URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2025-10-01 07:18:04	104.168.7.197	104-168-7-197-host.colocrossing.com	Not listed	AS36352 AS-COLOCROSSING	US	yes

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2025-10-03 05:32:11	https://104.168.7.197/img/optimized_MSI.png	Offline		JAMESWT_WT
2025-10-01 15:04:08	http://104.168.7.197/155/IMG__pict0900000400003...	Offline	hta	abuse_ch
2025-10-01 15:02:07	http://104.168.7.197/122/IMG___090000e098848774...	Offline	hta PureLogsStealer	abuse_ch
2025-10-01 14:59:07	http://104.168.7.197/157/IM__Pic009405960060400...	Offline	hta	abuse_ch
2025-10-01 09:53:40	http://104.168.7.197/img/optimized_MSI.png	Offline		JAMESWT_WT
2025-10-01 07:18:04	http://104.168.7.197/122/IMG___090000e098848774...	Offline	hta	abuse_ch

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2025-10-03 05:32:11	4378fae350b62cb5d4a1151b573aa39ed7e80efde38a0209f23fbd64cfc678fa	unknown
2025-10-01 15:04:08	e6a1a84f1bd7f19bed8364946512f3f39a0958cf5d236a236f216ffc7b9573f5	html		KatzStealer
2025-10-01 15:02:07	837dac696a5a6d39add23990b6ec150c4ee86a770efa8c2d4d7a84e4d9c982d2	html		PureLogsStealer
2025-10-01 14:59:07	1422b3c6b965dea18640b5fe1df29540046204e09a8f672e6d7d115719e157a9	html		KatzStealer
2025-10-01 09:53:40	4378fae350b62cb5d4a1151b573aa39ed7e80efde38a0209f23fbd64cfc678fa	unknown