URLhaus Database

You are currently viewing the URLhaus database entry for https://goodsalers.com/ffxiv-sophia/statement/vhud9vp8we/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry



Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:698974
URL: https://goodsalers.com/ffxiv-sophia/statement/vhud9vp8we/
URL Status:Offline
Host: goodsalers.com
Date added:2020-10-16 01:20:15 UTC
Last online:2020-10-20 02:XX:XX UTC
Threat:Malware download Malware download
URLhaus blocklist:Not blocked
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Status unknown
AdGuard :Not blocked
Cloudflare :Not blocked
dns0.eu :Status unknown
ProtonDNS :Status unknown
OpenBLD :Not blocked
DNS4EU :Blocked
Reporter: Cryptolaemus1
Abuse complaint sent (?): Yes (2020-10-16 01:22:09 UTC to abuse{at}multacom[dot]com)
Takedown time:4 days, 1 hours, 26 minutes Bad (down since 2020-10-20 02:48:43 UTC)
Tags:doc emotet link epoch2 heodo link

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2020-10-19AXYK6TAHR3.docdoc 65e2d908e6ada4277630aa4113bdde311bd7e49c0e6e656f3102bbb4f61924e3Virustotal results 51.61%Heodo
2020-10-16DOC_8901614538296772105482367.docdoc 21f2a9296db63e8671bce4862c485e7ebf0a1a4bfac598720516c4e81d951f97n/aHeodo
2020-10-1643033803.docdoc f05cfe8aae97657d11e98c72cd612a7d57f949a47efcf75125edfd9e7a7caa4eVirustotal results 44.26%Heodo
2020-10-16BAL_5169051665.docdoc 66e5c84f7f729e36ef0aa28a083377587825de39b6871269f4c8f6cc72899a1fVirustotal results 43.55%Heodo
2020-10-16NN2945599341ER.docdoc c1fd24a9deadc257d29b97063f9923762034a656723d87a0196f23b1cf899e53Virustotal results 46.77%Heodo
2020-10-16P_HR2556742246AJ.docdoc 638ad04b135c3d25ab4940edbd53701ba6bbe07b16b789410b5c1d06dc9aeb9eVirustotal results 43.55%Heodo
2020-10-16FILE_GHS_100120_KLY_101620.docdoc 69723a53775c6a9e152a508cdfa347a0e07201d2efca1c2c0ac1112748a9fcd6Virustotal results 48.39%Heodo
2020-10-16DOC_T9CEFQANTRW.docdoc 34ee1271131f57aa2f657049d06dffbee18342c401fa938e4b023ab21831c2e6Virustotal results 49.02%Heodo
2020-10-16AEN_100120_WXJ_101620.docdoc 45f7ed6acb52b3f758297672fcb90f410da0edfe48718c002c3b97016ac99d81Virustotal results 40.32%Heodo
2020-10-16Z52RMTE.docdoc e07a28bf930b88ae86abcb35ec1ebfafde47d78f4eb537440b0b37432afdbb30Virustotal results 47.54%Heodo
2020-10-16G_14ZBRFSLJ.docdoc 03fbe322a6456e5d9dba965551b7e114ce5e60b069c859a2f86c9026f3b02ac7Virustotal results 45.90%Heodo
2020-10-16REP_MT8881968078HM.docdoc 9ef9aea93327bfec6723725da363f724f06ca447c1a54fa84210ec1b01c86415Virustotal results 35.48%Heodo
2020-10-16REP_2662892357732373644454.docdoc 08c39bc35902925027d9fbcb94add1228e58eb5c4b52c63564ff142b0e186970Virustotal results 45.16%Heodo
2020-10-16Q_945714767747334.docdoc 5d3294aeac345f3c7f5fc36fafe0997b3a7140045bb1b001649713f9ecf5002bVirustotal results 41.94%Heodo
2020-10-16FILE_58876954.docdoc 17d47640afda1f39e7e58cefe72a44ad17069aac313079c038884503951a4007Virustotal results 43.55%Heodo
