URLhaus Database

You are currently viewing the URLhaus database entry for http://faceshield4all.org/wp-admin/sites/izsfkst/ogo2/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry



Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:621234
URL: http://faceshield4all.org/wp-admin/sites/izsfkst/ogo2/
URL Status:Offline
Host: faceshield4all.org
Date added:2020-09-29 06:23:33 UTC
Last online:2020-09-29 16:XX:XX UTC
Threat:Malware download Malware download
URLhaus blocklist:Not blocked
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Status unknown
AdGuard :Status unknown
Cloudflare :Not blocked
dns0.eu :Status unknown
ProtonDNS :Status unknown
OpenBLD :Not blocked
DNS4EU :Blocked
Reporter: Cryptolaemus1
Abuse complaint sent (?): Yes (2020-09-29 06:24:30 UTC to abuse-ripe{at}hosteur[dot]com)
Takedown time:10 hours, 25 minutes Good (down since 2020-09-29 16:49:51 UTC)
Tags:doc emotet link epoch2 heodo link

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2020-09-29BAL_382633580356114.docdoc 5577b05132ddcf2fef9772af4f137196e88f80ad743454f18de1a1f8d90f336dn/aHeodo
2020-09-29DOC_5586763418333202082.docdoc 15513b191f34ecc5434e13d6ff1294840e3ca161628edc0caa89e89f6988f357Virustotal results 33.87%Heodo
2020-09-29ZDN_090120_MVX_092920.docdoc cc633359c9ead5109a405c7198a5d2459585c688f6e42c72ed529e48012ecfc1Virustotal results 33.87%Heodo
2020-09-29DOC_YRP_090120_JMU_092920.docdoc 6bf81411d61f2c12f50659b67126239ab60ede0f3f94b12ca6a2082fe97f613dVirustotal results 33.87%Heodo
2020-09-2913281586.docdoc 61b3bffbe6f5f008409753927951f85f0dcd74b415a048381011c73d24e0d469n/aHeodo
2020-09-29PO_09292020EX.docdoc b36bdec74fb8bb17b9719193ef5c04e4696e6b2bb02ddd5900d90dd52f2dda90Virustotal results 29.03%Heodo
2020-09-29BAL_RZ4478212185RM.docdoc 15037611200ebebbccd4d90f8015bbf32a0bc6cad14c630aed696b5f2ab5f3f3n/aHeodo
2020-09-29DOC_TH5221477160YK.docdoc 5d7b41f08cf6e23731422e3268ed357cf8966a916216f88fb4fd7c1e058607d7Virustotal results 24.19%Heodo
2020-09-29ZDW_PO_09292020EX.docdoc 6e9852d3647c4e98ea816cd8a40aaad4dd2c5f2b2b1f23aadd3d237eee251750n/aHeodo
2020-09-29DOC_PO_09292020EX.docdoc eea701d39d78082b503779228c5870d61185b6173afe8df2779e26d8f2dea897n/aHeodo
2020-09-2948050561.docdoc fd01fa376c49cf1089464faa2e699d3ca1d88c79ecfb5e0c8bf39c275ce846d9n/aHeodo
2020-09-29WZ1478011028VS.docdoc 4389a40fe8a20d1e8eff4be2fef943890f835363717a6669ef1ff624b480700fn/aHeodo
2020-09-29WZ4197326413LP.docdoc 5a9429440120c00fee91c358503fb93cfbacaad10575df1ff79b08850327a61bn/aHeodo
2020-09-29DOC_420630201429494164601079.docdoc 7271aa3904833f602820d7f81d68bad3d6dc229daa28074d5be983ba6450b234Virustotal results 24.19%Heodo
2020-09-29REP_PO_09292020EX.docdoc 8463091366fd555af04f6e98903f8959e0735f49e6ca9bd462cabdda01e5ec9cVirustotal results 24.59%Heodo
2020-09-29DOC_ZQ6073876178OI.docdoc 9d68d6c0dbd8d2b75891facc554399f92ee472d009e367d4d94f7408303ba258Virustotal results 22.95%Heodo
2020-09-29TAZ_44144891.docdoc e14d5e952754ea4e70d6b4e7fa8492b977440f96102fd4b5962df2b34c5ec4a6n/aHeodo
2020-09-29JLX_090120_RXQ_092920.docdoc 512e86c0f2211d705a479616c64b67624b68d4ae0e713e7d8f4a03d62e9d021eVirustotal results 23.81%Heodo
2020-09-29DOC_V40KOV5Z0VBOD.docdoc 68a9ee794307f9d9834945084a0412835b4b80754f558094acd6f3b5d6cafee2Virustotal results 24.59%Heodo
2020-09-29FILE_436490637277.docdoc 9df925653c851406413f14b7476717e284adf2a52f3ade096f1180b4cae87031Virustotal results 24.59%Heodo
2020-09-29ZZ2997357695TA.docdoc f5013fbc3f4e685f68f19711624f55a63fc7ff5dfa0005f8c16803761c7d2788Virustotal results 22.95%Heodo
2020-09-29DOC_328006422069184984623448.docdoc c44638748bc8cb1ffa71bdf33c4168a31fe040d6d5dec68f28650b86a4b23c53n/aHeodo
2020-09-29BAL_CPA_090120_FME_092920.docdoc e2d5c58fe96c8c07e41d295cac04880d46d517456bbc99dee797b7d2d2c1541an/aHeodo
2020-09-29FILE_XDO_090120_MMG_092920.docdoc 4912920161a89e77767bb63e569fe20ad422dc4efb1d8f794fba70345f16be56n/aHeodo
2020-09-29REP_HN8786666137AZ.docdoc 3d8a783425d8282e9559a75a4f06d8c18791c61dfc931c9f54e50a92b5a5f285Virustotal results 45.76%Heodo
2020-09-2963467234.docdoc fe99636ff633a694b3154481012964211dd0d673f3035496a7b56890c7a66994Virustotal results 46.77%Heodo
2020-09-29INV_PO_09292020EX.docdoc 72cce742afb1793666134468897deb5f7fca3bffec97714f0fa758c704e5d974Virustotal results 47.54%Heodo
2020-09-29REP_FS8627848453NP.docdoc ddc1ecb18f1a135a6eb0a945ae16fb64993488cb32f8a23b9d0a01cf6524c6a7Virustotal results 46.77%Heodo
2020-09-2934509130.docdoc 16b6fb9ec33ddfbfe170b96abde09256746cdc4b02e531d5064454b62d4dc694Virustotal results 45.16%Heodo
2020-09-29REP_O3K82LSFC8HT.docdoc b2e71daf0ebe60a19e0b62852d7198b9e94b1d5cc89227fed97ae2054e7e3d71Virustotal results 45.16%Heodo
2020-09-29DR_SRV_090120_BJB_092920.docdoc f4ad95a20290c41dbfd7f5f6f7c7ba9b8112cf7de810f89d92476e31e6c42e9fn/aHeodo