URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	marccnovaafitness.com
Domain registrar:	Google
Domain registration date:	2018-03-01 18:29:49 UTC
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Status unknown
AdGuard :	Not blocked
Cloudflare :	Not blocked
ProtonDNS :	Status unknown
OpenBLD :	Not blocked
DNS4EU :	Not blocked
Control D HaGeZi :	Not blocked
Firstseen:	2021-08-20 08:41:03 UTC
Total malware sites :	6
Online malware sites :	0 (0%)
Offline Malware sites :	6 (100%)
A record(s) observed :	13

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2022-05-14 11:05:14	81.17.18.196	hostedby.privatelayer.com	Not listed	AS51852 PLI-AS	CH	no
2022-05-16 18:50:26	81.17.29.146	hostedby.privatelayer.com	Not listed	AS51852 PLI-AS	CH	no
2022-05-16 11:56:13	63.141.242.45		Not listed	AS33387 NOCIX	US	no
2022-05-14 21:55:41	63.141.242.44		Not listed	AS33387 NOCIX	US	no
2022-05-16 02:56:29	81.17.29.149	hostedby.privatelayer.com	Not listed	AS51852 PLI-AS	CH	no
2022-05-15 11:02:06	81.17.29.147	hostedby.privatelayer.com	Not listed	AS51852 PLI-AS	CH	no
2022-05-14 16:59:14	5.79.68.103		Not listed	AS60781 LEASEWEB-NL-AMS-01	NL	no
2022-05-14 22:30:17	5.79.68.101		Not listed	AS60781 LEASEWEB-NL-AMS-01	NL	no
2021-08-20 08:41:06	192.185.93.231	192-185-93-231.unifiedlayer.com	Not listed	AS19871 NETWORK-SOLUTIONS-HOSTING	US	no
2022-05-13 22:09:04	192.187.111.221	tyg.qwiqo.live	Not listed	AS33387 NOCIX	US	no

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2021-08-20 09:59:05	https://marccnovaafitness.com/beta/TF7vGJml6S1l...	Offline	32 exe RedLineStealer	zbetcheckin
2021-08-20 09:59:05	https://marccnovaafitness.com/beta/StoreTransac...	Offline	32 exe RedLineStealer	zbetcheckin
2021-08-20 09:59:05	https://marccnovaafitness.com/beta/c.exe	Offline	32 exe RedLineStealer	zbetcheckin
2021-08-20 08:43:10	https://marccnovaafitness.com/map/htown.exe	Offline	AveMariaRAT exe	vxvault
2021-08-20 08:42:05	https://marccnovaafitness.com/map/NOTEPAD.exe	Offline	AveMariaRAT exe	vxvault
2021-08-20 08:41:06	https://marccnovaafitness.com/map/QuickAssist.exe	Offline	exe RedLineStealer	vxvault

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2021-08-20 09:59:05	c61437f734b20bd42d42819a521483df261067cb7b247cfc512e1fdd0189ca17	exe		RedLineStealer
2021-08-20 09:59:05	6c2f3787eafe01e876776b4ad14ee74e2b5df1483b7d8193b256c78572d2cf7f	exe		RedLineStealer
2021-08-20 09:59:05	37871ec354ede70797f7a39a90a5d45685f93e930cf99763b39adc029c7d9cbc	exe		RedLineStealer
2021-08-20 08:43:10	7f6b099267911103a2ed4968d73900bbdc667fde2d574fe8300f891a25a33f55	exe		AveMariaRAT
2021-08-20 08:42:05	03c72ba4210bb7b27c38735b169a5af85166aa2bb84ddeb7c47a421f1f716e48	exe		AveMariaRAT
2021-08-20 08:41:05	f15224a9cc3713a1ffff26de7d7e962bafa436c98962d2f7cc2bbdcf47c977a6	exe		RedLineStealer