Report Overview
Submitted URL
xx.oxcg8.ru.com/.xn/drive/new%20drv.zip
IP
89.117.148.30
ASN
#40021 NL-811-40021
Submitted
2024-03-29 15:27:57
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected
Detections
urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
3
Domain Summary
Domain / FQDN | Rank | Registered | First Seen | Last Seen | Sent | Received | IP |
---|---|---|---|---|---|---|---|
xx.oxcg8.ru.com | unknown | 2023-08-26 | 2024-03-21 | 2024-03-22 | 493 B | 151 kB | 89.117.148.30 |
Related reports
Network Intrusion Detection Systems
Suricata /w Emerging Threats Pro
Threat Detection Systems
Public InfoSec YARA rules
Scan Date | Severity | Indicator | Alert |
---|---|---|---|
2024-03-29 | medium | xx.oxcg8.ru.com/.xn/drive/new%20drv.zip | Phishing Kit impersonating OneDrive |
OpenPhish
No alerts detected
PhishTank
No alerts detected
mnemonic secure dns
No alerts detected
Quad9 DNS
No alerts detected
ThreatFox
No alerts detected
Files detected
URL
xx.oxcg8.ru.com/.xn/drive/new%20drv.zip
IP
89.117.148.30
ASN
#40021 NL-811-40021
File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
151 kB (150941 bytes)
Hash
83941ef5b4ac19ae73b2932531399920
ff38789fc0e8890d42702883801dc87cf953e0d1
Archive (15)
Filename | Md5 | File type |
---|---|---|
.DS_Store | 666db52b23bd7d86aa1c629cb7922c37 | Apple Desktop Services Store |
sync.php | 5d37e61898cbf21f44fbb0a245a33896 | PHP script, ASCII text, with CRLF line terminators |
auth.php | 50677c2a10089027a664ad9b61b15b82 | PHP script, ASCII text, with CRLF line terminators |
login.php | 94aec896cb6ac7514ec0d39de6a987df | PHP script, ASCII text, with CRLF line terminators |
mail.php | e37fad84f529b5941deb6732819f0599 | PHP script, ASCII text |
0.jpg | 8a596db47a14b4131a064689b18cd9ae | JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, xresolution=98, yresolution=106, resolutionunit=2, software=paint.net 4.0.1], progressive, precision 8, 800x343, components 3 |
1.gif | d0c2f735a5d56e3f1f55faf6e3addf44 | GIF image data, version 89a, 469 x 188 |
favicon.ico | 1195bfe885af7c60b352a3b3bef7e42c | MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel |
robots.txt | f314da1c5a277b3e72edfcc71017eca7 | ASCII text, with CRLF line terminators |
error.php | 589911adee90e25a3a3325a7917cc236 | PHP script, ASCII text, with CRLF line terminators |
index.php | 728247ff75af50f442704606fea1d495 | PHP script, ASCII text, with CRLF line terminators |
api.php | f6158ac76d02f687b3ccfe7353a136e3 | PHP script, ASCII text, with very long lines (1302), with CRLF line terminators |
.htaccess | 05e6d0dc18ce40a278c849cfe9b35c4a | ASCII text, with CRLF line terminators |
drive.php | a5db4dde17d351358fa2d42637877045 | HTML document, ASCII text, with CRLF line terminators |
1.PNG | f19b8d190062c9f25c9898e2e16d8c85 | PNG image data, 1249 x 626, 8-bit/color RGBA, non-interlaced |
Detections
Analyzer | Verdict | Alert |
---|---|---|
Phishing Kit YARA rules | phishing | Phishing Kit impersonating OneDrive |
VirusTotal | malicious |
JavaScript (0)
HTTP Transactions (1)
URL | IP | Response | Size | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
xx.oxcg8.ru.com/.xn/drive/new%20drv.zip | 89.117.148.30 | 200 OK | 151 kB | ||||||||||
Detections
HTTP Headers
| |||||||||||||