URLhaus Database

You are currently viewing the URLhaus database entry for https://pronachfolge.de/cgi-bin/DOC/betuczi/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	453409
URL:	https://pronachfolge.de/cgi-bin/DOC/betuczi/
URL Status:	Offline
Host:	pronachfolge.de
Date added:	2020-09-04 16:20:34 UTC
Last online:	2020-09-04 21:XX:XX UTC
Threat:	Malware download
URLhaus blocklist:	Not blocked
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Not blocked
AdGuard :	Not blocked
Cloudflare :	Not blocked
dns0.eu :	Not blocked
ProtonDNS :	Not blocked
OpenBLD :	Not blocked
DNS4EU :	Blocked
Reporter:	spamhaus
Abuse complaint sent (?):	Yes (2020-09-04 16:22:02 UTC to abuse{at}strato[dot]de)
Takedown time:	5 hours, 27 minutes (down since 2020-09-04 21:49:10 UTC)
Tags:	doc emotet epoch2 heodo

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2020-09-04	41109000.doc	doc	9df56ae8ddffb8a16cfef1e76f744993733a0b9cb954656d374c5f02536a24aa	n/a	Heodo
2020-09-04	O_7073220416530716160.doc	doc	a7680798d59287fd95857a80ad4476ee4e1a98ed04c97a6afcfa5f523ab1eccc	36.67%	Heodo
2020-09-04	W_NC4463613638UY.doc	doc	a2dab076b70c70fc0f7397b689b8f7a756a6379c65f8ea5a327ddcce4e2f9249	38.33%	Heodo
2020-09-04	REP_PO_09042020EX.doc	doc	b71d3ce293b081d491b3ba9de486a93bba7064927ffb7ca4578925f18f319785	36.07%	Heodo
2020-09-04	QEGX_KJG25DAVGYJOW.doc	doc	25dd5ad245a3a2eac82fb0ad2ec67b0baa6c67e01d69e776fafb50eb35f26831	36.67%	Heodo
2020-09-04	INV_4265337351064360211867.doc	doc	f98f795fddf813239d65da8d2be42a02b8b4d30184644744c49f017106f66fe9	37.29%	Heodo
2020-09-04	DOC_28368063448284542958.doc	doc	f6176c22c0dedb27565ce220ac7b9815469179392bb92fbe785be55cd43400ce	36.67%	Heodo
2020-09-04	INV_DN9910317335MR.doc	doc	07389e60fd9ae8ed3322e4d0d71325e58d8beabc1b3a0e18bbcfc7984505e598	36.67%	Heodo
2020-09-04	FILE_FMM_090120_QZL_090420.doc	doc	f620c586dfdb89cf767ff4c3141fba1c805a020c930f90abdc2858d99e71ee3f	37.29%	Heodo
2020-09-04	VVUC_UJO86XZCD4.doc	doc	be7359d5f34e145487cc45d11a463a8826b0aabbf7a8da0bcd9b4498bd6d3974	32.20%	Heodo
2020-09-04	FILE_162759339528029358.doc	doc	5dd7cb7722d8fbc0dd1e2c9e3faa7f7c0839734b00d04ee5b4fb1a6c09ab77d5	33.90%	Heodo
2020-09-04	FILE_EF2172974738IQ.doc	doc	f2bcc6d8340a374e5ab78dc34f0ee3466bf303f6f77532bf94033595f3fff21b	n/a	Heodo
2020-09-04	DOC_0XCXP9DJXIVFH.doc	doc	8e57b65aa7cd3ca879219c76cafd4a747337352074fab3ebce5e8e22e33f2303	n/a	Heodo
2020-09-04	O_ZR3393471129ZC.doc	doc	edba780892af9b4115a69bc5a8672c4b09324ecad01675f92a1c8fd4812e8395	n/a	Heodo
2020-09-04	INV_1CTPO43GC063Z.doc	doc	cfe4b358946c9eef325f5aa66f80f7db38ac84fbd985117f1bbf039bba8a3d9f	33.33%	Heodo
2020-09-04	E_39615036.doc	doc	f265c11e67bd9353ca8c6d02ba6c752387a993a73e75006a6b28857634c8b7cb	n/a	Heodo
2020-09-04	BAL_BMQ_090120_YZV_090420.doc	doc	e518aef76084cd1d89c2f34eb4960ee623c0f2f87dd31121f0f4f70c376753f3	n/a	Heodo
2020-09-04	001376252.doc	doc	91efffdc36b849d11fed8900519a1ad1033ca1caa5e80a9388f1a7ff3bbe4ee3	33.33%	Heodo
2020-09-04	RD9690176450RY.doc	doc	49ceacd943fae43b7a507e471b1ba55a74ca7d8f40e98306807ba3c5df38ff93	33.90%	Heodo
2020-09-04	BS_PO_09042020EX.doc	doc	a227569c5807e9c5cd458bd007b476f167c46ff6544302690f81d5f50bd39566	33.33%	Heodo
2020-09-04	PWO_090120_CZY_090420.doc	doc	f19b7c3502d8e70e4a41fc4676cf0ba7a1de47cc19b1e961be4ceb8511119637	56.14%	Heodo