URLhaus Database

You are currently viewing the URLhaus database entry for http://kbgh.com.tr/wp-admin/browse/19035816662/hfw0yg46q-50421/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry



Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:443971
URL: http://kbgh.com.tr/wp-admin/browse/19035816662/hfw0yg46q-50421/
URL Status:Offline
Host: kbgh.com.tr
Date added:2020-08-25 21:42:53 UTC
Last online:2020-09-03 16:XX:XX UTC
Threat:Malware download Malware download
URLhaus blocklist:Not blocked
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Not blocked
AdGuard :Not blocked
Cloudflare :Not blocked
dns0.eu :Not blocked
ProtonDNS :Not blocked
OpenBLD :Not blocked
DNS4EU :Blocked
Reporter: Cryptolaemus1
Abuse complaint sent (?): Yes (2020-08-25 21:44:18 UTC to satis{at}webarisi[dot]com)
Takedown time:8 days, 19 hours, 6 minutes Bad (down since 2020-09-03 16:50:18 UTC)
Tags:doc emotet link epoch3 heodo link

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2020-08-29invoice.docdoc 5df4f10d255d1733e9450ecf67d166c73f6f29bb36efe88d6093a31d31ce0ad4Virustotal results 45.45%Heodo
2020-08-28006783197.docdoc c08b319679134b6593206d0734af11191b0d97725e592bb054b7b3301e6134f0Virustotal results 31.67%Heodo
2020-08-28form.docdoc 1af25f1feab8bab24a7f9f4531268d94b21a132eb001a1474213e7f92378cef5Virustotal results 28.81%Heodo
2020-08-28Electronic form.docdoc 0bd6fc0b137ab4dbba7bfe081efa83190edcfcd01b5d6e6e48f675dd6062e750Virustotal results 29.31%Heodo
2020-08-28August invoice.docdoc b89e478d217b03e8c0042bab248bd9431243f6fbe54c13d26d77b63b93c0c99cVirustotal results 28.81%Heodo
2020-08-28invoice.docdoc a3362e761d974e8981b22e4dabaff2644ff37fc68078a02d397a89a5c931e5c3Virustotal results 27.59%Heodo
2020-08-2800957369.docdoc 7c71cf265cc466bd5ebf00f951075806e8fa53e88af0e8c4f33a3cede8cd48e8Virustotal results 26.32%Heodo
2020-08-28Inv_1118.docdoc 81cadd314f1bf342797da22c3d89200bc29b25a928bd3a8241d2864d3a6d4771Virustotal results 27.59%Heodo
2020-08-28Copy invoice #34318.docdoc 427fa32e1296a2edfcab458af02c46f7ef53c82d98e29ab7161e5d8f8443b932Virustotal results 44.64%Heodo
2020-08-28Electronic form.docdoc 8e0a43dba192a9953d51771fbb1935e32f67fe8ec37566325e406fecd46c36a6Virustotal results 45.61%Heodo
2020-08-28EHS-080120 DFBS-082820.docdoc 17040e536cb711011ddfe95c5302469d68db8f57e368902fa164633d4104c7e3Virustotal results 43.10%Heodo
2020-08-280095346.docdoc 36745635813a270265d3e77f10090ceff5e939ae61f65aee431d9e14d555b808Virustotal results 36.21%Heodo
2020-08-28NQ5195566266AO.docdoc 9401d8e81e54ac8c32e0d24ab51898ef9858a626cc2c75aeec9ecae380ed8be0Virustotal results 36.21%Heodo
2020-08-28Invoice 068788.docdoc 67484a298833085645e58633dac097e76989a91be839c3c28d3e7253c04a37dfVirustotal results 36.21%Heodo
2020-08-28invoice #6731.docdoc 9fd6f0a503fcfc4d47a3035cf5d80d452de33354006ebcd57d5d74f2e2e8d1d3Virustotal results 35.59%Heodo
2020-08-28Copy invoice #352263.docdoc a4dffd6b5fa7d2449f47b1b478c27992a8065e03d8547d95b9a59fa01b3de4beVirustotal results 34.48%Heodo
2020-08-28Inv. 00873646371.docdoc ce9412446d25e1e902e8c557028566d248d0e81cac7ad062815c00d0e65b57e1Virustotal results 36.21%Heodo
2020-08-28Invoice #203641100.docdoc 164917e33b2936b9448295bc0d2fe08b57ca88d611553f6a966e29ae1a53931aVirustotal results 35.09%Heodo
2020-08-280696138777WY.docdoc fe67dad19921f5aa8094f795c7d533572b3d6d386e1d3b9d1490738b2150e066Virustotal results 37.29%Heodo
2020-08-28Electronic form.docdoc 56385c138dcd6e1f59be2fadd0cb3e78305d5a8b74de904c00ca85d68aa84809Virustotal results 31.03%Heodo
2020-08-28invoice #244384.docdoc d724b42dbe531b743ecc86f604d37b0396ab677632a71ab24ab9e48442910033Virustotal results 31.03%Heodo
2020-08-28RM0096 invoicing.docdoc c5a9757906c65f2a2961bd352aa8d42181b2b26e9cf2b82e01d6e824d94bc00aVirustotal results 31.03%Heodo
2020-08-28invoice #41746.docdoc b3ce8d4d08b4d88a3ce6b2ffacd98d9fe59ee8913a83d0085b1ead247c470d52Virustotal results 31.03%Heodo
2020-08-28Copy invoice #392570.docdoc 84590a0e6742080514a791bb605325337880bca28cdede5d2388b57f36090472Virustotal results 29.31%Heodo
2020-08-28Payment status.docdoc feea99f37ed4cd0be78bb323cc0cf23b559b13c7d08f0a7949e4b87009ac670eVirustotal results 30.51%Heodo
2020-08-28Invoice 0042741.docdoc 14f78c4665f0617cf2929eb0e1b3b0c73b1f525830325f61c853db816aceb1ffVirustotal results 31.58%Heodo
2020-08-28Payment status.docdoc 9586e5334637e7ac41a3b05d4f234fcf0aff6b0038fc9c39f52c3930aa3bb3d2Virustotal results 30.51%Heodo
2020-08-28invoices 11431 & 84158.docdoc 9de0d253eabbe24e3bff7deea232a7e4ce2dc5d6122df90755128f26b890d052Virustotal results 31.03%Heodo
2020-08-28Invoice.docdoc 7e0d6fc8bc7a69d5e27e2130c83b434512af52a5337145098c2426f62abf97eeVirustotal results 33.33%Heodo
2020-08-27August Invoice.docdoc b1f8d82d19d6020ac3606afc8e0699ddde66a03ce07d5d7f6b6bc45a238084f2Virustotal results 35.09%Heodo
2020-08-27Invoice #1897347.docdoc 3a48186fd67a52b2f309fcced0839ea45cba5fbf452b314c4df59df59307497cVirustotal results 32.76%Heodo
2020-08-27INV_7766.docdoc 907ddcc7b2dd5151f379c7897b9de25bfcf3e3f5a8a58043b3339a540ee5ab76Virustotal results 32.20%Heodo
2020-08-27PO# 08282020.docdoc 5de6521f5d824f69adb9f590faf1c2de46ce1c7eddfdb394d79c725ddcc7cfc7Virustotal results 32.20%Heodo
2020-08-27Copy invoice #9864.docdoc d7c4c7378b94661a714fe656b5ec74214db2780401d214fb0faa2d6d7b627199Virustotal results 32.76%Heodo
2020-08-2709837981.docdoc 249258e389c57dae809f34520051324f678dda2c946e37189377ac5ee3a7c8f2Virustotal results 32.76%Heodo
2020-08-2780830.docdoc c87ff4601214eab29d1318e621dac4a0ae69e9f3ec301f4126b4dfff0a947572Virustotal results 32.20%Heodo
