URLhaus Database
Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).
Database Entry
| Host: | mobshah.com |
|---|---|
| Domain registrar: | eNom  |
| Domain registration date: | 2002-06-04 22:12:18 UTC |
| Spamhaus DBL : | Abused domain (malware) |
| SURBL : | Not blocked |
| Quad9 : | Blocked |
| AdGuard : | Blocked |
| Cloudflare : | Blocked |
| ProtonDNS : | Blocked |
| OpenBLD : | Blocked |
| DNS4EU : | Not blocked |
| Control D HaGeZi : | Not blocked |
| Firstseen: | 2025-10-03 05:33:05 UTC |
| Total malware sites : | 8 |
| Online malware sites : | 4 (50%) |
| Offline Malware sites : | 4 (50%) |
| Newest active malware site : | 2026-03-14 19:43:08 UTC |
| Oldest active malware site : | 2025-10-03 05:33:22 UTC (Age: 6 months, 2 days, 3 hours, 46 minutes) |
| A record(s) observed : | 1 |
IP addresses
The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.
| Firstseen (UTC) | IP address | Hostname | SBL | ASN | Country | Active? |
|---|---|---|---|---|---|---|
| 2025-10-03 05:33:22 | 50.116.92.215 | cloud196.hostgator.com | Not listed | AS31898 ORACLE-BMC-31898 | US | yes |
Malware URLs
The table below shows all malware URLs that are associated with this particular host.
| Dateadded (UTC) | URL | Status | Tags | Reporter |
|---|---|---|---|---|
| 2026-03-24 09:33:08 | https://mobshah.com/dd/pp.sam | Offline | ascii Encoded GuLoader  |  abuse_ch |
| 2026-03-14 19:43:08 | https://mobshah.com/AkSejIf.txt | Online | rev-base64-loader xworm | abuse_ch |
| 2026-03-14 19:38:08 | https://mobshah.com/MSI_163251.png | Online | rat RemcosRAT | abuse_ch |
| 2026-03-14 19:38:08 | https://mobshah.com/img_173622.png | Online | rat RemcosRAT | abuse_ch |
| 2026-03-04 06:12:08 | https://mobshah.com/kbIkdoe.txt | Offline | ascii rev-base64-loader xworm | abuse_ch |
| 2025-10-03 09:18:25 | https://mobshah.com/arquivo_20251002111342.txt | Offline | ascii xworm | abuse_ch |
| 2025-10-03 09:18:11 | https://mobshah.com/arquivo_20251002111333.txt | Offline | ascii Encoded rev-base64-loader xworm | abuse_ch |
| 2025-10-03 05:33:22 | https://mobshah.com/images/optimized_MSI.png | Online |  JAMESWT_WT |
The table below shows recent payloads delivery by this host.
| Firstseen (UTC) | SHA256 hash | File type | Bazaar | Signature |
|---|---|---|---|---|
| 2026-03-14 19:43:08 | d4f8aba47770f215d6be5f4b3f3118d615de3e917c2dd2ecd48b2eb399c5bdd5 | txt | ||
| 2026-03-14 19:38:08 | 892e22e30677ad669867819f569b78a80096c1e3b7850e9ff170cf1f834b4456 | unknown | ||
| 2026-03-14 19:38:08 | 091bc44c7ca90360f10d97147d47140e49a5375d956bfce1ed2b49bce39b5326 | unknown | ||
| 2026-03-04 06:12:08 | 7571c0a8568b366fa27987702bd54c1a408d5177af9c83aec9a4ba69aa9f181c | txt | ||
| 2025-10-27 03:24:32 | de9789f86432cef627656b18accf709fb34be7c50fe4ddbb75aead4b60709402 | unknown | ||
| 2025-10-06 07:56:29 | 019861676812da1c6dc1b7da6aaf423a189583c236d60f4870eb8e4eea9a22e8 | unknown | ||
| 2025-10-03 09:18:25 | d8daed2996d72f487fbf1cf651d528619cf04295b013b84c14e7941ad4684dd1 | txt | ||
| 2025-10-03 09:18:11 | 2480edc49e1368fd7452d83323a6b599971cde46a2aca5718e0ebf9549c516fb | txt | ||
| 2025-10-03 05:33:22 | 21a730e59f4f7258dd0d99d7d6e1d6ec9933021b3f8467a314e58f220d32881c | unknown |