Report - cyan-snake-49168.zap.cloud/ics

Report Overview

Submitted URL
cyan-snake-49168.zap.cloud/ics
IP
185.223.31.112
ASN
#30823 aurologic GmbH
Submitted
2024-05-08 16:43:18
Access
public
Website Title
Inlоggen - Mijn IСS | Internаtiоnаl Саrd Serviсes
Final URL
cyan-snake-49168.zap.cloud/ics/a1b2c3/2c8af21cea8ab54505bbf01aea23dd17/login/?#56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d
Tags
international_card_services financial phishing
urlquery detections
Phishing - International Card Services

Detections

urlquery
41
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cyan-snake-49168.zap.cloud	unknown	unknown	No data	No data	20 kB	1.6 MB	185.223.31.112

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-05-08	medium	cyan-snake-49168.zap.cloud/ics	International Card Services B.V

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (9)

	URL	Size	First Seen	Last Seen
	unknown	58 B	2024-05-08	2024-05-08
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 18:43:24 Last Seen2024-05-08 18:43:24 Times Seen2 Hash 4b08561d379658af9eeeaeef0ff0c416 2d4bfe03e01cacd9be02ada3ff2bfe192abeecd7 91bd3facc92804012d03f5869121562ce355f24a8b36eb15614a2a2540da33d4 Loading...

	cyan-snake-49168.zap.cloud/ics/bower_components/ua-parser-js/dist/ua-parser.min.js	17 kB	2023-04-05	2024-05-17
Pretty URL cyan-snake-49168.zap.cloud/ics/bower_components/ua-parser-js/dist/ua-parser.min.js IP 185.223.31.112 ASN #30823 aurologic GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-05 05:27:01 Last Seen2024-05-17 07:44:12 Times Seen854 Hash a7e9c9b57fe9cfe79bd36a350b9a877f c186195ae889214c8b4af9f70ef872098bc44f4c 15dab54b218a38a7955d0ce950039eaf35fd565f40eec53032fc52353c302b76 Loading...

	cyan-snake-49168.zap.cloud/ics/core/token/core_token.js	13 kB	2023-03-13	2024-05-08
Pretty URL cyan-snake-49168.zap.cloud/ics/core/token/core_token.js IP 185.223.31.112 ASN #30823 aurologic GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 07:20:53 Last Seen2024-05-08 18:43:24 Times Seen8 Hash 9d1ce71c125adc42d8f843d458ac9d13 90ba31cf9882eae6232b3232473bdaa27355dc9f 69a17b00a3fe01a26601818d1435d1d861216a7cd38d69a698b1bd68e97e5279 Loading...

	unknown	58 B	2024-05-08	2024-05-08
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 18:43:24 Last Seen2024-05-08 18:43:24 Times Seen1 Hash 6cc536ca66ea0b857e04773e91f40d5e f2fc52a2a8526aa4b4aa8079432944fec4494387 0317a52fbdd7c9223389e92123895d69e62612f06831baed9e71d4548eed4954 Loading...

	cyan-snake-49168.zap.cloud/ics/core/form/core_form.js	38 kB	2023-03-13	2024-05-08
Pretty URL cyan-snake-49168.zap.cloud/ics/core/form/core_form.js IP 185.223.31.112 ASN #30823 aurologic GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 07:20:52 Last Seen2024-05-08 18:43:24 Times Seen8 Hash a071bb941ad8f7dbfe3590671e6cfa71 1c2f122339100c92e31fa84a9cf77868f1d4426b b1eb0eebf375831b21605fb80e5779b7f7b30e2cff016f2b6d0fdb723c70adb6 Loading...

	cyan-snake-49168.zap.cloud/ics/login/token/token.js?v=663bab8d518b1	1.3 kB	2023-03-07	2024-05-08
Pretty URL cyan-snake-49168.zap.cloud/ics/login/token/token.js?v=663bab8d518b1 IP 185.223.31.112 ASN #30823 aurologic GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:28:34 Last Seen2024-05-08 18:43:24 Times Seen204 Hash e5c4349c160d44d04059860eed06c149 3bb2cf98c490b8c81796d2308bdc11993dd90290 4990eba8e4dc4cb12cba3e92aad405f4a41a7d60146b85e0b7857502eb53a293 Loading...

	cyan-snake-49168.zap.cloud/ics/login/form/form.js?v=663bab8d518af	3.1 kB	2023-03-07	2024-05-08
Pretty URL cyan-snake-49168.zap.cloud/ics/login/form/form.js?v=663bab8d518af IP 185.223.31.112 ASN #30823 aurologic GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:28:34 Last Seen2024-05-08 18:43:24 Times Seen288 Hash 0410329bbea4ef934e13e41ff067fbd5 6f9b4e2ee9373e2bbc4fe86937b97ce4003825b5 907d66973b8a86469b449cbf61d1dd0e17df8cbdb894efb6ea47cae06cd67c3f Loading...

	cyan-snake-49168.zap.cloud/ics/bower_components/jquery/dist/jquery.min.js	87 kB	2023-03-07	2024-05-20
Pretty URL cyan-snake-49168.zap.cloud/ics/bower_components/jquery/dist/jquery.min.js IP 185.223.31.112 ASN #30823 aurologic GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-05-20 00:23:47 Times Seen68096 Hash c9f5aeeca3ad37bf2aa006139b935f0a 1055018c28ab41087ef9ccefe411606893dabea2 87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de Loading...

	cyan-snake-49168.zap.cloud/ics/a1b2c3/2c8af21cea8ab54505bbf01aea23dd17/login/?	474 B	2024-05-08	2024-05-08
Pretty URL cyan-snake-49168.zap.cloud/ics/a1b2c3/2c8af21cea8ab54505bbf01aea23dd17/login/? IP 185.223.31.112 ASN #30823 aurologic GmbH Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-08 18:43:24 Last Seen2024-05-08 18:43:24 Times Seen1 Hash 4b16672c8655a50c6e9270c1782a3270 c809eb22e5282cac55fc82677b664643b174b660 70aba6ee55a023bd4887332cefb2ea08794493daae20515c13ece903f38f9778 Loading...

HTTP Transactions (33)

URL IP Response Size

cyan-snake-49168.zap.cloud/ics

185.223.31.112

301 Moved Permanently

324 B

URL User Request GET HTTP/2
cyan-snake-49168.zap.cloud/ics
IP
185.223.31.112:443
ASN
#30823 aurologic GmbH

Certificate
IssuerLet's Encrypt
Subjectcyan-snake-49168.zap.cloud
FingerprintAC:E8:07:8F:27:A7:17:52:A4:6B:2C:78:A4:3D:B6:9E:8B:F2:FE:37
ValidityTue, 16 Apr 2024 08:11:48 GMT - Mon, 15 Jul 2024 08:11:47 GMT

File type
HTML document, ASCII text
Size
324 B (324 bytes)
Hash
6921481e3b5bd03d39ad7ab8db0c58e8
67f5a056bdac033792484ae5fc1ab4cbb3adebef
64ecd3332472cdb7abaa07e2dda255e0a16e379d85a6a08247ffc81b72aadc4e

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	International Card Services B.V

HTTP Headers

GET /ics HTTP/1.1
Host: cyan-snake-49168.zap.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
server: nginx
date: Wed, 08 May 2024 16:42:51 GMT
content-type: text/html; charset=iso-8859-1
content-length: 324
location: https://cyan-snake-49168.zap.cloud/ics/
x-powered-by: PleskLin
X-Firefox-Spdy: h2

cyan-snake-49168.zap.cloud/ics/

185.223.31.112

200 OK

446 B

URL User Request GET HTTP/2
cyan-snake-49168.zap.cloud/ics/
IP
185.223.31.112:443
ASN
#30823 aurologic GmbH

Certificate
IssuerLet's Encrypt
Subjectcyan-snake-49168.zap.cloud
FingerprintAC:E8:07:8F:27:A7:17:52:A4:6B:2C:78:A4:3D:B6:9E:8B:F2:FE:37
ValidityTue, 16 Apr 2024 08:11:48 GMT - Mon, 15 Jul 2024 08:11:47 GMT

File type
JavaScript source, ASCII text
Size
446 B (446 bytes)
Hash
eb13123974b6c98900d19f55628c0dd7
305a873e55d8e548c6a00b95cb7a16f4e07dc49b
6b85f65999aa8430d6724295d1a8a92fb4a25b76d3b43b799cd3b39fd473f05b

HTTP Headers

GET /ics/ HTTP/1.1
Host: cyan-snake-49168.zap.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 16:42:51 GMT
content-type: text/html; charset=UTF-8
content-length: 446
set-cookie: real=OK
vary: Accept-Encoding
content-encoding: gzip
x-powered-by: PHP/8.1.28, PleskLin
X-Firefox-Spdy: h2

cyan-snake-49168.zap.cloud/ics/a1b2c3/2c8af21cea8ab54505bbf01aea23dd17?

185.223.31.112

301 Moved Permanently

365 B

URL User Request GET HTTP/2
cyan-snake-49168.zap.cloud/ics/a1b2c3/2c8af21cea8ab54505bbf01aea23dd17?
IP
185.223.31.112:443
ASN
#30823 aurologic GmbH

Certificate
IssuerLet's Encrypt
Subjectcyan-snake-49168.zap.cloud
FingerprintAC:E8:07:8F:27:A7:17:52:A4:6B:2C:78:A4:3D:B6:9E:8B:F2:FE:37
ValidityTue, 16 Apr 2024 08:11:48 GMT - Mon, 15 Jul 2024 08:11:47 GMT

File type
HTML document, ASCII text
Size
365 B (365 bytes)
Hash
b8672afb8cfd0ba6c397192bb7c979c4
e2651adfbaf6ece5d24de31041b72dd73b7655c5
73909cbdc0b9818be73ed3f48ad3c61788da87583d2b625c1ecb86b6d802c019

HTTP Headers

GET /ics/a1b2c3/2c8af21cea8ab54505bbf01aea23dd17? HTTP/1.1
Host: cyan-snake-49168.zap.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cyan-snake-49168.zap.cloud/ics/
Cookie: real=OK
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 301 Moved Permanently
server: nginx
date: Wed, 08 May 2024 16:42:53 GMT
content-type: text/html; charset=iso-8859-1
content-length: 365
location: https://cyan-snake-49168.zap.cloud/ics/a1b2c3/2c8af21cea8ab54505bbf01aea23dd17/?
x-powered-by: PleskLin
X-Firefox-Spdy: h2

cyan-snake-49168.zap.cloud/ics/a1b2c3/2c8af21cea8ab54505bbf01aea23dd17/?

185.223.31.112

302 Found

0 B

URL User Request GET HTTP/2
cyan-snake-49168.zap.cloud/ics/a1b2c3/2c8af21cea8ab54505bbf01aea23dd17/?
IP
185.223.31.112:443
ASN
#30823 aurologic GmbH

Certificate
IssuerLet's Encrypt
Subjectcyan-snake-49168.zap.cloud
FingerprintAC:E8:07:8F:27:A7:17:52:A4:6B:2C:78:A4:3D:B6:9E:8B:F2:FE:37
ValidityTue, 16 Apr 2024 08:11:48 GMT - Mon, 15 Jul 2024 08:11:47 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ics/a1b2c3/2c8af21cea8ab54505bbf01aea23dd17/? HTTP/1.1
Host: cyan-snake-49168.zap.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cyan-snake-49168.zap.cloud/ics/
DNT: 1
Connection: keep-alive
Cookie: real=OK
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
server: nginx
date: Wed, 08 May 2024 16:42:53 GMT
content-type: text/html; charset=UTF-8
content-length: 0
expires: Thu, 18 Aug 1994 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate
set-cookie: bid=2c8af21cea8ab54505bbf01aea23dd17; expires=Fri, 07-Jun-2024 16:42:53 GMT; Max-Age=2592000; path=/
location: login/?
x-powered-by: PHP/8.1.28, PleskLin
X-Firefox-Spdy: h2

cyan-snake-49168.zap.cloud/ics/a1b2c3/2c8af21cea8ab54505bbf01aea23dd17/login/?

185.223.31.112

200 OK

9.0 kB

URL User Request GET HTTP/2
cyan-snake-49168.zap.cloud/ics/a1b2c3/2c8af21cea8ab54505bbf01aea23dd17/login/?
IP
185.223.31.112:443
ASN
#30823 aurologic GmbH

Certificate
IssuerLet's Encrypt
Subjectcyan-snake-49168.zap.cloud
FingerprintAC:E8:07:8F:27:A7:17:52:A4:6B:2C:78:A4:3D:B6:9E:8B:F2:FE:37
ValidityTue, 16 Apr 2024 08:11:48 GMT - Mon, 15 Jul 2024 08:11:47 GMT

File type
HTML document, ASCII text, with very long lines (3394)
Size
9.0 kB (8993 bytes)
Hash
cf00326482d5efc40f357ca062002fe5
e9d74d7267853d7b39676e06782f147ebb880d18
95751b8a28523aafbbf5b574029870ab6d195b3eda27cf4c6ca3f57f7c56942f

HTTP Headers

GET /ics/a1b2c3/2c8af21cea8ab54505bbf01aea23dd17/login/? HTTP/1.1
Host: cyan-snake-49168.zap.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cyan-snake-49168.zap.cloud/ics/
DNT: 1
Connection: keep-alive
Cookie: real=OK; bid=2c8af21cea8ab54505bbf01aea23dd17
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 16:42:53 GMT
content-type: text/html; charset=UTF-8
content-length: 8993
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
vary: Accept-Encoding
content-encoding: gzip
x-powered-by: PHP/8.1.28, PleskLin
X-Firefox-Spdy: h2

cyan-snake-49168.zap.cloud/ics/login/form/css.css

185.223.31.112

200 OK

145 B

URL GET HTTP/2
cyan-snake-49168.zap.cloud/ics/login/form/css.css
IP
185.223.31.112:443
ASN
#30823 aurologic GmbH

Requested by
https://cyan-snake-49168.zap.cloud/ics/a1b2c3/2c8af21cea8ab54505bbf01aea23dd17/login/?
Certificate
IssuerLet's Encrypt
Subjectcyan-snake-49168.zap.cloud
FingerprintAC:E8:07:8F:27:A7:17:52:A4:6B:2C:78:A4:3D:B6:9E:8B:F2:FE:37
ValidityTue, 16 Apr 2024 08:11:48 GMT - Mon, 15 Jul 2024 08:11:47 GMT

File type
ASCII text
Size
145 B (145 bytes)
Hash
e9ee462a29ad8506e1c776bc04f14a12
194c3ba106b110fbd63dc06a39f5251e1cf5484b
bc09c0ebd0c1893c33b04746dc54848a7b6aceedaa4d9af891b0cd5fb7c73893

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - International Card Services

HTTP Headers

GET /ics/login/form/css.css HTTP/1.1
Host: cyan-snake-49168.zap.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cyan-snake-49168.zap.cloud/ics/a1b2c3/2c8af21cea8ab54505bbf01aea23dd17/login/?
Cookie: real=OK; bid=2c8af21cea8ab54505bbf01aea23dd17
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 16:42:53 GMT
content-type: text/css
content-length: 145
x-accel-version: 0.01
last-modified: Tue, 24 Jan 2023 00:55:46 GMT
etag: "f0-5f2f7f9d6c880-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-powered-by: PleskLin
X-Firefox-Spdy: h2

cyan-snake-49168.zap.cloud/ics/login/extra-veilig-inloggen.png

185.223.31.112

200 OK

2.6 kB

URL GET HTTP/2
cyan-snake-49168.zap.cloud/ics/login/extra-veilig-inloggen.png
IP
185.223.31.112:443
ASN
#30823 aurologic GmbH

