URLhaus Database
Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).
Database Entry
| Host: | duracom.ga |
|---|---|
| Spamhaus DBL : | Not blocked |
| SURBL : | Not blocked |
| Quad9 : | Status unknown |
| AdGuard : | Not blocked |
| Cloudflare : | Blocked |
| ProtonDNS : | Status unknown |
| OpenBLD : | Not blocked |
| DNS4EU : | Not blocked |
| Control D HaGeZi : | Not blocked |
| Firstseen: | 2020-10-16 08:29:03 UTC |
| Total malware sites : | 5 |
| Online malware sites : | 0 (0%) |
| Offline Malware sites : | 5 (100%) |
| A record(s) observed : | 30 |
IP addresses
The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.
| Firstseen (UTC) | IP address | Hostname | SBL | ASN | Country | Active? |
|---|---|---|---|---|---|---|
| 2021-05-11 04:20:05 | 34.75.254.37 | 37.254.75.34.bc.googleusercontent.com | Not listed | AS396982 GOOGLE-CLOUD-PLATFORM |  US | no |
| 2021-05-10 02:50:31 | 35.203.6.22 | 22.6.203.35.bc.googleusercontent.com | Not listed | AS396982 GOOGLE-CLOUD-PLATFORM |  CA | no |
| 2021-05-09 16:26:58 | 35.203.68.153 | 153.68.203.35.bc.googleusercontent.com | Not listed | AS396982 GOOGLE-CLOUD-PLATFORM | CA | no |
| 2021-05-09 05:53:21 | 34.106.161.172 | 172.161.106.34.bc.googleusercontent.com | Not listed | AS396982 GOOGLE-CLOUD-PLATFORM | US | no |
| 2021-05-08 04:23:56 | 34.82.11.98 | 98.11.82.34.bc.googleusercontent.com | Not listed | AS396982 GOOGLE-CLOUD-PLATFORM | US | no |
| 2021-05-07 11:42:22 | 34.73.145.104 | 104.145.73.34.bc.googleusercontent.com | Not listed | AS396982 GOOGLE-CLOUD-PLATFORM | US | no |
| 2021-04-17 16:48:16 | 35.247.234.230 | 230.234.247.35.bc.googleusercontent.com | Not listed | AS396982 GOOGLE-CLOUD-PLATFORM |  BR | no |
| 2021-04-17 04:24:15 | 185.92.222.28 | oneocean.tempurl.host | Not listed | AS20473 AS-VULTR |  NL | no |
| 2021-04-16 13:00:50 | 34.106.117.50 | 50.117.106.34.bc.googleusercontent.com | Not listed | AS396982 GOOGLE-CLOUD-PLATFORM | US | no |
| 2021-04-15 15:36:23 | 111.90.156.37 | server1.kamon.la | SBL620128 | AS45839 SHINJIRU-MY-AS-AP |  MY | no |
Malware URLs
The table below shows all malware URLs that are associated with this particular host.
| Dateadded (UTC) | URL | Status | Tags | Reporter |
|---|---|---|---|---|
| 2020-11-05 14:40:05 | http://duracom.ga/sdfile/1/document.doc | Offline | Loki  RTF |  zbetcheckin |
| 2020-11-05 14:39:04 | http://duracom.ga/sdfile/document.doc | Offline | Loki RTF | zbetcheckin |
| 2020-11-05 11:38:04 | http://duracom.ga/sdfile/3/document.doc | Offline | Loki RTF | zbetcheckin |
| 2020-11-05 11:32:33 | http://duracom.ga/sdfile/2/document.doc | Offline | RTF | zbetcheckin |
| 2020-10-16 08:29:08 | http://duracom.ga/protected/akin/InKY0ujCqKHXZp... | Offline | exe Loki | oppimaniac |
The table below shows recent payloads delivery by this host.
| Firstseen (UTC) | SHA256 hash | File type | Bazaar | Signature |
|---|---|---|---|---|
| 2020-11-11 19:26:13 | 76d77f19582eb88842cfd4c20e55dd8eaec728b497c089f676206e5fc0054f1c | rtf | ||
| 2020-11-05 14:40:05 | db980755cffdb4f08b58ea3d0b478c653665893400cf35ddf0844e21b592ae42 | rtf | Loki | |
| 2020-11-05 14:39:04 | 3a2796077f24eba13a3b53d898a7d0f0a5ec3f4f244736c0e1fb1453693a4f35 | rtf | Loki | |
| 2020-11-05 11:38:04 | 8c9df74626130bb8cb3da7e90c3f686377954beb278782f39e12f4d41c7c34c2 | rtf | Loki | |
| 2020-11-05 11:36:31 | 3fcd797192ecab39c41ba35aa62682d177aa0b8d355065bcd13e9a150a3098fb | rtf | ||
| 2020-10-16 08:29:06 | 18063c5842b14d7d66f753c5612a05bd1c86495dec7bded028966c59a6fbc738 | exe | Loki |