URLhaus Database

You are currently viewing the URLhaus database entry for http://citymobile.rs/cgi-bin/jPHUPQ4DlPer3ayGaAyl149KzJb9/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	936415
URL:	http://citymobile.rs/cgi-bin/jPHUPQ4DlPer3ayGaAyl149KzJb9/
URL Status:	Offline
Host:	citymobile.rs
Date added:	2020-12-21 22:15:04 UTC
Last online:	2020-12-22 15:XX:XX UTC
Threat:	Malware download
URLhaus blocklist:	Not blocked
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Not blocked
AdGuard :	Not blocked
Cloudflare :	Not blocked
dns0.eu :	Not blocked
ProtonDNS :	Not blocked
OpenBLD :	Not blocked
DNS4EU :	Not blocked
Reporter:	Cryptolaemus1
Abuse complaint sent (?):	Yes (2020-12-21 22:16:17 UTC to abuse{at}ninet[dot]rs)
Takedown time:	16 hours, 52 minutes (down since 2020-12-22 15:09:03 UTC)
Tags:	doc emotet epoch2 heodo

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2020-12-22	XHFBR7SHW7XN1P.doc	doc	64ff6172de90edc7ef3bfc1990cd49365ad03232f0ecb8c2d879f92b59866488	34.92%	Heodo
2020-12-22	KJE6P2P7UF0UZD.doc	doc	be9d8ec4966289f852d726cdc5572790961f70b4c446d64d1cc12a4815ac1534	35.48%	Heodo
2020-12-22	VJIBJLS3.doc	doc	72526ea70462d80cfb3edea310592329d47c4081c3ee6df1184a219a17b1a731	33.87%	Heodo
2020-12-22	6JLLG9F7XZ6O.doc	doc	65ee3709af3223578ca9630bd211afca9a02224398426e501095c895e24f7443	34.92%	Heodo
2020-12-22	O490Y7.doc	doc	da6ae027905e668507b86b9b9b4dd2dc2585d7ac3cb4800e01b88c63796e89ec	35.48%	Heodo
2020-12-22	4JPE00FB76.doc	doc	7ec200a834392208ae8521c4804d11ff669137b4265b732a17660527ccf3cf36	36.51%	Heodo
2020-12-22	5WTL1PJAG1Y2G.doc	doc	0ebdff0201647a1df0ad578dcdfff8ca9e91c379b6183c53845de8e226b95c39	36.51%	Heodo
2020-12-22	1QLDUL14XMJ5SA.doc	doc	d1f80b7c07e821a23ed98aea9fea39b3cb0c0e9dd65fee3291a32c01a8086659	37.10%	Heodo
2020-12-22	LUUSF3B5SSE0SY.doc	doc	5859c620940889e8f706d72a664c360201c9ba13ef890968418d85e89488b940	37.10%	Heodo
2020-12-22	MIH17XXEQ546GN.doc	doc	f97613afe1f694ac5d5f44de67872f929027b6320a75f364c80872fa736ce427	31.75%	Heodo
2020-12-22	PEC0Q3.doc	doc	6e64c93e0929da5ff396df56de2ba50ef16098d90feea49e0a1973edb6dd4238	31.75%	Heodo
2020-12-22	Y6AVSO8TERE.doc	doc	e48eb9cca61adb1998120f5444bee783433127651cae6b81024a94d30d219652	31.75%	Heodo
2020-12-22	O2LSZZGTILX.doc	doc	5bdc116f61159b0fdf12780d8228204288849c12c8cd79641e3061b1c4a8c0c0	30.65%	Heodo
2020-12-22	LR4LYO.doc	doc	77b8956c1063e4dd90895010626b4958dc18ffe999967ee6e677be0c08e590ba	31.75%	Heodo
