URLhaus Database

You are currently viewing the URLhaus database entry for https://nokri4all.com/lua/ulmaslnii which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:2320540
URL: https://nokri4all.com/lua/ulmaslnii
URL Status:Offline
Host: nokri4all.com
Date added:2022-09-28 18:07:11 UTC
Last online:2022-10-10 09:XX:XX UTC
Threat:Malware download Malware download
URLhaus blocklist:Not blocked
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Not blocked
AdGuard :Not blocked
Cloudflare :Not blocked
dns0.eu :Not blocked
ProtonDNS :Not blocked
OpenBLD :Not blocked
DNS4EU :Blocked
Reporter: Cryptolaemus1
Abuse complaint sent (?): Yes (2022-09-28 18:08:10 UTC to abuse{at}namecheaphosting[dot]com)
Takedown time:11 days, 15 hours, 41 minutes Bad (down since 2022-10-10 09:49:36 UTC)
Tags:bb H322 H436 Qakbot link qbot link Quakbot link TR U425 zip

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2022-10-03Card326100225.zipzip 82c3975d3f198458b75a0657da9116675366b81b3ae13f22fc98729457356987Virustotal results 14.52% 
2022-09-30G46936853.zipzip 2aa3cddeb425576ceddafdabd7818bd4caeed8d376076c3042632a9c423e39e0Virustotal results 3.17% 
2022-09-29G1610312285.zipzip dc744820548648369bd2ccc10a4d0e373ea883c4fb58018b02011b0ecfdd1ea3n/a 
2022-09-29yGjdaDlhTJ.zipunknown 000b91c47fe9c03b19e15c42bda448295973fdf5593e1da22d939b8e02a5c2b0n/a 
2022-09-28OArCsZtqWfXzPU.zipunknown 9c8502f6bd524ac022484d4e01091bfaca955fa2e7693009eab747602eeb5addn/a 
2022-09-28PZCyPzYsqj.zipunknown 8838130c242345af3a1015e804458d3eb0e6e15defcbc20a03bd523a6325b9c8n/a