Report - qegyval.com/http:/pufycol.com/http:/gacyhis.com/http:/lygyvar.com/

Report Overview

Visited public
2024-06-29 00:50:16
Tags
URL
qegyval.com/http:/pufycol.com/http:/gacyhis.com/http:/lygyvar.com/
Finishing URL
qegyval.com/http:/pufycol.com/http:/gacyhis.com/http:/lygyvar.com/
IP / ASN
45.200.228.234
#135097 LUOGELANG FRANCE LIMITED
Title
官网

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-06-27 18:12:05	2.0 kB	5.3 kB	23.36.77.32
qegyval.com	unknown	2011-09-06	2012-12-06 16:58:28	2024-04-18 09:16:08	3.7 kB	7.2 kB	45.200.228.234

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-06-28	medium	qegyval.com	Sinkholed
2024-06-28	medium	qegyval.com	Sinkholed
2024-06-28	medium	qegyval.com	Sinkholed
2024-06-28	medium	qegyval.com	Sinkholed
2024-06-28	medium	qegyval.com	Sinkholed
2024-06-28	medium	qegyval.com	Sinkholed
2024-06-28	medium	qegyval.com	Sinkholed
2024-06-28	medium	qegyval.com	Sinkholed
2024-06-28	medium	qegyval.com	Sinkholed
2024-06-28	medium	qegyval.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (3)

	URL	From	Size	First Seen	Last Seen
	qegyval.com/common.js	ScriptElement	976 B	2024-06-23	2024-08-19
Pretty URL qegyval.com/common.js IP 45.200.228.234 ASN #135097 LUOGELANG FRANCE LIMITED Introduced by scriptElement Embedded in HTML false Observations First Seen2024-06-23 21:12 Last Seen2024-08-19 19:05 Times Seen10 Hash 335bb34d750e97475f199acb21907c6d d8c0e167d2355751154479b8b9ed59d3c5941573 bf0e1f2318a4947eee89fdac6a3031b5cad0662cc27adf8ec17b939b0e9c07e5 Loading...

		Size	First Seen	Last Seen
	#1 Write - 74312d9fd3d0d77a65b4edf6f7a9d543	169 B	2023-03-07 12:43	2025-05-06 09:10
Pretty Observations First Seen2023-03-07 12:43 Last Seen2025-05-06 09:10 Times Seen1012 Hash 74312d9fd3d0d77a65b4edf6f7a9d543 f8f99b78a90612dba2ab0f2f96d35ef3c77cd3c6 e3932ed210d0dfb6820eacc496a3e5a609b8f011515b9324fe93b5d956a11f08 Loading...

	#2 Write - 656deae4d575acb9255b55bb9c21573d	264 B	2024-06-23 21:12	2025-02-06 05:07
Pretty Observations First Seen2024-06-23 21:12 Last Seen2025-02-06 05:07 Times Seen22 Hash 656deae4d575acb9255b55bb9c21573d 60f43f3b105d6951a464f11c6df76f7804dc8f7a f784eb09baada9e5f69acf19df39c0a4a5e0922b719b1f8d42b3619b92ad64ad Loading...

HTTP Transactions (16)

URL IP Response Size

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
11d12f1fba8aca9d9418e9d8dc4952bf
815abf5c4b5eb6f908e3c9aa829ee2e6ccdcc449
97f30de1fa8e41bf859ba482af92cec319429e14f4f81a9c675977b672ed7b9a

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "97F30DE1FA8E41BF859BA482AF92CEC319429E14F4F81A9C675977B672ED7B9A"
Last-Modified: Fri, 28 Jun 2024 01:53:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6732
Expires: Sat, 29 Jun 2024 02:42:03 GMT
Date: Sat, 29 Jun 2024 00:49:51 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
116ef0f15d988075de9127b4d85aeeac
cd431538d40d2097891757fd0ca8c06b576051e9
7dd2781a8624ca9b8c54539a3c46c44cdd86477de3078e4dab624bfc7ce5b7ae

