URLhaus Database

You are currently viewing the URLhaus database entry for http://www.reifenquick.de/Scripts/open-0627720493640-azQ24PfFjRm/guarded-space/gxkx9t42ra6yf-6x7uyx330389w/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

ID:	426390
URL:	http://www.reifenquick.de/Scripts/open-0627720493640-azQ24PfFjRm/guarded-space/gxkx9t42ra6yf-6x7uyx330389w/
URL Status:	Online (spreading malware for 5 years, 4 months, 10 days, 19 hours, 34 minutes)
Host:	www.reifenquick.de
Date added:	2020-08-06 16:04:05 UTC
Threat:	Malware download
URLhaus blocklist:	Blocked
Spamhaus DBL :	Abused domain (phishing)
SURBL :	Blocked
Quad9 :	Blocked
AdGuard :	Blocked
Cloudflare :	Blocked
dns0.eu :	Not blocked
ProtonDNS :	Blocked
OpenBLD :	Blocked
DNS4EU :	Not blocked
Reporter:	spamhaus
Abuse complaint sent (?):	Yes (2024-12-20 07:37:53 UTC to abuse{at}dogado[dot]de)
Tags:	doc emotet epoch1 heodo Quakbot

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Bazaar	Signature
2020-08-08	MES-MA1333.doc	doc	eea494e866becd4ce5d21eaf4ba21c10cb806a32d385336edd7517d8b14af028	43.55%		Heodo
2020-08-08	FILE-2175.doc	doc	ba50483a5407dc7d213263534638c2e4e0445d9d06f977dc496e979beda32f33	40.98%		Heodo
2020-08-08	REP-20200808-78153.doc	doc	84cce9a551dc2eb66990351d4d17dd8c37f457ad337bcb9984231f608208258a	43.33%		QuakBot
2020-08-07	Inf-8203710.doc	doc	5d2b88e4fefb1593bca1de5b27276ba0d00140416c91339fc6fd44431c8ccbd9	40.00%		QuakBot
2020-08-07	Mes 2020_08_08 J6970.doc	doc	0ac47ffbd42f03c480345a7dd4402200a64b23da9c45e237bc7dd243e9047948	37.10%		QuakBot
2020-08-07	Doc_2020_08_07.doc	doc	acf64b8e97e3201f06314a33733d479adef77620d8c569663be2e02c3ef38e98	33.87%		QuakBot
2020-08-07	Doc-NB344.doc	doc	8cbee4a45b5e799b5147bd50530fc9dded0b2e61503523a65ca24a68a3ac2c08	29.51%		QuakBot
2020-08-07	ARC_20200807_IS71274.doc	doc	0c521d971d4f848f0fe2d2602be0198ed41c412db71a3dab065d5100be08bb04	31.67%		QuakBot
2020-08-07	doc_7110.doc	doc	18df1f0332f24e7a2a573935396295be9ddaeb01f6008e8e0adb15c0a2b51bbb	26.67%		Heodo
2020-08-07	Mes-38246.doc	doc	c5900771fe96ab3ae58a92effdf774311499cccacae052f64f8b4ead02e3c15c	24.59%		Heodo
2020-08-07	Mes_2020_08_07_67073.doc	doc	d19de294ca34ac739da82bca124ab66a015895df4257b9010bc196ae0944bdd8	25.00%		Heodo
2020-08-07	MES_HG2352.doc	doc	0eb0994986124da10b6ee49b964e94dbe57134f1819b3fc46a6aa11253b5c977	26.23%		Heodo
2020-08-07	Mes_JAP189.doc	doc	d55a2e0971027bd30b6722f6827d6344f1126b7f7ba6c04a91179b881ca6e98a	26.23%		Heodo
2020-08-07	MES_2020_08_07_8354.doc	doc	9fda153dee6f47ac4ab198402cc17dac3bd96bd975458ef5dc23e2345abe48bd	43.33%		Heodo
2020-08-06	Inf 4573.doc	doc	5cb62b11691b27c6ec5d24b27bab599c25a26d94a7edc30aac2f8693ae3fcc72	27.87%		Heodo
2020-08-06	mes-20200807-APE84537.doc	doc	60317c70b7bf645aaa1486df2110ed8d5b562fa849d73b3d6c850093713545b8	29.51%		Heodo
2020-08-06	ARC 20200806 D731.doc	doc	a0e4c8a409c56a22b765c4ebe9e42dcaa8078b4986f8db0db88b91f0ee11f107	26.23%		Heodo
2020-08-06	REP_1214574.doc	doc	e4c0b9acd76b72b5cfaae774818c9222ae052b5fdcb6c29bac642d6c0b720477	26.67%		Heodo
2020-08-06	List-20200806-V73616.doc	doc	d526df7960cf7fe141094c78d40e1e5840f5782cf93e0b0fce601e70c56dec75	22.81%		Heodo