Report - arc.puoemq.es/MR2ba/

Report Overview

Visited public
2025-04-28 21:26:10
Tags
suspicious phishing tycoon
URL
arc.puoemq.es/MR2ba/
Finishing URL
arc.puoemq.es/MR2ba/
IP / ASN
104.21.49.155
#13335 CLOUDFLARENET
Title
Suspicious - Anti-debugging code
Phishing - Tycoon Phishing Kit

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
arc.puoemq.es	unknown	unknown	2025-04-28	2025-04-28	1.7 kB	395 kB	104.21.49.155

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (6)

	URL	From	Size	First Seen	Last Seen
	arc.puoemq.es/MR2ba/	ScriptElement	100 kB	2025-04-28	2025-04-28
Pretty URL arc.puoemq.es/MR2ba/ IP 104.21.49.155 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-28 21:26 Last Seen2025-04-28 21:26 Times Seen1 Hash 54d1f0a1533dbfde7dd17cf3d18e5ef0 c016a06c70ba3bebd88c941d7790c9493aee4951 021f755539b8bd60c15173d832f21d1a03e3f55c6c01d3f1325ebe1b08e3b539 Loading...

	arc.puoemq.es/MR2ba/	ScriptElement	392 kB	2025-04-28	2025-04-28
Pretty URL arc.puoemq.es/MR2ba/ IP 104.21.49.155 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-04-28 21:26 Last Seen2025-04-28 21:26 Times Seen1 Hash 70923821571a7b51f771032f077f5ef2 627992ed2e5275a1de9bdf00025c84e7825aebe7 bd46535d4be45db59cf0d4ae997cd170cb803819b42550df860390990e051e0f Loading...

	arc.puoemq.es/MR2ba/	Eval	1.7 kB	2025-04-28	2025-04-28
Pretty URL arc.puoemq.es/MR2ba/ IP 104.21.49.155 ASN #13335 CLOUDFLARENET Introduced by eval Embedded in HTML false Observations First Seen2025-04-28 21:26 Last Seen2025-04-28 21:26 Times Seen1 Hash c14cae231df7f1a9ab16915986b94054 6f8b26b1cc4d556476ba634afa5942f78bafe935 a06b42168efa49d93d2e4de37e39b8783d01aca05bd4ff61b863796e5ba7d4ae Loading...

	arc.puoemq.es/MR2ba/	Eval	4.2 kB	2025-04-28	2025-04-28
Pretty URL arc.puoemq.es/MR2ba/ IP 104.21.49.155 ASN #13335 CLOUDFLARENET Introduced by eval Embedded in HTML false Observations First Seen2025-04-28 21:26 Last Seen2025-04-28 21:26 Times Seen1 Hash 5fa945e62bcc4ed6016231f8f9baf4d9 a59e486f03dfe8998dd1ac17bb68865673f4c959 e8bae03b4aff47d6011b63e1b75b155e09430be8b9c215fddefc09e30ad24811 Loading...

	arc.puoemq.es/MR2ba/	ScriptElement	40 kB	2025-04-28	2025-04-28
Pretty URL arc.puoemq.es/MR2ba/ IP 104.21.49.155 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-28 21:26 Last Seen2025-04-28 21:26 Times Seen1 Hash 8efd7215fd0757eeddc923839b58cdb6 274b3321157a308dcbf4c4f65420ae1f09026096 450e3ace625e333b399dab6570820a9186dbc77fcd51811e9195d9c5bbaca488 Loading...

		Size	First Seen	Last Seen
	#1 Write - 2a2a61a71238185309f4176b9be96a1d	108 kB	2025-04-28 21:26	2025-04-28 21:26
Pretty Observations First Seen2025-04-28 21:26 Last Seen2025-04-28 21:26 Times Seen1 Hash 2a2a61a71238185309f4176b9be96a1d bd1edd5e2e22da0de6bf07225ccfbff3fe36ae88 92630639e9c84bf815c1c2a154b6efd772f8e5c735385fd0017509c3fab39c6f Loading...

HTTP Transactions (2)

URL IP Response Size

arc.puoemq.es/favicon.ico

104.21.49.155

404 Not Found

0 B

URL GET
arc.puoemq.es/favicon.ico
IP
104.21.49.155:443
ASN
#13335 CLOUDFLARENET

Requested by
https://arc.puoemq.es/MR2ba/
Certificate
IssuerGoogle Trust Services
Subjectpuoemq.es
Fingerprint88:D8:52:D5:2F:AC:8C:61:D5:3B:B4:D7:C9:A3:73:F1:0E:14:D7:EF
ValidityTue, 08 Apr 2025 15:12:07 GMT - Mon, 07 Jul 2025 16:10:53 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: arc.puoemq.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://arc.puoemq.es/MR2ba/
Cookie: XSRF-TOKEN=eyJpdiI6IlFLdzVhZmo5NVdYSG95a0ppUmVKMnc9PSIsInZhbHVlIjoiZlZ3WkVWcFEyLzBkWUVLS1N2YW5uNTVxb0ZFaHo5SHRZZjMxeFppRS9xT1IzcFF6RmtWcGJxSUNyTlY1bzJZVTVtOUszQ0JoTUN5ZVRGWlZENzJWM1QwY1duOW5tZ09MbFlPVVFHMXVENjJ6RFRXYzZoR1hKaFYzQ2xKY3lJRlUiLCJtYWMiOiJjZmYxYjE3NWFlNjk2MjgzYjA5NjQ5ODQzZGNmMzdiOTAzOTc0ZDcyMDU3YjcxMTc0YTlkNzQwYzhjZTkzYjBmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InBHZ0JRSVhGTjRZRXdhTmp0azRlV1E9PSIsInZhbHVlIjoiMzFSM245UDVZM2pNY0sxQS9vZG9zU3loNW9TQTdIMEZjeDRjc0I3aklsZnFJMWhudWx5YXNlR3llNVJia1NwYVR0aHQ2OU5SRkJNeVJHUk9qYmNWcTFZTzVHMk1tb3BjeHNBUzRhaXZURFVKMUdRMnI4SUh3eHVUTXllZ3VFSmsiLCJtYWMiOiI4MDg0Zjc4MDE1MjM0YzA0MzJjZmQ5ZTczZmY1OWU1MjlmNTIwN2UzMWEwNTk0ZmVhYmI4YWE0YzhkZWRjYzM0IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
date: Mon, 28 Apr 2025 21:25:38 GMT
content-type: text/html; charset=UTF-8
server: cloudflare
cache-control: max-age=14400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uWfGC3DtPmWppEwqEKXfRRWokbOoP8E7b1ot%2FdDwgWJRNgjxiy%2BjPHUctmZrN1AvjuD8M4VroF%2FauDCvRVMU19c1oA7hrw0dOMG67Pt7ifbO6YzoEO6zI522DtdQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server-timing: cfL4;desc="?proto=TCP&rtt=403&min_rtt=403&rtt_var=153&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2827&recv_bytes=2076&delivery_rate=9863414&cwnd=252&unsent_bytes=0&cid=9fc59d5acc1cda7b&ts=41&x=0"
cf-cache-status: MISS
content-encoding: br
cf-ray: 9379a2240d0b56b7-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

arc.puoemq.es/MR2ba/

104.21.49.155

200 OK

392 kB

URL User Request GET
arc.puoemq.es/MR2ba/
IP
104.21.49.155:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectpuoemq.es
Fingerprint88:D8:52:D5:2F:AC:8C:61:D5:3B:B4:D7:C9:A3:73:F1:0E:14:D7:EF
ValidityTue, 08 Apr 2025 15:12:07 GMT - Mon, 07 Jul 2025 16:10:53 GMT

File type
HTML document, ASCII text, with very long lines (65331)
Size
392 kB (392290 bytes)
Hash
4a0737dd248f3640d30f88dbd6916e06
54ea0fe47a8e1cc9847f390420d74be750c68702
0038b7c4d2c7990449e46285dd37bd1cf4062e0fd5583f0672d588be1735500a

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - Anti-debugging code
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

GET /MR2ba/ HTTP/1.1
Host: arc.puoemq.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 28 Apr 2025 21:25:38 GMT
content-type: text/html; charset=UTF-8
server: cloudflare
cache-control: no-cache, private
cf-cache-status: DYNAMIC
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZSHKtT5T9PcCnMB6YTNljgCqNFeDheseaHPx4Sb06EatPaEErO0Xn768tsKXz0h4OE6UKVl%2Bgp2RHndvwWXPOdebA%2Bze1xY%2BvSLMTRiJarNJJxVW6CwqNUX54i1N"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server-timing: cfL4;desc="?proto=TCP&rtt=15830&min_rtt=15787&rtt_var=5951&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2827&recv_bytes=1397&delivery_rate=256160&cwnd=217&unsent_bytes=0&cid=4d4bca263e84349d&ts=123&x=0"
content-encoding: br
set-cookie: XSRF-TOKEN=eyJpdiI6IlFLdzVhZmo5NVdYSG95a0ppUmVKMnc9PSIsInZhbHVlIjoiZlZ3WkVWcFEyLzBkWUVLS1N2YW5uNTVxb0ZFaHo5SHRZZjMxeFppRS9xT1IzcFF6RmtWcGJxSUNyTlY1bzJZVTVtOUszQ0JoTUN5ZVRGWlZENzJWM1QwY1duOW5tZ09MbFlPVVFHMXVENjJ6RFRXYzZoR1hKaFYzQ2xKY3lJRlUiLCJtYWMiOiJjZmYxYjE3NWFlNjk2MjgzYjA5NjQ5ODQzZGNmMzdiOTAzOTc0ZDcyMDU3YjcxMTc0YTlkNzQwYzhjZTkzYjBmIiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Mon, 28 Apr 2025 23:25:37 GMT
laravel_session=eyJpdiI6InBHZ0JRSVhGTjRZRXdhTmp0azRlV1E9PSIsInZhbHVlIjoiMzFSM245UDVZM2pNY0sxQS9vZG9zU3loNW9TQTdIMEZjeDRjc0I3aklsZnFJMWhudWx5YXNlR3llNVJia1NwYVR0aHQ2OU5SRkJNeVJHUk9qYmNWcTFZTzVHMk1tb3BjeHNBUzRhaXZURFVKMUdRMnI4SUh3eHVUTXllZ3VFSmsiLCJtYWMiOiI4MDg0Zjc4MDE1MjM0YzA0MzJjZmQ5ZTczZmY1OWU1MjlmNTIwN2UzMWEwNTk0ZmVhYmI4YWE0YzhkZWRjYzM0IiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Mon, 28 Apr 2025 23:25:37 GMT
cf-ray: 9379a21e6d3356b7-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (6)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

HTTP Transactions (2)

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers