URLhaus Database

You are currently viewing the URLhaus database entry for http://valery.ir/wp-admin/qqvC-kULzS253EdA-disk/test-portal/9739919332199-JZtfIjjtzfA27qdB/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	415460
URL:	http://valery.ir/wp-admin/qqvC-kULzS253EdA-disk/test-portal/9739919332199-JZtfIjjtzfA27qdB/
URL Status:	Offline
Host:	valery.ir
Date added:	2020-07-20 18:31:08 UTC
Last online:	2020-07-21 04:XX:XX UTC
Threat:	Malware download
URLhaus blocklist:	Not blocked
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Not blocked
AdGuard :	Not blocked
Cloudflare :	Not blocked
dns0.eu :	Not blocked
ProtonDNS :	Not blocked
OpenBLD :	Not blocked
DNS4EU :	Not blocked
Reporter:	spamhaus
Abuse complaint sent (?):	Yes (2020-07-20 18:32:03 UTC to report{at}parspack[dot]com)
Takedown time:	10 hours, 1 minutes (down since 2020-07-21 04:33:26 UTC)
Tags:	doc emotet epoch1 heodo ZLoader

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2020-07-21	Dat.rtf	doc	276dfa20b9cffd3ac104aeafed599b2f70a9fd0e8d4faf1d86ffd46e8354a416	32.79%	Heodo
2020-07-21	list_2020_07_21.rtf	doc	cd605825d74d60677fec41c84dc39462658ebbd5edd8e29cfe9610a29291b3e9	32.79%	Heodo
2020-07-21	rep_327.doc	doc	6c7da386cdaa6398c065aafedeb01b31ec959ecf615e9601a81a2c86488c4c86	32.26%
2020-07-21	INF-20200721-609.rtf	doc	1236dd4116a2c4ba4427175d0a3e88c848f70dc6219f6b22f1997ae3ba80ba14	31.67%
2020-07-21	REP_20200721.docm	doc	4e34674eaa422795c92ef9cb66994e18a57553e217b4bb4de69c1369608e36e6	31.67%
2020-07-21	Rep_20200721.doc	doc	49b857e2068f710d1facd444264c6d8804ecc9e2ba9660953b24bbf213cc66ba	29.03%	Heodo
2020-07-21	Rep_20200721.doc	doc	33e64096db5340fb26c5b5d6f9b1dd89674d3a77a96a25fafcb878d9929fc9da	31.15%	Heodo
2020-07-21	file-20200721.doc	doc	99c6c8f02c2fef792bc8a5a6406b0baa294156cb38b8df191f98cfb5a90547f5	30.51%
2020-07-21	ARC-20200721.rtf	doc	cce8e5e706869261ede523822b673dd52e48d4351de8600f5ac209a7f0189629	29.03%	Heodo
2020-07-20	Dat_YDC59379.doc	doc	e00291bcd00edfbf9f8f55a1f34576b512404c036b744d0ce846397f8a83bb1f	29.03%	Heodo
2020-07-20	INF 2020_07_21.docm	doc	518def77204a86e55289809beda7c491b0f9ab290b10d7b4bae1c670a0f69c8d	29.51%	Heodo
2020-07-20	File 2020_07_21 66426.docm	doc	f83e32a15080c0f31451809377046083d52daef3354edecea6db6ccf4158a43a	30.00%	Heodo
2020-07-20	Rep 2020_07_21 ALE2858.doc	doc	107cf68ace70917126432b415c7a9b4a18e3f87c304c1ea780b1fe0950167c29	29.51%
2020-07-20	Inf_2020_07_21_TNX245.docm	doc	44c487bb620fcaf9ecd88961303e24f705390f3c23b0154b738fd30873832c0e	29.51%
2020-07-20	LIST-B07745.doc	doc	c0696d196c346305861f4e358f48f216dcdde4251309abed3547504007cb858c	27.42%
2020-07-20	FILE_A145495.docm	doc	616dde6dc6e22e28f4149e26996578dde114b40f896cee3cb36165d52ff70857	27.42%
2020-07-20	list 20200721 4396.doc	doc	1269bdbbc40be92cc1f13918a692b34fdfeec466bd7d872863ecc405ff38f77f	27.42%	ZLoader
2020-07-20	REP_20200721_FEO302.docm	doc	c6050ddd07c6d8c4aee73c52d0e50d6056ebd5f3e82550d8c771fc4353d489fe	28.81%
2020-07-20	rep-PQF83222.rtf	doc	eccf2d10cb44fb11136e2edaf7af5de351637d1479888142221354abf8986760	27.42%
2020-07-20	doc_2020_07_21_SWZ5315.rtf	doc	ec87e9999c894cdef59c964d06c6de6c7a7134d373b4e754180d90dd5fb23f64	27.87%
2020-07-20	dat_9038565.docm	doc	d28f9dea8c5837be7474d3735799da462ae74c0a0f3e7279a3eb8a50ba6183ee	27.42%
2020-07-20	Arc-2020_07_21-339.doc	doc	10e15c8850925b8f03210b06fdc2e0e87bd7339bf6a185992346e2063cbe1e99	n/a
2020-07-20	Rep B853735.docm	doc	3aedca3992d77371154f015834399c14aab576050a53efa01fb5714e01beb841	27.42%	Heodo
2020-07-20	inf.doc	doc	dc9d3da24212096b6029163166558cefcd8b37aae588dd461d9b5c02700700af	27.42%
2020-07-20	arc_2020_07_20_978325.docm	doc	8f282a424b1167ed2e71b2355a7c4e6797a75d031969749e3ba21050292414e6	27.42%	Heodo
2020-07-20	arc-2020_07_20.docm	doc	a1064f658ecf514ba982b19196bb1ea0b7f1e85661c20777b3e93093510db141	n/a	ZLoader
2020-07-20	LIST-20200720-7764.doc	doc	6b5e8002c323071f83df953f977caf3a477d1a0c7178e0795674d263bc2dab15	27.87%
2020-07-20	REP_2020_07_20.doc	doc	0c3330e4e8475d74677055d540545cc5474b68e106f6fe147b44c45187cb4c54	27.42%
2020-07-20	arc.docm	doc	3bcf67ec54f94ea28c8c35560ef2f6b2ef8090951c1ce2d0a94aebfd04a4786e	27.42%
2020-07-20	dat-20200720-82470.doc	doc	fa441d24dc18f47c3205b5c37950b44346f110e1aaf7822e5a1d7894e2eebb49	25.00%
2020-07-20	Rep_20200720_WC7712.rtf	doc	c8b4b7e686954bc7ebd4115f98ec29527b1b0d47d1a817adebc3c6b44c26d787	25.81%
2020-07-20	inf_8063263.rtf	doc	0cd73a229418caf24e599b0db39e5ff3ae2903ffb83340c026c0ffa0f7e9f86b	25.81%	Heodo
2020-07-20	Dat 2020_07_20.rtf	doc	c80914cd78207fba0edb12b286a7d21c3d616e6d3ff2951298af4b2ed23d9e9f	n/a
2020-07-20	REP 2020_07_20 569209.rtf	doc	75eaca3fb8ce8fd803f214bd785fe9e6112990c4fd2f2c8d7148c49cd3e4c7f9	n/a