URLhaus Database

You are currently viewing the URLhaus database entry for http://pogan.ro/cgi-bin/l9We9fl5WMNIZx3giRZQTViE8LLJWa/?i=1 which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	1994067
URL:	http://pogan.ro/cgi-bin/l9We9fl5WMNIZx3giRZQTViE8LLJWa/?i=1
URL Status:	Offline
Host:	pogan.ro
Date added:	2022-01-20 22:44:07 UTC
Last online:	2022-01-21 11:XX:XX UTC
Threat:	Malware download
URLhaus blocklist:	Not blocked
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Status unknown
AdGuard :	Not blocked
Cloudflare :	Not blocked
dns0.eu :	Status unknown
ProtonDNS :	Status unknown
OpenBLD :	Not blocked
DNS4EU :	Not blocked
Reporter:	Cryptolaemus1
Abuse complaint sent (?):	Yes (2022-01-20 22:45:11 UTC to abuse{at}romarg[dot]com)
Takedown time:	13 hours, 13 minutes (down since 2022-01-21 11:58:41 UTC)
Tags:	doc emotet epoch4 heodo SilentBuilder

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2022-01-21	2414876981.xls	xls	6407591df6ce61f946e24715faa6fba1b1f3221e2baf22f6c4f5a64f1ea98eb5	36.67%	Heodo
2022-01-21	155994877464605143.xls	xls	b443a467b699497e7eabc0c3bdf7bf6a86705a29944ec4ee8e249abb7d17828f	n/a	Heodo
2022-01-21	153523132304855068.xls	xls	2f51046242d3bd4fc8a58e9ee765707e09c8efbc4bd58b302262b181e9960bf1	n/a	Heodo
2022-01-21	99338817356810805.xls	xls	a012d6c3ff9ac12c39dc7e32fb51008897bf8ec0ea7291f80801a2bcdf195cff	n/a	SilentBuilder
2022-01-21	64275450621658464.xls	xls	ce8ed57f03c2c3733b81f29e38332753051c9d5917d62760190dbc6b9dcebf45	n/a	SilentBuilder
2022-01-21	88612465488.xls	xls	08e9cfb42b052e00b6236416ac76a10be4787f0ec137401a92bce8fed5f84d48	n/a	Heodo
2022-01-21	34983216805.xls	xls	595457287262641f193afae7ac66120029ef90f2ba59b310fce3d9335b1cf304	30.51%	Heodo
2022-01-21	07026849549.xls	xls	03f8ab0e08386a7dcad36af464f60e8e879787d760562de70588313f7668f83c	n/a	SilentBuilder
2022-01-21	91718621919.xls	xls	0e9d63baddd3ed98bd278e9eebbe7724934f24c1e6d98d9734fb88180dbe9d41	31.58%	Heodo
2022-01-21	1029996116656875.xls	xls	68ac40fe87dde757e87dd5e24f31fa32b8936e445748bf112e3b2bfd8e50c713	n/a	Heodo
2022-01-21	67062815388797.xls	xls	dac57112411305935ad4318c4ff4f495b8b39f84f001b64d83ea3ae69a994b02	n/a	Heodo
2022-01-21	45552178873019037446.xls	xls	f81b07415f482920feaf5352e72d1997c9a746dcde98208be75087efd6e4eab2	n/a	Heodo
2022-01-21	27502385921318.xls	xls	aaec559a9461b2ceb6da5a557186641e67370e83fddc9b23237f6f92c0e22fc3	n/a	SilentBuilder
2022-01-21	6957381203522975731.xls	xls	0dac6c23f1feaae5aa06f2ca15b939bde3b0392babe7cb38b91abc4112c0fea8	n/a	Heodo
2022-01-21	63244526714.xls	xls	f8d6b99d4c2313eca81f477de5763048a8606e5e06adf6e6cd4dc0675f8b891d	32.76%	Heodo
2022-01-21	7392798114670195.xls	xls	5ceff31125b1d5b68a48d4ce817ba3b487201c0c24e2efe3ad2e14400edccd42	n/a	Heodo
2022-01-21	3102795755.xls	xls	4f0d506bde4b58d49d13c50470ec44e3cb2d9b084afa1186e857445ea66faccf	n/a	Heodo
2022-01-21	84043449300371.xls	xls	82dd39849f520450c56ac21901abda18f16d08294e0c9569e659ed9133781c7c	n/a	SilentBuilder
2022-01-21	54416912220875863402.xls	xls	eca323ddf5c863072e76cef170025ffcb611946ac3656f641ff0d2a0b17aa382	n/a	Heodo
2022-01-21	81353834995270035.xls	xls	5ba1e7e7b37d9efbafaaa5049277348349998f11e6252edb0aa7fcc37bf94c99	20.34%	Heodo
2022-01-21	27538956614.xls	xls	176e74f0a464fb21b84f6934aad4baec2610d29e8998c2d8808c45affe7997dc	n/a	SilentBuilder
2022-01-21	8837865891252996.xls	xls	c98dcba86d1537e49d66765a60268850b112fbb98f23aa6d3b91cc5f93c2a232	n/a	Heodo
2022-01-21	885968150432.xls	xls	8aa9a577a3bd2b2fb4b35339f5593a8a3f1c7635247b6fe78fbbb2983a8cdd4f	n/a	Heodo
2022-01-21	9063951608860418164.xls	xls	358e8e25ef848f0530a1b2094f471f68415b1b8f84cf21e6f9f1dbb774759140	n/a	SilentBuilder
2022-01-21	5393004835496846.xls	xls	3207aac6b983f0ef8828530480f6b8ab43e82076ceb30621052aa8a589787eec	n/a
2022-01-21	75026926633.xls	xls	71ef7935e65760f4ec2fc7a2d24246ee5db75c28000b0a7303ec8ac0c9e98634	22.03%	Heodo
2022-01-21	144811958010.xls	xls	561f1541d1ce60dd8a10c61c54f99d83e67ed86b0f645a6e564a99baa08f56b3	n/a	Heodo
2022-01-20	07403309314520.xls	xls	2181997083632b17484474d7152e18c8a65175b823c871b164d15d2e20a8ae16	n/a	SilentBuilder
2022-01-20	4305098464081.xls	xls	79ab6a611483efd4c9e4394ac5c6a91c458857820c4c4b9bdecf0cab92acf8f2	n/a	Heodo
2022-01-20	96592337100180839.xls	xls	c3782f393e6dca8cbded5a7bbb73789792cd1bf807f4f71cd863b12992beda95	n/a	Heodo
2022-01-20	5815923866077448.xls	xls	a72795a18fa2b90928f307e227b1f1a57590672870b3acc9e8cb0eb4d38bdbff	n/a	Heodo