Report Overview
Submitted URL
ipv6.dickrowemarine.com.au/MYPOSTLET.zip
IP
103.20.202.177
ASN
#38719 Dreamscape Networks Limited
Submitted
2024-04-26 04:13:35
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected
Detections
urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
5
Domain Summary
Domain / FQDN | Rank | Registered | First Seen | Last Seen | Sent | Received | IP |
---|---|---|---|---|---|---|---|
ipv6.dickrowemarine.com.au | unknown | unknown | 2023-05-11 | 2024-03-11 | 494 B | 1.6 MB | 103.20.202.177 |
Related reports
Network Intrusion Detection Systems
Suricata /w Emerging Threats Pro
Threat Detection Systems
Public InfoSec YARA rules
Scan Date | Severity | Indicator | Alert |
---|---|---|---|
2024-04-26 | medium | ipv6.dickrowemarine.com.au/MYPOSTLET.zip | Phishing Kit impersonating USPS |
2024-04-26 | medium | ipv6.dickrowemarine.com.au/MYPOSTLET.zip | Phishing Kit impersonating USPS |
OpenPhish
No alerts detected
PhishTank
No alerts detected
mnemonic secure dns
No alerts detected
Quad9 DNS
No alerts detected
ThreatFox
No alerts detected
Files detected
URL
ipv6.dickrowemarine.com.au/MYPOSTLET.zip
IP
103.20.202.177
ASN
#38719 Dreamscape Networks Limited
File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
1.6 MB (1553060 bytes)
Hash
8a9d789caeffdeed7de956e0dfd619fc
ecf9be2e32f0542dced413361d17562ef73e4994
Archive (91)
Filename | Md5 | File type |
---|---|---|
bite.php | 06336175604eb981a5788bcd84a0b6b6 | PHP script, ASCII text, with CRLF line terminators |
country.php | 1e7f16ed626cb949ff33897948cdde33 | PHP script, ASCII text, with CRLF line terminators |
geoplugin.class.php | 065653da11fb96ba47a4c16977981fcf | PHP script, ASCII text, with CRLF line terminators |
index.php | 57eb774f92340b6ce384f4b6bb4401bf | PHP script, ASCII text |
logger.php | fa1246010d778353172c1d93f873f49b | PHP script, ASCII text, with CRLF line terminators |
index.php | 7f4bdcfe310e18b92d19122b0fb5d3fc | PHP script, ASCII text, with CRLF line terminators |
.htaccess | 5d51df4531167b318b9f543c799d040f | Unicode text, UTF-8 text, with CRLF line terminators |
anti1.php | d1e96bfaf9f96839bd166a9c4c7c79ae | PHP script, ASCII text, with very long lines (1306), with CRLF line terminators |
anti2.php | ef66f2709aa2b68bb45cbf5b7837063d | PHP script, ASCII text, with very long lines (1604), with no line terminators |
anti3.php | ea346b11acbcfcf48a52f05211b506e9 | PHP script, ASCII text, with very long lines (4162), with no line terminators |
anti4.php | c651311f855d5aa682a65385d411a294 | PHP script, ASCII text, with very long lines (7526), with no line terminators |
anti5.php | 0b0239b0d3aadcfec877e84c6eb3350e | PHP script, ASCII text, with very long lines (5935), with no line terminators |
anti6.php | bccb29cfcad7540389ff4b1200555765 | PHP script, ASCII text, with very long lines (2668) |
anti7.php | 1ff42854e8fc9f66238c85ddefd15052 | PHP script, ASCII text, with very long lines (2915), with CRLF line terminators |
anti8.php | f93633191650238ef758192211e4c5d0 | PHP script, ASCII text, with CRLF line terminators |
antibots.php | 6c0b783009162cfcb98e65646296e53d | PHP script, ASCII text, with very long lines (15391), with CRLF line terminators |
blocker.php | e35cdcb06d1700b4727c9a2e93af1b31 | PHP script, ASCII text, with very long lines (1915), with CRLF line terminators |
index.php | ddc69573a199f0db0718329f366cce6b | PHP script, ASCII text, with CRLF line terminators |
id.php | 171f18fca6b5fcd9f604bda71574d2ae | PHP script, ASCII text |
american-express-logo.svg | 6da008c830610513f0153e557c47e8e9 | SVG Scalable Vector Graphics image |
discover-logo.svg | d022eb57f93cef8da7a7b55cde321340 | SVG Scalable Vector Graphics image |
logo_3d.gif | 66a578da2f352d234103c609d1c3a519 | GIF image data, version 89a, 160 x 149 |
mastercard-logo.svg | c3faee93471f9b5be7535bc2a1a3b28d | SVG Scalable Vector Graphics image |
otp-sms-services-500x500.png | e538828e66cbe0a2da6e176bf630bfa6 | PNG image data, 500 x 201, 8-bit/color RGBA, interlaced |
