Report - nichemedgroup.com/www.bankofamerica.com/login.php

Report Overview

Submitted URL
nichemedgroup.com/www.bankofamerica.com/login.php
IP
172.67.218.249
ASN
#13335 CLOUDFLARENET
Submitted
2023-06-07 06:12:45
Access
public
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
2
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
nichemedgroup.com	unknown	2009-10-24	2017-02-10	2023-06-06	1.2 kB	16 kB	172.67.218.249
performance.radar.cloudflare.com	unknown	2009-02-17	2022-06-29	2023-06-07	385 B	19 kB	104.18.31.78

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-06-07 06:12:27	medium	172.67.218.249	Client IP	ET INFO TLS Handshake Failure
2023-06-07 06:12:27	medium	172.67.218.249	Client IP	ET INFO TLS Handshake Failure

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (4)

	URL	Size	First Seen	Last Seen
	nichemedgroup.com/www.bankofamerica.com/login.php	0 B	2023-03-07	2024-04-20
Pretty URL nichemedgroup.com/www.bankofamerica.com/login.php IP 172.67.218.249 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-20 03:25:38 Times Seen36969330 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	nichemedgroup.com/www.bankofamerica.com/login.php	393 B	2023-04-05	2024-04-20
Pretty URL nichemedgroup.com/www.bankofamerica.com/login.php IP 172.67.218.249 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-05 04:39:40 Last Seen2024-04-20 02:23:43 Times Seen66950 Hash 34ad0a116707d3b794129a6720af92d7 424de9dbb8bc774e2a2d4ade100d90f5ac0ecbf4 d011a9449a990f2086894be870adc6fbb53595dc593b410a83e45e40bfbc7262 Loading...

	nichemedgroup.com/www.bankofamerica.com/login.php	0 B	2023-03-07	2024-04-20
Pretty URL nichemedgroup.com/www.bankofamerica.com/login.php IP 172.67.218.249 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-20 03:25:38 Times Seen36969330 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	performance.radar.cloudflare.com/beacon.js	18 kB	2023-06-07	2023-06-07
Pretty URL performance.radar.cloudflare.com/beacon.js IP 104.18.31.78 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-07 08:12:45 Last Seen2023-06-07 08:12:46 Times Seen2 Hash aba0ec351a3caf028239c7b3a11ff9bc d7f8821a5cea2b8653596f63d81de081c4e3f2fc b9bf0587b36df0a8496649736c589ba4919a82abbe0196b7d4802356cfd9f9cd Loading...

HTTP Transactions (4)

	URL	IP	Response	Size
	nichemedgroup.com/www.bankofamerica.com/login.php	172.67.218.249	409 Conflict	6.1 kB
URL User Request GET HTTP/1.1 nichemedgroup.com/www.bankofamerica.com/login.php IP 172.67.218.249:80 ASN #13335 CLOUDFLARENET File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (501) Size 6.1 kB (6119 bytes) Hash 5d3f4569237a8a564f022a9edba1b810 650aaedc8606616e220ded91283be0bed97c069c bb8fbceb300c1f3afc3db0f5ab01648ae72b84b8d24f07e9e5167290cdd669e1 HTTP Headers `GET /www.bankofamerica.com/login.php HTTP/1.1 Host: nichemedgroup.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 409 Conflict Date: Wed, 07 Jun 2023 06:12:28 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 6119 Connection: close X-Frame-Options: SAMEORIGIN Referrer-Policy: same-origin Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT Vary: Accept-Encoding Server: cloudflare CF-RAY: 7d36be5bfceeb4ff-OSL`

