bf45sga3f.toythieves.com Open in urlscan Pro
193.176.158.64 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://piuclczsydikmkjoxwnttikk.g34se.icu/caonigo
Effective URL:
http://bf45sga3f.toythieves.com/signin/index.php?openid_pape_max_auth_age=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifie...
Submission Tags: phishing amazon Search All
Submission: On September 02 via api (September 2nd 2023, 12:37:07 pm UTC) from JP — Scanned from JP

Summary HTTP 9 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 9 HTTP transactions. The main IP is 193.176.158.64, located in Paris, France and belongs to CLOUDBACKBONE, HK. The main domain is bf45sga3f.toythieves.com.

This is the only time bf45sga3f.toythieves.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Amazon (Online) Amazon Japan (Online)

Domain & IP information

	IP Address	AS Autonomous System
1	172.67.221.176 172.67.221.176	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 9	193.176.158.64 193.176.158.64	56971 (CLOUDBACK...) (CLOUDBACKBONE)
9	2

1 172.67.221.176 (United States)

ASN13335 (CLOUDFLARENET, US)

piuclczsydikmkjoxwnttikk.g34se.icu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 193.176.158.64 (Paris, France) 1 redirects

ASN56971 (CLOUDBACKBONE, HK)

bf45sga3f.toythieves.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	toythieves.com 1 redirects bf45sga3f.toythieves.com	98 KB
1	g34se.icu piuclczsydikmkjoxwnttikk.g34se.icu	514 B
9	2

	Domain	Requested by
9	bf45sga3f.toythieves.com	1 redirects piuclczsydikmkjoxwnttikk.g34se.icu bf45sga3f.toythieves.com
1	piuclczsydikmkjoxwnttikk.g34se.icu
9	2

This site contains no links.

Subject Issuer	Validity	Valid
g34se.icu GTS CA 1P5	`2023-09-02` - `2023-12-01`	3 months	crt.sh

This page contains 1 frames:

Primary Page: http://bf45sga3f.toythieves.com/signin/index.php?openid_pape_max_auth_age=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier&openid_return_to=https%3A%2F%2Fwww.amazon.co.jp%2F%3Fref_%3Dnav_em_hd_re_signin&openid.identity=_select&openid.assoc_handle=jpflex&openid.mode=checkid_setup&key=a@b.c&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&&ref_=nav_em_hd_clc_signin
Frame ID: F4E682C68CED19F7D55CB475653663F5
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Amazonサインイン

Page URL History Show full URLs

https://piuclczsydikmkjoxwnttikk.g34se.icu/caonigo Page URL
http://bf45sga3f.toythieves.com/ HTTP 302
http://bf45sga3f.toythieves.com/signin/index.php?openid_pape_max_auth_age=http%3A%2F%2Fspecs.openid.net%2Fau... Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

9
Requests

11 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

98 kB
Transfer

341 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://piuclczsydikmkjoxwnttikk.g34se.icu/caonigo Page URL
http://bf45sga3f.toythieves.com/ HTTP 302
http://bf45sga3f.toythieves.com/signin/index.php?openid_pape_max_auth_age=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier&openid_return_to=https%3A%2F%2Fwww.amazon.co.jp%2F%3Fref_%3Dnav_em_hd_re_signin&openid.identity=_select&openid.assoc_handle=jpflex&openid.mode=checkid_setup&key=a@b.c&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&&ref_=nav_em_hd_clc_signin Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	caonigo piuclczsydikmkjoxwnttikk.g34se.icu/	72 B 514 B	1248ms 868ms	Document text/html	172.67.221.176 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://piuclczsydikmkjoxwnttikk.g34se.icu/caonigo Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.221.176 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 accept-language jp-jp,jp;q=0.9 Response headers alt-svc h3=":443"; ma=86400 cf-ray 8005cd423ad6f645-NRT content-encoding br content-type text/html;charset=UTF-8 date Sat, 02 Sep 2023 12:37:00 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rzMGograw5O%2BPt2EkSw3COpurrKAH8zZ9%2F5rdBO9GgeRc7AXjM0bpqOygmq%2BS%2FaEaQNTnsNkO4JDkdpIVwG%2BR03fUAAp8avIzyIQvf28ljEI3CF%2B2bYU7hIVAiP2u6c58mc35wcj2GSBn3Kxoq7SAN18vC8S"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding
GET H/1.1	200 OK	Primary Request index.php Show response bf45sga3f.toythieves.com/signin/ Redirect Chain http://bf45sga3f.toythieves.com/ http://bf45sga3f.toythieves.com/signin/index.php?openid_pape_max_auth_age=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier&openid_return_to=https%3A%2F%2Fwww.amazon.co.jp%2F%3Fref_%3Dnav_em_...	12 KB 3 KB	792ms 790ms	Document text/html	193.176.158.64 CLOUDBACKBONE
General Check archive.org Show headers Download Go to Full URL http://bf45sga3f.toythieves.com/signin/index.php?openid_pape_max_auth_age=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier&openid_return_to=https%3A%2F%2Fwww.amazon.co.jp%2F%3Fref_%3Dnav_em_hd_re_signin&openid.identity=_select&openid.assoc_handle=jpflex&openid.mode=checkid_setup&key=a@b.c&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&&ref_=nav_em_hd_clc_signin Requested by Host: piuclczsydikmkjoxwnttikk.g34se.icu URL: https://piuclczsydikmkjoxwnttikk.g34se.icu/caonigo Protocol HTTP/1.1 Server 193.176.158.64 Paris, France, ASN56971 (CLOUDBACKBONE, HK), Reverse DNS Software Apache / Resource Hash `9047b21b2d31ecaee1a5006f42aaa659029bd0a31c2b7e20c6ab898d3a40b2d5` Request headers Referer https://piuclczsydikmkjoxwnttikk.g34se.icu/caonigo Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 accept-language jp-jp,jp;q=0.9 Response headers Cache-Control no-store, no-cache, must-revalidate Connection Upgrade, close Content-Encoding gzip Content-Length 3139 Content-Type text/html; charset=utf-8 Date Sat, 02 Sep 2023 12:37:02 GMT Expires Thu, 19 Nov 1981 08:52:00 GMT Pragma no-cache Server Apache Upgrade h2 Vary Accept-Encoding Redirect headers Cache-Control no-store, no-cache, must-revalidate Connection Upgrade, close Content-Encoding gzip Content-Length 23 Content-Type text/html; charset=utf-8 Date Sat, 02 Sep 2023 12:37:01 GMT Expires Thu, 19 Nov 1981 08:52:00 GMT Pragma no-cache Server Apache Upgrade h2 Vary Accept-Encoding location /signin/index.php?openid_pape_max_auth_age=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier&openid_return_to=https%3A%2F%2Fwww.amazon.co.jp%2F%3Fref_%3Dnav_em_hd_re_signin&openid.identity=_select&openid.assoc_handle=jpflex&openid.mode=checkid_setup&key=a@b.c&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&&ref_=nav_em_hd_clc_signin
GET H/1.1	200 OK	style3.css bf45sga3f.toythieves.com/signin/style/	168 KB 24 KB	494ms 491ms	Stylesheet text/css	193.176.158.64 CLOUDBACKBONE
General Check archive.org Show headers Download Go to Full URL http://bf45sga3f.toythieves.com/signin/style/style3.css Requested by Host: bf45sga3f.toythieves.com URL: http://bf45sga3f.toythieves.com/signin/index.php?openid_pape_max_auth_age=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier&openid_return_to=https%3A%2F%2Fwww.amazon.co.jp%2F%3Fref_%3Dnav_em_hd_re_signin&openid.identity=_select&openid.assoc_handle=jpflex&openid.mode=checkid_setup&key=a@b.c&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&&ref_=nav_em_hd_clc_signin Protocol HTTP/1.1 Server 193.176.158.64 Paris, France, ASN56971 (CLOUDBACKBONE, HK), Reverse DNS Software Apache / Resource Hash `bcf1b6c1393473201b637b3d9738fc0ad599a52c7a998379d07ba01d6b75f4a9` Request headers accept-language jp-jp,jp;q=0.9 Referer http://bf45sga3f.toythieves.com/signin/index.php?openid_pape_max_auth_age=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier&openid_return_to=https%3A%2F%2Fwww.amazon.co.jp%2F%3Fref_%3Dnav_em_hd_re_signin&openid.identity=_select&openid.assoc_handle=jpflex&openid.mode=checkid_setup&key=a@b.c&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&&ref_=nav_em_hd_clc_signin User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers Date Sat, 02 Sep 2023 12:37:03 GMT Content-Encoding gzip Last-Modified Wed, 18 Mar 2020 15:20:42 GMT Server Apache ETag "29e38-5a12298702680-gzip" Vary Accept-Encoding Upgrade h2 Content-Type text/css Connection Upgrade, close Accept-Ranges bytes Content-Length 24059
GET H/1.1	200 OK	style2.css bf45sga3f.toythieves.com/signin/style/	39 KB 7 KB	486ms 483ms	Stylesheet text/css	193.176.158.64 CLOUDBACKBONE
General Check archive.org Show headers Download Go to Full URL http://bf45sga3f.toythieves.com/signin/style/style2.css Requested by Host: bf45sga3f.toythieves.com URL: http://bf45sga3f.toythieves.com/signin/index.php?openid_pape_max_auth_age=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier&openid_return_to=https%3A%2F%2Fwww.amazon.co.jp%2F%3Fref_%3Dnav_em_hd_re_signin&openid.identity=_select&openid.assoc_handle=jpflex&openid.mode=checkid_setup&key=a@b.c&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&&ref_=nav_em_hd_clc_signin Protocol HTTP/1.1 Server 193.176.158.64 Paris, France, ASN56971 (CLOUDBACKBONE, HK), Reverse DNS Software Apache / Resource Hash `f395d4f7e16a56f78b3ebb62ce61a099e8c6f909bfae191927a20a36b5f6256c` Request headers accept-language jp-jp,jp;q=0.9 Referer http://bf45sga3f.toythieves.com/signin/index.php?openid_pape_max_auth_age=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier&openid_return_to=https%3A%2F%2Fwww.amazon.co.jp%2F%3Fref_%3Dnav_em_hd_re_signin&openid.identity=_select&openid.assoc_handle=jpflex&openid.mode=checkid_setup&key=a@b.c&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&&ref_=nav_em_hd_clc_signin User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers Date Sat, 02 Sep 2023 12:37:03 GMT Content-Encoding gzip Last-Modified Wed, 18 Mar 2020 15:21:58 GMT Server Apache ETag "9c2d-5a1229cf7d180-gzip" Vary Accept-Encoding Upgrade h2 Content-Type text/css Connection Upgrade, close Accept-Ranges bytes Content-Length 6485
GET H/1.1	200 OK	style1.css bf45sga3f.toythieves.com/signin/style/	3 KB 1 KB	495ms 492ms	Stylesheet text/css	193.176.158.64 CLOUDBACKBONE
General Check archive.org Show headers Download Go to Full URL http://bf45sga3f.toythieves.com/signin/style/style1.css Requested by Host: bf45sga3f.toythieves.com URL: http://bf45sga3f.toythieves.com/signin/index.php?openid_pape_max_auth_age=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier&openid_return_to=https%3A%2F%2Fwww.amazon.co.jp%2F%3Fref_%3Dnav_em_hd_re_signin&openid.identity=_select&openid.assoc_handle=jpflex&openid.mode=checkid_setup&key=a@b.c&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&&ref_=nav_em_hd_clc_signin Protocol HTTP/1.1 Server 193.176.158.64 Paris, France, ASN56971 (CLOUDBACKBONE, HK), Reverse DNS Software Apache / Resource Hash `a0a8fe444d2f024caca0fb2ff1132b1201239ea44d7c675a5839b3b7058d9910` Request headers accept-language jp-jp,jp;q=0.9 Referer http://bf45sga3f.toythieves.com/signin/index.php?openid_pape_max_auth_age=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier&openid_return_to=https%3A%2F%2Fwww.amazon.co.jp%2F%3Fref_%3Dnav_em_hd_re_signin&openid.identity=_select&openid.assoc_handle=jpflex&openid.mode=checkid_setup&key=a@b.c&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&&ref_=nav_em_hd_clc_signin User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers Date Sat, 02 Sep 2023 12:37:03 GMT Content-Encoding gzip Last-Modified Wed, 18 Mar 2020 15:20:48 GMT Server Apache ETag "b7a-5a12298cbb400-gzip" Vary Accept-Encoding Upgrade h2 Content-Type text/css Connection Upgrade, close Accept-Ranges bytes Content-Length 854
GET H/1.1	200 OK	site-jquery.min.js Show response bf45sga3f.toythieves.com/yanyuan/im/	91 KB 32 KB	490ms 488ms	Script application/javascript	193.176.158.64 CLOUDBACKBONE
General Check archive.org Show headers Download Go to Full URL http://bf45sga3f.toythieves.com/yanyuan/im/site-jquery.min.js Requested by Host: bf45sga3f.toythieves.com URL: http://bf45sga3f.toythieves.com/signin/index.php?openid_pape_max_auth_age=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier&openid_return_to=https%3A%2F%2Fwww.amazon.co.jp%2F%3Fref_%3Dnav_em_hd_re_signin&openid.identity=_select&openid.assoc_handle=jpflex&openid.mode=checkid_setup&key=a@b.c&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&&ref_=nav_em_hd_clc_signin Protocol HTTP/1.1 Server 193.176.158.64 Paris, France, ASN56971 (CLOUDBACKBONE, HK), Reverse DNS Software Apache / Resource Hash `5994332aadd364a7350ad226ef61c1c75dc97372f739e01682e190be3abaf672` Request headers accept-language jp-jp,jp;q=0.9 Referer http://bf45sga3f.toythieves.com/signin/index.php?openid_pape_max_auth_age=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier&openid_return_to=https%3A%2F%2Fwww.amazon.co.jp%2F%3Fref_%3Dnav_em_hd_re_signin&openid.identity=_select&openid.assoc_handle=jpflex&openid.mode=checkid_setup&key=a@b.c&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&&ref_=nav_em_hd_clc_signin User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers Date Sat, 02 Sep 2023 12:37:03 GMT Content-Encoding gzip Last-Modified Sun, 03 Apr 2022 09:44:22 GMT Server Apache ETag "16b60-5dbbcdb3b8980-gzip" Vary Accept-Encoding Upgrade h2 Content-Type application/javascript Connection Upgrade, close Accept-Ranges bytes Content-Length 32817
GET H/1.1	200 OK	api.php Show response bf45sga3f.toythieves.com/	13 B 363 B	493ms 492ms	XHR text/html	193.176.158.64 CLOUDBACKBONE
General Check archive.org Show headers Download Go to Full URL http://bf45sga3f.toythieves.com/api.php?act=ip_save&_r=0.06260202304569651 Requested by Host: bf45sga3f.toythieves.com URL: http://bf45sga3f.toythieves.com/yanyuan/im/site-jquery.min.js Protocol HTTP/1.1 Server 193.176.158.64 Paris, France, ASN56971 (CLOUDBACKBONE, HK), Reverse DNS Software Apache / Resource Hash `aa3d21398252adb9f16b5208884b4da22eec9f2019a0139b114a61f178396794` Request headers Accept / Referer http://bf45sga3f.toythieves.com/signin/index.php?openid_pape_max_auth_age=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier&openid_return_to=https%3A%2F%2Fwww.amazon.co.jp%2F%3Fref_%3Dnav_em_hd_re_signin&openid.identity=_select&openid.assoc_handle=jpflex&openid.mode=checkid_setup&key=a@b.c&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&&ref_=nav_em_hd_clc_signin X-Requested-With XMLHttpRequest accept-language jp-jp,jp;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers Pragma no-cache Date Sat, 02 Sep 2023 12:37:03 GMT Content-Encoding gzip Server Apache Vary Accept-Encoding Upgrade h2 Content-Type text/html; charset=UTF-8 Cache-Control no-store, no-cache, must-revalidate Connection Upgrade, close Content-Length 33 Expires Thu, 19 Nov 1981 08:52:00 GMT
GET H/1.1	200 OK	AmazonUIBaseCSS-sprite_1x-28bd59af93d9b1c745bb0aca4de58763b54df7cf._V2_.png bf45sga3f.toythieves.com/signin/style/img/	26 KB 26 KB	486ms 485ms	Image image/png	193.176.158.64 CLOUDBACKBONE
General Check archive.org Show headers Download Go to Show image Full URL http://bf45sga3f.toythieves.com/signin/style/img/AmazonUIBaseCSS-sprite_1x-28bd59af93d9b1c745bb0aca4de58763b54df7cf._V2_.png Requested by Host: bf45sga3f.toythieves.com URL: http://bf45sga3f.toythieves.com/signin/style/style3.css Protocol HTTP/1.1 Server 193.176.158.64 Paris, France, ASN56971 (CLOUDBACKBONE, HK), Reverse DNS Software Apache / Resource Hash `e1283c0339d0393ebf45c02a0b34618f572b82eb5dbda366385498ae01413d3d` Request headers accept-language jp-jp,jp;q=0.9 Referer http://bf45sga3f.toythieves.com/signin/style/style3.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers Date Sat, 02 Sep 2023 12:37:03 GMT Last-Modified Wed, 18 Mar 2020 15:33:06 GMT Server Apache ETag "6607-5a122c4c8b080" Upgrade h2 Content-Type image/png Connection Upgrade, close Accept-Ranges bytes Content-Length 26119
GET H/1.1	200 OK	AmazonUIBaseCSS-sprite_jp_1x-f8582354fc42b464ef5eb709dd98f9371d3eafea._V2_.png bf45sga3f.toythieves.com/signin/style/img/	4 KB 4 KB	488ms 487ms	Image image/png	193.176.158.64 CLOUDBACKBONE
General Check archive.org Show headers Download Go to Show image Full URL http://bf45sga3f.toythieves.com/signin/style/img/AmazonUIBaseCSS-sprite_jp_1x-f8582354fc42b464ef5eb709dd98f9371d3eafea._V2_.png Requested by Host: bf45sga3f.toythieves.com URL: http://bf45sga3f.toythieves.com/signin/style/style3.css Protocol HTTP/1.1 Server 193.176.158.64 Paris, France, ASN56971 (CLOUDBACKBONE, HK), Reverse DNS Software Apache / Resource Hash `a515dcb414d0c44f70cbdc70eb4eceae128f82667a9d143731e3b4f608f3f483` Request headers accept-language jp-jp,jp;q=0.9 Referer http://bf45sga3f.toythieves.com/signin/style/style3.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers Date Sat, 02 Sep 2023 12:37:03 GMT Last-Modified Wed, 18 Mar 2020 15:32:46 GMT Server Apache ETag "e05-5a122c3978380" Upgrade h2 Content-Type image/png Connection Upgrade, close Accept-Ranges bytes Content-Length 3589

