URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2023-06-14 05:03:11	23.94.148.6	23-94-148-6-host.colocrossing.com	Not listed	AS36352 AS-COLOCROSSING	US	yes

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2023-07-03 08:32:11	http://23.94.148.6/now.exe	Offline	AgentTesla exe	abuse_ch
2023-06-27 06:31:11	http://23.94.148.6/good.exe	Offline	AgentTesla exe	abuse_ch
2023-06-21 06:35:08	http://23.94.148.6/FRE.exe	Offline	AgentTesla exe	abuse_ch
2023-06-15 07:46:08	http://23.94.148.6/GIB.exe	Offline	AgentTesla exe	abuse_ch
2023-06-14 05:03:11	http://23.94.148.6/DOO.exe	Offline	AgentTesla exe	abuse_ch

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2023-07-03 08:32:11	4c5aafde9ec3711992c73ffeabb62dbbc2f9cd2b0d398ba7783d7890f0704af0	exe		AgentTesla
2023-06-27 06:31:11	8729ea2e975594942343d1407bd47345daa356b354986bbc6efe9a86fbd3ca19	exe		AgentTesla
2023-06-22 01:55:43	9b64b277877e4f86c3930908d1e37f769845098763384520575141c0b4f4f372	exe
2023-06-21 06:35:07	9aeb2d018c7e89a6211ec5653882b84a042c28c6b4ff1d7f49388ff97b3a6ba4	exe		AgentTesla
2023-06-19 02:45:10	9322aba6565a41f6866f5641f577fc6f7605b131a1ef15d737bb42e029743fa7	exe		AgentTesla
2023-06-15 07:46:07	caf42b1f04263f24d4911b5df67dfe700c046af1b1d5e7f299afcd5f698a4db1	exe		AgentTesla
2023-06-14 05:03:05	cd45acb8d6995389a4667133e25d150f6f62e5dac5bed0f6f043d40bb59488d4	exe		AgentTesla