URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2025-12-02 16:57:11	181.235.10.171		SBL689919	AS3816 COLOMBIA_TELECOMUNICACIONES_S.A._ESP_BIC	CO	yes

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2025-12-02 16:57:21	http://181.235.10.171/31agosto.vbs	Online	huntio opendir RemcosRAT ua-wget	BlinkzSec
2025-12-02 16:57:21	http://181.235.10.171/andre.vbs	Offline	DEU geofenced huntio opendir RemcosRAT ua-wget USA	BlinkzSec
2025-12-02 16:57:21	http://181.235.10.171/actu.exe	Offline	DEU geofenced huntio opendir ua-wget	BlinkzSec
2025-12-02 16:57:11	http://181.235.10.171/sostener.vbs	Offline	huntio opendir RemcosRAT ua-wget	BlinkzSec

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2025-12-05 16:21:43	77c1d0751cebaa15074b84ae860ac17111b966e50b647a6d2677fa9a6b341040	txt		RemcosRAT
2025-12-03 07:38:35	8126e512019b0200882c2584f42511bc07ab7e0d88d711623f67b1635ea6e835	txt
2025-12-02 23:44:32	6a724eb42d810bdcd5ae0ff16c4816072ff5fd54bb4e45e036c10c0e070a4664	txt		RemcosRAT
2025-12-02 22:38:11	983f4ed6232cceca7d778e958205808d68f36f3e9239bcdf72c9e5e8dba01bdb	exe
2025-12-02 16:57:11	6a724eb42d810bdcd5ae0ff16c4816072ff5fd54bb4e45e036c10c0e070a4664	txt		RemcosRAT