URLhaus Database

You are currently viewing the URLhaus database entry for http://www.giztasarim.com/wp-includes/kdSK-QdWseNNSZM3U1N_dhwAQkJM-SF/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry



Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:175965
URL: http://www.giztasarim.com/wp-includes/kdSK-QdWseNNSZM3U1N_dhwAQkJM-SF/
URL Status:Offline
Host: www.giztasarim.com
Date added:2019-04-11 21:14:05 UTC
Last online:2019-04-12 13:XX:XX UTC
Threat:Malware download Malware download
URLhaus blocklist:Not blocked
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Status unknown
AdGuard :Blocked
Cloudflare :Not blocked
dns0.eu :Status unknown
ProtonDNS :Status unknown
OpenBLD :Not blocked
DNS4EU :Blocked
Reporter: spamhaus
Abuse complaint sent (?): Yes (2019-04-11 21:16:02 UTC to abuse{at}hetzner[dot]de)
Takedown time:16 hours, 13 minutes Good (down since 2019-04-12 13:29:33 UTC)
Tags:emotet link heodo link

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2019-04-12700100342084_Apr_12_2019.docdoc f4e85146c63eca3f1152a4bdd1184ed5c1b9c381db8c921fe965737402453017Virustotal results 26.23% Heodo
2019-04-121230102614_Apr_12_2019.jsjs 1f18a298cc1cdd9527f5345e3ac6438cadffdbf62a1f2a4dc69a22a626980c41Virustotal results 3.64% Heodo
2019-04-1216188849563_Apr_12_2019.jsjs df444d6f7bbf72f606b7abb628ea22bb86c81121c2d8d5f8a0238e0e377dbb33Virustotal results 5.36%Heodo
2019-04-1146552594354_Apr_12_2019.jsjs 4836a7a17364de19191c0dce25ed5ef4aeeb5c93db72b9e6a72f8ab3217c39c8n/a Heodo