URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host: 198.23.213.30
Firstseen:2020-07-13 09:55:08 UTC
Total malware sites :11
Online malware sites :0 (0%)
Offline Malware sites :11 (100%)

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)IP addressHostnameSBLASNCountryActive?
2020-07-13 09:55:09 198.23.213.30198-23-213-30-host.colocrossing.comNot listedAS36352 AS-COLOCROSSING- USyes

Malware URLs

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)URLStatusTagsReporter
2020-08-19 22:21:34http://198.23.213.30/wordart.docOfflineRTF zbetcheckin
2020-08-19 22:21:32http://198.23.213.30/wm.exeOfflineexe njRAT ext zbetcheckin
2020-08-19 22:10:45http://198.23.213.30/wg.exeOfflineAgentTesla ext exe zbetcheckin
2020-08-19 22:10:42http://198.23.213.30/wixx.exeOfflineexe NetWire ext zbetcheckin
2020-08-19 22:09:54http://198.23.213.30/wix.exeOfflineexe njRAT ext zbetcheckin
2020-08-19 11:08:05http://198.23.213.30/ngx.exeOfflineAgentTesla ext exe abuse_ch
2020-07-22 05:20:40http://198.23.213.30/word.exeOfflineAgentTesla ext exe njRAT ext abuse_ch
2020-07-17 11:32:03http://198.23.213.30/wii.exeOfflinenjRAT ext JAMESWT_MHT
2020-07-17 11:12:03http://198.23.213.30/wordx.docOfflinenjRAT ext JAMESWT_MHT
2020-07-13 09:55:12http://198.23.213.30/wxx.exeOffline njRat ext exe njRAT ext 0x3c7
2020-07-13 09:55:09http://198.23.213.30/word.docOfflinenjRAT ext RTF 0x3c7

The table below shows recent payloads delivery by this host.

Firstseen (UTC)SHA256 hashFile typeBazaarSignature
2020-08-19 22:21:34915d3671b676c842be045ce0a988511fd5740acb1f6448ebc388dcef92184fe1rtf  
2020-08-19 22:21:32d949ea4466b8a6048f1e1ba10f5720e5c03b6cf4b1e31a818900686f46e63e8eexe njrat
2020-08-19 22:10:45590cea1db2f4c767f7e75c0eb19be8a212414328cfb43f7be01cc05f807af69eexe AgentTesla
2020-08-19 22:10:420892b7b2ad0aac4629713617e299fd32923756730c015e60a9442b3b2e053179exeNetWire
2020-08-19 22:09:54bc1b24f6369fa108b03132e92ae1da9f14aa007c3dfb665cdf47a0282fefecf5exe njrat
2020-08-19 11:08:05095844e6eef92d5fa2ad30b887878b2874255453b4706285a7633edbb9216119exeAgentTesla
2020-08-06 03:01:08cebee7dc0112f960319868d6df1f9db37868e1912def20304af20a21bf409250exenjrat
2020-08-01 01:25:18f226b44eb44a2b8883a1966be5a943ed2ecf6646a094b6cccb78f23d08796e7eexe njrat
2020-07-24 09:54:26fa7942a25cea90d890bca23298576191b75723375e2106d8ada228a85bfcfa7fexenjrat
2020-07-24 09:31:20891a8e460bcb5674dcb63bb4822e7fe2b44c5e3bce54eef8138f1359b810c216exe  
2020-07-23 06:52:234915f66ed7caab4de6137ad5a73319f0e6bd04303545b57aa0f73bd224acedd9exe AgentTesla
2020-07-22 18:09:12b7e01380d58027103b282b33a910791af457a82a584b1f4aef4cbabb5bac62bcexe njrat
2020-07-22 05:20:40476d02f7c777bb08d97cf87c305e3cb4f41501c1b15ddd88e55f31bff0767b0aexenjrat
2020-07-20 04:15:0585830e6bdfb6889df4ee9fb075c9532e08f85a192c2272c79e9a0d869e267334exenjrat
2020-07-17 11:32:0339278bb543a44e69036e92d227d7af7a51807be8fc476157c50510c569a11121exenjrat
2020-07-17 11:12:035e0c9ae3d220d6e59d934fdc7cfae2ab70c2a1dc268d5beaf9c041ab5f3973dfrtfnjrat
2020-07-17 05:03:204264a2c707b26ff550984c32f308310627e09ae6240a0896a3d1be3e361dd84fexe njrat
2020-07-13 09:55:12596acc8d26bffcc1fe284217efb333e2c20b5c8767676c5d998c6787ecdf3fcfexe njrat
2020-07-13 09:55:09f9ddc04378f1933a94f82a3292731d65025f9956742bc3292157f9735823ef7frtf