URLhaus Database

You are currently viewing the URLhaus database entry for https://elbuzdwine.ru/wp-content/XGSSR8rW/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry



Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:1868263
URL: https://elbuzdwine.ru/wp-content/XGSSR8rW/
URL Status:Offline
Host: elbuzdwine.ru
Date added:2021-12-09 08:39:15 UTC
Last online:2021-12-15 12:XX:XX UTC
Threat:Malware download Malware download
URLhaus blocklist:Not blocked
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Not blocked
AdGuard :Not blocked
Cloudflare :Not blocked
dns0.eu :Not blocked
ProtonDNS :Not blocked
OpenBLD :Not blocked
DNS4EU :Not blocked
Reporter: Cryptolaemus1
Abuse complaint sent (?): Yes (2021-12-09 08:41:10 UTC to abuse{at}reg[dot]ru)
Takedown time:6 days, 3 hours, 45 minutes Bad (down since 2021-12-15 12:26:27 UTC)
Tags:doc emotet link epoch4 heodo link

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2021-12-095JZIUN7536GVZ.docdoc e167804a6f36dc99e96909bcededa8a733dd8633037b8b52e8d7881d20446c16n/aHeodo
2021-12-09MSRAVTNSTD.docdoc 2f3d0aff6f35dff6502af75f678a40b0705e64926d8b0c57b927a8046c0048ddn/aHeodo
2021-12-0960VBQRW.docdoc a511af1786b5bb6d9b68fb1d7e717c72592f29bc68fb1280998b39ddfdf35402n/aHeodo
2021-12-0972P5AKMXRQB3CRUU.docdoc 60070dc681a9f7c4a79a3637402a55b5c3e8fba4a2df0ce681f0b1ff311a360an/aHeodo
2021-12-09J1RAA04TEQTR8Y.docdoc e7b9c7ae85b65f18519cf9daed5b665424eb5e90d9ea917793d93a57f0a8860an/aHeodo
2021-12-09MGY5CSFHW.docdoc 6db713111922141d1e216988ca94471878eaf0cdefb37f14a61a6186c9590e19n/aHeodo
2021-12-091YHTJHQC1BAJS1K.docdoc 5b0eadb028eafbc9bb1285c63f7a0fc68a235c037f04e81324474972367ccfe1n/aHeodo
2021-12-09T0J88CIXLE.docdoc 7c73a4da90b895e4add6c77b040582e03c9b358a4e9c2eb9d6c121371e2de1cen/aHeodo
2021-12-09MSLYKW50.docdoc 7d50155f2fd02aa6067f653d01ca3cd296b9851974f23904b601fbffdff9fcden/aHeodo
2021-12-09NWQ8SZX.docdoc 2812ed1b4143a878e5b39bd51b05072d68465d0fd8fa313fc5c8216170644c47Virustotal results 40.32%Heodo
2021-12-09WHRHI485HV.docdoc 052fa4aa100211ec170bc835ccee15ab601aafbe131ec86a16b553a0b2f17b4an/aHeodo
2021-12-097UYXPGR82.docdoc 422cdaf95ec5f430f907c9acf9538f9b76473c10d984ea3370753d2bd8a5d7faVirustotal results 37.10%Heodo
2021-12-09GEIMX8DV0WTU714H.docdoc 0be9d6cb334fc62f10b751c241c8f21645a12c17e1ad1ef4439a9ca0ef278ebbn/aHeodo
2021-12-09EUTFF769VAOS6.docdoc f40d26895ae37340ccc04c2ce8514c7e921ec9047100bbfd7c89a7b0bba61dd1n/aHeodo
2021-12-09C859U2733L.docdoc 3b8b1b6d67f96e2a8ffe58449d0360eb577a46dcedb376d01d0f925c3e6fe857n/aHeodo
2021-12-09YPY81KB.docdoc 51d5b7b3141cc6a727d7dec0bff69a5e7d551d279656b92eea68fea27b7cad69n/aHeodo
2021-12-09FCJ3U8NPGZ7B.docdoc c0aae33c298bffcb74e4ef5d1cbeab82f111eb9de9a57a16f63c5b0db9744663n/aHeodo
2021-12-09GWN2EB520U.docdoc f469688bceb339010e200f2aa7f2ca3417a9eaa5b326a281d26458287acec4e7n/aHeodo
2021-12-099T260OWZIZ910WN5.docdoc 6f42b72cd9319ce52dc6e13ad170721e4529a8eae6eaa39b519edfc3f0a56ef0n/aHeodo
2021-12-09698JB6M9F099K6.docdoc 5be044e26263b5181b3254962210c92a8dd4b9777a0dd18d8d7e4bbdf4e7a5e8n/aHeodo
2021-12-09S86981KF5MCMO.docdoc 432f46caef1c57fcba7f2de3ddfb215a25f0c4e488158953d499b97a7813e808n/aHeodo
2021-12-09LHTFQD6SNVRF.docdoc cd1ea8af51f9a123bb2d33fdc34cfaae4db38a389f31d57a7acfac513eba59f3n/aHeodo
2021-12-09B9IFKF9H.docdoc 5048cc58830b44039d55971bfa5314a0809511010d571ff1763ce09019c23c45n/aHeodo
2021-12-09PBHFTSWC5AX000.docdoc f0b7231879367172ffc03d67819ed0582b25245f0dde0e927ab218ca909ed7e2Virustotal results 34.92%Heodo
2021-12-09T6JYPJPPPZ8GI.docdoc f837a14e07a4863a4e9ad20c7cbe3c779dfa6d32ac4556961879ce6928867bf7n/aHeodo
2021-12-0908FJEJ0.docdoc 7771aa9c50f4de4dc1edab86b0be914f2d91fa44c85385667dc1ea0698e001fen/a Heodo