URLhaus Database

You are currently viewing the URLhaus database entry for https://wefoundworld.com/ep/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:2650070
URL: https://wefoundworld.com/ep/
URL Status:Offline
Host: wefoundworld.com
Date added:2023-06-02 11:43:11 UTC
Last online:2023-06-05 00:XX:XX UTC
Threat:Malware download Malware download
URLhaus blocklist:Not blocked
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Status unknown
AdGuard :Not blocked
Cloudflare :Not blocked
dns0.eu :Status unknown
ProtonDNS :Status unknown
OpenBLD :Not blocked
DNS4EU :Blocked
Reporter: Cryptolaemus1
Abuse complaint sent (?): Yes (2023-06-02 11:44:29 UTC to abuse{at}cloudflare[dot]com)
Takedown time:2 days, 12 hours, 24 minutes Poor (down since 2023-06-05 00:08:47 UTC)
Tags:BB30 geofenced js Qakbot link Quakbot link TR USA zip

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2023-06-04document_C976_Jun_2.zipzip 7cb9ef357bf3a574040c8961a2d378a889a529c3cded0229310a6186e077711cVirustotal results 20.00% 
2023-06-04document_C598_Jun_2.zipzip ec65880863f24e2f00ccc1f54b4c59db7b000a5764bf4c8c6e6a1d65ec2b2e6cn/a 
2023-06-03document_B850_Jun_2.zipzip d95b9c77846b6471bbea701531231bc0c66ba522d2f598da508efe3a9fea473aVirustotal results 17.74% 
2023-06-03document_E723_Jun_2.zipzip cfab126ea7750b760c5068ab627d2c4a306663ecc85d1963a2e24ded1547f64bVirustotal results 19.35% 
2023-06-02document_B764_Jun_2.zipzip 12bcb1d9874abbc00cad9418b35b27dd8349bc52454be7ec0b6ecde64f0dd399n/a Quakbot
2023-06-02document_D425_Jun_2.zipzip 4b40509cd6dde74ed27fa4250f281fa1ebc61b4886bf503d47f0429c6a9ffd8an/a Quakbot