URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2024-04-15 05:34:05	198.12.81.144	198-12-81-144-host.colocrossing.com	Not listed	AS36352 AS-COLOCROSSING	US	yes

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2024-04-15 05:35:08	http://198.12.81.144/siscopbaze6444444444maincl...	Offline	AgentTesla ascii Encoded	abuse_ch
2024-04-15 05:34:05	http://198.12.81.144/forXLA.js	Offline	AgentTesla js	abuse_ch
2024-04-15 05:34:05	http://198.12.81.144/xlaisveryeasyprocesstolove...	Offline	AgentTesla doc	abuse_ch

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2024-04-16 09:22:52	5dfb9f985bc3bc6d6112275f141f439675cfdb1853b62caf1a1feb3f5b3f7750	unknown
2024-04-15 09:41:09	f9e36ff5bb29feaafc89d54e02decdfa7bdd5950448ddafc130ed892e7f4b296	unknown
2024-04-15 08:32:12	53464f65d73eac44d97ca18859598a4c574cc9a272afd431bd4ab6da145c8d51	unknown
2024-04-15 07:40:27	f4448f6ba6aa6b51cd1e0aca4a3e79753e07180cc64b9c808f5e65c4e0633606	unknown
2024-04-15 07:02:12	a062b4519d6328fd61d7748fe4b8f0a98258627e54ebda1af20d5be5c89a4950	txt		AgentTesla
2024-04-15 05:35:08	b6239700a800479b7767672237695a4b1e70ce7163f84ae0bbb1ed7ddfff4aaa	txt		AgentTesla
2024-04-15 05:34:05	7c7a8c8c4c2bcc488c2eaff4baad7d097118b3127deb59c8726f7e4f4c2dcbc5	rtf		AgentTesla
2024-04-15 05:34:04	ef56b3b57fe7d9659fb6bbbd121e62174b09593985636bc5c536b65b55a8ccfe	unknown