URLhaus Database

You are currently viewing the URLhaus database entry for http://www.ngcdfkibra.go.ke/mail/sRxXqv/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	421473
URL:	http://www.ngcdfkibra.go.ke/mail/sRxXqv/
URL Status:	Offline
Host:	www.ngcdfkibra.go.ke
Date added:	2020-07-29 14:53:15 UTC
Last online:	2020-07-30 02:XX:XX UTC
Threat:	Malware download
URLhaus blocklist:	Not blocked
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Status unknown
AdGuard :	Not blocked
Cloudflare :	Not blocked
dns0.eu :	Status unknown
ProtonDNS :	Status unknown
OpenBLD :	Not blocked
DNS4EU :	Not blocked
Reporter:	Cryptolaemus1
Abuse complaint sent (?):	Yes (2020-07-29 14:54:02 UTC to abuse{at}ns1[dot]bg)
Takedown time:	11 hours, 35 minutes (down since 2020-07-30 02:29:38 UTC)
Tags:	doc emotet epoch3 heodo

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2020-07-30	Inv-YV867-138826834.doc	doc	28ad746a87c186873fd8d644a8ca704b9768959c1d8cc780bbd1e4fcec07256c	45.00%	Heodo
2020-07-30	InvoiceTZXA2_5950552.doc	doc	e039f53c75e931e700cbcafe41ac39dfd4673929f7f2cf333a2f722272fd240f	n/a	Heodo
2020-07-30	INVOICE-M370-239772.doc	doc	cf7363d569abe51412e602a505dbb2d3604aaf97ee7c71db42e66b09224dce54	44.26%	Heodo
2020-07-30	InvoiceWBCJ553-0914326.doc	doc	db24098d6bd41dec460588297f00255c409f745bbe32faaf2cb6476fd44ee504	44.26%	Heodo
2020-07-30	INVOICE4257-8871338.doc	doc	72244c8748d1f0b37e10ef8b0f5be0624ea7ac975aa1214281b4f326e6b2f4b2	n/a	Heodo
2020-07-29	INVOICE-P34-4481379.doc	doc	9682cb3fed20b168899452201908168de9b2c2d82530d7227a4474b8b2587eb8	43.55%	Heodo
2020-07-29	Invoice_2_3987536.doc	doc	40a19219a853bbc60201d4cd4fc226bcdda0966f87f05dda562d113d65c8ce67	43.55%	Heodo
2020-07-29	Inv_XPIJ56 698591.doc	doc	1a509a842e1a24c4ffe665706fc677197002dad72cf5ba4a2711e9aace8dcd70	44.26%	Heodo
2020-07-29	INVOICE_BO32-294852.doc	doc	b6eb1c7760e06c0bf914bc6f8d26d4aa98a1d859d71fed9d6712db95af81f5f0	43.55%	Heodo
2020-07-29	INVOICE FA5357-37601010.doc	doc	bab24985fa20dca7f015976c0212909f59429d181ee874074692fa835b0f604c	n/a	Heodo
2020-07-29	Invoice L474{:REGEX:.doc	doc	dca65af614b79dad6628ee637674667f9dee8b395388283c22e3fca41e8afe31	35.48%	Heodo
2020-07-29	Inv_N933{:REGEX:.doc	doc	42d013d9cce79a7e86da79f6dd3d25b04f8460636e45c85ec23d1a962173f389	35.48%	Heodo
2020-07-29	Inv_XNP320 012894495.doc	doc	4ece79e02379040355a4ff12f9b622c675a9910c6f10d98c393b790dc0c9536b	36.67%	Heodo
2020-07-29	invoice-7-852811.doc	doc	dcce5b7a5bcb690a1e944e5dfe8577fe2bf2d913de0e0828825c8a3daf0d76ac	n/a	Heodo
2020-07-29	invoice-E415-448729.doc	doc	c9908873e05408d13895e8545fd5b9e3eb95032f5e363086b19e6a14a8ed7075	35.48%	Heodo
2020-07-29	INVOICE_L880-744764377.doc	doc	eedf761aed061fa63744aa541d5ddef3b7d53978fd00882cbf9fb0f88bd82550	36.07%	Heodo
2020-07-29	Inv-X3{:REGEX:.doc	doc	cbf7197df6cd966772e966e4e8a67f74d1b090ade41e58f80f706a071ac64286	36.07%	Heodo
2020-07-29	Invoice BLW3603{:REGEX:.doc	doc	a19deec65bef4fe1030b463be94b414c4b4b1bad207acfc2fd8df6bb5bbbefdb	35.48%	Heodo
2020-07-29	invoice-ZPIF7{:REGEX:.doc	doc	c65c81e1a76fdf4122271da9b47b9b45e0a45519719f468e7539eba8ab8f9d5f	35.00%	Heodo
2020-07-29	INVOICE-3842-55659090.doc	doc	ed92633dcb1b2dad6206cee946593ef3d93a891dab991b164595043fe12d82f1	36.07%	Heodo
2020-07-29	Invoice RGQ9_01129484.doc	doc	934f5d399e3b3914f2c3410ad251ab6817ddf37637d4cd01aa0faabb3f39ab2e	35.00%	Heodo
2020-07-29	Inv-FUJ8{:REGEX:.doc	doc	2f455cc6268ecdade0ca6fffc1663cc0afd5ba64feef4dcad85b6d26f5a6de40	33.90%	Heodo
2020-07-29	Inv-VLGO9877 825273996.doc	doc	d38a56d36ace7f2adafd305ed44cdd1667c68209148e46187c616be8a00c379a	35.00%	Heodo
2020-07-29	invoice-DAG4_1525974.doc	doc	6ecb72b433b635a49ee2f82737cec4103d08d18e988b42d36bd1b35d175ef612	33.87%	Heodo
2020-07-29	Invoice_BP250-052844.doc	doc	6c3d8011d58d421f0db32a2fbd7ff2dfc39c7fe557dedcd503aca7d97d7a1e80	33.87%	Heodo
2020-07-29	INVOICE-DD9286-4878805.doc	doc	4dbfbd8a057e49274bd92c01fa9680f9b478eaf207fa1c55aeb36d7879a35b27	33.87%	Heodo
2020-07-29	InvoiceYFJC924-332851624.doc	doc	4800ef4ce359d4cfcba1becb6f8f276e0e968f7184af96279a1c448b897cccbe	n/a	Heodo
2020-07-29	Inv-CY46{:REGEX:.doc	doc	50445a74463d73e829f22308488c8ff5b166f83d4d17025cccf6f9c634146f8e	35.00%	Heodo
2020-07-29	invoice-YHPH2-42779712.doc	doc	4fcf5c5d7a3296eae7876be45da5f2043bb300507716ac8927c882b5faeb1c2b	33.87%	Heodo
2020-07-29	INVOICE_3815-0201104.doc	doc	1ddd4cbe0cce870cff910c166130add090f1e48f6f6c146f30cc368b32df026e	32.79%	Heodo