VirusTotal does not have this yet?

See: https://www.virustotal.com/gui/url/68a0db7a38dc8b9238fbf8c981db1c587f562decfb3c06c0fb3248dee9f3d05e/details
&
https://www.virustotal.com/gui/ip-address/35.158.125.211/relations

Reported detection: https://urlhaus.abuse.ch/url/261308/

Analysis in progress for the full uri: https://www.virustotal.com/gui/url-analysis/u-b9fb4e9e65ae7167eccdc4ea3a3a33f12e21a205b0d5d16b4c90fdb84773256f-1574978783/detection
finalizes with 3 engines that detect

Detection as reported: https://urlhaus.abuse.ch/browse.php?search=ffcad973d390937397bc4fa95825d7939150eb223b6e6486cbfecbc0b712903f
emotet & epoch flagged…

polonus

VirusTotal does not have this yet?
Result changes when i refresh the old cached scan result .................

Hi Pondus,

Yep, you are known here as the VirusTotal-Fine-Tune-Man. You know it as the inner lining of your poscket :wink:

Right, I also see 4 detect now: https://www.virustotal.com/gui/url/b9fb4e9e65ae7167eccdc4ea3a3a33f12e21a205b0d5d16b4c90fdb84773256f/detection
and 9 engines detect downloaded files → https://www.virustotal.com/gui/ip-address/35.158.125.211/relations
All detections from to-day, yours was 28 minutes ago :smiley:

Amazon has to stamp out this abuse on their wires :smiley:

polonus

Emotet detections on IP → https://maltiverse.com/search;query=35.158.125.211;page=1;sort=query_score
Same detection from 13 hours ago

polonus