Report - rere12.hopto.org/USPS%20(3).zip

Report Overview

Submitted URL
rere12.hopto.org/USPS%20(3).zip
IP
102.185.0.173
ASN
#24835 RAYA Telecom - Egypt
Submitted
2024-05-09 00:05:41
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
dyndns
urlquery detections
Suspicious - DynDNS domain

Detections

urlquery
2
Network Intrusion Detection
0
Threat Detection Systems
5

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
rere12.hopto.org	unknown	2000-02-17	2021-12-09	2024-03-22	401 B	103 kB	102.185.0.173

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2024-05-09	medium	rere12.hopto.org/USPS%20(3).zip	Phishing Kit impersonating USPS
2024-05-09	medium	rere12.hopto.org/USPS%20(3).zip	Phishing Kit impersonating Uber

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
rere12.hopto.org/USPS%20(3).zip
IP
102.185.0.173
ASN
#24835 RAYA Telecom - Egypt

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
102 kB (102428 bytes)
Hash
9a23606b7674591df554bea09ef60cf0
947e8cda0185838ff9cd2146359856d1f2d72927
fe28bd8743b3ecc2b59eee6791402b1a7e0fdfa3256bf89d30672acf5787ed2b

Archive (19)

Modified	Filename	Size	Md5	File type
2023-10-06 17:26	thanks.php	46 kB	eb23d17b238d6eb5bce093399fa17da4	PHP script, Unicode text, UTF-8 text, with very long lines (517)
2023-10-14 11:17	captured.txt	3.2 kB	6ab76dd0d1827c196966c4c135cfd795	ASCII text
2023-10-06 15:35	index.php	54 kB	0c24c71ad7f33b7ee5b333480d0a5090	PHP script, Unicode text, UTF-8 text, with very long lines (517)
2023-10-06 17:58	index4.php	49 kB	b5d2b34f748708e9bf8b58f1ab33f6b3	PHP script, Unicode text, UTF-8 text, with very long lines (517)
2023-10-06 18:48	index2.php	51 kB	ff1df259e96b26d727232427211c8bfb	PHP script, Unicode text, UTF-8 text, with very long lines (517)
2023-10-06 18:08	index5.php	46 kB	22bc120fe72ee4cdfd94bfbc7ff48ca0	PHP script, Unicode text, UTF-8 text, with very long lines (517)
2023-10-06 18:09	index6.php	49 kB	50abc9126c186779dd7bc2ee0bef860e	PHP script, Unicode text, UTF-8 text, with very long lines (517)
2023-10-06 15:22	id.php	228 B	78ad677b49dc3d53b41d700e8b3c1e03	PHP script, ASCII text
2023-06-24 18:13	anti3.php	4.2 kB	ea346b11acbcfcf48a52f05211b506e9	PHP script, ASCII text, with very long lines (4162), with no line terminators
2023-06-24 18:13	anti7.php	4.3 kB	1ff42854e8fc9f66238c85ddefd15052	PHP script, ASCII text, with very long lines (2915), with CRLF line terminators
2023-06-24 18:13	anti5.php	5.9 kB	0b0239b0d3aadcfec877e84c6eb3350e	PHP script, ASCII text, with very long lines (5935), with no line terminators
2023-06-24 18:13	anti4.php	7.5 kB	c651311f855d5aa682a65385d411a294	PHP script, ASCII text, with very long lines (7526), with no line terminators
2023-06-24 18:13	anti6.php	3.8 kB	bccb29cfcad7540389ff4b1200555765	PHP script, ASCII text, with very long lines (2668)
2023-06-24 18:13	anti1.php	2.8 kB	d1e96bfaf9f96839bd166a9c4c7c79ae	PHP script, ASCII text, with very long lines (1306), with CRLF line terminators
2023-06-24 18:13	anti8.php	8.7 kB	f93633191650238ef758192211e4c5d0	PHP script, ASCII text, with CRLF line terminators
2023-06-24 18:13	anti2.php	1.6 kB	ef66f2709aa2b68bb45cbf5b7837063d	PHP script, ASCII text, with very long lines (1604), with no line terminators
2023-10-06 17:24	index3.php	46 kB	25a420238409dcc2269dc295da6af7e7	PHP script, Unicode text, UTF-8 text, with very long lines (517)
2023-10-22 00:55	block_bot.txt	1.5 kB	ce6c2083ba83dc7aaf856218cb338d13	ASCII text
2023-10-06 17:21	index.php	66 kB	bbfd354ee93b24d05c153c5deda9e4e5	PHP script, Unicode text, UTF-8 text, with very long lines (3218), with CRLF line terminators

Detections

Analyzer	Verdict	Alert
Phishing Kit YARA rules	phishing	Phishing Kit impersonating USPS
Phishing Kit YARA rules	phishing	Phishing Kit impersonating Uber
VirusTotal	suspicious	VirusTotal - Scan result 8/61

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

rere12.hopto.org/USPS%20(3).zip

102.185.0.173

200 OK

102 kB

URL User Request GET HTTP/1.1
rere12.hopto.org/USPS%20(3).zip
IP
102.185.0.173:80
ASN
#24835 RAYA Telecom - Egypt

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
102 kB (102428 bytes)
Hash
9a23606b7674591df554bea09ef60cf0
947e8cda0185838ff9cd2146359856d1f2d72927
fe28bd8743b3ecc2b59eee6791402b1a7e0fdfa3256bf89d30672acf5787ed2b

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
Phishing Kit YARA rules	phishing	Phishing Kit impersonating USPS
Phishing Kit YARA rules	phishing	Phishing Kit impersonating Uber
VirusTotal	suspicious	VirusTotal - Scan result 8/61

HTTP Headers

GET /USPS%20(3).zip HTTP/1.1
Host: rere12.hopto.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 09 May 2024 00:05:06 GMT
Server: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/8.1.6
Last-Modified: Wed, 01 Nov 2023 11:51:49 GMT
ETag: "1901c-60915e584cf60"
Accept-Ranges: bytes
Content-Length: 102428
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/zip

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (19)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers