URLhaus Database

You are currently viewing the URLhaus database entry for https://royalsarovar.com/etes/?1 which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry



Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:2634606
URL: https://royalsarovar.com/etes/?1
URL Status:Offline
Host: royalsarovar.com
Date added:2023-05-16 19:13:18 UTC
Last online:2023-05-18 22:XX:XX UTC
Threat:Malware download Malware download
URLhaus blocklist:Not blocked
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Not blocked
AdGuard :Not blocked
Cloudflare :Not blocked
dns0.eu :Not blocked
ProtonDNS :Blocked
OpenBLD :Not blocked
DNS4EU :Blocked
Reporter: Cryptolaemus1
Abuse complaint sent (?): Yes (2023-05-16 19:14:22 UTC to abuse{at}hostgator[dot]com)
Takedown time:2 days, 2 hours, 52 minutes Poor (down since 2023-05-18 22:06:43 UTC)
Tags:BB28 geofenced js Qakbot link qbot link Quakbot link USA

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2023-05-18Ykdpxkzt.jsjs d7522ab4f64ae0950e24bb00df9157136bbcb900ace0c77bd1a46f06149bf37aVirustotal results 23.33% 
2023-05-18Rnwu.jsjs 1cea0c4b1af9170b9ed2927f3b100d202bebd1b8e69ba1527336aaa6b2c0bffcVirustotal results 13.33%
2023-05-18Wvnpxqs.jsjs 1a2e818afb29521c8658d2a0643158af97370d69c32c0bd85cb900bd3e85b0eeVirustotal results 22.03% 
2023-05-18Qjzidudt.jsjs 6f99d0a0bef0ef5ada889dee203c1fbae50ddcec92028e25325142c3bf5d1363n/a 
2023-05-18Flyhtxvh.jsjs d2ecbbc4d10634ac3f47ce638df6c4302d7335ab985c09f6accdfe4df322dddeVirustotal results 36.21% 
2023-05-18Oytpo.jsjs de40c651da56945e6aa4f1adecf9ca842f4b2c630f3e1ad45c2c02952d4578c7n/a Quakbot
2023-05-18Ptxrv.jsjs 4422126c61949a9848ddc759de968eb699c5364973a271dc9aac631121591d13Virustotal results 27.12% Quakbot
2023-05-18Cynlv.jsjs 7f96290dff45385bfd8340f07e433e56831a66a593d5472a2ef8da6d665f355bn/a Quakbot
2023-05-18Whttztqi.jsjs 0857b5e40844024689620ed0e9d9fbef8b9b295f54e11fba7dd9693f59ce40fdVirustotal results 27.12% Quakbot
2023-05-18Oyibxfh.jsjs 42d74e9be0d442e0bbebc6134157922913abc72510b235bfa67b53092757a2f4Virustotal results 30.51% Quakbot
2023-05-18Vege.jsjs 1f4c2a4e8c95bab7ff916109a3978612cf0969f85e9f00ded884776dda11eefbn/a 
2023-05-18Eicxt.jsjs a93a8bf8a31ec8306c9567bf9a32a827765ff0e798aacba99ea917a481f43f7en/a Quakbot
2023-05-18Mffnn.jsjs 356f8c2ebf3f6ab97ed37e1195e6ccc8d5441e37c038c0c09c7f481b5aa205den/a Quakbot
2023-05-17Inwcqbhm.jsjs e4ec32150d6e87a71d76e7b2f71274e3ac9a2b263e4fec937fbcf4b766731192n/a Quakbot
2023-05-17Mftynixa.jsjs 9f9b7a0d9944437dbf0052fad1d08898979bd6c9a9d937a98cea3c757a5f15d0Virustotal results 27.59% 
2023-05-17Ksrdsv.jsjs b87903d0aa16eb59b3bd58047ae31f7e370cc478a7b6d952e262fe4e56abb4e3Virustotal results 26.67% Quakbot
2023-05-17Brbje.jsjs 44d23f66a1f4b2d201da3bd9764d30d67431194d1ffbbc0ee587ea63d892dee1n/a Quakbot
2023-05-17Gazl.jsjs 2936b6742f1d05f0f4625a1582b4bb5e44cf16340984eb0eaf2118709e5f7933n/a 
2023-05-17Uguxnoxy.jsjs b77866fad79584d4eeba2fb19ac488731b788c0c7c1ca30001f91741db44e06en/a Quakbot
2023-05-17Bhblg.jsjs 0b26bdb33f82264e6ee139e028f16f756cf3c276a5c8fdc923aa5d5e2e385872n/a Quakbot
2023-05-17Aboymw.jsjs c1c25860d992cd6dc9b9921099d94bacf1ab089b4972e34a164fa6cb56e43e7an/a Quakbot
2023-05-17Oikcwy.jsjs 9ab095ae3cd2e087b544b3fe59d1ff560c8d4d3fdc791c43f34ee67bd6c929c8n/a Quakbot
2023-05-17Zfiz.jsjs aeab74a9dd76b3344ea357a4da5b241a2641394ca536903de7a7f3e20cc429ecn/a Quakbot
2023-05-17Cqvcdnt.jsjs 2d2592e791d92ce37d4823738110465caea4ffbf20c2b0ab4fa2ff00a21044ebn/a Quakbot
2023-05-17Vtahenk.jsjs 7b4e320ada68bdc5cb01c72a0b6865b72610b89734f9307a10739d56520e2a65n/a Quakbot
2023-05-17Ohijbwdl.jsjs 93052a776148061ccba156a393de4ab31155db40138725586fec057adebbb468n/a Quakbot
2023-05-16Gbku.jsjs 5d4884bb2cc855cb7b07fc5b13621d06a65ccb944b7615d481b9d4f089a13db6n/a Quakbot
2023-05-16Sgqgra.jsjs ac5f760491f7a87777dc9953cbc004b89fdd1dd7053a94082b4527f000bbc28an/a Quakbot
2023-05-16Hdgq.jsjs 3ed8a584d2b674e72ec3c81016d51a3cfb3c4e8702a916d0d5fb143e52ee80a1n/a Quakbot
2023-05-16Tohmgd.jsjs c90f3246e223d70b29364c08058c699c3f7a3bdc7fe2786908829f6296b445b9n/a Quakbot