URLhaus Database

You are currently viewing the URLhaus database entry for http://kianafrooz.com/arEGe-Xqhxt_uQWp-um/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry




ID:120293
URL: http://kianafrooz.com/arEGe-Xqhxt_uQWp-um/
URL Status:Offline
Host: kianafrooz.com
Date added:2019-02-08 17:44:34 UTC
Threat:Malware download Malware download
Google Safe Browsing:Clean
Spamhaus DBL:Not listed
SURBL:Not listed
Reporter:@Cryptolaemus1
Abuse complaint sent (?): Yes (2019-02-08 17:46:09 UTC to noc{at}nrp-network[dot]com)
Takedown time:6 hours, 21 minutes Good
Tags:emotet link epoch2 heodo link

Payload delivery


The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTSignature
2019-02-08INSTR865064299092387963.docdoc 12b7d14c5b2b2f9b418cc581e13ba1826ab44366a2655cf9ee2bcf244efcf47en/a
2019-02-08MK154643304798.docdoc 4aae6398e602432c0a2063c9e399ee6894043e0dc9825ecd8fdcd5476aa044c3n/aHeodo
2019-02-08PAY011470684720620427.docdoc 4dd107d93426f7e933b112bde796ee356aa33ffb5f18541b012490ecb9686091n/aHeodo
2019-02-08US0764485877825067.docdoc 3cccf50c378af6ef6675b1ac148b82c3ad750e71f3082cf3d907d88d59239f4dn/aHeodo
2019-02-08US3549866918153.docdoc 48026c404114797c99095bb105e7f3d52a7215ca9596e49fbed6f8501d9b5c41Virustotal results 30.91%Heodo
2019-02-08PAY1439495618459555.docdoc 140e58203051b22e1234e698b04c446a2ff4e6c04a5d2886fc2a462b5b9a6c58Virustotal results 32.14%Heodo
2019-02-08PAY3361051185247370.docdoc fb7dec914775e26e015f802e8d7384128bbe8b4c844f94eba9d6c7c512b6c174Virustotal results 35.71%Heodo
2019-02-08DAYY339073793567296.docdoc 052be97618d6e73019e00316750b3b846c2b5a667d135d8dadf5aaaefa966297n/aHeodo
2019-02-08ACC2662908223356.docdoc 379b58dc70893a9412209e4b1c525484d6732b8abc9b9f4d96c6bbe7b8b947een/aHeodo
2019-02-08ACC93618857329015220.docdoc 599d34cc4437f7327de4bcd6d848ad2913f76338059e89d3b1a22a73553e1949Virustotal results 33.33%Heodo
2019-02-08INSTR146490154.docdoc 94d6ab316e0555e057470d833d77de866410d2ad26bcce0712dc59d3ecc42583Virustotal results 31.03%
2019-02-08INSTR69860520381.docdoc 7aa42c79a3dcdc7706e437012115edef29257216dd633a41bb8f96a87d18e82aVirustotal results 31.58%Heodo
2019-02-08ACC36161748197191159.docdoc 55b6b458e33958e13ae5c636cb8505acefdbedadbc156e1f730bffea25070004n/aHeodo
2019-02-08PAY35403509060254842.docdoc 0ffeaba112330a47134e295fb3903e3ec55c0d2981d37c41003331561413599fVirustotal results 33.33%Heodo
2019-02-08OHC118419097.docdoc 161004b9f0357dd12b99e0cd10ca1bed4a32f77a8f76e6a78d63840eb8cfde6aVirustotal results 33.93%
2019-02-08268731480011.docdoc b49407d28c6ba10b1ca9a34656cec5867544108f03e301ea75bc793e1b174833Virustotal results 35.71%Heodo
2019-02-0852218199588405943.docdoc 5f68374f062baa75ec2dcb7f1169897de8bd527312460f87ae47d7142492173dVirustotal results 35.09%Heodo