URLhaus Database
Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).
Database Entry
| Host: | filwelreg.pw |
|---|---|
| Domain registrar: | Public Domain Registry  |
| Domain registration date: | 2023-09-25 07:07:08 UTC |
| Abuse complaint sent to registrar: | Yes (2023-10-01 20:26:01 UTC to abuse-contact{at}publicdomainregistry[dot]com) |
| Domain registry: | Radix  |
| Abuse complaint sent to registry: | Yes (2023-10-01 20:26:01 UTC to abuse[dot]alert{at}radix[dot]email) |
| Spamhaus DBL : | Not blocked |
| SURBL : | Not blocked |
| Quad9 : | Status unknown |
| AdGuard : | Not blocked |
| Cloudflare : | Blocked |
| ProtonDNS : | Status unknown |
| OpenBLD : | Not blocked |
| DNS4EU : | Blocked |
| Control D HaGeZi : | Not blocked |
| Firstseen: | 2023-10-01 20:21:04 UTC |
| Total malware sites : | 9 |
| Online malware sites : | 0 (0%) |
| Offline Malware sites : | 9 (100%) |
| A record(s) observed : | 1 |
IP addresses
The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.
| Firstseen (UTC) | IP address | Hostname | SBL | ASN | Country | Active? |
|---|---|---|---|---|---|---|
| 2023-10-01 20:21:07 | 193.42.32.61 | Not listed | AS214396 SUDOLIO-AS |  SK | no |
Malware URLs
The table below shows all malware URLs that are associated with this particular host.
| Dateadded (UTC) | URL | Status | Tags | Reporter |
|---|---|---|---|---|
| 2023-10-01 20:22:05 | http://filwelreg.pw/x/qazsaw/Akjnagosfmwanr.exe | Offline | DBatLoader  exe opendir |  abuse_ch |
| 2023-10-01 20:22:04 | http://filwelreg.pw/x/yaztdtgfd/Sbkwabthzzc | Offline | opendir | abuse_ch |
| 2023-10-01 20:22:03 | http://filwelreg.pw/x/yaztdtgfd/Owpxkxlhnei | Offline | opendir | abuse_ch |
| 2023-10-01 20:22:03 | http://filwelreg.pw/x/yaztdtgfd/Wemhwwlidxi | Offline | opendir | abuse_ch |
| 2023-10-01 20:22:03 | http://filwelreg.pw/x/yaztdtgfd/Akjnagosfmw | Offline | opendir | abuse_ch |
| 2023-10-01 20:21:28 | http://filwelreg.pw/x/qazsaw/remcos-v4.9.2.zip | Offline | opendir rat RemcosRAT zip | abuse_ch |
| 2023-10-01 20:21:09 | http://filwelreg.pw/x/qazsaw/Sbkwabthzzcywi.scr | Offline | encrypted ModiLoader opendir RemcosRAT | abuse_ch |
| 2023-10-01 20:21:07 | http://filwelreg.pw/x/qazsaw/Owpxkxlhneicvr.scr | Offline | encrypted ModiLoader opendir RemcosRAT | abuse_ch |
| 2023-10-01 20:21:07 | http://filwelreg.pw/x/qazsaw/Wemhwwlidxivdd.scr | Offline | encrypted ModiLoader opendir RemcosRAT | abuse_ch |
The table below shows recent payloads delivery by this host.
| Firstseen (UTC) | SHA256 hash | File type | Bazaar | Signature |
|---|---|---|---|---|
| 2023-10-01 20:22:05 | 34a8af0af0e818443b87f59fcbb5c10af500f1b45c9b3d1e7d6aecc494d009f5 | exe | DBatLoader | |
| 2023-10-01 20:21:28 | e7dae1e01d5d8fcf2f1b94128a2b909f08d92a4c18be39fa5b4d0fcc981664a7 | zip | ||
| 2023-10-01 20:21:09 | 94de4dc571040c2f3d1f9690384778017cf94e58d2f4b25b8e9d9568210eb1ca | exe | RemcosRAT | |
| 2023-10-01 20:21:07 | 3880c8403a1377ae8bbcc6f782e51839364c9e2e9e29ea9a02d011eeefd51d69 | exe | RemcosRAT | |
| 2023-10-01 20:21:07 | 0951a4a0aa2cfa91d5477895e6302d68fcddd490691787e63261e7bf9982e5cd | exe | RemcosRAT |