URLhaus Database
Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).
Database Entry
IP addresses
The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.
| Firstseen (UTC) | IP address | Hostname | SBL | ASN | Country | Active? |
|---|---|---|---|---|---|---|
| 2025-04-28 03:40:25 | 202.52.146.236 | beran.idweb.host | Not listed | AS45324 GMEDIA-AS-ID |  ID | yes |
| 2022-08-23 21:32:21 | 202.52.146.156 | balecatur.idweb.host | Not listed | AS45324 GMEDIA-AS-ID | ID | no |
| 2021-08-24 11:53:07 | 202.52.146.108 | ipv4-202-52-146-108.idweb.host | Not listed | AS45324 GMEDIA-AS-ID | ID | no |
Malware URLs
The table below shows all malware URLs that are associated with this particular host.
| Dateadded (UTC) | URL | Status | Tags | Reporter |
|---|---|---|---|---|
| 2021-08-24 11:54:06 | http://hugometallancarjaya.com/cqi/NYoWQRn49U4H... | Offline | exe Formbook  opendir |  abuse_ch |
| 2021-08-24 11:54:05 | http://hugometallancarjaya.com/cqi/163hDjdt0xyh... | Offline | exe isrstealer opendir | abuse_ch |
| 2021-08-24 11:53:07 | http://hugometallancarjaya.com/cqi/6fhkaZ3xc71n... | Offline | AgentTesla exe opendir | abuse_ch |
The table below shows recent payloads delivery by this host.
| Firstseen (UTC) | SHA256 hash | File type | Bazaar | Signature |
|---|---|---|---|---|
| 2021-08-24 11:54:05 | 723653126eb7214b142d0e0c6689158f3acebc548a38f704e979347e2290a5cc | exe | ISRStealer | |
| 2021-08-24 11:54:05 | 6279bda546364cbd9bbeb7344824bf2a3efe3e016fde11ebe033987bd3e3a5f4 | exe | Formbook | |
| 2021-08-24 11:53:07 | 088e1d62ab8b0447fcef9bb32bb6ba58a998511eda17b81bc703ab2e63fe3ba0 | exe | AgentTesla |