URLhaus Database
Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).
Database Entry
IP addresses
The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.
| Firstseen (UTC) | IP address | Hostname | SBL | ASN | Country | Active? |
|---|---|---|---|---|---|---|
| 2025-04-27 15:43:51 | 195.191.148.61 | host-195-191-148-61.superhosting.bg | Not listed | AS201200 SUPERHOSTING_AS |  BG | yes |
| 2021-01-05 15:24:08 | 195.191.149.103 | host-195-191-149-103.superhosting.bg | Not listed | AS201200 SUPERHOSTING_AS | BG | no |
Malware URLs
The table below shows all malware URLs that are associated with this particular host.
| Dateadded (UTC) | URL | Status | Tags | Reporter |
|---|---|---|---|---|
| 2021-01-06 08:49:07 | http://gtp.bg/opka/iopd/ztyh/nmk/1vrkY2OMQfcfBg... | Offline | exe QuasarRAT  |  abuse_ch |
| 2021-01-06 06:43:04 | http://gtp.bg/opkl/fioli/zplk/apo/5DVxvgK9jn5ga... | Offline | exe QuasarRAT | abuse_ch |
| 2021-01-05 15:24:08 | http://gtp.bg/.quarantine/jazxc/aziona/ztyh/cmi... | Offline | bitrat QuasarRAT | Anonymous |
The table below shows recent payloads delivery by this host.
| Firstseen (UTC) | SHA256 hash | File type | Bazaar | Signature |
|---|---|---|---|---|
| 2021-01-06 08:49:07 | 2ddd796e9b53ab3d7eaf4093529077f637f182a934a851af24da8c8f189aeed3 | exe | QuasarRAT | |
| 2021-01-06 06:43:04 | 91f92daa8c73d6470e92f484cf8cfa68eb3d49ae01170e7a673273e6b854b6f8 | exe | QuasarRAT | |
| 2021-01-06 00:21:09 | 4bacf10682f7ac5b3c03e0b461fbbf3b92ac7c0516976bbbeed263153cf40060 | exe | QuasarRAT | |
| 2021-01-06 00:16:16 | 3da80439e5fe1e13d131362dcdbd4359925b2e5d0b1a6b53e2ea484d323c888e | exe | ||
| 2021-01-05 15:24:07 | 1c1b2595e6838a1ee24e806ff60b80a40ad7166caaaaf65080deda57c7292c53 | exe |