URLhaus Database

You are currently viewing the URLhaus database entry for http://guru.ga/hometutors.guru/invoice/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry



Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:546370
URL: http://guru.ga/hometutors.guru/invoice/
URL Status:Offline
Host: guru.ga
Date added:2020-09-17 16:13:04 UTC
Last online:2020-09-19 23:XX:XX UTC
Threat:Malware download Malware download
URLhaus blocklist:Not blocked
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Status unknown
AdGuard :Not blocked
Cloudflare :Not blocked
dns0.eu :Status unknown
ProtonDNS :Status unknown
OpenBLD :Not blocked
DNS4EU :Blocked
Reporter: Cryptolaemus1
Abuse complaint sent (?): Yes (2020-09-17 16:14:06 UTC to abuse{at}online[dot]net)
Takedown time:2 days, 7 hours, 14 minutes Poor (down since 2020-09-19 23:28:15 UTC)
Tags:doc emotet link epoch2 heodo link

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2020-09-19GE7020113089IA.docdoc e9325a711e0f6f605b85898c5b507d4320e1f1dc672c68172b06cda359b5107eVirustotal results 34.48%Heodo
2020-09-19PO_09192020EX.docdoc 2219a032fd67333ac69e83d15651054f5fa2ebf7711e2ff700faf7cf27bb18f1Virustotal results 35.59%Heodo
2020-09-19FILE_1681764064951.docdoc 7c266f2e5ff601cc96e9a3b11271921adc8347dc35f9eadfbbd514dbede04266Virustotal results 35.59%Heodo
2020-09-19REP_82970498234929262.docdoc 336faca574dbafcf9eb66a5499f5b37d83a6ad046b7a8a7db5636040fa605429Virustotal results 36.21%Heodo
2020-09-193873500176404580.docdoc 4493d7e26e63be3530687d6898ef66cb46cf1e3f614db9550f426d9416b77787n/aHeodo
2020-09-1969562786.docdoc 2bdb231a4e071c32f3734fa0ac5a13e5463ad6aea21e4a089fe1a1c69a56d372Virustotal results 36.84%Heodo
2020-09-19CI_XQIO7ACSI3T0VJ7X.docdoc 20afdfa7a7c7a299565cdd046c41bcbea4b1cbdc4041edc9f0e51d52dac04a0cVirustotal results 40.68%Heodo
2020-09-19INV_63750028080.docdoc 76908049cadf03a589e4584e32c9fdc00cfb638fa62d691d3fd7dfa3549dd318Virustotal results 35.59%Heodo
2020-09-19BAL_PO_09192020EX.docdoc d7f9f33aa1e41e5cf3ed675039323eedced58cb2e29f20b2fb2b6df79ab141d2Virustotal results 32.76%Heodo
2020-09-19KTB_090120_RFB_091920.docdoc e5d9bb556a385de29f04eccbf388a0e8f73f556394bfcaff0a6c7ffb15e85a48n/aHeodo
2020-09-19REP_PO_09192020EX.docdoc baf14caee52ad8e738841f063d3461ab68c5e2b2144a1a8b38d7c7bc5dbd0bf6Virustotal results 40.68%Heodo
2020-09-19DOC_PO_09192020EX.docdoc f985df117771ea00d82ebee99e084f574e31d0134d0ac1d15dff5478c02f6b91Virustotal results 36.21%Heodo
2020-09-19BAL_SU1JD3RLNELLKUZY.docdoc c066bc4500ead9e0889bdaa4bc27671470aaed708c36824216e519d2b9325dfen/aHeodo
2020-09-19DOC_RS6199181462ST.docdoc 32d451b2bae3e18f7c033f617f08f633bbe77e2bd4a98bd72d6fccb66ff80900Virustotal results 50.85%Heodo
2020-09-19CRF_95044186.docdoc 7c391c5dde83d6bcb96a44a794bdced0a65235c65e6ee19d33bd602b09df433fn/aHeodo
2020-09-19REP_0506359546885.docdoc 3d64095f4564ebc30eadbe6a61d8dd290bf34c82c7c49a9accc8179312fc53edVirustotal results 46.55%Heodo
2020-09-19DOC_49842909155618447870729.docdoc 2d22cb6bb2684459c707f30b23c49d03c4077803ebd1e4256c071f8d365ada55Virustotal results 31.58%Heodo
2020-09-19BAL_51782600.docdoc b906482b50c16f39e9ceb8f7fb0c7ea8b7f2480a25a5452f2006daea435d2d7dVirustotal results 36.21%Heodo
