Report - 2fa-connect.app/

Report Overview

Submitted URL
2fa-connect.app/
IP
185.215.113.118
ASN
#51381 1337Team Limited
Submitted
2024-04-18 09:45:01
Access
public
Website Title
comdirect Login - Ihr Online Banking & Brokerage | comdirect.de
Final URL
2fa-connect.app/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
1
Threat Detection Systems
96

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
2fa-connect.app	unknown	unknown	No data	No data	42 kB	452 kB	185.215.113.118
www.gstatic.com	unknown	2008-02-11	2016-07-26	2024-04-17	480 B	204 kB	142.250.74.35
www.google.com	7	1997-09-15	2015-05-10	2024-03-23	443 B	1.5 kB	142.250.74.164

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-04-18 09:44:34	medium	185.215.113.118	Client IP	ET DROP Spamhaus DROP Listed Traffic Inbound group 32

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-18	medium	2fa-connect.app	Sinkholed
2024-04-18	medium	2fa-connect.app	Sinkholed
2024-04-18	medium	2fa-connect.app	Sinkholed
2024-04-18	medium	2fa-connect.app	Sinkholed
2024-04-18	medium	2fa-connect.app	Sinkholed
2024-04-18	medium	2fa-connect.app	Sinkholed
2024-04-18	medium	2fa-connect.app	Sinkholed
2024-04-18	medium	2fa-connect.app	Sinkholed
2024-04-18	medium	2fa-connect.app	Sinkholed
2024-04-18	medium	2fa-connect.app	Sinkholed
2024-04-18	medium	2fa-connect.app	Sinkholed
2024-04-18	medium	2fa-connect.app	Sinkholed
2024-04-18	medium	2fa-connect.app	Sinkholed
2024-04-18	medium	2fa-connect.app	Sinkholed
2024-04-18	medium	2fa-connect.app	Sinkholed
2024-04-18	medium	2fa-connect.app	Sinkholed
2024-04-18	medium	2fa-connect.app	Sinkholed
2024-04-18	medium	2fa-connect.app	Sinkholed
2024-04-18	medium	2fa-connect.app	Sinkholed
2024-04-18	medium	2fa-connect.app	Sinkholed
2024-04-18	medium	2fa-connect.app	Sinkholed
2024-04-18	medium	2fa-connect.app	Sinkholed
2024-04-18	medium	2fa-connect.app	Sinkholed
2024-04-18	medium	2fa-connect.app	Sinkholed
2024-04-18	medium	2fa-connect.app	Sinkholed
2024-04-18	medium	2fa-connect.app	Sinkholed
2024-04-18	medium	2fa-connect.app	Sinkholed
2024-04-18	medium	2fa-connect.app	Sinkholed
2024-04-18	medium	2fa-connect.app	Sinkholed
2024-04-18	medium	2fa-connect.app	Sinkholed
2024-04-18	medium	2fa-connect.app	Sinkholed
2024-04-18	medium	2fa-connect.app	Sinkholed
2024-04-18	medium	2fa-connect.app	Sinkholed
2024-04-18	medium	2fa-connect.app	Sinkholed
2024-04-18	medium	2fa-connect.app	Sinkholed
2024-04-18	medium	2fa-connect.app	Sinkholed
2024-04-18	medium	2fa-connect.app	Sinkholed
2024-04-18	medium	2fa-connect.app	Sinkholed
2024-04-18	medium	2fa-connect.app	Sinkholed
2024-04-18	medium	2fa-connect.app	Sinkholed
2024-04-18	medium	2fa-connect.app	Sinkholed
2024-04-18	medium	2fa-connect.app	Sinkholed
2024-04-18	medium	2fa-connect.app	Sinkholed
2024-04-18	medium	2fa-connect.app	Sinkholed
2024-04-18	medium	2fa-connect.app	Sinkholed
2024-04-18	medium	2fa-connect.app	Sinkholed
2024-04-18	medium	2fa-connect.app	Sinkholed
2024-04-18	medium	2fa-connect.app	Sinkholed

ThreatFox

No alerts detected

JavaScript (25)

	URL	Size	First Seen	Last Seen
	2fa-connect.app/_next/static/chunks/main-5cdcbd6d49f31693.js	115 kB	2024-03-26	2024-04-20
Pretty URL 2fa-connect.app/_next/static/chunks/main-5cdcbd6d49f31693.js IP 185.215.113.118 ASN #51381 1337Team Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-26 05:23:57 Last Seen2024-04-20 18:43:08 Times Seen42 Hash 67a5f43e27387e109798e51e202f1fbf 35779062b631d8191ddd1074a64e7acff545fb04 bbd4ef3d1bd496891e8aacba12eae63711c3c8c807138d1a973490964d1828e1 Loading...

	2fa-connect.app/_next/static/chunks/252f366e-a5a6f702cd6dba34.js	2.1 kB	2024-03-26	2024-04-20
Pretty URL 2fa-connect.app/_next/static/chunks/252f366e-a5a6f702cd6dba34.js IP 185.215.113.118 ASN #51381 1337Team Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-26 05:23:57 Last Seen2024-04-20 18:43:08 Times Seen37 Hash ab688fe4776686dd7e67f82c89f05519 9d8d4832794706723a383775c3ae02f676ded37a c98398761c85376963fff57316a3bd746af396ea90a355e3471a424dc539c5b2 Loading...

	2fa-connect.app/_next/static/chunks/29107295-2c4ccc922958d76c.js	83 kB	2024-03-26	2024-04-20
Pretty URL 2fa-connect.app/_next/static/chunks/29107295-2c4ccc922958d76c.js IP 185.215.113.118 ASN #51381 1337Team Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-26 05:23:57 Last Seen2024-04-20 18:43:08 Times Seen38 Hash e39d120aab2ca5fd9874c826e74e55b3 d290f4d3d1a788ffd67d3c4d01ab2c49f442344a 4036b734ca2db6230ee1b24ced5186ba5232df14aff5c0e33178c6283c458664 Loading...

	2fa-connect.app/_next/static/chunks/framework-5666885447fdc3cc.js	141 kB	2023-10-23	2024-04-24
Pretty URL 2fa-connect.app/_next/static/chunks/framework-5666885447fdc3cc.js IP 185.215.113.118 ASN #51381 1337Team Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-23 20:25:35 Last Seen2024-04-24 11:54:25 Times Seen88 Hash 6f78840188652a255488524ba24b694c 5d30199ed324bca3850cb0ba2e002ca8bbd63328 39905d3d4badf88532fdc2aa18cb6fc26c57382caa8a05fe0a8365b70fc2eb8f Loading...

	2fa-connect.app/_next/static/chunks/5675-6a3de6baea750189.js	9.7 kB	2024-03-26	2024-04-20
Pretty URL 2fa-connect.app/_next/static/chunks/5675-6a3de6baea750189.js IP 185.215.113.118 ASN #51381 1337Team Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-26 05:23:57 Last Seen2024-04-20 18:43:08 Times Seen36 Hash 9465d21d28f8e71876ced17b36d6dfec 301dd546cbb246f9f0a15daa010aa77222171752 f33198153380fab1dab424e5c0026df1fe2c8a854b5a5680c102646b92658fb2 Loading...

	2fa-connect.app/_next/static/chunks/2037-175d1e3f0c2f846f.js	12 kB	2024-03-26	2024-04-20
Pretty URL 2fa-connect.app/_next/static/chunks/2037-175d1e3f0c2f846f.js IP 185.215.113.118 ASN #51381 1337Team Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-26 05:23:57 Last Seen2024-04-20 18:43:08 Times Seen16 Hash cb2aa24fc14c80c763982d37d9f4eab9 feb33b1cee287ec4a62260ee7497b015832c8d9d d0bc449a526d925ca5595b681cec0de140510b674cb308038aa60a892a33f007 Loading...

	www.google.com/recaptcha/api.js?onload=onloadcallback&render=explicit	909 B	2024-04-09	2024-04-18
Pretty URL www.google.com/recaptcha/api.js?onload=onloadcallback&render=explicit IP 142.250.74.164 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-09 19:29:24 Last Seen2024-04-18 15:00:45 Times Seen27 Hash 9ce893deb57f4b618785cf61e602a133 f3f1567c9a6e402a781857965bb0bfc407630985 f13314c393baa57b5a4a54e3ee0e150e7466d67fe857cd343e9ff47852fafa87 Loading...

	www.gstatic.com/recaptcha/releases/rz4DvU-cY2JYCwHSTck0_qm-/recaptcha__en.js	511 kB	2024-04-04	2024-04-18
Pretty URL www.gstatic.com/recaptcha/releases/rz4DvU-cY2JYCwHSTck0_qm-/recaptcha__en.js IP 142.250.74.35 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-04 06:23:43 Last Seen2024-04-18 16:42:06 Times Seen5623 Hash e9ccb3dbde79ba5ffdf9cad4b32d59fd 3a8cd67adc7c885bdf683f1e7f491e6a4a50679f 8f2c6777c7ccc01ab67290fa8acd5a4c4866be64129f39dfaeb9197dfa15e137 Loading...

	2fa-connect.app/_next/static/SIjxJtBlFEr9WaVpZ8RtZ/_ssgManifest.js	77 B	2023-03-07	2024-05-01
Pretty URL 2fa-connect.app/_next/static/SIjxJtBlFEr9WaVpZ8RtZ/_ssgManifest.js IP 185.215.113.118 ASN #51381 1337Team Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:02 Last Seen2024-05-01 14:57:43 Times Seen85570 Hash b6652df95db52feb4daf4eca35380933 65451d110137761b318c82d9071c042db80c4036 6f5b4aa00d2f8d6aed9935b471806bf7acef464d0c1d390260e5fe27f800c67e Loading...

	2fa-connect.app/_next/static/SIjxJtBlFEr9WaVpZ8RtZ/_buildManifest.js	3.8 kB	2024-04-18	2024-04-20
Pretty URL 2fa-connect.app/_next/static/SIjxJtBlFEr9WaVpZ8RtZ/_buildManifest.js IP 185.215.113.118 ASN #51381 1337Team Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 11:45:11 Last Seen2024-04-20 18:43:08 Times Seen12 Hash 85c92c85ccedba0f82f0fe87a01caace b87f7fb2a2697684e96f7e5ec9de853d6bfef26a fe7527389d7f0abaca903e2d1ab7d0a96c3d4e61408fd90c081391c96f0aeaa1 Loading...

	2fa-connect.app/_next/static/chunks/pages/_app-2313d3acb70c5abd.js	288 kB	2024-04-18	2024-04-20
Pretty URL 2fa-connect.app/_next/static/chunks/pages/_app-2313d3acb70c5abd.js IP 185.215.113.118 ASN #51381 1337Team Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 11:45:11 Last Seen2024-04-20 18:43:08 Times Seen12 Hash 78777cf1467ea862fda0f3ee815f1460 bdcb3cf22d4f178c9d386269fd8db2333599eb71 78f516a1f8f2b13aaddb796873d3164e9b963ceb6ff85f9a13cd21fbaba4bfdf Loading...

	2fa-connect.app/_next/static/chunks/pages/index-b56ca499a1cf5a0c.js	310 kB	2024-04-18	2024-04-20
Pretty URL 2fa-connect.app/_next/static/chunks/pages/index-b56ca499a1cf5a0c.js IP 185.215.113.118 ASN #51381 1337Team Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 11:45:11 Last Seen2024-04-20 18:43:08 Times Seen12 Hash eefe0f8b816bcdb592b4ab7805e7d0b5 72078c676a8e789daf80b6a3cd6f96f70661f225 25bd714d2485e489326734b40ec52b256b6131759920843013a795f465ef2740 Loading...

	2fa-connect.app/_next/static/chunks/9306-7442921d12715970.js	28 kB	2024-04-18	2024-04-20
Pretty URL 2fa-connect.app/_next/static/chunks/9306-7442921d12715970.js IP 185.215.113.118 ASN #51381 1337Team Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 11:45:11 Last Seen2024-04-20 18:43:08 Times Seen12 Hash e10d13ebf584090b445a4721af48fc2a db3c01316ae8b61e5b5e844c6a06e8945e7a5116 c66e27566433add56971c4b51e10305cb802f8f982e5635c77a3dc547470da49 Loading...

	2fa-connect.app/_next/static/chunks/1bfc9850-4a72bd178e9802af.js	26 kB	2024-03-26	2024-04-20
Pretty URL 2fa-connect.app/_next/static/chunks/1bfc9850-4a72bd178e9802af.js IP 185.215.113.118 ASN #51381 1337Team Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-26 05:23:57 Last Seen2024-04-20 18:43:08 Times Seen41 Hash d0dc9153ebbb0370f8ebefa4611e8711 c7510ed81bd00542daab14e5ad2d778d2b4fb42b 6d53e4ec3f79eb2bc4123cebfa4df087ff0818e90636fbb2ccba9e5bd8835523 Loading...

