URLhaus Database

You are currently viewing the URLhaus database entry for https://gwinatelier.com/aueo/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:2629108
URL: https://gwinatelier.com/aueo/
URL Status:Offline
Host: gwinatelier.com
Date added:2023-05-10 17:13:11 UTC
Last online:2023-05-13 05:XX:XX UTC
Threat:Malware download Malware download
URLhaus blocklist:Not blocked
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Not blocked
AdGuard :Not blocked
Cloudflare :Not blocked
dns0.eu :Not blocked
ProtonDNS :Blocked
OpenBLD :Not blocked
DNS4EU :Blocked
Reporter: Cryptolaemus1
Abuse complaint sent (?): Yes (2023-05-10 17:14:39 UTC to abuse{at}cloudflare[dot]com)
Takedown time:2 days, 12 hours, 31 minutes Poor (down since 2023-05-13 05:46:16 UTC)
Tags:BB27 geofenced js Qakbot link qbot link Quakbot link TR USA

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2023-05-12Etwcwagg.jsjs 9e850fcde440d3374a2e3dd9e7d7103d8b719f79f3f25c059feaab7113482558n/a Quakbot
2023-05-12Egiogabu.jsjs 6e5d58939c9b33d27084b8ff537eaa5c2c18d6b98e14bd111e261a45ab4979f7n/a Quakbot
2023-05-11Ckdbefqk.jsjs 87b1879d18404a66b75187e182f4c4771d7a3d751cb31f37336517ffbb29c616n/a Quakbot
2023-05-11Rivg.jsjs f8b269668e1d7a0f0c65261387280d2a6152dfd0a09e2bbe0a1751e6af704982n/a Quakbot
2023-05-10Lxljb.jsjs d2f6ad2ae8c1260fbfab608cbd43f606d81f73cd6ecea3fb62391b8c0aeb3d8en/a Quakbot
2023-05-10Ampvpsq.jsjs 15600180891cd3b1ea016832fcc04357184227dca42fbdda3057d9fc5bcd4262n/a Quakbot