URLhaus Database

You are currently viewing the URLhaus database entry for http://prod2.saffyr.com/assets/bqgE/?i=1 which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry



Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:1985139
URL: http://prod2.saffyr.com/assets/bqgE/?i=1
URL Status:Offline
Host: prod2.saffyr.com
Date added:2022-01-18 02:12:06 UTC
Last online:2022-02-19 12:XX:XX UTC
Threat:Malware download Malware download
URLhaus blocklist:Not blocked
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Not blocked
AdGuard :Not blocked
Cloudflare :Not blocked
dns0.eu :Not blocked
ProtonDNS :Not blocked
OpenBLD :Not blocked
DNS4EU :Blocked
Reporter: Cryptolaemus1
Abuse complaint sent (?): Yes (2022-01-18 02:13:09 UTC to abuse{at}bluehost[dot]com)
Takedown time:1 month, 2 days, 10 hours, 11 minutes Bad (down since 2022-02-19 12:24:12 UTC)
Tags:doc emotet link epoch4 heodo link SilentBuilder

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2022-01-1833504947917543.xlsxls 59cb2552a34b231acb92fcee121b13d662ca7f0049a70aae86fe312270f548e5n/a SilentBuilder
2022-01-18030331825185.xlsxls a08e21a9646ed80fd78c00c66e67a24ae0fe62a3b0e7f1f8af0de9e7e5b36fefn/a SilentBuilder
2022-01-1888174363777.xlsxls b463abec1dfc612e1ea59fa20ed07f468fbdc69e8694a5af639fa79435ce4f58n/aHeodo
2022-01-18965987068151.xlsxls 35be5819e56e15ca1bc78bb61ba08a38d392461405142da722d534c2f87e55f5n/a Heodo
2022-01-184557014871.xlsxls 26b4ee804e6a317a802f1c370398c6629f516477378bf94cad94413237e05c34n/a SilentBuilder
2022-01-1882605042087.xlsxls b4a49e89e7852d569ea4a0d6abbfb489a53b392e38fb16270343b54b2cc34b00n/a SilentBuilder
2022-01-18527580543895685.xlsxls a35ccc0277367ef2660f2eb7b2c5702b33e04ecabb9e9dc69f0e089d31b24abfn/a SilentBuilder
2022-01-18944815001376252200.xlsxls ebe7c1008e98277cac317211c9fb8db1371f256f9c344209fba11039fcfc1576n/a SilentBuilder
2022-01-18913692081169799.xlsxls c1a761edd3badd0226e48b8622372de2feddd9d4ced41445685022600816aa7cn/a Heodo
2022-01-18797736823410941.xlsxls f992f21f03b86aefe34db46f747ad9c063feebaac70cc1eff8cb76806aed499dn/a SilentBuilder
2022-01-1879346425626203629.xlsxls 0462fb1b5a8a7784bb9b1dc90185c6b031d6dbc1ca9256bc59a34bab1c87ab49n/a SilentBuilder
2022-01-188395867274549.xlsxls fef50521b3110b6efcd1210d87cffcc0912c24b496de185199e0ccd5b5a5c88en/a SilentBuilder
2022-01-18330503331807157.xlsxls 4ad545641ce10800bcd2a75f03ae32b78d9fce1feb504c5353da50438959e3b0n/a SilentBuilder
2022-01-18794277584854349480.xlsxls daa9500fee014b0450b7fe52c152b9031d7ad98762a7f2f5630ba7bf59b8e44dVirustotal results 16.95% SilentBuilder
2022-01-18293092244026.xlsxls a5e2d9ed5a8d8f082894ed767dde54d0300a5de869e1e05594545468a53760ebn/aSilentBuilder
2022-01-180191419588.xlsxls 008b222ba5cbe5e41d04de155ba16402767896ac08765f7f15b59a7e5f7352dfn/a SilentBuilder
2022-01-185918229481980664.xlsxls cfe3e0a2ea55f2970885db2686568629c82fe6e8b161f6ec2c3456e75c9af9ecn/a SilentBuilder