Report - buy-accountpayment.work.gd/Apple%20Edit.zip

Report Overview

Visited public
2023-09-18 23:56:29
Tags
dyndns
URL
buy-accountpayment.work.gd/Apple%20Edit.zip
Finishing URL
about:privatebrowsing
IP / ASN
162.214.102.223
#46606 UNIFIEDLAYER-AS-1
Title
about:privatebrowsing
Suspicious - DynDNS domain

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
buy-accountpayment.work.gd	unknown	2022-06-18	2023-09-18 18:59:56	2023-09-18 18:59:58	499 B	5.2 MB	162.214.102.223

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-09-18 23:56:11	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.work .gd Domain
2023-09-18 23:56:11	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.work .gd Domain
2023-09-18 23:56:11	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.work .gd Domain

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2023-09-18	medium	buy-accountpayment.work.gd/Apple%20Edit.zip	Phishing Kit impersonating Apple

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-09-18	medium	buy-accountpayment.work.gd	Sinkholed

ThreatFox

No alerts detected

Files detected

URL
buy-accountpayment.work.gd/Apple%20Edit.zip
IP
162.214.102.223
ASN
#46606 UNIFIEDLAYER-AS-1

File type
Zip archive data, at least v1.0 to extract, compression method=store\012- data
Size
5.2 MB (5188206 bytes)
Hash
abe5a86a6d968bf05d49a58a41ca48b4
cd1378f9dea0cd79ec262d1a0f41b4bc3e2d557a
cf11383f87afc51e153decf5d54951ee212307d837890477fd756e0c796c37ff

Detections

Analyzer	Verdict	Alert
Phishing Kit YARA rules	phishing	Phishing Kit impersonating Apple
VirusTotal	malicious	VirusTotal - Scan result 13/62

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

buy-accountpayment.work.gd/Apple%20Edit.zip

162.214.102.223

200 OK

5.2 MB

URL User Request GET HTTP/2
buy-accountpayment.work.gd/Apple%20Edit.zip
IP
162.214.102.223:443
ASN
#46606 UNIFIEDLAYER-AS-1

Certificate
IssuerLet's Encrypt
Subjectwww.buy-accountpayment.work.gd
Fingerprint0B:8A:1D:2D:F9:CF:59:5D:D1:66:76:11:69:97:5B:97:75:26:81:8F
ValidityMon, 18 Sep 2023 15:58:12 GMT - Sun, 17 Dec 2023 15:58:11 GMT

File type
Zip archive data, at least v1.0 to extract, compression method=store\012- data
Size
5.2 MB (5188206 bytes)
Hash
abe5a86a6d968bf05d49a58a41ca48b4
cd1378f9dea0cd79ec262d1a0f41b4bc3e2d557a
cf11383f87afc51e153decf5d54951ee212307d837890477fd756e0c796c37ff

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
Phishing Kit YARA rules	phishing	Phishing Kit impersonating Apple
Quad9 DNS	malicious	Sinkholed
VirusTotal	malicious	VirusTotal - Scan result 13/62

HTTP Headers

GET /Apple%20Edit.zip HTTP/1.1
Host: buy-accountpayment.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/zip
last-modified: Mon, 18 Sep 2023 18:14:21 GMT
accept-ranges: bytes
content-length: 5188206
date: Mon, 18 Sep 2023 23:56:11 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers