URLhaus Database
Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).
Database Entry
IP addresses
The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.
| Firstseen (UTC) | IP address | Hostname | SBL | ASN | Country | Active? |
|---|---|---|---|---|---|---|
| 2026-03-05 08:14:09 | 195.154.68.69 | 195-154-68-69.lb.fr-par.scw.cloud | Not listed | AS12876 AS12876 |  FR | yes |
| 2026-03-05 08:14:09 | 195.154.72.140 | 195-154-72-140.rev.poneytelecom.eu | Not listed | AS12876 AS12876 | FR | yes |
| 2026-03-05 08:14:09 | 51.159.84.185 | 51-159-84-185.lb.fr-par.scw.cloud | Not listed | AS12876 AS12876 | FR | yes |
| 2026-03-05 08:14:09 | 51.159.87.107 | 107-87-159-51.instances.scw.cloud | Not listed | AS12876 AS12876 | FR | yes |
Malware URLs
The table below shows all malware URLs that are associated with this particular host.
| Dateadded (UTC) | URL | Status | Tags | Reporter |
|---|---|---|---|---|
| 2026-03-05 08:19:08 | https://three.s3.cubbit.eu/oriv1.7.2.0-venry-1u... | Offline | AgentTesla  |  abuse_ch |
| 2026-03-05 08:15:10 | https://three.s3.cubbit.eu/amb-Raw-fileupload.txt | Offline | ascii Encoded xworm | abuse_ch |
| 2026-03-05 08:14:09 | https://three.s3.cubbit.eu/Raw-file-8383upload%... | Offline | ascii xworm | abuse_ch |
The table below shows recent payloads delivery by this host.
| Firstseen (UTC) | SHA256 hash | File type | Bazaar | Signature |
|---|---|---|---|---|
| 2026-03-05 08:19:08 | 6f4a8f314e6a2b8c721428eee643003eaf9b7d9241258c4c8db9efe84c4d4b47 | txt | ||
| 2026-03-05 08:15:10 | d76f85d1298be1f87f7cc17fa94b3a6f4aa3a4fea9cd731f4de70aa8e670dc95 | txt | ||
| 2026-03-05 08:14:09 | 2234a22a0499deeb9aeb8057499436eb86ae790f9fd30f02215469794ac0f35d | txt |