URLhaus Database

You are currently viewing the URLhaus database entry for https://creexpobyhre.com/an/?1 which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry



Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:2634823
URL: https://creexpobyhre.com/an/?1
URL Status:Offline
Host: creexpobyhre.com
Date added:2023-05-16 21:54:12 UTC
Last online:2023-05-18 21:XX:XX UTC
Threat:Malware download Malware download
URLhaus blocklist:Not blocked
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Status unknown
AdGuard :Not blocked
Cloudflare :Not blocked
dns0.eu :Status unknown
ProtonDNS :Status unknown
OpenBLD :Not blocked
DNS4EU :Blocked
Reporter: Cryptolaemus1
Abuse complaint sent (?): Yes (2023-05-16 21:55:19 UTC to abuse{at}namecheaphosting[dot]com)
Takedown time:1 day, 23 hours, 39 minutes Poor (down since 2023-05-18 21:34:54 UTC)
Tags:BB28 geofenced js Qakbot link qbot link Quakbot link USA

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2023-05-18Ttuzwwe.jsjs 1a2e818afb29521c8658d2a0643158af97370d69c32c0bd85cb900bd3e85b0eeVirustotal results 22.03% 
2023-05-18Qsrds.jsjs 6016f12710a18923ed029eb1dc62882b5f1a032a7424e0169dd8c2228598f59dVirustotal results 28.81% 
2023-05-18Oakpzk.jsjs c74cf0cb7927a8438a84c9cedbdbab3e4815550813336043f39674a67b6a021aVirustotal results 28.07% 
2023-05-18Fwgfl.jsjs 1cea0c4b1af9170b9ed2927f3b100d202bebd1b8e69ba1527336aaa6b2c0bffcn/a
2023-05-18Ranz.jsjs 784d0c23a7299fe8f5a79ce4f83765cd48535cf1afc25d542a0f854f8049d149Virustotal results 27.12% 
2023-05-18Plohvfj.jsjs 106ea6e9df2db6267999fa9df4ae5950c1be2de07cbb773cd739bfaa29a806d4n/a Quakbot
2023-05-18Mkuuqhzb.jsjs 53182e2434b52d11490f911c908c6c23755d667fca1a03ac5d4be2cc9b0cd61dVirustotal results 23.73% Quakbot
2023-05-18Vhoqyxv.jsjs 621b5cf40077c9b8235e3525da2dea7b28a80029ac3f7ee7477d78c780f4b8c7n/a Quakbot
2023-05-18Stmqvqaa.jsjs 5089e9979f6a45bba9ac940e1e725185230875623b2242cad8dfcf968141f073n/a Quakbot
2023-05-18Esrzc.jsjs c11631875df89e8d792439c8e9f573ebf097e4bc4926ace66626297639e4bf74n/a 
2023-05-18Jxse.jsjs 043c810fd7d77672928841fc44891531ce536c6b4cfb9a4e54529c20b36eecd2Virustotal results 30.51% 
2023-05-18Kqktv.jsjs 287c569bf794a7ec47dcd5f308d39f138b6b4b964ad50c335991038cafd9d476Virustotal results 32.20% Quakbot
2023-05-18Nkiaet.jsjs b9c9809b0db8c089d16e6f9223ed8a4e5c74ac2b18b9f60ffdfb52ab0e82ab9aVirustotal results 32.69% 
2023-05-17Uuudl.jsjs 5382511d86a2d24fb5f8fcb921bbfd21b64b9c071494bcfd096e738c2464ebdfVirustotal results 26.32% Quakbot
2023-05-17Vzst.jsjs 2570cf55120f499263bb8841172328a59101385bd1804bb919458e9bf167319bVirustotal results 25.86% Quakbot
2023-05-17Heccgrit.jsjs 89ddd75a9d671f30070d8ed74468e507a72e5ca5699855296beb959dae2b71b3Virustotal results 11.86% Quakbot
2023-05-17Hxkqpvdb.jsjs 5f98b59055620e884f40e504321e65af6a6ff2e7eff1035ff136dc57e98e0cb1Virustotal results 25.86% Quakbot
2023-05-17Kxjzpftn.jsjs c1064ed6356f294c6981938454ee3a3712e5e63930c1554a3c1602eacbd6554dn/a 
2023-05-17Ebqel.jsjs fe38571546fce56178ef24eac652a6bdb02adb17817e8381824c1e1039b5f642n/a Quakbot
2023-05-17Ahlggudr.jsjs bbb3857a4a55979cb62365c0f64de4c52d6dfb99575872792f1875a6b7d5afd9n/a Quakbot
2023-05-17Egnthvwq.jsjs bbe555c2ba0464be38efa22cb753dcbb6f5223d14aea895344d91884ccbafaa4n/a 
2023-05-17Kknpeumq.jsjs 5ed9a77651b70cb9d57a35a60474cc839fa9eaf87c123222e09791386b8cfebdn/a 
2023-05-17Vffrf.jsjs ce084c547903ddab1ff35da62a630f93966408a24a449f1d6ccfc9902c6f7502n/a Quakbot
2023-05-17Gqmglv.jsjs 2e57a275f7b0a357029f82bfd249c5b9f77c6ac50b9d2cdfbad4ec15c9a30769n/a Quakbot
2023-05-17Cgvq.jsjs cf4a1426d27c268b759079362e6cfcf66d16d8f78003edd0d75005832f8c5134n/a Quakbot
2023-05-16Rtdzmyw.jsjs f18733906c20230dc5887ffd78cc4f6368806716b5375a85cb029f6e74c31b74n/a Quakbot
2023-05-16Bxvc.jsjs ec1625a7e0a02d1721494a5d709cc648aacac686f71f9c5b11bbeaae4d4837dbn/a Quakbot