URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	srv43923540.ultasrv.com
Domain registrar:	Public Domain Registry
Domain registration date:	2022-03-29 21:31:01 UTC
Spamhaus DBL :	Phishing domain
SURBL :	Not blocked
Quad9 :	Status unknown
AdGuard :	Status unknown
Cloudflare :	Not blocked
ProtonDNS :	Status unknown
OpenBLD :	Not blocked
DNS4EU :	Not blocked
Control D HaGeZi :	Not blocked
Firstseen:	2022-07-11 08:11:03 UTC
Total malware sites :	22
Online malware sites :	0 (0%)
Offline Malware sites :	22 (100%)
A record(s) observed :	2

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2022-08-08 14:30:09	194.195.211.26	194-195-211-26.ip.linodeusercontent.com	Not listed	AS63949 AKAMAI-LINODE-AP	US	no
2022-07-11 08:11:04	79.133.56.159		Not listed	AS214036 ULTAHOST-AS	DE	no

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2022-07-12 08:28:04	http://srv43923540.ultasrv.com/bZSQH.exe	Offline	AgentTesla exe	abuse_ch
2022-07-12 06:57:04	http://srv43923540.ultasrv.com/EmMGF.exe	Offline	32 a310Logger exe	zbetcheckin
2022-07-12 02:16:04	http://srv43923540.ultasrv.com/tELGR.exe	Offline	32 AsyncRAT exe	zbetcheckin
2022-07-12 02:16:04	http://srv43923540.ultasrv.com/RwXaE.exe	Offline	32 AveMariaRAT exe	zbetcheckin
2022-07-12 02:15:05	http://srv43923540.ultasrv.com/HgNcZ.exe	Offline	32 exe RemcosRAT	zbetcheckin
2022-07-12 02:01:04	http://srv43923540.ultasrv.com/zECRo.exe	Offline	32 BluStealer exe	zbetcheckin
2022-07-11 20:11:04	http://srv43923540.ultasrv.com/yTQCE.exe	Offline	32 exe	zbetcheckin
2022-07-11 19:38:04	http://srv43923540.ultasrv.com/JmQgT.exe	Offline	32 AsyncRAT exe	zbetcheckin
2022-07-11 14:28:04	http://srv43923540.ultasrv.com/ArCQG.exe	Offline	32 AveMariaRAT exe	zbetcheckin
2022-07-11 14:27:03	http://srv43923540.ultasrv.com/gRMQK.exe	Offline	exe SnakeKeylogger	abuse_ch
2022-07-11 14:26:04	http://srv43923540.ultasrv.com/EjFML.exe	Offline	exe MassLogger	abuse_ch
2022-07-11 14:05:05	http://srv43923540.ultasrv.com/bFPTx.exe	Offline	32 exe QuasarRAT	zbetcheckin
2022-07-11 13:53:05	http://srv43923540.ultasrv.com/CjNaT.exe	Offline	32 AZORult exe	zbetcheckin
2022-07-11 13:53:05	http://srv43923540.ultasrv.com/bFCRH.exe	Offline	32 exe Formbook	zbetcheckin
2022-07-11 11:28:03	http://srv43923540.ultasrv.com/gSGYs.exe	Offline	exe SnakeKeylogger	vxvault
2022-07-11 09:12:04	http://srv43923540.ultasrv.com/ZzYaQ.exe	Offline	32 exe NanoCore RedLineStealer	zbetcheckin
2022-07-11 09:12:04	http://srv43923540.ultasrv.com/SoCJQ.exe	Offline	32 exe Formbook	zbetcheckin
2022-07-11 09:12:04	http://srv43923540.ultasrv.com/sSEDt.exe	Offline	32 AsyncRAT exe	zbetcheckin
2022-07-11 08:20:05	http://srv43923540.ultasrv.com/JxRQX.exe	Offline	AsyncRAT exe	abuse_ch
2022-07-11 08:14:04	http://srv43923540.ultasrv.com/oFNTE.exe	Offline	a310Logger exe	abuse_ch
2022-07-11 08:13:14	http://srv43923540.ultasrv.com/cFRPD.exe	Offline	exe RedLineStealer	abuse_ch
2022-07-11 08:11:04	http://srv43923540.ultasrv.com/BcJRF.exe	Offline	AveMariaRAT exe SnakeKeylogger	abuse_ch

