URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2020-05-28 06:45:05	81.177.135.141	srv146-h-st.jino.ru	Not listed	AS8342 RTCOMM-AS	RU	no

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2020-06-18 07:36:34	http://fantolabs.ru/dwnld/SignalCoin.exe	Offline	exe	zbetcheckin
2020-06-18 07:33:06	http://fantolabs.ru/dwnld/kmsbild.exe	Offline	exe RedLineStealer	zbetcheckin
2020-06-18 07:21:04	http://fantolabs.ru/dwnld/micro.exe	Offline	exe	zbetcheckin
2020-06-18 05:40:07	http://fantolabs.ru/dwnld/Cliper.exe	Offline	exe	abuse_ch
2020-05-28 06:45:05	http://fantolabs.ru/dwnld/crack.exe	Offline	exe RedLineStealer	abuse_ch

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2020-06-18 07:36:34	366e9022a9fa52f3402d27ae42fd700628363668dc25ed958c8cd648c6e4e08e	exe
2020-06-18 07:33:06	116c73aa349f83509f2440164027a89a7654d352231ffe5fbf6ff81e37003b8c	exe		RedLineStealer
2020-06-18 07:21:04	b171976bd8c153baeb2d5657265b314463a6ba1d76507e69ced10601092cdf40	exe
2020-06-18 05:40:07	5dbe7d927fbad788711eb319a3450f00b1f8618b6e2bbe83d2db30276f8e8ff2	exe
2020-05-28 17:30:20	7968e989bfd075c65535969e8bf2818511508933322cf8d901c8561ca03e84c5	exe
2020-05-28 06:45:05	6aeb4c6ab2a989f29fba04866ce13866c082cc729c14502fb86b6a617a3d533a	exe		RedLineStealer