URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	educaplus-zg.com
Domain registrar:	eNom
Domain registration date:	2018-10-24 12:05:11 UTC
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Not blocked
AdGuard :	Not blocked
Cloudflare :	Not blocked
ProtonDNS :	Not blocked
OpenBLD :	Not blocked
DNS4EU :	Blocked
Control D HaGeZi :	Not blocked
Firstseen:	2021-12-03 18:42:09 UTC
Total malware sites :	9
Online malware sites :	0 (0%)
Offline Malware sites :	9 (100%)
A record(s) observed :	2

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2022-09-30 05:58:05	185.164.35.84	bullet.global.ba	Not listed	AS200698 GLOBALHOST-BOSNIA-AS	BA	yes
2021-12-03 18:42:14	185.99.1.225	polaris.global.ba	Not listed	AS200698 GLOBALHOST-BOSNIA-AS	BA	no

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2022-03-16 16:27:06	https://educaplus-zg.com/file-share/VENTAEL%20C...	Offline	quasar QuasarRAT Vidar xll	AndreGironda
2022-03-16 16:27:05	https://educaplus-zg.com/file-share/zSPECIFICAT...	Offline	ArkeiStealer quasar QuasarRAT Vidar xll	AndreGironda
2021-12-07 19:26:40	http://educaplus-zg.com/etcommodi/etut-8308099	Offline	ChaserLdr Qakbot Quakbot TR zip	Cryptolaemus1
2021-12-07 19:26:39	http://educaplus-zg.com/etcommodi/eligendicumqu...	Offline	ChaserLdr Qakbot Quakbot TR zip	Cryptolaemus1
2021-12-07 19:26:23	http://educaplus-zg.com/etcommodi/iustoconsequa...	Offline	ChaserLdr Qakbot Quakbot TR zip	Cryptolaemus1
2021-12-06 18:27:15	http://educaplus-zg.com/etcommodi/repudiandaeid...	Offline	ChaserLdr Qakbot Quakbot TR zip	Cryptolaemus1
2021-12-06 15:31:22	http://educaplus-zg.com/etcommodi/saepedeserunt...	Offline	ChaserLdr Qakbot Quakbot TR zip	Cryptolaemus1
2021-12-06 13:11:10	http://educaplus-zg.com/etcommodi/velitvoluptat...	Offline		Anonymous
2021-12-03 18:42:14	http://educaplus-zg.com/etcommodi/corruptinon-8...	Offline	ChaserLdr Qakbot Quakbot TR zip	Cryptolaemus1

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2022-03-16 16:27:06	c939ce949377b0bda7de743d59d8495fe403f35dac0bce0cf4972bf1c42484a3	dll		QuasarRAT
2022-03-16 16:27:05	aaa77ce4b5341185c016e9cc4f28c16b5e3f8e544f3dff6a66e33718c2775088	dll		ArkeiStealer
2021-12-08 07:25:34	273a90e192bcbab716df7fa7f6106b04f102f41f43b34ad58898763e41cc3804	zip		Quakbot
2021-12-08 02:30:47	21a24a56a604e335190d020d5c2cf73ef2a05c09731f0445221ff055ffcd048d	zip		Quakbot
2021-12-08 00:55:33	9e8651c853247eeb36402d7a78af00eadfc8badc432d5ba546c00ce49e5d6f42	zip		Quakbot
2021-12-08 00:31:39	309ccdda12c4157e88d60fbdbc67d07a945a21b621625afe7e55cd7014ae7e36	zip		Quakbot
2021-12-07 23:44:01	53782a7e92efa94a27c3b0fd9ec20e4be66c7a7c4fa4fccc237bc1f414e83516	zip
2021-12-07 20:46:26	ff60719b1ba913b7f5e72f4b090ff2f4b457308aae653a1c00666740821c1165	zip		Quakbot
2021-12-07 19:27:58	431d9c29b4306683aa6163205afc0e022739d24d80e017191c2e9ec38b1a807e	zip		Quakbot
2021-12-07 09:46:17	ee6c8a16d682efa31e050c32656b3fd59994e862662cebf00ea596df56cf3b3f	zip		Quakbot
2021-12-07 08:47:23	98786e100a381e339ca2a4d6487505a8120f61d9a032a98e801734d0802654a5	zip		Quakbot
2021-12-06 23:53:34	b7a181fe712bfbc1298d5bdfc1618131e2adf6f81d6a88bfc983fae68424b446	zip		Quakbot
2021-12-06 22:10:28	94abadbe5e289f47e405f6493e1d92c77431d4d7486daf52e6d236968c85d518	zip		Quakbot
2021-12-06 20:54:20	649ccefbd5342f14150ef6afc620efb9fd8ca1481971819f69d2ed8345204c6a	zip		Quakbot
2021-12-06 18:42:54	4852e4b12dd6459272a2b715aca318d50f736bda7a768380ac6272fb673caecb	zip		Quakbot
2021-12-06 09:44:12	7b7318dd2ffc24337af02c5ffd4d5b10097f45f068c3dc354df61f28d3c5023c	zip		Quakbot
2021-12-04 14:12:39	f95edc4d54ef47e309129bccbb05881b674a5094191a649b0b4605f7a064668d	zip		Quakbot
2021-12-04 05:49:15	68f1c4577ce590a2aca5b39b6bd7fd97e29fb3964b7728e039d093b4d6f853b7	zip		Quakbot
2021-12-03 22:34:17	8c40f0e10fa0e616bc927132e39fdd471e4f202102fd256388f4b5540192d316	zip		Quakbot