URLhaus Database

You are currently viewing the URLhaus database entry for http://eragrup.ro/wp-includes/available_module/5r3um_j33u_area/wloymzu3hflc31mh_u5s792xsv/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	420988
URL:	http://eragrup.ro/wp-includes/available_module/5r3um_j33u_area/wloymzu3hflc31mh_u5s792xsv/
URL Status:	Offline
Host:	eragrup.ro
Date added:	2020-07-28 19:49:08 UTC
Last online:	2020-07-31 15:XX:XX UTC
Threat:	Malware download
URLhaus blocklist:	Not blocked
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Not blocked
AdGuard :	Not blocked
Cloudflare :	Not blocked
dns0.eu :	Not blocked
ProtonDNS :	Not blocked
OpenBLD :	Not blocked
DNS4EU :	Not blocked
Reporter:	spamhaus
Abuse complaint sent (?):	Yes (2020-07-28 19:50:03 UTC to abuse{at}mxhost[dot]ro)
Takedown time:	2 days, 19 hours, 42 minutes (down since 2020-07-31 15:32:08 UTC)
Tags:	doc emotet epoch1 heodo

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2020-07-30	File_2020_07_30_BP1108.doc	doc	0ae3792dfb7057e3264b21dd694ca5b3fc93502edf5829ca4797eb57f01170a2	46.67%	Heodo
2020-07-30	doc-2020_07_30-666.doc	doc	94edc6ca93bf52aa32d4a4c5ff3382b0a1e1b39e3b234ff48354551d37aecbaf	47.54%	Heodo
2020-07-30	REP_20200730.doc	doc	0a20209c9b6d387dc569b4a5e5c2bb715254fb1f1448b3a09f7eae306a38efe6	47.54%	Heodo
2020-07-30	rep 20200730.doc	doc	6511b1fde2ef072f82a4de1fe9124c05afea6eee427bb3f6e204d6d8f583bf8b	46.67%	Heodo
2020-07-30	rep_2020_07_30_XQU665047.doc	doc	69cbb0b1f6900a121b7b27ae55e71124bfec8baa108abc09348c4cdee24a63b6	45.76%	Heodo
2020-07-30	INF_4163.doc	doc	c7e36ffa2fc469868b5f84cbc690fb72fc1651c4c2163663b4e5344d5d7019eb	39.34%	Heodo
2020-07-30	rep 20200730 Z18109.doc	doc	c5a1ad03d6b3c81fe73238179f4ae7d0dd137892c6fdaddabb788b33b56e2424	40.98%	Heodo
2020-07-30	doc U2747.doc	doc	e054b21bf99f6d13ee9a17cb70537b0a96a51353d8a703e64c5e1a50b8d093e6	41.67%	Heodo
2020-07-30	File 20200730 7347.doc	doc	b09f11da48b733ed09365280196d1a2633d18cd640003ab1cf57b34e03fee292	39.34%	Heodo
2020-07-30	rep 2020_07_30 X87561.doc	doc	7ae3517ff4b8f5816dc2d3bcac250d5ee981b313b363a57df8d0ee02f384d994	46.55%	Heodo
2020-07-30	FILE 20200730 V763.doc	doc	82fece784c2dfb8236c30c5efb2c891f5dd32c6b836bc3c08828a0135526074e	43.55%	Heodo
2020-07-30	Inf-2020_07_30-320892.doc	doc	020489febefffd2304a280f71f515a70323c405a1dea01213dd8f6834466241f	44.26%	Heodo
2020-07-30	mes-2020_07_30-5197183.doc	doc	536f687ed48372184bd85778ceb82c69ea9379cd363ee0081693ea440e3734f4	45.00%	Heodo
2020-07-29	dat_184.doc	doc	fcac2689185cf174e195fc9a8a9898529873dc4c681f3ef0a67fbcf76e94340d	44.26%	Heodo
2020-07-29	INF 20200730 WK98567.doc	doc	7abb411552b274a37f5fddd568ceb4a0440abbee9437d11536fe6a7f74f68021	43.33%	Heodo
2020-07-29	DAT_20200730_1867191.doc	doc	414901df75c137388169aef1183ce8b47a5ebe9d48a50a4a1dd4eda519f7c9db	38.71%	Heodo
2020-07-29	FILE_2020_07_29_241.doc	doc	0baa031b4645c110137eb2d9a8bf8766f4f32bcf09df6af13a2802c0d5c4efe2	35.48%	Heodo
2020-07-29	ARC 20200729 0119611.doc	doc	03995f7538079d2cf9ed7fc15f78b792be7d168150464fad150be2b2febbd2cc	36.07%	Heodo
2020-07-29	File_20200729_675128.doc	doc	357039b8635636265b0d26f18a7dc5b0a7ed2e155223ee4c687f18b747d2705a	28.81%	Heodo
2020-07-29	list 2020_07_29.doc	doc	d272b5478d9aec6722f860bfa75969ff337181ff194cdbdc9afb0d9b4b2c1098	n/a	Heodo
2020-07-29	arc 20200729 0464875.doc	doc	e3e5a46e900cbd942cbd148e4d79f1380794664b3d6e390134a98cdb1860ae99	27.87%	Heodo
2020-07-29	Mes 265412.doc	doc	67eef8e781f8a712985d6413f121e8546df018a33aea849f20c2d5095a6994e7	n/a	Heodo
2020-07-29	list-20200729.doc	doc	43a815b6b9a5e7b617a20a81e9275f5ab35f6b5483e5847abebd92a0e62a2993	26.67%	Heodo
2020-07-29	dat 20200729 ORE869.doc	doc	6d33d26c6514907d83ea254422280f50c6087470e0014a527536e49da0a65359	44.07%	Heodo
2020-07-29	Arc_20200729_DQ530771.doc	doc	ef2fd91cccc25245db93d06e544f4e9cbe9b7af92cd6574469124cc7b6d814b2	45.00%	Heodo
2020-07-29	Doc_20200729_163082.doc	doc	18eb3a42e22bad4739e7e30656ea54d812b781b53f4bdfb702acc5e440a0b6dc	43.55%	Heodo
2020-07-29	file 337.doc	doc	0c080096b6a25db4db3ad88e8bfa7b0c0f5dcc39c0be67d39ef8fed5aa2c40fa	40.98%	Heodo
2020-07-29	Dat-20200729-EAK6600.doc	doc	0a3991096a1362548e6de042c3174a436135be87ffc6fae6a721103ec9642105	40.98%	Heodo
2020-07-28	mes 2020_07_29 42770.doc	doc	8d32b9fc5cec511af2182f5afc6d00cc3d4e760072a6e89f846c5ad5f449f6b1	40.32%	Heodo
2020-07-28	Arc 20200729.doc	doc	63e8efafd895a3c81e6b57f8df7af0d841c821d7e99b7dc74c82906d3291365b	40.32%	Heodo
2020-07-28	LIST ACZ95039.doc	doc	fea74ef73aeff3c000de4d0fb83881380d352b00842be1eb8bd91a4e991e7705	40.32%	Heodo
2020-07-28	File_2020_07_28_112.doc	doc	73b80cad94ad46522a91aead5ca86a91f433c869b558892ca40d8be2e862cf5d	40.98%	Heodo
2020-07-28	INF VVK829.doc	doc	8a833117cff23289b3c939d592e9ec7808810ac42f401a4e908f59ed2ced0224	n/a	Heodo