URLhaus Database

You are currently viewing the URLhaus database entry for https://nosah.one/aiai/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	2659398
URL:	https://nosah.one/aiai/
URL Status:	Offline
Host:	nosah.one
Date added:	2023-06-13 17:52:29 UTC
Last online:	2023-06-15 16:XX:XX UTC
Threat:	Malware download
URLhaus blocklist:	Not blocked
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Status unknown
AdGuard :	Not blocked
Cloudflare :	Not blocked
dns0.eu :	Status unknown
ProtonDNS :	Status unknown
OpenBLD :	Not blocked
DNS4EU :	Not blocked
Reporter:	Cryptolaemus1
Abuse complaint sent (?):	Yes (2023-06-14 02:49:06 UTC to abuse{at}cloudflare[dot]com)
Takedown time:	1 day, 22 hours, 22 minutes (down since 2023-06-15 16:15:44 UTC)
Tags:	BB32 geofenced js Qakbot Quakbot USA

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2023-06-15	document_BF094_Jun_15.zip	zip	db93500e44a2684e71d044699c1c5270916723e212ccdb4957d1eacfb41864a8	6.45%	Quakbot
2023-06-15	document_DC509_Jun_15.zip	zip	4215d40540cb530490e0b70feec1d97a1c37e03b8e816f2e3b0f815f1eb963ac	n/a	Quakbot
2023-06-15	5Mlc1UdLRtOzs.js	js	ea3fd78e2934af8a995496463374cdef10b0fe052309e5370f8ba7b638b1eb34	n/a	Quakbot
2023-06-15	RPOGUQ7f4v5kxR.js	js	b12782232c7f6fe1960b872c3beb4e4fb8be6e8e6484a3dababb12e4dae59884	n/a	Quakbot
2023-06-15	V3Ww5GunFfIl.js	js	7edbc8d2106e350a859cae6e9e0de259c790a158e43ee255fb76be64e85d9724	n/a	Quakbot
2023-06-15	pgKgnxjhtIuY.js	js	8b69b2a765d237d79ed128ec38a4e471222e43c528689953c7029423680bd209	0.00%
2023-06-15	luY2tLrCGzj3.js	js	3543fbf5b817372eb12b4db3de2f415cd4a717edf80d0fad36536e3f7c0dc6c8	0.00%	Quakbot
2023-06-14	1UNhdlOhhOLGy5.js	js	e95bf20a416f547272d525136fdee112307bd8b1bc6036d558a0bb2d97c113f7	15.25%	Quakbot
2023-06-14	Kb3dY51ajPsR6.js	js	4a703b68f597ee967183e609f39984ea9198493ebd535d069f8ab458d90b29f9	n/a	Quakbot
2023-06-14	docu_DB704_Jun_14.zip	zip	f47c875c7ae2f065c1ef73ea596ba1f3d9b876474e5b6fc7e6b91819f11ba990	n/a
2023-06-14	docu_AD560_Jun_14.zip	zip	f13ef56e5c6b044131aeb5b7c669639354624bf367338c1b166d55177fff0390	n/a	Quakbot
2023-06-14	wRfKY3wHdofWd0.js	js	efd9d13ad982dddd3f52e753dbc6306173d53ffec9664190df0b5fa099af0966	0.00%	Quakbot
2023-06-14	Ftqx5jyw9icLcr.js	js	8a2dd98512402598992549ff209edc910eca09454686b9c0502d7e883e064509	0.00%	Quakbot
2023-06-14	ja91Jyk1AdtMKs.js	js	33cd588c4ebfa4a6ba76143306d7e61cda9250ddba43c215bd05c71dcbe42e3d	15.25%	Quakbot
2023-06-14	hQ1yZ933jsQWh.js	js	1931cee49f7e8c236682655e3d81dd703ea9e3566bd3dce49a504331d2d747ff	n/a	Quakbot
2023-06-14	CSK80tlu0HNSK.js	js	55d3492acd4da04075013f5fba3ab7e4679f3dec7f671a3f0ae21850e76f1ea3	0.00%	Quakbot
2023-06-14	km7QHDTSaY3UQ.js	js	6c4e5c92a7cc22610d2799193e299e3699e3aba8c77caa8668c9ac83cf79f8d9	0.00%
2023-06-14	Rinsr3M7Nd0p.js	js	87c2c690b9a4ccd266848d48dcddec5f21472f30e1684066638c44e7f287e51f	16.95%	Quakbot
2023-06-14	bK1tUo6KZFoz6P.js	js	9efdf759a7bfbb48310e66c322b48ff213edac8fbccfa22e67e736ceaa0a79dd	1.69%	Quakbot
2023-06-14	t2n2ODUHk7Lr.js	js	10fc5f940ccf6de1541568b1e647577528c326344c22363ac7fb2f97e964afd3	0.00%
2023-06-14	D2NnCNkDS80OD.js	js	7229a67d0b9de46809d0fbde394a198b54a9d449a20c2ebe7d26f7e695b881e3	15.25%	Quakbot
2023-06-13	VCS6wRRz5XxZ.js	js	dc380c6947c5f8de2586ab7baf30b36b6a9426932323cb2096af2c5f4e2c344d	15.25%	Quakbot
2023-06-13	jOVhmbeNbHzck.js	js	524df894244a701b9825ef6f279a4ba64292f219614dad255858ccd503a896b3	n/a	Quakbot
2023-06-13	SQpYg9aMcNQvc.js	js	e918e17a0a639c0f284a76059249a8398b71eb09bb54e4409fe6ae526a332431	0.00%	Quakbot
2023-06-13	6WgvGbDiwAno.js	js	6966078593074ed205090b55924c213c5d93a9e4a3c798cab4bebf084ac20161	n/a	Quakbot
2023-06-13	IVGA53E4C8y62.js	js	2d43a56a449ddc34e368a2de42a57af3fe0a426065e6dd433625d4745b1a6d67	n/a	Quakbot