URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2020-09-15 08:39:03	5.34.183.145	unallocated.layer6.net	Not listed	AS15626 GF-UA	UA	yes

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2020-09-15 08:39:18	http://5.34.183.145/d.sh	Offline	kinsing miner shellscript	r3dbU7z
2020-09-15 08:39:13	http://5.34.183.145/kinsing	Offline	elf kinsing miner	r3dbU7z
2020-09-15 08:39:05	http://5.34.183.145/al.sh	Offline	kinsing miner shellscript	r3dbU7z
2020-09-15 08:39:03	http://5.34.183.145/Application.jar	Offline	java kinsing miner	r3dbU7z
2020-09-15 08:39:03	http://5.34.183.145/ae.sh	Offline	kinsing miner shellscript	r3dbU7z
2020-09-15 08:39:03	http://5.34.183.145/libsystem.so	Offline	elf kinsing miner rootkit	r3dbU7z

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2020-09-15 08:39:18	1a6b127204b68a3377d4591f6f7df620a33a5132bfd9a7b8484406de67ccace5	unknown
2020-09-15 08:39:13	ccfda7239b2ac474e42ad324519f805171e7c69d37ad29265c0a8ba54096033d	elf
2020-09-15 08:39:05	fecd30cd7802f8ac4137a2d0659b3052411a99d809a5aefb48f8b821905100f3	unknown
2020-09-15 08:39:02	c30d3b57dcd27c0ddd4ebcda3461f78867e7beba7c969ecb511368bc4d8324f9	unknown
2020-09-15 08:39:02	433b0ac0b2e296325df16d0d897e8eb415203992424312d47dde1a3ea0eb7231	unknown
2020-09-15 08:39:02	c38c21120d8c17688f9aeb2af5bdafb6b75e1d2673b025b720e50232f888808a	elf		Kinsing