URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	vps-3002.onecom-cloud.one
Domain registrar:	One
Domain registration date:	2024-06-25 16:11:05 UTC
Spamhaus DBL :	Abused domain (botnet C&C)
SURBL :	Blocked
Quad9 :	Blocked
AdGuard :	Blocked
Cloudflare :	Blocked
ProtonDNS :	Blocked
OpenBLD :	Blocked
DNS4EU :	Blocked
Control D HaGeZi :	Not blocked
Firstseen:	2025-12-23 06:21:09 UTC
Total malware sites :	21
Online malware sites :	20 (95%)
Offline Malware sites :	1 (5%)
Newest active malware site :	2025-12-24 12:38:10 UTC
Oldest active malware site :	2025-12-24 12:22:19 UTC (Age: 5 hours, 7 minutes)
A record(s) observed :	1

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2025-12-23 06:21:11	81.88.18.108	vps-2624.onecom-cloud.one	Not listed	AS8648 ONE-NETWORK	DE	yes

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2025-12-24 12:38:10	http://vps-3002.onecom-cloud.one/bins/shadow.arm64	Online	botnetdomain elf mirai ua-wget	BlinkzSec
2025-12-24 12:38:10	http://vps-3002.onecom-cloud.one/bins/shadow.arm	Online	botnetdomain elf mirai ua-wget	BlinkzSec
2025-12-24 12:38:10	http://vps-3002.onecom-cloud.one/bins/shadow.mpsl	Online	botnetdomain elf mirai ua-wget	BlinkzSec
2025-12-24 12:38:09	http://vps-3002.onecom-cloud.one/bins/shadow.i586	Online	botnetdomain elf mirai ua-wget	BlinkzSec
2025-12-24 12:22:20	http://vps-3002.onecom-cloud.one/yarn	Online	botnetdomain mirai sh ua-wget	BlinkzSec
2025-12-24 12:22:20	http://vps-3002.onecom-cloud.one/bin	Online	botnetdomain mirai sh ua-wget	BlinkzSec
2025-12-24 12:22:20	http://vps-3002.onecom-cloud.one/bins/shadow.ppc	Online	botnetdomain elf mirai ua-wget	BlinkzSec
2025-12-24 12:22:20	http://vps-3002.onecom-cloud.one/bins/shadow.arm7	Online	botnetdomain elf mirai ua-wget	BlinkzSec
2025-12-24 12:22:20	http://vps-3002.onecom-cloud.one/bins/shadow.arm6	Online	botnetdomain elf mirai ua-wget	BlinkzSec
2025-12-24 12:22:19	http://vps-3002.onecom-cloud.one/pay	Online	botnetdomain mirai sh ua-wget	BlinkzSec
2025-12-24 12:22:19	http://vps-3002.onecom-cloud.one/bins/shadow.spc	Online	botnetdomain elf mirai ua-wget	BlinkzSec
2025-12-24 12:22:19	http://vps-3002.onecom-cloud.one/bins/shadow.sh4	Online	botnetdomain elf mirai ua-wget	BlinkzSec
2025-12-24 12:22:19	http://vps-3002.onecom-cloud.one/bins/shadow.arm5	Online	botnetdomain elf mirai ua-wget	BlinkzSec
2025-12-24 12:22:19	http://vps-3002.onecom-cloud.one/bins/shadow.mips	Online	botnetdomain elf mirai ua-wget	BlinkzSec
2025-12-24 12:22:19	http://vps-3002.onecom-cloud.one/bins/shadow.arm5n	Online	botnetdomain elf mirai ua-wget	BlinkzSec
2025-12-24 12:22:19	http://vps-3002.onecom-cloud.one/bins/shadow.m68k	Online	botnetdomain elf mirai ua-wget	BlinkzSec
2025-12-24 12:22:19	http://vps-3002.onecom-cloud.one/bins/shadow.i486	Online	botnetdomain elf mirai ua-wget	BlinkzSec
2025-12-24 12:22:19	http://vps-3002.onecom-cloud.one/asus.sh	Online	botnetdomain mirai sh ua-wget	BlinkzSec
2025-12-24 12:22:19	http://vps-3002.onecom-cloud.one/bins/shadow.x86	Online	botnetdomain elf mirai ua-wget	BlinkzSec
2025-12-24 12:22:19	http://vps-3002.onecom-cloud.one/shadow.sh	Online	botnetdomain mirai sh ua-wget	BlinkzSec
2025-12-23 06:21:11	http://vps-3002.onecom-cloud.one/bins/shadow.x8...	Offline	elf geofenced mirai ua-wget USA x86	botnetkiller

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Signature
2025-12-24 12:38:09	5ee3a4aec9a92a62c5d308a2ec541372ab4bacf3fa05e833d880935cf46d0721	elf	Mirai
2025-12-24 12:38:09	eb9e1cf68eb14e4adcdfa704496393a5650750460d44a27fc6810a8fb943c18d	elf	Mirai
2025-12-24 12:38:09	7a1849017c0684337d85b2aa8a730c4fee62486f444c675e8414b97c50cfb5a8	elf	Mirai
2025-12-24 12:38:09	6e01176ce19a409441cadb631f5f0c9b51705a99ebeac50cfae65de383b2e4d4	elf	Mirai
2025-12-24 12:22:19	b80c304c154e78c442f468a2d986124c4e14222c343aff4cdd3d332c9ac3822f	sh	Mirai
2025-12-24 12:22:19	b80c304c154e78c442f468a2d986124c4e14222c343aff4cdd3d332c9ac3822f	sh	Mirai
2025-12-24 12:22:19	b80c304c154e78c442f468a2d986124c4e14222c343aff4cdd3d332c9ac3822f	sh	Mirai
2025-12-24 12:22:19	72f8dcac376fa2861c1a6591953d2c4ad3eed9c634938b3a04388603121ac424	elf	Mirai
2025-12-24 12:22:19	a9e36e6d5c7b89b86270b0ea4d1363cd83e1f8efdabd7331c76ce3e1c64a3539	elf	Mirai
2025-12-24 12:22:19	01a6e4d8e80b7090e1287238fce08de7bf135d537438845cbb3283f0c17f2d95	elf	Mirai
2025-12-24 12:22:19	c9b7e82f11bbb447ffd558b840e98e8d4472371545b80b35432b0502447e81fe	elf	Mirai
2025-12-24 12:22:19	9db2cdc377de44600f2bd4ea70114ef56ca00c876e0577899288782fd8b11fbd	elf	Mirai
2025-12-24 12:22:19	4d5a9a2f2e81daf2490c91bbc8f8a9363cea14da81749fa0131ba80512542b30	elf	Mirai
2025-12-24 12:22:19	7a84fe422301a21cbbb8dd3cdc0e643ee0b9c1aadffa8c57398fd62ea4b58c4b	elf	Mirai
2025-12-24 12:22:19	4d5a9a2f2e81daf2490c91bbc8f8a9363cea14da81749fa0131ba80512542b30	elf	Mirai
2025-12-24 12:22:19	5442e5301eab8ab38d0957494067d4b1e5f0df7123945e9fc2a19ca0e82eb502	elf	Mirai
2025-12-24 12:22:19	0e96a2b051308669018d8a9270e18b63d79348e962a920e4dc25025baac3a753	elf	Mirai
2025-12-24 12:22:19	a23fbf034154fb243d6f8971eb5da56a214f2ca58635a9bd1f6bd6d00e371916	sh	Mirai
2025-12-24 12:22:19	6e01176ce19a409441cadb631f5f0c9b51705a99ebeac50cfae65de383b2e4d4	elf	Mirai
2025-12-24 12:22:19	b80c304c154e78c442f468a2d986124c4e14222c343aff4cdd3d332c9ac3822f	sh	Mirai
2025-12-24 01:06:48	7c4d404b0e75f2e8a13e6d396544a04667a28b0d73f2baf2ee11d715d09c52e1	elf	Mirai
2025-12-23 06:21:11	a9687fbc701d10bd212cdd6a4d0bef5e6b239a9de36c1f04801726dca97b097f	elf	Mirai