URLhaus Database
Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).
Database Entry
IP addresses
The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.
| Firstseen (UTC) | IP address | Hostname | SBL | ASN | Country | Active? |
|---|---|---|---|---|---|---|
| 2020-11-16 08:51:07 | 8.208.99.216 | Not listed | AS45102 ALIBABA-CN-NET |  GB | no | |
| 2020-11-16 00:00:44 | 46.173.218.130 | SBL668586 | AS47196 Garant-Park-Internet |  RU | no | |
| 2020-11-15 21:49:21 | 46.173.218.122 | SBL668586 | AS47196 Garant-Park-Internet | RU | no | |
| 2020-11-15 11:00:14 | 46.173.218.118 | SBL668586 | AS47196 Garant-Park-Internet | RU | no | |
| 2020-11-11 18:38:57 | 46.173.218.66 | 0018.ru | SBL668586 | AS47196 Garant-Park-Internet | RU | no |
| 2020-11-12 02:37:06 | 77.223.96.18 | cloud58042.meunegocio2.com.br | Not listed | AS50340 SELECTEL-MSK | RU | no |
| 2020-11-11 12:38:28 | 46.173.218.65 | SBL668586 | AS47196 Garant-Park-Internet | RU | no | |
| 2020-11-11 09:56:56 | 46.173.218.64 | SBL668586 | AS47196 Garant-Park-Internet | RU | no | |
| 2020-11-09 10:35:31 | 46.173.218.68 | SBL668586 | AS47196 Garant-Park-Internet | RU | no | |
| 2020-11-09 07:05:45 | 46.173.214.108 | free.example.com | SBL668586 | AS47196 Garant-Park-Internet | RU | no |
Malware URLs
The table below shows all malware URLs that are associated with this particular host.
| Dateadded (UTC) | URL | Status | Tags | Reporter |
|---|---|---|---|---|
| 2020-11-05 11:33:06 | http://kregmartlime.ga/main/ex/us8/document.doc | Offline | Loki  RTF |  zbetcheckin |
| 2020-11-05 07:21:07 | http://kregmartlime.ga/main/ex/ap1/vbc.exe | Offline | exe Loki |  abuse_ch |
| 2020-11-05 07:21:05 | http://kregmartlime.ga/main/ex/ap1/document.doc | Offline | Loki RTF | abuse_ch |
| 2020-10-23 06:08:05 | http://kregmartlime.ga/main/ex/us2/invoice.doc | Offline | Loki RTF | abuse_ch |
| 2020-10-20 06:09:07 | http://kregmartlime.ga/main/mode/vbc.exe | Offline | exe Loki | abuse_ch |
| 2020-10-20 06:09:05 | http://kregmartlime.ga/main/mode/doument_f.doc | Offline | Loki RTF | abuse_ch |
The table below shows recent payloads delivery by this host.
| Firstseen (UTC) | SHA256 hash | File type | Bazaar | Signature |
|---|---|---|---|---|
| 2020-11-07 00:14:07 | df43c3de9ccc3d956cc5b275e9be8bf7c7dfb62bc24f4f4925e9b147b57af324 | exe | Loki | |
| 2020-11-06 04:28:01 | 42cb29ca06a397b344e246df54b44c97a7250e09f18f74fac897a6d8df470bd2 | exe | Loki | |
| 2020-11-05 11:45:59 | 4bc7b8fded24a280c35ebce0b4cecc83725e655ed1c983a5e8ac10e29aabd379 | rtf | Loki | |
| 2020-11-05 07:21:07 | 32e1dad6dd587d776e7c5bcce33d1337774b7dafbc84bbe984818cff295fc713 | exe | Loki | |
| 2020-11-05 07:21:05 | 8cd5b74e558ebd50c6529a9d8c0075aba067e6867f99a90a8152979f69ad9f68 | rtf | Loki | |
| 2020-10-23 06:08:05 | 323c118dc57345fa72f6602e94fe9f2eb7dba9cd5b09a7064b5a425a9cfbf319 | rtf | Loki | |
| 2020-10-20 06:09:06 | 24cf891903408b85cdce1e4ee8c4101f878b944113ae808273444a0db1d2335f | exe | Loki | |
| 2020-10-20 06:09:05 | ce1e65e81121b6b212c98f7b09e2cef36f5e7acbea688a7c1546b8e85268e0be | rtf | Loki |