URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	duranforme.ug
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Status unknown
AdGuard :	Not blocked
Cloudflare :	Not blocked
ProtonDNS :	Status unknown
OpenBLD :	Not blocked
DNS4EU :	Not blocked
Control D HaGeZi :	Not blocked
Firstseen:	2020-06-03 11:27:33 UTC
Total malware sites :	11
Online malware sites :	0 (0%)
Offline Malware sites :	11 (100%)
A record(s) observed :	1

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2020-06-03 11:27:35	217.8.117.45		Not listed	AS49505 SELECTEL	TM	no

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2020-06-06 19:30:07	http://duranforme.ug/rac1_UeQlRt91.bin	Offline	encrypted GuLoader	abuse_ch
2020-06-05 11:45:10	http://duranforme.ug/ph_exec_CSZrhJTUjE23.bin	Offline	encrypted GuLoader	abuse_ch
2020-06-04 19:19:04	http://duranforme.ug/ds1.exe	Offline	exe	zbetcheckin
2020-06-04 15:14:19	http://duranforme.ug/a_sQylaaCr146.bin	Offline	encrypted GuLoader	abuse_ch
2020-06-04 15:13:43	http://duranforme.ug/rac2.exe	Offline	exe GuLoader RaccoonStealer	zbetcheckin
2020-06-04 15:13:29	http://duranforme.ug/ds2.exe	Offline	exe	zbetcheckin
2020-06-04 15:13:19	http://duranforme.ug/az1.exe	Offline	exe RaccoonStealer	zbetcheckin
2020-06-04 13:21:32	http://duranforme.ug/ac.exe	Offline	AsyncRAT exe	abuse_ch
2020-06-03 11:32:50	http://duranforme.ug/oski_aIYdZ232.bin	Offline	encrypted GuLoader RaccoonStealer	abuse_ch
2020-06-03 11:28:41	http://duranforme.ug/az2.exe	Offline	exe RaccoonStealer	abuse_ch
2020-06-03 11:27:35	http://duranforme.ug/nw.exe	Offline	exe GuLoader NetWire	abuse_ch

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Signature
2020-06-07 16:00:12	93ae55b48fd7b6bb304a3a1ee3d631672a5375daa68e1003da6f32deeda4b078	exe	RaccoonStealer
2020-06-06 19:30:07	c4fa87149799bec304c5fb7528f46ab22bf291deae5350ab263badb5d8d8ac17	unknown
2020-06-06 19:10:42	3cd60335878e796958d872052606a0988bc14d3dff32d1241357364070007450	exe	NetWire
2020-06-06 19:10:35	db052c2e2b43f63cf5196975c6ff7e21ef9481e6316f655cbe246650e636ccec	exe	AsyncRAT
2020-06-05 14:36:03	d6328024556791fa0141710ccc22685c1be1e946b0086331ad48a9c82b675039	exe	AsyncRAT
2020-06-05 14:34:40	36db728736b47a5c1b050ed1255c0244c3f272b9897ef507c6348b61ae6f6e94	exe	GuLoader
2020-06-05 11:45:09	545ac1190a18b77835c654b60debd6d270794080faeb28030155c9049f7a2216	unknown
2020-06-04 19:19:04	f91c59a4e7c426578c67ccfeeb3f4ff7a2f131bf1bf8ca891553f398be9d4d01	exe
2020-06-04 15:14:19	d8062bacaedc3c38dc6cc2cb7dc88783317227e7deea8ff1798ec061a8427bb7	unknown
2020-06-04 15:13:43	82d32f5841ba04262e4b1a15d798cfbd69a4bc9ebd37caf3573818e7a2140639	exe	GuLoader
2020-06-04 15:13:29	d7c429cf20f1e4532daae7b1da6bbd89cc286d2cddab72a384bb3d6403f8ac2a	exe
2020-06-04 15:13:19	c993c3db69bb53b38d030aecdc13d2b5263c403d738fafa7d4774acfddac428f	exe	RaccoonStealer
2020-06-04 13:21:30	f0f7f9f3d293065a8554c6b9e4757bf511dd3577636ca1a075e0afd206250e5e	exe	AsyncRAT
2020-06-04 11:11:04	898abdb2d9de0344e5b43ac7e4330faeb03d97aa0a3c37e0a37da0ed4d732e9b	exe	NetWire
2020-06-03 19:58:20	2c80f61e5c61bb87be9e2d60e69093bcb5082fc690fcd751be787dbd118d5e57	exe	RaccoonStealer
2020-06-03 19:58:19	ef524b7b95bd6abb42e477395a29c1b848b6af42164fbe21b422ea0a8b8e367e	exe	NetWire
2020-06-03 11:32:50	7c87760d990714a9987674031403528c99bd1756ab8a4c0496657b36555cd24b	unknown
2020-06-03 11:28:41	22d7588ffa64a9d151feead8109ca212bcb28c59e8061483345fcb6625d1dfab	exe	RaccoonStealer
2020-06-03 11:27:35	0ca80f61a8161466cf3d95834691dc42ec0a08caa62b53f78b93d98810ff6115	exe	NetWire