URLhaus Database

You are currently viewing the URLhaus database entry for https://documentservice.cc/wp-admin/K/?i=1 which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry



Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:1967156
URL: https://documentservice.cc/wp-admin/K/?i=1
URL Status:Offline
Host: documentservice.cc
Date added:2022-01-11 12:51:04 UTC
Last online:2022-01-11 15:XX:XX UTC
Threat:Malware download Malware download
URLhaus blocklist:Not blocked
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Status unknown
AdGuard :Not blocked
Cloudflare :Not blocked
dns0.eu :Status unknown
ProtonDNS :Status unknown
OpenBLD :Not blocked
DNS4EU :Not blocked
Reporter:Anonymous
Abuse complaint sent (?): Yes (2022-01-11 12:52:13 UTC to abuse{at}cloudflare[dot]com)
Takedown time:1 month, 5 days, 20 hours, 11 minutes Bad (down since 2022-02-16 09:03:36 UTC)
Tags:emotet link epoch4 heodo link SilentBuilder xls

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2022-01-1265687-1863816.xlsmxls a7fe36211a0be63df4c3929830b8fc4e21fc0548b5446377ce9c83b3d1fd9339Virustotal results 20.00%SilentBuilder
2022-01-11dfs_296172.xlsmxls f326b9b9af87bd43878455ac75b4e61fadd71bdfcebf5b4508525cbbb4e8038bVirustotal results 16.95% Heodo
2022-01-11063909_95983.xlsmxls a3977aa3c358df0d9777be64e5c10b4a874fd0eac63183e92837d58038e5c4c1n/a Heodo
2022-01-115003890779.xlsxls e7065618e785e98792d570656fd412ecf695c45ec5a8123d04cf4ee302d225bfVirustotal results 18.64%SilentBuilder
2022-01-11K62118058336K.xlsxls 73a93604b31a5b4b301dad4849b63d5e6e48ef8d946f6fbff48b485b1bce7a37n/a Heodo
2022-01-11M0898902678014719.xlsxls e7133e75c8b62eae0ca8dceffad7785b809365feb928a7181deab88f8c30df16n/a SilentBuilder
2022-01-112109743115A.xlsxls ac54419fabe46284edceb8053b9d82d570dc0bdf6c0f0302122329da99c28a12n/a SilentBuilder
2022-01-11N59818982853560125.xlsxls e99c27037595f4931d753f7e372cbad60953e56c327d9ea2a2c3042db0f5f4e4Virustotal results 18.64%SilentBuilder
2022-01-11500085292914552618P.xlsxls 659c21119c192bd5c4c698d0e9c0ef6c5d0ed38bf40907318ccbc4dece45ec76Virustotal results 18.18%SilentBuilder
2022-01-11Z54622778526376.xlsxls 1cdf6133fd1d4138849b8f2b29f199d90ccce54c369b74a88a14e8329e1051c3n/aHeodo
2022-01-112636863457151987741H.xlsxls b4f4e361680cbe98e26106393beca73acc80418fdae4ab118917b7e8bd9fc917n/a Heodo
2022-01-11S351464898971W.xlsxls 071d6c9a40d6721f41c7064edb52f46d766703ea2e9bbe033939b6d60f24604bVirustotal results 14.04%Heodo
2022-01-113316782507426.xlsxls 2b6937e90b3f57eb3f26b8a3f50b86def03b2d4b3bc30d93e1af1c96656bb4dan/aHeodo
2022-01-11B91161839561374252.xlsxls 681415bec47952960626cc90f36aae28fe01283c16cdcf187ba5c331d170faccn/aSilentBuilder
2022-01-11V5977652063580801830R.xlsxls 89224af568d4e29e7836c2961d33045490b337a9d5d40db852137e1f2dbbfbf9n/aSilentBuilder
2022-01-1199859210519583960008.xlsxls 3671e08ea193763eeeb2d1ff7181686591338cab9023e1de7934deaf3eef3cb2n/a Heodo
2022-01-11K0815756400760733.xlsxls 56aa7905b1536290b2b7369e456e757c0245678ba3834bed356d8ff776b9d015n/a Heodo
2022-01-1134477089937919429999.xlsxls 767ff6dc84f06be7ffee2bf833df6f3b2e03ad2411bb8bcbae9c231abe1798b8n/aSilentBuilder
2022-01-1166965800723387.xlsxls e953e27734ea1a314cd9d63b06099f4bfca19df5ec11ccaebe5a2db2f3068b40Virustotal results 15.25% Heodo
2022-01-11G30316500208635109386.xlsxls db1b447d50c59d7fed698e38d182b61defd8bf31e4570a437e038d6b532a4e39n/aSilentBuilder
2022-01-1180666775.xlsxls e4c8cc798cb05f75d4fd5939432eb850a46c95a2368288a593dfd007e00979a9n/a SilentBuilder