Report - zikooooo2-7ae2d.web.app/

Report Overview

Visited public
2023-12-19 03:44:18
Tags
suspicious
URL
zikooooo2-7ae2d.web.app/
Finishing URL
zikooooo2-7ae2d.web.app/
IP / ASN
199.36.158.100
#54113 FASTLY
Title
Roundcube Webmail :: Welcome to Roundcube Webmail
Suspicious - Suspicious Javascript code

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ajax.googleapis.com	12905	2005-01-25	2013-08-16 11:51:31	2023-12-18 12:32:43	450 B	32 kB	216.58.211.10
api.ipify.org	3267	2014-01-05	2014-10-06 14:38:43	2023-12-18 05:17:06	500 B	219 B	64.185.227.156
zikooooo2-7ae2d.web.app	unknown	2019-01-08	2023-01-31 16:26:37	2023-11-03 22:47:32	1.9 kB	17 kB	199.36.158.100

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-12-19 03:43:53	low	Client IP	Internal IP	ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
2023-12-19 03:43:53	low	Client IP	Internal IP	ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
2023-12-19 03:43:54	low	Client IP	64.185.227.156	ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-12-18	medium	zikooooo2-7ae2d.web.app/	Webmail Providers
2023-12-18	medium	zikooooo2-7ae2d.web.app/	Webmail Providers
2023-12-18	medium	zikooooo2-7ae2d.web.app/	Webmail Providers
2023-12-18	medium	zikooooo2-7ae2d.web.app/	Webmail Providers

PhishTank

Scan Date	Severity	Indicator	Alert
2023-02-01	medium	zikooooo2-7ae2d.web.app/	Other
2023-02-01	medium	zikooooo2-7ae2d.web.app/main.css	Other
2023-02-01	medium	zikooooo2-7ae2d.web.app/logo.png	Other
2023-02-01	medium	zikooooo2-7ae2d.web.app/skins/larry/images/favicon.ico	Other

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-12-19	medium	zikooooo2-7ae2d.web.app	Sinkholed
2023-12-19	medium	zikooooo2-7ae2d.web.app	Sinkholed
2023-12-19	medium	zikooooo2-7ae2d.web.app	Sinkholed
2023-12-19	medium	zikooooo2-7ae2d.web.app	Sinkholed

ThreatFox

No alerts detected

JavaScript (4)

	URL	From	Size	First Seen	Last Seen
	zikooooo2-7ae2d.web.app/	ScriptElement	275 B	2023-03-13	2025-06-06
Pretty URL zikooooo2-7ae2d.web.app/ IP 199.36.158.100 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-13 06:59 Last Seen2025-06-06 06:30 Times Seen171 Hash a70ebae2886fb43a6a304c6295f363ce 2043a0249fbdf80724d8dcfcbe11c0e4ff3eaf9e d47631712a7da45b4c992abf8012d292c4da866c7982403f29ca63aed3950303 Loading...

	ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js	ScriptElement	88 kB	2023-03-07	2025-06-17
Pretty URL ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js IP 216.58.211.10 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-06-17 05:38 Times Seen70071 Hash 220afd743d9e9643852e31a135a9f3ae 88523924351bac0b5d560fe0c5781e2556e7693d 0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a Loading...

	zikooooo2-7ae2d.web.app/	ScriptElement	190 B	2023-03-10	2025-06-06
Pretty URL zikooooo2-7ae2d.web.app/ IP 199.36.158.100 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-10 19:32 Last Seen2025-06-06 06:30 Times Seen198 Hash 3021310d1ac3ec41922ce6922d6c57d2 25d479d536176ca6d2b96d14d94269eef66b2a95 dc5aff77c2cf89051a17f80e0abe75c81afa0f3e6d8bab84108bfffc5fb92bdc Loading...

	zikooooo2-7ae2d.web.app/	ScriptElement	14 kB	2023-04-10	2025-06-06
Pretty URL zikooooo2-7ae2d.web.app/ IP 199.36.158.100 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-10 20:51 Last Seen2025-06-06 06:30 Times Seen171 Hash 1ed84679f677ffc86781e211f2a52a45 ce0fafd8de59d23890f84890c44efca6a56dccd2 150f3c0c24391923d3b20ca652b5a7d0c855bbb8dffc5000f885bd41a4ccda3d Loading...

