URLhaus Database

You are currently viewing the URLhaus database entry for http://grenflor.com/wp-admin/attachments/0010230312818998/RbwK0gr17a66iqWyff2h/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry



Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:766452
URL: http://grenflor.com/wp-admin/attachments/0010230312818998/RbwK0gr17a66iqWyff2h/
URL Status:Offline
Host: grenflor.com
Date added:2020-10-29 18:58:09 UTC
Last online:2020-10-30 08:XX:XX UTC
Threat:Malware download Malware download
URLhaus blocklist:Not blocked
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Not blocked
AdGuard :Not blocked
Cloudflare :Not blocked
dns0.eu :Not blocked
ProtonDNS :Not blocked
OpenBLD :Not blocked
DNS4EU :Blocked
Reporter: Cryptolaemus1
Abuse complaint sent (?): Yes (2020-10-29 19:00:16 UTC to abuse{at}choopa[dot]com)
Takedown time:13 hours, 34 minutes Good (down since 2020-10-30 08:35:14 UTC)
Tags:doc emotet link epoch1 heodo link

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2020-10-30ARC_O506.docdoc fc78cea416d8f9dddd6750de180d44c1af35cf844172007fdc47a556ead137e2n/aHeodo
2020-10-30Attachment 2020_10_30 OV59648.docdoc 612b66140b3b1ee1d77949fe254bb8348132d29b07fcbf108dcf5b85e98575b4n/aHeodo
2020-10-308478AKI 20201030 SKA932914.docdoc fbbe6a9112285c6511075644a37575be3f4b09df736f145ec048c94b7dedd72fn/aHeodo
2020-10-30Doc_GJZ6920.docdoc a23870c30cd12d8e0cc06995babd103045a2fd520fb125c0d84116139f825083Virustotal results 27.87%Heodo
2020-10-30Dat-8942818.docdoc 1d155be37cf38fd0b848877f9e628c9b5ad554526e058dd105de59785af38597Virustotal results 30.00%Heodo
2020-10-30DAT 20201030.docdoc 7f27ade3a8d4c793659b9993cfbf4f87ee77c25c5638f9a778917351bb592f70n/aHeodo
2020-10-30doc-20201030-635.docdoc 72502fab1f404078984874bd71e560d05f4c4f87d71dcea75dfbd7108fe9e0f6n/aHeodo
2020-10-30Arc 8993.docdoc 091deed14b5bf12ed9363d9252ff12388eb3aaf331490520e462d12823c9019cn/aHeodo
2020-10-30UNTITLED_2020_10_30_6908.docdoc 78fe84159621fe170f653bd7901b42c6ab5834ee899fe2fe2660497c8445ed48Virustotal results 29.69%Heodo
2020-10-30LIST XWA479.docdoc a2bf8d5a7361b5e31066653eb6522f5c2995e7407290bfe2a74296abe2914ff0n/aHeodo
2020-10-30doc 418432.docdoc 6c3e28e9d3fc3e6192e4e5dfe110ca2aeb96794d8dbed234856cf5ae32ac846aVirustotal results 28.57%Heodo
2020-10-30arc 2020_10_30.docdoc e575ae8cbd4ec306246f0ac64447c9bb8d72349b9ff05b944f8fc7748d38ea02Virustotal results 27.87%Heodo
2020-10-30List_20201030_EQO13078.docdoc 6b766925de9c4cda22bdd6c7da535788023c12dcd880a7ec02d40e69f63aca4an/aHeodo
2020-10-30DAT-1388778.docdoc 93e8b16cacfbb8457fed832ae2ef52797f09e3e852a03f043d365ac83013a71bn/aHeodo
2020-10-30rep-20201030-2510171.docdoc f85dfdadc90127312e82fee2bec640f2f4a69cc0509f36337e0078bc603109e7Virustotal results 28.57%Heodo
2020-10-30rep_2020_10_30_J717.docdoc fba41fdd9a1e8b12844d2ed37a39199dbbc262040af00488032ca8dd37d99af8n/aHeodo
2020-10-30UNTITLED-20201030-1461.docdoc 05b836813780375ab027f2424e9846c3026e6340b097f3a74929e9381fdafda7n/aHeodo
2020-10-3073259177_438035.docdoc eb5e7b9d8554e92b57e2560655716ddcb3e4a10c2769af68df19681e80692bc6n/aHeodo
2020-10-30arc.docdoc 0959eb24414ed4905b9b3ae4892e1489673cb1dcfda78853f7cd12bb8506984eVirustotal results 28.57%Heodo
2020-10-30Rep 20201030 T6158.docdoc 517f08d7f1dd6fdb4045abe5a369441dc2a2a467f702407029ce57299ed754ebn/aHeodo
2020-10-29arc-BSC338183.docdoc d66f8b906859aa4c96d0fcca50963ed7ab502b976ef2f3c2c2f821785dd0d1dan/a Heodo
2020-10-298542.docdoc 04994a1c8ed2e114ae0ae3ace2037a957983121aa110568738e22db0f364bd03n/aHeodo
2020-10-29File 72620.docdoc 1c802678220f65ea3b50e82874a9888689aec3c069499e2941f3bfc7d001c726Virustotal results 27.87%Heodo
2020-10-29arc 2020_10_30 350.docdoc f6ca4cdead1cf4c5890ad087e9e980fe7c3deba7f95e71e8d3011aa8a7a7904fVirustotal results 29.03% 
2020-10-29Inf_20201030_929.docdoc 61fe1f318088e3606d51b60f09ebe1de5f1fa0b55fc2c2b3185b2f255400a5abVirustotal results 26.56% 
2020-10-292884_2020_10_30.docdoc 11b4592603903a4f6783a2c905e9f163ceb9b48f854fd1addc4b670505f4dd0fn/aHeodo
2020-10-296959 2020_10_30 259.docdoc 7d0c55cebdf8bd8b64ba720554bba314c54f8bc5c66c375fa99748b7976910b2Virustotal results 26.56% 
2020-10-29UNTITLED_3079.docdoc 749a637bdf40f86a5743764dfcf9c1654d7c1943f00127bf4cdf440d04412f31n/aHeodo
2020-10-29File_5589.docdoc 17e2e96a148de278079850a8abf75b73851654519727271f938bf364c5ca5c04n/aHeodo
2020-10-29428JA-2020_10_29-IJ183.docdoc 5e4cb6ec6cda9c04ccafdbfbd7797efa337889fe96340d597e978edcd64da64dn/a 
2020-10-29V7361-2020_10_29-X55309.docdoc 0bb76ccaa362390a3a5918331f0f33e0ccd3f9cdd670ca708919d87aa7fe0402n/a 
2020-10-29562L_2020_10_29.docdoc 7f63c3822b78af4b2df4d759b5342caa9e642f6906281dd19aa8b5570e60033cVirustotal results 26.56%Heodo