URLhaus Database

You are currently viewing the URLhaus database entry for http://dev.getitdev.com/wp-includes/9Yd/?i=1 which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry



Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:1967154
URL: http://dev.getitdev.com/wp-includes/9Yd/?i=1
URL Status:Offline
Host: dev.getitdev.com
Date added:2022-01-11 12:51:04 UTC
Last online:2022-01-13 00:XX:XX UTC
Threat:Malware download Malware download
URLhaus blocklist:Not blocked
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Status unknown
AdGuard :Not blocked
Cloudflare :Not blocked
dns0.eu :Status unknown
ProtonDNS :Status unknown
OpenBLD :Not blocked
DNS4EU :Not blocked
Reporter:Anonymous
Abuse complaint sent (?): Yes (2022-01-11 12:52:09 UTC to abuse{at}contabo[dot]de)
Takedown time:1 day, 12 hours, 0 minutes Poor (down since 2022-01-13 00:52:21 UTC)
Tags:emotet link epoch4 heodo link SilentBuilder xls

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2022-01-12004528GJA_435.xlsmxls 034eaef52f3dc5154e7a94121703ea759fd19784df604e48c8e73ff4fa06cfdaVirustotal results 27.27%Heodo
2022-01-11KB-334761.xlsmxls 66f5d61a2c4246c3bc39141c46e41bdc84c3f12a7db0b2ec3090eace070392d6Virustotal results 22.03% SilentBuilder
2022-01-11ldn3.xlsmxls b5207887a27a42330a6b8e863e0550008a6375de1f4c9c6c0edcc7a9bb6d548fn/aSilentBuilder
2022-01-11vc2969.xlsmxls d616af039b685a1e393e85dfd6d3558a0a062fc2cd776bfdbfd55dd1cca9e55en/a SilentBuilder
2022-01-11442428-039.xlsmxls f326b9b9af87bd43878455ac75b4e61fadd71bdfcebf5b4508525cbbb4e8038bVirustotal results 16.95% Heodo
2022-01-119745_87.xlsmxls a3977aa3c358df0d9777be64e5c10b4a874fd0eac63183e92837d58038e5c4c1n/a Heodo
2022-01-11W99139288607613852D.xlsmxls 45c442f6c146351872c97982c2c6a60eb9bdea660e39f2ead262e6bca62abae1n/a Heodo
2022-01-11C274437007762.xlsxls 0bce8c631bc35e734c8be9fefb75ea3ce0e66a22e217c7ff6385afb1df2d0878n/a SilentBuilder
2022-01-11D04725721187467366.xlsxls 8183c2318ca3074812c65267bfa07f37152cf4fd78fce24265a3847e91f00be2n/a SilentBuilder
2022-01-11U7990148206927.xlsxls 315dd45566ca97fd4266848666711fa05631dc30b00721506b62bf5dfd247dc6Virustotal results 10.34% Heodo
2022-01-1155136807M.xlsxls b3a64afe3a1360279c7354909eb0733a15870549ca068a851cb8dc7b672ee168n/a SilentBuilder
2022-01-11T88829787848P.xlsxls 426fda840765e44250686f1102e902242babe0cea36a756beac6c0757a73c28an/a SilentBuilder
2022-01-11B41596987371549474613.xlsxls a43e422bf49682cd2dd5c53f5e3c8b8712c76cd9f082309e92decc55f0f8f92en/aHeodo
2022-01-11431603857034D.xlsxls afe04f54612c86612a56bf8a3a228a2aeae275f4730552228f8a4bb6f71c292eVirustotal results 20.69%SilentBuilder
2022-01-11K96715996618055857.xlsxls a5a1c304ab3b2351a82da736cf9c022ea2ad1cbff6321b64b0a741b575c8a6c4n/a SilentBuilder
2022-01-11P1007076563507415547.xlsxls e540aa4c8a0a7eb9acf80aa3e76a804c5f492a69e052e33584c0ce432b33de75n/a SilentBuilder
2022-01-11X8258180937264698411V.xlsxls 1e4e0feb94cf74d61c7557fd8b7883f71b80547083bc339bc808b9703d4c03c1n/aSilentBuilder
2022-01-11468782132150576110.xlsxls 0c9de24621d73ddfb33b0d2607b84d523a103ff59e318980f134dac1726e11a6n/a SilentBuilder
2022-01-11138487804049.xlsxls c5850b16a368ab7c8f2d03cebcc7dd51173a704cdd1d6c105ba43083a40b6063n/aSilentBuilder
2022-01-113088980620868456.xlsxls 1cdf6133fd1d4138849b8f2b29f199d90ccce54c369b74a88a14e8329e1051c3n/aHeodo
2022-01-11573318049035450631612R.xlsxls b4f4e361680cbe98e26106393beca73acc80418fdae4ab118917b7e8bd9fc917n/a Heodo
2022-01-11M19621800P.xlsxls 071d6c9a40d6721f41c7064edb52f46d766703ea2e9bbe033939b6d60f24604bVirustotal results 16.67%Heodo
2022-01-11T78268653183N.xlsxls 5b8d0b12d4a393432ef70e1832915b20c0a39b948c524ac301e3ae5f9794b84dVirustotal results 13.33%SilentBuilder
2022-01-1125596786832403T.xlsxls 3a3a5f5444557caa3c86b58560956c0a0452818a2349ef7328bb8c948e36d465n/a Heodo
2022-01-11N14438156.xlsxls b53a3f09073ba4c63f1634b32bc6328f22d9965ebc1384797a886d07959313fan/aSilentBuilder
2022-01-11D63359539931969T.xlsxls f252d9dc19a2ada1fd4de53b639129f7d800aa9dbdbbbe9282a6440204af3efdn/aSilentBuilder
2022-01-11V2906467221077L.xlsxls 7c1004454dd200c8e01f09e796c996a70ee951164ec546ae10634a41c1eb4d22n/aSilentBuilder
2022-01-1151428128505.xlsxls 06b383970ed4fab68a430bc021dd0744b77518ec82ef09f6d167c8edbf50fd53Virustotal results 15.00% SilentBuilder
2022-01-1133160739399848260508I.xlsxls a672f734a98a5b287eb96d134893701f055f20573dd9f9d778b1e7953b00a944n/aSilentBuilder
2022-01-1179165697509676114775.xlsxls c17cf152edefc6ce2ed0a5fa783f3bbfd6348b41a22f0da9cdd2722311ddfd62Virustotal results 13.33% Heodo
2022-01-115344229802262545S.xlsxls 54517f5914c526589a1b1ad61249c75209d239c1885cd72f638d9924d53983deVirustotal results 13.33%SilentBuilder
2022-01-11B54270940093037.xlsxls 6b28b200163448c423b79b68a70f8d07d925445d48edb48526d9dfdbf68d47c1n/aSilentBuilder