URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	altunyapiinsaat.com
Domain registrar:	Isimtescil Bilisim
Domain registration date:	2012-05-15 15:06:44 UTC
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Not blocked
AdGuard :	Not blocked
Cloudflare :	Not blocked
ProtonDNS :	Not blocked
OpenBLD :	Not blocked
DNS4EU :	Not blocked
Control D HaGeZi :	Not blocked
Firstseen:	2022-03-16 14:11:03 UTC
Total malware sites :	1
A record(s) observed :	1

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2022-03-16 14:11:09	85.95.237.61	win4a.ixirhost.com	Not listed	AS206991 IXIR	TR	yes

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2022-03-16 14:11:09	http://altunyapiinsaat.com/datyusdtyuastbgdasg-...	Offline	dll emotet epoch5 heodo	Cryptolaemus1

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2022-03-16 17:29:46	961a96441651307a8a735b35dadd2628cdf96a940362cf1b5d03d9cb39c3f799	dll		Heodo
2022-03-16 16:39:35	732a0e7964c19e083713697f9c55bffcf44aefd58c69c311792a22130a1830cc	dll		Heodo
2022-03-16 15:51:54	40fc910af60e33724b8a19a0c55df51d002fbab0c1f9f87b8ee46d1626f6e88a	dll		Heodo
2022-03-16 15:12:56	e7da3c6a4954f50090c304fa1a1052fbe28e38cac6d23bd2625b5d565c467c77	dll		Heodo
2022-03-16 14:11:08	631ae8945a393079af5f5952e78c3089f7ad93ee09795d0ccb6ea6e667ea1d46	dll		Heodo