1b89o2.cyou Open in urlscan Pro
216.144.226.73 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://1b89o2.cyou/
Submission: On March 27 via api (March 27th 2023, 8:20:32 am UTC) from JP — Scanned from JP

Summary HTTP 22 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 3 IPs in 1 countries across 2 domains to perform 22 HTTP transactions. The main IP is 216.144.226.73, located in Ashburn, United States and belongs to PACIFICRACK, US. The main domain is 1b89o2.cyou.
TLS certificate: Issued by R3 on March 23rd 2023. Valid for: 3 months.

This is the only time 1b89o2.cyou was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Yamato Transport (Transportation)

Domain & IP information

	IP Address	AS Autonomous System
21	216.144.226.73 216.144.226.73	64270 (PACIFICRACK) (PACIFICRACK)
1	192.210.162.204 192.210.162.204	36352 (AS-COLOCR...) (AS-COLOCROSSING)
22	3

21 216.144.226.73 (Ashburn, United States)

ASN64270 (PACIFICRACK, US)

1b89o2.cyou	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.210.162.204 (Chicago, United States)

ASN36352 (AS-COLOCROSSING, US)
PTR: 192-210-162-204-host.colocrossing.com

ya1mk2.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
21	1b89o2.cyou 1b89o2.cyou	480 KB
1	ya1mk2.xyz ya1mk2.xyz
22	2

	Domain	Requested by
21	1b89o2.cyou	1b89o2.cyou
1	ya1mk2.xyz	1b89o2.cyou
22	2

This site contains links to these domains. Also see Links.

Domain
faq.kuronekoyamato.co.jp

Subject Issuer	Validity	Valid
1b89o2.cyou R3	`2023-03-23` - `2023-06-21`	3 months	crt.sh
ya1mk2.xyz R3	`2023-03-10` - `2023-06-08`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://1b89o2.cyou/
Frame ID: 2E93888CDC33F9E7ADF0C932A88C5079
Requests: 26 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Vue.js (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

<[^>]+\sdata-v(?:ue)?-

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

22
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

1
Countries

480 kB
Transfer

1817 kB
Size

0
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://faq.kuronekoyamato.co.jp/
Title: よくある質問

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

22 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
1b89o2.cyou/ 1 KB
693 B 936ms
239ms Document
text/html 216.144.226.73
PACIFICRACK

General

Check archive.org

Show headers Download Go to

Full URL

https://1b89o2.cyou/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

216.144.226.73 Ashburn, United States, ASN64270 (PACIFICRACK, US),

Reverse DNS

Software

nginx /

Resource Hash

ae7b0a5062338b52737d34e2c0cc56fc45737ec3ae9f0c867812e318072bc7f5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: jp-JP,jp;q=0.9

Response headers

content-encoding: gzip
content-type: text/html
date: Mon, 27 Mar 2023 08:20:16 GMT
etag: W/"6411c003-564"
last-modified: Wed, 15 Mar 2023 12:54:27 GMT
server: nginx
strict-transport-security: max-age=31536000
vary: Accept-Encoding

GET
H2 200 jquery-3.5.1.js Show response
1b89o2.cyou/static/js/ 87 KB
34 KB 482ms
479ms Script
application/javascript 216.144.226.73
PACIFICRACK

General

Check archive.org

Show headers Download Go to

Full URL

https://1b89o2.cyou/static/js/jquery-3.5.1.js

Requested by

Host: 1b89o2.cyou
URL: https://1b89o2.cyou/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

216.144.226.73 Ashburn, United States, ASN64270 (PACIFICRACK, US),

Reverse DNS

Software

nginx /

Resource Hash

9a2723c21fb1b7dff0e2aa5dc6be24a9670220a17ae21f70fdbc602d1f8acd38

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://1b89o2.cyou/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Mon, 27 Mar 2023 08:20:17 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
last-modified: Wed, 15 Mar 2023 12:54:30 GMT
server: nginx
etag: W/"6411c006-15d84"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=43200
expires: Mon, 27 Mar 2023 20:20:17 GMT

GET
H2 200 jquery.mask.js Show response
1b89o2.cyou/static/js/ 20 KB
6 KB 721ms
718ms Script
application/javascript 216.144.226.73
PACIFICRACK

