URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2025-04-27 08:50:46	51.254.199.13	mail.relaay.me	Not listed	AS16276 OVH	FR	yes
2020-09-22 19:00:37	5.9.14.17	f144.forex-box.com	Not listed	AS24940 HETZNER-AS	DE	no
2020-08-20 21:26:19	46.4.97.19	static.19.97.4.46.clients.your-server.de	Not listed	AS24940 HETZNER-AS	DE	no

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2020-08-31 16:45:04	https://s3.rokket.space/t_zKMm47.jpg	Offline	AgentTesla exe	zbetcheckin
2020-08-31 14:49:06	https://s3.rokket.space/t_QBMrlH.jpg	Offline	AgentTesla exe	zbetcheckin
2020-08-31 14:49:04	https://s3.rokket.space/t_uI9jyG.jpg	Offline	AgentTesla exe	zbetcheckin
2020-08-31 13:00:10	https://s3.rokket.space/t_X6V9JC.txt	Offline	AgentTesla exe	abuse_ch
2020-08-31 09:13:34	https://s3.rokket.space/t_oUfbGz.txt	Offline	exe Formbook	abuse_ch
2020-08-31 06:34:19	https://s3.rokket.space/t_6OuAvd.txt	Offline	AgentTesla exe	abuse_ch
2020-08-31 05:45:35	https://s3.rokket.space/t_bU3cLG.txt	Offline	exe Loki	abuse_ch
2020-08-26 16:54:18	https://s3.rokket.space/t_BP2FjE.txt	Offline	AgentTesla	Anonymous
2020-08-26 16:54:15	https://s3.rokket.space/t_fr7OUh.txt	Offline	NanoCore	Anonymous
2020-08-26 16:54:12	https://s3.rokket.space/t_xFfMJD.txt	Offline	AgentTesla	Anonymous
2020-08-26 16:54:07	https://s3.rokket.space/t_7axmFl.txt	Offline	AgentTesla	Anonymous
2020-08-26 16:54:04	https://s3.rokket.space/t_M2ZpAo.txt	Offline	AgentTesla	Anonymous
2020-08-26 16:53:08	https://s3.rokket.space/t_mPOrbg.txt	Offline	AgentTesla	Anonymous
2020-08-26 11:31:23	https://s3.rokket.space/t_GLWxqZ.txt	Offline	Loki	Anonymous
2020-08-20 21:26:19	https://s3.rokket.space/t_pLg4Ox.txt	Offline	AgentTesla	James_inthe_box

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2020-08-31 16:45:04	a0d03802ed408345b7d80137600b60ee7c1b84591ac18e61ec94c959a75f6508	exe		AgentTesla
2020-08-31 14:49:06	60d5cc58c4a1f7e3841979da2fd713378e90c054194a9f4b30735a671647fc38	exe		AgentTesla
2020-08-31 14:49:04	cd80340bee608d8a8b27a5e2ac7f0b2dfdf319cdd285d9acd9c462f6983dbf4b	exe		AgentTesla
2020-08-31 13:00:10	4eff27126b74a235694015e24eef51535df0957aee93773e67db901b07df3270	exe		AgentTesla
2020-08-31 09:13:34	60dac53124b3a9155d09cad5c886eb32ff5a5bea1329b527dcf5eb7cf93a3f74	exe		Formbook
2020-08-31 06:34:19	e639997f6ee7e96b1356622bc3f5449e8ce3aeb46100e775875cc41cc891d587	exe		AgentTesla
2020-08-31 05:45:35	10070ec7d3520c0f11223b9602b0d78c066eaa6b56193385d39346838669c50a	exe		Loki
2020-08-26 16:54:18	7f258d40028c77692ea89ce40261674a93143edf9d8c03ec8e8270344f945f1e	exe		AgentTesla
2020-08-26 16:54:15	dc60cbd5aea9991eae966cb8499ff91647ca4c2f4a9005c17e7b804fce1bafb6	exe		NanoCore
2020-08-26 16:54:12	973493f3261373ffb49c58eaafb07235026ade4c29fc6e925f7d742953ce763c	exe		AgentTesla
2020-08-26 16:54:07	f50427b5ec3b2976eaa227bed22b72f732208dceae47d073d89243590235a62d	exe		AgentTesla
2020-08-26 16:54:04	a02d9a1d5053065855293ee57d8a4ec5a8d6805d3290f0f80f3e60ceccef2b0f	exe		AgentTesla
2020-08-26 16:53:08	b023a34548a0f58904fab9d0c977edd8eef12a8185661dcb51b9937df768aed1	exe		AgentTesla
2020-08-26 11:31:23	59f1b5bead17f4c71561f6092f4b03135b152a0f4a32b8c21c008b4ee7f46995	exe		Loki
2020-08-20 21:26:19	bc115dc2be13d9053e04bcac9c102a26391d7c76134d9364cddb798e800949f7	exe		AgentTesla