URLhaus Database

You are currently viewing the URLhaus database entry for http://chicagostation.com/chicago/FyNv/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry



Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:431346
URL: http://chicagostation.com/chicago/FyNv/
URL Status:Offline
Host: chicagostation.com
Date added:2020-08-12 23:37:05 UTC
Last online:2020-08-13 21:XX:XX UTC
Threat:Malware download Malware download
URLhaus blocklist:Not blocked
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Not blocked
AdGuard :Not blocked
Cloudflare :Not blocked
dns0.eu :Not blocked
ProtonDNS :Not blocked
OpenBLD :Not blocked
DNS4EU :Blocked
Reporter: Cryptolaemus1
Abuse complaint sent (?): Yes (2020-08-12 23:38:02 UTC to abuse{at}asmallorange[dot]com,eig-abuse{at}endurance[dot]com)
Takedown time:21 hours, 44 minutes Good (down since 2020-08-13 21:22:57 UTC)
Tags:doc emotet link epoch3 heodo link

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2020-08-13Invoice-842-3411948.docdoc 49d66f1859784a289e46f5690a521c15cb397cb29ad8db6882806c03628a4b97Virustotal results 35.59%Heodo
2020-08-13InvoiceT290650346.docdoc 5068ac1fc3ea1af3eb637bed169df3a72f14ab7db56ff2996f718fbe8c05642eVirustotal results 36.67%Heodo
2020-08-13INVOICE 23 9535303.docdoc 294443b3b8e68154544b8f501310b598b2925bc108c42f5a30bccfa9598b6782Virustotal results 35.00%Heodo
2020-08-13INVOICE_DP82_639851.docdoc a0174ce27bcb676191641c4b06722c67732d37458580fcda2aca969593f838d9Virustotal results 35.00%Heodo
2020-08-13invoice END9218 269891087.docdoc 7f84ffec8d67c90cf874b1c63419a909e57b6e610d050a800bccfef7de037607Virustotal results 37.29%Heodo
2020-08-13Inv YHIA92 959008.docdoc 17c0ad7fe3012db3c5ada59ba1d21436aa344ab57a37ce699684f8bbead66de0n/aHeodo
2020-08-13INVOICE_EJB058_27554254.docdoc ecab54e301b452142ecc261b2329b5603222fdd66c4785aaee3b0a1e54373879Virustotal results 32.79%Heodo
2020-08-13Invoice_ND244_26642462.docdoc 7e058242f7a064bad48c7b7a1e45ebabdb59903cabf069d79e145c9edd2408fcVirustotal results 33.33%Heodo
2020-08-13Invoice 118 44787433.docdoc 0d943363cc7316d93b7afdeaedc54c7b7f8dd8b7d63b81516d89202f6d95f96dVirustotal results 28.33%Heodo
2020-08-13INVOICE-829-274160.docdoc 286f7949f545a67074545aa0830816a560a993143774c4468d041d5e656d2897Virustotal results 28.33%Heodo
2020-08-13INVOICE K7 0934388.docdoc b8a573213c36923b03e13902ca78fa55cd62d801d34fc7f5ecaf692f7b68482cVirustotal results 28.33%Heodo
2020-08-13INVOICE-Z3276-595534201.docdoc f392265c903b4cad60edb998054c18fcb2cfdfe7e9e068ad6119545be62062e6Virustotal results 28.33%Heodo
2020-08-13INVOICE-X4-497764986.docdoc 52c981dcee0a9c0bc80ec192b453e8af6b01ced6cb3187645687ad0fd1b13221Virustotal results 27.87%Heodo
