Report - producenz.com/010USA7USPS.zip

Report Overview

Submitted URL
producenz.com/010USA7USPS.zip
IP
185.184.154.17
ASN
#38719 Dreamscape Networks Limited
Submitted
2024-04-26 04:15:16
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
producenz.com	unknown	2012-01-04	2019-02-01	2024-03-23	483 B	451 kB	185.184.154.17

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2024-04-26	medium	producenz.com/010USA7USPS.zip	Phishing Kit impersonating USPS

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
producenz.com/010USA7USPS.zip
IP
185.184.154.17
ASN
#38719 Dreamscape Networks Limited

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
451 kB (450910 bytes)
Hash
dcf484ca1aa3ce67a99dca7671803ccd
80d381dfaca7ed8100aa8366363194cb1916a1a7
902c5059f41f9ec015e971c2fb119ae69fed1b0951d535e9d85e1ced4607f069

Archive (83)

Modified	Filename	Size	Md5	File type
2018-12-21 11:47	.htaccess	91 B	77785d646e0d2118dded4a7927f91d55	ASCII text, with CRLF line terminators
2024-02-04 16:24	1.php	1.2 kB	83eed4e0075e7ad6211e0e460eeb3843	PHP script, Unicode text, UTF-8 text
2022-02-28 23:44	1.php.bak	1.2 kB	b79b8393ce511396b038aded518486ae	PHP script, Unicode text, UTF-8 text
2024-02-04 16:24	2.php	1.2 kB	d833a195119d4af7dfdf528641bd0eb1	PHP script, Unicode text, UTF-8 text
2022-01-24 00:00	2.php.bak	1.2 kB	5cc02910eb560738be3c9a831f59e130	PHP script, Unicode text, UTF-8 text
2021-12-14 21:57	anti1.php	2.8 kB	d1e96bfaf9f96839bd166a9c4c7c79ae	PHP script, ASCII text, with very long lines (1306), with CRLF line terminators
2021-12-14 21:57	anti2.php	1.6 kB	ef66f2709aa2b68bb45cbf5b7837063d	PHP script, ASCII text, with very long lines (1604), with no line terminators
2021-12-14 21:57	anti3.php	4.2 kB	ea346b11acbcfcf48a52f05211b506e9	PHP script, ASCII text, with very long lines (4162), with no line terminators
2021-12-14 21:57	anti4.php	7.5 kB	c651311f855d5aa682a65385d411a294	PHP script, ASCII text, with very long lines (7526), with no line terminators
2021-12-14 21:57	anti5.php	5.9 kB	0b0239b0d3aadcfec877e84c6eb3350e	PHP script, ASCII text, with very long lines (5935), with no line terminators
2021-12-14 21:57	anti6.php	3.8 kB	bccb29cfcad7540389ff4b1200555765	PHP script, ASCII text, with very long lines (2668)
2021-12-14 21:57	anti7.php	4.3 kB	1ff42854e8fc9f66238c85ddefd15052	PHP script, ASCII text, with very long lines (2915), with CRLF line terminators
2021-12-14 21:57	anti8.php	8.7 kB	f93633191650238ef758192211e4c5d0	PHP script, ASCII text, with CRLF line terminators
2020-05-12 21:20	antibots.php	24 kB	1a952fa842eb24e78e423103fd4461fd	PHP script, ASCII text, with very long lines (1302), with CRLF line terminators
2022-03-02 18:14	ARDUINO_DAS_VISIT.txt	29 B	603e594810c09a68e4ad1e0a6ea14727	ASCII text
2021-01-08 10:54	anti1.php	2.9 kB	22edc5a16c1bc2db9cd7d1e269317740	PHP script, ASCII text, with very long lines (1267), with CRLF line terminators
2021-01-08 10:54	anti2.php	1.6 kB	85bd959f96fc6754f21f90faa4d0977c	PHP script, ASCII text, with very long lines (1626), with CRLF line terminators
2021-01-08 10:54	anti3.php	4.2 kB	9d53d9daa6868d504ed39f659e9cb426	PHP script, ASCII text, with very long lines (4182), with CRLF line terminators
2021-01-08 10:54	anti4.php	7.6 kB	3f6552039038e80cb11a7c7932e4dd67	PHP script, ASCII text, with very long lines (7559), with CRLF line terminators
2021-01-08 10:54	anti5.php	6.0 kB	907bd093ae0774bab1df32e1e82a7001	PHP script, ASCII text, with very long lines (5981), with CRLF line terminators
2021-01-08 10:54	anti6.php	3.9 kB	27d3e31b677ba31fe6da1a63b219c9a8	PHP script, ASCII text, with very long lines (2668)
2021-01-08 10:54	anti7.php	4.4 kB	42671d1951a2b8b9d543eacd7dc61ae0	PHP script, ASCII text, with very long lines (2915), with CRLF line terminators
2021-01-08 10:54	anti8.php	8.7 kB	d389d3f248e4e50d8d2c792a9ab526b3	PHP script, ASCII text, with CRLF line terminators
2021-01-08 10:54	coder.txt	644 B	f8d46d1ac4a167a2d41e5051cf4fcd85	Unicode text, UTF-8 text
2021-01-08 10:54	index.php	55 B	1d6ac09c74c78728fd2b609f2a48a6e9	PHP script, ASCII text, with CRLF line terminators
2021-01-08 10:54	new-bots.php	46 kB	a82bcc27f17f586ae18aec8af2426689	PHP script, ASCII text, with very long lines (3218), with CRLF line terminators
2021-01-08 10:54	proxy.php	618 B	9e133323b0a2da16dc5cc92057b0cf9a	PHP script, ASCII text, with CRLF line terminators
2020-04-28 09:14	blocker.php	2.7 kB	52ab040c0ebd2739a9f595d5b369cf54	PHP script, ASCII text, with very long lines (1302)
2019-10-11 17:43	.htaccess	189 kB	d72267ffa81b3a6bc2218b70b436a4d0	ASCII text, with CRLF line terminators
2019-10-11 17:43	anti1.php	2.8 kB	168ff56397bb4727d7fae1764078ae00	PHP script, ASCII text, with very long lines (1306), with CRLF line terminators
2019-10-11 17:43	anti2.php	1.6 kB	b96feb6218af926103d19a0e695c6e12	PHP script, ASCII text, with very long lines (1604), with no line terminators
2019-10-11 17:43	anti3.php	4.2 kB	a2f8c87f0ba3b5dd1ed0265ea1046e84	PHP script, ASCII text, with very long lines (4162), with no line terminators
2019-10-11 17:43	anti4.php	7.5 kB	c90c15e0945025cd8ae58781495c1179	PHP script, ASCII text, with very long lines (7526), with no line terminators
2019-10-11 17:43	anti5.php	5.9 kB	06d05df3aa8eac42392241f5987254b7	PHP script, ASCII text, with very long lines (5935), with no line terminators
2019-10-11 17:43	anti6.php	3.8 kB	7cd288031836d11aaf261fb863b7bbd9	PHP script, ASCII text, with very long lines (2668)
2019-10-11 17:43	anti7.php	4.3 kB	0e6385e285a4ec20298c3f13c13a088e	PHP script, ASCII text, with very long lines (2915), with CRLF line terminators
2021-03-09 14:46	anti8.php	8.7 kB	ed892c16a5c9728d1cae4af39b5def0e	PHP script, ASCII text, with CRLF line terminators
2021-03-09 14:26	index.php	525 B	4dfbd6ea10cb655ee7b626ae0989387e	PHP script, ASCII text, with CRLF line terminators
2021-10-04 20:51	.htaccess	189 kB	d72267ffa81b3a6bc2218b70b436a4d0	ASCII text, with CRLF line terminators
2021-10-04 20:51	anti1.php	2.8 kB	168ff56397bb4727d7fae1764078ae00	PHP script, ASCII text, with very long lines (1306), with CRLF line terminators
2021-10-04 20:51	anti2.php	1.6 kB	b96feb6218af926103d19a0e695c6e12	PHP script, ASCII text, with very long lines (1604), with no line terminators
2021-10-04 20:51	anti3.php	4.2 kB	a2f8c87f0ba3b5dd1ed0265ea1046e84	PHP script, ASCII text, with very long lines (4162), with no line terminators
2021-10-04 20:51	anti4.php	7.5 kB	c90c15e0945025cd8ae58781495c1179	PHP script, ASCII text, with very long lines (7526), with no line terminators
2021-10-04 20:51	anti5.php	5.9 kB	06d05df3aa8eac42392241f5987254b7	PHP script, ASCII text, with very long lines (5935), with no line terminators
2021-10-04 20:51	index.php	525 B	4dfbd6ea10cb655ee7b626ae0989387e	PHP script, ASCII text, with CRLF line terminators
2023-01-28 19:33	email.php	943 B	1f02b0b4e6c363905c3085408f62e27f	PHP script, ASCII text
2020-07-14 15:24	email.php.bak	966 B	0e5f7349bc7ad9b7fc4d347e3e8d07bf	PHP script, ASCII text
2021-05-27 20:41	fethi.php	15 kB	3e6988ffc9ebd0014e9bfd635ceecd11	PHP script, ASCII text, with very long lines (783), with CRLF line terminators
2024-02-04 16:33	id.php	229 B	b356f64144536d4929bf4274afc5a9b4	PHP script, ASCII text
2022-01-27 22:13	id.php.bak	224 B	4ac6f4fb6d184b06adf94d9e44e00fb7	PHP script, ASCII text
2022-03-02 18:13	index.php	439 B	af6607459cccaaf59546b74b6f03b5ce	PHP script, ASCII text
2024-02-04 16:35	index1.php	72 kB	796b567099de3a965bbe376c9b8332f2	PHP script, Unicode text, UTF-8 text, with very long lines (682), with CRLF line terminators
