URLhaus Database

You are currently viewing the URLhaus database entry for http://www.forexshifu.com/cgi-bin/KG/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry



Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:421521
URL: http://www.forexshifu.com/cgi-bin/KG/
URL Status:Offline
Host: www.forexshifu.com
Date added:2020-07-29 15:51:05 UTC
Last online:2020-07-30 14:XX:XX UTC
Threat:Malware download Malware download
URLhaus blocklist:Not blocked
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Status unknown
AdGuard :Not blocked
Cloudflare :Not blocked
dns0.eu :Status unknown
ProtonDNS :Status unknown
OpenBLD :Not blocked
DNS4EU :Not blocked
Reporter: Cryptolaemus1
Abuse complaint sent (?): Yes (2020-07-29 15:52:02 UTC to abuse{at}corespace[dot]com)
Takedown time:22 hours, 23 minutes Good (down since 2020-07-30 14:15:31 UTC)
Tags:doc emotet link epoch3 heodo link

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2020-07-30Inv-FSY1-324112.docdoc a967428ac71da65c0b8688b11b4a347d2ef493f05efa01b4fe2d3221525486d4n/a Heodo
2020-07-30InvRDD23-604767196.docdoc 266ef8fff927a20df9110569a6ed363072094faaa7acb7792e59b2d28a86d71cVirustotal results 41.67%Heodo
2020-07-30InvoiceJVXE64-841988.docdoc 94d0324718bb0a1ed17ac390c85e2c5a9447a07fea4a306c0c7e90ea3e12b76cn/aHeodo
2020-07-30Invoice-CG515_413707710.docdoc 8fa0505ff1b7a860ab423d947231b6b2e59abe2a4d99fd134688da5aecd4d8b5Virustotal results 41.67% Heodo
2020-07-30invoice-WZ5456_495585.docdoc 2d52d74f498007a80c0f955b4004ffa43f9a156616527223b12166fc5e396742Virustotal results 39.34% Heodo
2020-07-30invoiceAOY8 24423026.docdoc 4a0c2b7ffc018049812893fc6ba973b212567e436a794f9fde50207835be9d0cn/a Heodo
2020-07-30invoice-QC408-3288084.docdoc 3fdf511a0d2c49b47501b1ad0fd526b54177eff88f86952a9478c8168abd10b3Virustotal results 40.98% Heodo
2020-07-30Inv-GQAU10{:REGEX:.docdoc 099dbabbf2a1939ad6103ee587d3777e00c2d83f0d0f4e2343191d546dc349abVirustotal results 40.98% Heodo
2020-07-30Invoice_UHV653-41592265.docdoc 7b02363b8b78a87f753d96c97fb1600e0eef27bfa370f95777f5b62bb04ebf66Virustotal results 42.62% Heodo
2020-07-30Inv_DKSY3-44710461.docdoc be1b8ad64e01412dd035b219b6886a962ef72ae8da147f392f98069bec33e9a6n/a Heodo
2020-07-30invoice 16_056170.docdoc d0a97ae910d08409578f9b4d126c549a44b82e801299761f677f3f26c6a0439fn/aHeodo
2020-07-30Inv_MCPT2-79980252.docdoc 84f1793acc6d7c229aed03c0334fcb223eb89415c1d96b08822e988c1a5652afVirustotal results 45.90%Heodo
2020-07-30Invoice P1-796679169.docdoc 3980b3c64b365eb4dce87ace89c466f152864cc81b41970be1311add9b7c7cf6Virustotal results 46.67% Heodo
2020-07-30Inv-B3-56496684.docdoc c4ab3c41df5329c648d2f8ca0658720f2c624259d95b3246fd3d0ca1dfed9fdbn/a Heodo
2020-07-30Inv-CUKI895-09511481.docdoc c99f367eba08850d6a62e56f9957b44656cba498c67bd78b284d5fafa7bff959Virustotal results 45.16% Heodo
2020-07-30Invoice 5928 771194756.docdoc eed8aa076d2b58e5ced3c900bcc72f67191b09fd9b11fb7be5afd3dc6e79591fVirustotal results 45.90%Heodo
