URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	do-dear.com
Domain registrar:	Tucows
Domain registration date:	2012-11-17 17:25:56 UTC
Spamhaus DBL :	Abused domain (malware)
SURBL :	Blocked
Quad9 :	Blocked
AdGuard :	Not blocked
Cloudflare :	Not blocked
ProtonDNS :	Blocked
OpenBLD :	Blocked
DNS4EU :	Not blocked
Control D HaGeZi :	Not blocked
Firstseen:	2020-06-27 19:48:32 UTC
Total malware sites :	2
Online malware sites :	1 (50%)
Offline Malware sites :	1 (50%)
Newest active malware site :	2024-08-30 14:09:11 UTC
Oldest active malware site :	2024-08-30 14:09:11 UTC (Age: 1 year, 9 month, 5 days, 5 hours, 3 minutes)
A record(s) observed :	23

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2024-08-30 14:09:11	188.114.97.3		SBL691350	AS13335 CLOUDFLARENET	n/a	yes
2024-08-30 14:09:11	188.114.96.3		SBL690066	AS13335 CLOUDFLARENET	n/a	yes
2026-03-24 10:07:05	188.114.97.12		Not listed	AS13335 CLOUDFLARENET	n/a	no
2026-03-24 10:07:05	188.114.96.12		SBL687667	AS13335 CLOUDFLARENET	n/a	no
2026-02-19 19:18:57	34.216.117.25	ec2-34-216-117-25.us-west-2.compute.amazonaws.com	Not listed	AS16509 AMAZON-02	US	no
2026-02-19 19:18:57	54.149.79.189	ec2-54-149-79-189.us-west-2.compute.amazonaws.com	Not listed	AS16509 AMAZON-02	US	no
2025-11-21 14:45:12	52.223.13.41	a74e89cf4458da039.awsglobalaccelerator.com	Not listed	AS16509 AMAZON-02	US	no
2025-01-08 19:50:08	104.21.80.1		Not listed	AS13335 CLOUDFLARENET	n/a	no
2025-01-08 19:50:11	104.21.96.1		Not listed	AS13335 CLOUDFLARENET	n/a	no
2025-01-08 19:50:10	104.21.64.1		Not listed	AS13335 CLOUDFLARENET	n/a	no

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2024-08-30 14:09:11	http://do-dear.com/miners/myxmrig.tgz	Online		cesnet_certs
2020-06-27 19:48:33	http://do-dear.com/bots/zax	Offline		Anonymous

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2025-02-16 13:41:45	dc33e32e58e05d05d8debb0fd42ecd16cbe6078937fe5f5af4712e3df41305f2	unknown
2025-02-06 08:23:09	2ad453b2e5fbf5cd91ef9975a17d5e2da3b80749f1f88ade770cef1ca6893469	unknown
2025-02-05 00:56:13	e5787a59f586c9cafd36c9e6d747aebb6975c09b91c0268dedb2880db60f6a99	unknown
2025-01-07 09:07:51	13b1a8a4a0ad772b050c9a509c76fcdb8ce76af2a912ba6d874116234fc38077	unknown
2025-01-02 12:35:44	58f952e62cd80ecc8cde5e0af461c2c884b6faf60191bfa1b85a8d3f6c68c131	unknown
2024-12-18 11:59:05	93fb9df722a20f50d250dea37dd39deb0b8576b7291bcb297e9103f231d2017f	unknown
2024-12-05 13:12:29	91f8e56cf37315df88fe4e573239da934ebbff02cde387caad33ec0b686dea09	unknown
2024-12-01 11:53:19	0d31ce3d5067800b44559217c9a11a9a631a8f3b94aa28a70301712f125361cd	unknown
2024-10-26 09:36:51	0de9266af49aab24256c289d39e86649d978d5a4c9d0ff2041a22140b88ea688	unknown
2024-10-25 15:38:48	b51d611eb5750fcaaf8a4ee2bf79c9f1d7ebabaab17cdc9a96005fea2c330099	unknown
2024-10-24 15:07:44	a5e95a6395fe69ed8c0d1ff6af8822854466c00f63c7498f292cb35619474136	unknown
2024-10-18 17:01:26	2d65c25fece4043b82e2b030dfc0d849a9fda289eb455fb3862bf43b9d2eedc9	unknown
2024-09-10 14:48:47	6ae26101adb74496b00d166849afe579ce68f31e436144b9b4bada450ecb5d4c	unknown
2024-08-30 14:09:11	cc52b837ffee81123cb79ea4da79e65f1e4899836f2cb57d234c7891630fe0ad	unknown
2020-06-27 19:48:33	aac330e4ec4ee60882b57584784fcaa3f70c1245b973ada859fab81ede291cb1	unknown