URLhaus Database

You are currently viewing the URLhaus database entry for http://basinfarm.com/cgi-bin/CTOziZ/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry



Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:429284
URL: http://basinfarm.com/cgi-bin/CTOziZ/
URL Status:Offline
Host: basinfarm.com
Date added:2020-08-11 12:55:27 UTC
Last online:2020-09-08 16:XX:XX UTC
Threat:Malware download Malware download
URLhaus blocklist:Not blocked
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Not blocked
AdGuard :Not blocked
Cloudflare :Not blocked
dns0.eu :Not blocked
ProtonDNS :Not blocked
OpenBLD :Not blocked
DNS4EU :Blocked
Reporter: Cryptolaemus1
Abuse complaint sent (?): Yes (2020-08-11 12:56:12 UTC to abuse{at}macstadium[dot]com)
Takedown time:28 days, 3 hours, 43 minutes Bad (down since 2020-09-08 16:39:19 UTC)
Tags:doc emotet link epoch3 heodo link

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2020-08-13Inv 4 231665222.docdoc 1e3c14d2b4deb7c4a516f48c8da60a30d61f2f9c87e1967ada53a0604cdc748eVirustotal results 25.86%Heodo
2020-08-13invoiceZG0947519184.docdoc f844331d28cf2533981a9e753d6df2e9677efadaeea9b2c014266991ae78280fVirustotal results 26.23%Heodo
2020-08-13INVOICE_PFS5355_5336330.docdoc 0f35e4ec3b8ebeda105d0b720312ece9f9bc4787543ce41ddd74ca8e69f1d45fVirustotal results 26.67%Heodo
2020-08-13INVOICE-H4571-6134397.docdoc 46b21be022edbd1e3c421e00b0f0fb17b33ff686feb8309c819c817da38d7fe6Virustotal results 53.33%Heodo
2020-08-13invoice LDN16 84649976.docdoc 9f4352ef4a864ee7d922a013e03bdefa49a2f1f11b8f6ad434790a9552b0291cVirustotal results 50.00%Heodo
2020-08-12INVOICE-JG6977-33170348.docdoc f0c882d52064e9965202bcad61de9663457c9564ab432b3a009de74238d21346Virustotal results 50.00%Heodo
2020-08-12Inv-6308-760429.docdoc d60d130c4369c7d41edf041927897b2ceb6b845a66b97bfeb0cf7d60575fe399Virustotal results 47.46%Heodo
2020-08-12Invoice-XYL9-2011095.docdoc 27b03189993a181d040ef50d0213a2cc8cf4a561c1cd3d43d0929da23c96867dVirustotal results 47.54%Heodo
2020-08-12Invoice_YU075_959065608.docdoc 92502362911aed5b3c49f11a72a3323122c503c6c9a61913fec705d03451b2edVirustotal results 42.37%Heodo
2020-08-12InvUW007345167814.docdoc 73dbd3589e2d0ca8f9f663da4f527cb110e5e29ce81026ff99cb0a24048fabc5Virustotal results 39.66%Heodo
2020-08-12invoice_T7092_90954139.docdoc f30c10c17760141100196b57021e2bed24a5576335a5b58e4c78b65eeb80c4b0Virustotal results 36.67%Heodo
2020-08-12Invoice-MP99-538273.docdoc 7e80fbe683372b02372090968d9795df4d7683ce0f8691fc8a8efc25e49364d2n/aHeodo
2020-08-12invoice-977-480800803.docdoc 5acefebbcc9a92b556c6f81e212c7db449fe2692e8877039dd7b6a920f8e5172Virustotal results 31.67%Heodo
2020-08-12invoice-L94-24803232.docdoc 9b7eb16f356fc9c07f733b056757d867b513408c22946bb444906da99bcd3ba0Virustotal results 30.00%Heodo
2020-08-12INVOICEKYJ326754744134.docdoc c210f8abb84f938b790c94c77ada2806b1c733c57b395afa3aca6f92ad1bb350Virustotal results 27.59%Heodo
2020-08-12Invoice-W170-41042018.docdoc 7cac4a650e10cfd19822dde2a4e07af07a08322fce7d15b28b7f1ade0372fce6Virustotal results 28.33%Heodo
2020-08-12Invoice SI0921 91824619.docdoc 57b46608e379e736e4b390fa8ed0d2fb63206d41d90f6342d0089272dfe846c0Virustotal results 26.67%Heodo
2020-08-12INVOICE1231610618.docdoc 24d695ee5d47e6fc47afc097c1c09639443097d9fddb06851d8cc02e19aa6509Virustotal results 51.67%Heodo
2020-08-12Invoice_VUPQ071_7510467.docdoc 9504f5a3836bdbb948169a5dcfe020216d625213d9f23629bdefddda1d9c6c74Virustotal results 50.85%Heodo
2020-08-11Inv IF42 3486875.docdoc ac1bd9010c2ce0ab643beaa92a00c1d342b013f58e2099bc3c85e584b8a92107Virustotal results 50.00%Heodo
2020-08-11InvSS58497702503.docdoc 19c60452fae42f6c268705bde00ef94bed83022e4969001353d14549fa028fabVirustotal results 51.67%Heodo
2020-08-11InvL5692064920.docdoc b118c1c738f5676f9a0daf7d99825cc2249748740715d0fb73b8b4448e0c44a0Virustotal results 50.00%Heodo
2020-08-11INVOICE 3 792337.docdoc 2bacd46747f03d8facae64c50de4987098ced5cb35fefb1aa711829179d83d9fn/aHeodo
2020-08-11Inv-FNVV7063-869096749.docdoc 4ce8a32a7d3405a784a5a896b2faeb1ae1c73f9201af0716bffd10fb59e38ad9Virustotal results 47.46%Heodo
2020-08-11invoice 518 707253.docdoc afae9a58f094ad2820f5d92fbf12b243f4f7db992916f2e6893329b9db28ccc2Virustotal results 45.76%Heodo
2020-08-11Invoice_LYC13_8325391.docdoc 1cc98c392c0aa7e8ad7669a7b0c7be701ac2fbd93fd030a57f0aed0dc0a1f4fdn/aHeodo
2020-08-11invoice TPWS064 114284007.docdoc 800e57c4ad645349b6c44afc8fe14062e1f9ab0b9073ae5b69b17bb231eaf189Virustotal results 37.70%Heodo
2020-08-11Invoice-47-207544401.docdoc 037ac6663cc663afedeb54cc2424400903cff00417fd70e5ad9b648a50eeae83n/aHeodo
2020-08-11Inv_19_3814798.docdoc d88d96cc358261f1924dc023ccaef2acc858bd460564cf04b70d80a5569b7c78Virustotal results 39.66%Heodo
2020-08-11Inv_TK1757_2157863.docdoc aa8d5d68477493748dbd276eddf4cf0cbe8e3eea559eceb6b60e03d9b2cb8d61Virustotal results 28.33%Heodo
2020-08-11INVOICE-397-05534193.docdoc 05fac21a4430186852c51837d7f5787747aa9fb1afa75cd3f00b2505dc79351cVirustotal results 28.33%Heodo
2020-08-11Inv FZSC2 89028933.docdoc 6e18f8ba4f684db7597814f251fd691375b3cbb1cb3eef3d54b2efe1b21b0057Virustotal results 27.12%Heodo