URLhaus Database

You are currently viewing the URLhaus database entry for https://picc-penang.com/ci/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:2629217
URL: https://picc-penang.com/ci/
URL Status:Offline
Host: picc-penang.com
Date added:2023-05-10 17:15:25 UTC
Last online:2023-05-13 06:XX:XX UTC
Threat:Malware download Malware download
URLhaus blocklist:Not blocked
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Not blocked
AdGuard :Not blocked
Cloudflare :Not blocked
dns0.eu :Not blocked
ProtonDNS :Blocked
OpenBLD :Not blocked
DNS4EU :Blocked
Reporter: Cryptolaemus1
Abuse complaint sent (?): Yes (2023-05-10 17:17:47 UTC to abuse_dci{at}tm[dot]com[dot]my)
Takedown time:2 days, 12 hours, 49 minutes Poor (down since 2023-05-13 06:07:21 UTC)
Tags:BB27 geofenced js Qakbot link qbot link Quakbot link TR USA

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2023-05-12Toxpbxyb.jsjs c5f539c489869f9439efe4c86d17148a2f41317efa50bf95ba1fc46b71d3c8c1n/a Quakbot
2023-05-12Ifegdxo.jsjs 21069be167a5acfab5b35d5e1e917fe4fddc5f55e1cf4791d597902d17cc6e58n/a Quakbot
2023-05-11Bcvg.jsjs 7f520908e304e209229392163be145e39b852c9492133f26d02cb35c760c872an/a Quakbot
2023-05-11Mrddtyb.jsjs 9a5d70f97c69e30e9f3b79fd744385b9879f40acb73ee67b2b5144f890d970ean/a Quakbot
2023-05-10Mhkltj.jsjs 58545eaaa4c83048aaa1edc2c3ae618fe6e0230342a4886e7475fdecf7aac00bn/a 
2023-05-10Cjfldy.jsjs ddf5300d4ea1604221c7aca7ffd92c5a6b7e922b753aa2dd186a232ba043384dn/a