URLhaus Database

You are currently viewing the URLhaus database entry for https://koenigsmarck.de/blogs/Scan/lflwywmj/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	435255
URL:	https://koenigsmarck.de/blogs/Scan/lflwywmj/
URL Status:	Offline
Host:	koenigsmarck.de
Date added:	2020-08-17 23:19:38 UTC
Last online:	2020-08-19 04:XX:XX UTC
Threat:	Malware download
URLhaus blocklist:	Not blocked
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Not blocked
AdGuard :	Not blocked
Cloudflare :	Not blocked
dns0.eu :	Not blocked
ProtonDNS :	Not blocked
OpenBLD :	Not blocked
DNS4EU :	Not blocked
Reporter:	Cryptolaemus1
Abuse complaint sent (?):	Yes (2020-08-17 23:20:05 UTC to abuse{at}dogado[dot]de)
Takedown time:	1 day, 5 hours, 29 minutes (down since 2020-08-19 04:49:09 UTC)
Tags:	doc emotet epoch2 heodo

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2020-08-18	REP_333760669.doc	doc	6e7bc5b464486368fc64b81be80628536390d77832adc42ae658a9ec6642f2b4	45.90%	Heodo
2020-08-18	DOC_BYNCI7J5G.doc	doc	6132d38c562ce3fd2f815bb85f961fe7be3153f058d6b86f366c69a51f65bbf8	42.37%	Heodo
2020-08-18	INV_39750137.doc	doc	471800c07ff4f9683a7c7608227076df2dc2f4c484156617e374e766466333a8	37.93%	Heodo
2020-08-18	FILE_PO_08192020EX.doc	doc	6cbbdaa0e24876ae422d284449759d09a5bba350158e7e489ae806620bebb00b	40.00%	Heodo
2020-08-18	SZP_IPP_080120_WBZ_081820.doc	doc	460a8e4f639b96c10e0094ce3aceeb1f60278284a1d7b27e3b16fd4b76744636	40.98%	Heodo
2020-08-18	16ETLUS.doc	doc	90d6be7c4d0d2a965dc5da2c72eaf35f6ab2795db8b4ae3939c32a16d3726157	38.98%	Heodo
2020-08-18	06129275.doc	doc	1d236e06e4ac4c01b585f0f0a091e405aacf17ff62ecd1f84cbad48aed92fb04	21.67%	Heodo
2020-08-18	GESY_NPHO1JDK03S9WT.doc	doc	92674d8d935ca49cbe4489ad9f6b55bb98697e74750d26bc138edd3c70f214b4	20.00%	Heodo
2020-08-18	X_D6PEDHDVGYTXZW.doc	doc	7976a8188a5d793cdbb85eae76d2bf5dcd550789634815969fd953edefd06bee	n/a	Heodo
2020-08-18	REP_OJG_080120_YSZ_081820.doc	doc	8265ec213eaa6d222c57d0befde6281f1e53f7cbbc3e23df4b0b151921316acc	45.00%	Heodo
2020-08-18	DOC_04868958.doc	doc	dccb23d76041147736f6f324b3ab4b5bf23db414b1b9aaef5b12da4033ef7f91	41.67%	Heodo
2020-08-18	FILE_MUJ_080120_ZBS_081820.doc	doc	27c375a8f3878f06b0f95f14705dbf8400f42c0208bdbffc432c9fe9be231b7a	n/a	Heodo
2020-08-18	S_29641528.doc	doc	4b2c463c130aa9358e9853fd7af4e476c3f9721168623f6befc47050979d936e	42.37%	Heodo
2020-08-18	63852423.doc	doc	5b6530e4d580725b37bd1d03eeb44c472d0529b1422b830bebdc62bf8b6d0c83	n/a	Heodo
2020-08-18	INV_80044878039297446255972.doc	doc	5fd9d575a13678e66d43f02aa919121a34f26ff8ef42fd2b43a475f1e96a0188	40.98%	Heodo
2020-08-18	94762273.doc	doc	a9f2dfb969ec4a5c09edfdcf49a041eed112c8ef64c36610131b1ef17118292a	41.67%	Heodo
2020-08-17	FILE_58621920.doc	doc	98c343c9a6bc0e1498638cbceb56365d8a033eb3443f2856a872d5a3253d5040	41.67%	Heodo
2020-08-17	CHV_080120_PFU_081820.doc	doc	6cfd3bc71ff38c615ec9c2b54e9f7b2a878e5b34918ef26526b8d2695f04ba6e	42.62%	Heodo
2020-08-17	REP_O7M8DM2S0X69YK9.doc	doc	8c3afbfc78b8936d04e1372b507046990c8f3a3d4dff80f59669660aa77fffa2	41.38%	Heodo