	2fa-connect.app/_next/static/chunks/1e7c12d4-9caf7dccb6a1d25b.js	765 B	2024-03-26	2024-04-20
Pretty URL 2fa-connect.app/_next/static/chunks/1e7c12d4-9caf7dccb6a1d25b.js IP 185.215.113.118 ASN #51381 1337Team Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-26 05:23:56 Last Seen2024-04-20 18:43:08 Times Seen37 Hash 69cdaea2a73b7975e2aacd87ab1d035f 98b1fb984bf59573ec531397a642b921dcb7fdbd 26db04d287202eb97e1be6cd81b1cc8f1853341abdf27e3b62f721c643b4f71b Loading...

	2fa-connect.app/_next/static/chunks/ae51ba48-94b23ee8caee7339.js	737 B	2024-03-26	2024-04-20
Pretty URL 2fa-connect.app/_next/static/chunks/ae51ba48-94b23ee8caee7339.js IP 185.215.113.118 ASN #51381 1337Team Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-26 05:23:57 Last Seen2024-04-20 18:43:08 Times Seen38 Hash 20b40d34e7364378de55d6d59a3cd0ca a49085be6ca17ffcb02854bca50d4b88b5d663c1 f6462e0f48811e31e79646d70961e11ab139aa9ae865f0393c3075b29c5692c5 Loading...

	2fa-connect.app/_next/static/chunks/6893-dfa84fada077ab50.js	4.1 kB	2024-03-26	2024-04-20
Pretty URL 2fa-connect.app/_next/static/chunks/6893-dfa84fada077ab50.js IP 185.215.113.118 ASN #51381 1337Team Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-26 05:23:57 Last Seen2024-04-20 18:43:08 Times Seen38 Hash c0f7d09bab39fa6fd21a12507de02761 fe0fc5c22091541476e5267743a6949c2a70f554 f85fc12f7ce679ff0f8effa83c2217e593ab6d2f6bcd770eebe5a1c19af9b7d4 Loading...

	2fa-connect.app/_next/static/chunks/9892-99c1b6d658eb1ae4.js	138 kB	2024-03-26	2024-04-20
Pretty URL 2fa-connect.app/_next/static/chunks/9892-99c1b6d658eb1ae4.js IP 185.215.113.118 ASN #51381 1337Team Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-26 05:23:57 Last Seen2024-04-20 18:43:08 Times Seen37 Hash a1505896364a0902dc7d4e45e8c0a07d c7f198ed17024bd35fb8126f878339e7914a6556 9eecaf855d015f29aa8dbf2a628f8fd29bef95bd82b589af734025a449ebb0a6 Loading...

	2fa-connect.app/_next/static/chunks/webpack-cbafb5bd83b319bf.js	2.7 kB	2023-10-30	2024-04-20
Pretty URL 2fa-connect.app/_next/static/chunks/webpack-cbafb5bd83b319bf.js IP 185.215.113.118 ASN #51381 1337Team Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-30 15:31:34 Last Seen2024-04-20 18:43:08 Times Seen42 Hash ff307e0e92255d4a5a046cb9648df52b b9f434f0d7bce6307b215bdc9897011719bc59ce 617c1165bfd3e1141325726c510b42fecdce94e246488747bda5dae3dcd9b211 Loading...

	2fa-connect.app/_next/static/chunks/31664189-79b418c8cfec1276.js	714 B	2024-03-26	2024-04-20
Pretty URL 2fa-connect.app/_next/static/chunks/31664189-79b418c8cfec1276.js IP 185.215.113.118 ASN #51381 1337Team Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-26 05:23:57 Last Seen2024-04-20 18:43:08 Times Seen38 Hash 0ac01be907f36cd2cf63f82c95cb8c7a c99bb64772fed6585d14298b1a2877294d6fb60d c7fd8fad361fef0a0f3cc1790be47b09d4f35cc5a80690a7403c7a9f3eaf156c Loading...

	2fa-connect.app/_next/static/chunks/2962-b304c7a096b6845a.js	11 kB	2024-03-26	2024-04-20
Pretty URL 2fa-connect.app/_next/static/chunks/2962-b304c7a096b6845a.js IP 185.215.113.118 ASN #51381 1337Team Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-26 05:23:57 Last Seen2024-04-20 18:43:08 Times Seen42 Hash 6ffb2f4ee1e93e270a15cbc056d5a329 65507eaec7544455fb6066c90a49e89f621b3936 8d95177400e3b6cf44bb7baa71de6bfa9c6ba155cf0b844b5a0685136d763034 Loading...

	2fa-connect.app/_next/static/chunks/6850-69f05608ff4c0533.js	13 kB	2024-03-26	2024-04-20
Pretty URL 2fa-connect.app/_next/static/chunks/6850-69f05608ff4c0533.js IP 185.215.113.118 ASN #51381 1337Team Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-26 05:23:57 Last Seen2024-04-20 18:43:08 Times Seen42 Hash e84df5cfa8f0ec371511b376aa8147f7 290566516ff3aeccceb33828c6cfb38696f6b00d 487f69cef6c41b991ef42f02e857c935f6f745f3ef98f7d0d5c43869539024ab Loading...

	unknown	47 B	2023-04-12	2024-05-01
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-12 06:31:27 Last Seen2024-05-01 14:22:56 Times Seen1807 Hash cbf89f93643bde77f1a42b20b7aa4b20 0a149ced46b0df0a7106b46d2c013b787e24d389 d797c2255ede2cfbcaf8829f073737154e2d44a574e9515dd10a02218835afd8 Loading...

	2fa-connect.app/_next/static/chunks/1a48c3c1-8530ceb7dc4b096d.js	583 B	2024-03-26	2024-04-20
Pretty URL 2fa-connect.app/_next/static/chunks/1a48c3c1-8530ceb7dc4b096d.js IP 185.215.113.118 ASN #51381 1337Team Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-26 05:23:57 Last Seen2024-04-20 18:43:08 Times Seen38 Hash 4b47916b67eceacf56bc8a54794fff48 ada2a0cf1d1efc3acd30f19a6377805b37f40a9c 59e255abfee85a39a9c2538bfbd07ad3de9da073909dd01df39d63774078b0a0 Loading...

	2fa-connect.app/_next/static/chunks/0c428ae2-442b49a45486c6c4.js	1.1 kB	2024-03-26	2024-04-20
Pretty URL 2fa-connect.app/_next/static/chunks/0c428ae2-442b49a45486c6c4.js IP 185.215.113.118 ASN #51381 1337Team Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-26 05:23:57 Last Seen2024-04-20 18:43:08 Times Seen38 Hash 792590114e2cad44b95c5288342d1663 47ba431429ab45226d95b734fe3b36d64a4db746 c377b1747419f736b0859688ed453fb8ec49776387abc7e09686eab80e13362f Loading...

HTTP Transactions (51)

URL IP Response Size

2fa-connect.app/

185.215.113.118

200 OK

930 B

URL User Request GET HTTP/1.1
2fa-connect.app/
IP
185.215.113.118:443
ASN
#51381 1337Team Limited

Certificate
IssuerLet's Encrypt
Subject2fa-connect.app
FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C
ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT

File type
HTML document, ASCII text, with very long lines (3218), with no line terminators
Size
930 B (930 bytes)
Hash
98b91f62d01cba8c69a19a16ca65c254
e3bfe1204e364bf956db069d15144b01896417d6
ceec848cb787f9e89e8a550eb71d76a8add496a0da9c133644e955afadf80a38

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:35 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: Next.js
ETag: "1387uhfj93d2he"
Vary: Accept-Encoding
Content-Encoding: gzip

2fa-connect.app/_next/static/media/4f117ec02fc103f8-s.p.woff2

185.215.113.118

200 OK

44 kB

URL GET HTTP/1.1
2fa-connect.app/_next/static/media/4f117ec02fc103f8-s.p.woff2
IP
185.215.113.118:443
ASN
#51381 1337Team Limited

Requested by
https://2fa-connect.app/
Certificate
IssuerLet's Encrypt
Subject2fa-connect.app
FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C
ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT

File type
Web Open Font Format (Version 2), TrueType, length 44264, version 1.0
Size
44 kB (44264 bytes)
Hash
03c6826d225a339fad5a72e435f19299
991e2551b43e6f294350725e9471534d6c0e4ac1
60e11d985314d4843c7a741d67bc7744c4bf519e50ce08e1d5e74e43414aaff0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/media/4f117ec02fc103f8-s.p.woff2 HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://2fa-connect.app/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:35 GMT
Content-Type: font/woff2
Content-Length: 44264
Connection: keep-alive
Cache-Control: public, max-age=31536000, immutable
Accept-Ranges: bytes
Last-Modified: Mon, 15 Apr 2024 23:02:59 GMT
ETag: W/"ace8-18ee3ffdada"

2fa-connect.app/_next/static/css/1fbe2e0c7e8b651e.css

185.215.113.118

200 OK

4.3 kB

URL GET HTTP/1.1
2fa-connect.app/_next/static/css/1fbe2e0c7e8b651e.css
IP
185.215.113.118:443
ASN
#51381 1337Team Limited

Requested by
https://2fa-connect.app/
Certificate
IssuerLet's Encrypt
Subject2fa-connect.app
FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C
ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT

File type
Unicode text, UTF-8 text, with very long lines (17700), with no line terminators
Size
4.3 kB (4277 bytes)
Hash
6fa7506165611d2f3b23efae29a9a130
c4936d2244c304df1ce257e9a3d5e0251f6d4c5d
84fd52cba82f9c225e709a2ed7646d3565c4b8b37ac89dfd8e43bf4224eda54c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/css/1fbe2e0c7e8b651e.css HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2fa-connect.app/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:35 GMT
Content-Type: text/css; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: public, max-age=31536000, immutable
Accept-Ranges: bytes
Last-Modified: Mon, 15 Apr 2024 23:02:59 GMT
ETag: W/"453e-18ee3ffdade"
Vary: Accept-Encoding
Content-Encoding: gzip

2fa-connect.app/_next/static/chunks/webpack-cbafb5bd83b319bf.js

185.215.113.118

200 OK

1.1 kB

URL GET HTTP/1.1
2fa-connect.app/_next/static/chunks/webpack-cbafb5bd83b319bf.js
IP
185.215.113.118:443
ASN
#51381 1337Team Limited

Requested by
https://2fa-connect.app/
Certificate
IssuerLet's Encrypt
Subject2fa-connect.app
FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C
ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT

File type
JavaScript source, ASCII text, with very long lines (2657), with no line terminators
Size
1.1 kB (1075 bytes)
Hash
ff307e0e92255d4a5a046cb9648df52b
b9f434f0d7bce6307b215bdc9897011719bc59ce
617c1165bfd3e1141325726c510b42fecdce94e246488747bda5dae3dcd9b211

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/webpack-cbafb5bd83b319bf.js HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2fa-connect.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:35 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: public, max-age=31536000, immutable
Accept-Ranges: bytes
Last-Modified: Mon, 15 Apr 2024 23:02:59 GMT
ETag: W/"a61-18ee3ffdade"
Vary: Accept-Encoding
Content-Encoding: gzip

2fa-connect.app/_next/static/css/e807c5f3c7e39ea5.css

185.215.113.118

200 OK

14 kB

URL GET HTTP/1.1
2fa-connect.app/_next/static/css/e807c5f3c7e39ea5.css
IP
185.215.113.118:443
ASN
#51381 1337Team Limited

Requested by
https://2fa-connect.app/
Certificate
IssuerLet's Encrypt
Subject2fa-connect.app
FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C
ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT

File type
ASCII text, with very long lines (58123), with CRLF, LF line terminators
Size
14 kB (14435 bytes)
Hash
f0e982c31e7c7896da1bff3fb64f0360
9a29366b53cc572b6c083842b03313c9cff42bda
ea15d264570e87d07f01ae4b98eb9e7e947e5b7baf4be66bcc8767cdbe7c8c4b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/css/e807c5f3c7e39ea5.css HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2fa-connect.app/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:35 GMT
Content-Type: text/css; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: public, max-age=31536000, immutable
Accept-Ranges: bytes
Last-Modified: Mon, 15 Apr 2024 23:02:59 GMT
ETag: W/"12599-18ee3ffdada"
Vary: Accept-Encoding
Content-Encoding: gzip

2fa-connect.app/_next/static/chunks/pages/_app-2313d3acb70c5abd.js

185.215.113.118

200 OK

82 kB

URL GET HTTP/1.1
2fa-connect.app/_next/static/chunks/pages/_app-2313d3acb70c5abd.js
IP
185.215.113.118:443
ASN
#51381 1337Team Limited

Requested by
https://2fa-connect.app/
Certificate
IssuerLet's Encrypt
Subject2fa-connect.app
FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C
ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT

File type
JavaScript source, ASCII text, with very long lines (65321)
Size
82 kB (81491 bytes)
Hash
78777cf1467ea862fda0f3ee815f1460
bdcb3cf22d4f178c9d386269fd8db2333599eb71
78f516a1f8f2b13aaddb796873d3164e9b963ceb6ff85f9a13cd21fbaba4bfdf

