URLhaus Database

You are currently viewing the URLhaus database entry for http://kereselidze.com/Documentation/3ib95dook/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	435256
URL:	http://kereselidze.com/Documentation/3ib95dook/
URL Status:	Offline
Host:	kereselidze.com
Date added:	2020-08-17 23:24:34 UTC
Last online:	2021-02-14 11:XX:XX UTC
Threat:	Malware download
URLhaus blocklist:	Not blocked
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Not blocked
AdGuard :	Not blocked
Cloudflare :	Not blocked
dns0.eu :	Status unknown
ProtonDNS :	Not blocked
OpenBLD :	Not blocked
DNS4EU :	Not blocked
Reporter:	spamhaus
Abuse complaint sent (?):	Yes (2020-08-17 23:26:02 UTC to abuse{at}magtinet[dot]ge)
Takedown time:	6 months, 0 days, 11 hours, 43 minutes (down since 2021-02-14 11:09:51 UTC)
Tags:	doc emotet epoch2 heodo

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2020-09-17	BAL_90672376.doc	doc	d455be8bab47cee43ba5e71e1ecb482cddbc0c320d39874a081d23d5d27d7fa8	72.88%	Heodo
2020-08-18	BAL_23TMWMPRXPR.doc	doc	eec53e193ef4301a8a7e0c901b5525cc447136daa569cb0a4e589d75bed15be9	n/a
2020-08-18	W_NHIDPCKUZK6.doc	doc	27c375a8f3878f06b0f95f14705dbf8400f42c0208bdbffc432c9fe9be231b7a	41.67%	Heodo
2020-08-18	DOC_6002695069780261160771969.doc	doc	4b2c463c130aa9358e9853fd7af4e476c3f9721168623f6befc47050979d936e	42.37%	Heodo
2020-08-18	FILE_1LUUW8M7SXLEMS.doc	doc	5b6530e4d580725b37bd1d03eeb44c472d0529b1422b830bebdc62bf8b6d0c83	n/a	Heodo
2020-08-18	28953295436759.doc	doc	5fd9d575a13678e66d43f02aa919121a34f26ff8ef42fd2b43a475f1e96a0188	40.98%	Heodo
2020-08-18	464673237740408.doc	doc	a9f2dfb969ec4a5c09edfdcf49a041eed112c8ef64c36610131b1ef17118292a	41.67%	Heodo
2020-08-17	37231804.doc	doc	dff1df7c560a8a24caa14cf006d941b7c3d80648923fc99f691cf668706dd683	n/a	Heodo
2020-08-17	FILE_4A59NPQ.doc	doc	c0bd051153ba3fc559191e1a744dafb51332259e42fe8e436dade8cc96fae9ee	n/a	Heodo
2020-08-17	REP_730770730.doc	doc	6cfd3bc71ff38c615ec9c2b54e9f7b2a878e5b34918ef26526b8d2695f04ba6e	42.62%	Heodo
2020-08-17	LND_51436817.doc	doc	7b77207a79af88d9ae875004fe564803f06bf6fc32432e99635e7910c43e720d	n/a	Heodo