URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host: altitude.rafemcha.com
Domain registrar:GoDaddy -
Domain registration date:2021-02-05 10:32:11 UTC
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Status unknown
AdGuard :Not blocked
Cloudflare :Not blocked
ProtonDNS :Status unknown
OpenBLD :Not blocked
DNS4EU :Blocked
Control D HaGeZi :Not blocked
Firstseen:2022-01-26 15:06:03 UTC
Total malware sites :1
A record(s) observed :16

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)IP addressHostnameSBLASNCountryActive?
2022-02-01 02:31:05 188.114.96.3Not listedAS13335 CLOUDFLARENETn/ano
2022-02-01 02:31:07 188.114.97.3Not listedAS13335 CLOUDFLARENETn/ano
2022-10-19 10:58:24 188.114.96.5Not listedAS13335 CLOUDFLARENETn/ano
2022-10-19 10:58:24 188.114.97.5Not listedAS13335 CLOUDFLARENETn/ano
2022-01-26 15:06:05 104.21.84.83Not listedAS13335 CLOUDFLARENETn/ano
2022-01-26 15:06:06 172.67.190.76Not listedAS13335 CLOUDFLARENETn/ano
2022-06-27 20:04:15 188.114.96.2Not listedAS13335 CLOUDFLARENETn/ano
2022-06-27 20:04:15 188.114.97.2Not listedAS13335 CLOUDFLARENETn/ano
2022-02-02 10:45:01 188.114.96.12SBL687667AS13335 CLOUDFLARENETn/ano
2022-02-02 10:45:04 188.114.97.12SBL687666AS13335 CLOUDFLARENETn/ano

Malware URLs

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)URLStatusTagsReporter
2022-01-26 15:06:06https://altitude.rafemcha.com/custom_models/yqa...Offlineemotet ext epoch5 exe heodo ext Cryptolaemus1

The table below shows recent payloads delivery by this host.

Firstseen (UTC)SHA256 hashFile typeBazaarSignature
2022-01-26 19:48:1932339059497325e772bdeac026203c655773a794145c6a5fcf306a38d3cc6823dll Heodo
2022-01-26 19:21:484b092a8bfb415e907553f34af40850800965541e2fc6863bad9dc4c9f47a9bb7dll Heodo
2022-01-26 18:55:369779fc208b8755e10ae7cc15306fc8038ac0b6bcaf846cdc46318e808d5e1ddddll Heodo
2022-01-26 18:46:52663f0d0d34f3c5c183e8ee5aacd936aced50622c3405178529ae357d129378a5dll Heodo
2022-01-26 18:32:48e3d609170034b78074283cf5007501ba53fb4fc480d954ea24a18799d53d5d9adll Heodo
2022-01-26 18:04:507965b862f6952e3ce08abe35946448167f444187963cf076fb00cc93cab92cb6dllHeodo
2022-01-26 17:54:107f72866b474d53336192add3a1448934073ff735e28209df227ddb2bc79b65a3dll Heodo
2022-01-26 17:38:43b77bdb13ea4fadbf94f273d1e4fa68d38fc4fc96726d473f47ac0baac87e79fedll Heodo
2022-01-26 17:19:15d62fea909d9b0d19aa0d506ffa5473933f27146b5baec2b694a554b58db0fb49dll Heodo
2022-01-26 17:04:478e0209e1f819f0deb893ab4b13663bee628d6986a0b13274e7289991705a8f76dll Heodo
2022-01-26 16:48:39e014a894264ab08d8eaeb530c3de52c7b579242111adb30bf9b142441a02c5d7dll Heodo
2022-01-26 16:34:432b9f545f12d96931e4c03342f751e28ece3664b2f66ce2303bee45ba629162aadll Heodo
2022-01-26 16:04:1054ce76518350d6622ac3155355b829456b9086e10dd3c8921bd9b5fec6692de7dll Heodo
2022-01-26 15:51:35dbae26742b01876c214ee9d03d32fcd55c8027034d74e152fbc35941a97818f2dll Heodo
2022-01-26 15:36:43b8d01957e68167f43d52a7a8aeb880209977195d0cd909f8d103888fec284e50dll Heodo
2022-01-26 15:25:5895702f17527c7f327d39aa8351628150c0b90b1270639beef4f5b77410721f6fdll Heodo
2022-01-26 15:06:057f80757e26b6801ba479bccdc78fc97c01fb55eb1675682878339248ae765d2bdll Heodo