URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2019-09-11 13:46:48	120.133.239.160		Not listed	AS4811 CHINANET-SHANGHAI-MAN	CN	yes
2019-01-24 19:09:04	101.132.113.16		Not listed	AS37963 ALIBABA-CN-NET	CN	no

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2019-01-25 00:48:06	http://shly.fsygroup.com/wp-admin/css/sserv.jpg	Offline	exe	zbetcheckin
2019-01-25 00:45:21	http://shly.fsygroup.com/flvplayer/sserv.jpg	Offline	exe Troldesh	zbetcheckin
2019-01-25 00:45:10	http://shly.fsygroup.com/aspnet_client/system_w...	Offline	exe Troldesh	zbetcheckin
2019-01-25 00:24:08	http://shly.fsygroup.com/wp-content/themes/whit...	Offline	exe Troldesh	zbetcheckin
2019-01-25 00:18:09	http://shly.fsygroup.com/mysql_backup/sserv.jpg	Offline	exe Troldesh	zbetcheckin
2019-01-25 00:18:05	http://shly.fsygroup.com/wp-content/themes/whit...	Offline	exe	zbetcheckin
2019-01-24 23:56:10	http://shly.fsygroup.com/mobile/config/sserv.jpg	Offline	exe Troldesh	zbetcheckin
2019-01-24 23:41:12	http://shly.fsygroup.com/wp-content/themes/whit...	Offline	exe	zbetcheckin
2019-01-24 23:37:22	http://shly.fsygroup.com/wp-content/languages/t...	Offline	exe	zbetcheckin
2019-01-24 23:21:11	http://shly.fsygroup.com/aspnet_client/system_w...	Offline	exe Troldesh	zbetcheckin
2019-01-24 23:12:10	http://shly.fsygroup.com/wp-content/languages/t...	Offline	exe	zbetcheckin
2019-01-24 19:12:07	http://shly.fsygroup.com/wp-admin/css/mxr.pdf	Offline	Troldesh	lovemalware
2019-01-24 19:09:40	http://shly.fsygroup.com/aspnet_client/system_w...	Offline	Troldesh	lovemalware
2019-01-24 19:09:04	http://shly.fsygroup.com/wp-admin/css/ssj.jpg	Offline	Troldesh	lovemalware

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2019-02-28 14:37:17	77977d0faba8fee497284611c6756812d12a4f3e3c9dd0ce9118d03f5ebbee1c	exe
2019-01-25 00:48:06	f6c3a6ed241e86647c3532bf92594fc3828d0c1be2f50fa97f668d31318eabaf	exe
2019-01-25 00:45:20	7701170304fdd48b184aac032391ae3a1f880be6160812d0089049834b3ec828	exe		Ransomware.Troldesh
2019-01-25 00:24:08	f140cab283c35c92dc74db53b6d9964706538554d4151a637a406b093746692b	exe		Ransomware.Troldesh
2019-01-25 00:18:09	50119da56e84ae4baa207a9391a0143fe5aa66c212aeba08e2d6d864af0a0d83	exe		Ransomware.Troldesh
2019-01-25 00:18:05	53e3bb561c54df00565fba06ddf477f9980e734e543c85103d8c073cb13a5107	exe
2019-01-24 23:56:09	50119da56e84ae4baa207a9391a0143fe5aa66c212aeba08e2d6d864af0a0d83	exe		Ransomware.Troldesh
2019-01-24 23:41:12	4748eb93e8bf41f68800bca52f31b31e8f67f186ff9d2f7e7ab01b5a9f298059	exe
2019-01-24 23:37:22	414bb1af4fbb618c4889d69144c7f66591c6e5294d0ab3b7ea8b774946977cf2	exe
2019-01-24 23:21:11	9fd59ba40c26b3161642d5ebb85796b4262e5d5aa5d1e5eceb919b52a8f9b00e	exe		Ransomware.Troldesh
2019-01-24 23:12:10	414bb1af4fbb618c4889d69144c7f66591c6e5294d0ab3b7ea8b774946977cf2	exe
2019-01-24 19:12:07	952b440c75edb45c524fd6ddda4395563caf80a0949ee445f2a089c520087ff0	exe		Ransomware.Troldesh
2019-01-24 19:09:40	c0c4b90379ef98aa9a6d4f62106a17e4492ef7bfbe4446270f11c713c2b76da9	exe		Ransomware.Shade
2019-01-24 19:09:03	fb142143b7efdbb03e23a1c366208ffa4cba9131e674fb196e6611f7f76f7c8e	exe		Ransomware.Troldesh