2020-07-30Invoice-CX5491_119999.docdoc a39a69a66a72856a5655250505b59571f6ecf882f464f546de14ad20ae9c5bfdVirustotal results 46.67% Heodo
2020-07-30INVOICE_672_4124136.docdoc c61b78074e3167d135dac44d98e6a8e2f8e47a25735c3fd3ed83db197892f9b3Virustotal results 45.76%Heodo
2020-07-30InvoiceEGLK8 7972111.docdoc 4f2ac897eb8a71c9f2e1fe0299c615ad0d8a0dbd7b9e08d89bd6e0dde86e1caaVirustotal results 45.90% Heodo
2020-07-30InvoiceRL2-893004.docdoc 05c371811b927855f667950de76321ef89b204027af6fb839558bf2a36e0f54fVirustotal results 46.67% Heodo
2020-07-30InvITH4232-80155496.docdoc 446037ce81d186fd02bf65e0c330850203c818bce8a72d542cd61fb1f12c7467Virustotal results 45.90% Heodo
2020-07-30InvSTB075_484852674.docdoc 88a8cc5f762749790bd0cf686c79950ba34466fad7753f87b86a7c94a4ea6e8cn/a Heodo
2020-07-30INVOICE D3_72762102.docdoc b56e407fa18991949dc9cc5347f42a17737b284c9e00b08050cc721bae5a8e7fVirustotal results 46.67% Heodo
2020-07-30INVOICE_57-793026.docdoc edffc299063e343351d529e84129e771c7c6e2b1894d86ebc91c78d0bad815c8Virustotal results 45.16%Heodo
2020-07-30Inv-UEX689 10591385.docdoc 6aaf1d2548a2d3e3af5573be71f022d7b0f795816398a54e9bd79a341453530cVirustotal results 45.90% Heodo
2020-07-30invoice-W83{:REGEX:.docdoc 17af6364aa5e152191cfc5bf34f2365e03da7c8a7040ccd4174f096a601b5e04n/a Heodo
2020-07-30INVOICE_6_97459748.docdoc 4ff286a06a66c0c8d7c44bbb7c1be4363222a33701847a86402bce22e085889dn/a Heodo
2020-07-30Invoice_JXMC2_369968994.docdoc f109e6ae9c85ddfe69a3f7312184afd244ca7deea6b5f977cd6b9869dbbbe860n/aHeodo
2020-07-30invoice-ANN27{:REGEX:.docdoc 412fb57e72ba6ac81ae2808528e48e74eff28cccc8244172b6755b864b86b3fcVirustotal results 45.90% Heodo
2020-07-30Invoice_Y0-944123406.docdoc 28ad746a87c186873fd8d644a8ca704b9768959c1d8cc780bbd1e4fcec07256cVirustotal results 45.00%Heodo
2020-07-30Inv-GHKY2{:REGEX:.docdoc e039f53c75e931e700cbcafe41ac39dfd4673929f7f2cf333a2f722272fd240fn/a Heodo
2020-07-30Inv_AUMT781-496276.docdoc b881c04d3421fa27957a0aba96dbc228420bb1dc80ed828300fb45848a66447dn/a Heodo
2020-07-30invoice_8842_21670125.docdoc 809ac32f203aef0349016041a30ca0ecbe4529aeea08b872bf48d62a8efa1b3fVirustotal results 45.00% Heodo
2020-07-30invoice_F26 334913463.docdoc 72244c8748d1f0b37e10ef8b0f5be0624ea7ac975aa1214281b4f326e6b2f4b2Virustotal results 45.00% Heodo
2020-07-29Inv XB1{:REGEX:.docdoc 9682cb3fed20b168899452201908168de9b2c2d82530d7227a4474b8b2587eb8Virustotal results 43.55%Heodo
2020-07-29Invoice-173-837667736.docdoc 95a7f27115ec0027c6e80a07bfbe83181bf8cb2236bec3e8b13e7c7e59dcd3f4Virustotal results 45.00% Heodo
2020-07-29invoiceJG3287-845222.docdoc 81d3e8f15ad09342186fbe8b601f63c809fd415ee1c5cb4b739fb3ab7a47b99dVirustotal results 43.55% Heodo
2020-07-29invoice-TMT040-465251807.docdoc fc906360a47dd69ee9bf7c722ebee494ae2f5a2182120bd98f7e809b16e951d2n/a Heodo
2020-07-29InvoiceGG28-9487453.docdoc 1bf7b884965fe118224269d25022bb33f7a4cd50fee399994fe4c1e7058ade39Virustotal results 35.48% Heodo
