URLhaus Database

You are currently viewing the URLhaus database entry for http://alifgame.com/pharmagen/browse/h7QKm5TXoQe/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	607434
URL:	http://alifgame.com/pharmagen/browse/h7QKm5TXoQe/
URL Status:	Offline
Host:	alifgame.com
Date added:	2020-09-23 22:13:35 UTC
Last online:	2020-09-24 06:XX:XX UTC
Threat:	Malware download
URLhaus blocklist:	Not blocked
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Not blocked
AdGuard :	Not blocked
Cloudflare :	Not blocked
dns0.eu :	Not blocked
ProtonDNS :	Not blocked
OpenBLD :	Not blocked
DNS4EU :	Not blocked
Reporter:	Cryptolaemus1
Abuse complaint sent (?):	Yes (2020-09-23 22:14:07 UTC to abuse{at}ovh[dot]net)
Takedown time:	8 hours, 15 minutes (down since 2020-09-24 06:29:53 UTC)
Tags:	doc emotet epoch1 heodo

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2020-09-24	dat_20200924_13908.doc	doc	24e031fb985e7f9a012366503ac58c163c138850f5707b5029a5793b27857ba5	n/a	Heodo
2020-09-24	902L_2020_09_24_D64920.doc	doc	7e1702f3524958efa4f4593977306fbc177c3bdef1bc8c04b3e900cd4aa2c5e9	38.71%	Heodo
2020-09-24	Mes Q2165.doc	doc	3255f1ed97c4519f14543bd413301a4ab6e48765f7a405b5efdb7428b2a586d8	34.43%	Heodo
2020-09-24	FILE-20200924-DDX4651.doc	doc	f936c9284d2c66663fbc538babb06de38024bfe3272f41be52eec3fb8025bc6a	n/a	Heodo
2020-09-24	Attachment-2020_09_24-XT164161.doc	doc	2f8c5f8173199d582e3535ffcda34ccfa553e9b5d8ab915b54d4d0307061ed19	33.87%	Heodo
2020-09-24	Rep MS975526.doc	doc	031a4e9cda99df5d982b2b59480f2354ba7a4f13a3f6d6366feff317bf4820f6	n/a	Heodo
2020-09-24	Doc 20200924 X892772.doc	doc	9b6ddc314258dd07193fca458631855ec60eaf598557379f4bfb34cf178a0d41	32.79%	Heodo
2020-09-24	arc-20200924-Q228824.doc	doc	0bf5cdd3f37f117e4ae69a13ceeb2d812055e6bb5b5119bf9adbf69d4218d63c	n/a	Heodo
2020-09-24	Untitled 9630.doc	doc	d459ae5f366703f6a9c1ad00f597a966ab17bbe733d0eb970e94a9e1ed912dc7	32.79%	Heodo
2020-09-24	mes MB902073.doc	doc	a1eadd639edafd2b4c14ee3c756169cf8cba0b790c132d2a40f21f5febfecb77	n/a	Heodo
2020-09-24	inf_20200924_XYU78709.doc	doc	f6dcaaa7b1e36ac14966538d45c8a37232030e1426436a26542239f6c4b15eae	n/a	Heodo
2020-09-24	REP-2020_09_24.doc	doc	94e4fe6c73db0e80100417fe60ab8d9b1fe7fc9ece7a2923861e1e1d42717d4d	27.42%	Heodo
2020-09-24	9101-20200924-RCM93707.doc	doc	e70e596d135c977fff3ac2431028c138f7a11cea81bfb9a9ba46ea0e0109a67e	n/a	Heodo
2020-09-24	Arc-126025.doc	doc	627da70ae807d43827d68ed505588ad930a9e5c02c294477c5910f844b3a7c30	29.51%	Heodo
2020-09-23	File 2020_09_24 E470.doc	doc	a8f0618803466ed187aec2039b42491adb06253fdb89c826203fcd757992967e	27.42%	Heodo
2020-09-23	INF-2020_09_24-EU020211.doc	doc	bf610aa108a8cdb11b895e0c49cbad7b781810f1c4b95a051d0a75ad830563ba	29.03%	Heodo
2020-09-23	Rep CLE2804.doc	doc	f3d1c3c53293c401bc39848174a8b6877d25542de861e94b8e6560c63a4e94e6	n/a	Heodo
2020-09-23	ARC-2020_09_24-LMP36648.doc	doc	1ffeb45aff1c0f5aa29bae90eae313b09ddbf7345bd6be0e2d8c1daee921b873	29.03%	Heodo
2020-09-23	Arc 2020_09_24 FJX44086.doc	doc	8034f804eb73d852e44f3747467758493a197f329723f30b0ab6da31d8e40acf	29.03%	Heodo
2020-09-23	Doc 913456.doc	doc	10bf4255bb35705c86bfc4a5baf98ad46011a82c6c1af9285cf8074cafab5ca8	n/a	Heodo