URLhaus Database

You are currently viewing the URLhaus database entry for http://lgonlinecenter.com/leverl/cpZMFVKB/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry



Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:432255
URL: http://lgonlinecenter.com/leverl/cpZMFVKB/
URL Status:Offline
Host: lgonlinecenter.com
Date added:2020-08-13 18:16:20 UTC
Last online:2020-08-13 22:XX:XX UTC
Threat:Malware download Malware download
URLhaus blocklist:Not blocked
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Status unknown
AdGuard :Not blocked
Cloudflare :Not blocked
dns0.eu :Status unknown
ProtonDNS :Status unknown
OpenBLD :Not blocked
DNS4EU :Blocked
Reporter: Cryptolaemus1
Abuse complaint sent (?): Yes (2020-08-13 18:18:05 UTC to info{at}veridyen[dot]com)
Takedown time:3 hours, 42 minutes Good (down since 2020-08-13 22:00:48 UTC)
Tags:doc emotet link epoch3 heodo link

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2020-08-13invoice_X66_33371913.docdoc e1ac6201887f008a8beef8eca74076739b93dacf2d0d366f3329ca55dbc3c827Virustotal results 36.07%Heodo
2020-08-13InvGD88220506.docdoc cf0b0c4bf2dec3979bd7cc8606c1c911299845f9f97067fd4ae7af1985e6f6b9Virustotal results 36.07%Heodo
2020-08-13Inv ZJC8 696107980.docdoc 5068ac1fc3ea1af3eb637bed169df3a72f14ab7db56ff2996f718fbe8c05642eVirustotal results 36.67%Heodo
2020-08-13INVOICE-ZQK11-7498140.docdoc 4dc091daaf9b2ff460f2d3494beb83445f498784dce48abf4d793b1fb6955f07Virustotal results 35.00%Heodo