URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	k1t.jelikob.ru
Domain registrar:	R01
Domain registration date:	2021-09-22 09:05:38 UTC
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Status unknown
AdGuard :	Not blocked
Cloudflare :	Not blocked
ProtonDNS :	Status unknown
OpenBLD :	Not blocked
DNS4EU :	Not blocked
Control D HaGeZi :	Not blocked
Firstseen:	2021-10-13 16:30:06 UTC
Total malware sites :	1
A record(s) observed :	4

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2022-09-24 00:00:44	31.177.76.144	expired.r01.ru	Not listed	AS48287 RU-CENTER	RU	no
2022-09-24 00:00:44	31.177.80.144	expired.r01.ru	Not listed	AS48287 RU-CENTER	RU	no
2022-05-21 23:09:27	195.161.62.100		Not listed	AS8342 RTCOMM-AS	RU	no
2021-10-13 16:30:08	81.177.141.36	srv203-h-st.jino.ru	Not listed	AS8342 RTCOMM-AS	RU	no

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2021-10-13 16:30:08	https://k1t.jelikob.ru/1170423485.exe	Offline	32 exe RedLineStealer	zbetcheckin

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2021-10-13 16:30:08	484989aa0548d25d524e8dcbea3e5117e31ec143d8b77aec8945e392ce7c72c8	exe		RedLineStealer