URLhaus Database
Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).
Database Entry
| Host: | 104.168.5.23 |
|---|---|
| Firstseen: | 2025-06-03 09:50:03 UTC |
| Total malware sites : | 8 |
| Online malware sites : | 0 (0%) |
| Offline Malware sites : | 8 (100%) |
IP addresses
The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.
| Firstseen (UTC) | IP address | Hostname | SBL | ASN | Country | Active? |
|---|---|---|---|---|---|---|
| 2025-06-03 09:50:03 | 104.168.5.23 | 104-168-5-23-host.colocrossing.com | Not listed | AS36352 AS-COLOCROSSING |  US | yes |
Malware URLs
The table below shows all malware URLs that are associated with this particular host.
| Dateadded (UTC) | URL | Status | Tags | Reporter |
|---|---|---|---|---|
| 2025-06-04 14:03:10 | http://104.168.5.23/xampp/cx/new_image.jpg | Offline | rat RemcosRAT  |  abuse_ch |
| 2025-06-04 13:36:05 | http://104.168.5.23/xampp/brza/niceworkingskill... | Offline | hta RemcosRAT | abuse_ch |
| 2025-06-03 15:01:06 | http://104.168.5.23/xampp/kso/mybestgiftgivenme... | Offline | hta RemcosRAT | abuse_ch |
| 2025-06-03 12:30:14 | http://104.168.5.23/236/kingofthejunglewithbett... | Offline | rat RemcosRAT vbs | abuse_ch |
| 2025-06-03 09:52:05 | http://104.168.5.23/xampp/minos/mino/ficepeople... | Offline | hta RemcosRAT | abuse_ch |
| 2025-06-03 09:51:05 | http://104.168.5.23/xampp/kbnew/new/kingsofthej... | Offline | hta RemcosRAT | abuse_ch |
| 2025-06-03 09:50:05 | http://104.168.5.23/xampp/kbfrd/kbf/emicrotechi... | Offline | hta RemcosRAT | abuse_ch |
| 2025-06-03 09:50:03 | http://104.168.5.23/xampp/kbok/kbo/greatkingbac... | Offline | hta | abuse_ch |
The table below shows recent payloads delivery by this host.
| Firstseen (UTC) | SHA256 hash | File type | Bazaar | Signature |
|---|---|---|---|---|
| 2025-06-04 14:03:10 | ec5f7b6a29db28c27d3d832554123bb9ea32194fc87d920d5485aa2dbe852df9 | unknown | ||
| 2025-06-04 13:36:05 | 12e78a7af15ada118bef178025e3ffd9651fa4b6a7adc6d6bb1880952a86f060 | hta | RemcosRAT | |
| 2025-06-04 08:39:22 | 12e78a7af15ada118bef178025e3ffd9651fa4b6a7adc6d6bb1880952a86f060 | hta | RemcosRAT | |
| 2025-06-04 06:26:15 | 12e78a7af15ada118bef178025e3ffd9651fa4b6a7adc6d6bb1880952a86f060 | hta | RemcosRAT | |
| 2025-06-03 15:01:06 | d95d14f35d096587b43fa4f14b5e720681786f17b83b6e43c6c9730e5fa96908 | hta | ||
| 2025-06-03 12:30:14 | 9ee1660a2b4fd2ce798897f8f8496d314a0abe4bd6d286bf37952f40bff492c0 | txt | RemcosRAT | |
| 2025-06-03 09:52:05 | 36a6d04b9c423d11a4f5489f775f63b3b8b09b55b280e2cdeb6cf938325c434e | hta | RemcosRAT | |
| 2025-06-03 09:51:05 | f843cdcee44e6298aee3865d30fd491856a0ca2e26a463f81096b7dcf2c908a7 | hta | RemcosRAT | |
| 2025-06-03 09:50:05 | 83a6d48cbf00a988db88b12054ea9b2d7473886fa4721a53c43f7d126fd606d1 | hta | RemcosRAT |