| 2factivation.io/finance/login.php | 172.67.131.104 | 403 Forbidden | 167 B |
URL User Request GET HTTP/32factivation.io/finance/login.php IP172.67.131.104:443
CertificateIssuerLet's Encrypt Subject2factivation.io Fingerprint74:68:78:3F:12:CF:B4:68:54:17:EA:FA:32:9A:1C:ED:97:C4:B7:D5 ValidityMon, 15 Apr 2024 23:34:35 GMT - Sun, 14 Jul 2024 23:34:34 GMT
File typeHTML document, ASCII text, with CRLF line terminators Hash0104c301c5e02bd6148b8703d19b3a73 7436e0b4b1f8c222c38069890b75fa2baf9ca620 446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /finance/login.php HTTP/1.1
Host: 2factivation.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: mfCTpRut5L4zUK-3AQ1IqlvW9Ig=RlMmlDqDAXMD2-sDZQQTD_9Mt2w; 4LQwYI_Edmf1f68Ifvoa6-ntYSc=1713526144; 1zOZ9syOA8dqkmdSgCCa1Aj2Tqo=1713612544; iIKN6HbFVGImAlSZi22tIy4-_GE=ILplhoxjkRtIxSEUklDveIl-Jjg; mg8IGnelKbYITyEwioOXAm2_VTw=01Vd1TeufzyrnG15EDwqINtQqtU
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Date: Fri, 19 Apr 2024 10:29:39 GMT
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Fri, 19 Apr 2024 11:29:39 GMT
Location: https://2factivation.io/finance/login.php
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1i7fBrN0zEDuxYlyaBITXH51DkMCv60RTKlaDYp0UDwIkrSctJU5zEzMR9hMFovEghWtKIp2ZBnbFE3FGRoVdZqjT%2FDPB4j5447W9Fgt1IvY%2FP1neqWSdrCDz8bIkIYkUzA%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 876c36f83d1256ab-OSL
alt-svc: h2=":443"; ma=60
|
|
| 2factivation.io/finance/login.php | 104.21.4.2 | 403 Forbidden | 19 kB |
URL User Request GET HTTP/32factivation.io/finance/login.php IP104.21.4.2:443
CertificateIssuerLet's Encrypt Subject2factivation.io Fingerprint74:68:78:3F:12:CF:B4:68:54:17:EA:FA:32:9A:1C:ED:97:C4:B7:D5 ValidityMon, 15 Apr 2024 23:34:35 GMT - Sun, 14 Jul 2024 23:34:34 GMT
File typeHTML document, ASCII text, with very long lines (17601) Hash4b3e7c89045080e4abaed559ef010324 02d2bb0725c3a547bf84ed26c81af7a545c9e83a b98db2ff9b0a7d08d95826681cd10edada55dbb192ac6d9e330c98c0329cfdec
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /finance/login.php HTTP/1.1
Host: 2factivation.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 503 Service Unavailable
date: Fri, 19 Apr 2024 10:29:39 GMT
content-type: text/html; charset=utf-8
x-content-type-options: nosniff, nosniff
x-xss-protection: 1; mode=block, 1; mode=block
set-cookie: mfCTpRut5L4zUK-3AQ1IqlvW9Ig=RlMmlDqDAXMD2-sDZQQTD_9Mt2w; path=/; expires=Sat, 20-Apr-24 11:29:04 GMT; Max-Age=86400;
4LQwYI_Edmf1f68Ifvoa6-ntYSc=1713526144; path=/; expires=Sat, 20-Apr-24 11:29:04 GMT; Max-Age=86400;
1zOZ9syOA8dqkmdSgCCa1Aj2Tqo=1713612544; path=/; expires=Sat, 20-Apr-24 11:29:04 GMT; Max-Age=86400;
iIKN6HbFVGImAlSZi22tIy4-_GE=ILplhoxjkRtIxSEUklDveIl-Jjg; path=/; expires=Sat, 20-Apr-24 11:29:04 GMT; Max-Age=86400;
mg8IGnelKbYITyEwioOXAm2_VTw=01Vd1TeufzyrnG15EDwqINtQqtU; path=/; expires=Sat, 20-Apr-24 11:29:04 GMT; Max-Age=86400;
x-frame-options: SAMEORIGIN
cache-control: public, max-age=0 no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
expires: 0
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=O0LZDG%2FlbzS6QduZZOEykv010vetP0neCKSymwG8z1Q1tZ7FeVJ0Hotn1BiBPLBmh01Q9d7OAIpkx7JBa3bSY6mDlg%2F7IOn2mMaewm%2FaOKf%2Fo2s9LCNS3e5spcsBD3k0p2c%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876c36f51bb056be-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 2factivation.io/cdn-cgi/challenge-platform/h/b/jsd/r/876c36f85eb356be | 104.21.4.2 | | 0 B |
URL 2factivation.io/cdn-cgi/challenge-platform/h/b/jsd/r/876c36f85eb356be IP104.21.4.2:0
CertificateIssuerLet's Encrypt Subject2factivation.io Fingerprint74:68:78:3F:12:CF:B4:68:54:17:EA:FA:32:9A:1C:ED:97:C4:B7:D5 ValidityMon, 15 Apr 2024 23:34:35 GMT - Sun, 14 Jul 2024 23:34:34 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/challenge-platform/h/b/jsd/r/876c36f85eb356be HTTP/1.1
Host: 2factivation.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 12148
Origin: https://2factivation.io
DNT: 1
Connection: keep-alive
Referer: https://2factivation.io/finance/login.php
Cookie: mfCTpRut5L4zUK-3AQ1IqlvW9Ig=RlMmlDqDAXMD2-sDZQQTD_9Mt2w; 4LQwYI_Edmf1f68Ifvoa6-ntYSc=1713526144; 1zOZ9syOA8dqkmdSgCCa1Aj2Tqo=1713612544; iIKN6HbFVGImAlSZi22tIy4-_GE=ILplhoxjkRtIxSEUklDveIl-Jjg; mg8IGnelKbYITyEwioOXAm2_VTw=01Vd1TeufzyrnG15EDwqINtQqtU; XHLdT_adk8rrohr-OvbZeFAB9xU=JuvA_SfEuhCzFxw-nCn0R9AhGG8; elWetyePaydpxUGD8mVWtqp1n30=1713526159; 8GyzZ6kxp8knrETJcR_hggoruAY=1713612559; xjbSCZQNPBnsWeaNrp_q3H-DE-c=m5RxJMwGOMOB1WdusJPBmUD-EFY; t5s7r87DY1XD6WgkvWSI3tEEdvM=lkLPZiL_UVgRTxwDers97UXe5XU
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 19 Apr 2024 10:29:40 GMT
content-type: text/plain; charset=UTF-8
content-length: 0
set-cookie: cf_clearance=iR0c7za6cXPEg61.GUZfqSj_aDlUWoWgSia5wmROnZU-1713522580-1.0.1.1-pUaGfPsTQB8hkexEhq6ah86e4JrEAgp6j6c7by8.uw3O3Woz633JCJVBcBwbRIE_CyXN5TmoorxJI88KuiD6HA; path=/; expires=Sat, 19-Apr-25 10:29:40 GMT; domain=.2factivation.io; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DXfgfSRBFtVt178LvfqYwel3%2Fagy6m68%2Fc5O332S%2BlX13li4iDIe%2FIOdope4CHPy091oTFhVdxz6cIC84hM5FKmzdsP3jFoViY9dpCUnb5yrGrTqGYLAIX6D4O%2BqfF%2BG88w%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876c36fd3c7db51b-OSL
alt-svc: h3=":443"; ma=86400
|
|
| 2factivation.io/finance/login.php | 104.21.4.2 | 403 Forbidden | 19 kB |
URL User Request GET HTTP/32factivation.io/finance/login.php IP104.21.4.2:443
CertificateIssuerLet's Encrypt Subject2factivation.io Fingerprint74:68:78:3F:12:CF:B4:68:54:17:EA:FA:32:9A:1C:ED:97:C4:B7:D5 ValidityMon, 15 Apr 2024 23:34:35 GMT - Sun, 14 Jul 2024 23:34:34 GMT
File typeHTML document, ASCII text, with very long lines (17601) Hash5cc2ad9f1d098feba335f25286b3fd0a 73a03a5a51c9297e1c1f92e0df2cd130c344e052 f31334ff8d924512165421c44e892ca67989a26adde6be49347dc4ff2a3864c1
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /finance/login.php HTTP/1.1
