URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2021-09-28 15:14:04	18.195.133.226	ec2-18-195-133-226.eu-central-1.compute.amazonaws.com	Not listed	AS16509 AMAZON-02	DE	yes

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2021-09-29 04:58:08	http://18.195.133.226/q7/t/ppt-0301208730611.exe	Offline	32 a310Logger exe	zbetcheckin
2021-09-28 16:57:03	http://18.195.133.226/y1/p/ppt_61102126305327.exe	Offline	32 a310Logger exe	zbetcheckin
2021-09-28 16:44:35	http://18.195.133.226/y1/p/ppt_00101570818.exe	Offline	32 exe Formbook	zbetcheckin
2021-09-28 16:39:05	http://18.195.133.226/y1/p/ppt_82000007451308.exe	Offline	32 exe RedLineStealer	zbetcheckin
2021-09-28 15:14:04	http://18.195.133.226/y1/p/PPT_25084100000125.exe	Offline	a310Logger exe	abuse_ch

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2021-09-29 04:58:08	9295e25f8d2faace30d36a7497aa48df5bc44de15cee22fc6b1e4233e3c50c50	exe		a310Logger
2021-09-28 16:57:03	e5f48b4531abf6b553ac264b9deb28736db14a92e6d3afd196a7c8e11f40e11f	exe		a310Logger
2021-09-28 16:44:35	f421edcb46a128618f15ada2053d311ea25e065d80d8da89bdc211bba054c07e	exe		Formbook
2021-09-28 16:39:05	37e1958166a5cb3b5d218fc5c1ce9cb7878e4d3b50499e6670d8d22563044502	exe		RedLineStealer
2021-09-28 15:14:04	898b6e006ded4d6f550104717d9664b27bb88d97fe0b1973684ed3f94ac6e42e	exe		a310Logger