URLhaus Database

You are currently viewing the URLhaus database entry for http://www.reifenquick.de/Scripts/statement/ul397wfyb/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

ID:	436727
URL:	http://www.reifenquick.de/Scripts/statement/ul397wfyb/
URL Status:	Online (spreading malware for 5 years, 3 months, 27 days, 11 hours, 31 minutes)
Host:	www.reifenquick.de
Date added:	2020-08-19 17:16:10 UTC
Threat:	Malware download
URLhaus blocklist:	Blocked
Spamhaus DBL :	Abused domain (phishing)
SURBL :	Blocked
Quad9 :	Blocked
AdGuard :	Blocked
Cloudflare :	Blocked
dns0.eu :	Not blocked
ProtonDNS :	Blocked
OpenBLD :	Blocked
DNS4EU :	Not blocked
Reporter:	spamhaus
Abuse complaint sent (?):	Yes (2024-12-20 07:37:53 UTC to abuse{at}dogado[dot]de)
Tags:	doc emotet epoch2 heodo

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Bazaar	Signature
2020-08-21	BAL_94G1BA0C0.doc	doc	f81e4de8069e9551180db92af779f1c19f7bfef0dde8f9696ae0b242d3fb8f2d	25.86%		Heodo
2020-08-21	D_PO_08212020EX.doc	doc	b9867ead986e6afb8337409a0b509cac26e3d383deb83f38f1cfcde8eaf3ab01	22.81%		Heodo
2020-08-21	REP_47382437.doc	doc	eb855bb87c7f169f8aaa2bfd0ba1d2866f6098815ac1e5b58bdf85e0b264cfd9	20.34%		Heodo
2020-08-21	REP_RMA_080120_SWL_082120.doc	doc	d3e288e78e76e10c2214ea9589c989760fc693bb097650669c7f37b9332698c5	20.34%		Heodo
2020-08-21	JZ2132423653KY.doc	doc	a99bc78979b657a1d16c9c3cb64ddfbd2d0317097210ad0dd85088b7a6c1b3ce	31.03%		Heodo
2020-08-20	UHY_DHH_080120_UGW_082120.doc	doc	d450de331053e84b06f103ae247fdd8ad2af1cb161c3fd94262071d22e1ed2ea	30.51%		Heodo
2020-08-20	FILE_53040140900885794.doc	doc	ea9a29f42ce90bd0cc4aa2b4758dc76ce4a5d639dcbe1ee8f4f0b61632793577	30.00%		Heodo
2020-08-20	FILE_EL5763669509KJ.doc	doc	172af56801cf4f253a30974aeeddb1910408d1417b4d8bffbefe887436c3b633	35.00%		Heodo
2020-08-20	PO_08202020EX.doc	doc	4685f60dcdfb132f5246b79cc2e4f5c0748fc9ef73f54c0f104bbda17ad7b1ee	25.00%		Heodo
2020-08-20	TBU_XVM_080120_QCO_082020.doc	doc	63e9e5abc6b0d9e61f8f83baae44d5028c4c9ebe62e0ee337e3313c1e83841f4	20.00%		Heodo
2020-08-20	NKI8VH2WPAS9QWO.doc	doc	3199024c14912493d637c88ae08b8050bdf85ea6356730c1117850e130d1669a	18.03%		Heodo
2020-08-20	QEZU_00502082.doc	doc	bbfbe727d8a5b53456c3b234d64899d7789a885517c719fb9c26c890e009318a	41.67%		Heodo
2020-08-20	FILE_6794565581804.doc	doc	3adba5d0d3b9f8425b3f663d9a4e49ea5d5effd605916f354e932e1fae4486e4	41.67%		Heodo
2020-08-19	INV_0162098998.doc	doc	7e5b76a38e43b23ba86cbd7ce11677e2b6cc5c68fe8566a623bfeff47be9c512	33.33%		Heodo
2020-08-19	C5JTX12NN93V.doc	doc	36a290d9df91c6881e6f23de7e03e02206ef7ca2d8aac9d585308806b6e2b965	n/a		Heodo
2020-08-19	S21H4A99A.doc	doc	7f3f68fc29feddc0494e2e4853b7454b5d0cceeabe5e0bcd13029c5ec301e9c6	n/a		Heodo
2020-08-19	BAL_CB6874692469ES.doc	doc	a882484dd319c7363eab50da170eaf45d0be854d4208c86d3d9fa00621f2f9d9	n/a		Heodo
2020-08-19	S_8F0N9C7PHWF.doc	doc	39f8850f02b807a843447f461d3436d67191f0f08709c03d32958988964b5e9f	n/a		Heodo
2020-08-19	BAL_23104189609620588991.doc	doc	d6d6d04fedae2537ae4cacad5ce33a5b5d5964d22f97c381def52cac01666902	22.03%		Heodo
2020-08-19	BAL_12141056.doc	doc	d9d8ec245eab78761795bfab0930cb5dd903e1157eec18a517b867e004191413	18.33%		Heodo
2020-08-19	REP_PO_08192020EX.doc	doc	77834d629af8b45f85ec232e03fab3cf97e78e448b23fe48bc93ad6a391f3c90	n/a		Heodo
2020-08-19	6IZKLJU.doc	doc	a47b7f6d9af6602b2dac196cb0faf5414e8a3d7f94604f937e2e66f19fd17b61	n/a		Heodo