Report Overview
Submitted URL
rere12.hopto.org/USPS%20(3).zip
IP
102.185.0.173
ASN
#24835 RAYA Telecom - Egypt
Submitted
2024-05-09 00:05:41
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
Suspicious - DynDNS domain
Detections
urlquery
2
Network Intrusion Detection
0
Threat Detection Systems
5
Domain Summary
Domain / FQDN | Rank | Registered | First Seen | Last Seen | Sent | Received | IP |
---|---|---|---|---|---|---|---|
rere12.hopto.org | unknown | 2000-02-17 | 2021-12-09 | 2024-03-22 | 401 B | 103 kB | 102.185.0.173 |
Related reports
Network Intrusion Detection Systems
Suricata /w Emerging Threats Pro
Threat Detection Systems
Public InfoSec YARA rules
Scan Date | Severity | Indicator | Alert |
---|---|---|---|
2024-05-09 | medium | rere12.hopto.org/USPS%20(3).zip | Phishing Kit impersonating USPS |
2024-05-09 | medium | rere12.hopto.org/USPS%20(3).zip | Phishing Kit impersonating Uber |
OpenPhish
No alerts detected
PhishTank
No alerts detected
mnemonic secure dns
No alerts detected
Quad9 DNS
No alerts detected
ThreatFox
No alerts detected
Files detected
URL
rere12.hopto.org/USPS%20(3).zip
IP
102.185.0.173
ASN
#24835 RAYA Telecom - Egypt
File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
102 kB (102428 bytes)
Hash
9a23606b7674591df554bea09ef60cf0
947e8cda0185838ff9cd2146359856d1f2d72927
Archive (19)
Filename | Md5 | File type |
---|---|---|
thanks.php | eb23d17b238d6eb5bce093399fa17da4 | PHP script, Unicode text, UTF-8 text, with very long lines (517) |
captured.txt | 6ab76dd0d1827c196966c4c135cfd795 | ASCII text |
index.php | 0c24c71ad7f33b7ee5b333480d0a5090 | PHP script, Unicode text, UTF-8 text, with very long lines (517) |
index4.php | b5d2b34f748708e9bf8b58f1ab33f6b3 | PHP script, Unicode text, UTF-8 text, with very long lines (517) |
index2.php | ff1df259e96b26d727232427211c8bfb | PHP script, Unicode text, UTF-8 text, with very long lines (517) |
index5.php | 22bc120fe72ee4cdfd94bfbc7ff48ca0 | PHP script, Unicode text, UTF-8 text, with very long lines (517) |
index6.php | 50abc9126c186779dd7bc2ee0bef860e | PHP script, Unicode text, UTF-8 text, with very long lines (517) |
id.php | 78ad677b49dc3d53b41d700e8b3c1e03 | PHP script, ASCII text |
anti3.php | ea346b11acbcfcf48a52f05211b506e9 | PHP script, ASCII text, with very long lines (4162), with no line terminators |
anti7.php | 1ff42854e8fc9f66238c85ddefd15052 | PHP script, ASCII text, with very long lines (2915), with CRLF line terminators |
anti5.php | 0b0239b0d3aadcfec877e84c6eb3350e | PHP script, ASCII text, with very long lines (5935), with no line terminators |
anti4.php | c651311f855d5aa682a65385d411a294 | PHP script, ASCII text, with very long lines (7526), with no line terminators |
anti6.php | bccb29cfcad7540389ff4b1200555765 | PHP script, ASCII text, with very long lines (2668) |
anti1.php | d1e96bfaf9f96839bd166a9c4c7c79ae | PHP script, ASCII text, with very long lines (1306), with CRLF line terminators |
anti8.php | f93633191650238ef758192211e4c5d0 | PHP script, ASCII text, with CRLF line terminators |
anti2.php | ef66f2709aa2b68bb45cbf5b7837063d | PHP script, ASCII text, with very long lines (1604), with no line terminators |
index3.php | 25a420238409dcc2269dc295da6af7e7 | PHP script, Unicode text, UTF-8 text, with very long lines (517) |
block_bot.txt | ce6c2083ba83dc7aaf856218cb338d13 | ASCII text |
index.php | bbfd354ee93b24d05c153c5deda9e4e5 | PHP script, Unicode text, UTF-8 text, with very long lines (3218), with CRLF line terminators |
Detections
Analyzer | Verdict | Alert |
---|---|---|
Phishing Kit YARA rules | phishing | Phishing Kit impersonating USPS |
Phishing Kit YARA rules | phishing | Phishing Kit impersonating Uber |
VirusTotal | suspicious |
JavaScript (0)
HTTP Transactions (1)
URL | IP | Response | Size | ||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
rere12.hopto.org/USPS%20(3).zip | 102.185.0.173 | 200 OK | 102 kB | ||||||||||||||||
Detections
HTTP Headers
| |||||||||||||||||||