URLhaus Database

You are currently viewing the URLhaus database entry for http://woatinkwoo.com/RUI/levond.php?l=reeza5.xap which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry


ID:68417
URL:http://woatinkwoo.com/RUI/levond.php?l=reeza5.xap
URL Status:Offline
Host:woatinkwoo.com
Date added:2018-10-16 16:06:11 UTC
Threat:Malware download Malware download
Google Safe Browsing:Clean
Spamhaus DBL:Not listed
SURBL:Not listed
Reporter:@de_aviation
Abuse complaint sent (?): Yes (2018-10-16 16:08:02 UTC to abuse{at}ovh[dot]net)
Takedown time:1 day, 22 hours, 33 minutes Poor
Tags:Dreambot exe Gozi ursnif

Payload delivery


The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTSignature
2018-10-16reeza5.xapexe4f9e86088304d22b1021ca941d32f2462e8d53ba68db2f9b10f4e2065999b9beVirustotal results 33 / 66 (50.00)Gozi
2018-10-16n/aexe56448168d1ca7a7c7b1f4da73faebc5a31f03be0265b1f51673bb6f0cda9342dVirustotal results 12 / 68 (17.65)Gozi
2018-10-16n/aexef1e0c18e867b53f780f530886da8b900e9d47310d1b72665533221643c49457fVirustotal results 14 / 67 (20.90)Gozi
2018-10-16n/aexe3cba6eb870805e6619af9ab0ff9f6a9034407399a9e4e3402336e71c6827df56Virustotal results 10 / 67 (14.93)Gozi