URLhaus Database

You are currently viewing the URLhaus database entry for http://tsk-winery.com/wp-includes/sendinc/service/question/en_EN/03-2019/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	161721
URL:	http://tsk-winery.com/wp-includes/sendinc/service/question/en_EN/03-2019/
URL Status:	Offline
Host:	tsk-winery.com
Date added:	2019-03-19 01:34:31 UTC
Last online:	2019-04-12 20:XX:XX UTC
Threat:	Malware download
URLhaus blocklist:	Not blocked
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Not blocked
AdGuard :	Not blocked
Cloudflare :	Not blocked
dns0.eu :	Not blocked
ProtonDNS :	Not blocked
OpenBLD :	Not blocked
DNS4EU :	Blocked
Reporter:	Cryptolaemus1
Abuse complaint sent (?):	Yes (2019-03-19 01:36:16 UTC to admin{at}itools[dot]mn)
Takedown time:	24 days, 19 hours, 16 minutes (down since 2019-04-12 20:53:06 UTC)
Tags:	doc emotet epoch1 heodo

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2019-04-12	Secure_message_8227992654.doc	doc	d8b58f7a0298951ea482b26a302054ccd85179b3f34c3023f6481780dbb70295	58.93%	Heodo
2019-03-19	Secure_Email_file_183859139.doc	doc	948e90c7ce98dca2d57cb92e1cd52467eae923246771c86285317df8ea76bae7	27.12%	Heodo
2019-03-19	Enc_message_620187292.doc	doc	feb5f90b505c63edaf38330efa3b54550fe8146569592d0e52ef971c0f1929d9	25.00%	Heodo
2019-03-19	Encrypted_message_68029705.doc	doc	ae95978f84168442841da9be86225a83fc17aabc3361c157c34f4593e58028cd	24.56%	Heodo
2019-03-19	Encrypted_message_765634361.doc	doc	9ada632cea755555f9d32f936bd04d161efdc6c32c993a303a025140a19fd3d2	24.14%	Heodo
2019-03-19	Secure_mes_3327122126.doc	doc	ca3984297cae7d45ee87c611dd59ccc8546458a528d0784448fd5fce6d911393	25.00%	Heodo
2019-03-19	Secure_message_1075003532.doc	doc	176f875872456a1d333a105674b18bb606a67f55a2c5ad42ff0edc778b3e93b7	21.43%	Heodo
2019-03-19	Secure_message_39540860.doc	doc	a5b1ea5db4e3093d3ff099173c2c07e48ee6954a2dd52eb3ed11540bc7ee9471	18.64%	Heodo
2019-03-19	Encrypted_Email_file_3364119747.doc	doc	7779d56361bebca314ef8fe367e6ab52ea79db14223b7e7cfa867f8a82b26b32	15.25%	Heodo
2019-03-19	Enc_message_257366329.doc	doc	82782034c6c1f7a99e934e67c9a1d38d96b77bd5623956e2ed6859958f70f789	16.07%	Heodo
2019-03-19	Encrypted_message_5137644982.doc	doc	f3ee70dc667237feb241f911c215de5470b3eb852e37d57d9a74c8027889d0fe	n/a	Heodo
2019-03-19	Secure_message_061730350.doc	doc	a3828e61f94f16dba98523490ddca4c422526fe4da34472ab0335a10b259ef95	15.25%	Heodo
2019-03-19	Enc_message_360361645.doc	doc	6c0627c54252331fad4ba98a05b07bf5a766f344a1276c4ea5b48908f6c1017f	n/a	Heodo
2019-03-19	Secure_Email_file_4640346049.doc	doc	b4468d5ea5a9078d2a98e26f442d265fe2b2417e790ea67c91ab9ccd8aaf2f1f	n/a	Heodo
2019-03-19	Secure_message_0054368569.doc	doc	66641aec44708f5c4ff38cf102254c574487204af55dac3a696808b1619c4d57	n/a	Heodo
2019-03-19	Encrypted_Email_file_267779809.doc	doc	0fc6fb99897612d01736a5f71f7e7ea7409126c8f44e001ea948b259cefb8a09	17.24%	Heodo
2019-03-19	Enc_message_19043177.doc	doc	4beb24584ac6a064ccbd3b6e764c90acac6354b2b6ca7f18d915246fa53a6ae4	17.54%	Heodo
2019-03-19	Secure_Email_file_141347663.doc	doc	a01da91df3781b389b71dabd91e8707363cb3eeb1db8c4de6b54be5d7f800125	17.24%	Heodo
2019-03-19	Secure_mes_804795749.doc	doc	248ff1b212ec4bfd9372eabd30c6270f5d1b47386bb9741b357bba419c429d29	n/a	Heodo
2019-03-19	Enc_message_09630514.doc	doc	016049e77b1a74d07adc295bfe41264e771f4e6683f898236dc3b08e4f2eaebf	17.86%	Heodo
2019-03-19	Encrypted_message_84075297.doc	doc	345263e1b1b35d1829180408d51db483c983ed5474648d32c44ff5f244ada45d	17.54%	Heodo
2019-03-19	Encrypted_Email_file_34952701.doc	doc	3f36c2ed4d364734e6f09afb5fcb2501bea3f611dd7e5f4d55896a94fe9b7015	n/a	Heodo
2019-03-19	Encrypted_Email_file_44241057.doc	doc	7d1e0078cd3d171100cfd73644f1082fb7244d21f88121b0e973815021d74d56	34.48%	Heodo
2019-03-19	Secure_Email_file_061555999.doc	doc	80a09fae3a1110bac776db5d9d2d8ed08fa8c1de96ee2f67d1d3169d085b8150	n/a	Heodo
2019-03-19	Secure_Email_file_9203841821.doc	doc	8d714d316d5278c294748d8d2256b397f7156518fec58cc39ea10684c4bffd0e	n/a	Heodo
2019-03-19	Secure_message_88538467.doc	doc	752efd5a5b62949ad2732fd552ae98f64eb365a59a230607b6c6fd86ce6fdd88	n/a	Heodo
2019-03-19	Secure_mes_614408383.doc	doc	5605f91d538079fcfc11d81ac0bdb5dc142481cc476abc4a59943a448ed26fe2	n/a	Heodo
2019-03-19	Encrypted_message_2390256532.doc	doc	47bc07d8020c8f7016776be5bcc441d5890d98a9327b32abffaf5a2a86f4ef26	n/a	Heodo
2019-03-19	Encrypted_message_541916589.doc	doc	8757addb018953afa081a8043da70de34570038880431d7ae2f28037d724de55	n/a	Heodo
2019-03-19	Encrypted_Email_file_714715018.doc	doc	080520eb95bee943e54bb4f96c0875ed21c30eace81fd97b13f85a93a292abd1	38.33%	Heodo
2019-03-19	Secure_Email_file_0201736766.doc	doc	61b551ab0c2047d59e01bebed81556c2cef72205c0b3ef98dab829383de4baa0	27.12%	Heodo
2019-03-19	Secure_mes_409150127.doc	doc	33211ae2b277dedcc5dd61f6bdeb1ce8edca74f4746d3477ae95e24a39645f5b	36.84%	Heodo
2019-03-19	Secure_message_16090193.doc	doc	7c7ddd7bd3762fb34953fe5b8ba0a6de4a373549abb6b1eab3f7fb7890c7f279	31.58%	Heodo
2019-03-19	Secure_mes_330654713.doc	doc	04bc07b69f3958f3459e5f6e243255c41d09e641e4a55817620edbf49f3b05ff	33.90%	Heodo