URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	c115ccef-fcb1-4039-a9a5-8e09a6993f8d.s3.eu-west-2.amazonaws.com
Domain registrar:	MarkMonitor
Domain registration date:	2005-08-18 02:10:45 UTC
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Not blocked
AdGuard :	Not blocked
Cloudflare :	Not blocked
ProtonDNS :	Not blocked
OpenBLD :	Not blocked
DNS4EU :	Not blocked
Control D HaGeZi :	Not blocked
Firstseen:	2021-09-11 18:47:01 UTC
Total malware sites :	2
Online malware sites :	0 (0%)
Offline Malware sites :	2 (100%)
A record(s) observed :	199

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2021-11-22 06:09:27	52.95.149.166	s3-r-w.eu-west-2.amazonaws.com	Not listed	AS16509 AMAZON-02	GB	yes
2021-11-21 22:16:57	52.95.148.98	s3-r-w.eu-west-2.amazonaws.com	Not listed	AS16509 AMAZON-02	GB	no
2021-09-12 23:52:23	52.95.148.26	s3-r-w.eu-west-2.amazonaws.com	Not listed	AS16509 AMAZON-02	GB	no
2021-11-08 16:49:33	52.95.144.42	s3-r-w.eu-west-2.amazonaws.com	Not listed	AS16509 AMAZON-02	GB	no
2021-09-12 18:56:09	52.95.149.158	s3-r-w.eu-west-2.amazonaws.com	Not listed	AS16509 AMAZON-02	GB	no
2022-08-15 09:03:15	3.5.246.132	s3-r-w.eu-west-2.amazonaws.com	Not listed	AS16509 AMAZON-02	GB	no
2022-03-02 06:48:19	52.95.142.34	s3-r-w.eu-west-2.amazonaws.com	Not listed	AS16509 AMAZON-02	GB	no
2021-09-15 02:21:54	52.95.150.10	s3-r-w.eu-west-2.amazonaws.com	Not listed	AS16509 AMAZON-02	GB	no
2022-04-24 02:40:03	3.5.246.182	s3-r-w.eu-west-2.amazonaws.com	Not listed	AS16509 AMAZON-02	GB	no
2021-11-02 20:09:08	52.95.148.130	s3-r-w.eu-west-2.amazonaws.com	Not listed	AS16509 AMAZON-02	GB	no

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2021-09-11 19:43:20	http://c115ccef-fcb1-4039-a9a5-8e09a6993f8d.s3....	Offline	CoinMiner exe	zbetcheckin
2021-09-11 18:47:04	http://c115ccef-fcb1-4039-a9a5-8e09a6993f8d.s3....	Offline	32 CoinMiner CoinMiner.XMRig exe	zbetcheckin

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2021-09-13 15:07:03	f095ff664bd591e38734828023fa2503f673e0f24adbfd9c63ec24ca780b850b	exe
2021-09-13 12:13:38	bf6b9e3f5b1aecb63912ed1fae127f1debf8e51af87b5d380e620fcf153ec0a6	exe
2021-09-13 01:44:41	a6e540c9be1467a344d5d4b47dde33db93b839557f319ca266d10e6faf96f9d6	exe
2021-09-12 14:27:19	22ea3157033df6e1bbab7c49109d1a00615e435882416106f54e334f4421f2c5	exe		CoinMiner
2021-09-12 10:25:42	3952f3e93fa01969b92964147768d07b357b2affa1ad85af37500c8aa4b0d663	exe		CoinMiner.XMRig
2021-09-12 07:20:20	393d7ddd34d8d91c29a94de6f2c0a648deafd20c851d478e0073cd9430a96554	exe		CoinMiner
2021-09-12 02:37:44	c2f7c50f66a427832b818e668a05bd9ac3974b460d5fddcbd4bf6376de1486db	exe		CoinMiner
2021-09-11 19:43:20	0f29ab9350ea8ef259a4bade5c1f7fa4f7850ad75f123ee868c7d581817fd02e	exe		CoinMiner
2021-09-11 18:47:03	4b347c6eade78ebc01ccf2df5b9c4b026ccda51c59ecd549bdf7186a5546724c	exe		CoinMiner