URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2024-03-20 07:25:13	202.172.128.170	psvau03lwhm001.alpha24.net.au	Not listed	AS134189 ALPHANETAU-AS-AP	AU	yes

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2024-03-20 07:26:06	https://advancednetworks.com.au/im/Hematophagou...	Offline	ascii Encoded opendir	abuse_ch
2024-03-20 07:25:14	https://advancednetworks.com.au/im/nano.txt	Offline	ascii Encoded NanoCore opendir	abuse_ch
2024-03-20 07:25:14	https://advancednetworks.com.au/im/hvnmarc.txt	Offline	ascii Encoded opendir PureLogStealer	abuse_ch
2024-03-20 07:25:13	https://advancednetworks.com.au/im/bFxHC224.bin	Offline	encrypted opendir	abuse_ch
2024-03-20 07:25:13	https://advancednetworks.com.au/im/mar.txt	Offline	ascii AsyncRAT Encoded opendir xworm	abuse_ch

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2024-03-21 19:06:49	b45b5b98d0a8579678b157af4da091651e79dafcd0eb6f575b5f0fb10a169454	txt
2024-03-20 07:25:14	eb847b9d3d16455f8f9d48fba26dfbb47fe2e6f932082e88af1f4a328f80d536	txt		NanoCore
2024-03-20 07:25:14	1af4cb1ccd7c6232aba75f15e7c5a4f066e8ea7aba3b436195b45cd435567f84	txt		PureLogStealer
2024-03-20 07:25:13	f5718d6af52e13f7ba5b1b30437e091800759352a92820458664f5c80239f2eb	txt		AsyncRAT
2024-03-20 07:25:12	b3d4ef00d019c6cb07c38d899b5443301c2f8c294c2555c078b2093ceed9608c	unknown