URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host: kdrecord.com
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Not blocked
AdGuard :Not blocked
Cloudflare :Not blocked
ProtonDNS :Not blocked
OpenBLD :Blocked
DNS4EU :Blocked
Control D HaGeZi :Not blocked
Firstseen:2018-04-11 19:55:15 UTC
Total malware sites :19
Online malware sites :0 (0%)
Offline Malware sites :19 (100%)
A record(s) observed :2

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)IP addressHostnameSBLASNCountryActive?
2025-04-27 08:39:19 154.213.85.32Not listedAS135097 MYCLOUD-AS-AP- HKyes
2018-04-11 19:55:26 202.146.241.44cpanel2.centrin.net.idNot listedAS9326 CENTRIN-AS-AP- IDno

Malware URLs

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)URLStatusTagsReporter
2018-07-21 08:06:14http://kdrecord.com/SA0FH9aOfflineemotet ext exe heodo ext Anonymous
2018-07-21 07:41:04http://kdrecord.com/SA0FH9a/Offlineemotet ext exe heodo ext abuse_ch
2018-07-17 21:35:56http://kdrecord.com/doc/EN_en/OVERDUE-ACCOUNT/I...Offlinedoc emotet ext heodo ext Anonymous
2018-07-04 05:05:29http://kdrecord.com/En/FILE/invoice/Offlinedoc emotet ext epoch2 heodo ext Cryptolaemus1
2018-06-30 06:07:32http://kdrecord.com/Order/84317Offlineemotet ext heodo ext p5yb34m
2018-06-30 06:07:30http://kdrecord.com/ACCOUNT/New-Invoice-CN0222-...Offlineemotet ext heodo ext p5yb34m
2018-06-28 05:26:06http://kdrecord.com/Order/84317/Offlineemotet ext heodo ext p5yb34m
2018-06-26 17:01:05http://kdrecord.com/ACCOUNT/New-Invoice-CN0222-...Offlinedoc emotet ext epoch2 heodo ext Cryptolaemus1
2018-06-21 13:02:09http://kdrecord.com/Facture-impayee/New-Order-U...Offlineemotet ext heodo ext Malware_News
2018-06-21 05:40:05http://kdrecord.com/Facture-impayee/New-Order-U...Offlineemotet ext heodo ext p5yb34m
2018-06-18 22:50:11http://kdrecord.com/STATUS/ACCOUNT1800948/OfflineAgentTesla ext doc emotet ext epoch2 heodo ext Cryptolaemus1
2018-06-13 18:46:17http://kdrecord.com/IRS-TRANSCRIPTS-04/87/Offlinedoc emotet ext epoch1 heodo ext Cryptolaemus1
2018-06-11 14:23:19http://kdrecord.com/IRS-Tax-Transcipts-07/64/Offlinedoc emotet ext epoch1 Formbook ext heodo ext Cryptolaemus1
2018-06-08 17:21:07http://kdrecord.com/VJJjAUmAL/Offlineemotet ext epoch2 heodo ext payload Cryptolaemus1
2018-06-05 16:40:11http://kdrecord.com/Client/Invoices/Offlinedoc emotet ext heodo ext Cryptolaemus1
2018-05-29 06:54:00http://kdrecord.com/Rechnungszahlung/Zahlungser...Offlinedoc emotet ext heodo ext cocaman
2018-05-24 08:13:22http://kdrecord.com/ACCOUNT/INV13334035808/Offlinedoc emotet ext heodo ext amuehlem
2018-05-18 10:36:48http://kdrecord.com/InformationRechnung/Offlinedoc emotet ext heodo ext JAMESWT_MHT
2018-04-11 19:55:26http://kdrecord.com/Past-Due-Invoices/Offlinedoc emotet ext heodo ext cocaman

The table below shows recent payloads delivery by this host.

Firstseen (UTC)SHA256 hashFile typeBazaarSignature
2018-07-19 06:25:295da441a5129f4d0cb8ab72d45b985fb9238218eee413835e1c6d94686fad9d5ddocHeodo
2018-05-29 06:54:00b4fdb77c5b6eede55fa1025dcbd522ada24dc6fef82efbeac60934cb6a8e8005docHeodo
2018-05-24 08:13:221cd24f7e2b926934692d90eeef9d701620178fc1d6f57becf4c1962940d572cadoc