URLhaus Database

You are currently viewing the URLhaus database entry for http://blog.flyinterguide.com/wp-content/uploads/CGAG-TczhADJvsZJ6lW_HsgOwtuW-eVM/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry



Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:173190
URL: http://blog.flyinterguide.com/wp-content/uploads/CGAG-TczhADJvsZJ6lW_HsgOwtuW-eVM/
URL Status:Offline
Host: blog.flyinterguide.com
Date added:2019-04-08 13:50:42 UTC
Last online:2019-04-09 06:XX:XX UTC
Threat:Malware download Malware download
URLhaus blocklist:Not blocked
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Not blocked
AdGuard :Not blocked
Cloudflare :Not blocked
dns0.eu :Not blocked
ProtonDNS :Not blocked
OpenBLD :Not blocked
DNS4EU :Not blocked
Reporter: spamhaus
Abuse complaint sent (?): Yes (2019-04-08 13:52:06 UTC to abuse{at}amazonaws[dot]com)
Takedown time:16 hours, 12 minutes Good (down since 2019-04-09 06:04:13 UTC)
Tags:emotet link heodo link

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2019-04-091853176963_Apr_09_2019.zipzip b4857a6083ea28d0f22f6e5500fe7fd6ec59a11c6e47be965e228ee5cc295534n/a 
2019-04-0965351374989_Apr_09_2019.zipzip bd86dcd85eab40205fdf81441785c364539bbc243da8b4557adcab3cb5a5168an/a 
2019-04-09966125365126_Apr_09_2019.zipzip 778eec57d1a8a85095e1670b664648e0a669d54123701e997d6f4c6de24cbb01n/a 
2019-04-09098420706826_Apr_09_2019.zipzip c2b8a2410026802da9c3eb693a0a39a89b52627e85bbe74f10f09fb7ede4b424n/a 
2019-04-09300079311425_Apr_09_2019.zipzip fca79c6dc04f43132708878cffdd2ddc0c6fc7a3110aad79bc151435402b9d18n/a 
2019-04-091200919609_Apr_09_2019.zipzip 54da3297434c6ce048690904d8208ee211eec121d06de82191f0b0898681b485n/a 
2019-04-09562331297814_Apr_09_2019.zipzip 23045919a440926a140faa36afa4285e080fa893a51093751905f97bd97ac040Virustotal results 18.97% 
2019-04-098240997490_Apr_09_2019.zipzip 4a56a7716c1e6064386bb703c4101c451354aa7e2b180bcc3edf684a7abc915dn/a 
2019-04-09759293105531_Apr_09_2019.zipzip 2166d2a136b6caad0ac88b177118fd05e245a85b7d9cee7cdbbcac19a37215cbn/a 
2019-04-09742339629296_Apr_09_2019.zipzip f1a44ad16ed368536c007972206111cc1051f6808016035ef8a13521d31e4a61n/a 
2019-04-094684598906_Apr_09_2019.zipzip d484cb614cbeb34c31d0d67f71d003787e1600c368ec01c499315aad0beefa02n/a 
2019-04-0831263575804_Apr_09_2019.zipzip 58441be2cbeb866eb51529c9e9d1f6b597e06b7a76cf206418295a5fba9268c8n/a 
2019-04-0836757409709_Apr_09_2019.zipzip 705ad98a7a7f6302349b3b5e6f10f2267e16d7cbcd05abf9bf911c26678016can/a 
2019-04-0872839312890_Apr_09_2019.zipzip 1cd03c440180e26d4cc0e77f2999fc539cd5a84f5130ed4efe1f5b1b33aa5e40n/a 
2019-04-08974406275798_Apr_09_2019.zipzip 6ceb9774b4f5bd332292523c84ed29f17e3b9bba34cdbc8b7d284eba6bd99fc0n/a 
2019-04-085400654769_Apr_09_2019.docdoc c1114b8e49e6c5ffab82ab399cbecd078834d64b0d30d59f8d07ee87943c802aVirustotal results 36.67% Heodo
2019-04-083660832350_Apr_09_2019.docdoc 8f6e3bd0ef1e970e2881184b0806c316cab3760e7886e571acdad3561cf92b3dn/a Heodo
2019-04-0800014610703_Apr_08_2019.docdoc b907cdd4842dedaf89e396e9b165efc29adf923478cbf3eb14f625c467b60037n/a Heodo
2019-04-0887321634402_Apr_08_2019.docdoc 99c8a97069d1dbf1dc45f883707fe2c8ba1f4d9893dc2b921d9b0061e370ae55Virustotal results 31.67% Heodo
2019-04-086442563547_Apr_08_2019.docdoc 68cc5c8e494a645b09fc0d1f9e2e9be8c2e63f982558fcde33f36231341096d9Virustotal results 31.03% Heodo
2019-04-0820857650032_Apr_08_2019.docdoc c1eac5382d05ee0b363900402bd8bc2ff0aab6192c34d029d61796e4f0bb1143Virustotal results 31.15% Heodo
2019-04-08Statement_4919046505_Apr_08_2019.docjs ffbe73591031973cb52f6950ed61b168a0f0bda69f004db08846dfc1bd1d1920Virustotal results 56.36% Heodo