URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	catuexpress.com
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Status unknown
AdGuard :	Not blocked
Cloudflare :	Not blocked
ProtonDNS :	Status unknown
OpenBLD :	Not blocked
DNS4EU :	Not blocked
Control D HaGeZi :	Not blocked
Firstseen:	2021-02-10 07:51:06 UTC
Total malware sites :	8
Online malware sites :	0 (0%)
Offline Malware sites :	8 (100%)
A record(s) observed :	2

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2021-11-19 01:24:52	112.213.91.61	mx9161.superdata.vn	Not listed	AS45544 SUPERDATA-AS-VN	VN	no
2021-02-10 07:51:10	112.213.89.143	ns89143.dotvndns.vn	Not listed	AS45544 SUPERDATA-AS-VN	VN	no

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2021-02-16 06:51:12	http://catuexpress.com/resources/assets/js/_vxt...	Offline	exe opendir	abuse_ch
2021-02-16 06:51:07	http://catuexpress.com/resources/assets/js/_vxt...	Offline	exe opendir	abuse_ch
2021-02-16 06:51:06	http://catuexpress.com/resources/assets/js/_vxt...	Offline	opendir RTF	abuse_ch
2021-02-16 06:50:07	http://catuexpress.com/resources/assets/js/_vxt...	Offline	RTF	abuse_ch
2021-02-10 07:53:42	http://catuexpress.com/vendor/psy/psysh/.phan/3...	Offline	Formbook opendir RTF	abuse_ch
2021-02-10 07:53:35	http://catuexpress.com/vendor/psy/psysh/.phan/3...	Offline	Formbook opendir RTF	abuse_ch
2021-02-10 07:52:35	http://catuexpress.com/vendor/psy/psysh/.phan/3...	Offline	exe Formbook opendir	abuse_ch
2021-02-10 07:51:10	http://catuexpress.com/vendor/psy/psysh/.phan/3...	Offline	exe Formbook opendir	abuse_ch

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Signature
2021-02-16 06:51:12	7afb56dd48565c3c9804f683c80ef47e5333f847f2d3211ec11ed13ad36061e1	exe
2021-02-16 06:51:07	f2d2638afb528c7476c9ee8e83ddb20e686b0b05f53f2f966fd9eb962427f8aa	exe
2021-02-16 06:51:06	7af1ef25cfb603e1e9b582926f5334d59b2720c015588c31acd1bb8f641c81ce	rtf
2021-02-16 06:50:05	6368366a13737111f8db23525b8b11929a08d48ebb832de3d1b610087e4e9fad	rtf
2021-02-10 07:54:40	8e36fffa202c9e53540594a8032a2c13751dc6088007f62e7cdd08eea6d71c27	rtf	Formbook
2021-02-10 07:54:29	4f458d13d054cb8e9cb734d6929fe65b59b2a25e2c460af1fc788ca490118a85	exe	Formbook
2021-02-10 07:54:29	745432050ad32513f9bfefee18a6b6421770f63e56f1d1dd58ec96c48f6d23d5	rtf	Formbook
2021-02-10 07:51:10	07febd49f76153c48a0a4f9803e4e62fa589413c99280f0838b73f3e0260e713	exe	Formbook