2020-12-22	PS7S6JJGYS3ONIOF.doc	doc	0e2b9eed3b9232305b458a002be0af92bdaffd6da9b891db65a9469bd5d8d8e0	32.26%	Heodo
2020-12-22	7YKG3X5JEBT8IDVO.doc	doc	d5dc56815cb0e2bdfb9aab908416e5a1c526270f5143e0d6c3660a8ee172bb95	n/a	Heodo
2020-12-22	23YRX9MOZZHZL.doc	doc	40662dfab1c2354498969010dcf09c1998267de262631c1d19b8b7596278d92b	n/a	Heodo
2020-12-22	5VAV2DQ646B9S.doc	doc	676ba746091154d8c359580e500792f3b421e5c71ce4a42acc39ad450b612bd0	31.75%	Heodo
2020-12-22	C6D43FYNJIU5G5RL.doc	doc	c6d1e6d03923c2176caab866a4f9253b45abd995a55bbde304bef7eff2d7189e	n/a	Heodo
2020-12-22	EP5U9DC.doc	doc	f1484f77d7833c2797c1f51838d30018f62d6b94cd90a17ac0f72633d22222a5	49.21%	Heodo
2020-12-22	F7C1K4MRWGC8B.doc	doc	8c609a2a6e8a0753a2e8749e054a04f699c4bc379523bf3029413cc4f61163c8	49.21%	Heodo
2020-12-22	GVOGFQC.doc	doc	7f0db28f42defa949deca1a03ba0d33617c04b5e114e187e9b65b67639d750b7	n/a	Heodo
2020-12-22	2M3PU5M4O6I.doc	doc	99791db1cb487d25ca3160836589adcad5fc57a1dceecd3cdc82ecbee51716be	n/a	Heodo
2020-12-22	9D0WN45EZZDI24.doc	doc	8fa65f5db62b92accf6ac97f78141b1121b6fe2946a4d639818589e08cbfd467	46.03%	Heodo
2020-12-22	QVBHI7I1.doc	doc	6adf12a084ccf2eb6dd19a35742a35f03bcba878416ef83b9c520e17d55ac329	50.00%	Heodo
2020-12-22	3V6XSFL8.doc	doc	6c26774c4763bbbc05c970dbe0b96045fefbdffc80c2d7878e8ca8089f0215c9	n/a	Heodo
2020-12-22	8MQDNZ6BIAM3OKE3.doc	doc	cff7b2d4fb395de88b4c8494f75e925c14e735c01f9a79572938f9c6c7f590a3	n/a	Heodo
2020-12-22	NBLBCWXZXRO6AR.doc	doc	45defa35954d6268fe26f6ffec131a6de427af2f682079ef11852a33ff1db07d	46.03%	Heodo
2020-12-22	1NCS3J0D28IT5E.doc	doc	ba1218e38d9223acf507cfc1a458681e54567ca72f03040901578a63ffc0ba06	42.86%	Heodo
2020-12-22	ZE03AHWS1NLYA79Y.doc	doc	ce6fb78ce0ce59ac239eebb55984e0497f6f9616a5a4ab3fe28b63e8456f3e8a	45.16%	Heodo
2020-12-22	524G69OWW9EIZA53.doc	doc	9eaf41a79c3932d4be36d56a7b01c16f4bc4ae8d3df11291ba46f7e2dc784627	44.26%	Heodo
2020-12-22	RAL70U.doc	doc	47fb863700031a20e693b095a8cdb17ee3304a8e6db9ddee52b8b003d707cb4d	41.27%	Heodo
2020-12-21	ZTM0V1.doc	doc	474bdf90e53ddd00548e4df1cb15832ba181a53459588ce07109ac9d69f7ae4d	39.68%	Heodo
2020-12-21	ZSCJ1U6XUY.doc	doc	9807bc80d1e2c641d656b5dd41343055c2792f006314398b47d6ea5b9c1b5451	38.10%	Heodo
2020-12-21	UY4LGIL12VZYE1S.doc	doc	aefe4fff4d754c7faf5c1ba8e33586ac4732827c66e5621c0fe5a711895657c2	n/a	Heodo
2020-12-21	HJ6GWIBZDIS.doc	doc	b0e697eb8ea66997602b281b7a989cdac530defaceadc9fba378fe5f7035bfd8	37.10%	Heodo
2020-12-21	EAIPE0T85ETSBJ.doc	doc	38a05045c1e8dd70252d43a09d6aaf12e75e21ee3f9a7153ad1c99101f28d933	38.10%	Heodo