2020-07-29Invoice C0031_939256781.docdoc 4e5402409bed2c6052e6cfb0cd998f3b88be85d561edff6ee16212a4df9d844aVirustotal results 34.92% Heodo
2020-07-29invoice 048-69656482.docdoc 0538723c17579616d35fe643f326b6b5b81319f1e5081079bef5cfc6cc2eefc3Virustotal results 36.07% Heodo
2020-07-29Invoice 918 266419012.docdoc 657963516302bff1d416e213c4e427f5db195e90000865aa0b37181d45986f13Virustotal results 36.07% Heodo
2020-07-29invoiceQXT7 54456952.docdoc b53bfce0fb25f92e551df784022a466f5b5d774067925f44ccf6e8af8acfc7fbVirustotal results 35.48% Heodo
2020-07-29INVOICE-7{:REGEX:.docdoc 2a178649b3301b5f81622dac20cf41286c1a23d07f45e13eb923d9463304b9deVirustotal results 35.48% Heodo
2020-07-29Inv_H3615_989994952.docdoc 82485a4bcb44f76bb1ac5bc0d92b640511d2c13d240324394105bdd0f904de9dn/a Heodo
2020-07-29Inv X455_454942387.docdoc b89081c455fac3caa56d78c349d618b89eb1609afa9a3aa07d7ce714942282b0Virustotal results 35.48% Heodo
2020-07-29Inv WKME17_860597.docdoc d0392665de57ca6f6171156030c410da29aac3e3c5194645657cfdf4fb591602Virustotal results 32.79% Heodo
2020-07-29Invoice60_015666.docdoc 38e80b0ed74809100ac711b189643d3ac91d40765de74775422214356f3aaa49Virustotal results 35.59% Heodo
2020-07-29INVOICE-DIQ8798-43433313.docdoc 46b27d851f8ea31388578137b73c02cc59fbcec6f937c4a0689021ea674d3b1cn/a Heodo
2020-07-29Inv RCHM745_588448.docdoc cf3685fed8afc244c9057d567ba9c44bf565b3fdc38d6b9cc483bef951667accn/a Heodo
2020-07-29INVOICE-AE6 0704702.docdoc 172b5f8d45a91223ad86ad0273f1deb0f59e471bed50dd43f85a95d0dab8aa74Virustotal results 35.48% Heodo
2020-07-29invoice-D99-4088620.docdoc 1b23e6893b349fd94640f1425a5ffebe9b61b4d3e21ad8f8ab5117384f0ffc0dVirustotal results 36.07% Heodo
2020-07-29Invoice_WM50 4813837.docdoc 934f5d399e3b3914f2c3410ad251ab6817ddf37637d4cd01aa0faabb3f39ab2eVirustotal results 35.00% Heodo
2020-07-29Inv_RBKX2 63236263.docdoc adeada9a8ec5d3994841de45aafd47a1bb4eedb7e8ff2e5ef2b31a7cfa7339cdVirustotal results 33.87%Heodo
2020-07-29Invoice 792 268648.docdoc d38a56d36ace7f2adafd305ed44cdd1667c68209148e46187c616be8a00c379aVirustotal results 35.00% Heodo
2020-07-29Invoice 289{:REGEX:.docdoc 3e9c7d9885ec613e95cbccbf5a204267786a5efe1e82b72b4a11f9472af0460fn/a Heodo
2020-07-29INVOICE-U2-311267995.docdoc 6c3d8011d58d421f0db32a2fbd7ff2dfc39c7fe557dedcd503aca7d97d7a1e80Virustotal results 33.87%Heodo
2020-07-29INVOICE-EPJ716-65593370.docdoc 4dbfbd8a057e49274bd92c01fa9680f9b478eaf207fa1c55aeb36d7879a35b27Virustotal results 33.87% Heodo
2020-07-29invoice 2320-174470983.docdoc 4800ef4ce359d4cfcba1becb6f8f276e0e968f7184af96279a1c448b897cccben/a Heodo
2020-07-29invoice_YMJ8 306201.docdoc 50445a74463d73e829f22308488c8ff5b166f83d4d17025cccf6f9c634146f8eVirustotal results 35.00% Heodo
2020-07-29INVOICE_ZN28-99752544.docdoc cdeb73a75d2de50380319dec4efc69411ddd326a2f2ec8a4a3a3bfbdd8dadb47Virustotal results 35.00% Heodo