URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host: 49.232.20.75
Firstseen:2024-06-14 09:00:09 UTC
Total malware sites :4
Online malware sites :0 (0%)
Offline Malware sites :4 (100%)

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)IP addressHostnameSBLASNCountryActive?
2024-06-14 09:01:36 49.232.20.75Not listedAS45090 TENCENT-NET-AP- CNyes

Malware URLs

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)URLStatusTagsReporter
2024-09-28 08:23:04http://49.232.20.75/ConfigureRegistrySettings.ps1OfflineCVE-2024-4577 opendir ps1 NDA0E
2024-09-11 18:51:16http://49.232.20.75/386.exeOfflineopendir trojan DaveLikesMalwre
2024-09-11 18:51:05http://49.232.20.75/shell.phpOfflineopendir php webshell DaveLikesMalwre
2024-06-14 09:01:36http://49.232.20.75/ade4f437.exeOfflineRansomware TellYouThePass abus3reports

The table below shows recent payloads delivery by this host.

Firstseen (UTC)SHA256 hashFile typeBazaarSignature
2024-09-11 18:51:16c15fb7ced35bbb4d1d0526ac1edd7c6676717b7a956e228dee995b5517d39ab6exe 
2024-07-02 16:19:509ba368f9b415c8f0295cc0fefdcf86b9ac7440ec196fcea2ab10024cfd0206e0exe  
2024-06-30 18:17:066d7b208d922f3ac1c60b8e30e6e859f865ba6b03ed9185c13518ef35ff0d80afexe  
2024-06-16 02:12:164763e2a1ca96374f9667179ad965da9c291a9a27eb5eff3ec97c45af6cd52e7dexe 
2024-06-14 09:01:3361644d571470050d747c81350fcb6cc181f7b7e8d27377d8df3661bdf8a4664cexe