URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	kosmengroup.com
Domain registrar:	P.A. Viet Nam
Domain registration date:	2020-10-14 02:42:07 UTC
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Not blocked
AdGuard :	Not blocked
Cloudflare :	Not blocked
ProtonDNS :	Blocked
OpenBLD :	Not blocked
DNS4EU :	Blocked
Control D HaGeZi :	Not blocked
Firstseen:	2023-05-17 13:06:32 UTC
Total malware sites :	1
A record(s) observed :	3

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2025-05-05 09:26:26	112.213.89.164	sarajevo.maychu.cloud	Not listed	AS45544 SUPERDATA-AS-VN	VN	yes
2025-04-27 10:07:04	103.77.162.25	zurich.maychu.cloud	Not listed	AS45544 SUPERDATA-AS-VN	VN	no
2023-05-17 13:06:38	112.213.89.73	hexi.dotvndns.com	Not listed	AS45544 SUPERDATA-AS-VN	VN	no

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2023-05-17 13:06:38	https://kosmengroup.com/ee/?1	Offline	BB28 geofenced js Qakbot Quakbot USA	Cryptolaemus1

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2023-05-19 19:26:58	1cea0c4b1af9170b9ed2927f3b100d202bebd1b8e69ba1527336aaa6b2c0bffc	js
2023-05-19 15:34:31	76443e093ed6d6e3961cb5f9bbd546bab2d05f6bc2536c5744dc86f7a769bea8	js
2023-05-19 06:38:25	d7522ab4f64ae0950e24bb00df9157136bbcb900ace0c77bd1a46f06149bf37a	js
2023-05-19 00:33:47	bbcdb87a842c5157acea98f0cedd358f764e2613b6a635e4f9f5946de8c07780	js
2023-05-18 23:22:24	1a2e818afb29521c8658d2a0643158af97370d69c32c0bd85cb900bd3e85b0ee	js
2023-05-18 21:10:04	51ffefa8a10b6da720a80cec4735fe173669e7c974946e46c8dda908e824d8a4	js
2023-05-18 18:12:18	c74cf0cb7927a8438a84c9cedbdbab3e4815550813336043f39674a67b6a021a	js
2023-05-18 16:42:33	6016f12710a18923ed029eb1dc62882b5f1a032a7424e0169dd8c2228598f59d	js
2023-05-18 14:26:10	0eaba15ab577cf3c9483477182ae842774b648400dbd159ba17e92102b8fdf7d	js
2023-05-18 13:39:29	48db39cd7c0e54ce481a9a5a086bbcb4488584e914b43948388b02b053f75722	js
2023-05-18 11:57:56	582d7260d0c9d28291c1a5741818450399bdb826da9dfa44e69657727548f4f6	js
2023-05-18 11:12:10	356f8c2ebf3f6ab97ed37e1195e6ccc8d5441e37c038c0c09c7f481b5aa205de	js		Quakbot
2023-05-18 08:50:57	e8a4b575211295a78e536c4a374d5538f24470f6036d3a1e5ab52f149b6a5683	js		Quakbot
2023-05-18 06:29:55	4ca00c819ac67574145c0664985afbfd757621b4809ec157f14d22108aeacf8d	js
2023-05-18 05:05:21	58b0e516ec4c36b4a0582314a01bc968a5e3a7acce646abe2179ef5adde91a24	js		Quakbot
2023-05-18 02:45:58	88e1c48885e6e3ca5b9336e4c427b393b3ed8d986289d640404abb2cdf869689	js		Quakbot
2023-05-18 02:34:49	b243ce7f5b24e6eab35ff99fcc718064f5897388b337460b05226b50e50b7dfe	js		Quakbot
2023-05-18 00:39:03	cca9ae0f45d9d362a7e18d9f86ed7a18a1340c3f3d4811c7a2ddc658408bd496	js
2023-05-17 21:19:34	3ff223428a9d2b7b897fd823e4add6ae4cc119c86e47eb073bdbf5a578a17226	js		Quakbot
2023-05-17 19:55:13	d306257143ef32e3f924f2886ed8c92b3dadea9e12e458ad402e9456a2e61edf	js		Quakbot
2023-05-17 17:34:37	8290e44e2bd6431a3cb8fce93c83b97d4710c63bffe7f1eb93db3282ae17b5f6	js		Quakbot
2023-05-17 15:49:24	ce5efda576bdfd577cb85bba27c1785787f37d30869878530f7249504d45cf69	js		Quakbot
2023-05-17 13:47:39	1518f10a4a3e1bb0772544083dd21336675b9248d73c59f8dd75068406de1474	js		Quakbot
2023-05-17 13:06:38	bc100a785f531874618920cd99c357dfc32c33cd59fc6b19856a94b41ca3f07f	js