URLhaus Database
Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).
Database Entry
| Host: | 104.168.7.18 |
|---|---|
| Firstseen: | 2025-04-09 18:22:03 UTC |
| Total malware sites : | 10 |
| Online malware sites : | 0 (0%) |
| Offline Malware sites : | 10 (100%) |
IP addresses
The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.
| Firstseen (UTC) | IP address | Hostname | SBL | ASN | Country | Active? |
|---|---|---|---|---|---|---|
| 2025-04-09 18:22:05 | 104.168.7.18 | jamone.site | Not listed | AS36352 AS-COLOCROSSING |  US | yes |
Malware URLs
The table below shows all malware URLs that are associated with this particular host.
| Dateadded (UTC) | URL | Status | Tags | Reporter |
|---|---|---|---|---|
| 2025-04-13 09:53:06 | http://104.168.7.18/700/csrss.exe | Offline |  JAMESWT_WT | |
| 2025-04-13 09:53:06 | http://104.168.7.18/321/smss.exe | Offline | MassLogger  | JAMESWT_WT |
| 2025-04-13 09:53:06 | http://104.168.7.18/323/smss.exe | Offline | MassLogger | JAMESWT_WT |
| 2025-04-13 09:53:05 | http://104.168.7.18/xampp/mch/hhu.hta | Offline | JAMESWT_WT | |
| 2025-04-13 09:53:05 | https://104.168.7.18/323/smss.exe | Offline | MassLogger | JAMESWT_WT |
| 2025-04-13 09:53:04 | http://104.168.7.18/xampp/mse/ms/newgreatthings... | Offline | MassLogger | JAMESWT_WT |
| 2025-04-13 09:53:04 | http://104.168.7.18/xampp/ungo/ung/shegivenmeki... | Offline | MassLogger | JAMESWT_WT |
| 2025-04-13 09:53:03 | http://104.168.7.18/xampp/mse/greatnessgoodhelp... | Offline | JAMESWT_WT | |
| 2025-04-10 17:32:05 | http://104.168.7.18/xampp/mch/mc/hhu.hta | Offline | hta RemcosRAT |  abuse_ch |
| 2025-04-09 18:22:05 | http://104.168.7.18/701/csrss.exe | Offline | exe | abuse_ch |
The table below shows recent payloads delivery by this host.
| Firstseen (UTC) | SHA256 hash | File type | Bazaar | Signature |
|---|---|---|---|---|
| 2025-04-13 09:53:06 | b279b90a0c827c6b8ad9d96129190ada503de1186abe8cbf34e3e63fd5bc7900 | exe | ||
| 2025-04-13 09:53:06 | d878f6aa5cc41db62f6b2c3466cbec5d792eaf8f77b2ea1e779e7925f267be52 | exe | MassLogger | |
| 2025-04-13 09:53:06 | d878f6aa5cc41db62f6b2c3466cbec5d792eaf8f77b2ea1e779e7925f267be52 | exe | MassLogger | |
| 2025-04-13 09:53:05 | fe62be5de557dc52b6051312e746a8809a0be57f9554ba3ea0ea5ab11e6c7ce0 | hta | ||
| 2025-04-13 09:53:05 | d878f6aa5cc41db62f6b2c3466cbec5d792eaf8f77b2ea1e779e7925f267be52 | exe | MassLogger | |
| 2025-04-13 09:53:04 | 4b698dfd809e8ae5db356754de70bc7367c91e80702e5f9483cf4eb59a82672a | hta | MassLogger | |
| 2025-04-13 09:53:04 | 35b4e89bd4caed0364300af02f6d829e1cd587b308d01ff97cf202df06830f8c | hta | MassLogger | |
| 2025-04-10 17:32:05 | 475d2dbf21ce1c593b5afc54ae5dbeac178f4d39de84be0fa3499f45078a3f3f | hta | RemcosRAT | |
| 2025-04-09 18:22:05 | b279b90a0c827c6b8ad9d96129190ada503de1186abe8cbf34e3e63fd5bc7900 | exe |