URLhaus Database

You are currently viewing the URLhaus database entry for https://evlightspeed.com/du/?1 which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry



Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:2634884
URL: https://evlightspeed.com/du/?1
URL Status:Offline
Host: evlightspeed.com
Date added:2023-05-16 21:55:13 UTC
Last online:2023-05-18 18:XX:XX UTC
Threat:Malware download Malware download
URLhaus blocklist:Not blocked
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Status unknown
AdGuard :Not blocked
Cloudflare :Not blocked
dns0.eu :Status unknown
ProtonDNS :Status unknown
OpenBLD :Not blocked
DNS4EU :Blocked
Reporter: Cryptolaemus1
Abuse complaint sent (?): Yes (2023-05-16 21:56:14 UTC to abuse{at}godaddy[dot]com)
Takedown time:1 day, 20 hours, 14 minutes Poor (down since 2023-05-18 18:10:21 UTC)
Tags:BB28 geofenced js Qakbot link qbot link Quakbot link USA

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2023-05-18Qitr.jsjs 1cea0c4b1af9170b9ed2927f3b100d202bebd1b8e69ba1527336aaa6b2c0bffcVirustotal results 13.56%
2023-05-18Ziptx.jsjs 6016f12710a18923ed029eb1dc62882b5f1a032a7424e0169dd8c2228598f59dn/a 
2023-05-18Onfbm.jsjs 06f24070e9fc7fad0118dc372428b5e8f7ae36fbefbc55ccaf41a72d4f84b44dn/a 
2023-05-18Jkls.jsjs 6d790992a3828c5f421e6c85ac319d61de4eb5320ff67d91b8e5d4577865de5cn/a 
2023-05-18Xzitdzv.jsjs 981c8836ca3485400bc8fa7a73067986d2347ba02a058d61f1ee31be71d09a3cVirustotal results 25.42% Quakbot
2023-05-18Xvfxkob.jsjs 882f433be14420954cf276d10abb6b832e89ab1dc301d2d047538fab217afdabn/a Quakbot
2023-05-18Ygkwkzia.jsjs 0c7c96dd589f0bc1676f7af1371bc70cbf50d310293d070ff8e1fef3df4533f9Virustotal results 24.14% 
2023-05-18Yqjomqp.jsjs 7217ae2adc382459d109d0ca1135074318d85578de92f3c231dd520402b6d647Virustotal results 27.12% Quakbot
2023-05-18Pstp.jsjs 8506e3c5de62fa6173656a51f4f41a0986ccb9fa55bea9cfcb878c6df2bd88c7n/a Quakbot
2023-05-18Aublltir.jsjs 83743f2158c1cfe6f65635d6a1c2aeec71545802940ab5e083fa9d3a98d650aan/a Quakbot
2023-05-17Mbseq.jsjs 5155a314d6e44ed6eb4d65e80d368d8bcd4e8674e293bce8d712b03395d22f6fVirustotal results 11.86% Quakbot
2023-05-17Awjdim.jsjs cb6a65f1e6220e908455c9dfaf1b69114b9b0c5666dc2b80f597d2c1e4ab29c7n/a Quakbot
2023-05-17Ergonuc.jsjs ba0c34e538207bb899f624292efada218b4202e276606cdaed6e258bd29572b4Virustotal results 25.42% Quakbot
2023-05-17Xoxdwcn.jsjs 119865e21bd0f564ac17f9e36940d9360139b87392fa02dce3483f1a789ab4abVirustotal results 24.14% Quakbot
2023-05-17Dipbjnz.jsjs 7c13bc2d2d42fdea47cb32e74e359fa9939073a81098e801e04a6daaee5e9ff3n/a Quakbot
2023-05-17Umbmi.jsjs 8c854caf958691cbcce8d6a84edd87a8ead04c306a6a625c058d479d3b472059n/a Quakbot
2023-05-17Outsrq.jsjs 36032c143a4485946e82aa6aab03ac420e5589d6c74224bd71b3b6bc62b6dfecn/a 
2023-05-17Orpsmlu.jsjs ded015b460d8db7a3f7a9ac7bb39c5413cae9b4c4b45f33fc9533f9a2603cb9dn/a 
2023-05-17Tlenpwza.jsjs a10c248faf467ec923465f9fbc7c413f813d8f2c24f19476a4deeb2888f001fbn/a Quakbot
2023-05-17Rehb.jsjs a009e73b4d31a46f564ebcdf8b54c4e26dd8ad1541070a7e41ba75c40fc0312bn/a Quakbot
2023-05-17Vyqa.jsjs d20d92b028a0bffb5c1798ca9c419444d4192701e30af986651efa24d5133953n/a Quakbot
2023-05-17Xslv.jsjs d2fb3959c23d47f53a5d7e2053ed52ca377f18fbb04db08673c751225d1bcc9bn/a Quakbot
2023-05-17Dqpivlfb.jsjs 45b4b1bb365fa44cf620ff8850b78ec059803de32e11c657c267548151704113n/a Quakbot
2023-05-17Lbyneyhp.jsjs 18223fcf8d816b172e5cf58bfefcc08f08c4ce4f0619ad231058293610574d8cn/a Quakbot
2023-05-16Mzrrxo.jsjs fc6af9227b97639edd62ed3f33742f4436f7bc47ad8803c3999459305a1b4d2cn/a Quakbot
2023-05-16Qxbdjxk.jsjs 9cbaaeba8ef27c876c843e6fca2f23813e4d3649e6d707f0934465696d6bdf61n/a Quakbot