URLhaus Database

You are currently viewing the URLhaus database entry for http://xn--demirdkmyetkiliservis-mec3l.com.tr/fxmoftytka/vodka.gif which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:2669413
URL: http://xn--demirdkmyetkiliservis-mec3l.com.tr/fxmoftytka/vodka.gif
URL Status:Offline
Host: demirdökümyetkiliservis.com.tr
Date added:2023-06-22 06:47:53 UTC
Last online:2023-06-24 06:XX:XX UTC
Threat:Malware download Malware download
URLhaus blocklist:Not blocked
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Status unknown
AdGuard :Not blocked
Cloudflare :Not blocked
dns0.eu :Status unknown
ProtonDNS :Status unknown
OpenBLD :Not blocked
DNS4EU :Not blocked
Reporter: Cryptolaemus1
Abuse complaint sent (?): Yes (2023-06-22 06:54:23 UTC to abuse{at}cizgi[dot]net[dot]tr)
Takedown time:1 day, 23 hours, 58 minutes Poor (down since 2023-06-24 06:52:51 UTC)
Tags:geofenced js Obama270 Qakbot link TR USA zip

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2023-06-23v6pPE5GrrExn.zipzip 29c1eaaf8cfd71a5da95134763acf8d6752a81a37b64baf62cbc0e42b3858f80Virustotal results 3.23% 
2023-06-23QKZBKt2SjAdb.zipzip c895cc0b688dc1373aa06e702a843341215f4ff539f449bfe1066c030d9df139n/a 
2023-06-22Qy5erxdnch8M.zipzip 69b783c3d25598a3e8610a9b73ef5688297a1c48e385f2ce0076390f9e1f3ac4n/a 
2023-06-22MBLV73rClG42.zipzip b6907d02ab8d654284322cc1e977476558c9a49e5c2058a3c24b1a4c0bccb0b7n/a 
2023-06-22Q1Wxz34YIG9R.zipzip 1dcdb31d80dc7607f0f8a082f047a7a50659af01c3cf850333d3bbf6fe220d43n/a