URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	198.12.89.173
Firstseen:	2022-08-11 06:35:03 UTC
Total malware sites :	15
Online malware sites :	0 (0%)
Offline Malware sites :	15 (100%)

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2022-08-11 06:35:09	198.12.89.173	198-12-89-173-host.colocrossing.com	Not listed	AS36352 AS-COLOCROSSING	US	yes

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2022-08-31 10:41:04	http://198.12.89.173/191/vbc.exe	Offline	32 exe RemcosRAT	zbetcheckin
2022-08-27 16:31:08	http://198.12.89.173/790/vbc.exe	Offline	32 exe RemcosRAT	zbetcheckin
2022-08-26 23:52:07	http://198.12.89.173/42/vbc.exe	Offline	32 exe RemcosRAT	zbetcheckin
2022-08-24 06:29:04	http://198.12.89.173/https/790.doc	Offline	doc opendir	abuse_ch
2022-08-23 12:06:04	http://198.12.89.173/https/789.doc	Offline	doc opendir	abuse_ch
2022-08-22 23:45:05	http://198.12.89.173/217/vbc.exe	Offline	32 exe RemcosRAT	zbetcheckin
2022-08-21 15:34:04	http://198.12.89.173/hpp/217.doc	Offline	doc opendir	abuse_ch
2022-08-21 15:34:04	http://198.12.89.173/hpp/216.doc	Offline	doc opendir	abuse_ch
2022-08-21 01:34:04	http://198.12.89.173/216/vbc.exe	Offline	32 exe RemcosRAT	zbetcheckin
2022-08-20 07:09:04	http://198.12.89.173/.-------.--.----------.---...	Offline	doc opendir rat RemcosRAT RTF	abuse_ch
2022-08-20 07:09:04	http://198.12.89.173/.-------.--.----------.---...	Offline	doc opendir rat RemcosRAT RTF	abuse_ch
2022-08-19 15:33:04	http://198.12.89.173/69/vbc.exe	Offline	32 exe RemcosRAT	zbetcheckin
2022-08-18 13:47:05	http://198.12.89.173/68/vbc.exe	Offline	32 exe RemcosRAT	zbetcheckin
2022-08-11 07:49:05	http://198.12.89.173/130/vbc.exe	Offline	32 exe RemcosRAT	zbetcheckin
2022-08-11 06:35:09	http://198.12.89.173/150/vbc.exe	Offline	AgentTesla exe opendir	abuse_ch

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Signature
2022-08-31 10:41:04	cd1f8f6b9caa62dbb054f08c08054395da2a1718ac352cb2398955f4587c497c	exe	RemcosRAT
2022-08-27 16:31:08	9e11a6c976f4069202a945956a75354c69463e73bcabd8acf15f3288f8c1194f	exe	RemcosRAT
2022-08-26 23:52:07	2149cec22f889cc1eed0485be3a4670b2f5b20a2f40eaa24633ed54b3b795da2	exe	RemcosRAT
2022-08-24 06:29:04	5a4bba22931539593095eee6e5ce7a1e47665619e7d5bd863d19a0204e804e90	unknown
2022-08-23 12:06:04	56832c649a54252e468be13e4e290dfd5f0d0080856069aca35036f3c1efe384	unknown
2022-08-22 23:45:05	e74bb9c0b5c0be53a68dd0fcb7410a2f93358078694319d277eefb805a55225b	exe	RemcosRAT
2022-08-21 15:34:04	0eaf4b633906ff9a61745ff92de19cb6e200e5661d2a9c8b67843396d9297db2	unknown
2022-08-21 15:34:04	0dda02fe613bebadffd536d990f5ffd519f9538207604513830b10bd13c8d910	unknown
2022-08-21 01:34:04	991f5d88b4720d5f1e7bac12d0a9b85ba74f74db85cbf86fa65cb093afcf3def	exe	RemcosRAT
2022-08-20 07:09:04	99ca95191f29043fb4839252a07098bb76bc4cf8f13697e46a2f18c7df11ceee	unknown
2022-08-20 07:09:04	8cfc5bd8f33d8f95f260e0e339fda3148ccaba17c02a80f98be6e8efa1c8798a	unknown
2022-08-19 15:33:04	e74bb9c0b5c0be53a68dd0fcb7410a2f93358078694319d277eefb805a55225b	exe	RemcosRAT
2022-08-19 08:18:10	991f5d88b4720d5f1e7bac12d0a9b85ba74f74db85cbf86fa65cb093afcf3def	exe	RemcosRAT
2022-08-18 15:43:53	13a09c7894df906237129b7f94ca98fb2249d44637db4ed2d876e9f9b09ff130	exe	RemcosRAT
2022-08-18 13:47:05	317977d99bebf5f65a24d6460fa2f98f5e875d1f85f12a430acb69f8dd3dfbdf	exe	RemcosRAT
2022-08-11 07:49:05	aeff864a48f8a0b26b5db70bebd4a437875dd33b3b35b8953ea216ce126c5e1e	exe	RemcosRAT
2022-08-11 06:35:04	e898613391cd9e2cff83058d264e4b58c3d9203ac6d91a76c2433a1c75f9c6dc	exe	AgentTesla