URLhaus Database

You are currently viewing the URLhaus database entry for https://cr.almalunatural.com/wp-content/j910IvHeBpfO/?i=1 which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry



Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:1967124
URL: https://cr.almalunatural.com/wp-content/j910IvHeBpfO/?i=1
URL Status:Offline
Host: cr.almalunatural.com
Date added:2022-01-11 12:45:05 UTC
Last online:2022-01-13 23:XX:XX UTC
Threat:Malware download Malware download
URLhaus blocklist:Not blocked
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Not blocked
AdGuard :Not blocked
Cloudflare :Not blocked
dns0.eu :Not blocked
ProtonDNS :Not blocked
OpenBLD :Blocked
DNS4EU :Blocked
Reporter:Anonymous
Abuse complaint sent (?): Yes (2022-01-11 12:46:19 UTC to abuse{at}cloudflare[dot]com)
Takedown time:7 days, 18 hours, 44 minutes Bad (down since 2022-01-19 07:30:55 UTC)
Tags:emotet link epoch4 heodo link SilentBuilder xls

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2022-01-12027_54998067.xlsmxls 05dc48ca9e5d5feb04a32c1ef3a8d18453a2a679e7257ce24856895a5dea268bn/aSilentBuilder
2022-01-11tb-45907076.xlsmxls 66f5d61a2c4246c3bc39141c46e41bdc84c3f12a7db0b2ec3090eace070392d6Virustotal results 22.03% SilentBuilder
2022-01-11WP_012.xlsmxls b5207887a27a42330a6b8e863e0550008a6375de1f4c9c6c0edcc7a9bb6d548fn/aSilentBuilder
2022-01-11534654760-8437.xlsmxls a7fe36211a0be63df4c3929830b8fc4e21fc0548b5446377ce9c83b3d1fd9339n/aSilentBuilder
2022-01-11q-5233681.xlsmxls 9b3fb2f88edc75661d9aba9ccac4bd15607dbf2fa7542c47be3d533c0db5cbe5n/aSilentBuilder
2022-01-11jplx_008000.xlsmxls 14222deeec10d32091a2947e045833bd25c041a662f4090df26e50381cf922c6n/a Heodo
2022-01-1174324916459788534652Q.xlsxls 446d074d88398efd9a59c8bdabf3f4909ae1bc5c12c418b98c3f185459844fafn/a SilentBuilder
2022-01-11810431500663060L.xlsxls 8ea7ac4cc4dd1576b45451813ade47420f9196a212e173e174aada937cb8f4a7n/a SilentBuilder
2022-01-111673783336765824R.xlsxls c7cc8c98988b0b5cdbd103db7c61f01a6e92f96f525c36f15bfaae039bb46cd7n/a Heodo
2022-01-119462834301D.xlsxls b5d8116e0b4f01eb2affa09d857d1be4df2e18dd793e4ab0b6ad28e0d5eadc15Virustotal results 13.33%Heodo
2022-01-11D7952713.xlsxls f9e789531cb031e9e6767f54a780f6ee8b53a417acb2b2012dbfaf1579aee55fn/a SilentBuilder
2022-01-11Z0848106422V.xlsxls 3f4ddde39dc20ae5a2558fe48b7341187c1bba0dbd1c95a32644b14592a38653n/a SilentBuilder
2022-01-11L5426727303173.xlsxls 24160ff88a8c4ee8d12c4cad09dbd7e744c2bf1bfd24b636cb436cb047d3324dn/aSilentBuilder
2022-01-1125473735217973F.xlsxls afe04f54612c86612a56bf8a3a228a2aeae275f4730552228f8a4bb6f71c292en/aSilentBuilder
2022-01-11M0088268746770507K.xlsxls 18e24e9b03fde05fa41b9d86aa612dbbd5deabcebbe97ee5b3a3b7fa8fb43f51n/aSilentBuilder
2022-01-11Q917788331510115556.xlsxls 5567612a01ddde62a81334d73dc09a4e0f78d8e552d2686d44eb3e3910ecf13dVirustotal results 18.33%SilentBuilder
2022-01-11702994551059W.xlsxls f9dc6d359581da286cc014340d248cea2acedf09a9dc0cf9280641f3393fba35n/aSilentBuilder
2022-01-11688831323475.xlsxls 26356d230c56228215ac800ef5e4b0341a653d88d8ebb1c162ccd53a51a94c35n/a SilentBuilder
2022-01-1191071673038093656058.xlsxls a88483cdfd340711d7a65d74a5646e6bc7159a4af250074e0fea6db954177753n/a SilentBuilder
2022-01-11514015666362591101515J.xlsxls 659c21119c192bd5c4c698d0e9c0ef6c5d0ed38bf40907318ccbc4dece45ec76n/aSilentBuilder
2022-01-11401611295424003V.xlsxls 788a3d46892b3580cf799d66bb7348a0d50ad1543027c036530fc0fe5135bac5n/a SilentBuilder
2022-01-114137863236588548046T.xlsxls 9e3e47f20134301b475d2d5477000f2ff061b7e2ccf7c02aa892d300c3da3b36Virustotal results 17.24% SilentBuilder
2022-01-11Z19630678K.xlsxls b4f4e361680cbe98e26106393beca73acc80418fdae4ab118917b7e8bd9fc917n/a Heodo
2022-01-11K283852972173222234Z.xlsxls 5b8d0b12d4a393432ef70e1832915b20c0a39b948c524ac301e3ae5f9794b84dVirustotal results 13.33%SilentBuilder
2022-01-11A026491190035.xlsxls 681415bec47952960626cc90f36aae28fe01283c16cdcf187ba5c331d170faccn/aSilentBuilder
2022-01-11N1014604827334.xlsxls d2c48bc93b2b0711be6bafd81a7eeddc944514e110ef2e1014151dac42e8ab62n/a SilentBuilder
2022-01-11M921807379445506921054B.xlsxls 89224af568d4e29e7836c2961d33045490b337a9d5d40db852137e1f2dbbfbf9n/aSilentBuilder
2022-01-11H85077485827323T.xlsxls 645258c3eec8a24b056403664b65d66c43f78566a0f33270723a6edc4d0c7ed8n/a SilentBuilder
2022-01-113732491N.xlsxls 06b383970ed4fab68a430bc021dd0744b77518ec82ef09f6d167c8edbf50fd53n/a SilentBuilder
2022-01-115842134762844772T.xlsxls a672f734a98a5b287eb96d134893701f055f20573dd9f9d778b1e7953b00a944n/aSilentBuilder
2022-01-1122312094025W.xlsxls c17cf152edefc6ce2ed0a5fa783f3bbfd6348b41a22f0da9cdd2722311ddfd62Virustotal results 13.33% Heodo
2022-01-11808655132615041S.xlsxls 6b28b200163448c423b79b68a70f8d07d925445d48edb48526d9dfdbf68d47c1n/aSilentBuilder
2022-01-11O55767512007.xlsxls f218c6867a0a060d313d1592c39f606f2193f4d587a404b4372971a6344d0f16Virustotal results 16.67% SilentBuilder