Host: 2factivation.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: mfCTpRut5L4zUK-3AQ1IqlvW9Ig=RlMmlDqDAXMD2-sDZQQTD_9Mt2w; 4LQwYI_Edmf1f68Ifvoa6-ntYSc=1713526144; 1zOZ9syOA8dqkmdSgCCa1Aj2Tqo=1713612544; iIKN6HbFVGImAlSZi22tIy4-_GE=ILplhoxjkRtIxSEUklDveIl-Jjg; mg8IGnelKbYITyEwioOXAm2_VTw=01Vd1TeufzyrnG15EDwqINtQqtU
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 503 Service Unavailable
date: Fri, 19 Apr 2024 10:29:39 GMT
content-type: text/html; charset=utf-8
x-content-type-options: nosniff, nosniff
x-xss-protection: 1; mode=block, 1; mode=block
set-cookie: XHLdT_adk8rrohr-OvbZeFAB9xU=JuvA_SfEuhCzFxw-nCn0R9AhGG8; path=/; expires=Sat, 20-Apr-24 11:29:19 GMT; Max-Age=86400;
elWetyePaydpxUGD8mVWtqp1n30=1713526159; path=/; expires=Sat, 20-Apr-24 11:29:19 GMT; Max-Age=86400;
8GyzZ6kxp8knrETJcR_hggoruAY=1713612559; path=/; expires=Sat, 20-Apr-24 11:29:19 GMT; Max-Age=86400;
xjbSCZQNPBnsWeaNrp_q3H-DE-c=m5RxJMwGOMOB1WdusJPBmUD-EFY; path=/; expires=Sat, 20-Apr-24 11:29:19 GMT; Max-Age=86400;
x-frame-options: SAMEORIGIN
cache-control: public, max-age=0 no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
expires: 0
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MLT1qWNexFFjRckwsUUx%2BL3fw01ErdzM70m7jOR0ohix%2FEaBcy6o1ryQ6KS3%2B5PMTHFi0DZTyrubMnHhC5Hvdype79SRdugUByk3WgCk%2Bi97mlT5QfB3ptuU%2BYF5IrA%2F3FQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876c36f85eb356be-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 2factivation.io/favicon.ico | 104.21.4.2 | 403 Forbidden | 3.6 kB |
URL GET HTTP/32factivation.io/favicon.ico IP104.21.4.2:443
Requested byhttps://2factivation.io/finance/login.php CertificateIssuerLet's Encrypt Subject2factivation.io Fingerprint74:68:78:3F:12:CF:B4:68:54:17:EA:FA:32:9A:1C:ED:97:C4:B7:D5 ValidityMon, 15 Apr 2024 23:34:35 GMT - Sun, 14 Jul 2024 23:34:34 GMT
File typeHTML document, ASCII text, with CRLF line terminators Hash9fe3cb2b7313dc79bb477bc8fde184a7 4d7b3cb41e90618358d0ee066c45c76227a13747 32f2fa940d4b4fe19aca1e53a24e5aac29c57b7c5ee78588325b87f1b649c864
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: 2factivation.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2factivation.io/finance/login.php
Cookie: mfCTpRut5L4zUK-3AQ1IqlvW9Ig=RlMmlDqDAXMD2-sDZQQTD_9Mt2w; 4LQwYI_Edmf1f68Ifvoa6-ntYSc=1713526144; 1zOZ9syOA8dqkmdSgCCa1Aj2Tqo=1713612544; iIKN6HbFVGImAlSZi22tIy4-_GE=ILplhoxjkRtIxSEUklDveIl-Jjg; mg8IGnelKbYITyEwioOXAm2_VTw=01Vd1TeufzyrnG15EDwqINtQqtU; XHLdT_adk8rrohr-OvbZeFAB9xU=JuvA_SfEuhCzFxw-nCn0R9AhGG8; elWetyePaydpxUGD8mVWtqp1n30=1713526159; 8GyzZ6kxp8knrETJcR_hggoruAY=1713612559; xjbSCZQNPBnsWeaNrp_q3H-DE-c=m5RxJMwGOMOB1WdusJPBmUD-EFY; t5s7r87DY1XD6WgkvWSI3tEEdvM=lkLPZiL_UVgRTxwDers97UXe5XU; cf_clearance=iR0c7za6cXPEg61.GUZfqSj_aDlUWoWgSia5wmROnZU-1713522580-1.0.1.1-pUaGfPsTQB8hkexEhq6ah86e4JrEAgp6j6c7by8.uw3O3Woz633JCJVBcBwbRIE_CyXN5TmoorxJI88KuiD6HA; R7f3VPNKdQ2MeNvBN0G_QWZbOuM=xGvcNAUiktZj2YWAIWEVXrdZ9fc; wqnz0RXZv3IdUrhEdoiIU58xp58=1713526179; AWN1qaLpbt-bxc2qHdfdm3Tu1p0=1713612579; zfvv0QzMg_RQQ6tzwiRXhJwEp6U=ljXZJxwGpcmQYn8PrV_D6OURxXA; f3rjo31ROHnDorA6h4CL8qLd0aw=lEYm4z-gJP5dGXXuRYH-WeXXZo0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 403 Forbidden
date: Fri, 19 Apr 2024 10:29:40 GMT
content-type: text/html
x-content-type-options: nosniff, nosniff
x-xss-protection: 1; mode=block, 1; mode=block
cache-control: public, max-age=315360000, stale-while-revalidate=315360000, stale-if-error=315360000, immutable
pragma: public
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aXzQZ2nPIOILlOj6zcx3x3Lm9lYIaT90HZzF4eISzzPSn0w3u5CuG%2FW0cfWGaQg2kOK0nQe0zPBriQD7Hl91rKzQVIvZp1KzczPVXIjYCxvVtLvXC4vbfO8IN1nFrA8qMqE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876c36ff4e31b51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| 2factivation.io/finance/login.php | 104.21.4.2 | 403 Forbidden | 8.0 kB |
URL User Request GET HTTP/32factivation.io/finance/login.php IP104.21.4.2:443
CertificateIssuerLet's Encrypt Subject2factivation.io Fingerprint74:68:78:3F:12:CF:B4:68:54:17:EA:FA:32:9A:1C:ED:97:C4:B7:D5 ValidityMon, 15 Apr 2024 23:34:35 GMT - Sun, 14 Jul 2024 23:34:34 GMT
File typeHTML document, ASCII text, with CRLF line terminators Hash9fe3cb2b7313dc79bb477bc8fde184a7 4d7b3cb41e90618358d0ee066c45c76227a13747 32f2fa940d4b4fe19aca1e53a24e5aac29c57b7c5ee78588325b87f1b649c864
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /finance/login.php HTTP/1.1
Host: 2factivation.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2factivation.io/finance/login.php
Cookie: mfCTpRut5L4zUK-3AQ1IqlvW9Ig=RlMmlDqDAXMD2-sDZQQTD_9Mt2w; 4LQwYI_Edmf1f68Ifvoa6-ntYSc=1713526144; 1zOZ9syOA8dqkmdSgCCa1Aj2Tqo=1713612544; iIKN6HbFVGImAlSZi22tIy4-_GE=ILplhoxjkRtIxSEUklDveIl-Jjg; mg8IGnelKbYITyEwioOXAm2_VTw=01Vd1TeufzyrnG15EDwqINtQqtU; XHLdT_adk8rrohr-OvbZeFAB9xU=JuvA_SfEuhCzFxw-nCn0R9AhGG8; elWetyePaydpxUGD8mVWtqp1n30=1713526159; 8GyzZ6kxp8knrETJcR_hggoruAY=1713612559; xjbSCZQNPBnsWeaNrp_q3H-DE-c=m5RxJMwGOMOB1WdusJPBmUD-EFY; t5s7r87DY1XD6WgkvWSI3tEEdvM=lkLPZiL_UVgRTxwDers97UXe5XU; cf_clearance=iR0c7za6cXPEg61.GUZfqSj_aDlUWoWgSia5wmROnZU-1713522580-1.0.1.1-pUaGfPsTQB8hkexEhq6ah86e4JrEAgp6j6c7by8.uw3O3Woz633JCJVBcBwbRIE_CyXN5TmoorxJI88KuiD6HA; R7f3VPNKdQ2MeNvBN0G_QWZbOuM=xGvcNAUiktZj2YWAIWEVXrdZ9fc; wqnz0RXZv3IdUrhEdoiIU58xp58=1713526179; AWN1qaLpbt-bxc2qHdfdm3Tu1p0=1713612579; zfvv0QzMg_RQQ6tzwiRXhJwEp6U=ljXZJxwGpcmQYn8PrV_D6OURxXA; f3rjo31ROHnDorA6h4CL8qLd0aw=lEYm4z-gJP5dGXXuRYH-WeXXZo0
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 403 Forbidden
date: Fri, 19 Apr 2024 10:29:40 GMT
content-type: text/html
x-content-type-options: nosniff, nosniff
x-xss-protection: 1; mode=block, 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IISpgNodxAK3BPwtALUGVTKZya%2BlgU9kibReYQb5JApDTK7JHBjA2Q1f%2B4fFx7yQepQYSek5d4fPxl7qGjoz2YwLjrdOpkNGhWtX699zjvzCCYTBgYvC2F%2F30c4cC3GyTwI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876c36fddcf9b51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|