URLhaus Database

You are currently viewing the URLhaus database entry for https://zhgarments.com/or/?1 which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry



Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:2634647
URL: https://zhgarments.com/or/?1
URL Status:Offline
Host: zhgarments.com
Date added:2023-05-16 19:15:15 UTC
Last online:2023-05-18 22:XX:XX UTC
Threat:Malware download Malware download
URLhaus blocklist:Not blocked
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Status unknown
AdGuard :Not blocked
Cloudflare :Not blocked
dns0.eu :Status unknown
ProtonDNS :Status unknown
OpenBLD :Not blocked
DNS4EU :Blocked
Reporter: Cryptolaemus1
Abuse complaint sent (?): Yes (2023-05-16 19:16:07 UTC to abuse{at}namecheaphosting[dot]com)
Takedown time:2 days, 3 hours, 27 minutes Poor (down since 2023-05-18 22:43:55 UTC)
Tags:BB28 geofenced js Qakbot link qbot link Quakbot link USA

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2023-05-18Rince.jsjs bbcdb87a842c5157acea98f0cedd358f764e2613b6a635e4f9f5946de8c07780Virustotal results 13.56% 
2023-05-18Ltjkskx.jsjs 1a2e818afb29521c8658d2a0643158af97370d69c32c0bd85cb900bd3e85b0eeVirustotal results 22.03% 
2023-05-18Nmxclejp.jsjs 6016f12710a18923ed029eb1dc62882b5f1a032a7424e0169dd8c2228598f59dVirustotal results 28.81% 
2023-05-18Vwjxlzou.jsjs 245b54f66f72b38e9947c553379ca25e02ae8ce36132914c82250306f797c518n/a 
2023-05-18Saeglnb.jsjs ec038ef76ec39d36971e8a801105bd271b7e7c72a23435f57313e54e0faaac27Virustotal results 17.31% Quakbot
2023-05-18Eeiirl.jsjs 559259d8417125f8b762aadbb8a48b34058c7ee430dbe672ad8c7bc3fb919103Virustotal results 25.42% Quakbot
2023-05-18Ehoaekx.jsjs 0727eef30bd3d52541c3e05de818415c77f77ce68db06ea425431972136cf8c7n/a Quakbot
2023-05-18Znwfdk.jsjs ce9600cb7b98a80d9b5d95e0c7313cc05680b28366735b96104aa3fdf9ac0115Virustotal results 10.17% 
2023-05-18Nqekfdjk.jsjs ccdaaebf2ae2ce525ab5ccf2b4d74cf6b58e7d9515c21c0d46e2b8e0709eefb6n/a Quakbot
2023-05-18Homkiw.jsjs 27f17e9ee4e8f78f3e02acac452da67130c961c7c0d07e9ac05fe68ed2f3c07an/a 
2023-05-18Qhdak.jsjs 5089e9979f6a45bba9ac940e1e725185230875623b2242cad8dfcf968141f073n/a Quakbot
2023-05-18Qsmiy.jsjs 5cf5a460458dbbeb9dc56a1055cc11cf9105c55fae9b828a1884c3899001033eVirustotal results 22.64% 
2023-05-18Ohfse.jsjs 724461f309ab96d511ced805b91951db475a6c036216777c4f4570a3ce7fbac5n/a Quakbot
2023-05-17Kkws.jsjs c419bc2833e48f8f26166ef911d3915be8fd0619ac6a0e0638813a4404df6979Virustotal results 25.42% 
2023-05-17Ytzcuzs.jsjs a2fee1f921c59d61590ed86bdd9e19a12b68d9722d228d0e5bef678bd31d461bVirustotal results 30.36% Quakbot
2023-05-17Fplwcwu.jsjs 0e8413c3fd2b87cd2139ba54c718d6b9f305a8bf33d41f05aaaa2639ccde842cn/a Quakbot
2023-05-17Qkck.jsjs a9f2a0cb2e1331cb0fde62a0318a6e4666f4e283157690f3f7a1059aa73b2f71Virustotal results 30.51% Quakbot
2023-05-17Ywam.jsjs 860e36fc5c8d21dbe486debbb3dc78ef1409446eb46d7c84b937f01cd3075364n/a 
2023-05-17Hhfewgzl.jsjs d2338cd0376171b31bef79e7bc05e3954d3c61c6f23184804a1a1110dafa3d36n/a 
2023-05-17Udyssao.jsjs 05a174be6e69239d5415bddd3b69c313e19d290dec792e1b5bff0340b4cbd0f5n/a Quakbot
2023-05-17Emilwsvd.jsjs 191e07724d3473d4c79cb457cf3eafdb54b6c4a8b8349bbc3823417aba26fd70n/a Quakbot
2023-05-17Sycffzsi.jsjs 9b506e1b750146cd12ec9106d90765272c272da25b33f8fad3897d503f87ddc3n/a Quakbot
2023-05-17Suvci.jsjs 3993adf21b6a453c594f234aa1348bd4f5c6a5e75c9a1ca80488edc0e3248f5an/a Quakbot
2023-05-17Qpptacaf.jsjs 3075e47997d358c7c9d93f70a02336189af164d5b79abdce61f8b6839a1d2ccan/a Quakbot
2023-05-17Sutxa.jsjs 006756b1b8365fccb1be2335a482e0f209ca7065968945868d971096028587e9n/a Quakbot
2023-05-16Roxrzuy.jsjs 086e6be907d705777e45d243868bde5079b67192ca9d039b33fca088646a84e3n/a Quakbot
2023-05-16Fkhl.jsjs 69eea67a65ee8470df98d6da768ffc0f18dc2bd08418b700c32b60a221847435n/a Quakbot
2023-05-16Jiljjh.jsjs af64d08ab7612a95b0abdb2e3b012c56c4f68935efa5ad92c9820af62760c525n/a 
2023-05-16Lirm.jsjs 01214dd02a97c78929fd8b82257d3bec1e2ffef28a5088a54409b1ffb5dcc15en/a