org
waust.at
whos.amung.us
cdn.jsdelivr.net
jqueryvalidation.org
166.62.27.148
185.225.208.133
198.71.165.55
2a00:1450:4001:821::200a
67.202.94.93
0146a8bb7d71d6e2eec98201dcdd5448faac7aeb92a7b0ec17e1dc9abc489228
0b741e41ed91bd4103dcbba3260a1cec6c70f4c338adfd986e53361e676c6ccc
14684625b955c619bcda514bad586470b3e4cc2de537c0817c74115f504c2ddb
2307dd00aff627037de72a85839e3ed5436298593c8cfd4f8f205cacb69e2310
2b1930ba4a2e3f401d744fc3d55c2464a79736bfbc0f0875d98dca864b16449f
31754559a18e6c149d3c9a56fd77d75e4086e1c7947e587fe34dbde15989afd2
547620b6b2a052bd1fe65624db3a8f831414168f165c283f764259955f072588
560de6f28c8b24f74d3d84668636dd7b7050c9cd50598a3ea332057f8e2c2efa
5f8ff9157283865a1411c8dd968adb0b8adadd65e402285372cc2f90b7e467c7
61c6caebd23921741fb5ffe6603f16634fca9840c2bf56ac8201e9264d6daccf
64bedd57e310d3b3fe9958f126eb0f9f41dda092421a363b26ea4bb49c648a90
6de9b19d62ae2029b5d7c51c7eb8fcbdee6503abf32cd74fa3963c76490bc0ac
6f4587fb64cd2e7ce26ba21941c80f3ab8d28c257b73d04a87c949b32e4cde2d
87d6afb3496a89bdc2fec7dff68ecdefa0f52e93509b139b934e706d27fe49ae
91d32af051d9ace7282b43d300b85debad94fa8659ee69f3e7616e4e1a7605e2
c1d0a4d06e684ce21a01a9cea4b874ad290a0dfefa48c390cad86b78b0acaeea
d5baf62bdf01b45f69b0652e015e208f61e85af0ed72c8f581d006ae046dd0ea