URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	oboigroup.ru
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Status unknown
AdGuard :	Not blocked
Cloudflare :	Not blocked
ProtonDNS :	Status unknown
OpenBLD :	Blocked
DNS4EU :	Not blocked
Control D HaGeZi :	Not blocked
Firstseen:	2018-06-06 20:24:01 UTC
Total malware sites :	3
Online malware sites :	0 (0%)
Offline Malware sites :	3 (100%)
A record(s) observed :	12

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2019-11-09 06:43:42	151.248.114.50	151-248-114-50.cloudvps.regruhosting.ru	Not listed	AS197695 AS-REGRU	RU	no
2019-10-08 04:44:04	185.20.224.141	185-20-224-141.cloudvps.regruhosting.ru	Not listed	AS197695 AS-REGRU	RU	no
2019-09-11 05:54:19	213.80.238.119	pppoe-213-80-238-119-fix-srv.retail.ttk.ru	Not listed	AS15974 VTT-AS	RU	no
2019-08-21 14:36:07	5.63.158.219	5-63-158-219.cloudvps.regruhosting.ru	Not listed	AS197695 AS-REGRU	GB	no
2019-07-04 04:58:17	31.31.192.103	31-31-192-103.cloudvps.regruhosting.ru	Not listed	AS197695 AS-REGRU	RU	no
2019-04-10 12:07:48	80.78.255.9	80-78-255-9.cloudvps.regruhosting.ru	Not listed	AS197695 AS-REGRU	RU	no
2019-05-28 05:30:34	194.58.56.103		Not listed	AS57043 HOSTKEY-AS	CZ	no
2019-03-19 14:14:59	31.148.99.35		Not listed	AS212913 TIMEHOST-AS	UA	no
2019-01-13 01:49:55	80.78.255.80	80-78-255-80.cloudvps.regruhosting.ru	Not listed	AS197695 AS-REGRU	RU	no
2018-12-08 17:22:38	185.212.148.103	vm2444549.firstbyte.club	Not listed	AS204997 FIRSTBYTE-AS	RU	no

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2018-06-13 22:52:04	http://oboigroup.ru/IRS-Accounts-Transcipts-Jun...	Offline	doc emotet epoch1 heodo	Cryptolaemus1
2018-06-13 10:57:04	http://oboigroup.ru/IRS-Accounts-Transcipts-062...	Offline	doc emotet epoch2 heodo	Cryptolaemus1
2018-06-06 20:24:03	http://oboigroup.ru/Rech-06-Juni/	Offline	doc emotet heodo	Cryptolaemus1

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2018-06-16 06:44:47	e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855	unknown