Report - qegyhig.com/login.phpid-2280784292183247

Report Overview

Visited public
2025-05-27 05:14:27
Tags
URL
qegyhig.com/login.phpid-2280784292183247
Finishing URL
qegyhig.com/login.phpid-2280784292183247
IP / ASN
104.21.48.1
#13335 CLOUDFLARENET
Title
Page not found -

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
qegyhig.com	unknown	2011-08-12	2012-10-12	2025-05-25	4.9 kB	593 kB	104.21.32.1

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-05-26	medium	qegyhig.com	Sinkholed
2025-05-26	medium	qegyhig.com	Sinkholed
2025-05-26	medium	qegyhig.com	Sinkholed
2025-05-26	medium	qegyhig.com	Sinkholed
2025-05-26	medium	qegyhig.com	Sinkholed
2025-05-26	medium	qegyhig.com	Sinkholed
2025-05-26	medium	qegyhig.com	Sinkholed
2025-05-26	medium	qegyhig.com	Sinkholed
2025-05-26	medium	qegyhig.com	Sinkholed
2025-05-26	medium	qegyhig.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (7)

	URL	From	Size	First Seen	Last Seen
	qegyhig.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1	ScriptElement	88 kB	2023-11-03	2025-06-15
Pretty URL qegyhig.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1 IP 104.21.32.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-03 09:26 Last Seen2025-06-15 10:53 Times Seen100211 Hash 826eb77e86b02ab7724fe3d0141ff87c 79cd3587d565afe290076a8d36c31c305a573d18 cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf Loading...

	qegyhig.com/login.phpid-2280784292183247	ScriptElement	3.2 kB	2025-05-01	2025-06-15
Pretty URL qegyhig.com/login.phpid-2280784292183247 IP 104.21.16.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-05-01 00:41 Last Seen2025-06-15 08:12 Times Seen215 Hash fb1269f5472b4edf4af60d2ebc3fed47 acd52025c588602e62d57b7ec6e9234da3c94126 ea51c973a3d676f0a2206e99f3a694254b6c8eb8764a16e21cd542ab65a1d101 Loading...

	qegyhig.com/login.phpid-2280784292183247	ScriptElement	6.0 kB	2023-03-07	2025-06-15
Pretty URL qegyhig.com/login.phpid-2280784292183247 IP 104.21.16.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:10 Last Seen2025-06-15 08:12 Times Seen3094 Hash 36bb41434655cf561f77987b521868e4 859b75d2e2e6eb0ff665e4ce3c3aa4d0f26d45ba 7853623597c83d5420b041e662614eddbe69a1f978214d7f4f90fcf27f8248b4 Loading...

	qegyhig.com/login.phpid-2280784292183247	ScriptElement	135 B	2023-03-07	2025-06-15
Pretty URL qegyhig.com/login.phpid-2280784292183247 IP 104.21.16.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:10 Last Seen2025-06-15 08:12 Times Seen3341 Hash 6d370053752bcccfea3a05ed1f958f00 dc27a1f8c079d10b6bcb12d934690d5ac13b8245 712b83e1fb7bba23edc0cad83735386653ae53ac4751130d8a1a32340eced84b Loading...

	qegyhig.com/wp-includes/js/wp-emoji-release.min.js?ver=6.8.1	ScriptElement	19 kB	2025-04-03	2025-06-15
Pretty URL qegyhig.com/wp-includes/js/wp-emoji-release.min.js?ver=6.8.1 IP 104.21.32.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-03 04:02 Last Seen2025-06-15 10:38 Times Seen8388 Hash 1dafa7fe14b33c26fef9b0e5ba0c8e72 62f67cdac55d89c43570bf0c338f4edf548b14e1 50cc1a0490008ec62ca8b581fa9cdcfb2eda2d36a08ccbeb1f004da599e9cc61 Loading...

