URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	172.245.142.71
Firstseen:	2022-11-30 17:45:05 UTC
Total malware sites :	5
Online malware sites :	0 (0%)
Offline Malware sites :	5 (100%)

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2022-11-30 17:45:12	172.245.142.71	172-245-142-71-host.colocrossing.com	Not listed	AS36352 AS-COLOCROSSING	US	yes

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2022-12-03 04:14:06	http://172.245.142.71/80/vbc.exe	Offline	32 exe RemcosRAT	zbetcheckin
2022-12-01 00:31:06	http://172.245.142.71/300/vbc.exe	Offline	32 exe RemcosRAT	zbetcheckin
2022-12-01 00:31:06	http://172.245.142.71/150/vbc.exe	Offline	32 exe RemcosRAT	zbetcheckin
2022-11-30 17:45:13	http://172.245.142.71/125/vbc.exe	Offline	exe opendir rat RemcosRAT	abuse_ch
2022-11-30 17:45:12	http://172.245.142.71/______________00_________...	Offline	doc opendir rat RemcosRAT	abuse_ch

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Signature
2022-12-03 04:14:06	d2f787be13758751d4f892c5d06477ef18f3c63adb8fe5a7ac675c9cd9bd749a	exe	RemcosRAT
2022-12-01 00:31:06	cfc1ce14ea47f2cd1bfe204a9f6c3bc90cce83c7f4714b22e13bdba3a0f2ab24	exe	RemcosRAT
2022-12-01 00:31:06	2534dc5de6f04a5706c03767505e8f2e0c57e95d9129bdf039f0564167f57837	exe	RemcosRAT
2022-11-30 17:45:08	037222fe01d316ca4fb55cb263065fa2327e29d3d1d74d0ca75e1d162cc48b67	exe	RemcosRAT
2022-11-30 17:45:06	b0cb03c0d357df03469e884c408e200efc0425f8a3b435613616c3360d2bca1a	unknown