URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	nestlex.tk
Domain registrar:	Freenom
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Status unknown
AdGuard :	Blocked
Cloudflare :	Blocked
ProtonDNS :	Status unknown
OpenBLD :	Blocked
DNS4EU :	Blocked
Control D HaGeZi :	Not blocked
Firstseen:	2021-06-23 13:57:03 UTC
Total malware sites :	10
Online malware sites :	0 (0%)
Offline Malware sites :	10 (100%)
A record(s) observed :	5

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2021-10-13 08:34:09	2.56.59.211		Not listed	AS3758 SINGNET	SG	no
2021-10-07 17:12:32	195.133.18.140		Not listed	AS205007 ESERVER-RS	CZ	no
2021-06-23 14:18:30	185.239.243.112	ns1.20mb.nl	Not listed	AS212238 CDNEXT	US	no
2021-09-17 08:06:00	104.248.32.225	food.bornfight.dev	Not listed	AS14061 DIGITALOCEAN-ASN	DE	no

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2021-10-12 16:32:06	http://nestlex.tk/mazx.exe	Offline	exe Formbook	abuse_ch
2021-10-11 18:47:05	http://nestlex.tk/famzx.exe	Offline	exe Formbook	abuse_ch
2021-10-11 18:22:04	http://nestlex.tk/templezx.exe	Offline	SnakeKeylogger	AndreGironda
2021-10-11 14:20:06	http://nestlex.tk/obinnazx.exe	Offline	exe Formbook	ffforward
2021-10-11 10:20:09	http://nestlex.tk/harshmanzx.exe	Offline	exe Formbook	abuse_ch
2021-10-08 05:14:06	http://nestlex.tk/mavzx.exe	Offline	AgentTesla exe Formbook	abuse_ch
2021-10-07 19:56:07	http://nestlex.tk/obizx.exe	Offline	exe Formbook	abuse_ch
2021-10-07 08:09:04	http://nestlex.tk/nwamazx.exe	Offline	exe Oski OskiStealer	abuse_ch
2021-10-06 18:14:03	http://nestlex.tk/bluezx.exe	Offline	exe SnakeKeylogger	abuse_ch
2021-06-23 13:57:04	http://nestlex.tk/hussanx.exe	Offline	GuLoader	James_inthe_box

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2021-10-12 17:07:13	51d534b716e35b643ac2a4aa73effe9607abfc61a36b7b4a423c9383002b755e	exe		Formbook
2021-10-12 13:48:03	9f30d57fc655ec6f960bccde03a26d7af12839c55d6051aad379368881510f33	exe		SnakeKeylogger
2021-10-12 12:37:46	ff64ff314c7947e5faae8181ac818b124a6d17d0fc3a66e8777a78a613d6093c	exe		Formbook
2021-10-12 12:28:28	d43f8c736bd68c607021e9867d0c2e942b94bb1e8a5c5dc9804f9109148b21e3	exe		AgentTesla
2021-10-12 08:39:30	f2a5c2addef1471e98841eb5f2abbc5cd27c360f8850a69ef0a233d07744a9b8	exe		Formbook
2021-10-12 08:11:03	b877e6f41d83c546f056fa7f88b5f323d944616a9919025e71971d034b56b592	exe		Formbook
2021-10-12 08:09:52	4a028b7f272dd96c75716d2268b551576a01ebccaca97bb19da43ec21dbe8514	exe		Formbook
2021-10-11 18:47:04	3c5d2a990e487ad59a140909b2e6047494467b163f6696be5e247f644e4c3210	exe		Formbook
2021-10-11 18:22:04	e1a998ebde58e307397c9446947fe0b10dee23f730388734331388b1184029cd	exe		SnakeKeylogger
2021-10-11 14:20:06	76cd5f994be53f3f24e2b2018263b9ab582e84870ee8d24f38c6d11adae3688c	exe		Formbook
2021-10-11 10:20:09	22a5161a4d95e737100936f93042049719d13a8437d751c22ad485ed51ee7c96	exe		Formbook
2021-10-08 05:14:06	4b8143fc8d8d9ffc0efdc2eaf1e66a15c3ff56cd7e53429083f5fb908f5b9c67	exe		Formbook
2021-10-08 01:47:34	4acff00f1935efe2a12c8537de8b10c33bd714a07a8cdaafb56459f368acc669	exe		OskiStealer
2021-10-07 19:56:07	dfbb8dc13848a4763fddee0be94415ef938755656c54e3f151995e2d50f251dc	exe		Formbook
2021-10-07 08:09:04	1ad022fe6f175e63e599e94fcc39c0e909e4f733f34e290dd3a6ce9692aa2f33	exe		OskiStealer
2021-10-06 18:14:03	09f0b5fc12a7e772802d521bc82025a39be6ad148067648108e61f795ebb841d	exe		SnakeKeylogger
2021-06-23 13:57:03	7f347545daf832b84a0cb2d823af46e874cb7c69f436814c58355262e594c4d3	exe		GuLoader