# bujj163.com — MALICIOUS

> Stay alert! The active domain bujj163.com is flagged for phishing. Avoid sharing sensitive info and verify links carefully.

## Summary
PhishDestroy identifies bujj163.com as a high-risk generic phishing domain actively targeting users to steal sensitive information. This threat is critical due to its recent creation and active status, posing a direct risk to online safety.

The domain resolves to IP 172.67.163.105 and is registered through NICENIC INTERNATIONAL GROUP CO., LIMITED. VirusTotal flags it by 11 security vendors, and it appears on a security blocklist, confirming its malicious use.

Users should avoid visiting bujj163.com and never provide personal or financial data on this site. Employ updated security tools and report any suspicious activity to help prevent potential harm.

## Threat Details
- Verdict: MALICIOUS
- Site status: alive (HTTP ?)
- Page title: BUFF — Number one among all skin sites for CS2!

## Domain Intelligence
- Registered: 2026-03-10 21:07:01
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- Country: HK
- IP: 172.67.163.105
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: elma.ns.cloudflare.com wells.ns.cloudflare.com
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 11 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "BitDefender", "CRDF", "CyRadar", "Fortinet", "G-Data", "Kaspersky", "Lionic", "Sophos", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Live Page Content

### Page Text
Suspected phishing site | Cloudflare Please enable
      cookies. Warning Suspected Phishing This website has been reported for potential phishing. Phishing is when a site attempts to steal sensitive information by falsely presenting as a safe source. Learn More Ignore & Proceed Cloudflare Ray ID: 9dc8f53a682df3c7 • Your IP: Click to reveal 104.28.164.190 • Performance & security by Cloudflare

### External Scripts
- https://challenges.cloudflare.com/turnstile/v0/api.js

### Form Fields
- submit
- atok
- original_path
- hidden

### External Links
- https://www.cloudflare.com/learning/access-management/phishing-attack/
- https://www.cloudflare.com/5xx-error-landing

## Evidence
- Screenshot: https://i.ibb.co/DHw7k0DX/669116126bd0.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/42b194e1-27b0-4af6-9b32-454ff7a972f2
- PhishDestroy: https://phishdestroy.io/domain/bujj163.com/
- LLM endpoint: https://phishdestroy.io/domain/bujj163.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/bujj163.com/
Last updated: 2026-03-15