Report - www.test.104-198-111-68.cprapid.com/Correos%20Scmpg%20@rrustemHEKRI1.zip

Report Overview

Submitted URL
www.test.104-198-111-68.cprapid.com/Correos%20Scmpg%20@rrustemHEKRI1.zip
IP
104.198.111.68
ASN
#396982 GOOGLE-CLOUD-PLATFORM
Submitted
2024-04-19 05:05:55
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
1

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.test.104-198-111-68.cprapid.com	unknown	unknown	No data	No data	526 B	1.0 MB	104.198.111.68

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
www.test.104-198-111-68.cprapid.com/Correos%20Scmpg%20@rrustemHEKRI1.zip
IP
104.198.111.68
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
1.0 MB (1016347 bytes)
Hash
1db21873bba9853efd6c07334936a552
7455cf630a73f76b628b2b7ca5c1ccfcfb820d55
f41ff0917ce0b260c630776b02a8579947b9bfd3aa31d8568fe01a105b374995

Archive (52)

Modified	Filename	Size	Md5	File type
2022-07-02 12:55	anti1.php	2.8 kB	d1e96bfaf9f96839bd166a9c4c7c79ae	PHP script, ASCII text, with very long lines (1306), with CRLF line terminators
2022-07-02 12:55	anti2.php	1.6 kB	ef66f2709aa2b68bb45cbf5b7837063d	PHP script, ASCII text, with very long lines (1604), with no line terminators
2022-07-02 12:55	anti3.php	4.2 kB	ea346b11acbcfcf48a52f05211b506e9	PHP script, ASCII text, with very long lines (4162), with no line terminators
2022-07-02 12:55	anti4.php	7.5 kB	c651311f855d5aa682a65385d411a294	PHP script, ASCII text, with very long lines (7526), with no line terminators
2022-11-15 03:27	anti5.php	5.9 kB	d6c191c69a396feb9f2c4940917b8506	PHP script, ASCII text, with very long lines (5946), with no line terminators
2022-11-15 02:56	anti8.php	8.7 kB	f93633191650238ef758192211e4c5d0	PHP script, ASCII text, with CRLF line terminators
2022-02-05 05:00	CarteroBold.otf	38 kB	87d3e75588eff441f6a9aef6839913f3	OpenType font data
2022-02-05 05:00	CarteroLight.otf	38 kB	c28e01b87bac1f47b43d5a564877a0ec	OpenType font data
2022-02-05 05:00	CarteroRegular.otf	38 kB	7795eea0ad6f4e834ff2d0e2241c451c	OpenType font data
2022-11-11 02:16	apple_store.webp	8.7 kB	49954554be97abbc56bc3275a7786069	RIFF (little-endian) data, Web/P image, VP8 encoding, 250x82, Scaling: [none]x[none], YUV color, decoders should clamp
2022-11-09 21:46	background-login.jpg	132 kB	2df8bb420f0519564f0357ddd4cdde33	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 1920x1080, components 3
2022-11-11 03:15	cc.webp	14 kB	efdcc22714b5252d17fd5f000be92303	RIFF (little-endian) data, Web/P image
2022-11-10 13:40	checked.svg	1.6 kB	cf025f34eee27feb8ed91c72f68ac11d	SVG Scalable Vector Graphics image
2022-11-09 16:29	co.png	552 kB	c909b97fd70fa35fa52e6eabf7013317	PNG image data, 2480 x 3509, 8-bit/color RGB, non-interlaced
2022-11-09 07:39	favicon.ico	110 kB	349246ee336d8b2986e584a4fa436128	MS Windows icon resource - 6 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, -128x-128, 32 bits/pixel
2022-11-10 14:34	footer-logo.svg	1.5 kB	afafbaf3482e83ad39a754c053c20766	SVG Scalable Vector Graphics image
2022-11-11 02:16	galery.svg	26 kB	9b5f566cf4ff8e696afd2ee619c3d421	SVG Scalable Vector Graphics image
2022-11-11 02:15	google-pay.webp	9.1 kB	571895f0016b4cbc09a84e0006cd222e	RIFF (little-endian) data, Web/P image, VP8 encoding, 270x80, Scaling: [none]x[none], YUV color, decoders should clamp
2022-11-11 03:03	livraison.jpg	29 kB	574ca80af2834feb77961df58c5ef6bb	JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4], baseline, precision 8, 808x486, components 3
2022-11-09 21:26	LogoCornamusa.svg	3.4 kB	cfb3473db7c1f5da4b0139cbad96481b	SVG Scalable Vector Graphics image
2022-11-11 02:34	newmast.jpg	14 kB	a1c50c99f04816ae73576a889d33386e	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1000x524, components 3
2022-11-10 12:54	notchecked.svg	967 B	fac536e3c8f3d3324bb4c85f56555524	SVG Scalable Vector Graphics image
2022-11-13 15:12	pac.png	98 kB	622a5f8206ed7e2ebeed4d6addd265ab	PNG image data, 450 x 450, 8-bit/color RGBA, non-interlaced
2022-11-11 04:03	redsys.webp	2.8 kB	611b58c17d41d7b5f813a5c8bd3f2059	RIFF (little-endian) data, Web/P image
2022-11-11 04:04	securecode.png	33 kB	dece32f143b8498ee6db0ff16c4203a8	PNG image data, 1078 x 380, 8-bit/color RGBA, non-interlaced
2022-11-11 04:15	smsphone.svg	1.3 kB	41d32eef1b116a33415af4db2b07275a	SVG Scalable Vector Graphics image
2022-11-11 04:05	verified.png	3.7 kB	b56134591e2320dd2b78d784234c9b7d	PNG image data, 303 x 114, 8-bit colormap, non-interlaced
2022-11-11 02:33	visaa.jpg	46 kB	91f41a575e9aeb50f4dca2ffc81f5775	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=1, software=Adobe Photoshop 23.1 (Macintosh)], baseline, precision 8, 800x450, components 3
2022-11-11 02:14	visa_icon.jpg	7.6 kB	1eb3a5f1e58369ee5630056b21526e19	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 290x90, components 3
2022-11-15 03:09	index.php	4.2 kB	daa1cdeacbea543245cfce76c10ca6cd	PHP script, Unicode text, UTF-8 text, with CRLF line terminators
2022-11-10 18:40	codigo.js	3.5 kB	d2aa2aea5f47616001eac25175ccaaa9	ASCII text, with CRLF line terminators
2022-11-04 15:50	junia.js	21 kB	ece4d7c52193b43f6f37cddcc25a6a00	JavaScript source, ASCII text, with very long lines (20970), with CRLF line terminators
2022-11-10 19:28	login.js	7.8 kB	3a16903d4dd6288f9630922a7c067ee2	ASCII text, with CRLF line terminators
2022-11-11 05:02	loading.php	10 kB	c3737c9c477af7818b6619e17145ece6	PHP script, Unicode text, UTF-8 text, with very long lines (8135), with CRLF line terminators
2022-11-11 04:58	loading2.php	10 kB	d33e6bb17b4088c708f792833f9df203	PHP script, Unicode text, UTF-8 text, with very long lines (8135), with CRLF line terminators
2022-11-11 04:58	loading3.php	10 kB	132b4b821af77fc8da001745f0fae913	PHP script, Unicode text, UTF-8 text, with very long lines (8135), with CRLF line terminators
2022-11-11 04:58	loadingend.php	10 kB	40ceae1145fd1d71358ddaa434ab5ce5	PHP script, Unicode text, UTF-8 text, with very long lines (8135), with CRLF line terminators
2022-11-15 01:18	pay.php	8.9 kB	ede481996c8968d041ebdc89f0d858f1	PHP script, Unicode text, UTF-8 text, with CRLF line terminators
2022-12-21 13:12	result-telegram.php	91 B	57f73b4ac0905354c95759b312e067fe	PHP script, ASCII text, with CRLF line terminators
2022-11-15 03:13	send1.php	52 B	1b586bb0dbcc66300504659fd3b60de9	PHP script, ASCII text, with CRLF line terminators
2022-12-20 23:15	send2.php	1.4 kB	e8ead191384d220d80ceb0e2266e9335	PHP script, Unicode text, UTF-8 text, with CRLF line terminators
2022-12-20 23:16	send3.php	1.2 kB	23b1fe05d23d0379c64d523966ff1185	PHP script, Unicode text, UTF-8 text, with CRLF line terminators
2022-12-20 23:16	send4.php	1.2 kB	a91d5997188b36e7827a34cf04e68bfe	PHP script, Unicode text, UTF-8 text, with CRLF line terminators
2022-12-20 23:18	server.php	3.9 kB	65dc458b402ec3c4ddfe3cac27d4c791	PHP script, ASCII text, with very long lines (406), with CRLF line terminators
2022-11-11 04:59	sms-error.php	3.6 kB	f8b1d2f179a81946bef54b532d881527	PHP script, Unicode text, UTF-8 text, with CRLF line terminators
2022-11-11 04:56	sms.php	3.5 kB	bb320d0c9eb1ec13393b8f215a77c530	PHP script, Unicode text, UTF-8 text, with CRLF line terminators
2022-11-10 19:20	afterlog.css	994 B	d754afd1a0d8616b862c342a01193396	ASCII text, with CRLF line terminators
2022-11-11 02:42	codigo.Css	572 B	24d66e69130b56345df87efc6f719280	ASCII text, with CRLF line terminators
2022-11-11 04:57	corr.css	3.8 kB	40470364b02ec8ac74211ee78e6bc075	ASCII text, with CRLF line terminators
2022-11-09 21:46	head.css	882 B	2b67984e981be225446ec9e947609d95	ASCII text, with CRLF line terminators
2022-11-11 02:37	main.css	5.4 kB	69ad3265ac37ea14014c0bd8e111cb1c	assembler source, ASCII text, with CRLF line terminators
2022-11-11 02:09	responsive.css	1.8 kB	77c87af04ba7c0ab0f7771e74c55af56	assembler source, ASCII text, with CRLF line terminators

