ezyrecon.com - urlscan.io

Summary

This website contacted 4 IPs in 1 countries across 3 domains to perform 4 HTTP transactions. The main IP is 67.195.197.75, located in United States and belongs to YAHOO-3 - Oath Holdings Inc., US. The main domain is ezyrecon.com.

This is the only time ezyrecon.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	67.195.197.75 67.195.197.75	26101 (YAHOO-3) (YAHOO-3 - Oath Holdings Inc.)
1	52.200.123.130 52.200.123.130	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1 2	2606:4700:10:... 2606:4700:10::6814:1246	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
4	4

1 67.195.197.75 (United States)

ASN26101 (YAHOO-3 - Oath Holdings Inc., US)
PTR: p9ats-i.geo.vip.bf1.yahoo.com

ezyrecon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.200.123.130 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-52-200-123-130.compute-1.amazonaws.com

np.lexity.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:10::6814:1246 (United States) 1 redirects

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

www.powr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	powr.io 1 redirects www.powr.io	4 KB
1	lexity.com np.lexity.com	4 KB
1	ezyrecon.com ezyrecon.com	39 KB
4	3

	Domain	Requested by
2	www.powr.io	1 redirects
1	np.lexity.com	ezyrecon.com np.lexity.com
1	ezyrecon.com
4	3

This site contains no links.

Subject Issuer	Validity	Valid
	`1970-01-01` - `1970-01-01`	a few seconds	crt.sh
ssl364586.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2019-03-14` - `2019-09-20`	6 months	crt.sh

This page contains 1 frames:

Primary Page: http://ezyrecon.com/phpinfo.php
Frame ID: 319F29E65436AA1647F50B02A891D301
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

Apache Traffic Server (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /ATS\/?([\d.]+)?/i

Page Statistics

4
Requests

25 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

4
IPs

1
Countries

47 kB
Transfer

59 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1

http://www.powr.io/powr.js?powr-token=yahoo_YW.6ce831a08cc7&external-type=yahoo HTTP 301
https://www.powr.io/powr.js?powr-token=yahoo_YW.6ce831a08cc7&external-type=yahoo

