URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2021-09-24 08:06:05	23.94.159.204	23-94-159-204-host.colocrossing.com	Not listed	AS36352 AS-COLOCROSSING	US	yes

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2021-09-28 09:13:04	http://23.94.159.204/pos/vbc.exe	Offline	32 AgentTesla exe Neshta	zbetcheckin
2021-09-28 06:16:06	http://23.94.159.204/poc/vbc.exe	Offline	AgentTesla exe Formbook Neshta opendir	abuse_ch
2021-09-24 08:06:05	http://23.94.159.204/nez/vbc.exe	Offline	exe Formbook Neshta	abuse_ch

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2021-10-02 16:33:03	5b9c3634412b0c729160d9f275c2ad8b1b26a2ab8b5053803445bbf48256d44c	exe
2021-09-29 04:28:21	8ebc0e8fa6f07dd4b811b2edefe9c447d913bc317ba0f072f9acb119996e291c	exe		AgentTesla
2021-09-29 04:20:25	8ebc0e8fa6f07dd4b811b2edefe9c447d913bc317ba0f072f9acb119996e291c	exe		AgentTesla
2021-09-28 16:36:12	015284fdcdf7aec49da8473352254a074ac85b8d4fbbeb799ca1b30cf6be221d	exe		AgentTesla
2021-09-28 16:35:05	015284fdcdf7aec49da8473352254a074ac85b8d4fbbeb799ca1b30cf6be221d	exe		AgentTesla
2021-09-28 09:13:04	21260151f07549ff5e1dc07ca6281d3fa876483f1dd014afde823fa0a0e0a1a2	exe		Neshta
2021-09-28 06:16:06	21260151f07549ff5e1dc07ca6281d3fa876483f1dd014afde823fa0a0e0a1a2	exe		Neshta
2021-09-24 08:06:04	bd0eb6fff38b72907c56ad02467144b61744a7d24a054ce14eddf779854180ca	exe		Neshta