Malicious text received, info only (USPS)

[xrobwx1971 0]

I received a text message today copied below.

 

From a phone number with an Indonesian exchange of +62

 

It's supposedly from the USPS (United States Postal Service) ((with an Indonesian exchange))

 

U‏S‏‏‏‏PS Noti‏fication: Your par‏cel is temporar‏ily on hold at our facil‏ity due to insuffic‏ient ad‏dr‏ess infor‏mation. Please provide a valid de‏‏livery‏ addre‏ss to avoid returning the packa‏ge.

URL:https://cutt.ly/repmWkJb?BKK=FH5CsqGHpI?bqy=cypMvfnNhc

Wishing you an exceptional day from the US‏‏‏P‏S tea‏m.

 

---

Congratulations! Your analysis is done and available at: https://www.hybrid-analysis.com/sample/b1ac1702795cd362de5f295b81bfcfb4318b46c061263802cf5a58fec28fedbb?environmentId=160

 

 

 

--- Falcon Sandbox Analysis Overview ---

 

 

 

https://www.hybrid-analysis.com/sample/b1ac1702795cd362de5f295b81bfcfb4318b46c061263802cf5a58fec28fedbb

 

 

 

--- Falcon Sandbox Analysis Summary ---

 

 

 

Analysis State: SUCCESS

 

Threat Verdict: malicious

 

Threat Score: 82/100

 

AV Detection Ratio: n/a

 

AV Family Name: n/a

 

Time of analysis: 2024-06-26 16:58:38

 

Contacted Domains: a.nel.cloudflare.com, cutt.ly, usom.mzlrpdma.top Contacted Hosts: 104.22.0.232, 172.67.189.63, 172.67.189.63, 35.190.80.1, 35.190.80.1

 

Environment: Windows 10 64 bit (ID: 160)

[Marcos 5,736]

The url is blocked. It points to a non-existing web page and 404 is returned.

[xrobwx1971 0]

22 hours ago, Marcos said:

The url is blocked. It points to a non-existing web page and 404 is returned.

I meant to leave the URL out altogether. Can you remove it please?

[Ringo 0]

Hello, I am a USPS employee and I can confirm that this text is not from USPS.  We do not communicate with our customers via text.  We have been seeing more and more of these false texts as customers bring them into the post office with questions.  Please do not follow any of the links as they are just going to request more information from you.