URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2023-11-27 11:11:07	107.173.143.18	107-173-143-18-host.colocrossing.com	Not listed	AS36352 AS-COLOCROSSING	US	yes

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2023-12-02 10:44:05	http://107.173.143.18/html/microsoftdeletedenti...	Offline	doc opendir rat RemcosRAT	abuse_ch
2023-12-02 06:05:10	http://107.173.143.18/155/wlanext.exe	Offline	32 exe RemcosRAT	zbetcheckin
2023-11-27 11:11:09	http://107.173.143.18/132/BMW.txt	Offline	AgentTesla ascii Encoded opendir	abuse_ch
2023-11-27 11:11:07	http://107.173.143.18/132/www/microsoftbrowserE...	Offline	AgentTesla doc opendir	abuse_ch
2023-11-27 11:11:07	http://107.173.143.18/132/htmljason.vbs	Offline	opendir vbs	abuse_ch

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2023-12-04 03:28:27	bafc5fae0104b9851797f62ad1d638cf18237782147ff341033d6bfc06e0d5ca	exe		RemcosRAT
2023-12-02 10:44:05	bb6aa1136031783b6a94b84d8fd97c752126067113cd2c764b6176cf5e4cbf7e	unknown		RemcosRAT
2023-12-02 06:05:09	48df72d38c4b15ae4c34723fd6b2c8399110aebbf9f4205064901bc2650f2571	exe		RemcosRAT
2023-11-27 11:11:09	e374a589e2611f3583d401c0bfc4cc4f7d0f6919a7bc6bff2b02ffe315a8c23f	txt		AgentTesla
2023-11-27 11:11:07	8e8b4cfe149df47cf74d41bd3ff584ae66489691b7abef3baaeaed8e105cf2f8	unknown
2023-11-27 11:11:07	9b36f007ee4269cab9614e8fd91217bd6ef13200c7fd9e03beb60dbe97cd339d	unknown