Where we stumbled upon it: https://urlquery.net/report/93623c87-4b61-4e4e-9cd3-856f46c04309
Analysis of Emotet maware: https://www.malware-traffic-analysis.net/2018/06/19/index.html
How site was attacked by exploit: https://github.com/Bypass007/vuln/blob/master/OpenResty/Uri%20parameter%20overflow%20in%20Openresty.md
US-CERT info now removed: ttps://webcache.googleusercontent.com/search?q=cache:42b0nE63tsAJ:https://www.us-cert.gov/ncas/alerts/TA18-201A+&cd=1&hl=nl&ct=clnk&gl=nl

polonus (volunteer website security analyst and website error-hunter)

Malspam pushes [b]emotet[/b] malware.......

[b]The Evolution of Emotet: From Banking Trojan to Threat Distributor [/b] https://www.symantec.com/blogs/threat-intelligence/evolution-emotet-trojan-distributor

Also see >> https://forum.avast.com/index.php?topic=52252.msg1471055#msg1471055

Thank you, Pondus

polonus