URLhaus Database

You are currently viewing the URLhaus database entry for https://www.clearconstruction.co.uk/scripts/3oEJgZjRWVLNMbY14ajMQKA/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry



Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:2123334
URL: https://www.clearconstruction.co.uk/scripts/3oEJgZjRWVLNMbY14ajMQKA/
URL Status:Offline
Host: www.clearconstruction.co.uk
Date added:2022-03-30 22:21:03 UTC
Last online:2022-05-19 14:XX:XX UTC
Threat:Malware download Malware download
URLhaus blocklist:Not blocked
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Not blocked
AdGuard :Not blocked
Cloudflare :Not blocked
dns0.eu :Not blocked
ProtonDNS :Not blocked
OpenBLD :Blocked
DNS4EU :Blocked
Reporter: Cryptolaemus1
Abuse complaint sent (?): Yes (2022-03-30 22:22:06 UTC to abuse{at}uk2group[dot]com)
Takedown time:1 month, 19 days, 16 hours, 9 minutes Bad (down since 2022-05-19 14:31:59 UTC)
Tags:emotet link epoch4 heodo link xls

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2022-04-01XH-63668194.xlsmxlsm 430ad44ae922252634710e1d7e4c8bbd73e5bf416de60468b96cdfaa8e141006n/a Heodo
2022-04-01NXJ-9228357272.xlsmxlsm 3390185d81ea6becb7bb5c59f26400a3c75b99da77bd95eb76e9417ca984b4dfn/a Heodo
2022-04-01UNW-6102619582696.xlsmxlsm e659479a435f37e03d325154ad864519c5a6853aac0f16d605d7560f3a4a0863n/a Heodo
2022-04-01YQL-872211240261371.xlsmxlsm 486f0b5ec22adfb853de19d134c1b622d189a6b833765aab0ae9c0759ff19735n/a Heodo
2022-04-01DPN-7824996.xlsmxlsm 872c806b2f7f3d9e9fa2365cf07997b152c6209d41197d5584295b3f3cbdfb70Virustotal results 39.68% Heodo
2022-04-01NDJ-81187060368.xlsmxlsm b42ac7850efc6c39b4c7db61d4be9a131d78b545eaaa868dab373c45bff2fd72n/a Heodo
2022-04-01KNA-13224568.xlsmxlsm 6f36dc00ba84a24fd67899a3d293172a34cc74c02819e190d0fe946a5aec8bc1Virustotal results 37.10% Heodo
2022-04-01NK-39966163367379.xlsmxlsm a64bc6ebec8276ca2d7c4f93924435aa5bb8f8cdf0f71601d6640108157a126bn/a Heodo
2022-04-01GDP-4354565.xlsmxlsm a5935a412c23ba191d5b45d6c5d4bc9ef13f7e88766c37571502a79ee381ef5dn/a Heodo
2022-04-01YU-014705810447163.xlsmxlsm dbf83f486a7c984113454c8adbaf67592ca234b8918c265d2f37e174aa0bc1ean/a Heodo
2022-04-01JVW-532027596832263.xlsmxlsm b9a82fa6fb67d3ca785a7d8d842c76b3beecd65c9789af664049e029ce4e9a7an/a Heodo
2022-04-01BJP-828210326994.xlsmxlsm a4653047d35b63e4cfb6020be4149b484aa5e68354d53a9da860dcc3cdeef038n/a c8fc17ff030feb3383d8889f69abbb
2022-04-01NSX-3041981.xlsmxlsm 3ec7dae29ba24a2e8aff9b38839735a3baa6271f44b7ca46022e04da14b642b1Virustotal results 36.51% Heodo
2022-04-01HI-07904433363507.xlsmxlsm 55af29e8285944f573d931d856bd099dac92ab1868000f8346d13a0bce7f1e3dn/a Heodo
2022-03-31AQ-383309904105.xlsmxlsm 7b5aca9a82485f669d10db3cd974bd416d8c41f460a1cc9e81eb7a5ec0eb1574Virustotal results 36.51% Heodo
2022-03-31GQM-998819140.xlsmxlsm bbf1ee7ac4c4ec95b8f5be027d6d0063d9067480f0bd4f7efcdbeeaa827dceefn/a Heodo
2022-03-31AIL-345061680938.xlsmxlsm b240ff1edec81e1d31562cbd34499c1f2085346a7de34e51016cb82e3cb85716n/a Heodo
2022-03-31RKC-8183083444369.xlsmxlsm a511cc3375e58ef7201e233c3bf07a3e37506bda58ab9bd64047cf5656cd4932Virustotal results 34.43% Heodo
2022-03-31YI-938842787017663.xlsmxlsm 2fa93c2dfef003816d473094a03ffe57ed6fd6cbbd21f22831af88634fc3287dVirustotal results 37.10% Heodo
2022-03-31IQ-4099328760.xlsmxlsm 522056ad088097c5c827ddabc4a8e7ad95b16563043dcfde8aa2fc4b0df81a1fVirustotal results 41.94% Heodo
2022-03-31FP-8844541.xlsmxlsm 0e92cfd04405b8b597562761080285f19807c04c48c7278fe7632271ded41c3dVirustotal results 40.00% Heodo
2022-03-31ZX-57253536173.xlsmxlsm 48f3f48c930933448b555efe67aa364e098504f2273ec2a4792803cb4a21b8bdVirustotal results 40.98% Heodo
2022-03-31NZM-7583923106.xlsmxlsm 838aaff9e0b3ff967eb4e3ed2461109e68a0d8273f496f447224e1ae3c55d8ban/a Heodo
2022-03-31DF-301240037.xlsmxlsm 894658b992050ab6d7ee061f083a48264ce56c1b4fbc5ac87c142765405a47f7Virustotal results 36.51% Heodo
2022-03-31LC-9543154178281.xlsmxlsm 162637428037d1f8f3bd675b122e5b830107b9ea7352c8c765e97a3afbce1231Virustotal results 40.98% Heodo
2022-03-31YZL-19708431654774.xlsmxlsm a7ae8fb40c5d93e9ddbfc68b000b65ba19b085e7a19d3a5d9bef1c243a6add91Virustotal results 43.55% Heodo
2022-03-31DY-664861758833208.xlsmxlsm 3f0534a7da98fb167cda2d3abd3e89f8f8f0ec65bd7146de1ad2ce762f1486b6n/a Heodo
2022-03-31SI-3928373909702.xlsmxlsm 741ce52756ec7af61733cc38585600581961b56bc885e46393e6e2028bb8efben/a Heodo
2022-03-31ZSI-240919792.xlsmxlsm d23b68a978873407e16fa4e380419519f8fdaf340245a8bed2182f15f9450a75n/a Heodo
2022-03-31CH-548132996191.xlsmxlsm 287f8b49b0107a7e303a4d327d34a8fe117d4696af06bb3bbd73d25e5a39270fVirustotal results 40.98% Heodo
2022-03-31KE-6376578221.xlsmxlsm 4409b097292f1ed1adedbae38fcecf71370a64209f9bb5ffff019b71e8a88533n/a Heodo
2022-03-31RP-9519538083.xlsmxlsm 764d8e72174b0666952016caf95096e85219dba6554a8ce6db74b8244b3e7590n/a Heodo
2022-03-31DD-61548728707.xlsmxlsm ecfb46439586ddfd60ed5763f7b103d7487e94bf095208d8967dd838c5a68c27n/a Heodo
2022-03-30OP-7959312.xlsmxlsm f6d9028f6903f57570a969a97a510120fa11d93ce778cfeac61862c36d6b6bd2Virustotal results 38.98% Heodo
2022-03-30BE-6226473302368.xlsmxlsm cd87c584d61ecb87fbf42b6e2214664f3d1feb22fee767b261b3c269b8210d92Virustotal results 39.68% Heodo
2022-03-30SK-987757030.xlsmxlsm a9815663da2b9c41013ae43700ed39ce8476ee64cad443c5c40bccd91420efc7Virustotal results 30.65%Heodo