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Signature
2022-07-12 08:28:04	9051b379d7ee2fb0ade18042ddf9d779523991df4a3bd3ddbf7ddcf35b7555c0	exe	AgentTesla
2022-07-12 06:57:04	658142bdeec19fb3ff0556a38a592458b7f005f69d11a39c34d67fd9efe6222c	exe	a310Logger
2022-07-12 02:16:04	228bebac2f9018b5ad2cfce26ee6360488f42011469ba1ced90830eb5e01c3e5	exe	AsyncRAT
2022-07-12 02:16:04	c94f8f04a2c0697a50e52b396b411491a88f1b0ba5bbd07f36fcf07f3a4daf7e	exe	AveMariaRAT
2022-07-12 02:15:05	bfba4ae9711fe2e18e5906f66c4bffee48b14ef5a6e522fa874b373a9be2d834	exe	RemcosRAT
2022-07-12 02:01:04	9b83c1efc74833172375826612ca54ccf601b3b2bf24dab96b63da8a41dfbeb8	exe	BluStealer
2022-07-12 00:48:38	c94f8f04a2c0697a50e52b396b411491a88f1b0ba5bbd07f36fcf07f3a4daf7e	exe	AveMariaRAT
2022-07-11 20:11:04	a8765a153ef00386ec1c44fd75367f2ac7da5e360fee0d21ec4156e3673cec09	exe
2022-07-11 19:38:04	9f340084a105595091444c4fe491dcb4cee297c296812165dcbe4f23579fff1a	exe	AsyncRAT
2022-07-11 15:43:45	5853f53461d961ec48b75c4a0a24c6de33bcc4e3fb8a3bd390492810290fcfc8	exe	QuasarRAT
2022-07-11 14:55:28	74e00831d912f1480b7ded456de61560adab920f54d88cbe6f9f061f52e72336	exe	NanoCore
2022-07-11 14:28:04	0c78222c8ba928915a4daa3332b2bf6129e243676c9de511332e95caa14c573d	exe	AveMariaRAT
2022-07-11 14:27:03	62571913b75605bf3ebd0b6958f6866aab99123fdc974d3488bf2a34ca2361f8	exe	SnakeKeylogger
2022-07-11 14:26:04	ccde07037915b9b7f5e4ffa10d4cc1d2d8473284fce212d673c44e9fc79e6171	exe	MassLogger
2022-07-11 14:05:04	7b3eadf17f45d36e0b790b6a18cc115df9e6419b2dd5703f5e2dced29e9095ad	exe
2022-07-11 13:53:05	cd3930292301311b4a3893cad7875fbb9841cb7a903fbd9a2ca8b560e4e8a810	exe	AZORult
2022-07-11 13:53:04	ed7cffa33cba2ae44d44f61137d598743a1e9a3c20a66d5a77381e39846ad3be	exe	Formbook
2022-07-11 11:28:03	bceecd93ab69c547f69531c9e81c8d7aa08885096a9e40b80c575b378bf0bcbb	exe	SnakeKeylogger
2022-07-11 09:12:04	2139f03c25f75f5cd494f3b74cd3a9f5b8eefc26b4982ff95d7602c5b608c2ee	exe	RedLineStealer
2022-07-11 09:12:04	ed7cffa33cba2ae44d44f61137d598743a1e9a3c20a66d5a77381e39846ad3be	exe	Formbook
2022-07-11 09:12:04	104ce6238e3110804de201906d968f3b95fd6e8bc6018002764eda7e60c57fd4	exe	AsyncRAT
2022-07-11 08:20:05	104ce6238e3110804de201906d968f3b95fd6e8bc6018002764eda7e60c57fd4	exe	AsyncRAT
2022-07-11 08:14:04	658142bdeec19fb3ff0556a38a592458b7f005f69d11a39c34d67fd9efe6222c	exe	a310Logger
2022-07-11 08:13:14	e9d0051a518d260fa503b82b6d4be8535a0bad93f2e69b2b75a6f78e44a7eb82	exe	RedLineStealer
2022-07-11 08:11:03	62571913b75605bf3ebd0b6958f6866aab99123fdc974d3488bf2a34ca2361f8	exe	SnakeKeylogger