URLhaus Database

You are currently viewing the URLhaus database entry for https://nokri4all.com/lua/utnsut which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:2320675
URL: https://nokri4all.com/lua/utnsut
URL Status:Offline
Host: nokri4all.com
Date added:2022-09-28 18:07:45 UTC
Last online:2022-10-10 09:XX:XX UTC
Threat:Malware download Malware download
URLhaus blocklist:Not blocked
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Not blocked
AdGuard :Not blocked
Cloudflare :Not blocked
dns0.eu :Not blocked
ProtonDNS :Not blocked
OpenBLD :Not blocked
DNS4EU :Blocked
Reporter: Cryptolaemus1
Abuse complaint sent (?): Yes (2022-09-28 18:08:10 UTC to abuse{at}namecheaphosting[dot]com)
Takedown time:11 days, 15 hours, 34 minutes Bad (down since 2022-10-10 09:42:40 UTC)
Tags:bb H322 H436 Qakbot link qbot link Quakbot link TR U425 zip

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2022-10-05P1539881663.zipzip 81da629aa56df16cbe3f56d2469a74ef4655685d72a2086a3989086dec7e40e4n/a Quakbot
2022-09-30Uenetidtil941018648.zipzip 306fc51c2477a77c1fa539507492ca6b4a648e34ab126b1520bffab8e117c704Virustotal results 3.28% 
2022-09-30Gall1196021345.zipzip 860a12733cd34536874ad4d0b24b32e6dbbd51f1bbb3ec68fcde2e82b1f63ac7Virustotal results 3.17% 
2022-09-29G2854443348.zipzip d5507cf622f9501a881eb594154622dcf5c27a7b2875f8c88a1fa4289d96c5ceVirustotal results 3.23% 
2022-09-29jlrfhkgdvurB.zipunknown 36883fd469a5afec34329a569a3fc8b41bcf6ec610f875425601aba806a611a5n/a 
2022-09-28LoovZPQmWcyjaMR.zipunknown 06ec642d46def9b4ae1ad8e5bbef407125349d96d230f3aa75945119e9883b50n/a