Report - mail.fnbo-isafe.from-md.com/Fnbobnk.zip

Report Overview

Submitted URL
mail.fnbo-isafe.from-md.com/Fnbobnk.zip
IP
159.89.233.238
ASN
#14061 DIGITALOCEAN-ASN
Submitted
2024-04-18 08:37:25
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
3

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
mail.fnbo-isafe.from-md.com	unknown	2007-01-03	2024-04-17	2024-04-18	493 B	112 kB	159.89.233.238

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2024-04-18	medium	mail.fnbo-isafe.from-md.com/Fnbobnk.zip	Phishing Kit impersonating America First Credit Union

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
mail.fnbo-isafe.from-md.com/Fnbobnk.zip
IP
159.89.233.238
ASN
#14061 DIGITALOCEAN-ASN

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
112 kB (111570 bytes)
Hash
b9b90335c4d9d7632136142745deb8b0
00ec34f5fb6ed3aaaceb4ef20b724b076b3e8faf
a4125772803bf7c5e37e3fe954fd86978ab379dff6acd4708cb6068fc38a4e0e

Archive (22)

Modified	Filename	Size	Md5	File type
2024-01-13 11:48	c.html	10 kB	f8fa62f41d21a988896f049e9edebfdd	HTML document, Unicode text, UTF-8 text, with very long lines (1282), with CRLF line terminators
2024-01-01 06:21	config.php	690 B	99c6e6b9a3b8c26cc6988a7adce3b720	PHP script, ASCII text, with CRLF line terminators
2023-12-23 10:00	angular.css	5.4 kB	1cd135a10368424ee961e4e190265da4	assembler source, ASCII text, with CRLF line terminators
2023-12-23 10:00	foundation.css	238 kB	67fa312757e2ae92f9b03312d7f927bd	Unicode text, UTF-8 text, with very long lines (358)
2023-12-23 10:00	material-icons.css	1.1 kB	8c089ad2990bd0125dd3b8b4c690a9f3	ASCII text, with CRLF line terminators
2023-12-23 10:00	mtb.css	69 kB	3ffbe4300b09dc201f4f63491e5f9a60	ASCII text, with very long lines (1590), with CRLF line terminators
2023-12-23 10:00	opensans.css	2.4 kB	5bd7923fbd0b1d6db1c31394334f4510	ASCII text, with CRLF line terminators
2023-12-23 10:00	RadDockableObject.css	2.1 kB	1a8244850eb3ae5a94862c4363f549b8	ASCII text, with CRLF line terminators
2024-01-13 11:48	db_connect.php	1.7 kB	e0d07a6959639e0bfbe09d8a243923ac	PHP script, ASCII text, with CRLF line terminators
2024-01-13 11:48	db_connect1.php	1.7 kB	6bf81498909f111f2ea7984cb377609c	PHP script, ASCII text, with CRLF line terminators
2024-01-13 11:48	db_connect2.php	1.8 kB	c50029377fdbe41d1ee3484c056e5c71	PHP script, ASCII text, with CRLF line terminators
2024-01-13 11:48	db_connect3.php	2.0 kB	5f904fda731d12a0cc050ccf0e9242b8	PHP script, ASCII text, with CRLF line terminators
2024-01-13 11:48	db_connect4.php	1.7 kB	4a0396058041650d0124dc19aa93220c	PHP script, ASCII text, with CRLF line terminators
2024-01-13 11:48	db_connect5.php	1.7 kB	7e8e8c1a0eef91908a420ebafee81319	PHP script, ASCII text, with CRLF line terminators
2024-01-13 12:05	BANGOR.png	46 kB	1bdfa66f99aba2e3dc0ffe0469703976	PNG image data, 385 x 131, 8-bit/color RGB, non-interlaced
2024-01-13 11:48	index.html	11 kB	32426c9abb320e46b5b0a7470b16fbcf	HTML document, Unicode text, UTF-8 text, with very long lines (485), with CRLF line terminators
2024-01-13 11:48	index2.html	11 kB	18bdc22a8735254c811b0c2cec511399	HTML document, Unicode text, UTF-8 text, with very long lines (485), with CRLF line terminators
2024-01-01 06:21	me.php	53 B	5dd443487a62e88bee33c954a2707899	PHP script, ASCII text, with CRLF line terminators
2024-01-13 11:48	otp.html	10 kB	5ecedf1737cdfd9cadeb20363be37e8d	HTML document, Unicode text, UTF-8 text, with very long lines (1282), with CRLF line terminators
2024-01-13 11:48	otp2.html	10 kB	d573124f74989e0bc55a693f09df3efa	HTML document, Unicode text, UTF-8 text, with very long lines (1282), with CRLF line terminators
2024-01-13 11:48	personal.html	11 kB	0a3ce2228f2f22274863b65f36a963bd	HTML document, Unicode text, UTF-8 text, with very long lines (1282), with CRLF line terminators
2024-01-13 11:48	security.html	17 kB	6277333ff5258daa8e7a6e629989a5c9	HTML document, Unicode text, UTF-8 text, with very long lines (1282), with CRLF line terminators

Detections

Analyzer	Verdict	Alert
Phishing Kit YARA rules	phishing	Phishing Kit impersonating America First Credit Union
VirusTotal	suspicious	VirusTotal - Scan result 7/62

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

mail.fnbo-isafe.from-md.com/Fnbobnk.zip

159.89.233.238

200 OK

112 kB

URL User Request GET HTTP/1.1
mail.fnbo-isafe.from-md.com/Fnbobnk.zip
IP
159.89.233.238:443
ASN
#14061 DIGITALOCEAN-ASN

Certificate
IssuerLet's Encrypt
Subjectcpcontacts.fnbo-isafe.from-md.com
Fingerprint7F:A9:6F:A6:51:BD:39:F1:38:3B:30:6C:31:36:1F:A1:32:A9:C9:3C
ValidityWed, 17 Apr 2024 19:23:49 GMT - Tue, 16 Jul 2024 19:23:48 GMT

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
112 kB (111570 bytes)
Hash
b9b90335c4d9d7632136142745deb8b0
00ec34f5fb6ed3aaaceb4ef20b724b076b3e8faf
a4125772803bf7c5e37e3fe954fd86978ab379dff6acd4708cb6068fc38a4e0e

Detections

Analyzer	Verdict	Alert
Phishing Kit YARA rules	phishing	Phishing Kit impersonating America First Credit Union
VirusTotal	suspicious	VirusTotal - Scan result 7/62

HTTP Headers

GET /Fnbobnk.zip HTTP/1.1
Host: mail.fnbo-isafe.from-md.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 08:37:00 GMT
Server: Apache
Last-Modified: Wed, 17 Apr 2024 20:17:41 GMT
Accept-Ranges: bytes
Content-Length: 111570
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/zip

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (22)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers