URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host: 192.3.216.148
Firstseen:2024-07-05 04:35:09 UTC
Total malware sites :5
Online malware sites :0 (0%)
Offline Malware sites :5 (100%)

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)IP addressHostnameSBLASNCountryActive?
2024-07-05 04:35:11 192.3.216.148192-3-216-148-host.colocrossing.comNot listedAS36352 AS-COLOCROSSING- USyes

Malware URLs

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)URLStatusTagsReporter
2024-08-02 11:47:33http://192.3.216.148/uh.ee.uh.ee.uhuheee.docOfflineAgentTesla ext doc kddx0178318
2024-07-31 07:46:08http://192.3.216.148/newvedo.txtOfflineAgentTesla ext rev-base64-loader xworm abuse_ch
2024-07-30 15:34:10http://192.3.216.148/vvvveddodoodod.txtOfflineAgentTesla ext rev-base64-loader abuse_ch
2024-07-05 04:35:13http://192.3.216.148/base64.txtOfflineAgentTesla ext ascii Encoded rev-base64-loader abuse_ch
2024-07-05 04:35:11http://192.3.216.148/datingloverstartingAgain.vbsOfflineAgentTesla ext vbs abuse_ch

The table below shows recent payloads delivery by this host.

Firstseen (UTC)SHA256 hashFile typeBazaarSignature
2024-08-03 23:09:30bce274f3bdcbe0ffbc8c332a41b81277f63a9e944e3f7f858a5ccae09ea6a4e0rtf  
2024-07-31 07:46:08141529826f4dae57592d39157455e6b233f1635d04af2f411046a550ec754e7btxt AgentTesla
2024-07-30 15:34:09a72610b15e2e0dc8938a613e79a468d2bd6667bbb9851353fe585f2df701b9eatxt AgentTesla
2024-07-05 04:35:1303a18a555a7edce5c88a8af9597443cf22f96b4668e6805cbdd7fb34b4026c9dtxt AgentTesla