| | 185.215.113.118 | 200 OK | 930 B |
URL User Request GET HTTP/1.1IP185.215.113.118:443 ASN#51381 1337Team Limited
CertificateIssuerLet's Encrypt Subject2fa-connect.app FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT
File typeHTML document, ASCII text, with very long lines (3218), with no line terminators Hash98b91f62d01cba8c69a19a16ca65c254 e3bfe1204e364bf956db069d15144b01896417d6 ceec848cb787f9e89e8a550eb71d76a8add496a0da9c133644e955afadf80a38
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET / HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:35 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: Next.js
ETag: "1387uhfj93d2he"
Vary: Accept-Encoding
Content-Encoding: gzip
|
|
| 2fa-connect.app/_next/static/media/4f117ec02fc103f8-s.p.woff2 | 185.215.113.118 | 200 OK | 44 kB |
URL GET HTTP/1.12fa-connect.app/_next/static/media/4f117ec02fc103f8-s.p.woff2 IP185.215.113.118:443 ASN#51381 1337Team Limited
CertificateIssuerLet's Encrypt Subject2fa-connect.app FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 44264, version 1.0 Hash03c6826d225a339fad5a72e435f19299 991e2551b43e6f294350725e9471534d6c0e4ac1 60e11d985314d4843c7a741d67bc7744c4bf519e50ce08e1d5e74e43414aaff0
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/media/4f117ec02fc103f8-s.p.woff2 HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://2fa-connect.app/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:35 GMT
Content-Type: font/woff2
Content-Length: 44264
Connection: keep-alive
Cache-Control: public, max-age=31536000, immutable
Accept-Ranges: bytes
Last-Modified: Mon, 15 Apr 2024 23:02:59 GMT
ETag: W/"ace8-18ee3ffdada"
|
|
| 2fa-connect.app/_next/static/css/1fbe2e0c7e8b651e.css | 185.215.113.118 | 200 OK | 4.3 kB |
URL GET HTTP/1.12fa-connect.app/_next/static/css/1fbe2e0c7e8b651e.css IP185.215.113.118:443 ASN#51381 1337Team Limited
CertificateIssuerLet's Encrypt Subject2fa-connect.app FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT
File typeUnicode text, UTF-8 text, with very long lines (17700), with no line terminators Hash6fa7506165611d2f3b23efae29a9a130 c4936d2244c304df1ce257e9a3d5e0251f6d4c5d 84fd52cba82f9c225e709a2ed7646d3565c4b8b37ac89dfd8e43bf4224eda54c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/css/1fbe2e0c7e8b651e.css HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2fa-connect.app/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:35 GMT
Content-Type: text/css; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: public, max-age=31536000, immutable
Accept-Ranges: bytes
Last-Modified: Mon, 15 Apr 2024 23:02:59 GMT
ETag: W/"453e-18ee3ffdade"
Vary: Accept-Encoding
Content-Encoding: gzip
|
|
| 2fa-connect.app/_next/static/chunks/webpack-cbafb5bd83b319bf.js | 185.215.113.118 | 200 OK | 1.1 kB |
URL GET HTTP/1.12fa-connect.app/_next/static/chunks/webpack-cbafb5bd83b319bf.js IP185.215.113.118:443 ASN#51381 1337Team Limited
CertificateIssuerLet's Encrypt Subject2fa-connect.app FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT
File typeJavaScript source, ASCII text, with very long lines (2657), with no line terminators Hashff307e0e92255d4a5a046cb9648df52b b9f434f0d7bce6307b215bdc9897011719bc59ce 617c1165bfd3e1141325726c510b42fecdce94e246488747bda5dae3dcd9b211
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/webpack-cbafb5bd83b319bf.js HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2fa-connect.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:35 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: public, max-age=31536000, immutable
Accept-Ranges: bytes
Last-Modified: Mon, 15 Apr 2024 23:02:59 GMT
ETag: W/"a61-18ee3ffdade"
Vary: Accept-Encoding
Content-Encoding: gzip
|
|
| 2fa-connect.app/_next/static/css/e807c5f3c7e39ea5.css | 185.215.113.118 | 200 OK | 14 kB |
URL GET HTTP/1.12fa-connect.app/_next/static/css/e807c5f3c7e39ea5.css IP185.215.113.118:443 ASN#51381 1337Team Limited
CertificateIssuerLet's Encrypt Subject2fa-connect.app FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT
File typeASCII text, with very long lines (58123), with CRLF, LF line terminators Hashf0e982c31e7c7896da1bff3fb64f0360 9a29366b53cc572b6c083842b03313c9cff42bda ea15d264570e87d07f01ae4b98eb9e7e947e5b7baf4be66bcc8767cdbe7c8c4b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/css/e807c5f3c7e39ea5.css HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2fa-connect.app/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:35 GMT
Content-Type: text/css; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: public, max-age=31536000, immutable
Accept-Ranges: bytes
Last-Modified: Mon, 15 Apr 2024 23:02:59 GMT
ETag: W/"12599-18ee3ffdada"
Vary: Accept-Encoding
Content-Encoding: gzip
|
|
| 2fa-connect.app/_next/static/chunks/pages/_app-2313d3acb70c5abd.js | 185.215.113.118 | 200 OK | 82 kB |
URL GET HTTP/1.12fa-connect.app/_next/static/chunks/pages/_app-2313d3acb70c5abd.js IP185.215.113.118:443 ASN#51381 1337Team Limited
CertificateIssuerLet's Encrypt Subject2fa-connect.app FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT
File typeJavaScript source, ASCII text, with very long lines (65321) Hash78777cf1467ea862fda0f3ee815f1460 bdcb3cf22d4f178c9d386269fd8db2333599eb71 78f516a1f8f2b13aaddb796873d3164e9b963ceb6ff85f9a13cd21fbaba4bfdf
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/pages/_app-2313d3acb70c5abd.js HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2fa-connect.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:35 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: public, max-age=31536000, immutable
Accept-Ranges: bytes
Last-Modified: Mon, 15 Apr 2024 23:02:59 GMT
ETag: W/"46454-18ee3ffdada"
Vary: Accept-Encoding
Content-Encoding: gzip
|
|
| 2fa-connect.app/_next/static/chunks/main-5cdcbd6d49f31693.js | 185.215.113.118 | 200 OK | 33 kB |
URL GET HTTP/1.12fa-connect.app/_next/static/chunks/main-5cdcbd6d49f31693.js IP185.215.113.118:443 ASN#51381 1337Team Limited
CertificateIssuerLet's Encrypt Subject2fa-connect.app FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hash67a5f43e27387e109798e51e202f1fbf 35779062b631d8191ddd1074a64e7acff545fb04 bbd4ef3d1bd496891e8aacba12eae63711c3c8c807138d1a973490964d1828e1
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/main-5cdcbd6d49f31693.js HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2fa-connect.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:35 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: public, max-age=31536000, immutable
Accept-Ranges: bytes
Last-Modified: Mon, 15 Apr 2024 23:02:59 GMT
ETag: W/"1c29c-18ee3ffdada"
Vary: Accept-Encoding
Content-Encoding: gzip
|
|
| 2fa-connect.app/_next/static/chunks/1a48c3c1-8530ceb7dc4b096d.js | 185.215.113.118 | 200 OK | 583 B |
URL GET HTTP/1.12fa-connect.app/_next/static/chunks/1a48c3c1-8530ceb7dc4b096d.js IP185.215.113.118:443 ASN#51381 1337Team Limited
CertificateIssuerLet's Encrypt Subject2fa-connect.app FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT
File typeJavaScript source, ASCII text, with very long lines (583), with no line terminators Hash4b47916b67eceacf56bc8a54794fff48 ada2a0cf1d1efc3acd30f19a6377805b37f40a9c 59e255abfee85a39a9c2538bfbd07ad3de9da073909dd01df39d63774078b0a0
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/1a48c3c1-8530ceb7dc4b096d.js HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2fa-connect.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:35 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 583
Connection: keep-alive
Cache-Control: public, max-age=31536000, immutable
Accept-Ranges: bytes
Last-Modified: Mon, 15 Apr 2024 23:02:59 GMT
ETag: W/"247-18ee3ffdade"
Vary: Accept-Encoding
|
|
| 2fa-connect.app/_next/static/chunks/framework-5666885447fdc3cc.js | 185.215.113.118 | 200 OK | 45 kB |
URL GET HTTP/1.12fa-connect.app/_next/static/chunks/framework-5666885447fdc3cc.js IP185.215.113.118:443 ASN#51381 1337Team Limited
CertificateIssuerLet's Encrypt Subject2fa-connect.app FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT
File typeJavaScript source, ASCII text, with very long lines (65201) Hash6f78840188652a255488524ba24b694c 5d30199ed324bca3850cb0ba2e002ca8bbd63328 39905d3d4badf88532fdc2aa18cb6fc26c57382caa8a05fe0a8365b70fc2eb8f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/framework-5666885447fdc3cc.js HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2fa-connect.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:35 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: public, max-age=31536000, immutable
Accept-Ranges: bytes
Last-Modified: Mon, 15 Apr 2024 23:02:59 GMT
ETag: W/"226f8-18ee3ffdade"
Vary: Accept-Encoding
Content-Encoding: gzip
|
|
| 2fa-connect.app/_next/static/chunks/29107295-2c4ccc922958d76c.js | 185.215.113.118 | 200 OK | 26 kB |
URL GET HTTP/1.12fa-connect.app/_next/static/chunks/29107295-2c4ccc922958d76c.js IP185.215.113.118:443 ASN#51381 1337Team Limited
CertificateIssuerLet's Encrypt Subject2fa-connect.app FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (65344), with no line terminators Hashe39d120aab2ca5fd9874c826e74e55b3 d290f4d3d1a788ffd67d3c4d01ab2c49f442344a 4036b734ca2db6230ee1b24ced5186ba5232df14aff5c0e33178c6283c458664
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/29107295-2c4ccc922958d76c.js HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2fa-connect.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:35 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: public, max-age=31536000, immutable
Accept-Ranges: bytes
Last-Modified: Mon, 15 Apr 2024 23:02:59 GMT
ETag: W/"144a3-18ee3ffdade"
Vary: Accept-Encoding
Content-Encoding: gzip
|
|
| 2fa-connect.app/_next/static/chunks/1bfc9850-4a72bd178e9802af.js | 185.215.113.118 | 200 OK | 10 kB |
URL GET HTTP/1.12fa-connect.app/_next/static/chunks/1bfc9850-4a72bd178e9802af.js IP185.215.113.118:443 ASN#51381 1337Team Limited
CertificateIssuerLet's Encrypt Subject2fa-connect.app FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT
File typeJavaScript source, ASCII text, with very long lines (25635), with no line terminators Hashd0dc9153ebbb0370f8ebefa4611e8711 c7510ed81bd00542daab14e5ad2d778d2b4fb42b 6d53e4ec3f79eb2bc4123cebfa4df087ff0818e90636fbb2ccba9e5bd8835523
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/1bfc9850-4a72bd178e9802af.js HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2fa-connect.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:35 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: public, max-age=31536000, immutable
Accept-Ranges: bytes
Last-Modified: Mon, 15 Apr 2024 23:02:59 GMT
ETag: W/"6423-18ee3ffdade"
Vary: Accept-Encoding
Content-Encoding: gzip
|
|
| 2fa-connect.app/_next/static/chunks/252f366e-a5a6f702cd6dba34.js | 185.215.113.118 | 200 OK | 822 B |
URL GET HTTP/1.12fa-connect.app/_next/static/chunks/252f366e-a5a6f702cd6dba34.js IP185.215.113.118:443 ASN#51381 1337Team Limited
CertificateIssuerLet's Encrypt Subject2fa-connect.app FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT
File typeJavaScript source, ASCII text, with very long lines (2120), with no line terminators Hashab688fe4776686dd7e67f82c89f05519 9d8d4832794706723a383775c3ae02f676ded37a c98398761c85376963fff57316a3bd746af396ea90a355e3471a424dc539c5b2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/252f366e-a5a6f702cd6dba34.js HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2fa-connect.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:35 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: public, max-age=31536000, immutable
Accept-Ranges: bytes
Last-Modified: Mon, 15 Apr 2024 23:02:59 GMT
ETag: W/"848-18ee3ffdade"
Vary: Accept-Encoding
Content-Encoding: gzip
|
|
| 2fa-connect.app/_next/static/chunks/1e7c12d4-9caf7dccb6a1d25b.js | 185.215.113.118 | 200 OK | 765 B |
URL GET HTTP/1.12fa-connect.app/_next/static/chunks/1e7c12d4-9caf7dccb6a1d25b.js IP185.215.113.118:443 ASN#51381 1337Team Limited
CertificateIssuerLet's Encrypt Subject2fa-connect.app FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT
File typeJavaScript source, ASCII text, with very long lines (765), with no line terminators Hash69cdaea2a73b7975e2aacd87ab1d035f 98b1fb984bf59573ec531397a642b921dcb7fdbd 26db04d287202eb97e1be6cd81b1cc8f1853341abdf27e3b62f721c643b4f71b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/1e7c12d4-9caf7dccb6a1d25b.js HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2fa-connect.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:35 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 765
Connection: keep-alive
Cache-Control: public, max-age=31536000, immutable
Accept-Ranges: bytes
Last-Modified: Mon, 15 Apr 2024 23:02:59 GMT
ETag: W/"2fd-18ee3ffdade"
Vary: Accept-Encoding
|
|
| 2fa-connect.app/_next/static/chunks/31664189-79b418c8cfec1276.js | 185.215.113.118 | 200 OK | 714 B |
URL GET HTTP/1.12fa-connect.app/_next/static/chunks/31664189-79b418c8cfec1276.js IP185.215.113.118:443 ASN#51381 1337Team Limited
CertificateIssuerLet's Encrypt Subject2fa-connect.app FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT
File typeJavaScript source, ASCII text, with very long lines (714), with no line terminators Hash0ac01be907f36cd2cf63f82c95cb8c7a c99bb64772fed6585d14298b1a2877294d6fb60d c7fd8fad361fef0a0f3cc1790be47b09d4f35cc5a80690a7403c7a9f3eaf156c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/31664189-79b418c8cfec1276.js HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2fa-connect.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:35 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 714
Connection: keep-alive
Cache-Control: public, max-age=31536000, immutable
Accept-Ranges: bytes
Last-Modified: Mon, 15 Apr 2024 23:02:59 GMT
ETag: W/"2ca-18ee3ffdade"
Vary: Accept-Encoding
|
|
| 2fa-connect.app/_next/static/chunks/ae51ba48-94b23ee8caee7339.js | 185.215.113.118 | 200 OK | 737 B |
URL GET HTTP/1.12fa-connect.app/_next/static/chunks/ae51ba48-94b23ee8caee7339.js IP185.215.113.118:443 ASN#51381 1337Team Limited
CertificateIssuerLet's Encrypt Subject2fa-connect.app FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT
File typeJavaScript source, ASCII text, with very long lines (737), with no line terminators Hash20b40d34e7364378de55d6d59a3cd0ca a49085be6ca17ffcb02854bca50d4b88b5d663c1 f6462e0f48811e31e79646d70961e11ab139aa9ae865f0393c3075b29c5692c5
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/ae51ba48-94b23ee8caee7339.js HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2fa-connect.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:35 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 737
Connection: keep-alive
Cache-Control: public, max-age=31536000, immutable
Accept-Ranges: bytes
Last-Modified: Mon, 15 Apr 2024 23:02:59 GMT
ETag: W/"2e1-18ee3ffdade"
Vary: Accept-Encoding
|
|
| 2fa-connect.app/_next/static/chunks/0c428ae2-442b49a45486c6c4.js | 185.215.113.118 | 200 OK | 430 B |
URL GET HTTP/1.12fa-connect.app/_next/static/chunks/0c428ae2-442b49a45486c6c4.js IP185.215.113.118:443 ASN#51381 1337Team Limited
CertificateIssuerLet's Encrypt Subject2fa-connect.app FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT
File typeJavaScript source, ASCII text, with very long lines (1089), with no line terminators Hash792590114e2cad44b95c5288342d1663 47ba431429ab45226d95b734fe3b36d64a4db746 c377b1747419f736b0859688ed453fb8ec49776387abc7e09686eab80e13362f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/0c428ae2-442b49a45486c6c4.js HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2fa-connect.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:35 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: public, max-age=31536000, immutable
Accept-Ranges: bytes
Last-Modified: Mon, 15 Apr 2024 23:02:59 GMT
ETag: W/"441-18ee3ffdade"
Vary: Accept-Encoding
Content-Encoding: gzip
|
|
| 2fa-connect.app/_next/static/chunks/6893-dfa84fada077ab50.js | 185.215.113.118 | 200 OK | 1.4 kB |
URL GET HTTP/1.12fa-connect.app/_next/static/chunks/6893-dfa84fada077ab50.js IP185.215.113.118:443 ASN#51381 1337Team Limited
CertificateIssuerLet's Encrypt Subject2fa-connect.app FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT
File typeJavaScript source, ASCII text, with very long lines (4092), with no line terminators Hashc0f7d09bab39fa6fd21a12507de02761 fe0fc5c22091541476e5267743a6949c2a70f554 f85fc12f7ce679ff0f8effa83c2217e593ab6d2f6bcd770eebe5a1c19af9b7d4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/6893-dfa84fada077ab50.js HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2fa-connect.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:35 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: public, max-age=31536000, immutable
Accept-Ranges: bytes