	qegyhig.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1	ScriptElement	14 kB	2023-05-09	2025-06-15
Pretty URL qegyhig.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1 IP 104.21.32.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-09 19:21 Last Seen2025-06-15 10:38 Times Seen112841 Hash 9ffeb32e2d9efbf8f70caabded242267 3ad0c10e501ac2a9bfa18f9cd7e700219b378738 5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89 Loading...

	qegyhig.com/login.phpid-2280784292183247	ScriptElement	99 B	2023-03-07	2025-06-15
Pretty URL qegyhig.com/login.phpid-2280784292183247 IP 104.21.16.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:41 Last Seen2025-06-15 08:12 Times Seen3269 Hash 7fa1ae65f342c116b15cb8e4af3f0db8 eef8afe088ef947cdf027cc5e95619e91e025ce1 d71dbeef81cdfc763b21dbcb6060476a2ae8b4582d84f9742add5dd68f6c3f8f Loading...

HTTP Transactions (10)

URL IP Response Size

qegyhig.com/wp-includes/js/wp-emoji-release.min.js?ver=6.8.1

104.21.32.1

200 OK

19 kB

URL GET
qegyhig.com/wp-includes/js/wp-emoji-release.min.js?ver=6.8.1
IP
104.21.32.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://qegyhig.com/login.phpid-2280784292183247
Certificate
IssuerGoogle Trust Services
Subjectqegyhig.com
FingerprintE8:D8:CF:12:F2:55:AB:2A:1D:CB:4B:EB:27:BF:1E:BA:F7:8F:F6:51
ValidityMon, 05 May 2025 09:33:04 GMT - Sun, 03 Aug 2025 10:31:32 GMT

File type
JavaScript source, ASCII text, with very long lines (16290)
Size
19 kB (19264 bytes)
Hash
1dafa7fe14b33c26fef9b0e5ba0c8e72
62f67cdac55d89c43570bf0c338f4edf548b14e1
50cc1a0490008ec62ca8b581fa9cdcfb2eda2d36a08ccbeb1f004da599e9cc61

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-includes/js/wp-emoji-release.min.js?ver=6.8.1 HTTP/1.1
Host: qegyhig.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qegyhig.com/login.phpid-2280784292183247
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 27 May 2025 05:13:56 GMT
content-type: application/javascript; charset=utf-8
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pCas%2BBzkiFEzBJbP7%2BuyibZBS3Jlt80OTXSJvIUyhMSJYkbHWjX6ntt3olJTxsmJC3f8XzkgkMvPQ6cgOwbj2H6aZfLnCWogagAIxAuEE9THOca%2BO1BpjzBsNMXVtw%3D%3D"}],"group":"cf-nel","max_age":604800}
last-modified: Wed, 16 Apr 2025 00:39:12 GMT
vary: Accept-Encoding
etag: W/"67fefc30-4b40"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: gzip
cf-cache-status: HIT
age: 275637
cf-ray: 9463069fd9750b06-OSL
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3695&min_rtt=741&rtt_var=2730&sent=173&recv=137&lost=0&retrans=0&sent_bytes=89768&recv_bytes=9187&delivery_rate=9527523&cwnd=43200&unsent_bytes=0&cid=b6cc86466564e931&ts=1248&x=80"

qegyhig.com/wp-content/uploads/2023/09/cropped-02.-Idola-logo-alt-1-192x192.png

104.21.32.1

200 OK

40 kB

URL GET
qegyhig.com/wp-content/uploads/2023/09/cropped-02.-Idola-logo-alt-1-192x192.png
IP
104.21.32.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://qegyhig.com/login.phpid-2280784292183247
Certificate
IssuerGoogle Trust Services
Subjectqegyhig.com
FingerprintE8:D8:CF:12:F2:55:AB:2A:1D:CB:4B:EB:27:BF:1E:BA:F7:8F:F6:51
ValidityMon, 05 May 2025 09:33:04 GMT - Sun, 03 Aug 2025 10:31:32 GMT

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced
Size
40 kB (39922 bytes)
Hash
d1f1811ac2c5b3160ce819832a1fe628
fee51fc1b3cef119ba46580eac6229332c79d767
c920945e4501a9a4ac5a7001abb17d84114ec9b6515a1afd16977d58518c1627

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/uploads/2023/09/cropped-02.-Idola-logo-alt-1-192x192.png HTTP/1.1
Host: qegyhig.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qegyhig.com/login.phpid-2280784292183247
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 27 May 2025 05:13:56 GMT
content-type: image/png
content-length: 39922
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8m5MGk0ph%2FBzgwN0PTKhYZK%2B%2BcIJBiYtyiugMaeAwsUXTHIbenMl9eZA1hw3bkc%2F6I9JQUE6%2B8uUvlcQr%2FF3ZIR5bWKszuIKBzhrEJcJiA%2FMuBdnhilcon1HOFFAQQ%3D%3D"}],"group":"cf-nel","max_age":604800}
last-modified: Wed, 27 Sep 2023 18:12:55 GMT
etag: "651470a7-9bf2"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 275637
accept-ranges: bytes
cf-ray: 946306a0097e0b06-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3562&min_rtt=741&rtt_var=2314&sent=184&recv=140&lost=0&retrans=0&sent_bytes=99059&recv_bytes=9896&delivery_rate=9527523&cwnd=43200&unsent_bytes=0&cid=b6cc86466564e931&ts=1276&x=80"

qegyhig.com/wp-content/uploads/2023/09/cropped-02.-Idola-logo-alt-1-32x32.png

104.21.32.1

200 OK

2.5 kB

URL GET
qegyhig.com/wp-content/uploads/2023/09/cropped-02.-Idola-logo-alt-1-32x32.png
IP
104.21.32.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://qegyhig.com/login.phpid-2280784292183247
Certificate
IssuerGoogle Trust Services
Subjectqegyhig.com
FingerprintE8:D8:CF:12:F2:55:AB:2A:1D:CB:4B:EB:27:BF:1E:BA:F7:8F:F6:51
ValidityMon, 05 May 2025 09:33:04 GMT - Sun, 03 Aug 2025 10:31:32 GMT

File type
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Size
2.5 kB (2514 bytes)
Hash
24d6169e292ca283dff013bbe28770d7
d214ee03d00a84249d579b0edef9e4ac28d44ef5
b9ae8237792e06c013ccab1fd3ba00a41f4e93ce708e1b55a2a47bdf7a4d7422

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/uploads/2023/09/cropped-02.-Idola-logo-alt-1-32x32.png HTTP/1.1
Host: qegyhig.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qegyhig.com/login.phpid-2280784292183247
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 27 May 2025 05:13:56 GMT
content-type: image/png
content-length: 2514
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Atw7LKSSIQ84wAkbotxjKE6rxLbtwWxA5tgTFJp2ye6nKLXqol2JhBv121YhghK2LDKget9mIHo9DtpX8SQirVYFTq544S%2BG0%2FvBgIFT3zjbNICkcreUtjHUJ7CaHQ%3D%3D"}],"group":"cf-nel","max_age":604800}
last-modified: Wed, 27 Sep 2023 18:12:55 GMT
etag: "651470a7-9d2"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
age: 531269
cf-cache-status: HIT
cf-ray: 946306a009800b06-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3562&min_rtt=741&rtt_var=2314&sent=181&recv=140&lost=0&retrans=0&sent_bytes=95817&recv_bytes=9896&delivery_rate=9527523&cwnd=43200&unsent_bytes=0&cid=b6cc86466564e931&ts=1275&x=80"

qegyhig.com/login.phpid-2280784292183247

104.21.16.1

301 Moved Permanently

88 kB

URL User Request GET
qegyhig.com/login.phpid-2280784292183247
IP
104.21.16.1:80
ASN
#13335 CLOUDFLARENET

File type

Size
88 kB (87793 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /login.phpid-2280784292183247 HTTP/1.1
Host: qegyhig.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Date: Tue, 27 May 2025 05:13:55 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://qegyhig.com/login.phpid-2280784292183247
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ph3RTulvWQQhbpmtLVCDWGWg6ZQAsOwuJFw7eJeYM8dvR45Hi5RS2mYBzBwXjHhSc3D7u5G4GbURkFVFk9GRVgwBFv%2B2abg866R3xCYnL7RpcCaVPgvaXDQIuh7%2F7Q%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 946306993bde7129-OSL
alt-svc: h2=":443"; ma=60
server-timing: cfL4;desc="?proto=TCP&rtt=531&min_rtt=531&rtt_var=265&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=424&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"

qegyhig.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1

104.21.32.1

200 OK

88 kB

URL GET
qegyhig.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1
IP
104.21.32.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://qegyhig.com/login.phpid-2280784292183247
Certificate
IssuerGoogle Trust Services
Subjectqegyhig.com
FingerprintE8:D8:CF:12:F2:55:AB:2A:1D:CB:4B:EB:27:BF:1E:BA:F7:8F:F6:51
ValidityMon, 05 May 2025 09:33:04 GMT - Sun, 03 Aug 2025 10:31:32 GMT

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
88 kB (87553 bytes)
Hash
826eb77e86b02ab7724fe3d0141ff87c
79cd3587d565afe290076a8d36c31c305a573d18
cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-includes/js/jquery/jquery.min.js?ver=3.7.1 HTTP/1.1
Host: qegyhig.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qegyhig.com/login.phpid-2280784292183247
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 27 May 2025 05:13:56 GMT
content-type: application/javascript; charset=utf-8
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MMAl73RuyQv0g55cTjmHhlLiXYcbs3s3V48ZOouWPVKlDH7vIuzLz8qmZtYAOcmL4VQaiTPjxcgCJ69quULCYACLRPpp3TyiksWsv5zPjA%2BPYRKQ%2FFjrUDNUt4fFqw%3D%3D"}],"group":"cf-nel","max_age":604800}
last-modified: Wed, 08 Nov 2023 00:39:49 GMT
vary: Accept-Encoding
etag: W/"654ad8d5-15601"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: gzip
age: 275637
cf-cache-status: HIT
cf-ray: 9463069ed9520b06-OSL
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=4255&min_rtt=741&rtt_var=3148&sent=135&recv=134&lost=0&retrans=0&sent_bytes=48399&recv_bytes=8804&delivery_rate=4309967&cwnd=21600&unsent_bytes=0&cid=b6cc86466564e931&ts=1089&x=80"

qegyhig.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1

104.21.32.1

200 OK

14 kB

URL GET
qegyhig.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1
IP
104.21.32.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://qegyhig.com/login.phpid-2280784292183247
Certificate
IssuerGoogle Trust Services
Subjectqegyhig.com
FingerprintE8:D8:CF:12:F2:55:AB:2A:1D:CB:4B:EB:27:BF:1E:BA:F7:8F:F6:51
ValidityMon, 05 May 2025 09:33:04 GMT - Sun, 03 Aug 2025 10:31:32 GMT

File type
JavaScript source, ASCII text, with very long lines (13479)
Size
14 kB (13577 bytes)
Hash
9ffeb32e2d9efbf8f70caabded242267
3ad0c10e501ac2a9bfa18f9cd7e700219b378738
5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1 HTTP/1.1
Host: qegyhig.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qegyhig.com/login.phpid-2280784292183247
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 27 May 2025 05:13:56 GMT
content-type: application/javascript; charset=utf-8
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=duemzO2O2S0QAL%2B3LKj7v0vApH%2BCUumLkympspP2x1Kt%2BdBraMVZga87AJLnSylWjcYKW9V7qZqoV5XcZ%2Bf9aie6zAWjM38wbcHBZsNJ5xv8hpLLYru8g2ydqM56cw%3D%3D"}],"group":"cf-nel","max_age":604800}
last-modified: Sun, 24 Sep 2023 12:38:54 GMT
vary: Accept-Encoding
etag: W/"65102dde-3509"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: gzip
age: 275637
cf-cache-status: HIT
cf-ray: 9463069ed9530b06-OSL
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=4255&min_rtt=741&rtt_var=3148&sent=130&recv=134&lost=0&retrans=0&sent_bytes=43179&recv_bytes=8804&delivery_rate=4309967&cwnd=21600&unsent_bytes=0&cid=b6cc86466564e931&ts=1088&x=80"