2020-08-27OJ-080120 LJBY-082720.docdoc 5bf845e70cde6a5112d1aec081e98995bc8494ce31682762bad07ec7c92a2889n/aHeodo
2020-08-27Electronic form.docdoc 1c3592ba34594ef1a243ca3fa4b97bd82f77705ae385481aeb68a81c09000e4bVirustotal results 32.20%Heodo
2020-08-27invoice #888282.docdoc be05ff271ea7042c2e01c9daa7f63ee9dd190864d23716b22f83561e1cb4ae3bVirustotal results 32.76%Heodo
2020-08-27INV #4718379 FOR PO #06569783465.docdoc c2c840c18a5cd6eb5a60c30afe7695b1068bd8ebf0e5fbd5c6a166f9c15767c4Virustotal results 35.00%Heodo
2020-08-27Inv. 00294458.docdoc 4937cc73de49621e9aa80b708e54d4ec3f117364b6581fde176b5e9ec68c7ee2Virustotal results 33.93%Heodo
2020-08-27August invoice.docdoc 375ea97b5a868339346165e67d7123b21cad13c06daeee619601a8ddb959229bVirustotal results 33.90%Heodo
2020-08-27Invoice.docdoc eabd205d0597750c6a3f5465e5e597bc6dc1628bdc539cae4cf2dc9cd206cd80Virustotal results 34.55%Heodo
2020-08-27INV_8948.docdoc 6c08a03c8d6eef6f9a917dbecc7d93d721545f0df5d5d17f49c166cd47f5ed5fVirustotal results 35.09%Heodo
2020-08-27invoices 441 & 79314.docdoc f6866fba1f3cb519c3d389fee797323ab587fb2e78e4cf0970dffcc3b83d7451Virustotal results 34.48%Heodo
2020-08-27Form.docdoc 5d6f892d3a27c0036838a9ed0851de7ab16016a83452253649b704a2d3dc65f1n/aHeodo
2020-08-276393281641AX.docdoc 39e0b7d58c5ea9fb42853be5f6059664a73351d4088f5cf904059cb5c0d5792dVirustotal results 34.48%Heodo
2020-08-27Invoice.docdoc a95e7a4e8ac930ca689c3f465c32f29386269c855a3ba16dbc98b3f891c5a67aVirustotal results 34.48%Heodo
2020-08-27August invoice.docdoc 422c28a8d08d3736fccb20c1a996e20903483145eac48e288d2e141696bcc6e2Virustotal results 35.09%Heodo
2020-08-27invoice #097390.docdoc fab374f46956e29ca0d06129bbe6a124f8455d5d89eb4ce6ff54e9307309b1e7Virustotal results 35.09%Heodo
2020-08-27Invoice.docdoc 0387e25cf9878a9132a5405913b0553f514a5ace1da62cd43434d33b7f32e227n/aHeodo
2020-08-27Electronic form.docdoc b13caa92cd6f010bb841c25d79b05a62032f43c8865547930ea1f70517d15876Virustotal results 33.33%Heodo
2020-08-27D-080120 TRLF-082720.docdoc 77af4b1434a91855bf67d47b551fe759817002db6a435e8c5e561635300a6c11Virustotal results 35.71%Heodo
2020-08-27INV_71006.docdoc 1dc605f92983247bd4cacb9a3bfd0654b1adb33f1c49003d7419af9b11576090Virustotal results 33.90%Heodo
2020-08-27Payment.docdoc 6dc1fb576692231c12eaedeb19d6f481586673ad6666e1bfddebd6e0a8a3a748Virustotal results 30.51%Heodo
2020-08-27Form.docdoc 262880b400d99283c606eac7c8f305097817ae5c81aca9961970efb5176cd961n/aHeodo
2020-08-27Form.docdoc 8969e1e9e29920ba44157da474d4851706f1f63a58b7cd36a87845beaea2af9aVirustotal results 29.31%Heodo
2020-08-27invoice.docdoc da824fbeb1aca76e08e78a0e568930de8ef2c71147fcdc20943bf61f59e8a477Virustotal results 29.31%Heodo
2020-08-27Form.docdoc c48f047235aef5e47fa8fdbe08dc7b9c9bf5625f22e2e5c48bd9cf09dbe31d27Virustotal results 31.58%Heodo
2020-08-27Invoice 0075438.docdoc 02db21d12dc0b5d4da95ae253092f640997129f192be9c9bf0ca6132f5cd7e2en/aHeodo
2020-08-27DZH-080120 GEZU-082720.docdoc 1653613e54e13601c4799c80c854d900b5b794b6f042130935272db8d6d1e2dfn/aHeodo
2020-08-27000748035094.docdoc 842b433e1fc26b5e7e972fb6ef675ef6997cc2b8cd9311fb2f330707cad0dc0aVirustotal results 28.33%Heodo
2020-08-27PO# 08272020.docdoc 1e01a8df8f521e0db311144288882290f51f66435f7ef11584a1d8c4166ec7aen/aHeodo
2020-08-27Invoice.docdoc 08531c896c900816e373957872ce7e55db50203fd681019719dca8fc27882b40Virustotal results 28.81%Heodo
2020-08-27Form - Aug 27, 2020.docdoc c741db44bb434a01cb739da0ba7df5ad5e396e7a3a5afcf79c11d071a5339b4bVirustotal results 43.10%Heodo
2020-08-27002628696.docdoc 11f958d598c4e1b0b0978b6e9d9ea6f5e1a8fa34f1af035d657f13b04bb128beVirustotal results 43.10%Heodo
2020-08-27NX00685 invoicing.docdoc 469ac8a418f2dbb4e433d022cc757fe2ddb270878b4c7ab13ebf4f8a316c30e6Virustotal results 41.38%Heodo
2020-08-27invoice.docdoc b87a064c66cdd9719e97ee49c21b6435c4f769164c1195b5d14cf15b9dc81a19Virustotal results 31.58%Heodo
2020-08-27Payment.docdoc e45a7277159aac8916096aa45b400cdd23c26f876fb6a1753d95e1119c352259Virustotal results 31.03%Heodo
2020-08-27Invoice #34833368.docdoc f92eeeee023f763c255c41615d314bdd95628f511d7650771f8bbe9ef73742b9Virustotal results 32.14%Heodo
2020-08-27Payment.docdoc a12169bfd5b2999a36e090c627578d1d8c9a00225ae68ec13361f8c61de5cee6Virustotal results 28.57%Heodo
2020-08-27August Invoice.docdoc 304a49dcfd2b0a2c4c084e8c35d44245d9f29d1ae2126f68a03ae2b7a7731735Virustotal results 28.81%Heodo
2020-08-26Payment status.docdoc 05e166751dd3453ceaf56dea17631afbb162327076b4a461fc050311da3886f8Virustotal results 25.86%Heodo
2020-08-26August invoice.docdoc 780a3556d90b9f661377e352986ee8776ad3196409ed4c112c6422014ca9edafVirustotal results 30.51%Heodo
2020-08-26Invoice.docdoc c40321521d2ea19112d0ec97e6d9e721a8aed19d9c699b794711afca783d4616Virustotal results 29.82%Heodo
2020-08-26Payment status.docdoc 41d52b654baf4fa0541dc3b212c9bf5ae77f6dfd1721729426ad85e7d8f518ffn/aHeodo
2020-08-26August invoice.docdoc 726851d13c68bded8ced4904841817ce37f6bde1a4921825deeba3fe687e78b9n/aHeodo
2020-08-26008608859.docdoc d5c549eee018841e8c99ea2b6fdb5d625863689a0758458bed6ce909cf5e3e28n/aHeodo
2020-08-26VD7544820329ZQ.docdoc b7af329aec141c57255b3f1340cee5b1cf445796407b8fb2207bb82ae01af63bVirustotal results 30.51%Heodo
2020-08-26form.docdoc 9a653574f4bd83527c76e05fd7359dd12bb635e6a2d13de3f147f72869f1286an/aHeodo
2020-08-26Invoice.docdoc 73af3e3d835d616a3f9e44aa68344f07c681f1f5e0e329fd0e08f2bb0ea02b97Virustotal results 29.31%Heodo
2020-08-260088568495.docdoc ad733b0b22098492dc204c3521f06985090a9736dba26bf1978751bf621aaef1n/aHeodo
2020-08-26Form.docdoc 326b6ffd982be761a292c6943c3fea0ba08b7daad27dc28f29351de6c58a77dbn/aHeodo
2020-08-26Invoice 00111682.docdoc 90706311f68ea29bbbcde95593221febb3c17d6a4dd687990ec5fbefa3b527aen/aHeodo
2020-08-26WI5115724534VR.docdoc 7b4347c2ddd660563142667857fe50faea6e8a1bd78a81dc2ab502e5b286cc44n/aHeodo
2020-08-26August invoice.docdoc 412e0e7ed9daa4e84104ddce01794a0fa488ec977a1da62f33e8ed57672c5593Virustotal results 27.59%Heodo
2020-08-26August invoice.docdoc e9017cc8b425ecc8518bb34458a30045dcd446e2ace97b4e0209d0ac3a13de53Virustotal results 32.76%Heodo
2020-08-26090585.docdoc 910eee0361a7b5135cea38da75ec98b71cecd2957a59b136c83baad0b2ed2861Virustotal results 31.58%Heodo
2020-08-26Invoice #56658.docdoc 391b29bbfeca47bf67b0fc05596c5c478efe548b39e530b8cb8d32b3f4ae6df9Virustotal results 31.58%Heodo
2020-08-26Invoice 097568.docdoc 13586126b01818c527e7eac512c8eafd4cf047bbd75e7b629b5e6fb6a407b500Virustotal results 31.03%Heodo
2020-08-26INV_57866.docdoc 30a43e3c1b38fe5a37ce0fcdcaee4cef05b4d6682e668d782131c7c54de0e292Virustotal results 31.03%Heodo
2020-08-26Invoice 0674556.docdoc 6e6592776210c618525c5b5caf06d29e8c25d2177b3f7dfd1a86deace9520dcdn/aHeodo
2020-08-26INV #09389 FOR PO #0002170570120.docdoc ad4c1465a9c3713992b6fd761417e5c47a9986ad08c70f4551ed239fc9376219Virustotal results 31.03%Heodo
2020-08-26MP068 invoicing.docdoc 02b772df112f40ad435b9b0abba31d1918394f14f5cadf7cce0b73a1fca06053n/aHeodo
2020-08-260281794.docdoc 47cb9994121868a7479827f4b10b672e63b89f64cab183c4b632c3bbca4370ceVirustotal results 31.03%Heodo
2020-08-26Form - Aug 26, 2020.docdoc e9f2cec35496ad75bdf4de5734aa4f4f7306f46a6c5dbd03329c65a706516c3bVirustotal results 30.51%Heodo
2020-08-26August invoice.docdoc d897abf4abbb70845e61775f409d37276cf220d2a1974fba7eafe0415e89ed2cn/aHeodo
2020-08-266530117364LR.docdoc f1e8c8ed894dab23c0dc79fea7ede95c07d0db4022fae65dd650a7884fc165f4n/aHeodo
2020-08-25INV_28998.docdoc d9837b1903f0cc74cedf8b2bc7a74da61ae878ce54cfd439816af5919b5e846fVirustotal results 31.03%Heodo
2020-08-25KYH-080120 ICLN-082620.docdoc 1c8b59a1af8cceeb16398384d9faa639a1b5b6f95580bb233c6f33d64f14168en/aHeodo
2020-08-25CT039 invoicing.docdoc a706a221025fb97d81b3865a7a6f78c8b2e98be47cdf04bb8d58adee50bfa85dn/aHeodo
2020-08-25U007 invoicing.docdoc c3cc0dfb5610c9471dbd5fb17ab32ac8717a152d218db675e89fe5929c91442cVirustotal results 31.03%Heodo
2020-08-25August invoice.docdoc 481687ed49cd8f8a3d87484048c7ef7ed5398b4bbfce5dc0d8afd8c86d0b67e1Virustotal results 42.37% Heodo
2020-08-25invoice #7084.docdoc c73a96ebb01532436afd674a4bc8da304b29b4635fa7184c948d734640d3add7Virustotal results 42.37% Heodo
2020-08-25D-080120 LYNL-082620.docdoc 5266fb5179fc40c9b032f6b38213aa59dbbe2df76ab0a3ebb44bfccbb2d0d997Virustotal results 43.10%Heodo