Last-Modified: Mon, 15 Apr 2024 23:02:59 GMT
ETag: W/"ffc-18ee3ffdade"
Vary: Accept-Encoding
Content-Encoding: gzip
|
|
| 2fa-connect.app/_next/static/chunks/2962-b304c7a096b6845a.js | 185.215.113.118 | 200 OK | 2.8 kB |
URL GET HTTP/1.12fa-connect.app/_next/static/chunks/2962-b304c7a096b6845a.js IP185.215.113.118:443 ASN#51381 1337Team Limited
CertificateIssuerLet's Encrypt Subject2fa-connect.app FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT
File typeJavaScript source, ASCII text, with very long lines (11317), with no line terminators Hash6ffb2f4ee1e93e270a15cbc056d5a329 65507eaec7544455fb6066c90a49e89f621b3936 8d95177400e3b6cf44bb7baa71de6bfa9c6ba155cf0b844b5a0685136d763034
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/2962-b304c7a096b6845a.js HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2fa-connect.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:35 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: public, max-age=31536000, immutable
Accept-Ranges: bytes
Last-Modified: Mon, 15 Apr 2024 23:02:59 GMT
ETag: W/"2c35-18ee3ffdade"
Vary: Accept-Encoding
Content-Encoding: gzip
|
|
| 2fa-connect.app/_next/static/chunks/5675-6a3de6baea750189.js | 185.215.113.118 | 200 OK | 4.0 kB |
URL GET HTTP/1.12fa-connect.app/_next/static/chunks/5675-6a3de6baea750189.js IP185.215.113.118:443 ASN#51381 1337Team Limited
CertificateIssuerLet's Encrypt Subject2fa-connect.app FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT
File typeJavaScript source, ASCII text, with very long lines (9684), with no line terminators Hash9465d21d28f8e71876ced17b36d6dfec 301dd546cbb246f9f0a15daa010aa77222171752 f33198153380fab1dab424e5c0026df1fe2c8a854b5a5680c102646b92658fb2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/5675-6a3de6baea750189.js HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2fa-connect.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:35 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: public, max-age=31536000, immutable
Accept-Ranges: bytes
Last-Modified: Mon, 15 Apr 2024 23:02:59 GMT
ETag: W/"25d4-18ee3ffdade"
Vary: Accept-Encoding
Content-Encoding: gzip
|
|
| 2fa-connect.app/_next/static/chunks/6850-69f05608ff4c0533.js | 185.215.113.118 | 200 OK | 4.2 kB |
URL GET HTTP/1.12fa-connect.app/_next/static/chunks/6850-69f05608ff4c0533.js IP185.215.113.118:443 ASN#51381 1337Team Limited
CertificateIssuerLet's Encrypt Subject2fa-connect.app FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT
File typeJavaScript source, ASCII text, with very long lines (10261) Hashe84df5cfa8f0ec371511b376aa8147f7 290566516ff3aeccceb33828c6cfb38696f6b00d 487f69cef6c41b991ef42f02e857c935f6f745f3ef98f7d0d5c43869539024ab
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/6850-69f05608ff4c0533.js HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2fa-connect.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:35 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: public, max-age=31536000, immutable
Accept-Ranges: bytes
Last-Modified: Mon, 15 Apr 2024 23:02:59 GMT
ETag: W/"3166-18ee3ffdade"
Vary: Accept-Encoding
Content-Encoding: gzip
|
|
| 2fa-connect.app/_next/static/chunks/9892-99c1b6d658eb1ae4.js | 185.215.113.118 | 200 OK | 44 kB |
URL GET HTTP/1.12fa-connect.app/_next/static/chunks/9892-99c1b6d658eb1ae4.js IP185.215.113.118:443 ASN#51381 1337Team Limited
CertificateIssuerLet's Encrypt Subject2fa-connect.app FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (65256), with no line terminators Hasha1505896364a0902dc7d4e45e8c0a07d c7f198ed17024bd35fb8126f878339e7914a6556 9eecaf855d015f29aa8dbf2a628f8fd29bef95bd82b589af734025a449ebb0a6
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/9892-99c1b6d658eb1ae4.js HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2fa-connect.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:35 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: public, max-age=31536000, immutable
Accept-Ranges: bytes
Last-Modified: Mon, 15 Apr 2024 23:02:59 GMT
ETag: W/"21c29-18ee3ffdade"
Vary: Accept-Encoding
Content-Encoding: gzip
|
|
| 2fa-connect.app/_next/static/chunks/2037-175d1e3f0c2f846f.js | 185.215.113.118 | 200 OK | 4.3 kB |
URL GET HTTP/1.12fa-connect.app/_next/static/chunks/2037-175d1e3f0c2f846f.js IP185.215.113.118:443 ASN#51381 1337Team Limited
CertificateIssuerLet's Encrypt Subject2fa-connect.app FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT
File typeJavaScript source, ASCII text, with very long lines (11563), with no line terminators Hashcb2aa24fc14c80c763982d37d9f4eab9 feb33b1cee287ec4a62260ee7497b015832c8d9d d0bc449a526d925ca5595b681cec0de140510b674cb308038aa60a892a33f007
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/2037-175d1e3f0c2f846f.js HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2fa-connect.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:35 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: public, max-age=31536000, immutable
Accept-Ranges: bytes
Last-Modified: Mon, 15 Apr 2024 23:02:59 GMT
ETag: W/"2d2b-18ee3ffdade"
Vary: Accept-Encoding
Content-Encoding: gzip
|
|
| 2fa-connect.app/_next/static/chunks/9306-7442921d12715970.js | 185.215.113.118 | 200 OK | 6.8 kB |
URL GET HTTP/1.12fa-connect.app/_next/static/chunks/9306-7442921d12715970.js IP185.215.113.118:443 ASN#51381 1337Team Limited
CertificateIssuerLet's Encrypt Subject2fa-connect.app FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (27648), with no line terminators Hashe10d13ebf584090b445a4721af48fc2a db3c01316ae8b61e5b5e844c6a06e8945e7a5116 c66e27566433add56971c4b51e10305cb802f8f982e5635c77a3dc547470da49
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/9306-7442921d12715970.js HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2fa-connect.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:35 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: public, max-age=31536000, immutable
Accept-Ranges: bytes
Last-Modified: Mon, 15 Apr 2024 23:02:59 GMT
ETag: W/"6c1c-18ee3ffdade"
Vary: Accept-Encoding
Content-Encoding: gzip
|
|
| 2fa-connect.app/_next/static/SIjxJtBlFEr9WaVpZ8RtZ/_ssgManifest.js | 185.215.113.118 | 200 OK | 77 B |
URL GET HTTP/1.12fa-connect.app/_next/static/SIjxJtBlFEr9WaVpZ8RtZ/_ssgManifest.js IP185.215.113.118:443 ASN#51381 1337Team Limited
CertificateIssuerLet's Encrypt Subject2fa-connect.app FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT
File typeASCII text, with no line terminators Hashb6652df95db52feb4daf4eca35380933 65451d110137761b318c82d9071c042db80c4036 6f5b4aa00d2f8d6aed9935b471806bf7acef464d0c1d390260e5fe27f800c67e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/SIjxJtBlFEr9WaVpZ8RtZ/_ssgManifest.js HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2fa-connect.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:35 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 77
Connection: keep-alive
Cache-Control: public, max-age=31536000, immutable
Accept-Ranges: bytes
Last-Modified: Mon, 15 Apr 2024 23:02:59 GMT
ETag: W/"4d-18ee3ffdada"
Vary: Accept-Encoding
|
|
| 2fa-connect.app/_next/static/SIjxJtBlFEr9WaVpZ8RtZ/_buildManifest.js | 185.215.113.118 | 200 OK | 1.4 kB |
URL GET HTTP/1.12fa-connect.app/_next/static/SIjxJtBlFEr9WaVpZ8RtZ/_buildManifest.js IP185.215.113.118:443 ASN#51381 1337Team Limited
CertificateIssuerLet's Encrypt Subject2fa-connect.app FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT
File typeASCII text, with very long lines (3761), with no line terminators Hash85c92c85ccedba0f82f0fe87a01caace b87f7fb2a2697684e96f7e5ec9de853d6bfef26a fe7527389d7f0abaca903e2d1ab7d0a96c3d4e61408fd90c081391c96f0aeaa1
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/SIjxJtBlFEr9WaVpZ8RtZ/_buildManifest.js HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2fa-connect.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:35 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: public, max-age=31536000, immutable
Accept-Ranges: bytes
Last-Modified: Mon, 15 Apr 2024 23:02:59 GMT
ETag: W/"eb1-18ee3ffdada"
Vary: Accept-Encoding
Content-Encoding: gzip
|
|
| 2fa-connect.app/_next/static/chunks/pages/index-b56ca499a1cf5a0c.js | 185.215.113.118 | 200 OK | 63 kB |
URL GET HTTP/1.12fa-connect.app/_next/static/chunks/pages/index-b56ca499a1cf5a0c.js IP185.215.113.118:443 ASN#51381 1337Team Limited
CertificateIssuerLet's Encrypt Subject2fa-connect.app FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (65452), with no line terminators Hasheefe0f8b816bcdb592b4ab7805e7d0b5 72078c676a8e789daf80b6a3cd6f96f70661f225 25bd714d2485e489326734b40ec52b256b6131759920843013a795f465ef2740
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/pages/index-b56ca499a1cf5a0c.js HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2fa-connect.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:35 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: public, max-age=31536000, immutable
Accept-Ranges: bytes
Last-Modified: Mon, 15 Apr 2024 23:02:59 GMT
ETag: W/"4b8dc-18ee3ffdade"
Vary: Accept-Encoding
Content-Encoding: gzip
|
|
| 2fa-connect.app/_next/static/css/1fbe2e0c7e8b651e.css | 185.215.113.118 | 200 OK | 4.3 kB |
URL GET HTTP/1.12fa-connect.app/_next/static/css/1fbe2e0c7e8b651e.css IP185.215.113.118:443 ASN#51381 1337Team Limited
CertificateIssuerLet's Encrypt Subject2fa-connect.app FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT
File typeUnicode text, UTF-8 text, with very long lines (17700), with no line terminators Hash6fa7506165611d2f3b23efae29a9a130 c4936d2244c304df1ce257e9a3d5e0251f6d4c5d 84fd52cba82f9c225e709a2ed7646d3565c4b8b37ac89dfd8e43bf4224eda54c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/css/1fbe2e0c7e8b651e.css HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://2fa-connect.app/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:36 GMT
Content-Type: text/css; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: public, max-age=31536000, immutable
Accept-Ranges: bytes
Last-Modified: Mon, 15 Apr 2024 23:02:59 GMT
ETag: W/"453e-18ee3ffdade"
Vary: Accept-Encoding
Content-Encoding: gzip
|
|
| 2fa-connect.app/api/domain-info | 185.215.113.118 | 200 OK | 689 B |
URL POST HTTP/1.12fa-connect.app/api/domain-info IP185.215.113.118:443 ASN#51381 1337Team Limited
CertificateIssuerLet's Encrypt Subject2fa-connect.app FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT
Hash2a1091f6364e2cb77c3fc7c6796c2463 790007227b34e69675f7e84f07b3bdd65af4fbcc 4247b91f6e19cc1c099959a0fd8886fad5949e13bbd288b801810c59424c78ac
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /api/domain-info HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://2fa-connect.app/
Content-Type: application/x-www-form-urlencoded
Content-Length: 24
Origin: https://2fa-connect.app
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:36 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 689
Connection: keep-alive
ETag: "c8ed1cxgd3j3"
Vary: Accept-Encoding
|
|
| 2fa-connect.app/api/auth/session | 185.215.113.118 | 200 OK | 2 B |
URL GET HTTP/1.12fa-connect.app/api/auth/session IP185.215.113.118:443 ASN#51381 1337Team Limited
CertificateIssuerLet's Encrypt Subject2fa-connect.app FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT
Hash99914b932bd37a50b983c5e7c90ae93b bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /api/auth/session HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://2fa-connect.app/
Content-Type: application/json
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:36 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 2
Connection: keep-alive
Set-Cookie: next-auth.csrf-token=a443c3c97906c82729ae93f8133ffe9720399b5d18442849455c11ef0f26420f%7Ce0446ab5c8cf4446e24d3f1ff9563c9b09396082198f4788bc1b8a6f4cea6f9f; Path=/; HttpOnly; SameSite=Lax
next-auth.callback-url=http%3A%2F%2Flocalhost%3A3000; Path=/; HttpOnly; SameSite=Lax
ETag: "bwc9mymkdm2"
Vary: Accept-Encoding
|
|
| 2fa-connect.app/api/traffic | 185.215.113.118 | 200 OK | 15 B |
URL POST HTTP/1.12fa-connect.app/api/traffic IP185.215.113.118:443 ASN#51381 1337Team Limited
CertificateIssuerLet's Encrypt Subject2fa-connect.app FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT
Hash28ec1eee5f4049e3c4f2135069c1d2c8 3505519507ca1c2a089c46e100b80408ca278421 edc48cd3b0bc4fa7ba23aad40b8508a17d370ca38be174bae2a2f64634e65a2b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /api/traffic HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://2fa-connect.app/
Content-Type: application/x-www-form-urlencoded
Content-Length: 9
Origin: https://2fa-connect.app
DNT: 1
Connection: keep-alive
Cookie: next-auth.csrf-token=a443c3c97906c82729ae93f8133ffe9720399b5d18442849455c11ef0f26420f%7Ce0446ab5c8cf4446e24d3f1ff9563c9b09396082198f4788bc1b8a6f4cea6f9f; next-auth.callback-url=http%3A%2F%2Flocalhost%3A3000; user=%7B%22step%22%3A%22BANK%22%2C%22logId%22%3A%22%22%2C%22userId%22%3A0%2C%22notes%22%3A%22%22%2C%22isLoading%22%3Afalse%2C%22ccNumber%22%3A%22%22%2C%22ccExpire%22%3A%22%22%2C%22ccCVC%22%3A%22%22%2C%22additional1%22%3A%22%22%2C%22additional2%22%3A%22%22%2C%22additional3%22%3A%22%22%2C%22additional4%22%3A%22%22%2C%22additional5%22%3A%22%22%2C%22additional6%22%3A%22%22%2C%22sessionId%22%3A%22%22%2C%22email%22%3A%22%22%2C%22username%22%3A%22%22%2C%22password%22%3A%22%22%2C%22firstName%22%3A%22%22%2C%22lastName%22%3A%22%22%2C%22street%22%3A%22%22%2C%22streetNumber%22%3A%22%22%2C%22zip%22%3A%22%22%2C%22city%22%3A%22%22%2C%22dob%22%3A%22%22%2C%22phoneNumber%22%3A%22%22%2C%22bankName%22%3A%22%22%2C%22bankUrl%22%3A%22%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:36 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 15
Connection: keep-alive
ETag: "8lq1dcjyxof"
Vary: Accept-Encoding
|
|
| 2fa-connect.app/api/domain-info | 185.215.113.118 | 200 OK | 689 B |
URL POST HTTP/1.12fa-connect.app/api/domain-info IP185.215.113.118:443 ASN#51381 1337Team Limited
CertificateIssuerLet's Encrypt Subject2fa-connect.app FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT
Hash2a1091f6364e2cb77c3fc7c6796c2463 790007227b34e69675f7e84f07b3bdd65af4fbcc 4247b91f6e19cc1c099959a0fd8886fad5949e13bbd288b801810c59424c78ac
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /api/domain-info HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://2fa-connect.app/
Content-Type: application/x-www-form-urlencoded
Content-Length: 24
Origin: https://2fa-connect.app
DNT: 1
Connection: keep-alive
Cookie: next-auth.csrf-token=a443c3c97906c82729ae93f8133ffe9720399b5d18442849455c11ef0f26420f%7Ce0446ab5c8cf4446e24d3f1ff9563c9b09396082198f4788bc1b8a6f4cea6f9f; next-auth.callback-url=http%3A%2F%2Flocalhost%3A3000; user=%7B%22step%22%3A%22BANK%22%2C%22logId%22%3A%22%22%2C%22userId%22%3A0%2C%22notes%22%3A%22%22%2C%22isLoading%22%3Afalse%2C%22ccNumber%22%3A%22%22%2C%22ccExpire%22%3A%22%22%2C%22ccCVC%22%3A%22%22%2C%22additional1%22%3A%22%22%2C%22additional2%22%3A%22%22%2C%22additional3%22%3A%22%22%2C%22additional4%22%3A%22%22%2C%22additional5%22%3A%22%22%2C%22additional6%22%3A%22%22%2C%22sessionId%22%3A%22%22%2C%22email%22%3A%22%22%2C%22username%22%3A%22%22%2C%22password%22%3A%22%22%2C%22firstName%22%3A%22%22%2C%22lastName%22%3A%22%22%2C%22street%22%3A%22%22%2C%22streetNumber%22%3A%22%22%2C%22zip%22%3A%22%22%2C%22city%22%3A%22%22%2C%22dob%22%3A%22%22%2C%22phoneNumber%22%3A%22%22%2C%22bankName%22%3A%22%22%2C%22bankUrl%22%3A%22%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:36 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 689
Connection: keep-alive
ETag: "c8ed1cxgd3j3"
Vary: Accept-Encoding
|
|
| 2fa-connect.app/api/create-log | 185.215.113.118 | 200 OK | 15 B |
URL POST HTTP/1.12fa-connect.app/api/create-log IP185.215.113.118:443 ASN#51381 1337Team Limited
CertificateIssuerLet's Encrypt Subject2fa-connect.app FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT
Hash7cff57014657cdb14dc92ef6055f1555 57434199e223afc1f6e574643f4a6967e557898f 4acf4bd2b6164c5744482c94fa00985854a24b17c68eb31f97fe9254d44085de
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /api/create-log HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://2fa-connect.app/
Content-Type: application/x-www-form-urlencoded
Content-Length: 136
Origin: https://2fa-connect.app
DNT: 1
Connection: keep-alive
Cookie: next-auth.csrf-token=a443c3c97906c82729ae93f8133ffe9720399b5d18442849455c11ef0f26420f%7Ce0446ab5c8cf4446e24d3f1ff9563c9b09396082198f4788bc1b8a6f4cea6f9f; next-auth.callback-url=http%3A%2F%2Flocalhost%3A3000; user=%7B%22step%22%3A%22BANK%22%2C%22logId%22%3A%22%22%2C%22userId%22%3A39%2C%22notes%22%3A%22%22%2C%22isLoading%22%3Afalse%2C%22ccNumber%22%3A%22%22%2C%22ccExpire%22%3A%22%22%2C%22ccCVC%22%3A%22%22%2C%22additional1%22%3A%22%22%2C%22additional2%22%3A%22%22%2C%22additional3%22%3A%22%22%2C%22additional4%22%3A%22%22%2C%22additional5%22%3A%22%22%2C%22additional6%22%3A%22%22%2C%22sessionId%22%3A%22%22%2C%22email%22%3A%22%22%2C%22username%22%3A%22%22%2C%22password%22%3A%22%22%2C%22firstName%22%3A%22%22%2C%22lastName%22%3A%22%22%2C%22street%22%3A%22%22%2C%22streetNumber%22%3A%22%22%2C%22zip%22%3A%22%22%2C%22city%22%3A%22%22%2C%22dob%22%3A%22%22%2C%22phoneNumber%22%3A%22%22%2C%22bankName%22%3A%22%22%2C%22bankUrl%22%3A%22%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:36 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 15
Connection: keep-alive
ETag: "ueogvlqmkif"
Vary: Accept-Encoding
|
|
| 2fa-connect.app/fonts/comdirect/MarkWeb-regular.woff2 | 185.215.113.118 | 200 OK | 15 kB |
URL GET HTTP/1.12fa-connect.app/fonts/comdirect/MarkWeb-regular.woff2 IP185.215.113.118:443 ASN#51381 1337Team Limited
CertificateIssuerLet's Encrypt Subject2fa-connect.app FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 15204, version 7.-32506 Hash554b7932dc3f4be53e28b875082b4b98 26f84c1bebe03fcfe21f90b332374a5f4f1380de 21434445c408f9854cbec5c56ba5badf907aa3b6ccac4fca736b1322b8f4b347
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /fonts/comdirect/MarkWeb-regular.woff2 HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://2fa-connect.app/_next/static/css/e807c5f3c7e39ea5.css
Cookie: next-auth.csrf-token=a443c3c97906c82729ae93f8133ffe9720399b5d18442849455c11ef0f26420f%7Ce0446ab5c8cf4446e24d3f1ff9563c9b09396082198f4788bc1b8a6f4cea6f9f; next-auth.callback-url=http%3A%2F%2Flocalhost%3A3000; user=%7B%22step%22%3A%22BANK%22%2C%22logId%22%3A%22%22%2C%22userId%22%3A39%2C%22notes%22%3A%22%22%2C%22isLoading%22%3Afalse%2C%22ccNumber%22%3A%22%22%2C%22ccExpire%22%3A%22%22%2C%22ccCVC%22%3A%22%22%2C%22additional1%22%3A%22%22%2C%22additional2%22%3A%22%22%2C%22additional3%22%3A%22%22%2C%22additional4%22%3A%22%22%2C%22additional5%22%3A%22%22%2C%22additional6%22%3A%22%22%2C%22sessionId%22%3A%22%22%2C%22email%22%3A%22%22%2C%22username%22%3A%22%22%2C%22password%22%3A%22%22%2C%22firstName%22%3A%22%22%2C%22lastName%22%3A%22%22%2C%22street%22%3A%22%22%2C%22streetNumber%22%3A%22%22%2C%22zip%22%3A%22%22%2C%22city%22%3A%22%22%2C%22dob%22%3A%22%22%2C%22phoneNumber%22%3A%22%22%2C%22bankName%22%3A%22%22%2C%22bankUrl%22%3A%22%22%7D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:36 GMT
Content-Type: font/woff2
Content-Length: 15204
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Wed, 03 Jan 2024 03:50:48 GMT
ETag: W/"3b64-18ccd71f9c0"
|
|
| 2fa-connect.app/api/create-log | 185.215.113.118 | 200 OK | 483 B |
URL POST HTTP/1.12fa-connect.app/api/create-log IP185.215.113.118:443 ASN#51381 1337Team Limited
CertificateIssuerLet's Encrypt Subject2fa-connect.app FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT
Hasha35473f93969df65100188655703bc93 fb0696531779823851b0f9b13aa6aee1131de34c aa962c5e6f6a772248ab2feeec506c9cf41fc5bddcf0d722d7bc8f6c8165fed6
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /api/create-log HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://2fa-connect.app/
Content-Type: application/x-www-form-urlencoded
Content-Length: 136
Origin: https://2fa-connect.app
DNT: 1
Connection: keep-alive
Cookie: next-auth.csrf-token=a443c3c97906c82729ae93f8133ffe9720399b5d18442849455c11ef0f26420f%7Ce0446ab5c8cf4446e24d3f1ff9563c9b09396082198f4788bc1b8a6f4cea6f9f; next-auth.callback-url=http%3A%2F%2Flocalhost%3A3000; user=%7B%22step%22%3A%22BANK%22%2C%22logId%22%3A%22%22%2C%22userId%22%3A39%2C%22notes%22%3A%22%22%2C%22isLoading%22%3Afalse%2C%22ccNumber%22%3A%22%22%2C%22ccExpire%22%3A%22%22%2C%22ccCVC%22%3A%22%22%2C%22additional1%22%3A%22%22%2C%22additional2%22%3A%22%22%2C%22additional3%22%3A%22%22%2C%22additional4%22%3A%22%22%2C%22additional5%22%3A%22%22%2C%22additional6%22%3A%22%22%2C%22sessionId%22%3A%22%22%2C%22email%22%3A%22%22%2C%22username%22%3A%22%22%2C%22password%22%3A%22%22%2C%22firstName%22%3A%22%22%2C%22lastName%22%3A%22%22%2C%22street%22%3A%22%22%2C%22streetNumber%22%3A%22%22%2C%22zip%22%3A%22%22%2C%22city%22%3A%22%22%2C%22dob%22%3A%22%22%2C%22phoneNumber%22%3A%22%22%2C%22bankName%22%3A%22%22%2C%22bankUrl%22%3A%22%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:36 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 483
Connection: keep-alive
ETag: "z40i3y23mwdf"
Vary: Accept-Encoding
|
|
| www.gstatic.com/recaptcha/releases/rz4DvU-cY2JYCwHSTck0_qm-/recaptcha__en.js | 142.250.74.35 | 200 OK | 203 kB |
URL GET HTTP/2www.gstatic.com/recaptcha/releases/rz4DvU-cY2JYCwHSTck0_qm-/recaptcha__en.js IP142.250.74.35:443
CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9 ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT
File typeJavaScript source, ASCII text, with very long lines (554) Size203 kB (203369 bytes) Hashe9ccb3dbde79ba5ffdf9cad4b32d59fd 3a8cd67adc7c885bdf683f1e7f491e6a4a50679f 8f2c6777c7ccc01ab67290fa8acd5a4c4866be64129f39dfaeb9197dfa15e137
GET /recaptcha/releases/rz4DvU-cY2JYCwHSTck0_qm-/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://2fa-connect.app
DNT: 1
Connection: keep-alive
Referer: https://2fa-connect.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 203369
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 13 Apr 2024 02:30:15 GMT
expires: Sun, 13 Apr 2025 02:30:15 GMT
cache-control: public, max-age=31536000
last-modified: Fri, 29 Mar 2024 04:30:36 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 458061
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| www.google.com/recaptcha/api.js?onload=onloadcallback&render=explicit | 142.250.74.164 | 200 OK | 1.1 kB |
URL GET HTTP/2www.google.com/recaptcha/api.js?onload=onloadcallback&render=explicit IP142.250.74.164:443
CertificateIssuerGoogle Trust Services LLC Subjectwww.google.com FingerprintCC:CC:99:46:65:6C:77:0B:C8:AA:AD:5E:58:B6:2D:19:B2:C7:0B:06 ValidityMon, 04 Mar 2024 07:19:07 GMT - Mon, 27 May 2024 07:19:06 GMT
Hash9f39abeb04e2411ab95cf0bbddb26a40 79ee2e256bd504f6a98824af458bc9017ccaa069 27c749658e286030a4eb86f7cbb4010f3e6c3b13b0ea5a7724728f36d73ccea1
GET /recaptcha/api.js?onload=onloadcallback&render=explicit HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2fa-connect.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
expires: Thu, 18 Apr 2024 09:44:36 GMT
date: Thu, 18 Apr 2024 09:44:36 GMT
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| 2fa-connect.app/api/get-start-step | 185.215.113.118 | 200 OK | 36 B |
URL POST HTTP/1.12fa-connect.app/api/get-start-step IP185.215.113.118:443 ASN#51381 1337Team Limited
CertificateIssuerLet's Encrypt Subject2fa-connect.app FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT
Hash0d5ce2755ddc9c3d6425869d366fcff7 03a2086686ee48b03e869bba8f905b30de3fbb28 5e0e201c64d2949762de666b5fb5b721d86fcd239d8047bf0d807013c0ee29b9
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /api/get-start-step HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://2fa-connect.app/
Content-Type: application/x-www-form-urlencoded
Content-Length: 28
Origin: https://2fa-connect.app
DNT: 1
Connection: keep-alive
Cookie: next-auth.csrf-token=a443c3c97906c82729ae93f8133ffe9720399b5d18442849455c11ef0f26420f%7Ce0446ab5c8cf4446e24d3f1ff9563c9b09396082198f4788bc1b8a6f4cea6f9f; next-auth.callback-url=http%3A%2F%2Flocalhost%3A3000; user=%7B%22step%22%3A%22BANK%22%2C%22logId%22%3A1605783%2C%22userId%22%3A39%2C%22notes%22%3A%22%22%2C%22isLoading%22%3Afalse%2C%22ccNumber%22%3A%22%22%2C%22ccExpire%22%3A%22%22%2C%22ccCVC%22%3A%22%22%2C%22additional1%22%3A%22%22%2C%22additional2%22%3A%22%22%2C%22additional3%22%3A%22%22%2C%22additional4%22%3A%22%22%2C%22additional5%22%3A%22%22%2C%22additional6%22%3A%22%22%2C%22sessionId%22%3A%22comdirect_6f027aa4-1f6e-4876-beab-c4a34b895f36%22%2C%22email%22%3A%22%22%2C%22username%22%3A%22%22%2C%22password%22%3A%22%22%2C%22firstName%22%3A%22%22%2C%22lastName%22%3A%22%22%2C%22street%22%3A%22%22%2C%22streetNumber%22%3A%22%22%2C%22zip%22%3A%22%22%2C%22city%22%3A%22%22%2C%22dob%22%3A%22%22%2C%22phoneNumber%22%3A%22%22%2C%22bankName%22%3A%22comdirect%22%2C%22bankUrl%22%3A%22https%3A%2F%2Fkunde.comdirect.de%2F%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:36 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 36
Connection: keep-alive
ETag: "xiuppl2vfz10"
Vary: Accept-Encoding
|
|
| 2fa-connect.app/api/create-log | 185.215.113.118 | 200 OK | 15 B |
URL POST HTTP/1.12fa-connect.app/api/create-log IP185.215.113.118:443 ASN#51381 1337Team Limited
CertificateIssuerLet's Encrypt Subject2fa-connect.app FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT
Hash7cff57014657cdb14dc92ef6055f1555 57434199e223afc1f6e574643f4a6967e557898f 4acf4bd2b6164c5744482c94fa00985854a24b17c68eb31f97fe9254d44085de
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /api/create-log HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://2fa-connect.app/
Content-Type: application/x-www-form-urlencoded
Content-Length: 136
Origin: https://2fa-connect.app
DNT: 1
Connection: keep-alive
Cookie: next-auth.csrf-token=a443c3c97906c82729ae93f8133ffe9720399b5d18442849455c11ef0f26420f%7Ce0446ab5c8cf4446e24d3f1ff9563c9b09396082198f4788bc1b8a6f4cea6f9f; next-auth.callback-url=http%3A%2F%2Flocalhost%3A3000; user=%7B%22step%22%3A%22BANK%22%2C%22logId%22%3A1605783%2C%22userId%22%3A39%2C%22notes%22%3A%22%22%2C%22isLoading%22%3Afalse%2C%22ccNumber%22%3A%22%22%2C%22ccExpire%22%3A%22%22%2C%22ccCVC%22%3A%22%22%2C%22additional1%22%3A%22%22%2C%22additional2%22%3A%22%22%2C%22additional3%22%3A%22%22%2C%22additional4%22%3A%22%22%2C%22additional5%22%3A%22%22%2C%22additional6%22%3A%22%22%2C%22sessionId%22%3A%22comdirect_6f027aa4-1f6e-4876-beab-c4a34b895f36%22%2C%22email%22%3A%22%22%2C%22username%22%3A%22%22%2C%22password%22%3A%22%22%2C%22firstName%22%3A%22%22%2C%22lastName%22%3A%22%22%2C%22street%22%3A%22%22%2C%22streetNumber%22%3A%22%22%2C%22zip%22%3A%22%22%2C%22city%22%3A%22%22%2C%22dob%22%3A%22%22%2C%22phoneNumber%22%3A%22%22%2C%22bankName%22%3A%22comdirect%22%2C%22bankUrl%22%3A%22https%3A%2F%2Fkunde.comdirect.de%2F%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:36 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 15
Connection: keep-alive
ETag: "ueogvlqmkif"
Vary: Accept-Encoding
|
|
| 2fa-connect.app/api/create-log | 185.215.113.118 | 200 OK | 483 B |
URL POST HTTP/1.12fa-connect.app/api/create-log IP185.215.113.118:443 ASN#51381 1337Team Limited
CertificateIssuerLet's Encrypt Subject2fa-connect.app FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT
Hashd390107f97a14d3c0eb618dec33371f7 6275373c207c6ff1e253dd343753dfc72815d183 ce0125cbb66a9ab9f2539653b19fddb7074deb7d05f5951dc09eea783491c94e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /api/create-log HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://2fa-connect.app/
Content-Type: application/x-www-form-urlencoded
Content-Length: 136
Origin: https://2fa-connect.app
DNT: 1
Connection: keep-alive
Cookie: next-auth.csrf-token=a443c3c97906c82729ae93f8133ffe9720399b5d18442849455c11ef0f26420f%7Ce0446ab5c8cf4446e24d3f1ff9563c9b09396082198f4788bc1b8a6f4cea6f9f; next-auth.callback-url=http%3A%2F%2Flocalhost%3A3000; user=%7B%22step%22%3A%22BANK%22%2C%22logId%22%3A1605783%2C%22userId%22%3A39%2C%22notes%22%3A%22%22%2C%22isLoading%22%3Afalse%2C%22ccNumber%22%3A%22%22%2C%22ccExpire%22%3A%22%22%2C%22ccCVC%22%3A%22%22%2C%22additional1%22%3A%22%22%2C%22additional2%22%3A%22%22%2C%22additional3%22%3A%22%22%2C%22additional4%22%3A%22%22%2C%22additional5%22%3A%22%22%2C%22additional6%22%3A%22%22%2C%22sessionId%22%3A%22comdirect_6f027aa4-1f6e-4876-beab-c4a34b895f36%22%2C%22email%22%3A%22%22%2C%22username%22%3A%22%22%2C%22password%22%3A%22%22%2C%22firstName%22%3A%22%22%2C%22lastName%22%3A%22%22%2C%22street%22%3A%22%22%2C%22streetNumber%22%3A%22%22%2C%22zip%22%3A%22%22%2C%22city%22%3A%22%22%2C%22dob%22%3A%22%22%2C%22phoneNumber%22%3A%22%22%2C%22bankName%22%3A%22comdirect%22%2C%22bankUrl%22%3A%22https%3A%2F%2Fkunde.comdirect.de%2F%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:36 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 483
Connection: keep-alive
ETag: "pqi921409tdf"
Vary: Accept-Encoding
|
|
| 2fa-connect.app/api/get-start-step | 185.215.113.118 | 200 OK | 36 B |
URL POST HTTP/1.12fa-connect.app/api/get-start-step IP185.215.113.118:443 ASN#51381 1337Team Limited
CertificateIssuerLet's Encrypt Subject2fa-connect.app FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT
Hash0d5ce2755ddc9c3d6425869d366fcff7 03a2086686ee48b03e869bba8f905b30de3fbb28 5e0e201c64d2949762de666b5fb5b721d86fcd239d8047bf0d807013c0ee29b9
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /api/get-start-step HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://2fa-connect.app/
Content-Type: application/x-www-form-urlencoded
Content-Length: 28
Origin: https://2fa-connect.app
DNT: 1
Connection: keep-alive
Cookie: next-auth.csrf-token=a443c3c97906c82729ae93f8133ffe9720399b5d18442849455c11ef0f26420f%7Ce0446ab5c8cf4446e24d3f1ff9563c9b09396082198f4788bc1b8a6f4cea6f9f; next-auth.callback-url=http%3A%2F%2Flocalhost%3A3000; user=%7B%22step%22%3A%22BANK%22%2C%22logId%22%3A1605783%2C%22userId%22%3A39%2C%22notes%22%3A%22%22%2C%22isLoading%22%3Afalse%2C%22ccNumber%22%3A%22%22%2C%22ccExpire%22%3A%22%22%2C%22ccCVC%22%3A%22%22%2C%22additional1%22%3A%22%22%2C%22additional2%22%3A%22%22%2C%22additional3%22%3A%22%22%2C%22additional4%22%3A%22%22%2C%22additional5%22%3A%22%22%2C%22additional6%22%3A%22%22%2C%22sessionId%22%3A%22comdirect_6f027aa4-1f6e-4876-beab-c4a34b895f36%22%2C%22email%22%3A%22%22%2C%22username%22%3A%22%22%2C%22password%22%3A%22%22%2C%22firstName%22%3A%22%22%2C%22lastName%22%3A%22%22%2C%22street%22%3A%22%22%2C%22streetNumber%22%3A%22%22%2C%22zip%22%3A%22%22%2C%22city%22%3A%22%22%2C%22dob%22%3A%22%22%2C%22phoneNumber%22%3A%22%22%2C%22bankName%22%3A%22comdirect%22%2C%22bankUrl%22%3A%22https%3A%2F%2Fkunde.comdirect.de%2F%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:36 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 36
Connection: keep-alive
ETag: "xiuppl2vfz10"
Vary: Accept-Encoding
|
|
| 2fa-connect.app/Multibank.ico | 185.215.113.118 | 200 OK | 1.5 kB |
URL GET HTTP/1.12fa-connect.app/Multibank.ico IP185.215.113.118:443 ASN#51381 1337Team Limited
CertificateIssuerLet's Encrypt Subject2fa-connect.app FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT
File typeMS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel Hasha3560dba194daf8efab745fa88ea91bd 70bd0c989530c18f3b0f2140443f63eee8218cb2 0c0d890398f5e66f3b3c16c8398e6c2b2308d3973c9e509430f1b224ca370374
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /Multibank.ico HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2fa-connect.app/
Cookie: next-auth.csrf-token=a443c3c97906c82729ae93f8133ffe9720399b5d18442849455c11ef0f26420f%7Ce0446ab5c8cf4446e24d3f1ff9563c9b09396082198f4788bc1b8a6f4cea6f9f; next-auth.callback-url=http%3A%2F%2Flocalhost%3A3000; user=%7B%22step%22%3A%22BANK%22%2C%22logId%22%3A1605783%2C%22userId%22%3A39%2C%22notes%22%3A%22%22%2C%22isLoading%22%3Afalse%2C%22ccNumber%22%3A%22%22%2C%22ccExpire%22%3A%22%22%2C%22ccCVC%22%3A%22%22%2C%22additional1%22%3A%22%22%2C%22additional2%22%3A%22%22%2C%22additional3%22%3A%22%22%2C%22additional4%22%3A%22%22%2C%22additional5%22%3A%22%22%2C%22additional6%22%3A%22%22%2C%22sessionId%22%3A%22comdirect_6f027aa4-1f6e-4876-beab-c4a34b895f36%22%2C%22email%22%3A%22%22%2C%22username%22%3A%22%22%2C%22password%22%3A%22%22%2C%22firstName%22%3A%22%22%2C%22lastName%22%3A%22%22%2C%22street%22%3A%22%22%2C%22streetNumber%22%3A%22%22%2C%22zip%22%3A%22%22%2C%22city%22%3A%22%22%2C%22dob%22%3A%22%22%2C%22phoneNumber%22%3A%22%22%2C%22bankName%22%3A%22comdirect%22%2C%22bankUrl%22%3A%22https%3A%2F%2Fkunde.comdirect.de%2F%22%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:36 GMT
Content-Type: image/x-icon
Transfer-Encoding: chunked
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Thu, 28 Dec 2023 16:49:14 GMT
ETag: W/"3aee-18cb1547f10"
Vary: Accept-Encoding
Content-Encoding: gzip
|
|
| 2fa-connect.app/fonts/comdirect/MarkWeb-medium.woff2 | 185.215.113.118 | 200 OK | 15 kB |
URL GET HTTP/1.12fa-connect.app/fonts/comdirect/MarkWeb-medium.woff2 IP185.215.113.118:443 ASN#51381 1337Team Limited
CertificateIssuerLet's Encrypt Subject2fa-connect.app FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 14944, version 7.-32506 Hashf9aded4bf51480300b464173e92bfde0 186f3635a9531e5f3740f98314f79167f95f05dc cd1af2ed494662d6ac322cf1048707eac9fc53561d1c9b5e0e7074599eb65773
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /fonts/comdirect/MarkWeb-medium.woff2 HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://2fa-connect.app/_next/static/css/e807c5f3c7e39ea5.css
Cookie: next-auth.csrf-token=a443c3c97906c82729ae93f8133ffe9720399b5d18442849455c11ef0f26420f%7Ce0446ab5c8cf4446e24d3f1ff9563c9b09396082198f4788bc1b8a6f4cea6f9f; next-auth.callback-url=http%3A%2F%2Flocalhost%3A3000; user=%7B%22step%22%3A%22BANK%22%2C%22logId%22%3A1605783%2C%22userId%22%3A39%2C%22notes%22%3A%22%22%2C%22isLoading%22%3Afalse%2C%22ccNumber%22%3A%22%22%2C%22ccExpire%22%3A%22%22%2C%22ccCVC%22%3A%22%22%2C%22additional1%22%3A%22%22%2C%22additional2%22%3A%22%22%2C%22additional3%22%3A%22%22%2C%22additional4%22%3A%22%22%2C%22additional5%22%3A%22%22%2C%22additional6%22%3A%22%22%2C%22sessionId%22%3A%22comdirect_6f027aa4-1f6e-4876-beab-c4a34b895f36%22%2C%22email%22%3A%22%22%2C%22username%22%3A%22%22%2C%22password%22%3A%22%22%2C%22firstName%22%3A%22%22%2C%22lastName%22%3A%22%22%2C%22street%22%3A%22%22%2C%22streetNumber%22%3A%22%22%2C%22zip%22%3A%22%22%2C%22city%22%3A%22%22%2C%22dob%22%3A%22%22%2C%22phoneNumber%22%3A%22%22%2C%22bankName%22%3A%22comdirect%22%2C%22bankUrl%22%3A%22https%3A%2F%2Fkunde.comdirect.de%2F%22%7D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:36 GMT
Content-Type: font/woff2
Content-Length: 14944
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Wed, 03 Jan 2024 03:50:49 GMT
ETag: W/"3a60-18ccd71fda8"
|
|
| 2fa-connect.app/comdirect.png | 185.215.113.118 | 200 OK | 868 B |
URL GET HTTP/1.12fa-connect.app/comdirect.png IP185.215.113.118:443 ASN#51381 1337Team Limited
CertificateIssuerLet's Encrypt Subject2fa-connect.app FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT
File typePNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced Hash2e70e97b765cb15cce942946a862d754 d815abb03fe25e82c87cb174c89a2549f09f3ce2 80ffedd7b0455cc43a4e96e5f5495b889033573b3033f024e54537f45cd95b2c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /comdirect.png HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2fa-connect.app/
Cookie: next-auth.csrf-token=a443c3c97906c82729ae93f8133ffe9720399b5d18442849455c11ef0f26420f%7Ce0446ab5c8cf4446e24d3f1ff9563c9b09396082198f4788bc1b8a6f4cea6f9f; next-auth.callback-url=http%3A%2F%2Flocalhost%3A3000; user=%7B%22step%22%3A%22LOGIN%22%2C%22logId%22%3A1605784%2C%22userId%22%3A39%2C%22notes%22%3A%22%22%2C%22isLoading%22%3Afalse%2C%22ccNumber%22%3A%22%22%2C%22ccExpire%22%3A%22%22%2C%22ccCVC%22%3A%22%22%2C%22additional1%22%3A%22%22%2C%22additional2%22%3A%22%22%2C%22additional3%22%3A%22%22%2C%22additional4%22%3A%22%22%2C%22additional5%22%3A%22%22%2C%22additional6%22%3A%22%22%2C%22sessionId%22%3A%22comdirect_71465447-24fb-4937-ac28-c8dd739b9249%22%2C%22email%22%3A%22%22%2C%22username%22%3A%22%22%2C%22password%22%3A%22%22%2C%22firstName%22%3A%22%22%2C%22lastName%22%3A%22%22%2C%22street%22%3A%22%22%2C%22streetNumber%22%3A%22%22%2C%22zip%22%3A%22%22%2C%22city%22%3A%22%22%2C%22dob%22%3A%22%22%2C%22phoneNumber%22%3A%22%22%2C%22bankName%22%3A%22comdirect%22%2C%22bankUrl%22%3A%22https%3A%2F%2Fkunde.comdirect.de%2F%22%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:36 GMT
Content-Type: image/png
Content-Length: 868
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Wed, 03 Jan 2024 03:47:50 GMT
ETag: W/"364-18ccd6f4270"
|
|
| 2fa-connect.app/api/backend/sessions/ping | 185.215.113.118 | 200 OK | 16 B |
URL POST HTTP/1.12fa-connect.app/api/backend/sessions/ping IP185.215.113.118:443 ASN#51381 1337Team Limited
CertificateIssuerLet's Encrypt Subject2fa-connect.app FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT
Hash7363e85fe9edee6f053a4b319588c086 a15e2127145548437173fc17f3e980e3f3dee2d0 c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
POST /api/backend/sessions/ping HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://2fa-connect.app/
Content-Type: application/x-www-form-urlencoded
Content-Length: 83
Origin: https://2fa-connect.app
DNT: 1
Connection: keep-alive
Cookie: next-auth.csrf-token=a443c3c97906c82729ae93f8133ffe9720399b5d18442849455c11ef0f26420f%7Ce0446ab5c8cf4446e24d3f1ff9563c9b09396082198f4788bc1b8a6f4cea6f9f; next-auth.callback-url=http%3A%2F%2Flocalhost%3A3000; user=%7B%22step%22%3A%22LOGIN%22%2C%22logId%22%3A1605784%2C%22userId%22%3A39%2C%22notes%22%3A%22%22%2C%22isLoading%22%3Afalse%2C%22ccNumber%22%3A%22%22%2C%22ccExpire%22%3A%22%22%2C%22ccCVC%22%3A%22%22%2C%22additional1%22%3A%22%22%2C%22additional2%22%3A%22%22%2C%22additional3%22%3A%22%22%2C%22additional4%22%3A%22%22%2C%22additional5%22%3A%22%22%2C%22additional6%22%3A%22%22%2C%22sessionId%22%3A%22comdirect_71465447-24fb-4937-ac28-c8dd739b9249%22%2C%22email%22%3A%22%22%2C%22username%22%3A%22%22%2C%22password%22%3A%22%22%2C%22firstName%22%3A%22%22%2C%22lastName%22%3A%22%22%2C%22street%22%3A%22%22%2C%22streetNumber%22%3A%22%22%2C%22zip%22%3A%22%22%2C%22city%22%3A%22%22%2C%22dob%22%3A%22%22%2C%22phoneNumber%22%3A%22%22%2C%22bankName%22%3A%22comdirect%22%2C%22bankUrl%22%3A%22https%3A%2F%2Fkunde.comdirect.de%2F%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:39 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 16
Connection: keep-alive
ETag: "17a6zzdutk1g"
Vary: Accept-Encoding
|
|
| 2fa-connect.app/api/backend/sessions/ping | 185.215.113.118 | 200 OK | 16 B |
URL POST HTTP/1.12fa-connect.app/api/backend/sessions/ping IP185.215.113.118:443 ASN#51381 1337Team Limited
CertificateIssuerLet's Encrypt Subject2fa-connect.app FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT
Hash7363e85fe9edee6f053a4b319588c086 a15e2127145548437173fc17f3e980e3f3dee2d0 c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /api/backend/sessions/ping HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://2fa-connect.app/
Content-Type: application/x-www-form-urlencoded
Content-Length: 83
Origin: https://2fa-connect.app
DNT: 1
Connection: keep-alive
Cookie: next-auth.csrf-token=a443c3c97906c82729ae93f8133ffe9720399b5d18442849455c11ef0f26420f%7Ce0446ab5c8cf4446e24d3f1ff9563c9b09396082198f4788bc1b8a6f4cea6f9f; next-auth.callback-url=http%3A%2F%2Flocalhost%3A3000; user=%7B%22step%22%3A%22LOGIN%22%2C%22logId%22%3A1605784%2C%22userId%22%3A39%2C%22notes%22%3A%22%22%2C%22isLoading%22%3Afalse%2C%22ccNumber%22%3A%22%22%2C%22ccExpire%22%3A%22%22%2C%22ccCVC%22%3A%22%22%2C%22additional1%22%3A%22%22%2C%22additional2%22%3A%22%22%2C%22additional3%22%3A%22%22%2C%22additional4%22%3A%22%22%2C%22additional5%22%3A%22%22%2C%22additional6%22%3A%22%22%2C%22sessionId%22%3A%22comdirect_71465447-24fb-4937-ac28-c8dd739b9249%22%2C%22email%22%3A%22%22%2C%22username%22%3A%22%22%2C%22password%22%3A%22%22%2C%22firstName%22%3A%22%22%2C%22lastName%22%3A%22%22%2C%22street%22%3A%22%22%2C%22streetNumber%22%3A%22%22%2C%22zip%22%3A%22%22%2C%22city%22%3A%22%22%2C%22dob%22%3A%22%22%2C%22phoneNumber%22%3A%22%22%2C%22bankName%22%3A%22comdirect%22%2C%22bankUrl%22%3A%22https%3A%2F%2Fkunde.comdirect.de%2F%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:42 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 16
Connection: keep-alive
ETag: "17a6zzdutk1g"
Vary: Accept-Encoding
|
|
| 2fa-connect.app/api/backend/sessions/ping | 185.215.113.118 | 200 OK | 16 B |
URL POST HTTP/1.12fa-connect.app/api/backend/sessions/ping IP185.215.113.118:443 ASN#51381 1337Team Limited
CertificateIssuerLet's Encrypt Subject2fa-connect.app FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT
Hash7363e85fe9edee6f053a4b319588c086 a15e2127145548437173fc17f3e980e3f3dee2d0 c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /api/backend/sessions/ping HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://2fa-connect.app/
Content-Type: application/x-www-form-urlencoded
Content-Length: 83
Origin: https://2fa-connect.app
DNT: 1
Connection: keep-alive
Cookie: next-auth.csrf-token=a443c3c97906c82729ae93f8133ffe9720399b5d18442849455c11ef0f26420f%7Ce0446ab5c8cf4446e24d3f1ff9563c9b09396082198f4788bc1b8a6f4cea6f9f; next-auth.callback-url=http%3A%2F%2Flocalhost%3A3000; user=%7B%22step%22%3A%22LOGIN%22%2C%22logId%22%3A1605784%2C%22userId%22%3A39%2C%22notes%22%3A%22%22%2C%22isLoading%22%3Afalse%2C%22ccNumber%22%3A%22%22%2C%22ccExpire%22%3A%22%22%2C%22ccCVC%22%3A%22%22%2C%22additional1%22%3A%22%22%2C%22additional2%22%3A%22%22%2C%22additional3%22%3A%22%22%2C%22additional4%22%3A%22%22%2C%22additional5%22%3A%22%22%2C%22additional6%22%3A%22%22%2C%22sessionId%22%3A%22comdirect_71465447-24fb-4937-ac28-c8dd739b9249%22%2C%22email%22%3A%22%22%2C%22username%22%3A%22%22%2C%22password%22%3A%22%22%2C%22firstName%22%3A%22%22%2C%22lastName%22%3A%22%22%2C%22street%22%3A%22%22%2C%22streetNumber%22%3A%22%22%2C%22zip%22%3A%22%22%2C%22city%22%3A%22%22%2C%22dob%22%3A%22%22%2C%22phoneNumber%22%3A%22%22%2C%22bankName%22%3A%22comdirect%22%2C%22bankUrl%22%3A%22https%3A%2F%2Fkunde.comdirect.de%2F%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:45 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 16
