URLhaus Database

You are currently viewing the URLhaus database entry for https://derofx.com/tuir/?1 which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry



Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:2633723
URL: https://derofx.com/tuir/?1
URL Status:Offline
Host: derofx.com
Date added:2023-05-16 11:26:05 UTC
Last online:2023-05-18 22:XX:XX UTC
Threat:Malware download Malware download
URLhaus blocklist:Not blocked
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Status unknown
AdGuard :Not blocked
Cloudflare :Not blocked
dns0.eu :Status unknown
ProtonDNS :Status unknown
OpenBLD :Not blocked
DNS4EU :Not blocked
Reporter: Cryptolaemus1
Abuse complaint sent (?): Yes (2023-05-16 11:29:01 UTC to abuse{at}namecheaphosting[dot]com)
Takedown time:2 days, 11 hours, 28 minutes Poor (down since 2023-05-18 22:57:05 UTC)
Tags:BB28 geofenced js Qakbot link Quakbot link USA

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2023-05-18Fqant.jsjs c74cf0cb7927a8438a84c9cedbdbab3e4815550813336043f39674a67b6a021aVirustotal results 28.07% 
2023-05-18Csctnrug.jsjs 51ffefa8a10b6da720a80cec4735fe173669e7c974946e46c8dda908e824d8a4Virustotal results 22.03%
2023-05-18Wglqbhy.jsjs d3c6e06204212c1aeeef29809460056535cba3beca8cf163b7c8719671ef0c9fVirustotal results 22.03% 
2023-05-18Sfbq.jsjs fece7b3eb85a14d01f5c11d72b1d89920d183f55f7d39e7d16a00988cb4c93cdn/a 
2023-05-18Kjsqw.jsjs e90a83b63ded96ef671ed3692c8983df0d5845adeef9c03bbbacc8a34cc8db79n/a Quakbot
2023-05-18Iyljryo.jsjs a70e07343087b1341505ab67207e4f4d1170a7ae25f9b7c90ca2eab5663e3db9n/a Quakbot
2023-05-18Tdffwo.jsjs 0204463c040334db593942c0e48063d6f6df33cbfba1fdbf8bfe51aa0bf83372Virustotal results 27.59% Quakbot
2023-05-18Nvma.jsjs f27926066b5633ef279634f13fac70b4fc198ce37d68ef22e07fa19e4bf0fd44Virustotal results 27.12% Quakbot
2023-05-18Xrmpvo.jsjs 2072042cbdf8458366261756217da566a1b8d6cf4b24541a37d71c44c07c7fdeVirustotal results 24.14% Quakbot
2023-05-18Fphombc.jsjs 85341f4b78166b2b1fe18125caf6a187b8c29c45ce7ef3956530cfd4bd6591e0Virustotal results 8.62% Quakbot
2023-05-18Qgwg.jsjs 447b96999dd079d4e5bbdefc464fbae41be6c1d6f55fa0d6dc0cf9db6f3490b2Virustotal results 23.73% Quakbot
2023-05-18Mcfxru.jsjs 7fc4905fb7d4a1e1c931e869fdfaabceabbdbf242ca9e35ff7178f74e6f7b207Virustotal results 25.42% Quakbot
2023-05-17Xdpivti.jsjs 9b64ae131a9769a5a9c68d07ec022e6c1bb857b911fd3e4ba914453db7e4b317Virustotal results 25.42% Quakbot
2023-05-17Xzwtr.jsjs 9ed630b44354fa9a5b12648e092b487dbecee08d6aad53bf5d2695dbea9b9cc6Virustotal results 32.20% Quakbot
2023-05-17Pvpcj.jsjs 5385fad188601d9e6dde0c124799956c0f227ef163e10a45533ba701150ef12fVirustotal results 11.76% Quakbot
2023-05-17Rnpeijr.jsjs c7350bae160037853cf976ce2975bb3bf2a766449f69080fe67c733cbe18e005n/a Quakbot
2023-05-17Tdgiwbb.jsjs e33a486361f2b596983444fdfcab380bffa678c31788687e1d8fb8e9aed9f6b0Virustotal results 32.20% Quakbot
2023-05-17Zhiyszhq.jsjs bc85062a6ed96ba55f83637c5941ebb10dd8734a7486eb2e716a41e21578b347n/a Quakbot
2023-05-17Ahstv.jsjs 8323339fe9864a8ae4d4d40aaccb4bf92a9b3ba6b545c2210dec09fb28bf9374Virustotal results 27.12% Quakbot
2023-05-17Vxll.jsjs 67a65e547d816ffbf22aa6f4566683c49686c114668c16d033c7741de6c9b117n/aQuakbot
2023-05-17Hyvjl.jsjs abaf44b363d38d782b6130de3eb34338d52cf9dddf17f38e603cd4b07dcb6619n/a Quakbot
2023-05-17Odeegukk.jsjs 3e64a12cbe4c670b4b3a0fb325a3bb3c01fd052cbf597d897054156f7e83821dn/a 
2023-05-17Teujhe.jsjs db1db35f34e9220d1191ff87ec1d0aa49dd14efe42065bfa5420f0b141ca0626n/a Quakbot
2023-05-17Oyitab.jsjs ad81dc2308de9ff8c3dcd7ecb90be6076650f6d760a6a8076e2b7fd8cd1dc7cen/a Quakbot
2023-05-17Imwtxp.jsjs 1a223cd50b651fdc815071bf20a6bc43b0b3e671ef51aba480b6748fb42c83f0n/a Quakbot
2023-05-17Kqzujt.jsjs 72aa57271565dbf8b2772e7c7d47e5aca67538ae2e68563362afbb8d0ba51315n/a Quakbot
2023-05-17Iyroxr.jsjs 39e9742057a63f7df05a6ecb045c366a47aa0b460b8d0251f303504d450e0b5an/a Quakbot
2023-05-16Oxcsphn.jsjs 2b2418f3c02011ad281a67c4f0543131b8e16a16baaab9bbc83971b2ee35a963n/a 
2023-05-16Hukpwwmt.jsjs 542e90d0f6102f954435117bead86647d83a6f41f9eb0adc387f28aed88f7877n/a Quakbot
2023-05-16Pxjomzkl.jsjs 7bc3611875b84cf22e28fb5a3414206c3c76219390b8efb9132c51200cb8692bn/a Quakbot
2023-05-16Fsog.jsjs c32b1d453449c1296708a323f832a2b5115107ed8daeef98be04fc1570db97ecn/a Quakbot
2023-05-16Snllguh.jsjs 06ae2c8212c1202fb18fc9141c3723de925bdbd1b1a6a9959468d627ca9a546fn/a Quakbot
2023-05-16Itualktn.jsjs 5d8d1ba6d172f20d83e8ad051858ebc817b0ff3cc8dbb6367966007eebf92690n/a Quakbot
2023-05-16Vmqfhq.jsjs ef57b6ffefc373414571cf8d127f8d7f677a2cd44538818f80164d21de5884d7n/a Quakbot