URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2021-07-22 15:16:05	172.245.119.43	172-245-119-43-host.colocrossing.com	Not listed	AS36352 AS-COLOCROSSING	US	yes

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2022-07-26 18:28:04	http://172.245.119.43/65/vbc.exe	Offline	32 exe Loki	zbetcheckin
2022-07-26 15:37:04	http://172.245.119.43/55/vbc.exe	Offline	exe Loki opendir	abuse_ch
2022-07-12 09:42:04	http://172.245.119.43/receipt/420.doc	Offline	doc Loki opendir	abuse_ch
2022-07-12 09:42:04	http://172.245.119.43/420/vbc.exe	Offline	exe Loki opendir	abuse_ch
2022-01-27 14:06:04	http://172.245.119.43/4411/vbc.exe	Offline	32 exe	zbetcheckin
2022-01-27 10:22:04	http://172.245.119.43/344/vbc.exe	Offline	32 exe GuLoader	zbetcheckin
2022-01-27 08:45:04	http://172.245.119.43/invoice/delivery.wbk	Offline	AgentTesla opendir RTF	abuse_ch
2022-01-27 08:45:04	http://172.245.119.43/invoice/invc_shp.wbk	Offline	AgentTesla GuLoader opendir	abuse_ch
2022-01-27 08:45:04	http://172.245.119.43/invoice/inv_shp0000.wbk	Offline	AgentTesla GuLoader opendir	abuse_ch
2021-08-19 14:30:05	http://172.245.119.43/d/skin.exe	Offline	exe Formbook opendir	abuse_ch
2021-08-17 19:21:05	http://172.245.119.43/d/hot.exe	Offline	32 exe Formbook	zbetcheckin
2021-08-17 19:03:06	http://172.245.119.43/d/oy.exe	Offline	32 exe	zbetcheckin
2021-07-23 17:18:03	http://172.245.119.43/d/pdf.exe	Offline	exe Formbook	abuse_ch
2021-07-22 15:16:05	http://172.245.119.43/d/doc.doc	Offline	opendir RTF	abuse_ch
2021-07-22 15:16:05	http://172.245.119.43/d/sharp.exe	Offline	exe Formbook opendir	abuse_ch
2021-07-22 15:16:05	http://172.245.119.43/d/obi.exe	Offline	exe Formbook opendir	abuse_ch

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2022-07-27 05:30:55	013c273ca25306a5d7a311db906d012bd07d6a69184349a8d517f514abae9890	exe		Loki
2022-07-27 00:35:58	e1979443e065edcbaf354a1b30834cae7a51d693b1da44778208a7619e5bdec6	exe		Loki
2022-07-26 18:28:04	8097912134d281982a17e6744241589c88bd6483de4c3fee8e7fdea14e9db25f	exe		Loki
2022-07-26 15:37:04	8097912134d281982a17e6744241589c88bd6483de4c3fee8e7fdea14e9db25f	exe		Loki
2022-07-12 09:42:04	b25b3f389cd46e53173c783e7b69372b5dcd967218f2b2eeabcfe5b7b4355fad	exe		Loki
2022-07-12 09:42:04	d40aee8f78268a641b58494b8460ff576d7df29ef6d4174575bfccf3e4c42a82	unknown
2022-01-27 14:06:04	2d057e936114db95aceee7e01d6d6451da76622f81ec7d3ea495b4557469b89f	exe
2022-01-27 10:22:04	243ae30d42e90000b882779fae40e0056eab332b95e2c938446138a80868909e	exe		GuLoader
2022-01-27 08:45:04	084f59705fb0a98883454b511a2939f6ed91e9c04b7a2d7f8cb13ec834ec5215	rtf		GuLoader
2022-01-27 08:45:04	7a3188668cd5ef9ed4e17d9f41a9b5eb22690eb9d6151caf9933f121bfbcedbe	rtf		GuLoader
2022-01-27 08:45:04	047a728d6d2f43dbac1568044523f045058637d3a6821430fecc47284ae1939f	unknown
2021-08-19 14:30:05	69747996584aba2690d04958b5e2d6446107ae702a0053fd28c8073b4d7c8ad5	exe		Formbook
2021-08-17 19:21:05	22a3ccdeb9ae4b196461cdb81c895ae891e2149af03e44b6ce86c2a1bf062947	exe		Formbook
2021-08-17 19:03:06	37882a4a0aaf84e2f3c063de493fedbf2233c31c7bd146c79059dd1ae914e2f4	exe
2021-07-23 17:18:03	51c392870e9f21df2154b4e68a901ca1b5d9fccdcf00a4e6fa60ef07b4dfc541	exe		Formbook
2021-07-22 15:16:04	a8680fe6b1b96489aa5331018a095d20a4a9c69f3f46bc2f9d1b011242079ba3	unknown
2021-07-22 15:16:04	caff14d450514a35eac5ba34b3e74126360662d7c8fdf60a8008a0e3bb8ed0b3	exe		Formbook
2021-07-22 15:16:04	39c27e2a7ec3b5603e184f041bbb07196f6feb885813500fec5ac5fdefca8e1d	exe		Formbook