HTTP Transactions (6)

URL IP Response Size

zikooooo2-7ae2d.web.app/

199.36.158.100

2.1 kB

URL
zikooooo2-7ae2d.web.app/
IP
199.36.158.100:0
ASN
#54113 FASTLY

File type
HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
2.1 kB (2135 bytes)
Hash
85577235b123a58fca46442fc87efba9
159d7166608dd34588d91c67e910876dbcc2c261
81ede8ce04a7f40e1114239a5997b178631b266345541171e4fee50a93a5faa4

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Webmail Providers
PhishTank	phishing	Other
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: zikooooo2-7ae2d.web.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
cache-control: max-age=3600
content-encoding: br
content-type: text/html; charset=utf-8
etag: "e9f9a66d9f861cd390424fc43971248fbaca88dfc0a06aeb400a4741689e7ae9-br"
last-modified: Tue, 31 Jan 2023 13:37:25 GMT
strict-transport-security: max-age=31556926; includeSubDomains; preload
accept-ranges: bytes
date: Tue, 19 Dec 2023 03:43:52 GMT
x-served-by: cache-hel1410034-HEL
x-cache: MISS
x-cache-hits: 0
x-timer: S1702957433.703601,VS0,VE287
vary: x-fh-requested-host, accept-encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 2135
X-Firefox-Spdy: h2

zikooooo2-7ae2d.web.app/main.css

199.36.158.100

200 OK

8.3 kB

URL GET HTTP/3
zikooooo2-7ae2d.web.app/main.css
IP
199.36.158.100:443
ASN
#54113 FASTLY

Requested by
https://zikooooo2-7ae2d.web.app/
Certificate
IssuerGoogle Trust Services LLC
Subjectweb.app
Fingerprint91:91:14:02:FC:83:4D:86:C4:39:E9:2F:0A:4D:72:FC:05:07:86:F3
ValidityMon, 13 Nov 2023 20:32:12 GMT - Sun, 11 Feb 2024 20:32:11 GMT

File type
ASCII text, with CRLF line terminators
Size
8.3 kB (8272 bytes)
Hash
45369ae734183a95b2057cf53ad1eb50
29097f1fc089233c26743fa3f8d1898799dcc9f5
bcf3b6c612e0ed5856c3989de5b66e3b51ba54eece6e5b1e0bc5accfc42e425c

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Webmail Providers
PhishTank	phishing	Other
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /main.css HTTP/1.1
Host: zikooooo2-7ae2d.web.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zikooooo2-7ae2d.web.app/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-length: 8272
cache-control: max-age=3600
content-encoding: br
content-type: text/css; charset=utf-8
etag: "7b10f7a90fb22cc151984d7d82823aa6b8813e283685ca997d2cbdcc827ae8c0-br"
last-modified: Tue, 31 Jan 2023 13:37:25 GMT
strict-transport-security: max-age=31556926; includeSubDomains; preload
accept-ranges: bytes
date: Tue, 19 Dec 2023 03:43:53 GMT
x-served-by: cache-hel1410032-HEL
x-cache: MISS
x-cache-hits: 0
x-timer: S1702957433.312071,VS0,VE56
vary: x-fh-requested-host, accept-encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400

ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js

216.58.211.10

200 OK

31 kB

URL GET HTTP/2
ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js
IP
216.58.211.10:443
ASN
#15169 GOOGLE

Requested by
https://zikooooo2-7ae2d.web.app/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint10:D0:ED:9A:F4:53:C8:99:DE:B6:5E:5C:04:E6:20:0B:68:7D:46:EC
ValidityMon, 20 Nov 2023 08:08:50 GMT - Mon, 12 Feb 2024 08:08:49 GMT

File type
ASCII text, with very long lines (65451)
Size
31 kB (30774 bytes)
Hash
220afd743d9e9643852e31a135a9f3ae
88523924351bac0b5d560fe0c5781e2556e7693d
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a

HTTP Headers

GET /ajax/libs/jquery/3.4.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zikooooo2-7ae2d.web.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30774
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 16 Dec 2023 15:58:21 GMT
expires: Sun, 15 Dec 2024 15:58:21 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Mon, 13 May 2019 14:37:17 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 215132
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

zikooooo2-7ae2d.web.app/logo.png

199.36.158.100

200 OK

3.6 kB

URL GET HTTP/3
zikooooo2-7ae2d.web.app/logo.png
IP
199.36.158.100:443
ASN
#54113 FASTLY

Requested by
https://zikooooo2-7ae2d.web.app/
Certificate
IssuerGoogle Trust Services LLC
Subjectweb.app
Fingerprint91:91:14:02:FC:83:4D:86:C4:39:E9:2F:0A:4D:72:FC:05:07:86:F3
ValidityMon, 13 Nov 2023 20:32:12 GMT - Sun, 11 Feb 2024 20:32:11 GMT