2022-03-02 18:11	index1.php.bak	72 kB	5dad0ff6d7e69cbc61b16e8491e40941	PHP script, Unicode text, UTF-8 text, with very long lines (682), with CRLF line terminators
2024-02-04 16:26	index3.php	46 kB	2548218e16e27708047816de74d8bd62	HTML document, Unicode text, UTF-8 text, with very long lines (517)
2024-02-04 16:35	index4.php	48 kB	d00d2a6542dacce2be5d0bc5d30cbcd2	PHP script, Unicode text, UTF-8 text, with very long lines (517)
2022-03-02 18:11	index4.php.bak	48 kB	12616f8e8f984d1e1ca12b0c7ae6e564	PHP script, Unicode text, UTF-8 text, with very long lines (517)
2024-02-04 16:35	index5.php	48 kB	920497835f7f1429be8102123d2913dd	PHP script, Unicode text, UTF-8 text, with very long lines (517)
2022-03-02 18:11	index5.php.bak	48 kB	e76340b53596d3eb6cf6376ca79b176c	PHP script, Unicode text, UTF-8 text, with very long lines (517)
2024-02-04 16:36	index6.php	48 kB	114a33cf757a5cc3fb4f0675834b6323	PHP script, Unicode text, UTF-8 text, with very long lines (517)
2022-02-28 23:47	index6.php.bak	48 kB	ba627121d44a9fb958357f5dc9d670f8	PHP script, Unicode text, UTF-8 text, with very long lines (517)
2021-10-06 23:18	index9.htm	139 kB	861cadfba903be178637d39f493e3252	HTML document, Unicode text, UTF-8 text, with very long lines (13898), with CRLF line terminators
2021-10-06 18:44	analytics.js	358 kB	d4a5ebac229b3070290629728c7ffcb9	JavaScript source, ASCII text, with very long lines (37722)
2021-10-06 18:44	datepicker3.css	174 B	3bf45d3f5706eeeac62da6ba8d1848c2	ASCII text
2021-10-06 18:44	jquery-ui.css	173 B	59cb328e003f6fe1a0c7cfba2dc05145	ASCII text
2021-10-06 18:44	jquery.js	93 kB	397754ba49e9e0cf4e7c190da78dda05	JavaScript source, ASCII text, with very long lines (32089)
2021-10-06 18:44	main.css	175 B	830cc30d00d01e1c0f821ae39f77d3db	ASCII text
2021-10-06 18:44	schedule-redelivery.css	175 B	07dbfaf676f8a9ed7483fd4dfd359fc6	ASCII text
2021-10-06 18:44	tracking-cross-sell.css	175 B	c3120a732b51c3925a4e5db0e9966410	ASCII text
2024-02-04 16:36	indexadress.php	57 kB	72fc537709501f32a8385a93cc769bdc	PHP script, Unicode text, UTF-8 text, with very long lines (1060), with CRLF line terminators
2021-12-23 21:31	indexadress.php.bak	57 kB	ffe8d2c485e46e0c257d7b1f1d549dea	PHP script, Unicode text, UTF-8 text, with very long lines (1060), with CRLF line terminators
2021-11-12 13:02	indexerrore.htm	140 kB	0271ef17b69ec3dcdede00d840cc9333	HTML document, Unicode text, UTF-8 text, with very long lines (13898), with CRLF line terminators
2022-02-28 23:51	indexinfomessage.php	5.4 kB	de701bdf9b2be7c198ae17269656b6aa	PHP script, Unicode text, UTF-8 text, with very long lines (1079), with CRLF line terminators
2022-02-02 23:33	indexx.php	436 B	1c75e9ab2c4c67346316cb780ce692d0	PHP script, ASCII text, with CRLF line terminators
2021-11-15 19:41	logo-sb.svg	3.6 kB	0418f7120dc6cdd1d7aa0f8219ec9af2	SVG Scalable Vector Graphics image
2021-08-03 12:11	main.css	8.8 kB	bea4b77c33ea59e0043c68ea1bcb7514	ASCII text, with very long lines (8795), with no line terminators
2021-08-03 12:13	main2.css	80 kB	775928448f1c38a1f5b55ab2c6593967	ASCII text, with very long lines (49556), with CRLF line terminators
2020-12-21 06:10	robots.txt	26 B	6c4e407c3a02a9376884f4b73f6a6936	ASCII text
2023-01-28 19:39	rzlt.txt	0 B	d41d8cd98f00b204e9800998ecf8427e
2021-11-01 19:38	sex.php	5.7 kB	a4a2fc1077de070b35910adca6510f1e	PHP script, ASCII text, with very long lines (2106), with CRLF line terminators
2022-01-27 22:29	ssssssssss.txt	0 B	d41d8cd98f00b204e9800998ecf8427e
2024-02-04 16:27	thanks.php	45 kB	9c2c309d8dff81423d48edd6b378ce22	HTML document, Unicode text, UTF-8 text, with very long lines (517)
2023-01-28 19:38	view.txt	34 B	689c52825a5c1eb9c28efb4763426d30	ASCII text
2023-01-28 19:39	xxxxs.txt	0 B	d41d8cd98f00b204e9800998ecf8427e

Detections

Analyzer	Verdict	Alert
Phishing Kit YARA rules	phishing	Phishing Kit impersonating USPS

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

producenz.com/010USA7USPS.zip

185.184.154.17

200 OK

451 kB

URL User Request GET HTTP/2
producenz.com/010USA7USPS.zip
IP
185.184.154.17:443
ASN
#38719 Dreamscape Networks Limited

Certificate
IssuerLet's Encrypt
Subjectproducenz.com
Fingerprint75:24:E6:A0:A2:94:6B:7D:10:ED:57:83:EA:AB:B5:72:83:44:03:7C
ValiditySat, 23 Mar 2024 04:11:35 GMT - Fri, 21 Jun 2024 04:11:34 GMT

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
451 kB (450910 bytes)
Hash
dcf484ca1aa3ce67a99dca7671803ccd
80d381dfaca7ed8100aa8366363194cb1916a1a7
902c5059f41f9ec015e971c2fb119ae69fed1b0951d535e9d85e1ced4607f069

Detections

Analyzer	Verdict	Alert
Phishing Kit YARA rules	phishing	Phishing Kit impersonating USPS

HTTP Headers

GET /010USA7USPS.zip HTTP/1.1
Host: producenz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 04:14:50 GMT
content-type: application/zip
content-length: 450910
last-modified: Sun, 04 Feb 2024 16:20:34 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (83)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers