URLhaus Database

You are currently viewing the URLhaus database entry for http://wealthytiffany.com/cgi-bin/CWRVSPJ/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry



Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:433250
URL: http://wealthytiffany.com/cgi-bin/CWRVSPJ/
URL Status:Offline
Host: wealthytiffany.com
Date added:2020-08-14 13:49:07 UTC
Last online:2020-08-14 16:XX:XX UTC
Threat:Malware download Malware download
URLhaus blocklist:Not blocked
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Not blocked
AdGuard :Not blocked
Cloudflare :Not blocked
dns0.eu :Not blocked
ProtonDNS :Not blocked
OpenBLD :Not blocked
DNS4EU :Not blocked
Reporter: spamhaus
Abuse complaint sent (?):mail Yes (Ticket DCU002867770 created on 2020-08-14 13:50:05 UTC)
Takedown time:2 hours, 49 minutes Good (down since 2020-08-14 16:39:37 UTC)
Tags:doc emotet link epoch3 heodo link

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2020-08-14Invoice-CS957-74255476.docdoc 54df62d76577ab1dcc9c7245f1bcae17e8b7e93da9016cc284a16001fed3e106Virustotal results 30.51%Heodo
2020-08-14INVOICE-136-555060.docdoc 21511c67cd43296f448679a1ab0dcb2df5dc543f64170dcb21ebb6858afd53a9Virustotal results 28.33%Heodo
2020-08-14InvoiceZL658310828.docdoc 936f0b1c957e1480cdba3c5cefac63730008c19b570d825bd0d6c6de85ca38b2Virustotal results 27.87%Heodo
2020-08-14invoiceOV714885229.docdoc fba29ef907a8790525fcff2cfe679305e27fa936ebba8306a8c78bbd21d0b258n/aHeodo