URLhaus Database

You are currently viewing the URLhaus database entry for https://taluja.com/qae/ametet.php which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:2617784
URL: https://taluja.com/qae/ametet.php
URL Status:Offline
Host: taluja.com
Date added:2023-04-25 12:59:11 UTC
Last online:2023-04-28 01:XX:XX UTC
Threat:Malware download Malware download
URLhaus blocklist:Not blocked
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Not blocked
AdGuard :Not blocked
Cloudflare :Not blocked
dns0.eu :Not blocked
ProtonDNS :Not blocked
OpenBLD :Not blocked
DNS4EU :Blocked
Reporter: Cryptolaemus1
Abuse complaint sent (?): Yes (2023-04-25 13:01:11 UTC to abuse{at}namecheaphosting[dot]com)
Takedown time:2 days, 12 hours, 21 minutes Poor (down since 2023-04-28 01:22:48 UTC)
Tags:bb25 geofenced Qakbot link qbot link Quakbot link TR USA wsf zip

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2023-04-27I.zipzip 10500ca079464f0e753bb2d4f6863913febf291cacc506563c43111fe5b8743dVirustotal results 26.23% Quakbot
2023-04-27Skc.zipzip 67aa48c1190c0f512a280d3f297f010cdd661db1a68ef639f411ccd359073691Virustotal results 0.00% Quakbot
2023-04-26Jw.zipzip 71d8e3d826783687171dba0f596720a3bc4b8f4cfc2d7ae9e10b4620f2996474n/a Quakbot
2023-04-26Nc.zipzip e0a77adc4dc24016a67fb044f17a906c01859b2b346503127d693c957c5d4ae2n/a Quakbot
2023-04-25Wql.zipzip faf7281e933bf2bb7017da6b642127ff3c05214e062ebdd0220fdd7cc85683c8n/a Quakbot
2023-04-25Ou.zipzip b5f47759bccb6a9c7762fbd4b9ed7caf70b3ea197f916f81c78ae41ae3005378n/a Quakbot