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "7DD2781A8624CA9B8C54539A3C46C44CDD86477DE3078E4DAB624BFC7CE5B7AE"
Last-Modified: Thu, 27 Jun 2024 11:47:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11765
Expires: Sat, 29 Jun 2024 04:05:56 GMT
Date: Sat, 29 Jun 2024 00:49:51 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
1a0a218c9c80fb05585b4f6c937a462a
e888eb5099221806dda66adb4bf792f352ef6610
bb1019aa57ae13a1711a36128a9cd37fba1ed8dfa97bef742765067f4ed17d50

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "BB1019AA57AE13A1711A36128A9CD37FBA1ED8DFA97BEF742765067F4ED17D50"
Last-Modified: Thu, 27 Jun 2024 04:21:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11832
Expires: Sat, 29 Jun 2024 04:07:04 GMT
Date: Sat, 29 Jun 2024 00:49:52 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
0c22b10a118098f2cdc4b186e6f8e9a8
cfe8b247d843f42d2205bb16a48cefe38c78526e
1208b1961307dfb3c91a337dfa900f9be57f91cab6a7dd3d7c5e38d2399d5d10

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "1208B1961307DFB3C91A337DFA900F9BE57F91CAB6A7DD3D7C5E38D2399D5D10"
Last-Modified: Fri, 28 Jun 2024 05:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19388
Expires: Sat, 29 Jun 2024 06:13:01 GMT
Date: Sat, 29 Jun 2024 00:49:53 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
0c22b10a118098f2cdc4b186e6f8e9a8
cfe8b247d843f42d2205bb16a48cefe38c78526e
1208b1961307dfb3c91a337dfa900f9be57f91cab6a7dd3d7c5e38d2399d5d10

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "1208B1961307DFB3C91A337DFA900F9BE57F91CAB6A7DD3D7C5E38D2399D5D10"
Last-Modified: Fri, 28 Jun 2024 05:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19388
Expires: Sat, 29 Jun 2024 06:13:01 GMT
Date: Sat, 29 Jun 2024 00:49:53 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
0c22b10a118098f2cdc4b186e6f8e9a8
cfe8b247d843f42d2205bb16a48cefe38c78526e
1208b1961307dfb3c91a337dfa900f9be57f91cab6a7dd3d7c5e38d2399d5d10

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "1208B1961307DFB3C91A337DFA900F9BE57F91CAB6A7DD3D7C5E38D2399D5D10"
Last-Modified: Fri, 28 Jun 2024 05:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19388
Expires: Sat, 29 Jun 2024 06:13:01 GMT
Date: Sat, 29 Jun 2024 00:49:53 GMT
Connection: keep-alive

qegyval.com/http:/pufycol.com/http:/gacyhis.com/http:/lygyvar.com/

45.200.228.234

200 OK

457 B

URL User Request GET HTTP/1.1
qegyval.com/http:/pufycol.com/http:/gacyhis.com/http:/lygyvar.com/
IP
45.200.228.234:80
ASN
#135097 LUOGELANG FRANCE LIMITED

File type
HTML document, ISO-8859 text, with CRLF line terminators
Size
457 B (457 bytes)
Hash
27d3ea64ef0f44f8002f175950e3dedf
45664f15cc95011360e6e0742ca70ca4443737c2
e06beacdcc1ad1cfbe80aadb8a62d04c80c45e0e603c63b2e4313bfc32b7f50c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /http:/pufycol.com/http:/gacyhis.com/http:/lygyvar.com/ HTTP/1.1
Host: qegyval.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 29 Jun 2024 00:49:56 GMT
Content-Length: 457
Content-Type: text/html
Server: Microsoft-IIS/6.0

qegyval.com/common.js

45.200.228.234

200 OK

976 B

URL GET HTTP/1.1
qegyval.com/common.js
IP
45.200.228.234:80
ASN
#135097 LUOGELANG FRANCE LIMITED

Requested by
http://qegyval.com/http:/pufycol.com/http:/gacyhis.com/http:/lygyvar.com/

