URLhaus Database

You are currently viewing the URLhaus database entry for https://maragiaexpress.com/sran/?1 which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	2646484
URL:	https://maragiaexpress.com/sran/?1
URL Status:	Offline
Host:	maragiaexpress.com
Date added:	2023-05-30 16:51:01 UTC
Last online:	2023-05-31 21:XX:XX UTC
Threat:	Malware download
URLhaus blocklist:	Not blocked
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Not blocked
AdGuard :	Not blocked
Cloudflare :	Not blocked
dns0.eu :	Not blocked
ProtonDNS :	Not blocked
OpenBLD :	Not blocked
DNS4EU :	Blocked
Reporter:	Cryptolaemus1
Abuse complaint sent (?):	Yes (2023-05-30 16:58:53 UTC to abuse{at}cloudflare[dot]com)
Takedown time:	1 day, 4 hours, 33 minutes (down since 2023-05-31 21:32:00 UTC)
Tags:	BB30 geofenced js Qakbot Quakbot USA zip

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2023-05-31	doc_D135_May_31.zip	zip	6a9a5bf7fcc019f49fd06a8852183f50979249cb13995bbacfc0fd720af60f29	20.97%	Quakbot
2023-05-31	doc_F685_May_31.zip	zip	cbef526ecfef72945575f66e3a27ea5e043da2c88cb9f9bd89dd486e4f62bb97	n/a	Quakbot
2023-05-31	doc_A987_May_31.zip	zip	32c33a448d49794219dbf3364a3d816a082bac85caa850f9151f4823fd430668	22.95%	Quakbot
2023-05-31	doc_D810_May_31.zip	zip	47966a553faf4b8329b780308fdd2cd95a6746ecfccd875014210048c236e1f5	n/a
2023-05-31	doc_C496_May_30.zip	zip	9c5dbac6625a15ae0a07b441c9fb83b1c828252b83ae62e61f9189eed3cdd2fd	17.74%	Quakbot
2023-05-31	doc_D724_May_30.zip	zip	0948ca166a3b983b07409c9a86f522ace51387fd33487fd6366f6a6ce2b53e09	20.97%	Quakbot
2023-05-31	doc_F716_May_30.zip	zip	d25e2fa51e283263ed0d3d4b1950ce4851c7a970536b33adfd9c5be0481c38ad	17.74%	Quakbot
2023-05-31	doc_A795_May_30.zip	zip	4e2b1721d32db12eaead98ab6a6fc57a1fc43df0ec916b139b685d40f05ca97d	17.74%	Quakbot
2023-05-31	doc_A107_May_30.zip	zip	672eff3bc0a9f25124c15d5cfe9e0985ce50baca66571ff9c20d10f175f2e282	20.97%	Quakbot
2023-05-31	doc_C659_May_30.zip	zip	3225b496c4e159bf87d3697248d928ca135dc42cb4c286e4cb47e78ce6a8e86c	17.74%	Quakbot
2023-05-31	doc_B278_May_30.zip	zip	5ee2d18b6d98a401b8cf9a047ef2d93386c4c67ab36fddfc75789ec5a1e61847	19.67%	Quakbot
2023-05-30	doc_F794_May_30.zip	zip	6f015409ae881e08814f6aabe17dcf93a37249fd0820fa0e5f932af67848b50f	19.35%	Quakbot
2023-05-30	doc_D396_May_30.zip	zip	b7cd35c2ab0f1c1009f3fd07d140c3c0d98c127f9a04bd78e203bc32adb747b3	17.74%	Quakbot
2023-05-30	doc_D401_May_30.zip	zip	1cfdb0b578578a3ef3ff839a46bee0b8fcf7334c6437fea1c74e7966ac6e2c61	17.74%	Quakbot
2023-05-30	doc_D259_May_30.zip	zip	8cbde885b0e43bb0e4b199dff4ef27a4155b561b5e6b558e7c7a444b76e9a6cc	19.35%
2023-05-30	doc_A240_May_30.zip	zip	1aa7b578351dba1de7d2a2c7cf2f5ac82db4e72c2f4017e9e424d2f081a6f3a0	n/a	Quakbot