Report Overview
Submitted URL
mail.fnbo-isafe.from-md.com/Fnbobnk.zip
IP
159.89.233.238
ASN
#14061 DIGITALOCEAN-ASN
Submitted
2024-04-18 08:37:25
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected
Detections
urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
3
Domain Summary
Domain / FQDN | Rank | Registered | First Seen | Last Seen | Sent | Received | IP |
---|---|---|---|---|---|---|---|
mail.fnbo-isafe.from-md.com | unknown | 2007-01-03 | 2024-04-17 | 2024-04-18 | 493 B | 112 kB | 159.89.233.238 |
Related reports
Network Intrusion Detection Systems
Suricata /w Emerging Threats Pro
Threat Detection Systems
Public InfoSec YARA rules
Scan Date | Severity | Indicator | Alert |
---|---|---|---|
2024-04-18 | medium | mail.fnbo-isafe.from-md.com/Fnbobnk.zip | Phishing Kit impersonating America First Credit Union |
OpenPhish
No alerts detected
PhishTank
No alerts detected
mnemonic secure dns
No alerts detected
Quad9 DNS
No alerts detected
ThreatFox
No alerts detected
Files detected
URL
mail.fnbo-isafe.from-md.com/Fnbobnk.zip
IP
159.89.233.238
ASN
#14061 DIGITALOCEAN-ASN
File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
112 kB (111570 bytes)
Hash
b9b90335c4d9d7632136142745deb8b0
00ec34f5fb6ed3aaaceb4ef20b724b076b3e8faf
Archive (22)
Filename | Md5 | File type |
---|---|---|
c.html | f8fa62f41d21a988896f049e9edebfdd | HTML document, Unicode text, UTF-8 text, with very long lines (1282), with CRLF line terminators |
config.php | 99c6e6b9a3b8c26cc6988a7adce3b720 | PHP script, ASCII text, with CRLF line terminators |
angular.css | 1cd135a10368424ee961e4e190265da4 | assembler source, ASCII text, with CRLF line terminators |
foundation.css | 67fa312757e2ae92f9b03312d7f927bd | Unicode text, UTF-8 text, with very long lines (358) |
material-icons.css | 8c089ad2990bd0125dd3b8b4c690a9f3 | ASCII text, with CRLF line terminators |
mtb.css | 3ffbe4300b09dc201f4f63491e5f9a60 | ASCII text, with very long lines (1590), with CRLF line terminators |
opensans.css | 5bd7923fbd0b1d6db1c31394334f4510 | ASCII text, with CRLF line terminators |
RadDockableObject.css | 1a8244850eb3ae5a94862c4363f549b8 | ASCII text, with CRLF line terminators |
db_connect.php | e0d07a6959639e0bfbe09d8a243923ac | PHP script, ASCII text, with CRLF line terminators |
db_connect1.php | 6bf81498909f111f2ea7984cb377609c | PHP script, ASCII text, with CRLF line terminators |
db_connect2.php | c50029377fdbe41d1ee3484c056e5c71 | PHP script, ASCII text, with CRLF line terminators |
db_connect3.php | 5f904fda731d12a0cc050ccf0e9242b8 | PHP script, ASCII text, with CRLF line terminators |
db_connect4.php | 4a0396058041650d0124dc19aa93220c | PHP script, ASCII text, with CRLF line terminators |
db_connect5.php | 7e8e8c1a0eef91908a420ebafee81319 | PHP script, ASCII text, with CRLF line terminators |
BANGOR.png | 1bdfa66f99aba2e3dc0ffe0469703976 | PNG image data, 385 x 131, 8-bit/color RGB, non-interlaced |
index.html | 32426c9abb320e46b5b0a7470b16fbcf | HTML document, Unicode text, UTF-8 text, with very long lines (485), with CRLF line terminators |
index2.html | 18bdc22a8735254c811b0c2cec511399 | HTML document, Unicode text, UTF-8 text, with very long lines (485), with CRLF line terminators |
me.php | 5dd443487a62e88bee33c954a2707899 | PHP script, ASCII text, with CRLF line terminators |
otp.html | 5ecedf1737cdfd9cadeb20363be37e8d | HTML document, Unicode text, UTF-8 text, with very long lines (1282), with CRLF line terminators |
otp2.html | d573124f74989e0bc55a693f09df3efa | HTML document, Unicode text, UTF-8 text, with very long lines (1282), with CRLF line terminators |
personal.html | 0a3ce2228f2f22274863b65f36a963bd | HTML document, Unicode text, UTF-8 text, with very long lines (1282), with CRLF line terminators |
security.html | 6277333ff5258daa8e7a6e629989a5c9 | HTML document, Unicode text, UTF-8 text, with very long lines (1282), with CRLF line terminators |
Detections
Analyzer | Verdict | Alert |
---|---|---|
Phishing Kit YARA rules | phishing | Phishing Kit impersonating America First Credit Union |
VirusTotal | suspicious |
JavaScript (0)
HTTP Transactions (1)
URL | IP | Response | Size | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
mail.fnbo-isafe.from-md.com/Fnbobnk.zip | 159.89.233.238 | 200 OK | 112 kB | ||||||||||
Detections
HTTP Headers
| |||||||||||||