URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	gvcaeorx.tk
Domain registrar:	Freenom
Abuse complaint sent?:	Yes (2022-11-14 13:40:02 UTC to abuse{at}freenom[dot]com)
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Status unknown
AdGuard :	Status unknown
Cloudflare :	Not blocked
ProtonDNS :	Status unknown
OpenBLD :	Not blocked
DNS4EU :	Blocked
Control D HaGeZi :	Not blocked
Firstseen:	2022-11-14 13:36:05 UTC
Total malware sites :	21
Online malware sites :	0 (0%)
Offline Malware sites :	21 (100%)
A record(s) observed :	2

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2022-11-14 13:36:10	172.93.123.102	mail.itsmatrzen.com	Not listed	AS393960 HOST4GEEKS-LLC	US	no

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2022-11-15 13:45:06	https://gvcaeorx.tk/tt/kking.txt	Offline	ascii Encoded opendir	abuse_ch
2022-11-15 13:45:06	https://gvcaeorx.tk/tt/fire.txt	Offline	ascii Encoded opendir	abuse_ch
2022-11-15 13:45:06	https://gvcaeorx.tk/tt/baba.txt	Offline	ascii Encoded opendir	abuse_ch
2022-11-15 13:45:06	https://gvcaeorx.tk/tt/sirdee.txt	Offline	ascii Encoded opendir	abuse_ch
2022-11-15 13:45:06	https://gvcaeorx.tk/tt/kkboy.txt	Offline	ascii Encoded opendir	abuse_ch
2022-11-15 13:45:05	https://gvcaeorx.tk/tt/jjamie.txt	Offline	ascii Encoded opendir	abuse_ch
2022-11-15 13:45:05	https://gvcaeorx.tk/tt/hod.txt	Offline	ascii Encoded opendir	abuse_ch
2022-11-15 13:45:05	https://gvcaeorx.tk/tt/west.txt	Offline	ascii Encoded opendir	abuse_ch
2022-11-15 13:44:05	https://gvcaeorx.tk/tt/SDGSHHHSD.exe	Offline	exe Formbook opendir	abuse_ch
2022-11-15 13:44:05	https://gvcaeorx.tk/tt/GSDGGDFGDGF.exe	Offline	exe opendir	abuse_ch
2022-11-15 13:43:06	https://gvcaeorx.tk/tt/FDGDHDFDJHH.exe	Offline	exe Formbook opendir	abuse_ch
2022-11-15 13:43:06	https://gvcaeorx.tk/tt/mrjohnn.txt	Offline	AgentTesla ascii Encoded opendir	abuse_ch
2022-11-15 13:43:05	https://gvcaeorx.tk/tt/GSSDGSGDGSD.exe	Offline	exe opendir rat RemcosRAT	abuse_ch
2022-11-15 13:43:05	https://gvcaeorx.tk/tt/JOHN.exe	Offline	AgentTesla exe opendir	abuse_ch
2022-11-15 13:43:05	https://gvcaeorx.tk/tt/DDDDL.txt	Offline	AgentTesla ascii Encoded opendir	abuse_ch
2022-11-15 06:46:08	https://gvcaeorx.tk/tt/hen.exe	Offline	.net exe msil RemcosRAT	jstrosch
2022-11-15 06:46:08	https://gvcaeorx.tk/tt/fire.exe	Offline	.net DarkCloud exe msil	jstrosch
2022-11-15 06:46:07	https://gvcaeorx.tk/tt/GDHJFHDFDFHDFHHF.exe	Offline	.net AsyncRAT exe msil	jstrosch
2022-11-15 06:46:07	https://gvcaeorx.tk/tt/palmic.exe	Offline	.net exe msil StormKitty	jstrosch
2022-11-15 06:46:07	https://gvcaeorx.tk/tt/w.exe	Offline	.net exe Formbook msil	jstrosch
2022-11-14 13:36:10	https://gvcaeorx.tk/tt/palmicc.txt	Offline	exe	vxvault

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2022-11-15 13:45:06	bb0cb7dc8643baa4fbfca21f8a674075cdd329dd1c966fd0daba095ea2867057	txt
2022-11-15 13:45:06	d3416937c321e3419423a2fa65401d3cd6587105542fbd041d548c875d37e456	txt
2022-11-15 13:45:06	fd9b5105e1b10527d4a16efeeab84695d3dcbb0d5e6f2b6113d7e4d23e4f0ee4	txt
2022-11-15 13:45:06	a77f2e3ac6bdc5e037181cd644f5a4b32355d7b2558fda15597a4fb2010950f5	txt
2022-11-15 13:44:05	95e92cd26083c0470922af80c435a955617de77116bcfce667e94e68d2a9eae8	exe		Formbook
2022-11-15 13:44:05	8197cee2407339d915bbf5e5197660dce391a2c276bbf19b9de2e3b029c19556	exe
2022-11-15 13:43:06	4cff7a2fc753abddfa320fc226964bd5057bd544d148fe10b7d4617b683862ae	exe		Formbook
2022-11-15 13:43:06	80235c15a8eb599ae86b03dffcc7b84d5670ee01619a49310ac172e58139d1f9	txt
2022-11-15 13:43:05	734e077ffd2beb5e2808ce5bf2d27f03757257d133794acad69bf80bee2e7348	exe		RemcosRAT
2022-11-15 13:43:05	b1865d79b8956cc7dd3940170bd4be0e34e937e0ba1ecf00b877ecf86a3c85b2	exe		AgentTesla
2022-11-15 13:43:05	289d08210a6c05a9dc39bdab4900e04f2f9439f1587a2c26d5de8642034942ef	txt
2022-11-15 06:46:07	f7ac248e39e55ccbf0b79fbfd3bbad23f00dd3e595d6f58166a70dfd82adb951	exe		RemcosRAT
2022-11-15 06:46:07	8480895542ad5e0279f134410f74832287403b25be149fcb263d74e7be07b4de	exe		DarkCloud
2022-11-15 06:46:07	87aca3d786166839236fffc4e179a6bade8e624a40702b934b852c4847dad382	exe		AsyncRAT
2022-11-15 06:46:07	e04cc67c75ffcb323f8136e7b09e75c376d548d02410172aecc3ad6c5a5164af	exe		StormKitty
2022-11-15 06:46:07	bd6c22e0bdfe39745c527796646f11ad18e6967b48b92ff79d7c99c1380e7964	exe		Formbook
2022-11-14 13:36:09	5cd984999bd8247605963dfaa79f5e20a7c9322bfe6545dac895efaf52a62b65	txt