URLhaus Database

You are currently viewing the URLhaus database entry for http://wp-dev2.wellcode.io/txa1x/FA-5213/?i=1 which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	1983313
URL:	http://wp-dev2.wellcode.io/txa1x/FA-5213/?i=1
URL Status:	Offline
Host:	wp-dev2.wellcode.io
Date added:	2022-01-17 09:39:05 UTC
Last online:	2022-01-17 17:XX:XX UTC
Threat:	Malware download
URLhaus blocklist:	Not blocked
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Status unknown
AdGuard :	Not blocked
Cloudflare :	Not blocked
dns0.eu :	Status unknown
ProtonDNS :	Status unknown
OpenBLD :	Not blocked
DNS4EU :	Not blocked
Reporter:	sugimu_sec
Abuse complaint sent (?):	Yes (2022-01-17 09:40:09 UTC to abuse{at}digitalocean[dot]com)
Takedown time:	8 hours, 11 minutes (down since 2022-01-17 17:51:32 UTC)
Tags:	doc emotet epoch5 heodo

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2022-01-17	3174_892194.xlsm	xlsm	6bdbb92cd4daddedd242c8698d421dc0136dc5687709d94b56ed27a34de618a9	n/a	Heodo
2022-01-17	3174_892194.xlsm	xlsm	6bdbb92cd4daddedd242c8698d421dc0136dc5687709d94b56ed27a34de618a9	n/a	Heodo
2022-01-17	88992716_880601188.xlsm	xlsm	676a48199f3160fea5471df5ec03121902d16658e4d96e79c87f9d0cedb3d7cf	n/a	Heodo
2022-01-17	Z-33297795.xlsm	xlsm	93be26a2d64cc33e0e7b12bd58864096b58480328f1dc7149d6c65ab3851aa83	n/a	Heodo
2022-01-17	rlago_29867767.xlsm	xlsm	692480d09a4c77c1b468eb5a70b0edac5f89b9049193946503509ca0b92a5f10	n/a	Heodo
2022-01-17	28231-474.xlsm	xlsm	cc2d5d96bee1a1163fac2504e913534d43e1eb78658e73dc5adc750f81d548bb	n/a	Heodo
2022-01-17	43116804_39933.xlsm	xlsm	806646c0e20461a2043f38f8876b87ebd0101c4bd493aef42d766d957f2b9045	n/a	Heodo
2022-01-17	789006540_30.xlsm	xlsm	85578c3bfa91e7645dc238da4274def58ac2e8b2efbb0cae513c88be01746569	n/a	Heodo
2022-01-17	gLb13.xlsm	xlsm	f7306f18d937b8d03bfffa857a68872e4b4c121c5ef39515a58a20f2d46dd7b8	n/a	Heodo
2022-01-17	62_323.xlsm	xlsm	a18229a896ad390cfb7832892e22f4a346b014adb0c7b5aa5502b2a128d97ab8	n/a	Heodo
2022-01-17	722724017_23.xlsm	xlsm	39c894e6cc35e8ae6b7f8c022fa5e7121d3f27c7a4804231c2bc6f5f132ab317	n/a	Heodo
2022-01-17	zcwkedy_33.xlsm	xlsm	6ddf22f24242752cf15ad5b9e5c27b696e1b48e18a0d4818884cbd1f65ce2082	n/a	Heodo
2022-01-17	1821-41251387.xlsm	xlsm	7ec90c9eaac5320800a4f005ce94533337f5001bdae3fcd07fcc607cf11d95e3	n/a	Heodo
2022-01-17	tMOUlB70872054.xlsm	xlsm	f78560c7db1c0122cb9158dc23d96041a5fb7550afcd947b6576964c93c71ed8	n/a	Heodo
2022-01-17	230092412.xlsm	xlsm	8d209fcf2f9009c909f1a62b0a87100c7bf3eccf9a61e853e0b1ff836bc21def	n/a	Heodo
2022-01-17	W-86.xlsm	xlsm	a661b626d8de73a601c9c18f2e4bb4fd904cdfbfa94a8ac0209225ea950fb9ab	n/a	Heodo
2022-01-17	4607320295.xlsm	xlsm	266b3866e6b818d584fa181346c900c601eefd3fa66703c0130fc5b3b7148794	n/a	Heodo
2022-01-17	9486382-5430039.xlsm	xlsm	d83bab7b2ba5c97259a4b9c8250a26f8a683267982c93a7ef82f2341ba5bea6e	n/a	Heodo
2022-01-17	wfgceyf_1985.xlsm	xlsm	31877b7d2dd8b545939631d2fe2e5a5eabc9f0821db399fdc0efc5717dd290d6	18.33%	Heodo
2022-01-17	055177859503.xlsm	xlsm	c155b963bb8446fe90e7f59ab3b36eade8da29cb306e1b27ebc7b416ba76ee8c	n/a	Heodo
2022-01-17	JMD_7959.xlsm	xlsm	f4e6410b17d12f7c1b179d4bf41aff89cece249be1c1df00e8ad21bbfeee1066	n/a	Heodo
2022-01-17	8821139_06.xlsm	xlsm	ec39988599cc022243a42dbe63337f74ee9c9addebffb013880b064d528e03de	n/a	Heodo
2022-01-17	63584336-39.xlsm	xlsm	48f88923445a520932ad00a33e305f4dcd0e4be586875071acaf466eb9369809	n/a	Heodo
2022-01-17	RM_022.xlsm	xlsm	ac7a8b77266ef5c10175e368c29051ca52884db4cebd3d5e5c7bc146c87e10dd	n/a	Heodo
2022-01-17	VUIP-875130.xlsm	xlsm	097c9b7fbc89bb7d52061a8795dfae399768a8f69c3c5443f89b8c0bd896bc94	n/a	Heodo
2022-01-17	MQ_012051.xlsm	xlsm	1fe942f8fb7656e92f1d24a24cce7fd0bf9564693184fb8883203a4733b51253	17.74%	Heodo
2022-01-17	l_53.xlsm	xlsm	ebd1626be2e0854e1b80220c576732baa57778150a71eacc8322cc4807966f0c	n/a	Heodo
2022-01-17	FN_52539720.xlsm	xlsm	a952bf3bb2081d8f86b9367fdd00dd335b632897d2804bd7e03c1ba4f523b69d	n/a	Heodo
2022-01-17	ysuzc-1774519.xlsm	xlsm	76b334993cdedc2a0eb033839dffb697eb5269723985a494807c2552d786b37c	14.29%	Heodo
2022-01-17	A544064.xlsm	xlsm	fa86255c3bb2a849be6b1cc999d58a25b4cf029eba64c726fd510a64eec6b45a	n/a	Heodo
2022-01-17	938891166-415.xlsm	xlsm	789a714e49a412ab5c62e95020e12ce9a1168cee355fabf832f8087746175a38	n/a	Heodo
2022-01-17	Z_7987969.xlsm	xlsm	7737536b3affa159abe3ffb62adf67997b7fd9cef0c441bf7812888e5035c4b6	n/a	Heodo