URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2022-01-11 08:16:11	185.112.83.99	hawk.averyan.ru	Not listed	AS211522 HYPERCORELTD	RU	yes

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2022-06-24 06:22:05	http://185.112.83.99/dedosa.exe	Offline	exe	zbetcheckin
2022-06-24 05:23:08	http://185.112.83.99/Lanskoy.exe	Offline	dcrat	KdssSupport
2022-03-08 16:50:34	https://185.112.83.99/system64.exe	Offline	exe	Myrtus0x0
2022-01-27 12:01:11	http://185.112.83.99/dashboard/min.jpg	Offline	CoinMiner exe	zbetcheckin
2022-01-11 08:16:11	http://185.112.83.99/dashboard/rundll32.exe	Offline	32 exe	zbetcheckin

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2022-08-03 10:19:56	71799264860bbd9fb0776acbadc010589f34a2db7f899991c6e1f65a0b31772e	exe
2022-08-01 20:43:13	b1b0f0415f44aa7cc2f575a1e0dfbad7224fa13d008c1e586b10470930021b09	exe
2022-06-24 06:22:05	c008dae28d28d9b7601321ca95b5785c346681b7b202ef8d1b43e43197baf1b7	exe
2022-06-24 05:23:08	c66c491bf92e6185a293fc73cd26e06310a956eaacc05fe0c719b8936fa002c6	exe		DCRat
2022-01-27 12:01:11	43d66e78f5334cc183e22aa29c64a9fdf4356e5a0c5052489fd7edc127460a6c	exe		CoinMiner
2022-01-26 08:29:05	6e0382515911fe299ace5cb084a29b57df75bc876032f65a9c5f3df2369e72fc	exe
2022-01-11 08:16:10	c44caf6214b38598c5268fd04d410da1598f102f4ab4b48c053f548af4f96e6a	exe