URLhaus Database

You are currently viewing the URLhaus database entry for http://www.onwardworldwide.com/wp-admin/YXCi/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	287732
URL:	http://www.onwardworldwide.com/wp-admin/YXCi/
URL Status:	Offline
Host:	www.onwardworldwide.com
Date added:	2020-01-14 06:17:07 UTC
Last online:	2020-01-27 08:XX:XX UTC
Threat:	Malware download
URLhaus blocklist:	Not blocked
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Status unknown
AdGuard :	Not blocked
Cloudflare :	Not blocked
dns0.eu :	Status unknown
ProtonDNS :	Status unknown
OpenBLD :	Not blocked
DNS4EU :	Not blocked
Reporter:	spamhaus
Abuse complaint sent (?):	Yes (2020-01-14 06:18:03 UTC to intl-abuse{at}list[dot]alibaba-inc[dot]com,abuse{at}alibaba-inc[dot]com)
Takedown time:	13 days, 2 hours, 41 minutes (down since 2020-01-27 08:59:22 UTC)
Tags:	doc emotet epoch3 heodo

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2020-01-16	Invoice-MV92_26580.doc	doc	37e98c8ff3288199a2a4ae056b48dde6ad9ed9cbaf76e837ded084ad42271771	44.64%
2020-01-16	Invoice II98_4853.doc	doc	269965b4af6141362583544cfcfab53caa4b1b3eed4f19502792575b2786d47b	42.62%	Heodo
2020-01-15	invoice R36_3345.doc	doc	379334a58831aca705a510047c7416daf90a0a102440a8972f87ad3b3e3727f5	41.94%	Heodo
2020-01-15	INVOICE-GD93_578.doc	doc	0f0f2f15c319d7abd2bf1f48a46a0cfcb8f4b08e03340187d2a119f1c64576ab	36.07%	Heodo
2020-01-15	Inv_ZW596_33359.doc	doc	72b320699cb518522bc8de981d398fcd38e4839f9c29b8f49e11df95f8fdd634	35.48%
2020-01-15	Invoice-MGT822_894.doc	doc	ced74a717f09aa4ee30f883e7140c28a91a1911384510acf14127ecd77ae577c	35.48%	Heodo
2020-01-15	invoice QD564_57.doc	doc	1a86b0027ed894d1cdf56b5880263c545a5fced00774690756a6c3c0a86cb013	29.51%	Heodo
2020-01-15	Invoice-P24_70.doc	doc	abc61f312162f9df332438a4bbeec7b50ee4294b7ba314212f0b549bb14c08c8	27.87%	Heodo
2020-01-15	Invoice N25_97.doc	doc	dcedb53b529085ae7137a2988e6fae5bddcf56c9411337d2b8a2d449f0091086	24.19%	Heodo
2020-01-15	Inv L53_93.doc	doc	ff25de613a694810c4fbe525825171ac6e62d0485038503e971f87fbdd2049e3	n/a	Heodo
2020-01-15	INVOICE-N292_78219.doc	doc	b7d6a9d883ceb3098ae6e82cb15a930133fd838486587f4f1fee1145cfc87b3e	22.95%
2020-01-15	Invoice ZIV33_497.doc	doc	d8c471af6cd71b2f8f787a8495e917b1840894d61b338e78b5acac899cadf519	n/a	Heodo
2020-01-15	Inv-MP52_27442.doc	doc	0be95290124a09aa4fb39e3c9069ee6c8078349d8fedc5694c2bf8e6291b4839	n/a	Heodo
2020-01-15	Inv O566_33.doc	doc	b93dd65b3939c27e61103ac9113524b3469e30f2358c2fc76883a36a580c3783	17.74%	Heodo
2020-01-14	invoice-I664_507.doc	doc	c912fbd5e3979ce3299c6cab4db775c4d86fcd1c779d4c2b402931f558484d99	16.67%	Heodo
2020-01-14	Invoice-RBJ547_78.doc	doc	801b373d37824fd2ad3deb032cc8ad648030947ea375eb994b2e15b23a0304dd	n/a	Heodo
2020-01-14	Inv-VD21_578.doc	doc	c088977bf0174e3632493d2aef08b77a3aa0d3fe40c4ea66ee38f8bd96a6e6c6	16.67%	Heodo
2020-01-14	Invoice-AA15_99545.doc	doc	88d703fe59f728817d930aefece5014cd75324b02568f6d2a9f69efae7915871	n/a	Heodo
2020-01-14	Invoice-PV314_280.doc	doc	75eb88048fa201b46d96cca9fa12f4b4917232c3d963596554a6970d007a639e	13.33%	Heodo
2020-01-14	Inv_NY19_26.doc	doc	516dd65e909384e3f3966aeb56253db71e221d6a1a6e48e323bb857217a8e467	13.11%
2020-01-14	Inv U85_48079.doc	doc	c9e03d9b15a357f412a9ea5302fa6183e4f06d8ace5d5b43dd1cb67d11e0146d	13.11%	Heodo
2020-01-14	INVOICE-MM560_94.doc	doc	d50fb4d2b5aeca55182160f95f244527af5d00d92c8e760906394e338cfbe992	n/a	Heodo
2020-01-14	Inv RMW21_47608.doc	doc	bff484c3a259993eded74499820830eb2da53828fcc763b8f600261572c42b98	n/a	Heodo
2020-01-14	Inv-Q346_5974.doc	doc	67f8c63d4fa5c53c9fff164f962b16abe128d2b038e10f5bcacafa2e446788ff	21.31%	Heodo
2020-01-14	invoice-SXY845_92440.doc	doc	61ef44b898c732da0b07cc34493e971778b8835edd28386161473dd228025581	18.33%	Heodo
2020-01-14	Invoice-XE90_21.doc	doc	9f430cba9753330bd2dda6221bdcd057c6e188e12c984e211d0d1eee54636c51	16.39%	Heodo
2020-01-14	INVOICE H63_807.doc	doc	fae7e292b443e97b48949f711e94e1ee3c23e5e01cdcb3d890bb6c20d459d756	38.71%	Heodo