URLhaus Database

You are currently viewing the URLhaus database entry for http://ngaytot.io/wp-admin/FILE/Wd3hOFIKcOC/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry



Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:538545
URL: http://ngaytot.io/wp-admin/FILE/Wd3hOFIKcOC/
URL Status:Offline
Host: ngaytot.io
Date added:2020-09-16 22:19:12 UTC
Last online:2020-09-17 13:XX:XX UTC
Threat:Malware download Malware download
URLhaus blocklist:Not blocked
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Status unknown
AdGuard :Not blocked
Cloudflare :Not blocked
dns0.eu :Status unknown
ProtonDNS :Status unknown
OpenBLD :Not blocked
DNS4EU :Not blocked
Reporter: Cryptolaemus1
Abuse complaint sent (?): Yes (2020-09-16 22:20:38 UTC to abuse{at}choopa[dot]com)
Takedown time:15 hours, 14 minutes Good (down since 2020-09-17 13:34:55 UTC)
Tags:doc emotet link epoch1 heodo link

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2020-09-17Rep 2020_09_17.docdoc 256097c163fdfce59d6851ce2e45d29d0f99c2130738e1f52334e447271e725bn/aHeodo
2020-09-17Untitled-20200917-WG17211.docdoc e594b89010a4ef5049c378cb6eb4f89c1eadd120f104914ba4f40c28a7855f42Virustotal results 30.00%Heodo
2020-09-17Dat 20200917 ZB400.docdoc 3bbf96c87172c96d0a2cd7ca4a4100475a30d0c6285e69faa75f4bae9c8e8812n/aHeodo
2020-09-17UNTITLED_Y253.docdoc 0920fd8f96f19fb4f53a54cd61f13f29309f2939c2eeabb115472120ea37b74bn/aHeodo
2020-09-17Attachments_693.docdoc 346122aa0bb0cc9b2ffb515619256083966701fbb3163ac710c7f58c5603aa41n/aHeodo
2020-09-17Attachments_20200917_XL363274.docdoc b8df8ad18c3d755eb12ee45b59cf06643c3edcf77b47e869780b3be3cb1ab4b5Virustotal results 32.20%Heodo
2020-09-17Rep_2020_09_17_T793902.docdoc bf1e46ccc39f65d4101bc88a766dce9727b82ace9dee3a3b07df4551d7163eeen/aHeodo
2020-09-17DAT 580.docdoc c84b948276f7376a42736d54f21d3cdc668594b092c20debc93ce218b665d53cn/aHeodo
2020-09-17INF_SH4486.docdoc 6d09eea8dd02d943fe8fc9d1255f296da69f9acf33336e42418cc0aefdc6add9Virustotal results 34.48%Heodo
2020-09-17Doc-20200917-410.docdoc a4add9f61d51ac8b0f5dc24126ffbe722c94e614b0208bf548c4fa01e4cf8443Virustotal results 34.48%Heodo
2020-09-17List-20200917-6656.docdoc 90977cee153334af0c84b8bfa29245fcc56734d5c0d84a6db5f3c51173e935c8n/aHeodo
2020-09-17Rep.docdoc 3966d9d96477ddc94ce2d851c33ca09879b4232eb0031908966017319bfdfa81Virustotal results 33.90%Heodo
2020-09-17Attachments.docdoc 496b9984d46488221b7d1e703c3e12ca2a8a516059fc2081ba346c248fccdfdbVirustotal results 34.48%Heodo
2020-09-1788625 516.docdoc 99fb69087e7ec8412dd7e10a107f9b2018b4032347c82c236ad902d8ecfe5c18Virustotal results 34.48%Heodo
2020-09-17FILE ANJ891.docdoc 75405bf807404078fd4d99e9804c1cda3ada4ebdbb98b343e557c91e784ff121n/aHeodo
2020-09-17Attachment S239301.docdoc 1a283e73180c2346d361c4a26658b11fe59e7d1afc66c02fae1b5cef9f09b927Virustotal results 34.48%Heodo
2020-09-17File_2020_09_17_40299.docdoc e5f61f2e10dd95da75f245a968167f7fb0bd604fbcdb13f2c5371cd8f8233f55Virustotal results 29.31%Heodo
2020-09-17Attachments-20200917-U859.docdoc 74fe501e81e742e5d60d7ea7c90dc998b1dad70218b9d7c30755315cd6de61f7n/aHeodo
2020-09-176241-2020_09_17-2164098.docdoc 3efda29907b74c348feb380198e81f82dfe13f13cf585d8738dc6a8d134ddafdVirustotal results 29.31%Heodo
2020-09-17Attachments 48557.docdoc f3a97b2f107aa960a24625da0ed89254de13d1ba7a9230ae31dd3d4560630d8fn/aHeodo
