URLhaus Database

You are currently viewing the URLhaus database entry for http://avast.dongguanmolds.com/svchost.123 which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry


ID:68483
URL:http://avast.dongguanmolds.com/svchost.123
URL Status:Offline
Host:avast.dongguanmolds.com
Date added:2018-10-16 23:55:02 UTC
Threat:Malware download Malware download
Google Safe Browsing:Clean
Spamhaus DBL:Not listed
SURBL:Not listed
Reporter:@JRoosen
Abuse complaint sent (?): Yes (2018-10-16 23:56:01 UTC to abuse{at}cloudflare[dot]com)
Takedown time:14 days, 14 hours, 45 minutes Bad
Tags:AZORult exe Loki

Payload delivery


The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTSignature
2018-10-29n/aexe808067918568f48d587493636f3ca1dcdb41f2e4149a53a5defe697613818727Virustotal results 14 / 65 (21.54)AZORult
2018-10-25n/aexe49597271a1b8145fd14a2fda3b45f22449b8d12ed3f245fe531156524a175802n/aAZORult
2018-10-23n/aexe451c77f94c0690d4b59d07fa4d4f525319ab7efda6ecebad27136f2e69b4e5b1n/aAZORult
2018-10-21n/aexe9a3bfe2518904da9dba7f94833ab56d9730d1ca6ee13aa312f184a1ba8f0e71aVirustotal results 39 / 68 (57.35)AZORult
2018-10-18n/aexe0e3f7952376a968053dc5374dbea51350d95c9b8b7b38cd8842b470c7fe36074Virustotal results 15 / 66 (22.73)Loki
2018-10-17n/aexe250eefcc42762d08e4b571792bc0170673bf4f2b96376ccbfc2f777a2f6efbd9n/aLoki
2018-10-16n/aexe943e5f09003c8ba948a4d8c11db59af55e5527a572832e59ac825f344bf1cfffVirustotal results 34 / 67 (50.75)Loki