URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host: 192.3.239.4
Firstseen:2024-05-01 14:33:08 UTC
Total malware sites :4
Online malware sites :0 (0%)
Offline Malware sites :4 (100%)

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)IP addressHostnameSBLASNCountryActive?
2024-05-01 14:33:10 192.3.239.4192-3-239-4-host.colocrossing.comNot listedAS36352 AS-COLOCROSSING- USyes

Malware URLs

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)URLStatusTagsReporter
2024-05-03 04:50:09http://192.3.239.4/xampp/bdc/shelovedsomeonetou...OfflineAgentTesla ext RTF zbetcheckin
2024-05-02 09:40:09http://192.3.239.4/noa.exeOfflineAgentTesla ext Cryptolaemus1
2024-05-01 14:33:11http://192.3.239.4/see.exeOfflineAgentTesla ext exe abuse_ch
2024-05-01 14:33:10http://192.3.239.4/xampp/weg/creatednewthingsto...OfflineAgentTesla ext doc abuse_ch

The table below shows recent payloads delivery by this host.

Firstseen (UTC)SHA256 hashFile typeBazaarSignature
2024-05-03 04:50:0901a6c09c9829bdea8ed5dec785ce2118b60bba4a84f23c904c5d54392bee4fe5rtfAgentTesla
2024-05-02 09:40:09ca0bf7bb5880f8af7bfc35f0dba6fde5c68dd7212f02ed4f70260004e4effc98exeAgentTesla
2024-05-01 14:33:1194e86d7455f9c08cc57d6706e0f779a59459fbdac1506d5b12f20566ad2b9cceexeAgentTesla
2024-05-01 14:33:10cd8edf6fd58e1aab115d9da94f4e8427c29b430cbac0dc9f01f9442c37a5cd7ertfAgentTesla