URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	2.58.149.2
Firstseen:	2022-05-17 09:43:03 UTC
Total malware sites :	19
Online malware sites :	0 (0%)
Offline Malware sites :	19 (100%)

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2022-05-17 09:43:04	2.58.149.2		Not listed	AS212238 CDNEXT	NL	yes

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2022-06-13 08:54:04	http://2.58.149.2/Request_for_Budgetary_Quotati...	Offline		c_APT_ure
2022-06-13 08:54:03	http://2.58.149.2/HSBC_Customer_Payment_Copy_Pd...	Offline		c_APT_ure
2022-06-09 14:42:04	http://2.58.149.2/IMAGE_090002022_Apsudfuq.bmp	Offline	avemaria	James_inthe_box
2022-06-09 13:58:04	http://2.58.149.2/9_Payment_Qdguovbk.bmp	Offline	avemaria	James_inthe_box
2022-06-08 09:04:04	http://2.58.149.2/trans.exe	Offline	AgentTesla AveMariaRAT exe	abuse_ch
2022-06-05 15:32:04	http://2.58.149.2/TT_copy_for_June_05_Ddfvvhmu.bmp	Offline	AgentTesla encrypted	abuse_ch
2022-06-05 07:09:04	http://2.58.149.2/RTGS_copy_04_Jetodect.bmp	Offline	AgentTesla encrypted	abuse_ch
2022-06-01 20:04:04	http://2.58.149.2/Rtgs_Payment_slip_Qksjzbww.jpg	Offline	AgentTesla LLDLoader	AndreGironda
2022-06-01 07:16:04	http://2.58.149.2/puty_Zowwpowo.jpg	Offline	encrypted NanoCore rat	abuse_ch
2022-05-31 20:21:04	http://2.58.149.2/Payment_made_on_30th_Efysgvrt...	Offline	LLDLoader	AndreGironda
2022-05-30 06:12:06	http://2.58.149.2/payment_Pohljgav.png	Offline	Ave Maria avemaria AveMariaRAT LLDLoader WarzoneRat	AndreGironda
2022-05-29 06:39:04	http://2.58.149.2/Payment_Image_pdf_Sgtbhmsi.png	Offline	encrypted NanoCore rat	abuse_ch
2022-05-28 21:04:03	http://2.58.149.2/puty.exe	Offline	32 AgentTesla AveMariaRAT exe NanoCore	zbetcheckin
2022-05-28 20:32:04	http://2.58.149.2/Payment_Slip_Pinkznwi.bmp	Offline	LLDLoader NanoCore	AndreGironda
2022-05-27 15:05:08	http://2.58.149.2/mony_Ynuwkphm.jpg	Offline	AsyncRAT encrypted rat	abuse_ch
2022-05-25 15:48:03	http://2.58.149.2/mony.exe	Offline	32 AveMariaRAT exe	zbetcheckin
2022-05-24 17:33:04	http://2.58.149.2/21.jpg	Offline	32 exe	zbetcheckin
2022-05-17 10:45:04	http://2.58.149.2/detail12345_Kgxrxcks.jpg	Offline	AgentTesla encrypted	abuse_ch
2022-05-17 09:43:04	http://2.58.149.2/1.exe	Offline	32 AgentTesla exe	zbetcheckin

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Signature
2022-06-15 00:23:42	b47228784086e39923d8ee4ac620e0c5497ffc2af8dc1a8cffa0fe0a47d2b613	exe	AgentTesla
2022-06-10 15:23:08	3f15e407b8234ab251c158249badba9314196f65e40f49b0bd48f46c04c78955	exe	AgentTesla
2022-06-10 11:52:18	4b350d60564405dc0b1bcbe7b53b15688d6ff2bff03846f4aa5bc9b9c7de67e5	exe
2022-06-10 03:43:42	12fd9af35210339752f15a0f68e725cd30f9879e1764b43e7bc466c824f8b77d	exe
2022-06-09 16:16:07	9333619417da67f48057fac9c739d78a5e9c523fa7961661ce87d9a293a938c9	exe
2022-06-09 14:42:04	d41bcfdf6196ac7610a71244b50e20014760e43631c993448691838377b22286	unknown
2022-06-09 13:58:04	d5346d13afe1f8e71aaf1a62d842d2d39bbacf7184cc108df5e437a2a1e721c9	unknown
2022-06-09 12:36:52	dd4f8b37f22b593fa5703d0760eebbc1316e13edf3edabf7e9ade0de7075fd63	exe	AgentTesla
2022-06-09 05:44:20	922e73490e896a581831e49e8fc5f473ce0cdf0273f8b7cf1db1fb6bb178c1aa	exe	AgentTesla
2022-06-08 15:01:03	7a39b96dfbfc447fc654bd214ec01f93d95e190308aaafd3d821e8afcd670846	exe	AgentTesla
2022-06-08 10:24:09	1313cca58fdf2c3ce14ce98378ac7066eec82c17232c81a6d13bb08133e1a8ef	exe	AgentTesla
2022-06-08 09:59:18	a9bdc46a68ce46ea1dbdecb4637931f02bfdb07c2562f7530ba2b43aa1983a9a	exe	AveMariaRAT
2022-06-08 09:04:04	4a6fd916d6b46a2edddcb8b0a9c47bc81726548a88b507866f34e121dcc6bc66	exe	AgentTesla
2022-06-05 15:32:04	95b4cc56a4f015ecd863fb95c0ccebdf8ecd7136b5cd23daf222ace67d4c306b	unknown
2022-06-05 07:09:04	704656af76adb72d202717ced014b8c65822d5e1aaca0a13d9910d315522878f	unknown
2022-06-01 20:04:03	70a12c8ada59f5439124d3256587c98c0d9140d49d35200d0e3c11aa5075c8c9	unknown
2022-06-01 13:32:20	d364bb32fc468a1b11efd8a4434ed7c300a3232f699ebc11fc4d2050e6104df7	exe	NanoCore
2022-06-01 07:16:04	47cbd8e780641a412cda714cfda92ce7fdee81248163e0f9c5fe5602c297f287	unknown
2022-05-30 06:12:06	dec4102c00e4d6d0aac63e723eecaa7a9694070a1d2bbd9038fd2f0a2dc2e399	unknown
2022-05-29 20:20:25	26c71cb3812cef12304be958380ac2b257469b375930533a8c44354c8510e519	exe	AveMariaRAT
2022-05-29 06:39:04	a11550253a46788bbb094f941f1eac95e7338a9dc8c769215e0b8119dc7cc9fe	unknown
2022-05-28 21:04:03	f4248f09778780307d68ed068ed5cdcea48ea1c13555bd7bb05ce7f641017833	exe	NanoCore
2022-05-28 20:32:04	5df4467514030dda60655c8fcf6b67736911548495349b26ccdc353d3f63863a	unknown
2022-05-27 15:05:07	fd0f6ae46829446897776740ee86acf37d70b32a8c120fb289b9db0eae3f3af6	unknown
2022-05-25 15:48:03	b0773d0dcca492d5ac179ef976c7e8dbd2f8c251edd30ab02d89c7850b85d858	exe	AveMariaRAT
2022-05-24 17:33:04	372380a1531316fb6d46e2a9506104568ada64e3aa2586c54ac4fed0b0c06014	exe
2022-05-17 10:45:04	a05ed31c34f23d99f3fc0094c2940add8b0ae74a18fa7544278c9b4ed75d61d5	unknown
2022-05-17 09:43:03	0d8ee7843db6ed92cd471a56241636ea54126f5754c21f6a76e124e7e92ecaa6	exe	AgentTesla