Report - ipv6.dickrowemarine.com.au/MYPOSTLET.zip

Report Overview

Submitted URL
ipv6.dickrowemarine.com.au/MYPOSTLET.zip
IP
103.20.202.177
ASN
#38719 Dreamscape Networks Limited
Submitted
2024-04-26 04:13:35
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
5

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ipv6.dickrowemarine.com.au	unknown	unknown	2023-05-11	2024-03-11	494 B	1.6 MB	103.20.202.177

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2024-04-26	medium	ipv6.dickrowemarine.com.au/MYPOSTLET.zip	Phishing Kit impersonating USPS
2024-04-26	medium	ipv6.dickrowemarine.com.au/MYPOSTLET.zip	Phishing Kit impersonating USPS

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
ipv6.dickrowemarine.com.au/MYPOSTLET.zip
IP
103.20.202.177
ASN
#38719 Dreamscape Networks Limited

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
1.6 MB (1553060 bytes)
Hash
8a9d789caeffdeed7de956e0dfd619fc
ecf9be2e32f0542dced413361d17562ef73e4994
6871415508f508553ca17b9d7d536409f65f87d375263df0beb6802529728407

Archive (91)

Modified	Filename	Size	Md5	File type
2021-04-03 18:10	bite.php	10 kB	06336175604eb981a5788bcd84a0b6b6	PHP script, ASCII text, with CRLF line terminators
2021-04-03 18:10	country.php	45 kB	1e7f16ed626cb949ff33897948cdde33	PHP script, ASCII text, with CRLF line terminators
2021-04-03 18:10	geoplugin.class.php	5.3 kB	065653da11fb96ba47a4c16977981fcf	PHP script, ASCII text, with CRLF line terminators
2021-04-03 18:10	index.php	183 B	57eb774f92340b6ce384f4b6bb4401bf	PHP script, ASCII text
2021-04-03 18:10	logger.php	1.5 kB	fa1246010d778353172c1d93f873f49b	PHP script, ASCII text, with CRLF line terminators
2023-02-19 08:36	index.php	1.0 kB	7f4bdcfe310e18b92d19122b0fb5d3fc	PHP script, ASCII text, with CRLF line terminators
2020-09-01 20:52	.htaccess	117 kB	5d51df4531167b318b9f543c799d040f	Unicode text, UTF-8 text, with CRLF line terminators
2020-07-08 12:33	anti1.php	2.8 kB	d1e96bfaf9f96839bd166a9c4c7c79ae	PHP script, ASCII text, with very long lines (1306), with CRLF line terminators
2020-07-08 12:33	anti2.php	1.6 kB	ef66f2709aa2b68bb45cbf5b7837063d	PHP script, ASCII text, with very long lines (1604), with no line terminators
2020-07-08 12:33	anti3.php	4.2 kB	ea346b11acbcfcf48a52f05211b506e9	PHP script, ASCII text, with very long lines (4162), with no line terminators
2020-07-08 12:33	anti4.php	7.5 kB	c651311f855d5aa682a65385d411a294	PHP script, ASCII text, with very long lines (7526), with no line terminators
2020-07-08 12:33	anti5.php	5.9 kB	0b0239b0d3aadcfec877e84c6eb3350e	PHP script, ASCII text, with very long lines (5935), with no line terminators
2020-07-08 12:33	anti6.php	3.8 kB	bccb29cfcad7540389ff4b1200555765	PHP script, ASCII text, with very long lines (2668)
2020-07-08 12:33	anti7.php	4.3 kB	1ff42854e8fc9f66238c85ddefd15052	PHP script, ASCII text, with very long lines (2915), with CRLF line terminators
2020-07-08 12:33	anti8.php	8.7 kB	f93633191650238ef758192211e4c5d0	PHP script, ASCII text, with CRLF line terminators
2020-10-14 00:53	antibots.php	32 kB	6c0b783009162cfcb98e65646296e53d	PHP script, ASCII text, with very long lines (15391), with CRLF line terminators
2020-07-08 12:33	blocker.php	3.3 kB	e35cdcb06d1700b4727c9a2e93af1b31	PHP script, ASCII text, with very long lines (1915), with CRLF line terminators
2020-10-14 00:48	index.php	317 B	ddc69573a199f0db0718329f366cce6b	PHP script, ASCII text, with CRLF line terminators
2024-01-19 23:44	id.php	140 B	171f18fca6b5fcd9f604bda71574d2ae	PHP script, ASCII text
2020-09-29 08:35	american-express-logo.svg	4.2 kB	6da008c830610513f0153e557c47e8e9	SVG Scalable Vector Graphics image
2020-09-29 08:35	discover-logo.svg	7.5 kB	d022eb57f93cef8da7a7b55cde321340	SVG Scalable Vector Graphics image
2020-10-01 05:02	logo_3d.gif	12 kB	66a578da2f352d234103c609d1c3a519	GIF image data, version 89a, 160 x 149
2020-09-29 08:34	mastercard-logo.svg	7.4 kB	c3faee93471f9b5be7535bc2a1a3b28d	SVG Scalable Vector Graphics image
2020-10-01 03:18	otp-sms-services-500x500.png	42 kB	e538828e66cbe0a2da6e176bf630bfa6	PNG image data, 500 x 201, 8-bit/color RGBA, interlaced
2020-10-01 05:01	usps.png	7.4 kB	12fc2fb46d7523721d71375cb0e11bdd	PNG image data, 600 x 72, 8-bit colormap, non-interlaced
2020-09-29 08:34	visa-logo.svg	1.9 kB	9479763efa7d56783b67ecef07bd9644	SVG Scalable Vector Graphics image
