URLhaus Database

You are currently viewing the URLhaus database entry for http://escorter.info/document/Invoice_number/waoK-BDHbD_pJFRw-WQg/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry




ID:114899
URL: http://escorter.info/document/Invoice_number/waoK-BDHbD_pJFRw-WQg/
URL Status:Offline
Host: escorter.info
Date added:2019-01-31 20:39:15 UTC
Threat:Malware download Malware download
Google Safe Browsing:Clean
Spamhaus DBL:Not listed
SURBL:Not listed
Reporter:@Cryptolaemus1
Abuse complaint sent (?): Yes (2019-01-31 20:40:03 UTC to admin{at}frantech[dot]ca,fdias{at}frantech[dot]ca)
Takedown time:16 hours, 18 minutes Good
Tags:doc emotet link epoch2 heodo link

Payload delivery


The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTSignature
2019-02-01PAY99551532043662749.docdoc 0c661e5988f7e1e17759c3a4bb73aafccfbfe9ab27509d3b68e7c8ba0fbe1460Virustotal results 32.73%Heodo
2019-02-0128262207409128255070.docdoc 0d29961633b0b6301ca1ffdb3988052c55dc7241ae5fe743fbf10fd84021cbe1Virustotal results 31.58%Heodo
2019-02-01US73355619997789777932.docdoc 135a1b0278442e31d559f770713d98d3a5f0e04db76a65ec23e01c1ef7eadc52n/aHeodo
2019-02-01PAY7369359504556.docdoc fa7a1db6fd5b5012df922dc035d668901d74f740bd6f58296b35b47ce26cb1a0Virustotal results 33.93%Heodo
2019-02-01PAY16692800839316394.docdoc 91130b1b6859b4394f2a14bf09b500000758188bdadb50719fbd20ce55a346f4Virustotal results 32.76%Heodo
2019-02-01US119527045156411174.docdoc f989d2aefbda20268089ce551567d98b4887ac504b17cb3e2768ee96d3b8a2dbn/aHeodo
2019-02-01673116604853908.docdoc 984ec4af5760fed18d559200b356fe49b4af32ab979d129f775ef143425dadb3Virustotal results 28.57%Heodo
2019-02-01KFZZW0679420378590975353.docdoc c40bea614380796f1479c21e4640c9d8df76efe044fddcc49b8cf1f3dc16a990n/aHeodo
2019-01-31US64901165908.docdoc d08f26201494e7674b68b80ab70e2e51c6824a1ee164239b2d7dc95906fea519n/aHeodo
2019-01-31PY205726951254.docdoc 8a31a5b38738b287ed94cc9dc1cde98765ed496e8994bc82b3cfa954be4b2c67Virustotal results 31.58%Heodo
2019-01-31PD099863653875.docdoc 03cadc62cf49c9398d3850d978ce7d7d9a1ff99f9951b9ff6a06c8bbccad7afeVirustotal results 32.14%Heodo
2019-01-31US07103876397.docdoc d7ecd092013bd187c9b10bba8c1bddc3fdf743612d04238f1ffec431468104b9Virustotal results 31.58%Heodo
2019-01-3188400848162522651581.docdoc 9af7777057c7236d94485d28ab958944324abd9b0aaf0ebc795083d715425da8Virustotal results 32.14%Heodo
2019-01-3198814522965.docdoc c07a61a5b1ee83de86af92efba849440b6bce01e494c2bd7e7c7909fad309b5eVirustotal results 29.31%Heodo
2019-01-319224741707903007568.docdoc 4c56a9814da81a0f35e9d74cc83828bf4a7f6e50ece537f91a2fe4331dcebfb9Virustotal results 29.82%Heodo
2019-01-3125618518195170249557.docdoc 7bff57b9e2b7c0281c441af7d2f0127cb98cf7f958f779ef0a76d1ca397775f4Virustotal results 28.07%Heodo
2019-01-31YCSRP39604714422535.docdoc ec0d2d376429f70b9e67e34fdd4d12f41b9e146b5685be0c8d6d33484dd2bdb3Virustotal results 28.57%Heodo
2019-01-31PAY0148030793944460485.docdoc 1dc7f39a6bede1294afb1047e4deb436fffb193c94534267d85a9b82c546a28cVirustotal results 26.32%Heodo