URLhaus Database

You are currently viewing the URLhaus database entry for http://www.xnautomatic.com/gij0w/rjscom-ue1-478519/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	303372
URL:	http://www.xnautomatic.com/gij0w/rjscom-ue1-478519/
URL Status:	Offline
Host:	www.xnautomatic.com
Date added:	2020-01-30 22:20:06 UTC
Last online:	2020-02-19 10:XX:XX UTC
Threat:	Malware download
URLhaus blocklist:	Not blocked
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Status unknown
AdGuard :	Status unknown
Cloudflare :	Not blocked
dns0.eu :	Status unknown
ProtonDNS :	Status unknown
OpenBLD :	Not blocked
DNS4EU :	Blocked
Reporter:	spamhaus
Abuse complaint sent (?):	Yes (2020-01-30 22:22:03 UTC to mazhiqiang{at}yunify[dot]com)
Takedown time:	19 days, 11 hours, 40 minutes (down since 2020-02-19 10:02:54 UTC)
Tags:	doc emotet epoch3 GandCrab heodo

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2020-02-01	invoice_ETF699_95369627.doc	doc	970df6100d8375af169bb259df2c7bb1ad641294e34ed57dc3ad02a38371b4c7	36.51%	Heodo
2020-02-01	Invoice_DN6_195265.doc	doc	b225d3511dd0119fa72b7116c46dcc71459483e37ecfe6b8d33ddf8b304f69ec	35.48%	Heodo
2020-02-01	invoice-QQQ5_52929782.doc	doc	068c0fa7ec2b72cc8c87bf99a725b7e44c8a49a5b8461358acd77d6186504229	35.94%	Heodo
2020-01-31	INVOICE-ZN4432_52239139.doc	doc	f0d28a1e8335c23501d77ef7d61978670eb8a6bf2a3ff5304952a22a6169e264	36.51%	Heodo
2020-01-31	INVOICE PCDT3_436881847.doc	doc	c1b4d23bd83fee4bbb478dda10da921ecc78eb510222a47bc7cbd7735730f810	31.67%	Heodo
2020-01-31	Invoice-E238_752875.doc	doc	3f50f69467b1d9189acc782e1f88059f8d28905044f5ef7d851a765a4e363748	33.33%
2020-01-31	Inv-KI8_01156727.doc	doc	557385e0fca72ec0e0cb78e4fa3878193ac984e8c59bb33353c6565695d6a1c3	31.25%	Heodo
2020-01-31	Invoice 4_531158205.doc	doc	a115ef55d711a5d427c34f3a137134300800b5222228f724ecdecb767aa5ea28	34.38%	Heodo
2020-01-31	invoice UFJE0_059780.doc	doc	48aece09b58178b17b2a09cebbb26f2da0bc3e6140b65d86b642060ec00689e5	33.33%	Heodo
2020-01-31	INVOICE-GZTM8488_2003168.doc	doc	2041559b24b2289ef8263b1c8335bd87424dc62061a72b4bfdd5525b98da6b54	28.57%	Heodo
2020-01-31	Inv HD65_37140982.doc	doc	e01b9d1ec39ab6b746fab54011b045e107974f3d979db52766632eec495d9b59	33.33%	Heodo
2020-01-31	Invoice-UGE633_4376011.doc	doc	8e0afd2fa4abbe847f9ff21eb7ac55c920eb69a98ebf7d214cd28aa32d5a5ecc	26.56%	Heodo
2020-01-31	INVOICE EUC784_0062332.doc	doc	6fdc7cfb6df1cc8fa285d4b835fda141f246bc515b015593b6389ca4e0dbd5b9	21.88%	Heodo
2020-01-31	Invoice-A8_395194059.doc	doc	6fd1cae5cdb47e68f0126cad08a0d7f3e427bf5bf3e2d8dedb5b4f74674eee9a	24.59%	Heodo
2020-01-31	invoice-RW5_6310479.doc	doc	b7240479fd2d092d581c72b25531ea78df9956fb2ea6457b82a34c9c45986bb6	20.31%	Heodo
2020-01-31	INVOICE DVTQ56_703547.doc	doc	351944f1b5408cb7f023e5c428eb6683f1780f8d27dec005c66b5163cc26b397	20.63%	Heodo
2020-01-31	INVOICE_LYT264_157162.doc	doc	e37ea56013de3f5e376abe94907f943d3d382cac1855f56a3841694118a80c80	20.31%
2020-01-31	Inv CBO6_668028180.doc	doc	fc244aba71a46c59805f50c5e9bfbed39277b6c94199062748330ab074a89a11	20.31%	Heodo
2020-01-31	INVOICE-UJHC0214_961257564.doc	doc	02d0fca16499272621f28342b9c41dfc3c6133eb9cc3d485b8334de09bc9825f	22.03%	Heodo
2020-01-31	invoice-HAL8090_14806406.doc	doc	0af8d518c01ba62f4ab1797e291f6959f027008aa5899a8ef72a85cab4830de1	35.94%	Heodo
2020-01-31	INVOICE_UCW45_4888287.doc	doc	813226187f75c12909c10d00dfafe96c916ad768979a68def760048753fdea9e	34.38%
2020-01-31	INVOICE-50_789325.doc	doc	d74b87f85b69bdff1d86ddfca587e4dd079798c98cf7dc80f9515e4d9ccdf8d9	33.33%	Heodo
2020-01-31	invoice UR5295_24828055.doc	doc	5f956252e9f433a4b7675b2422ef016eac5627672a114bfafbc0c667a22db5dd	34.38%	Heodo
2020-01-31	invoice I01_4823604.doc	doc	1c2d2dcc9e0140fd9e9055a697ec4c2c969590ba93a2f5ebf75bde37cc7ba0f1	33.87%
2020-01-31	Invoice 320_653715.doc	doc	1092c9cc1b0dbf643c81898c30d3034b4db59f49a86de85ced39a5315ce4549e	35.94%
2020-01-30	Invoice-M7651_32887025.doc	doc	b93c176b25e95c8538cc6e80bf1dca7b57ab9a7fe306415caed9989f1c306dd3	33.87%	Ransomware.GandCrab
2020-01-30	INVOICE 9_1165848.doc	doc	1803eedd37390563f52b9a4968d9d7b9a3e9c85ec7d838abb06766dda2058094	34.38%