URLhaus Database

You are currently viewing the URLhaus database entry for https://bestbudcpa.com/ual/?1 which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	2633664
URL:	https://bestbudcpa.com/ual/?1
URL Status:	Offline
Host:	bestbudcpa.com
Date added:	2023-05-16 11:25:48 UTC
Last online:	2023-09-27 03:XX:XX UTC
Threat:	Malware download
URLhaus blocklist:	Not blocked
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Status unknown
AdGuard :	Not blocked
Cloudflare :	Not blocked
dns0.eu :	Status unknown
ProtonDNS :	Status unknown
OpenBLD :	Not blocked
DNS4EU :	Blocked
Reporter:	Cryptolaemus1
Abuse complaint sent (?):	Yes (Ticket DCU100116414 created on 2023-05-16 11:26:13 UTC)
Takedown time:	4 months, 13 days, 15 hours, 46 minutes (down since 2023-09-27 03:12:42 UTC)
Tags:	BB28 geofenced js Qakbot Quakbot USA

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2023-09-11	n/a	unknown	49a73590a34ad72e005c32bb3dfbf0b6554b1f80cee252791ac42d146b2f5bc7	n/a
2023-05-18	Zcprrt.js	js	51ffefa8a10b6da720a80cec4735fe173669e7c974946e46c8dda908e824d8a4	22.03%
2023-05-18	Uwikob.js	js	a323aabc78b895eabf807a1f247d078912b321a622e358fe3b4a7007ba5349fe	n/a
2023-05-18	Ekxgsiu.js	js	fc087bbfa79c07ccc635f8a6fd0b89dea00fce47f2c8fdd18e9a29c72d8a3bd0	25.42%	Quakbot
2023-05-18	Gcnnfrsk.js	js	5b03a98354c24b442061c45caca4e261ba88fe1d68187bd4c44f84773d562a6d	22.64%	Quakbot
2023-05-18	Eekxec.js	js	45a695a6696ee2284f34ef03f76d7192a3829a64f1ae5f5216bfd36983231680	26.67%	Quakbot
2023-05-18	Airkxwo.js	js	e8a4b575211295a78e536c4a374d5538f24470f6036d3a1e5ab52f149b6a5683	n/a	Quakbot
2023-05-18	Uypeangn.js	js	e8cadb2bfe88e91c6f0a88fbfa3c83c7cce944155ffde2920ad925df8ba77f75	24.56%
2023-05-18	Gyee.js	js	a357a8a9b62674cff6660b76659f4cd36ccd979d44937371bde57235d81c392e	n/a	Quakbot
2023-05-18	Vdgikrvt.js	js	494e69eca209ceb575b3ad74ff164605bc99c57a7621108280f95412b64e0bec	n/a	Quakbot
2023-05-18	Hlxzbect.js	js	2ae770725a34857b3a2ff3821341d0b0363c401b4588d1bd1ce75048f2b83a18	24.56%	Quakbot
2023-05-18	Rizttq.js	js	935d2fea6488c7d2c6ec2b528f43f43c49b96750bbf21401284b5c42710e8c75	n/a	Quakbot
2023-05-17	Zrypbpdi.js	js	ec6f55b9c56d3dead8b8490dfbbcccadcdfef62b7d67c671b8d0ee9620f4b74f	16.95%
2023-05-17	Rmkrr.js	js	69d10bf1c18cc7df540de106a1056c5af79f8b60f1ffae762d06532cc84375d8	n/a	Quakbot
2023-05-17	Becgxc.js	js	7524d906b4d42ae7fd1e5e15cb503e8b54fdc1afa702a0b4e4c5f1d6f99edd1b	30.51%	Quakbot
2023-05-17	Yibwpztm.js	js	8f360ef4554f315b708ec9a47229a77553d9764d491faaae0340e0e552551077	27.12%
2023-05-17	Dhbhlv.js	js	2810143d11f9ad7077972f807f2dc04a3f22746f81b7d8365d879e722c0b3551	17.24%	Quakbot
2023-05-17	Ocftgblm.js	js	9162c26ac66cb673664c91b6a22e788a008db7c2bd2b4a9b7788a47fe85f33ee	28.57%	Quakbot
2023-05-17	Ixfs.js	js	8475cb42b6b2c974e37378cf11491570a83f194a37e5ebbc50add4a5677d6d72	n/a
2023-05-17	Xpbiqlp.js	js	84dc4956b015f86429521cf8a9aab72e01b3d3f14b77f769b37d48f3bbcbde7d	n/a	Quakbot
2023-05-17	Sxubii.js	js	2c6dc5cee8d581c5e1a536b1ca5d06773bd267d774c8a96988cb315cf08471a7	n/a	Quakbot
2023-05-17	Pbmxe.js	js	04a2fe2acff211db737fdb5ca22ee964b23e3552744d4da128eedc0f8bdbb8b6	n/a	Quakbot
2023-05-17	Jdey.js	js	eb7b725f9b066fda9d9bfca599b2983ef8e1fa159bb53faf82dcebbd28691154	n/a	Quakbot
2023-05-17	Hgdse.js	js	762222d756dccd166d8d81620a4a530ca48654906c00668a4e5e0d61675666c5	n/a	Quakbot
2023-05-17	Taon.js	js	adf8530a651b4bb850d91e5569d52c49eb741eed22d522299c3c6d883e521f3f	n/a	Quakbot
2023-05-17	Ieogz.js	js	e275d0ac91f82b23a8c79bee2af572918e9d8fe1b7ccb7e9b79e9f2c01bee0c6	n/a	Quakbot
2023-05-16	Cfgcf.js	js	acfb2861682a3d43d6d87458517eb0b5793dd6fd020b5eafd874fc0ba15e5aa0	n/a	Quakbot
2023-05-16	Zrnzk.js	js	ef535565589a37c61f435c4e7f3b664b5c8786a63893bdb6f646a812d74f8738	n/a	Quakbot
2023-05-16	Lliyxchn.js	js	2dadb7f157d439e0c8a96386010b9eb5f5a77a15bd48b2f9fce4a28dc254943e	n/a	Quakbot
2023-05-16	Hcrt.js	js	5eadaaa5755a26200528f473e353a417f45b7e6f8eb8b6de269e0dde2ee3e2ed	n/a	Quakbot
2023-05-16	Tlweszfy.js	js	13977ecad13f044c521397fd8e01d6f356f4b55efef7354f9cde6452823c6b6f	n/a
2023-05-16	Bxnoiy.js	js	5e1bb9a590aab338ae281bc109d9a2b73a6a2fbac29a16f7b8002ea9f953d3fc	n/a	Quakbot
2023-05-16	Hvbvfcj.js	js	f1f5133e8c710f692f01c54654eee2562c0e8caec0c9e532b6770b277cb976c4	n/a	Quakbot
2023-05-16	Rbthu.js	js	0c59071f96c3924278871d9f1ae3ac2a5abd0d8ab615dac10d9abadcbfd214c8	n/a	Quakbot