URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host: lesadh.com
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Status unknown
AdGuard :Blocked
Cloudflare :Blocked
ProtonDNS :Status unknown
OpenBLD :Not blocked
DNS4EU :Blocked
Control D HaGeZi :Not blocked
Firstseen:2020-08-14 08:35:03 UTC
Total malware sites :2
Online malware sites :0 (0%)
Offline Malware sites :2 (100%)
A record(s) observed :6

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)IP addressHostnameSBLASNCountryActive?
2020-10-12 01:00:07 162.241.115.157162-241-115-157.webhostbox.netNot listedAS19871 NETWORK-SOLUTIONS-HOSTING- USno
2020-10-05 00:36:30 103.91.64.78Not listedAS55720 GIGABIT-MY- MYno
2020-09-20 23:54:51 185.244.149.231mx.cndomainnames.comNot listedAS60117 HS- ROno
2020-09-13 19:38:46 23.254.164.146hwsrv-1108214.hostwindsdns.comNot listedAS54290 HOSTWINDS- USno
2020-09-08 14:37:59 176.107.176.169176.107.176.169.ip.internetspace.com.uaNot listedAS47987 DELTAHOST-KYIV- UAno
2020-08-14 08:35:06 206.123.159.201Not listedAS137409 GSLNETWORKS-AS-AP- INno

Malware URLs

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)URLStatusTagsReporter
2020-08-14 08:36:21http://lesadh.com/gears/hint.txtOfflineAgentTesla ext exe opendir abuse_ch
2020-08-14 08:35:06http://lesadh.com/bim/File.txtOfflineexe opendir abuse_ch

The table below shows recent payloads delivery by this host.

Firstseen (UTC)SHA256 hashFile typeBazaarSignature
2020-08-14 08:36:2115198db6364e7676c89fd343b0ae8d44b216c5da6ea8d627e525e08d5889ddf2exeAgentTesla
2020-08-14 08:35:05dc510d8e52d6e0d1ecd5b7e8640a1cb4ae4aba0543585a0e688763fe9d237d87exe