URLhaus Database

You are currently viewing the URLhaus database entry for http://naturelfarma.com/wp-admin/bB/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry



Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:436761
URL: http://naturelfarma.com/wp-admin/bB/
URL Status:Offline
Host: naturelfarma.com
Date added:2020-08-19 18:01:13 UTC
Last online:2020-08-20 08:XX:XX UTC
Threat:Malware download Malware download
URLhaus blocklist:Not blocked
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Not blocked
AdGuard :Not blocked
Cloudflare :Not blocked
dns0.eu :Not blocked
ProtonDNS :Not blocked
OpenBLD :Not blocked
DNS4EU :Blocked
Reporter: Cryptolaemus1
Abuse complaint sent (?): Yes (2020-08-19 18:02:02 UTC to abuse{at}hetzner[dot]de)
Takedown time:14 hours, 32 minutes Good (down since 2020-08-20 08:34:14 UTC)
Tags:doc emotet link epoch3 heodo link

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2020-08-20532051534.docdoc 5636cd51c28170e8a684da99be292a5a523e7ded2895dbf028c3d95959844c52n/aHeodo
2020-08-20Payment.docdoc 65d358d5c25eda27078f168b3fd190c5250bfdf1b58bceb28681f2535de96423Virustotal results 41.67%Heodo
2020-08-20VMO-080120 TIMW-082020.docdoc 35cdbc32f50870b20e2cd551f4805152d7ff4c9a9977739de4036d9fe76a6e0cVirustotal results 40.00%Heodo
2020-08-20form.docdoc b462b6985f21115db5a18167bd1701f4a2599116fe237a0156cc2cce93e96edbVirustotal results 40.68%Heodo
2020-08-20Invoice #888455.docdoc 1ded2d7cc228ed55fcd64164252d2a2da11cf10ad774d7315bcccd449336ae72n/aHeodo
2020-08-20Electronic form.docdoc 65888689126472383a73d6085058a25ef793eee01025368fa775fceb4d8b0f0cVirustotal results 40.00%Heodo
2020-08-20Form - Aug 20, 2020.docdoc 6d2b21d6252c4659acfd6b04ba63540c373507ab3df7cf2d209a7eb70c693654Virustotal results 40.00%Heodo
2020-08-20Inv. 084057.docdoc f1a7f5de80b5f75e5e52318197ab69af5a862ec92c7d2c27680503abc81e989cVirustotal results 40.00%Heodo
2020-08-20Invoice #722.docdoc 252905fc07b8d4de77b22dd1c68bba23716cb7bfbf56bae15a624f59b7e69c70Virustotal results 38.33%Heodo
2020-08-20NKS-080120 NPPG-082020.docdoc a0601dc3c3afeb7471b9fe739ce24e0b476d100c3f2ee756df211888184f67f0Virustotal results 36.67%Heodo
2020-08-20O9932292083UP.docdoc e10d9e51f37cac947f9dac20f25fe6c9cdbc9a27072d1f54575087d0d63179fbVirustotal results 38.33%Heodo
2020-08-20form.docdoc 3873789add951f7faaee58644422e134440be2903271725124cff640acd0ad4dn/aHeodo
2020-08-20Invoice 0067514.docdoc 416a4f17b5bc066941020cd43640276363268db7cb067a8cc7f1d27c3cb3cdb2n/aHeodo
2020-08-20PO# 08202020.docdoc e682a69872fb0b634f43db4b338b6981756adb908a65b72a5096719a8e32ff89Virustotal results 38.60%Heodo
2020-08-20INV #12089 FOR PO #0607155562.docdoc 2cceef317fac265bf56fc5819196f6a58b95574e8085a889f61ed9cd5c6c387bn/aHeodo
2020-08-20invoice #3243.docdoc 741eedc40d043df1d8abba1e18fdeab3d276fd970087ad3b980243aba3c4878fn/aHeodo
2020-08-20Electronic form.docdoc 04a14a477cf1d1d2e5a426b932542d931d6264a101a10da26141be2752db8a72Virustotal results 38.33%Heodo
2020-08-20047840.docdoc e138a2d8f76c4e6fea232fce64cf92aaa0e8ad25dc803478feb65bf7e4c0f1abVirustotal results 35.59%Heodo
2020-08-19invoice #58430.docdoc 8fef0fa03aec63f50c5f6c1b055fc5c7c90f092a2b4549ef022e6696d49c9bb7Virustotal results 35.00% Heodo
2020-08-194202694812RV.docdoc a91ca25ee6629da31d5ed352b923e1bea33384d268d8ea57dae1c5bd9a84c6a4Virustotal results 32.08%Heodo
2020-08-19Payment.docdoc 2fc56ee5347ed1b4ccad0bc19cb9e09bac40d9fb5bc0accb8bab80a2eb7d86bdVirustotal results 28.33%Heodo
2020-08-19Invoice.docdoc 00dc8f4dbf138ff2622714c0e902f76f4c7aad0f80d9b5951f570ffba07b06a3Virustotal results 25.42%Heodo
2020-08-19Electronic form.docdoc 31b89b2bd0b5277af07bcc1e4cadaee342521cc07fa2db8b29f362cff5e440f5Virustotal results 26.67%Heodo
2020-08-19invoices 141 & 07540.docdoc 06b2a8cb056a7631ab18afce3025ea71d4ec75b5f96b33b89fd561f448e79a24Virustotal results 26.67%Heodo
2020-08-19Payment.docdoc c6ba91f71d6bc297c2e22dff614dea1beeac08da4c5542c6f39965f56a1652ban/aHeodo
2020-08-19Inv_2742.docdoc 3f264f86c32db58fb77b92f83cd9c55e90ce8506c3acb23643f7f822963c8d87Virustotal results 26.67%Heodo
2020-08-19invoice.docdoc 1d7c159e33def581945c754f2c428b759d067183638935b4197577049daca27fVirustotal results 26.67%Heodo
2020-08-19Inv_1394.docdoc fe6df9e2fcfce73089b965934808ae4997a27be93a4f7deea34ca99e0f8b2a1aVirustotal results 26.67% Heodo
2020-08-19Form.docdoc 6595041667bd34f9b121a499c5484cbfe94a7f40727e8f414d580dd0b3dcc132Virustotal results 26.67%Heodo
2020-08-19Copy invoice #0488.docdoc 9c4ad6afe20cf5ec9f5ef847b33041852fcf6ed32ab7c7c3d479101605763c84Virustotal results 27.12%Heodo
2020-08-19INV_103761.docdoc a549ded3d409be938da9e0c2edc8533ecf31481dd2762e2c1a966e364bb686ebVirustotal results 26.67%Heodo
2020-08-19V2463893315XT.docdoc 065f7e2a583cd42a8b5daa64f2d1f35a8c67e65f5a5a5e8b0d7300a0882fbd71Virustotal results 26.67%Heodo
2020-08-19J9176521167HC.docdoc c97fb558bf548cd54d04cce66ec8ee42d76d5a2f085d4731309145cb6f8f598bVirustotal results 26.67%Heodo
2020-08-19090823.docdoc f31fa30ff617de311b5d96af69598b8ff711c495f94050572f7526409fb52748Virustotal results 26.67%Heodo
2020-08-190143225.docdoc 2e90754abe78b3b317f20e21562019648115eb6322e9a9d49845f4351a3432c7n/a Heodo
2020-08-19Invoice 08070942.docdoc 5be435a1e0f024b46ac482841e2934df38ce00228c68caa2544d8aeac2406f14Virustotal results 27.12%Heodo
2020-08-19005637246953.docdoc 21b4e69dd6ce2db6b9f57b9faa482d30dc031bddf6f13b2d7969221d37d4dfa9n/aHeodo