2020-08-13INVOICE-QC9-44802404.docdoc 06166b3489e6b1ba8b3b7abbedf9fa72a55fc82e560c856df36cc781c2470e4bVirustotal results 26.67%Heodo
2020-08-13INVOICERHKF2212377307.docdoc b728f085e0e3133f7083a77948330f193955e186b2e479815f2657baf3802c57n/aHeodo
2020-08-13INVOICE XFB1 125400.docdoc 3a957d2e54e658d116c346dcaf0dab5ecaec5e60bf7125b32087746f27cbe35fVirustotal results 26.67%Heodo
2020-08-13Inv-ZRS3418-6442921.docdoc b58536809fa841324f6ebd181e66c4e897843b4689a45987ba00691b7c99f35cVirustotal results 25.00%Heodo
2020-08-13Inv_GH306_5706470.docdoc 776396c0aa0fac10eb849a713ca7927a00cd7aa654be032e870fa7cbe3076078Virustotal results 26.67%Heodo
2020-08-13Invoice-TAUA4-2535242.docdoc d22eb2573f777153ddd035f4b8ba8b83c452f150ee71bb9e2dc95a0036794c46n/aHeodo
2020-08-13Inv_XULQ2254_1272644.docdoc a9db211b5c0ed36501a165bda0a9c6a4f673bcb350aa5f5b7bfb4a9910f883c0Virustotal results 25.00%Heodo
2020-08-13Inv_XULQ2254_1272644.docdoc a9db211b5c0ed36501a165bda0a9c6a4f673bcb350aa5f5b7bfb4a9910f883c0Virustotal results 25.00%Heodo
2020-08-13Invoice JXCU2 152170.docdoc 147ff91d2f978f8abd623f6a25e0599903cb53c9a890255e3fcede1cb0fbc8daVirustotal results 25.42%Heodo
2020-08-13INVOICE-A6715-48710835.docdoc 642f6238f4c26f7e8829b4739309809c5b2ec80f58e0beb4df4cbfdfd8ebe42aVirustotal results 25.42%Heodo
2020-08-13INVOICERQW1836700925353.docdoc 7b6f86d6898258e9a8a5a572e055f9efc0d045b78fc6eb88c0d2f61f064629f2Virustotal results 25.00%Heodo
2020-08-13invoice_V5225_760683170.docdoc b6e322f9859749fc8f883d8e46bd164f9b3b406ab9978f5c1daa1ad43325d492Virustotal results 27.12%Heodo
2020-08-13INVOICE-UB2-4460166.docdoc e1b7a11726c385bcad71dfe791b165802cc625ceaf2f1550a5a10f5f222ea90dVirustotal results 51.67%Heodo
2020-08-13INVOICE E2 46009282.docdoc 10531f315432369a9c0706bc00ac1405445316044a9ec07b03de6606a6a9f9fbVirustotal results 55.00%Heodo
2020-08-13InvoiceHXHX4700001.docdoc de63eeb9f1015ea52b0e1a4d4698d706634a985366000085cfc06c5295b0d165Virustotal results 54.10%Heodo
2020-08-13INVOICE-PWU2-465566.docdoc 17b6049e45eaf5263f576de1799a8b8ccd0164f7e1241cf72738d56e8793458aVirustotal results 53.33%Heodo
2020-08-13InvoiceN569805662.docdoc 015990746f332cc1ad898d46ef3de53f4ffc95d723ccd19bea5fc12b95f86b47Virustotal results 54.24%Heodo
2020-08-13INVOICE_FZCJ02_385089347.docdoc bd379f0e0dcc9c8c75d70a99df9f95dc56d70fd92cbf446a21dcb7b22ded59f9Virustotal results 53.33%Heodo
2020-08-13invoice S9 4900980.docdoc fb04bcaffc6328a8a16308df4ecbcf2ab1099b8c1dd14c443590f8bbad856fb7Virustotal results 53.33%Heodo
2020-08-13invoice-W844-666906067.docdoc e26bbe184e43c8251aee307aa6d392971f7facdda4ce50f9733a966dc7905ff2n/aHeodo
2020-08-12INVOICECKC279257782.docdoc d7c50ba11249e0a1c4d11979973556404398ea351d7dc8b174ba3cd411d79bfeVirustotal results 50.85%Heodo