URLhaus Database

You are currently viewing the URLhaus database entry for http://lindnerelektroanlagen.de/pages/closed_array/corporate_Qvt1WRAIL_wizVz4iwC2/Mb2cyxZUJuX_et9L1IppzGs5/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	427002
URL:	http://lindnerelektroanlagen.de/pages/closed_array/corporate_Qvt1WRAIL_wizVz4iwC2/Mb2cyxZUJuX_et9L1IppzGs5/
URL Status:	Offline
Host:	lindnerelektroanlagen.de
Date added:	2020-08-07 06:36:05 UTC
Last online:	2021-07-18 20:XX:XX UTC
Threat:	Malware download
URLhaus blocklist:	Blocked
Spamhaus DBL :	Abused domain (malware)
SURBL :	Blocked
Quad9 :	Blocked
AdGuard :	Blocked
Cloudflare :	Blocked
dns0.eu :	Not blocked
ProtonDNS :	Blocked
OpenBLD :	Blocked
DNS4EU :	Blocked
Reporter:	spamhaus
Abuse complaint sent (?):	Yes (2020-08-07 06:38:02 UTC to abuse{at}dogado[dot]de)
Takedown time:	11 months, 15 days, 13 hours, 49 minutes (down since 2021-07-18 20:27:54 UTC)
Tags:	doc emotet epoch1 heodo Quakbot

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2020-08-08	Dat 2020_08_08 610.doc	doc	eea494e866becd4ce5d21eaf4ba21c10cb806a32d385336edd7517d8b14af028	43.55%	Heodo
2020-08-08	dat-CI15483.doc	doc	ba50483a5407dc7d213263534638c2e4e0445d9d06f977dc496e979beda32f33	40.98%	Heodo
2020-08-08	ARC-2020_08_08-4294650.doc	doc	23f6ed44eda0ab1b7274653b618ac891a8cbd3c467f8b658297cf68173bb842f	42.62%	QuakBot
2020-08-08	List 20200808.doc	doc	ec11d3cebaa5d4d05ef93c8b88ab79e34d82fede8daa5a821d119d12de060ffb	44.26%	Heodo
2020-08-08	rep-2020_08_08-HE6848.doc	doc	f3be0b911d44447b80b1337f332187ad596fbfe6a0739cdacdd2f9d759e12114	40.00%	QuakBot
2020-08-07	Arc.doc	doc	53ac99d5826bd318da8d98fc65d4b28ee61fd3f4cf67cdf387cc88e35a0fed86	n/a	Heodo
2020-08-07	Rep-20200808-3286.doc	doc	5d2b88e4fefb1593bca1de5b27276ba0d00140416c91339fc6fd44431c8ccbd9	40.00%	QuakBot
2020-08-07	file-2020_08_08-VXW490.doc	doc	16c140684e32eb93fa92afe82d5679eab09dd7d0b81e58a701c6a2958d31934f	37.29%	Heodo
2020-08-07	LIST-2020_08_07-60679.doc	doc	b73f780a433d41cd9d6d0046f85474514b51eb5471e34e530974673c6579eb1a	35.00%	Heodo
2020-08-07	Rep 2020_08_07 4174.doc	doc	646ccd64823cfa77dbb491953dde3333f48c8c19ac7a2753088a96dce8b0d397	33.90%	Heodo
2020-08-07	dat 20200807 W369340.doc	doc	016ca89513a40f3189a3620d63b4ddeecb49bb57f1459ad75154e1ddd9f2370f	30.65%	QuakBot
2020-08-07	inf_94813.doc	doc	130323d560c36acdbc705cd39ea4f9e0e6b490fb2495f500989fa48940f3e174	32.79%	Heodo
2020-08-07	Inf.doc	doc	aaf9724d17a02da2ebb37c991ad51b1636ae22b4af318713bc3aa68538bb632c	25.00%	Heodo
2020-08-07	INF 2020_08_07 1052.doc	doc	15be7667cc3b8d6445b3b4c245f2befdcf7a96e438a771828ca1ed6c12682670	26.23%	Heodo
2020-08-07	arc 20200807 0553044.doc	doc	deb669530640786d01b93dc6537ae68c13fd0b2785de9133fcccfa08dd5fb96a	26.23%	Heodo
2020-08-07	Doc_20200807_501441.doc	doc	4d66b8fafcf69f590dc74a3383fa08576a6de54ef030b8d47bced68e03f63065	29.51%	Heodo
2020-08-07	doc-20200807-MQY85041.doc	doc	d21fb5ef05cc6d7375ad67529c3b74d7111dff2fd9a11ce6944a25e4dc2463c0	27.87%	Heodo
2020-08-07	Rep.doc	doc	a6cf38618a58d0076e02ca5aa15020a6971e1367e0b8c00168775a31f8b92618	40.00%	Heodo