puregreen24.com
Open in
urlscan Pro
160.153.42.194
Malicious Activity!
Public Scan
Effective URL: https://puregreen24.com/.7j8k31c/77369e37b2aa1404f416275183ab055f/web0ssl21.php?locale=CA&ID=7&ui-action=signIn&ui-id=kM...
Submission: On February 24 via manual from CA
Summary
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on February 8th 2019. Valid for: 2 years.
This is the only time puregreen24.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Telus (Telecommunication)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 50.63.110.1 50.63.110.1 | 26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC) | |
2 | 2606:4700:303... 2606:4700:3034::681f:58cc | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 7 | 160.153.42.194 160.153.42.194 | 26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC) | |
2 | 2001:4de0:ac1... 2001:4de0:ac19::1:b:2a | 20446 (HIGHWINDS3) (HIGHWINDS3) | |
1 | 2a00:1450:400... 2a00:1450:4001:81a::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 23.111.9.35 23.111.9.35 | 33438 (HIGHWINDS2) (HIGHWINDS2) | |
1 | 185.225.208.133 185.225.208.133 | 13213 (UK2NET-AS) (UK2NET-AS) | |
1 | 67.202.94.93 67.202.94.93 | 32748 (STEADFAST) (STEADFAST) | |
14 | 9 |
ASN26496 (AS-26496-GO-DADDY-COM-LLC, US)
PTR: p3nlhg452c1452.shr.prod.phx3.secureserver.net
www.linux.liyouradio.org |
ASN26496 (AS-26496-GO-DADDY-COM-LLC, US)
PTR: ip-160-153-42-194.ip.secureserver.net
puregreen24.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
puregreen24.com
2 redirects
puregreen24.com |
18 KB |
2 |
bootstrapcdn.com
maxcdn.bootstrapcdn.com |
29 KB |
2 |
noreferral.net
s.noreferral.net |
2 KB |
1 |
amung.us
whos.amung.us |
146 B |
1 |
waust.at
waust.at |
3 KB |
1 |
fontawesome.com
use.fontawesome.com |
278 KB |
1 |
googleapis.com
ajax.googleapis.com |
29 KB |
1 |
liyouradio.org
www.linux.liyouradio.org |
750 B |
14 | 8 |
Domain | Requested by | |
---|---|---|
7 | puregreen24.com |
2 redirects
puregreen24.com
|
2 | maxcdn.bootstrapcdn.com |
puregreen24.com
|
2 | s.noreferral.net |
www.linux.liyouradio.org
puregreen24.com |
1 | whos.amung.us |
waust.at
|
1 | waust.at |
puregreen24.com
|
1 | use.fontawesome.com |
puregreen24.com
|
1 | ajax.googleapis.com |
puregreen24.com
|
1 | www.linux.liyouradio.org | |
14 | 8 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com CloudFlare Inc ECC CA-2 |
2020-01-30 - 2020-10-09 |
8 months | crt.sh |
puregreen24.com Go Daddy Secure Certificate Authority - G2 |
2019-02-08 - 2021-02-08 |
2 years | crt.sh |
*.bootstrapcdn.com Sectigo RSA Domain Validation Secure Server CA |
2019-09-14 - 2020-10-13 |
a year | crt.sh |
*.storage.googleapis.com GTS CA 1O1 |
2020-02-12 - 2020-05-06 |
3 months | crt.sh |
*.fontawesome.com DigiCert SHA2 Secure Server CA |
2019-10-28 - 2020-12-23 |
a year | crt.sh |
whos.amung.us GeoTrust EV RSA CA 2018 |
2018-03-09 - 2020-05-25 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://puregreen24.com/.7j8k31c/77369e37b2aa1404f416275183ab055f/web0ssl21.php?locale=CA&ID=7&ui-action=signIn&ui-id=kMJwtGzhQJTIjapbYznNEyZuoKuQevgel
Frame ID: 42450D145050A01EEF7DAFC4A4C5A09C
Requests: 15 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- http://www.linux.liyouradio.org/.well-d0nes/ Page URL
-
https://puregreen24.com/.7j8k31c/?locale=CA&ID=2&ui-action=signIn&ui-id=XwVZWBGNvQwpuaolyKYTYmGMvaVe...