Requested by
https://cyan-snake-49168.zap.cloud/ics/a1b2c3/2c8af21cea8ab54505bbf01aea23dd17/login/?
Certificate
IssuerLet's Encrypt
Subjectcyan-snake-49168.zap.cloud
FingerprintAC:E8:07:8F:27:A7:17:52:A4:6B:2C:78:A4:3D:B6:9E:8B:F2:FE:37
ValidityTue, 16 Apr 2024 08:11:48 GMT - Mon, 15 Jul 2024 08:11:47 GMT

File type
PNG image data, 193 x 155, 8-bit/color RGBA, non-interlaced
Size
2.6 kB (2604 bytes)
Hash
d92d46789bd26332413f749c9049025f
bd82a9f760c742e15c609555753f25b7cb24b0a0
23b6fb0108b94d2d81693c51c160e6be5d60855078f0a042a13334e81b79dec9

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - International Card Services

HTTP Headers

GET /ics/login/extra-veilig-inloggen.png HTTP/1.1
Host: cyan-snake-49168.zap.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cyan-snake-49168.zap.cloud/ics/a1b2c3/2c8af21cea8ab54505bbf01aea23dd17/login/?
Cookie: real=OK; bid=2c8af21cea8ab54505bbf01aea23dd17
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 16:42:53 GMT
content-type: image/png
content-length: 2604
last-modified: Tue, 24 Jan 2023 00:55:42 GMT
etag: "63cf2c8e-a2c"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

cyan-snake-49168.zap.cloud/ics/bower_components/jquery/dist/jquery.min.js

185.223.31.112

200 OK

116 kB

URL GET HTTP/2
cyan-snake-49168.zap.cloud/ics/bower_components/jquery/dist/jquery.min.js
IP
185.223.31.112:443
ASN
#30823 aurologic GmbH

Requested by
https://cyan-snake-49168.zap.cloud/ics/a1b2c3/2c8af21cea8ab54505bbf01aea23dd17/login/?
Certificate
IssuerLet's Encrypt
Subjectcyan-snake-49168.zap.cloud
FingerprintAC:E8:07:8F:27:A7:17:52:A4:6B:2C:78:A4:3D:B6:9E:8B:F2:FE:37
ValidityTue, 16 Apr 2024 08:11:48 GMT - Mon, 15 Jul 2024 08:11:47 GMT

File type
JavaScript source, ASCII text, with very long lines (32058)
Size
116 kB (115681 bytes)
Hash
c9f5aeeca3ad37bf2aa006139b935f0a
1055018c28ab41087ef9ccefe411606893dabea2
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - International Card Services

HTTP Headers

GET /ics/bower_components/jquery/dist/jquery.min.js HTTP/1.1
Host: cyan-snake-49168.zap.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cyan-snake-49168.zap.cloud/ics/a1b2c3/2c8af21cea8ab54505bbf01aea23dd17/login/?
Cookie: real=OK; bid=2c8af21cea8ab54505bbf01aea23dd17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 16:42:53 GMT
content-type: application/javascript
last-modified: Tue, 24 Jan 2023 00:55:12 GMT
etag: W/"63cf2c70-15283"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

cyan-snake-49168.zap.cloud/ics/login/icons.woff

185.223.31.112

200 OK

11 kB

URL GET HTTP/2
cyan-snake-49168.zap.cloud/ics/login/icons.woff
IP
185.223.31.112:443
ASN
#30823 aurologic GmbH

Requested by
https://cyan-snake-49168.zap.cloud/ics/a1b2c3/2c8af21cea8ab54505bbf01aea23dd17/login/?
Certificate
IssuerLet's Encrypt
Subjectcyan-snake-49168.zap.cloud
FingerprintAC:E8:07:8F:27:A7:17:52:A4:6B:2C:78:A4:3D:B6:9E:8B:F2:FE:37
ValidityTue, 16 Apr 2024 08:11:48 GMT - Mon, 15 Jul 2024 08:11:47 GMT

File type
Web Open Font Format, TrueType, length 11160, version 1.0
Size
11 kB (11160 bytes)
Hash
8dc03542a25b5a4e35d7f6d420203e69
d836d4d01e9d719741e86bf521ae2163571f04d8
c1f3874cc3f5467a309962d1f127dc7c0f5bfdba58e6084a779d4dacefcefb8d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - International Card Services

HTTP Headers

GET /ics/login/icons.woff HTTP/1.1
Host: cyan-snake-49168.zap.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://cyan-snake-49168.zap.cloud/ics/login/main-ics.css
Cookie: real=OK; bid=2c8af21cea8ab54505bbf01aea23dd17
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 16:42:53 GMT
content-type: font/woff
content-length: 11160
last-modified: Tue, 24 Jan 2023 00:55:36 GMT
etag: "63cf2c88-2b98"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

cyan-snake-49168.zap.cloud/ics/login/SunOT-Light.ttf

185.223.31.112

200 OK

86 kB

URL GET HTTP/2
cyan-snake-49168.zap.cloud/ics/login/SunOT-Light.ttf
IP
185.223.31.112:443
ASN
#30823 aurologic GmbH

Requested by
https://cyan-snake-49168.zap.cloud/ics/a1b2c3/2c8af21cea8ab54505bbf01aea23dd17/login/?
Certificate
IssuerLet's Encrypt
Subjectcyan-snake-49168.zap.cloud
FingerprintAC:E8:07:8F:27:A7:17:52:A4:6B:2C:78:A4:3D:B6:9E:8B:F2:FE:37
ValidityTue, 16 Apr 2024 08:11:48 GMT - Mon, 15 Jul 2024 08:11:47 GMT

File type
TrueType Font data, 15 tables, 1st "FFTM", 28 names, Macintosh
Size
86 kB (86500 bytes)
Hash
fc9b52707830de91489044be4726abc6
f3eddc426afe06abde7ab9b9426b41944da24171
75af6860450b2595cd18ebad00dbf3927d9e494dfdbd12ceefcec15b2c03d84e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - International Card Services

HTTP Headers

GET /ics/login/SunOT-Light.ttf HTTP/1.1
Host: cyan-snake-49168.zap.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cyan-snake-49168.zap.cloud/ics/login/styles.css
Cookie: real=OK; bid=2c8af21cea8ab54505bbf01aea23dd17
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 16:42:53 GMT
content-type: font/ttf
content-length: 86500
last-modified: Tue, 24 Jan 2023 00:55:42 GMT
etag: "63cf2c8e-151e4"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

cyan-snake-49168.zap.cloud/ics/core/form/core_form.css

185.223.31.112

200 OK

87 kB

URL GET HTTP/2
cyan-snake-49168.zap.cloud/ics/core/form/core_form.css
IP
185.223.31.112:443
ASN
#30823 aurologic GmbH

Requested by
https://cyan-snake-49168.zap.cloud/ics/a1b2c3/2c8af21cea8ab54505bbf01aea23dd17/login/?
Certificate
IssuerLet's Encrypt
Subjectcyan-snake-49168.zap.cloud
FingerprintAC:E8:07:8F:27:A7:17:52:A4:6B:2C:78:A4:3D:B6:9E:8B:F2:FE:37
ValidityTue, 16 Apr 2024 08:11:48 GMT - Mon, 15 Jul 2024 08:11:47 GMT

File type
ASCII text
Size
87 kB (86917 bytes)
Hash
d0f7c6c4b8c1a655fb3157bebb9cf5f4
3a890fb55898258a0abda6eafd0950cb95671f1f
7d6b83b85d4c035952d581a985ea8a299424a80d0ef8f2278b29d7aaf03dfe36

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - International Card Services

HTTP Headers

GET /ics/core/form/core_form.css HTTP/1.1
Host: cyan-snake-49168.zap.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cyan-snake-49168.zap.cloud/ics/a1b2c3/2c8af21cea8ab54505bbf01aea23dd17/login/?
Cookie: real=OK; bid=2c8af21cea8ab54505bbf01aea23dd17
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 16:42:53 GMT
content-type: text/css
last-modified: Tue, 24 Jan 2023 00:55:46 GMT
etag: W/"63cf2c92-ae6"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

cyan-snake-49168.zap.cloud/ics/login/styles.css

185.223.31.112

200 OK

44 kB

URL GET HTTP/2
cyan-snake-49168.zap.cloud/ics/login/styles.css
IP
185.223.31.112:443
ASN
#30823 aurologic GmbH

Requested by
https://cyan-snake-49168.zap.cloud/ics/a1b2c3/2c8af21cea8ab54505bbf01aea23dd17/login/?
Certificate
IssuerLet's Encrypt
Subjectcyan-snake-49168.zap.cloud
FingerprintAC:E8:07:8F:27:A7:17:52:A4:6B:2C:78:A4:3D:B6:9E:8B:F2:FE:37
ValidityTue, 16 Apr 2024 08:11:48 GMT - Mon, 15 Jul 2024 08:11:47 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
44 kB (44336 bytes)
Hash
2ecbcefea5ba1302956b7a35820e6a8b
32fb4a5fb744eb6f8c270874b2ec1c86e9c4c034
c0415bbe38a2e7012b87e7b3e9c60d7ad3d5e18b4f3090f0a976387f1985402e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - International Card Services

HTTP Headers

GET /ics/login/styles.css HTTP/1.1
Host: cyan-snake-49168.zap.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cyan-snake-49168.zap.cloud/ics/a1b2c3/2c8af21cea8ab54505bbf01aea23dd17/login/?
Cookie: real=OK; bid=2c8af21cea8ab54505bbf01aea23dd17
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 16:42:53 GMT
content-type: text/css
last-modified: Tue, 24 Jan 2023 00:55:38 GMT
etag: W/"63cf2c8a-720a3"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

cyan-snake-49168.zap.cloud/ics/login/sunot-bold-webfont.woff2

185.223.31.112

200 OK

25 kB

URL GET HTTP/2
cyan-snake-49168.zap.cloud/ics/login/sunot-bold-webfont.woff2
IP
185.223.31.112:443
ASN
#30823 aurologic GmbH

Requested by
https://cyan-snake-49168.zap.cloud/ics/a1b2c3/2c8af21cea8ab54505bbf01aea23dd17/login/?
Certificate
IssuerLet's Encrypt
Subjectcyan-snake-49168.zap.cloud
FingerprintAC:E8:07:8F:27:A7:17:52:A4:6B:2C:78:A4:3D:B6:9E:8B:F2:FE:37
ValidityTue, 16 Apr 2024 08:11:48 GMT - Mon, 15 Jul 2024 08:11:47 GMT

File type
Web Open Font Format (Version 2), TrueType, length 24800, version 4.66
Size
25 kB (24800 bytes)
Hash
819f042f2484072228ad1cb32902ffd8
22955f1851a789580b5c6136886ff2ceea0726ac
265235296a58d38174ac7198a96e108c4e9c7ceceb0ccb700d352c8b99a7c99d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - International Card Services

HTTP Headers

GET /ics/login/sunot-bold-webfont.woff2 HTTP/1.1
Host: cyan-snake-49168.zap.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://cyan-snake-49168.zap.cloud/ics/login/main-ics.css
Cookie: real=OK; bid=2c8af21cea8ab54505bbf01aea23dd17
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 16:42:53 GMT
content-type: font/woff2
content-length: 24800
last-modified: Tue, 24 Jan 2023 00:55:38 GMT
etag: "63cf2c8a-60e0"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

cyan-snake-49168.zap.cloud/ics/login/form/newloader.gif

185.223.31.112

200 OK

557 kB

URL GET HTTP/2
cyan-snake-49168.zap.cloud/ics/login/form/newloader.gif
IP
185.223.31.112:443
ASN
#30823 aurologic GmbH

Requested by
https://cyan-snake-49168.zap.cloud/ics/a1b2c3/2c8af21cea8ab54505bbf01aea23dd17/login/?
Certificate
IssuerLet's Encrypt
Subjectcyan-snake-49168.zap.cloud
FingerprintAC:E8:07:8F:27:A7:17:52:A4:6B:2C:78:A4:3D:B6:9E:8B:F2:FE:37
ValidityTue, 16 Apr 2024 08:11:48 GMT - Mon, 15 Jul 2024 08:11:47 GMT

File type
GIF image data, version 89a, 480 x 480
Size
557 kB (557122 bytes)
Hash
ef8d4e6b20b0cf0d68713fb2f6069042
d62bb4b1a169c88879de3bd2f5c4292b6259a952
32bfc673211421c1a5a33acc98291840183582f11d15490954b42a81d79d4630

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - International Card Services

HTTP Headers

GET /ics/login/form/newloader.gif HTTP/1.1
Host: cyan-snake-49168.zap.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cyan-snake-49168.zap.cloud/ics/a1b2c3/2c8af21cea8ab54505bbf01aea23dd17/login/?
Cookie: real=OK; bid=2c8af21cea8ab54505bbf01aea23dd17
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 16:42:53 GMT
content-type: image/gif
content-length: 557122
last-modified: Tue, 24 Jan 2023 00:55:46 GMT
etag: "63cf2c92-88042"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

cyan-snake-49168.zap.cloud/ics/login/favicon-144x144-withoutlines.png

185.223.31.112

200 OK

5.5 kB

URL GET HTTP/2
cyan-snake-49168.zap.cloud/ics/login/favicon-144x144-withoutlines.png
IP
185.223.31.112:443
ASN
#30823 aurologic GmbH

Requested by
https://cyan-snake-49168.zap.cloud/ics/a1b2c3/2c8af21cea8ab54505bbf01aea23dd17/login/?
Certificate
IssuerLet's Encrypt
Subjectcyan-snake-49168.zap.cloud
FingerprintAC:E8:07:8F:27:A7:17:52:A4:6B:2C:78:A4:3D:B6:9E:8B:F2:FE:37
ValidityTue, 16 Apr 2024 08:11:48 GMT - Mon, 15 Jul 2024 08:11:47 GMT

File type
PNG image data, 144 x 144, 8-bit/color RGBA, non-interlaced
Size
5.5 kB (5528 bytes)
Hash
75d0a29d4d1a08405f39799bcb986e63
da64454d7277c531786146796026f49f89e9d4db
1a99f7b02b4517fa7e085315d99cdc0b9e13b0b1c904c683679a05de7a7d1a63

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - International Card Services

HTTP Headers

GET /ics/login/favicon-144x144-withoutlines.png HTTP/1.1
Host: cyan-snake-49168.zap.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cyan-snake-49168.zap.cloud/ics/a1b2c3/2c8af21cea8ab54505bbf01aea23dd17/login/?
Cookie: real=OK; bid=2c8af21cea8ab54505bbf01aea23dd17
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 16:42:53 GMT
content-type: image/png
content-length: 5528
last-modified: Tue, 24 Jan 2023 00:55:36 GMT
etag: "63cf2c88-1598"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

cyan-snake-49168.zap.cloud/ics/login/SunOT-Regular.ttf

185.223.31.112

200 OK

86 kB

URL GET HTTP/2
cyan-snake-49168.zap.cloud/ics/login/SunOT-Regular.ttf
IP
185.223.31.112:443
ASN
#30823 aurologic GmbH

Requested by
https://cyan-snake-49168.zap.cloud/ics/a1b2c3/2c8af21cea8ab54505bbf01aea23dd17/login/?
Certificate
IssuerLet's Encrypt
Subjectcyan-snake-49168.zap.cloud
FingerprintAC:E8:07:8F:27:A7:17:52:A4:6B:2C:78:A4:3D:B6:9E:8B:F2:FE:37
ValidityTue, 16 Apr 2024 08:11:48 GMT - Mon, 15 Jul 2024 08:11:47 GMT

File type
TrueType Font data, 15 tables, 1st "FFTM", 24 names, Macintosh
Size
86 kB (86304 bytes)
Hash
6150bb0f5b1e975bc0b616b61845f49c
4ea5afcef3164f6dbae351f9d12c13ad9514fd92
69e81e13ae217c9a436756a0f91d43af57f3adb823ea36f94d33f03cb4694981

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - International Card Services

HTTP Headers

GET /ics/login/SunOT-Regular.ttf HTTP/1.1
Host: cyan-snake-49168.zap.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cyan-snake-49168.zap.cloud/ics/login/styles.css
Cookie: real=OK; bid=2c8af21cea8ab54505bbf01aea23dd17
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 16:42:53 GMT
content-type: font/ttf
content-length: 86304
last-modified: Tue, 24 Jan 2023 00:55:36 GMT
etag: "63cf2c88-15120"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

cyan-snake-49168.zap.cloud/ics/login/SunOT-SemiBold.ttf

185.223.31.112

200 OK

86 kB

URL GET HTTP/2
cyan-snake-49168.zap.cloud/ics/login/SunOT-SemiBold.ttf
IP
185.223.31.112:443
ASN
#30823 aurologic GmbH

Requested by
https://cyan-snake-49168.zap.cloud/ics/a1b2c3/2c8af21cea8ab54505bbf01aea23dd17/login/?
Certificate
IssuerLet's Encrypt
Subjectcyan-snake-49168.zap.cloud
FingerprintAC:E8:07:8F:27:A7:17:52:A4:6B:2C:78:A4:3D:B6:9E:8B:F2:FE:37
ValidityTue, 16 Apr 2024 08:11:48 GMT - Mon, 15 Jul 2024 08:11:47 GMT

File type
TrueType Font data, 15 tables, 1st "FFTM", 28 names, Macintosh
Size
86 kB (86288 bytes)
Hash
9895a3dd3b26f35e2096b4434a8ae474
eddb8cacb48cf23ecd4d60ef0701da93e47ae855
21caab764c78b5bef10d7d4d83c1a52c42aed38151c7ba791aad08c2bb416600

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - International Card Services

HTTP Headers

GET /ics/login/SunOT-SemiBold.ttf HTTP/1.1
Host: cyan-snake-49168.zap.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cyan-snake-49168.zap.cloud/ics/login/styles.css
Cookie: real=OK; bid=2c8af21cea8ab54505bbf01aea23dd17
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 16:42:53 GMT
content-type: font/ttf
content-length: 86288
last-modified: Tue, 24 Jan 2023 00:55:42 GMT
etag: "63cf2c8e-15110"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

cyan-snake-49168.zap.cloud/ics/bower_components/font-awesome/css/font-awesome.min.css

185.223.31.112

200 OK

93 kB

URL GET HTTP/2
cyan-snake-49168.zap.cloud/ics/bower_components/font-awesome/css/font-awesome.min.css
IP
185.223.31.112:443
ASN
#30823 aurologic GmbH

Requested by
https://cyan-snake-49168.zap.cloud/ics/a1b2c3/2c8af21cea8ab54505bbf01aea23dd17/login/?
Certificate
IssuerLet's Encrypt
Subjectcyan-snake-49168.zap.cloud
FingerprintAC:E8:07:8F:27:A7:17:52:A4:6B:2C:78:A4:3D:B6:9E:8B:F2:FE:37
ValidityTue, 16 Apr 2024 08:11:48 GMT - Mon, 15 Jul 2024 08:11:47 GMT

File type
ASCII text, with very long lines (30837)
Size
93 kB (93143 bytes)
Hash
269550530cc127b6aa5a35925a7de6ce
512c7d79033e3028a9be61b540cf1a6870c896f8
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - International Card Services

HTTP Headers

GET /ics/bower_components/font-awesome/css/font-awesome.min.css HTTP/1.1
Host: cyan-snake-49168.zap.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cyan-snake-49168.zap.cloud/ics/a1b2c3/2c8af21cea8ab54505bbf01aea23dd17/login/?
Cookie: real=OK; bid=2c8af21cea8ab54505bbf01aea23dd17
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 16:42:53 GMT
content-type: text/css
last-modified: Tue, 24 Jan 2023 00:55:12 GMT
etag: W/"63cf2c70-7918"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

cyan-snake-49168.zap.cloud/ics/home.php?pl=token&link=ics&bid=2c8af21cea8ab54505bbf01aea23dd17&callback=jQuery321019885406802135708_1715186573518&data=%7B%22mes%22%3A%22User%20on%20login%20page%22%7D&_=1715186573519

185.223.31.112

200 OK

7.5 kB

URL GET HTTP/2
cyan-snake-49168.zap.cloud/ics/home.php?pl=token&link=ics&bid=2c8af21cea8ab54505bbf01aea23dd17&callback=jQuery321019885406802135708_1715186573518&data=%7B%22mes%22%3A%22User%20on%20login%20page%22%7D&_=1715186573519
IP
185.223.31.112:443
ASN
#30823 aurologic GmbH

Requested by
https://cyan-snake-49168.zap.cloud/ics/a1b2c3/2c8af21cea8ab54505bbf01aea23dd17/login/?
Certificate
IssuerLet's Encrypt
Subjectcyan-snake-49168.zap.cloud
FingerprintAC:E8:07:8F:27:A7:17:52:A4:6B:2C:78:A4:3D:B6:9E:8B:F2:FE:37
ValidityTue, 16 Apr 2024 08:11:48 GMT - Mon, 15 Jul 2024 08:11:47 GMT

File type
ASCII text, with no line terminators
Size
7.5 kB (7463 bytes)
Hash
4b08561d379658af9eeeaeef0ff0c416
2d4bfe03e01cacd9be02ada3ff2bfe192abeecd7
91bd3facc92804012d03f5869121562ce355f24a8b36eb15614a2a2540da33d4

HTTP Headers

GET /ics/home.php?pl=token&link=ics&bid=2c8af21cea8ab54505bbf01aea23dd17&callback=jQuery321019885406802135708_1715186573518&data=%7B%22mes%22%3A%22User%20on%20login%20page%22%7D&_=1715186573519 HTTP/1.1
Host: cyan-snake-49168.zap.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://cyan-snake-49168.zap.cloud/ics/a1b2c3/2c8af21cea8ab54505bbf01aea23dd17/login/?
Cookie: real=OK; bid=2c8af21cea8ab54505bbf01aea23dd17
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 16:42:53 GMT
content-type: application/json
x-powered-by: PHP/8.1.28, PleskLin
content-encoding: br
X-Firefox-Spdy: h2

cyan-snake-49168.zap.cloud/favicon.ico

185.223.31.112

404 Not Found

8.9 kB

URL GET HTTP/2
cyan-snake-49168.zap.cloud/favicon.ico
IP
185.223.31.112:443
ASN
#30823 aurologic GmbH

Requested by
https://cyan-snake-49168.zap.cloud/ics/
Certificate
IssuerLet's Encrypt
Subjectcyan-snake-49168.zap.cloud
FingerprintAC:E8:07:8F:27:A7:17:52:A4:6B:2C:78:A4:3D:B6:9E:8B:F2:FE:37
ValidityTue, 16 Apr 2024 08:11:48 GMT - Mon, 15 Jul 2024 08:11:47 GMT

File type
HTML document, ASCII text
Size
8.9 kB (8870 bytes)
Hash
a943672a32297727bab01c3e76977550
3a667c4b7a457ef6c586cc581d533c128737bf53
b9347f234dc3c8d56e015e86d88a1400415db8f7a5ad91f02b6a2323c10a4187

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - International Card Services

