URLhaus Database

You are currently viewing the URLhaus database entry for https://tha-onecreative.com/cn/?1 which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry



Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:2633621
URL: https://tha-onecreative.com/cn/?1
URL Status:Offline
Host: tha-onecreative.com
Date added:2023-05-16 11:25:37 UTC
Last online:2023-05-18 22:XX:XX UTC
Threat:Malware download Malware download
URLhaus blocklist:Not blocked
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Status unknown
AdGuard :Not blocked
Cloudflare :Not blocked
dns0.eu :Status unknown
ProtonDNS :Status unknown
OpenBLD :Not blocked
DNS4EU :Blocked
Reporter: Cryptolaemus1
Abuse complaint sent (?): Yes (2023-05-16 13:22:08 UTC to abuse{at}ukhost4u[dot]com)
Takedown time:2 days, 9 hours, 27 minutes Poor (down since 2023-05-18 22:49:31 UTC)
Tags:BB28 geofenced GuLoader link js Qakbot link Quakbot link USA

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2023-05-18Rvcvbe.jsjs 6016f12710a18923ed029eb1dc62882b5f1a032a7424e0169dd8c2228598f59dVirustotal results 27.12% 
2023-05-18Sttpoldj.jsjs 51ffefa8a10b6da720a80cec4735fe173669e7c974946e46c8dda908e824d8a4Virustotal results 22.03%
2023-05-18Utaopnx.jsjs 1cea0c4b1af9170b9ed2927f3b100d202bebd1b8e69ba1527336aaa6b2c0bffcVirustotal results 13.56%
2023-05-18Sxttrby.jsjs 70690302f1092c03caf575612a2ea51d57a3e81c7c6f4513ce287dc6965cfd5en/a 
2023-05-18Yxvp.jsjs 0af9a445f31e51c20a58fad5f35d353da59c49e684bf1db02c436c4d7f7f18a6Virustotal results 27.59% Quakbot
2023-05-18Wmvolvhs.jsjs 2805dc9f718f68c7daf0cae2b00b6ed8bd0a6e3a957fcf340055a17cc4ef7ef9n/a GuLoader
2023-05-18Owxcxjn.jsjs 2936b6742f1d05f0f4625a1582b4bb5e44cf16340984eb0eaf2118709e5f7933Virustotal results 30.00% 
2023-05-18Yxgwe.jsjs ba4eb74cda0088a1269ede2dd12d974109f7b392ff522322070233d302cb3d01n/a Quakbot
2023-05-18Ehvxah.jsjs efc10c85b0f60f774980c7250e0358ab61ded2a4d2f8fed854bf14d05af6908eVirustotal results 6.90% Quakbot
2023-05-18Uyvhkfe.jsjs 076515d52f5219c37701ac4b38e72e4f6a809dffce463343615c3fb079c9ec89Virustotal results 26.67% Quakbot
2023-05-18Vekjo.jsjs 1d2471f7acbab8882ea6f628275c501f0f81e0aeab5ee16537702bd849e8ba6bn/a Quakbot
2023-05-18Ziaytg.jsjs c7f9d6c56a28ecc44744a1c617778af39179d5869bca0ccd518016eae401078en/a Quakbot
2023-05-18Mlfuu.jsjs e34af5d0c51c9f5403ca9b2aad48f7f772322fade0dff21b839a90ac6420cd87Virustotal results 27.59% Quakbot
2023-05-17Ymphioee.jsjs 3d234411a958948cb4805e18eb29cd95fbd93086ffda9ed636c6d322523b5e80n/a Quakbot
2023-05-17Bemuf.jsjs 7faf3851af4522294594f1f661ae893ca01e462da47aeb7214a3b78b523ac9b1n/a Quakbot
2023-05-17Mzbwu.jsjs ac2f114a6bac8df9444849169360217c9656b866153cfc42dc444cbc6b7b6e35Virustotal results 15.25% Quakbot
2023-05-17Ddyfr.jsjs 3e80a8823bae07e1aca749a62a6da2c57f0f80ebb6d4a8cd1be2ea749d3af45cVirustotal results 13.79% Quakbot
2023-05-17Igqu.jsjs 0efda647b9e6537d80702573e14dad4cae7edd5bb92d94eea0f136b93fdc03b7n/a Quakbot
2023-05-17Cbfengs.jsjs dff43d93176f7f0b50d2b960680eb78be307c219d3a2f9b42d969390818a467fn/a GuLoader
2023-05-17Yddu.jsjs 2843592f4f6518b077adc191bc1e291714c1755c8dd2ad0a04b60ea6ca1c86a5n/a Quakbot
2023-05-17Jpwkbvev.jsjs 50ccf67f854c29f1b64ff4e499ec97910f0bd423b97760fca260ea32229feaa3n/a 
2023-05-17Mmey.jsjs ccee4e7e461a221796a16ea3bdeaf126c87e19d97bcfe6364c65d12aef18f42dn/a Quakbot
2023-05-17Yksr.jsjs ae88209cee7fa39ee35ce44a7e829dcfd63e4b42bbfe4b7e0ccb369f10d33ffbn/a 
2023-05-17Tfrvt.jsjs 4ec26211b3d838a91beb3bc106bf93429c2c040049939d59c11e41ba78e6055en/a Quakbot
2023-05-17Jtmbhrzg.jsjs 7520de68c7c5d824e15350393ee1b1cb210d446e1ae35be47ee0c63a0c70fd13n/a Quakbot
2023-05-17Xilrsojf.jsjs 366d0653d52d2bff2a52f36016d02f4820b30e068a80e018cdede1ef56af3443n/a Quakbot
2023-05-16Idhcgf.jsjs e3f35fc2eaeda15c7e98a9e70e5907d47a13ce638730a09e5493722eaa8c59a4n/a 
2023-05-16Lgti.jsjs e9eeccf92698a2717aff20e72ca92b2c3bbd8988aa76571f1ccef96e00f139e5n/a Quakbot
2023-05-16Lupx.jsjs 3ed0e2b7c9db0217d9c582be998d6757070a7ad3ded018a8be46912901a73395n/a Quakbot
2023-05-16Hmrw.jsjs a0ef0902fc9a09ef5a60d2dc5c767f8b9643a6b358a41d1e4e89ec4503587efdn/a Quakbot
2023-05-16Komejxi.jsjs 8c37c511c29d0c93a378ffe41c8cc97661d654beeb9c0812ba7ac11b2db47360n/a Quakbot
2023-05-16Srncfnhr.jsjs b42e6ec9856ba2c040e1e0016ebd6278b2d9626ada79553db69017625d139042n/a 
2023-05-16Ozvc.jsjs 3e48f9c9ad5249c94678cd2062675e552185dc75aada38f4c4cbb579c28b2425n/a Quakbot