URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	oreokitkat.ddns.net
Domain registrar:	Network Solutions
Domain registration date:	2001-06-28 16:04:59 UTC
Abuse complaint sent?:	Yes (2022-01-08 09:23:48 UTC to kbussche{at}noip[dot]com)
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Not blocked
AdGuard :	Not blocked
Cloudflare :	Not blocked
ProtonDNS :	Not blocked
OpenBLD :	Not blocked
DNS4EU :	Blocked
Control D HaGeZi :	Not blocked
Firstseen:	2021-12-18 22:04:03 UTC
Total malware sites :	11
Online malware sites :	0 (0%)
Offline Malware sites :	11 (100%)
A record(s) observed :	67

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2022-05-12 14:20:56	194.109.64.131		Not listed	AS3265 XS4ALL-NL	NL	yes
2022-05-10 11:06:23	82.159.146.209	82.159.146.209.static.user.ono.com	Not listed	AS6739 ONO-AS	ES	no
2022-04-28 04:53:52	89.140.164.80	89.140.164.80.static.user.ono.com	Not listed	AS6739 ONO-AS	ES	no
2022-05-09 16:11:51	31.4.242.197	31-4-242-197.red-acceso.airtel.net	Not listed	AS12430 VODAFONE_ES	ES	no
2022-03-29 15:33:09	77.211.5.111		Not listed	AS12430 VODAFONE_ES	ES	no
2022-04-28 13:33:40	31.4.242.136	31-4-242-136.red-acceso.airtel.net	Not listed	AS12430 VODAFONE_ES	ES	no
2022-04-27 21:24:44	77.211.5.128		Not listed	AS12430 VODAFONE_ES	ES	no
2022-04-12 02:58:59	77.231.103.213	din-213-103-231-77.ipcom.comunitel.net	Not listed	AS12430 VODAFONE_ES	ES	no
2022-04-23 17:24:41	77.211.5.115		Not listed	AS12430 VODAFONE_ES	ES	no
2022-04-18 15:02:58	31.4.242.158	31-4-242-158.red-acceso.airtel.net	Not listed	AS12430 VODAFONE_ES	ES	no

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2022-05-10 19:22:11	http://oreokitkat.ddns.net/downloader/ffmpeg.exe	Offline		malware_traffic
2022-05-10 19:19:58	http://oreokitkat.ddns.net/downloader/teamviewe...	Offline		malware_traffic
2022-05-10 19:15:33	http://oreokitkat.ddns.net/downloader/nbminer.exe	Offline		malware_traffic
2022-05-10 19:13:27	http://oreokitkat.ddns.net/downloader/winscp.exe	Offline		malware_traffic
2022-05-10 19:13:13	http://oreokitkat.ddns.net/downloader/rundll32.exe	Offline	IRCbot	malware_traffic
2022-05-10 19:13:07	http://oreokitkat.ddns.net/downloader/winscp.com	Offline		malware_traffic
2022-05-10 19:13:04	http://oreokitkat.ddns.net/downloader/payload.exe	Offline	meterpreter	malware_traffic
2022-05-10 19:11:12	http://oreokitkat.ddns.net/downloader/ctfmon.exe	Offline	IRCbot	malware_traffic
2021-12-18 22:04:18	http://oreokitkat.ddns.net/downloader/armsvc.exe	Offline	32 exe IRCbot	zbetcheckin
2021-12-18 22:04:04	http://oreokitkat.ddns.net/downloader/shell.exe	Offline	32 exe meterpreter	zbetcheckin
2021-12-18 22:04:04	http://oreokitkat.ddns.net/downloader/svchost.exe	Offline	32 exe IRCbot	zbetcheckin

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2022-05-10 19:22:11	99c472b2aea474e24158a1584df42a84438124dde296fb47273212e1120e837d	exe
2022-05-10 19:19:58	c48951b35273537b9124074ab6faad7a563274c34c4f95a8570e9c7d2cc6ab9e	exe
2022-05-10 19:15:33	b09fbd734be48315ad511ec3135359372fb0e1db51c72d9e283dc5e351610105	exe
2022-05-10 19:13:27	f3f7a57182bfd0dde07781481cc033744094190ee6bc03bf368d083e95f1d54b	exe
2022-05-10 19:13:13	2b623113a19e5b3a2ff2b3e011d85a90e470c89d32146ddc02edaba6cac39664	exe		IRCbot
2022-05-10 19:13:07	f32611ce3a28fda2932bbdd856a0604866b9f3dbbc21407cb846baeb4684dd2f	exe
2022-05-10 19:13:04	d86e5cca64b7e8c2fa8f91a669c30273757e279d5979512877cc1c159fb79dbd	exe		Meterpreter
2022-05-10 19:11:12	37f56a1847512224f028ee68d9a2b6cb45684e14e1646800a9ddb1e779899dd4	exe		IRCbot
2022-05-10 01:43:35	4a0edec444b95ea38bb912f1f7fd277ddf0fd7612675eff98071d554273af95d	exe		IRCbot
2022-05-10 01:10:26	79facf3cb9e03e77eaa7950e22d589fea3bf4c4a98b04527bfcaa8bda5edb1ed	exe		IRCbot
2022-05-09 23:46:50	15770811a577cda745bb7135ef693fd49ff94f6b44c4783d08c20b8975882dc6	exe		IRCbot
2022-05-09 23:26:14	6d5c7a10871e1af4a01fa404f8812938ac49edea14c07c0ef5ce56323e38b951	exe		IRCbot
2022-05-09 19:26:18	c5c9c20c1b3bfcd31ec2d363dbf9ec27aea963c41a200cdf519e94f715cffb33	exe		IRCbot
2022-05-01 12:57:10	85543698ae27ded528869d575d9df25cda27b2edec65b71a4413259771b3953d	exe		IRCbot
2022-04-21 21:15:11	c4c36906b7d539394b8f99635221cad623b17c5b2687d651f116b92fc86551b3	exe		IRCbot
2022-02-22 16:55:50	e7771858fb6b3c616b65c1daaf2b82aa74532b5a0888908d5342d8fe7e071403	exe		IRCbot
2022-02-08 18:20:12	b56defac42f0f7962a918c92385bd6784b626527c1e83a48181f201e2dfdf95f	exe		IRCbot
2022-02-04 11:20:17	0b53961aa6ed3c43563fb14ef9855bc73bd1ced50eacf4fcdce041fba022cb7b	exe		IRCbot
2022-02-04 07:26:56	799679c3936225db0d27ec0acad41830100119ec9d682cef272111523b2f2468	exe		IRCbot
2022-02-04 07:25:18	8654034bbded9aa7834843b85d643580fa599d008df66498e72beb17b21674df	exe		IRCbot
2022-01-29 21:28:12	535281aef4c2fbe82870d49b6b647ed7cee02d7b8a28560c6ee0549fcd3831ed	exe		IRCbot
2022-01-29 17:45:37	edbf51d69b38958bbfaef71bf0037907d824b24e18efd5e25735362c0dd6bdc0	exe		IRCbot
2022-01-18 23:55:50	8ac0685390c1020d969da93e59ec88af9e57f61ed295385855906d39de630645	exe		IRCbot
2022-01-18 23:37:30	2d6bee9e6b07812859de7b7bee385c725d7b1e394270229bfe4b4fe1245e4497	exe		IRCbot
2021-12-18 22:04:18	0bd5383c6c2ab4787567b4baa511640b3ee7f0da25e90055285959d398348992	exe		IRCbot
2021-12-18 22:04:04	efb57de388772c948de0d8ae04db4325caeefa010c68c81563807d9a8e870b5a	exe		Meterpreter
2021-12-18 22:04:04	0db6c2a5f841c34c9ae8974c40c6f9509276ac21367072d3b2f944bf9a21cb36	exe		IRCbot