Report - www.eservicebits.com/landingpages/68887f00-4263-4783-a6f3-d553324a264f/f-zt0w6IyIZhcQopUDS7fY8BH

Report Overview

Visited public
2023-12-01 13:00:25
Tags
URL
www.eservicebits.com/landingpages/68887f00-4263-4783-a6f3-d553324a264f/f-zt0w6IyIZhcQopUDS7fY8BH_OhjcS-RC4KYlcpbPQ
Finishing URL
www.eservicebits.com/landingpages/68887f00-4263-4783-a6f3-d553324a264f/f-zt0w6IyIZhcQopUDS7fY8BH_OhjcS-RC4KYlcpbPQ
IP / ASN
54.230.111.18
#16509 AMAZON-02
Title
Amazon Sign In

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.eservicebits.com	unknown	2018-08-22	2020-02-01 15:44:27	2023-11-30 18:15:53	1.1 kB	3.4 kB	54.230.111.129
ocsp.entrust.net	1208	1997-07-28	2014-01-10 03:18:45	2023-11-30 05:36:48	680 B	3.9 kB	23.38.202.187
cloud.phishinsight.trendmicro.com	unknown	1995-04-20	2022-05-31 14:32:07	2023-11-30 18:15:54	991 B	195 kB	54.230.111.84

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-12-01	medium	eservicebits.com	Sinkholed
2023-12-01	medium	eservicebits.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (6)

URL IP Response Size

www.eservicebits.com/landingpages/68887f00-4263-4783-a6f3-d553324a264f/f-zt0w6IyIZhcQopUDS7fY8BH_OhjcS-RC4KYlcpbPQ

54.230.111.129

200 OK

2.3 kB

URL User Request GET HTTP/2
www.eservicebits.com/landingpages/68887f00-4263-4783-a6f3-d553324a264f/f-zt0w6IyIZhcQopUDS7fY8BH_OhjcS-RC4KYlcpbPQ
IP
54.230.111.129:443
ASN
#16509 AMAZON-02

Certificate
IssuerAmazon
Subjecteservicebits.com
Fingerprint22:19:AA:DD:AA:CA:C7:5D:E4:C1:21:30:90:71:82:65:85:60:C5:9E
ValidityTue, 07 Nov 2023 00:00:00 GMT - Thu, 05 Dec 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (6601)
Size
2.3 kB (2287 bytes)
Hash
6eed2ee574c2a9cd68889a807ea0e098
1bdc843d0ba648a30e8182ea16c5ae77a9e8ecf1
2f8b3bfbf768e4b97d9eceb29a283431a369ab7c54e7ac6634a66a819d6500c8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /landingpages/68887f00-4263-4783-a6f3-d553324a264f/f-zt0w6IyIZhcQopUDS7fY8BH_OhjcS-RC4KYlcpbPQ HTTP/1.1
Host: www.eservicebits.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html; charset=utf-8
content-length: 2287
date: Fri, 01 Dec 2023 13:00:08 GMT
x-amzn-requestid: 29d44154-4cb8-4dfa-bb54-7e35d61a8014
content-encoding: br
x-amzn-remapped-content-length: 2287
x-amz-apigw-id: PQ7R0HSFDoEEL7g=
x-amzn-trace-id: Root=1-6569d8d8-26a18a2f50e0fc982f0af985
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 6259d2cd8a5947ad41a420527bbed7a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: -DASb3xBytbzfKa1QwOcIE9-SNGZl4tovhDhGDAlUk_LcPlxgxcYtA==
X-Firefox-Spdy: h2

www.eservicebits.com/favicon.ico

54.230.111.129

403 Forbidden

42 B

URL GET HTTP/2
www.eservicebits.com/favicon.ico
IP
54.230.111.129:443
ASN
#16509 AMAZON-02

Requested by
https://www.eservicebits.com/landingpages/68887f00-4263-4783-a6f3-d553324a264f/f-zt0w6IyIZhcQopUDS7fY8BH_OhjcS-RC4KYlcpbPQ
Certificate
IssuerAmazon
Subjecteservicebits.com
Fingerprint22:19:AA:DD:AA:CA:C7:5D:E4:C1:21:30:90:71:82:65:85:60:C5:9E
ValidityTue, 07 Nov 2023 00:00:00 GMT - Thu, 05 Dec 2024 23:59:59 GMT

File type
JSON data\012- , ASCII text, with no line terminators
Size
42 B (42 bytes)
Hash
905b1fbb26e082557ff0b3b3553cda6c
8fe0790d6026998bdb2c9ffa3b915952e613e1b4
f249b63cb2fcb66b47e86f906c98f8fd912e82dd035b4e53d7e72fc1960cfd16

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: www.eservicebits.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.eservicebits.com/landingpages/68887f00-4263-4783-a6f3-d553324a264f/f-zt0w6IyIZhcQopUDS7fY8BH_OhjcS-RC4KYlcpbPQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 403 Forbidden
content-type: application/json
content-length: 42
date: Fri, 01 Dec 2023 13:00:09 GMT
x-amzn-requestid: 4998ffba-28ef-4fd7-b25f-e34079ebe403
x-amzn-errortype: MissingAuthenticationTokenException
x-amz-apigw-id: PQ7R9GQIjoEEu7Q=
x-amzn-trace-id: Root=1-6569d8d9-744310461ce81de933087ffc
x-cache: Error from cloudfront
via: 1.1 6259d2cd8a5947ad41a420527bbed7a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: icX6m1FaUBcAcTS6ZFLopeDEZzuNagguPAa3U10i0FJkzPYmkdpDHA==
X-Firefox-Spdy: h2

ocsp.entrust.net/

23.38.202.187

1.6 kB

URL
ocsp.entrust.net/
IP
23.38.202.187:0
ASN
#16625 AKAMAI-AS

File type
data
Size
1.6 kB (1588 bytes)
Hash
5bfa953f6798fdc410914c80366b97c5
909fe8108893e5194074821eb7cacb212754ae4d
cec6b6b5d9699f0935a0aec3c0129c2b0f7ca1915253c8fa42ee5ec578f2de6b

HTTP Headers

POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "CEC6B6B5D9699F0935A0AEC3C0129C2B0F7CA1915253C8FA42EE5EC578F2DE6B"
Last-Modified: Fri, 01 Dec 2023 10:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3570
Expires: Fri, 01 Dec 2023 13:59:39 GMT
Date: Fri, 01 Dec 2023 13:00:09 GMT
Connection: keep-alive

ocsp.entrust.net/

23.38.202.187

1.6 kB

URL
ocsp.entrust.net/
IP
23.38.202.187:0
ASN
#16625 AKAMAI-AS

File type
data
Size
1.6 kB (1588 bytes)
Hash
5bfa953f6798fdc410914c80366b97c5
909fe8108893e5194074821eb7cacb212754ae4d
cec6b6b5d9699f0935a0aec3c0129c2b0f7ca1915253c8fa42ee5ec578f2de6b

HTTP Headers

POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "CEC6B6B5D9699F0935A0AEC3C0129C2B0F7CA1915253C8FA42EE5EC578F2DE6B"
Last-Modified: Fri, 01 Dec 2023 10:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3600
Expires: Fri, 01 Dec 2023 14:00:09 GMT
Date: Fri, 01 Dec 2023 13:00:09 GMT
Connection: keep-alive

cloud.phishinsight.trendmicro.com/content/lps/assets/system/css/amazing.css

54.230.111.84

200 OK

155 kB

URL GET HTTP/2
cloud.phishinsight.trendmicro.com/content/lps/assets/system/css/amazing.css
IP
54.230.111.84:443
ASN
#16509 AMAZON-02

