Domain halden.myqnapcloud.com
Norway
-
NAS has been infected by DeadBolt
This NAS was infected and ransomed by DeadBolt during a QNAP exploitation campaign.
First seen 2022-01-27 15:49
Last seen 2022-01-27 16:21-
Severity: critical
Fingerprint: f9dec7d7e94a1568a18c6de2a18c6de2a18c6de2a18c6de2a18c6de2a18c6de2Host has been infected by DEADBOLT
Found on 2022-01-27 15:49
-
-
Open service 193.213.154.86:443 ยท halden.myqnapcloud.com
2024-11-30 00:17
HTTP/1.1 200 OK Date: Sat, 30 Nov 2024 00:17:28 GMT Server: Strict-Transport-Security: max-age=31536000; includeSubDomains; preload X-Frame-Options: SAMEORIGIN Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' ; object-src 'self' ; worker-src 'self' blob: Content-type: text/html; charset=UTF-8 Last-modified: Fri, 25 Oct 2024 08:52:37 GMT Accept-Ranges: bytes Content-length: 580 Vary: Accept-Encoding X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Connection: close <html style="background:#007cef"> <head> <meta http-equiv="expires" content="0"> <script type='text/javascript'> pr=(document.location.protocol == 'https:') ? 'https' : 'http'; pt=(location.port == '') ? '' : ':' + location.port; redirect_suffix = "/redirect.html?count="+Math.random(); if(location.hostname.indexOf(':') == -1) { location.href=pr+"://"+location.hostname+pt+redirect_suffix; } else //could be ipv6 addr { var url = ""; url=pr+"://["+ location.hostname.replace(/[\[\]]/g, '') +"]"+pt+redirect_suffix; location.href = url; } </script> </head> <body> </body> </html>Found 2024-11-30 by HttpPluginCreate report