URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2025-01-30 06:43:06	107.172.148.212	107-172-148-212-host.colocrossing.com	Not listed	AS36352 AS-COLOCROSSING	US	yes

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2025-02-01 13:16:04	http://107.172.148.212/xampp/kkn/normalwaytogiv...	Offline		abuse_ch
2025-02-01 13:00:04	http://107.172.148.212/xampp/kkn/nsoo/givemebes...	Offline	hta rat RemcosRAT	abuse_ch
2025-01-31 10:13:01	http://107.172.148.212/xampp/kkn/goodthingshapp...	Offline	hta	Riordz
2025-01-31 06:59:07	http://107.172.148.212/xampp/nmbk/nm/nmssb.hta	Offline	hta MassLogger	Riordz
2025-01-31 06:59:06	http://107.172.148.212/xampp/kkn/nsoo/nomralway...	Offline	hta RemcosRAT	Riordz
2025-01-30 06:43:07	http://107.172.148.212/260/cvss.exe	Offline	exe keylogger MassLogger snake	Riordz

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2025-02-01 13:16:04	218c207632a9ef8a06d8e8d454fe3b058b2dc441b34b17d3cabd6dd43354d14d	txt
2025-02-01 13:00:04	cfe69a5058e030decb26c5bf1b6b0147b0af8d165257a4c60feefbee2459d188	hta		RemcosRAT
2025-01-31 06:59:06	0762ac69423aa2d3b2381d1e9a476642deffa77e30f4247762e3e76c731b6cc2	hta		RemcosRAT
2025-01-31 06:59:06	86b65f233b4c45ce9719e04876fbe5aea082412090317b81b72585f54eb0f213	hta		MassLogger
2025-01-30 06:43:05	908c2505c5d56442bf352d65d7fa1fb772375b81362c518002de8b3db97ec5d1	exe		MassLogger