Report - server-jd.de8.quickconnect.to/fbdownload/supertool.exe?

Report Overview

Visited public
2025-02-27 18:16:03
Tags
URL
server-jd.de8.quickconnect.to/fbdownload/supertool.exe?
Finishing URL
server-jd.quickconnect.to/fbdownload/supertool.exe?
IP / ASN
185.102.219.107
#60068 Datacamp Limited
Title
Access via Synology

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
109.40.241.141	unknown	unknown	No data	No data	2.0 kB	0 B	0.0.0.0
dec.quickconnect.to	56996	unknown	2016-11-01	2025-01-31	592 B	0 B	0.0.0.0
server-jd.de8.quickconnect.to	unknown	unknown	2025-02-27	2025-02-27	521 B	177 B	185.102.219.107
synostatic.synology.com	419243	2000-01-29	2022-02-01	2025-02-21	539 B	39 kB	54.240.174.57
fe80::211:32ff:fe11:4d5d	unknown	unknown	No data	No data	1.0 kB	0 B	0.0.0.0
global.quickconnect.to	36942	unknown	2014-02-20	2025-02-21	595 B	2.0 kB	35.157.253.111
2a00:20:6092:df42:211:32ff:fe11:4d5d	unknown	unknown	No data	No data	2.1 kB	0 B	0.0.0.0
server-jd.quickconnect.to	unknown	unknown	2025-02-27	2025-02-27	3.6 kB	265 kB	54.240.174.13
192.168.1.108	unknown	unknown	No data	No data	1.0 kB	0 B	0.0.0.0

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-02-27	medium	fe80::211:32ff:fe11:4d5d	Sinkholed
2025-02-27	medium	fe80::211:32ff:fe11:4d5d	Sinkholed
2025-02-27	medium	2a00:20:6092:df42:211:32ff:fe11:4d5d	Sinkholed
2025-02-27	medium	192.168.1.108	Sinkholed
2025-02-27	medium	109.40.241.141	Sinkholed
2025-02-27	medium	109.40.241.141	Sinkholed
2025-02-27	medium	2a00:20:6092:df42:211:32ff:fe11:4d5d	Sinkholed
2025-02-27	medium	2a00:20:6092:df42:211:32ff:fe11:4d5d	Sinkholed
2025-02-27	medium	109.40.241.141	Sinkholed
2025-02-27	medium	2a00:20:6092:df42:211:32ff:fe11:4d5d	Sinkholed
2025-02-27	medium	192.168.1.108	Sinkholed
2025-02-27	medium	109.40.241.141	Sinkholed

ThreatFox

No alerts detected

JavaScript (7)

	URL	From	Size	First Seen	Last Seen
	server-jd.quickconnect.to/vendor.dll.js	ScriptElement	88 kB	2023-12-05	2025-06-04
Pretty URL server-jd.quickconnect.to/vendor.dll.js IP 54.240.174.112 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-05 06:54 Last Seen2025-06-04 07:30 Times Seen27 Hash e0613f5edd1eeaa36ecfdfa0f3e26fb6 b8a5186cf12ada995ddc7240d1812afb8fb5d5d8 8dc29ea61dd6c0b0e3f4821c43268acd2c4d8c1230d31bb7d48297c8ae6dc644 Loading...

	server-jd.quickconnect.to/commons.a8cea4c56af45adf1478.bundle.js	ScriptElement	799 B	2023-11-18	2025-06-04
Pretty URL server-jd.quickconnect.to/commons.a8cea4c56af45adf1478.bundle.js IP 54.240.174.112 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-18 22:23 Last Seen2025-06-04 07:30 Times Seen45 Hash 79f813c318b018258dd08fee7516c001 01dc3fc9c8e2313682965e96ca9931594d2e54a2 f3b3e2c5cd8c06660c52448f4f4d34f965075c5842d778279b5bfc033922e8ea Loading...

	server-jd.quickconnect.to/connect_lib.e24907ea3651a45ffcdb.bundle.js	ScriptElement	328 kB	2025-02-27	2025-04-01
Pretty URL server-jd.quickconnect.to/connect_lib.e24907ea3651a45ffcdb.bundle.js IP 54.240.174.112 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2025-02-27 18:16 Last Seen2025-04-01 07:30 Times Seen3 Hash e5fa04af728078efed8178221beafc3f 096f87ef9491dc863481af4b94e34852b69dd7c1 869d3269f9f2a7eca444a360928ec58dfc6ed4f9a8820185bb3a61ad50a0fec9 Loading...

	unknown	Function	37 B	2023-04-11	2025-06-07
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:31 Last Seen2025-06-07 09:39 Times Seen269703 Hash 29d0c84b9d1d8da446a6062c6a840ad9 6d6b3a6065667c7c50d92f3889c85ed65a9ad784 3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1 Loading...

