URLhaus Database

You are currently viewing the URLhaus database entry for http://potterspots.com/cgi-bin/8MnY/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry


ID:183102
URL:http://potterspots.com/cgi-bin/8MnY/
URL Status:Offline
Host:potterspots.com
Date added:2019-04-23 16:26:05 UTC
Threat:Malware download Malware download
Google Safe Browsing:Clean
Spamhaus DBL:Not listed
SURBL:Not listed
Reporter:@Cryptolaemus1
Abuse complaint sent (?): Yes (2019-04-23 16:28:03 UTC to DCAbuse{at}zayo[dot]com)
Takedown time:1 month, 24 days, 23 hours, 43 minutes Bad
Tags:emotet epoch1 exe heodo

Payload delivery


The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTSignature
2019-04-25kk6AvsLPy.exeexe9c38b0b64eb091eb10521ee5a602940020afa164615cc93898e771dff24c97ceVirustotal results 15 / 72 (20.83)Heodo
2019-04-25dQgvu81hN.exeexe358685bd63f4e40864316f226a77e67fa99da1329feba49a6e2d99dd7b6a7a63Virustotal results 17 / 69 (24.64)Heodo
2019-04-24R3mqdV7H.exeexefbc18ccb452277f9a80218f3a88846cebc41f5bbcecd22297df0fbd5e20e5f8aVirustotal results 17 / 70 (24.29)Heodo
2019-04-24QjWGh1CI.exeexefeb37138151dfe1245942002f507878b16bbcaacc62612fdd5188de6f27ac3fbVirustotal results 15 / 68 (22.06)Heodo
2019-04-24hcJjmmtVN.exeexe323154c4cb75b02983bc4e076be06997644eb8852384aa8d92b48131bc085f00Virustotal results 18 / 69 (26.09)Heodo
2019-04-24YOBwu4aKKwgt.exeexee350efd69893b28033dfa6ba293f402c04281453c766022a266ae6be6fbe31aaVirustotal results 17 / 67 (25.37)Heodo
2019-04-23t6GkkfChyxpR.exeexed192e212101c718c80a36a991d3e967f0e9934a6844ce4907b8b5846693e015aVirustotal results 16 / 70 (22.86)Heodo
2019-04-23GE88gtAis.exeexea2aeb5f507d5a5ca62ffc73fa34c825890d9bccd686079a283e37a3d21a0c50en/a
2019-04-23d7F4a5imsw.exeexee24d216a48831d6aea667016faf1c5a0a2ddf47cf95e0a80623be0dfc3ada8a6Virustotal results 25 / 66 (37.88)Heodo