Requested by
https://www.eservicebits.com/landingpages/68887f00-4263-4783-a6f3-d553324a264f/f-zt0w6IyIZhcQopUDS7fY8BH_OhjcS-RC4KYlcpbPQ
Certificate
IssuerEntrust, Inc.
Subject*.phishinsight.trendmicro.com
Fingerprint56:60:6E:9D:00:AA:1E:D3:FD:93:1C:DD:21:78:24:D2:87:DC:75:35
ValidityTue, 18 Jul 2023 09:05:11 GMT - Sat, 17 Aug 2024 09:05:10 GMT

File type
ASCII text
Size
155 kB (154555 bytes)
Hash
cdcfb06fccd5101ad83b068aae18d2ac
d0d1e62640e43fe914e33624c4937783db6daf8d
2eb5066c44bf75f54cf9910551e82e04fe9f314e92ac00f3f9a9414e8b93be8a

HTTP Headers

GET /content/lps/assets/system/css/amazing.css HTTP/1.1
Host: cloud.phishinsight.trendmicro.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.eservicebits.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css
content-length: 154555
date: Fri, 01 Dec 2023 13:00:10 GMT
x-amz-replication-status: COMPLETED
last-modified: Wed, 29 Mar 2023 03:32:36 GMT
etag: "cdcfb06fccd5101ad83b068aae18d2ac"
x-amz-server-side-encryption: AES256
x-amz-version-id: ahahxGXUNDloLS.CMWtOR7Dz1cJk_XJg
accept-ranges: bytes
server: AmazonS3
x-cache: Miss from cloudfront
via: 1.1 d9fb4c3794a085bb4ee2c5798c2cb1b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: mnEv4PrzvNMd2AGdBsCC9_ndOHLOPrYvNkL9i-H-UavGSzqpvoXWjA==
X-Firefox-Spdy: h2

cloud.phishinsight.trendmicro.com/content/lps/assets/system/css/authetication_portal_assets_secure.min.css

54.230.111.84

200 OK

40 kB

URL GET HTTP/2
cloud.phishinsight.trendmicro.com/content/lps/assets/system/css/authetication_portal_assets_secure.min.css
IP
54.230.111.84:443
ASN
#16509 AMAZON-02

Requested by
https://www.eservicebits.com/landingpages/68887f00-4263-4783-a6f3-d553324a264f/f-zt0w6IyIZhcQopUDS7fY8BH_OhjcS-RC4KYlcpbPQ
Certificate
IssuerEntrust, Inc.
Subject*.phishinsight.trendmicro.com
Fingerprint56:60:6E:9D:00:AA:1E:D3:FD:93:1C:DD:21:78:24:D2:87:DC:75:35
ValidityTue, 18 Jul 2023 09:05:11 GMT - Sat, 17 Aug 2024 09:05:10 GMT

File type
ASCII text, with very long lines (1404)
Size
40 kB (39674 bytes)
Hash
adf2087b15700ef7f30456546c2d5dbd
b21ab6c4053f8414ae723354de28735205c582f7
50c83ea0fb57531831f2f0bcb3e826e6af9cc0871a976e98798aa07281a2325a

HTTP Headers

GET /content/lps/assets/system/css/authetication_portal_assets_secure.min.css HTTP/1.1
Host: cloud.phishinsight.trendmicro.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.eservicebits.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css
content-length: 39674
date: Fri, 01 Dec 2023 13:00:10 GMT
x-amz-replication-status: COMPLETED
last-modified: Wed, 29 Mar 2023 03:32:37 GMT
etag: "adf2087b15700ef7f30456546c2d5dbd"
x-amz-server-side-encryption: AES256
x-amz-version-id: bmshFI8X3sSNELca_lOGMODWFTtkad9h
accept-ranges: bytes
server: AmazonS3
x-cache: Miss from cloudfront
via: 1.1 d9fb4c3794a085bb4ee2c5798c2cb1b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: giLFyZPPGr-mM_MouSU-2Xwh1VE3bGqmANBljXJ8F5p38rrGwDLoNw==
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (6)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers