URLhaus Database

You are currently viewing the URLhaus database entry for http://194.38.20.199/d.sh which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	1046500
URL:	http://194.38.20.199/d.sh
URL Status:	Offline
Host:	194.38.20.199
Date added:	2021-03-04 10:24:04 UTC
Last online:	2021-11-30 11:XX:XX UTC
Threat:	Malware download
Reporter:	zbetcheckin
Abuse complaint sent (?):	Yes (2021-03-04 10:24:07 UTC to vb{at}smartmedianetwork[dot]com[dot]ua)
Takedown time:	9 months, 1 days, 0 hours, 56 minutes (down since 2021-11-30 11:20:57 UTC)
Tags:	shellscript

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT
2021-09-16	n/a	unknown	5439ee923df0557a3134dc6e2d62dd95739bca2198ff1219e0314c4c23fa69a7	n/a
2021-06-09	n/a	unknown	0e79ec7b00c14a4c576803a1fd2e8dd3ea077e4e98dafa77d26c0f9d6f27f0c9	n/a
2021-06-08	n/a	unknown	a6ae36bf8c28ad8ddd376069a8f0e8bc8138e1ba105408fd86c5a1dd2d45abe5	n/a
2021-03-25	n/a	unknown	981bea9cf9fbeda11088fcb9553ef5b27d09ef0fda3cbf3e7dd275b32c042976	n/a
2021-03-13	n/a	unknown	9d9261ea5c28e4d36e10be63472d3bb4e1e17dbd5bbf77964cb3628887f9fda9	n/a
2021-03-04	n/a	unknown	fee0bbef61396a9f82c6f49a21484727e1533ea2d821c5d15e5a739bfb6066de	36.67%