4 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request Cookie set phpinfo.php Show response ezyrecon.com/	39 KB 39 KB	7823ms 221ms	Document text/html	67.195.197.75 Oath Holdings Inc.
General Check archive.org Show headers Download Go to Full URL http://ezyrecon.com/phpinfo.php Protocol HTTP/1.1 Server 67.195.197.75 , United States, ASN26101 (YAHOO-3 - Oath Holdings Inc., US), Reverse DNS p9ats-i.geo.vip.bf1.yahoo.com Software ATS/7.1.2 / Resource Hash `33e03ee57b318c35dac8adfc6b1d266fba558b53a800522eb74fee4afc1988db` Request headers Host ezyrecon.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3 Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Mon, 12 Aug 2019 10:36:52 GMT Set-Cookie BX=01nd6ktel2ga4&b=3&s=k0; expires=Thu, 12-Aug-2021 10:36:52 GMT; path=/; domain=.ezyrecon.com P3P policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV" Content-Type text/html Age 0 Transfer-Encoding chunked Connection keep-alive Server ATS/7.1.2
GET H/1.1	200 OK	d42aafbfd543925fcec3f612816f5ee1 Show response np.lexity.com/embed/YW/	9 KB 4 KB	8359ms 118ms	Script text/plain	52.200.123.130 Amazon.com
General Check archive.org Show headers Download Go to Full URL http://np.lexity.com/embed/YW/d42aafbfd543925fcec3f612816f5ee1?id=6ce831a08cc7 Requested by Host: ezyrecon.com URL: http://ezyrecon.com/phpinfo.php Protocol HTTP/1.1 Security , , Server 52.200.123.130 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US), Reverse DNS ec2-52-200-123-130.compute-1.amazonaws.com Software / Resource Hash `eaa9c102d7edfc5f87035bcd6793fb1e434ac8da04c1fe94faeee5ee035b4dab` Request headers Referer http://ezyrecon.com/phpinfo.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Mon, 12 Aug 2019 10:37:00 GMT content-encoding gzip Connection keep-alive Content-Length 3858
GET H2	200	powr.js Show response www.powr.io/ Redirect Chain http://www.powr.io/powr.js?powr-token=yahoo_YW.6ce831a08cc7&external-type=yahoo https://www.powr.io/powr.js?powr-token=yahoo_YW.6ce831a08cc7&external-type=yahoo	10 KB 4 KB	1042ms 39ms	Script application/javascript	2606:4700:10::6814:1246 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://www.powr.io/powr.js?powr-token=yahoo_YW.6ce831a08cc7&external-type=yahoo Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::6814:1246 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `b0e2a2183c91ba9bf348ed3b57c865c697f390288c07b314ae63c248ab6f17c3` Request headers Referer http://ezyrecon.com/phpinfo.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers cf-ray 5051cfc8ccdfc2f9-FRA date Mon, 12 Aug 2019 10:37:02 GMT via 1.1 vegur cf-cache-status HIT last-modified Fri, 26 Jul 2019 20:28:34 GMT server cloudflare age 574364 cf-polished origSize=10552 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type application/javascript status 200, 200 OK cache-control max-age=604800, public content-encoding br cf-bgj minify Redirect headers Date Mon, 12 Aug 2019 10:37:01 GMT Server cloudflare Vary Accept-Encoding Location https://www.powr.io/powr.js?powr-token=yahoo_YW.6ce831a08cc7&external-type=yahoo Cache-Control max-age=3600 Transfer-Encoding chunked Connection keep-alive CF-RAY 5051cfc23d91c286-FRA Expires Mon, 12 Aug 2019 11:37:01 GMT
GET		vbvnblnq.f.kk[0] np.lexity.com/embed/YW/d42aafbfd543925fcec3f612816f5ee1/v/g9GBF3McaUQC/k/m6sSVuRo0p7g/u/http%3A%2F%2Fezyrecon.com%2Fphpinfo.php/n/1565606220985/t/phpinfo()/vn/1/c/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: np.lexity.com
URL: http://np.lexity.com/embed/YW/d42aafbfd543925fcec3f612816f5ee1/v/g9GBF3McaUQC/k/m6sSVuRo0p7g/u/http%3A%2F%2Fezyrecon.com%2Fphpinfo.php/n/1565606220985/t/phpinfo()/vn/1/c/vbvnblnq.f.kk[0]?id=6ce831a08cc7&ts=1565606221247

Verdicts & Comments Add Verdict or Comment

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.ezyrecon.com/	1970-01-19 20:26:04	Name: BX Value: 01nd6ktel2ga4&b=3&s=k0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ezyrecon.com
np.lexity.com
www.powr.io
np.lexity.com
2606:4700:10::6814:1246
52.200.123.130
67.195.197.75
33e03ee57b318c35dac8adfc6b1d266fba558b53a800522eb74fee4afc1988db
b0e2a2183c91ba9bf348ed3b57c865c697f390288c07b314ae63c248ab6f17c3
eaa9c102d7edfc5f87035bcd6793fb1e434ac8da04c1fe94faeee5ee035b4dab

ezyrecon.com Open in urlscan Pro 67.195.197.75 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

4 Requests

25 %HTTPS

33 %IPv6

3 Domains

3 Subdomains

4 IPs

1 Countries

47 kBTransfer

59 kBSize

1 Cookies

0 Outgoing links

Redirected requests

4 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Failed requests

Verdicts & Comments Add Verdict or Comment

8 JavaScript Global Variables

1 Cookies

Indicators

ezyrecon.com Open in urlscan Pro
67.195.197.75 Public Scan

Screenshot
Live screenshot

Full Image

4
Requests

25 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

4
IPs

1
Countries

47 kB
Transfer

59 kB
Size

1
Cookies

4 HTTP transactions
0 data transactions