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 5/61

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

www.test.104-198-111-68.cprapid.com/Correos%20Scmpg%20@rrustemHEKRI1.zip

104.198.111.68

200 OK

1.0 MB

URL User Request GET HTTP/1.1
www.test.104-198-111-68.cprapid.com/Correos%20Scmpg%20@rrustemHEKRI1.zip
IP
104.198.111.68:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Certificate
IssuerLet's Encrypt
Subjectwww.test.104-198-111-68.cprapid.com
FingerprintC6:B4:DC:57:5E:FF:29:EA:EA:89:08:07:63:5F:38:A1:3F:97:8B:2D
ValidityThu, 18 Apr 2024 14:59:37 GMT - Wed, 17 Jul 2024 14:59:36 GMT

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
1.0 MB (1016347 bytes)
Hash
1db21873bba9853efd6c07334936a552
7455cf630a73f76b628b2b7ca5c1ccfcfb820d55
f41ff0917ce0b260c630776b02a8579947b9bfd3aa31d8568fe01a105b374995

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 5/61

HTTP Headers

GET /Correos%20Scmpg%20@rrustemHEKRI1.zip HTTP/1.1
Host: www.test.104-198-111-68.cprapid.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 05:05:29 GMT
Server: Apache
Last-Modified: Thu, 18 Apr 2024 18:22:30 GMT
Accept-Ranges: bytes
Content-Length: 1016347
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/zip

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (52)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers