Report - y5csdm1qhmd10zpcqniw.lkcmswdv.es/ObMhNO/

Report Overview

Visited public
2025-04-26 01:26:59
Tags
suspicious phishing tycoon
Submit Tags
URL
y5csdm1qhmd10zpcqniw.lkcmswdv.es/ObMhNO/
Finishing URL
y5csdm1qhmd10zpcqniw.lkcmswdv.es/ObMhNO/
IP / ASN
104.21.63.16
#13335 CLOUDFLARENET
Title
Suspicious - Anti-debugging code
Phishing - Tycoon Phishing Kit

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
y5csdm1qhmd10zpcqniw.lkcmswdv.es	unknown	unknown	2025-04-26	2025-04-26	1.7 kB	232 kB	104.21.63.16

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (6)

	URL	From	Size	First Seen	Last Seen
	y5csdm1qhmd10zpcqniw.lkcmswdv.es/ObMhNO/	ScriptElement	40 kB	2025-04-26	2025-04-26
Pretty URL y5csdm1qhmd10zpcqniw.lkcmswdv.es/ObMhNO/ IP 104.21.63.16 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-26 01:27 Last Seen2025-04-26 01:27 Times Seen1 Hash 3e040eb93c85ba178ca664fecf97c45e 90bb40af6fe8ec1bec918cb2be988cc1b2b9aa96 b406e6de8a06541d04b93680ff6eb3cdfe504dd85c0786322a36c5c708b320fc Loading...

	y5csdm1qhmd10zpcqniw.lkcmswdv.es/ObMhNO/	Eval	1.7 kB	2025-04-26	2025-04-26
Pretty URL y5csdm1qhmd10zpcqniw.lkcmswdv.es/ObMhNO/ IP 104.21.63.16 ASN #13335 CLOUDFLARENET Introduced by eval Embedded in HTML false Observations First Seen2025-04-26 01:27 Last Seen2025-04-26 01:27 Times Seen1 Hash 1bb54476d442e61d1aae01e22bc7539e 1ebfa89202db8060ddee9040a6a5d16e3c592d58 4d722fc08f49ab925005fea39e074b2ce093f7e0c2c4f470acce40fb2ebe5b72 Loading...

	y5csdm1qhmd10zpcqniw.lkcmswdv.es/ObMhNO/	Eval	1.6 kB	2025-04-26	2025-04-26
Pretty URL y5csdm1qhmd10zpcqniw.lkcmswdv.es/ObMhNO/ IP 104.21.63.16 ASN #13335 CLOUDFLARENET Introduced by eval Embedded in HTML false Observations First Seen2025-04-26 01:27 Last Seen2025-04-26 01:27 Times Seen1 Hash 324ecd5b8aefac12627450a4957010e9 087b420eb0d5c39152112675cb25a00132441067 804a45b1c57a82a249d3f09806fed4a67b94700d3579263ff3f337cd955fa71d Loading...

	y5csdm1qhmd10zpcqniw.lkcmswdv.es/ObMhNO/	ScriptElement	230 kB	2025-04-26	2025-04-26
Pretty URL y5csdm1qhmd10zpcqniw.lkcmswdv.es/ObMhNO/ IP 104.21.63.16 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-04-26 01:27 Last Seen2025-04-26 01:27 Times Seen1 Hash 15af8fde497e42b1c583d1ff6030a038 a326fa7f816fc2a706afb65a4f533d341f77c77a 6da4232ee53549dbb9615d85f73ecf11c079d17e34dfe5b94b0ca43f609d434e Loading...

	y5csdm1qhmd10zpcqniw.lkcmswdv.es/ObMhNO/	ScriptElement	38 kB	2025-04-26	2025-04-26
Pretty URL y5csdm1qhmd10zpcqniw.lkcmswdv.es/ObMhNO/ IP 104.21.63.16 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-26 01:27 Last Seen2025-04-26 01:27 Times Seen1 Hash 40946af490f03085fbde26037ef0b81c 4e1e8594ffbc5aa1eceab5a7cd280e82ee1128f3 e4673df97b95e8cbc47e5bbb0e27782d59321eb2094f77048c1d9a39fc72d7f7 Loading...

		Size	First Seen	Last Seen
	#1 Write - 67d639606ca589c68a2002e62cabc1ea	63 kB	2025-04-26 01:27	2025-04-26 01:27
Pretty Observations First Seen2025-04-26 01:27 Last Seen2025-04-26 01:27 Times Seen1 Hash 67d639606ca589c68a2002e62cabc1ea bb712a920048de1eb15027e93c418c20ea50706e 806a56ae7c5564cbe96e12ea846cec746a0f68c3f3f75f814e48f2bad8c169f6 Loading...

HTTP Transactions (2)

URL IP Response Size

GET y5csdm1qhmd10zpcqniw.lkcmswdv.es/favicon.ico

104.21.63.16

404 Not Found

0 B

URL GET
y5csdm1qhmd10zpcqniw.lkcmswdv.es/favicon.ico
IP
104.21.63.16:443
ASN
#13335 CLOUDFLARENET

Requested by
https://y5csdm1qhmd10zpcqniw.lkcmswdv.es/ObMhNO/
Certificate
IssuerGoogle Trust Services
Subjectlkcmswdv.es
Fingerprint75:2C:D5:26:1C:5D:AA:7B:F5:D8:1E:C1:79:FD:98:2F:01:C2:A5:E9
ValiditySun, 16 Mar 2025 00:23:18 GMT - Sat, 14 Jun 2025 01:22:09 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: y5csdm1qhmd10zpcqniw.lkcmswdv.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://y5csdm1qhmd10zpcqniw.lkcmswdv.es/ObMhNO/
Cookie: XSRF-TOKEN=eyJpdiI6IitoZjhvb28vQ3dFNFZjYmd1SjJVQkE9PSIsInZhbHVlIjoiSVhxam9lRkl3VzFoaXBrRlphSUgzaWhmTXhTZXZ2U2M0NEFqWVJSSmhCa0Z0dE5QNlhvV3dXdlV3T3JhaUZvRk5RaDBSaWNHdHpkZXRFM1ZlWjA2b1pvVmVkckxDREdLMmtweHNEWDJxYXFZQUFCS2hOR28zNm1SR253a1JxdDMiLCJtYWMiOiI3MWRjMzYxOTZhMzBiM2Y1MjBkZjkwY2I4NWQ2OTY3YmYzMTYxNjI0ZGRlYjYwYzgyNmQ4MzRjN2FmZmIxN2RiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlMvZXA3OFhYYWlIbWd0WkUwRWprOWc9PSIsInZhbHVlIjoieHNIYndmNzRiUVhwQmNzOUpHM09hTFpLTWdwZ1kvNjkyYmlvWU9USzAwVjlncm9pVVViNjB3dCtmRkRkVGZoUnh1Uk5zUEs2N2E0WjVLNVljMTM1aFBlN3ZiWjhFTkwrZENYTzdrbkEwL3ZFcXRDU3VpTWo0SVArYnhsb1dhOWkiLCJtYWMiOiI4MWViNjMzM2E0YTI0ZTk0ZWNjMzFlMzk1OWY0M2JjOTJjYWMxOTcyNDE4NWJhZjkwZGY1NGFkZDllM2E2ZmE1IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
date: Sat, 26 Apr 2025 01:26:28 GMT
content-type: text/html; charset=UTF-8
server: cloudflare
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3vbm%2Fplic%2B3srvBbb8LzVgHQ9dZu0w63G34LhX30pENR%2Bb3mYioXwqnnaOeirB%2FH3E8TURQLbXraHFAIPrmMhXfxy4E%2FIOtM06C%2BmeJ0r%2B0BPnoQjo92fJDWLuMw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server-timing: cfL4;desc="?proto=TCP&rtt=10473&min_rtt=10037&rtt_var=34&sent=957&recv=409&lost=0&retrans=1&sent_bytes=1080239&recv_bytes=59035&delivery_rate=7014126&cwnd=4&unsent_bytes=0&cid=049fa67650423d02&ts=750794&x=0"
content-encoding: br
cf-ray: 93624ac8ddd8b518-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET y5csdm1qhmd10zpcqniw.lkcmswdv.es/ObMhNO/

104.21.63.16

200 OK

230 kB

URL User Request GET
y5csdm1qhmd10zpcqniw.lkcmswdv.es/ObMhNO/
IP
104.21.63.16:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectlkcmswdv.es
Fingerprint75:2C:D5:26:1C:5D:AA:7B:F5:D8:1E:C1:79:FD:98:2F:01:C2:A5:E9
ValiditySun, 16 Mar 2025 00:23:18 GMT - Sat, 14 Jun 2025 01:22:09 GMT

File type
HTML document, ASCII text, with very long lines (65307)
Size
230 kB (229746 bytes)
Hash
c8f82c104fc92178a2b9bac8b4c3f5e3
ae16e4f2086e1bf864e0fb1a3a0dc20dd2ee0ea4
94378199d8381cc407706f857b559c52cf99214608f5d9476ba9b3db4de86285

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - Anti-debugging code
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

GET /ObMhNO/ HTTP/1.1
Host: y5csdm1qhmd10zpcqniw.lkcmswdv.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 26 Apr 2025 01:26:27 GMT
content-type: text/html; charset=UTF-8
server: cloudflare
cache-control: no-cache, private
cf-cache-status: DYNAMIC
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tExAbSSDdTS1a%2BRINaKBdtobU6hfVfH3OQgSLw07w6e2y08QFy5NcPIc8EBfszRL2zavsvL6%2F0IgyjTk3QzOQawYyYEMl%2Bgf25of6y3NtsMF9w8nHjI2K847XaFZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server-timing: cfL4;desc="?proto=TCP&rtt=9937&min_rtt=9730&rtt_var=56&sent=2088&recv=691&lost=0&retrans=3&sent_bytes=2549807&recv_bytes=64370&delivery_rate=10396211&cwnd=518&unsent_bytes=0&cid=ec1626aeaaa77884&ts=749840&x=0"
content-encoding: br
set-cookie: XSRF-TOKEN=eyJpdiI6IitoZjhvb28vQ3dFNFZjYmd1SjJVQkE9PSIsInZhbHVlIjoiSVhxam9lRkl3VzFoaXBrRlphSUgzaWhmTXhTZXZ2U2M0NEFqWVJSSmhCa0Z0dE5QNlhvV3dXdlV3T3JhaUZvRk5RaDBSaWNHdHpkZXRFM1ZlWjA2b1pvVmVkckxDREdLMmtweHNEWDJxYXFZQUFCS2hOR28zNm1SR253a1JxdDMiLCJtYWMiOiI3MWRjMzYxOTZhMzBiM2Y1MjBkZjkwY2I4NWQ2OTY3YmYzMTYxNjI0ZGRlYjYwYzgyNmQ4MzRjN2FmZmIxN2RiIiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Sat, 26 Apr 2025 03:26:27 GMT
laravel_session=eyJpdiI6IlMvZXA3OFhYYWlIbWd0WkUwRWprOWc9PSIsInZhbHVlIjoieHNIYndmNzRiUVhwQmNzOUpHM09hTFpLTWdwZ1kvNjkyYmlvWU9USzAwVjlncm9pVVViNjB3dCtmRkRkVGZoUnh1Uk5zUEs2N2E0WjVLNVljMTM1aFBlN3ZiWjhFTkwrZENYTzdrbkEwL3ZFcXRDU3VpTWo0SVArYnhsb1dhOWkiLCJtYWMiOiI4MWViNjMzM2E0YTI0ZTk0ZWNjMzFlMzk1OWY0M2JjOTJjYWMxOTcyNDE4NWJhZjkwZGY1NGFkZDllM2E2ZmE1IiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Sat, 26 Apr 2025 03:26:27 GMT
cf-ray: 93624ac29aadb518-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (6)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

HTTP Transactions (2)

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers