URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	198.23.212.140
Firstseen:	2020-11-11 09:31:02 UTC
Total malware sites :	5
Online malware sites :	0 (0%)
Offline Malware sites :	5 (100%)

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2020-11-11 09:31:05	198.23.212.140	198-23-212-140-host.colocrossing.com	Not listed	AS36352 AS-COLOCROSSING	US	yes

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2022-10-13 16:10:57	http://198.23.212.140:63006/Vre	Offline	vjw0rm	Cryptolaemus1
2020-11-12 07:42:05	http://198.23.212.140/doc/cash.exe	Offline	exe	oppimaniac
2020-11-12 07:42:04	http://198.23.212.140/doc/frankf.exe	Offline	exe	oppimaniac
2020-11-11 09:31:05	http://198.23.212.140/doc/ohms.exe	Offline	AgentTesla exe	oppimaniac
2020-11-11 09:31:05	http://198.23.212.140/doc/xyy.exe	Offline	AgentTesla exe	oppimaniac

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Signature
2020-11-12 07:42:05	05163042425da44fed5691a5490563f89a415577452a355397ed27d3ba1323d7	exe
2020-11-12 07:42:04	4850c6f42a75ecff416b68fb39f7bd261527065704b35f24328b7055995cf27d	exe
2020-11-11 09:31:05	7543d16d9eb66ebcb61a632b705609940389665e09e7e4bdc3ec33f3612d1dcb	exe	AgentTesla
2020-11-11 09:31:05	a3230e59a4a3a5f499ff5d3f6a6d595ba1be76befacea3a3770d9980298d4583	exe	AgentTesla