URLhaus Database
Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).
Database Entry
| Host: | h167991.srv21.test-hf.su |
|---|---|
| Spamhaus DBL : | Not blocked |
| SURBL : | Not blocked |
| Quad9 : | Not blocked |
| AdGuard : | Not blocked |
| Cloudflare : | Blocked |
| ProtonDNS : | Not blocked |
| OpenBLD : | Not blocked |
| DNS4EU : | Not blocked |
| Control D HaGeZi : | Not blocked |
| Firstseen: | 2023-03-13 09:30:10 UTC |
| Total malware sites : | 6 |
| Online malware sites : | 0 (0%) |
| Offline Malware sites : | 6 (100%) |
| A record(s) observed : | 2 |
IP addresses
The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.
| Firstseen (UTC) | IP address | Hostname | SBL | ASN | Country | Active? |
|---|---|---|---|---|---|---|
| 2023-04-23 02:27:26 | 91.227.16.6 | pxe1.host-food.ru | Not listed | AS207027 Eximius-AS |  RU | yes |
| 2023-03-13 09:30:13 | 91.227.16.21 | srv21.host-food.ru | Not listed | AS207027 Eximius-AS | RU | no |
Malware URLs
The table below shows all malware URLs that are associated with this particular host.
| Dateadded (UTC) | URL | Status | Tags | Reporter |
|---|---|---|---|---|
| 2023-03-18 06:28:13 | http://h167991.srv21.test-hf.su/92.exe | Offline | exe Stealc |  abuse_ch |
| 2023-03-18 06:28:11 | http://h167991.srv21.test-hf.su/93.exe | Offline | exe RedLineStealer  | abuse_ch |
| 2023-03-15 02:03:18 | http://h167991.srv21.test-hf.su/91.exe | Offline | AuroraStealer exe |  zbetcheckin |
| 2023-03-15 02:03:13 | http://h167991.srv21.test-hf.su/86.exe | Offline | 32 AuroraStealer exe | zbetcheckin |
| 2023-03-14 18:32:12 | http://h167991.srv21.test-hf.su/87.exe | Offline | exe RedLineStealer | abuse_ch |
| 2023-03-13 09:30:13 | http://h167991.srv21.test-hf.su/85.exe | Offline | dcrat exe | abuse_ch |
The table below shows recent payloads delivery by this host.
| Firstseen (UTC) | SHA256 hash | File type | Bazaar | Signature |
|---|---|---|---|---|
| 2023-03-18 06:28:13 | 44d21ea143ece509c6bb52d87090c7e4353c931b2be94021b0cee8a5d5854a50 | exe | Stealc | |
| 2023-03-18 06:28:11 | d11d05f8a25f446990e9e2d7ea4040829d529371622068e2192395f44566d77c | exe | RedLineStealer | |
| 2023-03-17 20:15:20 | 5892a93d287a1e4bd97fb09b79b6e2af5643103511f3678c8212ec803ff3b449 | exe | AuroraStealer | |
| 2023-03-16 16:39:13 | 9d46f656238d21c07a1d280b8a23171d05ae87dbb136d4c0efefa578132058cf | exe | AuroraStealer | |
| 2023-03-15 02:03:18 | 7d8f5d965f6466e1282224bf2b39324c4f98ee39c805c89119da7ddc7a36a658 | exe | AuroraStealer | |
| 2023-03-15 02:03:13 | 2e5260973969192f9cc166487adb128832e22f2752b176359c51264a6e5d7faa | exe | AuroraStealer | |
| 2023-03-14 18:32:11 | a52dd05dfaa0f47bc084584db0f2ada790764b6332ec85cb36ae1301aa72af5f | exe | RedLineStealer | |
| 2023-03-13 09:30:13 | bdc2f986320facc24627b6e31ae3ff0147583b04c262a386b2043557b59d06c0 | exe | DCRat |