URLhaus Database
Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).
Database Entry
| Host: | 208.85.20.124 |
|---|---|
| Firstseen: | 2025-03-18 23:37:03 UTC |
| Total malware sites : | 9 |
| Online malware sites : | 0 (0%) |
| Offline Malware sites : | 9 (100%) |
IP addresses
The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.
| Firstseen (UTC) | IP address | Hostname | SBL | ASN | Country | Active? |
|---|---|---|---|---|---|---|
| 2025-03-18 23:37:05 | 208.85.20.124 | 208.85.20.124.vultrusercontent.com | Not listed | AS20473 AS-VULTR |  ES | yes |
Malware URLs
The table below shows all malware URLs that are associated with this particular host.
| Dateadded (UTC) | URL | Status | Tags | Reporter |
|---|---|---|---|---|
| 2026-06-10 15:52:14 | http://208.85.20.124:8080/cloud/mscomctl.ocx | Offline | opendir WsgiDAV |  DaveLikesMalwre |
| 2026-06-10 15:52:12 | http://208.85.20.124:8080/cloud/Screenshot_2026... | Offline | opendir WsgiDAV | DaveLikesMalwre |
| 2025-03-18 23:37:27 | http://208.85.20.124/cloud/90285022.ocx | Offline | opendir WsgiDAV | DaveLikesMalwre |
| 2025-03-18 23:37:23 | http://208.85.20.124/cloud/90285021.ocx | Offline | opendir WsgiDAV | DaveLikesMalwre |
| 2025-03-18 23:37:19 | http://208.85.20.124/cloud/90285025.ocx | Offline | opendir WsgiDAV | DaveLikesMalwre |
| 2025-03-18 23:37:10 | http://208.85.20.124/cloud/90285026.ocx | Offline | opendir WsgiDAV | DaveLikesMalwre |
| 2025-03-18 23:37:07 | http://208.85.20.124/cloud/9283391.ocx | Offline | opendir WsgiDAV | DaveLikesMalwre |
| 2025-03-18 23:37:06 | http://208.85.20.124/cloud/Reference_0251.lnk | Offline | opendir WsgiDAV | DaveLikesMalwre |
| 2025-03-18 23:37:05 | http://208.85.20.124/cloud/Reference_0252.lnk | Offline | opendir WsgiDAV | DaveLikesMalwre |
The table below shows recent payloads delivery by this host.
| Firstseen (UTC) | SHA256 hash | File type | Bazaar | Signature |
|---|---|---|---|---|
| 2026-06-10 15:52:13 | e481d16e51f90c4cc0e7096284b53eef06f7ee8b37a03d92734521d8bca24409 | dll | ||
| 2026-06-10 15:52:12 | 85c8f7f809f9f26ea85bffc507a349de9b3d4c9283fc82e49b1b45057f799653 | lnk | ||
| 2025-03-18 23:37:26 | 725d6d1d65414ff2928a909085ee46442ad7ec279d19b3a3a1e376462dee197a | dll | ||
| 2025-03-18 23:37:22 | 725d6d1d65414ff2928a909085ee46442ad7ec279d19b3a3a1e376462dee197a | dll | ||
| 2025-03-18 23:37:18 | a8cdba50f958a0cf93fb25748e99426ac634bb9f75ff13384ebcf3593220ff91 | dll | ||
| 2025-03-18 23:37:10 | 3a2d4202667c78f9676a9c2032a9a02fe183e8c99fd76e02df4320f8db0854c9 | dll | ||
| 2025-03-18 23:37:07 | 6f81c4f23991c53e1154b625f863eb72ccef5089d35c9f3fb22582cc5ec09744 | dll | ||
| 2025-03-18 23:37:04 | 2d44d93a081919f822123a15fe16c5ab90f07f062573192bf9651f469785643a | lnk | ||
| 2025-03-18 23:37:04 | 7162bea30d9ac3780d164c3a7b6b98781cb3ab28439148f8fe21cef8bf7acb47 | lnk |