2020-09-19REP_AKY_090120_JTF_091920.docdoc 5cc754b56ea15b372576406cb73285d5c74e09ee434b62bb955e5c02caca6b68n/aHeodo
2020-09-19BAL_BJZ_090120_BPK_091920.docdoc 8edaaf5279e9bbfba0c2952d8545563f327f0648035e56774baef612d4777aafVirustotal results 31.67%Heodo
2020-09-19BAL_PO_09192020EX.docdoc cc21dad99db9fe14ebb5e963372e9b2bb57c453683119891b367387d06f812edVirustotal results 40.68%Heodo
2020-09-19O_VVFOJMTJZ.docdoc abedf8ebece852bb37a29e46ef57ea6685752259f7a642b458e8b3d3d57a5b34Virustotal results 32.20%Heodo
2020-09-19R_PO_09192020EX.docdoc cfa732f080d66f4255202de5836aedb5332dbe226ea5ff3e49c926ee56519cddVirustotal results 30.51%Heodo
2020-09-1905443797.docdoc b837078057329148a35e96ef42c7c83e16fd7f203fa7f1f225fc1a42246349c2Virustotal results 36.21%Heodo
2020-09-19REP_79638005.docdoc 30ee1918a15e45641f559b5bda9985c8aceb4a0e4e64e49de6364d24982556afVirustotal results 37.29%Heodo
2020-09-19PO_09192020EX.docdoc e8ba52929c7417d389ec7c09ee6326be03a51186987ca74d8ef79a98803150b5Virustotal results 40.68%Heodo
2020-09-19DOC_749888040.docdoc ec0a9a535ccb576248f4c7900428f2a898853aa83d6cdff165a23414125d8a68Virustotal results 35.59%Heodo
2020-09-18H_CDEEOCDZ.docdoc cdb734fc9234a80b1fda26d9fde564b0e14efadc283ba63e61e9031657f399ecVirustotal results 24.14%Heodo
2020-09-186OG0S9WZ5O.docdoc 40ef54fdb8b602c1bc31e33706b32c183df8c253a7d90563fd9504d73a7ecdf2Virustotal results 33.90%Heodo
2020-09-18DOC_3001758512828.docdoc af7a05d648d4175f924ff2431748c2bf40e15eeb256d2135bfeba80f4adbd149Virustotal results 24.14%Heodo
2020-09-18A_764712402.docdoc 143d3dfeff768c6ff529e34fe2134d9fcd1e8adffa35118c52d37eefb124abedVirustotal results 36.67%Heodo
2020-09-18DOC_7OWIRUPC.docdoc 21455be1e8a6b7f3e80642e32299fcf332e6f5d70f972e06cd861560e52f002cn/aHeodo
2020-09-18JMTG_HZ1186305145UZ.docdoc 6a500490be1db393b419c4d2dc1bd43557bd87fe40b7b996037834fb137d8d0eVirustotal results 31.67%Heodo
2020-09-18FILE_699587963982.docdoc f5fb5d637a37ec6c6c5288f46bb6ad3cb9559037f8df024aba1f9bde1d477a4aVirustotal results 42.37%Heodo
2020-09-18FILE_CIP_090120_KZE_091820.docdoc 68388c6e9de3f96e1a46baa9a6f0185dec5ce48b8a30d26e18c23161078e80f6Virustotal results 32.20%Heodo
2020-09-18DOC_AD9606330218VY.docdoc 1e3201bbb2deffb9ba87ab7c3c4a40d86a2453bd105b0bede74c0ede7aada9b9Virustotal results 28.81%Heodo
2020-09-18WDN_090120_CXI_091820.docdoc 2d14279414dca849e4148148eaa21237c4c7a73d826fb02538c7bb2083e4fb1aVirustotal results 21.05%Heodo
2020-09-18INV_18CZBRL3.docdoc 8573c35338d256c00f8807111d2736fac86afa7670f189c2c408a43752ecd8f0n/aHeodo
2020-09-18REP_1160479498452599.docdoc 2121c5bc91b394da5845d8effc92948979f57c4bf252ffd09451fda76e1c273bn/aHeodo
2020-09-18INV_20193994.docdoc 6abcae841dce14d172e12d2c27729756c194836844ccbba13a69617a31dbdd07n/aHeodo
2020-09-18BAL_PO_09182020EX.docdoc 83676faad35894bb04262d898f1279995a52ca4f91f343223e0403b6c915311eVirustotal results 49.15% Heodo
2020-09-18DE5700620771GQ.docdoc 1783b7210fc11d49c254e9d01607f32e9124044eebc736c34bf7d3fe06d7c0b0Virustotal results 49.15%Heodo
2020-09-18BAL_04217263.docdoc 01dc05c389198097e73f0e51d7e1ea7d9038367c30cf1e0408129374d3ed7db3Virustotal results 49.15%Heodo
2020-09-1818081138.docdoc fcba92929cd27ca2bdb803c58ca49fdd35fc6f3b2781278d45dd62e1e46f8742n/aHeodo
