https://bricksandminifigs.com/
23.185.0.4 · Pantheon
San Francisco, United States
6346 days
200 · 26.9s
Valid· R12, Let's Encrypt, US
COMPLETED
Linked Phishing Report
This scan is attached to a vendor submission report
Brand
Bricks & Minifigs
Vendors
29/30
Status
partial
No KB/IOK detections were recorded for this scan.
E-Commerce · 7/19/2026
The page at bricksandminifigs.com presents branding for Bricks & Minifigs (LEGO minifigures, sets, bricks) with actual site content. The page shows legitimate LEGO-themed branding and a store-style layout; however, the domain is not a canonical LEGO brand domain and the evidence suggests off-domain submission endpoints and heavy analytics/scripts. Visuals in the screenshot strongly resemble Bricks & Minifigs branding rather than an impersonation of a major brand like PayPal or Google. While credential harvesting impersonation is not evident from the static HTML, the presence of off-domain endpoints and multiple third-party trackers warrants cautious monitoring for potential misuse, but there is no definitive credential-theft phishing signal from the captured data.
Capture
Stages: 3
Canonical: Late Render (+3s)
Changed: No
Credential Signals
Forms: 1
Password fields: 0
Late-stage login UI: No
Resource Signals
Resources: 176
Hosts: 26
Domains: 18
Suspicious Endpoints
hxxps://2532c1-2[.]myshopify[.]com/api/2025-01/graphql.json
hxxps://bricksandminifigs[.]com/
Off-Domain Posts
hxxps://2532c1-2[.]myshopify[.]com/api/2025-01/graphql.json
The page presents Bricks & Minifigs branding on bricksandminifigs.com, suggesting a first-party retail site rather than a spoofed login page for another brand. However, the scan reveals numerous third-party trackers, a Shopify.graphql endpoint on an off-domain, and a high volume of external resources, which increases risk of data exfiltration or user tracking. The presence of a valid SSL certificate from Let's Encrypt with subdomains indicates legitimate operation, but the off-domain API endpoint and extensive analytics integration warrant closer monitoring for potential misuse or data leakage. Given the evidence, treat this as a first-party site with significant tracking load and potential risky integrations; no definitive credential-phishing behavior is observed.
Monitor