URLhaus Database

You are currently viewing the URLhaus database entry for http://meraqsa.com/cli/npAkBb/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

ID:	417393
URL:	http://meraqsa.com/cli/npAkBb/
URL Status:	Offline
Host:	meraqsa.com
Date added:	2020-07-22 00:00:25 UTC
Last online:	2020-07-22 14:XX:XX UTC
Threat:	Malware download
URLhaus blocklist:	Not blocked
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Status unknown
AdGuard :	Not blocked
Cloudflare :	Blocked
dns0.eu :	Status unknown
ProtonDNS :	Status unknown
OpenBLD :	Not blocked
DNS4EU :	Not blocked
Reporter:	Cryptolaemus1
Abuse complaint sent (?):	Yes (2020-07-22 00:02:07 UTC to abuse{at}digitalocean[dot]com)
Takedown time:	14 hours, 0 minutes (down since 2020-07-22 14:02:12 UTC)
Tags:	doc emotet epoch3 heodo ZLoader

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Bazaar	Signature
2020-07-22	INVOICE JLA60_859509061.doc	doc	47be8acdf14103a9c4f2b0e6b620ee5740669dd045e17a688e2480097be809b0	40.98%
2020-07-22	Inv_TRD3061_9807619.doc	doc	5ca9aa5556b3db0f75ab6954cec456def60f591947d64be4b69f60dc0eec1a6e	38.98%		Heodo
2020-07-22	INVOICE-Y7347_8722448.doc	doc	393ac27aa81e021260be2c3de9507d953b3d57f2dfd0ebee96d4a18af210b982	28.33%		Heodo
2020-07-22	Inv-RNNB7497_7142276.doc	doc	7ae185c406aed21110fcff1723a4499ed2cb4795b450ce5c394f5d19d9a00e4d	35.00%		Heodo
2020-07-22	invoice-QP230_61182960.doc	doc	8bf0f63918707260860836fd1bae7c3366cd110c8a1299c064475020d837311b	35.00%
2020-07-22	INVOICE-FOVA103_22579740.doc	doc	80b76f063e5e981ab8806e6514ecb0f9e63dddc5593ded7c0ff726d31e39347d	32.76%
2020-07-22	invoice-HONI0083_73765589.doc	doc	eb3418a0c1e947d887954e4db54c16f1ca081af7dee17386a4736313e0990f9b	29.51%
2020-07-22	INVOICE-QFP848_9657360.doc	doc	7ff0263018fb67bcdd18c7b43f1b635db5983b85aabdefaf71b7d1e313f24fef	26.67%
2020-07-22	Invoice-8_542901068.doc	doc	6734a3ae13c38e8fd44de930f8cf0da0bda0a3afec46ea9a8899e61b8762ecaa	27.87%		Heodo
2020-07-22	Invoice RKS37_46767963.doc	doc	f7668e2f4e40c50b6fa62b37e39899c5f7c5f742f9cd72840d3c9c1730928509	29.51%		Heodo
2020-07-22	INVOICE-68_339191996.doc	doc	bc1674694af57a7a421c131be6eb3403a2d2392a862aaff679ac7d2087690953	28.33%		Heodo
2020-07-22	Invoice-DA9498_693386556.doc	doc	02c7fd8ed2ff395eb8c7eb3caca1e0cec299f4db7480e6d19829069ce541bc7d	27.42%		ZLoader
2020-07-22	INVOICE-RYCZ72_496708.doc	doc	17848a980123cfbb8869e7859b37b1f0e06e992a2ad751fde0a355d4eb377920	29.51%		ZLoader
2020-07-22	INVOICE-LWII012_300464.doc	doc	962dfcf9dbe2a5f4e39e1ad1100caa0da7d50a87928be0985eb4014a51f3ebc5	26.67%		ZLoader
2020-07-22	Inv-3_439512896.doc	doc	57bbc36f8aa8cb407d0c50ca951d626555bce1bece1b524d00d0b0d5aa3257fb	n/a		ZLoader
2020-07-22	Inv TYZV2596_273601.doc	doc	4a77f876b6d9a044b69944ac284abd8838dfac4208cdefc8de51907727421d46	25.81%		ZLoader
2020-07-22	INVOICE-SFG292_457168.doc	doc	64904286f139771314584f5ebf505208623b941f9fbc7c36e5039edcf595d9e8	26.67%
2020-07-22	Invoice-HV66_305199768.doc	doc	59ea049ff3ab24d93029a5395073975931ffb768537ca09e45fa6bf34af34acc	26.67%
2020-07-22	invoice-W85_117292.doc	doc	4b0e52b567cd400c2c99e8d0862590bb832ae10b79277b8985318a3c05e5176b	25.00%		ZLoader
2020-07-22	Invoice_ATAX7_88162503.doc	doc	2a1b48f3aaada9451e14e735699dc6910a2df66a18b4f4497c7f4f6f159c8296	26.67%		ZLoader
2020-07-22	invoice U424_04271156.doc	doc	85f96e5cf282786ef803c7c7886284d3225a9daeecc04ce3b8e5bbd143a3e0ab	25.81%
2020-07-22	invoice_LXEW2774_023073.doc	doc	7476dba24b28d2a074d7e75aea79591f98fbb95b065c91870b5a8198ab615f19	26.23%
2020-07-22	Invoice_815_4633493.doc	doc	ee7974d011582b83c0464f15d86e55b3306961023b16ed3c195c6c1953ea5835	n/a		ZLoader
2020-07-22	Invoice-BR13_897571.doc	doc	8cafecab78eb955d85ec99123092085c12c6f94ab003097360fd6bb694cec236	27.12%		Heodo