URLhaus Database

You are currently viewing the URLhaus database entry for https://kreckel-gebaeudetechnik.de/wp-admin/http://paclm/TosiYxTjVon8fKBHzOeV/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	496437
URL:	https://kreckel-gebaeudetechnik.de/wp-admin/http://paclm/TosiYxTjVon8fKBHzOeV/
URL Status:	Offline
Host:	kreckel-gebaeudetechnik.de
Date added:	2020-09-14 13:48:03 UTC
Last online:	2020-09-18 10:XX:XX UTC
Threat:	Malware download
URLhaus blocklist:	Not blocked
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Not blocked
AdGuard :	Not blocked
Cloudflare :	Not blocked
dns0.eu :	Not blocked
ProtonDNS :	Not blocked
OpenBLD :	Not blocked
DNS4EU :	Blocked
Reporter:	spamhaus
Abuse complaint sent (?):	Yes (2020-09-14 13:50:04 UTC to abuse{at}alfahosting[dot]de)
Takedown time:	3 days, 20 hours, 42 minutes (down since 2020-09-18 10:32:37 UTC)
Tags:	doc emotet epoch1 heodo

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2020-09-14	mes_HO656223.doc	doc	8014f6ab3e277e6346b2e49fae79962948c0b264e7000be259601b0b715b3e15	25.42%	Heodo
2020-09-14	Attachments-00647.doc	doc	5171e0e602e27c4122239e9c7833c603beebb69bea148c5d29341990af469f55	n/a	Heodo
2020-09-14	MES-4455.doc	doc	04c3ce2f282ed4ed9c831c5caff0edc29324dbd2eb39817fc6ed53683c5e0933	n/a	Heodo
2020-09-14	Attachment 20200914 XAN6835.doc	doc	af97130a26e7f04986307f790831a98329191a9c9464682173a96dc1506af3c0	n/a	Heodo
2020-09-14	File.doc	doc	707c1063c30249706f5b47d56c8d6b057f13c1ba249b6fb0a9e86fced1ccc340	n/a	Heodo
2020-09-14	DAT-2020_09_14.doc	doc	1b861fc89bf8e49013023f4458519f13803bfabb2b4eff3e63cb209f31406192	n/a	Heodo
2020-09-14	Mes 20200914 HOT700835.doc	doc	63ab439cb5788c279996c35d7e41341081f97dadb4b255653cb11194a9368465	20.34%	Heodo
2020-09-14	doc_122.doc	doc	c0d7a02d33e12631b692222d46bf3ea21a3a4e6c0964e5508bdb25148af88689	20.34%	Worm.Ramnit
2020-09-14	Dat-B67416.doc	doc	83467069c2ec2cbe80e57095585d63441d9ebb7ade6e634ebc31eab616f5580e	n/a	Heodo
2020-09-14	6259KU 2020_09_14 9637.doc	doc	30dd2df0674e842f8a3bfd8880f538175f2f42045d66060984f720b865acd353	20.34%	Heodo
2020-09-14	Rep_Q41963.doc	doc	63b43136ec0bf182f4b07471caca8638ca1fc5697c472b6ec14bd98cca7f83d2	20.34%	Heodo
2020-09-14	mes_20200914_6082.doc	doc	ed2623cbc3ddc280a2d77c1be9f87c90240c7ea5c9a4e9c6dcfa66b3194d1e1c	20.34%	Heodo
2020-09-14	arc 2020_09_14.doc	doc	922d0848bdeb45de8993cf7663e729ccc87c4b6f7c93ece47472e9cd8cce416a	n/a	Heodo
2020-09-14	mes 20200914 J94555.doc	doc	0cf52559a9a78a8c8be555f2bee5c45e2366e7de21f1864cd8b9ea50e0afac76	21.15%	Heodo
2020-09-14	UNTITLED_DNJ476.doc	doc	d79cae016737b238ca078cfa9e76a3e45c70f69f4a9db41d42e9af7d15872892	18.03%	Heodo
2020-09-14	7353KN 20200914 7767955.doc	doc	3c58efa8a1ff50a1c91b091da3d10d88c300e014f0685c2d003132d3aa4b4fed	n/a	Heodo
2020-09-14	0724591 810.doc	doc	b7c1d330ae0704a55e88453febc87487493166e74f41e8858126b915c055ed5c	n/a	Heodo
2020-09-14	arc-2020_09_14.doc	doc	baaec5d00f7f89c68159655fef4d04a1aec9f20f1e49dcbdaa26c1e1ae9e185d	21.67%	Heodo