URLhaus Database

You are currently viewing the URLhaus database entry for http://abovethemezzanine.com/cgi-bin/docs/a5s9j8y4z9/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	426122
URL:	http://abovethemezzanine.com/cgi-bin/docs/a5s9j8y4z9/
URL Status:	Offline
Host:	abovethemezzanine.com
Date added:	2020-08-06 07:50:36 UTC
Last online:	2020-08-08 12:XX:XX UTC
Threat:	Malware download
URLhaus blocklist:	Not blocked
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Not blocked
AdGuard :	Not blocked
Cloudflare :	Not blocked
dns0.eu :	Not blocked
ProtonDNS :	Not blocked
OpenBLD :	Not blocked
DNS4EU :	Blocked
Reporter:	spamhaus
Abuse complaint sent (?):	Yes (2020-08-06 07:52:02 UTC to noc{at}ihnetworks[dot]com)
Takedown time:	2 days, 4 hours, 29 minutes (down since 2020-08-08 12:21:19 UTC)
Tags:	doc emotet epoch2 heodo Quakbot

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2020-08-08	95226708599277790131874.doc	doc	99c91d2f1ecbee44baa8f5c9f3bfc0e2d7d11b63cac8d777f6dc1dd3b1c2aaa8	37.70%	QuakBot
2020-08-07	INV_75091357573539223556.doc	doc	41ef6b4c13a98f92f61c7a14e9619f68f166ea699a7ea6eee9a1bf0165512f81	36.67%	Heodo
2020-08-07	FILE_ET2343480708DW.doc	doc	71966324e0563adb2395fa41631df268d23b2d20fcd6e4ca70f94e3444f5d980	36.07%	QuakBot
2020-08-07	REP_XON_080120_JGC_080720.doc	doc	51f4b68143c9a8757314246d5abbca3969c650720085f62ae8dd4b7a41c5b300	34.43%	QuakBot
2020-08-07	NCZ_080120_BBF_080720.doc	doc	3f4c381531d4604385f763850e0e32cd72c1b21b78330327c64b2da16e62e9f8	32.79%	Heodo
2020-08-07	N_OMR_080120_RFL_080720.doc	doc	ceddfbaca020f738159a9f23ff626356400ce8a3dcccb86e056e207a1580543a	30.65%	Heodo
2020-08-07	15985694.doc	doc	789708613dc7aefd92e2baea4ae403af56c32edcb2dda9c7dcb85a188ba7bc68	29.03%	QuakBot
2020-08-07	SHR_080120_ZZB_080720.doc	doc	a748a34c235392f3218d8d9f628bfe14f1fa098e59b8486a4591cb3c057a2eec	24.59%	Heodo
2020-08-07	UDR_080120_FMS_080720.doc	doc	83acfc01aed8937375c8bc98733684caaa595766301ca229d41af7b2c3966921	n/a	Heodo
2020-08-07	R_31741500.doc	doc	22c64ac7a89ab8a195cf01ac7fe65b95cfb560eb85d98fe16f7b5b0e5db27538	24.59%	Heodo
2020-08-07	PO_08072020EX.doc	doc	cef4ea2fe357130f745c348c302765637f0096a8059215da43291113583d1cee	23.33%	Heodo
2020-08-07	29771218.doc	doc	ccc4d81c64186a882e88830fe137713a51403e6d89dc9fe169b84e6dd520bda1	24.19%	Heodo
2020-08-07	8371745888.doc	doc	6011d30bda10ff7a9f9e5cc83968a34178af8cb958e7eb7fe50f5d735c06c590	44.26%	Heodo
2020-08-06	DOC_PO_08072020EX.doc	doc	1f27b0c851f6193afa8545d83066678915312340a2a6a776103add49154fa6d7	26.23%	Heodo
2020-08-06	NUU_90184381687271.doc	doc	1ef7cadcf3f3ab9942c605b804971dc175c8cd97b08b3d01445ad36f4ec08463	n/a	Heodo
2020-08-06	59112275.doc	doc	6404a5a49751db7e1c82b5bdffadd5171eea2b5a4b43f9b77afb50b2095df09d	24.59%	Heodo
2020-08-06	EC9438084392FT.doc	doc	3c74dbf95327daeaf341a8b8b7eefbe17199eb34186f75217d342c3b384a1ce5	24.59%	Heodo
2020-08-06	52764095.doc	doc	05c72e97f5d458c6490496c4ac646b9555bc470d63b6bbea42875e5adb1a1549	20.97%	Heodo
2020-08-06	DDX_81154591.doc	doc	304614d4a80ddcf70ed20283f9b4837eb8a9b65f318b47acf092be17ed214933	18.03%	Heodo