URLhaus Database

You are currently viewing the URLhaus database entry for http://yebni.net/gitlab/balance/y5s6eg5oo/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	416234
URL:	http://yebni.net/gitlab/balance/y5s6eg5oo/
URL Status:	Offline
Host:	yebni.net
Date added:	2020-07-21 19:09:41 UTC
Last online:	2020-07-22 12:XX:XX UTC
Threat:	Malware download
URLhaus blocklist:	Not blocked
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Status unknown
AdGuard :	Not blocked
Cloudflare :	Not blocked
dns0.eu :	Status unknown
ProtonDNS :	Status unknown
OpenBLD :	Not blocked
DNS4EU :	Not blocked
Reporter:	spamhaus
Abuse complaint sent (?):	Yes (2020-07-21 19:10:03 UTC to abusepoc{at}afrinic[dot]net)
Takedown time:	16 hours, 55 minutes (down since 2020-07-22 12:05:42 UTC)
Tags:	doc emotet epoch2 heodo

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2020-07-22	DOC_43468080.doc	doc	e36be98a3e3d568430d52706ee06d935e126942b2a5c2453f5478d8c0d58acb7	40.98%	Heodo
2020-07-22	BAL_7163923129425544262342257.doc	doc	605e68db4024034f722b64cb62676029ba7c1ec38fe58ac535909068a5d53535	n/a	Heodo
2020-07-22	INV_72707907.doc	doc	fd2c6130cd3a5d6056aebf171e64dd498f02a42d48ac937ffe344d43318776cf	40.98%	Heodo
2020-07-22	DOC_PO_07222020EX.doc	doc	ccfc9e0e3ac2fefd24a4a6b8cf30eca4d2d055e7618a88a85fed9a94c3d57c5a	39.34%
2020-07-22	DOC_48949593.doc	doc	91420939d17611e6b1215827089e2e118b07eaeb3034e72059b79148104ae337	40.32%	Heodo
2020-07-22	INV_PO_07222020EX.doc	doc	a3b6c9b8acb5b16ebc30ed08ff4d24d310e3417939fcbd41d05a07a51a292945	n/a
2020-07-22	INV_PO_07222020EX.doc	doc	09ff59e3aa0a87e0028a01ccc11acdf7bb537cda761ef20a6d6528aa762a6aea	40.00%	Heodo
2020-07-22	DOC_OQK_070120_PBN_072220.doc	doc	0857814f3cbcc8df6a43272007e719bba14facd9a864545e13f58ba9bf6e1773	n/a	Heodo
2020-07-22	98193283.doc	doc	f0202afb75d71b71aa5ce2b8807dc889f92464703741d1b6f3fefd8efefbb86a	n/a	Heodo
2020-07-22	A_F7LKQ4OH.doc	doc	ad64b9d43e975aff3eea26608a183a9aa7f3558ad48b5dca3641aa50ee650eee	36.67%	Heodo
2020-07-22	44276651.doc	doc	b62a1c960c1e1635a15bfc9d7f02f48844cc4e9d49355449bc23aa7d5572c292	n/a
2020-07-22	FILE_PO_07222020EX.doc	doc	02688396874aabe3c8706c443c1e19466a2d0a2b36ce2bcf5407d5db72dba36c	37.70%	Heodo
2020-07-22	916991731624916442949.doc	doc	75976bde3b02341d4f05b9672041e7cecdc933663249a73fc38982cd66982d47	31.67%
2020-07-22	U5K7HGY.doc	doc	120f732aba4b64d3432a7909b4ef59ce8ce605c0c202211713040e457d3bd341	31.15%
2020-07-22	PVF1376NZJO.doc	doc	f9fde773e761b000de4b1c9e37662b86f39a245ab16c9f164d19ed85aed3d48c	29.51%	Heodo
2020-07-22	DOC_AX3671446570CN.doc	doc	1e3af37e16412c773f67b690a273c0c17a35d7ff6ad70b411cfc8b8c9a269e14	n/a	Heodo
2020-07-22	HL_UZ6660630092AV.doc	doc	ba4417524d4ec820b4eb5bc47ce13c88930355211107e1866f24d0888f36186a	26.67%
2020-07-22	INV_61HOQ9EXI.doc	doc	99e4ace02c6584969197f86d1122c6dab6d35545343a0138df9821a3a71ddef3	26.67%	Heodo
2020-07-22	WJ4711674804UU.doc	doc	6999be5570232cb11189a152478254ef33470426036d88fa74b45305031efb73	26.23%	Heodo
2020-07-22	RRQC_XC1O03455.doc	doc	ee36488e9d6d8ea09cff02367c7212d0503f376346c3b40aed03e01c1b1aa668	26.23%
2020-07-22	A_PO_07222020EX.doc	doc	49e20fcd1ebe7943437c809b881031d59e45a98614d1c7af96b3c1835d4586cc	26.67%
2020-07-22	KZ9851462280JJ.doc	doc	44649b15c8270438769bec658bd63477e64a1164f0e721c002eedaffd43b5256	26.23%
2020-07-22	DOC_56306993.doc	doc	3d556f0009c372e7b8c40ee0d72ef13026b96bcf3268a7dd838eea37029dd3cd	n/a
2020-07-22	NF9942670726AC.doc	doc	61b94e8bbe7564405293dadbf39ad662250c4327556639f79c09ee9e56cf909e	25.00%
2020-07-22	KV3332982532WT.doc	doc	5f5a353ccf0dbcfaa0859d0a1db152f2d40735bce47864d7ef9c12ab93c8ca88	24.59%	Heodo
2020-07-22	DOC_CE3Z20I35.doc	doc	584fbf65a3d7eff0ed9282b47d237781da7f7aeb0092ecd034d3edb66adbc6df	24.59%	Heodo
2020-07-22	468861647.doc	doc	91e07fd7aa524859f51ff55a874649b91f7d9a4672489458d204054fff2cb9e6	n/a	Heodo
2020-07-22	R_KGZ_070120_HCE_072220.doc	doc	593793a914684244b3c51333736fffc1cdc69c51759831c888b66e6a07ef8b72	n/a
2020-07-22	CGZY_SSX_070120_QTQ_072220.doc	doc	9dc3bf8aadd5819cf5be10ee9a0af6c94bc4b8a7a193cf539ef3ac9288ca9f15	25.00%
2020-07-22	FILE_568688052240879.doc	doc	b45b106204a66b5d0111681b932137b590dae6124c7176abee5740917c77e871	n/a	Heodo
2020-07-22	BAL_PO_07222020EX.doc	doc	e138da30fb56344429ee51040714270123930932db14186bb12630a53d904fdb	n/a
2020-07-22	REP_VVAIM0QD4T19V7AH.doc	doc	c08ecd63b03921b3ff64e325150a22dc1c0fc533428b7ff5f01cc1f2b7bdef01	24.59%	Heodo
2020-07-22	REP_HHP_070120_NYW_072220.doc	doc	afb0e524b7db64a122b728e245c9696835a816e3cf272da3b39ac35bba514abd	n/a	Heodo
2020-07-21	DOC_94441383.doc	doc	73962239e4a48429f588ed5950e69d8ba450efa22a2265afe97bf689935caf47	n/a	Heodo
2020-07-21	FILE_21046486.doc	doc	cd57ea2cc92eb01b71fef3745014a5c22b58b46c5e6f8d9da1519342e675f6c5	n/a	Heodo
2020-07-21	Q_78742187.doc	doc	737dad0010dfc90068d5db4073a76c04f2e9aa7549373686028374e3bbbdb652	24.19%
2020-07-21	02105159.doc	doc	5c3d472318679572aeebf4c76cf7f2ead0f39f72e9d9d3e26604c88f35364b4d	n/a	Heodo
2020-07-21	DOC_363559900873398.doc	doc	9f59209f542f739dd433026c1d8d27be15cd6a200911c01d5e075ef2350540c0	24.19%
2020-07-21	PO_07222020EX.doc	doc	bc7398dd8ac94a9ff8ca7a93f0755681ec84ca7fd05058ddc053cd16e1b3f4e3	26.23%	Heodo
2020-07-21	QBJ_070120_RKP_072220.doc	doc	c0af5b3ed8e1c92c57aa0e1b6f60d24b4ddc6a95ae92906d793d88413fa9904d	24.59%
2020-07-21	211252163362304580.doc	doc	eb1f5512e10d3a5224fa2b7a8d42a8b6fdb1b4fa705c24514c2b04fa6fa3bda1	26.67%
2020-07-21	INV_07738494719.doc	doc	bfb0b36ae7105ad67727e68789279e3550b6750177ae7c2fc1007438f686f070	26.23%	Heodo
2020-07-21	REP_O1EOG0HORUV7AO.doc	doc	a687cedab74fe24b95545319ea7ef7ea0afb3d56feeee11e42021892ecb50da2	26.23%
2020-07-21	REP_PO_07222020EX.doc	doc	d73d45bb52a4ffd9def4427538644f33df6cc2f3f86fd4c390fb0e1dc2eab2e4	26.23%
2020-07-21	INV_PO_07222020EX.doc	doc	0c69f537211ca18ffdcd88151cd0e09636aec3e5708e6fde3df55bea4884ba5d	26.23%
2020-07-21	DOC_95256605.doc	doc	0e0dd25cf77e553864313736b0920a661812e68334e93090f51845a1c6fdeca5	26.23%	Heodo
2020-07-21	BAL_4424139357618855617.doc	doc	1d4f799b9a42d290ef2337e3e72b89fb04019b4604479f7a48a5067d6f5d265f	26.23%	Heodo
2020-07-21	VBA_070120_LDE_072120.doc	doc	a501ba4d5001cfc0fdb0e8b95b1dd154dc0c9c3d3e0ffdce873526f1855bc618	32.26%	Heodo
2020-07-21	FILE_10358849.doc	doc	ca998a06b2f978858777abb0bfef0579f36d736ea30cbc48b1c1468509a10e4d	32.26%	Heodo
2020-07-21	G_AGY_070120_SXQ_072120.doc	doc	ed1fa22cd74f33f9e0a5d4191f4b7304925eae53db04e752d2095134b6f0100f	31.15%	Heodo