URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2021-04-29 07:18:06	159.89.238.15		Not listed	AS14061 DIGITALOCEAN-ASN	US	yes

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2021-04-29 07:45:07	http://varifsecuripass.duckdns.org/7.exe	Offline	exe njRAT	zbetcheckin
2021-04-29 07:41:05	http://varifsecuripass.duckdns.org/NewBSPlink%2...	Offline	doc	zbetcheckin
2021-04-29 07:41:04	http://varifsecuripass.duckdns.org/a.exe	Offline	exe njRAT	zbetcheckin
2021-04-29 07:37:05	http://varifsecuripass.duckdns.org/Nv.exe	Offline	exe njRAT	zbetcheckin
2021-04-29 07:28:04	http://varifsecuripass.duckdns.org/Access%20BSP...	Offline	doc	zbetcheckin
2021-04-29 07:18:06	http://varifsecuripass.duckdns.org/1.exe	Offline	exe LuminosityLink	zbetcheckin

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2021-04-29 07:45:07	cd8ed20c2ffe0e086d3a0b640e4950e48583f297b6356c14de62623a4322fe12	exe		njrat
2021-04-29 07:41:05	869057252cb67652a89248a497806609871fa551b4dac8112d6f12da9773bc81	doc
2021-04-29 07:41:04	f9a1b925c26b0765469b644d8b856a314641c312098ed995c3439a79cffa5fd4	exe		njrat
2021-04-29 07:37:05	b1eb6dca624a1a78cd91360e6af46b0d7bc0afaca59ddf35cfff0ed2b9df4119	exe		njrat
2021-04-29 07:28:04	c246066ba672ea9e8e0879f3f163c06b65ae73ab034261027712b51b1142d026	doc
2021-04-29 07:18:05	d9c29e1d6655e82c63fb393e70b74832e4ef9f51d4cf1eb4ced610147e8739ba	exe		LuminosityLink