URLhaus Database
Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).
Database Entry
| Host: | srv99775454.ultasrv.com |
|---|---|
| Domain registrar: | Public Domain Registry  |
| Domain registration date: | 2022-03-29 21:31:01 UTC |
| Spamhaus DBL : | Phishing domain |
| SURBL : | Not blocked |
| Quad9 : | Status unknown |
| AdGuard : | Status unknown |
| Cloudflare : | Not blocked |
| ProtonDNS : | Status unknown |
| OpenBLD : | Not blocked |
| DNS4EU : | Not blocked |
| Control D HaGeZi : | Not blocked |
| Firstseen: | 2022-07-08 10:19:03 UTC |
| Total malware sites : | 5 |
| Online malware sites : | 0 (0%) |
| Offline Malware sites : | 5 (100%) |
| A record(s) observed : | 2 |
IP addresses
The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.
| Firstseen (UTC) | IP address | Hostname | SBL | ASN | Country | Active? |
|---|---|---|---|---|---|---|
| 2022-08-08 16:15:08 | 194.195.211.26 | 194-195-211-26.ip.linodeusercontent.com | Not listed | AS63949 AKAMAI-LINODE-AP |  US | no |
| 2022-07-08 10:20:07 | 174.139.150.149 | 174.139.150.149.static.krypt.com | Not listed | AS35908 VPLSNET | US | no |
Malware URLs
The table below shows all malware URLs that are associated with this particular host.
| Dateadded (UTC) | URL | Status | Tags | Reporter |
|---|---|---|---|---|
| 2022-07-08 11:47:05 | https://srv99775454.ultasrv.com/JxRQX.exe | Offline | 32 exe Formbook  |  zbetcheckin |
| 2022-07-08 11:47:05 | https://srv99775454.ultasrv.com/iEBAZ.exe | Offline | 32 exe SnakeKeylogger | zbetcheckin |
| 2022-07-08 11:46:05 | https://srv99775454.ultasrv.com/qWDXb.exe | Offline | 32 AveMariaRAT exe | zbetcheckin |
| 2022-07-08 11:46:05 | https://srv99775454.ultasrv.com/CoXqD.exe | Offline | 32 exe RedLineStealer | zbetcheckin |
| 2022-07-08 10:20:07 | https://srv99775454.ultasrv.com/DoFPS.exe | Offline | exe NanoCore | vxvault |
The table below shows recent payloads delivery by this host.
| Firstseen (UTC) | SHA256 hash | File type | Bazaar | Signature |
|---|---|---|---|---|
| 2022-07-08 18:54:22 | 0d14289e2847a741d79dfd875f6c2d256c83b520ba37369f4bb7f81e4b208dbe | exe | ||
| 2022-07-08 18:15:45 | 0d14289e2847a741d79dfd875f6c2d256c83b520ba37369f4bb7f81e4b208dbe | exe | ||
| 2022-07-08 11:47:05 | c086dd58868f8221fe17857e11ffc8ebf1c4a1674ada24a3bc97448af54f9454 | exe | Formbook | |
| 2022-07-08 11:47:05 | 62571913b75605bf3ebd0b6958f6866aab99123fdc974d3488bf2a34ca2361f8 | exe | SnakeKeylogger | |
| 2022-07-08 11:46:05 | df17ddbb17aca701b0b9e7fee6a5ef94e0e952d72f984f70c04240b90acfff27 | exe | AveMariaRAT | |
| 2022-07-08 11:46:05 | 64a5a4761925b4dec9b39582dd8306b0a33791fd4847e1e251fc412f4ec31e5d | exe | RedLineStealer | |
| 2022-07-08 10:20:06 | 97d257d5265e902c2be8ec77fcd4884983ea6a082457c0e64b291152fc6507ab | exe | NanoCore |