HTTP 302
https://puregreen24.com/.7j8k31c/77369e37b2aa1404f416275183ab055f HTTP 301
https://puregreen24.com/.7j8k31c/77369e37b2aa1404f416275183ab055f/ Page URL
- https://puregreen24.com/.7j8k31c/77369e37b2aa1404f416275183ab055f/web0ssl21.php?locale=CA&ID=7&ui-ac... Page URL
Detected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
- script /(?:\/([\d.]+))?(?:\/js)?\/bootstrap(?:\.min)?\.js/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i
Font Awesome (Font Scripts) Expand
Detected patterns
- html /<script[^>]* src=[^>]+fontawesome(?:\.js)?/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://www.linux.liyouradio.org/.well-d0nes/ Page URL
-
https://puregreen24.com/.7j8k31c/?locale=CA&ID=2&ui-action=signIn&ui-id=XwVZWBGNvQwpuaolyKYTYmGMvaVeAbTYXpxtqEH
HTTP 302
https://puregreen24.com/.7j8k31c/77369e37b2aa1404f416275183ab055f HTTP 301
https://puregreen24.com/.7j8k31c/77369e37b2aa1404f416275183ab055f/ Page URL
- https://puregreen24.com/.7j8k31c/77369e37b2aa1404f416275183ab055f/web0ssl21.php?locale=CA&ID=7&ui-action=signIn&ui-id=kMJwtGzhQJTIjapbYznNEyZuoKuQevgel Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 2- https://puregreen24.com/.7j8k31c/?locale=CA&ID=2&ui-action=signIn&ui-id=XwVZWBGNvQwpuaolyKYTYmGMvaVeAbTYXpxtqEH HTTP 302
- https://puregreen24.com/.7j8k31c/77369e37b2aa1404f416275183ab055f HTTP 301
- https://puregreen24.com/.7j8k31c/77369e37b2aa1404f416275183ab055f/
14 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Cookie set
/
www.linux.liyouradio.org/.well-d0nes/ |
543 B 750 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
anonymize.js
s.noreferral.net/oth/nre/script/ |
1 KB 889 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
puregreen24.com/.7j8k31c/77369e37b2aa1404f416275183ab055f/ Redirect Chain
|
517 B 460 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
anonymize.js
s.noreferral.net/oth/nre/script/ |
1 KB 669 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
web0ssl21.php
puregreen24.com/.7j8k31c/77369e37b2aa1404f416275183ab055f/ |
4 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/ |
118 KB 20 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/2.1.3/ |
82 KB 29 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/ |
36 KB 10 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
form.js
puregreen24.com/.7j8k31c/77369e37b2aa1404f416275183ab055f/includes/js/ |
3 KB 786 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
all.js
use.fontawesome.com/releases/v5.0.6/js/ |
657 KB 278 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo.svg
puregreen24.com/.7j8k31c/77369e37b2aa1404f416275183ab055f/includes/img/ |
4 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
s.js
waust.at/ |
7 KB 3 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
loading.gif
puregreen24.com/.7j8k31c/77369e37b2aa1404f416275183ab055f/includes/img/ |
12 KB 12 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
whos.amung.us/pingjs/ |
30 B 146 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
439 B 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Telus (Telecommunication)22 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| $ function| jQuery object| _wau object| ___FONT_AWESOME___ object| FontAwesomeConfig object| FontAwesome object| WAU_ren function| WAU_small function| WAU_small_request function| WAU_r_s function| WAU_insert function| WAU_legacy_b function| WAU_la function| WAU_addCommas function| WAU_lrd function| WAU_cps function| docReady object| x string| x1 string| x20 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
maxcdn.bootstrapcdn.com
puregreen24.com
s.noreferral.net
use.fontawesome.com
waust.at
whos.amung.us
www.linux.liyouradio.org
160.153.42.194
185.225.208.133
2001:4de0:ac19::1:b:2a
23.111.9.35
2606:4700:3034::681f:58cc
2a00:1450:4001:81a::200a
50.63.110.1
67.202.94.93
1b31afdfd23628d9fb1118e31841278653c4ef36a6d0970c002d43e49b5d1856
5171f5fd0d5846c4e056e1cfa6016779ed5a2834da1d793b29e75e21753d54d2
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef
7553574effe076dc946606f19b22a543f75f3fbfa576ab2ab1ec435dbb06b45c
8191e57a7677ccf16deb6ebc3647f80affccdf1cc8ebc5f8e5e432d6007f1792
8af93bd675e1cfd9ecc850e862819fdac6e3ad1f5d761f970e409c7d9c63bdc3
8c0b230f7dcf65e2f232a2825bc769fb4dcff96982af865b1f6e72a86f196d2b
945bc4d404ad5fc2713038a6e913009f359db9e70a67c203607db9702af24b39
bfb168ddfc0b73947c5301535b9772770e9fe321b8496916c5e8843cf83528e4
cab040fc133814c4dd30f8c70b2dd7d4a7aa5a5f2bc5078b67e4c76c7f715119
d913e8a4c89fbd1daefb97a712feaa07489132112accaff00aa05df7b68a662e
f6d82f567d08ec91a1b6ef0d4abf21be7a2d3dbc0a41c122584ea3536755b3ac
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c
fc42d02665e8aba172e11f382b09ac765236fa96bc131e67c4bd64cdaf97c111