URLhaus Database

You are currently viewing the URLhaus database entry for https://citireal-group.com/wp-admin/multifunctional-disk/close-portal/8am2h6-y8161638zt/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	415501
URL:	https://citireal-group.com/wp-admin/multifunctional-disk/close-portal/8am2h6-y8161638zt/
URL Status:	Offline
Host:	citireal-group.com
Date added:	2020-07-20 20:11:09 UTC
Last online:	2020-07-20 23:XX:XX UTC
Threat:	Malware download
URLhaus blocklist:	Not blocked
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Status unknown
AdGuard :	Status unknown
Cloudflare :	Not blocked
dns0.eu :	Status unknown
ProtonDNS :	Status unknown
OpenBLD :	Not blocked
DNS4EU :	Blocked
Reporter:	Cryptolaemus1
Abuse complaint sent (?):	Yes (2020-07-20 20:12:03 UTC to abuse{at}gmo[dot]jp)
Takedown time:	3 hours, 35 minutes (down since 2020-07-20 23:47:11 UTC)
Tags:	doc emotet epoch1 heodo ZLoader

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2020-07-20	File 20200721 3003344.rtf	doc	f83e32a15080c0f31451809377046083d52daef3354edecea6db6ccf4158a43a	30.00%	Heodo
2020-07-20	List-2020_07_21-296433.docm	doc	68f85e639cf07fc84c8204cec1bd82fd8985d854aa17d02c89b58b255b98ed48	29.51%
2020-07-20	Doc-2020_07_21-1653725.rtf	doc	44c487bb620fcaf9ecd88961303e24f705390f3c23b0154b738fd30873832c0e	29.51%
2020-07-20	LIST-2020_07_21-2935.docm	doc	c0696d196c346305861f4e358f48f216dcdde4251309abed3547504007cb858c	29.51%
2020-07-20	file.rtf	doc	1269bdbbc40be92cc1f13918a692b34fdfeec466bd7d872863ecc405ff38f77f	27.42%	ZLoader
2020-07-20	FILE LCF075400.doc	doc	4d5d4a16ec11a850141a0a77026153d2a409bb4602e624623ee007e79dfd9639	27.42%
2020-07-20	rep_2020_07_21_VKZ3600.rtf	doc	eccf2d10cb44fb11136e2edaf7af5de351637d1479888142221354abf8986760	27.42%
2020-07-20	list 9253.docm	doc	ec87e9999c894cdef59c964d06c6de6c7a7134d373b4e754180d90dd5fb23f64	27.87%
2020-07-20	Mes-2020_07_21-62338.docm	doc	d28f9dea8c5837be7474d3735799da462ae74c0a0f3e7279a3eb8a50ba6183ee	27.42%
2020-07-20	List 2020_07_21 357323.doc	doc	d6da6435e94d2fbb2a3847c934bf0b6d41c613337ac951b10fd5851eb98a9bf3	27.87%
2020-07-20	REP_2020_07_21_RLI711.doc	doc	f4295c97af0389a32cb42495d1b102a8e8698e5f107c50034cee1d0ef8735a1a	26.98%
2020-07-20	file_2020_07_21_YDA07643.docm	doc	eb1f1cf5bb142fb70ac9421ceb472dad3f583fcc852ae768c1ae347506cbcc04	27.42%
2020-07-20	File 2020_07_20 6646.docm	doc	dc9d3da24212096b6029163166558cefcd8b37aae588dd461d9b5c02700700af	27.42%
2020-07-20	ARC GAM284.docm	doc	7812b414ab8098b436f22af0523a1edb14b8af7eb4df4bac66f9268cdb074e96	n/a
2020-07-20	REP-20200720-HO162169.rtf	doc	a596ea13973162232be90c68099e1b664aadeb7150a6c7e70ece1bae29dcce39	27.42%
2020-07-20	LIST.docm	doc	dc83903be08352444bfd3116d33bda30da619c60371f037e0bd56f82a2a768fb	27.42%	Heodo
2020-07-20	dat-2020_07_20-BGO655569.doc	doc	eb193bc39825dc7e1397022e2a0a3a3e304be6b65d8128280fa02d2ebd1099c6	27.42%