	server-jd.quickconnect.to/fbdownload/supertool.exe?	ScriptElement	37 B	2023-03-07	2025-06-04
Pretty URL server-jd.quickconnect.to/fbdownload/supertool.exe? IP 54.240.174.13 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:32 Last Seen2025-06-04 07:30 Times Seen500 Hash 16f64e19c548f935f8465b8a7e2d2470 dd686bd8e6aa3511b4dbe0ac0ddce5b17074228a 0eb441f77981fdc7ecff64f60fbfe87cd8ca704e373d0c87de24beb4c77ab51a Loading...

	server-jd.quickconnect.to/fbdownload/supertool.exe?	ScriptElement	40 B	2023-03-07	2025-06-04
Pretty URL server-jd.quickconnect.to/fbdownload/supertool.exe? IP 54.240.174.13 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:34 Last Seen2025-06-04 07:30 Times Seen81 Hash aed912c18d8af1ffaba40f8fe2bb01aa cd7a91965cca86d379404bfba2bd1e5f60f2342d 403d723761b411cdcb89a052c88c8fb67f5c241a6e912472d38b60f1c9bfb226 Loading...

		Size	First Seen	Last Seen
	#1 Write - 312351bff07989769097660a56395065	4 B	2023-03-13 00:05	2025-06-07 08:34
Pretty Observations First Seen2023-03-13 00:05 Last Seen2025-06-07 08:34 Times Seen5290 Hash 312351bff07989769097660a56395065 004be89dd9e070ecb080b9b759e5be29ec24881b b2b2f104d32c638903e151a9b20d6e27b41d8c0c84cf8458738f83ca2f1dd744 Loading...

HTTP Transactions (24)

URL IP Response Size

server-jd.de8.quickconnect.to/fbdownload/supertool.exe?

185.102.219.107

307 Temporary Redirect

0 B

URL User Request GET HTTP/2
server-jd.de8.quickconnect.to/fbdownload/supertool.exe?
IP
185.102.219.107:443
ASN
#60068 Datacamp Limited

Certificate
IssuerLet's Encrypt
Subjectde8.quickconnect.to
Fingerprint9D:2A:0C:4B:92:A1:2E:35:E0:12:69:6F:45:5D:6F:F1:D8:87:FB:55
ValidityFri, 03 Jan 2025 22:56:04 GMT - Thu, 03 Apr 2025 22:56:03 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /fbdownload/supertool.exe? HTTP/1.1
Host: server-jd.de8.quickconnect.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 307 Temporary Redirect
location: http://server-jd.quickconnect.to/fbdownload/supertool.exe?
date: Thu, 27 Feb 2025 18:15:33 GMT
content-length: 0
X-Firefox-Spdy: h2

server-jd.quickconnect.to/fbdownload/supertool.exe?

54.240.174.13

200 OK

64 kB

URL User Request GET HTTP/1.1
server-jd.quickconnect.to/fbdownload/supertool.exe?
IP
54.240.174.13:80
ASN
#16509 AMAZON-02

File type
HTML document, ASCII text, with very long lines (65536), with no line terminators
Size
64 kB (63590 bytes)
Hash
ad160edbd87db2516ef22d99698da1e0
25658740891156f48fa5d26156468573813353c4
db6e4a96cf4e7bdf2d8435030763d4819b1f5663564d8f8d801bcfd6d34497c3

HTTP Headers

GET /fbdownload/supertool.exe? HTTP/1.1
Host: server-jd.quickconnect.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Date: Thu, 27 Feb 2025 18:15:33 GMT
Server: nginx
Last-Modified: Wed, 19 Feb 2025 01:16:41 GMT
Etag: W/"67b530f9-17ce9"
Expires: Thu, 27 Feb 2025 18:15:32 GMT
Cache-Control: no-cache
Origin-Trial: AvUiVAY9K1AHYuE6XZcAr0BgCo3E0vGj2mCk8ihdcXIQbWEGvBnfCLcy/YI7F38OT3D9jsBawKNHLSRmpWhQpwgAAACGeyJvcmlnaW4iOiJodHRwOi8vcXVpY2tjb25uZWN0LnRvOjgwIiwiZmVhdHVyZSI6IlByaXZhdGVOZXR3b3JrQWNjZXNzTm9uU2VjdXJlQ29udGV4dHNBbGxvd2VkIiwiZXhwaXJ5IjoxNjY2MTM3NTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
Content-Encoding: gzip
Via: 1.1 04c4f064943f75498361739eb063cb7a.cloudfront.net (CloudFront)
X-Cache: Miss from cloudfront
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: hIMOfUUSp0lrFvoFIXrKw3nyokF3xB7F0BeRtwBf2zHroDUiOJOTDg==

server-jd.quickconnect.to/connect_lib.7045c606.bundle.css

54.240.174.13

200 OK

2.6 kB

URL GET HTTP/1.1
server-jd.quickconnect.to/connect_lib.7045c606.bundle.css
IP
54.240.174.13:80
ASN
#16509 AMAZON-02

Requested by
http://server-jd.quickconnect.to/fbdownload/supertool.exe?

File type
ASCII text, with very long lines (13373), with no line terminators
Size
2.6 kB (2578 bytes)
Hash
7045c606b96b7ee410523d7bf50f2822
7e8050e1f7336e2bbd78931e2f8b4370d914d29d
25a6fa48b1e40e816c243f0b919e35f2c27cad3d1a5c1d976501615a74e71ff4

HTTP Headers

GET /connect_lib.7045c606.bundle.css HTTP/1.1
Host: server-jd.quickconnect.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://server-jd.quickconnect.to/fbdownload/supertool.exe?
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Date: Wed, 27 Nov 2024 19:21:59 GMT
Server: nginx
Last-Modified: Tue, 29 Oct 2024 05:46:44 GMT
Etag: W/"672076c4-343d"
Expires: Thu, 27 Nov 2025 19:21:59 GMT
Cache-Control: max-age=31536000
Content-Encoding: gzip
Via: 1.1 04c4f064943f75498361739eb063cb7a.cloudfront.net (CloudFront)
Age: 7944814
Origin-Trial: AvUiVAY9K1AHYuE6XZcAr0BgCo3E0vGj2mCk8ihdcXIQbWEGvBnfCLcy/YI7F38OT3D9jsBawKNHLSRmpWhQpwgAAACGeyJvcmlnaW4iOiJodHRwOi8vcXVpY2tjb25uZWN0LnRvOjgwIiwiZmVhdHVyZSI6IlByaXZhdGVOZXR3b3JrQWNjZXNzTm9uU2VjdXJlQ29udGV4dHNBbGxvd2VkIiwiZXhwaXJ5IjoxNjY2MTM3NTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
X-Cache: Hit from cloudfront
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: Fs544zpwBbIKLiKEqOuzVJnd_IX4qhYdivJsQwXnLnxaGfMLEWuAMw==

server-jd.quickconnect.to/commons.a8cea4c56af45adf1478.bundle.js

54.240.174.112

200 OK

454 B

URL GET HTTP/1.1
server-jd.quickconnect.to/commons.a8cea4c56af45adf1478.bundle.js
IP
54.240.174.112:80
ASN
#16509 AMAZON-02

Requested by
http://server-jd.quickconnect.to/fbdownload/supertool.exe?

File type
ASCII text, with very long lines (799), with no line terminators
Size
454 B (454 bytes)
Hash
79f813c318b018258dd08fee7516c001
01dc3fc9c8e2313682965e96ca9931594d2e54a2
f3b3e2c5cd8c06660c52448f4f4d34f965075c5842d778279b5bfc033922e8ea

HTTP Headers

GET /commons.a8cea4c56af45adf1478.bundle.js HTTP/1.1
Host: server-jd.quickconnect.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://server-jd.quickconnect.to/fbdownload/supertool.exe?
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Date: Mon, 05 Aug 2024 07:59:14 GMT
Server: nginx
Last-Modified: Tue, 21 Nov 2023 01:45:40 GMT
Etag: W/"655c0bc4-31f"
Expires: Tue, 05 Aug 2025 07:59:14 GMT
Cache-Control: max-age=31536000
Content-Encoding: gzip
Via: 1.1 60929bddfcfe8b3a510a9502ad6d8742.cloudfront.net (CloudFront)
Age: 17835379
Origin-Trial: AvUiVAY9K1AHYuE6XZcAr0BgCo3E0vGj2mCk8ihdcXIQbWEGvBnfCLcy/YI7F38OT3D9jsBawKNHLSRmpWhQpwgAAACGeyJvcmlnaW4iOiJodHRwOi8vcXVpY2tjb25uZWN0LnRvOjgwIiwiZmVhdHVyZSI6IlByaXZhdGVOZXR3b3JrQWNjZXNzTm9uU2VjdXJlQ29udGV4dHNBbGxvd2VkIiwiZXhwaXJ5IjoxNjY2MTM3NTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
X-Cache: Hit from cloudfront
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: u1oFigsTf9AXML6vFSqj3rKjH_I5wXjHhL7cbdYHuGusrLAeEfgOdA==

server-jd.quickconnect.to/connect_lib.e24907ea3651a45ffcdb.bundle.js

54.240.174.112

200 OK

118 kB

URL GET HTTP/1.1
server-jd.quickconnect.to/connect_lib.e24907ea3651a45ffcdb.bundle.js
IP
54.240.174.112:80
ASN
#16509 AMAZON-02

Requested by
http://server-jd.quickconnect.to/fbdownload/supertool.exe?

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (48514), with NEL line terminators
Size
118 kB (117856 bytes)
Hash
e5fa04af728078efed8178221beafc3f
096f87ef9491dc863481af4b94e34852b69dd7c1
869d3269f9f2a7eca444a360928ec58dfc6ed4f9a8820185bb3a61ad50a0fec9

HTTP Headers

GET /connect_lib.e24907ea3651a45ffcdb.bundle.js HTTP/1.1
Host: server-jd.quickconnect.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://server-jd.quickconnect.to/fbdownload/supertool.exe?
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Date: Wed, 19 Feb 2025 05:36:12 GMT
Server: nginx
Last-Modified: Wed, 19 Feb 2025 01:16:41 GMT
Etag: W/"67b530f9-5016e"
Expires: Thu, 19 Feb 2026 05:36:12 GMT
Cache-Control: max-age=31536000
Content-Encoding: gzip
Via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
Age: 736761
Origin-Trial: AvUiVAY9K1AHYuE6XZcAr0BgCo3E0vGj2mCk8ihdcXIQbWEGvBnfCLcy/YI7F38OT3D9jsBawKNHLSRmpWhQpwgAAACGeyJvcmlnaW4iOiJodHRwOi8vcXVpY2tjb25uZWN0LnRvOjgwIiwiZmVhdHVyZSI6IlByaXZhdGVOZXR3b3JrQWNjZXNzTm9uU2VjdXJlQ29udGV4dHNBbGxvd2VkIiwiZXhwaXJ5IjoxNjY2MTM3NTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
X-Cache: Hit from cloudfront
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: LqLJuGxsqEr2h994NXQNCO5CsoSLC1YncX11piBOwxswkmVsitjj3A==

server-jd.quickconnect.to/vendor.dll.js

54.240.174.112

200 OK

36 kB

URL GET HTTP/1.1
server-jd.quickconnect.to/vendor.dll.js
IP
54.240.174.112:80
ASN
#16509 AMAZON-02

Requested by
http://server-jd.quickconnect.to/fbdownload/supertool.exe?

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (64777)
Size
36 kB (36182 bytes)
Hash
e0613f5edd1eeaa36ecfdfa0f3e26fb6
b8a5186cf12ada995ddc7240d1812afb8fb5d5d8
8dc29ea61dd6c0b0e3f4821c43268acd2c4d8c1230d31bb7d48297c8ae6dc644

HTTP Headers

GET /vendor.dll.js HTTP/1.1
Host: server-jd.quickconnect.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://server-jd.quickconnect.to/fbdownload/supertool.exe?
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Date: Tue, 07 Jan 2025 02:45:13 GMT
Server: nginx
Last-Modified: Tue, 29 Oct 2024 05:46:44 GMT
Etag: W/"672076c4-158ff"
Expires: Wed, 07 Jan 2026 02:45:13 GMT
Cache-Control: max-age=31536000
Content-Encoding: gzip
Via: 1.1 60929bddfcfe8b3a510a9502ad6d8742.cloudfront.net (CloudFront)
Age: 4462220
Origin-Trial: AvUiVAY9K1AHYuE6XZcAr0BgCo3E0vGj2mCk8ihdcXIQbWEGvBnfCLcy/YI7F38OT3D9jsBawKNHLSRmpWhQpwgAAACGeyJvcmlnaW4iOiJodHRwOi8vcXVpY2tjb25uZWN0LnRvOjgwIiwiZmVhdHVyZSI6IlByaXZhdGVOZXR3b3JrQWNjZXNzTm9uU2VjdXJlQ29udGV4dHNBbGxvd2VkIiwiZXhwaXJ5IjoxNjY2MTM3NTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
X-Cache: Hit from cloudfront
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: QEVN0FCq-wyf8DCp7eM2AF_6XAjLWRHrtk-ygBBtyJlAvKYGOtV7Ow==

server-jd.quickconnect.to/e903266b5cec648754bc4fa966c21efa.png

54.240.174.112

200 OK

19 kB

URL GET HTTP/1.1
server-jd.quickconnect.to/e903266b5cec648754bc4fa966c21efa.png
IP
54.240.174.112:80
ASN
#16509 AMAZON-02

Requested by
http://server-jd.quickconnect.to/fbdownload/supertool.exe?

File type
PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced
Size
19 kB (18929 bytes)
Hash
e903266b5cec648754bc4fa966c21efa
6ffb6f68b5cb5208939c18d211e1592a1fb6ffba
f2330a566454ec93c1b4d986f3b672d770762431b7d0051a5e9f77d10fa34b83

HTTP Headers

GET /e903266b5cec648754bc4fa966c21efa.png HTTP/1.1
Host: server-jd.quickconnect.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://server-jd.quickconnect.to/fbdownload/supertool.exe?
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 18929
Connection: keep-alive
Date: Mon, 27 Jan 2025 05:25:31 GMT
Server: nginx
Last-Modified: Tue, 29 Oct 2024 05:46:44 GMT
Etag: "672076c4-49f1"
Expires: Tue, 27 Jan 2026 05:25:31 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
Via: 1.1 60929bddfcfe8b3a510a9502ad6d8742.cloudfront.net (CloudFront)
Age: 2724602
Origin-Trial: AvUiVAY9K1AHYuE6XZcAr0BgCo3E0vGj2mCk8ihdcXIQbWEGvBnfCLcy/YI7F38OT3D9jsBawKNHLSRmpWhQpwgAAACGeyJvcmlnaW4iOiJodHRwOi8vcXVpY2tjb25uZWN0LnRvOjgwIiwiZmVhdHVyZSI6IlByaXZhdGVOZXR3b3JrQWNjZXNzTm9uU2VjdXJlQ29udGV4dHNBbGxvd2VkIiwiZXhwaXJ5IjoxNjY2MTM3NTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
X-Cache: Hit from cloudfront
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: ZnPDy7jkQM0-lcPBKEwSGcofAXyf6US004wKk9j3fKWn0X29fU5Jjg==

server-jd.quickconnect.to/573e7af50207ee0f67a3f60752802e92.png

54.240.174.112

200 OK

17 kB

URL GET HTTP/1.1
server-jd.quickconnect.to/573e7af50207ee0f67a3f60752802e92.png
IP
54.240.174.112:80
ASN
#16509 AMAZON-02

Requested by
http://server-jd.quickconnect.to/fbdownload/supertool.exe?

File type
PNG image data, 700 x 280, 8-bit/color RGBA, non-interlaced
Size
17 kB (17183 bytes)
Hash
573e7af50207ee0f67a3f60752802e92
4c862cb778552608d56d15b41686472aa8a88084
9167f8e41207cfe8626d377c85ea6b57fd893d6f28f693f2a3ba53d5547be5f9

HTTP Headers

GET /573e7af50207ee0f67a3f60752802e92.png HTTP/1.1
Host: server-jd.quickconnect.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://server-jd.quickconnect.to/fbdownload/supertool.exe?
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 17183
Connection: keep-alive
Date: Wed, 19 Feb 2025 11:32:33 GMT
Server: nginx
Last-Modified: Wed, 19 Feb 2025 01:16:41 GMT
Etag: "67b530f9-431f"
Expires: Thu, 19 Feb 2026 11:32:33 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
Via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
Age: 715380
Origin-Trial: AvUiVAY9K1AHYuE6XZcAr0BgCo3E0vGj2mCk8ihdcXIQbWEGvBnfCLcy/YI7F38OT3D9jsBawKNHLSRmpWhQpwgAAACGeyJvcmlnaW4iOiJodHRwOi8vcXVpY2tjb25uZWN0LnRvOjgwIiwiZmVhdHVyZSI6IlByaXZhdGVOZXR3b3JrQWNjZXNzTm9uU2VjdXJlQ29udGV4dHNBbGxvd2VkIiwiZXhwaXJ5IjoxNjY2MTM3NTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
X-Cache: Hit from cloudfront
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: AMvg46Q7WrUzRoOnlueh7oSx_pVGoHj5VdxP8EB2vwF4VqbbhwM5ig==

synostatic.synology.com/font/inter/inter-w400-7.woff2

54.240.174.57

200 OK

38 kB

URL GET HTTP/2
synostatic.synology.com/font/inter/inter-w400-7.woff2
IP
54.240.174.57:443
ASN
#16509 AMAZON-02

Requested by
http://server-jd.quickconnect.to/fbdownload/supertool.exe?
Certificate
IssuerAmazon
Subjectsynostatic.synology.com
FingerprintEE:E3:F2:C0:8D:06:DF:A9:7F:A6:2E:37:D4:BF:26:05:55:4A:D1:44
ValidityMon, 11 Nov 2024 00:00:00 GMT - Thu, 11 Dec 2025 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 37780, version 1.0
Size
38 kB (37780 bytes)
Hash
e09ca52560d42e4626656b4fc70d970b
8ebc2396198a586a15352044dd1aa962018970e1
acdc8f60059cbf557957869f544dce756689a499c506856522204b3ea06be8c7

HTTP Headers

GET /font/inter/inter-w400-7.woff2 HTTP/1.1
Host: synostatic.synology.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://server-jd.quickconnect.to
DNT: 1
Connection: keep-alive
Referer: http://server-jd.quickconnect.to/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 37780
server: nginx
date: Thu, 27 Feb 2025 18:15:34 GMT
accept-ranges: bytes
access-control-allow-credentials: true
access-control-allow-origin: http://server-jd.quickconnect.to
access-control-expose-headers: Date, Etag, Server, Connection, Accept-Ranges, Content-Range, Content-Encoding, Content-Length, Content-Type, Content-Disposition, Last-Modified, Content-Language, Cache-Control, Retry-After, X-Amz-Bucket-Region, Expires, X-Amz*, X-Amz*, *
etag: "e09ca52560d42e4626656b4fc70d970b"
last-modified: Wed, 21 Dec 2022 09:10:37 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-bucket-region: tw-north-1
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
vary: Origin,Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: DKeJsjJ8EnxS1y9Qypra46HxqSVoNpPeVBnJhttmEijcovEVVCp0YA==
X-Firefox-Spdy: h2

server-jd.quickconnect.to/favicon.8f5fa591b187b2297da55b6023f86d0f.ico

54.240.174.112

200 OK

1.4 kB

URL GET HTTP/1.1
server-jd.quickconnect.to/favicon.8f5fa591b187b2297da55b6023f86d0f.ico
IP
54.240.174.112:80
ASN
#16509 AMAZON-02

Requested by
http://server-jd.quickconnect.to/fbdownload/supertool.exe?

File type
MS Windows icon resource - 2 icons, 16x16, 32x32
Size
1.4 kB (1394 bytes)
Hash
8f5fa591b187b2297da55b6023f86d0f
adaee8a634f021cdf494a05f68672f0bfd641c59
9aa9925694e6633be8c3b471eadcb0d3367c1bc501157172ba5749db3c692e4d

HTTP Headers

GET /favicon.8f5fa591b187b2297da55b6023f86d0f.ico HTTP/1.1
Host: server-jd.quickconnect.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://server-jd.quickconnect.to/fbdownload/supertool.exe?
Cookie: syno-quickconnect-tutorial=yes; tunnel=; previous_verify_type=; previous=http:.port.5001.ext_port.61631site.dec.quickconnect.tolan_ipv4.192.168.1.108.wan_ipv4.109.40.241.141http:.port.5000.ext_port.61630site.dec.quickconnect.tolan_ipv4.192.168.1.108.wan_ipv4.109.40.241.141
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/x-icon
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Last-Modified: Wed, 19 Feb 2025 01:16:41 GMT
Origin-Trial: AvUiVAY9K1AHYuE6XZcAr0BgCo3E0vGj2mCk8ihdcXIQbWEGvBnfCLcy/YI7F38OT3D9jsBawKNHLSRmpWhQpwgAAACGeyJvcmlnaW4iOiJodHRwOi8vcXVpY2tjb25uZWN0LnRvOjgwIiwiZmVhdHVyZSI6IlByaXZhdGVOZXR3b3JrQWNjZXNzTm9uU2VjdXJlQ29udGV4dHNBbGxvd2VkIiwiZXhwaXJ5IjoxNjY2MTM3NTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
Content-Encoding: gzip
Date: Thu, 27 Feb 2025 18:15:35 GMT
Expires: Thu, 27 Feb 2025 17:42:26 GMT
Cache-Control: no-cache
Etag: W/"67b530f9-e36"
Vary: Accept-Encoding
Via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
Age: 1988
X-Cache: Hit from cloudfront
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: rRalfwOvLXLMt8p0DXM-aR8mmC0J26nhiwyeX7P8HtT3H8MM7QHNVw==

[fe80::211:32ff:fe11:4d5d]:5000/webman/pingpong.cgi?action=cors&quickconnect=true

0.0.0.0

0 B

URL GET
[fe80::211:32ff:fe11:4d5d]:5000/webman/pingpong.cgi?action=cors&quickconnect=true
IP
0.0.0.0:0
ASN
#0

Requested by
http://server-jd.quickconnect.to/fbdownload/supertool.exe?

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webman/pingpong.cgi?action=cors&quickconnect=true HTTP/1.1
Host: [fe80::211:32ff:fe11:4d5d]:5000
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://server-jd.quickconnect.to
DNT: 1
Connection: keep-alive
Referer: http://server-jd.quickconnect.to/
Pragma: no-cache
Cache-Control: no-cache

[fe80::211:32ff:fe11:4d5d]:5001/webman/pingpong.cgi?action=cors&quickconnect=true

0.0.0.0

0 B

URL GET
[fe80::211:32ff:fe11:4d5d]:5001/webman/pingpong.cgi?action=cors&quickconnect=true
IP
0.0.0.0:0
ASN
#0

Requested by
http://server-jd.quickconnect.to/fbdownload/supertool.exe?

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webman/pingpong.cgi?action=cors&quickconnect=true HTTP/1.1
Host: [fe80::211:32ff:fe11:4d5d]:5001
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://server-jd.quickconnect.to
DNT: 1
Connection: keep-alive
Referer: http://server-jd.quickconnect.to/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

global.quickconnect.to/Serv.php

35.157.253.111

200 OK

1.7 kB

URL POST HTTP/2
global.quickconnect.to/Serv.php
IP
35.157.253.111:443
ASN
#16509 AMAZON-02

Requested by
http://server-jd.quickconnect.to/fbdownload/supertool.exe?
Certificate
IssuerSectigo Limited
Subject*.quickconnect.to
Fingerprint16:BE:BF:FB:77:97:97:5B:F4:8D:A7:F7:82:C5:F8:68:16:B8:00:C5
ValidityTue, 31 Dec 2024 00:00:00 GMT - Fri, 30 Jan 2026 23:59:59 GMT

File type
ASCII text, with very long lines (1898), with no line terminators
Size
1.7 kB (1660 bytes)
Hash
baabb11462ebf28fec96d4da3980adda
f145b0d3a5e2f6f90affa9ca24e5ea09592b1c0b
830e23e16d51f4a9d70e7c6103ffaab1719f4cd34a0fee853e2656406812bc9d

HTTP Headers

POST /Serv.php HTTP/1.1
Host: global.quickconnect.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 348
Origin: http://server-jd.quickconnect.to
DNT: 1
Connection: keep-alive
Referer: http://server-jd.quickconnect.to/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 27 Feb 2025 18:15:34 GMT
content-type: text/plain; charset=utf-8
server: nginx
x-qc-client-ip: 91.90.42.154
access-control-allow-origin: http://server-jd.quickconnect.to
access-control-allow-credentials: true
access-control-expose-headers: X-QC-CLIENT-IP
content-encoding: gzip
X-Firefox-Spdy: h2

[2a00:20:6092:df42:211:32ff:fe11:4d5d]:61631/webman/pingpong.cgi?action=cors&quickconnect=true

0.0.0.0

0 B

URL GET
[2a00:20:6092:df42:211:32ff:fe11:4d5d]:61631/webman/pingpong.cgi?action=cors&quickconnect=true
IP
0.0.0.0:0
ASN
#0

Requested by
http://server-jd.quickconnect.to/fbdownload/supertool.exe?

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webman/pingpong.cgi?action=cors&quickconnect=true HTTP/1.1
Host: [2a00:20:6092:df42:211:32ff:fe11:4d5d]:61631
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://server-jd.quickconnect.to
DNT: 1
Connection: keep-alive
Referer: http://server-jd.quickconnect.to/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

192.168.1.108:5001/webman/pingpong.cgi?action=cors&quickconnect=true

0.0.0.0

0 B

URL GET
192.168.1.108:5001/webman/pingpong.cgi?action=cors&quickconnect=true
IP
0.0.0.0:0
ASN
#0

Requested by
http://server-jd.quickconnect.to/fbdownload/supertool.exe?

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webman/pingpong.cgi?action=cors&quickconnect=true HTTP/1.1
Host: 192.168.1.108:5001
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://server-jd.quickconnect.to
DNT: 1
Connection: keep-alive
Referer: http://server-jd.quickconnect.to/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

109.40.241.141:5001/webman/pingpong.cgi?action=cors&quickconnect=true

0.0.0.0

0 B

URL GET
109.40.241.141:5001/webman/pingpong.cgi?action=cors&quickconnect=true
IP
0.0.0.0:0
ASN
#0

Requested by
http://server-jd.quickconnect.to/fbdownload/supertool.exe?

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webman/pingpong.cgi?action=cors&quickconnect=true HTTP/1.1
Host: 109.40.241.141:5001
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://server-jd.quickconnect.to
DNT: 1
Connection: keep-alive
Referer: http://server-jd.quickconnect.to/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

109.40.241.141:61630/webman/pingpong.cgi?action=cors&quickconnect=true

0.0.0.0

0 B

URL GET
109.40.241.141:61630/webman/pingpong.cgi?action=cors&quickconnect=true
IP
0.0.0.0:0
ASN
#0

Requested by
http://server-jd.quickconnect.to/fbdownload/supertool.exe?

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webman/pingpong.cgi?action=cors&quickconnect=true HTTP/1.1
Host: 109.40.241.141:61630
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://server-jd.quickconnect.to
DNT: 1
Connection: keep-alive
Referer: http://server-jd.quickconnect.to/
Pragma: no-cache
Cache-Control: no-cache

[2a00:20:6092:df42:211:32ff:fe11:4d5d]:5001/webman/pingpong.cgi?action=cors&quickconnect=true

0.0.0.0

0 B

URL GET
[2a00:20:6092:df42:211:32ff:fe11:4d5d]:5001/webman/pingpong.cgi?action=cors&quickconnect=true
IP
0.0.0.0:0
ASN
#0

Requested by
http://server-jd.quickconnect.to/fbdownload/supertool.exe?

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webman/pingpong.cgi?action=cors&quickconnect=true HTTP/1.1
Host: [2a00:20:6092:df42:211:32ff:fe11:4d5d]:5001
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://server-jd.quickconnect.to
DNT: 1
Connection: keep-alive
Referer: http://server-jd.quickconnect.to/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

[2a00:20:6092:df42:211:32ff:fe11:4d5d]:5000/webman/pingpong.cgi?action=cors&quickconnect=true

0.0.0.0

0 B

URL GET
[2a00:20:6092:df42:211:32ff:fe11:4d5d]:5000/webman/pingpong.cgi?action=cors&quickconnect=true
IP
0.0.0.0:0
ASN
#0

Requested by
http://server-jd.quickconnect.to/fbdownload/supertool.exe?

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webman/pingpong.cgi?action=cors&quickconnect=true HTTP/1.1
Host: [2a00:20:6092:df42:211:32ff:fe11:4d5d]:5000
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://server-jd.quickconnect.to
DNT: 1
Connection: keep-alive
Referer: http://server-jd.quickconnect.to/
Pragma: no-cache
Cache-Control: no-cache

109.40.241.141:61631/webman/pingpong.cgi?action=cors&quickconnect=true

0.0.0.0

0 B

URL GET
109.40.241.141:61631/webman/pingpong.cgi?action=cors&quickconnect=true
IP
0.0.0.0:0
ASN
#0

Requested by
http://server-jd.quickconnect.to/fbdownload/supertool.exe?

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webman/pingpong.cgi?action=cors&quickconnect=true HTTP/1.1
Host: 109.40.241.141:61631
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://server-jd.quickconnect.to
DNT: 1
Connection: keep-alive
Referer: http://server-jd.quickconnect.to/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

[2a00:20:6092:df42:211:32ff:fe11:4d5d]:61630/webman/pingpong.cgi?action=cors&quickconnect=true

0.0.0.0

0 B

URL GET
[2a00:20:6092:df42:211:32ff:fe11:4d5d]:61630/webman/pingpong.cgi?action=cors&quickconnect=true
IP
0.0.0.0:0
ASN
#0

Requested by
http://server-jd.quickconnect.to/fbdownload/supertool.exe?

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webman/pingpong.cgi?action=cors&quickconnect=true HTTP/1.1
Host: [2a00:20:6092:df42:211:32ff:fe11:4d5d]:61630
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://server-jd.quickconnect.to
DNT: 1
Connection: keep-alive
Referer: http://server-jd.quickconnect.to/
Pragma: no-cache
Cache-Control: no-cache

192.168.1.108:5000/webman/pingpong.cgi?action=cors&quickconnect=true

0.0.0.0

0 B

URL GET
192.168.1.108:5000/webman/pingpong.cgi?action=cors&quickconnect=true
IP
0.0.0.0:0
ASN
#0

Requested by
http://server-jd.quickconnect.to/fbdownload/supertool.exe?

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webman/pingpong.cgi?action=cors&quickconnect=true HTTP/1.1
Host: 192.168.1.108:5000
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://server-jd.quickconnect.to
DNT: 1
Connection: keep-alive
Referer: http://server-jd.quickconnect.to/
Pragma: no-cache
Cache-Control: no-cache

109.40.241.141:5000/webman/pingpong.cgi?action=cors&quickconnect=true

0.0.0.0

0 B

URL GET
109.40.241.141:5000/webman/pingpong.cgi?action=cors&quickconnect=true
IP
0.0.0.0:0
ASN
#0

Requested by
http://server-jd.quickconnect.to/fbdownload/supertool.exe?

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webman/pingpong.cgi?action=cors&quickconnect=true HTTP/1.1
Host: 109.40.241.141:5000
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://server-jd.quickconnect.to
DNT: 1
Connection: keep-alive
Referer: http://server-jd.quickconnect.to/
Pragma: no-cache
Cache-Control: no-cache

dec.quickconnect.to/Serv.php

0.0.0.0

0 B

URL POST
dec.quickconnect.to/Serv.php
IP
0.0.0.0:0
ASN
#0

Requested by
http://server-jd.quickconnect.to/fbdownload/supertool.exe?

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /Serv.php HTTP/1.1
Host: dec.quickconnect.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 173
Origin: http://server-jd.quickconnect.to
DNT: 1
Connection: keep-alive
Referer: http://server-jd.quickconnect.to/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (7)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

HTTP Transactions (24)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP

ASN