URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	microsoft-auth-network.cc
Domain registrar:	Epik
Domain registration date:	2022-08-30 11:27:03 UTC
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Status unknown
AdGuard :	Status unknown
Cloudflare :	Blocked
ProtonDNS :	Status unknown
OpenBLD :	Blocked
DNS4EU :	Blocked
Control D HaGeZi :	Not blocked
Firstseen:	2023-02-26 06:36:09 UTC
Total malware sites :	35
Online malware sites :	0 (0%)
Offline Malware sites :	35 (100%)
A record(s) observed :	11

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	SBL	ASN	Country	Active?
2025-06-20 22:39:45	209.196.146.115	Not listed	AS394456 EPIK-LLC	US	no
2025-03-12 23:04:17	87.121.84.254	SBL683025	AS215925 VPSVAULTHOST	US	no
2025-01-04 14:40:40	91.202.233.151	SBL677411	AS200593 PROSPERO-AS	TM	no
2025-01-04 01:21:43	91.212.166.134	SBL624670	AS198953 proton66	RU	no
2024-12-22 01:48:42	5.252.155.2	Not listed	AS215826 Partner-Hosting-LTD	PA	no
2024-12-11 22:47:26	85.31.47.154	Not listed	AS397423 TIER-NET	BG	no
2024-11-27 01:34:51	87.121.86.16	Not listed	AS209693 OC-NETWORK	EE	no
2023-06-27 11:08:36	85.217.144.194	Not listed	AS16276 OVH	GB	no
2023-03-13 06:00:51	85.217.144.162	Not listed	AS16276 OVH	GB	no
2023-02-26 06:36:11	84.32.190.45	Not listed	AS59642 CHERRYSERVERS2-AS	NL	no

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2025-03-18 12:03:05	http://microsoft-auth-network.cc/1337/TORRENTOL...	Offline	exe LummaStealer opendir	NDA0E
2025-03-18 12:03:05	http://microsoft-auth-network.cc/TPBActivetor/T...	Offline	exe LummaStealer opendir	NDA0E
2024-11-01 15:19:09	http://microsoft-auth-network.cc/update/TPB-1.exe	Offline	LummaStealer Vidar	abus3reports
2024-07-13 12:36:11	http://microsoft-auth-network.cc/1337/B.txt	Offline	185.99.135.162 ascii link opendir	NDA0E
2024-07-13 12:35:38	http://microsoft-auth-network.cc/1337/D.txt	Offline	185.99.135.162 ascii link opendir	NDA0E
2024-07-13 12:35:16	http://microsoft-auth-network.cc/1337/A.txt	Offline	185.99.135.162 ascii link opendir	NDA0E
2024-07-13 12:35:11	http://microsoft-auth-network.cc/TPBActivetor/l...	Offline	185.99.135.162 ascii link opendir	NDA0E
2024-07-13 12:35:11	http://microsoft-auth-network.cc/FreeApps/link3...	Offline	185.99.135.162 ascii link opendir	NDA0E
2024-07-13 12:35:08	http://microsoft-auth-network.cc/HEXO-SOFTWARE/...	Offline	185.99.135.162 ascii link opendir	NDA0E
2024-07-13 12:35:07	http://microsoft-auth-network.cc/TPBActivetor/l...	Offline	185.99.135.162 ascii link opendir	NDA0E
2024-07-13 12:35:07	http://microsoft-auth-network.cc/TPBActivetor/l...	Offline	185.99.135.162 ascii link opendir	NDA0E
2024-07-13 12:34:56	http://microsoft-auth-network.cc/limetor/link2.txt	Offline	185.99.135.162 ascii link opendir	NDA0E
2024-07-13 12:34:52	http://microsoft-auth-network.cc/1337/C.txt	Offline	185.99.135.162 ascii link opendir	NDA0E
2024-07-13 12:34:51	http://microsoft-auth-network.cc/limetor/link4.txt	Offline	185.99.135.162 ascii link opendir	NDA0E
2024-07-13 12:34:46	http://microsoft-auth-network.cc/FreeApps/link.txt	Offline	185.99.135.162 ascii link opendir	NDA0E
2024-07-13 12:34:45	http://microsoft-auth-network.cc/TPBActivetor/l...	Offline	185.99.135.162 ascii link opendir	NDA0E