File type
PNG image data, 177 x 49, 8-bit colormap, non-interlaced
Size
3.6 kB (3648 bytes)
Hash
c344bf2b813693240b327482466dda95
8582063bfa786e25c37be0b21a335f27056d701e
85256d019c76dafce023e67c1942fd2287ced7c7503d207991e54d33ac1b37fd

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Webmail Providers
PhishTank	phishing	Other
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /logo.png HTTP/1.1
Host: zikooooo2-7ae2d.web.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zikooooo2-7ae2d.web.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-length: 3648
cache-control: max-age=3600
content-encoding: br
content-type: image/png
etag: "1c9fa50a5ed28d6f7c4af3ffa7b1950f08f3be3c1141e542da65090f3294b9b5-br"
last-modified: Tue, 31 Jan 2023 13:37:25 GMT
strict-transport-security: max-age=31556926; includeSubDomains; preload
accept-ranges: bytes
date: Tue, 19 Dec 2023 03:43:53 GMT
x-served-by: cache-hel1410032-HEL
x-cache: MISS
x-cache-hits: 0
x-timer: S1702957433.313362,VS0,VE90
vary: x-fh-requested-host, accept-encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400

zikooooo2-7ae2d.web.app/skins/larry/images/favicon.ico

199.36.158.100

404 Not Found

853 B

URL GET HTTP/3
zikooooo2-7ae2d.web.app/skins/larry/images/favicon.ico
IP
199.36.158.100:443
ASN
#54113 FASTLY

Requested by
https://zikooooo2-7ae2d.web.app/
Certificate
IssuerGoogle Trust Services LLC
Subjectweb.app
Fingerprint91:91:14:02:FC:83:4D:86:C4:39:E9:2F:0A:4D:72:FC:05:07:86:F3
ValidityMon, 13 Nov 2023 20:32:12 GMT - Sun, 11 Feb 2024 20:32:11 GMT

File type
HTML document, ASCII text
Size
853 B (853 bytes)
Hash
0a27a4163254fc8fce870c8cc3a3f94f
f27cf04699668916346eee510eab7e5a17e83997
b77b97fe780d35d18248abd1d2f42f444afbabe43f6abcd8fa8ebb3d47825eee

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Webmail Providers
PhishTank	phishing	Other
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /skins/larry/images/favicon.ico HTTP/1.1
Host: zikooooo2-7ae2d.web.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zikooooo2-7ae2d.web.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 404 Not Found
content-length: 853
cache-control: max-age=3600
content-encoding: gzip
content-type: text/html; charset=utf-8
etag: "daa499dd96d8229e73235345702ba32f0793f0c8e5c0d30e40e37a5872be57aa"
last-modified: Tue, 31 Jan 2023 13:37:25 GMT
strict-transport-security: max-age=31556926; includeSubDomains; preload
accept-ranges: bytes
date: Tue, 19 Dec 2023 03:43:53 GMT
x-served-by: cache-hel1410032-HEL
x-cache: MISS
x-cache-hits: 0
x-timer: S1702957434.559552,VS0,VE217
vary: x-fh-requested-host, accept-encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400

api.ipify.org/?format=json

64.185.227.156

200 OK

21 B

URL GET HTTP/1.1
api.ipify.org/?format=json
IP
64.185.227.156:443
ASN
#18450 WEBNX

Requested by
https://zikooooo2-7ae2d.web.app/
Certificate
IssuerSectigo Limited
Subject*.ipify.org
FingerprintF4:76:2D:2C:65:D1:15:BE:19:A4:C5:E0:8D:EB:89:1A:B6:75:4A:54
ValidityTue, 07 Feb 2023 00:00:00 GMT - Sun, 18 Feb 2024 23:59:59 GMT

File type
JSON data
Size
21 B (21 bytes)
Hash
7d69c71af0f191e9a72db6153f8018d1
f67c5f2887bc05654b47f76e9621e53a4091aed1
5bac6e06cf0e1ad38c55f9f9d12122272bf4b8157877629fe68cd33fe2133c65

HTTP Headers

GET /?format=json HTTP/1.1
Host: api.ipify.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://zikooooo2-7ae2d.web.app
DNT: 1
Connection: keep-alive
Referer: https://zikooooo2-7ae2d.web.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.1
Date: Tue, 19 Dec 2023 03:43:53 GMT
Content-Type: application/json
Content-Length: 21
Connection: keep-alive
Access-Control-Allow-Origin: *
Vary: Origin

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (4)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (6)

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/3