URLhaus Database

You are currently viewing the URLhaus database entry for http://onlinemafia.co.za/cgi-bin/GBryKh/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry



Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:265833
URL: http://onlinemafia.co.za/cgi-bin/GBryKh/
URL Status:Offline
Host: onlinemafia.co.za
Date added:2019-12-10 00:16:27 UTC
Last online:2019-12-30 05:XX:XX UTC
Threat:Malware download Malware download
URLhaus blocklist:Not blocked
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Not blocked
AdGuard :Not blocked
Cloudflare :Not blocked
dns0.eu :Not blocked
ProtonDNS :Not blocked
OpenBLD :Blocked
DNS4EU :Blocked
Reporter: Cryptolaemus1
Abuse complaint sent (?): Yes (2019-12-10 00:18:06 UTC to abusepoc{at}afrinic[dot]net)
Takedown time:20 days, 5 hours, 7 minutes Bad (down since 2019-12-30 05:25:12 UTC)
Tags:doc emotet link epoch3 heodo link

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2019-12-12Inv-K573_87.docdoc c83f051c75c01a67871d4df314d563cd574438d9f2fec9558d31bc834cb3ee5dVirustotal results 40.98% Heodo
2019-12-11Invoice-VE926_1996.docdoc 9d84962c6b8115af91c476d4e71ece91ba729e569d428c206ee992e0f5f67eb0Virustotal results 40.98% Heodo
2019-12-11Invoice-U014_511.docdoc 49a0b0f5f6cd2b27aa13f64654d6a07edca351b13aab5fccb0e10cbcfafdfb7cVirustotal results 36.21% 
2019-12-11Inv_J995_0340.docdoc d9b513c8517f073760bdb577d2e9051c91c709852d48961117d5dffe7976ca36Virustotal results 45.90% Heodo
2019-12-11Inv LL732_12759.docdoc 0e52f40038dae37d4956da6613d5bf033d783830ebc74620510b1613bf223372Virustotal results 40.98% 
2019-12-11invoice_TMD16_03.docdoc 486c91940fdafaba6da9ee6ddd32e23105d8974e0ae0fbde184e3dd2fbbd371bVirustotal results 40.98% Heodo
2019-12-11INVOICE-NOQ95_17.docdoc acaca87404d323e919e910f2ad0c6ca398a0cd789ffc327973d8fef90b238ca3Virustotal results 36.07% 
2019-12-11invoice EC00_28752.docdoc e1f315e16cea5360492223af2d3b47da3f3b3d250882552371d5578b0f319ba0Virustotal results 29.03% Heodo
2019-12-11Invoice-MH262_07115.docdoc 5b768f2eb1cff9eefcf29280f46237f0bc583be0b55327e1be41b0192c21fcf1n/a Heodo
2019-12-11Inv_TY401_3130.docdoc bc3d5a793002c6d23c5e6166c7b8d8084f9f335793a4230c0ab459808f276ed0Virustotal results 28.33% 
2019-12-11Inv-OJK347_925.docdoc 62c12303542b74aa5cc546713a55af73a6d4567ca2fa12f79875fcd1840fbe37n/a Heodo
2019-12-11Inv B48_88525.docdoc 4ee0bf78e3b0a06c35fed0f912db6fabbb5fae13f838cd4132634359ad0d24daVirustotal results 39.34% 
2019-12-11Inv FJ010_3191.docdoc 598ca34558e9464124f85cef62e3ee262da4544695fb430fbf3989b5f23a62e7n/a 
2019-12-11invoice OB609_4757.docdoc a60c7102286fc773ec8ada02318ac04bc6b9e5c4d835d4465fee783df6afe81bn/a Heodo
2019-12-11INVOICE-V53_3412.docdoc 9b0cefb00c3d0faf011386ffb0cea209424b25147db9bcbce92a8b4943bce56cn/a Heodo
2019-12-11INVOICE-OSW915_20861.docdoc e418066e29b56b817f639c08108a7e87860ba30e896203a7cf96a68a512c64c0Virustotal results 30.65% Heodo
2019-12-10invoice_APD91_11280.docdoc 8b01a5734741ccb2d824c693b73daf245b0bdceea9b787258a4ba636dc326ccdn/a Heodo
2019-12-10Invoice-P664_640.docdoc 051550754f4111f726e6863ffa836f9ecf5caf432ecac1a7643c874ce42771c9Virustotal results 29.03% Heodo
2019-12-10Invoice PI949_5061.docdoc 91167bef3bc48293d11a8ea55c9d6d8cefbc1771266b70175ad77d3673e88774Virustotal results 26.23% Heodo
2019-12-10INVOICE_H29_86.docdoc 0f81e86948f355a7f00d13804a2c0101a3fea3039019232a3c82b69ba71e8579Virustotal results 26.23% 
2019-12-10invoice_EVN74_6079.docdoc 0ae3fa30b7b4d46b1420569340687a58b71dade02d3301e0ac6207c1f360d045n/a 
2019-12-10INVOICE_GTD243_175.docdoc 0c4c64c698120f15575c25893d2217f1e2c71ce44045e277d364d19a83f34fb0Virustotal results 26.23% 
2019-12-10Invoice_E26_07844.docdoc fa4cd2cd3e278ab1bdf90de58b210b94b26d537b1daaab4771fd09eba8675705Virustotal results 26.67% 
2019-12-10Invoice X903_11936.docdoc ee8846d5d8248e2c01e2843ea61f6ddd8d3bf6a0c986bb694b115866ed5293e0n/a 
2019-12-10Inv-NW825_8856.docdoc 8e644276e4d7454012066ad19161a0fafcad6a251a08a6fce3d01f2734e50447Virustotal results 25.42% 
2019-12-10Invoice_AN15_8137.docdoc 8ca93aee72b8d7fccf197d30f18fbafb058c66dcfe6ae4c4db65dec5b38eb908n/a Heodo
2019-12-10invoice_X30_840.docdoc a91244d91531587d87ab5d8c387dc5127890856307d409499d97ac67208bb285n/a Heodo
2019-12-10Inv NZF419_74289.docdoc 2e3e7b1accb6229231063840b492cab8f58c35e53a098821c5a1d430545a9813Virustotal results 30.00% 
2019-12-10invoice OOJ540_3530.docdoc f93960eeb1c885d2b561ecaf9b4db5009bbf79a9e9693c7f279a46c3f5ad42dfVirustotal results 28.81%