URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2021-12-06 18:16:03	64.188.19.241	64.188.19.241.static.quadranet.com	Not listed	AS9304 HUTCHISON-AS-AP	US	yes

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2022-02-10 17:00:03	http://64.188.19.241/databook.vbs	Offline	RemcosRAT	Anonymous
2022-02-07 20:37:03	http://64.188.19.241/faktura.jpg	Offline	ascii js rat RemcosRAT	abuse_ch
2022-02-07 20:36:04	http://64.188.19.241/dataf.vbs	Offline	ascii rat RemcosRAT vbs	abuse_ch
2022-01-06 08:44:03	http://64.188.19.241/na.jpg	Offline	js	abuse_ch
2021-12-21 08:34:03	http://64.188.19.241/atac.jpg	Offline	ascii js rat RemcosRAT	abuse_ch
2021-12-06 18:16:03	http://64.188.19.241/credit.exe	Offline	GuLoader RemcosRAT	James_inthe_box

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2022-02-10 17:00:03	b53db8cda884be522adeb2f293a41fa80fa2522b3c2eedb1ed20841c5a41d716	unknown		RemcosRAT
2022-02-07 20:36:04	1647393d7971b61b15821198c9acb29501e0698e785d69d8d4de46b0c98952ec	unknown		RemcosRAT
2021-12-09 17:41:34	39489d9a2e675056490c11772bbbb8764e38a027ecce2c97870a015ac6dacda2	exe
2021-12-08 18:36:21	573a50e653d75638b304b1a938f73ab9a787d92c2bcecd20e54dd5dad6a549f0	exe
2021-12-07 15:14:15	c0c762ca6f6234b32a2a52b2dadf5b0d35c935a56b6676a9da92bee2fd3d7a6f	exe		RemcosRAT
2021-12-06 18:16:03	d1fddb73e4e00bd2b9d0596d36572c3493df2ca53f0bf229fb46dd1e8ab41c93	exe		RemcosRAT