URLhaus Database

You are currently viewing the URLhaus database entry for http://aygsl.net/mLf which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry


ID:37228
URL:http://aygsl.net/mLf
URL Status:Offline
Host:aygsl.net
Date added:2018-07-31 18:15:06 UTC
Threat:Malware download Malware download
Google Safe Browsing:Clean
Spamhaus DBL:Not listed
SURBL:Not listed
Reporter:@p5yb34m
Abuse complaint sent (?): Yes (2018-07-31 18:25:03 UTC to abuse{at}hosteurope[dot]es)
Tags:emotet exe heodo Loki payload

Payload delivery


The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTSignature
2018-08-0154189353.exeexef58397b3a322f7a88f2129c69dc92d50ba095d10c09dc9bf6c1550042f0879bfVirustotal results 13 / 66 (19.70)Heodo
2018-08-0124508525.exeexe8d71f8bb7e502afd93688a21568ac96ec6e6a93aeba8817db91895daf0b23210Virustotal results 19 / 67 (28.36)Loki
2018-08-01821505.exeexe316baf91f59807a401495480ef551b9b9a0cc2bfb6f984917f10555d92c083e4Virustotal results 14 / 67 (20.90)
2018-07-31614117.exeexe06ce716dd34f66b01d87a0ec683d7b349092dde008077e5bc4697becf7798917Virustotal results 15 / 68 (22.06)Heodo
2018-07-31631811.exeexee0ddfd2b033b34c718ca773a01282bae79a12fc721a4b17f4aafb350aced3180Virustotal results 16 / 68 (23.53)
2018-07-3100.exeexe04bbd72b1b29b28439c54e8c66bfea3675958ba2467f75d0f09ef384a358474fVirustotal results 18 / 65 (27.69)