2024-07-13 12:34:39	http://microsoft-auth-network.cc/TORRENT-SPAM/l...	Offline	185.99.135.162 ascii link opendir	NDA0E
2024-07-13 12:34:35	http://microsoft-auth-network.cc/limetor/link3.txt	Offline	185.99.135.162 ascii link opendir	NDA0E
2024-07-13 12:34:33	http://microsoft-auth-network.cc/FreeApps/link4...	Offline	185.99.135.162 ascii link opendir	NDA0E
2024-07-13 12:34:32	http://microsoft-auth-network.cc/HEXO-SOFTWARE/...	Offline	185.99.135.162 ascii link opendir	NDA0E
2024-07-13 12:34:31	http://microsoft-auth-network.cc/1337/E.txt	Offline	185.99.135.162 ascii link opendir	NDA0E
2024-07-13 12:34:30	http://microsoft-auth-network.cc/FreeApps/link2...	Offline	185.99.135.162 ascii link opendir	NDA0E
2024-07-13 12:34:26	http://microsoft-auth-network.cc/limetor/link.txt	Offline	185.99.135.162 ascii link opendir	NDA0E
2024-07-13 12:34:14	http://microsoft-auth-network.cc/TORRENT-SPAM/l...	Offline	185.99.135.162 ascii link opendir	NDA0E
2024-07-13 12:17:20	http://microsoft-auth-network.cc/newz2k/link3.txt	Offline	185.99.135.162 ascii link opendir	NDA0E
2024-07-13 12:17:18	http://microsoft-auth-network.cc/newz2k/link4.txt	Offline	185.99.135.162 ascii link opendir	NDA0E
2024-07-13 12:17:15	http://microsoft-auth-network.cc/newz2k/link2.txt	Offline	185.99.135.162 ascii link opendir	NDA0E
2024-07-13 12:17:10	http://microsoft-auth-network.cc/newz2k/link.txt	Offline	185.99.135.162 ascii link opendir	NDA0E
2024-07-13 11:48:34	http://microsoft-auth-network.cc/TG-Source/link...	Offline	185.99.135.162 ascii link opendir	NDA0E
2024-07-13 11:48:21	http://microsoft-auth-network.cc/TG-Source/link...	Offline	185.99.135.162 ascii link opendir	NDA0E
2024-07-13 11:46:37	http://microsoft-auth-network.cc/TPB-G/link.txt	Offline	185.99.135.162 ascii link opendir	NDA0E
2024-07-13 11:45:17	http://microsoft-auth-network.cc/update/link.txt	Offline	185.99.135.162 ascii link opendir	NDA0E
2023-02-26 06:36:13	http://microsoft-auth-network.cc/TPB-2-Links/li...	Offline	185.99.135.162 ascii link opendir	abuse_ch
2023-02-26 06:36:11	http://microsoft-auth-network.cc/TPB-2-Links/li...	Offline	185.99.135.162 ascii link opendir	abuse_ch

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Signature
2025-06-18 17:44:08	66b6fc4a116af7fc4749b6e135206895770cd20344f66b0e1a15a7064041bf0a	exe	LummaStealer
2025-06-18 17:15:07	66b6fc4a116af7fc4749b6e135206895770cd20344f66b0e1a15a7064041bf0a	exe	LummaStealer
2025-06-18 16:40:17	66b6fc4a116af7fc4749b6e135206895770cd20344f66b0e1a15a7064041bf0a	exe	LummaStealer
2025-06-10 21:42:53	ff8f729eb7a69bee300d0fbf2b5e1a584b4377fe63ab8df1ee92b4b336eb5059	exe
2025-06-10 21:38:01	ff8f729eb7a69bee300d0fbf2b5e1a584b4377fe63ab8df1ee92b4b336eb5059	exe
2025-06-10 21:35:47	ff8f729eb7a69bee300d0fbf2b5e1a584b4377fe63ab8df1ee92b4b336eb5059	exe
2025-05-18 22:04:31	796ce3e06bc10916427b847a1b6c2f1eaa9904f95db66e35c28cebec34efc9c5	exe	LummaStealer
2025-05-18 21:29:12	796ce3e06bc10916427b847a1b6c2f1eaa9904f95db66e35c28cebec34efc9c5	exe	LummaStealer
2025-05-18 21:13:09	796ce3e06bc10916427b847a1b6c2f1eaa9904f95db66e35c28cebec34efc9c5	exe	LummaStealer
2025-04-18 00:26:33	cbef641ab5e6e4e29ee57ff1d05d64848f21f7aeab1fb25043b953a85b95a4a1	exe
