URLhaus Database

You are currently viewing the URLhaus database entry for http://www.ardguisser.com/IUIA-qgkdtq2rfbXD7Z_LjIAENgVq-4CY/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

ID:	96625
URL:	http://www.ardguisser.com/IUIA-qgkdtq2rfbXD7Z_LjIAENgVq-4CY/
URL Status:	Online (spreading malware for 7 years, 6 months, 17 days, 22 hours, 42 minutes)
Host:	www.ardguisser.com
Date added:	2018-12-17 20:59:25 UTC
Threat:	Malware download
URLhaus blocklist:	Blocked
Spamhaus DBL :	Abused domain (malware)
SURBL :	Blocked
Quad9 :	Blocked
AdGuard :	Blocked
Cloudflare :	Blocked
dns0.eu :	Not blocked
ProtonDNS :	Blocked
OpenBLD :	Blocked
DNS4EU :	Not blocked
Reporter:	Cryptolaemus1
Abuse complaint sent (?):	Yes (2018-12-17 21:00:18 UTC to abuse{at}ovh[dot]net)
Tags:	emotet epoch2 heodo

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Bazaar	Signature
2025-04-27	PAYROLL_21SCEEDS_12_18_18.doc	doc	1bd270c6a1692d1e5caecc57fc91e7c0c81303069350de323504b9f280d11ccc	78.69%		Heodo
2018-12-18	PAYROLL_21SCEEDS_12_18_18.doc	doc	1bd270c6a1692d1e5caecc57fc91e7c0c81303069350de323504b9f280d11ccc	n/a		Heodo
2018-12-18	SWIFT_26UXIRTLTA.doc	doc	755765ccbf61b9562f4abf335c18befa63e467197e6fdc078b8846fa0ac0708c	29.31%		Heodo
2018-12-18	ACH_447616EHZPSR_12_18_18.doc	doc	db4ebe46e6fbe442fce2d055bb25f6a0d8736e09152034df6231e2f15feae50d	27.12%		Heodo
2018-12-18	PAYMENT_610CMFYXDX.doc	doc	e2d570503d272c00390809e88ef446dd62c49ba9ec0a3f0adf1a9e9e633d91b7	27.59%		Heodo
2018-12-18	PAYROLL_5CXVLQJ_12_18_18.doc	doc	27654cb7530fc3198479af5367143bd92da19d2d6f14cced83738c9019bf8693	27.12%		Heodo
2018-12-18	PAY_50SBZQIVY.doc	doc	484c27eaaaadd4c69576e0c1f084aaee0b900c6a7cbd25b001521ddbd854a3d9	24.59%		Heodo
2018-12-18	PAYROLL_08283VLKMDHTP.doc	doc	3b248821ed069f21adf65787d1969d615664965e0103871cb16d94505eeae860	23.73%		Heodo
2018-12-18	PAYROLL_406XLBXMMJO.doc	doc	e74f6f019444c1ac3c4135a9f8d6e19106fa7bb01ba041e203ac7ddf7b1b6fa0	25.86%		Heodo
2018-12-18	PAYROLL_2SZUCNS_12_18_18.doc	doc	b21071c6efed7f671af055cf0e445cbb6f76c59197ad8f36aad3ecf4890146ae	23.33%		Heodo
2018-12-18	PAY_761313EFKZJYTH_12_18_18.doc	doc	5fe641dcab206d96b66b587c8780eb7c2be25d60c1511ebc3e73191601ab8549	25.00%		Heodo
2018-12-18	SWIFT_1823UPCEAN_12_18_18.doc	doc	f6344355607755bc19ca662dd8465fdb4e3b700830f6d658af643e9123dd19ae	25.42%		Heodo
2018-12-18	PAYMENT_2191FWVAOUNR.doc	doc	0720be51091544903e8476ed4cece353bb32726569229a6eaf33357e4318e85d	23.73%		Heodo
2018-12-18	PAY_286625ZDVWZIDH.doc	doc	85f55707cfe04a9238a2b35d2e15864bc499dfcf362f755f85a75a1f0d576be4	27.59%		Heodo
2018-12-18	PAY_199NEOUNUMC.doc	doc	d0930c39e72985dc5361f99c0117a9a8132de4e0ed4248245cf68211006ef2ba	23.33%		Heodo
2018-12-18	ACH_61LBAIHBA.doc	doc	03c84354b04c97153bb358c3d32f84af0a228497cabd70688b47607b06c228b6	25.86%		Heodo
2018-12-18	BIZ_40526IFQAYV_12_18_18.doc	doc	67d08cbd4c053203122d9fb78b568eb82fb2bc4bc81afd04e9a25bd26e3c955c	25.86%		Heodo
2018-12-18	PAYMENT_3WJRETPH_12_17_18.doc	doc	04ed22881589b6c77d01cdda5e35a736db215978e813aaf058da725c1bb48fb1	n/a		Heodo
2018-12-18	ACH_856342FGYWRIKW_12_17_18.doc	doc	67e20396aa806209ca4d38be7958d42cb28700eda1f511dfef542c27b1e1a886	n/a		Heodo
2018-12-18	PAYROLL_282398EJLXCK.doc	doc	50fd133b606006eb3d0085028fcf5b4a2460132cda32b2e6a25a5d32f54718c3	42.37%		Heodo
2018-12-18	PAYROLL_6UAGCDC.doc	doc	749c2da7a49e60064ee30ad7579a5ac41d2f2bdc9c968ee8b2db96a0a2031839	41.67%		Heodo
2018-12-18	SWIFT_14KDBGCTUJ_12_17_18.doc	doc	836c8c98daace0c809964ac4278730d6ac959c2beb288bb14807f69e329c829c	43.33%		Heodo
2018-12-18	BIZ_479DHVLNJ.doc	doc	93239b5ea551061f1ca4166c69075d62e7541a35964b9fba4604a9677432fe44	40.68%		Heodo
2018-12-18	ACH_93588THSLJAFQ.doc	doc	6dc700725032aded54ee5814fbd2ef976f28c8f6f3b5feb64f7e6484e367824b	42.37%		Heodo
2018-12-18	PAY_73113CJRADHW_12_17_18.doc	doc	6cf4577eab2be2e75758bab38fa478981867c23437d401e8bd3dacdcf70ead0c	43.10%		Heodo
2018-12-18	PAY_5689120AYPBEQKI_12_17_18.doc	doc	08b4bdcfe55e4182c23c7988e3670060e761a629e50992ddaa015ac28d8a2267	n/a		Heodo
2018-12-18	PAYROLL_90240BDHSSB.doc	doc	5a36447adb2dd4d1c72e36a8468abf8e54674148945685e9291da657587df38e	n/a		Heodo
2018-12-18	PAY_7307387LLGZPV.doc	doc	1748a20e532b71d9991edc4ce5ccc43b4691316a1d5b9e7b9099e05919dc2763	n/a		Heodo
2018-12-18	BIZ_0OMARFEVD_12_17_18.doc	doc	5f21d0a57e14be9302ccff0b7e67f4e3861978045b8e0577eac8a05e3e2ce24a	n/a		Heodo
2018-12-17	SWIFT_28PWCUMMLX.doc	doc	79464da07d3e6e84b1471b5a82669fa0b6e7123e1d28197cce5970a9933a7d56	n/a		Heodo
2018-12-17	PAYMENT_7BSDYGC.doc	doc	ca8613f8865172f382218bd38d8692cb64a8d324e7a7797d327fa469e0c829b2	38.98%		Heodo
2018-12-17	SWIFT_21MIRTRGF.doc	doc	a6544b0d78709d60a9651276c50762ddb957eef4a8f33065455a75d7cf4623eb	n/a		Heodo
2018-12-17	SWIFT_103LHWVWBBJ.doc	doc	e63bb6ab733a29eae96b972f21d32aae3e92944db84f9d6aab6b3315587dff9b	37.93%		Heodo
2018-12-17	PAYROLL_0BPQEBAV_12_17_18.doc	doc	4fcde9c701af0ede7e58cb084afa5b3be6f07cf8e58f3dfe7782a12544ec471d	33.90%		Heodo
2018-12-17	ACH_4121143KXNYUMM_12_17_18.doc	doc	7ad65beaa9602a5e004fd7cc5807cb967f5b4c80deb7526e4033fe1d63dd6d15	38.60%		Heodo
2018-12-17	PAY_8855552HYHDNT_12_17_18.doc	doc	1d4167ab5f7bfa56a0e3719f43d6f20e7fd8f03d533d020e929c061fd200987e	35.00%		Heodo
2018-12-17	SWIFT_9KFCMUQ.doc	doc	844f55f6a4bc27b0c927918d78013e4196cf4baa6ba6ac75a51aebbe0bca8352	33.33%		Heodo
2018-12-17	ACH_619TETHJY.doc	doc	0e112d17bd8b05cb684445b6b4091a923dd0300a194ff5f0209ae5474b7b2e06	33.33%		Heodo
2018-12-17	ACH_503633LHHTHH_12_17_18.doc	doc	e8c24fd3597cb804f78aaacf01960743f514002f3d761db49a6a5fbf32b4f6f9	31.03%		Heodo
2018-12-17	ACH_2042160FUXZXH.doc	doc	508fdecfe852d5a1b18b9233d0ac0a0dbfc404523bead9261b2503674ee6a751	28.33%		Heodo
2018-12-17	PAY_908KXDSHO.doc	doc	f0b25547419ff74e10b7e6ad46c4e192c14f3b2ab20c4e9aa81c3b04b4e11469	30.00%		Heodo