URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	141.95.16.111
Firstseen:	2023-04-05 12:07:04 UTC
Total malware sites :	6
Online malware sites :	0 (0%)
Offline Malware sites :	6 (100%)

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2023-04-05 12:07:10	141.95.16.111	vps-99ee1c2a.vps.ovh.net	Not listed	AS16276 OVH	DE	yes

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2023-07-08 20:09:04	http://141.95.16.111:8080/123.exe	Offline		ULTRAFRAUD
2023-07-08 20:09:04	http://141.95.16.111:8080/recover.bat	Offline	RemcosRAT	ULTRAFRAUD
2023-07-08 20:09:04	http://141.95.16.111:8080/RiotGames.exe	Offline	RemcosRAT	ULTRAFRAUD
2023-07-08 20:08:17	http://141.95.16.111:8080/newpy.exe	Offline	RemcosRAT	ULTRAFRAUD
2023-07-08 20:08:09	http://141.95.16.111:8080/echo-4662-2DF5.exe	Offline		ULTRAFRAUD
2023-04-05 12:07:10	http://141.95.16.111/RiotGames.exe	Offline	exe	abuse_ch

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Signature
2023-07-08 20:09:04	b7edc54e6b42ca1cda290ce8cacfecaac6dbcc8c14631bc20fb184a6309c1824	exe
2023-07-08 20:09:04	4fa02ec602055dfbdb1d639b3d265d8f7b20d6cd328fdb62dd77b7a1aad5829a	bat	RemcosRAT
2023-07-08 20:09:04	9d8282d54901d4e795f0469a5191242b2e7b3b0c51f810f71c739bfff52de8d5	exe	RemcosRAT
2023-07-08 20:08:17	c416d6ca4ee95a6647cc4357ba51a5e04a956b5a4ceaa74ad768fe544d706f48	exe	RemcosRAT
2023-07-08 20:08:09	2eecf5e7f48a7d84c212695f157295d060963470e4e0afab14eb2e491ae0f1d6	exe