URLhaus Database

You are currently viewing the URLhaus database entry for http://headwaterslimited.com/wp-admin/NQr/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	289934
URL:	http://headwaterslimited.com/wp-admin/NQr/
URL Status:	Offline
Host:	headwaterslimited.com
Date added:	2020-01-16 11:07:04 UTC
Last online:	2020-01-20 14:XX:XX UTC
Threat:	Malware download
URLhaus blocklist:	Not blocked
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Status unknown
AdGuard :	Not blocked
Cloudflare :	Not blocked
dns0.eu :	Status unknown
ProtonDNS :	Status unknown
OpenBLD :	Blocked
DNS4EU :	Blocked
Reporter:	spamhaus
Abuse complaint sent (?):	Yes (2020-01-16 11:08:05 UTC to abuse{at}hostrocket[dot]com)
Takedown time:	4 days, 3 hours, 49 minutes (down since 2020-01-20 14:57:10 UTC)
Tags:	doc emotet epoch3 heodo

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2020-01-18	Invoice-EQAM1_825355933.doc	doc	2f90590da13be020cab94f6054224224af5d674bb07964796cbb051cef5dde3a	27.87%	Heodo
2020-01-18	Invoice UU3_606605551.doc	doc	c0ddf7ec4f4905aaafd9371d7d00d8bd21bf9f5d9d49403591e1cfbde36925eb	24.59%	Heodo
2020-01-18	INVOICE_8143_673023693.doc	doc	db670e32ccf692c3e85cf5a07e047bb337af24ad3de408d8894a3c0ca2b8c505	21.67%	Heodo
2020-01-17	INVOICE_BXM089_56353584.doc	doc	f95984ef535315242fca3fc45cb952c5918ca8fecb789f8a803e4e1471a25c94	22.95%	Heodo
2020-01-17	Invoice-CPP9530_129590071.doc	doc	b09c1b973c6ca799fe7817c241a0a1c56f907feffe6ecd63daa615be18c7b077	20.00%	Heodo
2020-01-17	INVOICE OYC4406_978486.doc	doc	562abea095cfa78a34b3896d0d1c23bb11525f5c7691852026b0aaa3d97151c8	19.67%	Heodo
2020-01-17	Invoice-VMBE6_949398.doc	doc	3f227c11e8835a6cb877438bf4628c9b105553fa1fc681389fcf5bd5574dcfa0	19.35%
2020-01-17	invoice-KSRZ23_154308.doc	doc	ba41ad73fcdce6b4e813741379ada938bdc3b9f751255d0f38bf9e39833dd000	23.33%
2020-01-17	Inv EIJM818_450279.doc	doc	210a6a37775d925d838f75b9b8c15635f4b9a2fecade8e4b1f6fedacdc428c72	22.58%	Heodo
2020-01-17	Invoice_FCH3_499584757.doc	doc	127fbb144e09a37a3fb74478730d2c431fc0876897035497e7dce1c49d3d539f	20.00%
2020-01-17	INVOICE-DCN92_8906123.doc	doc	298a10ce8a9fe8dcc5947d02585a549d1c9d0609c7d11473ff4c8dfbb3a9f801	21.31%
2020-01-17	Invoice_SM8_81523429.doc	doc	dd16805945f08b66a472325c92bdb3d2a2568f1741453e6d5249a2532c721232	18.03%	Heodo
2020-01-17	invoice_2_85246895.doc	doc	6a30e995f8d4b431a06066f77625efb700c679b72dd760d573016bfb6c391a87	18.03%	Heodo
2020-01-17	Invoice CYKH93_78725012.doc	doc	a841b264457a4ff7ff83a9b12a0f80c9902edff2f134497e5906e16a3b5b77ad	19.67%	Heodo
2020-01-17	INVOICE-YOU1318_51142973.doc	doc	c682de9b99812ab7c470a026d17e1060364b9bf4e1890d733b05ef312452f8d8	19.67%	Heodo
2020-01-17	INVOICE-YD0211_86773686.doc	doc	72e668b37382f89e2ca769002432f8795a29663a6d98d1e2ad158c6cc13f3794	19.35%	Heodo
2020-01-17	Inv-NT957_5754852.doc	doc	81e67b1fefc9adfcf367364590a04c14a8b109dafe04e935412b4f8c82ed5f64	19.67%	Heodo
2020-01-17	invoice-BO9_057131641.doc	doc	30c567c6efb9fbfe69f1689efbf61d25a4e8eb9c44018602a7bbbb699505ddb1	19.35%
2020-01-17	INVOICE-QF3_264349870.doc	doc	e54979318c06a7cc3d8fb5f00d32d0fa2a169f8447a224ec8822749071c550f6	37.10%	Heodo
2020-01-17	Inv-RKTF3101_3130616.doc	doc	197af116115110512c62798ebf269522be366efda960b47d38c99064a6d9f373	37.10%
2020-01-16	invoice-BJ3_0093107.doc	doc	bb4020e88ad04a6388b6b9e8ff83bb890bfe825f0927d15e8efe19b3c506f59c	36.07%	Heodo
2020-01-16	INVOICE-7_7699253.doc	doc	443e433f060461b09207bb30cb7b5cdea7f4b53176d4554a94524b25f0e984b3	34.43%	Heodo
2020-01-16	invoice_WQG90_1285460.doc	doc	6181d694653add4a58a2dc8535371c420cf35014cb78f8ed1447986900fd103b	35.48%	Heodo
2020-01-16	Inv_RICD0099_025008215.doc	doc	d138359ab7543bbfedd4895fb0e815b5a41453c87e601a5a4ab2d04363a3aec0	31.15%
2020-01-16	Inv_7_161711.doc	doc	bb26c71a0583d024ba82776f408a57eba39ca86dd7c403c127aeb747e83fde9b	31.15%	Heodo
2020-01-16	INVOICE_D112_03544703.doc	doc	3733fb5c12eb91bf990e79b83409042accf206318cc69a2ba170c69a7fa2da30	30.65%	Heodo
2020-01-16	invoice_BQ956_36995115.doc	doc	10a9ecd17e41685a7887e61d9f954dda1fb10b88f63108e0fa658862eb6350eb	n/a	Heodo
2020-01-16	Inv D1880_362617.doc	doc	8d08c64109af9505b6c11a3290ec23b392dbbb001faf7a0e568b4b31ab1eb138	n/a	Heodo
2020-01-16	invoice-DAZ7_299853.doc	doc	b44638c59970903aff549cbdb9555ba334f7471ff807475bb8e1713cfa35b0af	29.51%	Heodo
2020-01-16	INVOICE_MAVH7727_748198.doc	doc	8fa8afbec1406fdb512b5830336edd4933a2900bb41a779acbc6193898392b55	n/a
2020-01-16	INVOICE-8263_308601.doc	doc	dd749bb3c949f637fa1cfd7c91e112d1216bfb350a0c795270491d04fff7d9e0	28.81%	Heodo