General

Check archive.org

Show headers Download Go to

Full URL

https://1b89o2.cyou/static/js/jquery.mask.js

Requested by

Host: 1b89o2.cyou
URL: https://1b89o2.cyou/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

216.144.226.73 Ashburn, United States, ASN64270 (PACIFICRACK, US),

Reverse DNS

Software

nginx /

Resource Hash

d207d7942aa5bd788378f92aae9fd3aae7ec1245776f16b6680bc1e312db3f51

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://1b89o2.cyou/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Mon, 27 Mar 2023 08:20:17 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
last-modified: Wed, 15 Mar 2023 12:54:30 GMT
server: nginx
etag: W/"6411c006-51f1"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=43200
expires: Mon, 27 Mar 2023 20:20:17 GMT

GET
H2 200 jquery.validate.min.js Show response
1b89o2.cyou/static/js/ 34 KB
9 KB 721ms
718ms Script
application/javascript 216.144.226.73
PACIFICRACK

General

Check archive.org

Show headers Download Go to

Full URL

https://1b89o2.cyou/static/js/jquery.validate.min.js

Requested by

Host: 1b89o2.cyou
URL: https://1b89o2.cyou/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

216.144.226.73 Ashburn, United States, ASN64270 (PACIFICRACK, US),

Reverse DNS

Software

nginx /

Resource Hash

fde03dc107f1cfd899199f6bc9410e18fb317a3017e2431c884e05cf45c76205

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://1b89o2.cyou/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Mon, 27 Mar 2023 08:20:17 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
last-modified: Wed, 15 Mar 2023 12:54:30 GMT
server: nginx
etag: W/"6411c006-868f"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=43200
expires: Mon, 27 Mar 2023 20:20:17 GMT

GET
H2 404 jquery.min.js
ya1mk2.xyz/js/ 0
0 588ms
135ms Script
text/html 192.210.162.204
AS-COLOCROSSING

General

Check archive.org

Show headers Download Go to

Full URL: https://ya1mk2.xyz/js/jquery.min.js
Requested by: Host: 1b89o2.cyou
URL: https://1b89o2.cyou/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.210.162.204 Chicago, United States, ASN36352 (AS-COLOCROSSING, US),
Reverse DNS: 192-210-162-204-host.colocrossing.com
Software: Apache /
Resource Hash

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://1b89o2.cyou/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Mon, 27 Mar 2023 08:20:17 GMT
content-encoding: gzip
server: Apache
content-length: 36
vary: Accept-Encoding
content-type: text/html; charset=UTF-8

GET
H2 200 sire.form.js Show response
1b89o2.cyou/static/js/ 5 KB
1 KB 721ms
719ms Script
application/javascript 216.144.226.73
PACIFICRACK

General

Check archive.org

Show headers Download Go to

Full URL

https://1b89o2.cyou/static/js/sire.form.js

Requested by

Host: 1b89o2.cyou
URL: https://1b89o2.cyou/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

216.144.226.73 Ashburn, United States, ASN64270 (PACIFICRACK, US),

Reverse DNS

Software

nginx /

Resource Hash

2904277b7d570e3e0e93c8fce86c2fe4eec2e76a559433f760e157b07ba86595

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://1b89o2.cyou/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Mon, 27 Mar 2023 08:20:17 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
last-modified: Wed, 15 Mar 2023 12:54:31 GMT
server: nginx
etag: W/"6411c007-157b"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=43200
expires: Mon, 27 Mar 2023 20:20:17 GMT

GET
H2 404 jquery.card.min.js
1b89o2.cyou/static/js/ 0
0 721ms
719ms Script
text/html 216.144.226.73
PACIFICRACK

General

Check archive.org

Show headers Download Go to

Full URL: https://1b89o2.cyou/static/js/jquery.card.min.js
Requested by: Host: 1b89o2.cyou
URL: https://1b89o2.cyou/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 216.144.226.73 Ashburn, United States, ASN64270 (PACIFICRACK, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://1b89o2.cyou/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Mon, 27 Mar 2023 08:20:17 GMT
server: nginx
content-length: 548
content-type: text/html

GET
H2 404 luhmCheck.js
1b89o2.cyou/static/js/ 0
0 721ms
720ms Script
text/html 216.144.226.73
PACIFICRACK

General

Check archive.org

Show headers Download Go to

Full URL: https://1b89o2.cyou/static/js/luhmCheck.js
Requested by: Host: 1b89o2.cyou
URL: https://1b89o2.cyou/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 216.144.226.73 Ashburn, United States, ASN64270 (PACIFICRACK, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://1b89o2.cyou/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Mon, 27 Mar 2023 08:20:17 GMT
server: nginx
content-length: 548
content-type: text/html

GET
H2 200 bankcard.js Show response
1b89o2.cyou/static/js/ 84 KB
19 KB 721ms
720ms Script
application/javascript 216.144.226.73
PACIFICRACK

General

Check archive.org

Show headers Download Go to

Full URL

https://1b89o2.cyou/static/js/bankcard.js

Requested by

Host: 1b89o2.cyou
URL: https://1b89o2.cyou/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

216.144.226.73 Ashburn, United States, ASN64270 (PACIFICRACK, US),

Reverse DNS

Software

nginx /

Resource Hash

c504ef4da3a47112556289bfc6680ed4d6a82b0e918cc853946c853849322615

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://1b89o2.cyou/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Mon, 27 Mar 2023 08:20:17 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
last-modified: Wed, 15 Mar 2023 12:54:29 GMT
server: nginx
etag: W/"6411c005-1516a"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=43200
expires: Mon, 27 Mar 2023 20:20:17 GMT

GET
H2 200 jquery.mask1.js Show response
1b89o2.cyou/static/js/ 20 KB
6 KB 722ms
720ms Script
application/javascript 216.144.226.73
PACIFICRACK

General

Check archive.org

Show headers Download Go to

Full URL

https://1b89o2.cyou/static/js/jquery.mask1.js

Requested by

Host: 1b89o2.cyou
URL: https://1b89o2.cyou/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

216.144.226.73 Ashburn, United States, ASN64270 (PACIFICRACK, US),

Reverse DNS

Software

nginx /

Resource Hash

be483938eb34538b970684f72e312f62652e84b42b7ad86953962d1ce2217c44

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://1b89o2.cyou/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Mon, 27 Mar 2023 08:20:17 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
last-modified: Wed, 15 Mar 2023 12:54:30 GMT
server: nginx
etag: W/"6411c006-4e98"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=43200
expires: Mon, 27 Mar 2023 20:20:17 GMT

GET
H2 200 layui.js Show response
1b89o2.cyou/static/js/ 284 KB
105 KB 723ms
722ms Script
application/javascript 216.144.226.73
PACIFICRACK

General

Check archive.org

Show headers Download Go to

Full URL

https://1b89o2.cyou/static/js/layui.js

Requested by

Host: 1b89o2.cyou
URL: https://1b89o2.cyou/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

216.144.226.73 Ashburn, United States, ASN64270 (PACIFICRACK, US),

Reverse DNS

Software

nginx /

Resource Hash

bbfe1536a99000acceb61f549aa59354cc596efc9f10d3843aab6b273f5adb1e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://1b89o2.cyou/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Mon, 27 Mar 2023 08:20:17 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
last-modified: Wed, 15 Mar 2023 12:54:30 GMT
server: nginx
etag: W/"6411c006-471da"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=43200
expires: Mon, 27 Mar 2023 20:20:17 GMT

GET
H2 200 chunk-vendors.fa2f5ed4.js Show response
1b89o2.cyou/static/js/ 205 KB
83 KB 246ms
241ms Script
application/javascript 216.144.226.73
PACIFICRACK

General

Check archive.org

Show headers Download Go to

Full URL

https://1b89o2.cyou/static/js/chunk-vendors.fa2f5ed4.js

Requested by

Host: 1b89o2.cyou
URL: https://1b89o2.cyou/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

216.144.226.73 Ashburn, United States, ASN64270 (PACIFICRACK, US),

Reverse DNS

Software

nginx /

Resource Hash

276131f1484691a3071e0298733be53a89c5b79224b3d6476f887ae5795cc1db

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://1b89o2.cyou/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Mon, 27 Mar 2023 08:20:18 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
last-modified: Wed, 15 Mar 2023 12:54:30 GMT
server: nginx
etag: W/"6411c006-335e2"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=43200
expires: Mon, 27 Mar 2023 20:20:18 GMT

GET
H2 200 app.f72c5225.js Show response
1b89o2.cyou/static/js/ 155 KB
58 KB 247ms
246ms Script
application/javascript 216.144.226.73
PACIFICRACK

General

Check archive.org

Show headers Download Go to

Full URL

https://1b89o2.cyou/static/js/app.f72c5225.js

Requested by

Host: 1b89o2.cyou
URL: https://1b89o2.cyou/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

216.144.226.73 Ashburn, United States, ASN64270 (PACIFICRACK, US),

Reverse DNS

Software

nginx /

Resource Hash

5a199c1c13b7480c6dcf5f4c5ecd4d0b1a594427d089633c0e993df369911f4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://1b89o2.cyou/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Mon, 27 Mar 2023 08:20:18 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
last-modified: Fri, 17 Mar 2023 15:01:31 GMT
server: nginx
etag: W/"641480cb-26b98"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=43200
expires: Mon, 27 Mar 2023 20:20:18 GMT

GET
H2 200 app.8ffc95eb.css
1b89o2.cyou/static/css/ 855 KB
125 KB 719ms
718ms Stylesheet
text/css 216.144.226.73
PACIFICRACK

General

Check archive.org

Show headers Download Go to

Full URL

https://1b89o2.cyou/static/css/app.8ffc95eb.css

Requested by

Host: 1b89o2.cyou
URL: https://1b89o2.cyou/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

216.144.226.73 Ashburn, United States, ASN64270 (PACIFICRACK, US),

Reverse DNS

Software

nginx /

Resource Hash

1cb275d715dac44240e9bf6fc3a2ef3afb78d1af1a00a0d870d0ccdb27b91ea1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://1b89o2.cyou/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Mon, 27 Mar 2023 08:20:17 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
last-modified: Wed, 15 Mar 2023 12:54:28 GMT
server: nginx
etag: W/"6411c004-d5cee"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=43200
expires: Mon, 27 Mar 2023 20:20:17 GMT

GET
H2 404 laydate.css
1b89o2.cyou/static/js/css/modules/laydate/default/ 0
0 245ms
244ms Stylesheet
text/html 216.144.226.73
PACIFICRACK

General

Check archive.org

Show headers Download Go to

Full URL: https://1b89o2.cyou/static/js/css/modules/laydate/default/laydate.css?v=5.3.1
Requested by: Host: 1b89o2.cyou
URL: https://1b89o2.cyou/static/js/layui.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 216.144.226.73 Ashburn, United States, ASN64270 (PACIFICRACK, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://1b89o2.cyou/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Mon, 27 Mar 2023 08:20:18 GMT
server: nginx
content-length: 548
content-type: text/html

GET
H2 404 layer.css
1b89o2.cyou/static/js/css/modules/layer/default/ 0
0 239ms
239ms Stylesheet
text/html 216.144.226.73
PACIFICRACK

General

Check archive.org

Show headers Download Go to

Full URL: https://1b89o2.cyou/static/js/css/modules/layer/default/layer.css?v=3.5.1
Requested by: Host: 1b89o2.cyou
URL: https://1b89o2.cyou/static/js/layui.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 216.144.226.73 Ashburn, United States, ASN64270 (PACIFICRACK, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://1b89o2.cyou/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Mon, 27 Mar 2023 08:20:18 GMT
server: nginx
content-length: 548
content-type: text/html

GET
H2 404 code.css
1b89o2.cyou/static/js/css/modules/ 0
0 239ms
239ms Stylesheet
text/html 216.144.226.73
PACIFICRACK

General

Check archive.org

Show headers Download Go to

Full URL: https://1b89o2.cyou/static/js/css/modules/code.css?v=2
Requested by: Host: 1b89o2.cyou
URL: https://1b89o2.cyou/static/js/layui.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 216.144.226.73 Ashburn, United States, ASN64270 (PACIFICRACK, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://1b89o2.cyou/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Mon, 27 Mar 2023 08:20:18 GMT
server: nginx
content-length: 548
content-type: text/html

GET
H2 200 layer.min.css
1b89o2.cyou/static/css/ 14 KB
3 KB 240ms
239ms Stylesheet
text/css 216.144.226.73
PACIFICRACK

General

Check archive.org

Show headers Download Go to

Full URL

https://1b89o2.cyou/static/css/layer.min.css

Requested by

Host: 1b89o2.cyou
URL: https://1b89o2.cyou/static/css/app.8ffc95eb.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

216.144.226.73 Ashburn, United States, ASN64270 (PACIFICRACK, US),

Reverse DNS

Software

nginx /

Resource Hash

878f34a978358166cf414ea96a0bc351fe56a8d0a9fd1f8e47e3420728d20724

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://1b89o2.cyou/static/css/app.8ffc95eb.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Mon, 27 Mar 2023 08:20:18 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
last-modified: Wed, 15 Mar 2023 12:54:28 GMT
server: nginx
etag: W/"6411c004-3600"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=43200
expires: Mon, 27 Mar 2023 20:20:18 GMT

POST
H2 200 api.php Show response
1b89o2.cyou/api/ 158 B
277 B 243ms
243ms XHR
text/html 216.144.226.73
PACIFICRACK

General

Check archive.org

Show headers Download Go to

Full URL

https://1b89o2.cyou/api/api.php

Requested by

Host: 1b89o2.cyou
URL: https://1b89o2.cyou/static/js/chunk-vendors.fa2f5ed4.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

216.144.226.73 Ashburn, United States, ASN64270 (PACIFICRACK, US),

Reverse DNS

Software

nginx /

Resource Hash

413db86c231dca689de3ffc382873f8c3e9f936b95a3003a91d9bf928fabf09e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: application/json, text/plain, */*
Referer: https://1b89o2.cyou/
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Mon, 27 Mar 2023 08:20:18 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
server: nginx
vary: Accept-Encoding
content-type: text/html; charset=UTF-8

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2594c084948733af513aa6064e08903964281bc4079e59a6422de3814884b053

Request headers

accept-language: jp-JP,jp;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 404 logo-jitbox.f822d4ac.png
1b89o2.cyou/img/ 548 B
548 B 239ms
238ms Image
text/html 216.144.226.73
PACIFICRACK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://1b89o2.cyou/img/logo-jitbox.f822d4ac.png
Requested by: Host: 1b89o2.cyou
URL: https://1b89o2.cyou/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 216.144.226.73 Ashburn, United States, ASN64270 (PACIFICRACK, US),
Reverse DNS
Software: nginx /
Resource Hash: d465172175d35d493fb1633e237700022bd849fa123164790b168b8318acb090

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://1b89o2.cyou/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Mon, 27 Mar 2023 08:20:18 GMT
server: nginx
content-length: 548
content-type: text/html

GET
H2 200 com_logo.7112252b.png
1b89o2.cyou/img/ 15 KB
15 KB 239ms
239ms Image
image/png 216.144.226.73
PACIFICRACK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1b89o2.cyou/img/com_logo.7112252b.png

Requested by

Host: 1b89o2.cyou
URL: https://1b89o2.cyou/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

216.144.226.73 Ashburn, United States, ASN64270 (PACIFICRACK, US),

Reverse DNS

Software

nginx /

Resource Hash

702be8c20ee12eafc6a24f4ad278330b5ed9d500cb3542d019ae890dbd78093b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://1b89o2.cyou/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Mon, 27 Mar 2023 08:20:18 GMT
strict-transport-security: max-age=31536000
last-modified: Wed, 15 Mar 2023 15:43:25 GMT
server: nginx
etag: "6411e79d-3b3b"
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 15163
expires: Wed, 26 Apr 2023 08:20:18 GMT

GET
DATA 200
OK truncated
/ 8 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 43178d623716da66afa896e9a43ec859f807494ce22331de996744006949a368

Request headers

accept-language: jp-JP,jp;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 com_sns_ic02.935407f6.png
1b89o2.cyou/img/ 14 KB
14 KB 240ms
240ms Image
image/png 216.144.226.73
PACIFICRACK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1b89o2.cyou/img/com_sns_ic02.935407f6.png

Requested by

Host: 1b89o2.cyou
URL: https://1b89o2.cyou/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

