URLhaus Database

You are currently viewing the URLhaus database entry for http://hero-niroosadra.ir/wp-admin/docs/zemflpm2i/an1818217722536cda07dud95/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	444398
URL:	http://hero-niroosadra.ir/wp-admin/docs/zemflpm2i/an1818217722536cda07dud95/
URL Status:	Offline
Host:	hero-niroosadra.ir
Date added:	2020-08-26 12:58:03 UTC
Last online:	2020-09-18 09:XX:XX UTC
Threat:	Malware download
URLhaus blocklist:	Not blocked
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Status unknown
AdGuard :	Not blocked
Cloudflare :	Not blocked
dns0.eu :	Status unknown
ProtonDNS :	Status unknown
OpenBLD :	Not blocked
DNS4EU :	Not blocked
Reporter:	spamhaus
Abuse complaint sent (?):	Yes (2020-08-26 13:00:05 UTC to abuse{at}netmihan[dot]com)
Takedown time:	22 days, 20 hours, 13 minutes (down since 2020-09-18 09:13:33 UTC)
Tags:	doc emotet epoch2 heodo

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2020-09-05	INV_Z4VNV891.doc	doc	f33044fc348cd18b856fb0ec93c0fee8622189e6c1a3bb7297c9730b2004616c	n/a	Heodo
2020-08-28	INV_Z4VNV891.doc	doc	3ddf3600b1feb4c4e8a3ae126b798a2e61ff41794ff84e9f28d87080811c4899	31.03%	Heodo
2020-08-28	L_DV6332567969OU.doc	doc	d1511a600b9d22d7d714df89c667ab913ccfe116fad6aa3759320416e83f6e23	28.81%	Heodo
2020-08-28	INV_010966489190.doc	doc	a4117099377670eba3962f275ddd4d5588e792f7bbb92134f206d72bdc6968e6	29.82%	Heodo
2020-08-28	2ZP194CI2HYM4WU.doc	doc	1183c3e3ce698e995f25ecf45a98cebceea253ff0caab2bbef1eb4c4c178eda6	28.81%	Heodo
2020-08-28	AKN_080120_WLB_082820.doc	doc	897badf4396e30453715e24d47447d219f4fd288e60ae52935136278138dedca	28.81%	Heodo
2020-08-28	FILE_FOG_080120_LRY_082820.doc	doc	f35f09ee31dc9ba4c3d871882fadeeb10ed716f5a87be56e6129b111b6e5e34a	48.33%	Heodo
2020-08-28	KEI_080120_GKD_082820.doc	doc	83bd77af9348dcaab22627b6da43c1397e4f30e6e34db85498fd5ac87190a341	45.76%	Heodo
2020-08-28	BAL_7CMB7QNS9PAZY7M.doc	doc	77ad3c40bc0967f1848893236a278bd997369b4203652af056b735d8378c6079	32.76%	Heodo
2020-08-27	485969743539728111.doc	doc	8af87576d720df41fd511b0b3ad755aa048e80c9202fe1b1814bb17053a550cc	32.76%	Heodo
2020-08-27	XHB_TD6317724863HQ.doc	doc	a6a437a4d50881bf70e6ad3696bfd9cba38f06647aaeae5ecb221e68145759ee	33.93%	Heodo
2020-08-27	BAL_42816307.doc	doc	35da2a043122e43ce1a120246b4e1087eeb78de3d7ba0ef7cf2f33b0a7f470db	32.76%	Heodo
2020-08-27	U_71501626.doc	doc	a86cc60b85cf0dc5ce206c99179a486a81d96cad5afc105540f46e946e233aec	n/a	Heodo
2020-08-27	EKZQ_81921408.doc	doc	74ce7c1487742580d604a0e07317d772272965e55be0033732fb44ed733d178d	32.76%	Heodo
2020-08-27	WIC_635I71VDWCHUQK1I.doc	doc	3a13bb9f65644d87b9e28eda53834cecc03be1ff8f059b9cefa61e5570ff76c1	32.76%	Heodo
2020-08-27	INV_2W2I4D9JY0DTQ8L.doc	doc	88272a0a9f91640e16316607609f6943039742a1474f7f81c8711114ecfff227	31.58%	Heodo
2020-08-27	INV_MEK_080120_NOB_082720.doc	doc	0b2a7a41ca14a8e7a64742388cc6f78e3816c332553c8707976f4b4c9ece4d1e	32.20%	Heodo
2020-08-27	95087514276086.doc	doc	a943fcb717ffc0c4a656e231f7fc21bcfc04099db295369eb1b66b86493e9b7d	32.20%	Heodo
2020-08-27	PO_08272020EX.doc	doc	40183421d20c7dc59f165e796a0fd33f45d4564a62b0ab4e6f2759f824283268	32.76%	Heodo
2020-08-27	REP_579729260727.doc	doc	c6081344c883e627f79612b8bcaf44b55befbbb92800f6a709696a3749180534	n/a	Heodo
2020-08-27	SZCI_SPS_080120_UCS_082720.doc	doc	bb699717744f27bea319547bf28c60bf7f8f2e77ba8b4af89e00f5b6aaa09f5b	32.76%	Heodo
2020-08-27	PYB_UUI_080120_DEL_082720.doc	doc	72a047a55409445c1767467b0e67391b0fbdb99be5b2e6a5457df52c7e2ef398	41.38%	Heodo
2020-08-27	A_88977784.doc	doc	6dbec06bb68d12a098c69b60e637339f4ca5104299c2f7896eda3613bcf420f6	29.31%	Heodo
2020-08-27	79409924.doc	doc	2136cb67c60f9d08a5305401c1c4a33d58bf58038a9ce7d125d6ecf71e73655d	n/a	Heodo
2020-08-27	YM2552378610BN.doc	doc	1f7ed0ccd130a0b63ad568b735ad629f439919389015594a0a8c62b9f7e2460f	28.81%	Heodo
2020-08-27	DOC_PO_08272020EX.doc	doc	0b996a31427775476402581dd429db57db41e3a98ed148776a2ba8f0b6cc1a75	n/a	Heodo
2020-08-27	DOC_94183730.doc	doc	8b1e85e899250ae238664c29df61c908610d31299f75ab0da17ab24d8e89725e	29.31%	Heodo
2020-08-27	DOC_2409392211267189576.doc	doc	9da0bc4accb834cc8113bd486eab319aebee0865f6d09ceeb8517bd26c46fb68	29.31%	Heodo
2020-08-27	DOC_08965979.doc	doc	63d5f79e05174cba8a5d193204e864185ebee87d45bb3c6e3dc4739ebd947d70	29.82%	Heodo
2020-08-27	INV_8198142076549672598.doc	doc	9d2134a692b839f211eac6c767d4d2bd34c403cf29d221579e8d146f338b95bd	29.82%	Heodo
2020-08-27	PO_08272020EX.doc	doc	dca5bf3ec81849f15a96ff016d862539ecab9711026c0dad8dfb63e8fcd6f256	28.07%	Heodo
2020-08-26	DOC_PO_08262020EX.doc	doc	ed89cc17ed8978fba123c35b81ab3492672011b981288e57cc7d4f35ba874908	27.59%	Heodo