URLhaus Database

You are currently viewing the URLhaus database entry for https://giskunihar.com/wp-content/4meLxvZP/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry



Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:2026142
URL: https://giskunihar.com/wp-content/4meLxvZP/
URL Status:Offline
Host: giskunihar.com
Date added:2022-02-03 10:37:15 UTC
Last online:2022-02-03 13:XX:XX UTC
Threat:Malware download Malware download
URLhaus blocklist:Not blocked
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Not blocked
AdGuard :Not blocked
Cloudflare :Not blocked
dns0.eu :Not blocked
ProtonDNS :Not blocked
OpenBLD :Not blocked
DNS4EU :Not blocked
Reporter: Cryptolaemus1
Abuse complaint sent (?): Yes (2022-02-03 10:47:14 UTC to abuse{at}hetzner[dot]com)
Takedown time:3 hours, 5 minutes Good (down since 2022-02-03 13:53:12 UTC)
Tags:dll emotet link epoch5 heodo link

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2022-02-03An8tuWaRnedj.dlldll 9e37c2189d29c9c8784f9347c4cbf40f8a261a93bf5178075a0b0ba917c4c7b3n/a Heodo
2022-02-03h69frBUJxbScYRBp.dlldll f1c86855abb810ef2ac6c7ea1dcf9f5cb153ffecf7f38f322188ef5f4b1b151dVirustotal results 40.62%Heodo
2022-02-03ptyynR6rwdBTLqA.dlldll f00f19297b272bd729cea6c8fa412978954c6d73b7bff197ee4d3e43c65b6c35Virustotal results 43.08% Heodo
2022-02-03F5ufPfrXuE.dlldll c6b56a3aba66b9484db13a0e85f738928f070b24f4fd74fbb54924bd393bdfd7n/a Heodo
2022-02-03kD1.dlldll dd1c173cc06cd18a264a24c1d366fcd2337e6afba27ad1455e677fee0c2267adn/a Heodo