URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	192.3.176.138
Firstseen:	2024-08-06 06:00:05 UTC
Total malware sites :	27
Online malware sites :	0 (0%)
Offline Malware sites :	27 (100%)

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2024-08-06 06:00:08	192.3.176.138	192-3-176-138-host.colocrossing.com	Not listed	AS36352 AS-COLOCROSSING	US	yes

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2025-03-20 08:12:34	http://192.3.176.138/40/sihost.exe	Offline		abuse_ch
2025-03-20 08:12:04	http://192.3.176.138/xampp/wfc/seven.hta	Offline		abuse_ch
2024-08-18 11:46:05	http://192.3.176.138/xampp/sop/40.hta	Offline	hta SnakeKeylogger	abuse_ch
2024-08-15 13:41:06	http://192.3.176.138/70/asusns.exe	Offline	exe SnakeKeylogger	James_inthe_box
2024-08-13 06:34:07	https://192.3.176.138/32/sahost.exe	Offline	exe opendir SnakeKeylogger	NDA0E
2024-08-13 06:33:06	http://192.3.176.138/32/sahost.exe	Offline	exe opendir SnakeKeylogger	NDA0E
2024-08-13 06:33:06	http://192.3.176.138/xampp/sgr/ieexplore.hta	Offline	hta SnakeKeylogger	NDA0E
2024-08-13 06:33:06	https://192.3.176.138/xampp/sgr/ieexplore.hta	Offline	hta SnakeKeylogger	NDA0E
2024-08-10 11:40:07	https://192.3.176.138/107/sahost.exe	Offline	exe SnakeKeylogger	NDA0E
2024-08-10 07:34:13	http://192.3.176.138/108/sahost.exe	Offline	exe	abus3reports
2024-08-10 07:25:07	http://192.3.176.138/107/sahost.exe	Offline	SnakeKeylogger	abuse_ch
2024-08-09 06:58:04	http://192.3.176.138/xampp/zoom/107.hta	Offline	SnakeKeylogger	abuse_ch
2024-08-07 18:43:05	http://192.3.176.138/xampp/bhn/95.hta	Offline		abus3reports
2024-08-07 18:43:05	http://192.3.176.138/xampp/zmo/zm/70.hta	Offline		abus3reports
2024-08-07 18:43:05	http://192.3.176.138/xampp/ienet/ien/55.hta	Offline		abus3reports
2024-08-07 18:43:05	http://192.3.176.138/xampp/ozon/oz/106.hta	Offline	SnakeKeylogger	abus3reports
2024-08-07 18:43:03	http://192.3.176.138/xampp/euh/easywayformadeth...	Offline		abus3reports
2024-08-07 18:43:03	http://192.3.176.138/xampp/euh/eu/easywayformad...	Offline		abus3reports
2024-08-07 18:38:13	http://192.3.176.138/60/sahost.exe	Offline	exe SnakeKeylogger	abus3reports
2024-08-07 18:38:06	http://192.3.176.138/55/sahost.exe	Offline	exe SnakeKeylogger	abus3reports
2024-08-07 18:38:05	http://192.3.176.138/70/sahost.exe	Offline	exe SnakeKeylogger	abus3reports
2024-08-07 18:38:05	http://192.3.176.138/95/sahost.exe	Offline	exe SnakeKeylogger	abus3reports
2024-08-07 14:29:06	http://192.3.176.138/105/sahost.exe	Offline	SnakeKeylogger	James_inthe_box
2024-08-07 14:29:06	http://192.3.176.138/106/sahost.exe	Offline	SnakeKeylogger	James_inthe_box
2024-08-07 06:52:05	http://192.3.176.138/xampp/zmo/60.hta	Offline		abuse_ch
2024-08-06 06:00:08	http://192.3.176.138/xampp/bhn/bh/90.hta	Offline	AgentTesla hta	abuse_ch
2024-08-06 06:00:08	http://192.3.176.138/90/sahost.exe	Offline	AgentTesla exe	abuse_ch

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Signature
2024-08-18 11:46:05	862835269bbd12fe394cdb9ab03e9e87d7117480150b7bc3a84dcf7ebee3d1fe	hta	SnakeKeylogger
2024-08-15 13:41:06	e5797ef4bea22b1d24a9147c48726e9960ffa1b5866e04c11de117531483fe9d	exe	SnakeKeylogger
2024-08-13 06:34:07	9238f0f88af5a6f80f79c66f502b73ca920522f58128428bc556054963ea6d1c	exe	SnakeKeylogger
2024-08-13 06:33:06	9238f0f88af5a6f80f79c66f502b73ca920522f58128428bc556054963ea6d1c	exe	SnakeKeylogger
2024-08-13 06:33:06	244449e74ef406c849ff28afed6e7c681f9879bdcda2a5218da777b7ad4c8046	hta
2024-08-13 06:33:06	244449e74ef406c849ff28afed6e7c681f9879bdcda2a5218da777b7ad4c8046	hta
2024-08-10 11:40:07	484e5a871ad69d6b214a31a3b7f8cfced71ba7a07e62205a90515f350cc0f723	exe	SnakeKeylogger
2024-08-10 07:34:12	8af777d0f92cef2d9040a634527c3753669235589c23129f09855ad0ebe10c6f	exe
2024-08-10 07:25:07	484e5a871ad69d6b214a31a3b7f8cfced71ba7a07e62205a90515f350cc0f723	exe	SnakeKeylogger
2024-08-09 06:58:04	6f6a660ce89f6ea5bbe532921ddc4aa17bcd3f2524aa2461d4be265c9e7328b9	hta	SnakeKeylogger
2024-08-07 23:29:25	3513fc3dfdaf3deb1ed4252e43913b058ec12ae50bf9067016dba7df17f2ff03	exe	SnakeKeylogger
2024-08-07 20:48:20	d4bc9adca2555a946c995d6c4dfee58147b21804003d645a055a3134b19a27dd	exe	SnakeKeylogger
2024-08-07 18:43:05	daaa4c8b42e0af2debe7066de736b36b0d5502d16df81240d8d5295a46734f7f	hta
2024-08-07 18:43:05	69e9ecf821d58b2e032e5174371a01ae58a96be37857eb2238a3106c827a5c7b	hta
2024-08-07 18:43:05	f08e2102f102dedbe0201b769476574a353b972812d4126474124dc4f6b76c4f	hta
2024-08-07 18:43:04	e26883bd5c9f0a2f8675c3331cae5eda33ea5432bbe2a47ebbd160106ef1acff	hta	SnakeKeylogger
2024-08-07 18:38:13	ce9429f517f80c390c71168ea43ad578e7fff7acff1abfa50d8167bad73304a8	exe	SnakeKeylogger
2024-08-07 18:38:06	50e59bcfb26bd248b9d979be95aba9a034cc4481bd592c83f26fef033f8f83f0	exe	SnakeKeylogger
2024-08-07 18:38:05	50e59bcfb26bd248b9d979be95aba9a034cc4481bd592c83f26fef033f8f83f0	exe	SnakeKeylogger
2024-08-07 18:38:05	50e59bcfb26bd248b9d979be95aba9a034cc4481bd592c83f26fef033f8f83f0	exe	SnakeKeylogger
2024-08-07 14:29:06	9f7e2df5f136561e2c0bc3d0c32e70ee27073767dff963e592b749d8241df5d2	exe	SnakeKeylogger
2024-08-07 14:29:06	d9863b7b710599bc2b308a0b78970da8c42ee5bc6d3dcda05c2de52a88125726	exe	SnakeKeylogger
2024-08-07 06:52:05	d28a7a6f76de0727b7c5a34c184acfbc94f15501bb946489d1187fa906902ffe	hta
2024-08-06 06:00:08	94b67846d37007341608fe74d27d1ae0298d558d573a172d9013c42828eaa14a	exe	AgentTesla
2024-08-06 06:00:07	77372e54cb633d52685ad88856e39d9e22b2efffd19293b4aca7fa9157f989a8	hta	AgentTesla