URLhaus Database

You are currently viewing the URLhaus database entry for https://balgocburada.com/fsi/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:2629004
URL: https://balgocburada.com/fsi/
URL Status:Offline
Host: balgocburada.com
Date added:2023-05-10 17:11:09 UTC
Last online:2023-05-13 05:XX:XX UTC
Threat:Malware download Malware download
URLhaus blocklist:Not blocked
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Status unknown
AdGuard :Status unknown
Cloudflare :Not blocked
dns0.eu :Status unknown
ProtonDNS :Status unknown
OpenBLD :Not blocked
DNS4EU :Blocked
Reporter: Cryptolaemus1
Abuse complaint sent (?): Yes (2023-05-10 17:12:30 UTC to abuse{at}ni[dot]net[dot]tr)
Takedown time:2 days, 12 hours, 8 minutes Poor (down since 2023-05-13 05:21:10 UTC)
Tags:BB27 geofenced js Qakbot link qbot link Quakbot link TR USA

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2023-05-12Bfvsoc.jsjs 404e53295dd53d7e4807471b0dd9e0267eb9c3998e4a25d201fd60059fd68357n/a Quakbot
2023-05-12Iwdu.jsjs 9780a6d475c2fa27e942df032788e2f60e78f589118ddc0f4665e29e5b09ef0an/a Quakbot
2023-05-11Nmfaw.jsjs 393f368c43215946186df1fdfc975813563b6cefb9b05f7c6b7621b4cddaa7d8n/a Quakbot
2023-05-11Tksysi.jsjs b3503ab46861153fa182731a6b0e5d9cb9a29ca2106630e35333ec9f5c8e89aen/a Quakbot
2023-05-10Boiomlc.jsjs dc273131742b77c9f3d6f0b207ba2ac07d37109a601a51f71945f1535bd1cffcn/a Quakbot
2023-05-10Eueylxh.jsjs 66ee2e5722493596557586a518ff436059a771f5f7368bf4981e2e06ef5a2fa3n/a Quakbot