URLhaus Database

You are currently viewing the URLhaus database entry for http://www.palestina.gob.ec/wp-content/4y0z21g/bcb735187592043c8n2h085cq/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	426893
URL:	http://www.palestina.gob.ec/wp-content/4y0z21g/bcb735187592043c8n2h085cq/
URL Status:	Offline
Host:	www.palestina.gob.ec
Date added:	2020-08-07 01:45:34 UTC
Last online:	2020-08-10 19:XX:XX UTC
Threat:	Malware download
URLhaus blocklist:	Not blocked
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Not blocked
AdGuard :	Not blocked
Cloudflare :	Blocked
dns0.eu :	Not blocked
ProtonDNS :	Not blocked
OpenBLD :	Not blocked
DNS4EU :	Not blocked
Reporter:	spamhaus
Abuse complaint sent (?):	Yes (2020-08-07 01:46:03 UTC to abuse{at}hetzner[dot]de)
Takedown time:	3 days, 17 hours, 19 minutes (down since 2020-08-10 19:05:09 UTC)
Tags:	doc emotet epoch2 heodo Quakbot

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2020-08-08	REP_JVU_080120_ODR_080820.doc	doc	65fb2416ca1ef5a5608ec7a020d3d3cf348b0521b65fdf537196f704e82b522b	37.10%	QuakBot
2020-08-08	N_75570409.doc	doc	c1c1038c8379b00dad0e55a1bc2362e7f41b231aa4f51c560c04f0c76c9a5dd3	44.26%	Heodo
2020-08-08	REP_PU3467284173KZ.doc	doc	08d796d8f1f88bfd99412b44f3c3c037cb359f3b8d1c3175a56c14da71ad6876	37.70%	Heodo
2020-08-08	REP_73634457.doc	doc	9767aa04e0d5fd215636a710fc84b891ad6e13826c5f54a9fb55f5deb2269460	38.98%	QuakBot
2020-08-08	U_WG7330584983QD.doc	doc	5c7aae6105a9fc732d1df596c303f4a3bfcc574fcbb55615bffe074f5ec34179	n/a	QuakBot
2020-08-07	PO_08082020EX.doc	doc	41ef6b4c13a98f92f61c7a14e9619f68f166ea699a7ea6eee9a1bf0165512f81	36.67%	Heodo
2020-08-07	HJ_68030124.doc	doc	76d2a23274d866daeacca1a0038a331961c83d61224504b2c10fd41ee3d133de	37.70%	Heodo
2020-08-07	77688548.doc	doc	d16d8be6b35c187d5a4984e4f5e210665a966932b567cdaa06a05f18409577ac	35.00%	QuakBot
2020-08-07	REP_QQ8709393885SU.doc	doc	3f4c381531d4604385f763850e0e32cd72c1b21b78330327c64b2da16e62e9f8	n/a	Heodo
2020-08-07	O_104426897427081798440969.doc	doc	3449ebd127fc3e854e9fbe37330f06267533809795a7319df12af6afd25293b6	33.87%	QuakBot
2020-08-07	DOC_J994MKA5QS.doc	doc	84c95595d065ebc313271e7701ebcc3d4629488ac753f2fcf608a412dd70d14a	n/a	Heodo
2020-08-07	49957951.doc	doc	647e4bdd2ba51f7dfc1c7749092db78d95b64ca550d266e025602d2437cb503d	30.00%	Heodo
2020-08-07	A_QZ1459264637WF.doc	doc	22c64ac7a89ab8a195cf01ac7fe65b95cfb560eb85d98fe16f7b5b0e5db27538	24.59%	Heodo
2020-08-07	S_QM2014146608UP.doc	doc	56aea8dd28bb9f893ec49cf3e5bd73eb7dafad62fb12c5f1431b94e2bbd02986	22.58%	Heodo
2020-08-07	REP_PO_08072020EX.doc	doc	4c70f0ff52d6a0016178754d0223340a2b83c622c1be0d1a49656b744b4775a4	24.59%	Heodo
2020-08-07	REP_93345565581598573.doc	doc	9f226b33ed3ac52584fc08957b69d7894a68afb9332dc79d42bcde06df63fabe	24.19%	Heodo
2020-08-07	DOC_89457247463.doc	doc	9003022268d0174373813a27761795b85bdc4972564810056d592cb380ac81f5	22.95%	Heodo
2020-08-07	FILE_845601266797859793043.doc	doc	c25b2007d6bf55f9583da51d51090e6c145e2f1b30a05a0b0638fed6845d24f5	23.73%	Heodo
2020-08-07	19207372.doc	doc	57370f33ff18a79a83e7ab0a2058c0182aaf87d4f996595ed5aecbbd404b351d	n/a	Heodo
2020-08-07	REP_EEI_080120_GRN_080720.doc	doc	b6b363c0540264d6b519df4131b781a081197728b39d1c4c9ad07a23ff710c6a	n/a	Heodo
2020-08-07	BAL_VYM_080120_VQE_080720.doc	doc	eecea8fd330329b9b832be329a5ec67804ada3d27b6e7ae845f1d7493f99a013	27.87%	Heodo
2020-08-07	BAL_HJ3446618314CA.doc	doc	cd07bca598555bc44ea79d384318d90cd653d87390dc8fe65fdf356689ef0c40	27.87%	Heodo
2020-08-07	XF7Y3UEBFH7GXI5.doc	doc	6f29145665e4e35e261fec14a975bc5bea2b8e21fc496768d5ed44c13da63386	29.03%	Heodo
2020-08-07	INV_02470437.doc	doc	c01886bbf94166f4b23674f898f638ca04120c93564ed7a94407daadb704a95e	n/a	Heodo
2020-08-07	INV_IB0157775262EO.doc	doc	3d7b7ad00c7e9a6d87ef11c07fe21e309833898b96f68aa5a7f1269a828c5226	n/a	Heodo
2020-08-07	INV_06384175720381511.doc	doc	eccaeceb3d8c7bd64c70811d74bb4a94d033f558f5d10864b7d9224605ecbb09	26.67%	Heodo
2020-08-07	DOC_PO_08072020EX.doc	doc	4d0b28b1f18afa99d908f7a6d885da63d1b1177d75fe27f74fe36397f7b23a7b	n/a	Heodo