poorttyuyi.2waky.com

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 5 HTTP transactions. The main IP is 104.129.12.6, located in Los Angeles, United States and belongs to PACIFICRACK, US. The main domain is poorttyuyi.2waky.com.
TLS certificate: Issued by R3 on February 20th 2023. Valid for: 3 months.

This is the only time poorttyuyi.2waky.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Amazon (Online)

Domain & IP information

	IP Address	AS Autonomous System
1	104.21.86.27 104.21.86.27	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 6	104.129.12.6 104.129.12.6	64270 (PACIFICRACK) (PACIFICRACK)
5	2

1 104.21.86.27 (None, )

ASN13335 (CLOUDFLARENET, US)

silent-block-3a89.rjcjydi8.workers.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.129.12.6 (Los Angeles, United States) 2 redirects

ASN64270 (PACIFICRACK, US)
PTR: 104.129.12.6.static.quadranet.com

poorttyuyi.2waky.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	2waky.com 2 redirects poorttyuyi.2waky.com	3 KB
1	workers.dev silent-block-3a89.rjcjydi8.workers.dev	527 B
5	2

	Domain	Requested by
6	poorttyuyi.2waky.com	2 redirects silent-block-3a89.rjcjydi8.workers.dev poorttyuyi.2waky.com
1	silent-block-3a89.rjcjydi8.workers.dev
5	2

This site contains no links.

Subject Issuer	Validity	Valid
*.rjcjydi8.workers.dev GTS CA 1P5	`2023-02-15` - `2023-05-16`	3 months	crt.sh
mmkkoo.itsaol.com R3	`2023-02-20` - `2023-05-21`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://poorttyuyi.2waky.com/mobile/LbK0DHjdeDzfByd.php
Frame ID: 32659E4C5F16113E656C9B1ECF132A30
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Amazonサインイン

Page URL History Show full URLs

https://silent-block-3a89.rjcjydi8.workers.dev/ Page URL
http://poorttyuyi.2waky.com/ HTTP 301
https://poorttyuyi.2waky.com/ HTTP 302
https://poorttyuyi.2waky.com/mobile/LbK0DHjdeDzfByd.php Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

