www.teddystakes.com
Open in
urlscan Pro
204.152.210.213
Malicious Activity!
Public Scan
URL:
https://www.teddystakes.com/
Submission: On December 04 via api from JP — Scanned from JP
Submission: On December 04 via api from JP — Scanned from JP
Summary
This website contacted 3 IPs
in 2 countries
across 3 domains to perform 15 HTTP transactions.
The main IP is 204.152.210.213, located in
Los Angeles, United States and
belongs to ASN-QUADRANET-GLOBAL, US.
The main domain is www.teddystakes.com.
TLS certificate: Issued by R3 on December 2nd 2022. Valid for: 3 months.
This is the only time www.teddystakes.com was scanned on urlscan.io!
TLS certificate: Issued by R3 on December 2nd 2022. Valid for: 3 months.
This is the only time www.teddystakes.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Orico (Financial)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 12 | 204.152.210.213 204.152.210.213 | 8100 (ASN-QUADR...) (ASN-QUADRANET-GLOBAL) | |
| 2 | 54.64.120.121 54.64.120.121 | 16509 (AMAZON-02) (AMAZON-02) | |
| 1 | 150.95.189.63 150.95.189.63 | 7506 (INTERQ GM...) (INTERQ GMO Internet) | |
| 15 | 3 |
12
204.152.210.213
(Los Angeles, United States)
ASN8100 (ASN-QUADRANET-GLOBAL, US)
PTR: 204.152.210.213.static.quadranet.com
ASN8100 (ASN-QUADRANET-GLOBAL, US)
PTR: 204.152.210.213.static.quadranet.com
| www.teddystakes.com |
2
54.64.120.121
(Tokyo, Japan)
ASN16509 (AMAZON-02, US)
PTR: ec2-54-64-120-121.ap-northeast-1.compute.amazonaws.com
ASN16509 (AMAZON-02, US)
PTR: ec2-54-64-120-121.ap-northeast-1.compute.amazonaws.com
| navicast.jp |
1
150.95.189.63
(Japan)
ASN7506 (INTERQ GMO Internet,Inc, JP)
PTR: v150-95-189-63.b016.g.tyo1.static.cnode.io
ASN7506 (INTERQ GMO Internet,Inc, JP)
PTR: v150-95-189-63.b016.g.tyo1.static.cnode.io
| my.orico.co.jp |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 12 |
teddystakes.com
www.teddystakes.com |
19 KB |
| 2 |
navicast.jp
navicast.jp |
4 KB |
| 1 |
orico.co.jp
my.orico.co.jp |
632 B |
| 15 | 3 |
| Domain | Requested by | |
|---|---|---|
| 12 | www.teddystakes.com |
www.teddystakes.com
|
| 2 | navicast.jp |
www.teddystakes.com
|
| 1 | my.orico.co.jp |
www.teddystakes.com
|
| 15 | 3 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| www.orico.co.jp |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| www.teddystakes.com R3 |
2022-12-02 - 2023-03-02 |
3 months | crt.sh |
| navicast.jp Amazon |
2022-10-25 - 2023-11-22 |
a year | crt.sh |
| my.orico.co.jp Cybertrust Japan SureServer EV CA G3 |
2022-11-02 - 2023-11-30 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.teddystakes.com/
Frame ID: EB7FE99519CD8ECF2F19B82B86E963F1
Requests: 15 HTTP requests in this frame
Screenshot
Page Title
ID・パスワードのお問合せ 入力(カード会員):eオリコDetected technologies
DreamWeaver
(Editors)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- <!--[^>]*(?:InstanceBeginEditable|Dreamweaver([^>]+)target|DWLayoutDefaultTable)
Google Tag Manager
(Tag Managers)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- <!-- (?:End )?Google Tag Manager -->
Page Statistics
3 Outgoing links
These are links going to different origins than the main page.
URL: http://www.orico.co.jp/policy/site.html
Search URL Search Domain Scan URL
URL: http://www.orico.co.jp/policy/index.html
Search URL Search Domain Scan URL
URL: http://www.orico.co.jp/policy/credit.html
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
15 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
Primary Request
/
www.teddystakes.com/ |
38 KB 8 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
3.000.css
navicast.jp/api/spc/lib/ |
17 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
fontello.css
navicast.jp/api/spc/css/ |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
check.js
www.teddystakes.com/ |
3 KB 847 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
spacer.gif
www.teddystakes.com/pc/ |
43 B 120 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
eorico_logo.gif
www.teddystakes.com/pc/ |
3 KB 3 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
flow_01input_cur.gif
www.teddystakes.com/pc/ |
1 KB 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
flow_02confirm.gif
www.teddystakes.com/pc/ |
1 KB 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
flow_03complete.gif
www.teddystakes.com/pc/ |
1 KB 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
icon_newwin.gif
www.teddystakes.com/pc/ |
213 B 259 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
copyright.gif
www.teddystakes.com/pc/ |
1008 B 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
footer_btn_sitepolicy.gif
www.teddystakes.com/pc/ |
367 B 415 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
footer_btn_privacypolicy.gif
www.teddystakes.com/pc/ |
534 B 582 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
footer_btn_creditpolicy.gif
www.teddystakes.com/pc/ |
434 B 482 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
bg_h1.gif
my.orico.co.jp/eorico/common/image/ |
285 B 632 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Orico (Financial)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontentvisibilityautostatechange function| check0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
my.orico.co.jp
navicast.jp
www.teddystakes.com
150.95.189.63
204.152.210.213
54.64.120.121
0c94d89b354efa6cd1e9d60a67458e3b0d789dced50f859ca1c0e43478fbf8e5
1c702750ff3ab032fdd2281629f102172b7d5fc2ed37495d4c12ea439880f5d8
210a6dd9c8a5c4330e367c8f9accbc15ef282320dec49e17e38e4ec274f8c06f
215480887b4714509a939d14320d61530b71e3f4add5f6177a938676ceb8ca5b
2691fd27a4f0c81c0ef43d246363a810edef4e145faf22912e884257053ca1c9
48771be8ac2878472a9b9c9b812ff2bd718f8fdeb92d140891f8f6c625b35a97
79646e1ec441eacca4d0b1872571489bbbab975f1213dca1a99316eec22c7526
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
95ad20be02bf07ba48b7217ff263f960cb86e41065eef50d0ad9d2393dd3df6f
ac345db5f85860932eabd2a12f2e585c49ee0110fa20ed0f719efe56c1d5f600
bd6bd834ef52da3b8f4da691dd7c6bfa40ffe2c170ee06824fe788882e7d2418
d0d96bc8cd28a833d6bac741575256b07ffbb92394fc566e046c093a467c9bd9
dd271cb801bc91c06250ad16239535a06a1c0899012183a4791df47b7e90016a
e56c84a360e83fe0861540f9a25d5000e015fec81105ea4faef751b4a4437e24
e99275abdb5523a8287500d5a40f6f141c81a6b031be23cdb24be04e047e7b95