URLhaus Database
Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).
Database Entry
IP addresses
The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.
| Firstseen (UTC) | IP address | Hostname | SBL | ASN | Country | Active? |
|---|---|---|---|---|---|---|
| 2020-11-22 02:47:46 | 107.150.19.240 | 107.150.19.240.static.quadranet.com | Not listed | AS36352 AS-COLOCROSSING |  US | no |
| 2020-11-24 00:50:22 | 35.223.59.207 | 207.59.223.35.bc.googleusercontent.com | Not listed | AS396982 GOOGLE-CLOUD-PLATFORM | US | no |
| 2020-11-18 20:16:17 | 154.127.53.127 | Not listed | AS396073 MAJESTIC-HOSTING-01 | US | no | |
| 2021-05-08 15:46:35 | 91.46.144.52 | p5b2e9034.dip0.t-ipconnect.de | Not listed | AS3320 DTAG |  DE | no |
Malware URLs
The table below shows all malware URLs that are associated with this particular host.
| Dateadded (UTC) | URL | Status | Tags | Reporter |
|---|---|---|---|---|
| 2020-11-19 05:38:06 | http://ghost00710.ddns.net/2/mcaceres.exe | Offline | AgentTesla  exe |  Jouliok |
| 2020-11-18 20:16:20 | http://ghost00710.ddns.net/1/formbook.exe | Offline | exe Formbook |  jstrosch |
| 2020-11-18 20:16:17 | http://ghost00710.ddns.net/1/xgarnica.exe | Offline | AgentTesla exe | jstrosch |
The table below shows recent payloads delivery by this host.
| Firstseen (UTC) | SHA256 hash | File type | Bazaar | Signature |
|---|---|---|---|---|
| 2020-11-19 05:38:06 | e0cb1fe1256cbf26178ffac07b55cdbd9ed9e9cd53d1d2642f8ba43db84cf8b4 | exe | AgentTesla | |
| 2020-11-18 20:16:16 | 86a499bef345b155ab8111717c6ebb408b3cbbade895b9a8fd1c700180e528e4 | exe | AgentTesla | |
| 2020-11-18 20:16:16 | 8abe9e652522b04474493b15bb017c89b5f295000d363fd94b0961874fc1c4dd | exe | Formbook |