URLhaus Database

You are currently viewing the URLhaus database entry for http://cad-vision.com/protected_disk/additional_forum/1FFXoUN77_lInciyiMkb9j/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below may have been used by bad actors to spread malware, the URL seems to be clean for a long time. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	426387
URL:	http://cad-vision.com/protected_disk/additional_forum/1FFXoUN77_lInciyiMkb9j/
URL Status:	Offline
Host:	cad-vision.com
Date added:	2020-08-06 15:59:11 UTC
Threat:	Malware download
URLhaus blocklist:	Not blocked
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Not blocked
AdGuard :	Not blocked
Cloudflare :	Not blocked
dns0.eu :	Not blocked
ProtonDNS :	Not blocked
OpenBLD :	Blocked
DNS4EU :	Blocked
Reporter:	spamhaus
Abuse complaint sent (?):	No
Tags:	doc emotet epoch1 heodo Quakbot

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2020-08-08	Dat_2821450.doc	doc	eea494e866becd4ce5d21eaf4ba21c10cb806a32d385336edd7517d8b14af028	43.55%	Heodo
2020-08-08	File 20200808.doc	doc	ba50483a5407dc7d213263534638c2e4e0445d9d06f977dc496e979beda32f33	40.98%	Heodo
2020-08-08	mes_2020_08_08_BUO626.doc	doc	84cce9a551dc2eb66990351d4d17dd8c37f457ad337bcb9984231f608208258a	43.33%	QuakBot
2020-08-07	Dat 2147059.doc	doc	5d2b88e4fefb1593bca1de5b27276ba0d00140416c91339fc6fd44431c8ccbd9	40.00%	QuakBot
2020-08-07	mes-2020_08_08-2368.doc	doc	e8cfc1ea617361564b695bbb732436a5b497bec2660b878ca91e398406298900	36.67%	QuakBot
2020-08-07	dat_20200807_080.doc	doc	acf64b8e97e3201f06314a33733d479adef77620d8c569663be2e02c3ef38e98	33.87%	QuakBot
2020-08-07	doc-20200807-CX1587.doc	doc	8cbee4a45b5e799b5147bd50530fc9dded0b2e61503523a65ca24a68a3ac2c08	29.51%	QuakBot
2020-08-07	List 2020_08_07 RV2718.doc	doc	9aac7ec20bb40421b838a9695b5b86221b6c348fb79cb6a6e1e4b5cbe3dd55b5	34.43%	QuakBot
2020-08-07	list 2020_08_07 QBW16611.doc	doc	5be9285d6eae35674dda18685cac1c1bc4e61d22fd8fdcb81efe421fa5a3ce5b	24.19%	Heodo
2020-08-07	dat_2020_08_07_2081.doc	doc	bb249753b6fd6220b43602a1122cd458d29055d3e37603c1a3a1e2f21a81366e	26.23%	Heodo
2020-08-07	dat 2020_08_07 ELK505163.doc	doc	aaf9724d17a02da2ebb37c991ad51b1636ae22b4af318713bc3aa68538bb632c	25.00%	Heodo
2020-08-07	arc 2020_08_07 ADC266593.doc	doc	0731aa8c16ac6d1cd66d19ed7059f68747efdde349b8dad3151b981cac519407	26.23%	Heodo
2020-08-07	FILE.doc	doc	0802a268dda636fdd8619fdf83841307ab67493d28ff03b20b559b99cf5ed6f5	24.19%	Heodo
2020-08-07	file-20200807-SIA61818.doc	doc	a6cf38618a58d0076e02ca5aa15020a6971e1367e0b8c00168775a31f8b92618	40.00%	Heodo
2020-08-06	FILE_Q915.doc	doc	9fda153dee6f47ac4ab198402cc17dac3bd96bd975458ef5dc23e2345abe48bd	26.23%	Heodo
2020-08-06	FILE.doc	doc	a1668530748354caf4b83b007f729aa168414a2e53c2c87bc4043bdd0c7a3c06	25.00%	Heodo
2020-08-06	file 20200807 WQK89297.doc	doc	a436a44c7f9750b7a59d1d9a4f11b7769d1dcf7be8323b376a27cc71f00db477	27.87%	Heodo
2020-08-06	FILE 20200806.doc	doc	1304321a6bd8c0a832b07f6a06932ea32cba7a771195ae689a166a036e4ae996	22.95%	Heodo
2020-08-06	File_2020_08_06.doc	doc	7e3748cb30eae6aea8ece0f485bfd8d0c1afd577570b3e5187292d0628265fcd	23.33%	Heodo
2020-08-06	arc-20200806-PGC9669.doc	doc	4b5b26ca7cc728978ea9c6d3acc58e52aa719b30a35d994041cb88d6b35b76b8	22.95%	Heodo
2020-08-06	mes-2020_08_06-E59906.doc	doc	d526df7960cf7fe141094c78d40e1e5840f5782cf93e0b0fce601e70c56dec75	n/a	Heodo