URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	microsoft-telemetry.cc
Domain registrar:	NICENIC
Domain registration date:	2025-08-16 14:15:43 UTC
Abuse complaint sent to registrar:	Yes (2025-08-22 10:51:02 UTC to support{at}nicenic[dot]net)
Domain registry:	VeriSign Global Registry Services
Abuse complaint sent to registry:	Yes (2025-08-22 10:51:02 UTC to info{at}verisign-grs[dot]com)
Spamhaus DBL :	Malware domain
SURBL :	Blocked
Quad9 :	Blocked
AdGuard :	Blocked
Cloudflare :	Blocked
ProtonDNS :	Blocked
OpenBLD :	Blocked
DNS4EU :	Blocked
Control D HaGeZi :	Not blocked
Firstseen:	2025-08-22 10:46:06 UTC
Total malware sites :	12
Online malware sites :	5 (42%)
Offline Malware sites :	7 (58%)
Newest active malware site :	2025-08-22 10:46:19 UTC
Oldest active malware site :	2025-08-22 10:46:07 UTC (Age: 3 months, 7 days, 2 hours, 55 minutes)
A record(s) observed :	2

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2025-09-07 14:25:31	23.94.252.8	23-94-252-8-host.colocrossing.com	Not listed	AS207043 DEDIK-IO	US	yes
2025-08-22 10:46:07	5.252.153.134		Not listed	AS215826 Partner-Hosting-LTD	PA	no

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2025-09-12 05:32:22	http://microsoft-telemetry.cc/iddr/lool.exe	Offline	Amadey exe	abuse_ch
2025-09-08 09:49:10	http://microsoft-telemetry.cc/iddr/ttt.exe	Offline	c2-monitor-auto dropped-by-amadey	c2hunter
2025-09-08 06:38:07	http://microsoft-telemetry.cc/iddr/123.exe	Offline	c2-monitor-auto dropped-by-amadey	c2hunter
2025-09-01 05:33:15	http://microsoft-telemetry.cc/iddr/scanner2.exe	Offline	c2-monitor-auto dropped-by-amadey	c2hunter
2025-09-01 05:33:13	http://microsoft-telemetry.cc/iddr/scanner.exe	Offline	c2-monitor-auto dropped-by-amadey	c2hunter
2025-08-30 13:33:09	http://microsoft-telemetry.cc/iddr/drv.exe	Offline	c2-monitor-auto dropped-by-amadey	c2hunter
2025-08-28 10:55:08	http://microsoft-telemetry.cc/iddr/lool1.exe	Offline	c2-monitor-auto dropped-by-amadey	c2hunter
2025-08-22 10:46:19	http://microsoft-telemetry.cc/cvdfnaFJBmC0/Plug...	Online	Amadey ua-wget	BlinkzSec
2025-08-22 10:46:18	http://microsoft-telemetry.cc/cvdfnaFJBmC0/Plug...	Online	Amadey ua-wget	BlinkzSec
2025-08-22 10:46:13	http://microsoft-telemetry.cc/cvdfnaFJBmC0/Plug...	Online	Amadey ua-wget	BlinkzSec
2025-08-22 10:46:11	http://microsoft-telemetry.cc/cvdfnaFJBmC0/Plug...	Online	Amadey ua-wget	BlinkzSec
2025-08-22 10:46:07	http://microsoft-telemetry.cc/cvdfnaFJBmC0/Plug...	Online	tinynuke ua-wget	BlinkzSec

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2025-09-12 05:32:22	5453acf964552200893bd02b4afef111f87ac65f14feefe843a39f3d6042b9df	exe		Amadey
2025-09-01 05:33:15	ee1f763ce1803bb77fb67a74ef5218f388fea470a7118d6f838909b22be250d2	exe
2025-09-01 05:33:13	ee1f763ce1803bb77fb67a74ef5218f388fea470a7118d6f838909b22be250d2	exe
2025-08-30 13:33:09	1caffc3466efd258faaadd01ba1b6ced2e1eba1cab7aa61ab555144b42ad9b89	exe
2025-08-28 10:55:08	ef69941b32be75da6500aa8a2c210bbc0470947c720a526f926f6a2c77141711	exe
2025-08-22 10:46:19	ea18d814d13302d8355afeb094508b68d4f5b954d5818917a8e3886575a97f73	dll		Amadey
2025-08-22 10:46:18	cb8d0e97fee8353f1e8c57a3fc783fd24ec6d423563dd36d55ba1535eeecaa4c	dll		Amadey
2025-08-22 10:46:12	ac69ae5cfb38a3bbf2fa277cb30ec72efd97829d17899ec8752e2fe28436ee8d	dll		Amadey
2025-08-22 10:46:11	cb8d0e97fee8353f1e8c57a3fc783fd24ec6d423563dd36d55ba1535eeecaa4c	dll		Amadey
2025-08-22 10:46:07	4d2af9283f59dd98dc1852a5213d5092dd832c3e797c7ee57908fa9ff122983d	exe		TinyNuke