Report - rere12.hopto.org/LandDean404SP.zip

Report Overview

Submitted URL
rere12.hopto.org/LandDean404SP.zip
IP
102.185.0.173
ASN
#24835 RAYA Telecom - Egypt
Submitted
2024-05-09 00:05:31
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
dyndns
urlquery detections
Suspicious - DynDNS domain

Detections

urlquery
2
Network Intrusion Detection
0
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
rere12.hopto.org	unknown	2000-02-17	2021-12-09	2024-03-22	404 B	1.2 MB	102.185.0.173

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
rere12.hopto.org/LandDean404SP.zip
IP
102.185.0.173
ASN
#24835 RAYA Telecom - Egypt

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
1.2 MB (1167968 bytes)
Hash
cb5fffa51a3d5a9bc7ce7f691c9cb6e5
7176e0dc0cb665e6667c282baef4866aff72a382
ccc99bfb2de8fc02a8c7ccd2bf3c375c217ecf3261ddc7ab866867887eee1043

Archive (36)

Modified	Filename	Size	Md5	File type
2023-11-18 17:42	._LandDean404SP	220 B	57895b64f9fd25d68e4a17365c430348	AppleDouble encoded Macintosh file
2023-11-18 17:54	index.php	488 B	1f387f764daeddbf75d14a80958c0d7e	PHP script, Unicode text, UTF-8 text, with very long lines (454)
2023-11-18 16:56	robots.txt	25 B	9152d7f1724ed8fbcd2e0c87029f193c	ASCII text
2023-11-18 17:42	.htaccess	3.2 MB	85295824bff070dc553d8fb58a0c9727	Unicode text, UTF-8 text
2023-11-18 16:56	.DS_Store	6.1 kB	40deeecc6b861dba5eaa02ed3acf037c	Apple Desktop Services Store
2023-11-18 17:57	index.php	189 B	005b414649d2aa28dcd11033d38e01b8	PHP script, ASCII text, with no line terminators
2023-11-18 19:21	functions.php	1.8 kB	d704ae0103c5bb1191f4ddadd22fd7d5	PHP script, ASCII text
2023-11-18 16:56	geoplugin.class.php	4.1 kB	e52540df9e610163e50fed49c36ae82c	PHP script, ASCII text
2023-11-18 16:56	control.css	2.2 kB	d6bbfab01be5df170c1dbfd6cc987cc1	ASCII text
2023-11-18 17:59	control.php	1.2 kB	fdab914ad57cc9d69551feadd1a77f80	PHP script, ASCII text, with very long lines (468)
2023-11-18 18:21	i-.php	5.2 kB	6085187e00e8e3792458400b5683e7c9	PHP script, Unicode text, UTF-8 text, with very long lines (704)
2023-11-18 20:50	sms.php	4.5 kB	4585de3ff65d6759883134cce938fee4	PHP script, Unicode text, UTF-8 text
2023-11-18 17:33	.DS_Store	6.1 kB	e9a8226cfa01f83ffcdc713307723cfa	Apple Desktop Services Store
2023-11-18 17:42	index.php	4.8 kB	e32ca47629aaa6755408e25d5d1d1a3b	PHP script, ASCII text
2023-11-18 20:50	smsErr.php	4.9 kB	d411430da48000d9708f0fea9467ae64	PHP script, Unicode text, UTF-8 text
2023-11-18 19:20	thankyou.php	4.2 kB	09ca689eabbd84b0d10e5e733ce70fdc	PHP script, Unicode text, UTF-8 text
2023-11-18 17:19	logerr.php	5.2 kB	dd61418ef649395453ad8da53a83f831	PHP script, Unicode text, UTF-8 text
2023-11-18 20:48	cleave.min.js	21 kB	9d800c462d0440e0e0791df6bdb2745f	JavaScript source, ASCII text, with very long lines (20970)
2023-11-18 17:39	loading.php	4.2 kB	789b207918e4e5e816393b5684346e69	PHP script, ASCII text
2023-11-18 17:21	unlockID.php	3.8 kB	47a3fbd87c9178cc520c634ed5d08aa1	PHP script, Unicode text, UTF-8 text