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/pages/_app-2313d3acb70c5abd.js HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2fa-connect.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:35 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: public, max-age=31536000, immutable
Accept-Ranges: bytes
Last-Modified: Mon, 15 Apr 2024 23:02:59 GMT
ETag: W/"46454-18ee3ffdada"
Vary: Accept-Encoding
Content-Encoding: gzip

2fa-connect.app/_next/static/chunks/main-5cdcbd6d49f31693.js

185.215.113.118

200 OK

33 kB

URL GET HTTP/1.1
2fa-connect.app/_next/static/chunks/main-5cdcbd6d49f31693.js
IP
185.215.113.118:443
ASN
#51381 1337Team Limited

Requested by
https://2fa-connect.app/
Certificate
IssuerLet's Encrypt
Subject2fa-connect.app
FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C
ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
33 kB (32918 bytes)
Hash
67a5f43e27387e109798e51e202f1fbf
35779062b631d8191ddd1074a64e7acff545fb04
bbd4ef3d1bd496891e8aacba12eae63711c3c8c807138d1a973490964d1828e1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/main-5cdcbd6d49f31693.js HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2fa-connect.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:35 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: public, max-age=31536000, immutable
Accept-Ranges: bytes
Last-Modified: Mon, 15 Apr 2024 23:02:59 GMT
ETag: W/"1c29c-18ee3ffdada"
Vary: Accept-Encoding
Content-Encoding: gzip

2fa-connect.app/_next/static/chunks/1a48c3c1-8530ceb7dc4b096d.js

185.215.113.118

200 OK

583 B

URL GET HTTP/1.1
2fa-connect.app/_next/static/chunks/1a48c3c1-8530ceb7dc4b096d.js
IP
185.215.113.118:443
ASN
#51381 1337Team Limited

Requested by
https://2fa-connect.app/
Certificate
IssuerLet's Encrypt
Subject2fa-connect.app
FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C
ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT

File type
JavaScript source, ASCII text, with very long lines (583), with no line terminators
Size
583 B (583 bytes)
Hash
4b47916b67eceacf56bc8a54794fff48
ada2a0cf1d1efc3acd30f19a6377805b37f40a9c
59e255abfee85a39a9c2538bfbd07ad3de9da073909dd01df39d63774078b0a0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/1a48c3c1-8530ceb7dc4b096d.js HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2fa-connect.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:35 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 583
Connection: keep-alive
Cache-Control: public, max-age=31536000, immutable
Accept-Ranges: bytes
Last-Modified: Mon, 15 Apr 2024 23:02:59 GMT
ETag: W/"247-18ee3ffdade"
Vary: Accept-Encoding

2fa-connect.app/_next/static/chunks/framework-5666885447fdc3cc.js

185.215.113.118

200 OK

45 kB

URL GET HTTP/1.1
2fa-connect.app/_next/static/chunks/framework-5666885447fdc3cc.js
IP
185.215.113.118:443
ASN
#51381 1337Team Limited

Requested by
https://2fa-connect.app/
Certificate
IssuerLet's Encrypt
Subject2fa-connect.app
FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C
ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT

File type
JavaScript source, ASCII text, with very long lines (65201)
Size
45 kB (45445 bytes)
Hash
6f78840188652a255488524ba24b694c
5d30199ed324bca3850cb0ba2e002ca8bbd63328
39905d3d4badf88532fdc2aa18cb6fc26c57382caa8a05fe0a8365b70fc2eb8f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/framework-5666885447fdc3cc.js HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2fa-connect.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:35 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: public, max-age=31536000, immutable
Accept-Ranges: bytes
Last-Modified: Mon, 15 Apr 2024 23:02:59 GMT
ETag: W/"226f8-18ee3ffdade"
Vary: Accept-Encoding
Content-Encoding: gzip

2fa-connect.app/_next/static/chunks/29107295-2c4ccc922958d76c.js

185.215.113.118

200 OK

26 kB

URL GET HTTP/1.1
2fa-connect.app/_next/static/chunks/29107295-2c4ccc922958d76c.js
IP
185.215.113.118:443
ASN
#51381 1337Team Limited

Requested by
https://2fa-connect.app/
Certificate
IssuerLet's Encrypt
Subject2fa-connect.app
FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C
ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65344), with no line terminators
Size
26 kB (26458 bytes)
Hash
e39d120aab2ca5fd9874c826e74e55b3
d290f4d3d1a788ffd67d3c4d01ab2c49f442344a
4036b734ca2db6230ee1b24ced5186ba5232df14aff5c0e33178c6283c458664

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/29107295-2c4ccc922958d76c.js HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2fa-connect.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:35 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: public, max-age=31536000, immutable
Accept-Ranges: bytes
Last-Modified: Mon, 15 Apr 2024 23:02:59 GMT
ETag: W/"144a3-18ee3ffdade"
Vary: Accept-Encoding
Content-Encoding: gzip

2fa-connect.app/_next/static/chunks/1bfc9850-4a72bd178e9802af.js

185.215.113.118

200 OK

10 kB

URL GET HTTP/1.1
2fa-connect.app/_next/static/chunks/1bfc9850-4a72bd178e9802af.js
IP
185.215.113.118:443
ASN
#51381 1337Team Limited

Requested by
https://2fa-connect.app/
Certificate
IssuerLet's Encrypt
Subject2fa-connect.app
FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C
ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT

File type
JavaScript source, ASCII text, with very long lines (25635), with no line terminators
Size
10 kB (10404 bytes)
Hash
d0dc9153ebbb0370f8ebefa4611e8711
c7510ed81bd00542daab14e5ad2d778d2b4fb42b
6d53e4ec3f79eb2bc4123cebfa4df087ff0818e90636fbb2ccba9e5bd8835523

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/1bfc9850-4a72bd178e9802af.js HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2fa-connect.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:35 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: public, max-age=31536000, immutable
Accept-Ranges: bytes
Last-Modified: Mon, 15 Apr 2024 23:02:59 GMT
ETag: W/"6423-18ee3ffdade"
Vary: Accept-Encoding
Content-Encoding: gzip

2fa-connect.app/_next/static/chunks/252f366e-a5a6f702cd6dba34.js

185.215.113.118

200 OK

822 B

URL GET HTTP/1.1
2fa-connect.app/_next/static/chunks/252f366e-a5a6f702cd6dba34.js
IP
185.215.113.118:443
ASN
#51381 1337Team Limited

Requested by
https://2fa-connect.app/
Certificate
IssuerLet's Encrypt
Subject2fa-connect.app
FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C
ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT

File type
JavaScript source, ASCII text, with very long lines (2120), with no line terminators
Size
822 B (822 bytes)
Hash
ab688fe4776686dd7e67f82c89f05519
9d8d4832794706723a383775c3ae02f676ded37a
c98398761c85376963fff57316a3bd746af396ea90a355e3471a424dc539c5b2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/252f366e-a5a6f702cd6dba34.js HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2fa-connect.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:35 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: public, max-age=31536000, immutable
Accept-Ranges: bytes
Last-Modified: Mon, 15 Apr 2024 23:02:59 GMT
ETag: W/"848-18ee3ffdade"
Vary: Accept-Encoding
Content-Encoding: gzip

2fa-connect.app/_next/static/chunks/1e7c12d4-9caf7dccb6a1d25b.js

185.215.113.118

200 OK

765 B

URL GET HTTP/1.1
2fa-connect.app/_next/static/chunks/1e7c12d4-9caf7dccb6a1d25b.js
IP
185.215.113.118:443
ASN
#51381 1337Team Limited

Requested by
https://2fa-connect.app/
Certificate
IssuerLet's Encrypt
Subject2fa-connect.app
FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C
ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT

File type
JavaScript source, ASCII text, with very long lines (765), with no line terminators
Size
765 B (765 bytes)
Hash
69cdaea2a73b7975e2aacd87ab1d035f
98b1fb984bf59573ec531397a642b921dcb7fdbd
26db04d287202eb97e1be6cd81b1cc8f1853341abdf27e3b62f721c643b4f71b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/1e7c12d4-9caf7dccb6a1d25b.js HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2fa-connect.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:35 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 765
Connection: keep-alive
Cache-Control: public, max-age=31536000, immutable
Accept-Ranges: bytes
Last-Modified: Mon, 15 Apr 2024 23:02:59 GMT
ETag: W/"2fd-18ee3ffdade"
Vary: Accept-Encoding

2fa-connect.app/_next/static/chunks/31664189-79b418c8cfec1276.js

185.215.113.118

200 OK

714 B

URL GET HTTP/1.1
2fa-connect.app/_next/static/chunks/31664189-79b418c8cfec1276.js
IP
185.215.113.118:443
ASN
#51381 1337Team Limited

Requested by
https://2fa-connect.app/
Certificate
IssuerLet's Encrypt
Subject2fa-connect.app
FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C
ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT

File type
JavaScript source, ASCII text, with very long lines (714), with no line terminators
Size
714 B (714 bytes)
Hash
0ac01be907f36cd2cf63f82c95cb8c7a
c99bb64772fed6585d14298b1a2877294d6fb60d
c7fd8fad361fef0a0f3cc1790be47b09d4f35cc5a80690a7403c7a9f3eaf156c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/31664189-79b418c8cfec1276.js HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2fa-connect.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:35 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 714
Connection: keep-alive
Cache-Control: public, max-age=31536000, immutable
Accept-Ranges: bytes
Last-Modified: Mon, 15 Apr 2024 23:02:59 GMT
ETag: W/"2ca-18ee3ffdade"
Vary: Accept-Encoding

2fa-connect.app/_next/static/chunks/ae51ba48-94b23ee8caee7339.js

185.215.113.118

200 OK

737 B

URL GET HTTP/1.1
2fa-connect.app/_next/static/chunks/ae51ba48-94b23ee8caee7339.js
IP
185.215.113.118:443
ASN
#51381 1337Team Limited

Requested by
https://2fa-connect.app/
Certificate
IssuerLet's Encrypt
Subject2fa-connect.app
FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C
ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT

File type
JavaScript source, ASCII text, with very long lines (737), with no line terminators
Size
737 B (737 bytes)
Hash
20b40d34e7364378de55d6d59a3cd0ca
a49085be6ca17ffcb02854bca50d4b88b5d663c1
f6462e0f48811e31e79646d70961e11ab139aa9ae865f0393c3075b29c5692c5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/ae51ba48-94b23ee8caee7339.js HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2fa-connect.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:35 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 737
Connection: keep-alive
Cache-Control: public, max-age=31536000, immutable
Accept-Ranges: bytes
Last-Modified: Mon, 15 Apr 2024 23:02:59 GMT
ETag: W/"2e1-18ee3ffdade"
Vary: Accept-Encoding

2fa-connect.app/_next/static/chunks/0c428ae2-442b49a45486c6c4.js

185.215.113.118

200 OK

430 B

URL GET HTTP/1.1
2fa-connect.app/_next/static/chunks/0c428ae2-442b49a45486c6c4.js
IP
185.215.113.118:443
ASN
#51381 1337Team Limited

Requested by
https://2fa-connect.app/
Certificate
IssuerLet's Encrypt
Subject2fa-connect.app
FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C
ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT

File type
JavaScript source, ASCII text, with very long lines (1089), with no line terminators
Size
430 B (430 bytes)
Hash
792590114e2cad44b95c5288342d1663
47ba431429ab45226d95b734fe3b36d64a4db746
c377b1747419f736b0859688ed453fb8ec49776387abc7e09686eab80e13362f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/0c428ae2-442b49a45486c6c4.js HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2fa-connect.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:35 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: public, max-age=31536000, immutable
Accept-Ranges: bytes
Last-Modified: Mon, 15 Apr 2024 23:02:59 GMT
ETag: W/"441-18ee3ffdade"
Vary: Accept-Encoding
Content-Encoding: gzip

2fa-connect.app/_next/static/chunks/6893-dfa84fada077ab50.js

185.215.113.118

200 OK

1.4 kB

URL GET HTTP/1.1
2fa-connect.app/_next/static/chunks/6893-dfa84fada077ab50.js
IP
185.215.113.118:443
ASN
#51381 1337Team Limited

Requested by
https://2fa-connect.app/
Certificate
IssuerLet's Encrypt
Subject2fa-connect.app
FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C
ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT

File type
JavaScript source, ASCII text, with very long lines (4092), with no line terminators
Size
1.4 kB (1351 bytes)
Hash
c0f7d09bab39fa6fd21a12507de02761
fe0fc5c22091541476e5267743a6949c2a70f554
f85fc12f7ce679ff0f8effa83c2217e593ab6d2f6bcd770eebe5a1c19af9b7d4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/6893-dfa84fada077ab50.js HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2fa-connect.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:35 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: public, max-age=31536000, immutable
Accept-Ranges: bytes
Last-Modified: Mon, 15 Apr 2024 23:02:59 GMT
ETag: W/"ffc-18ee3ffdade"
Vary: Accept-Encoding
Content-Encoding: gzip

2fa-connect.app/_next/static/chunks/2962-b304c7a096b6845a.js

185.215.113.118

200 OK

2.8 kB

URL GET HTTP/1.1
2fa-connect.app/_next/static/chunks/2962-b304c7a096b6845a.js
IP
185.215.113.118:443
ASN
#51381 1337Team Limited

Requested by
https://2fa-connect.app/
Certificate
IssuerLet's Encrypt
Subject2fa-connect.app
FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C
ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT

File type
JavaScript source, ASCII text, with very long lines (11317), with no line terminators
Size
2.8 kB (2800 bytes)
Hash
6ffb2f4ee1e93e270a15cbc056d5a329
65507eaec7544455fb6066c90a49e89f621b3936
8d95177400e3b6cf44bb7baa71de6bfa9c6ba155cf0b844b5a0685136d763034

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/2962-b304c7a096b6845a.js HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2fa-connect.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:35 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: public, max-age=31536000, immutable
Accept-Ranges: bytes
Last-Modified: Mon, 15 Apr 2024 23:02:59 GMT
ETag: W/"2c35-18ee3ffdade"
Vary: Accept-Encoding
Content-Encoding: gzip

2fa-connect.app/_next/static/chunks/5675-6a3de6baea750189.js

185.215.113.118

200 OK

4.0 kB

URL GET HTTP/1.1
2fa-connect.app/_next/static/chunks/5675-6a3de6baea750189.js
IP
185.215.113.118:443
ASN
#51381 1337Team Limited

Requested by
https://2fa-connect.app/
Certificate
IssuerLet's Encrypt
Subject2fa-connect.app
FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C
ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT

File type
JavaScript source, ASCII text, with very long lines (9684), with no line terminators
Size
4.0 kB (3972 bytes)
Hash
9465d21d28f8e71876ced17b36d6dfec
301dd546cbb246f9f0a15daa010aa77222171752
f33198153380fab1dab424e5c0026df1fe2c8a854b5a5680c102646b92658fb2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/5675-6a3de6baea750189.js HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2fa-connect.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:35 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: public, max-age=31536000, immutable
Accept-Ranges: bytes
Last-Modified: Mon, 15 Apr 2024 23:02:59 GMT
ETag: W/"25d4-18ee3ffdade"
Vary: Accept-Encoding
Content-Encoding: gzip

2fa-connect.app/_next/static/chunks/6850-69f05608ff4c0533.js

185.215.113.118

200 OK

4.2 kB

URL GET HTTP/1.1
2fa-connect.app/_next/static/chunks/6850-69f05608ff4c0533.js
IP
185.215.113.118:443
ASN
#51381 1337Team Limited

Requested by
https://2fa-connect.app/
Certificate
IssuerLet's Encrypt
Subject2fa-connect.app
FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C
ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT

File type
JavaScript source, ASCII text, with very long lines (10261)
Size
4.2 kB (4189 bytes)
Hash
e84df5cfa8f0ec371511b376aa8147f7
290566516ff3aeccceb33828c6cfb38696f6b00d
487f69cef6c41b991ef42f02e857c935f6f745f3ef98f7d0d5c43869539024ab

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/6850-69f05608ff4c0533.js HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2fa-connect.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:35 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: public, max-age=31536000, immutable
Accept-Ranges: bytes
Last-Modified: Mon, 15 Apr 2024 23:02:59 GMT
ETag: W/"3166-18ee3ffdade"
Vary: Accept-Encoding
Content-Encoding: gzip

2fa-connect.app/_next/static/chunks/9892-99c1b6d658eb1ae4.js

185.215.113.118

200 OK

44 kB

URL GET HTTP/1.1
2fa-connect.app/_next/static/chunks/9892-99c1b6d658eb1ae4.js
IP
185.215.113.118:443
ASN
#51381 1337Team Limited

Requested by
https://2fa-connect.app/
Certificate
IssuerLet's Encrypt
Subject2fa-connect.app
FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C
ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65256), with no line terminators
Size
44 kB (43964 bytes)
Hash
a1505896364a0902dc7d4e45e8c0a07d
c7f198ed17024bd35fb8126f878339e7914a6556
9eecaf855d015f29aa8dbf2a628f8fd29bef95bd82b589af734025a449ebb0a6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/9892-99c1b6d658eb1ae4.js HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2fa-connect.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:35 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: public, max-age=31536000, immutable
Accept-Ranges: bytes
Last-Modified: Mon, 15 Apr 2024 23:02:59 GMT
ETag: W/"21c29-18ee3ffdade"
Vary: Accept-Encoding
Content-Encoding: gzip

2fa-connect.app/_next/static/chunks/2037-175d1e3f0c2f846f.js

185.215.113.118

200 OK

4.3 kB

URL GET HTTP/1.1
2fa-connect.app/_next/static/chunks/2037-175d1e3f0c2f846f.js
IP
185.215.113.118:443
ASN
#51381 1337Team Limited

Requested by
https://2fa-connect.app/
Certificate
IssuerLet's Encrypt
Subject2fa-connect.app
FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C
ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT

File type
JavaScript source, ASCII text, with very long lines (11563), with no line terminators
Size
4.3 kB (4273 bytes)
Hash
cb2aa24fc14c80c763982d37d9f4eab9
feb33b1cee287ec4a62260ee7497b015832c8d9d
d0bc449a526d925ca5595b681cec0de140510b674cb308038aa60a892a33f007

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/2037-175d1e3f0c2f846f.js HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2fa-connect.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:35 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: public, max-age=31536000, immutable
Accept-Ranges: bytes
Last-Modified: Mon, 15 Apr 2024 23:02:59 GMT
ETag: W/"2d2b-18ee3ffdade"
Vary: Accept-Encoding
Content-Encoding: gzip

2fa-connect.app/_next/static/chunks/9306-7442921d12715970.js

185.215.113.118

200 OK

6.8 kB

URL GET HTTP/1.1
2fa-connect.app/_next/static/chunks/9306-7442921d12715970.js
IP
185.215.113.118:443
ASN
#51381 1337Team Limited

Requested by
https://2fa-connect.app/
Certificate
IssuerLet's Encrypt
Subject2fa-connect.app
FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C
ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (27648), with no line terminators
Size
6.8 kB (6842 bytes)
Hash
e10d13ebf584090b445a4721af48fc2a
db3c01316ae8b61e5b5e844c6a06e8945e7a5116
c66e27566433add56971c4b51e10305cb802f8f982e5635c77a3dc547470da49

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/9306-7442921d12715970.js HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2fa-connect.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:35 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: public, max-age=31536000, immutable
Accept-Ranges: bytes
Last-Modified: Mon, 15 Apr 2024 23:02:59 GMT
ETag: W/"6c1c-18ee3ffdade"
Vary: Accept-Encoding
Content-Encoding: gzip

2fa-connect.app/_next/static/SIjxJtBlFEr9WaVpZ8RtZ/_ssgManifest.js

185.215.113.118

200 OK

77 B

URL GET HTTP/1.1
2fa-connect.app/_next/static/SIjxJtBlFEr9WaVpZ8RtZ/_ssgManifest.js
IP
185.215.113.118:443
ASN
#51381 1337Team Limited

Requested by
https://2fa-connect.app/
Certificate
IssuerLet's Encrypt
Subject2fa-connect.app
FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C
ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT

File type
ASCII text, with no line terminators
Size
77 B (77 bytes)
Hash
b6652df95db52feb4daf4eca35380933
65451d110137761b318c82d9071c042db80c4036
6f5b4aa00d2f8d6aed9935b471806bf7acef464d0c1d390260e5fe27f800c67e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/SIjxJtBlFEr9WaVpZ8RtZ/_ssgManifest.js HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2fa-connect.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:35 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 77
Connection: keep-alive
Cache-Control: public, max-age=31536000, immutable
Accept-Ranges: bytes
Last-Modified: Mon, 15 Apr 2024 23:02:59 GMT
ETag: W/"4d-18ee3ffdada"
Vary: Accept-Encoding

2fa-connect.app/_next/static/SIjxJtBlFEr9WaVpZ8RtZ/_buildManifest.js

185.215.113.118

200 OK

1.4 kB

URL GET HTTP/1.1
2fa-connect.app/_next/static/SIjxJtBlFEr9WaVpZ8RtZ/_buildManifest.js
IP
185.215.113.118:443
ASN
#51381 1337Team Limited

Requested by
https://2fa-connect.app/
Certificate
IssuerLet's Encrypt
Subject2fa-connect.app
FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C
ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT

File type
ASCII text, with very long lines (3761), with no line terminators
Size
1.4 kB (1350 bytes)
Hash
85c92c85ccedba0f82f0fe87a01caace
b87f7fb2a2697684e96f7e5ec9de853d6bfef26a
fe7527389d7f0abaca903e2d1ab7d0a96c3d4e61408fd90c081391c96f0aeaa1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/SIjxJtBlFEr9WaVpZ8RtZ/_buildManifest.js HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2fa-connect.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:35 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: public, max-age=31536000, immutable
Accept-Ranges: bytes
Last-Modified: Mon, 15 Apr 2024 23:02:59 GMT
ETag: W/"eb1-18ee3ffdada"
Vary: Accept-Encoding
Content-Encoding: gzip

2fa-connect.app/_next/static/chunks/pages/index-b56ca499a1cf5a0c.js

185.215.113.118

200 OK

63 kB

URL GET HTTP/1.1
2fa-connect.app/_next/static/chunks/pages/index-b56ca499a1cf5a0c.js
IP
185.215.113.118:443
ASN
#51381 1337Team Limited

Requested by
https://2fa-connect.app/
Certificate
IssuerLet's Encrypt
Subject2fa-connect.app
FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C
ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65452), with no line terminators
Size
63 kB (63091 bytes)
Hash
eefe0f8b816bcdb592b4ab7805e7d0b5
72078c676a8e789daf80b6a3cd6f96f70661f225
25bd714d2485e489326734b40ec52b256b6131759920843013a795f465ef2740

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/pages/index-b56ca499a1cf5a0c.js HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2fa-connect.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:35 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: public, max-age=31536000, immutable
Accept-Ranges: bytes
Last-Modified: Mon, 15 Apr 2024 23:02:59 GMT
ETag: W/"4b8dc-18ee3ffdade"
Vary: Accept-Encoding
Content-Encoding: gzip

2fa-connect.app/_next/static/css/1fbe2e0c7e8b651e.css

185.215.113.118

200 OK

4.3 kB

URL GET HTTP/1.1
2fa-connect.app/_next/static/css/1fbe2e0c7e8b651e.css
IP
185.215.113.118:443
ASN
#51381 1337Team Limited

Requested by
https://2fa-connect.app/
Certificate
IssuerLet's Encrypt
Subject2fa-connect.app
FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C
ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT

File type
Unicode text, UTF-8 text, with very long lines (17700), with no line terminators
Size
4.3 kB (4277 bytes)
Hash
6fa7506165611d2f3b23efae29a9a130
c4936d2244c304df1ce257e9a3d5e0251f6d4c5d
84fd52cba82f9c225e709a2ed7646d3565c4b8b37ac89dfd8e43bf4224eda54c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/css/1fbe2e0c7e8b651e.css HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://2fa-connect.app/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:36 GMT
Content-Type: text/css; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: public, max-age=31536000, immutable
Accept-Ranges: bytes
Last-Modified: Mon, 15 Apr 2024 23:02:59 GMT
ETag: W/"453e-18ee3ffdade"
Vary: Accept-Encoding
Content-Encoding: gzip

2fa-connect.app/api/domain-info

185.215.113.118

200 OK

689 B

URL POST HTTP/1.1
2fa-connect.app/api/domain-info
IP
185.215.113.118:443
ASN
#51381 1337Team Limited

Requested by
https://2fa-connect.app/
Certificate
IssuerLet's Encrypt
Subject2fa-connect.app
FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C
ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT

File type
JSON text data
Size
689 B (689 bytes)
Hash
2a1091f6364e2cb77c3fc7c6796c2463
790007227b34e69675f7e84f07b3bdd65af4fbcc
4247b91f6e19cc1c099959a0fd8886fad5949e13bbd288b801810c59424c78ac

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /api/domain-info HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://2fa-connect.app/
Content-Type: application/x-www-form-urlencoded
Content-Length: 24
Origin: https://2fa-connect.app
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:36 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 689
Connection: keep-alive
ETag: "c8ed1cxgd3j3"
Vary: Accept-Encoding

2fa-connect.app/api/auth/session

185.215.113.118

200 OK

2 B

URL GET HTTP/1.1
2fa-connect.app/api/auth/session
IP
185.215.113.118:443
ASN
#51381 1337Team Limited

Requested by
https://2fa-connect.app/
Certificate
IssuerLet's Encrypt
Subject2fa-connect.app
FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C
ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT

File type
JSON text data
Size
2 B (2 bytes)
Hash
99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /api/auth/session HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://2fa-connect.app/
Content-Type: application/json
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:36 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 2
Connection: keep-alive
Set-Cookie: next-auth.csrf-token=a443c3c97906c82729ae93f8133ffe9720399b5d18442849455c11ef0f26420f%7Ce0446ab5c8cf4446e24d3f1ff9563c9b09396082198f4788bc1b8a6f4cea6f9f; Path=/; HttpOnly; SameSite=Lax
next-auth.callback-url=http%3A%2F%2Flocalhost%3A3000; Path=/; HttpOnly; SameSite=Lax
ETag: "bwc9mymkdm2"
Vary: Accept-Encoding

