URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	67.207.166.175
Firstseen:	2024-06-06 14:58:04 UTC
Total malware sites :	4
Online malware sites :	0 (0%)
Offline Malware sites :	4 (100%)

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2024-06-06 14:58:07	67.207.166.175	smtp4-15.fgrnetwork.net	Not listed	AS21769 AS-COLOAM	US	yes

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2024-06-11 19:05:10	http://67.207.166.175/xampp/gts/BrowserUpdate.hta	Offline	CobaltStrike hta	abuse_ch
2024-06-07 03:49:05	http://67.207.166.175/M0306T/lsass.exe	Offline	32 exe PureCrypter	zbetcheckin
2024-06-06 14:59:06	http://67.207.166.175/T0406W/lsass.exe	Offline	exe opendir PureCrypter PureLogStealer	abuse_ch
2024-06-06 14:58:07	http://67.207.166.175/xampp/gbh/lionsarekingogt...	Offline	doc PureCrypter PureLogStealer	abuse_ch

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Signature
2024-06-11 19:05:10	28499696b10d24ae8686b10f6afce67f6357d11490dd4a76a7e4a671a16d4ea6	hta	CobaltStrike
2024-06-07 03:49:05	da109106b97b7e8162f2a14a021aef67b1a6f26042c77559569e81177e30159a	exe	PureCrypter
2024-06-06 14:59:06	584c91693287a0d6c66f27a8c0f1841aad3368bc48b9d36b1088548f9f370032	exe	PureLogStealer
2024-06-06 14:58:06	67ad0f57895b9963fff217941c49d4eb97023d65fd5b3d36ab936c24fa35a6f0	rtf	PureLogStealer