URLhaus Database

You are currently viewing the URLhaus database entry for http://xn----btbghml4ahgdfobl2l.com/corporation/Invoice/3136971110/oiil-5P_MWXcu-4U/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry


ID:114777
URL:http://xn----btbghml4ahgdfobl2l.com/corporation/Invoice/3136971110/oiil-5P_MWXcu-4U/
URL Status:Offline
Host:скрутить-пробег.com
Date added:2019-01-31 17:36:11 UTC
Threat:Malware download Malware download
Google Safe Browsing:Clean
Spamhaus DBL:Not listed
SURBL:Not listed
Reporter:@Cryptolaemus1
Abuse complaint sent (?): Yes (2019-01-31 17:38:06 UTC to abuse{at}citytelecom[dot]ru)
Takedown time:1 day, 0 hours, 58 minutes Poor
Tags:doc emotet epoch2 heodo

Payload delivery


The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTSignature
2019-02-01US9129040462.docdoca27260a1fe5c659000bca59b786be94ae93ee51494d4d455fef197b6857c8de1Virustotal results 12 / 60 (20.00)Heodo
2019-02-01PAY887350050412.docdocf5c428125890ca669b432ac3c349bed68874dc3232e2abc1ebbf53060510cbfeVirustotal results 13 / 58 (22.41)Heodo
2019-02-0127956224602926.docdoc4c48c53658f14e1edc26c53b610714be24f510209bab60d864888b2e1510c204Virustotal results 14 / 60 (23.33)Heodo
2019-02-01Y51593511441036.docdoc5e4919bca2feb6438f35e4fa90769e1e1d35f51a1255b37463730ceb12b289f0n/aHeodo
2019-02-01PAY363155305716318515.docdoc3c23d9ce4c04846aa0cbb3b9cf8056fbfaebcf6f0431bc3cccc606928314c037n/aHeodo
2019-02-01D43581992380049739985.docdoc652649f7488516a394a24289adc31f59f4d396147490ed03769b289864fd28e8Virustotal results 17 / 56 (30.36)
2019-01-31PAY9974853410753419.docdoc8a31a5b38738b287ed94cc9dc1cde98765ed496e8994bc82b3cfa954be4b2c67Virustotal results 18 / 57 (31.58)Heodo
2019-01-31US869625172.docdoc03cadc62cf49c9398d3850d978ce7d7d9a1ff99f9951b9ff6a06c8bbccad7afeVirustotal results 18 / 56 (32.14)Heodo
2019-01-31VVEDF2180167407.docdoca1160525bf3915fd4f2dd1537d1b7f66ab9123ab7f34d41970f9e15e97f5a44fVirustotal results 15 / 58 (25.86)Heodo
2019-01-316723447636531791.docdocec0d2d376429f70b9e67e34fdd4d12f41b9e146b5685be0c8d6d33484dd2bdb3Virustotal results 16 / 56 (28.57)Heodo
2019-01-316103768284082299.docdoc1dc7f39a6bede1294afb1047e4deb436fffb193c94534267d85a9b82c546a28cVirustotal results 15 / 57 (26.32)Heodo
2019-01-31PAY7208248868000.docdoc030f63d90d94dd6e7d2aded4541d4fc228714b7c09105e951bff50ffbce037bdVirustotal results 17 / 58 (29.31)
2019-01-31PAY03987768488892450465.docdoc477191029ce893b384f44f7f5eeddfdff2224e5095dd888b741585de604248d9Virustotal results 17 / 57 (29.82)Heodo
2019-01-319515241829.docdoc7c31beea54fef1cbbfc8b174e7214198d6157fe6ddc0567be96654a9f5b0781bVirustotal results 18 / 58 (31.03)
2019-01-31PAY69867446400956.docdocb90428da8ec155380015412d589a09eb81e12c4219177de37afc0b79c8305b64Virustotal results 16 / 57 (28.07)