2020-09-18DOC_OR0129505929LH.docdoc 8f5dd0f7d3c0f356a4a2cd39351f11b5be1e32ff16162229fff6548dc8ada245n/aHeodo
2020-09-18TPUE_PO_09182020EX.docdoc 8780a28bd25c92af4f9ad2f7a4b99acaa81ae7f410964f7155f9b69037cd2c15Virustotal results 49.15%Heodo
2020-09-18A_PO_09182020EX.docdoc 8e53c80df5380a098783ffbee94ed572d63fecf8753904f25a12075657f1d4den/aHeodo
2020-09-1842952418.docdoc 4401b8e76e1cba8daffe10ee7151f70d1ccb78a6857c49598c33f9b8bade1541Virustotal results 49.12%Heodo
2020-09-18354671682965.docdoc eaf897448ba42c47e03919da87640483febb9e38c0f457471d5b91d0bd6b99e7n/aHeodo
2020-09-18BAL_G77FDLCLNQ.docdoc 37058579c0adf49f3f4170d008f3e01704bb07a33edd9b8bb1173e8127c85904Virustotal results 40.68%Heodo
2020-09-18INV_PO_09182020EX.docdoc 8f433669bafea35f75ac63a4e6aba4cb6345029b4f5d32f42c177071467f9623Virustotal results 41.38%Heodo
2020-09-18BAL_98490619.docdoc 7a087796ba52981da1f8e06f79b5bd1bdebeb961afe1f01af7864edfe071712en/aHeodo
2020-09-18INV_707790907450200528609.docdoc 6e7c00de38741f3be4716a2fb65e495fb306a6a7ff86de27893f5c3e83cab5b5Virustotal results 35.00%Heodo
2020-09-18HIA_090120_EBD_091820.docdoc bf8ba8f948673c3556726edb8ae210bb81ee962e4c6a15cfd27e3901396960a4n/aHeodo
2020-09-18DOC_04341581.docdoc 07610dc0b3d7c1c61c9b30505f85c5cb407258560a13dd183500c1693dec0dadVirustotal results 38.98%Heodo
2020-09-18A_2TP41AEK6M.docdoc 57c17b60cd1c361ac69813484b6a4f453aa7cf993c0ec2338665a320341e496bVirustotal results 38.98%Heodo
2020-09-18BAL_PRB_090120_CLE_091820.docdoc fd659c59f931854b96e0428e622a370da964253713c66c1b28343011322629daVirustotal results 36.21%Heodo
2020-09-18DOC_UGK0P3Y.docdoc 6e221be1094865f6f92e91e222da06c0cfb67ce691d0bd25afb4b4324bb05714n/aHeodo
2020-09-18DOC_PO_09182020EX.docdoc b157c7e4296be966f45fa1efac02053cbc78a6c2012faf885bd9654287f0f35dVirustotal results 35.59%Heodo
2020-09-18H_PO_09182020EX.docdoc fa5d401c1fa37a461f925c0ac23b8d1864c0081416c0b6494f9ba40ad25851een/aHeodo
2020-09-18MR_13960443.docdoc 5c9ee841d3f2ca4934e2df7970319d3d7eaa875a68f3df8f691f19191fd138fen/aHeodo
2020-09-18JOS_090120_MOZ_091820.docdoc 2ba5ff25d9be507686f6f7c65f57b571384f713824ea7f83ca31e60eab0fdc42Virustotal results 33.90%Heodo
2020-09-18754066339424592386759943.docdoc 09c747a3e72d8531c6bc31fb7da3dd71c0112e6bdc7a08c92794adbe46857574Virustotal results 33.90%Heodo
2020-09-17Y_PO_09182020EX.docdoc 0606ba599bf7a4fca591dc6e4c5b29805cb37284a37a2cefd0f5237a52ce46acn/aHeodo
2020-09-1783426524.docdoc 5735f038fc7e1b58a8e434b1b4e5080173709bb93463e49005fef016349811b8n/aHeodo
2020-09-17BAL_04800142.docdoc edee77f468412b29903ec095de648b2214e471174deffc438b41cb18fed1058bn/aHeodo
2020-09-17DOC_17834129.docdoc 30a0aafbc20b823f768e9269e11b9794bc842a0a27daa52f1b09d0f8e87895b3n/aHeodo
2020-09-17RHLZ_PMG84QH.docdoc 009081468aa09b402378444010fd772036dbefb92c839179c69cdbcb23133a33n/aHeodo
2020-09-17FILE_140QSGFTB94D.docdoc 12d6b38f752ecea5e77fa8c3623f322427bd77fbe3070efe165d432a739f4bd1Virustotal results 33.90%Heodo
2020-09-17PO_09172020EX.docdoc 794d05a964943c6e59eef584b6bd5ee060dec7907a990ec1a0d71260e641c74dVirustotal results 47.46%Heodo
2020-09-17BAL_69140763.docdoc c81ad3ff9f4ab6829b4f06308391cea0e98bb5e371462d2bad0bcee9961b99ean/aHeodo