URLhaus Database

You are currently viewing the URLhaus database entry for https://exatty.tk/riua/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry



Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:2659397
URL: https://exatty.tk/riua/
URL Status:Offline
Host: exatty.tk
Date added:2023-06-13 17:52:29 UTC
Last online:2023-06-15 16:XX:XX UTC
Threat:Malware download Malware download
URLhaus blocklist:Not blocked
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Status unknown
AdGuard :Not blocked
Cloudflare :Not blocked
dns0.eu :Status unknown
ProtonDNS :Status unknown
OpenBLD :Not blocked
DNS4EU :Blocked
Reporter: Cryptolaemus1
Abuse complaint sent (?): Yes (2023-06-13 17:54:18 UTC to abuse{at}ovh[dot]net)
Takedown time:1 day, 22 hours, 32 minutes Poor (down since 2023-06-15 16:26:46 UTC)
Tags:BB32 geofenced js Qakbot link Quakbot link USA

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2023-06-15document_DA289_Jun_15.zipzip 326be5c58520c906bba06a8de7d5e507c5eca83c4bf147255e95130f60e4a1a2n/a Quakbot
2023-06-15document_FB508_Jun_15.zipzip 7884a9dca552c57d5dba6c3f1d4aafa47c2c625635f6f7e178310db60d513a50n/a Quakbot
2023-06-156NkUIVHsIJbn.jsjs 8eeb087f7353715dd9af4851db6dcf360021dbcb5e51acb66d4a9100d8cd1017n/a Quakbot
2023-06-15KmNDC0i7QvfuQT.jsjs 935ddc7d61fd41e0485a3888528cccedfe25e895f5caee28bf3685266eaef591Virustotal results 3.39% Quakbot
2023-06-149NLR27VJ3Pud1.jsjs 78616d272dc4a0e6551bf78f5a5831e50cdc3d78458bb4e847bb5b9ed87e0e42n/a Quakbot
2023-06-14docu_BC896_Jun_14.zipzip d0ec84ab8535c114cc4f86dda3de09be9b9024a1e885cf39f2c85e897b5ad032n/a 
2023-06-14docu_EC876_Jun_14.zipzip 88465424fbdc4898dfe968c6a6e29600a5df75c3b57db64901fc6c4f0e1a58f1n/a Quakbot
2023-06-14zS62U2BgchGLP.jsjs 8df16fca30d8b869bb2e5a4aa460ff419a1db0317a1b80e8daafa61cdbb32c0cVirustotal results 0.00% 
2023-06-14Yea2QDFuLFAR.jsjs 67076bab342d29b913071be1cd29b60d1800fda7c0f4379f8f5adfb4e3b6f0ceVirustotal results 16.95%Quakbot
2023-06-14u6vxqC81HDYt.jsjs 2c0eb730bf95ed68473c18275de6e8fa29ca3e48e96a78a75ac8b1126fc3d6beVirustotal results 0.00% Quakbot
2023-06-14KEzHMNB18mB7fN.jsjs b3f319873c5725e147f657b1f6e5219839ddddbf4a52be4a13767e871a3995a4n/a Quakbot
2023-06-14oCXRhXjuYoR7U.jsjs c3587cdc8025c487b6963262ff80c62e898a52c295defc01e5fc4056a10d7fccVirustotal results 15.25% Quakbot
2023-06-147lM6oR0kNKez8f.jsjs 1e1217449d7d999b39a1c6d11b8e22e7e5b66cea10f423c322f9f1072e178a7eVirustotal results 0.00% Quakbot
2023-06-14HyiHSOFOeBsn.jsjs 1d5987017ad620b3a02294aa2012ee88929b0de6562a00bdd17e5faa0a9461d1Virustotal results 0.00% Quakbot
2023-06-14sL525ZOVSkCv1.jsjs 9df95efbc4e258fa1d2b4b3bb15abaebd1044a1c52aaaf506457523a40fe9a13Virustotal results 16.95% 
2023-06-14UQ46xmObp5dJgS.jsjs 9188f52e0786097d39407a4a95da624c737a2482bf2c891f9082d21e61f2e5eaVirustotal results 15.25%Quakbot
2023-06-14s6FXEVTgxn9TFG.jsjs 224cde5d40c057cb06344feb844c2ec18762ea9970111b5ae50d4a66fcb438a8Virustotal results 15.25% Quakbot
2023-06-14R8ephkEUcWjal.jsjs 25ae3e1501445de4378eafc511e7ccc1ce8097bf4ca20e7faa59afb364c3b236Virustotal results 0.00% Quakbot
2023-06-13B2qQrZh97Vfe2.jsjs 39a742588af367f30c7bf2a1427b3fae0c2538272168039d5ff104802ee49bfcn/a Quakbot
2023-06-13j8Ic7ygho8htk.jsjs 71085c763c95e9c210e090f96ac8540db019a10b589407c7f73d3c62615b07c9Virustotal results 0.00% Quakbot
2023-06-13D2NnCNkDS80OD.jsjs 7229a67d0b9de46809d0fbde394a198b54a9d449a20c2ebe7d26f7e695b881e3n/a Quakbot
2023-06-13bheaZ8wIFSjXgZ.jsjs f412d0859a20458bbe6a93522013b96874a90622d86350dab02103f4484f0290n/a 
2023-06-13GydMf1FaNMbCP.jsjs bbfb0ba41ca93c14c1ce9a65464fbee472fb0f2eab52dc47eac07d2ff59ed4b2n/a Quakbot