aureus.nyc
Open in
urlscan Pro
166.62.27.148
Malicious Activity!
Public Scan
Effective URL: https://aureus.nyc/p00lstfuk/Refund.php?sslchannel=true&sessionid=WoH8QudamyM89W03YVPgHn7gZ7XD4Zi0n09evnoRVa047176W...
Submission: On June 21 via manual from GB
Summary
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on July 21st 2017. Valid for: 2 years.
This is the only time aureus.nyc was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: UK Government (Government)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 192.186.221.225 192.186.221.225 | 26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com) | |
12 | 166.62.27.148 166.62.27.148 | 26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com) | |
1 | 185.225.208.133 185.225.208.133 | 13213 (UK2NET-AS) (UK2NET-AS) | |
1 | 67.202.94.94 67.202.94.94 | 32748 (STEADFAST) (STEADFAST - Steadfast) | |
15 | 5 |
ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US)
PTR: ip-192-186-221-225.ip.secureserver.net
www.d.v.l.a.gb.co.uk.incometaxgovuk.weprovidepas.com |
ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US)
PTR: ip-166-62-27-148.ip.secureserver.net
aureus.nyc |
ASN32748 (STEADFAST - Steadfast, US)
PTR: amung.us
whos.amung.us |
Apex Domain Subdomains |
Transfer | |
---|---|---|
12 |
aureus.nyc
aureus.nyc |
314 KB |
1 |
amung.us
whos.amung.us |
161 B |
1 |
waust.at
waust.at |
7 KB |
1 |
weprovidepas.com
www.d.v.l.a.gb.co.uk.incometaxgovuk.weprovidepas.com |
425 B |
15 | 4 |
Domain | Requested by | |
---|---|---|
12 | aureus.nyc |
aureus.nyc
|
1 | whos.amung.us |
waust.at
|
1 | waust.at |
aureus.nyc
|
1 | www.d.v.l.a.gb.co.uk.incometaxgovuk.weprovidepas.com | |
15 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
whos.amung.us |
Subject Issuer | Validity | Valid | |
---|---|---|---|
aureus.nyc Go Daddy Secure Certificate Authority - G2 |
2017-07-21 - 2019-07-21 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://aureus.nyc/p00lstfuk/Refund.php?sslchannel=true&sessionid=WoH8QudamyM89W03YVPgHn7gZ7XD4Zi0n09evnoRVa047176WWmDktUjBRWFQfGegPsMcRE71Fb8GjeDgBgA5bUG2RlT718nQA92rOattmC9FRNVs3w
Frame ID: 6185362EF53D0BF63E1176E83BFCC569
Requests: 18 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- http://www.d.v.l.a.gb.co.uk.incometaxgovuk.weprovidepas.com/V10uk/ Page URL
- https://aureus.nyc/p00lstfuk/ Page URL
- https://aureus.nyc/p00lstfuk/Refund.php?sslchannel=true&sessionid=WoH8QudamyM89W03YVPgHn7gZ7XD4... Page URL
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery(?:\-|\.)([\d.]*\d)[^\/]*\.js/i
- script /jquery.*\.js/i
- env /^jQuery$/i
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: 1
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://www.d.v.l.a.gb.co.uk.incometaxgovuk.weprovidepas.com/V10uk/ Page URL
- https://aureus.nyc/p00lstfuk/ Page URL
- https://aureus.nyc/p00lstfuk/Refund.php?sslchannel=true&sessionid=WoH8QudamyM89W03YVPgHn7gZ7XD4Zi0n09evnoRVa047176WWmDktUjBRWFQfGegPsMcRE71Fb8GjeDgBgA5bUG2RlT718nQA92rOattmC9FRNVs3w Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
15 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
www.d.v.l.a.gb.co.uk.incometaxgovuk.weprovidepas.com/V10uk/ |
76 B 425 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Cookie set
/
aureus.nyc/p00lstfuk/ |
240 B 685 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
Refund.php
aureus.nyc/p00lstfuk/ |
16 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Main.css
aureus.nyc/p00lstfuk/assets/css/ |
67 KB 11 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Font.css
aureus.nyc/p00lstfuk/assets/css/ |
267 KB 196 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-1.9.1.js
aureus.nyc/p00lstfuk/assets/js/ |
262 KB 78 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.payment.js
aureus.nyc/p00lstfuk/assets/js/ |
17 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.validate.min.js
aureus.nyc/p00lstfuk/assets/js/ |
21 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
additional-methods.min.js
aureus.nyc/p00lstfuk/assets/js/ |
17 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.maskedinput.js
aureus.nyc/p00lstfuk/assets/js/ |
6 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.png
aureus.nyc/p00lstfuk/assets/img/ |
780 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
d.js
waust.at/ |
12 KB 7 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo2.png
aureus.nyc/p00lstfuk/assets/img/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
o.png
aureus.nyc/p00lstfuk/assets/img/ |
761 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
94 KB 0 |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
71 KB 0 |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
/
whos.amung.us/pingjs/ |
28 B 161 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headersResponse headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: UK Government (Government)18 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery object| _wau string| wau_w_col string| wau_w_siz object| WAU_ren function| WAU_dynamic function| WAU_r_d function| WAU_insert function| WAU_la function| WAU_addCommas function| WAU_lrd function| WAU_cps function| docReady object| x string| x1 string| x2 object| Tynt1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
aureus.nyc/ | Name: PHPSESSID Value: slupav7rei67imli25l2nrjm53 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
aureus.nyc
waust.at
whos.amung.us
www.d.v.l.a.gb.co.uk.incometaxgovuk.weprovidepas.com
166.62.27.148
185.225.208.133
192.186.221.225
67.202.94.94
01c73d5dd84423dd2fc30aabd1de09a86b36b6de9e2e240d954c09cbb1d97aba
048b93884a1b51d20f2a3140541d450cb6b82c6c2cf69128ea1d09fdd9699f30
14684625b955c619bcda514bad586470b3e4cc2de537c0817c74115f504c2ddb
14b98db97bbd6cb1f33935d3e0d973fa68ca0c38fb5762b033423ceffe9e16f6
190b90b1f62ad6798fca4c93adce6d0205c13b960b609af306f2d87b54885f85
547620b6b2a052bd1fe65624db3a8f831414168f165c283f764259955f072588
58bb031668da7d75a318c8127b1b2619e65ec6aeb929d47da4c381b100eec335
68822bf75c69100f0d532d80c8df3a872c50aaa990b021c27877e434f16425c9
6f4587fb64cd2e7ce26ba21941c80f3ab8d28c257b73d04a87c949b32e4cde2d
6fe0dcdd2dfca32188f961ae1a030995a3659ba0547d49f3284bb7df4bd28efa
76fe31eb8274a4258f00e62a53da76ba3578e4fbfd9dc6fd9c5d499f07c0e4f7
7705fee13417229d718f14947e9860d5bb2b25bd15c9f5cd834f2545c7bad0a6
7bd80d06c01c0340c1b9159b9b4a197db882ca18cbac8e9b9aa025e68f998d40
bb9e22aff7881b895c2ceb41d9340804451c474b883f09fe1b4026e76456f44b
c1aedc8257961b938b4c7a21a2b0db3f2716dd9ef782cea73110dc69107c9042
c8e6427c584e0e6631301541dfa681573fad00480352a13e38ad4aef62ce312d
cd20c3b930f5bf4eaef7b116508cd94e90c973dd7de4d3800cb955b773f68470
ebe81e493a9fb0ef6f8f2292f55885eb16bb2813c4c57ce66d8be2a0c531296a