URLhaus Database

You are currently viewing the URLhaus database entry for https://buyexpressdocumentsonline.com/otp/?1 which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry



Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:2634210
URL: https://buyexpressdocumentsonline.com/otp/?1
URL Status:Offline
Host: buyexpressdocumentsonline.com
Date added:2023-05-16 13:42:19 UTC
Last online:2023-05-16 17:XX:XX UTC
Threat:Malware download Malware download
URLhaus blocklist:Not blocked
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Status unknown
AdGuard :Not blocked
Cloudflare :Not blocked
dns0.eu :Status unknown
ProtonDNS :Status unknown
OpenBLD :Not blocked
DNS4EU :Blocked
Reporter: Cryptolaemus1
Abuse complaint sent (?): Yes (2023-05-16 13:43:43 UTC to abuse{at}cloudflare[dot]com)
Takedown time:2 days, 7 hours, 19 minutes Poor (down since 2023-05-18 21:02:53 UTC)
Tags:BB28 geofenced js Qakbot link Quakbot link USA

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2023-05-18Niccd.jsjs 51ffefa8a10b6da720a80cec4735fe173669e7c974946e46c8dda908e824d8a4Virustotal results 22.03%
2023-05-18Srhs.jsjs 6016f12710a18923ed029eb1dc62882b5f1a032a7424e0169dd8c2228598f59dVirustotal results 28.81% 
2023-05-18Srcenet.jsjs 1cea0c4b1af9170b9ed2927f3b100d202bebd1b8e69ba1527336aaa6b2c0bffcVirustotal results 13.56%
2023-05-18Usjxazui.jsjs 67afb6fe01b12f4c199423ee3a1fea3df90003357fcf087a453754ac698f67ban/a 
2023-05-18Uuzpig.jsjs 657ba945eb9c34584fcdaaaf316636af2fcddf21425ff248bf2de46d55dc8147n/a Quakbot
2023-05-18Ybsibonz.jsjs 2e6fa76c0870d4318d71a8defd95759f831cb88397931327f00478d853bc9525n/a Quakbot
2023-05-18Fooeai.jsjs d3174d21c0af8584eb01c73536a3c50de953ccf9c1486afb0e38c63e608d5342n/a Quakbot
2023-05-18Hwygpmtn.jsjs 4cfd3cea6e5aacf340993648b46bbd6628953021cc5148be665b68de39755e98Virustotal results 27.12% 
2023-05-18Lwvjf.jsjs 51351bc77c5c23de367e4fdd74a87fd4ea6a100dd396c2f78dde57c715543f3dVirustotal results 27.12% Quakbot
2023-05-18Atpqcdw.jsjs ed3b42a466d5debc63224e8439d69996fd4f174cfcae800ac31dd8dcb69c921dVirustotal results 31.58% Quakbot
2023-05-18Mrjypqrc.jsjs 55958c9aef4b48e1d2648546d04249950dc900677dbaa6883bf95cc5db2df09aVirustotal results 23.73% Quakbot
2023-05-17Zhwir.jsjs 3a2fe931e43de04dd026f5fa57590b2baf3539c2930e6d9239ec3a95a1ec6bd7Virustotal results 32.20% Quakbot
2023-05-17Pulj.jsjs 9024a49a844d092fb509a2d8e48a42cd4209b347497199616d579fa84a136fc5Virustotal results 25.00% Quakbot
2023-05-17Xpkgc.jsjs d67719607166b2f101544e674067b1d8a66a134620ce0e19794356da09e033ebn/a Quakbot
2023-05-17Sitvqgma.jsjs 14ce409dfb31225a9aa73965aca14ef09852a03cf69033bf2deac2a816796a31n/a 
2023-05-17Efajysdb.jsjs 0b8b2630460c4baa473d458c5dfe165acc6e1cd41d684697d22599bce6fcf623n/a Quakbot
2023-05-17Ianu.jsjs 170ceff8d051e5addeb6beb1128383fe814b7b40738b54c0f99409de5ccba2c6n/a 
2023-05-17Zfpy.jsjs 6e988a313f3e3723e109adec17cbf1513010e50c972114a245ebf3ed743e84bdn/a Quakbot
2023-05-17Yajj.jsjs e1210e09ca90b4d9b1cdd3dd947495e7f1666426a71a9032c997d1abcd93f686n/a Quakbot
2023-05-17Ovglxn.jsjs 1023d2a3febc48f033a53509d7c13ab44b981e38169392d13c7ad15e12b37515n/a Quakbot
2023-05-17Tdoxa.jsjs ffd1c61f43139721377ac71f4160e55be9a767f565a10906655ac70b87d61074n/a Quakbot
2023-05-17Hzsajhhv.jsjs db7ac2f56e91f85203d92fb4786c4bf85af6a1fa65eb6eb93e96729480940598n/a Quakbot
2023-05-17Dszhksm.jsjs 2d394354554d492a6ca35204cdb315718b99d3555dff5f4671d9a4781b181ddan/a Quakbot
2023-05-17Icoxye.jsjs 7eaa0cb21507718752fd074694f2ee07f6324ef3070239e5d708fe3d0fcb17c7n/a 
2023-05-17Cforuic.jsjs 1b15ac8d98c744e4252608d98fa462ec5fb259c83834c14aa47d4cb5ccac9325n/a 
2023-05-17Erqsm.jsjs 579e0847e8bdbe69d8275f95a8c0ddc8e7e5fa73797f445e60a7b8cce472add3n/a 
2023-05-16Rdpb.jsjs 305a06109c02f200d568815379a83745a66dc620a37b6f2a21efee2e03009f5bn/a Quakbot
2023-05-16Gfpi.jsjs b639fbc5950c5bf4601716b980aa4f31bfc6f43c6bec5e509540f83dc10edaf9n/a Quakbot
2023-05-16Mumj.jsjs 36490b0ac48a726e7262b55fe9195ec1448a92d6e9710ca9599e15d593b53410n/a Quakbot
2023-05-16Npnmeulf.jsjs 7072dcc1be99669bd2403e5d75ef4e355b7da8d250732d807f4780e0b170ee16n/a Quakbot
2023-05-16Fckzkpt.jsjs 0095e990a2ca80548804fef9207a44c2e87c92af5f17ab40e16eb4cade38a1b1n/a 
2023-05-16Cluafac.jsjs b90861eb92c8a47606e7139e7cdb5b685a1b8329c94e1fb2409fd025ad27efebn/a Quakbot