2023-02-16 06:29	index.php	620 kB	094633187b442865398fc48c8f307c64	PHP script, Unicode text, UTF-8 (with BOM) text, with very long lines (58895)
2023-02-16 06:29	index2.php	722 kB	6088c5e7c7aa2e00156311405c3d2b77	PHP script, Unicode text, UTF-8 (with BOM) text, with very long lines (33108)
2023-02-27 03:08	index3.php	25 kB	0b1e790d156a6b32b89abb43df989059	PHP script, Unicode text, UTF-8 (with BOM) text, with very long lines (4097)
2023-02-27 03:08	index4.php	27 kB	b763bdb8d12d4d1b127edde830555d50	PHP script, Unicode text, UTF-8 (with BOM) text, with very long lines (4097)
2023-02-27 03:10	index5.php	27 kB	46f826aeed75c6aca2879a9336e144a4	PHP script, Unicode text, UTF-8 (with BOM) text, with very long lines (4097)
2021-08-31 07:27	mailto.php	944 B	4f2662cbaa398c938541b2ed2ad5176b	PHP script, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
2023-02-16 06:30	pin.php	643 kB	3baea7e69d038f8d8d0e3d4a6c65b4a3	PHP script, Unicode text, UTF-8 (with BOM) text, with very long lines (57086)
2023-02-10 21:23	post1.php	995 B	4d855c9bff08fead14c62488a884347c	PHP script, ASCII text, with CRLF line terminators
2023-02-10 21:23	post2.php	886 B	c61a2634608fb5a8d5bd6f35c17b94c1	PHP script, Unicode text, UTF-8 text, with CRLF line terminators
2023-02-19 00:14	post4.php	749 B	cc3f65d7680655051d894cd5a042ce95	PHP script, ASCII text, with CRLF line terminators
2023-02-19 00:18	post5.php	754 B	db1f9f66af1e2178e3dc57a320213077	PHP script, ASCII text, with CRLF line terminators
2023-02-10 21:23	postpin.php	815 B	1137f97caece181d43e1f7c6fd559d3e	PHP script, ASCII text, with CRLF line terminators
2021-11-04 08:31	thanks.php	1.2 MB	6ad20bcb62cc71ed84fe3dfecd67cb40	HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (3705)
2023-02-27 03:09	wait.php	25 kB	94d4425005cf32d639c6dbab86922ad8	PHP script, Unicode text, UTF-8 (with BOM) text, with very long lines (4097)
2021-11-04 08:34	zebna.html	1.2 MB	39a8d6cf0dbfe9a1d5b0e918e5573499	HTML document, ASCII text, with very long lines (3705), with CRLF line terminators
2021-11-04 08:29	662331570529793.js	313 kB	d45c6b86fd41ceb027ee858b78188b39	JavaScript source, ASCII text, with very long lines (64471)
2021-11-04 08:29	662331570529793.txt	313 kB	2e1186edf39c7e7686fa4f93770214b3	JavaScript source, ASCII text, with very long lines (64471)
2021-11-04 08:29	a	2.4 kB	ef0ec2837582664b061be2fe28ff4e8a	JavaScript source, ASCII text, with very long lines (2389), with no line terminators
2021-11-04 08:29	activityi.htm	306 B	bccaf91adbb2d399e3f6ebf43c4ed3ff	HTML document, ASCII text, with CRLF line terminators
2021-11-04 08:29	activityi_002.htm	563 B	e8182cad9bc9d52e0fff3b684ffa4467	HTML document, ASCII text, with CRLF line terminators
2021-11-04 08:29	src4621208.gif	42 B	d89746888da2d9510b64a9f031eaecd5	GIF image data, version 89a, 1 x 1
2021-11-04 08:29	dc_preCLOn36Dn_vMCFciBhQodi3QLWw.gif	42 B	d89746888da2d9510b64a9f031eaecd5	GIF image data, version 89a, 1 x 1
2021-11-04 08:29	adsct.txt	31 B	872bb1fc2f7775cd82f45d110bbc384e	ASCII text, with no line terminators
2021-11-04 08:29	ap-acknowledgement-logos.svg	42 kB	f86abf3d9a26957f77c76a9241812c62	SVG Scalable Vector Graphics image
2021-11-04 08:29	a_002	2.4 kB	f3ba8a277dce0b7f3b284892c0e9b146	JavaScript source, ASCII text, with very long lines (2389), with no line terminators
2021-11-04 08:29	bat.txt	35 kB	36dd68dca14846515595ef1ab0c68993	JavaScript source, ASCII text, with very long lines (35056), with no line terminators
2021-11-04 08:29	branch-latest.js	81 kB	7f5647aaad5092bf75263893da2512f4	JavaScript source, ASCII text, with very long lines (2646)
2021-11-04 08:29	branch-latest.txt	81 kB	7f5647aaad5092bf75263893da2512f4	JavaScript source, ASCII text, with very long lines (2646)
2021-11-04 08:29	clientlib.css	554 kB	bec8ac8722e6256667d63dcfacfcfbdd	ASCII text, with very long lines (65433)
2021-11-04 08:29	clientlib.txt	960 B	2025b0b1b45c78ab7a20a55ef947e4c9	JavaScript source, ASCII text, with very long lines (857)
2021-11-04 08:29	clientlib_002.txt	12 kB	75b46a8ce567c68779e84fe0bb7befa4	JavaScript source, ASCII text, with very long lines (12441)
2021-11-04 08:29	clientlib_003.txt	5.5 kB	633ba1d8119a6326969fdc9c708865c7	JavaScript source, ASCII text, with very long lines (5390)
2021-11-04 08:29	clientlib_004.txt	21 kB	3300a3fa38d243419efc21928ba64d21	JavaScript source, ASCII text, with very long lines (20612)
2021-11-04 08:29	clientlib_005.txt	1.8 kB	19954a7202f628986af1edf89fd9e204	JavaScript source, ASCII text, with very long lines (1701)
2021-11-04 08:29	clientlib_006.txt	49 kB	eb85416aa59a4e565dbdd0b07079fc04	JavaScript source, ASCII text, with very long lines (49165)
2021-11-04 08:29	clientlib_007.txt	8.3 kB	741ef883aa45c0b88cd2e38125d925a5	JavaScript source, ASCII text, with very long lines (8046)
2021-11-04 08:29	conversion_async.js	38 kB	4934a5a4e4201c46ad448c96ca8ec98e	JavaScript source, ASCII text, with very long lines (2165)
2021-11-04 08:29	core.js	1.1 kB	95580b4fad0d5513b92f05a5be0d5a38	ASCII text, with very long lines (1142), with no line terminators
2021-11-04 08:29	core.txt	1.1 kB	95580b4fad0d5513b92f05a5be0d5a38	ASCII text, with very long lines (1142), with no line terminators
2021-11-04 08:29	EX1f0da9d63d8945dd8a57a3766052c373-libraryCode_source.js	44 kB	05b0993d48732b1866a0b572c1772f18	JavaScript source, ASCII text, with very long lines (32760)
2021-11-04 08:29	EX1f0da9d63d8945dd8a57a3766052c373-libraryCode_source.txt	44 kB	05b0993d48732b1866a0b572c1772f18	JavaScript source, ASCII text, with very long lines (32760)
2021-11-04 08:29	f.txt	38 kB	53c01120b71d965627a97c32e726098e	JavaScript source, ASCII text, with very long lines (2165)
2021-11-04 08:29	f1.txt	43 B	ad8b6f08655797587cdec719a94efe59	ASCII text, with no line terminators
2021-11-04 08:29	fbevents.js	101 kB	df3f71fe350759e763f740a95c405299	JavaScript source, ASCII text, with very long lines (64343)
2021-11-04 08:29	fbevents.txt	101 kB	df3f71fe350759e763f740a95c405299	JavaScript source, ASCII text, with very long lines (64343)
2021-11-04 08:29	identity.js	65 kB	444a10d2d51a1401bd5a0ba3cd4be9a9	JavaScript source, ASCII text, with very long lines (59766)
2021-11-04 08:29	identity.txt	65 kB	444a10d2d51a1401bd5a0ba3cd4be9a9	JavaScript source, ASCII text, with very long lines (59766)
2021-11-04 08:29	inferredevents.js	71 kB	e58928cadbddfb1c76a10d021c77fe06	JavaScript source, ASCII text, with very long lines (60258)
2021-11-04 08:29	inferredevents.txt	71 kB	e58928cadbddfb1c76a10d021c77fe06	JavaScript source, ASCII text, with very long lines (60258)
2021-11-04 08:29	insight.js	4.7 kB	3c4e9035aacf7e0be7a7650a0d682000	JavaScript source, ASCII text, with very long lines (4683)
2021-11-04 08:29	insight.txt	4.7 kB	3c4e9035aacf7e0be7a7650a0d682000	JavaScript source, ASCII text, with very long lines (4683)
2021-11-04 08:29	jquery.txt	90 kB	dc5e7f18c8d36ac1d3d4753a87c98d0a	JavaScript source, ASCII text, with very long lines (65451)
2021-11-04 08:29	js	89 kB	794f0b27ce562bf8d10031779690f3d4	JavaScript source, ASCII text, with very long lines (1896)
2021-11-04 08:29	js.txt	99 kB	8317ebdcfd0d827caef6967f4ce44bb3	JavaScript source, ASCII text, with very long lines (1896)
2021-11-04 08:29	js1.txt	89 kB	794f0b27ce562bf8d10031779690f3d4	JavaScript source, ASCII text, with very long lines (1896)
2021-11-04 08:29	js_002	89 kB	d91ea0f88ef53f8c95b5771976862c78	JavaScript source, ASCII text, with very long lines (1896)
2021-11-04 08:29	main.js	55 kB	e8e274ee4c9a244b5c046bd8deece171	JavaScript source, Unicode text, UTF-8 text, with very long lines (54990), with no line terminators
2021-11-04 08:29	main.txt	55 kB	e8e274ee4c9a244b5c046bd8deece171	JavaScript source, Unicode text, UTF-8 text, with very long lines (54990), with no line terminators
2021-11-04 08:29	microdata.js	51 kB	7064a93142ec89206018cd5d919fdf35	JavaScript source, ASCII text, with very long lines (45917)
2021-11-04 08:29	microdata.txt	51 kB	7064a93142ec89206018cd5d919fdf35	JavaScript source, ASCII text, with very long lines (45917)
2021-11-04 08:29	satelliteLib-9c215febcba74f72ca4a2cc8370a7f4b70048c28.txt	936 kB	4a661ea2900f69b71be8508f1c78268d	JavaScript source, ASCII text, with very long lines (32765)
2021-11-04 08:29	uwt.txt	14 kB	8dc11b7ca1d5ed9ec3b1ab1beb621c75	JavaScript source, ASCII text, with very long lines (14407), with no line terminators
2024-01-19 23:45	Views.txt	61 B	92e63c59deb87f800e15cc2c66dc8606	ASCII text
2024-01-19 23:48	rzlt.txt	584 B	634f7619e2252cc1d4fe25d5d3e12f86	Unicode text, UTF-8 text, with CRLF, LF line terminators
2024-01-19 23:45	views.txt	94 B	cbdbe65f7870ad29b61f1aa28fd740e0	ASCII text, with CRLF line terminators

