URLhaus Database

You are currently viewing the URLhaus database entry for http://379code.com/rec_site/04aqunw6uaqgo/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry



Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:729968
URL: http://379code.com/rec_site/04aqunw6uaqgo/
URL Status:Offline
Host: 379code.com
Date added:2020-10-21 15:50:07 UTC
Last online:2021-02-18 02:XX:XX UTC
Threat:Malware download Malware download
URLhaus blocklist:Not blocked
Spamhaus DBL :Not blocked
SURBL :Blocked
Quad9 :Not blocked
AdGuard :Not blocked
Cloudflare :Not blocked
dns0.eu :Not blocked
ProtonDNS :Not blocked
OpenBLD :Not blocked
DNS4EU :Blocked
Reporter: Cryptolaemus1
Abuse complaint sent (?): Yes (2020-10-21 15:50:22 UTC to ipas{at}cnnic[dot]cn)
Takedown time:3 months, 29 days, 10 hours, 25 minutes Bad (down since 2021-02-18 02:15:30 UTC)
Tags:doc emotet link epoch2 heodo link

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2021-02-05BAL_Q3P3GQACGSQYPR.docdoc 49a5b8f516808aa12d1e55a18613d0adef3ba80ce79eb9f3acb12933e51ce83en/a Heodo
2021-02-01BAL_Q3P3GQACGSQYPR.docdoc 9ca0610f8fc776c98df70665e8ea9fa9ba2e7f9d07e0c8016db2638678e09794n/a Heodo
2021-01-31BAL_Q3P3GQACGSQYPR.docdoc 0b7562ad420db158ce272c91dfac8ba5757122d2d23e1cd16c95479a69c0ececn/a 
2021-01-30BAL_Q3P3GQACGSQYPR.docdoc 9fa9d72b76ab70d742c33aa7082dd9bf4245a14b4ddb44f43c15037d62af42d4n/a 
2021-01-20BAL_Q3P3GQACGSQYPR.docdoc 5c2c359240e96526d71cfc636b257d5745d10a0fe4c1492ae4d1848f94d21952n/a Heodo
2021-01-17BAL_Q3P3GQACGSQYPR.docdoc 3d23dce4d69ea09a05a05d47d97594e953b429e262898190bb883e909502bc95n/a Heodo
2021-01-12BAL_Q3P3GQACGSQYPR.docdoc 3e92a45905afcc41fafb143e5dc47748fe55c54d2b64ad5d6a2d66abf2d738c7n/a Heodo
2021-01-10BAL_Q3P3GQACGSQYPR.docdoc dc56e7a843736c6fad996616b0d439b0020b9aa5518322f32ad00d8b136d3673n/a Heodo
2021-01-09BAL_Q3P3GQACGSQYPR.docdoc 23d45b2d9ec49685ea70e5e6dbbc9fbf246c12d6a0367096c3eff51c818599a7n/a Heodo
2021-01-09BAL_Q3P3GQACGSQYPR.docdoc bc7183df3ff8d031f4a06cb6f4df342b98c184d3acc4788442d5d0975854a2a9n/a Heodo
2021-01-09BAL_Q3P3GQACGSQYPR.docdoc d871509e3c6f5953a77754f5859a9d23b4b1b8de5a26e7116a8f1264abdf86ecn/a Heodo
2020-10-22BAL_Q3P3GQACGSQYPR.docdoc 81212e2cfa49f33852afa0465e2c4c9fd4a245340e8847009dd5d40bbb0f6751Virustotal results 45.00%Heodo
2020-10-22DOC_50077110.docdoc d846ca5a520f26f0d6c01d2033a9ad5f5a23deb72df286bc23fa92e4aeadeefcVirustotal results 45.90%Heodo
2020-10-22SN7764043644BV.docdoc 7eaf0df9dd2a33ee958384a9472366f58f1c0a204360efea6a7f8b0d298560d0Virustotal results 45.00%Heodo
2020-10-22INV_BL5365093119XZ.docdoc c41bcade49f3e2413b5d95ce09c2ecf30c21b43ab6b306206b9b737f1cd10450Virustotal results 44.23%Heodo
2020-10-22REP_42495499.docdoc 6bc2d7d48d9f0085333ac13895043ae58da0bf60848ae38c3733a470ab313643Virustotal results 45.90%Heodo
2020-10-22FILE_A411OMTKM1DIV.docdoc e1ae8430f64735e0c767276e1e57632257e7aa36f38cd6515b43e92bcd95dbd4Virustotal results 44.26%Heodo
2020-10-22INV_SFXRJLRS.docdoc a0ac35ec0ee3a97f79ecb953f29c1dca13fa5661a5df78ba82012b16c5b291d4Virustotal results 47.17%Heodo
2020-10-22F_LRQ_100120_YQI_102220.docdoc b77d0f1db9365317aa34125ce7ef0a68615d90082791c7d921d7e5173bed6d8cVirustotal results 42.62%Heodo
2020-10-22IMQ_100120_TDS_102220.docdoc 6bd0661c70220213e5161537b5d9a940d39a35ce628077f45d1a7423a3fb8bb7Virustotal results 45.16%Heodo
2020-10-22DOC_4701433699560.docdoc b6055d889e7ac86545888a5da746c4c231ead0afc40a036c3927188e99d7ae9aVirustotal results 43.33%Heodo
2020-10-22YPNXLVCE.docdoc 72260fddfa04793a225f545c6e2e63e49eae09375ed3a8a64a5fd3164804be5en/aHeodo
2020-10-22INV_GII_100120_FDG_102220.docdoc 2ffe544b9a9857e4b910eff4ebf6183e41f7bc8996a68c68f49c4c576745d561Virustotal results 45.16%Heodo
2020-10-22INV_23197217.docdoc f39d13c26959e06eb9aa04ec31a8822178439aa7347af0f06173b5a6217c5102n/aHeodo
2020-10-22REP_JK7433711067ME.docdoc bcaad78fdd62ee09e4609f883847cdbf5a41ccf0e537736277771c3f59eb810bVirustotal results 43.55%Heodo
2020-10-22REP_TGE_100120_EJZ_102220.docdoc e01b2dd423d602c30905f88e9c829c72498492b0ebc8c6625f81b78ad77dcaa6Virustotal results 43.55%Heodo
2020-10-220791913326643958.docdoc 79eac1acb26ebc7de50c343fc40ea055096be22d66ee6769c4180cff5a20468fVirustotal results 51.67%Heodo
2020-10-2228890813.docdoc bad9235b37efab34f7e6cf91e6a80803fdcf8903e2c61d0d6c1f5f9d773da112Virustotal results 48.08%Heodo
2020-10-22DOC_PO_10222020EX.docdoc 56126f16e90d28b3bc7e4a1460c71bd6ffb7763f79d17ecc274e8c6988c8531aVirustotal results 47.17%Heodo
2020-10-22FX2178655605XT.docdoc fc01225e954f0f4adcca14dbfe1849fd7b5e81afae3a9589177409e2e2c2e972Virustotal results 46.15%Heodo
2020-10-2206441441.docdoc 5216126689ce29d0ead65c0774e9b395ade4b5c2ce71e69d464f3a603a22bdb4Virustotal results 50.00%Heodo
2020-10-22REP_TJ1296050070YN.docdoc 486ec0b6be1825886bf09579218543b12ad5ee75da313f4aefe0f9ad0b027f89Virustotal results 48.00%Heodo
2020-10-22RVLR_752258358288294239956678.docdoc bfcf012480833949d47a52c43762fccfd26a1785b134d1da9a84a2f91bca0778Virustotal results 49.02%Heodo
2020-10-22PO_10222020EX.docdoc a7b558ea557788c16a9c93a7aa0cac42b96b2fe92e02c26f4c5d17c1b1da0291Virustotal results 44.83%Heodo
2020-10-22INV_PO_10222020EX.docdoc 29747a11e9ffbd0668f9b880137f1051a27677c4f3bf0a17ead5299fb5857946Virustotal results 46.15%Heodo
2020-10-22BAL_9984555554.docdoc e755a943026d933b3c65c01bcec32fe70deb9880bcb9f436289a3ce00e15a435Virustotal results 46.67%Heodo
2020-10-22BAL_LR17CWU0.docdoc 43bb166a848af96dd6944ca6c4c98a6bd872ec7e00fd4f4f271410401264e7c7Virustotal results 45.16%Heodo
2020-10-220121816783863816223207.docdoc 2ea760060d8e71ffce91d15fe31085ec999ed299d9d13e35dcd0544f8d361b59Virustotal results 43.55%Heodo
2020-10-22PFEA4QQ30I6J.docdoc dd44fd55293b9113d93ec32356861c6813ad6c23d399625147eb4ad930d71f24Virustotal results 43.33%Heodo
2020-10-22JTO_100120_IXK_102220.docdoc c772e92b4aa5c7e34108bb1b418cc47bf1561c6ea5944d194eff1af7cefbe4e2Virustotal results 43.10%Heodo
2020-10-21CX5166303970RB.docdoc 0ff220d90538db68f12796da43439ff4b8cfa6fe238bf19c8da81c8463f2c4ebVirustotal results 40.00%Heodo
2020-10-21REP_XGA9Z79091F52.docdoc 890535144da2084ee8e9431e6521be9719100cc5bec7679a4d7bdce3763a692cVirustotal results 41.51%Heodo
2020-10-21RTWE_PO_10212020EX.docdoc 140f99b8c86ce2cbf27556e78284f685e2cd53ff2e50838f444b115a6a04920bn/aHeodo
2020-10-2134990051.docdoc 33e33d42123328ea3e0a1826ed952a84ba6a0972e21c71d6f9b607b1d1fef8c5n/aHeodo
2020-10-21REP_89579385325586407120.docdoc 0a5d824ca0ad50ddefe5b2ec81f933ffdbcdbe615da5a32ae460f4ae70a85be5Virustotal results 42.31%Heodo
2020-10-21I_RGS_100120_TEU_102120.docdoc c918e4496eda71d4934774f5bed0f956d1810ac516f9460cfe22f4abeddf2af9Virustotal results 30.65%Heodo
2020-10-21DOC_658151228063830246122.docdoc 202d0af84b5b68cf2a54ce8f9afa3befc8f994b934e380cbc1dab9dfdbd11bccVirustotal results 30.65%Heodo
2020-10-21FILE_QYG_100120_RDP_102120.docdoc 8a2b904ad14790b5a69146c0f573dc2da8adc472159bba2aed0afdfe0a550d5fVirustotal results 27.42%Heodo
2020-10-21DOC_BA6JEH0F8VMUFAKF.docdoc 531d1d064f737970146db0b913689fea7de8eaa7553297f5a3691ca633da5380n/aHeodo
2020-10-21INV_PO_10212020EX.docdoc f63607511cb25a712c35a3841650f25d68980730edc650fd4bb1d1e9df48d05eVirustotal results 21.31%Heodo