URLhaus Database

You are currently viewing the URLhaus database entry for http://owlcity.ru/omlakdj17fkcjfsd/common_module/security_lKVEB9o0tx_wd3LhZ42yF1SlT/tlcs2lwhd3vo_38wyy7/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry




ID:288508
URL: http://owlcity.ru/omlakdj17fkcjfsd/common_module/security_lKVEB9o0tx_wd3LhZ42yF1SlT/tlcs2lwhd3vo_38wyy7/
URL Status:Offline
Host: owlcity.ru
Date added:2020-01-14 21:00:05 UTC
Threat:Malware download Malware download
Google Safe Browsing:Clean
Spamhaus DBL :Not listed
SURBL :Not listed
Quad9 :Not blocked
AdGuard :Not blocked
Reporter:@Cryptolaemus1
Abuse complaint sent (?): Yes (2020-01-14 21:02:02 UTC to abuse{at}beget[dot]ru)
Takedown time:9 hours, 11 minutes Good (down since 2020-01-15 06:13:11 UTC)
Tags:doc emotet link epoch1 heodo link

Payload delivery


The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTSignature
2020-01-15Attachments-9492007592.docdoc 7295c628c5a8c7d747f2a1108316b2c182034558ccdabc495e8a4f5beaf5771cVirustotal results 31.15%Heodo
2020-01-15attachment.docdoc d8d5b2b633ee63d37479e20677b732a78e17bc33409d6a9ef49a7f7a45cce08eVirustotal results 31.15%Heodo
2020-01-15Untitled_file_434670.docdoc 87c8765523549bffda97b2026e7d94acad88047515f157001ca32b3b7c778f54n/aHeodo
2020-01-15Untitled-3639135 831188.docdoc abbac4cfe051493dc1f2e9622f16494e6dddd3bea503031cd4d178fadf50593eVirustotal results 31.15%Heodo
2020-01-14attachments-23690897_40249.docdoc dd5eac8b00d4e4e79502c5403c61784f1de489919e887fb46d4feffd22525d94n/aHeodo
2020-01-14Untitled_file-3489.docdoc e516c02c0ce257570e77085464b583350ceaa0abd8bbe96dd68bbbc3b23c89b8Virustotal results 19.35%Heodo