URLhaus Database

You are currently viewing the URLhaus database entry for http://rootsroundup.com/css/01nm7mp63570371544082601n5alrgfpnk1lbq/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry



Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:548869
URL: http://rootsroundup.com/css/01nm7mp63570371544082601n5alrgfpnk1lbq/
URL Status:Offline
Host: rootsroundup.com
Date added:2020-09-17 22:23:34 UTC
Last online:2020-09-18 12:XX:XX UTC
Threat:Malware download Malware download
URLhaus blocklist:Not blocked
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Not blocked
AdGuard :Not blocked
Cloudflare :Not blocked
dns0.eu :Not blocked
ProtonDNS :Not blocked
OpenBLD :Not blocked
DNS4EU :Not blocked
Reporter: Cryptolaemus1
Abuse complaint sent (?): Yes (2020-09-17 22:24:03 UTC to abuse{at}idig[dot]net)
Takedown time:14 hours, 5 minutes Good (down since 2020-09-18 12:29:04 UTC)
Tags:doc emotet link epoch2 heodo link

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2020-09-184355458940.docdoc 885ba911f2fab2ea7d6a53c5aec264deaa52c235fe4496ab635dd56d4964b816n/aHeodo
2020-09-18FILE_75449061076341942386.docdoc 2121c5bc91b394da5845d8effc92948979f57c4bf252ffd09451fda76e1c273bn/aHeodo
2020-09-18PO_09182020EX.docdoc b58b532ed578092ac8a863ccb0eca5ca78a76c32aaa672f253524fdad31ca12cVirustotal results 20.34%Heodo
2020-09-18E_RLP_090120_JVD_091820.docdoc e2aa96c2ea0b7006d5694ffeb59a7f8e5e10c69a67546cdce25d765398b73a1dVirustotal results 17.24%Heodo
2020-09-18UJ6397236840IP.docdoc 83676faad35894bb04262d898f1279995a52ca4f91f343223e0403b6c915311eVirustotal results 49.15% Heodo
2020-09-18FILE_1TDAJDD.docdoc 1783b7210fc11d49c254e9d01607f32e9124044eebc736c34bf7d3fe06d7c0b0Virustotal results 49.15%Heodo
2020-09-18DOC_SEA_090120_ZIV_091820.docdoc 81098064cd4ad8fdf1ccf43093703418fee8dffb9970aa44e9f9be469df9a310n/aHeodo
2020-09-18BAL_45665888.docdoc fcba92929cd27ca2bdb803c58ca49fdd35fc6f3b2781278d45dd62e1e46f8742n/aHeodo
2020-09-18INV_MQ5389574312GI.docdoc 8f5dd0f7d3c0f356a4a2cd39351f11b5be1e32ff16162229fff6548dc8ada245n/aHeodo
2020-09-18K_PO_09182020EX.docdoc 58061f1266dff582938c173bf8f0d73a71593d7d31e79899973ab5eab0d0596bn/aHeodo
2020-09-18NH61YS3.docdoc 72a840be472b024fe4cd2e80a56e9a80988be7d4f16fa5df74eed66262615262n/aHeodo
2020-09-1856183669.docdoc eaf897448ba42c47e03919da87640483febb9e38c0f457471d5b91d0bd6b99e7Virustotal results 46.55%Heodo
2020-09-18REP_59948884.docdoc 1121962d0a0d52780b13618c7cdcc2916ea8ffdcccb17ae0e54e0b9f8799c5ean/aHeodo
2020-09-18NVJ_55368155.docdoc 018f912e134b424700bb01c6a3b3b30d8337eefec291cf518e31c8c4eda6f3f1n/aHeodo
2020-09-18R_02908446.docdoc 7a087796ba52981da1f8e06f79b5bd1bdebeb961afe1f01af7864edfe071712eVirustotal results 42.37%Heodo
2020-09-18DG2292178066RJ.docdoc 6e7c00de38741f3be4716a2fb65e495fb306a6a7ff86de27893f5c3e83cab5b5Virustotal results 42.37%Heodo
2020-09-18INV_PO_09182020EX.docdoc 3c04b25b3db13173771d70f4aa9fd25006b34fc0c02f707f2dbd8f9b15938720n/aHeodo
2020-09-18YF6292770430YD.docdoc bf8ba8f948673c3556726edb8ae210bb81ee962e4c6a15cfd27e3901396960a4n/aHeodo
2020-09-18FCJ_XB2991016415IQ.docdoc 07610dc0b3d7c1c61c9b30505f85c5cb407258560a13dd183500c1693dec0dadn/aHeodo
2020-09-18FILE_OHV_090120_RUX_091820.docdoc bb86997dfeeb53c0434119028526baad7180e7705c9f111b56b3b0e56e37ae60Virustotal results 35.59%Heodo
2020-09-18FIW_090120_QBN_091820.docdoc fd659c59f931854b96e0428e622a370da964253713c66c1b28343011322629daVirustotal results 36.21%Heodo
2020-09-18Y_FG3912274409XB.docdoc 0201f9b5765c77f097c4e2c4c55dfb1bc9c99f104bb07af3dcdc6d62731d99c2n/aHeodo
2020-09-18FILE_9319068417118120507.docdoc 230fa7a324c31b742bc3e78cd724d571d7a462ba188b8e6dfc9f7060cb24fbc6n/aHeodo
2020-09-18REP_55142621.docdoc 344be8e47a1c334ca0f6e8d6383c509d62ca9004f050e5a368e064e87e2e947fn/aHeodo
2020-09-18BAL_24216886.docdoc 6098ea8b508e01b7b777f7e9ae9b62e69f4e95a1bf8342c4d7ad98e5559d70d1Virustotal results 33.90%Heodo
2020-09-181146555777707661508595055.docdoc 043a2eea0e970c626f6ff1aa5ec43ffd5974bb5192e55c0595ca6b3ef0404fd7Virustotal results 34.48%Heodo
2020-09-18DOC_31051800050023999801.docdoc c63f6783c00a837e235c2c2405fccfe135bf4358704dad7525b4660588e6ed3aVirustotal results 36.21%Heodo
2020-09-173IRPFA96.docdoc 0606ba599bf7a4fca591dc6e4c5b29805cb37284a37a2cefd0f5237a52ce46acn/aHeodo
2020-09-17INV_PO_09182020EX.docdoc edee77f468412b29903ec095de648b2214e471174deffc438b41cb18fed1058bn/aHeodo
2020-09-17INV_PO_09182020EX.docdoc ebce78b8c9a54b4d497ed1c424eb689cd0959596daf9f6748a46b65aa84b91dan/aHeodo
2020-09-17FILE_64509221.docdoc 11cfbdf8ce4f99c93816a1ed7ff7410d051b0cc978efc9ff9fa824db596374e5n/aHeodo