2fa-connect.app/api/traffic

185.215.113.118

200 OK

15 B

URL POST HTTP/1.1
2fa-connect.app/api/traffic
IP
185.215.113.118:443
ASN
#51381 1337Team Limited

Requested by
https://2fa-connect.app/
Certificate
IssuerLet's Encrypt
Subject2fa-connect.app
FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C
ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT

File type
JSON text data
Size
15 B (15 bytes)
Hash
28ec1eee5f4049e3c4f2135069c1d2c8
3505519507ca1c2a089c46e100b80408ca278421
edc48cd3b0bc4fa7ba23aad40b8508a17d370ca38be174bae2a2f64634e65a2b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /api/traffic HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://2fa-connect.app/
Content-Type: application/x-www-form-urlencoded
Content-Length: 9
Origin: https://2fa-connect.app
DNT: 1
Connection: keep-alive
Cookie: next-auth.csrf-token=a443c3c97906c82729ae93f8133ffe9720399b5d18442849455c11ef0f26420f%7Ce0446ab5c8cf4446e24d3f1ff9563c9b09396082198f4788bc1b8a6f4cea6f9f; next-auth.callback-url=http%3A%2F%2Flocalhost%3A3000; user=%7B%22step%22%3A%22BANK%22%2C%22logId%22%3A%22%22%2C%22userId%22%3A0%2C%22notes%22%3A%22%22%2C%22isLoading%22%3Afalse%2C%22ccNumber%22%3A%22%22%2C%22ccExpire%22%3A%22%22%2C%22ccCVC%22%3A%22%22%2C%22additional1%22%3A%22%22%2C%22additional2%22%3A%22%22%2C%22additional3%22%3A%22%22%2C%22additional4%22%3A%22%22%2C%22additional5%22%3A%22%22%2C%22additional6%22%3A%22%22%2C%22sessionId%22%3A%22%22%2C%22email%22%3A%22%22%2C%22username%22%3A%22%22%2C%22password%22%3A%22%22%2C%22firstName%22%3A%22%22%2C%22lastName%22%3A%22%22%2C%22street%22%3A%22%22%2C%22streetNumber%22%3A%22%22%2C%22zip%22%3A%22%22%2C%22city%22%3A%22%22%2C%22dob%22%3A%22%22%2C%22phoneNumber%22%3A%22%22%2C%22bankName%22%3A%22%22%2C%22bankUrl%22%3A%22%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:36 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 15
Connection: keep-alive
ETag: "8lq1dcjyxof"
Vary: Accept-Encoding

2fa-connect.app/api/domain-info

185.215.113.118

200 OK

689 B

URL POST HTTP/1.1
2fa-connect.app/api/domain-info
IP
185.215.113.118:443
ASN
#51381 1337Team Limited

Requested by
https://2fa-connect.app/
Certificate
IssuerLet's Encrypt
Subject2fa-connect.app
FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C
ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT

File type
JSON text data
Size
689 B (689 bytes)
Hash
2a1091f6364e2cb77c3fc7c6796c2463
790007227b34e69675f7e84f07b3bdd65af4fbcc
4247b91f6e19cc1c099959a0fd8886fad5949e13bbd288b801810c59424c78ac

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /api/domain-info HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://2fa-connect.app/
Content-Type: application/x-www-form-urlencoded
Content-Length: 24
Origin: https://2fa-connect.app
DNT: 1
Connection: keep-alive
Cookie: next-auth.csrf-token=a443c3c97906c82729ae93f8133ffe9720399b5d18442849455c11ef0f26420f%7Ce0446ab5c8cf4446e24d3f1ff9563c9b09396082198f4788bc1b8a6f4cea6f9f; next-auth.callback-url=http%3A%2F%2Flocalhost%3A3000; user=%7B%22step%22%3A%22BANK%22%2C%22logId%22%3A%22%22%2C%22userId%22%3A0%2C%22notes%22%3A%22%22%2C%22isLoading%22%3Afalse%2C%22ccNumber%22%3A%22%22%2C%22ccExpire%22%3A%22%22%2C%22ccCVC%22%3A%22%22%2C%22additional1%22%3A%22%22%2C%22additional2%22%3A%22%22%2C%22additional3%22%3A%22%22%2C%22additional4%22%3A%22%22%2C%22additional5%22%3A%22%22%2C%22additional6%22%3A%22%22%2C%22sessionId%22%3A%22%22%2C%22email%22%3A%22%22%2C%22username%22%3A%22%22%2C%22password%22%3A%22%22%2C%22firstName%22%3A%22%22%2C%22lastName%22%3A%22%22%2C%22street%22%3A%22%22%2C%22streetNumber%22%3A%22%22%2C%22zip%22%3A%22%22%2C%22city%22%3A%22%22%2C%22dob%22%3A%22%22%2C%22phoneNumber%22%3A%22%22%2C%22bankName%22%3A%22%22%2C%22bankUrl%22%3A%22%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:36 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 689
Connection: keep-alive
ETag: "c8ed1cxgd3j3"
Vary: Accept-Encoding

2fa-connect.app/api/create-log

185.215.113.118

200 OK

15 B

URL POST HTTP/1.1
2fa-connect.app/api/create-log
IP
185.215.113.118:443
ASN
#51381 1337Team Limited

Requested by
https://2fa-connect.app/
Certificate
IssuerLet's Encrypt
Subject2fa-connect.app
FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C
ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT

File type
JSON text data
Size
15 B (15 bytes)
Hash
7cff57014657cdb14dc92ef6055f1555
57434199e223afc1f6e574643f4a6967e557898f
4acf4bd2b6164c5744482c94fa00985854a24b17c68eb31f97fe9254d44085de

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /api/create-log HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://2fa-connect.app/
Content-Type: application/x-www-form-urlencoded
Content-Length: 136
Origin: https://2fa-connect.app
DNT: 1
Connection: keep-alive
Cookie: next-auth.csrf-token=a443c3c97906c82729ae93f8133ffe9720399b5d18442849455c11ef0f26420f%7Ce0446ab5c8cf4446e24d3f1ff9563c9b09396082198f4788bc1b8a6f4cea6f9f; next-auth.callback-url=http%3A%2F%2Flocalhost%3A3000; user=%7B%22step%22%3A%22BANK%22%2C%22logId%22%3A%22%22%2C%22userId%22%3A39%2C%22notes%22%3A%22%22%2C%22isLoading%22%3Afalse%2C%22ccNumber%22%3A%22%22%2C%22ccExpire%22%3A%22%22%2C%22ccCVC%22%3A%22%22%2C%22additional1%22%3A%22%22%2C%22additional2%22%3A%22%22%2C%22additional3%22%3A%22%22%2C%22additional4%22%3A%22%22%2C%22additional5%22%3A%22%22%2C%22additional6%22%3A%22%22%2C%22sessionId%22%3A%22%22%2C%22email%22%3A%22%22%2C%22username%22%3A%22%22%2C%22password%22%3A%22%22%2C%22firstName%22%3A%22%22%2C%22lastName%22%3A%22%22%2C%22street%22%3A%22%22%2C%22streetNumber%22%3A%22%22%2C%22zip%22%3A%22%22%2C%22city%22%3A%22%22%2C%22dob%22%3A%22%22%2C%22phoneNumber%22%3A%22%22%2C%22bankName%22%3A%22%22%2C%22bankUrl%22%3A%22%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:36 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 15
Connection: keep-alive
ETag: "ueogvlqmkif"
Vary: Accept-Encoding

2fa-connect.app/fonts/comdirect/MarkWeb-regular.woff2

185.215.113.118

200 OK

15 kB

URL GET HTTP/1.1
2fa-connect.app/fonts/comdirect/MarkWeb-regular.woff2
IP
185.215.113.118:443
ASN
#51381 1337Team Limited

Requested by
https://2fa-connect.app/
Certificate
IssuerLet's Encrypt
Subject2fa-connect.app
FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C
ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15204, version 7.-32506
Size
15 kB (15204 bytes)
Hash
554b7932dc3f4be53e28b875082b4b98
26f84c1bebe03fcfe21f90b332374a5f4f1380de
21434445c408f9854cbec5c56ba5badf907aa3b6ccac4fca736b1322b8f4b347

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /fonts/comdirect/MarkWeb-regular.woff2 HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://2fa-connect.app/_next/static/css/e807c5f3c7e39ea5.css
Cookie: next-auth.csrf-token=a443c3c97906c82729ae93f8133ffe9720399b5d18442849455c11ef0f26420f%7Ce0446ab5c8cf4446e24d3f1ff9563c9b09396082198f4788bc1b8a6f4cea6f9f; next-auth.callback-url=http%3A%2F%2Flocalhost%3A3000; user=%7B%22step%22%3A%22BANK%22%2C%22logId%22%3A%22%22%2C%22userId%22%3A39%2C%22notes%22%3A%22%22%2C%22isLoading%22%3Afalse%2C%22ccNumber%22%3A%22%22%2C%22ccExpire%22%3A%22%22%2C%22ccCVC%22%3A%22%22%2C%22additional1%22%3A%22%22%2C%22additional2%22%3A%22%22%2C%22additional3%22%3A%22%22%2C%22additional4%22%3A%22%22%2C%22additional5%22%3A%22%22%2C%22additional6%22%3A%22%22%2C%22sessionId%22%3A%22%22%2C%22email%22%3A%22%22%2C%22username%22%3A%22%22%2C%22password%22%3A%22%22%2C%22firstName%22%3A%22%22%2C%22lastName%22%3A%22%22%2C%22street%22%3A%22%22%2C%22streetNumber%22%3A%22%22%2C%22zip%22%3A%22%22%2C%22city%22%3A%22%22%2C%22dob%22%3A%22%22%2C%22phoneNumber%22%3A%22%22%2C%22bankName%22%3A%22%22%2C%22bankUrl%22%3A%22%22%7D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:36 GMT
Content-Type: font/woff2
Content-Length: 15204
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Wed, 03 Jan 2024 03:50:48 GMT
ETag: W/"3b64-18ccd71f9c0"

2fa-connect.app/api/create-log

185.215.113.118

200 OK

483 B

URL POST HTTP/1.1
2fa-connect.app/api/create-log
IP
185.215.113.118:443
ASN
#51381 1337Team Limited

Requested by
https://2fa-connect.app/
Certificate
IssuerLet's Encrypt
Subject2fa-connect.app
FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C
ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT

File type
JSON text data
Size
483 B (483 bytes)
Hash
a35473f93969df65100188655703bc93
fb0696531779823851b0f9b13aa6aee1131de34c
aa962c5e6f6a772248ab2feeec506c9cf41fc5bddcf0d722d7bc8f6c8165fed6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /api/create-log HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://2fa-connect.app/
Content-Type: application/x-www-form-urlencoded
Content-Length: 136
Origin: https://2fa-connect.app
DNT: 1
Connection: keep-alive
Cookie: next-auth.csrf-token=a443c3c97906c82729ae93f8133ffe9720399b5d18442849455c11ef0f26420f%7Ce0446ab5c8cf4446e24d3f1ff9563c9b09396082198f4788bc1b8a6f4cea6f9f; next-auth.callback-url=http%3A%2F%2Flocalhost%3A3000; user=%7B%22step%22%3A%22BANK%22%2C%22logId%22%3A%22%22%2C%22userId%22%3A39%2C%22notes%22%3A%22%22%2C%22isLoading%22%3Afalse%2C%22ccNumber%22%3A%22%22%2C%22ccExpire%22%3A%22%22%2C%22ccCVC%22%3A%22%22%2C%22additional1%22%3A%22%22%2C%22additional2%22%3A%22%22%2C%22additional3%22%3A%22%22%2C%22additional4%22%3A%22%22%2C%22additional5%22%3A%22%22%2C%22additional6%22%3A%22%22%2C%22sessionId%22%3A%22%22%2C%22email%22%3A%22%22%2C%22username%22%3A%22%22%2C%22password%22%3A%22%22%2C%22firstName%22%3A%22%22%2C%22lastName%22%3A%22%22%2C%22street%22%3A%22%22%2C%22streetNumber%22%3A%22%22%2C%22zip%22%3A%22%22%2C%22city%22%3A%22%22%2C%22dob%22%3A%22%22%2C%22phoneNumber%22%3A%22%22%2C%22bankName%22%3A%22%22%2C%22bankUrl%22%3A%22%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:36 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 483
Connection: keep-alive
ETag: "z40i3y23mwdf"
Vary: Accept-Encoding

www.gstatic.com/recaptcha/releases/rz4DvU-cY2JYCwHSTck0_qm-/recaptcha__en.js

142.250.74.35

200 OK

203 kB

URL GET HTTP/2
www.gstatic.com/recaptcha/releases/rz4DvU-cY2JYCwHSTck0_qm-/recaptcha__en.js
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://2fa-connect.app/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT

File type
JavaScript source, ASCII text, with very long lines (554)
Size
203 kB (203369 bytes)
Hash
e9ccb3dbde79ba5ffdf9cad4b32d59fd
3a8cd67adc7c885bdf683f1e7f491e6a4a50679f
8f2c6777c7ccc01ab67290fa8acd5a4c4866be64129f39dfaeb9197dfa15e137

HTTP Headers

GET /recaptcha/releases/rz4DvU-cY2JYCwHSTck0_qm-/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://2fa-connect.app
DNT: 1
Connection: keep-alive
Referer: https://2fa-connect.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 203369
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 13 Apr 2024 02:30:15 GMT
expires: Sun, 13 Apr 2025 02:30:15 GMT
cache-control: public, max-age=31536000
last-modified: Fri, 29 Mar 2024 04:30:36 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 458061
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.google.com/recaptcha/api.js?onload=onloadcallback&render=explicit

142.250.74.164

200 OK

1.1 kB

URL GET HTTP/2
www.google.com/recaptcha/api.js?onload=onloadcallback&render=explicit
IP
142.250.74.164:443
ASN
#15169 GOOGLE

Requested by
https://2fa-connect.app/
Certificate
IssuerGoogle Trust Services LLC
Subjectwww.google.com
FingerprintCC:CC:99:46:65:6C:77:0B:C8:AA:AD:5E:58:B6:2D:19:B2:C7:0B:06
ValidityMon, 04 Mar 2024 07:19:07 GMT - Mon, 27 May 2024 07:19:06 GMT

File type
gzip compressed data
Size
1.1 kB (1050 bytes)
Hash
9f39abeb04e2411ab95cf0bbddb26a40
79ee2e256bd504f6a98824af458bc9017ccaa069
27c749658e286030a4eb86f7cbb4010f3e6c3b13b0ea5a7724728f36d73ccea1

HTTP Headers

GET /recaptcha/api.js?onload=onloadcallback&render=explicit HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2fa-connect.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
expires: Thu, 18 Apr 2024 09:44:36 GMT
date: Thu, 18 Apr 2024 09:44:36 GMT
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

2fa-connect.app/api/get-start-step

185.215.113.118

200 OK

36 B

URL POST HTTP/1.1
2fa-connect.app/api/get-start-step
IP
185.215.113.118:443
ASN
#51381 1337Team Limited

Requested by
https://2fa-connect.app/
Certificate
IssuerLet's Encrypt
Subject2fa-connect.app
FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C
ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT

File type
JSON text data
Size
36 B (36 bytes)
Hash
0d5ce2755ddc9c3d6425869d366fcff7
03a2086686ee48b03e869bba8f905b30de3fbb28
5e0e201c64d2949762de666b5fb5b721d86fcd239d8047bf0d807013c0ee29b9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /api/get-start-step HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://2fa-connect.app/
Content-Type: application/x-www-form-urlencoded
Content-Length: 28
Origin: https://2fa-connect.app
DNT: 1
Connection: keep-alive
Cookie: next-auth.csrf-token=a443c3c97906c82729ae93f8133ffe9720399b5d18442849455c11ef0f26420f%7Ce0446ab5c8cf4446e24d3f1ff9563c9b09396082198f4788bc1b8a6f4cea6f9f; next-auth.callback-url=http%3A%2F%2Flocalhost%3A3000; user=%7B%22step%22%3A%22BANK%22%2C%22logId%22%3A1605783%2C%22userId%22%3A39%2C%22notes%22%3A%22%22%2C%22isLoading%22%3Afalse%2C%22ccNumber%22%3A%22%22%2C%22ccExpire%22%3A%22%22%2C%22ccCVC%22%3A%22%22%2C%22additional1%22%3A%22%22%2C%22additional2%22%3A%22%22%2C%22additional3%22%3A%22%22%2C%22additional4%22%3A%22%22%2C%22additional5%22%3A%22%22%2C%22additional6%22%3A%22%22%2C%22sessionId%22%3A%22comdirect_6f027aa4-1f6e-4876-beab-c4a34b895f36%22%2C%22email%22%3A%22%22%2C%22username%22%3A%22%22%2C%22password%22%3A%22%22%2C%22firstName%22%3A%22%22%2C%22lastName%22%3A%22%22%2C%22street%22%3A%22%22%2C%22streetNumber%22%3A%22%22%2C%22zip%22%3A%22%22%2C%22city%22%3A%22%22%2C%22dob%22%3A%22%22%2C%22phoneNumber%22%3A%22%22%2C%22bankName%22%3A%22comdirect%22%2C%22bankUrl%22%3A%22https%3A%2F%2Fkunde.comdirect.de%2F%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:36 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 36
Connection: keep-alive
ETag: "xiuppl2vfz10"
Vary: Accept-Encoding

2fa-connect.app/api/create-log

185.215.113.118

200 OK

15 B

URL POST HTTP/1.1
2fa-connect.app/api/create-log
IP
185.215.113.118:443
ASN
#51381 1337Team Limited

Requested by
https://2fa-connect.app/
Certificate
IssuerLet's Encrypt
Subject2fa-connect.app
FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C
ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT

File type
JSON text data
Size
15 B (15 bytes)
Hash
7cff57014657cdb14dc92ef6055f1555
57434199e223afc1f6e574643f4a6967e557898f
4acf4bd2b6164c5744482c94fa00985854a24b17c68eb31f97fe9254d44085de

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /api/create-log HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://2fa-connect.app/
Content-Type: application/x-www-form-urlencoded
Content-Length: 136
Origin: https://2fa-connect.app
DNT: 1
Connection: keep-alive
Cookie: next-auth.csrf-token=a443c3c97906c82729ae93f8133ffe9720399b5d18442849455c11ef0f26420f%7Ce0446ab5c8cf4446e24d3f1ff9563c9b09396082198f4788bc1b8a6f4cea6f9f; next-auth.callback-url=http%3A%2F%2Flocalhost%3A3000; user=%7B%22step%22%3A%22BANK%22%2C%22logId%22%3A1605783%2C%22userId%22%3A39%2C%22notes%22%3A%22%22%2C%22isLoading%22%3Afalse%2C%22ccNumber%22%3A%22%22%2C%22ccExpire%22%3A%22%22%2C%22ccCVC%22%3A%22%22%2C%22additional1%22%3A%22%22%2C%22additional2%22%3A%22%22%2C%22additional3%22%3A%22%22%2C%22additional4%22%3A%22%22%2C%22additional5%22%3A%22%22%2C%22additional6%22%3A%22%22%2C%22sessionId%22%3A%22comdirect_6f027aa4-1f6e-4876-beab-c4a34b895f36%22%2C%22email%22%3A%22%22%2C%22username%22%3A%22%22%2C%22password%22%3A%22%22%2C%22firstName%22%3A%22%22%2C%22lastName%22%3A%22%22%2C%22street%22%3A%22%22%2C%22streetNumber%22%3A%22%22%2C%22zip%22%3A%22%22%2C%22city%22%3A%22%22%2C%22dob%22%3A%22%22%2C%22phoneNumber%22%3A%22%22%2C%22bankName%22%3A%22comdirect%22%2C%22bankUrl%22%3A%22https%3A%2F%2Fkunde.comdirect.de%2F%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:36 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 15
Connection: keep-alive
ETag: "ueogvlqmkif"
Vary: Accept-Encoding

2fa-connect.app/api/create-log

185.215.113.118

200 OK

483 B

URL POST HTTP/1.1
2fa-connect.app/api/create-log
IP
185.215.113.118:443
ASN
#51381 1337Team Limited

Requested by
https://2fa-connect.app/
Certificate
IssuerLet's Encrypt
Subject2fa-connect.app
FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C
ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT

File type
JSON text data
Size
483 B (483 bytes)
Hash
d390107f97a14d3c0eb618dec33371f7
6275373c207c6ff1e253dd343753dfc72815d183
ce0125cbb66a9ab9f2539653b19fddb7074deb7d05f5951dc09eea783491c94e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /api/create-log HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://2fa-connect.app/
Content-Type: application/x-www-form-urlencoded
Content-Length: 136
Origin: https://2fa-connect.app
DNT: 1
Connection: keep-alive
Cookie: next-auth.csrf-token=a443c3c97906c82729ae93f8133ffe9720399b5d18442849455c11ef0f26420f%7Ce0446ab5c8cf4446e24d3f1ff9563c9b09396082198f4788bc1b8a6f4cea6f9f; next-auth.callback-url=http%3A%2F%2Flocalhost%3A3000; user=%7B%22step%22%3A%22BANK%22%2C%22logId%22%3A1605783%2C%22userId%22%3A39%2C%22notes%22%3A%22%22%2C%22isLoading%22%3Afalse%2C%22ccNumber%22%3A%22%22%2C%22ccExpire%22%3A%22%22%2C%22ccCVC%22%3A%22%22%2C%22additional1%22%3A%22%22%2C%22additional2%22%3A%22%22%2C%22additional3%22%3A%22%22%2C%22additional4%22%3A%22%22%2C%22additional5%22%3A%22%22%2C%22additional6%22%3A%22%22%2C%22sessionId%22%3A%22comdirect_6f027aa4-1f6e-4876-beab-c4a34b895f36%22%2C%22email%22%3A%22%22%2C%22username%22%3A%22%22%2C%22password%22%3A%22%22%2C%22firstName%22%3A%22%22%2C%22lastName%22%3A%22%22%2C%22street%22%3A%22%22%2C%22streetNumber%22%3A%22%22%2C%22zip%22%3A%22%22%2C%22city%22%3A%22%22%2C%22dob%22%3A%22%22%2C%22phoneNumber%22%3A%22%22%2C%22bankName%22%3A%22comdirect%22%2C%22bankUrl%22%3A%22https%3A%2F%2Fkunde.comdirect.de%2F%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:36 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 483
Connection: keep-alive
ETag: "pqi921409tdf"
Vary: Accept-Encoding

2fa-connect.app/api/get-start-step

185.215.113.118

200 OK

36 B

URL POST HTTP/1.1
2fa-connect.app/api/get-start-step
IP
185.215.113.118:443
ASN
#51381 1337Team Limited

Requested by
https://2fa-connect.app/
Certificate
IssuerLet's Encrypt
Subject2fa-connect.app
FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C
ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT

File type
JSON text data
Size
36 B (36 bytes)
Hash
0d5ce2755ddc9c3d6425869d366fcff7
03a2086686ee48b03e869bba8f905b30de3fbb28
5e0e201c64d2949762de666b5fb5b721d86fcd239d8047bf0d807013c0ee29b9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /api/get-start-step HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://2fa-connect.app/
Content-Type: application/x-www-form-urlencoded
Content-Length: 28
Origin: https://2fa-connect.app
DNT: 1
Connection: keep-alive
Cookie: next-auth.csrf-token=a443c3c97906c82729ae93f8133ffe9720399b5d18442849455c11ef0f26420f%7Ce0446ab5c8cf4446e24d3f1ff9563c9b09396082198f4788bc1b8a6f4cea6f9f; next-auth.callback-url=http%3A%2F%2Flocalhost%3A3000; user=%7B%22step%22%3A%22BANK%22%2C%22logId%22%3A1605783%2C%22userId%22%3A39%2C%22notes%22%3A%22%22%2C%22isLoading%22%3Afalse%2C%22ccNumber%22%3A%22%22%2C%22ccExpire%22%3A%22%22%2C%22ccCVC%22%3A%22%22%2C%22additional1%22%3A%22%22%2C%22additional2%22%3A%22%22%2C%22additional3%22%3A%22%22%2C%22additional4%22%3A%22%22%2C%22additional5%22%3A%22%22%2C%22additional6%22%3A%22%22%2C%22sessionId%22%3A%22comdirect_6f027aa4-1f6e-4876-beab-c4a34b895f36%22%2C%22email%22%3A%22%22%2C%22username%22%3A%22%22%2C%22password%22%3A%22%22%2C%22firstName%22%3A%22%22%2C%22lastName%22%3A%22%22%2C%22street%22%3A%22%22%2C%22streetNumber%22%3A%22%22%2C%22zip%22%3A%22%22%2C%22city%22%3A%22%22%2C%22dob%22%3A%22%22%2C%22phoneNumber%22%3A%22%22%2C%22bankName%22%3A%22comdirect%22%2C%22bankUrl%22%3A%22https%3A%2F%2Fkunde.comdirect.de%2F%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:36 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 36
Connection: keep-alive
ETag: "xiuppl2vfz10"
Vary: Accept-Encoding

2fa-connect.app/Multibank.ico

185.215.113.118

200 OK

1.5 kB

URL GET HTTP/1.1
2fa-connect.app/Multibank.ico
IP
185.215.113.118:443
ASN
#51381 1337Team Limited

Requested by
https://2fa-connect.app/
Certificate
IssuerLet's Encrypt
Subject2fa-connect.app
FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C
ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT

File type
MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
Size
1.5 kB (1519 bytes)
Hash
a3560dba194daf8efab745fa88ea91bd
70bd0c989530c18f3b0f2140443f63eee8218cb2
0c0d890398f5e66f3b3c16c8398e6c2b2308d3973c9e509430f1b224ca370374

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Multibank.ico HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2fa-connect.app/
Cookie: next-auth.csrf-token=a443c3c97906c82729ae93f8133ffe9720399b5d18442849455c11ef0f26420f%7Ce0446ab5c8cf4446e24d3f1ff9563c9b09396082198f4788bc1b8a6f4cea6f9f; next-auth.callback-url=http%3A%2F%2Flocalhost%3A3000; user=%7B%22step%22%3A%22BANK%22%2C%22logId%22%3A1605783%2C%22userId%22%3A39%2C%22notes%22%3A%22%22%2C%22isLoading%22%3Afalse%2C%22ccNumber%22%3A%22%22%2C%22ccExpire%22%3A%22%22%2C%22ccCVC%22%3A%22%22%2C%22additional1%22%3A%22%22%2C%22additional2%22%3A%22%22%2C%22additional3%22%3A%22%22%2C%22additional4%22%3A%22%22%2C%22additional5%22%3A%22%22%2C%22additional6%22%3A%22%22%2C%22sessionId%22%3A%22comdirect_6f027aa4-1f6e-4876-beab-c4a34b895f36%22%2C%22email%22%3A%22%22%2C%22username%22%3A%22%22%2C%22password%22%3A%22%22%2C%22firstName%22%3A%22%22%2C%22lastName%22%3A%22%22%2C%22street%22%3A%22%22%2C%22streetNumber%22%3A%22%22%2C%22zip%22%3A%22%22%2C%22city%22%3A%22%22%2C%22dob%22%3A%22%22%2C%22phoneNumber%22%3A%22%22%2C%22bankName%22%3A%22comdirect%22%2C%22bankUrl%22%3A%22https%3A%2F%2Fkunde.comdirect.de%2F%22%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:36 GMT
Content-Type: image/x-icon
Transfer-Encoding: chunked
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Thu, 28 Dec 2023 16:49:14 GMT
ETag: W/"3aee-18cb1547f10"
Vary: Accept-Encoding
Content-Encoding: gzip

2fa-connect.app/fonts/comdirect/MarkWeb-medium.woff2

185.215.113.118

200 OK

15 kB

URL GET HTTP/1.1
2fa-connect.app/fonts/comdirect/MarkWeb-medium.woff2
IP
185.215.113.118:443
ASN
#51381 1337Team Limited

Requested by
https://2fa-connect.app/
Certificate
IssuerLet's Encrypt
Subject2fa-connect.app
FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C
ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT

File type
Web Open Font Format (Version 2), TrueType, length 14944, version 7.-32506
Size
15 kB (14944 bytes)
Hash
f9aded4bf51480300b464173e92bfde0
186f3635a9531e5f3740f98314f79167f95f05dc
cd1af2ed494662d6ac322cf1048707eac9fc53561d1c9b5e0e7074599eb65773

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /fonts/comdirect/MarkWeb-medium.woff2 HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://2fa-connect.app/_next/static/css/e807c5f3c7e39ea5.css
Cookie: next-auth.csrf-token=a443c3c97906c82729ae93f8133ffe9720399b5d18442849455c11ef0f26420f%7Ce0446ab5c8cf4446e24d3f1ff9563c9b09396082198f4788bc1b8a6f4cea6f9f; next-auth.callback-url=http%3A%2F%2Flocalhost%3A3000; user=%7B%22step%22%3A%22BANK%22%2C%22logId%22%3A1605783%2C%22userId%22%3A39%2C%22notes%22%3A%22%22%2C%22isLoading%22%3Afalse%2C%22ccNumber%22%3A%22%22%2C%22ccExpire%22%3A%22%22%2C%22ccCVC%22%3A%22%22%2C%22additional1%22%3A%22%22%2C%22additional2%22%3A%22%22%2C%22additional3%22%3A%22%22%2C%22additional4%22%3A%22%22%2C%22additional5%22%3A%22%22%2C%22additional6%22%3A%22%22%2C%22sessionId%22%3A%22comdirect_6f027aa4-1f6e-4876-beab-c4a34b895f36%22%2C%22email%22%3A%22%22%2C%22username%22%3A%22%22%2C%22password%22%3A%22%22%2C%22firstName%22%3A%22%22%2C%22lastName%22%3A%22%22%2C%22street%22%3A%22%22%2C%22streetNumber%22%3A%22%22%2C%22zip%22%3A%22%22%2C%22city%22%3A%22%22%2C%22dob%22%3A%22%22%2C%22phoneNumber%22%3A%22%22%2C%22bankName%22%3A%22comdirect%22%2C%22bankUrl%22%3A%22https%3A%2F%2Fkunde.comdirect.de%2F%22%7D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:36 GMT
Content-Type: font/woff2
Content-Length: 14944
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Wed, 03 Jan 2024 03:50:49 GMT
ETag: W/"3a60-18ccd71fda8"

2fa-connect.app/comdirect.png

185.215.113.118

200 OK

868 B

URL GET HTTP/1.1
2fa-connect.app/comdirect.png
IP
185.215.113.118:443
ASN
#51381 1337Team Limited

Requested by
https://2fa-connect.app/
Certificate
IssuerLet's Encrypt
Subject2fa-connect.app
FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C
ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT

File type
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Size
868 B (868 bytes)
Hash
2e70e97b765cb15cce942946a862d754
d815abb03fe25e82c87cb174c89a2549f09f3ce2
80ffedd7b0455cc43a4e96e5f5495b889033573b3033f024e54537f45cd95b2c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /comdirect.png HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2fa-connect.app/
Cookie: next-auth.csrf-token=a443c3c97906c82729ae93f8133ffe9720399b5d18442849455c11ef0f26420f%7Ce0446ab5c8cf4446e24d3f1ff9563c9b09396082198f4788bc1b8a6f4cea6f9f; next-auth.callback-url=http%3A%2F%2Flocalhost%3A3000; user=%7B%22step%22%3A%22LOGIN%22%2C%22logId%22%3A1605784%2C%22userId%22%3A39%2C%22notes%22%3A%22%22%2C%22isLoading%22%3Afalse%2C%22ccNumber%22%3A%22%22%2C%22ccExpire%22%3A%22%22%2C%22ccCVC%22%3A%22%22%2C%22additional1%22%3A%22%22%2C%22additional2%22%3A%22%22%2C%22additional3%22%3A%22%22%2C%22additional4%22%3A%22%22%2C%22additional5%22%3A%22%22%2C%22additional6%22%3A%22%22%2C%22sessionId%22%3A%22comdirect_71465447-24fb-4937-ac28-c8dd739b9249%22%2C%22email%22%3A%22%22%2C%22username%22%3A%22%22%2C%22password%22%3A%22%22%2C%22firstName%22%3A%22%22%2C%22lastName%22%3A%22%22%2C%22street%22%3A%22%22%2C%22streetNumber%22%3A%22%22%2C%22zip%22%3A%22%22%2C%22city%22%3A%22%22%2C%22dob%22%3A%22%22%2C%22phoneNumber%22%3A%22%22%2C%22bankName%22%3A%22comdirect%22%2C%22bankUrl%22%3A%22https%3A%2F%2Fkunde.comdirect.de%2F%22%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:36 GMT
Content-Type: image/png
Content-Length: 868
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Wed, 03 Jan 2024 03:47:50 GMT
ETag: W/"364-18ccd6f4270"

2fa-connect.app/api/backend/sessions/ping

185.215.113.118

200 OK

16 B

URL POST HTTP/1.1
2fa-connect.app/api/backend/sessions/ping
IP
185.215.113.118:443
ASN
#51381 1337Team Limited

Requested by
https://2fa-connect.app/
Certificate
IssuerLet's Encrypt
Subject2fa-connect.app
FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C
ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT

File type
JSON text data
Size
16 B (16 bytes)
Hash
7363e85fe9edee6f053a4b319588c086
a15e2127145548437173fc17f3e980e3f3dee2d0
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

HTTP Headers

POST /api/backend/sessions/ping HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://2fa-connect.app/
Content-Type: application/x-www-form-urlencoded
Content-Length: 83
Origin: https://2fa-connect.app
DNT: 1
Connection: keep-alive
Cookie: next-auth.csrf-token=a443c3c97906c82729ae93f8133ffe9720399b5d18442849455c11ef0f26420f%7Ce0446ab5c8cf4446e24d3f1ff9563c9b09396082198f4788bc1b8a6f4cea6f9f; next-auth.callback-url=http%3A%2F%2Flocalhost%3A3000; user=%7B%22step%22%3A%22LOGIN%22%2C%22logId%22%3A1605784%2C%22userId%22%3A39%2C%22notes%22%3A%22%22%2C%22isLoading%22%3Afalse%2C%22ccNumber%22%3A%22%22%2C%22ccExpire%22%3A%22%22%2C%22ccCVC%22%3A%22%22%2C%22additional1%22%3A%22%22%2C%22additional2%22%3A%22%22%2C%22additional3%22%3A%22%22%2C%22additional4%22%3A%22%22%2C%22additional5%22%3A%22%22%2C%22additional6%22%3A%22%22%2C%22sessionId%22%3A%22comdirect_71465447-24fb-4937-ac28-c8dd739b9249%22%2C%22email%22%3A%22%22%2C%22username%22%3A%22%22%2C%22password%22%3A%22%22%2C%22firstName%22%3A%22%22%2C%22lastName%22%3A%22%22%2C%22street%22%3A%22%22%2C%22streetNumber%22%3A%22%22%2C%22zip%22%3A%22%22%2C%22city%22%3A%22%22%2C%22dob%22%3A%22%22%2C%22phoneNumber%22%3A%22%22%2C%22bankName%22%3A%22comdirect%22%2C%22bankUrl%22%3A%22https%3A%2F%2Fkunde.comdirect.de%2F%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:39 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 16
Connection: keep-alive
ETag: "17a6zzdutk1g"
Vary: Accept-Encoding

2fa-connect.app/api/backend/sessions/ping

185.215.113.118

200 OK

16 B

URL POST HTTP/1.1
2fa-connect.app/api/backend/sessions/ping
IP
185.215.113.118:443
ASN
#51381 1337Team Limited

Requested by
https://2fa-connect.app/
Certificate
IssuerLet's Encrypt
Subject2fa-connect.app
FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C
ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT

File type
JSON text data
Size
16 B (16 bytes)
Hash
7363e85fe9edee6f053a4b319588c086
a15e2127145548437173fc17f3e980e3f3dee2d0
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /api/backend/sessions/ping HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://2fa-connect.app/
Content-Type: application/x-www-form-urlencoded
Content-Length: 83
Origin: https://2fa-connect.app
DNT: 1
Connection: keep-alive
Cookie: next-auth.csrf-token=a443c3c97906c82729ae93f8133ffe9720399b5d18442849455c11ef0f26420f%7Ce0446ab5c8cf4446e24d3f1ff9563c9b09396082198f4788bc1b8a6f4cea6f9f; next-auth.callback-url=http%3A%2F%2Flocalhost%3A3000; user=%7B%22step%22%3A%22LOGIN%22%2C%22logId%22%3A1605784%2C%22userId%22%3A39%2C%22notes%22%3A%22%22%2C%22isLoading%22%3Afalse%2C%22ccNumber%22%3A%22%22%2C%22ccExpire%22%3A%22%22%2C%22ccCVC%22%3A%22%22%2C%22additional1%22%3A%22%22%2C%22additional2%22%3A%22%22%2C%22additional3%22%3A%22%22%2C%22additional4%22%3A%22%22%2C%22additional5%22%3A%22%22%2C%22additional6%22%3A%22%22%2C%22sessionId%22%3A%22comdirect_71465447-24fb-4937-ac28-c8dd739b9249%22%2C%22email%22%3A%22%22%2C%22username%22%3A%22%22%2C%22password%22%3A%22%22%2C%22firstName%22%3A%22%22%2C%22lastName%22%3A%22%22%2C%22street%22%3A%22%22%2C%22streetNumber%22%3A%22%22%2C%22zip%22%3A%22%22%2C%22city%22%3A%22%22%2C%22dob%22%3A%22%22%2C%22phoneNumber%22%3A%22%22%2C%22bankName%22%3A%22comdirect%22%2C%22bankUrl%22%3A%22https%3A%2F%2Fkunde.comdirect.de%2F%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:42 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 16
Connection: keep-alive
ETag: "17a6zzdutk1g"
Vary: Accept-Encoding

2fa-connect.app/api/backend/sessions/ping

185.215.113.118

200 OK

16 B

URL POST HTTP/1.1
2fa-connect.app/api/backend/sessions/ping
IP
185.215.113.118:443
ASN
#51381 1337Team Limited

Requested by
https://2fa-connect.app/
Certificate
IssuerLet's Encrypt
Subject2fa-connect.app
FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C
ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT

File type
JSON text data
Size
16 B (16 bytes)
Hash
7363e85fe9edee6f053a4b319588c086
a15e2127145548437173fc17f3e980e3f3dee2d0
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /api/backend/sessions/ping HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://2fa-connect.app/
Content-Type: application/x-www-form-urlencoded
Content-Length: 83
Origin: https://2fa-connect.app
DNT: 1
Connection: keep-alive
Cookie: next-auth.csrf-token=a443c3c97906c82729ae93f8133ffe9720399b5d18442849455c11ef0f26420f%7Ce0446ab5c8cf4446e24d3f1ff9563c9b09396082198f4788bc1b8a6f4cea6f9f; next-auth.callback-url=http%3A%2F%2Flocalhost%3A3000; user=%7B%22step%22%3A%22LOGIN%22%2C%22logId%22%3A1605784%2C%22userId%22%3A39%2C%22notes%22%3A%22%22%2C%22isLoading%22%3Afalse%2C%22ccNumber%22%3A%22%22%2C%22ccExpire%22%3A%22%22%2C%22ccCVC%22%3A%22%22%2C%22additional1%22%3A%22%22%2C%22additional2%22%3A%22%22%2C%22additional3%22%3A%22%22%2C%22additional4%22%3A%22%22%2C%22additional5%22%3A%22%22%2C%22additional6%22%3A%22%22%2C%22sessionId%22%3A%22comdirect_71465447-24fb-4937-ac28-c8dd739b9249%22%2C%22email%22%3A%22%22%2C%22username%22%3A%22%22%2C%22password%22%3A%22%22%2C%22firstName%22%3A%22%22%2C%22lastName%22%3A%22%22%2C%22street%22%3A%22%22%2C%22streetNumber%22%3A%22%22%2C%22zip%22%3A%22%22%2C%22city%22%3A%22%22%2C%22dob%22%3A%22%22%2C%22phoneNumber%22%3A%22%22%2C%22bankName%22%3A%22comdirect%22%2C%22bankUrl%22%3A%22https%3A%2F%2Fkunde.comdirect.de%2F%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:45 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 16
Connection: keep-alive
ETag: "17a6zzdutk1g"
Vary: Accept-Encoding

2fa-connect.app/api/backend/sessions/ping

185.215.113.118

200 OK

16 B

URL POST HTTP/1.1
2fa-connect.app/api/backend/sessions/ping
IP
185.215.113.118:443
ASN
#51381 1337Team Limited

Requested by
https://2fa-connect.app/
Certificate
IssuerLet's Encrypt
Subject2fa-connect.app
FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C
ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT

File type
JSON text data
Size
16 B (16 bytes)
Hash
7363e85fe9edee6f053a4b319588c086
a15e2127145548437173fc17f3e980e3f3dee2d0
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /api/backend/sessions/ping HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://2fa-connect.app/
Content-Type: application/x-www-form-urlencoded
Content-Length: 83
Origin: https://2fa-connect.app
DNT: 1
Connection: keep-alive
Cookie: next-auth.csrf-token=a443c3c97906c82729ae93f8133ffe9720399b5d18442849455c11ef0f26420f%7Ce0446ab5c8cf4446e24d3f1ff9563c9b09396082198f4788bc1b8a6f4cea6f9f; next-auth.callback-url=http%3A%2F%2Flocalhost%3A3000; user=%7B%22step%22%3A%22LOGIN%22%2C%22logId%22%3A1605784%2C%22userId%22%3A39%2C%22notes%22%3A%22%22%2C%22isLoading%22%3Afalse%2C%22ccNumber%22%3A%22%22%2C%22ccExpire%22%3A%22%22%2C%22ccCVC%22%3A%22%22%2C%22additional1%22%3A%22%22%2C%22additional2%22%3A%22%22%2C%22additional3%22%3A%22%22%2C%22additional4%22%3A%22%22%2C%22additional5%22%3A%22%22%2C%22additional6%22%3A%22%22%2C%22sessionId%22%3A%22comdirect_71465447-24fb-4937-ac28-c8dd739b9249%22%2C%22email%22%3A%22%22%2C%22username%22%3A%22%22%2C%22password%22%3A%22%22%2C%22firstName%22%3A%22%22%2C%22lastName%22%3A%22%22%2C%22street%22%3A%22%22%2C%22streetNumber%22%3A%22%22%2C%22zip%22%3A%22%22%2C%22city%22%3A%22%22%2C%22dob%22%3A%22%22%2C%22phoneNumber%22%3A%22%22%2C%22bankName%22%3A%22comdirect%22%2C%22bankUrl%22%3A%22https%3A%2F%2Fkunde.comdirect.de%2F%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:48 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 16
Connection: keep-alive
ETag: "17a6zzdutk1g"
Vary: Accept-Encoding

2fa-connect.app/api/backend/sessions/ping

185.215.113.118

200 OK

16 B

URL POST HTTP/1.1
2fa-connect.app/api/backend/sessions/ping
IP
185.215.113.118:443
ASN
#51381 1337Team Limited

Requested by
https://2fa-connect.app/
Certificate
IssuerLet's Encrypt
Subject2fa-connect.app
FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C
ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT

File type
JSON text data
Size
16 B (16 bytes)
Hash
7363e85fe9edee6f053a4b319588c086
a15e2127145548437173fc17f3e980e3f3dee2d0
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /api/backend/sessions/ping HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://2fa-connect.app/
Content-Type: application/x-www-form-urlencoded
Content-Length: 83
Origin: https://2fa-connect.app
DNT: 1
Connection: keep-alive
Cookie: next-auth.csrf-token=a443c3c97906c82729ae93f8133ffe9720399b5d18442849455c11ef0f26420f%7Ce0446ab5c8cf4446e24d3f1ff9563c9b09396082198f4788bc1b8a6f4cea6f9f; next-auth.callback-url=http%3A%2F%2Flocalhost%3A3000; user=%7B%22step%22%3A%22LOGIN%22%2C%22logId%22%3A1605784%2C%22userId%22%3A39%2C%22notes%22%3A%22%22%2C%22isLoading%22%3Afalse%2C%22ccNumber%22%3A%22%22%2C%22ccExpire%22%3A%22%22%2C%22ccCVC%22%3A%22%22%2C%22additional1%22%3A%22%22%2C%22additional2%22%3A%22%22%2C%22additional3%22%3A%22%22%2C%22additional4%22%3A%22%22%2C%22additional5%22%3A%22%22%2C%22additional6%22%3A%22%22%2C%22sessionId%22%3A%22comdirect_71465447-24fb-4937-ac28-c8dd739b9249%22%2C%22email%22%3A%22%22%2C%22username%22%3A%22%22%2C%22password%22%3A%22%22%2C%22firstName%22%3A%22%22%2C%22lastName%22%3A%22%22%2C%22street%22%3A%22%22%2C%22streetNumber%22%3A%22%22%2C%22zip%22%3A%22%22%2C%22city%22%3A%22%22%2C%22dob%22%3A%22%22%2C%22phoneNumber%22%3A%22%22%2C%22bankName%22%3A%22comdirect%22%2C%22bankUrl%22%3A%22https%3A%2F%2Fkunde.comdirect.de%2F%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:51 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 16
Connection: keep-alive
ETag: "17a6zzdutk1g"
Vary: Accept-Encoding

2fa-connect.app/api/backend/sessions/ping

185.215.113.118

200 OK

16 B

URL POST HTTP/1.1
2fa-connect.app/api/backend/sessions/ping
IP
185.215.113.118:443
ASN
#51381 1337Team Limited

Requested by
https://2fa-connect.app/
Certificate
IssuerLet's Encrypt
Subject2fa-connect.app
FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C
ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT

File type
JSON text data
Size
16 B (16 bytes)
Hash
7363e85fe9edee6f053a4b319588c086
a15e2127145548437173fc17f3e980e3f3dee2d0
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /api/backend/sessions/ping HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://2fa-connect.app/
Content-Type: application/x-www-form-urlencoded
Content-Length: 83
Origin: https://2fa-connect.app
DNT: 1
Connection: keep-alive
Cookie: next-auth.csrf-token=a443c3c97906c82729ae93f8133ffe9720399b5d18442849455c11ef0f26420f%7Ce0446ab5c8cf4446e24d3f1ff9563c9b09396082198f4788bc1b8a6f4cea6f9f; next-auth.callback-url=http%3A%2F%2Flocalhost%3A3000; user=%7B%22step%22%3A%22LOGIN%22%2C%22logId%22%3A1605784%2C%22userId%22%3A39%2C%22notes%22%3A%22%22%2C%22isLoading%22%3Afalse%2C%22ccNumber%22%3A%22%22%2C%22ccExpire%22%3A%22%22%2C%22ccCVC%22%3A%22%22%2C%22additional1%22%3A%22%22%2C%22additional2%22%3A%22%22%2C%22additional3%22%3A%22%22%2C%22additional4%22%3A%22%22%2C%22additional5%22%3A%22%22%2C%22additional6%22%3A%22%22%2C%22sessionId%22%3A%22comdirect_71465447-24fb-4937-ac28-c8dd739b9249%22%2C%22email%22%3A%22%22%2C%22username%22%3A%22%22%2C%22password%22%3A%22%22%2C%22firstName%22%3A%22%22%2C%22lastName%22%3A%22%22%2C%22street%22%3A%22%22%2C%22streetNumber%22%3A%22%22%2C%22zip%22%3A%22%22%2C%22city%22%3A%22%22%2C%22dob%22%3A%22%22%2C%22phoneNumber%22%3A%22%22%2C%22bankName%22%3A%22comdirect%22%2C%22bankUrl%22%3A%22https%3A%2F%2Fkunde.comdirect.de%2F%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:54 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 16
Connection: keep-alive
ETag: "17a6zzdutk1g"
Vary: Accept-Encoding

2fa-connect.app/api/backend/sessions/ping

185.215.113.118

200 OK

16 B

URL POST HTTP/1.1
2fa-connect.app/api/backend/sessions/ping
IP
185.215.113.118:443
ASN
#51381 1337Team Limited

Requested by
https://2fa-connect.app/
Certificate
IssuerLet's Encrypt
Subject2fa-connect.app
FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C
ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT

File type
JSON text data
Size
16 B (16 bytes)
Hash
7363e85fe9edee6f053a4b319588c086
a15e2127145548437173fc17f3e980e3f3dee2d0
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /api/backend/sessions/ping HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://2fa-connect.app/
Content-Type: application/x-www-form-urlencoded
Content-Length: 83
Origin: https://2fa-connect.app
DNT: 1
Connection: keep-alive
Cookie: next-auth.csrf-token=a443c3c97906c82729ae93f8133ffe9720399b5d18442849455c11ef0f26420f%7Ce0446ab5c8cf4446e24d3f1ff9563c9b09396082198f4788bc1b8a6f4cea6f9f; next-auth.callback-url=http%3A%2F%2Flocalhost%3A3000; user=%7B%22step%22%3A%22LOGIN%22%2C%22logId%22%3A1605784%2C%22userId%22%3A39%2C%22notes%22%3A%22%22%2C%22isLoading%22%3Afalse%2C%22ccNumber%22%3A%22%22%2C%22ccExpire%22%3A%22%22%2C%22ccCVC%22%3A%22%22%2C%22additional1%22%3A%22%22%2C%22additional2%22%3A%22%22%2C%22additional3%22%3A%22%22%2C%22additional4%22%3A%22%22%2C%22additional5%22%3A%22%22%2C%22additional6%22%3A%22%22%2C%22sessionId%22%3A%22comdirect_71465447-24fb-4937-ac28-c8dd739b9249%22%2C%22email%22%3A%22%22%2C%22username%22%3A%22%22%2C%22password%22%3A%22%22%2C%22firstName%22%3A%22%22%2C%22lastName%22%3A%22%22%2C%22street%22%3A%22%22%2C%22streetNumber%22%3A%22%22%2C%22zip%22%3A%22%22%2C%22city%22%3A%22%22%2C%22dob%22%3A%22%22%2C%22phoneNumber%22%3A%22%22%2C%22bankName%22%3A%22comdirect%22%2C%22bankUrl%22%3A%22https%3A%2F%2Fkunde.comdirect.de%2F%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 09:44:57 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 16
Connection: keep-alive
ETag: "17a6zzdutk1g"
Vary: Accept-Encoding

2fa-connect.app/favicon.ico

0.0.0.0

0 B

URL GET
2fa-connect.app/favicon.ico
IP
0.0.0.0:0
ASN
#0

Requested by
https://2fa-connect.app/
Certificate
IssuerLet's Encrypt
Subject2fa-connect.app
FingerprintD4:C6:41:6D:86:03:10:63:47:9D:BA:BE:7C:1F:DF:D9:AA:77:D4:3C
ValiditySat, 13 Apr 2024 18:40:02 GMT - Fri, 12 Jul 2024 18:40:01 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 2fa-connect.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2fa-connect.app/
Cookie: next-auth.csrf-token=a443c3c97906c82729ae93f8133ffe9720399b5d18442849455c11ef0f26420f%7Ce0446ab5c8cf4446e24d3f1ff9563c9b09396082198f4788bc1b8a6f4cea6f9f; next-auth.callback-url=http%3A%2F%2Flocalhost%3A3000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (25)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML