URLhaus Database

You are currently viewing the URLhaus database entry for http://headquartersplay.xyz/download/pl_installer.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry



Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:1465655
URL: http://headquartersplay.xyz/download/pl_installer.exe
URL Status:Offline
Host: headquartersplay.xyz
Date added:2021-07-19 08:16:04 UTC
Last online:2021-07-19 11:XX:XX UTC
Threat:Malware download Malware download
URLhaus blocklist:Not blocked
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Status unknown
AdGuard :Status unknown
Cloudflare :Blocked
dns0.eu :Status unknown
ProtonDNS :Status unknown
OpenBLD :Not blocked
DNS4EU :Not blocked
Reporter: benkow_
Abuse complaint sent (?): Yes (2021-07-19 08:17:02 UTC to CloudFlare Anti-Abuse API)
Takedown time:3 hours, 26 minutes Good (down since 2021-07-19 11:43:42 UTC)
Tags:exe Raccoon link RaccoonStealer link

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2021-07-19n/aexe 9b150336d4abc38eb73c89d41777d33ced5bc6cb5c7549b893422d48c4b5bb41n/aRaccoonStealer
2021-07-19n/aexe 62f69fb7d3ba666de557eaa0932d7f5372e780bb6efb4d90736dda27748eccd0n/a RaccoonStealer
2021-07-19n/aexe e4d1670d1785eabdda12d45ee5c32c185863e1f3d049424a8c616a062659cb50n/aRaccoonStealer
2021-07-19n/aexe 73ccf81d0e86eba685edcf4b42f97a036e6d2d5a5e9573d7580c71a74c7c116cVirustotal results 33.82%RaccoonStealer