URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	s0farem.com
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Status unknown
AdGuard :	Not blocked
Cloudflare :	Not blocked
ProtonDNS :	Status unknown
OpenBLD :	Not blocked
DNS4EU :	Blocked
Control D HaGeZi :	Not blocked
Firstseen:	2021-06-14 05:49:02 UTC
Total malware sites :	15
Online malware sites :	0 (0%)
Offline Malware sites :	15 (100%)
A record(s) observed :	4

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	SBL	ASN	Country	Active?
2022-05-27 22:21:01	91.195.240.12	Not listed	AS47846 SEDO-AS	DE	no
2021-11-18 01:17:41	137.184.175.60	Not listed	AS14061 DIGITALOCEAN-ASN	CA	no
2021-06-14 05:49:04	104.21.22.49	Not listed	AS13335 CLOUDFLARENET	n/a	no
2021-06-14 05:49:03	172.67.202.240	Not listed	AS13335 CLOUDFLARENET	n/a	no

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2021-06-28 11:39:19	http://s0farem.com/burna/jp/mIuTxoyt0BhUCyi.exe	Offline	exe	abuse_ch
2021-06-28 11:39:03	http://s0farem.com/burna/okk/v1tP4Y5x218SYjd.exe	Offline	exe	abuse_ch
2021-06-28 11:39:03	http://s0farem.com/burna/music/H7baPxjfQDNKn2j.exe	Offline	exe	abuse_ch
2021-06-21 09:05:03	http://s0farem.com/walkies/okkk/f7TYg3vsyMmsdwu...	Offline	exe	abuse_ch
2021-06-21 07:44:03	http://s0farem.com/walkies/djj/u8EbkGRl2dwPE1R.exe	Offline	exe	abuse_ch
2021-06-15 06:51:03	http://s0farem.com/drama/admin/HyDNHFLYUf6RF4V.exe	Offline	exe	abuse_ch
2021-06-15 06:51:03	http://s0farem.com/drama/okbb/a4jYOP9fDJgkWLR.exe	Offline	exe	abuse_ch
2021-06-14 08:25:06	http://s0farem.com/domes/pop/BmUm3hajWb4N4Ny.exe	Offline	AgentTesla exe	abuse_ch
2021-06-14 08:01:04	http://s0farem.com/domes/bob/Document.exe	Offline	32 AgentTesla exe	zbetcheckin
2021-06-14 07:59:03	http://s0farem.com/domes/oga/ppT1Au04pvs3DGW.exe	Offline	AgentTesla exe	abuse_ch
2021-06-14 07:57:04	http://s0farem.com/domes/dj/VBiFqWqZecMzIDS.exe	Offline	32 AgentTesla exe	zbetcheckin
2021-06-14 06:42:06	http://s0farem.com/domes/effi/aJvwwVAh4AtTH6G.exe	Offline	AgentTesla exe	abuse_ch
2021-06-14 06:42:03	http://s0farem.com/domes/fada/dvbXGgTWnakwjEf.exe	Offline	AgentTesla exe	abuse_ch
2021-06-14 06:41:04	http://s0farem.com/domes/effo/Xq9mkbe8bvD2Zny.exe	Offline	AgentTesla exe	abuse_ch
2021-06-14 05:49:04	http://s0farem.com/domes/okb/Uhe6FuHDf1UKNC2.exe	Offline	AgentTesla exe	abuse_ch

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Signature
2021-06-14 08:25:06	c86b96ac80c0bcd3fbf21303dea304a346bf50e6a6a096003e697bc9542c28d1	exe	AgentTesla
2021-06-14 08:01:04	9986013ec41e9df60a351748a1b3ccca171e50bf85b280b33b8b9b7c78c6e7e5	exe	AgentTesla
2021-06-14 07:59:03	fc458bbb05e20047b64283485e6dbb5ec32e0e10b01ad081d76f8f418a6f30d3	exe	AgentTesla
2021-06-14 07:57:03	1052875c57a9dac5930db4b7a769cdebc01fb2df98c5105454893ce570599962	exe	AgentTesla
2021-06-14 06:42:06	ad52889353d4df1aa9bbeebda2e18541a574a69cd4cb48b284ba62ccc21db7f6	exe	AgentTesla
2021-06-14 06:42:03	1d199617379a801e0dc4f1f88a601c465373c0add135424dac41825162f4aff1	exe	AgentTesla
2021-06-14 06:41:04	5a72b38c3ea9ca9b5a3e10a3c1c14e6ab3e26d6a1cc4afdf5e9c818175bb9ea5	exe	AgentTesla
2021-06-14 05:49:03	fc1db35bf753762e3b01a9852002988985e876250cd343a0348a765be4fd19fd	exe	AgentTesla