URLhaus Database

You are currently viewing the URLhaus database entry for https://thephoolmala.com/enst/enst.php which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:2604724
URL: https://thephoolmala.com/enst/enst.php
URL Status:Offline
Host: thephoolmala.com
Date added:2023-04-10 16:22:15 UTC
Last online:2023-04-13 04:XX:XX UTC
Threat:Malware download Malware download
URLhaus blocklist:Not blocked
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Status unknown
AdGuard :Status unknown
Cloudflare :Not blocked
dns0.eu :Status unknown
ProtonDNS :Status unknown
OpenBLD :Not blocked
DNS4EU :Blocked
Reporter: Cryptolaemus1
Abuse complaint sent (?): Yes (2023-04-10 16:24:29 UTC to abuse{at}namecheap[dot]com)
Takedown time:2 days, 12 hours, 24 minutes Poor (down since 2023-04-13 04:49:08 UTC)
Tags:BB23 geofenced Qakbot link qbot link Quakbot link R89 TR USA wsf zip

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2023-04-12Hayc.zipzip 2f69c37126fc794d8595ecaa987ae94415b3b57539eaf8294615a6bbf9b66f9cn/a 
2023-04-12Lf.zipzip 4a19b0cd6f7ca134e11a72ada4778ce1f9cff6fbdccd1eed36281c8b206bc9d4n/a Quakbot
2023-04-11Gsqe.zipzip 2d0f6bcdd5d3f42c4b3e9b036337e193e53700bd1446a83dc078a3004c569b80n/a 
2023-04-11Iexr.zipzip c981a0e688874b3ab26581ff1a4236d15f31c15b5ba93f2746cf5164ce067222n/a 
2023-04-10Rm.zipzip c060c13d3ff7a711dfead883ee3bfccd028e3486ad2a365f44c213424d8a3699n/a 
2023-04-10Znfy.zipzip a005a3a61ecf6de3e5a0603120d94fa8671f5dd2cf921f84eca8593bfc6d1855n/a