2023-11-18 19:06	all.css	10 kB	8a64f52b138f4c9b17c9109fb8054c28	ASCII text, with very long lines (8270)
2023-11-17 19:35	lbpiaccess00.jpeg	452 kB	3d55acf35994da9b3cee278b068da3a3	JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CC 2019 (Macintosh), datetime=2019:06:27 16:16:29], baseline, precision 8, 2112x180, components 3
2023-11-17 19:35	._lbpiaccess00.jpeg	492 B	4a2a976c05a51014006b4a197557acd0	AppleDouble encoded Macintosh file
2023-11-18 17:04	favicon.ico	1.2 kB	a3e5b50fa24dc39773107eb827604fbf	MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
2023-11-18 17:04	._favicon.ico	426 B	a346110accd49598e6931ca723f22686	AppleDouble encoded Macintosh file
2023-11-17 22:03	close-1.png	35 kB	a6ffb3774e1dd45d8524396c20e9f953	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
2023-11-17 22:03	._close-1.png	498 B	21939370608acaf92b35010b7d532d0a	AppleDouble encoded Macintosh file
2023-11-17 22:32	Gear.gif	103 kB	226e422fdd973dbf7d897c6dcc5f655f	GIF image data, version 89a, 264 x 264
2023-11-17 22:30	Gear1.gif	136 kB	35a86290118e8293ed2c826c155fae2d	GIF image data, version 89a, 264 x 264
2023-11-17 22:27	Gear0.gif	22 kB	40f95974f90d9370d75c8f7e4a91aa3e	GIF image data, version 89a, 200 x 200
2023-11-17 20:23	bancnet_logo.png	4.9 kB	42b59135522de0941948f23d94b4e213	PNG image data, 200 x 50, 8-bit/color RGBA, non-interlaced
2023-11-17 20:23	._bancnet_logo.png	431 B	9a4bb3ff6a4b24fb6a247fa8b0abd0ac	AppleDouble encoded Macintosh file
2023-11-17 19:57	login_advisory.jpeg	219 kB	1f03415493c92e9513c1518f8dfad4a4	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1333x650, components 3
2023-11-17 19:57	._login_advisory.jpeg	540 B	e6013a1181a3dffeb388ddbe419c998c	AppleDouble encoded Macintosh file
2023-11-17 20:46	lato-regular-webfont.woff2	30 kB	9eff14a7ec51fd323ad5ba9ba4878b8c	Web Open Font Format (Version 2), TrueType, length 29880, version 1.0
2023-11-17 20:44	fontawesome-webfont.eot	166 kB	674f50d287a8c48dc19ba404d20fe713	Embedded OpenType (EOT), FontAwesome family

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

rere12.hopto.org/LandDean404SP.zip

102.185.0.173

200 OK

1.2 MB

URL User Request GET HTTP/1.1
rere12.hopto.org/LandDean404SP.zip
IP
102.185.0.173:80
ASN
#24835 RAYA Telecom - Egypt

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
1.2 MB (1167968 bytes)
Hash
cb5fffa51a3d5a9bc7ce7f691c9cb6e5
7176e0dc0cb665e6667c282baef4866aff72a382
ccc99bfb2de8fc02a8c7ccd2bf3c375c217ecf3261ddc7ab866867887eee1043

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /LandDean404SP.zip HTTP/1.1
Host: rere12.hopto.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 09 May 2024 00:05:05 GMT
Server: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/8.1.6
Last-Modified: Sat, 18 Nov 2023 19:53:50 GMT
ETag: "11d260-60a729c9ec28a"
Accept-Ranges: bytes
Content-Length: 1167968
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/zip

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (36)

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers