Report - corp.bnpparibasbank.ru/bank/plugins/plugins.zip

Report Overview

Submitted URL
corp.bnpparibasbank.ru/bank/plugins/plugins.zip
IP
195.222.161.172
ASN
#3216 PVimpelCom
Submitted
2024-04-19 11:00:00
Access
public
Website Title
Warning: Potential Security Risk Ahead
Final URL
about:certerror?e=nssBadCert&u=https%3A//corp.bnpparibasbank.ru/bank/plugins/plugins.zip&c=UTF-8&d=%20
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
mitmdetection.services.mozilla.com	67826	1994-10-18	2019-07-22	2024-04-18	366 B	326 B	54.230.111.77
corp.bnpparibasbank.ru	unknown	unknown	No data	No data	918 B	6.9 MB	195.222.161.172

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
corp.bnpparibasbank.ru/bank/plugins/plugins.zip
IP
195.222.161.172
ASN
#3216 PVimpelCom

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
6.9 MB (6922234 bytes)
Hash
d7870d3517762f82f8b4cc0634e5f7df
bad8266f0460c7a8441ee6ceb9a1234bb027b399
1a9366ad72b3238afa58c8d0951e84e3ecc6c510ae08589403b3eb286d26e4ba

Archive (2)

Modified	Filename	Size	Md5	File type
2023-08-02 10:48	rfcPlugin.msi	2.1 MB	8351b146860974164101711eebb5605b	Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Installer for the RfcPlugin plugin, Author: LLC RFC-Soft, Keywords: Installer, Comments: This installer database contains the logic and data required to install RfcPlugin., Template: Intel;1033, Revision Number: {8BD08B72-CA10-4CDC-AF94-55EE4D908C0B}, Create Time/Date: Wed Jul 19 16:55:50 2023, Last Saved Time/Date: Wed Jul 19 16:55:50 2023, Number of Pages: 200, Number of Words: 10, Name of Creating Application: Windows Installer XML Toolset (3.11.1.2318), Security: 2
2022-06-06 12:38	RutokenPlugin.msi	6.4 MB	4fbaaea26fc3529e722a1b1a5763ebd3	Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.3, MSI Installer, Code page: 1251, Title: Installation Database, Subject: , Author: Aktiv Co., Keywords: Installer,Rutoken,,,, Comments: , ., Create Time/Date: Tue Dec 21 09:31:08 2021, Name of Creating Application: Windows Installer XML Toolset (43.11.1.3724), Security: 2, Template: Intel;1033, Last Saved By: Intel;1049, Revision Number: {154270B0-54C0-4EB7-88A8-16F36E3F1B79}4.6.0.0;{16E29FA4-CFEC-4037-A272-2917415B147B}4.6.0.0;{15D71FCE-9989-557E-9B87-239DAAAFE408}, Number of Pages: 200, Number of Characters: 0

JavaScript (1)

	URL	Size	First Seen	Last Seen
	about:certerror?e=nssBadCert&u=https%3A//corp.bnpparibasbank.ru/bank/plugins/plugins.zip&c=UTF-8&d=%20	0 B	2023-03-07	2024-05-02
Pretty URL about:certerror?e=nssBadCert&u=https%3A//corp.bnpparibasbank.ru/bank/plugins/plugins.zip&c=UTF-8&d=%20 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-02 03:30:01 Times Seen37261632 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

HTTP Transactions (3)

	URL	IP	Response	Size
	corp.bnpparibasbank.ru/bank/plugins/plugins.zip	195.222.161.172	200 OK	0 B
URL User Request GET HTTP/1.1 corp.bnpparibasbank.ru/bank/plugins/plugins.zip IP 195.222.161.172:443 ASN #3216 PVimpelCom Certificate IssuerThe Ministry of Digital Development and Communications Subjectcorp.bnpparibasbank.ru Fingerprint06:D7:AF:3C:9A:3B:E5:E1:7F:22:BE:C2:5A:2A:CF:EB:AF:6D:01:C3 ValidityMon, 17 Jul 2023 12:52:52 GMT - Tue, 16 Jul 2024 12:52:52 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers `GET /bank/plugins/plugins.zip HTTP/1.1 Host: corp.bnpparibasbank.ru User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 307 Moved Temporarily Location: https://corp.bnpparibasbank.ru/bank/plugins/plugins.zip Content-Length: 0`

	mitmdetection.services.mozilla.com/	54.230.111.77		0 B
URL mitmdetection.services.mozilla.com/ IP 54.230.111.77:0 ASN #16509 AMAZON-02 File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers `HEAD / HTTP/1.1 Host: mitmdetection.services.mozilla.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/2 404 Not Found content-type: application/xml date: Fri, 19 Apr 2024 10:59:33 GMT server: AmazonS3 x-cache: Error from cloudfront via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront) x-amz-cf-pop: OSL50-P1 x-amz-cf-id: Uf6ojmgRej43F5GPPye2646nwo54eCXqJL1mWe25i9J0K1lRkNJGAA== X-Firefox-Spdy: h2`

	corp.bnpparibasbank.ru/bank/plugins/plugins.zip	195.222.161.172	200 OK	6.9 MB
URL User Request GET HTTP/1.1 corp.bnpparibasbank.ru/bank/plugins/plugins.zip IP 195.222.161.172:443 ASN #3216 PVimpelCom Certificate IssuerThe Ministry of Digital Development and Communications Subjectcorp.bnpparibasbank.ru Fingerprint06:D7:AF:3C:9A:3B:E5:E1:7F:22:BE:C2:5A:2A:CF:EB:AF:6D:01:C3 ValidityMon, 17 Jul 2023 12:52:52 GMT - Tue, 16 Jul 2024 12:52:52 GMT File type Zip archive data, at least v1.0 to extract, compression method=store Size 6.9 MB (6922234 bytes) Hash d7870d3517762f82f8b4cc0634e5f7df bad8266f0460c7a8441ee6ceb9a1234bb027b399 1a9366ad72b3238afa58c8d0951e84e3ecc6c510ae08589403b3eb286d26e4ba HTTP Headers `GET /bank/plugins/plugins.zip HTTP/1.1 Host: corp.bnpparibasbank.ru User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 10:59:34 GMT X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Last-Modified: Mon, 14 Aug 2023 07:09:34 GMT ETag: "49000000044057-699ffa-602dcbea00fdb" Accept-Ranges: bytes Content-Length: 6922234 Cache-control: no-store Pragma: no-cache Expires: -1 Content-Type: application/zip Keep-Alive: timeout=5, max=100 Connection: Keep-Alive`