URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2021-03-09 07:55:08	18.196.63.181	ec2-18-196-63-181.eu-central-1.compute.amazonaws.com	Not listed	AS16509 AMAZON-02	DE	yes

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2021-03-09 07:55:08	http://18.196.63.181/windows/orii11.exe	Offline	AgentTesla exe	abuse_ch
2021-03-09 07:55:08	http://18.196.63.181/windows/xlo11.exe	Offline	exe Formbook	abuse_ch

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2021-03-11 02:23:50	a959cd546959ac970291a590491e9f01663e6aabaf8900238b59455a48199b6f	exe		Formbook
2021-03-11 02:21:43	e5094fe2876c4c4106b8f7f81dd3683294eb73594179d7366c856c00b437ce31	exe		AgentTesla
2021-03-10 02:24:54	b8f306fb8c064a7d4b5225d70c97595b563e9d9e2e585aa1bfe0ba56bff6ce17	exe		AgentTesla
2021-03-10 01:58:50	1a358d62b634888521fb303f5b388d72084d2983190f17b0af762b21f176fd68	exe		Formbook
2021-03-09 18:02:40	e3485db2464c2d2c43be9447961a7bb434e44eba85039db4fdaf4520795cc4c1	exe		AgentTesla
2021-03-09 15:05:30	b641319c88212713ad24eb947a2bb047372f18a66ca988bfb6018edffd4a369d	exe		AgentTesla
2021-03-09 15:00:22	e0d8da6249a7613a40f6b514cae3b15c22a667b5632f1b8545453e0ca31215cc	exe		Formbook
2021-03-09 07:55:08	7bfd725d73753a04418764767c8c3a06dca2f8cebb832784fd277b4d409101b1	exe		AgentTesla
2021-03-09 07:55:08	d2d50893bb4f2c943c32f834cf6c095e5e4f2e7997b543c1012cf0e74ca8adff	exe		Formbook