URLhaus Database

You are currently viewing the URLhaus database entry for http://kanmasleadership.com/wp-admin/FILE/qm12lh4z/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry



Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:417385
URL: http://kanmasleadership.com/wp-admin/FILE/qm12lh4z/
URL Status:Offline
Host: kanmasleadership.com
Date added:2020-07-21 23:55:11 UTC
Last online:2020-07-23 00:XX:XX UTC
Threat:Malware download Malware download
URLhaus blocklist:Not blocked
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Status unknown
AdGuard :Not blocked
Cloudflare :Not blocked
dns0.eu :Status unknown
ProtonDNS :Status unknown
OpenBLD :Not blocked
DNS4EU :Not blocked
Reporter: spamhaus
Abuse complaint sent (?): Yes (2020-07-21 23:56:02 UTC to eig-abuse{at}endurance[dot]com)
Takedown time:1 day, 0 hours, 38 minutes Poor (down since 2020-07-23 00:34:14 UTC)
Tags:doc emotet link epoch2 heodo link

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2020-07-22FILE_JD5307925570LT.docdoc ddfd2815579d78019f547e67967ebf09f66637599ec83bd07c812c413efada59Virustotal results 38.98%Heodo
2020-07-22YGO_BBO_070120_KJR_072220.docdoc a85b49835e765830754418dc015f05c49faeb9977fa40516283a2ce04fd1e622Virustotal results 40.00% Heodo
2020-07-22AQ6580695161EW.docdoc 1553b84424e37a674a207e800743ff2d1d135d34695a7759b332366843027d70n/a Heodo
2020-07-22DOC_VJ5868409896ZL.docdoc ac9e72b5960c627b1bdb364919a29fd60b9b84c21d14033dd77772f3aca32ab3n/a Heodo
2020-07-22M_PO_07222020EX.docdoc 382c3e95cc13f711cd343ed378dc4865b2e3f7b6fe31bdf6c7329624566f72f7Virustotal results 40.00% 
2020-07-22JU0390434798UW.docdoc 3989307ebddd245bda87431ce5df1c47f236f62ffddbd75ea3d36a68ab9fc77aVirustotal results 39.34% Heodo
2020-07-22E_14015980.docdoc ad64b9d43e975aff3eea26608a183a9aa7f3558ad48b5dca3641aa50ee650eeen/a Heodo
2020-07-22REP_77420492.docdoc b62a1c960c1e1635a15bfc9d7f02f48844cc4e9d49355449bc23aa7d5572c292n/a 
2020-07-22BAL_85067365.docdoc c1d8c989e581581ee00b973defcc91e8e918682327af777e66526edfca44fcb0n/a Heodo
2020-07-22REP_YDT_070120_MMD_072220.docdoc 75976bde3b02341d4f05b9672041e7cecdc933663249a73fc38982cd66982d47n/a 
2020-07-22ISG_070120_FNL_072220.docdoc 5094c26c5d8795c7cfb7d55342ba1b11cd3d4407b6a42681793e6ecc8f9c5a52n/aHeodo
2020-07-22MH0869701786HW.docdoc 58fed77d65ab247bf9ed40e6b6af1893c6fcc68f323b8fabf25b25a5e5107203n/a Heodo
2020-07-22DOC_X6BMDYM6I1P3F.docdoc 15c078915b811f8f8fe55ffe072209f0b74b8ba3988940e179508e510a79cef2Virustotal results 30.00% Heodo
2020-07-22INV_ZXYO8MUETHZ3.docdoc 00ef2d68251c66dcd85acb5c11837148de33e43d9a98eda9d28435c9d74477e3n/a 
2020-07-22INV_047764476033336462079181.docdoc 99e4ace02c6584969197f86d1122c6dab6d35545343a0138df9821a3a71ddef3n/a Heodo
2020-07-22S_JVT_070120_LTL_072220.docdoc 6999be5570232cb11189a152478254ef33470426036d88fa74b45305031efb73Virustotal results 26.23% Heodo
2020-07-22DOC_WU0U5X8IDLEDH.docdoc ee36488e9d6d8ea09cff02367c7212d0503f376346c3b40aed03e01c1b1aa668Virustotal results 26.23% 
2020-07-22H_4503350350756840668231.docdoc e78c34be8e5c18a71a9aa4efce0a94da6f1478187b801178d37bbea90e1dc260n/a Heodo
2020-07-22INV_TB0418104588KT.docdoc 79820ef498b0021f22f5241ae6f0812bf720ce60ee40244f569134e72891a6a9n/a Heodo
2020-07-22DOC_NI2300730309HI.docdoc a76feea95a298d6f94ca0a719376f30e4409a18555e10bdb1e90a24c7facf294n/a 
2020-07-22BJ7274590097FY.docdoc 61b94e8bbe7564405293dadbf39ad662250c4327556639f79c09ee9e56cf909eVirustotal results 24.19% 
2020-07-22BWH_070120_JMC_072220.docdoc 76cd4728c9c57fde8056079802fb6fdfb0c81026b26d5b095c8c08bed13f0e53n/a 
2020-07-22FILE_09672894.docdoc 584fbf65a3d7eff0ed9282b47d237781da7f7aeb0092ecd034d3edb66adbc6dfn/a Heodo
2020-07-22P_02455914.docdoc 91e07fd7aa524859f51ff55a874649b91f7d9a4672489458d204054fff2cb9e6n/a Heodo
2020-07-2247854264.docdoc 593793a914684244b3c51333736fffc1cdc69c51759831c888b66e6a07ef8b72Virustotal results 24.59% 
2020-07-22DOC_94214974746408015442.docdoc 9dc3bf8aadd5819cf5be10ee9a0af6c94bc4b8a7a193cf539ef3ac9288ca9f15Virustotal results 24.59% 
2020-07-22FILE_60078442.docdoc b45b106204a66b5d0111681b932137b590dae6124c7176abee5740917c77e871n/a Heodo
2020-07-22FILE_VOMRE9B9BS9FV1I.docdoc c08ecd63b03921b3ff64e325150a22dc1c0fc533428b7ff5f01cc1f2b7bdef01Virustotal results 24.59%Heodo
2020-07-22INV_L5O86KCQ.docdoc afb0e524b7db64a122b728e245c9696835a816e3cf272da3b39ac35bba514abdn/a Heodo
2020-07-21WP_PMUC5FNV4LRQ9QJP.docdoc 62f04c722299e8d193bfbe9dcde36cba23bf403f4476d6755bca71d6d49987bdn/a Heodo