URLhaus Database

You are currently viewing the URLhaus database entry for https://egmontair.co.nz/css/file/yUULClon/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry



Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:454079
URL: https://egmontair.co.nz/css/file/yUULClon/
URL Status:Offline
Host: egmontair.co.nz
Date added:2020-09-06 01:58:40 UTC
Last online:2020-09-06 02:XX:XX UTC
Threat:Malware download Malware download
URLhaus blocklist:Not blocked
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Not blocked
AdGuard :Not blocked
Cloudflare :Not blocked
dns0.eu :Not blocked
ProtonDNS :Not blocked
OpenBLD :Not blocked
DNS4EU :Not blocked
Reporter: Cryptolaemus1
Abuse complaint sent (?): Yes (2020-09-06 02:00:03 UTC to matthew{at}mikipro[dot]co[dot]nz)
Takedown time:57 minutes Wow (down since 2020-09-06 02:57:07 UTC)
Tags:emotet link epoch3 exe heodo link

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2020-09-06UGR8mWAvZtp211.exeexe e5dcf78fb00fc506095e67776a95ca5b3d366c694fa5492cbd932d5e929364d6Virustotal results 32.84% Heodo
2020-09-068845959564258BwILzd.exeexe f0090903a6caa5eeee8547b251f1b02dd6aeb4623431e785c260fb0b072944a6n/a Heodo
2020-09-060051368965.exeexe f463ca878942fc9a36c76848ab0d16cf1621f47e0fb1c6c554e30af1d688109bn/a Heodo
2020-09-06Fx3ZT4YASLVTHc.exeexe 9eab62b33f6da8c268aab7233fb63103bb678aeca5123fd28e13c1329b487f54n/a Heodo
2020-09-0600075590BI7zMjN3aGm.exeexe bef19386b73e8f9f4084cc630e2d3ee0273455f37eac386448b75c4883274ae1n/a Heodo