URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2025-10-07 06:28:32	91.193.180.113	mail.ikrts.ru	Not listed	AS12722 RECONN	RU	yes
2025-04-27 09:21:14	91.193.181.94	domostroy-nn.ru	Not listed	AS12722 RECONN	RU	no
2019-01-18 12:34:09	185.4.64.143	mail.hobby-service.ru	Not listed	AS12722 RECONN	RU	no

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2019-01-18 13:24:03	http://xn--80abhfbusccenm1pyb.xn--p1ai/images/s...	Offline	exe Troldesh	zbetcheckin
2019-01-18 13:23:04	http://xn--80abhfbusccenm1pyb.xn--p1ai/upload/i...	Offline	exe	zbetcheckin
2019-01-18 12:34:09	http://xn--80abhfbusccenm1pyb.xn--p1ai/upload/i...	Offline	exe Shade Troldesh	Racco42

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2019-01-21 06:28:32	0ddcd4073c567f011477e54c4632e3ae44ed41608c109e01b7f829b82701c694	exe		Ransomware.Troldesh
2019-01-21 04:49:38	0bccabad1d8159344b8671c7fc4388907067d1e6c6705b92a8ce6d9496215356	exe
2019-01-18 13:24:03	7701170304fdd48b184aac032391ae3a1f880be6160812d0089049834b3ec828	exe		Ransomware.Troldesh
2019-01-18 13:23:04	414bb1af4fbb618c4889d69144c7f66591c6e5294d0ab3b7ea8b774946977cf2	exe
2019-01-18 12:34:09	28e7bb42438e1c8e0cb9057717116d5e56fbe67c9779f7946a5f0f85f26db89b	exe		Ransomware.Troldesh