URLhaus Database

You are currently viewing the URLhaus database entry for http://reefrentalssamoa.ws/excel-connection/aQYdJZAW53u87ANUg3lu94/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry



Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:756240
URL: http://reefrentalssamoa.ws/excel-connection/aQYdJZAW53u87ANUg3lu94/
URL Status:Offline
Host: reefrentalssamoa.ws
Date added:2020-10-27 12:34:06 UTC
Last online:2020-10-27 21:XX:XX UTC
Threat:Malware download Malware download
URLhaus blocklist:Not blocked
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Not blocked
AdGuard :Not blocked
Cloudflare :Blocked
dns0.eu :Not blocked
ProtonDNS :Not blocked
OpenBLD :Not blocked
DNS4EU :Not blocked
Reporter: Cryptolaemus1
Abuse complaint sent (?): Yes (2020-10-27 12:36:12 UTC to ispoperations{at}csl[dot]ws)
Takedown time:9 hours, 22 minutes Good (down since 2020-10-27 21:59:01 UTC)
Tags:doc emotet link epoch2 heodo link

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2020-10-27list_37465317.docdoc a99f2aea456cc18c69c4cfb2a2eda92fdeae784f7275e3ad000457fb02e614can/aHeodo
2020-10-27REP_PO_10272020EX.docdoc 2fcbe5dbdb069526a9daacc2996b8e3d328162b29e0b31e68ef631603c7dd445Virustotal results 44.44%Heodo
2020-10-27DAT_ZY5629349214XV.docdoc 26334b62aa0e9ede3dbb964e4519bfd8864952e21555d976db4332851a0affa5Virustotal results 46.67%Heodo
2020-10-27T_E17S8Q47.docdoc 09244c423c3262527e5deda11a9ade5df8ec453d879c5fb6e6cb2afd3121ffccn/aHeodo
2020-10-27Mes_TY5030620336BO.docdoc 04c4ec6ce334fcb141b92d6e0a177aa261d773d79e3c9a671db3fe228bc7fa7dVirustotal results 47.46%Heodo
2020-10-27Inf_RC5981271363AX.docdoc 962fbbf94c656f8adb7fbc7ea014c1d73a53e89da111f32496bdf5c1cd019738Virustotal results 37.04%Heodo
2020-10-27rep_05456778.docdoc e7209fda6a92ab1c1d55690ebcbfa32f2f0dd773e2912bcd0259bb91509a2e94n/aHeodo
2020-10-27inf_PO_10272020EX.docdoc 6fa6e20d7ec107f63284a312ab290e80286e32c497a623e5002f111ce34dee75n/aHeodo
2020-10-27DAT_49434825.docdoc 7ab5121bd532bdefd823a9e26de4a8362182cdfc702eadf11b49dd1ae9428934n/a Heodo
2020-10-27L_67394993.docdoc c120434d0b02ba65e0e0cb0a24abde6889eb5d169602923f1b0f87567f9ac207Virustotal results 33.33%Heodo
2020-10-27List_427352391619.docdoc 905ceb0eff34fd8a2396baf84fc27ea60aef1d231965ccb9dc63875a8674c070n/aHeodo
2020-10-27QXXM5VA.docdoc 1f2f51694630787d01ae02ff2756114d0d9e38a8de09470e63aae9dbfc0fcf69Virustotal results 37.10%Heodo
2020-10-27Doc_EHCROFSELSW04G6.docdoc 901b7928cfb286b90c7bd949481eeb663937cedfe0dc36b49fd069dd437717c3n/aHeodo
2020-10-27list_RPZ_100120_MWS_102720.docdoc 39e60430550edba1fbe6da455accea7d2394d8a0b921d4747fdd365442519b76Virustotal results 33.87%Heodo
2020-10-27list_TF6751358291OX.docdoc dfba0c0279ce312703161fc36a706210611ed837313ae97396607890e243f668n/aHeodo
2020-10-27UNTITLED_AJ4643027412MD.docdoc 472855cd3df0a0cce883291e7b83e603b9934f62180f27514c79d047ece1ee3dn/a Heodo
2020-10-27Rep_PO_10272020EX.docdoc adfa83c658670b7c3aa3597f7124eab031ffc038977fd0ddf67b070552c55e2cn/aHeodo
2020-10-27P_JKM_100120_LWD_102720.docdoc 9a25919303a6d0b1210df01ae35bc7d31040fb1463dc977b75c5f7f11170a42fVirustotal results 38.46%Heodo
2020-10-27Mes_UD1389614001ZC.docdoc f08dcbd662346509dda32a750aef30760483bb319be71138d1973e4b3e98c98en/aHeodo