URLhaus Database

You are currently viewing the URLhaus database entry for http://castlenkings.com/wp-includes/DxR/?i=1 which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry



Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:1967229
URL: http://castlenkings.com/wp-includes/DxR/?i=1
URL Status:Offline
Host: castlenkings.com
Date added:2022-01-11 13:15:05 UTC
Last online:2022-02-16 10:XX:XX UTC
Threat:Malware download Malware download
URLhaus blocklist:Not blocked
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Not blocked
AdGuard :Not blocked
Cloudflare :Not blocked
dns0.eu :Not blocked
ProtonDNS :Not blocked
OpenBLD :Not blocked
DNS4EU :Blocked
Reporter:Anonymous
Abuse complaint sent (?): Yes (2022-02-02 13:16:09 UTC to abuse{at}cloudflare[dot]com)
Takedown time:1 month, 5 days, 21 hours, 35 minutes Bad (down since 2022-02-16 10:51:39 UTC)
Tags:emotet link epoch4 heodo link SilentBuilder xls

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2022-01-128082262IYL_8702.xlsmxls 769ecd4d91e53cc734ede1b06a3935096e838020e44061032964dd769dda3968Virustotal results 28.81%SilentBuilder
2022-01-12SBD_132.xlsmxls ca65e9146957f09c7cdbb479666279a91d9065b309e29fea80fc5e3b7bd49393n/a SilentBuilder
2022-01-12gn_6.xlsmxls 662f993ddf616adf7550191c5036d719e0cb02c2c5e1fb9b0e87d51598b71190Virustotal results 25.42%SilentBuilder
2022-01-12284741-602359.xlsmxls 894ae1ab382fe85d09096d1997f468b8e5f327326c39e15bd1ba47f4c4d2f14fn/a Heodo
2022-01-12EPPSZ_133.xlsmxls fb59d08c1c00da6e08768d759d984922ef2726cade6ed27fe5713a79e7b7022eVirustotal results 23.33%SilentBuilder
2022-01-122351_08361.xlsmxls 05dc48ca9e5d5feb04a32c1ef3a8d18453a2a679e7257ce24856895a5dea268bn/aSilentBuilder
2022-01-124556588497.xlsmxls 034eaef52f3dc5154e7a94121703ea759fd19784df604e48c8e73ff4fa06cfdan/aHeodo
2022-01-1130462050186.xlsmxls 44c675302c6fd62e15e5c9ae9bb98325870093ceed92a30601a13ad1dc2bd4f2n/a SilentBuilder
2022-01-11155826_6804.xlsmxls d616af039b685a1e393e85dfd6d3558a0a062fc2cd776bfdbfd55dd1cca9e55en/a SilentBuilder
2022-01-1104253_9219.xlsmxls f326b9b9af87bd43878455ac75b4e61fadd71bdfcebf5b4508525cbbb4e8038bVirustotal results 16.95% Heodo
2022-01-1142-53221870.xlsmxls a3977aa3c358df0d9777be64e5c10b4a874fd0eac63183e92837d58038e5c4c1n/a Heodo
2022-01-115486035274.xlsmxls 45c442f6c146351872c97982c2c6a60eb9bdea660e39f2ead262e6bca62abae1n/a Heodo
2022-01-11F752003576062.xlsxls 69261cc8bb188ca3cfdefa0b5a934d5991fde75f6b80b92d3024a90c99971a50n/a SilentBuilder
2022-01-11E79802288456550024390H.xlsxls 1db259b0063d26f9af684e7246d336250e289514a4e900eab1337ee9981a866bVirustotal results 21.67% Heodo
2022-01-11G965216719048109.xlsxls b5d8116e0b4f01eb2affa09d857d1be4df2e18dd793e4ab0b6ad28e0d5eadc15Virustotal results 13.33%Heodo
2022-01-11P1818120C.xlsxls d92b0ebb1f64086c8c4d5b238f3683a3319bcf041cdfc9e6736f742a260a5ce2Virustotal results 23.73%SilentBuilder
2022-01-116795007542750748X.xlsxls 3f4ddde39dc20ae5a2558fe48b7341187c1bba0dbd1c95a32644b14592a38653n/a SilentBuilder
2022-01-11A04483035850247589522.xlsxls 3d2ad015f60956cee32029cb7d6fee846f34a91d0f6dae2b68cfde31c99b4a77n/aHeodo
2022-01-11P4887653993691.xlsxls afe04f54612c86612a56bf8a3a228a2aeae275f4730552228f8a4bb6f71c292eVirustotal results 20.69%SilentBuilder
2022-01-11B3111808R.xlsxls 18e24e9b03fde05fa41b9d86aa612dbbd5deabcebbe97ee5b3a3b7fa8fb43f51n/aSilentBuilder
2022-01-11830131329694763886467.xlsxls a5a1c304ab3b2351a82da736cf9c022ea2ad1cbff6321b64b0a741b575c8a6c4Virustotal results 18.64% SilentBuilder
2022-01-11W8446082899580.xlsxls e540aa4c8a0a7eb9acf80aa3e76a804c5f492a69e052e33584c0ce432b33de75n/a SilentBuilder
2022-01-110954062758223071Q.xlsxls 1e4e0feb94cf74d61c7557fd8b7883f71b80547083bc339bc808b9703d4c03c1n/aSilentBuilder
2022-01-114777440152.xlsxls 0c9de24621d73ddfb33b0d2607b84d523a103ff59e318980f134dac1726e11a6n/a SilentBuilder
2022-01-11C29468266908892R.xlsxls 0237b96acc934eba1b920d0b6fa654c22128101417298a9f940ca2e53c85dab9n/aHeodo
2022-01-11E30553599348882947F.xlsxls 1289c645dc8d8ff1a81ca74c01191f7f2deaa2b0b5337e534dc094a4510fd865n/aSilentBuilder
2022-01-11708432154072U.xlsxls a6854cf37029a39a9a86de7f468e16d520cc046bef6fcd50290cd7c19843cd74n/aHeodo
2022-01-11019916553A.xlsxls 2f80ecbe8f3eb45c354fb36640dc4be6b13064be8550f2d49e41090e5c113b72n/aHeodo
2022-01-11C35236140885766104X.xlsxls dda6bd51ff45aa0e3b4e72d47460f7a78c5bb0bc0f1c43d09a20c88b01b6f851Virustotal results 16.67%SilentBuilder
2022-01-116030170.xlsxls bdb3e9a556bc850867023c8e1c5ea1e20cda48c72bd0396ef667d3352b14d65fn/aSilentBuilder
2022-01-11A114657376500974M.xlsxls 3dbfb9a583de71af6ce19cbfb294476ab7d6fcfd2fe42c9bf38886ace35c58fbn/aSilentBuilder
2022-01-11I531074577.xlsxls 920b0df7acc9b9a74fead2dbcc553c65efc98e729a593ad21402109dcb6f66c0Virustotal results 13.33%SilentBuilder
2022-01-1164470851981092.xlsxls 3671e08ea193763eeeb2d1ff7181686591338cab9023e1de7934deaf3eef3cb2n/a Heodo
2022-01-11D246331060759737092.xlsxls 56aa7905b1536290b2b7369e456e757c0245678ba3834bed356d8ff776b9d015n/a Heodo
2022-01-11723014474.xlsxls 47a014028cebed64173cb46e977d3e69a2e2f9093b15d2b3e4aecb9d9edce1a3n/aSilentBuilder
2022-01-112963148740062611922.xlsxls e953e27734ea1a314cd9d63b06099f4bfca19df5ec11ccaebe5a2db2f3068b40n/a Heodo