URLhaus Database

You are currently viewing the URLhaus database entry for http://it-eg.com/s0tZci which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry


ID:58010
URL:http://it-eg.com/s0tZci
URL Status:Offline
Host:it-eg.com
Date added:2018-09-19 14:27:16 UTC
Threat:Malware download Malware download
Google Safe Browsing:Clean
Spamhaus DBL:Not listed
SURBL:Not listed
Reporter:@unixronin
Abuse complaint sent (?): Yes (2018-09-19 14:28:12 UTC to abusencc{at}interserver[dot]net)
Takedown time:1 month, 15 days, 22 hours, 44 minutes Bad
Tags:emotet exe heodo

Payload delivery


The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTSignature
2018-09-213597987.exeexef81e33e1cb46de8810ea6465d0bb2a77375ec0a4b36f25fdf23805f93609fc76Virustotal results 20 / 68 (29.41)
2018-09-2090.exeexe29917a77f6ae29440a95ec64b25ea3e1ea594a235500d63bec3a49d373e5fcd2Virustotal results 16 / 69 (23.19)Heodo
2018-09-2045680.exeexe775c6e705f49f3bc5c3afb95fb3e383b0b55260298efb91a02fcfee7003f3bd3Virustotal results 16 / 68 (23.53)Heodo
2018-09-20640897.exeexe168812f3a6316d7d2db78924d0f0019d8700d4fd8f672f0ff0ca9e296b1dee18Virustotal results 16 / 69 (23.19)
2018-09-2061867.exeexe39e8d93e086a2e29401f1d7d6747742bee362d9600de7f69ff7cfd72509bea48Virustotal results 12 / 68 (17.65)Heodo
2018-09-2096.exeexe98f66f74344f65bcfe59e888252dd9327b6e01a81efd8bb909c621cd76ea0476Virustotal results 15 / 68 (22.06)
2018-09-1948277.exeexe029de5e7deebe8707f7a92be27ae1465937ec72051220da7ebbc93a57ff38f26Virustotal results 6 / 68 (8.82)
2018-09-1943255.exeexe9a0c828e2ee630e8accf5738d4d1a737a5f197c3fba22b19c1e515ef1c5b21bcVirustotal results 16 / 67 (23.88)Heodo
2018-09-1989135982.exeexeed7e59bc55cf7df40d04d8bbe1e2fe57b6dc954865fbf2f670f1208c60150194Virustotal results 12 / 67 (17.91)Heodo
2018-09-194612.exeexee14207ab1395815655013684cefcde46edc39a78196bdc9d280d770eb62ff9e9Virustotal results 5 / 68 (7.35)Heodo