URLhaus Database

You are currently viewing the URLhaus database entry for http://194.38.20.199/md.sh which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	1046507
URL:	http://194.38.20.199/md.sh
URL Status:	Offline
Host:	194.38.20.199
Date added:	2021-03-04 10:30:04 UTC
Last online:	2021-11-30 11:XX:XX UTC
Threat:	Malware download
Reporter:	zbetcheckin
Abuse complaint sent (?):	Yes (2021-03-04 10:30:05 UTC to vb{at}smartmedianetwork[dot]com[dot]ua)
Takedown time:	9 months, 1 days, 1 hours, 4 minutes (down since 2021-11-30 11:34:44 UTC)
Tags:	shellscript

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT
2021-09-16	n/a	unknown	64ddeea79aa88adf56e973234b0414664859418e8f0cb4ea7ec3652227c1219e	n/a
2021-06-09	n/a	unknown	b7b0b5dd626939bb5b218aae95d13222960fad4c6b1e262cb43781ff79f06936	n/a
2021-06-08	n/a	unknown	5b5df40d4fa728cc895754fa9505a6b8bc59ef0837fcdfd5c0dd11cb774b437e	n/a
2021-03-25	n/a	unknown	53b036e869ca8c6d2988a16e8b37ba3adfee2084de4e9e0ca24004766e2dfa4d	n/a
2021-03-13	n/a	unknown	a6a342773a0a2faa7b9385477b3d7942481df49cb1df5931fc9f3b895fc133f3	n/a
2021-03-04	n/a	unknown	fbe00821376278a0e0781c94434e4529a9c9acdeab99f5147e91381307916559	35.00%