URLhaus Database

You are currently viewing the URLhaus database entry for http://defengvip.xyz/wp-admin/eTrac/em670qbdilv/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry



Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:536548
URL: http://defengvip.xyz/wp-admin/eTrac/em670qbdilv/
URL Status:Offline
Host: defengvip.xyz
Date added:2020-09-16 19:51:44 UTC
Last online:2020-09-17 00:XX:XX UTC
Threat:Malware download Malware download
URLhaus blocklist:Not blocked
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Status unknown
AdGuard :Not blocked
Cloudflare :Not blocked
dns0.eu :Status unknown
ProtonDNS :Status unknown
OpenBLD :Not blocked
DNS4EU :Blocked
Reporter: spamhaus
Abuse complaint sent (?): Yes (2020-09-16 19:52:03 UTC to abuse{at}petaexpress[dot]com)
Takedown time:4 hours, 20 minutes Good (down since 2020-09-17 00:12:50 UTC)
Tags:doc emotet link epoch2 heodo link

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2020-09-16BAL_6VOMVYMK.docdoc fcb293cfa69d4cbbc6afa71ad0a6456746863f91a54c2af300ca91c088f9c2f4Virustotal results 25.42%Heodo
2020-09-16INV_LR9874673097CJ.docdoc fd4fb3464a7f787ee4d5b1795fe7b4d8ffde4a1683fc6620602fb78ba52f52a9Virustotal results 26.32% Heodo
2020-09-16BAL_BG5186914355GD.docdoc d1df096853342d0030f71b7be3c608ee35fd1c81bce971a45e00b001a7d85d3bVirustotal results 25.00%Heodo
2020-09-16W_RN03GQQH.docdoc ca5204766a181d5961896a0f4c506ed00718fad078c3a951d9343e52ad7f16d4Virustotal results 25.86%Heodo
2020-09-16CR_15148628580345606581.docdoc f8be1cb32fdc9776f4b599f4b99eb0315d3fccebbdc850498b96f6a65fe9e02cVirustotal results 27.12%Heodo
2020-09-16DOC_DTQ_090120_KTZ_091720.docdoc 528a62bc2a5bb42529a57abc0367b0a612ebe84f846906aa5a6737e759d6ae84Virustotal results 25.42%Heodo
2020-09-16INV_5Q70P0X0.docdoc 4fc07945a17ff1e3422b0c95992fa2750006aeb21b1e886f0c2876d4ef69a14bn/aHeodo
2020-09-160321636205861593802374.docdoc 85ecc831aac84128028e315d8229777d99b91e6adba5a437b18e0f2a3c34e76eVirustotal results 25.86%Heodo
2020-09-16BH8IXZKY2BU.docdoc 98b7ab7a1185220c44567c8e6562c858a1aa47058efd0113421a2f4d7fa63231Virustotal results 26.32%Heodo
2020-09-16REP_WXT_090120_EMY_091720.docdoc d30169f108ec72fbaf16bb8726e798602988e1c42a7b3020b0ef0ad0572f9625n/aHeodo
2020-09-16J_0GZ3HR9U8.docdoc c0418ebecc711ff38d29eb29f832c78c462b0c3f55201223702aac43a15f8e1dVirustotal results 25.42%Heodo
2020-09-16EJH_090120_JYC_091620.docdoc f656f7fc2ac175767aea79393803f493b18211403a390c2daf9c5dae720e26e3n/aHeodo
2020-09-16DOC_53855221.docdoc e7631c5a69f76fea0835835a14a8e885f2f3b0c0dec2d577278e70d3776eb0a5Virustotal results 25.86% Heodo
2020-09-16INV_87350523981085234.docdoc c95b5dca5208b5d4dea488991b6cae5bc1d6e7686af278285ea7e77a3b71cd03n/aHeodo