216.144.226.73 Ashburn, United States, ASN64270 (PACIFICRACK, US),

Reverse DNS

Software

nginx /

Resource Hash

0efe90ec10b6a4157a6fa596b16164861e20a2d8cdf2443806a1a71bcd19bc8d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://1b89o2.cyou/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Mon, 27 Mar 2023 08:20:18 GMT
strict-transport-security: max-age=31536000
last-modified: Wed, 15 Mar 2023 15:43:12 GMT
server: nginx
etag: "6411e790-374c"
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 14156
expires: Wed, 26 Apr 2023 08:20:18 GMT

GET
DATA 200
OK truncated
/ 5 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f6e651f94a1f6ade5e4668fe33c3b044328dd8ccbb2939924681a395f09d82a4

Request headers

accept-language: jp-JP,jp;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 5 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 277027dd1b2376d6ed0ebdef036764aa4f74204e85edb19b15944b9ed3909c87

Request headers

accept-language: jp-JP,jp;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Content-Type: image/png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Yamato Transport (Transportation)

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

7 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://ya1mk2.xyz/js/jquery.min.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://1b89o2.cyou/static/js/jquery.card.min.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://1b89o2.cyou/static/js/luhmCheck.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://1b89o2.cyou/static/js/css/modules/laydate/default/laydate.css?v=5.3.1 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://1b89o2.cyou/static/js/css/modules/layer/default/layer.css?v=3.5.1 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://1b89o2.cyou/static/js/css/modules/code.css?v=2 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://1b89o2.cyou/img/logo-jitbox.f822d4ac.png Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1b89o2.cyou
ya1mk2.xyz
192.210.162.204
216.144.226.73
0efe90ec10b6a4157a6fa596b16164861e20a2d8cdf2443806a1a71bcd19bc8d
1cb275d715dac44240e9bf6fc3a2ef3afb78d1af1a00a0d870d0ccdb27b91ea1
2594c084948733af513aa6064e08903964281bc4079e59a6422de3814884b053
276131f1484691a3071e0298733be53a89c5b79224b3d6476f887ae5795cc1db
277027dd1b2376d6ed0ebdef036764aa4f74204e85edb19b15944b9ed3909c87
2904277b7d570e3e0e93c8fce86c2fe4eec2e76a559433f760e157b07ba86595
413db86c231dca689de3ffc382873f8c3e9f936b95a3003a91d9bf928fabf09e
43178d623716da66afa896e9a43ec859f807494ce22331de996744006949a368
5a199c1c13b7480c6dcf5f4c5ecd4d0b1a594427d089633c0e993df369911f4b
702be8c20ee12eafc6a24f4ad278330b5ed9d500cb3542d019ae890dbd78093b
878f34a978358166cf414ea96a0bc351fe56a8d0a9fd1f8e47e3420728d20724
9a2723c21fb1b7dff0e2aa5dc6be24a9670220a17ae21f70fdbc602d1f8acd38
ae7b0a5062338b52737d34e2c0cc56fc45737ec3ae9f0c867812e318072bc7f5
bbfe1536a99000acceb61f549aa59354cc596efc9f10d3843aab6b273f5adb1e
be483938eb34538b970684f72e312f62652e84b42b7ad86953962d1ce2217c44
c504ef4da3a47112556289bfc6680ed4d6a82b0e918cc853946c853849322615
d207d7942aa5bd788378f92aae9fd3aae7ec1245776f16b6680bc1e312db3f51
d465172175d35d493fb1633e237700022bd849fa123164790b168b8318acb090
f6e651f94a1f6ade5e4668fe33c3b044328dd8ccbb2939924681a395f09d82a4
fde03dc107f1cfd899199f6bc9410e18fb317a3017e2431c884e05cf45c76205

1b89o2.cyou Open in urlscan Pro 216.144.226.73 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

22 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

3 IPs

1 Countries

480 kBTransfer

1817 kBSize

0 Cookies

1 Outgoing links

Redirected requests

22 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

11 JavaScript Global Variables

0 Cookies

7 Console Messages

Security Headers

Indicators

1b89o2.cyou Open in urlscan Pro
216.144.226.73 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

22
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

1
Countries

480 kB
Transfer

1817 kB
Size

0
Cookies

22 HTTP transactions
4 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!