URLhaus Database

You are currently viewing the URLhaus database entry for http://xiaoma-10021647.file.myqcloud.com/qrtb.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

ID:	185713
URL:	http://xiaoma-10021647.file.myqcloud.com/qrtb.exe
URL Status:	Online (spreading malware for 7 years, 2 months, 7 days, 23 hours, 56 minutes)
Host:	xiaoma-10021647.file.myqcloud.com
Date added:	2019-04-26 19:17:06 UTC
Threat:	Malware download
URLhaus blocklist:	Blocked
Spamhaus DBL :	Abused domain (phishing)
SURBL :	Blocked
Quad9 :	Not blocked
AdGuard :	Not blocked
Cloudflare :	Not blocked
dns0.eu :	Not blocked
ProtonDNS :	Blocked
OpenBLD :	Blocked
DNS4EU :	Not blocked
Reporter:	zbetcheckin
Abuse complaint sent (?):	Yes (2026-05-26 06:18:12 UTC to ipas{at}cnnic[dot]cn)
Tags:	exe

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Bazaar	Signature
2019-08-15	n/a	exe	346f265296e1bdc8d56605048834cb8cd07437a7b70b5bda964d880c24d3655e	n/a
2019-07-29	n/a	exe	d2ce081a57cdc9924b6ac7f3776532d553dda51e86affc0bc4521f57a11b2d20	n/a
2019-07-24	n/a	exe	956f41b24d7741dde0d686e7b01b8a32545ec4a7e5c2527f6565cc8644579438	n/a
2019-06-13	n/a	exe	c7382f00aca1f5b6123842ad9ab18397c50816fc6815a277999c30a1be59811c	n/a
2019-06-08	n/a	exe	d6511ce978ea97ad5765e253e5f6167e7876674827ec1e241bdf63c6776d2ee0	n/a
2019-06-08	n/a	exe	96764dbff750a93cac0561e4f5e8e8c029c2d8137c4c01a8e6f6148eb9f5b1ca	n/a
2019-04-26	n/a	exe	6d5fb7159a958a5d5cfe6c3ba960c48de291fbbc9028c0bf63157d335c84467d	75.38%