URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2021-07-14 07:05:04	185.222.57.252	hosted-by.rootlayer.net	Not listed	AS51447 ROOTLAYERNET	NL	yes

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2022-05-05 11:15:05	http://185.222.57.252/bankreport05052022_Rercxj...	Offline	exe	vxvault
2022-05-05 07:00:05	http://185.222.57.252/bankreportt_Vqhsyahp.bmp	Offline	exe	vxvault
2021-07-27 15:04:09	http://185.222.57.252/www/vbc.exe	Offline	exe Formbook opendir	abuse_ch
2021-07-20 09:22:04	http://185.222.57.252/jss/vbc.exe	Offline	exe Formbook opendir	abuse_ch
2021-07-14 07:05:04	http://185.222.57.252/rtc/vbc.exe	Offline	exe Formbook NanoCore rat	abuse_ch

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2022-05-05 11:15:05	805db77d2aab1b57d4ce56d5fc76d3b0477b00585d8978f16854a2684ed37590	unknown
2022-05-05 07:00:05	7113db342bc1b149a957218ea2155031ab3d427703f84b442df962a5e39dd0d1	unknown
2021-07-27 15:04:09	38ba862149962bc5a10825a2b818391624cda439fcb3f6212b75d84eeeb4f70c	exe		Formbook
2021-07-20 09:22:04	9b795b925c16454a770214d5ef56ee695a5f562498d4d276cf160fbc13162c15	exe		Formbook
2021-07-18 17:35:00	9b795b925c16454a770214d5ef56ee695a5f562498d4d276cf160fbc13162c15	exe		Formbook
2021-07-14 07:05:04	f6c867888f3fa738dcf2dc9639efeab55cbb0392c284d3fb25487d062d1e783c	exe		NanoCore