URLhaus Database

You are currently viewing the URLhaus database entry for http://kelbrad.co.zw/wp-admin/ad74f9bKiWC2LZ331QzpirfrOAmV/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	757050
URL:	http://kelbrad.co.zw/wp-admin/ad74f9bKiWC2LZ331QzpirfrOAmV/
URL Status:	Offline
Host:	kelbrad.co.zw
Date added:	2020-10-27 16:14:10 UTC
Last online:	2020-10-29 07:XX:XX UTC
Threat:	Malware download
URLhaus blocklist:	Not blocked
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Not blocked
AdGuard :	Not blocked
Cloudflare :	Not blocked
dns0.eu :	Not blocked
ProtonDNS :	Not blocked
OpenBLD :	Not blocked
DNS4EU :	Blocked
Reporter:	Cryptolaemus1
Abuse complaint sent (?):	Yes (2020-10-27 16:16:20 UTC to abuse{at}godaddy[dot]com)
Takedown time:	1 day, 15 hours, 40 minutes (down since 2020-10-29 07:57:17 UTC)
Tags:	doc emotet epoch2 heodo

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2020-10-29	ARC_IWU_100120_GUW_102920.doc	doc	f98cdce14c9b9c64ea8402566c9db1499eb129104bd476c96c503f1a81a858f5	38.71%	Heodo
2020-10-27	Doc_PO_10282020EX.doc	doc	786139fdf387d3068d18ba7eb1f55806ca956cd8834e1bbc350196ede6433fdd	18.64%	Heodo
2020-10-27	Rep_JA0930215990DR.doc	doc	444561d4fffc7ef6089bcd8ff849a9688f26c828917dc6f29ebc13ef1a813568	n/a	Heodo
2020-10-27	Attachment_PO_10282020EX.doc	doc	d6a6701bc63354fa0f34492bdbe6c22bfee5f624d5714b329a8795508ff5b6e4	n/a	Heodo
2020-10-27	14817321087089800938.doc	doc	5880198ab029293ab55069d91c84173b25be8fc09339e6bfa684a3d69072d4be	n/a	Heodo
2020-10-27	Rep_PZH_100120_WCH_102820.doc	doc	19b2ef8602e3efffbd8cde11a0a67d41ccecaa61b565625a2fc3648e48842ac5	n/a	Heodo
2020-10-27	Attachment_DLL_100120_KIX_102720.doc	doc	12e68ae11d4760770f0cbbbff076d4433df71d8674e10d3875994fc1d749b1d6	n/a	Heodo
2020-10-27	rep_99208402.doc	doc	affba7e7949c06840bb7887c8373003434c8755505fd274c8274210b5c8a2961	n/a	Heodo
2020-10-27	rep_BTL_100120_KPS_102720.doc	doc	cb505678e0c2debe5c5b4647af5940e08ffbb2d7a1c73de09136d64560cc0696	n/a	Heodo
2020-10-27	ARC_VDJ_100120_JLD_102720.doc	doc	446d4c75f38265697474a1d1b7a26b664e97e2115b1a754df6fa956e98ecceac	n/a	Heodo
2020-10-27	Dat_FR7247595185PL.doc	doc	6f468d656d3c2f72a6daa3ca15a626683934bdfe57d65187f19aacec5e0f38f1	n/a	Heodo
2020-10-27	doc_29326632.doc	doc	755114dfd81340951d25507db37f9a1b272113a63182ebe3b595977db5d41ced	n/a	Heodo
2020-10-27	27583688.doc	doc	53dfce57e9c5c4d1fa5dbfde99dffd5cccf677f96b297a5a517d86f93cc81bbf	n/a	Heodo
2020-10-27	REP_8246620157634051090.doc	doc	5ed7759274be901ba33c4f6edc3933a460141c8fd98a83304db9c6a344adecef	n/a	Heodo
2020-10-27	Attachments_82280931.doc	doc	2fcbe5dbdb069526a9daacc2996b8e3d328162b29e0b31e68ef631603c7dd445	44.44%	Heodo
2020-10-27	ARC_3UY66PA.doc	doc	09244c423c3262527e5deda11a9ade5df8ec453d879c5fb6e6cb2afd3121ffcc	n/a	Heodo
2020-10-27	Dat_FAT_100120_CIR_102720.doc	doc	04c4ec6ce334fcb141b92d6e0a177aa261d773d79e3c9a671db3fe228bc7fa7d	47.46%	Heodo