URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host: app.microgent.ru
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Status unknown
AdGuard :Blocked
Cloudflare :Blocked
ProtonDNS :Status unknown
OpenBLD :Blocked
DNS4EU :Blocked
Control D HaGeZi :Not blocked
Firstseen:2021-06-23 23:38:03 UTC
Total malware sites :2
Online malware sites :0 (0%)
Offline Malware sites :2 (100%)
A record(s) observed :13

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)IP addressHostnameSBLASNCountryActive?
2025-06-17 18:39:11 34.41.139.193193.139.41.34.bc.googleusercontent.comNot listedAS396982 GOOGLE-CLOUD-PLATFORM- USno
2025-06-17 18:39:11 34.159.223.4343.223.159.34.bc.googleusercontent.comNot listedAS396982 GOOGLE-CLOUD-PLATFORM- DEno
2025-04-28 04:46:37 34.132.102.66.102.132.34.bc.googleusercontent.comNot listedAS396982 GOOGLE-CLOUD-PLATFORM- USno
2025-04-28 04:46:37 34.136.111.8181.111.136.34.bc.googleusercontent.comNot listedAS396982 GOOGLE-CLOUD-PLATFORM- USno
2022-05-25 04:51:28 31.177.76.144expired.r01.ruNot listedAS48287 RU-CENTER- RUno
2022-05-25 04:51:28 31.177.80.144expired.r01.ruNot listedAS48287 RU-CENTER- RUno
2021-10-26 18:03:21 31.210.20.234Not listedAS14178 Megacable_Comunicaciones_de_Mexico_S.A._de_C.V.- MXno
2021-08-26 02:17:49 37.0.11.11Not listedAS3758 SINGNET- SGno
2021-08-06 18:34:47 37.0.10.62Not listedAS3758 SINGNET- SGno
2021-06-30 19:17:20 2.56.59.82Not listedAS3758 SINGNET- SGno

Malware URLs

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)URLStatusTagsReporter
2021-06-24 09:49:04http://app.microgent.ru/w/nvc.exeOffline32 exe QuasarRAT ext zbetcheckin
2021-06-23 23:38:05http://app.microgent.ru/w/nva.exeOffline32 exe QuasarRAT ext RedLineStealer ext zbetcheckin

The table below shows recent payloads delivery by this host.

Firstseen (UTC)SHA256 hashFile typeBazaarSignature
2021-08-14 01:48:4631515fe26432d74840a3aa9766db44364e2f9a06a1cd4669cd3ef9a6dbfb9e0dexeQuasarRAT
2021-08-08 19:56:40d977d80c3735df4761faf5e37f8f4874b36d2c1d6aaa731f4e37b36c813e5754exeQuasarRAT
2021-08-08 03:30:26d2d3f197a13bdd19a00bc0a2e1de1704f3103142d723b0a6a0ab522aa0bd4524exeQuasarRAT
2021-08-07 01:38:58cccbae1f5f6c7792c6a54cc84fff79dbdd24f1e9b54527143316541d7375aee5exeQuasarRAT
2021-08-05 01:03:55e5daabcee417a3138938c563a3bb420cf9817cac24ec380b7fbe00614aaa8e9aexeQuasarRAT
2021-08-03 19:15:50c0eee6869cb1d1b6c8309151b45795b8866f7171b365dc29f7610cf385264239exeQuasarRAT
2021-08-03 19:13:146aa2fe6952b62b82e1dfba07382351d3d29ba21838d7cc7ddaf131aa9ee445d0exeQuasarRAT
2021-07-31 01:36:405bebac7645d934746b66be1a84584052dda9523528a6351de60ae00a6828f7a0exeRedLineStealer
2021-07-12 07:00:40a484efc646ba0e97435959b7f4e87cf9a716d69623b13bc490a41e140dd296b7exeQuasarRAT
2021-07-07 22:37:46004aa2f93dd0c4293f79b00218ff5c85fb99d15d5d6f13bdf6264011bf38dad5exeQuasarRAT
2021-07-03 02:27:387bfa1a2593f74120d8f9ad1cdae68a06f22c86fdcc58eb9ecb3471b500330867exeQuasarRAT
2021-06-30 00:44:055c627ab23daa708e73eae534919c3f6494331df0dca30ab67047e0ec65182495exeQuasarRAT
2021-06-29 12:14:41412b77a6a5c1b510f076d010e81749e9a13ebc9b33125d5caa764e78180a28a4exeQuasarRAT
2021-06-27 21:59:5653c394fc80ef9076822cc05c4e3fa6a168cadc88edd88844d19040572b173f4eexe QuasarRAT
2021-06-27 21:53:34704d41dd4ca17a0c2817c62a2377df8f07c99883a952a3b037bacef4b3114e1eexeQuasarRAT
2021-06-27 21:30:385aa536fddd85f56a15349992de55d422a379ba2f5ee5e16bc6311d4c6471fddbexeQuasarRAT
2021-06-24 09:49:0342141ee67236cf596950e3aeebc96b436471ab41d3740f56c4ee5b6029f3a38cexeQuasarRAT
2021-06-23 23:38:047ba2419d74a5a9c7ef362bf40d0e1563bd02fd16fada16c8da39cf178c6306beexeQuasarRAT