URLhaus Database

You are currently viewing the URLhaus database entry for https://ent.draftserver.com/cgi-bin/1gCxNRb7et7VDkrO/?i=1 which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	2119495
URL:	https://ent.draftserver.com/cgi-bin/1gCxNRb7et7VDkrO/?i=1
URL Status:	Offline
Host:	ent.draftserver.com
Date added:	2022-03-29 15:45:06 UTC
Last online:	2023-01-21 09:XX:XX UTC
Threat:	Malware download
URLhaus blocklist:	Not blocked
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Not blocked
AdGuard :	Not blocked
Cloudflare :	Not blocked
dns0.eu :	Not blocked
ProtonDNS :	Not blocked
OpenBLD :	Not blocked
DNS4EU :	Blocked
Reporter:	Cryptolaemus1
Abuse complaint sent (?):	Yes (2022-03-29 15:46:06 UTC to abuse{at}amazonaws[dot]com)
Takedown time:	9 months, 27 days, 17 hours, 22 minutes (down since 2023-01-21 09:08:23 UTC)
Tags:	doc emotet epoch4 heodo SilentBuilder

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2022-03-30	323603985382160.xls	xls	17a017e03150a780f08ebd41dde43ac2babb836c2e92674995af925cce5b19df	n/a	SilentBuilder
2022-03-30	31409876632.xls	xls	1368718563ca6d717e28a11f2ed560ef1e7ebd71253649ab0bd46a45a96e835d	n/a	SilentBuilder
2022-03-30	79212381210756457826.xls	xls	84e8a5c9e678935ebb0022e67a2160105d3f416ac8ff9118d76b0183acc1e233	n/a	SilentBuilder
2022-03-30	90552431251485522.xls	xls	5e42f72b6f48384d2369d13cce199bc20da44c757705ba69765152d0d1d02f96	n/a	SilentBuilder
2022-03-30	0132636074.xls	xls	86e52f0a682a1df7d90d7bcd0397e524613976d02acd17e8af00191aa679645c	n/a	SilentBuilder
2022-03-30	7736244226.xls	xls	24b89cd019e6987a69e365e3f47d53dd2968bebc7d905925b81d541b0f286110	n/a	SilentBuilder
2022-03-30	7405110348976.xls	xls	2a5de4f07ce0362b1cdc10c72712206d13a61347bd8e326f37cb10f2336fd02e	n/a	SilentBuilder
2022-03-30	80937841186053.xls	xls	9f44435aee050df19b847bec6a4937cd1b45adacae6e23564b742fc03a4012b6	n/a	SilentBuilder
2022-03-30	96576031628.xls	xls	5d07768d877f9d761c1fe49cf016d97f4195d6d138a24dd6d936faa5654ce764	23.33%	SilentBuilder
2022-03-30	672773363628847677.xls	xls	44d5403251abf78bcc06490d12cef37dfb9c334dea049aedafa5e6a86bbfb235	n/a	SilentBuilder
2022-03-30	573116665438627.xls	xls	ec2aa6f18594a4bc61f6fc977efd358ed21b613e43f91d5acd869c689c687f1d	n/a	SilentBuilder
2022-03-30	0213944356503257459.xls	xls	01409366f137f73a060ee83b1e33ce1812614f9182737ebfa8b621d931f2aef4	n/a	SilentBuilder
2022-03-30	9238301465414674323.xls	xls	119dde2b16a947658ca5ac6ba63f97a47e26b1fb1d29177c36bbd67ff0bc4252	21.67%	Heodo
2022-03-29	2510900278536.xls	xls	de194184575783e158c569cdb62687aa7e8fbb8472461511e2626db0430fadea	23.33%	SilentBuilder
2022-03-29	66359064293.xls	xls	c6838b4ea989471e3a9adb64996b9df81abf050a611dd96d4d2e098b4a8fc12b	n/a	SilentBuilder
2022-03-29	5836636260016737265.xls	xls	f4be1e05d18e62bc58c82cac3b742f7db7f4a1f499d4a772a6e0f5b085da7d4d	n/a	SilentBuilder
2022-03-29	43754841386190.xls	xls	3c425e75e8dd55c6300c63fe1dc1c0c60b40aa4586681c6e21d9e5c5e75a8c49	16.98%	Heodo
2022-03-29	543792186301.xls	xls	5facd7e6e06801b2f98d8622d9dfa7549dc7fbcc4d2f1cd957f193d81a1e7e31	23.33%	Heodo
2022-03-29	32206328310773.xls	xls	11e85a3bcab8d5d4f43929a8cf0783d612f20f10f38a0d84e702f110e149e565	23.33%	SilentBuilder
2022-03-29	954536511888235.xls	xls	c52e93e91b5d59d300c8514569b22a800531880de8cf3da12f3bf4166ebb3781	23.73%	Heodo
2022-03-29	165318176846182.xls	xls	299eef9367c7d46794f985f1653108dff2ea664d29f31b8ba1a08c934e1d42b6	23.33%	SilentBuilder
2022-03-29	687211612820305802.xls	xls	867434fed6520d51d6ab9e462cc33d2a09e120de7603f17cb852687812ffb18f	n/a	SilentBuilder
2022-03-29	428072456348153019.xls	xls	5bff4b82853506733c25f44c2619c4c6d8c7a828eaa9d5efb088548c4b7ef559	n/a	SilentBuilder
2022-03-29	1919472179616.xls	xls	9575e2971e7e9d0105384f20c77f085a66fe3e95903619289c697f24ab411e42	21.67%	SilentBuilder
2022-03-29	8834507387558538.xls	xls	63bd32a0fe469f74ded0c05b18cd562e671cf5d2655ccdd9b54ed62c92004750	28.81%	SilentBuilder