URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host: 93.113.171.225
Firstseen:2024-09-10 18:48:05 UTC
Total malware sites :6
Online malware sites :0 (0%)
Offline Malware sites :6 (100%)

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)IP addressHostnameSBLASNCountryActive?
2024-09-10 18:48:15 93.113.171.225Not listedAS26383 ASNET- NLyes

Malware URLs

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)URLStatusTagsReporter
2024-09-10 18:49:49http://93.113.171.225/JNDI-Exploit-Kit-1.0-SNAP...Offlineexploit opendir Riordzz
2024-09-10 18:49:20http://93.113.171.225/JNDIInject-1.2-SNAPSHOT.jarOfflineexploit opendir Riordzz
2024-09-10 18:48:24http://93.113.171.225/svchost.dllOfflineCobalt strike ext CobaltStrike ext opendir Riordzz
2024-09-10 18:48:23http://93.113.171.225/info.htmOfflinec2 Riordzz
2024-09-10 18:48:18http://93.113.171.225/dllhost.exeOfflinexmrig Riordzz
2024-09-10 18:48:15http://93.113.171.225/svchost.exeOfflinec2 CobaltStrike ext Riordzz

The table below shows recent payloads delivery by this host.

Firstseen (UTC)SHA256 hashFile typeBazaarSignature
2024-09-10 18:49:49e30419a3218b26fa38709959bef9ba658170befd7768f10aafca1cd6c354f9f7zip  
2024-09-10 18:49:20dafea5efe5d35568fff512a77dd74138d2e9903eff3f4770f4188d005f8baa13zip  
2024-09-10 18:48:24bf37d4e2861b9f32f706d231974955bdf502c18967c4529a03246d74b093addadllCobalt Strike
2024-09-10 18:48:09df98c668e014fb5837ca0e8607ba207d98b39a52b344792ae11bf8f86610ad66exeCobaltStrike