2025-04-12 14:23:49	4ef46582ae95f961c0a0af8262de20681d9fc34ab18ead54a634448c077fd82d	exe	LummaStealer
2025-04-12 13:44:13	4ef46582ae95f961c0a0af8262de20681d9fc34ab18ead54a634448c077fd82d	exe	LummaStealer
2025-04-12 13:42:56	4ef46582ae95f961c0a0af8262de20681d9fc34ab18ead54a634448c077fd82d	exe	LummaStealer
2025-03-23 22:40:10	8c0b11ccc08ca9295f15cc23733ce76f88ccb51f06435f29c32ebd200775118b	exe	LummaStealer
2025-03-23 22:23:09	8c0b11ccc08ca9295f15cc23733ce76f88ccb51f06435f29c32ebd200775118b	exe	LummaStealer
2025-03-23 21:18:09	8c0b11ccc08ca9295f15cc23733ce76f88ccb51f06435f29c32ebd200775118b	exe	LummaStealer
2025-03-18 12:03:05	b80b32ff1d730cfc947db68a4fc546576195bf302d1a05eee31b988fd53ea132	exe	LummaStealer
2025-03-18 12:03:05	b80b32ff1d730cfc947db68a4fc546576195bf302d1a05eee31b988fd53ea132	exe	LummaStealer
2025-03-16 02:19:50	7222e418982845a613b0ff6c842bf8d194dd5109a6436b32953f67d7bba35585	exe
2025-03-03 11:02:20	b80b32ff1d730cfc947db68a4fc546576195bf302d1a05eee31b988fd53ea132	exe	LummaStealer
2025-03-03 10:45:43	b80b32ff1d730cfc947db68a4fc546576195bf302d1a05eee31b988fd53ea132	exe	LummaStealer
2025-02-17 18:08:56	12b096048be2cca3f61e8fe031efa942faf8f4c31cbafe76953b744537275ace	exe	LummaStealer
2025-02-17 17:09:17	12b096048be2cca3f61e8fe031efa942faf8f4c31cbafe76953b744537275ace	exe	LummaStealer
2025-02-03 13:11:11	8bc4c1e92cfffe6d52dd7f5c65263e24dbc7bc470dbf631e782afd5e90ef5ee3	exe	LummaStealer
2025-02-03 11:18:11	8bc4c1e92cfffe6d52dd7f5c65263e24dbc7bc470dbf631e782afd5e90ef5ee3	exe	LummaStealer
2025-01-29 16:46:56	d4fb0e3c1d8a97e3b3baedabd704ef849e7fc96ac1c1b08801585ba4ee11fd29	exe	LummaStealer
2025-01-29 14:05:15	d4fb0e3c1d8a97e3b3baedabd704ef849e7fc96ac1c1b08801585ba4ee11fd29	exe	LummaStealer
2025-01-29 08:43:02	05d19250d7f78428660571d9f14755b27c1c94b68a7da1916a0909a9ca6c3bee	exe
2025-01-29 08:41:38	05d19250d7f78428660571d9f14755b27c1c94b68a7da1916a0909a9ca6c3bee	exe
2025-01-18 23:08:52	7902e87ab677a55e32d8d354a1b225c67c89c871cdd711771dc5399f57fd6aef	exe	LummaStealer
2025-01-18 23:06:56	7902e87ab677a55e32d8d354a1b225c67c89c871cdd711771dc5399f57fd6aef	exe	LummaStealer
2025-01-04 04:18:51	9c4afe3e68312e44bbaa3f122a251bb087f72d94adf8d432bdd8382087086c92	exe	LummaStealer
2025-01-04 01:21:42	9c4afe3e68312e44bbaa3f122a251bb087f72d94adf8d432bdd8382087086c92	exe	LummaStealer
2024-12-22 07:19:59	f2c2df5d625c6983881695ab53416c52aa574821e01074f607b6039e5d79e76f	exe	Vidar
2024-12-22 01:48:40	f2c2df5d625c6983881695ab53416c52aa574821e01074f607b6039e5d79e76f	exe	Vidar
2024-12-16 11:18:18	5746d38d3f64fd37ad4aa158d119eec1378e6298bd105323d5ffc791b9f5e88a	exe	Vidar
2024-12-15 16:19:59	5746d38d3f64fd37ad4aa158d119eec1378e6298bd105323d5ffc791b9f5e88a	exe	Vidar
2024-12-05 10:01:52	a3a6cde465591377afc5f656f72a00799398fd2541b60391bcb8f62b8f8cace3	exe	Vidar
2024-11-27 01:34:50	b33f25c28bf15a787d41472717270301071af4f10ec93fa064c96e1a33455c35	exe	Vidar
2024-11-19 00:37:39	98f1e9d201c49c501fdb01a3f325d301dde90facccf219db61a35bf99fa38952	exe	Vidar
2024-11-11 09:42:38	a2798b69026fb2332e89ddd9ba0ddb82b7d658231bf8e4edd2577e25b76a0395	exe	Vidar
2024-11-03 15:41:59	912320095089137ef3327b9a9682a87966308e44217ab77234e7bf5475496419	exe	Vidar
2024-11-01 15:19:09	18f5f368c18b9988c7d66abb169d54029cb6316910b109f3e3a4dbcc37a5b59c	exe	Vidar