URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host: 212.193.30.4
Firstseen:2023-01-16 09:46:03 UTC
Total malware sites :5
Online malware sites :0 (0%)
Offline Malware sites :5 (100%)

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)IP addressHostnameSBLASNCountryActive?
2023-01-16 09:46:09 212.193.30.4Not listedAS9123 TimeWeb-AS- RUyes

Malware URLs

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)URLStatusTagsReporter
2023-02-03 04:56:04http://212.193.30.4/255/vbc.exeOffline32 exe RemcosRAT ext zbetcheckin
2023-02-02 07:07:03http://212.193.30.4/293/vbc.exeOffline32 exe RemcosRAT ext zbetcheckin
2023-01-30 09:57:04http://212.193.30.4/235/vbc.exeOfflineexe opendir rat RemcosRAT ext abuse_ch
2023-01-30 09:56:03http://212.193.30.4/h.docOfflinedoc rat RemcosRAT ext abuse_ch
2023-01-16 09:46:09http://212.193.30.4/PaymentNotification.pdf.isoOfflineRemcosRAT ext Anonymous

The table below shows recent payloads delivery by this host.

Firstseen (UTC)SHA256 hashFile typeBazaarSignature
2023-02-03 04:56:044134bd82bbea78103d0e32728df856870eaa2c0188b59423115c7d779b2bf83aexeRemcosRAT
2023-02-02 07:07:038650dcaece1489d98b7f6782ae638de33797f2a1018f949ec270054f0893aea0exeRemcosRAT
2023-01-30 09:57:04d97a1964d6d748eefd93d84b6b87d9292a885fab552c64547100aa9e6a5520c6exe 
2023-01-30 09:56:03953287254e2b4f4f75db1549c2fb3e498311e61a1b71de7ca1bbd8dbca0252f5unknown  
2023-01-16 09:46:0441bebe4ac472b4e0d768fd1b4af192d8685380dd7a86c2341e6958b99c49e8cfunknown RemcosRAT