URLhaus Database

You are currently viewing the URLhaus database entry for https://royalsarovar.com/to/?1 which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry



Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:2634605
URL: https://royalsarovar.com/to/?1
URL Status:Offline
Host: royalsarovar.com
Date added:2023-05-16 19:13:18 UTC
Last online:2023-05-18 22:XX:XX UTC
Threat:Malware download Malware download
URLhaus blocklist:Not blocked
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Not blocked
AdGuard :Not blocked
Cloudflare :Not blocked
dns0.eu :Not blocked
ProtonDNS :Blocked
OpenBLD :Not blocked
DNS4EU :Blocked
Reporter: Cryptolaemus1
Abuse complaint sent (?): Yes (2023-05-16 19:14:22 UTC to abuse{at}hostgator[dot]com)
Takedown time:2 days, 3 hours, 38 minutes Poor (down since 2023-05-18 22:52:29 UTC)
Tags:BB28 geofenced js Qakbot link qbot link Quakbot link USA

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2023-05-18Xwftqm.jsjs 1a2e818afb29521c8658d2a0643158af97370d69c32c0bd85cb900bd3e85b0eeVirustotal results 22.03% 
2023-05-18Jejks.jsjs d3c6e06204212c1aeeef29809460056535cba3beca8cf163b7c8719671ef0c9fVirustotal results 22.03% 
2023-05-18Rgrx.jsjs 1cea0c4b1af9170b9ed2927f3b100d202bebd1b8e69ba1527336aaa6b2c0bffcVirustotal results 13.56%
2023-05-18Qvgw.jsjs 53bcec43969bd5ad9f4f26dba8af95328cb1512b7cea4a080afad372837491cen/a 
2023-05-18Fynptpt.jsjs 3c4d813af231229cc2b961a17a923de449a9f8d67439dd976effea73360ff766n/a 
2023-05-18Usdzbx.jsjs 8f360ef4554f315b708ec9a47229a77553d9764d491faaae0340e0e552551077Virustotal results 27.12% 
2023-05-18Twux.jsjs c408bd9762412a5776d177862b5ac082170428db1332d9ba6c28929b506a4858Virustotal results 33.90% 
2023-05-18Zagevj.jsjs e4a27492752db4f16d33fd2962a507bbf88d2a2714ae618f3dfa598bdb44db2an/a Quakbot
2023-05-18Visp.jsjs 62f72a40ec519cd843b1c38ebe9ee2be23628961bffc952c1da59c3687a87466Virustotal results 24.14% Quakbot
2023-05-18Fmxwc.jsjs 882f433be14420954cf276d10abb6b832e89ab1dc301d2d047538fab217afdabn/a Quakbot
2023-05-18Qdofdntn.jsjs 77a97bbae92dc7a7845ded72bd28a849a3c41c2912628816d93ff4b9a27ed45fVirustotal results 32.20% Quakbot
2023-05-18Jxtpeuie.jsjs 8fe6b80c39f345411e663560d164edb44cbf0ad7ba4914ba79f02bb403348f27n/a Quakbot
2023-05-18Pjrtq.jsjs a6974773e37cbd56791b75effa167213997aeaaa65d704bd1de8aac6d9dd42ceVirustotal results 30.51% Quakbot
2023-05-17Uabdu.jsjs e50886cba40b1a43e2a678f24566fd07c951a78a554670ec3b2f25a3866d0d57Virustotal results 22.41% Quakbot
2023-05-17Dumm.jsjs 72b50fe52615ed2facfe5a1517ed75f7ba6d2d98e26968645dd646186fa5fef9Virustotal results 24.14% Quakbot
2023-05-17Ltufy.jsjs f064ddce080fc01f0b5b378227f89a1ee2f48034efc22bcdba315de07adb217eVirustotal results 28.33% Quakbot
2023-05-17Sttwqyf.jsjs 42c81982e5f4b734f8ff57da5bebf9b6d8f79c468dd97a2b69b831657bbc8258n/a Quakbot
2023-05-17Usxhuwk.jsjs 900d17d88446041eb9505545c8b6d8990d865e23d54f5e82f92384a8cf3d87d7Virustotal results 27.12% Quakbot
2023-05-17Xffd.jsjs c5b4c29787160ccb71f79ff6637aeac99008ef606c71a4b14629e1281f03f74aVirustotal results 22.22% 
2023-05-17Dlllxnck.jsjs 6003ec795de91a5d5a9a9abb15e037b5f4dcd8cbf43bac5330005fdda61c603an/a Quakbot
2023-05-17Vvcc.jsjs 53ec36380a7863846a8bb9526d0d84c5dce2628814f04038cd6b998fefc8e75bn/a 
2023-05-17Itkk.jsjs 54a6119f025fc0c4d8989f7fc15cf8fd15b597fee4317463e660285d5b0ab3e5n/a Quakbot
2023-05-17Rpdcqx.jsjs 17f9d221cc0f2682b96bc7ed5f55421fcf7ec2cb37247ed22a5f3e6fa218caf3n/a 
2023-05-17Cgnnazxv.jsjs 76ed144998a028c81fb388f59deb2e3dbcde62a375a67485be94bc0b93f94788n/a Quakbot
2023-05-17Qnmno.jsjs 6da8190ba09b0cbc57b069c330cc05d3fd22e2ade9dfddfbfac466bc5b9a0d26n/a Quakbot
2023-05-17Vfxuvcn.jsjs 7f3ee74d6cea312e335fde338b6a319fecd363bbfc7e853179939db7b33022e0n/a Quakbot
2023-05-17Gnxzjaox.jsjs 77eac9b17e712b157678083b7e5fbedf35fe9d56e6c4a6300c7a9e55791739fcn/a Quakbot
2023-05-16Cxjsdsz.jsjs 7f933275dc8a0c33679d2393f4684c0e1ebe24630f01f56a3cb84782a98818ebn/a 
2023-05-16Yntnzdfw.jsjs c732c85d5c523897a765686eed85240b5e614ce80bb84c756aece0bc157cf834n/a Quakbot
2023-05-16Ncsra.jsjs 6389762a134c73f91a64105f365f611eeb82b13671968db9c596c6b41b54fd83n/a Quakbot