URLhaus Database

You are currently viewing the URLhaus database entry for https://mhmedicalsac.com/ai/?1 which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	2633590
URL:	https://mhmedicalsac.com/ai/?1
URL Status:	Offline
Host:	mhmedicalsac.com
Date added:	2023-05-16 11:25:29 UTC
Last online:	2023-05-18 21:XX:XX UTC
Threat:	Malware download
URLhaus blocklist:	Not blocked
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Not blocked
AdGuard :	Not blocked
Cloudflare :	Not blocked
dns0.eu :	Not blocked
ProtonDNS :	Blocked
OpenBLD :	Not blocked
DNS4EU :	Blocked
Reporter:	Cryptolaemus1
Abuse complaint sent (?):	Yes (2023-05-16 11:27:03 UTC to abuse{at}hostgator[dot]com)
Takedown time:	2 days, 9 hours, 38 minutes (down since 2023-05-18 21:05:18 UTC)
Tags:	BB28 geofenced js Qakbot Quakbot USA

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2023-05-18	Ipnvs.js	js	51ffefa8a10b6da720a80cec4735fe173669e7c974946e46c8dda908e824d8a4	22.03%
2023-05-18	Kxuqvtas.js	js	c74cf0cb7927a8438a84c9cedbdbab3e4815550813336043f39674a67b6a021a	28.07%
2023-05-18	Jizbnscl.js	js	76443e093ed6d6e3961cb5f9bbd546bab2d05f6bc2536c5744dc86f7a769bea8	n/a
2023-05-18	Cnwn.js	js	148425d44762a381cbc5cf7c9e0e7fb44d71f7162439e78b219929274f34d19f	25.86%	Quakbot
2023-05-18	Rjiu.js	js	c66769c1beccde8a71bc20172ba3978dfa20fa8e27c21976b94c10327af6d4ca	27.12%	Quakbot
2023-05-18	Ikjhn.js	js	89ddd75a9d671f30070d8ed74468e507a72e5ca5699855296beb959dae2b71b3	11.86%	Quakbot
2023-05-18	Hxpcieqz.js	js	61ef6ef0f9ddc3b6d4b8201a85d35c7ce79058c5ccbb5ccb51e68f15898a3bf9	n/a	Quakbot
2023-05-18	Rawwok.js	js	cb46274d330ebea266c559fd5e391bd171816f40b8a0d960dbacf22c23a94ea3	30.51%	Quakbot
2023-05-18	Frsqck.js	js	e21d7ce5a24617b4a823482fea8b703cee1f434028f5ee807b3d77bcb4197988	14.29%	Quakbot
2023-05-18	Zamnkhly.js	js	b76a46e9b0db483e342c390f25663222fee2e67cb7670205636c7ee748850b86	n/a	Quakbot
2023-05-18	Lsgaft.js	js	fc4e17680da39bbf2dfbf388da243c919927a825eca7d8de8a39d74be04968e9	31.03%	Quakbot
2023-05-17	Brgx.js	js	8772156f90eaf1afea7ef8aede91a10a14f6ab0bbfc0cb8629917994af09f843	n/a	Quakbot
2023-05-17	Ajiwadyc.js	js	e2cd2a44ac9c613f289c14a9d30244223f9949818db49dc69c73a5efc442a948	28.57%	Quakbot
2023-05-17	Gelqzhee.js	js	76b1f9267eb932c85c8717778e7399af2196f31c3f1ee4b76d83a2cc5f2e486c	25.42%	Quakbot
2023-05-17	Ywiu.js	js	a3a82b0e5a194f3c627df166b34ee132214dd6dd7f04b7a684d1b93af75f7591	32.20%	Quakbot
2023-05-17	Eedpe.js	js	1a6bded230cdd64243a37dd3ca94385ac9f1c4794e054250311bd99f2564c83e	25.42%	Quakbot
2023-05-17	Agel.js	js	aa29c7434c1bdbe52fd461a295dac0931392a0852902d70bd91693bedfc48375	31.03%
2023-05-17	Pzzbslwc.js	js	9a8083ef127004e2a3fd6d38ac13339555b0e82a7347cc9a1aaa97c8dda4041b	n/a	Quakbot
2023-05-17	Oilqha.js	js	7001d12f0aff0c6712230ed17f0fa70b2b0f2f7f58554663f28e687b643386ef	n/a	Quakbot
2023-05-17	Vnmkzb.js	js	3d1457b9a3113d388a2ccd544fb5b25831f9c3d26b3e2ec303b1e794a2589b8f	n/a	Quakbot
2023-05-17	Xfomjwf.js	js	faafd8b9fc4007431dde6935f2f8e776f7616d7f88291a394abcb6f011099e53	n/a	Quakbot
2023-05-17	Ljxkaa.js	js	5cae67a1b8d080970498f2ff7349c0f823b2e8ef8bd6c799c4f59592a0afc433	n/a	Quakbot
2023-05-17	Vevd.js	js	dec97fc6b7c89c5455210fbb31359372568f44822b2d10057d03cd154d229661	n/a	Quakbot
2023-05-17	Gulz.js	js	6bc6c5b669158b9e029b17dee0bbf52d2419360288bc435d0590bee596215c09	n/a	Quakbot
2023-05-17	Gneyv.js	js	88102376c537e4320c2d40a9646da968ae0f4b7f9dc27dfacd7113c763bc4e0b	n/a	Quakbot
2023-05-17	Sdkihr.js	js	aeef21300bbb60796135ce89eec1a21def779e61b80e345c4fc529b28a62b477	n/a
2023-05-16	Muovrj.js	js	5ec115482fdd2f262acca69f1a3b98d54eac0a48f763760dd463346739619b55	n/a	Quakbot
2023-05-16	Lpbnqh.js	js	0fd86f37591283c036c747bd62429ec45ac3cd1d68a0973e0a09a1043158785d	n/a	Quakbot
2023-05-16	Xkohmc.js	js	59033f9259f6442d1778feec6dbfca0fae3a2ad404af64905b7cdf97caed308c	n/a	Quakbot
2023-05-16	Avals.js	js	511aef8b49a4d3b25a14dc9fb4d5e23c47088ba8606024ed53b0eea6329da586	n/a
2023-05-16	Srbpuy.js	js	668badc887f9f0d6c22b58d6b24bdcdc18f1801df6fddc47a7f6d07064807b9a	n/a	Quakbot
2023-05-16	Rcttm.js	js	5ca2053dca55ac043fa8556193842677ce41df044d2368afebb49cb0341a8706	n/a
2023-05-16	Fugy.js	js	557cc76602cef539b6c3a84663c13ac02c838e8d1acbff563f8e8270888d8989	n/a	Quakbot
2023-05-16	Rzdpwq.js	js	a6f104bbd6ae386c478ecffb84f175f1badf13029d2fc0c67ac01713a08b8417	n/a	Quakbot