URLhaus Database

You are currently viewing the URLhaus database entry for http://rebeltraiteur.com/cgi-bin/ww/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry



Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:431182
URL: http://rebeltraiteur.com/cgi-bin/ww/
URL Status:Offline
Host: rebeltraiteur.com
Date added:2020-08-12 17:59:29 UTC
Last online:2020-08-12 19:XX:XX UTC
Threat:Malware download Malware download
URLhaus blocklist:Not blocked
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Status unknown
AdGuard :Not blocked
Cloudflare :Blocked
dns0.eu :Status unknown
ProtonDNS :Status unknown
OpenBLD :Not blocked
DNS4EU :Blocked
Reporter: Cryptolaemus1
Abuse complaint sent (?): Yes (2020-08-12 18:00:08 UTC to abuse{at}hostpapasupport[dot]com)
Takedown time:1 hour, 35 minutes Good (down since 2020-08-12 19:35:38 UTC)
Tags:doc emotet link epoch3 heodo link

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2020-08-12Invoice-J4-273487632.docdoc bbf084bcd83d08a6693798f851e3af34cc7c303afb235c8c25fe237ec00315cbVirustotal results 48.33%Heodo
2020-08-12Invoice-57-17163003.docdoc 773bbccfa255f100e61a8949ed19308ff66fc817fcc06e34e5d1aa2d8746ca7aVirustotal results 45.90%Heodo
2020-08-12Inv-TU73-295034698.docdoc 3ac3af554f63c5c308ab18407e4d3aa155f7a2ada7a3be3b6bda7eb71fde450cVirustotal results 47.46%Heodo
2020-08-12INVOICE-D8787-5839178.docdoc 85ffd484ff4118230d529f8a3de7001cd925e004c7db29739a2364c8bdce18abVirustotal results 43.33%Heodo