URLhaus Database

You are currently viewing the URLhaus database entry for http://g2amarketing.com/wp-admin/8521-391583/?i=1 which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry



Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:1973429
URL: http://g2amarketing.com/wp-admin/8521-391583/?i=1
URL Status:Offline
Host: g2amarketing.com
Date added:2022-01-13 09:38:28 UTC
Last online:2022-01-14 10:XX:XX UTC
Threat:Malware download Malware download
URLhaus blocklist:Not blocked
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Status unknown
AdGuard :Not blocked
Cloudflare :Not blocked
dns0.eu :Status unknown
ProtonDNS :Status unknown
OpenBLD :Not blocked
DNS4EU :Not blocked
Reporter: sugimu_sec
Abuse complaint sent (?): Yes (2022-01-13 09:39:13 UTC to abuse{at}contabo[dot]de)
Takedown time:1 day, 0 hours, 41 minutes Poor (down since 2022-01-14 10:20:26 UTC)
Tags:doc emotet link epoch5 heodo link

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2022-01-14152178825120.xlsmxlsm 0b9b2acaa62d7f34f96054e94f340c1f4957f6f0ecd13f1635b8cf9cbfe46098n/a Heodo
2022-01-14QFB_056.xlsmxlsm 920dccc135e7f573d85fc925df056af68170bbdead1b6cd0e1fcd31b1e1b2e7en/a 
2022-01-1488AIJTXFP-65935.xlsmxlsm 320e9b7c12da6a0484b786666c2e5bd35a707234d1503379ac882d9a9c7ecd69n/a Heodo
2022-01-14R_870.xlsmxlsm c6d25e85c9b94f389f35a0dcf68e58dd96c1b1dd4269ef4b5b8aac454b2efcban/a 
2022-01-14MgunF2.xlsmxlsm 69fe483cbf9427d9bbb6cfdd80b678b7ef6160e39fcb3e03e8cfd301d7ca0126n/a Heodo
2022-01-14AJP_4275.xlsmxlsm c94b6907928429e7d56f171d9a379d24c0250086ffbeb2a9da5dde1049fa569fn/a Heodo
2022-01-14PVW-723.xlsmxlsm dc929317cca3b519661820052cd357c4891f7725de37b15637010b5903292a0bn/a Heodo
2022-01-1440VEZ490.xlsmxlsm fdb92c93fc55216d88ecb346e4b600385fb8cc3ee2aa598cef3cad99b3f59fb3n/a Heodo
2022-01-1411472207870303.xlsmxlsm 8f7a9cc8cbc19032e25ab6524b05b1e6807b05e96abe4e3467200394ef44f5a8n/a Heodo
2022-01-14224_24913.xlsmxlsm 48894064de8f0c8f53863ef98d25bc7855584bbbb261682c8eef1ff0e41397een/a 
2022-01-14OUIL-1.xlsmxlsm 046d5f85d492903e52b9161d9454a1b6a18f3980482650fff9a9b2ba7086c1c0n/a Heodo
2022-01-14AMJKT-745864.xlsmxlsm 9bbdbbf2e16c8304a30bc12313362864d0b4611b6b5564e5fa4efeb559c9a4c6n/aHeodo
2022-01-142938_7560419.xlsmxlsm 0db8962b34a097cbefe62d17aae56cbb6e86fd1f8302a190427bf5de9e3a678cn/a Heodo
2022-01-14svpb_70.xlsmxlsm 4098eed9c3a2b676312fcf3dcdbcf4f18affb50ab9b31d02868aeee1b6e7d932n/aHeodo
2022-01-14D2382848.xlsmxlsm 427030980a8af62adaf28fc00d1ee2507de9cf4f09b4cbcd5b00b064e60d4d3dn/a 
2022-01-140617831_193158.xlsmxlsm 4ddd7b352b1dcd33b7c14c1c0899bd7611ca731ce4f50be4a395afd8ceca2eben/a Heodo
2022-01-14561794998_712.xlsmxlsm 3b63ba5e81eedd06656eca70b56b6d9490b598df1646dd83dacefe8cd52d6a77Virustotal results 23.81%Heodo
2022-01-14NYA_4734.xlsmxlsm a12973f38e2bc441e03c7453e8385101df0a71a16c56f56dcb65194a0729b32bn/a 
2022-01-14917_0999.xlsmxlsm 0e2db8bad325d450826ee98740532c44b36d70a95f31178c85a50f4e8ee9c8b0n/a Heodo
2022-01-14897453471-20383.xlsmxlsm d7e424ccc4f316f9abbabc2a3b0bc47b61daf071111fed745056ffc823c541c1n/a Heodo
2022-01-1476417469-126966.xlsmxlsm b8b1fb98701bf450f491a99a027c35455ecc635801276ec74d0f637aa91aa3f9Virustotal results 25.40% Heodo
2022-01-14M_56963043.xlsmxlsm b258f9290e51fbb164e311ba5ed55dc99113582e4f849be35be5efcd3a6784a7n/a Heodo
2022-01-14qaym-015.xlsmxlsm d55979fab69e6383de91fecd3232f4f013cc7eb8de5a4a0090c6e0a371765b4cn/a 
2022-01-14184826864_454177.xlsmxlsm 28d2e274a082c7de870cd52bde0f9bb929bcb9331d7ce9e85f5c9bb6948a59dbn/a 
2022-01-14WT_6044.xlsmxlsm 9c8a39e1e2d7547aebadc4f37b84543d9e48faca443b9acd76cdf46d65459acdn/a 
2022-01-14567352491_47751593.xlsmxlsm 4eab3977f88e6444a99925c2a5769e6b720e8a6ba4ee8cc8235e23a33a1e6658Virustotal results 24.19% 
2022-01-14393MQAKJIZWZ-00044.xlsmxlsm 948bece3441056d04af338e263063315d45921d28cf536276011fab5b2127a00n/a Heodo
2022-01-1378816OVIAZ_3439889.xlsmxlsm fbaad03de2f185ae958c7192e2215fb6678792763d4872c4d3081d8980edc463Virustotal results 24.19% Heodo
2022-01-13FV_0.xlsmxlsm 88422e6f6a8baaf355add1168faec3c2cf520438933d982dcff40a31f2468a09n/a 
2022-01-13lcaqcfm623257250.xlsmxlsm 7e9d46cddda81be61354089d761d2fd16244b505d6aed655e1fc0a44203cb37bVirustotal results 24.19% Heodo
2022-01-13h_3.xlsmxlsm 792a7b8e75aa51f90c66ee711faf429dfe3220b038cc3725ee935083fcb60e0fVirustotal results 22.95% Heodo
2022-01-13VCrgK-5442462.xlsmxlsm cfcf60f2a598ac8e1abc547928fb7b32fa3b58afb00c098f3b6b34b77d0ffbb9n/a Heodo
2022-01-134990705406.xlsmxlsm 581fc75adefc48a9698d1bc72dce3048ee18acc2a34ef3af5c72a1f83c1761b0Virustotal results 22.58% Heodo
2022-01-1308823_24894739.xlsmxlsm 88876b87c1e34620663cc95177326339d7853e695ff37d35a180f61d76d019beVirustotal results 23.33% 
2022-01-137543_1348.xlsmxlsm bdaea2c03177079e3874c6f5d9df40bd1d98dc7adf2f25e7226e35852c2a633bVirustotal results 31.75% 
2022-01-13R8823017.xlsmxlsm 5f078012b57ca56c92cb000baabb72b809c64fac6e70911c9175074c54839087Virustotal results 33.33% Heodo
2022-01-137997691NXHPLYUM8475.xlsmxlsm accddc7c06e08cf3517f7277a5c299c85176cd7821220fcbc6681c3dfba5be01n/a Heodo
2022-01-130024905_20081949.xlsmxlsm f6319e708e7c942acfec28dcc5e23df293475f01d892e4992d9717277f79d6eeVirustotal results 30.65% Heodo
2022-01-1380437145_2284070.xlsmxlsm a139884d68aacbe19a1b68501de5392ef5ba05cc3eb5a5b2ed0c347db44af4can/a 
2022-01-136322558_6105.xlsmxlsm 5cf53f9f40389a8c56abd3a90681dadd27c0db904fbc2422ec9baa37e84c1584Virustotal results 30.65% Heodo
2022-01-13954398-913.xlsmxlsm d652c467b10eb9cec0d36d73accbe00a2d4704678683e8ab611e8de487e34cf2n/a 
2022-01-13ScIjFU_45.xlsmxlsm e8582d91a7c35b946a184125231a598380cf9c149e2e754acad290a1e129ad03n/a 
2022-01-13NJS_170.xlsmxlsm dee5ec66769ff7c294f4e80dd10d6d284a306774dcd6f62308d0f7052c6b87b1n/a 
2022-01-13050759-5084.xlsmxlsm 78dd5816d66701839612b5caf64d4337e45d516e52b5f177345f5019ce4aa907n/a Heodo
2022-01-1313TTWBGKWLTA95.xlsmxlsm e07efb44e73f01e1cd957c1874bce0e453c91eaa561f46efb373edb97100320an/a Heodo
2022-01-13Z1557000.xlsmxlsm e8da2349f8ec549d999a3e63b1f859f0452b0301aaf4fced70ecbba675b81247n/a 
2022-01-13zxprk5061004.xlsmxlsm a8b105b33e639fbfaf784868e4c8b14639d7e0dfbde96bb5071fa8d7160595fen/a Heodo
2022-01-13kdmmin45969.xlsmxlsm f1d5904d51c4f979acbd63d484b167b8cfe3b6476c70a47a80f22399c27253b6n/a Heodo
2022-01-1393928_3776.xlsmxlsm e6881b3140103136fda1da81065755e68de65df40faf02a6bb15ca329fde15aen/a Heodo
2022-01-13132916.xlsmxlsm 6452605acbfd7439e825e954124dd53046c5f148daad80558e64ccf1887a2ccfn/a 
2022-01-13L-08.xlsmxlsm b19bc21f8451f79c07538d17976a4e7881e2046722f28008cf12c70034478b8en/a Heodo
2022-01-1317758KSGVJCAHD_71522.xlsmxlsm df5ad9633a767fe4cd01656bd094a53ce1ee7e2ba409eeb7852cc36bc8adcb58n/a Heodo
2022-01-1300717646_12.xlsmxlsm 772971a6b4223ed654648f6e79e34133c55e788e60337e0ac7c29b53592adf17n/a Heodo
2022-01-1316_4683261.xlsmxlsm e8f7635b18c4c4839e484cff628d95af7c590344a8639630639c5cc6e0afae6dn/a Heodo
2022-01-13YDMVJ_171342.xlsmxlsm b3a8073712469f70329fad465825f867bd6dcf83420de3004730f91ecc938138Virustotal results 30.16% Heodo
2022-01-130333086-45850.xlsmxlsm 125468fda9c224d8a3ccdf92f08037a343c0341a8e64dc2c1182e1d3d4e496a7n/a Heodo
2022-01-13NOI-22.xlsmxlsm cd1b8b06a27b93f21a8da161ab4af2768ecdcbe5f8f5122d89c33caf145da46cVirustotal results 26.98% 
2022-01-1312926703067.xlsmxlsm 915354db100b6c7c744bede05828fd397ef2ab000bced2ac46e799b5d5a8e9d5n/a Heodo
2022-01-1305879859.xlsmxlsm 726be01c1600c33b9a3d322885ca12383ec5b64546bb389670176f77f7faf162Virustotal results 19.05% Heodo
2022-01-13urCQK_3.xlsmxlsm 91a5d84ee08d2f207c285b99e1fd370df43a7e9736c626e672d89cd7711cc6ebn/a Heodo