Detections

Analyzer	Verdict	Alert
Phishing Kit YARA rules	phishing	Phishing Kit impersonating USPS
Phishing Kit YARA rules	phishing	Phishing Kit impersonating USPS
VirusTotal	malicious	VirusTotal - Scan result 12/63

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

ipv6.dickrowemarine.com.au/MYPOSTLET.zip

103.20.202.177

200 OK

1.6 MB

URL User Request GET HTTP/2
ipv6.dickrowemarine.com.au/MYPOSTLET.zip
IP
103.20.202.177:443
ASN
#38719 Dreamscape Networks Limited

Certificate
IssuerLet's Encrypt
Subjectwww.dickrowemarine.com.au
Fingerprint90:5B:C3:C2:C8:BE:91:0E:C6:8D:F1:E8:52:5F:DD:E7:F2:70:D1:C4
ValidityMon, 11 Mar 2024 02:19:29 GMT - Sun, 09 Jun 2024 02:19:28 GMT

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
1.6 MB (1553060 bytes)
Hash
8a9d789caeffdeed7de956e0dfd619fc
ecf9be2e32f0542dced413361d17562ef73e4994
6871415508f508553ca17b9d7d536409f65f87d375263df0beb6802529728407

Detections

Analyzer	Verdict	Alert
Phishing Kit YARA rules	phishing	Phishing Kit impersonating USPS
Phishing Kit YARA rules	phishing	Phishing Kit impersonating USPS
VirusTotal	malicious	VirusTotal - Scan result 12/63

HTTP Headers

GET /MYPOSTLET.zip HTTP/1.1
Host: ipv6.dickrowemarine.com.au
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 04:13:06 GMT
content-type: application/zip
content-length: 1553060
last-modified: Wed, 14 Feb 2024 20:07:32 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (91)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers