Report - web.qxfhelp.top/Bin/ScreenConnect.Client.applicationN12

Report Overview

Visited public
2025-04-08 23:56:03
Tags
Submit Tags
URL
web.qxfhelp.top/Bin/ScreenConnect.Client.applicationN12
Finishing URL
web.qxfhelp.top/Bin/ScreenConnect.Client.applicationN12
IP / ASN
104.21.48.1
#13335 CLOUDFLARENET
Title
Runtime Error

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
web.qxfhelp.top	unknown	2025-02-28	2025-03-14	2025-04-02	999 B	7.2 kB	104.21.32.1

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

Scan Date	Severity	Indicator	Alert
2025-03-29	medium	web.qxfhelp.top	Unknown RAT
2025-03-29	medium	web.qxfhelp.top	Unknown RAT

JavaScript (0)

HTTP Transactions (2)

URL IP Response Size

GET web.qxfhelp.top/favicon.ico

104.21.32.1

404 Not Found

1.9 kB

URL GET
web.qxfhelp.top/favicon.ico
IP
104.21.32.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://web.qxfhelp.top/Bin/ScreenConnect.Client.applicationN12
Certificate
IssuerGoogle Trust Services
Subjectqxfhelp.top
FingerprintDF:ED:32:07:72:41:59:9E:75:87:DB:E8:53:CF:86:64:1C:2C:82:51
ValidityTue, 18 Mar 2025 21:49:37 GMT - Mon, 16 Jun 2025 22:49:24 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
1.9 kB (1896 bytes)
Hash
efa352ec75b8a0ae8e2dd58d876575a8
6d03edbfb5ada3c6122ec521c740163932897072
22c7a38d8509b322ab9460aeca4419462a5373f51c39bcd1ab15521a196d69d8

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	Unknown RAT

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: web.qxfhelp.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://web.qxfhelp.top/Bin/ScreenConnect.Client.applicationN12
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
date: Tue, 08 Apr 2025 23:55:42 GMT
content-type: text/html; charset=utf-8
cache-control: private
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VM7tm2ctK5itJmsXGRoH3pNR0ilCwgfuZcO0T2P9xsRbAJJjxFDgXq%2Fgj4Qv6cdxLCFjgEiRnxPSbhj4lLdQdSHflkXAvijxIC2nRB9npdf4JDtcXKhnFMXHWhVLIDiNFrM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 92d5b27268e1569c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=3558&min_rtt=432&rtt_var=5478&sent=14&recv=17&lost=0&retrans=0&sent_bytes=7382&recv_bytes=1319&delivery_rate=7098039&cwnd=257&unsent_bytes=0&cid=9481fe634f940ec6&ts=785&x=0"
X-Firefox-Spdy: h2

GET web.qxfhelp.top/Bin/ScreenConnect.Client.applicationN12

104.21.32.1

500 Internal Server Error

3.4 kB

URL User Request GET
web.qxfhelp.top/Bin/ScreenConnect.Client.applicationN12
IP
104.21.32.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectqxfhelp.top
FingerprintDF:ED:32:07:72:41:59:9E:75:87:DB:E8:53:CF:86:64:1C:2C:82:51
ValidityTue, 18 Mar 2025 21:49:37 GMT - Mon, 16 Jun 2025 22:49:24 GMT

File type
HTML document, ASCII text, with very long lines (379), with CRLF line terminators
Size
3.4 kB (3420 bytes)
Hash
0f7cce9368a5285559d7ef3e641f18a4
0e25da9abec63112710caeb14123215d24a84876
bc1832cd33b67e74fe000bdbcadb002eb3b6d47f403cd56972545898474eaf0f

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	Unknown RAT

HTTP Headers

GET /Bin/ScreenConnect.Client.applicationN12 HTTP/1.1
Host: web.qxfhelp.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 500 Internal Server Error
date: Tue, 08 Apr 2025 23:55:41 GMT
content-type: text/html; charset=utf-8
cache-control: private
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uUV5bVHeYZ4BUO3EOVBlgB0UQddpiPHp87vDw5wWhzmxqzBry5oPMHKj9I9uWDBN%2BiqjZc2KQNMxr6H%2F9YDX2jgLee0Sd9cwJ%2F2LwN6D6OHpre8rvlE7KT9IeEvVIAUnUGY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 92d5b26eff34569c-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=6059&min_rtt=432&rtt_var=11118&sent=8&recv=11&lost=0&retrans=0&sent_bytes=3201&recv_bytes=1154&delivery_rate=7098039&cwnd=254&unsent_bytes=0&cid=9481fe634f940ec6&ts=238&x=0"
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (2)

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers