URLhaus Database

You are currently viewing the URLhaus database entry for https://book-of-spells.com/eumc/?1 which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	2633641
URL:	https://book-of-spells.com/eumc/?1
URL Status:	Offline
Host:	book-of-spells.com
Date added:	2023-05-16 11:25:41 UTC
Last online:	2023-05-18 22:XX:XX UTC
Threat:	Malware download
URLhaus blocklist:	Not blocked
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Not blocked
AdGuard :	Not blocked
Cloudflare :	Not blocked
dns0.eu :	Not blocked
ProtonDNS :	Blocked
OpenBLD :	Not blocked
DNS4EU :	Blocked
Reporter:	Cryptolaemus1
Abuse complaint sent (?):	Yes (2023-05-16 11:27:52 UTC to abuse{at}namecheap[dot]com)
Takedown time:	2 days, 11 hours, 28 minutes (down since 2023-05-18 22:56:31 UTC)
Tags:	BB28 geofenced js Qakbot Quakbot USA

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2023-05-18	Fjkwoza.js	js	d3c6e06204212c1aeeef29809460056535cba3beca8cf163b7c8719671ef0c9f	22.03%
2023-05-18	Hrzted.js	js	d7522ab4f64ae0950e24bb00df9157136bbcb900ace0c77bd1a46f06149bf37a	24.56%
2023-05-18	Ufta.js	js	d76b1300fd995ec8def343df0450c11a58a217803fee3749db4afacebc64182e	22.03%
2023-05-18	Nznl.js	js	ce77f8be19286593340f338e5e2ce6bcb6737053cf600ba09676d32f607ae3ae	n/a
2023-05-18	Mnzvozmc.js	js	b64790ef2bb214bf0fea83cb0aff305cd66dd38f065ab3cc62b9ddf5d3570eec	23.73%	Quakbot
2023-05-18	Xnrz.js	js	649828b67fb96d9addc5f4c9518dfd03c7eaef5dfe3afd081708297f2d160360	25.42%	Quakbot
2023-05-18	Mqsrlps.js	js	654d79d5b714216fcec5efd06082250b58afb76155c0be229ba139acd68d0797	25.86%
2023-05-18	Fqhy.js	js	de40c651da56945e6aa4f1adecf9ca842f4b2c630f3e1ad45c2c02952d4578c7	n/a	Quakbot
2023-05-18	Qojsfwu.js	js	b5e43b4ccd0107bcf4e8ce081135f2adb345ba3df9a4df5637d3cd9e08b43ba8	21.15%	Quakbot
2023-05-18	Vtpeavz.js	js	d772a62298f946a1a964db9c0e6aa23473d6590e013fb3056502ad74b75a046f	n/a	Quakbot
2023-05-18	Lzblbdu.js	js	f517f6e7dd7c0f029a72fe25803ac2d5c54c7abcc8e576fbf95cbe6a87759540	28.81%	Quakbot
2023-05-18	Mcoryif.js	js	80f6fd82b28ccaacb151e0447865a17ab4711eefd8ab38eb96bff981a7077a9e	28.81%
2023-05-18	Jlhyyumh.js	js	1c8c07d6d5454652a85d1673775e071cb4068ca92c83d2e45e4cf830d85e56b7	n/a	Quakbot
2023-05-17	Obsscv.js	js	32710b418e9ddc449d0548590b62ac23975ad6efba53cc55cb1551326e182cb9	30.36%	Quakbot
2023-05-17	Obvgkw.js	js	8f360ef4554f315b708ec9a47229a77553d9764d491faaae0340e0e552551077	27.12%
2023-05-17	Rsohtxao.js	js	7f5bfd748f09cddad1977aabe48a77b4aa3281b4bc9ac685ca0e53226b92c107	n/a	Quakbot
2023-05-17	Xlchbzgx.js	js	ba4eb74cda0088a1269ede2dd12d974109f7b392ff522322070233d302cb3d01	n/a	Quakbot
2023-05-17	Hudq.js	js	569b94ae6e9101918add0cbef52c7d0516b8faf8e79f3273d7d102982c544c18	22.41%	Quakbot
2023-05-17	Xvrnnzmx.js	js	3d234411a958948cb4805e18eb29cd95fbd93086ffda9ed636c6d322523b5e80	n/a	Quakbot
2023-05-17	Fbmdrez.js	js	07d1842292aa2619ebfbb551eff5580fb24f945283f3de4298dc06f9493b6b20	n/a
2023-05-17	Eujnxq.js	js	090a55e29be295f623c125ac567236b4d6e112a890fe2b0f43593d8ed78d3dae	n/a	Quakbot
2023-05-17	Mjugw.js	js	c3d1ebe98c1539ba8164629ed814684e60f7781429cac4c32bd0426ba8bd6ac5	n/a	Quakbot
2023-05-17	Jluxlxig.js	js	c84ca1d4012c6ce04e80a41a6a7016abf4b395bb85ab670e4d06ef0b02a94b6a	n/a	Quakbot
2023-05-17	Zislhz.js	js	e722b9ef6b9990adbefaef227516ccf5f985f2c6dabb7e982bf52c3f85680237	n/a	Quakbot
2023-05-17	Dcwp.js	js	7d34b9f353414703714bd54d97da998ed7631abc87b32a0767be646cc4edea23	n/a
2023-05-17	Ijlr.js	js	cc882afd2e57e09fbaf7aa1d82fd84119f11ce178e2dc99ca9f8364fb03baedc	n/a	Quakbot
2023-05-17	Cysxq.js	js	a890b40ab4801b230dbfdf82e41be32c368010d0385e14baa3060c2f75ae2214	n/a	Quakbot
2023-05-16	Grfjyjgc.js	js	b4889e0b21bfa4d2919102c7063f8a39382a6ec10c36051e3611012cacea26e9	n/a	Quakbot
2023-05-16	Znumwgt.js	js	c79f55a17d459936aec242a0ec28c5b0503d41b4c2a66ebc79324fa34b89dfee	n/a	Quakbot
2023-05-16	Lrbqxvow.js	js	a825a0a88075895bb87e8b39af1f262ec8beda8134c2a464a3d85219c3b9c21f	n/a	Quakbot
2023-05-16	Ephobjxj.js	js	6533cc68bb8d7691f4a9c0b66ddb76f99bf2ffabf3724b0cf55917508ac26720	n/a	Quakbot
2023-05-16	Xlsnh.js	js	f786df00899a4add4efcc0de66aa5ad77966c0d6a3f37d9b8c0560b94af36d15	n/a	Quakbot
2023-05-16	Kmek.js	js	64f6560de4fb71d77759e1a770557b164a4ec925ebc9a99d13d71e3caf858438	n/a	Quakbot
2023-05-16	Ntiik.js	js	5eb9fcbb44c51f8f382ed4021a2cc3a365a3f4d73f49241f667a5eed8cd47c91	n/a	Quakbot
2023-05-16	Wopluz.js	js	974cb2836267e34cd46007f171554e1611840f1193a07e303a08158980ecfee1	n/a