	nichemedgroup.com/cdn-cgi/styles/main.css	104.21.24.140	200 OK	2.2 kB
URL GET HTTP/1.1 nichemedgroup.com/cdn-cgi/styles/main.css IP 104.21.24.140:80 ASN #13335 CLOUDFLARENET Requested by http://nichemedgroup.com/www.bankofamerica.com/login.php File type ASCII text, with very long lines (8012) Size 2.2 kB (2176 bytes) Hash ff26f59e28a5fe6ea4ab23586415696b 4182675484d175e363cd34b43041b7b1af93d0cd d30b4ea6f68456672f5abb35e9dcf7d54226372b66e9d60a7ee26b7a52568e74 HTTP Headers `GET /cdn-cgi/styles/main.css HTTP/1.1 Host: nichemedgroup.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://nichemedgroup.com/www.bankofamerica.com/login.php DNT: 1 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Date: Wed, 07 Jun 2023 06:12:28 GMT Content-Type: text/css Transfer-Encoding: chunked Connection: keep-alive Last-Modified: Tue, 30 May 2023 15:20:42 GMT ETag: W/"6476144a-1f4d" Server: cloudflare CF-RAY: 7d36be5dbb71b4f9-OSL X-Frame-Options: DENY X-Content-Type-Options: nosniff Vary: Accept-Encoding Expires: Wed, 07 Jun 2023 08:12:28 GMT Cache-Control: max-age=7200, public Content-Encoding: gzip`

	nichemedgroup.com/favicon.ico	104.21.24.140	409 Conflict	6.1 kB
URL GET HTTP/1.1 nichemedgroup.com/favicon.ico IP 104.21.24.140:80 ASN #13335 CLOUDFLARENET Requested by http://nichemedgroup.com/www.bankofamerica.com/login.php File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (501) Size 6.1 kB (6119 bytes) Hash b57c905dd2ad4bdecd19c2612cb8a7cc c69a3d34efeb8da0210727a3ecb6f4aa8643a464 e40acbc9a3162c4910b8d10351c5690974ddae322d6ecb4462f39b2ecac59cef HTTP Headers `GET /favicon.ico HTTP/1.1 Host: nichemedgroup.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://nichemedgroup.com/www.bankofamerica.com/login.php DNT: 1 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 409 Conflict Date: Wed, 07 Jun 2023 06:12:28 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 6119 Connection: close X-Frame-Options: SAMEORIGIN Referrer-Policy: same-origin Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT Vary: Accept-Encoding Server: cloudflare CF-RAY: 7d36be5eccd8b4f9-OSL`

	performance.radar.cloudflare.com/beacon.js	104.18.31.78	200 OK	18 kB
URL GET HTTP/2 performance.radar.cloudflare.com/beacon.js IP 104.18.31.78:443 ASN #13335 CLOUDFLARENET Requested by http://nichemedgroup.com/www.bankofamerica.com/login.php Certificate IssuerCloudflare, Inc. Subjectradar.cloudflare.com FingerprintFE:EA:F1:74:79:25:BC:59:5B:45:EB:7A:CB:F3:03:91:C3:A4:B2:A0 ValidityFri, 22 Jul 2022 00:00:00 GMT - Fri, 21 Jul 2023 23:59:59 GMT File type ASCII text, with very long lines (17888) Size 18 kB (17889 bytes) Hash aba0ec351a3caf028239c7b3a11ff9bc d7f8821a5cea2b8653596f63d81de081c4e3f2fc b9bf0587b36df0a8496649736c589ba4919a82abbe0196b7d4802356cfd9f9cd HTTP Headers `GET /beacon.js HTTP/1.1 Host: performance.radar.cloudflare.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK date: Wed, 07 Jun 2023 06:12:28 GMT content-type: text/javascript;charset=UTF-8 access-control-allow-origin: * cache-control: no-store, max-age=0 access-control-allow-headers: * access-control-allow-methods: * timing-allow-origin: * set-cookie: __cf_bm=DzwSMeqoG6n53oUIIUkRm7.QfKdy3nVpP7YcOgox0.w-1686118348-0-AZV2LUgEwPWgrOCXh3pVYQj5wCXaACOc8ly7mKUT/brvmbd9HstKLbukl86jrplliU3G6b/r+z0EoG+Pan1g/iU=; path=/; expires=Wed, 07-Jun-23 06:42:28 GMT; domain=.radar.cloudflare.com; HttpOnly; Secure; SameSite=None vary: Accept-Encoding strict-transport-security: max-age=15552000; includeSubDomains expect-ct: max-age=86400, enforce referrer-policy: same-origin x-content-type-options: nosniff x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block server: cloudflare cf-ray: 7d36be5dcc180b65-OSL content-encoding: br alt-svc: h3=":443"; ma=86400 X-Firefox-Spdy: h2