URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	mermerden.com
Domain registrar:	Nics Telekomunikasyon
Domain registration date:	2014-05-14 08:47:29 UTC
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Not blocked
AdGuard :	Not blocked
Cloudflare :	Not blocked
ProtonDNS :	Not blocked
OpenBLD :	Not blocked
DNS4EU :	Blocked
Control D HaGeZi :	Not blocked
Firstseen:	2022-10-12 17:03:04 UTC
Total malware sites :	4
Online malware sites :	0 (0%)
Offline Malware sites :	4 (100%)
A record(s) observed :	5

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2023-04-17 21:56:09	185.230.63.107	unalocated.63.wixsite.com	Not listed	AS58182 wix_com	US	yes
2023-04-17 21:56:09	185.230.63.171	unalocated.63.wixsite.com	Not listed	AS58182 wix_com	US	yes
2023-04-17 21:56:09	185.230.63.186	unalocated.63.wixsite.com	Not listed	AS58182 wix_com	US	yes
2022-12-08 22:43:43	94.73.145.104	94-73-145-104.cizgi.net.tr	Not listed	AS34619 CIZGI	TR	no
2022-10-12 17:03:08	93.180.133.176	hosted-by.hzd.com.tr	Not listed	AS213657 VPS-COM-TR---HOSTAVRUPA-NET	TR	no

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2022-10-27 16:01:06	http://mermerden.com/name/9FaBXdWXqikMdRn.exe	Offline	exe RemcosRAT	jstrosch
2022-10-12 17:03:08	http://mermerden.com/aradmai/attack.txt	Offline	opendir rat RemcosRAT	abuse_ch
2022-10-12 17:03:08	http://mermerden.com/aradmai/Encrypted%20Client...	Offline	opendir rat RemcosRAT	abuse_ch
2022-10-12 17:03:08	http://mermerden.com/aradmai/Protected%20Client.js	Offline	opendir rat RemcosRAT	abuse_ch

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2022-10-27 16:01:06	84710414bcb3ded3b23c6c53c0cf39a85d22407d6b543f50f5d633ff1c757ca0	exe		RemcosRAT
2022-10-12 17:03:07	b2e9897a40cf1a958570050105947212a2d3a2ee93a575a72ae8729b71faa506	txt
2022-10-12 17:03:06	3e5ae309902d3d7b4e6ea1d4aa412d88d9270bf5571f98346f78f74c7f4fb3cc	unknown
2022-10-12 17:03:05	fdb157499d6ff88d2ca7b45b705622dddadf92e3a25850fe3fbbdb2b3fd52f55	txt