![](/screenshots/851a8136-e752-4fa1-9f4b-a74ce8dd917a.png)
ofcicanye.com
Open in
urlscan Pro
51.254.21.200
Malicious Activity!
Public Scan
Submission: On January 18 via automatic, source openphish
Summary
This is the only time ofcicanye.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Amazon (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
4 | 51.254.21.200 51.254.21.200 | 16276 (OVH) (OVH) | |
1 | 54.230.45.112 54.230.45.112 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
5 | 2 |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-54-230-45-112.fra6.r.cloudfront.net
images-na.ssl-images-amazon.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
ofcicanye.com
ofcicanye.com |
|
1 |
ssl-images-amazon.com
images-na.ssl-images-amazon.com |
|
5 | 2 |
Domain | Requested by | |
---|---|---|
4 | ofcicanye.com |
ofcicanye.com
|
1 | images-na.ssl-images-amazon.com |
ofcicanye.com
|
5 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.amazon.com |
Subject Issuer | Validity | Valid |
---|
This page contains 1 frames:
Primary Page:
http://ofcicanye.com/wp-content/plugins/4785110255418879552220014778559522001448855226645855485544/bbdf240247e23d06eb54cd65a5995ef3/info.html
Frame ID: (32DC5DA9F0670B4B3583EC67A9D62525)
Requests: 5 HTTP requests in this frame
1 Outgoing links
These are links going to different origins than the main page.
Title: Amazon
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
5 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
info.html
ofcicanye.com/wp-content/plugins/4785110255418879552220014778559522001448855226645855485544/bbdf240247e23d06eb54cd65a5995ef3/ |
18 KB 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
AmazonUI-fcf27290b68379bc8ce89fd6edf394527c9f9508.rendering_engine-not-trident.secure.min._V2_.css
ofcicanye.com/wp-content/plugins/4785110255418879552220014778559522001448855226645855485544/bbdf240247e23d06eb54cd65a5995ef3/Info_files/ |
158 KB 0 |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jokamer_validator.js
ofcicanye.com/wp-content/plugins/4785110255418879552220014778559522001448855226645855485544/bbdf240247e23d06eb54cd65a5995ef3/ |
31 KB 0 |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fwcim._CB342128453_.js
ofcicanye.com/wp-content/plugins/4785110255418879552220014778559522001448855226645855485544/bbdf240247e23d06eb54cd65a5995ef3/Info_files/ |
13 KB 0 |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
aui_sprite_0029-1x._V1_.png
images-na.ssl-images-amazon.com/images/G/01/amazonui/sprites/ |
21 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Amazon (Online)68 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onafterprint object| onbeforeprint function| Validator function| sfm_validator_enable_focus function| add_addnl_vfunction function| set_addnl_vfunction function| run_addnl_validations function| sfm_set_focus function| sfm_disable_validations function| sfm_enable_show_msgs_together function| sfm_validator_message_disp_pos function| clear_all_validations function| form_submit_handler function| add_validation function| handle_item_on_killfocus function| validator_enable_OPED function| validator_enable_OPED_SB function| sfm_ErrorDisplayHandler function| edh_clear_msgs function| edh_FinalShowMsg function| edh_EnableOnPageDisplay function| edh_ShowMsg function| AlertMsgDisplayer function| alert_clearmsg function| alert_showmsg function| sfm_show_error_msg function| SingleBoxErrorDisplay function| sb_div_clearmsg function| sb_div_showmsg function| form_error_div_name function| sfm_show_div_msg function| DivMsgDisplayer function| div_clearmsg function| element_div_name function| div_showmsg function| show_div_msg function| ValidationDesc function| vdesc_validate function| ValidationSet function| add_validationdesc function| vset_validate function| validateEmail function| TestComparison function| TestSelMin function| TestSelMax function| IsCheckSelected function| TestDontSelectChk function| TestShouldSelectChk function| TestRequiredInput function| TestFileExtension function| TestMaxLen function| TestMinLen function| TestInputType function| TestEmail function| TestLessThan function| TestGreaterThan function| TestRegExp function| TestDontSelect function| TestSelectOneRadio function| TestSelectRadio function| validateInput function| VWZ_IsListItemSelected function| VWZ_IsChecked function| sfm_str_trim function| VWZ_IsEmpty function| setMetadataF1 object| fwcim object| frmvalidator0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
images-na.ssl-images-amazon.com
ofcicanye.com
51.254.21.200
54.230.45.112
11b2083cdc7b8f40bb37f550418ab53b58f37716c343a53b37904427dd2d779e
756c6f82e93dec60a35528fc2ed3c89a3fc187db99f86181c70fcf10177c8b4a
9ca039ccb8cd964b602375a0a30be216d151a5009b6cc349fd96fa2bfd6377f4
ba301c5ae0d795e133519ac0d2891d8f9cf3820c487e029dbfef86cf61a0c5d2
ce80ee2ee4c7f0f305633f0b21df9706727e3cad8e33fdd770eaff7473eedf3a