Report - qqmh.lineaccessconnect.eu/ii

Report Overview

Visited public
2023-09-27 19:20:47
Tags
botpanel malware
URL
qqmh.lineaccessconnect.eu/ii
Finishing URL
secure.bankofamericaensecure-us.com/
IP / ASN
104.21.38.218
#13335 CLOUDFLARENET
Title
囧 - 500
Malware - Botnet panel

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
bankofamericaus.blob.core.windows.net	unknown	unknown	No data	No data	511 B	562 B	52.239.221.36
secure.bankofamericaensecure-us.com	unknown	2023-09-25	2023-09-25 23:36:21	2023-09-27 19:16:09	1.4 kB	3.6 kB	20.121.119.57

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-09-27	medium	bankofamericaensecure-us.com	Sinkholed
2023-09-27	medium	bankofamericaensecure-us.com	Sinkholed
2023-09-27	medium	bankofamericaensecure-us.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (4)

URL IP Response Size

bankofamericaus.blob.core.windows.net/secure/en-us.html

52.239.221.36

161 B

URL
bankofamericaus.blob.core.windows.net/secure/en-us.html
IP
52.239.221.36:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document, ASCII text, with CRLF line terminators
Size
161 B (161 bytes)
Hash
c549675893d06159d2c99154d382d536
4be024740d4cc0de58d94232ae163d2a3bb6124a
3ef1132e4ab261bd6f810583f9ea69923499582b0e4beb375115ae999de05706

HTTP Headers

GET /secure/en-us.html HTTP/1.1
Host: bankofamericaus.blob.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 161
Content-Type: text/html
Content-MD5: xUlnWJPQYVnSyZFU04LVNg==
Last-Modified: Mon, 25 Sep 2023 21:38:25 GMT
ETag: 0x8DBBE0FBFD643D4
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: e0535688-901e-0015-7a77-f10905000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Wed, 27 Sep 2023 19:20:28 GMT

secure.bankofamericaensecure-us.com/

20.121.119.57

802 B

URL
secure.bankofamericaensecure-us.com/
IP
20.121.119.57:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Size
802 B (802 bytes)
Hash
0cc8f166a31e5b77fccb5deed8c3fe29
7a651d5f1102e40a7e8eac2ab21d5a564649ca4a
55cd462ccfe1d1dfbb9412ee083d5d87186bb013be323ed4ba9d2f22c4ddf2e4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: secure.bankofamericaensecure-us.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 500 Internal Server Error
Date: Wed, 27 Sep 2023 19:20:28 GMT
Server: Apache
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

secure.bankofamericaensecure-us.com/static/errors/css/app.css

20.121.119.57

1.6 kB

URL
secure.bankofamericaensecure-us.com/static/errors/css/app.css
IP
20.121.119.57:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
ASCII text
Size
1.6 kB (1565 bytes)
Hash
fb16ab578286a177394102fa24122d31
07e83ad9a2d1b005317696e485f7e16de4eed43e
26d950fc2f9c619127adb35b2cec725c7b42b2f01dc3834e604686fc296fd363

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/errors/css/app.css HTTP/1.1
Host: secure.bankofamericaensecure-us.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://secure.bankofamericaensecure-us.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 27 Sep 2023 19:20:29 GMT
Server: Apache
Last-Modified: Sat, 01 Apr 2023 08:53:49 GMT
Accept-Ranges: bytes
Content-Length: 1565
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

secure.bankofamericaensecure-us.com/static/errors/img/logo.svg

20.121.119.57

200 OK

610 B

URL GET HTTP/1.1
secure.bankofamericaensecure-us.com/static/errors/img/logo.svg
IP
20.121.119.57:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://secure.bankofamericaensecure-us.com/
Certificate
IssuerLet's Encrypt
Subjectsecure.bankofamericaensecure-us.com
Fingerprint2E:FF:E3:E2:AF:19:4F:0A:78:C0:33:C8:CE:25:87:D7:4A:F2:28:DE
ValidityMon, 25 Sep 2023 20:35:28 GMT - Sun, 24 Dec 2023 20:35:27 GMT

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (610), with no line terminators
Size
610 B (610 bytes)
Hash
4e5ef49c75c8908a9b75d0640c0716f3
0ed504949f5a6980034aa373f0327c9d12521884
6ede8573b3db2f22180b6d9528600bd85f2f090b76c630030845bbfe2de5b1d6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/errors/img/logo.svg HTTP/1.1
Host: secure.bankofamericaensecure-us.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://secure.bankofamericaensecure-us.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 27 Sep 2023 19:20:29 GMT
Server: Apache
Last-Modified: Thu, 30 Mar 2023 11:35:41 GMT
Accept-Ranges: bytes
Content-Length: 610
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/svg+xml

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (4)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers