www.bcsbirds.com
Open in
urlscan Pro
184.168.236.1
Malicious Activity!
Public Scan
Effective URL: http://www.bcsbirds.com/sakuraaccountuid/86fc0a15-c94b-11dd-9712-00114332949f/86fc0a15-c94b-11dd-9712-00114332949pm/saku...
Submission: On October 11 via manual from JP
Summary
This is the only time www.bcsbirds.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 2 | 107.180.50.185 107.180.50.185 | 26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com) | |
1 6 | 184.168.236.1 184.168.236.1 | 26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com) | |
1 | 185.225.208.133 185.225.208.133 | 13213 (UK2NET-AS) (UK2NET-AS) | |
1 | 67.202.94.86 67.202.94.86 | 32748 (STEADFAST) (STEADFAST - Steadfast) | |
8 | 5 |
ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US)
PTR: ip-107-180-50-185.ip.secureserver.net
secure.sakurawebmail.co |
ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US)
PTR: p3nlhg136c1136.shr.prod.phx3.secureserver.net
www.bcsbirds.com |
ASN32748 (STEADFAST - Steadfast, US)
PTR: amung.us
whos.amung.us |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
bcsbirds.com
1 redirects
www.bcsbirds.com |
64 KB |
2 |
sakurawebmail.co
1 redirects
secure.sakurawebmail.co |
743 B |
1 |
amung.us
whos.amung.us |
213 B |
1 |
waust.at
waust.at |
7 KB |
8 | 4 |
Domain | Requested by | |
---|---|---|
6 | www.bcsbirds.com |
1 redirects
www.bcsbirds.com
|
2 | secure.sakurawebmail.co | 1 redirects |
1 | whos.amung.us |
waust.at
|
1 | waust.at |
www.bcsbirds.com
|
8 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
whos.amung.us |
Subject Issuer | Validity | Valid |
---|
This page contains 1 frames:
Primary Page:
http://www.bcsbirds.com/sakuraaccountuid/86fc0a15-c94b-11dd-9712-00114332949f/86fc0a15-c94b-11dd-9712-00114332949pm/sakura.html?sakurasessionsnew_signintosakuraonlinenejp
Frame ID: 5EE1172BDE16674228CF8B1B9563457F
Requests: 9 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://secure.sakurawebmail.co/ad.jp/rscontrol/webmail
HTTP 301
http://secure.sakurawebmail.co/ad.jp/rscontrol/webmail/ Page URL
-
http://www.bcsbirds.com/sakuraaccountuid/86fc0a15-c94b-11dd-9712-00114332949f/86fc0a15-c94b-11dd-971...
HTTP 301
http://www.bcsbirds.com/sakuraaccountuid/86fc0a15-c94b-11dd-9712-00114332949f/86fc0a15-c94b-11dd-971... Page URL
- http://www.bcsbirds.com/sakuraaccountuid/86fc0a15-c94b-11dd-9712-00114332949f/86fc0a15-c94b-11dd-971... Page URL
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: 32
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://secure.sakurawebmail.co/ad.jp/rscontrol/webmail
HTTP 301
http://secure.sakurawebmail.co/ad.jp/rscontrol/webmail/ Page URL
-
http://www.bcsbirds.com/sakuraaccountuid/86fc0a15-c94b-11dd-9712-00114332949f/86fc0a15-c94b-11dd-9712-00114332949pm
HTTP 301
http://www.bcsbirds.com/sakuraaccountuid/86fc0a15-c94b-11dd-9712-00114332949f/86fc0a15-c94b-11dd-9712-00114332949pm/ Page URL
- http://www.bcsbirds.com/sakuraaccountuid/86fc0a15-c94b-11dd-9712-00114332949f/86fc0a15-c94b-11dd-9712-00114332949pm/sakura.html?sakurasessionsnew_signintosakuraonlinenejp Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://secure.sakurawebmail.co/ad.jp/rscontrol/webmail HTTP 301
- http://secure.sakurawebmail.co/ad.jp/rscontrol/webmail/
- http://www.bcsbirds.com/sakuraaccountuid/86fc0a15-c94b-11dd-9712-00114332949f/86fc0a15-c94b-11dd-9712-00114332949pm HTTP 301
- http://www.bcsbirds.com/sakuraaccountuid/86fc0a15-c94b-11dd-9712-00114332949f/86fc0a15-c94b-11dd-9712-00114332949pm/
8 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
secure.sakurawebmail.co/ad.jp/rscontrol/webmail/ Redirect Chain
|
188 B 476 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
www.bcsbirds.com/sakuraaccountuid/86fc0a15-c94b-11dd-9712-00114332949f/86fc0a15-c94b-11dd-9712-00114332949pm/ Redirect Chain
|
117 B 441 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
sakura.html
www.bcsbirds.com/sakuraaccountuid/86fc0a15-c94b-11dd-9712-00114332949f/86fc0a15-c94b-11dd-9712-00114332949pm/ |
2 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
xvx.js
www.bcsbirds.com/sakuraaccountuid/86fc0a15-c94b-11dd-9712-00114332949f/86fc0a15-c94b-11dd-9712-00114332949pm/ |
12 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
dnt2.png
www.bcsbirds.com/sakuraaccountuid/86fc0a15-c94b-11dd-9712-00114332949f/86fc0a15-c94b-11dd-9712-00114332949pm/mux/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
d.js
waust.at/ |
13 KB 7 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
dnt1.png
www.bcsbirds.com/sakuraaccountuid/86fc0a15-c94b-11dd-9712-00114332949f/86fc0a15-c94b-11dd-9712-00114332949pm/mux/ |
58 KB 58 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
whos.amung.us/pingjs/ |
29 B 213 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic (Online)32 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| Validator function| set_addnl_vfunction function| clear_all_validations function| form_submit_handler function| add_validation function| ValidationDesc function| vdesc_validate function| ValidationSet function| add_validationdesc function| vset_validate function| validateEmailv2 function| mod10 function| V2validateData object| frmvalidator object| _wau string| wau_w_col string| wau_w_siz object| WAU_ren function| WAU_dynamic function| WAU_dynamic_request function| WAU_r_d function| WAU_insert function| WAU_la function| WAU_addCommas function| WAU_lrd function| WAU_cps function| docReady object| x string| x1 string| x20 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
secure.sakurawebmail.co
waust.at
whos.amung.us
www.bcsbirds.com
107.180.50.185
184.168.236.1
185.225.208.133
67.202.94.86
27c6dc9fc781c1357cc4ffcd3d0bafc53101477c1703ddc204ef9ff0ced49074
2905fc4215a6ff161b3095deb991e81e44e4f9567216b537d789fff7255b82f2
344ce7ae9a0179e949d1daf2b1811828294ec092ebdd622a7d8f2f379e801823
3e902b4bfa6470cc1e2414fa1c6cbf8ea1f72488746a3c69956ef050d83ad0cf
511a012bc33411293937e353b8aa182cda7f52f74e4a4332747ef256ce155268
6f4587fb64cd2e7ce26ba21941c80f3ab8d28c257b73d04a87c949b32e4cde2d
8da72e6dd376d77a08796f1aece5d68f3a20c395089cbeec0c8b2a5ba2cdd4d9
9aef19b23a01bd96033bc1f1acb3da5e38dc54bcc4aa1972919c7b2b2a71e4aa
ffa06deb7ce9599be5e16d4dfb770f2385f154096da6ab8f4238c50f359e47d2