URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	toobalhost.publicvm.com
Domain registrar:	n/a
Domain registration date:	2007-07-19 05:57:17 UTC
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Status unknown
AdGuard :	Not blocked
Cloudflare :	Blocked
ProtonDNS :	Status unknown
OpenBLD :	Not blocked
DNS4EU :	Blocked
Control D HaGeZi :	Not blocked
Firstseen:	2021-07-23 00:10:06 UTC
Total malware sites :	9
Online malware sites :	0 (0%)
Offline Malware sites :	9 (100%)
A record(s) observed :	10

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2022-10-15 23:21:22	69.197.184.206	ds4.thinkvm.com	Not listed	AS32097 WII	US	no
2022-09-21 10:19:07	198.204.241.158	noc4.litvpn.com	Not listed	AS33387 NOCIX	US	no
2022-09-18 10:23:27	209.209.40.132		Not listed	AS32097 WII	US	no
2022-09-09 19:46:17	38.79.142.66	box6.dnsexit.com	Not listed	AS137526 PLUSNETINC-AS-AP	BD	no
2022-05-26 02:10:47	34.122.10.42	42.10.122.34.bc.googleusercontent.com	Not listed	AS396982 GOOGLE-CLOUD-PLATFORM	US	no
2022-05-25 04:49:09	35.222.148.31	31.148.222.35.bc.googleusercontent.com	Not listed	AS396982 GOOGLE-CLOUD-PLATFORM	US	no
2021-12-27 21:36:43	3.231.209.51	ec2-3-231-209-51.compute-1.amazonaws.com	Not listed	AS16509 AMAZON-02	US	no
2021-12-20 09:20:38	212.32.243.7		Not listed	AS60781 LEASEWEB-NL-AMS-01	NL	no
2021-08-22 08:57:10	37.48.74.101		Not listed	AS60781 LEASEWEB-NL-AMS-01	NL	no
2021-07-23 00:10:06	88.99.99.222	static.222.99.99.88.clients.your-server.de	Not listed	AS24940 HETZNER-AS	DE	no

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2024-12-02 20:17:42	http://toobalhost.publicvm.com:1013/Vre	Offline	vjw0rm	Cryptolaemus1
2021-07-23 01:28:06	http://toobalhost.publicvm.com/116/OneDrive.exe	Offline	32 exe njRAT	zbetcheckin
2021-07-23 00:59:07	http://toobalhost.publicvm.com/new/Runtime%20Br...	Offline	32 exe QuasarRAT	zbetcheckin
2021-07-23 00:59:03	http://toobalhost.publicvm.com/91/OneDrive.exe	Offline	32 exe njRAT	zbetcheckin
2021-07-23 00:46:03	http://toobalhost.publicvm.com/116/OneDrivenwt2...	Offline	32 exe njRAT	zbetcheckin
2021-07-23 00:34:08	http://toobalhost.publicvm.com/91/OneDrivenwt2.exe	Offline	32 exe njRAT	zbetcheckin
2021-07-23 00:34:03	http://toobalhost.publicvm.com/new/Server.exe	Offline	32 exe njRAT	zbetcheckin
2021-07-23 00:21:05	http://toobalhost.publicvm.com/99/Server.exe	Offline	32 exe njRAT	zbetcheckin
2021-07-23 00:10:06	http://toobalhost.publicvm.com/99/system.exe	Offline	32 exe njRAT	zbetcheckin

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Signature
2021-08-22 20:04:43	f94de194ef3528305dec2c99f36aeff1fdd964cc9ed7e0fe99c13d750270a038	exe	njrat
2021-08-22 14:10:15	e39d3fb9795d1135f99e960b19dfd319dc1537804214d6df487138acb01ff57e	exe	njrat
2021-07-23 01:28:06	5f11ea728680baf5bdd4840a88d04d52f248ae2e31f02c21057fef6803ef0420	exe	njrat
2021-07-23 00:59:07	22bc08e20863b17e90450407d165aabb2f629fd3e92f58b9edee1b2093290413	exe	QuasarRAT
2021-07-23 00:59:03	facde01e5fe406072e6877ea4a2f498eb24cfa9f662a79278168b36b26949008	exe	njrat
2021-07-23 00:46:03	ccaf1404b00c65b0953f88d6b3ce2a5c3008040bab481486d9861a5c4a345765	exe	njrat
2021-07-23 00:34:08	76b5f9aa537f6d48961c685ff3e10c6b754218198ed2700cf256fcc64f1adf9c	exe	njrat
2021-07-23 00:34:03	608a0047a24db367a88e482bef92fd3b9a33db19ad3635b404132202e432eacc	exe	njrat
2021-07-23 00:21:05	499641e0ca2ff3eee2be722d8086c0c9d4922cdc58c44878d9e887366b665533	exe	njrat
2021-07-23 00:10:06	75c24172fad5dcee8c4a92b183d17b5da430fce1354536124a6183f27d043754	exe	njrat