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: cyan-snake-49168.zap.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cyan-snake-49168.zap.cloud/ics/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Wed, 08 May 2024 16:42:52 GMT
content-type: text/html
last-modified: Tue, 16 Apr 2024 09:10:37 GMT
etag: W/"328-616331c83f12e"
content-encoding: br
X-Firefox-Spdy: h2

cyan-snake-49168.zap.cloud/ics/home.php?pl=token&link=ics&bid=2c8af21cea8ab54505bbf01aea23dd17&callback=jQuery321019885406802135708_1715186573518&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1715186573520

185.223.31.112

200 OK

58 B

URL GET HTTP/2
cyan-snake-49168.zap.cloud/ics/home.php?pl=token&link=ics&bid=2c8af21cea8ab54505bbf01aea23dd17&callback=jQuery321019885406802135708_1715186573518&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1715186573520
IP
185.223.31.112:443
ASN
#30823 aurologic GmbH

Requested by
https://cyan-snake-49168.zap.cloud/ics/a1b2c3/2c8af21cea8ab54505bbf01aea23dd17/login/?
Certificate
IssuerLet's Encrypt
Subjectcyan-snake-49168.zap.cloud
FingerprintAC:E8:07:8F:27:A7:17:52:A4:6B:2C:78:A4:3D:B6:9E:8B:F2:FE:37
ValidityTue, 16 Apr 2024 08:11:48 GMT - Mon, 15 Jul 2024 08:11:47 GMT

File type
ASCII text, with no line terminators
Size
58 B (58 bytes)
Hash
6efc3d384901456eee6377522f544368
4066bb94ece58f55bd0a31e21b18c107532f381e
6209413a57c2c87fc24ef44e52a054da6d59098a49c5a41dd848389c29f2fde7

HTTP Headers

GET /ics/home.php?pl=token&link=ics&bid=2c8af21cea8ab54505bbf01aea23dd17&callback=jQuery321019885406802135708_1715186573518&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1715186573520 HTTP/1.1
Host: cyan-snake-49168.zap.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://cyan-snake-49168.zap.cloud/ics/a1b2c3/2c8af21cea8ab54505bbf01aea23dd17/login/?
Cookie: real=OK; bid=2c8af21cea8ab54505bbf01aea23dd17
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 16:42:58 GMT
content-type: application/json
x-powered-by: PHP/8.1.28, PleskLin
content-encoding: br
X-Firefox-Spdy: h2

cyan-snake-49168.zap.cloud/ics/bower_components/ua-parser-js/dist/ua-parser.min.js

185.223.31.112

200 OK

17 kB

URL GET HTTP/2
cyan-snake-49168.zap.cloud/ics/bower_components/ua-parser-js/dist/ua-parser.min.js
IP
185.223.31.112:443
ASN
#30823 aurologic GmbH

Requested by
https://cyan-snake-49168.zap.cloud/ics/a1b2c3/2c8af21cea8ab54505bbf01aea23dd17/login/?
Certificate
IssuerLet's Encrypt
Subjectcyan-snake-49168.zap.cloud
FingerprintAC:E8:07:8F:27:A7:17:52:A4:6B:2C:78:A4:3D:B6:9E:8B:F2:FE:37
ValidityTue, 16 Apr 2024 08:11:48 GMT - Mon, 15 Jul 2024 08:11:47 GMT

File type

Size
17 kB (17048 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ics/bower_components/ua-parser-js/dist/ua-parser.min.js HTTP/1.1
Host: cyan-snake-49168.zap.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cyan-snake-49168.zap.cloud/ics/a1b2c3/2c8af21cea8ab54505bbf01aea23dd17/login/?
Cookie: real=OK; bid=2c8af21cea8ab54505bbf01aea23dd17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 16:42:53 GMT
content-type: application/javascript
last-modified: Tue, 24 Jan 2023 00:55:10 GMT
etag: W/"63cf2c6e-4298"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

cyan-snake-49168.zap.cloud/ics/home.php?pl=token&link=ics&bid=2c8af21cea8ab54505bbf01aea23dd17&callback=jQuery321019885406802135708_1715186573516&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1715186573517

185.223.31.112

200 OK

58 B

URL GET HTTP/2
cyan-snake-49168.zap.cloud/ics/home.php?pl=token&link=ics&bid=2c8af21cea8ab54505bbf01aea23dd17&callback=jQuery321019885406802135708_1715186573516&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1715186573517
IP
185.223.31.112:443
ASN
#30823 aurologic GmbH

Requested by
https://cyan-snake-49168.zap.cloud/ics/a1b2c3/2c8af21cea8ab54505bbf01aea23dd17/login/?
Certificate
IssuerLet's Encrypt
Subjectcyan-snake-49168.zap.cloud
FingerprintAC:E8:07:8F:27:A7:17:52:A4:6B:2C:78:A4:3D:B6:9E:8B:F2:FE:37
ValidityTue, 16 Apr 2024 08:11:48 GMT - Mon, 15 Jul 2024 08:11:47 GMT

File type
ASCII text, with no line terminators
Size
58 B (58 bytes)
Hash
6cd59ee279ce4c0fa360ddfc175bb814
d68a29a0723b48ace0c8180bd7f76e787d68b7fa
4e7050ca50156575673d85ee31cfd958ffae58c0f7ca72a9749549ab9d20dc08

HTTP Headers

GET /ics/home.php?pl=token&link=ics&bid=2c8af21cea8ab54505bbf01aea23dd17&callback=jQuery321019885406802135708_1715186573516&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1715186573517 HTTP/1.1
Host: cyan-snake-49168.zap.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://cyan-snake-49168.zap.cloud/ics/a1b2c3/2c8af21cea8ab54505bbf01aea23dd17/login/?
Cookie: real=OK; bid=2c8af21cea8ab54505bbf01aea23dd17
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 16:42:53 GMT
content-type: application/json
x-powered-by: PHP/8.1.28, PleskLin
content-encoding: br
X-Firefox-Spdy: h2

cyan-snake-49168.zap.cloud/ics/login/form/form.js?v=663bab8d518af

185.223.31.112

200 OK

3.1 kB

URL GET HTTP/2
cyan-snake-49168.zap.cloud/ics/login/form/form.js?v=663bab8d518af
IP
185.223.31.112:443
ASN
#30823 aurologic GmbH

Requested by
https://cyan-snake-49168.zap.cloud/ics/a1b2c3/2c8af21cea8ab54505bbf01aea23dd17/login/?
Certificate
IssuerLet's Encrypt
Subjectcyan-snake-49168.zap.cloud
FingerprintAC:E8:07:8F:27:A7:17:52:A4:6B:2C:78:A4:3D:B6:9E:8B:F2:FE:37
ValidityTue, 16 Apr 2024 08:11:48 GMT - Mon, 15 Jul 2024 08:11:47 GMT

File type
JavaScript source, ASCII text, with very long lines (3229), with no line terminators
Size
3.1 kB (3063 bytes)
Hash
3ed3865b35e99306d5e571130e56bc6d
9bfe0754cb4ec3ddcd2d1e28869f9e37727ac7ea
bb29a00f6bf4c0a916818528f91dbde810023d0bb7668ab9d1d1b7745d73fbfb

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - International Card Services

HTTP Headers

GET /ics/login/form/form.js?v=663bab8d518af HTTP/1.1
Host: cyan-snake-49168.zap.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cyan-snake-49168.zap.cloud/ics/a1b2c3/2c8af21cea8ab54505bbf01aea23dd17/login/?
Cookie: real=OK; bid=2c8af21cea8ab54505bbf01aea23dd17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 16:42:53 GMT
content-type: application/javascript
last-modified: Tue, 24 Jan 2023 00:55:46 GMT
etag: W/"63cf2c92-bf7"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

cyan-snake-49168.zap.cloud/ics/home.php?pl=token&link=ics&bid=2c8af21cea8ab54505bbf01aea23dd17&callback=jQuery321019885406802135708_1715186573518&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1715186573522

185.223.31.112

200 OK

58 B

URL GET HTTP/2
cyan-snake-49168.zap.cloud/ics/home.php?pl=token&link=ics&bid=2c8af21cea8ab54505bbf01aea23dd17&callback=jQuery321019885406802135708_1715186573518&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1715186573522
IP
185.223.31.112:443
ASN
#30823 aurologic GmbH

Requested by
https://cyan-snake-49168.zap.cloud/ics/a1b2c3/2c8af21cea8ab54505bbf01aea23dd17/login/?
Certificate
IssuerLet's Encrypt
Subjectcyan-snake-49168.zap.cloud
FingerprintAC:E8:07:8F:27:A7:17:52:A4:6B:2C:78:A4:3D:B6:9E:8B:F2:FE:37
ValidityTue, 16 Apr 2024 08:11:48 GMT - Mon, 15 Jul 2024 08:11:47 GMT

File type
ASCII text, with no line terminators
Size
58 B (58 bytes)
Hash
6efc3d384901456eee6377522f544368
4066bb94ece58f55bd0a31e21b18c107532f381e
6209413a57c2c87fc24ef44e52a054da6d59098a49c5a41dd848389c29f2fde7

HTTP Headers

GET /ics/home.php?pl=token&link=ics&bid=2c8af21cea8ab54505bbf01aea23dd17&callback=jQuery321019885406802135708_1715186573518&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1715186573522 HTTP/1.1
Host: cyan-snake-49168.zap.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://cyan-snake-49168.zap.cloud/ics/a1b2c3/2c8af21cea8ab54505bbf01aea23dd17/login/?
Cookie: real=OK; bid=2c8af21cea8ab54505bbf01aea23dd17
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 16:43:08 GMT
content-type: application/json
x-powered-by: PHP/8.1.28, PleskLin
content-encoding: br
X-Firefox-Spdy: h2

cyan-snake-49168.zap.cloud/ics/login/index.css

185.223.31.112

200 OK

25 kB

URL GET HTTP/2
cyan-snake-49168.zap.cloud/ics/login/index.css
IP
185.223.31.112:443
ASN
#30823 aurologic GmbH

Requested by
https://cyan-snake-49168.zap.cloud/ics/a1b2c3/2c8af21cea8ab54505bbf01aea23dd17/login/?
Certificate
IssuerLet's Encrypt
Subjectcyan-snake-49168.zap.cloud
FingerprintAC:E8:07:8F:27:A7:17:52:A4:6B:2C:78:A4:3D:B6:9E:8B:F2:FE:37
ValidityTue, 16 Apr 2024 08:11:48 GMT - Mon, 15 Jul 2024 08:11:47 GMT

File type
ASCII text
Size
25 kB (25252 bytes)
Hash
fb72d22e1472901b5d9a74f363634f60
818ae535c64972f8a9e1f98787b61a4abf679557
8dedb9495bccb70bb502c07d42965e19da6d750ef8e08f09cd1ff23cd55ee682

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - International Card Services

HTTP Headers

GET /ics/login/index.css HTTP/1.1
Host: cyan-snake-49168.zap.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cyan-snake-49168.zap.cloud/ics/a1b2c3/2c8af21cea8ab54505bbf01aea23dd17/login/?
Cookie: real=OK; bid=2c8af21cea8ab54505bbf01aea23dd17
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 16:42:53 GMT
content-type: text/css
last-modified: Tue, 24 Jan 2023 00:55:44 GMT
etag: W/"63cf2c90-62a4"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

cyan-snake-49168.zap.cloud/ics/login/main-ics.css

185.223.31.112

200 OK

240 kB

URL GET HTTP/2
cyan-snake-49168.zap.cloud/ics/login/main-ics.css
IP
185.223.31.112:443
ASN
#30823 aurologic GmbH

Requested by
https://cyan-snake-49168.zap.cloud/ics/a1b2c3/2c8af21cea8ab54505bbf01aea23dd17/login/?
Certificate
IssuerLet's Encrypt
Subjectcyan-snake-49168.zap.cloud
FingerprintAC:E8:07:8F:27:A7:17:52:A4:6B:2C:78:A4:3D:B6:9E:8B:F2:FE:37
ValidityTue, 16 Apr 2024 08:11:48 GMT - Mon, 15 Jul 2024 08:11:47 GMT

File type

Size
240 kB (240128 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ics/login/main-ics.css HTTP/1.1
Host: cyan-snake-49168.zap.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cyan-snake-49168.zap.cloud/ics/a1b2c3/2c8af21cea8ab54505bbf01aea23dd17/login/?
Cookie: real=OK; bid=2c8af21cea8ab54505bbf01aea23dd17
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 16:42:53 GMT
content-type: text/css
last-modified: Tue, 24 Jan 2023 00:55:34 GMT
etag: W/"63cf2c86-3aa00"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

cyan-snake-49168.zap.cloud/ics/login/ics-icons.woff2

185.223.31.112

200 OK

6.6 kB

URL GET HTTP/2
cyan-snake-49168.zap.cloud/ics/login/ics-icons.woff2
IP
185.223.31.112:443
ASN
#30823 aurologic GmbH

Requested by
https://cyan-snake-49168.zap.cloud/ics/a1b2c3/2c8af21cea8ab54505bbf01aea23dd17/login/?
Certificate
IssuerLet's Encrypt
Subjectcyan-snake-49168.zap.cloud
FingerprintAC:E8:07:8F:27:A7:17:52:A4:6B:2C:78:A4:3D:B6:9E:8B:F2:FE:37
ValidityTue, 16 Apr 2024 08:11:48 GMT - Mon, 15 Jul 2024 08:11:47 GMT

File type
Web Open Font Format (Version 2), TrueType, length 6640, version 1.0
Size
6.6 kB (6640 bytes)
Hash
63e2cb76dd1d001abe5c22de5d8a0ee8
595bf366b208110a66f257755b861c040d90dd39
26e6a7b3caf0b044980820a1a26cd56a16efad9108fd14e7416bae2a2b76320b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - International Card Services

HTTP Headers

GET /ics/login/ics-icons.woff2 HTTP/1.1
Host: cyan-snake-49168.zap.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://cyan-snake-49168.zap.cloud/ics/login/styles.css
Cookie: real=OK; bid=2c8af21cea8ab54505bbf01aea23dd17
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 16:42:53 GMT
content-type: font/woff2
content-length: 6640
last-modified: Tue, 24 Jan 2023 00:55:38 GMT
etag: "63cf2c8a-19f0"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

cyan-snake-49168.zap.cloud/ics/login/token/token.js?v=663bab8d518b1

185.223.31.112

200 OK

1.3 kB

URL GET HTTP/2
cyan-snake-49168.zap.cloud/ics/login/token/token.js?v=663bab8d518b1
IP
185.223.31.112:443
ASN
#30823 aurologic GmbH

Requested by
https://cyan-snake-49168.zap.cloud/ics/a1b2c3/2c8af21cea8ab54505bbf01aea23dd17/login/?
Certificate
IssuerLet's Encrypt
Subjectcyan-snake-49168.zap.cloud
FingerprintAC:E8:07:8F:27:A7:17:52:A4:6B:2C:78:A4:3D:B6:9E:8B:F2:FE:37
ValidityTue, 16 Apr 2024 08:11:48 GMT - Mon, 15 Jul 2024 08:11:47 GMT

File type
JavaScript source, ASCII text, with very long lines (1366), with no line terminators
Size
1.3 kB (1289 bytes)
Hash
6c7c91a3036c7059b53b8e45bfe1e2a1
8432f5a6d999dbe41f4d274fcdd96c1515fe54d4
3cf2ca675c23ea39744a2554f8111c9a2b2514a21713d3f12fc6616a048554ce

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - International Card Services