File type
HTML document, ASCII text, with CRLF line terminators
Size
976 B (976 bytes)
Hash
335bb34d750e97475f199acb21907c6d
d8c0e167d2355751154479b8b9ed59d3c5941573
bf0e1f2318a4947eee89fdac6a3031b5cad0662cc27adf8ec17b939b0e9c07e5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common.js HTTP/1.1
Host: qegyval.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://qegyval.com/http:/pufycol.com/http:/gacyhis.com/http:/lygyvar.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 29 Jun 2024 00:49:56 GMT
Content-Length: 976
Content-Type: application/x-javascript
Server: Microsoft-IIS/6.0

qegyval.com/tj.js

45.200.228.234

200 OK

370 B

URL GET HTTP/1.1
qegyval.com/tj.js
IP
45.200.228.234:80
ASN
#135097 LUOGELANG FRANCE LIMITED

Requested by
http://qegyval.com/404.html

File type
HTML document, ASCII text, with very long lines (370), with no line terminators
Size
370 B (370 bytes)
Hash
9fd29c657d45f55405aba7c73c7bb5b9
0ed80b347964e262db51f812e78abeb2c629b22b
485c59df85c684c2865eaeb52a5e3017b3f516249749a08bfd5b83de1624ccf8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /tj.js HTTP/1.1
Host: qegyval.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://qegyval.com/http:/pufycol.com/http:/gacyhis.com/http:/lygyvar.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 29 Jun 2024 00:49:56 GMT
Content-Length: 370
Content-Type: application/x-javascript
Server: Microsoft-IIS/6.0

qegyval.com/404.html

45.200.228.234

200 OK

457 B

URL GET HTTP/1.1
qegyval.com/404.html
IP
45.200.228.234:80
ASN
#135097 LUOGELANG FRANCE LIMITED

Requested by
http://qegyval.com/404.html

File type
HTML document, ISO-8859 text, with CRLF line terminators
Size
457 B (457 bytes)
Hash
27d3ea64ef0f44f8002f175950e3dedf
45664f15cc95011360e6e0742ca70ca4443737c2
e06beacdcc1ad1cfbe80aadb8a62d04c80c45e0e603c63b2e4313bfc32b7f50c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /404.html HTTP/1.1
Host: qegyval.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://qegyval.com/http:/pufycol.com/http:/gacyhis.com/http:/lygyvar.com/
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 29 Jun 2024 00:49:56 GMT
Content-Length: 457
Content-Type: text/html
Server: Microsoft-IIS/6.0

qegyval.com/favicon.ico

45.200.228.234

200 OK

457 B

URL GET HTTP/1.1
qegyval.com/favicon.ico
IP
45.200.228.234:80
ASN
#135097 LUOGELANG FRANCE LIMITED

Requested by
http://qegyval.com/http:/pufycol.com/http:/gacyhis.com/http:/lygyvar.com/

File type
HTML document, ISO-8859 text, with CRLF line terminators
Size
457 B (457 bytes)
Hash
27d3ea64ef0f44f8002f175950e3dedf
45664f15cc95011360e6e0742ca70ca4443737c2
e06beacdcc1ad1cfbe80aadb8a62d04c80c45e0e603c63b2e4313bfc32b7f50c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: qegyval.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://qegyval.com/http:/pufycol.com/http:/gacyhis.com/http:/lygyvar.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 29 Jun 2024 00:49:56 GMT
Content-Length: 457
Content-Type: text/html
Server: Microsoft-IIS/6.0

qegyval.com/common.js

45.200.228.234

200 OK

976 B

URL GET HTTP/1.1
qegyval.com/common.js
IP
45.200.228.234:80
ASN
#135097 LUOGELANG FRANCE LIMITED

Requested by
http://qegyval.com/http:/pufycol.com/http:/gacyhis.com/http:/lygyvar.com/

File type
HTML document, ASCII text, with CRLF line terminators
Size
976 B (976 bytes)
Hash
335bb34d750e97475f199acb21907c6d
d8c0e167d2355751154479b8b9ed59d3c5941573
bf0e1f2318a4947eee89fdac6a3031b5cad0662cc27adf8ec17b939b0e9c07e5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common.js HTTP/1.1
Host: qegyval.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://qegyval.com/404.html
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 29 Jun 2024 00:49:57 GMT
Content-Length: 976
Content-Type: application/x-javascript
Server: Microsoft-IIS/6.0

qegyval.com/tj.js

45.200.228.234

200 OK

370 B

URL GET HTTP/1.1
qegyval.com/tj.js
IP
45.200.228.234:80
ASN
#135097 LUOGELANG FRANCE LIMITED

Requested by
http://qegyval.com/404.html

File type
HTML document, ASCII text, with very long lines (370), with no line terminators
Size
370 B (370 bytes)
Hash
9fd29c657d45f55405aba7c73c7bb5b9
0ed80b347964e262db51f812e78abeb2c629b22b
485c59df85c684c2865eaeb52a5e3017b3f516249749a08bfd5b83de1624ccf8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /tj.js HTTP/1.1
Host: qegyval.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://qegyval.com/404.html
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 29 Jun 2024 00:49:57 GMT
Content-Length: 370
Content-Type: application/x-javascript
Server: Microsoft-IIS/6.0

qegyval.com/404.html

45.200.228.234

200 OK

457 B

URL GET HTTP/1.1
qegyval.com/404.html
IP
45.200.228.234:80
ASN
#135097 LUOGELANG FRANCE LIMITED

Requested by
http://qegyval.com/404.html

File type
HTML document, ISO-8859 text, with CRLF line terminators
Size
457 B (457 bytes)
Hash
27d3ea64ef0f44f8002f175950e3dedf
45664f15cc95011360e6e0742ca70ca4443737c2
e06beacdcc1ad1cfbe80aadb8a62d04c80c45e0e603c63b2e4313bfc32b7f50c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /404.html HTTP/1.1
Host: qegyval.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://qegyval.com/404.html
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 29 Jun 2024 00:49:57 GMT
Content-Length: 457
Content-Type: text/html
Server: Microsoft-IIS/6.0

qegyval.com/common.js

45.200.228.234

200 OK

976 B

URL GET HTTP/1.1
qegyval.com/common.js
IP
45.200.228.234:80
ASN
#135097 LUOGELANG FRANCE LIMITED

Requested by
http://qegyval.com/http:/pufycol.com/http:/gacyhis.com/http:/lygyvar.com/

File type
HTML document, ASCII text, with CRLF line terminators
Size
976 B (976 bytes)
Hash
335bb34d750e97475f199acb21907c6d
d8c0e167d2355751154479b8b9ed59d3c5941573
bf0e1f2318a4947eee89fdac6a3031b5cad0662cc27adf8ec17b939b0e9c07e5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common.js HTTP/1.1
Host: qegyval.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://qegyval.com/404.html
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 29 Jun 2024 00:49:57 GMT
Content-Length: 976
Content-Type: application/x-javascript
Server: Microsoft-IIS/6.0

qegyval.com/tj.js

45.200.228.234

200 OK

370 B

URL GET HTTP/1.1
qegyval.com/tj.js
IP
45.200.228.234:80
ASN
#135097 LUOGELANG FRANCE LIMITED

Requested by
http://qegyval.com/404.html

File type
HTML document, ASCII text, with very long lines (370), with no line terminators
Size
370 B (370 bytes)
Hash
9fd29c657d45f55405aba7c73c7bb5b9
0ed80b347964e262db51f812e78abeb2c629b22b
485c59df85c684c2865eaeb52a5e3017b3f516249749a08bfd5b83de1624ccf8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /tj.js HTTP/1.1
Host: qegyval.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://qegyval.com/404.html
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 29 Jun 2024 00:49:57 GMT
Content-Length: 370
Content-Type: application/x-javascript
Server: Microsoft-IIS/6.0

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (3)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

Observations

Hash

HTTP Transactions (16)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type