URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host: 198.12.81.109
Firstseen:2025-02-26 08:28:03 UTC
Total malware sites :15
Online malware sites :0 (0%)
Offline Malware sites :15 (100%)

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)IP addressHostnameSBLASNCountryActive?
2025-02-26 08:28:05 198.12.81.109198-12-81-109-host.colocrossing.comNot listedAS36352 AS-COLOCROSSING- USyes

Malware URLs

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)URLStatusTagsReporter
2025-03-20 13:13:05http://198.12.81.109/xampp/kbze/sweetgoodlifest...Offlinerat RemcosRAT ext abuse_ch
2025-03-20 10:18:20http://198.12.81.109/xampp/kbze/goodlifestarted...Offlineascii Encoded RemcosRAT ext rev-base64-loader NDA0E
2025-03-20 10:18:17http://198.12.81.109/xampp/kbze/kbz/bestwaytocr...Offlinehta RemcosRAT ext NDA0E
2025-03-01 14:20:04http://198.12.81.109/xampp/muh/givemebestgoodth...OfflineAgentTesla ext hta abuse_ch
2025-02-27 06:02:06http://198.12.81.109/230/csoss.exeOfflineexe opendir abuse_ch
2025-02-26 18:48:04http://198.12.81.109/xampp/nco/efreebirdflyinga...Offlinehta RemcosRAT ext abuse_ch
2025-02-26 08:33:07http://198.12.81.109/xampp/canon/sweetnessgoodf...Offlineascii Encoded RemcosRAT ext rev-base64-loader NDA0E
2025-02-26 08:33:07https://198.12.81.109/xampp/canon/sweetnessgood...Offlineascii Encoded RemcosRAT ext rev-base64-loader NDA0E
2025-02-26 08:33:04http://198.12.81.109/xampp/canon/sweetnessgoodf...Offlinevbs NDA0E
2025-02-26 08:33:04https://198.12.81.109/xampp/canon/sweetnessgood...Offlinevbs NDA0E
2025-02-26 08:31:05https://198.12.81.109/xampp/fbo/goodgirlniceloo...Offlineascii Encoded RemcosRAT ext rev-base64-loader NDA0E
2025-02-26 08:31:05http://198.12.81.109/xampp/fbo/goodgirlnicelook...Offlineascii Encoded RemcosRAT ext rev-base64-loader NDA0E
2025-02-26 08:31:04https://198.12.81.109/xampp/fbo/goodgirlniceloo...Offlinevbs NDA0E
2025-02-26 08:31:03http://198.12.81.109/xampp/fbo/goodgirlnicelook...Offlinevbs NDA0E
2025-02-26 08:28:05http://198.12.81.109/xampp/fbo/bobo/goodgirlnic...Offlinehta RemcosRAT ext abuse_ch

The table below shows recent payloads delivery by this host.

Firstseen (UTC)SHA256 hashFile typeBazaarSignature
2025-03-20 10:18:195173fabc6d1f59c1a791a106b9298487aeb700dc7558e1732b2afd5180f699e8txt RemcosRAT
2025-03-20 10:18:175272338400b23202fdfbcf0f9120792124c35c3e8bc730ace12d5f9b2b42ebe7htaRemcosRAT
2025-03-01 14:20:043c7654a38b7e605dd7619b4eafd645c2203c2fa10e60508113eaf23a87f92fa8htaAgentTesla
2025-02-27 06:02:068af777d0f92cef2d9040a634527c3753669235589c23129f09855ad0ebe10c6fexe 
2025-02-26 18:48:0402ab7fc405e543c9f72c21ce363aa9764f2ac2dbec7f4bd179f83cc89ada6e49htaRemcosRAT
2025-02-26 15:13:529cdd51cbccd0c93448cab4561350f3de5dcb8b7dc8bec79e8fb652d7e015109btxt  
2025-02-26 14:56:009cdd51cbccd0c93448cab4561350f3de5dcb8b7dc8bec79e8fb652d7e015109btxt  
2025-02-26 10:20:5336c77edd0db6cf607f894407f6fdbe1dd41d2c6c20908706f446935e06ce2404txt  
2025-02-26 09:51:1236c77edd0db6cf607f894407f6fdbe1dd41d2c6c20908706f446935e06ce2404txt  
2025-02-26 08:33:07e997a7c458f976865951d120ef891eb31d1416e9ee2e79db1a67beb26d13e287txt RemcosRAT
2025-02-26 08:33:07e997a7c458f976865951d120ef891eb31d1416e9ee2e79db1a67beb26d13e287txt RemcosRAT
2025-02-26 08:33:0462d5b600d43e6fd6bca3f9b5239d2ba562bb19f4ae5a5092c1a5afc65fb6096atxt  
2025-02-26 08:33:0462d5b600d43e6fd6bca3f9b5239d2ba562bb19f4ae5a5092c1a5afc65fb6096atxt  
2025-02-26 08:31:05fba8aff4c7c9187527d0292224380fe565dc48ebdc9038b1a59a986e6eb756e5txt RemcosRAT
2025-02-26 08:31:05fba8aff4c7c9187527d0292224380fe565dc48ebdc9038b1a59a986e6eb756e5txt RemcosRAT
2025-02-26 08:31:04bf546f17bdd3a4b5a6cad9d78485a4ba284410c3afdf49b90d79e74e2893f9c8txt  
2025-02-26 08:31:03bf546f17bdd3a4b5a6cad9d78485a4ba284410c3afdf49b90d79e74e2893f9c8txt  
2025-02-26 08:28:048a54bd93afbe5bd867a31ce10f04e555f0f00b6e490e896b488d7af728a7a60ahtaRemcosRAT