URLhaus Database

You are currently viewing the URLhaus database entry for https://geo-foundation.vg/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

ID:	3795984
URL:	https://geo-foundation.vg/
URL Status:	Online (spreading malware for 4 days, 13 hours, 50 minutes)
Host:	geo-foundation.vg
Date added:	2026-03-14 16:11:14 UTC
Threat:	Malware download
URLhaus blocklist:	Blocked
Spamhaus DBL :	Abused domain (malware)
SURBL :	Blocked
Quad9 :	Blocked
AdGuard :	Blocked
Cloudflare :	Blocked
dns0.eu :	Status unknown
ProtonDNS :	Blocked
OpenBLD :	Blocked
DNS4EU :	Not blocked
Reporter:	abuse_ch
Abuse complaint sent (?):	Yes (2026-03-14 16:12:11 UTC to abuse{at}cloudbackbone[dot]net)
Tags:	ascii CountLoader ua-mshta

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2026-03-19	Sydney_Config_Beta_34.js	js	c423b5364c81a476aacb0b9cb75c90b2f7762ac8578f344c8e45f3c8b4e3476c	n/a
2026-03-18	Security_Release_New_7579.js	js	e712aaf403d47df55bc87d0e298efe256902990a9c1f225ca5e36a061eade395	n/a
2026-03-18	DevOps_Quantum_Record_139.js	js	f09c11ada12b8bfabf76c9c48ee8cf15a4a7af848fbc99ecfbbf351764eb9373	n/a
2026-03-18	DevOps_Gamma_Report_151.html	hta	5790c9545a9e42588063c2f309dc710957efdda8ba05858f7b33d23101763ac1	n/a
2026-03-18	Z_Template_London_7218.html	hta	c511fc7f9049646a189c0989e1b355fb29adf4fd476e284e47f04d660a60c324	n/a
2026-03-18	Record_Main_v6.3.hta	hta	964676e342c14571397111d8916f3fc8e810c9fa0234c5e27b9dfa02f43aeb8b	n/a	CountLoader
2026-03-18	Audio_Backup_v7.2.txt	hta	93eb1e8c168b57103e3511b3b3700f28a5e2b3ff62208cf84c3d5f49f86b7865	n/a
2026-03-17	User_Notes_Draft_9112.hta	hta	691a6e46a7c0e2f2a0a5ae4e7d5c64deb03e230d0202cb4bed82e27188c485d2	n/a	CountLoader
2026-03-17	Canada_Invoice_Beta_305.hta	hta	9f12096d9dac3217a38d6e93d207e2b4afaa6f08437d56547befeb517f83feaa	n/a	CountLoader
2026-03-17	Neon_Video_Berlin_880.txt	hta	5f585180c375d3aceb3c6e9f51d8dc2ddeedd0647c5603ca1b4f93265bea0ffe	n/a	CountLoader
2026-03-16	Dataset_School__50.txt	hta	eaf30f74d02afd9c49791d101edec792d84db4c3623b14ab68cee84c9db07f8c	n/a	CountLoader
2026-03-16	Nova_Images_London_5795.cfg	hta	bb7141c427671b8df3e3678c2427d1f7547d668a324bcdb5f04607f6cb02c44e	n/a	CountLoader
2026-03-16	Notes_Alpha_v5.2.csv	hta	1cc3b919978866d0a2f4d0f504914e8fd6e50bec4acea4c298ee554d51a04a74	n/a	CountLoader
2026-03-16	Core_Document_School_7622.bak	hta	0a9eef7efa92b0d9d10aaf03061969c932867848ceceb380624847a20a41d22b	n/a	CountLoader
2026-03-16	UK_Report_Primary_451.mp4	hta	c9ea5f5273e8d4855c6f32fe105a4583b360e055b9ef333ed5fe9a50247d4874	n/a	CountLoader
2026-03-15	Family_Project_Clean_8489.dat	hta	ce96aca71f071a1c4f688b4503ebe04b53fc75bc91252e0aded2255b4a1b13ae	n/a	CountLoader
2026-03-15	Notes_Updated_v9.2.ini	hta	6caefde626311178946e86ebb0df91359834b3c993a8920eff5a35307421ad92	n/a	CountLoader
2026-03-15	External_Report_Updated_1913.jpg	hta	2c98a7452c49ccd942303624fc9bc279711a8bba0d0a65675a3b103d9ab157f8	n/a	CountLoader
2026-03-15	Data_Germany__13.ini	hta	cbbd13986ddd2c3703e666e027a0c7dfb310d54299a6527212e836393e1bcd07	n/a	CountLoader
2026-03-15	Z_Config_Germany_2846.log	hta	6af3457051330059b04eea8a42d1ed8f08bf92a29ea981cd5e94b71c2f25c493	n/a	CountLoader
2026-03-14	Project_Stable_v8.5.rar	hta	8f8e3dbbdab719fad3f6748bde5301b9b3e35aea0ba58407a8e785bcfc6e9f14	n/a	CountLoader
2026-03-14	Local_Y_Release_558.txt	hta	6370b0bf653168199cd75957cc1cb02a9f50871882c87a31ba091de6ba4a0d49	n/a	CountLoader
2026-03-14	Marketing_Core_Report_295.mp3	hta	36cd729674787b8d7fc0830779afc98eb5958c3e07d4cbad0d0dee5c50f70a56	n/a	CountLoader