URLhaus Database

You are currently viewing the URLhaus database entry for https://ecotasar.com/nm/?1 which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry



Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:2634851
URL: https://ecotasar.com/nm/?1
URL Status:Offline
Host: ecotasar.com
Date added:2023-05-16 21:54:19 UTC
Last online:2023-05-18 06:XX:XX UTC
Threat:Malware download Malware download
URLhaus blocklist:Not blocked
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Not blocked
AdGuard :Not blocked
Cloudflare :Not blocked
dns0.eu :Not blocked
ProtonDNS :Blocked
OpenBLD :Not blocked
DNS4EU :Blocked
Reporter: Cryptolaemus1
Abuse complaint sent (?):mail Yes (Ticket DCU100116892 created on 2023-05-16 21:55:08 UTC)
Takedown time:1 day, 8 hours, 18 minutes Poor (down since 2023-05-18 06:13:21 UTC)
Tags:BB28 geofenced js Qakbot link qbot link Quakbot link USA

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2023-05-18Upsurpv.jsjs 874c90fd9f5dbc042d5e87dee75b68570376e628600a8d08dc1083545283052eVirustotal results 27.27% Quakbot
2023-05-18Krre.jsjs 023250d4f9af49d2f7968647280c712aff55b6146a5a06b7b302bab288a405baVirustotal results 29.31% Quakbot
2023-05-17Upfjiha.jsjs 8f330d0bd33cae1207a38406d6db47ef79a72bd8d18681a4a0f3a3a33ec3e4f3n/a 
2023-05-17Rkovvdg.jsjs c2b560cbbb7dc30cad06a2a6b715f07591269b172bde5101a639fbb04e4dd9cfVirustotal results 27.12% 
2023-05-17Wzckmdtz.jsjs 7f1024ee7a57ad586eb6a36dbb25ba4f7e78cbd55b3c87d5209716b7628bc53cVirustotal results 28.81% Quakbot
2023-05-17Rcfsu.jsjs 819c3375d47e95f26e1466039e2ff5a096837d0761bed7564c2366b094c8895bn/a 
2023-05-17Ggwcsnn.jsjs 3657123d41437d5c2c4b48b03e14153b367398907ae10d30021c974941a5b64cVirustotal results 32.20% Quakbot
2023-05-17Vochdxfk.jsjs 03cdab834b6a7165627af8e82df4d52dde740aa3481625a88ef76e122b7b2894n/a Quakbot
2023-05-17Xgwbdfua.jsjs 17c3055ce856c6ee8bbfdfa36ea81dedf3d495e3aa418145fea73358747d4cd0n/a 
2023-05-17Tntk.jsjs f16b3c48ca1ba324e53c48a72c3bc53329423b16779e1cd1d0d40447f39cfefaVirustotal results 16.95% Quakbot
2023-05-17Ffkdixx.jsjs b5042bed9f0492260650174a004a7c269b3fb4db718bfedf8673434c428e9f68n/a Quakbot
2023-05-17Wbritlql.jsjs 970f57f645a81ca9d54b0b661341da8b04087d4abca67a9ca6bc2e3259831520n/a Quakbot
2023-05-17Qlzaltjp.jsjs 0a7738e8ada34bd3df57e2c04e54bc05a26902c769130c7899b552ced874ddb7n/a Quakbot
2023-05-17Ioyiowrl.jsjs f4cb47154ea447e85bdfeccbe0cec414b9a7434fec1b6394b6f29aa90bcb17c0n/a Quakbot
2023-05-17Womllfre.jsjs f842998fd88b5789106210aa61580f2bdb69fa6a484e36108a74f9449ab93cf7n/a Quakbot
2023-05-16Tiktinip.jsjs 4adee7e1eb6e0c2c2df8e11ac090d7ce685799aaad2ce5cc79fa13e320f20ab1n/a Quakbot
2023-05-16Efclshyo.jsjs 0ff70c8f3228ffcc686fce204e26876282fa4e3288f69a0684d6977ad7ac18a0n/a Quakbot