URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2024-01-22 11:45:09	192.3.179.145	192-3-179-145-host.colocrossing.com	Not listed	AS36352 AS-COLOCROSSING	US	yes

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2024-08-01 08:31:10	http://192.3.179.145/45/SNK.txt	Offline	404KeyLogger ascii Encoded rev-base64-loader	NDA0E
2024-08-01 07:51:04	http://192.3.179.145/45/newlevelcreatedgirlseye...	Offline	SnakeKeylogger vbs	abuse_ch
2024-08-01 07:50:06	http://192.3.179.145/45/kon/wethinkingentirethi...	Offline	doc SnakeKeylogger	abuse_ch
2024-02-08 17:41:07	http://192.3.179.145/T0802F/wininit.exe	Offline	AgentTesla OriginLogger	James_inthe_box
2024-01-22 11:45:09	http://192.3.179.145/3101/IEupdates.vbs	Offline	vbs	abuse_ch
2024-01-22 11:45:09	http://192.3.179.145/windows/microsoftunderstan...	Offline	doc	abuse_ch

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2024-08-01 08:31:10	16751cd7ad430f8c6bf21e469473814327035184ca6f9c9349f2dcc6c11cde07	txt		404Keylogger
2024-08-01 07:50:06	5961a204bb43bb63f2b98836a34afd1e16a6f3cb160fd17b4718b377273255ff	rtf		SnakeKeylogger
2024-02-08 17:41:07	df8a906a6a3fa7a3631b68f28d05854dbdf920ba3b16215049d8e1f020f82c75	exe		AgentTesla
2024-01-22 11:45:08	7389cc36ef42107c62154c8dc16e69ecc472ec2a6f502d8260bc1580b8217488	unknown
2024-01-22 11:45:08	214aa2fddabe3e85814a2423ad9c0ec8810de0b5e15237c9fabb50a2467e3e75	unknown