URLhaus Database

You are currently viewing the URLhaus database entry for https://nz.welcome-to.com/liitbu/N18R9QR0vbTFtVnsB49Gj/?i=1 which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	1992752
URL:	https://nz.welcome-to.com/liitbu/N18R9QR0vbTFtVnsB49Gj/?i=1
URL Status:	Offline
Host:	nz.welcome-to.com
Date added:	2022-01-20 14:07:06 UTC
Last online:	2022-02-12 05:XX:XX UTC
Threat:	Malware download
URLhaus blocklist:	Not blocked
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Status unknown
AdGuard :	Not blocked
Cloudflare :	Not blocked
dns0.eu :	Not blocked
ProtonDNS :	Status unknown
OpenBLD :	Not blocked
DNS4EU :	Not blocked
Reporter:	Cryptolaemus1
Abuse complaint sent (?):	Yes (2022-02-09 22:21:07 UTC to abuse{at}amazonaws[dot]com)
Takedown time:	1 month, 24 days, 16 hours, 43 minutes (down since 2022-03-16 06:51:51 UTC)
Tags:	doc emotet epoch4 heodo SilentBuilder

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2022-01-21	121142531936252045.xls	xls	6407591df6ce61f946e24715faa6fba1b1f3221e2baf22f6c4f5a64f1ea98eb5	36.67%	Heodo
2022-01-21	177241367860.xls	xls	3ca3bcd5771a06938cc8e8c44cd2c85b794376401b469fad7e5d4b513449fa27	n/a	Heodo
2022-01-21	02479979962926463.xls	xls	aba8e5024172cc0cd240eda2c379e91825cb922f0c5d56d82a560dcb15eef097	n/a	Heodo
2022-01-21	83047561964504.xls	xls	2f51046242d3bd4fc8a58e9ee765707e09c8efbc4bd58b302262b181e9960bf1	n/a	Heodo
2022-01-21	473972915713.xls	xls	8d11a955d5a1c9ef68952d7f5bfe36e84c201e60f9ec3033571bba32d20665dd	n/a	Heodo
2022-01-21	12782958708290262.xls	xls	ce8ed57f03c2c3733b81f29e38332753051c9d5917d62760190dbc6b9dcebf45	n/a	SilentBuilder
2022-01-21	4454474597949404547.xls	xls	29111d8e5e8306e76660db292e7232ab39e901955014eede21e912c931a09b5f	n/a	Heodo
2022-01-21	980095177441798.xls	xls	595457287262641f193afae7ac66120029ef90f2ba59b310fce3d9335b1cf304	30.51%	Heodo
2022-01-21	7560641977093381.xls	xls	2c9af469fcb89bb2e93d1ac70ce0bec912b78d5c3cbadccc3040c18dd03f5e41	n/a	Heodo
2022-01-21	246518807530694.xls	xls	0e9d63baddd3ed98bd278e9eebbe7724934f24c1e6d98d9734fb88180dbe9d41	n/a	Heodo
2022-01-21	91660175624338.xls	xls	13c3fec523cfe8ac14a7e78a8e2ca86dfd3b8bb8447eb7e733e7b1207de5bea6	n/a	Heodo
2022-01-21	0337497700012.xls	xls	dac57112411305935ad4318c4ff4f495b8b39f84f001b64d83ea3ae69a994b02	n/a	Heodo
2022-01-21	2092617285684.xls	xls	bcebf33c0812a0eb18e5261449f212582882eb706df65f5d2f2dd9d3b2c05da1	n/a	Heodo
2022-01-21	02356643552.xls	xls	aaec559a9461b2ceb6da5a557186641e67370e83fddc9b23237f6f92c0e22fc3	n/a	SilentBuilder
2022-01-21	81634175597661985910.xls	xls	539a3855a176457a29262e61d738250050450a8a6adb2b1e9c8961a40a6cad57	n/a	Heodo
2022-01-21	00408543801960.xls	xls	69b593eea6e0daa0631dd50e821d30622e6117fbb7e591c5e4b734722d6b5c4a	n/a	Heodo
2022-01-21	6857129760180.xls	xls	21e23ea56b3d3198bc790c23569c989367c1907f23680e1760b7e76250e87549	n/a	Heodo
2022-01-21	584015746002253838.xls	xls	d84d60a9e9f466b7e002480fcc1866ca8824a44db59b31dfb9477d8ffb21c4cd	n/a	Heodo
2022-01-21	781905325182034606.xls	xls	82dd39849f520450c56ac21901abda18f16d08294e0c9569e659ed9133781c7c	n/a	SilentBuilder
2022-01-21	193868304344700.xls	xls	eca323ddf5c863072e76cef170025ffcb611946ac3656f641ff0d2a0b17aa382	n/a	Heodo
2022-01-21	76021977932731174872.xls	xls	262c6da8c94de82acce05fdf2a570305c71d940ea6c58416eb020eac64242c27	n/a	Heodo
2022-01-21	060216271115677579.xls	xls	9fdb19b415f24dfd571c8289d1952dd827d1fb2a14e8776e495da67e5b38a176	n/a	Heodo
2022-01-21	815905232029858.xls	xls	4520398e8aeabb1aed9cd4899a2ac014545d9ad9383959288cf2470f9c1c4731	n/a	Heodo
2022-01-21	0852758792608014720.xls	xls	8aa9a577a3bd2b2fb4b35339f5593a8a3f1c7635247b6fe78fbbb2983a8cdd4f	n/a	Heodo
2022-01-21	020476226613065436.xls	xls	358e8e25ef848f0530a1b2094f471f68415b1b8f84cf21e6f9f1dbb774759140	n/a	SilentBuilder
2022-01-21	88903821506631645766.xls	xls	b056a3191538792998936cef580c7cd75e9b49d40a53452f6e8dd20d5814934e	n/a
2022-01-21	59605944927929.xls	xls	649143ea8e6ec1173106ac1bc3034951327ffc75a1d8324a1b80d280998e2fa2	n/a	Heodo
2022-01-21	01978401379227125.xls	xls	9296f02a362c27b1e3a3b4119ede64ea52b6c0430fc70517e5146730c23c987d	n/a	Heodo
2022-01-20	6524354409819119.xls	xls	531278b90b12ac32bc7671c1f2a52ccc15afe992249b5dda28ae98885b954c99	n/a	Heodo
2022-01-20	91828322576872702.xls	xls	8c1d4b99c5902b2f07b695625c439802eb241110c2f528604a333a18120266c4	n/a	Heodo
2022-01-20	3916747211365.xls	xls	79ab6a611483efd4c9e4394ac5c6a91c458857820c4c4b9bdecf0cab92acf8f2	n/a	Heodo
2022-01-20	4027056399.xls	xls	c3782f393e6dca8cbded5a7bbb73789792cd1bf807f4f71cd863b12992beda95	n/a	Heodo
2022-01-20	1112491823672307.xls	xls	a72795a18fa2b90928f307e227b1f1a57590672870b3acc9e8cb0eb4d38bdbff	n/a	Heodo
2022-01-20	419012608118599.xls	xls	7758c1ef7b05f4e4e7e283eda2aba34801589c1ed656610c149a5b1a1a0b7fc3	22.03%	Heodo
2022-01-20	2901583613623.xls	xls	8a39d34f5c3133db2f6137b02545e312f05bbdabceda4bd830948380fa4c98c7	n/a	Heodo
2022-01-20	620216368984577332.xls	xls	3b63534dcaf71bdf8293d2a3ce3310a02d2eda37deac68d5ccbdc89cfbc8f408	n/a	Heodo
2022-01-20	9809244243.xls	xls	245057c2c16d698dc5399ecd43ca39f9e0b35885a19cc42cd2650eb8e17d0c00	n/a	Heodo
2022-01-20	1788536621231650.xls	xls	817f4c96e056390228a3d9ce57239ad521627a3617b13e4043dc99c91569ffcc	n/a	Heodo
2022-01-20	4837395871.xls	xls	1d51a274899e8d9f5f0d731c91c8308a7437c80c22a0d67f92aa4ed958175e85	22.03%	Heodo
2022-01-20	6211970000.xls	xls	8697b2c64ef08e5e4bd5ca43dd988dc5ab701d50fb022b74e7413b95a7dc7c02	n/a	Heodo
2022-01-20	8590775684.xls	xls	43a573dc9dd0dc79dcf228467e8e6820f4a4f8bf344660ea43eb11bb7b3c93f7	21.43%	Heodo
