URLhaus Database

You are currently viewing the URLhaus database entry for http://angthong.nfe.go.th/am/private_array/zwsctt_levl8my_area/5ukq3ind_5ws73t9x/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	307170
URL:	http://angthong.nfe.go.th/am/private_array/zwsctt_levl8my_area/5ukq3ind_5ws73t9x/
URL Status:	Offline
Host:	angthong.nfe.go.th
Date added:	2020-02-03 20:39:05 UTC
Last online:	2020-11-19 08:XX:XX UTC
Threat:	Malware download
URLhaus blocklist:	Not blocked
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Not blocked
AdGuard :	Not blocked
Cloudflare :	Not blocked
dns0.eu :	Not blocked
ProtonDNS :	Not blocked
OpenBLD :	Not blocked
DNS4EU :	Not blocked
Reporter:	Cryptolaemus1
Abuse complaint sent (?):	Yes (2020-02-03 20:40:03 UTC to abuse{at}totisp[dot]net)
Takedown time:	9 months, 19 days, 11 hours, 22 minutes (down since 2020-11-19 08:02:46 UTC)
Tags:	doc emotet epoch1 heodo

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2020-11-07	Inf_2020_02_05_032.docm	doc	4733b23fcf6061f3719852bcaf9054ab5416ba39b9dd2948f781db8b5f124ea8	n/a	Heodo
2020-10-25	Inf_2020_02_05_032.docm	doc	10a610bd9c29a04fac5178dd73e69713a658ace632bb98268618f5e208203848	n/a	Heodo
2020-08-26	Inf_2020_02_05_032.docm	doc	15e11e114d66d063ae8695030ea469cd5e9802a7168475924a784356d080b0e2	n/a
2020-02-05	Inf_2020_02_05_032.docm	doc	23f4a774007e2fc64a2824e5973bb695a64667d8d832fbc29806976dad67d7f7	26.67%	Heodo
2020-02-05	mes_2020_02_05_IH4342.docm	doc	59dd4e381b291b460fa9a19705f59aa130ec42495f72ac9010d417197166b58c	26.23%	Heodo
2020-02-05	File_2020_02_05_773599.docm	doc	c0b9c90ce017a4e5196e744c7948464ff57431da4a1d820793c5aea57cc0a095	26.23%	Heodo
2020-02-05	inf_20200205_417.docm	doc	04b54fab60360e9bcdba842251298ff22e0d220be09421e7c525d51964bc4d4f	26.67%
2020-02-05	Doc-20200205-CT9920.rtf	doc	4bda34084014e21ceb2db8fb9003f36f4b3a7bd5a8bcfb9b1badbf13529a6d84	26.67%	Heodo
2020-02-05	mes_9523124.rtf	doc	1d71db32310de6088f008bda0c652b8a1715c3b98c549cfca90601bdc70c59a8	25.00%
2020-02-05	Mes-20200205-0285.docm	doc	ab556aef3f7baf74127e682541cd5bb674af38a62c4c1f89ff43f09388894af2	25.00%	Heodo
2020-02-05	LIST_2020_02_05_TT954003.doc	doc	e017e89646b0d091bc67504f4318ea078b5a279edd898f418ff735e40c432e28	25.00%	Heodo
2020-02-05	Dat 995366.docm	doc	4a45120dce1cd34a211f66e94d6a16a0e567d8aa85527c6fa830f99691cd1816	24.59%	Heodo
2020-02-05	INF-20200205.doc	doc	46529e473f1dc76c028e9d23e9b51ab7dca3b2f86cab1cf88db1fc504aca4705	25.86%	Heodo
2020-02-05	doc-8218.doc	doc	add57fd6782c427fbdbab1e52f313746c594f78a352135f6961c6e7d3d9ea2f6	24.59%	Heodo
2020-02-05	LIST 2020_02_05 G15635.rtf	doc	8da9b64f05685802f69618feda838a3f4331363e5e7ad48cc004353b8a4dac2c	25.00%	Heodo
2020-02-04	List 9231.doc	doc	b12a41580ad93b35de12d010debbbec2825ebb5154ffc8142ca41497ec0fad7d	n/a
2020-02-04	inf_50951.rtf	docx	8abe3476f2e6ec41653192f2adc6b6095371ddb2fa46044e4e8644c6e5d9694e	36.51%	Heodo
2020-02-04	Doc-20200204-RI474127.doc	doc	167323f590c8eea01e897581a3de8e00606c176ff6518fd3ac0a3d64dd2e7d9a	36.07%
2020-02-04	Mes_20200204_008.doc	doc	b71394268acf3acca757143450d5ccc9030bb60cd3e5e9e3245f81fa1b63e757	n/a
2020-02-04	MES 20200204 7132.doc	doc	66fbfabc52fac899652f0e490be589ec3d3c5d3cf233ca24171ab6d8ff55a50d	34.92%	Heodo
2020-02-04	LIST_20200204.rtf	docx	a2af1039b0c9e8636d89d189de0aad64528f566301920152cf493d54409dac79	34.92%	Heodo
2020-02-04	Rep-KD47889.doc	doc	29d71c405f029109b5b6a5eb51f5f957a706b5130105c3abd7e3e97cccc66c2d	36.67%	Heodo
2020-02-04	REP-209.docm	docx	002d694ef8bf683023d2285a4a16c1673c4ac35874c13d7cfd9c9dc9cee5854c	n/a
2020-02-04	ARC-20200204-9053922.doc	doc	ad8378e53d696009088bac02740db29e5b3dff662dfa7428beac4579883ec894	n/a
2020-02-04	list-X359.doc	doc	7769ae1cce4e29c3e8bd982600d46a07804c1f66a2772bf00ea100aa24c227ba	40.68%	Heodo
2020-02-04	Mes-2020_02_04.doc	doc	06ef3b76fdfb2eccd0a672a1023ffeff68a0dea6d2a4da527eaa596842391fc1	38.10%	Heodo
2020-02-04	MES-20200204-UXU288.doc	doc	0c5326e304b5b23196b990d4ba1000e7a34150acbfa3b3cd8aaa35a12f124e26	38.10%	Heodo
2020-02-04	Arc-2020_02_04-B292.doc	doc	05ead2ea8d0ec1dfd4f5b491661af731b41e275c0471f7f733cd097b544413dd	38.10%	Heodo
2020-02-04	list-Z391.doc	doc	501750ada1703f7865f401e573449f6204b469b099d9e1e9fdd8f51413c17639	n/a	Heodo
2020-02-04	Mes-20200204-2267096.doc	doc	3d78b8943ee63fbf0eea864676e6cc25a64863d53c9252807f5cfd86ebe3c4fb	n/a	Heodo
2020-02-04	DAT-WT0021.doc	doc	ce8eb63345280d1325f0c238ee972e035dae857560a8092478c2d7029db2b81c	34.38%	Heodo
2020-02-04	mes_20200204.doc	doc	96ca41fe85593ec2adee71cbe9ddeae3c084689d3bd049ba0b3a548895583c11	33.87%	Heodo
2020-02-03	list_SWY381812.doc	doc	a958c01598fe12500a80df8027f579420835f95b60f2d55b885127d396e6196b	n/a	Heodo
2020-02-03	doc_2020_02_04_T482.doc	doc	63e3e85f403c106b4fafa44e02021f77eed338d965daf6c30eaeaa4c206bba12	32.26%
2020-02-03	REP 20200203 85812.doc	doc	48d06d98fbd62978217a420435ed4da72de7d94474479d4948a0ffa5f198e3ba	n/a	Heodo