2020-09-17rep_9030377.docdoc c92c63a311dbbdd4c29e14f7aa265ed660b549cf2753dc393b840156674d513dn/aHeodo
2020-09-17List_ZIS813378.docdoc 5a468353a435f890761d3728d9d3a3f749ab60c3a84a4130d3350e7c11ce4562Virustotal results 30.51%Heodo
2020-09-17ICQ834-2020_09_17-2602719.docdoc 1f64a497472f131bd638d8d60f3ab298df3ae3cea56813b309b8f41d84f4a13fVirustotal results 37.29%Heodo
2020-09-17inf 2020_09_17 KLV88629.docdoc 0dbad315cddc667cb29f30d02de18c3d5ff0547e0814c5170510ba1a11766b7aVirustotal results 37.29%Heodo
2020-09-17Attachment WPI6620.docdoc a77e984be739cad27f7467d2e8110ce90b290a1ecdaf0025168e1087107a8e1aVirustotal results 36.67%Heodo
2020-09-17DAT-20200917-709774.docdoc 1f78ddc5ed3c3410d1dae6bbdf7801d065a07f11d652a3275d86939253a064c0n/aHeodo
2020-09-17Rep_20200917_2678.docdoc 530fccb7e7dd4a6fbb7cad9093452f103e951bcfb762d58889a98ce7a5bb785dVirustotal results 37.29%Heodo
2020-09-17file 1752907.docdoc f0494fce3a56912126414f7dff89c40e70344f1125843833c065022cd26f5d70Virustotal results 37.93%Heodo
2020-09-17file-20200917-IQJ345966.docdoc 40e2159469907d860ab2495b9e79a86bea6f7976fdee23dabcb7ba3e52e199b6Virustotal results 34.55% Heodo
2020-09-17874S-20200917-825842.docdoc b65fc0d82786a15ce9e6a028e521d79621c24ceae0da0ec61aeb703ed6921e94Virustotal results 33.90%Heodo
2020-09-17Mes 917004.docdoc 8c6e1f00958d647954074b2d7421fc87c704afab5e244d5d392fb68c2b779ca0Virustotal results 33.90%Heodo
2020-09-17UNTITLED-2020_09_17.docdoc 1888c0e8ca2680933a24093dd103357ec73394ff7b627ef3b2c9272817a6e829Virustotal results 31.67%Heodo
2020-09-17Mes-20200917-DQ193.docdoc 8276711c50ee244236dd639fa767cd234f01e188f32bbe46b1ab5933a2e7a85cVirustotal results 32.20%Heodo
2020-09-17mes.docdoc 6797510e7ad9b323d86f3040dd1e4b5a08969fa9a5b68c4cbb3ce02534a06415Virustotal results 32.76%Heodo
2020-09-17Untitled_2020_09_17_02039.docdoc 687981cc120b53bf16672e61aa62fe4151a7b790802eaab9f3839cd82612429bVirustotal results 30.00%Heodo
2020-09-17Dat_2020_09_17.docdoc 199401c497790c993de9b877216657ee4c03fdf8038ddcb5b66be9e4de7d080aVirustotal results 30.51%Heodo
2020-09-17UNTITLED_6119.docdoc 993a838f26d59bf881c1748f0543e93e7a0a2408a38b30dcfae78a826dad9609Virustotal results 30.51%Heodo
2020-09-17ARC 2020_09_17.docdoc e778b3db0521e8c8b9f7429eeaafee991bca2bca736c3a9330e0252dda698f66Virustotal results 30.51%Heodo
2020-09-17ARC 2020_09_17 44567.docdoc 5e0ab20f24e293d53eea6004bcdae7e97001bae4ca2c13f93f8d68196b6fc16cn/aHeodo
2020-09-17dat P844.docdoc 2af1ab2f6d90a659c195d1c00701bb985a6832bc342fa817f3b24c1e590dc9d0Virustotal results 29.31%Heodo
2020-09-1706524NHA YC771.docdoc 3538192f3f10da92ecaa87637e9f5a9614f36d3da3b52866d70bf314c7c7d26cn/aHeodo
2020-09-17dat-7183650.docdoc c5b888495a9bfa112794f936114fe7d3ab9bbbb1fa68b41d1d25a67f6372efb5Virustotal results 31.03%Heodo
2020-09-16INF-20200917-5245.docdoc e5d044da71b8df8b48034bf1959bc32cdb6f6b1667b13d7adf0b3a4535f0a0eeVirustotal results 28.33%Heodo
2020-09-16LIST_XH29948.docdoc f88f0a7229385f58dbacac46414edf48aa7a582c937572b4bd89f12e66f33874Virustotal results 26.67%Heodo
2020-09-16Inf-20200917.docdoc af2b9358b6b12eb46cb2ae27e6e4ed8574314b6cdabc512591c7e7bb5a034f17Virustotal results 27.12%Heodo
2020-09-16Rep 20200917 KI968.docdoc c560bd7cab130e548e905cd859fe196bd6e613280ceb83dd2cc348f9c6545c57Virustotal results 26.32%Heodo
2020-09-16D34496_2020_09_17_U3347.docdoc 4b206bbc9aadce4194d9a511bedb20dbc547f26488f25d42b6176d94b1381ab5Virustotal results 27.12%Heodo