qegyhig.com/wp-content/themes/astra/assets/css/minified/main.min.css?ver=4.3.1

104.21.32.1

200 OK

42 kB

URL GET
qegyhig.com/wp-content/themes/astra/assets/css/minified/main.min.css?ver=4.3.1
IP
104.21.32.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://qegyhig.com/login.phpid-2280784292183247
Certificate
IssuerGoogle Trust Services
Subjectqegyhig.com
FingerprintE8:D8:CF:12:F2:55:AB:2A:1D:CB:4B:EB:27:BF:1E:BA:F7:8F:F6:51
ValidityMon, 05 May 2025 09:33:04 GMT - Sun, 03 Aug 2025 10:31:32 GMT

File type
ASCII text, with very long lines (39343)
Size
42 kB (41525 bytes)
Hash
a0b3a11fd4ebcad236cff2bc51e9b434
32450d8097e971f4b59044e979289903beffc85d
4c0561c2c4810cbb09911bc45252c68724f181aa5bd16455493e31d2bfeba8b3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/astra/assets/css/minified/main.min.css?ver=4.3.1 HTTP/1.1
Host: qegyhig.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qegyhig.com/login.phpid-2280784292183247
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 27 May 2025 05:13:56 GMT
content-type: text/css
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VZNT2AXYIDxGGEXJStO44NGnrBAPCKdsHJKbDMF8A6XWIhBx10ceJ7myufsRiQ0t3d1YzvnNKi5ePqQBhUIBgwE6LhxfVNduUSyfUN10sOpT8A5iPGz1Fo9nzcXI%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}
last-modified: Wed, 27 Sep 2023 17:55:09 GMT
vary: Accept-Encoding
etag: W/"65146c7d-a235"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: gzip
age: 275637
cf-cache-status: HIT
cf-ray: 9463069ed9500b06-OSL
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3933&min_rtt=741&rtt_var=3004&sent=163&recv=135&lost=0&retrans=0&sent_bytes=80747&recv_bytes=8851&delivery_rate=9527523&cwnd=43200&unsent_bytes=0&cid=b6cc86466564e931&ts=1092&x=80"

qegyhig.com/login.phpid-2280784292183247

104.21.32.1

404 Not Found

88 kB

URL User Request GET
qegyhig.com/login.phpid-2280784292183247
IP
104.21.32.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectqegyhig.com
FingerprintE8:D8:CF:12:F2:55:AB:2A:1D:CB:4B:EB:27:BF:1E:BA:F7:8F:F6:51
ValidityMon, 05 May 2025 09:33:04 GMT - Sun, 03 Aug 2025 10:31:32 GMT

File type
HTML document, ASCII text, with very long lines (41959), with CRLF, LF line terminators
Size
88 kB (87793 bytes)
Hash
d6304e6078f7f08eb3da340904e701ff
21ff67a333aa9c0cb82901c66ee6795a1949d5d2
3df74e72ec06af423bbd1ccc5ca8d55962ada77f9f89787f9d8ce433180112bf

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /login.phpid-2280784292183247 HTTP/1.1
Host: qegyhig.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
date: Tue, 27 May 2025 05:13:55 GMT
content-type: text/html; charset=UTF-8
server: cloudflare
vary: Accept-Encoding
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0, no-store, private
link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/"
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=URQ6u%2B6uBxQC9uNPFEYF1nC13Zp8gmC%2Ft3MjqSPkuyM6h3r0uv3inDS0et2eU2Wq01TeAcviLaOAzQ%2BozxLwQhGmW0gIwuSWyA%3D%3D"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-cache-status: DYNAMIC
content-encoding: br
cf-ray: 94630695993b56a3-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

qegyhig.com/login.phpid-2280784292183247

104.21.32.1

404 Not Found

88 kB

URL User Request GET
qegyhig.com/login.phpid-2280784292183247
IP
104.21.32.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectqegyhig.com
FingerprintE8:D8:CF:12:F2:55:AB:2A:1D:CB:4B:EB:27:BF:1E:BA:F7:8F:F6:51
ValidityMon, 05 May 2025 09:33:04 GMT - Sun, 03 Aug 2025 10:31:32 GMT

File type
HTML document, ASCII text, with very long lines (41959), with CRLF, LF line terminators
Size
88 kB (87793 bytes)
Hash
d6304e6078f7f08eb3da340904e701ff
21ff67a333aa9c0cb82901c66ee6795a1949d5d2
3df74e72ec06af423bbd1ccc5ca8d55962ada77f9f89787f9d8ce433180112bf

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /login.phpid-2280784292183247 HTTP/1.1
Host: qegyhig.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Tue, 27 May 2025 05:13:56 GMT
content-type: text/html; charset=UTF-8
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=q08j2gG2GCcRyf213N%2FrlWcd0Hsc3Dlh%2F%2BGRqCeY%2Bj6vzxERcw42I6vDJraPuwyw7m6zbSebvqY0NyW84liPonSSBJwJANUJhCFlrNHNeHd6QUYHOCcT6h2xHXJ4Mg%3D%3D"}],"group":"cf-nel","max_age":604800}
vary: Accept-Encoding
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0, no-store, private
link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/"
cf-cache-status: DYNAMIC
content-encoding: br
cf-ray: 9463069ae8960b06-OSL
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=5411&min_rtt=741&rtt_var=3290&sent=94&recv=127&lost=0&retrans=0&sent_bytes=8206&recv_bytes=7417&delivery_rate=431336&cwnd=12000&unsent_bytes=0&cid=b6cc86466564e931&ts=827&x=80"

qegyhig.com/wp-includes/css/dist/block-library/style.min.css?ver=6.8.1

104.21.32.1

200 OK

116 kB

URL GET
qegyhig.com/wp-includes/css/dist/block-library/style.min.css?ver=6.8.1
IP
104.21.32.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://qegyhig.com/login.phpid-2280784292183247
Certificate
IssuerGoogle Trust Services
Subjectqegyhig.com
FingerprintE8:D8:CF:12:F2:55:AB:2A:1D:CB:4B:EB:27:BF:1E:BA:F7:8F:F6:51
ValidityMon, 05 May 2025 09:33:04 GMT - Sun, 03 Aug 2025 10:31:32 GMT

File type
ASCII text, with very long lines (55654)
Size
116 kB (116363 bytes)
Hash
dfe67cbbac3da53fdbbaed71c91db428
8c82643ef63a8389c1b800b7c5d0af9d684b8b24
597ddfdee7171750c16ec5aafd392cf992e9c53386d6bb6061d48e30334f09e9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-includes/css/dist/block-library/style.min.css?ver=6.8.1 HTTP/1.1
Host: qegyhig.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qegyhig.com/login.phpid-2280784292183247
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 27 May 2025 05:13:56 GMT
content-type: text/css
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MuBQmVGNqr4R%2BjHMr6TFbdpqzk4bhkHoq4RraPN9otR9BIvHJzkpIkXIHH7rrOEnF8og%2BhVOj02PvXXTftFg1LSJajBUVRACm1qcQogB%2FFW5KK7fsPsrtu6xp7%2FBNA%3D%3D"}],"group":"cf-nel","max_age":604800}
last-modified: Wed, 16 Apr 2025 00:39:12 GMT
vary: Accept-Encoding
etag: W/"67fefc30-1c68b"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: gzip
age: 814669
cf-cache-status: HIT
cf-ray: 9463069ed9510b06-OSL
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=4255&min_rtt=741&rtt_var=3148&sent=115&recv=134&lost=0&retrans=0&sent_bytes=26799&recv_bytes=8804&delivery_rate=4309967&cwnd=21600&unsent_bytes=0&cid=b6cc86466564e931&ts=1087&x=80"

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (7)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (10)

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash