URLhaus Database

You are currently viewing the URLhaus database entry for http://behdanehgolestan.com/Mar-19-09-42-35/Ship-Notification/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry


ID:223
URL:http://behdanehgolestan.com/Mar-19-09-42-35/Ship-Notification/
URL Status:Offline
Host:behdanehgolestan.com
Date added:2018-03-20 09:42:12 UTC
Threat:Malware download Malware download
Google Safe Browsing:Clean
Spamhaus DBL:Not listed
SURBL:Not listed
Reporter:@cocaman
Abuse complaint sent (?): Yes (2018-06-11 10:42:45 UTC to abuse{at}ovh[dot]net)
Tags:emotet heodo

Payload delivery


The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTSignature
2019-02-16n/aunknown647bea3b0e9be2f01eaafd26cc7550c91955f4b3d252b1b0249b4aea52407789n/a
2018-04-02Tracking-1240706806-ZNU-INXPD.docdocda9f00931ac6a506eb6220d676ffe0b76c1c3ef91110a763a070de17cb42c6baVirustotal results 26 / 57 (45.61)Heodo
2018-03-202115994836-NG-MFQD.docdocb45489f8f5c0c3c75461bc9d00a064f2e37092460c7ebcc692274354119ba083n/a
2018-03-20Tracking 6885510700-GCNU-LTIW.docdocb829ef640b3ee2965e25453727598509aff4a461d41ac7d1be56d8c8f917c2c1Virustotal results 6 / 56 (10.71)
2018-03-20Tracking-27952-PJC-NHSBI.docdocbfa174965ceb1bdb39edfbd709d14451a2c5ae336dbd29cf3756f61dfb72ed55Virustotal results 6 / 57 (10.53)
2018-03-20Number 5174496261-ZW-NMN.docdoca029061f767ca25b1086b7eef02b9d111f02b5dff7a1b4ee1dd64c716b52dcfeVirustotal results 6 / 56 (10.71)
2018-03-20Number 28523941-AX-VOD.docdoc9ea7fdd0f771117c468b5d93adbf8a0a02816ed85bba0794988c530eb0801bebVirustotal results 5 / 58 (8.62)