URLhaus Database

You are currently viewing the URLhaus database entry for https://citi-tours.com/am/?1 which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry



Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:2634816
URL: https://citi-tours.com/am/?1
URL Status:Offline
Host: citi-tours.com
Date added:2023-05-16 21:53:22 UTC
Last online:2023-05-18 22:XX:XX UTC
Threat:Malware download Malware download
URLhaus blocklist:Not blocked
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Status unknown
AdGuard :Not blocked
Cloudflare :Not blocked
dns0.eu :Status unknown
ProtonDNS :Status unknown
OpenBLD :Not blocked
DNS4EU :Blocked
Reporter: Cryptolaemus1
Abuse complaint sent (?): Yes (2023-05-16 21:54:37 UTC to abuse{at}godaddy[dot]com)
Takedown time:2 days, 0 hours, 44 minutes Poor (down since 2023-05-18 22:39:03 UTC)
Tags:BB28 geofenced js Qakbot link qbot link Quakbot link USA

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2023-05-18Orrrfguc.jsjs 51ffefa8a10b6da720a80cec4735fe173669e7c974946e46c8dda908e824d8a4Virustotal results 22.03%
2023-05-18Dftq.jsjs 1a2e818afb29521c8658d2a0643158af97370d69c32c0bd85cb900bd3e85b0eeVirustotal results 22.03% 
2023-05-18Kbbos.jsjs 76443e093ed6d6e3961cb5f9bbd546bab2d05f6bc2536c5744dc86f7a769bea8Virustotal results 30.51% 
2023-05-18Gwxt.jsjs bbcdb87a842c5157acea98f0cedd358f764e2613b6a635e4f9f5946de8c07780Virustotal results 13.56% 
2023-05-18Ggkhsrks.jsjs c32d123e63325865e4d5d6282eaa8d40ed1139fe7e3ef1689be6198e6b20f100n/a 
2023-05-18Mwxriczg.jsjs 1187259a79f3d0fa43b025751bffb4506d955db2a1072f8e61e3707c5250edadn/a 
2023-05-18Gfugriwv.jsjs d4d054686a5e084363a71c69d138897e7b35fe3a4008cdd377ef2a2121799d11n/a Quakbot
2023-05-18Awxukg.jsjs 16fe8055701bf9e829e70c4811b31fc75aec4d03582697ab493fd530e84ac6cdn/a Quakbot
2023-05-18Gkoirvr.jsjs 288d425513bcbc2368880669d2eb2f2b553edb8962acfb77e4a967d751235520n/a Quakbot
2023-05-18Cdusbu.jsjs e50fb972f8f78042286895b6d869daf014f5e8082e3c3989ca853daee780a6aan/a Quakbot
2023-05-18Lqvuct.jsjs e83bd9c4b21fcd0dac063c512259b7310762d0f7b923cba778206403e5314398n/a Quakbot
2023-05-18Cqytk.jsjs 759b7245c8f5cd0c5db7853442c740696c4a66caf8aae6a281b32f063f6c660an/a Quakbot
2023-05-17Nlsenjvp.jsjs abae955795961dc369ba3d41196f2f4238001efcff8a2dc429ababf4821ca7f5Virustotal results 22.41%
2023-05-17Bkesux.jsjs b4b9340a057e2f27555df973e95af7d75b991cadbf943c5f48de2cbda1e3edcdVirustotal results 29.31% Quakbot
2023-05-17Zswb.jsjs 269dec903e55df2babe1cb8bb498ac7fe56d2a079cdf89c2d5c354b7a8fa1250n/a Quakbot
2023-05-17Vxtbq.jsjs 61ef6ef0f9ddc3b6d4b8201a85d35c7ce79058c5ccbb5ccb51e68f15898a3bf9n/a Quakbot
2023-05-17Zxqx.jsjs f0dbb6e29c6d7e8d5463a1e716423776b0aa2be9fedbdd957adf165559ca8a5dVirustotal results 28.30% 
2023-05-17Rqecdzg.jsjs 076515d52f5219c37701ac4b38e72e4f6a809dffce463343615c3fb079c9ec89n/a Quakbot
2023-05-17Linjc.jsjs 959eaab7d50ed2022fc6403b969a196f340861c5aafaa73ebd170ad225699275Virustotal results 15.52% Quakbot
2023-05-17Fxyd.jsjs 2683122550edbc50a5df311f2d51a511e7f980332b26d307f6ed2babdab38325n/a 
2023-05-17Iavigdu.jsjs 50ebb94dd22b6d976b5ec46e2aaa6756dd807058f1a4fe1497d72c4a355b3c2dn/a 
2023-05-17Xddzafam.jsjs 9022ccffec2d7665e97da47e005b0f723cf4f3b91516498bd6e4f76dac973565n/a Quakbot
2023-05-17Xnjttl.jsjs d211dda8d6270cfa49f1c09102556a27c828f9a7e6c2e8e02d79edcb2022f718n/a 
2023-05-17Tojyh.jsjs 8ae058ab4daa5bc922d7fcd5adaa52491236961201ab0910fb0ff372e55bd355n/a Quakbot
2023-05-17Cgog.jsjs 61eb9a1484d330cd26f3529c8ab3b90f862eed769800a1b3e79e65f990595b12n/a Quakbot
2023-05-17Nlcibb.jsjs 3c05a24a91524aa9104f7aab94897cc9de59ef041c7ebb9468cb07f9bd5de11cn/a Quakbot
2023-05-16Fnvwalnz.jsjs e5f375fe6952958c0592d697859b0e636db2b079206f5b85128d0a7e53310103n/a Quakbot
2023-05-16Qlyzq.jsjs 89f5edcf932c23d606ec9eaa38603d34d0726d0dc5a7a10cc618a930b69ccff0n/a Quakbot