URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	www.igenius.org
Domain registrar:	GoDaddy
Domain registration date:	2009-12-15 13:27:16 UTC
Abuse complaint sent?:	Yes (2024-07-07 05:10:03 UTC to ops{at}pir[dot]org)
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Status unknown
AdGuard :	Not blocked
Cloudflare :	Not blocked
ProtonDNS :	Status unknown
OpenBLD :	Not blocked
DNS4EU :	Not blocked
Control D HaGeZi :	Not blocked
Firstseen:	2024-07-07 05:05:08 UTC
Total malware sites :	7
Online malware sites :	0 (0%)
Offline Malware sites :	7 (100%)
A record(s) observed :	6

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2025-04-27 08:47:19	15.197.148.33	a2aa9ff50de748dbe.awsglobalaccelerator.com	Not listed	AS16509 AMAZON-02	US	no
2025-04-27 08:47:19	3.33.130.190	a2aa9ff50de748dbe.awsglobalaccelerator.com	Not listed	AS16509 AMAZON-02	US	no
2025-07-05 23:12:35	44.232.173.249	ec2-44-232-173-249.us-west-2.compute.amazonaws.com	Not listed	AS16509 AMAZON-02	US	no
2025-07-05 23:12:35	52.40.42.113	ec2-52-40-42-113.us-west-2.compute.amazonaws.com	Not listed	AS16509 AMAZON-02	US	no
2024-09-06 05:19:11	176.107.179.155	176.107.179.155.deltahost-ptr	Not listed	AS47987 DELTAHOST-KYIV	UA	no
2024-07-07 05:06:11	192.3.140.185	192-3-140-185-host.colocrossing.com	Not listed	AS36352 AS-COLOCROSSING	US	no

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2024-07-07 09:07:06	http://www.igenius.org/Server.exe	Offline	AsyncRAT exe	abuse_ch
2024-07-07 09:07:06	http://www.igenius.org/aaa.exe	Offline	AsyncRAT exe	abuse_ch
2024-07-07 09:07:06	http://www.igenius.org/build.exe	Offline	AsyncRAT exe	abuse_ch
2024-07-07 09:01:12	http://www.igenius.org/update.exe	Offline	64 exe	zbetcheckin
2024-07-07 05:56:11	https://www.igenius.org/Server.exe	Offline	32 AsyncRAT exe	zbetcheckin
2024-07-07 05:56:10	http://www.igenius.org/Installer.exe	Offline	32 exe	zbetcheckin
2024-07-07 05:06:11	http://www.igenius.org/Client.exe	Offline	32 exe StormKitty	zbetcheckin

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2024-07-07 09:07:06	dbacc134902ee72d1464d3b61a3518402b7ab54807bb7b7541fc2916c8119e9e	exe		AsyncRAT
2024-07-07 09:07:06	8215ed905544d217f656b5b226f71798970698eefa4f24cb48532778d8409baa	exe		AsyncRAT
2024-07-07 09:07:06	7c03173d3bd7a27e446d8fe70829b963942f746d933a9eab4d198d524b45cb68	exe		AsyncRAT
2024-07-07 09:01:12	11cd1472cd1cc75245a148d4e9560bf7f7917443b36dec3f92ed79b8e743b399	exe
2024-07-07 05:56:11	dbacc134902ee72d1464d3b61a3518402b7ab54807bb7b7541fc2916c8119e9e	exe		AsyncRAT
2024-07-07 05:56:10	5f628663f71e3baa55f10e6021597f7860bef868284eb50b8958169dcbbff4fd	exe		KeyzetsuClipper
2024-07-07 05:06:11	9a25faeade01978fd39daedd1b8fea6f4b5957a001a7227141b2ee7d714b421b	exe		StormKitty