URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host: 20.106.125.237
Firstseen:2022-03-01 08:44:03 UTC
Total malware sites :5
Online malware sites :0 (0%)
Offline Malware sites :5 (100%)

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)IP addressHostnameSBLASNCountryActive?
2022-03-01 08:44:06 20.106.125.237Not listedAS8075 MICROSOFT-CORP-MSN-AS-BLOCK- USyes

Malware URLs

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)URLStatusTagsReporter
2022-03-01 08:46:06http://20.106.125.237/less/cocxl.exeOfflineexe Formbook ext opendir abuse_ch
2022-03-01 08:46:05http://20.106.125.237/image/images.exeOfflineAveMariaRAT ext exe opendir rat abuse_ch
2022-03-01 08:45:06http://20.106.125.237/ups/bups.exeOfflineAveMariaRAT ext exe opendir rat abuse_ch
2022-03-01 08:45:05http://20.106.125.237/yakfileloadsonedrivedocum...OfflineAveMariaRAT ext encrypted rat abuse_ch
2022-03-01 08:44:06http://20.106.125.237/co/cowarz.exeOfflineAveMariaRAT ext exe ModiLoader ext opendir rat abuse_ch

The table below shows recent payloads delivery by this host.

Firstseen (UTC)SHA256 hashFile typeBazaarSignature
2022-03-01 08:46:066d3ef9ddf5f1d57d353e5d8b9bedbca6ab42765de06abf381534126d24142948exeFormbook
2022-03-01 08:46:052919072310f5582f6a311b123a3e1f6c13a5f2a0b8f1df8a4ef58081bdb42781exe AveMariaRAT
2022-03-01 08:45:061177106451286cd9bd71b3abf162e30f6a37a3ca09f392421fda990412211349exe AveMariaRAT
2022-03-01 08:45:05b08ee21f9ec7e5883fbb53b567995617a449affd4e17cd71b310eafd8728fc4bunknown  
2022-03-01 08:44:05f1dd77df504fc9a38076b58b80cb2b7c80d018aba6d762ec758b76afd62952ccexe ModiLoader