URLhaus Database

You are currently viewing the URLhaus database entry for https://worldtravel-trip.com/mrua/?1 which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry



Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:2635173
URL: https://worldtravel-trip.com/mrua/?1
URL Status:Offline
Host: worldtravel-trip.com
Date added:2023-05-16 22:02:07 UTC
Last online:2023-05-18 21:XX:XX UTC
Threat:Malware download Malware download
URLhaus blocklist:Not blocked
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Not blocked
AdGuard :Not blocked
Cloudflare :Not blocked
dns0.eu :Status unknown
ProtonDNS :Blocked
OpenBLD :Not blocked
DNS4EU :Blocked
Reporter: Cryptolaemus1
Abuse complaint sent (?): Yes (2023-05-16 22:03:44 UTC to abuse{at}hostgator[dot]com)
Takedown time:1 day, 23 hours, 8 minutes Poor (down since 2023-05-18 21:11:51 UTC)
Tags:BB28 geofenced js Qakbot link qbot link Quakbot link USA

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2023-05-18Fyvtw.jsjs c74cf0cb7927a8438a84c9cedbdbab3e4815550813336043f39674a67b6a021aVirustotal results 28.07% 
2023-05-18Bmrqlb.jsjs d7522ab4f64ae0950e24bb00df9157136bbcb900ace0c77bd1a46f06149bf37aVirustotal results 24.56% 
2023-05-18Jnnoddbg.jsjs ee3a352fa15b347183b46695d922ae08c817316271a2b01d54a3184d28d4e3fan/a 
2023-05-18Ajskxwiz.jsjs 1382bbc235ac7b5a2dd52d131a5789c7736d4f2a5d674e59c647d3aa92091188Virustotal results 31.03% Quakbot
2023-05-18Nqkyj.jsjs b89d6433da85e8b53b60dd8f31aa096c923d9b4fb337c03d3b381482ef280974n/a Quakbot
2023-05-18Lattfk.jsjs dc776fb044bb27e20a16f383ecdaa44a67be283f4902ddd48f1f6cffd24d036cn/a Quakbot
2023-05-18Oplthct.jsjs 27f17e9ee4e8f78f3e02acac452da67130c961c7c0d07e9ac05fe68ed2f3c07an/a 
2023-05-18Mbglil.jsjs 41004cb0d270673cab3af5cab1a87b9c6c88fd3a43f9a28494997c13652781c0Virustotal results 35.59% Quakbot
2023-05-18Ywrqzjo.jsjs 6cc345a8ad3df8d8da07821f31095f9c217201e0065038c5bb7e15aae14a9035n/a 
2023-05-18Dtfxthu.jsjs f252bb947741e263a585e14d04e2ccd38b535351fa818233c9ab294b4b174275Virustotal results 27.59% Quakbot
2023-05-18Lxuljpo.jsjs 47f14a8b9c04f43e700eff818ff6490f28ae0bcba08118d1af9f0b06c96779a1Virustotal results 29.31% 
2023-05-18Lalk.jsjs ca9502bdc52560b18884b4483fd8adca417142d736bc92b2039511c11483e4f0n/a 
2023-05-17Zrxoeln.jsjs 0692b014bee9b6b1a01cd4fcf3293e88388f98fb01460d6ffd2b3415d5de9779n/a Quakbot
2023-05-17Wldv.jsjs fed0fa880fd9812bea44ff765356fb74bdc116ba4a93d3e22ad855b9e789e299Virustotal results 31.03% Quakbot
2023-05-17Gnlnpkib.jsjs 3f883b067422272c3b10eea88505351741b599d103f66676cb75912106735cfdn/a 
2023-05-17Vzqs.jsjs 56f98c1c97e1453ff995b3a13557d14600aba57f58f3537688826daeba157151Virustotal results 25.86% Quakbot
2023-05-17Wiolp.jsjs fb5908d59b642acad4cc8e4b40c8003da06b37e422221c358758d820f2c0a53fn/a 
2023-05-17Eqkqmxg.jsjs ca4919cbccea4fb1d82089c7f388ca7405b576f486b54258789e48fbe2fc4e1dn/a 
2023-05-17Ccxhiayo.jsjs 9fad4f73e94420b8df5e4098d98b0c1841947c6939a7943efb785bbd7f634898n/a Quakbot
2023-05-17Rktcaz.jsjs 8dbfa3462badce29437b997f1272175ba1a93e4e51d6e95ed6668f4358a96b17n/a Quakbot
2023-05-17Coapd.jsjs 76fadf74f3d1255b060a9ee6f7fb7c8abc6038d8d6aec45d08dab019583ced88n/a Quakbot
2023-05-16Mtfkexo.jsjs ac4d2ee5a65e16e90c89375480529d2aca2f005b3ba3af3ee30a18deb95d5a5dn/a Quakbot