URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2025-04-27 14:12:12	94.156.65.252	taeniada252.nonsexual94.builder-marketing.com	Not listed	AS208893 sparks	GB	yes
2023-10-19 12:01:11	141.98.10.67		SBL619633	AS209605 hostbaltic	LT	no
2023-09-20 05:32:47	193.42.32.61		Not listed	AS214396 SUDOLIO-AS	SK	no
2023-09-05 04:42:39	81.161.229.9		Not listed	AS20860 IOMART-AS	BG	no
2023-08-29 13:43:04	141.98.10.71		SBL619633	AS209605 hostbaltic	LT	no

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2023-09-05 13:39:06	http://wsvdyhrgebwhevawe.ydns.eu/fileone/Fnvtdh...	Offline	exe rat RemcosRAT	abuse_ch
2023-09-05 13:39:04	http://wsvdyhrgebwhevawe.ydns.eu/goofeeewsvd/Fn...	Offline		abuse_ch
2023-08-29 13:43:09	http://wsvdyhrgebwhevawe.ydns.eu/hurripushkin/c...	Offline	exe rat RemcosRAT	abuse_ch
2023-08-29 13:43:04	http://wsvdyhrgebwhevawe.ydns.eu/tygjhjhgvhbujy...	Offline	Encoded ModiLoader rat RemcosRAT	abuse_ch

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2023-09-05 13:39:06	56a3dc5c90ade897e349ba0fd0433770dcdda32b5bd2a1c6608b2af2f9b34c05	exe		RemcosRAT
2023-08-30 04:42:38	8be7eccf75282dc9c49fb20b4c7a500cf4fcd2e5401892dea640f0fd0663524e	exe		RemcosRAT
2023-08-29 13:43:09	88c7adf284249c1faec8614b563c2e31fc4fffdbc63bf81a1c0eda8446642178	exe		RemcosRAT