URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2024-11-18 17:30:13	66.63.187.231		Not listed	AS36352 AS-COLOCROSSING	US	yes

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2024-12-07 14:36:21	http://66.63.187.231/35/tu-35.exe	Offline	Loki	abus3reports
2024-12-04 12:50:07	https://66.63.187.231/xampp/rfg/thisprojectreal...	Offline	RemcosRAT	abus3reports
2024-12-04 12:49:08	https://66.63.187.231/xampp/noc/seemefasterthan...	Offline	Loki RemcosRAT	abus3reports
2024-12-04 12:49:08	https://66.63.187.231/xampp/wer/we/seemybestopt...	Offline	Loki RemcosRAT	abus3reports
2024-12-04 12:02:07	http://66.63.187.231/xampp/rfg/thisprojectreall...	Offline	RemcosRAT	abus3reports
2024-11-20 10:00:10	http://66.63.187.231/xampp/wer/we/seemybestopti...	Offline	doc Loki	NDA0E
2024-11-20 09:55:08	http://66.63.187.231/33/caspol.exe	Offline	exe Loki	NDA0E
2024-11-20 09:54:05	http://66.63.187.231/xampp/wer/goodtoseeuthatgr...	Offline	hta Loki	NDA0E
2024-11-18 17:30:14	http://66.63.187.231/657/caspol.exe	Offline	exe Loki	abuse_ch
2024-11-18 17:30:13	http://66.63.187.231/xampp/noc/seemefasterthanb...	Offline	hta Loki	abuse_ch

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2025-05-29 18:19:05	63abf8d9d2745b7e750c05a17685e5c876b451b3bec725a377cc94f295e24a66	hta
2025-05-29 00:51:12	2926673738a3c31ed5aa5f19e9f9c2c9612d4e414a0d1294b472e453ca1e9694	hta
2025-05-24 17:32:52	b587078f0d55e2095d5e3454fef889baf4fbc221071e346bbbfe15fda82530e6	hta		RemcosRAT
2025-05-23 23:23:50	8ecf064898d8d9bb52b2bcedfe9bdd2636f9f4eb540b529a1e9922f392ef7fcd	hta		RemcosRAT
2025-05-23 05:18:23	09552b6bb1d51128451bb5b8eeb2675951723dab27cf9286912e59cfa974a5fc	hta
2025-05-22 23:57:20	dba8e26e7537d29b0e0a54f510e47b11c942938f04afbe8f92508425cb023c79	hta
2025-05-22 05:54:50	2bfc0c829cd36b907e40a988d24b859a3bc90b9ce05782a4ae1e9d555d4007e1	hta
2025-05-21 23:16:45	bb411e91c0310b89b99583a93aff342ba6ac68af9f99f9fe35ce913998710999	hta
2025-05-20 23:29:15	a2692b7228aa415bbcd22ec28084a83a7163f707b14ccf898880a582082cf140	hta
2025-05-18 19:18:40	031678a363edc04b08df68a9877f6d5da12f170425b748864e789f12524489fa	hta
2025-05-18 17:34:48	f83d266d54e11dc82d72943177208e5f37d08630b328af09533c46c54a343fac	hta
2025-05-14 22:09:42	ce2ea88d0d332c2ebb17e05a3b542000dd5a984bc9a68fb7626592853cee81bc	hta
2025-05-14 12:52:09	6dd3d58d86b6a55c1e2d217f717715d2c7f271a1ac9c3cd7fe62b2d908d0d1cd	hta
2024-12-07 14:36:21	de3a30c0b47d80e830816275d72030c3574b24780398040fafc29f934c06e1c6	exe		Loki
2024-12-04 12:50:07	679fca0a3e4f112bfbe5debef5916bfe7ebaef8e64f058c2fab897b7c0d83c0b	rtf		RemcosRAT
2024-12-04 12:49:08	dbcbb51e8c114fa8a7b9a1da2bbba100994eea4ed407bc338dedec5f811ade21	hta		Loki
2024-12-04 12:49:08	564a4e9044bd96c3c67ae4c596664a2d9a7ecd1962872ac836e051949fb109b1	rtf		Loki
2024-12-04 12:02:07	679fca0a3e4f112bfbe5debef5916bfe7ebaef8e64f058c2fab897b7c0d83c0b	rtf		RemcosRAT
2024-11-20 10:00:10	564a4e9044bd96c3c67ae4c596664a2d9a7ecd1962872ac836e051949fb109b1	rtf		Loki
2024-11-20 09:55:08	59586e753c54629f428a6b880f6aff09f67af0ace76823af3627dda2281532e4	exe		Loki
2024-11-20 09:54:05	9fd433cd543ab161d2a3ccb96a265c79ee0bb1a513647c0c33c72114660c64ac	hta		Loki
2024-11-19 09:28:59	d4c86776bcf1dc4ffd2f51538f3e342216314b76cdba2c2864193350654a9aca	exe		Loki
2024-11-18 17:30:13	f3246d0ca5ca8e69f98ca33b2c17813d5d862049dcfa9931dbcbaaaf7543a1f7	exe		Loki
2024-11-18 17:30:13	dbcbb51e8c114fa8a7b9a1da2bbba100994eea4ed407bc338dedec5f811ade21	hta		Loki