URLhaus Database

You are currently viewing the URLhaus database entry for http://365ia.cf/dhsAy_WlDvR-mvxE/Ey/Transactions_details/022019/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry


ID:118680
URL:http://365ia.cf/dhsAy_WlDvR-mvxE/Ey/Transactions_details/022019/
URL Status:Offline
Host:365ia.cf
Date added:2019-02-06 19:09:13 UTC
Threat:Malware download Malware download
Google Safe Browsing:Clean
Spamhaus DBL:Not listed
SURBL:Not listed
Reporter:@Cryptolaemus1
Abuse complaint sent (?): Yes (2019-02-06 19:10:03 UTC to abuse{at}serverrun[dot]com)
Takedown time:1 day, 12 hours, 1 minutes Poor
Tags:emotet epoch1 heodo

Payload delivery


The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTSignature
2019-02-06bill_02-07-2019.docdocf5ca5a6cebd4cf6357e10a8641d8808ae7696ebc3c82c7d723e67efb90372999Virustotal results 17 / 57 (29.82)Heodo
2019-02-06bill_02-07-2019.docdoc7d683fbb6f52f007005d4be144a68a83bd9f61399988885bf7396689f8964a16Virustotal results 19 / 57 (33.33)
2019-02-06invoice_02-06-2019.docdoc005b899fabb917a2f805fb12433a77ec0c523d9ec7aeda8ba60f5209bb30ae1dVirustotal results 20 / 57 (35.09)Heodo
2019-02-06payment_20190206.docdoce695b6839e483104adac05d342ba135fa3a900635ac17e7bf4d663e8808bee83n/aHeodo