URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2020-10-21 06:47:04	75.127.1.211	75-127-1-211-host.colocrossing.com	Not listed	AS36352 AS-COLOCROSSING	US	yes

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2020-10-24 14:16:06	http://75.127.1.211/kmk.exe	Offline	AgentTesla exe	zbetcheckin
2020-10-24 10:25:04	http://75.127.1.211/svch/document.doc	Offline	AgentTesla RTF	abuse_ch
2020-10-23 16:51:05	http://75.127.1.211/svch/vbc.exe	Offline	AgentTesla	James_inthe_box
2020-10-21 06:47:05	http://75.127.1.211/vbc.exe	Offline	AgentTesla exe	abuse_ch
2020-10-21 06:47:04	http://75.127.1.211/document.doc	Offline	AgentTesla RTF	abuse_ch

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2020-11-03 11:39:14	9c3e592960d98e85b859efbec06c7d1a880b083913b47c9d0fe1dfe4356fb118	rtf		AgentTesla
2020-10-24 14:16:06	4c9daefcd476a1a197393e0bc78cf0152090116893acf408dd681fb36fe41431	exe		AgentTesla
2020-10-24 10:25:04	4a25856a07811127b8f1b492abc00f953572f0c6bee4e5c1056c0af93528ca68	rtf		AgentTesla
2020-10-23 16:51:05	b4f20bb869575d8b20aaf614f422f6a889ed24d9a6031564235ff3f7a7a97bdc	exe		AgentTesla
2020-10-22 12:21:37	40c0e71256c3e1eb592155bcd9952f7e5b8cd9f025f5c910cb3a7a643357d81e	rtf		AgentTesla
2020-10-21 06:47:05	564430d34398ae8a04894b90c02aadfb95fce13a06644aa095f533a73aac4ff9	exe		AgentTesla
2020-10-21 06:47:03	dea6b31d495a161c81709e32785a647b65e0f5d6e4da3a8a0636e5dc9c67d1c9	rtf