URLhaus Database

You are currently viewing the URLhaus database entry for http://henkphilipsen.nl/cgi-bin/multifunctional_section/corporate_portal/wXJajgjtZv_wMv8c0hb03pm9/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	273544
URL:	http://henkphilipsen.nl/cgi-bin/multifunctional_section/corporate_portal/wXJajgjtZv_wMv8c0hb03pm9/
URL Status:	Offline
Host:	henkphilipsen.nl
Date added:	2019-12-20 03:36:03 UTC
Last online:	2020-02-21 14:XX:XX UTC
Threat:	Malware download
URLhaus blocklist:	Not blocked
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Not blocked
AdGuard :	Not blocked
Cloudflare :	Not blocked
dns0.eu :	Not blocked
ProtonDNS :	Not blocked
OpenBLD :	Not blocked
DNS4EU :	Blocked
Reporter:	Cryptolaemus1
Abuse complaint sent (?):	Yes (2019-12-20 03:38:05 UTC to info{at}vertixo[dot]com)
Takedown time:	2 months, 3 days, 10 hours, 34 minutes (down since 2020-02-21 14:12:50 UTC)
Tags:	doc emotet epoch1 heodo

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2019-12-27	release 12_22_2019_5FA32549910.doc	doc	97952f368a5722f98e993a06c5dcc290d5ab8f65d35bef26e1c6d471638ba66b	n/a
2019-12-21	release_6491603479-0164.doc	doc	1aadecae9e168d092eb93dbad3f0473f5c2c11233263ed2ace1269ae81743868	41.94%
2019-12-21	last receipt 12212019.doc	doc	37aa7ca6a936d76db6e8f8060a5eb4c556339653d6a82c4b11667d28f81af587	38.33%	Heodo
2019-12-20	newest-89158.doc	doc	06e964cd2981bc6abea29dd680ea91ffff97629d97d557f306066da6c354c5c1	32.26%
2019-12-20	final reference_12212019.doc	doc	0ddd05f4a301e8919c22f9b5a404d93db3d5aa3e3dcd7b5b3e014e189b297b2d	27.42%	Heodo
2019-12-20	receipt VQE545734 26779241.doc	doc	0a430db8f97c853692ab17929306a7a3ac9523448c878e51c0fe7a1665833f24	27.87%
2019-12-20	instance 12_20_2019-D950503.doc	doc	109da0381499feaa9d9bfa202a146781bc1777476841f0c5847015f7a6fa92c5	32.79%	Heodo
2019-12-20	correct_adjustment-0K4941583701 144987727676.doc	doc	d4695b412365970f3061a9b994950dfe0309bb4c7bcbdc99c384c02026faa1d7	29.51%	Heodo
2019-12-20	correct_release_12202019.doc	doc	e10256aa8460c9c6df046fee0c72c6d41130ea4ff241d3f85eb707d89b812225	28.33%
2019-12-20	last duplicate_Y9394-51615.doc	doc	33fd0465cb66a32f30e88e45cad70257f866ed7cff9763293a5894da2b32af7d	25.81%	Heodo
2019-12-20	GreetingCardChristmas.doc	doc	38ccc50635da609242ef8381984b03bd8fa7e79e50c8d62467f8b5e5533b12cf	26.23%	Heodo
2019-12-20	last-adjustment-GZL42919-48142028.doc	doc	dc98644b4039cf69b3aeca3e755ea9380f66cc906fe23126044154fd4655be53	n/a	Heodo
2019-12-20	approved info 12_20_2019_6668616895982.doc	doc	cd7a55ac732ab54dfab8e759c6d2154fe0264126180f22ed51466a8a40ade585	n/a	Heodo
2019-12-20	approved 12_20_2019 72D67074692.doc	doc	0d24eb3bc04dd6a7df975e688b8fd13fb4c325e027327c7c278f2ce0b2350f4d	22.95%	Heodo
2019-12-20	adjusted_notice 12_20_2019_G31994.doc	doc	db1b7614f7990cf6a79141f12cb65d47eae15099ee14be39f8cfee9872b1bd02	22.58%	Heodo
2019-12-20	statement-L1Y36319.doc	doc	2edacd46f6c7cb24386f8fe787b887d16ea418e10ea242fc4d357dbda24e66c3	n/a	Heodo
2019-12-20	adjustment 12_20_2019 21167418698662.doc	doc	f2c96c17e9d5ddcc9566bed87b8f102d64e68b1b1482eaddee95106f34a53029	36.67%
2019-12-20	adjusted_instance 12202019.doc	doc	50ef9a5f6ef2cd9539a0b58a8f8af3fba684f119fe6ded32b0ec2867bf727498	32.79%	Heodo