URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	qu.ax
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Not blocked
AdGuard :	Not blocked
Cloudflare :	Not blocked
ProtonDNS :	Not blocked
OpenBLD :	Not blocked
DNS4EU :	Not blocked
Control D HaGeZi :	Not blocked
Firstseen:	2023-08-25 17:48:04 UTC
Total malware sites :	21
Online malware sites :	0 (0%)
Offline Malware sites :	21 (100%)
A record(s) observed :	324

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2025-12-03 08:38:26	43.250.54.137		Not listed	AS50049 RSL-AS-AP	NL	yes
2025-12-07 10:42:01	188.245.250.181	static.181.250.245.188.clients.your-server.de	Not listed	AS24940 HETZNER-AS	DE	no
2025-12-07 10:42:01	46.224.55.203	static.203.55.224.46.clients.your-server.de	Not listed	AS24940 HETZNER-AS	DE	no
2025-12-02 10:32:15	141.227.130.73		Not listed	AS16276 OVH	NL	no
2025-12-02 10:32:15	141.227.138.101		Not listed	AS16276 OVH	CH	no
2025-12-02 10:32:15	141.227.168.130		Not listed	AS16276 OVH	FR	no
2025-12-01 12:34:18	141.227.130.223		Not listed	AS16276 OVH	NL	no
2025-12-01 12:34:18	141.227.138.161		Not listed	AS16276 OVH	CH	no
2025-12-01 12:34:17	141.227.166.190		Not listed	AS16276 OVH	FR	no
2025-04-15 20:49:54	141.227.130.63		Not listed	AS16276 OVH	NL	no

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2025-04-20 08:00:08	https://qu.ax/VOUeT.zip	Offline		abus3reports
2025-02-21 19:56:05	https://qu.ax/ffQwq.mp4	Offline	extracted hta IDATDropper lnk-commandline	NDA0E
2025-02-17 19:24:04	https://qu.ax/EzGRC.mp4	Offline	hta qu.ax	DaveLikesMalwre
2025-02-16 13:20:17	https://qu.ax/vyEaw.rpm	Offline	HijackLoader zip	aachum
2025-02-16 13:20:06	https://qu.ax/vVNEO.bin	Offline	HijackLoader zip	aachum
2025-02-14 18:19:15	https://qu.ax/MmLFL.bin	Offline	HijackLoader zip	aachum
2024-12-07 14:38:18	https://qu.ax/CGDL.doc	Offline		abus3reports
2024-10-11 07:57:05	https://qu.ax/EJald.js	Offline	ascii js xworm	abuse_ch
2024-09-27 08:45:05	https://qu.ax/qsVM.vdf	Offline	ua-wget	abus3reports
2024-09-27 08:45:05	https://qu.ax/ese.pdf	Offline	ua-wget	abus3reports
2024-07-12 08:19:07	https://qu.ax/Npl.js	Offline	ascii AsyncRAT Encoded js rat	abuse_ch
2023-11-20 09:04:05	https://qu.ax/kVDT.zip	Offline		cocaman
2023-11-20 07:20:09	https://qu.ax/DdOg.zip	Offline	pw-6718	JAMESWT_MHT
2023-11-08 12:24:06	https://qu.ax/BdC.mp4	Offline	encrypted xworm	abuse_ch
2023-10-23 13:29:03	https://qu.ax/sliN.mp4	Offline	AgentTesla	James_inthe_box
2023-10-06 13:25:06	https://qu.ax/aHPi.mp3	Offline	AgentTesla	James_inthe_box
2023-10-03 09:53:04	https://qu.ax/rvRO.vdf	Offline	remcos RemcosRAT	c_APT_ure
2023-09-25 13:30:13	https://qu.ax/dng.wav	Offline	AgentTesla	James_inthe_box
2023-09-21 16:54:05	https://qu.ax/nacO.mp3	Offline	AgentTesla	James_inthe_box
2023-08-25 17:48:06	https://qu.ax/cepx.mp4	Offline	TargetCompany	James_inthe_box

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type
2025-04-20 08:00:07	d0d2f34ac7b2456ec79ea9cdb7af0c7bdfa4719d7f2d60e1b64c521e08eb0562	zip
2025-02-21 19:56:05	712e2e9d883322b0b4e6cb669a19191c21c09e64dfa22d468d7a80b94e88c6e9	unknown
2025-02-16 13:20:17	38a651911849f0fc68b5c29d53e1724919a5228ffc24091d2836d16483c55f9b	zip
2025-02-14 18:19:15	2ff62bdaefed81c62cf22aedb7189454920f39a73bf033ef1a47996c70e92b54	zip
2024-12-07 14:38:17	1fbeeb87f0b7f7c71cf3f3422092dd4e9cba2b695336e6327daed1fa422bdf99	rtf
2024-10-11 07:57:05	f1bc4a4957507cf71a610700980ff260a2d6d20e9525bd9e4a633e659d8432c2	txt
2024-07-12 08:19:07	5f0cfa1a3d66bc1e0affb028ba335f5c89f0cb684b59933d0e55f6ed75efc075	txt
2023-11-20 09:04:05	76f948c084b30647cc6fe5aa31ad9a8af237f8b3d3d48d7811fbe56c01a82057	zip
2023-11-20 07:20:09	fe1f7d7698f19c8d60129006a4b11f997c39ded507fc5c9c4a64a0b9b640576c	zip
2023-11-12 14:19:13	4b592f5ecce501c065d70b09bf49882716ac77a8d98216ed34f4eace65701d8b	unknown
2023-11-12 13:46:11	23ce05212f418263e94073ae53afde245d3cc602fbe6291b1b50a219c83ff1c4	unknown
2023-11-12 13:19:35	89b002276da73f3997044ca7219f35d9fb25ef5244daaca135c81ed5e6c4f266	unknown
2023-11-12 12:11:50	e05568a868093a67d69044383445a19cfe0b630dfcf8a5311ea7861e16fb5a76	unknown
2023-11-12 11:28:18	8683bd742ce045521eae573d1f657226a45bda4bbdb0ded83727959e7c6552ba	unknown
2023-11-12 10:29:11	677d05805f9cd928215a18a4ea01cd0e2bcaae1687ada25b9e5659f39ac510e2	unknown
2023-11-12 09:58:20	41e2ce558d3cb2a87fe449eae2c1cc553c6854350cedce9c689cfdfd9db83bf0	unknown
2023-11-12 09:35:01	4f2b9dd8aba46b8543c0e1cba8b5f615e4ce0afb15e8c2020ad6d9cde8e35951	unknown
2023-11-12 09:20:17	21977df486df1e738a69e3bdb05ec3bb3b0f0294e22cb4e3486a4fa6d209d02b	unknown
2023-11-12 07:27:01	4c81db6e6b3edbe4e9b45726c2d10a799c6fe544d7b3d3e03be42100d9475fec	unknown
2023-11-08 12:24:06	69b77e23bfa7c32513761030fac05ae301d9db7810855581e09e9746cca9f249	unknown
2023-10-23 13:47:56	249b55abed2baff692091e936346da2aed3b7b599859e53d2fa33053fdec3598	unknown
2023-10-06 13:25:06	4b9d47a9b85181b5f2bdc52676f1e03940e0ec185ed05be122bde9561dbf8db0	unknown
2023-09-25 13:30:12	bbeb1b0e781d564acaa6796a88868622a057491e62ef75bef55e59227c20db5d	unknown
2023-09-21 16:54:05	4a9a9cddd114382634fed707b811c6ac9b6cde442879f30b828a11d1d01a959d	unknown
2023-08-25 17:48:06	f2e130a1b35366b8a955e6bead6b87d8c2cc5efefa19a9ec4b70914aa25187f5	unknown