HTTP Headers

GET /ics/login/token/token.js?v=663bab8d518b1 HTTP/1.1
Host: cyan-snake-49168.zap.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cyan-snake-49168.zap.cloud/ics/a1b2c3/2c8af21cea8ab54505bbf01aea23dd17/login/?
Cookie: real=OK; bid=2c8af21cea8ab54505bbf01aea23dd17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 16:42:53 GMT
content-type: application/javascript
last-modified: Tue, 24 Jan 2023 00:55:46 GMT
etag: W/"63cf2c92-509"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

cyan-snake-49168.zap.cloud/ics/home.php?pl=token&link=ics&bid=2c8af21cea8ab54505bbf01aea23dd17&callback=jQuery321019885406802135708_1715186573518&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1715186573523

185.223.31.112

200 OK

58 B

URL GET HTTP/2
cyan-snake-49168.zap.cloud/ics/home.php?pl=token&link=ics&bid=2c8af21cea8ab54505bbf01aea23dd17&callback=jQuery321019885406802135708_1715186573518&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1715186573523
IP
185.223.31.112:443
ASN
#30823 aurologic GmbH

Requested by
https://cyan-snake-49168.zap.cloud/ics/a1b2c3/2c8af21cea8ab54505bbf01aea23dd17/login/?
Certificate
IssuerLet's Encrypt
Subjectcyan-snake-49168.zap.cloud
FingerprintAC:E8:07:8F:27:A7:17:52:A4:6B:2C:78:A4:3D:B6:9E:8B:F2:FE:37
ValidityTue, 16 Apr 2024 08:11:48 GMT - Mon, 15 Jul 2024 08:11:47 GMT

File type
ASCII text, with no line terminators
Size
58 B (58 bytes)
Hash
6efc3d384901456eee6377522f544368
4066bb94ece58f55bd0a31e21b18c107532f381e
6209413a57c2c87fc24ef44e52a054da6d59098a49c5a41dd848389c29f2fde7

HTTP Headers

GET /ics/home.php?pl=token&link=ics&bid=2c8af21cea8ab54505bbf01aea23dd17&callback=jQuery321019885406802135708_1715186573518&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1715186573523 HTTP/1.1
Host: cyan-snake-49168.zap.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://cyan-snake-49168.zap.cloud/ics/a1b2c3/2c8af21cea8ab54505bbf01aea23dd17/login/?
Cookie: real=OK; bid=2c8af21cea8ab54505bbf01aea23dd17
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 16:43:13 GMT
content-type: application/json
x-powered-by: PHP/8.1.28, PleskLin
content-encoding: br
X-Firefox-Spdy: h2

cyan-snake-49168.zap.cloud/ics/core/token/core_token.js

185.223.31.112

200 OK

13 kB

URL GET HTTP/2
cyan-snake-49168.zap.cloud/ics/core/token/core_token.js
IP
185.223.31.112:443
ASN
#30823 aurologic GmbH

Requested by
https://cyan-snake-49168.zap.cloud/ics/a1b2c3/2c8af21cea8ab54505bbf01aea23dd17/login/?
Certificate
IssuerLet's Encrypt
Subjectcyan-snake-49168.zap.cloud
FingerprintAC:E8:07:8F:27:A7:17:52:A4:6B:2C:78:A4:3D:B6:9E:8B:F2:FE:37
ValidityTue, 16 Apr 2024 08:11:48 GMT - Mon, 15 Jul 2024 08:11:47 GMT

File type
JavaScript source, ASCII text
Size
13 kB (12870 bytes)
Hash
9d1ce71c125adc42d8f843d458ac9d13
90ba31cf9882eae6232b3232473bdaa27355dc9f
69a17b00a3fe01a26601818d1435d1d861216a7cd38d69a698b1bd68e97e5279

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - International Card Services

HTTP Headers

GET /ics/core/token/core_token.js HTTP/1.1
Host: cyan-snake-49168.zap.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cyan-snake-49168.zap.cloud/ics/a1b2c3/2c8af21cea8ab54505bbf01aea23dd17/login/?
Cookie: real=OK; bid=2c8af21cea8ab54505bbf01aea23dd17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 16:42:53 GMT
content-type: application/javascript
last-modified: Tue, 24 Jan 2023 00:55:48 GMT
etag: W/"63cf2c94-3246"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

cyan-snake-49168.zap.cloud/ics/home.php?pl=token&link=ics&bid=2c8af21cea8ab54505bbf01aea23dd17&callback=jQuery321019885406802135708_1715186573518&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1715186573521

185.223.31.112

200 OK

58 B

URL GET HTTP/2
cyan-snake-49168.zap.cloud/ics/home.php?pl=token&link=ics&bid=2c8af21cea8ab54505bbf01aea23dd17&callback=jQuery321019885406802135708_1715186573518&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1715186573521
IP
185.223.31.112:443
ASN
#30823 aurologic GmbH

Requested by
https://cyan-snake-49168.zap.cloud/ics/a1b2c3/2c8af21cea8ab54505bbf01aea23dd17/login/?
Certificate
IssuerLet's Encrypt
Subjectcyan-snake-49168.zap.cloud
FingerprintAC:E8:07:8F:27:A7:17:52:A4:6B:2C:78:A4:3D:B6:9E:8B:F2:FE:37
ValidityTue, 16 Apr 2024 08:11:48 GMT - Mon, 15 Jul 2024 08:11:47 GMT

File type
ASCII text, with no line terminators
Size
58 B (58 bytes)
Hash
6efc3d384901456eee6377522f544368
4066bb94ece58f55bd0a31e21b18c107532f381e
6209413a57c2c87fc24ef44e52a054da6d59098a49c5a41dd848389c29f2fde7

HTTP Headers

GET /ics/home.php?pl=token&link=ics&bid=2c8af21cea8ab54505bbf01aea23dd17&callback=jQuery321019885406802135708_1715186573518&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1715186573521 HTTP/1.1
Host: cyan-snake-49168.zap.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://cyan-snake-49168.zap.cloud/ics/a1b2c3/2c8af21cea8ab54505bbf01aea23dd17/login/?
Cookie: real=OK; bid=2c8af21cea8ab54505bbf01aea23dd17
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 16:43:03 GMT
content-type: application/json
x-powered-by: PHP/8.1.28, PleskLin
content-encoding: br
X-Firefox-Spdy: h2

cyan-snake-49168.zap.cloud/ics/core/form/core_form.js

185.223.31.112

200 OK

38 kB

URL GET HTTP/2
cyan-snake-49168.zap.cloud/ics/core/form/core_form.js
IP
185.223.31.112:443
ASN
#30823 aurologic GmbH

Requested by
https://cyan-snake-49168.zap.cloud/ics/a1b2c3/2c8af21cea8ab54505bbf01aea23dd17/login/?
Certificate
IssuerLet's Encrypt
Subjectcyan-snake-49168.zap.cloud
FingerprintAC:E8:07:8F:27:A7:17:52:A4:6B:2C:78:A4:3D:B6:9E:8B:F2:FE:37
ValidityTue, 16 Apr 2024 08:11:48 GMT - Mon, 15 Jul 2024 08:11:47 GMT

File type
JavaScript source, ASCII text, with very long lines (19542)
Size
38 kB (37968 bytes)
Hash
a071bb941ad8f7dbfe3590671e6cfa71
1c2f122339100c92e31fa84a9cf77868f1d4426b
b1eb0eebf375831b21605fb80e5779b7f7b30e2cff016f2b6d0fdb723c70adb6

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - International Card Services

HTTP Headers

GET /ics/core/form/core_form.js HTTP/1.1
Host: cyan-snake-49168.zap.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cyan-snake-49168.zap.cloud/ics/a1b2c3/2c8af21cea8ab54505bbf01aea23dd17/login/?
Cookie: real=OK; bid=2c8af21cea8ab54505bbf01aea23dd17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 16:42:53 GMT
content-type: application/javascript
last-modified: Tue, 24 Jan 2023 00:55:46 GMT
etag: W/"63cf2c92-9450"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (9)

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by