URLhaus Database

You are currently viewing the URLhaus database entry for https://1.33x.us/wp-admin/9WJH36Q/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry



Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:415493
URL: https://1.33x.us/wp-admin/9WJH36Q/
URL Status:Offline
Host: 1.33x.us
Date added:2020-07-20 19:48:18 UTC
Last online:2020-07-21 02:XX:XX UTC
Threat:Malware download Malware download
URLhaus blocklist:Not blocked
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Status unknown
AdGuard :Status unknown
Cloudflare :Blocked
dns0.eu :Status unknown
ProtonDNS :Status unknown
OpenBLD :Not blocked
DNS4EU :Not blocked
Reporter: spamhaus
Abuse complaint sent (?): Yes (2020-07-20 19:50:03 UTC to ipas{at}cnnic[dot]cn)
Takedown time:6 hours, 42 minutes Good (down since 2020-07-21 02:32:36 UTC)
Tags:doc emotet link epoch2 heodo link ZLoader link

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2020-07-21QKG_070120_SZU_072120.docdoc 296943dcba8c391e81d42bf4b7887bd2929bfa9cb511d3e1a9056ca64013f00fn/a 
2020-07-21F_176337054109826958700120.docdoc 74fdca7126b9d049956422f500ca2a0257fb7956f385a45c6b5c36230fd3a2a5Virustotal results 28.33% 
2020-07-21BAL_84266143251484.docdoc e341cca78e446c93ee00c387cee3517341c104ac0587512879a602ff58871c64Virustotal results 27.87% Heodo
2020-07-21REP_PO_07212020EX.docdoc a7f4f8b9dddb70414bfdbbffd5c446c88b517c104a441be19151c8a711133686n/a 
2020-07-20YY8RORBCOT.docdoc cff09d732ea9fe1f128dc29bff9f5d5d8ff78ea22eadb52fa4b5b8d7c056928bVirustotal results 27.42% 
2020-07-20DOC_LBQR0VLV9PN5.docdoc 5ef34d47ef171a2b5cab01782a4a45d9a12f01d70dde381936b6975ca93dfad7Virustotal results 29.03% Heodo
2020-07-20INV_12661668.docdoc f532fcd4387475d48960a5f0863e003f7eba0281354728bf832162a0ca5673fbn/a Heodo
2020-07-20REP_39221771012644178634.docdoc 49f90436f418a86b0f4e55e14bcf74793954cc90596ad08dfb6355a1e50a8f27n/a Heodo
2020-07-20BAL_UMV_070120_GJT_072120.docdoc 80b27b3a7242ea8cdfbcc0d266c4fe489cc0b035fb614b755e2546c80cdfbed5n/a Heodo
2020-07-20PO_07212020EX.docdoc 86dc2706e8cf0a78688e5a503d6e8db55275a7ec3de655ec33a9db2f6ffeef57Virustotal results 29.03% Heodo
2020-07-20R_SHJ_070120_CHF_072120.docdoc fc5b7108a0eaca8bbecdbea0d3405756a6cdb3dc9911363730b275e1e29acc4fn/a Heodo
2020-07-20SKX5808BEWGLW9CK.docdoc 4ec7f2a0359b740dbbc849705f2856818bccc8fafa5a2237fd79640e61423255Virustotal results 27.42% 
2020-07-20INV_055242705580989.docdoc a6ce3b9c522d36ac4e91cf8e2cf1581bc9d7e6548f1e66ff998e11662f6894cbn/aHeodo
2020-07-20SRA_070120_LWD_072120.docdoc 148aa06dceabdc99c7588bd48277867f3d0528fcf04463562707fd66f953045dVirustotal results 27.42% ZLoader
2020-07-20DOC_OJD_070120_DVU_072120.docdoc d076c294bf588b7c9f8db6b5f35a63758c5710feb5920c263ceb77a501bb9133Virustotal results 27.87% Heodo
2020-07-20E_61501815.docdoc cfb6588d9181a97aa1f93b2b9f8af82134836e916938a80a217cd03fe4294811n/a Heodo
2020-07-20OCMNA3YZEQ4ZYSO.docdoc eb0f6632e1ec41f11634db7c691a38cdae71cd06268568eebbd34ad96fd37618n/a 
2020-07-20M_PO_07212020EX.docdoc 33c897cc3c1d11687231644af13032e24358c594f4b484a7040a3eeecfae7145Virustotal results 27.87% 
2020-07-20BUV_070120_MHV_072120.docdoc 4fdba539896383e37ec2383fb569df4f17395dd40115ba8caba62127b7ebe949Virustotal results 28.33% Heodo
2020-07-20ZZJRF1UOG.docdoc 70fd23e6a829661f7fe775e5b73c20b09a4dbeb5b97648d0851dde0591a3b304Virustotal results 27.87% Heodo
2020-07-20WOE_0277737824813.docdoc 265c8a20b2d97de3e6464bbc718b00cb55562ca2512c7ca4f8fd6034613fff53Virustotal results 24.19% 
2020-07-20DOC_PO_07202020EX.docdoc 8811f4498f1b1d8729556a61a5683ce20c4270a64ee5ad0223185110adac5f2cn/a Heodo
2020-07-20QS_RIA_070120_IYM_072020.docdoc 9ed5c3020adcc781d330dd21b20134e4ae6fec3d1eb087be0d8f89e1c7af99cbVirustotal results 27.87% Heodo
2020-07-20REP_63364189902.docdoc 69167697c3c077b3ca6449ae55750d1712c20bc33196537fdbbe05e463aab195Virustotal results 27.42% 
2020-07-20DYP_070120_IEB_072020.docdoc 1e146c18d65265b27e23f9ee84a8f1d20c046aa76c30ed386710a10cb0da2960Virustotal results 27.42%