URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	66.63.187.250
Firstseen:	2025-01-05 19:25:06 UTC
Total malware sites :	13
Online malware sites :	0 (0%)
Offline Malware sites :	13 (100%)

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2025-01-05 19:25:10	66.63.187.250		Not listed	AS36352 AS-COLOCROSSING	US	yes

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2025-01-12 16:14:07	http://66.63.187.250/zmk/gem2.exe	Offline	CoinMiner	aachum
2025-01-12 16:14:07	http://66.63.187.250/zmk/gem1.exe	Offline	meduza MeduzaStealer	aachum
2025-01-11 20:45:09	http://66.63.187.250/zcry/gem2.exe	Offline	CoinMiner exe opendir	NDA0E
2025-01-11 20:45:09	https://66.63.187.250/zcry/gem2.exe	Offline	CoinMiner exe opendir	NDA0E
2025-01-11 20:45:09	http://66.63.187.250/zcry/gem1.exe	Offline	exe MeduzaStealer opendir	NDA0E
2025-01-11 20:45:09	https://66.63.187.250/zcry/gem1.exe	Offline	exe MeduzaStealer opendir	NDA0E
2025-01-11 20:45:06	http://66.63.187.250/zcry/script.ps1	Offline	opendir ps1	NDA0E
2025-01-11 20:45:06	https://66.63.187.250/zcry/script.ps1	Offline	opendir ps1	NDA0E
2025-01-10 10:20:12	http://66.63.187.250/frek/gem2.exe	Offline	CoinMiner exe jalapeno malware opendir	Joker
2025-01-10 10:20:08	http://66.63.187.250/frek/gem1.exe	Offline	exe jalapeno malware MeduzaStealer	Joker
2025-01-09 15:01:06	http://66.63.187.250/test1/gem1.exe	Offline	exe malware trojan	Joker
2025-01-05 19:25:10	http://66.63.187.250/mk/drop1.exe	Offline	meduza MeduzaStealer	aachum
2025-01-05 19:25:10	http://66.63.187.250/mk/drop2.exe	Offline	CoinMiner	aachum

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Signature
2025-01-13 02:19:54	35a8d03f86ae6f92424d6424fe0805d338eccedff177b400182102685299022c	exe	CoinMiner
2025-01-13 00:24:10	35a8d03f86ae6f92424d6424fe0805d338eccedff177b400182102685299022c	exe	CoinMiner
2025-01-12 23:54:29	35a8d03f86ae6f92424d6424fe0805d338eccedff177b400182102685299022c	exe	CoinMiner
2025-01-12 16:14:07	a4c4487dcacebf5048b2266233f5645cfe421154f26e6685ced36aa0621037f1	exe
2025-01-12 16:14:07	98ab39899d3da5cfeebf609ec20979b51aab6e1dbd7b22ac14b3f2017d14cfc3	exe	MeduzaStealer
2025-01-11 20:45:09	a4c4487dcacebf5048b2266233f5645cfe421154f26e6685ced36aa0621037f1	exe
2025-01-11 20:45:09	a4c4487dcacebf5048b2266233f5645cfe421154f26e6685ced36aa0621037f1	exe
2025-01-11 20:45:09	5c0ead3d71e0c901aef2a4c7a2ad29212fcb9f8dc49c5e6b524f822ec65511fd	exe	MeduzaStealer
2025-01-11 20:45:09	5c0ead3d71e0c901aef2a4c7a2ad29212fcb9f8dc49c5e6b524f822ec65511fd	exe	MeduzaStealer
2025-01-11 09:18:54	a4c4487dcacebf5048b2266233f5645cfe421154f26e6685ced36aa0621037f1	exe
2025-01-11 07:51:09	a4c4487dcacebf5048b2266233f5645cfe421154f26e6685ced36aa0621037f1	exe
2025-01-10 10:20:12	35a8d03f86ae6f92424d6424fe0805d338eccedff177b400182102685299022c	exe	CoinMiner
2025-01-10 10:20:08	f5946e9f0ab4dbbd8d8171e708607c98df283cb1a6145444ba6a5f86bb2b0896	exe	MeduzaStealer
2025-01-09 15:01:06	65ad011502894d3437d68a6656f327ce18696610dec1226e9f24c84b5e90ac86	exe
2025-01-05 19:25:09	31ebf7219722b8c908a914b2b08c5d03140af8b0cef6c96152e458dc82301c0a	exe	MeduzaStealer
2025-01-05 19:25:09	6932616523c8080fd908d4b776f416a4d32653e657c2cbe75a42cdc0a8b5c4d1	exe	CoinMiner