5
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

3 kB
Transfer

7 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://silent-block-3a89.rjcjydi8.workers.dev/ Page URL
http://poorttyuyi.2waky.com/ HTTP 301
https://poorttyuyi.2waky.com/ HTTP 302
https://poorttyuyi.2waky.com/mobile/LbK0DHjdeDzfByd.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	/ silent-block-3a89.rjcjydi8.workers.dev/	68 B 527 B	806ms 410ms	Document text/html	104.21.86.27 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://silent-block-3a89.rjcjydi8.workers.dev/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.21.86.27 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36 accept-language jp-JP,jp;q=0.9 Response headers alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cf-ray 79ce3c8f6b208090-NRT content-encoding br content-type text/html;charset=UTF-8 date Tue, 21 Feb 2023 08:50:49 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XIyfnVWB%2BC8NMHe40qtaVuEzJjsUvIXoP1HRASvL7V8MeoTr%2BAYNyLdTMnTY2ViQc0wp46apaBZpBEPNso2177HqQCp2Tz1afrlhFncwmSPlDvJGBJhflozrXhepCM8crU2v9eUoG%2B84TRN0Vg1XJiRjWNqrcChkuw%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding
GET H2	200	Primary Request LbK0DHjdeDzfByd.php Show response poorttyuyi.2waky.com/mobile/ Redirect Chain http://poorttyuyi.2waky.com/ https://poorttyuyi.2waky.com/ https://poorttyuyi.2waky.com/mobile/LbK0DHjdeDzfByd.php	2 KB 929 B	3827ms 3826ms	Document text/html	104.129.12.6 PACIFICRACK
General Check archive.org Show headers Download Go to Full URL https://poorttyuyi.2waky.com/mobile/LbK0DHjdeDzfByd.php Requested by Host: silent-block-3a89.rjcjydi8.workers.dev URL: https://silent-block-3a89.rjcjydi8.workers.dev/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.129.12.6 Los Angeles, United States, ASN64270 (PACIFICRACK, US), Reverse DNS 104.129.12.6.static.quadranet.com Software Apache / Resource Hash `a6f590995aedef0342c6109f6eb97adac850e53baa4a5a14224485df36373733` Request headers Referer https://silent-block-3a89.rjcjydi8.workers.dev/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36 accept-language jp-JP,jp;q=0.9 Response headers cache-control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 content-encoding gzip content-length 857 content-type text/html; charset=utf-8 date Tue, 21 Feb 2023 08:50:51 GMT expires Thu, 19 Nov 1981 08:52:00 GMT pragma no-cache server Apache vary Accept-Encoding Redirect headers cache-control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 content-length 0 content-type text/html; charset=utf-8 date Tue, 21 Feb 2023 08:50:50 GMT expires Thu, 19 Nov 1981 08:52:00 GMT location ./mobile/LbK0DHjdeDzfByd.php pragma no-cache server Apache
GET H2	200	index.css poorttyuyi.2waky.com/mobile/css/	5 KB 1 KB	124ms 123ms	Stylesheet text/css	104.129.12.6 PACIFICRACK
General Check archive.org Show headers Download Go to Full URL https://poorttyuyi.2waky.com/mobile/css/index.css Requested by Host: poorttyuyi.2waky.com URL: https://poorttyuyi.2waky.com/mobile/LbK0DHjdeDzfByd.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.129.12.6 Los Angeles, United States, ASN64270 (PACIFICRACK, US), Reverse DNS 104.129.12.6.static.quadranet.com Software Apache / Resource Hash `fb4d1750f7496eb7110ab8d2404dc59c4170bf5f9f144c69f3b358e00bdd3582` Request headers accept-language jp-JP,jp;q=0.9 Referer https://poorttyuyi.2waky.com/mobile/LbK0DHjdeDzfByd.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36 Response headers date Tue, 21 Feb 2023 08:50:55 GMT content-encoding gzip last-modified Mon, 13 Feb 2023 20:34:36 GMT server Apache etag "126e-5f49ac6806f00-gzip" vary Accept-Encoding content-type text/css accept-ranges bytes content-length 1232
GET H2	404	logo-1.png poorttyuyi.2waky.com/mobile/img/	267 B 267 B	132ms 130ms	Image text/html	104.129.12.6 PACIFICRACK
General Check archive.org Show headers Download Go to Show image Full URL https://poorttyuyi.2waky.com/mobile/img/logo-1.png Requested by Host: poorttyuyi.2waky.com URL: https://poorttyuyi.2waky.com/mobile/css/index.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.129.12.6 Los Angeles, United States, ASN64270 (PACIFICRACK, US), Reverse DNS 104.129.12.6.static.quadranet.com Software Apache / Resource Hash `d6ad220ca13eaa5f5eb8999b5f02f20836b3d75f41ae454d29c84e1ec6e88982` Request headers accept-language jp-JP,jp;q=0.9 Referer https://poorttyuyi.2waky.com/mobile/css/index.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36 Response headers date Tue, 21 Feb 2023 08:50:55 GMT server Apache content-length 267 content-type text/html; charset=iso-8859-1
GET H2	404	logo-2.png poorttyuyi.2waky.com/mobile/img/	267 B 267 B	130ms 129ms	Image text/html	104.129.12.6 PACIFICRACK
General Check archive.org Show headers Download Go to Show image Full URL https://poorttyuyi.2waky.com/mobile/img/logo-2.png Requested by Host: poorttyuyi.2waky.com URL: https://poorttyuyi.2waky.com/mobile/css/index.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.129.12.6 Los Angeles, United States, ASN64270 (PACIFICRACK, US), Reverse DNS 104.129.12.6.static.quadranet.com Software Apache / Resource Hash `d6ad220ca13eaa5f5eb8999b5f02f20836b3d75f41ae454d29c84e1ec6e88982` Request headers accept-language jp-JP,jp;q=0.9 Referer https://poorttyuyi.2waky.com/mobile/css/index.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36 Response headers date Tue, 21 Feb 2023 08:50:55 GMT server Apache content-length 267 content-type text/html; charset=iso-8859-1

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Amazon (Online)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| oncontentvisibilityautostatechange

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			poorttyuyi.2waky.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: pgmq7ovphdcfstnrj98ufv0tm5

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://poorttyuyi.2waky.com/mobile/img/logo-2.png Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://poorttyuyi.2waky.com/mobile/img/logo-1.png Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

poorttyuyi.2waky.com
silent-block-3a89.rjcjydi8.workers.dev
104.129.12.6
104.21.86.27
a6f590995aedef0342c6109f6eb97adac850e53baa4a5a14224485df36373733
d6ad220ca13eaa5f5eb8999b5f02f20836b3d75f41ae454d29c84e1ec6e88982
fb4d1750f7496eb7110ab8d2404dc59c4170bf5f9f144c69f3b358e00bdd3582

poorttyuyi.2waky.com Open in urlscan Pro 104.129.12.6 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

5 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

3 kBTransfer

7 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

1 Cookies

2 Console Messages

Indicators

poorttyuyi.2waky.com Open in urlscan Pro
104.129.12.6 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

5
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

3 kB
Transfer

7 kB
Size

1
Cookies

5 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!