URLhaus Database
Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).
Database Entry
| Host: | 45.131.135.227 |
|---|---|
| Firstseen: | 2024-12-12 06:45:06 UTC |
| Total malware sites : | 2 |
| Online malware sites : | 0 (0%) |
| Offline Malware sites : | 2 (100%) |
IP addresses
The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.
| Firstseen (UTC) | IP address | Hostname | SBL | ASN | Country | Active? |
|---|---|---|---|---|---|---|
| 2024-12-12 06:45:09 | 45.131.135.227 | Not listed | AS215026 WALEHOST |  NL | yes |
Malware URLs
The table below shows all malware URLs that are associated with this particular host.
| Dateadded (UTC) | URL | Status | Tags | Reporter |
|---|---|---|---|---|
| 2024-12-12 20:32:06 | http://45.131.135.227/tbhy.ps1 | Offline |  abuse_ch | |
| 2024-12-12 06:45:10 | http://45.131.135.227/Captcha.hta | Offline | hta LummaStealer |  lontze7 |
The table below shows recent payloads delivery by this host.
| Firstseen (UTC) | SHA256 hash | File type | Bazaar | Signature |
|---|---|---|---|---|
| 2025-01-16 22:39:30 | e1241972cf8a6db9acf24036386ab9fff327447b31d64199a32fef6a3d5e7cbd | hta | ||
| 2025-01-16 21:15:34 | fc5aa234866ba141d51e6e17115c969832ba2b6aedb5da253d4107af20f1b7cf | hta | ||
| 2024-12-12 22:55:01 | df63eda4107b614d7a1138490e5c23d657ef4966d7af8c5bd747e5c06a4b231c | hta | LummaStealer | |
| 2024-12-12 16:05:35 | 8abf12e3a919213c8ff825c1cc1df070990156d829bd5c55d6ce2f6974d77272 | hta | LummaStealer | |
| 2024-12-12 06:45:09 | a5a7a72decc3a1f9bb2e0c39269f9660051a3a40c34f87789e33995b9dd2b9e1 | hta | LummaStealer |