usps.png | 12fc2fb46d7523721d71375cb0e11bdd | PNG image data, 600 x 72, 8-bit colormap, non-interlaced |
visa-logo.svg | 9479763efa7d56783b67ecef07bd9644 | SVG Scalable Vector Graphics image |
index.php | 094633187b442865398fc48c8f307c64 | PHP script, Unicode text, UTF-8 (with BOM) text, with very long lines (58895) |
index2.php | 6088c5e7c7aa2e00156311405c3d2b77 | PHP script, Unicode text, UTF-8 (with BOM) text, with very long lines (33108) |
index3.php | 0b1e790d156a6b32b89abb43df989059 | PHP script, Unicode text, UTF-8 (with BOM) text, with very long lines (4097) |
index4.php | b763bdb8d12d4d1b127edde830555d50 | PHP script, Unicode text, UTF-8 (with BOM) text, with very long lines (4097) |
index5.php | 46f826aeed75c6aca2879a9336e144a4 | PHP script, Unicode text, UTF-8 (with BOM) text, with very long lines (4097) |
mailto.php | 4f2662cbaa398c938541b2ed2ad5176b | PHP script, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators |
pin.php | 3baea7e69d038f8d8d0e3d4a6c65b4a3 | PHP script, Unicode text, UTF-8 (with BOM) text, with very long lines (57086) |
post1.php | 4d855c9bff08fead14c62488a884347c | PHP script, ASCII text, with CRLF line terminators |
post2.php | c61a2634608fb5a8d5bd6f35c17b94c1 | PHP script, Unicode text, UTF-8 text, with CRLF line terminators |
post4.php | cc3f65d7680655051d894cd5a042ce95 | PHP script, ASCII text, with CRLF line terminators |
post5.php | db1f9f66af1e2178e3dc57a320213077 | PHP script, ASCII text, with CRLF line terminators |
postpin.php | 1137f97caece181d43e1f7c6fd559d3e | PHP script, ASCII text, with CRLF line terminators |
thanks.php | 6ad20bcb62cc71ed84fe3dfecd67cb40 | HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (3705) |
wait.php | 94d4425005cf32d639c6dbab86922ad8 | PHP script, Unicode text, UTF-8 (with BOM) text, with very long lines (4097) |
zebna.html | 39a8d6cf0dbfe9a1d5b0e918e5573499 | HTML document, ASCII text, with very long lines (3705), with CRLF line terminators |
662331570529793.js | d45c6b86fd41ceb027ee858b78188b39 | JavaScript source, ASCII text, with very long lines (64471) |
662331570529793.txt | 2e1186edf39c7e7686fa4f93770214b3 | JavaScript source, ASCII text, with very long lines (64471) |
a | ef0ec2837582664b061be2fe28ff4e8a | JavaScript source, ASCII text, with very long lines (2389), with no line terminators |
activityi.htm | bccaf91adbb2d399e3f6ebf43c4ed3ff | HTML document, ASCII text, with CRLF line terminators |
activityi_002.htm | e8182cad9bc9d52e0fff3b684ffa4467 | HTML document, ASCII text, with CRLF line terminators |
src4621208.gif | d89746888da2d9510b64a9f031eaecd5 | GIF image data, version 89a, 1 x 1 |
dc_preCLOn36Dn_vMCFciBhQodi3QLWw.gif | d89746888da2d9510b64a9f031eaecd5 | GIF image data, version 89a, 1 x 1 |
adsct.txt | 872bb1fc2f7775cd82f45d110bbc384e | ASCII text, with no line terminators |
ap-acknowledgement-logos.svg | f86abf3d9a26957f77c76a9241812c62 | SVG Scalable Vector Graphics image |
a_002 | f3ba8a277dce0b7f3b284892c0e9b146 | JavaScript source, ASCII text, with very long lines (2389), with no line terminators |
bat.txt | 36dd68dca14846515595ef1ab0c68993 | JavaScript source, ASCII text, with very long lines (35056), with no line terminators |
branch-latest.js | 7f5647aaad5092bf75263893da2512f4 | JavaScript source, ASCII text, with very long lines (2646) |
branch-latest.txt | 7f5647aaad5092bf75263893da2512f4 | JavaScript source, ASCII text, with very long lines (2646) |
clientlib.css | bec8ac8722e6256667d63dcfacfcfbdd | ASCII text, with very long lines (65433) |
clientlib.txt | 2025b0b1b45c78ab7a20a55ef947e4c9 | JavaScript source, ASCII text, with very long lines (857) |
clientlib_002.txt | 75b46a8ce567c68779e84fe0bb7befa4 | JavaScript source, ASCII text, with very long lines (12441) |
clientlib_003.txt | 633ba1d8119a6326969fdc9c708865c7 | JavaScript source, ASCII text, with very long lines (5390) |
clientlib_004.txt | 3300a3fa38d243419efc21928ba64d21 | JavaScript source, ASCII text, with very long lines (20612) |
clientlib_005.txt | 19954a7202f628986af1edf89fd9e204 | JavaScript source, ASCII text, with very long lines (1701) |
clientlib_006.txt | eb85416aa59a4e565dbdd0b07079fc04 | JavaScript source, ASCII text, with very long lines (49165) |
clientlib_007.txt | 741ef883aa45c0b88cd2e38125d925a5 | JavaScript source, ASCII text, with very long lines (8046) |
conversion_async.js | 4934a5a4e4201c46ad448c96ca8ec98e | JavaScript source, ASCII text, with very long lines (2165) |
core.js | 95580b4fad0d5513b92f05a5be0d5a38 | ASCII text, with very long lines (1142), with no line terminators |
core.txt | 95580b4fad0d5513b92f05a5be0d5a38 | ASCII text, with very long lines (1142), with no line terminators |
EX1f0da9d63d8945dd8a57a3766052c373-libraryCode_source.js | 05b0993d48732b1866a0b572c1772f18 | JavaScript source, ASCII text, with very long lines (32760) |
EX1f0da9d63d8945dd8a57a3766052c373-libraryCode_source.txt | 05b0993d48732b1866a0b572c1772f18 | JavaScript source, ASCII text, with very long lines (32760) |
f.txt | 53c01120b71d965627a97c32e726098e | JavaScript source, ASCII text, with very long lines (2165) |
f1.txt | ad8b6f08655797587cdec719a94efe59 | ASCII text, with no line terminators |
fbevents.js | df3f71fe350759e763f740a95c405299 | JavaScript source, ASCII text, with very long lines (64343) |
fbevents.txt | df3f71fe350759e763f740a95c405299 | JavaScript source, ASCII text, with very long lines (64343) |
identity.js | 444a10d2d51a1401bd5a0ba3cd4be9a9 | JavaScript source, ASCII text, with very long lines (59766) |
identity.txt | 444a10d2d51a1401bd5a0ba3cd4be9a9 | JavaScript source, ASCII text, with very long lines (59766) |
inferredevents.js | e58928cadbddfb1c76a10d021c77fe06 | JavaScript source, ASCII text, with very long lines (60258) |
inferredevents.txt | e58928cadbddfb1c76a10d021c77fe06 | JavaScript source, ASCII text, with very long lines (60258) |
insight.js | 3c4e9035aacf7e0be7a7650a0d682000 | JavaScript source, ASCII text, with very long lines (4683) |
insight.txt | 3c4e9035aacf7e0be7a7650a0d682000 | JavaScript source, ASCII text, with very long lines (4683) |
jquery.txt | dc5e7f18c8d36ac1d3d4753a87c98d0a | JavaScript source, ASCII text, with very long lines (65451) |
js | 794f0b27ce562bf8d10031779690f3d4 | JavaScript source, ASCII text, with very long lines (1896) |
js.txt | 8317ebdcfd0d827caef6967f4ce44bb3 | JavaScript source, ASCII text, with very long lines (1896) |
js1.txt | 794f0b27ce562bf8d10031779690f3d4 | JavaScript source, ASCII text, with very long lines (1896) |
js_002 | d91ea0f88ef53f8c95b5771976862c78 | JavaScript source, ASCII text, with very long lines (1896) |
main.js | e8e274ee4c9a244b5c046bd8deece171 | JavaScript source, Unicode text, UTF-8 text, with very long lines (54990), with no line terminators |
main.txt | e8e274ee4c9a244b5c046bd8deece171 | JavaScript source, Unicode text, UTF-8 text, with very long lines (54990), with no line terminators |
microdata.js | 7064a93142ec89206018cd5d919fdf35 | JavaScript source, ASCII text, with very long lines (45917) |
microdata.txt | 7064a93142ec89206018cd5d919fdf35 | JavaScript source, ASCII text, with very long lines (45917) |
satelliteLib-9c215febcba74f72ca4a2cc8370a7f4b70048c28.txt | 4a661ea2900f69b71be8508f1c78268d | JavaScript source, ASCII text, with very long lines (32765) |
uwt.txt | 8dc11b7ca1d5ed9ec3b1ab1beb621c75 | JavaScript source, ASCII text, with very long lines (14407), with no line terminators |
Views.txt | 92e63c59deb87f800e15cc2c66dc8606 | ASCII text |
rzlt.txt | 634f7619e2252cc1d4fe25d5d3e12f86 | Unicode text, UTF-8 text, with CRLF, LF line terminators |
views.txt | cbdbe65f7870ad29b61f1aa28fd740e0 | ASCII text, with CRLF line terminators |
Detections
Analyzer | Verdict | Alert |
---|---|---|
Phishing Kit YARA rules | phishing | Phishing Kit impersonating USPS |
Phishing Kit YARA rules | phishing | Phishing Kit impersonating USPS |
VirusTotal | malicious |
JavaScript (0)
HTTP Transactions (1)
URL | IP | Response | Size | |||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
ipv6.dickrowemarine.com.au/MYPOSTLET.zip | 103.20.202.177 | 200 OK | 1.6 MB | |||||||||||||
Detections
HTTP Headers
| ||||||||||||||||