URLhaus Database

You are currently viewing the URLhaus database entry for http://224fgbet.com/cgi-bin/w2np2phc_EkOUKHK_disk/special_Kqesx5w_OCO0pTsaAvb8Sp/2mil6mbiwwleka_9uu7/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	415525
URL:	http://224fgbet.com/cgi-bin/w2np2phc_EkOUKHK_disk/special_Kqesx5w_OCO0pTsaAvb8Sp/2mil6mbiwwleka_9uu7/
URL Status:	Offline
Host:	224fgbet.com
Date added:	2020-07-20 20:50:05 UTC
Last online:	2020-08-19 06:XX:XX UTC
Threat:	Malware download
URLhaus blocklist:	Not blocked
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Status unknown
AdGuard :	Not blocked
Cloudflare :	Blocked
dns0.eu :	Status unknown
ProtonDNS :	Status unknown
OpenBLD :	Not blocked
DNS4EU :	Blocked
Reporter:	spamhaus
Abuse complaint sent (?):	Yes (2020-07-20 20:52:02 UTC to admin{at}thvps[dot]com)
Takedown time:	29 days, 9 hours, 29 minutes (down since 2020-08-19 06:21:10 UTC)
Tags:	doc emotet epoch1 heodo ZLoader

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2020-07-22	mes CYA7532.rtf	doc	eed180c709224d892fa8a82e0c51bf623d7057a65ca483d45e3d005984dc6588	32.79%	Heodo
2020-07-22	mes.rtf	doc	7eb51f8c4719f0171a98650b63385c15908628fc4ef7838c410fc53c46a0b8a6	33.33%	Heodo
2020-07-22	List_20200722_092384.doc	doc	3e24c4373b1e2ba1e3d16925cd0d4a1752452402ae4aaa8ad8ce498bbff5335c	26.23%	Heodo
2020-07-22	file_2020_07_22_CR48912.doc	doc	365f2b2480d704ba0fa82cf5c25d92895a3518ed02ec36ff5f150cfe091b3574	29.31%	Heodo
2020-07-22	rep-20200722-D4779.doc	doc	28e77291fea150f98e5ed9a57a4d4074ff204abc6e20218a7e67bb0e4b6e23f4	27.87%
2020-07-22	FILE_20200722_2882.rtf	doc	c07649d058f6470af27cb972b0a9306496e2641bf959dd66206f3feff56b83c1	28.33%
2020-07-22	rep_2020_07_22_4968.rtf	doc	04b189501cde3a8e14a2de3bb20b7313da30db8f0a7af0862cc14e400caebe06	26.67%
2020-07-22	Arc 18079.docm	doc	c20821e80c5ce943d4b87b9416329f0502a4da3c97044c8fd7016172353e1626	26.67%
2020-07-22	inf 20200722 OV2916.docm	doc	80cb12a6bbe9b2c3065f9007e9740b9f7d75dcf2bc68651848cb08f4ce619b39	26.23%	Heodo
2020-07-22	file-20200722-JWB449.doc	doc	ecec36458fac5fdf0031917d979c2539b70801bdee88e022ee090a48109e63b0	26.23%	Heodo
2020-07-22	List-0216.doc	doc	8d70f6580cf02bcae5c4c14396951b6e6c1ea10bcbcbb89f835c29dc7d2c8ceb	n/a	Heodo
2020-07-22	Inf 725582.rtf	doc	3e65642f10d2b821a0c08b74d0ddfd34717dca5f9918551779815db934ae7963	26.67%
2020-07-22	inf 641.docm	doc	350d92067aa4bdb91f2f885ce60577427a73a14bebe3267e72f8716987eb6da0	26.67%	Heodo
2020-07-22	doc-2020_07_22-VS90561.doc	doc	e5e81d1d34512bdd8b9aab542cbd3b5ce38d6ab9d3e607684bcb4f0a691307d1	26.23%	Heodo
2020-07-22	Doc_ZX888.doc	doc	ffb87064fd80238bc3cc8cecd8d855f504e0e8ece871014875a625d3b0752eb2	26.23%
2020-07-22	rep 20200722 FT420.doc	doc	80521c4140fb416730b8ae61ecbff6869f7ec3833a13b87ce652285e69632c58	26.23%
2020-07-22	List.rtf	doc	435f4fc1e9a6888f671e834bbdce6aafc5928c7dcffbbbe728f18573b73da965	25.81%
2020-07-21	INF_W6710.rtf	doc	3ef294ca4013371b69d6af647114806b71bb3dc07fd56f12c078703411d61b3d	25.81%
2020-07-21	Dat-2020_07_22-280.rtf	doc	f03863257ba6bfc7e029c245f3dd3f892fe5a6aed79b625b2c7314f3398b723e	26.23%
2020-07-21	Doc.rtf	doc	c1cc356eaf49711b7673b9c27f015163363a60417ad3b9b7e6883015b65d80d8	26.23%
2020-07-21	MES 2020_07_22 30408.rtf	doc	cbccd20b9bc23454ec01bec4a0094e77dcc43d577666259f8d97aa30a118ac35	26.23%
2020-07-21	Doc 772.doc	doc	2027e8348e8d2f364d55b2bf47f9a4b37fd2ff7aabdda5ed056e3f6cd42cf777	26.67%
2020-07-21	arc 0476104.rtf	doc	139f5bcf4c7fcbe0a8a5d940c5d38dd847e2c979df74dcf680208e73b8ac668d	26.23%
2020-07-21	FILE 20200722 852926.docm	doc	205a04626bdf6f3da605d8f8ba60126d02451085528330524d899a38520be8c3	26.67%
2020-07-21	rep 20200722 691.rtf	doc	6852b34db0c7a6150c1095a704236a1938b4ed46cd9d7bdfd412555ebf61890a	26.67%	Heodo
2020-07-21	list 20200722 L37117.doc	doc	db88b385b97b7038cd233960f7f99ce350a72a3eecf6bbbcb227645f111d4e7c	26.23%	Heodo
2020-07-21	Inf 20200722 921090.doc	doc	99b15b640124bbe2d317af00e7c30fd65e9b97abdb6e07947205d5bdd73c5737	25.81%
2020-07-21	mes.rtf	doc	c14b2e55a66651e287542e13c52b9e5490534ee0d55cde933f5b6f0744ca27f9	26.67%
2020-07-21	DAT-208.docm	doc	7262452af523481d22f70888f7619a9a6da291bacfefdbc45ed95492326d2274	26.23%
2020-07-21	MES-20200722-AEM532.rtf	doc	a9dd576067b09e3fd64c7f184d22655ef1559e2270354ee005a3001d0d3d1bc0	26.23%	Heodo
2020-07-21	File-2020_07_22-E8617.doc	doc	bcc1834e956cf9ee218e2956ae6511170e810ad54d6738ed11f98620609a3e30	26.67%
2020-07-21	inf-20200721-9035669.docm	doc	253d4ce06935b6b78211d3f7b0ef787b74e019761199199ab5720333db23577a	25.81%
2020-07-21	REP.doc	doc	6c9063989cd23941fcc8533284a0e2ccd26555ec3b40e4f292ede0bf59605f1f	n/a	Heodo
2020-07-21	Dat-2020_07_21-31691.docm	doc	7fd4027186cad2b91bd60610992523540ae00d02b8bce17010e9cfcff62836cc	30.65%	Heodo
2020-07-21	DAT_XIH037.doc	doc	954e8a3b2f224ae59b0cbc54c3f0585184cc2e26aed9315eefae4f05fe73a708	33.33%	Heodo
2020-07-21	File-20200721-V074.rtf	doc	50d5051a82f97571415ca2550517c6872eca80692c7d6db605082a0b9876d34d	31.67%
2020-07-21	dat_2020_07_21_6214070.rtf	doc	852dc1adf51a9d21e3750a2b47eade7430026476e56af1615175cf7234e4c7e3	30.65%	Heodo
2020-07-21	Inf-3505315.doc	doc	7922f5b485edbeab235751b1f775ac411b5511202a73ad2df02e19943c686fff	30.00%	Heodo
2020-07-21	arc 2020_07_21.doc	doc	0dbbb6599f01fe8f1817f54193e2969d69f49e504430db1e659cbc26706cfa2a	31.67%	Heodo
2020-07-21	mes 9045.docm	doc	7203fa5731e4f60d782eb7248af9620384981a39282d70094f40946b1b7a60c8	30.65%
2020-07-21	MES-2020_07_21-E614327.rtf	doc	3d808e9e116ecad94d0839d1a951f8aa24c96f6dfaaa774a889edbb38c857b56	31.67%
2020-07-21	List KM296098.doc	doc	87d3dee382ec0e4a5a3c0c6979d2e460be44819c475c2cebe34bc5a83bb26b98	31.15%
2020-07-21	Arc-2020_07_21-GX2107.docm	doc	c969a0b83fe39c15dd74759e9c07b8d753908346f3d8dcb940fccee01f146e92	n/a
2020-07-21	doc-2020_07_21-2010.rtf	doc	4de321a8533808438637e1c145e5ddfef9f24da81cb5129fed75c13218abecbf	32.20%
2020-07-21	list-2020_07_21-84064.doc	doc	519ac8bbe23cc0506580ac08c5bc589d9d5382e00ea81898846715cef7502d8d	29.03%
2020-07-21	dat.doc	doc	620ec5ba9b3488d2f0df3f27c7efbd786e501f76dc0cd1e11e70e9783968374e	30.00%
2020-07-21	file-20200721.docm	doc	95d8b345f72bf52ee554c32232d32359be4cb131298f45e717641f6dd3e2bcad	30.00%
2020-07-21	dat 20200721 0064988.rtf	doc	76b3bec66b692ad45b4c647003c0e5e5b5a3d416c87a613b7094960050adad61	29.51%
2020-07-21	inf_2020_07_21_41783.doc	doc	c90c7844e46d777d31a1c9a7155a04315b31a96367bed2d076ab0d23cc7149ab	n/a	Heodo
2020-07-21	Doc 20200721 PG9511.doc	doc	abc5d61e460dd7012dd5db11834813772ba453b4bbc00771a5256848e7baea44	28.81%
2020-07-21	FILE 20200721 46643.doc	doc	08bcb3e53dd4bd95dd244c9acdf5ae982284b50b6c04d65e5d3960023f12f8d0	28.33%
2020-07-21	Inf-964.rtf	doc	186a6ee6322d2e6656e0125cba0536eef43d3a66e4ce73e129332dbb236cab60	25.86%	Heodo
2020-07-21	list 20200721 GHD533041.doc	doc	c7822a15dfb48ca078ebc0a41816b3bb1925bba9198831892a7e77fe64e84f42	n/a	Heodo
2020-07-21	rep-2020_07_21-548309.docm	doc	f71d024b4271aa2cce102ca4d7736cfd3a80503b28146ea2afd7ca8233164f88	n/a
2020-07-21	file_11731.doc	doc	f0bbaafc7f8e8677ac74fe5c76625f29793a0ca04c8177ce41d4b4aabbd2cde2	24.19%
2020-07-21	ARC 2020_07_21 RTD96870.rtf	doc	55a103c16b3c4d8958091e55cfb62091fd2d209e07ffba0a5c88252946b8ae39	25.42%
2020-07-21	Inf-20200721-97695.doc	doc	bde282cb96f5986ecffac2e217f661fa0f00c92f1e4b2a788aad9cbd53a2eb51	25.00%	Heodo
2020-07-21	dat 339.rtf	doc	453a8fcf41577a1a1aac7cecb7e81a306cba31f43dc6bb95ebf0647ddc2f271e	25.00%	Heodo
2020-07-21	REP 2020_07_21 FQ298709.rtf	doc	23bf0066e26b5b6e2403af2810c57d5ee5c0e04cfb175df6c134826cdb68bce9	25.00%
2020-07-21	FILE-2020_07_21-L41748.docm	doc	cce8e5e706869261ede523822b673dd52e48d4351de8600f5ac209a7f0189629	29.03%	Heodo
2020-07-20	Rep-2020_07_21-HST70079.docm	doc	e00291bcd00edfbf9f8f55a1f34576b512404c036b744d0ce846397f8a83bb1f	29.03%	Heodo
2020-07-20	inf_248209.doc	doc	518def77204a86e55289809beda7c491b0f9ab290b10d7b4bae1c670a0f69c8d	29.51%	Heodo
2020-07-20	rep-20200721.rtf	doc	f83e32a15080c0f31451809377046083d52daef3354edecea6db6ccf4158a43a	30.00%	Heodo
2020-07-20	mes 2020_07_21.rtf	doc	107cf68ace70917126432b415c7a9b4a18e3f87c304c1ea780b1fe0950167c29	29.51%
2020-07-20	file-20200721-545.docm	doc	a6ca24bb5b1de30cd63ecceac1727ca4102ed289d65fa05c550c4485e6ca372b	29.03%
2020-07-20	dat_20200721_75790.doc	doc	41d61ed5ec94c9f81d804487ad8f6132520d6ac7009a8c9a7b0c074ed0748e4e	29.03%	Heodo
2020-07-20	list 16177.docm	doc	1269bdbbc40be92cc1f13918a692b34fdfeec466bd7d872863ecc405ff38f77f	27.42%	ZLoader
2020-07-20	FILE-20200721-B8920.docm	doc	4d5d4a16ec11a850141a0a77026153d2a409bb4602e624623ee007e79dfd9639	27.42%
2020-07-20	File 2020_07_21 9401.rtf	doc	eccf2d10cb44fb11136e2edaf7af5de351637d1479888142221354abf8986760	27.42%
2020-07-20	List-2020_07_21-72839.rtf	doc	ec87e9999c894cdef59c964d06c6de6c7a7134d373b4e754180d90dd5fb23f64	27.87%
2020-07-20	DAT-2020_07_21-BB67433.doc	doc	8d861becdf66c056d51b6b585d1d2c98ec75e77bc3af28d354edb72f3ebb65ad	27.87%	ZLoader
2020-07-20	Inf-2020_07_21-075031.doc	doc	3a26f638eddb01e30b8a712291a03088645dd9d2986cbe415bc1b87cd8eb70ac	27.42%	Heodo
2020-07-20	rep 2020_07_21 EF6360.docm	doc	6b5e8002c323071f83df953f977caf3a477d1a0c7178e0795674d263bc2dab15	27.87%
2020-07-20	dat_I3327.doc	doc	3aedca3992d77371154f015834399c14aab576050a53efa01fb5714e01beb841	27.42%	Heodo
2020-07-20	mes-20200720-6872.docm	doc	d06b767d98bec7fa338114b2e77b1db8b1a8962819fda91258575e6cc7910b31	27.42%
2020-07-20	REP_2020_07_20_AF90295.rtf	doc	8f282a424b1167ed2e71b2355a7c4e6797a75d031969749e3ba21050292414e6	27.42%	Heodo