URLhaus Database
Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).
Database Entry
| Host: | h4.tattlererun.life |
|---|---|
| Domain registrar: | Public Domain Registry  |
| Domain registration date: | 2025-05-15 09:18:12 UTC |
| Abuse complaint sent to registrar: | Yes (2025-05-20 13:11:02 UTC to abuse-contact{at}publicdomainregistry[dot]com) |
| Domain registry: | Donuts  |
| Abuse complaint sent to registry: | Yes (2025-05-20 13:11:02 UTC to abuse{at}donuts[dot]email) |
| Spamhaus DBL : | Not blocked |
| SURBL : | Not blocked |
| Quad9 : | Status unknown |
| AdGuard : | Not blocked |
| Cloudflare : | Blocked |
| ProtonDNS : | Status unknown |
| OpenBLD : | Blocked |
| DNS4EU : | Blocked |
| Control D HaGeZi : | Not blocked |
| Firstseen: | 2025-05-20 13:09:05 UTC |
| Total malware sites : | 4 |
| Online malware sites : | 0 (0%) |
| Offline Malware sites : | 4 (100%) |
| A record(s) observed : | 2 |
IP addresses
The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.
| Firstseen (UTC) | IP address | Hostname | SBL | ASN | Country | Active? |
|---|---|---|---|---|---|---|
| 2025-05-20 13:09:12 | 104.21.94.135 | Not listed | AS13335 CLOUDFLARENET | n/a | no | |
| 2025-05-20 13:09:12 | 172.67.168.78 | Not listed | AS13335 CLOUDFLARENET | n/a | no |
Malware URLs
The table below shows all malware URLs that are associated with this particular host.
| Dateadded (UTC) | URL | Status | Tags | Reporter |
|---|---|---|---|---|
| 2025-05-20 13:18:11 | http://h4.tattlererun.life/888888.bin | Offline | censys CryptOne exe |  NDA0E |
| 2025-05-20 13:17:06 | http://h4.tattlererun.life/88.ext.bin | Offline | censys exe HijackLoader IDATLoader | NDA0E |
| 2025-05-20 13:10:07 | http://h4.tattlererun.life/sh.ext.bin | Offline | censys exe HijackLoader IDATLoader | NDA0E |
| 2025-05-20 13:09:12 | http://h4.tattlererun.life/shark.bin | Offline | censys CryptOne exe | NDA0E |
The table below shows recent payloads delivery by this host.
| Firstseen (UTC) | SHA256 hash | File type | Bazaar | Signature |
|---|---|---|---|---|
| 2025-05-20 17:20:31 | ef89e39477a6f0e04b545023e131913d621d17c94729a58b91d1c9b0627436f8 | exe | ||
| 2025-05-20 13:18:11 | e3cd1f0cc93fe9023febcb4648ee40aa77441cb2bceafe713258d28d56e1c3fe | exe | CryptOne | |
| 2025-05-20 13:17:06 | df4aa9ed599d9453c810487fa14ac9c98e6897d0f065f090384559c9e062dbc6 | zip | ||
| 2025-05-20 13:10:07 | b8dfa80c6a22b7168b3b6738295a472c1f8d96c932062c72a53062b04de909ea | exe | ||
| 2025-05-20 13:09:12 | e882a6bc39d1eef27cc0f7b15e649002af592a90903c8e80164c049365b2268e | exe | CryptOne |