URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	russk21.icu
Domain registrar:	Namecheap
Domain registration date:	2022-02-15 17:26:49 UTC
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Not blocked
AdGuard :	Not blocked
Cloudflare :	Blocked
ProtonDNS :	Blocked
OpenBLD :	Not blocked
DNS4EU :	Blocked
Control D HaGeZi :	Not blocked
Firstseen:	2022-05-20 12:29:03 UTC
Total malware sites :	8
Online malware sites :	0 (0%)
Offline Malware sites :	8 (100%)
A record(s) observed :	8

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2025-09-20 06:25:20	3.222.192.211	ec2-3-222-192-211.compute-1.amazonaws.com	Not listed	AS16509 AMAZON-02	US	yes
2022-07-01 21:28:25	194.195.116.114	194-195-116-114.ip.linodeusercontent.com	Not listed	AS63949 AKAMAI-LINODE-AP	IN	no
2022-06-30 18:20:54	45.86.86.142	port3.mix	Not listed	AS200019 AlexHost	MD	no
2022-05-31 23:48:54	45.147.231.107		SBL517021	AS30823 AUROLOGIC	DE	no
2022-05-22 10:37:11	64.44.102.207	207-102-44-64.reverse-dns	Not listed	AS20278 NEXEON	US	no
2022-05-20 12:29:05	172.93.179.212	212-179-93-172.reverse-dns	Not listed	AS20278 NEXEON	US	no

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2022-07-19 16:59:04	http://russk21.icu/mailo/netinfo.exe	Offline	32 exe XFilesStealer	zbetcheckin
2022-07-19 15:04:11	http://russk21.icu/ex2.exe	Offline	exe	abuse_ch
2022-06-06 06:12:04	http://russk21.icu/AScan.exe	Offline	32 exe XFilesStealer	zbetcheckin
2022-06-06 06:02:06	http://russk21.icu/ex.exe	Offline	32 exe	zbetcheckin
2022-05-20 12:34:03	http://russk21.icu/mailo/socks.exe	Offline	ee SystemBC	abuse_ch
2022-05-20 12:29:05	http://russk21.icu/autosqli.exe	Offline	exe	abuse_ch
2022-05-20 12:29:05	http://russk21.icu/mailo/ex.exe	Offline	exe	abuse_ch
2022-05-20 12:29:05	http://russk21.icu/mailo/pass.exe	Offline	ee	abuse_ch

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2022-07-19 21:22:55	761a54ace7ed14821e9aedb827914de33f6c5247c15c908060089eaaad0d3144	exe
2022-07-19 16:59:04	deccabcc57c6a41b9e2e1f3f97b9425831304f69387299adf1405350d2f5d110	exe		XFilesStealer
2022-07-19 15:04:11	ff02cd57ce67f7363cb67aee7fefd1d4e11e6f12399072b158e1f575e4b52846	exe
2022-07-15 18:56:09	536790762a26ed9103e1f647186467f9a6a742102674f62585a2735d64bfc50e	exe
2022-07-07 21:41:59	85eb988ee7a039621da5bf44432b9c472836092fabb94e675b32890bf9c06d4e	exe		XFilesStealer
2022-06-28 02:28:32	1f68e889d3c4c7f8049bad4abd042fcd05e84ac96bf23d86e2e95aa8fe346593	exe
2022-06-18 03:21:30	b24bcecff3bf317920baac78f94c18dd3452a9f40eabf3ea57493365653b2dbe	exe
2022-06-18 01:37:39	bbd14055793976d6fbc8792739ae3725b80df2536a88efdbbbdf3813a2ba972a	exe
2022-06-17 21:55:33	3082581dfca1f8d01b1ad4bdad74c12893ca9baeecb915d4ba70d14caf81c27c	exe
2022-06-17 06:19:45	6c4a14186bd50f8935687f60a2bfac4c6512a26f6766923ef1d816a59c1d020a	exe
2022-06-16 09:18:04	9c96bad250333fd0da7c708bf36dc1d9bb93fcdf418325bf5cf7299aeb9bcb2e	exe
2022-06-15 08:27:25	2c5f9bc36f81b076c3db6aaff6feeb1fa969d31c701e1ae6365e18ae014f453c	exe
2022-06-10 19:28:44	da9d5faed8995eac06f760ad0dd37498721e1bc89a1121ee31914da657dc9501	exe
2022-06-10 06:56:07	97816e9d1588aa0d55ca3a7de289c54a813ee9c2dfc01d7f14431697f5b4101d	exe
2022-06-06 06:12:04	d49cb57411da2fedea6b7e89b083282afa86342d97e9b31aa5ec58e6f9f01618	exe
2022-06-06 06:02:06	3da7dccc0e92c7324dea07df10ba938dd21f4436e9b8dd20488517b5eff67676	exe
2022-06-05 09:02:15	880122544a0eac1adb8fde0bab910123d4399631b8a0ad78d8cf78e088980547	exe
2022-06-05 06:49:41	8b3ae2c1e6349c4bc29e61aef103f540fc18b76495ee0328c85efb8ddf5bfd62	exe
2022-06-04 08:34:29	75d8d919c47b24b3fdd61006b3bc546af3cfbafe618ebd2f8848aec289b5c7a7	exe
2022-06-04 07:49:27	a084c540c0f847784592d7834f600299bb48c7ecaf948bf4f7897bcab8ead657	exe
2022-06-03 10:43:26	1acba777a2fc67f53f56ddead631b9dd23bab2cbcca1c991b2553f413dc9eb42	exe
2022-06-03 10:10:17	5b8ec10e01e2a4ac5d5e86454b176f78081f3f2717d8ae0a7d757b851a4d2613	exe
2022-05-26 11:48:00	2c24172c94ed3259430d2bbb2c3eaaf866e08274ec484782e79990e085a7966b	exe
2022-05-23 10:08:25	aafef6393a6a8acb281c4773ec22ef6ac3f348ddf49eabfa6adf8da29f6c5211	exe
2022-05-20 12:34:03	0e56c159b8c4fe60ee4a9d9bac1118c9467965086d1de239e1b27ecbbe540182	exe		SystemBC
2022-05-20 12:29:05	ff82f652f0c3454ead15a3d2e0b550353ffd2c5839f0ba4fc3095a8209798d69	exe
2022-05-20 12:29:05	b718e33a2ca58e4da31bbab3e6fa086aee66040b863da973f0c55070ee22921a	exe
2022-05-20 12:29:04	0b848654c8ea5a8d75b4c881c84df31cf856fa212c032452e74ccc906b9367e1	exe