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Amazon (Online) Amazon Japan (Online)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery function| ip_save

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			bf45sga3f.toythieves.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 5p6r28udsqq96fggolc8fuh2c9

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bf45sga3f.toythieves.com
piuclczsydikmkjoxwnttikk.g34se.icu
172.67.221.176
193.176.158.64
5994332aadd364a7350ad226ef61c1c75dc97372f739e01682e190be3abaf672
9047b21b2d31ecaee1a5006f42aaa659029bd0a31c2b7e20c6ab898d3a40b2d5
a0a8fe444d2f024caca0fb2ff1132b1201239ea44d7c675a5839b3b7058d9910
a515dcb414d0c44f70cbdc70eb4eceae128f82667a9d143731e3b4f608f3f483
aa3d21398252adb9f16b5208884b4da22eec9f2019a0139b114a61f178396794
bcf1b6c1393473201b637b3d9738fc0ad599a52c7a998379d07ba01d6b75f4a9
e1283c0339d0393ebf45c02a0b34618f572b82eb5dbda366385498ae01413d3d
f395d4f7e16a56f78b3ebb62ce61a099e8c6f909bfae191927a20a36b5f6256c

bf45sga3f.toythieves.com Open in urlscan Pro 193.176.158.64 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

9 Requests

11 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

98 kBTransfer

341 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

1 Cookies

Indicators

bf45sga3f.toythieves.com Open in urlscan Pro
193.176.158.64 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

11 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

98 kB
Transfer

341 kB
Size

1
Cookies

9 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!