URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host: 77.83.39.185
Firstseen:2026-01-30 12:47:05 UTC
Total malware sites :5
Online malware sites :1 (20%)
Offline Malware sites :4 (80%)
Newest active malware site :2026-01-30 12:47:06 UTC
Oldest active malware site :2026-01-30 12:47:06 UTC (Age: 5 days, 15 hours, 3 minutes)

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)IP addressHostnameSBLASNCountryActive?
2026-01-30 12:47:06 77.83.39.185SBL690640AS214940 KPRONET- UAyes

Malware URLs

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)URLStatusTagsReporter
2026-01-30 12:51:07http://77.83.39.185/shel/fros/tp.ps1Offlineascii opendir powershell ps1 abuse_ch
2026-01-30 12:51:06http://77.83.39.185/shel/fros/fo.ps1Offlineascii opendir powershell ps1 abuse_ch
2026-01-30 12:47:07http://77.83.39.185/shel/fros/fors.ps1Offlineascii opendir powershell ps1 abuse_ch
2026-01-30 12:47:06http://77.83.39.185/shel/ENCRYPTED.ps1Offlineascii opendir powershell ps1 abuse_ch
2026-01-30 12:47:06http://77.83.39.185/shel/fros/ENCRYPTED.ps1Onlineascii opendir PhantomStealer powershell ps1 abuse_ch

The table below shows recent payloads delivery by this host.

Firstseen (UTC)SHA256 hashFile typeBazaarSignature
2026-02-04 07:34:424a34e6614acd4a138eb1f308c21be91a8f0c53f00c307a1a5cf2a178182b62c4ps1PhantomStealer
2026-02-03 08:33:18c0b1fa407b6f1c7a2c0636febc35adf5494f887dd5001be9bd5fab0870ad2ecdps1PhantomStealer
2026-02-03 01:22:47f27fcf6c0186768380cb60cba7410148a51c84edbe94535f2c9fcb5af464b40bps1  
2026-02-02 01:17:05379b7783b0ad1be91022dbfeb8d4159738968898e7c1375aade28b8bd6ecc669ps1