URLhaus Database

You are currently viewing the URLhaus database entry for http://airma.uz/tmp/public/98385653271438/ea5srb0d8ts7-0012564/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry



Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:438057
URL: http://airma.uz/tmp/public/98385653271438/ea5srb0d8ts7-0012564/
URL Status:Offline
Host: airma.uz
Date added:2020-08-21 08:54:34 UTC
Last online:2020-08-24 01:XX:XX UTC
Threat:Malware download Malware download
URLhaus blocklist:Not blocked
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Status unknown
AdGuard :Not blocked
Cloudflare :Not blocked
dns0.eu :Status unknown
ProtonDNS :Status unknown
OpenBLD :Not blocked
DNS4EU :Not blocked
Reporter: Cryptolaemus1
Abuse complaint sent (?): Yes (2020-08-21 08:56:03 UTC to ripe{at}uznet[dot]net)
Takedown time:2 days, 16 hours, 13 minutes Poor (down since 2020-08-24 01:09:53 UTC)
Tags:doc emotet link epoch3 heodo link

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2020-08-22INV_953814.docdoc d264878eae29d3da022f38e67a38560346ba42cbb6dbebbf0e6c852c666fb1acn/aHeodo
2020-08-22Inv_401406.docdoc 51bb6063711677f1823d4b10c0ae073a340c8392a7b233485d1e181fab2197fen/aHeodo
2020-08-22August Invoice.docdoc 564105a864ba17349c0c70d8c11883b4edaf7b9f653bc074d57ec92e33923d61Virustotal results 36.21%Heodo
2020-08-22Inv_5094.docdoc 5d343c4cc60ceae7c55758376842b90845f6d3dd1d7ab8fd2bed44ee745bf527Virustotal results 37.93%Heodo
2020-08-22Inv_92025.docdoc 90f17bd24601e8b3707503a6768ee606d3133da51a9d9e539bf906a83fcdda4bVirustotal results 37.29%Heodo
2020-08-22Inv. 81088542443.docdoc 27e2a7ad7764b75f11753d945f9b7b087f89fa4b8b9bc1198bf7992c7c85d1e8Virustotal results 37.29%Heodo
2020-08-21Inv. 53682.docdoc d09a4703239b8dd258d5174bc65647fa6b951cecfcb7c2f9c46a29a061a7a769Virustotal results 36.84%Heodo
2020-08-21Invoice #9683.docdoc 31ef2257cdb7b9006892fb9754673511beaf648f6c3a899b9bff3031310a9acfVirustotal results 37.50%Heodo
2020-08-21003819912068.docdoc cd51eb10684d011728e273a115ce4655403d5a5fb2d0ddf0d015e93aaba39852n/aHeodo
2020-08-21August invoice.docdoc 2d4370eba117c88617870ab941572195d2facde4eb4e1d768507d37840812da2Virustotal results 33.33%Heodo
2020-08-21Invoice 00168843.docdoc e5c9f8c0ccfa47835d30be512636ad1b0e40d75587d5a309f586b67796aae5cdVirustotal results 33.33%Heodo
2020-08-21Invoice #960654.docdoc df8d09457a129b57c4740b237ac226b0e0245d035dc20930563bab681e98e8c9n/aHeodo
2020-08-21Form.docdoc 43057d3c74a6fbe3be2660879e861ae3d0b2118866abb1e3fe8bc169c526d957n/aHeodo
2020-08-210096847.docdoc 214116ae52ad96af88fa41e0ea271fecb493e2afbc403bc3ca2c184ffd03d996Virustotal results 32.76%Heodo
2020-08-21Invoice 0032138.docdoc d594bcea91f0259160c0122a56ad8ec4a7896173295fb3b2c197781cb1bbfddcn/aHeodo
2020-08-21invoice #96277.docdoc 83e013279f45dc89d5efc3717634b746a611baee472756272e91e1673d8fc3efVirustotal results 32.14%Heodo
2020-08-21Inv_3132.docdoc b99da0701a16d0df2895790bf84db62ee0da6b42fa8ea0c2a5b103a131d98f13n/aHeodo
2020-08-21Invoice 0025780.docdoc 5ad1d00e81e5e6bbc93829790980fabae6eab63a8638ed9bc024a27d083ffb87n/aHeodo
2020-08-21Form - Aug 21, 2020.docdoc 43638c344ac4a446af722c229682fee9a8434923ce1cf6dd1a19bd2a0fc78c21Virustotal results 25.86%Heodo
2020-08-219081879369NS.docdoc dfb4a0445bee97a362ee8ea96a3cb6444bc3ef4b7c96beaa5edf0508e6343c56Virustotal results 25.42%Heodo
2020-08-21Form.docdoc 9c3f81236f7fcb19d6e1304ad6c89255461a66f783e372f62c8fc93fa4bfcd8eVirustotal results 25.86%Heodo
2020-08-21August invoice.docdoc fa793702b351ab1f22fa5ff1d20c7f6bf822bd6954f637389577767a163275bdVirustotal results 25.86%Heodo
2020-08-21invoices 7138 & 07779.docdoc cafc557261c0f9e0e43f24e43efbf14505b54d38271152c48e4a6dd3279769c7n/aHeodo
2020-08-21958860.docdoc 78a36b1f41b0c09c31d6bc4665036ff311e872b98404bb726312e26f0d559803Virustotal results 24.56%Heodo
2020-08-21071704151.docdoc c6c8fb9bb0d155bb4fe8b4b7904de586efbf5c79f49877313b380b848ad12da1Virustotal results 27.12%Heodo
2020-08-21Form - Aug 21, 2020.docdoc fa73c7c4709f00943c0995e1c8b64edce7bd0443e3a2fa1c4940c978d35fa794Virustotal results 23.33%Heodo
2020-08-21August Invoice.docdoc 2ce951fdd23668dc604d3edaaa4e54fa607e9bdf62e6d471a60ec5671ac4b9a3Virustotal results 22.81%Heodo
2020-08-21August Invoice.docdoc a99b807165ca13d9f9b50acacbb5c81c8e155e9347c5ff01cee84f4f19806a22Virustotal results 22.41%Heodo
2020-08-21Inv_9023.docdoc abedafc5e19de68937c53f7be30c1b392975062ba9a11d34a991ca703cd3c578n/aHeodo
2020-08-21964319.docdoc 3e4b8326cfd9bfaeb2956b955bf3644032eb675cfd32a6284f371b2d6f68a47bVirustotal results 22.81%Heodo
2020-08-21Form - Aug 21, 2020.docdoc 21d54929d53a038a86a56cb5069a4769a462b032d74d222eccef96a97e9d5a8dn/aHeodo
2020-08-21Form.docdoc eeee33ce9e2286f03410cca48f68b1eac155b167eb430f7cb01333cc359a4d4an/aHeodo
2020-08-21Payment status.docdoc ba4bb5f049cb59a1eb23f083cf22fe726a7d87f12e9b577f2eb52102b55496bcn/aHeodo
2020-08-21Inv. 00994900091.docdoc ebf536cc3ab147667e77823b5feaa2f72da1042d653ad11a26298800a7a86d77n/aHeodo
2020-08-21INV #007082 FOR PO #00360660668420.docdoc 4da5e980866878da930be670800361fd6b9b6ec73983dd60cdba9eb29bd09ab6Virustotal results 20.34%Heodo