URLhaus Database

You are currently viewing the URLhaus database entry for http://escorter.info/document/Invoice_number/waoK-BDHbD_pJFRw-WQg/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry


ID:114899
URL:http://escorter.info/document/Invoice_number/waoK-BDHbD_pJFRw-WQg/
URL Status:Offline
Host:escorter.info
Date added:2019-01-31 20:39:15 UTC
Threat:Malware download Malware download
Google Safe Browsing:Clean
Spamhaus DBL:Not listed
SURBL:Not listed
Reporter:@Cryptolaemus1
Abuse complaint sent (?): Yes (2019-01-31 20:40:03 UTC to admin{at}frantech[dot]ca,fdias{at}frantech[dot]ca)
Takedown time:16 hours, 18 minutes Good
Tags:doc emotet epoch2 heodo

Payload delivery


The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTSignature
2019-02-01PAY99551532043662749.docdoc0c661e5988f7e1e17759c3a4bb73aafccfbfe9ab27509d3b68e7c8ba0fbe1460Virustotal results 18 / 55 (32.73)Heodo
2019-02-0128262207409128255070.docdoc0d29961633b0b6301ca1ffdb3988052c55dc7241ae5fe743fbf10fd84021cbe1Virustotal results 18 / 57 (31.58)Heodo
2019-02-01US73355619997789777932.docdoc135a1b0278442e31d559f770713d98d3a5f0e04db76a65ec23e01c1ef7eadc52n/aHeodo
2019-02-01PAY7369359504556.docdocfa7a1db6fd5b5012df922dc035d668901d74f740bd6f58296b35b47ce26cb1a0Virustotal results 19 / 56 (33.93)Heodo
2019-02-01PAY16692800839316394.docdoc91130b1b6859b4394f2a14bf09b500000758188bdadb50719fbd20ce55a346f4Virustotal results 19 / 58 (32.76)Heodo
2019-02-01US119527045156411174.docdocf989d2aefbda20268089ce551567d98b4887ac504b17cb3e2768ee96d3b8a2dbn/aHeodo
2019-02-01673116604853908.docdoc984ec4af5760fed18d559200b356fe49b4af32ab979d129f775ef143425dadb3Virustotal results 16 / 56 (28.57)Heodo
2019-02-01KFZZW0679420378590975353.docdocc40bea614380796f1479c21e4640c9d8df76efe044fddcc49b8cf1f3dc16a990n/aHeodo
2019-01-31US64901165908.docdocd08f26201494e7674b68b80ab70e2e51c6824a1ee164239b2d7dc95906fea519n/aHeodo
2019-01-31PY205726951254.docdoc8a31a5b38738b287ed94cc9dc1cde98765ed496e8994bc82b3cfa954be4b2c67Virustotal results 18 / 57 (31.58)Heodo
2019-01-31PD099863653875.docdoc03cadc62cf49c9398d3850d978ce7d7d9a1ff99f9951b9ff6a06c8bbccad7afeVirustotal results 18 / 56 (32.14)Heodo
2019-01-31US07103876397.docdocd7ecd092013bd187c9b10bba8c1bddc3fdf743612d04238f1ffec431468104b9Virustotal results 18 / 57 (31.58)Heodo
2019-01-3188400848162522651581.docdoc9af7777057c7236d94485d28ab958944324abd9b0aaf0ebc795083d715425da8Virustotal results 18 / 56 (32.14)Heodo
2019-01-3198814522965.docdocc07a61a5b1ee83de86af92efba849440b6bce01e494c2bd7e7c7909fad309b5eVirustotal results 17 / 58 (29.31)Heodo
2019-01-319224741707903007568.docdoc4c56a9814da81a0f35e9d74cc83828bf4a7f6e50ece537f91a2fe4331dcebfb9Virustotal results 17 / 57 (29.82)Heodo
2019-01-3125618518195170249557.docdoc7bff57b9e2b7c0281c441af7d2f0127cb98cf7f958f779ef0a76d1ca397775f4Virustotal results 16 / 57 (28.07)Heodo
2019-01-31YCSRP39604714422535.docdocec0d2d376429f70b9e67e34fdd4d12f41b9e146b5685be0c8d6d33484dd2bdb3Virustotal results 16 / 56 (28.57)Heodo
2019-01-31PAY0148030793944460485.docdoc1dc7f39a6bede1294afb1047e4deb436fffb193c94534267d85a9b82c546a28cVirustotal results 15 / 57 (26.32)Heodo