URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host: 185.246.220.60
Firstseen:2023-07-03 07:04:04 UTC
Total malware sites :15
Online malware sites :0 (0%)
Offline Malware sites :15 (100%)

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)IP addressHostnameSBLASNCountryActive?
2023-07-03 07:04:05 185.246.220.60Not listedAS41745 FORTIS-AS- RUyes

Malware URLs

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)URLStatusTagsReporter
2023-07-05 04:31:07http://185.246.220.60/RFQ098654578.exeOffline32 exe RemcosRAT ext zbetcheckin
2023-07-05 03:46:06http://185.246.220.60/dukaszx.exeOffline32 exe Loki ext zbetcheckin
2023-07-04 07:09:06http://185.246.220.60/plugmanzx.exeOffline32 exe RemcosRAT ext zbetcheckin
2023-07-04 06:33:05http://185.246.220.60/thirdagodzx.exeOfflineexe Formbook ext abuse_ch
2023-07-04 06:33:05http://185.246.220.60/mazx.exeOfflineFormbook ext abuse_ch
2023-07-04 06:21:06http://185.246.220.60/thirdagodzx.docOfflineFormbook ext RTF zbetcheckin
2023-07-04 05:34:35http://185.246.220.60/secagodzx.docOfflineRTF zbetcheckin
2023-07-04 04:49:04http://185.246.220.60/defounder.exeOffline32 exe Formbook ext zbetcheckin
2023-07-04 04:45:36http://185.246.220.60/chamberzx.exeOffline32 AgentTesla ext exe zbetcheckin
2023-07-04 04:05:07http://185.246.220.60/mazx.docOfflineFormbook ext RTF zbetcheckin
2023-07-04 04:00:37http://185.246.220.60/defounderzx.docOfflineFormbook ext RTF zbetcheckin
2023-07-04 04:00:08http://185.246.220.60/chamberzx.docOfflineAgentTesla ext RTF zbetcheckin
2023-07-03 08:32:12http://185.246.220.60/pmexzx.exeOfflineAgentTesla ext exe abuse_ch
2023-07-03 07:04:05http://185.246.220.60/papizx.exeOfflineexe Rhadamanthys abuse_ch
2023-07-03 07:04:05http://185.246.220.60/papizx.docOfflinedoc Rhadamanthys abuse_ch

The table below shows recent payloads delivery by this host.

Firstseen (UTC)SHA256 hashFile typeBazaarSignature
2023-07-05 04:31:07979b67124f30f347688897010f34abf0467a67516ba011c9601cf06a14be0432exeRemcosRAT
2023-07-05 03:46:06198d58cc197591cc16533aa30d1eb358dd1f7d9788467e15a7a1430c039399eaexeLoki
2023-07-04 13:07:10c64ca90a3608e3edaaf04f3289f58d018f2e6301409665820d92c61130784d23exeFormbook
2023-07-04 09:19:09037e60b0e473203e85de83344c643623b519c8b47279f9e6c0b74201ece7483fexeFormbook
2023-07-04 07:09:0649e64d72d5ed4fb7967da4b6851d94cdceffe4ba0316587767a13901fe580239exeRemcosRAT
2023-07-04 06:33:05cbdd01f3d5cf0da163dffcfeb7ac99de37e94c2b3467630dd4b09ac64bd286caexeFormbook
2023-07-04 06:33:0568ba26474bb29bdbc42cfddd75f212eec1ffa22d5c1affc893addce5330f4e11exeFormbook
2023-07-04 06:21:06f478e65d5ca2877dbb5e6a2477a5e25a3a2d3785717dea57319e50bd9570091artfFormbook
2023-07-04 05:40:03abc3a7112691803c3ab673aa1d92baad9ce55b869fb20d210dd21f783786b71ertf 
2023-07-04 05:20:00b38114784a62f95d7ccfe59191848fc2afdfe5c34875f9e9ce7876904a241e39exeAgentTesla
2023-07-04 04:49:042a43da13d635789edfb0cd6928427911e3295c06e921cebdaa3319c7c1f65b77exeFormbook
2023-07-04 04:32:224f90151cd41354763817576c37b92b3b294ebe62f2682477bf9595ab17c0461artfFormbook
2023-07-04 04:05:073a64337005639985f7d55367e805b8446db8b20b2b1f79254382262c06135ac1rtfFormbook
2023-07-04 04:00:0785fdf27f838853042df02b42bc9de3dbfe921436e341497da60fcd07787ea31artfAgentTesla
2023-07-03 08:32:12519eb19ca7bead14df6cd6e6b4f8363fcce42100158c728d4dc8a3cca76a44faexeAgentTesla
2023-07-03 07:04:0563d564ee18cc7272f401612a4aa845c2f1be023f83cb1d851ff8f2986082927bexeRhadamanthys
2023-07-03 07:04:057b0876977d9b2e8562e8b95a67ce01c658371dc1cac1b4f58a3eb25007cf7bc5rtfRhadamanthys