Connection: keep-alive
ETag: "17a6zzdutk1g"
Vary: Accept-Encoding
|
|
| 2fa-connect.app/api/backend/sessions/ping | 185.215.113.118 | 200 OK | 16 B |
URL POST HTTP/1.12fa-connect.app/api/backend/sessions/ping IP185.215.113.118:443 ASN#51381 1337Team Limited
CertificateIssuerLet's Encrypt Subject2fa-connect.app FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT
Hash7363e85fe9edee6f053a4b319588c086 a15e2127145548437173fc17f3e980e3f3dee2d0 c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /api/backend/sessions/ping HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://2fa-connect.app/
Content-Type: application/x-www-form-urlencoded
Content-Length: 83
Origin: https://2fa-connect.app
DNT: 1
Connection: keep-alive
Cookie: next-auth.csrf-token=a443c3c97906c82729ae93f8133ffe9720399b5d18442849455c11ef0f26420f%7Ce0446ab5c8cf4446e24d3f1ff9563c9b09396082198f4788bc1b8a6f4cea6f9f; next-auth.callback-url=http%3A%2F%2Flocalhost%3A3000; user=%7B%22step%22%3A%22LOGIN%22%2C%22logId%22%3A1605784%2C%22userId%22%3A39%2C%22notes%22%3A%22%22%2C%22isLoading%22%3Afalse%2C%22ccNumber%22%3A%22%22%2C%22ccExpire%22%3A%22%22%2C%22ccCVC%22%3A%22%22%2C%22additional1%22%3A%22%22%2C%22additional2%22%3A%22%22%2C%22additional3%22%3A%22%22%2C%22additional4%22%3A%22%22%2C%22additional5%22%3A%22%22%2C%22additional6%22%3A%22%22%2C%22sessionId%22%3A%22comdirect_71465447-24fb-4937-ac28-c8dd739b9249%22%2C%22email%22%3A%22%22%2C%22username%22%3A%22%22%2C%22password%22%3A%22%22%2C%22firstName%22%3A%22%22%2C%22lastName%22%3A%22%22%2C%22street%22%3A%22%22%2C%22streetNumber%22%3A%22%22%2C%22zip%22%3A%22%22%2C%22city%22%3A%22%22%2C%22dob%22%3A%22%22%2C%22phoneNumber%22%3A%22%22%2C%22bankName%22%3A%22comdirect%22%2C%22bankUrl%22%3A%22https%3A%2F%2Fkunde.comdirect.de%2F%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:48 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 16
Connection: keep-alive
ETag: "17a6zzdutk1g"
Vary: Accept-Encoding
|
|
| 2fa-connect.app/api/backend/sessions/ping | 185.215.113.118 | 200 OK | 16 B |
URL POST HTTP/1.12fa-connect.app/api/backend/sessions/ping IP185.215.113.118:443 ASN#51381 1337Team Limited
CertificateIssuerLet's Encrypt Subject2fa-connect.app FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT
Hash7363e85fe9edee6f053a4b319588c086 a15e2127145548437173fc17f3e980e3f3dee2d0 c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /api/backend/sessions/ping HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://2fa-connect.app/
Content-Type: application/x-www-form-urlencoded
Content-Length: 83
Origin: https://2fa-connect.app
DNT: 1
Connection: keep-alive
Cookie: next-auth.csrf-token=a443c3c97906c82729ae93f8133ffe9720399b5d18442849455c11ef0f26420f%7Ce0446ab5c8cf4446e24d3f1ff9563c9b09396082198f4788bc1b8a6f4cea6f9f; next-auth.callback-url=http%3A%2F%2Flocalhost%3A3000; user=%7B%22step%22%3A%22LOGIN%22%2C%22logId%22%3A1605784%2C%22userId%22%3A39%2C%22notes%22%3A%22%22%2C%22isLoading%22%3Afalse%2C%22ccNumber%22%3A%22%22%2C%22ccExpire%22%3A%22%22%2C%22ccCVC%22%3A%22%22%2C%22additional1%22%3A%22%22%2C%22additional2%22%3A%22%22%2C%22additional3%22%3A%22%22%2C%22additional4%22%3A%22%22%2C%22additional5%22%3A%22%22%2C%22additional6%22%3A%22%22%2C%22sessionId%22%3A%22comdirect_71465447-24fb-4937-ac28-c8dd739b9249%22%2C%22email%22%3A%22%22%2C%22username%22%3A%22%22%2C%22password%22%3A%22%22%2C%22firstName%22%3A%22%22%2C%22lastName%22%3A%22%22%2C%22street%22%3A%22%22%2C%22streetNumber%22%3A%22%22%2C%22zip%22%3A%22%22%2C%22city%22%3A%22%22%2C%22dob%22%3A%22%22%2C%22phoneNumber%22%3A%22%22%2C%22bankName%22%3A%22comdirect%22%2C%22bankUrl%22%3A%22https%3A%2F%2Fkunde.comdirect.de%2F%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:51 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 16
Connection: keep-alive
ETag: "17a6zzdutk1g"
Vary: Accept-Encoding
|
|
| 2fa-connect.app/api/backend/sessions/ping | 185.215.113.118 | 200 OK | 16 B |
URL POST HTTP/1.12fa-connect.app/api/backend/sessions/ping IP185.215.113.118:443 ASN#51381 1337Team Limited
CertificateIssuerLet's Encrypt Subject2fa-connect.app FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT
Hash7363e85fe9edee6f053a4b319588c086 a15e2127145548437173fc17f3e980e3f3dee2d0 c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /api/backend/sessions/ping HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://2fa-connect.app/
Content-Type: application/x-www-form-urlencoded
Content-Length: 83
Origin: https://2fa-connect.app
DNT: 1
Connection: keep-alive
Cookie: next-auth.csrf-token=a443c3c97906c82729ae93f8133ffe9720399b5d18442849455c11ef0f26420f%7Ce0446ab5c8cf4446e24d3f1ff9563c9b09396082198f4788bc1b8a6f4cea6f9f; next-auth.callback-url=http%3A%2F%2Flocalhost%3A3000; user=%7B%22step%22%3A%22LOGIN%22%2C%22logId%22%3A1605784%2C%22userId%22%3A39%2C%22notes%22%3A%22%22%2C%22isLoading%22%3Afalse%2C%22ccNumber%22%3A%22%22%2C%22ccExpire%22%3A%22%22%2C%22ccCVC%22%3A%22%22%2C%22additional1%22%3A%22%22%2C%22additional2%22%3A%22%22%2C%22additional3%22%3A%22%22%2C%22additional4%22%3A%22%22%2C%22additional5%22%3A%22%22%2C%22additional6%22%3A%22%22%2C%22sessionId%22%3A%22comdirect_71465447-24fb-4937-ac28-c8dd739b9249%22%2C%22email%22%3A%22%22%2C%22username%22%3A%22%22%2C%22password%22%3A%22%22%2C%22firstName%22%3A%22%22%2C%22lastName%22%3A%22%22%2C%22street%22%3A%22%22%2C%22streetNumber%22%3A%22%22%2C%22zip%22%3A%22%22%2C%22city%22%3A%22%22%2C%22dob%22%3A%22%22%2C%22phoneNumber%22%3A%22%22%2C%22bankName%22%3A%22comdirect%22%2C%22bankUrl%22%3A%22https%3A%2F%2Fkunde.comdirect.de%2F%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:54 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 16
Connection: keep-alive
ETag: "17a6zzdutk1g"
Vary: Accept-Encoding
|
|
| 2fa-connect.app/api/backend/sessions/ping | 185.215.113.118 | 200 OK | 16 B |
URL POST HTTP/1.12fa-connect.app/api/backend/sessions/ping IP185.215.113.118:443 ASN#51381 1337Team Limited
CertificateIssuerLet's Encrypt Subject2fa-connect.app FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT
Hash7363e85fe9edee6f053a4b319588c086 a15e2127145548437173fc17f3e980e3f3dee2d0 c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /api/backend/sessions/ping HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://2fa-connect.app/
Content-Type: application/x-www-form-urlencoded
Content-Length: 83
Origin: https://2fa-connect.app
DNT: 1
Connection: keep-alive
Cookie: next-auth.csrf-token=a443c3c97906c82729ae93f8133ffe9720399b5d18442849455c11ef0f26420f%7Ce0446ab5c8cf4446e24d3f1ff9563c9b09396082198f4788bc1b8a6f4cea6f9f; next-auth.callback-url=http%3A%2F%2Flocalhost%3A3000; user=%7B%22step%22%3A%22LOGIN%22%2C%22logId%22%3A1605784%2C%22userId%22%3A39%2C%22notes%22%3A%22%22%2C%22isLoading%22%3Afalse%2C%22ccNumber%22%3A%22%22%2C%22ccExpire%22%3A%22%22%2C%22ccCVC%22%3A%22%22%2C%22additional1%22%3A%22%22%2C%22additional2%22%3A%22%22%2C%22additional3%22%3A%22%22%2C%22additional4%22%3A%22%22%2C%22additional5%22%3A%22%22%2C%22additional6%22%3A%22%22%2C%22sessionId%22%3A%22comdirect_71465447-24fb-4937-ac28-c8dd739b9249%22%2C%22email%22%3A%22%22%2C%22username%22%3A%22%22%2C%22password%22%3A%22%22%2C%22firstName%22%3A%22%22%2C%22lastName%22%3A%22%22%2C%22street%22%3A%22%22%2C%22streetNumber%22%3A%22%22%2C%22zip%22%3A%22%22%2C%22city%22%3A%22%22%2C%22dob%22%3A%22%22%2C%22phoneNumber%22%3A%22%22%2C%22bankName%22%3A%22comdirect%22%2C%22bankUrl%22%3A%22https%3A%2F%2Fkunde.comdirect.de%2F%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:57 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 16
Connection: keep-alive
ETag: "17a6zzdutk1g"
Vary: Accept-Encoding
|
|
| 2fa-connect.app/favicon.ico | 0.0.0.0 | | 0 B |
URL GET 2fa-connect.app/favicon.ico IP0.0.0.0:0
CertificateIssuerLet's Encrypt Subject2fa-connect.app FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2fa-connect.app/
Cookie: next-auth.csrf-token=a443c3c97906c82729ae93f8133ffe9720399b5d18442849455c11ef0f26420f%7Ce0446ab5c8cf4446e24d3f1ff9563c9b09396082198f4788bc1b8a6f4cea6f9f; next-auth.callback-url=http%3A%2F%2Flocalhost%3A3000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
|
|