URLhaus Database

You are currently viewing the URLhaus database entry for http://exxonabnie.ir/orbi-slow-glero/gGkUV5JkrMKN1kGyELyVka973qrXnWF// which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry



Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:940275
URL: http://exxonabnie.ir/orbi-slow-glero/gGkUV5JkrMKN1kGyELyVka973qrXnWF//
URL Status:Offline
Host: exxonabnie.ir
Date added:2020-12-23 03:49:08 UTC
Last online:2021-06-12 10:XX:XX UTC
Threat:Malware download Malware download
URLhaus blocklist:Not blocked
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Status unknown
AdGuard :Not blocked
Cloudflare :Not blocked
dns0.eu :Status unknown
ProtonDNS :Status unknown
OpenBLD :Not blocked
DNS4EU :Not blocked
Reporter: Cryptolaemus1
Abuse complaint sent (?): Yes (2020-12-23 03:50:24 UTC to abuse{at}dnswebhost[dot]com)
Takedown time:5 months, 21 days, 6 hours, 30 minutes Bad (down since 2021-06-12 10:20:40 UTC)
Tags:doc emotet link epoch2 heodo link

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2021-03-08HWS91V.docdoc 3fbfd6e982d209b8a17b661954954d34ed049c93ae235bd736f558199b81aa94Virustotal results 73.02%Heodo
2020-12-23OIG7ZJ9PK07.docdoc ba9ea1c4a35b426bb909eae9b8b40a6acdd5a80c1cea10d8a336338a7b282522n/aHeodo
2020-12-23QT7CJOIPM8W.docdoc 4a6d02a3adc59903ee067a5abc702d78fb31c61deb56b7360fade2ec85195569n/aHeodo
2020-12-23UC1PA3ISYSGBLE4.docdoc dad7761c55d0c4eb6fbd18182bab52f99242f7107fdf629b056cb6965ba073ceVirustotal results 39.68%Heodo
2020-12-23GKPGUK2.docdoc e269c87f3edd655d2fa4f379bac4ddee2c652386ccd598daf260157b1b9c033cVirustotal results 41.27%Heodo
2020-12-23E2CUR5APT8.docdoc 2bed788f0ae4910b2b76b0d6a72af5f76811598705f59de52684ab9f99ca1fa3n/aHeodo
2020-12-23T6HAZJF6SK0.docdoc 098fd9226fa629b47b6a137b89e9f3f85f74266c494382a6678d910af2cf8130n/aHeodo
2020-12-23VAQ6IMC1L.docdoc 70cd2d38d41ecad15addac25c6e09641cce2f946161ecf261e639a09576ecb8bn/aHeodo
2020-12-23859C2AZ.docdoc 69c857ec1c8b113638e61d8da49ffbda13878a0785aab5d567bdc3fe251fd3een/aHeodo
2020-12-23R1IDJL4MDLO00.docdoc 74ca579457b696e80799f7acb8b3caa43a1a05be7c10a42fdfa94b1013490c07n/aHeodo
2020-12-23UMACIDL0FDT.docdoc f857002c29ef1a357a541a2a1dc3821d6f7b739ac3602a22be8c6861d0f4b8b3Virustotal results 31.75%Heodo
2020-12-238SFTAGT.docdoc 525689f16129765cbfcab859edd5d99fbbec461ea04160605819b2f4b6150042Virustotal results 27.87%Heodo
2020-12-23Y67UK8Q1.docdoc 810ffc95c449b426c6bfc03c98c5e10cfbecbfff7858f10cd9c1c5ec29e2216en/aHeodo