2020-10-1680658729.docdoc 9c52e949c6c2ca01cb5bf09538ef75451e8aaabf492927bbc8a9f6253007a31bn/aHeodo
2020-10-16REP_QIX_100120_IWZ_101620.docdoc 5f94a90f54d5c04a4ba33f0d4884392c5411775d63d2293793f9e0d348bfc88dn/aHeodo
2020-10-16351060723266940500626.docdoc 416c28eeaa4f2ecdcea4ff0f31cb81a99f7a9f6ff65c9e96afec641dd8a84a12n/aHeodo
2020-10-16ALPFESOZ.docdoc c54b2a88a8922dccacaa6cda1569288f09ac7fa058a7979ccc50ef2160fdfdc2n/aHeodo
2020-10-1689353654.docdoc 050b91c3856b3b8443071f05b83891a850ed05e0db422b929721afb8717c6bb6Virustotal results 33.33%Heodo
2020-10-16OZFG_KKQ_100120_CGE_101620.docdoc 5663b43be4b7750b87291903b51c11e04d667e31e15695035a14a6b28296ef1fVirustotal results 33.87%Heodo
2020-10-16GV2000855177VA.docdoc 74f63318ba7dd16ddae51e0b9e1e8a253d02156b7ccdbc947aa9559b49ed49a4Virustotal results 30.65%Heodo
2020-10-16MV22V3QE4M22P.docdoc c9146e559eeaafb38494a657eb583b6833b2c35dd60eafe2140ee8bc22150c96Virustotal results 31.03%Heodo
2020-10-16DOC_02630440974.docdoc 6a0b601c431187f4680301122156322706726f05eedf22684295042c3277df8an/aHeodo
2020-10-16D_PO_10162020EX.docdoc aa3af1b21af839268143b000b0e8f4a431079b94f69c8025f31315e8ceac2b47n/aHeodo
2020-10-16REP_45453019.docdoc 8e9462c9a3766b0a41a21d609caf5c36fd65d502b5e17bde7bb2a99628d16bd6Virustotal results 32.26%Heodo
2020-10-16FILE_PO_10162020EX.docdoc 90d4594020996e8f0785d89697380b924303884de63da77463a13177b21c1858n/aHeodo
2020-10-16REP_R32AW5T.docdoc 3550b173f084aabdd854dc658b31eeac18f28c421c23052d45d5e8a92f8a3e93n/aHeodo
2020-10-16FILE_5XD6QJXPT6VO.docdoc 59353c49c62f983f096262d073e811f1b5b3f843352fc3cc78ff2a20e7aee458Virustotal results 49.09%Heodo
2020-10-16DOC_PO_10162020EX.docdoc 83f30b3a4a10e5a1a7c91c9ca69d9bc4551924e63d41ca17faf0be34297659daVirustotal results 50.00%Heodo
2020-10-16REP_KVV_100120_GVR_101620.docdoc e4eea00c10d57f7e9b8d6549d4aff203d1224df5e866140f6f479a2e65093dbdVirustotal results 50.00%Heodo
2020-10-16QECE45872HGIDAB.docdoc 551880e02b296af7914d070f4040b2ff350b298b8c64b1f7abb096514add304an/aHeodo
2020-10-16BAL_9WZS4GU.docdoc 862a3557cbd080c1e4b737d044d2a849ffc1fda3cd46e474ff947ff583357464Virustotal results 50.82%Heodo
2020-10-16TOV_MVE_100120_EJI_101620.docdoc 0132d7543ceb26d2709cd377cfaa3132827b865267e7b98d31bcf3f38e3b1c3cVirustotal results 46.77%Heodo
2020-10-16INV_WRM3ZJYZ53.docdoc 6bd70c37738737b137dddf5e137cff39eb5baeca80217787c95d5ce885c5854aVirustotal results 47.54%Heodo
2020-10-16P_PO_10162020EX.docdoc 220ac344a6cec573fee38bce085d019effbac440a1edc4f463c1f5b676b6d082Virustotal results 46.77%Heodo
2020-10-16FILE_43283554.docdoc 766e921c13edd4367d95fd44b3070b9d4bbee1886ba2e298fc91f030e5e034acVirustotal results 52.46%Heodo
2020-10-16REP_16969948738298741719.docdoc 2ea42eea9abe81ee4415154eabd2fc00bb951b3a234e1b3ef9e824d77ee97732Virustotal results 46.77%Heodo
2020-10-16WBUT_25027051.docdoc a0af2c0d46bfa10fc4589560d7055a18babee6615726fb2893b817e111f9ecbfVirustotal results 46.77%Heodo