URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2023-03-19 14:10:11	185.106.92.140		Not listed	AS214927 PSB-AS	DE	yes

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2023-03-19 14:52:09	http://185.106.92.140:8080/cockkieeAC.exe	Offline	additionalpayloads raccoonv2 RecordBreaker	Gi7w0rm
2023-03-19 14:52:07	http://185.106.92.140:8080/neee.exe	Offline	additionalpayloads LaplasClipper raccoonv2 RecordBreaker	Gi7w0rm
2023-03-19 14:10:11	http://185.106.92.140:8080/goland.exe	Offline	additionalpayloads LaplasClipper raccoonv2 RecordBreaker	Gi7w0rm
2023-03-19 14:10:11	http://185.106.92.140:8080/Slava.exe	Offline	additionalpayloads raccoonv2 RecordBreaker	Gi7w0rm

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2023-03-20 15:54:45	c99c666af40a931497de5f907523a922fe9b7655a4cd94619f71bd9cd15189fb	exe
2023-03-19 16:44:46	fe3dd6f2734041f58919a1ea6a6e91351ce9987b5ce1878fca7c3c4a4429f23b	exe
2023-03-19 15:36:05	f9c21532868a2cd3cbeaa22f92c237cb73bff27d73fc49716d81c89eedb72be9	exe
2023-03-19 14:56:07	58c0d2f945207a56f5baefbb320d7ddbd01089205025de05133db173281e65e2	exe		LaplasClipper
2023-03-19 14:52:08	adcf0ee814651b8a561d827d7ecc7a9aee660a950511c1ffae7d16f426f8de14	exe
2023-03-19 14:52:07	348014d89503967f134b988559b2ac694e0d3256708bbf7d8b96aa8c49fe1057	exe		LaplasClipper