URLhaus Database

You are currently viewing the URLhaus database entry for https://positivestrategylab.com/aa/?1 which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry



Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:2635052
URL: https://positivestrategylab.com/aa/?1
URL Status:Offline
Host: positivestrategylab.com
Date added:2023-05-16 21:59:10 UTC
Last online:2023-05-17 13:XX:XX UTC
Threat:Malware download Malware download
URLhaus blocklist:Not blocked
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Status unknown
AdGuard :Not blocked
Cloudflare :Not blocked
dns0.eu :Status unknown
ProtonDNS :Status unknown
OpenBLD :Not blocked
DNS4EU :Blocked
Reporter: Cryptolaemus1
Abuse complaint sent (?): Yes (2023-05-16 22:01:28 UTC to abuse{at}cloudflare[dot]com)
Takedown time:1 day, 23 hours, 19 minutes Poor (down since 2023-05-18 21:20:45 UTC)
Tags:BB28 geofenced js Qakbot link qbot link Quakbot link USA

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2023-05-18Jktw.jsjs 1cea0c4b1af9170b9ed2927f3b100d202bebd1b8e69ba1527336aaa6b2c0bffcVirustotal results 13.33%
2023-05-18Gvoyqvoj.jsjs d3c6e06204212c1aeeef29809460056535cba3beca8cf163b7c8719671ef0c9fVirustotal results 22.03% 
2023-05-18Yxpyn.jsjs 4f2488f0b9896f25d3343e49699c91bb9727215e6ec20a6ac8082de7e5bab02fn/a 
2023-05-18Vcrik.jsjs 0b38200ce89d27eea5fb23346b4015cb585d0af5fd4f176a7c9bdb20ae369a4eVirustotal results 25.42% Quakbot
2023-05-18Dzrkpxy.jsjs d953d8ab979233a6b29a964f031086bd74ed7eb684d99d10f5a881778f4d13b2Virustotal results 27.12% Quakbot
2023-05-18Kxmk.jsjs fb639f61394301ec51c3c82b270fa10118b12150f177db33a72560d80ad79f25n/a 
2023-05-18Ulkofkl.jsjs 5e580c21deb2f7d63ad49462e90d33c85c35e0b2c3f49ffeb5363cd11e8e9ea6n/a 
2023-05-18Zegeelcm.jsjs 2f457141989cd8db7267b3dd982bc3aca3c0d763161cfedf75384aaa9b27bfe3n/a Quakbot
2023-05-18Ebpuy.jsjs 17da932080db984c8594c50184bd0cfde690ed29cc7cd73f3136474e2cae191cVirustotal results 32.20% Quakbot
2023-05-18Dktjhrr.jsjs 80f6fd82b28ccaacb151e0447865a17ab4711eefd8ab38eb96bff981a7077a9eVirustotal results 28.81% 
2023-05-18Bzvath.jsjs d2087d9119d773d88b9ed612b2300de62865eab8a6dfbab02955c20d0bd11582n/a Quakbot
2023-05-17Prqxmjo.jsjs 9be436ae8d8612af572358c0394b27e9c751e6f50b2597c2b7ae636e99088255Virustotal results 28.81% 
2023-05-17Vzlb.jsjs fcddde4aefcc392bf143eaab986f85fa9fea69d7d232194ecf6c3080b8b60a1fn/a Quakbot
2023-05-17Ltxww.jsjs 4df2da0e1a60159c49866a7e3899e305f80766c9bae6b676bf18955d4e2ee8ecVirustotal results 15.52% Quakbot
2023-05-17Bdqe.jsjs f4454d45458f3aaadcdfc328fc4107a6c670b1c0e04df1d476ca56e831b83818Virustotal results 27.12% Quakbot
2023-05-17Pxxmdii.jsjs 26a9ccdd2cb5bd68aea8b06532a4945f8f6585f5ee8e03fd64c7dd7ba9bde535Virustotal results 27.12% Quakbot
2023-05-17Uext.jsjs 56e1630e4d5a2e6b1c2e4e5494d4f0934129788140e2bb2894da4d50c48ece66Virustotal results 27.12% Quakbot
2023-05-17Dtyrg.jsjs 8e028afe5e530bff241456519d98c4afe35e4e8432ca6929cb4a327144ecb765n/a Quakbot
2023-05-17Gutshatq.jsjs 245894d3e7a2461255d739fc9e47c7635d8316aab44fa76e4546052aa625a577n/a Quakbot
2023-05-17Erzt.jsjs 30bb0250d876d6d5e9110bb14b5a13a77342d3d5c602aecf78754dbbd40fd7e8n/a Quakbot
2023-05-17Vaatfclp.jsjs faf23b2b4c6ea19c4a6aa52a015158659952a5fc53dd2ea5ee874c07c8e83ae5n/a 
2023-05-17Gcdkg.jsjs 86f032ffb0ca8467ee6f845e61556602fd2fa9f098b9e8203f59f40d9c5c0bc8n/a Quakbot
2023-05-17Vdtca.jsjs fd51d2435e7f72801ca1ecaa39cdf43fdf19b4056d12ab507a1c3278693300ffn/a Quakbot
2023-05-17Lyiwi.jsjs d5ca40ee26d298d5a485e26b637727d50f1e53ae70f4cf9301ed673e02ec2753n/a Quakbot
2023-05-17Lzbys.jsjs e4d5deec7636533b957ad8e7cd5d056adcfe500851842daeb053bb29f0cc01b8n/a 
2023-05-16Gditsdk.jsjs f786a68feb57de74949282a1c868554ccb7b6799b6bde2afdda07c5bbf87a1d6n/a Quakbot