2022-01-20	32290124660949984329.xls	xls	4102ee23d580a34ad9a1790ea81e7d9739cae27b843165e0daa30b9450585db4	23.73%	Heodo
2022-01-20	57987035860480938889.xls	xls	da9d3b84063bde0697546e7a9b3e2ab5f8283698dfb032f76018f28b367146f4	38.98%	Heodo
2022-01-20	1400587375587521065.xls	xls	402b387ff9eaca12395e5ea30d7252c77d49ce1d1478784bdb329641136043ea	n/a	Heodo
2022-01-20	103305010362.xls	xls	0d3ad48559d571f0d260229669d7eb06fa1f724387f2389bd3e44a234c4d33fe	n/a	Heodo
2022-01-20	16805758595068460.xls	xls	7a01c853bc0724dd09208ce377a70f2959c37b14fd10bce9c0445437dbb57c6b	n/a	Heodo
2022-01-20	070205471025954357.xls	xls	4e012706695112b7e19ba7cb073f14b4858bbe382890106a21cadf220bcd050f	27.12%	Heodo
2022-01-20	91999566465488468785.xls	xls	40dd74fb1fba55980387dff7f457cfee8778be09fd503bc397f747bd97d82ffc	n/a	Heodo
2022-01-20	15701797648.xls	xls	2dea7ee99b9ee3e1af8311223fd46e439e34208c91a1b4a4926afff5c0f25265	n/a	Heodo
2022-01-20	949953118320528.xls	xls	093eb9276d5df2490f9dc0dd324349648f030d92ca6d4ab24d386d1d0eaea799	n/a	SilentBuilder
2022-01-20	65566380306.xls	xls	ca1baf60faa9486403587e0fac3c548db3aa5b6fb42897e1569020682499e319	25.42%	SilentBuilder
2022-01-20	098247444108177447.xls	xls	88f602cd8f6b66886acb349720da52c3f5fdb367fe8a72f76812af27347cf32e	22.03%	Heodo
2022-01-20	11189127045000611.xls	xls	92f65a0fe643c1d601633944790e1263b9dc30881b77636627c624581aac4acb	n/a	Heodo
2022-01-20	3247688468271510.xls	xls	bcfa7cbaded9c6144689692a9ea193431c16e7bf18e7ab361ef65fce375d93be	43.33%	SilentBuilder
2022-01-20	088587794186905.xls	xls	b3973d991b4f3e3870404c40bf59257bd40f4207f10dd5a6c34a8d4e29e0f7ea	24.14%	SilentBuilder
2022-01-20	86286625633635766.xls	xls	3bc531482cc543cfaf67ec3c0d55382b129889d770be69196b05221058020958	n/a	Heodo
2022-01-20	892229086884.xls	xls	a3182153bbc02b08e54fa468a6a470ede9822cc612dfd6c8f523b9cb5cd4984e	n/a	Heodo
2022-01-20	96937479269795.xls	xls	d0e970149a72b878303b425cbeb058aac6d74f1b94b2c3e150e40ea7da2e9072	22.22%	Heodo
2022-01-20	20513175112.xls	xls	dbb17e696e6cab92c31a2e8e002262e5381c211d44af8d6c9ee5fea7f6f3386d	22.41%	Heodo
2022-01-20	08512024751.xls	xls	2bc45370dd6eed0f3059fe82bd82d8aeca954819c9ad8ea823d36a8e01c7e92c	37.93%	Heodo
2022-01-20	2450363557.xls	xls	bfb6705f630bdd22900dbc04de2805a63b70dd5b36a8985087a1d4be51308fd9	n/a	SilentBuilder
2022-01-20	1099527100443.xls	xls	1db2ec499c11b096c4a468a878a9e6bb791183ca2156eb2e8c233fd7b172b607	45.76%	Heodo
2022-01-20	4275226932295449.xls	xls	489a8d75e0335e05d649b0e5cae103a142020fe00909e4e1f2d83704f07fff84	17.24%	Heodo
2022-01-20	3053292543264842400.xls	xls	6d56c4a60ec2d451673ce2ce76e1fd89e23fa89a05c872736d78e15020cabe71	20.34%	Heodo
2022-01-20	7208219800087313.xls	xls	5c8cb7136b7f89772e79c0a2f6ead69434dbd7cd66ed030ca620de279c9b20a2	18.64%	Heodo