ScanMalware.com

Security Scan Report: plugins.qgis.org

Site favicon
Submitted: May 12, 2026, 3:39:25 PMCompleted: May 12, 2026, 3:41:01 PMpubliccompleted
Loading additional data...

Summary

This website contacted 5 IPs in 3 countries across 5 domains to perform 57 HTTP transactions. The main domain is plugins.qgis.org and was registered NaN years ago.

Submitted URL: https://plugins.qgis.org

The Cisco Umbrella rank of the primary domain is #123,740 of the top 1 million websites

AI Security Verdict

High Risk

Confidence: 88%

8
Risk Score

The site shows strong malware indicators (C2 beacon, data exfiltration) despite being an old, legitimate‑looking subdomain; treat as high‑risk and avoid.

Risk Factors
Critical IDS alerts indicating malware command‑and‑control activity
Large POST requests suggest data exfiltration
Low domain ranking for a brand‑related site
Domain age information unavailable

Details

Page Title

QGIS Plugins

Scan Type

public

Language

🇺🇸

English

(55% confidence)

Category

technology software

(69%)

Domain Information

You're looking at domain 'plugins.qgis.org' on the non-profit oriented generic top-level domain (.org) and includes subdomain 'plugins'. The core label 'qgis' covers 4 characters with one vowel and 3 consonants. Breaking it apart gives two words: qg, is. Expect two characters per word on average. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://plugins.qgis.org

Page Load Overview

7.79s
Total Load Time
97
HTTP Requests
5
Domains
1.3 MB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:55%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:55%
Script Type:Latin
Text Length:13,488 chars
Detector Agreement:100%

Website Classification

Primary Category

technology software69% confidence
Type: dynamic
Method: ml+structural

All Detected Categories

technology software
69%

Detected Features

Search

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
2195.217.26.231Helsinki, Uusimaa, Finland
AS24940Hetzner Online GmbH
19116.203.123.27Nuremberg, Bavaria, Germany
AS24940Hetzner Online GmbH
19185.199.110.153United States
AS54113Fastly, Inc.
19104.16.79.73United States
AS13335Cloudflare, Inc.
19188.114.96.3United States
AS13335Cloudflare, Inc.
975--

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T1C0D3C636B1DD4C2CA1BE9720625062E7E1F6B7D2A2157F74313C4517EF94A3309B22BA

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

1536:EJf0fuJpCT+GMgPFDl/9BL0dxXpkoUPmMqfrDgSN4mO:EN0mGMgPj/9BL0dxXpkoUPmLkD

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:141711:EgjgWYlAWhgAjqGGCIAJGADZIgNTSUrGQgwQDSYFRwYoAQ1l5xNPgPCAxwICQAAgJMSApuUkdCQQQLwagMAygtVChCECEzQE

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:0000000000ffffff
Perceptual Hash:9212ebed2ab44bc9
Difference Hash:4fcdcc8d9361005b
Wavelet Hash:00047e0400ffffff
Color Hash:#2dd2b1

Other Hashes

Crop Resistant:4fcdcc8d9361005b,f0cc862b33333998,47de5d991b5b5b73,cb4dccd0ac8c7331,5b221d6181c10d00

Scan History

Scan history not available

Unable to load historical scan data