URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	rtyj-dnty-fore.xyz
Domain registrar:	Namecheap
Domain registration date:	2021-09-10 16:19:01 UTC
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Status unknown
AdGuard :	Not blocked
Cloudflare :	Not blocked
ProtonDNS :	Status unknown
OpenBLD :	Not blocked
DNS4EU :	Blocked
Control D HaGeZi :	Not blocked
Firstseen:	2022-01-11 11:53:03 UTC
Total malware sites :	2
Online malware sites :	0 (0%)
Offline Malware sites :	2 (100%)
A record(s) observed :	18

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2023-08-20 07:39:53	13.248.169.48	a904c694c05102f30.awsglobalaccelerator.com	Not listed	AS16509 AMAZON-02	US	no
2023-08-20 07:39:53	76.223.54.146	a904c694c05102f30.awsglobalaccelerator.com	Not listed	AS16509 AMAZON-02	US	no
2022-12-01 07:52:22	103.224.182.210	lb-182-210.above.com	Not listed	AS133618 TRELLIAN-AS-AP	US	no
2023-07-01 08:38:52	170.178.183.18	rdns18.mdlider.net.br	Not listed	AS46844 SHARKTECH	US	no
2023-01-11 02:34:55	70.32.1.32	ip-70.32.1.32.hosted.by.gigenet.com	Not listed	AS32181 ASN-GIGENET	US	no
2023-01-10 15:57:53	199.115.116.43		Not listed	AS30633 LEASEWEB-USA-WDC	US	no
2022-09-11 16:22:24	99.83.154.118	a51062ecadbb5a26e.awsglobalaccelerator.com	Not listed	AS16509 AMAZON-02	US	no
2022-05-12 03:23:43	164.68.127.248	server.globaliws.com	Not listed	AS51167 CONTABO	FR	no
2022-01-11 11:53:04	104.21.77.22		Not listed	AS13335 CLOUDFLARENET	n/a	no
2022-01-11 11:53:04	172.67.203.140		Not listed	AS13335 CLOUDFLARENET	n/a	no

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2022-01-11 12:02:04	http://rtyj-dnty-fore.xyz/wp-includes/K2bODlA6G...	Offline	emotet epoch4 heodo SilentBuilder xls	Anonymous
2022-01-11 11:53:04	http://rtyj-dnty-fore.xyz/wp-includes/K2bODlA6G...	Offline	emotet epoch4 redir-doc xls	waga_tw

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2022-01-11 13:38:47	188d8ec1a7f87d4d0c195d54c5a581fedb58e49e31a5c8f5fe41f20e277bd9f9	xls		SilentBuilder
2022-01-11 13:20:36	f0ca4bbe2594076644e5f27040111f3f422d61a3268078140077095c40d8dd6b	xls		Heodo
2022-01-11 12:54:29	a8085602b4f2d9fa12e7cdc848185b57baef023cbe353df862fac4ff279cf3f4	xls		SilentBuilder
2022-01-11 12:41:28	03c7dce022ba5927f0047e1ff4eae1b193016b57a701ea176975290263d7893f	xls		SilentBuilder
2022-01-11 12:28:21	ac6ae7a50253c6fe35c0a2d34bc8d1ff3487457f1e83c6f2ac44793fdf8fc3b1	xls		SilentBuilder
2022-01-11 12:02:04	d78c9ad266c4e93e0c97fe9cc3bd593afa995a93f59aba16c1bb63c421d6a9dc	xls		SilentBuilder
2022-01-11 11:53:03	7a71373b54a4ce0a59d250be9c70788264f5a304d8466135bff0af6284a139aa	html