URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host: 23.94.148.61
Firstseen:2023-08-03 07:45:06 UTC
Total malware sites :15
Online malware sites :0 (0%)
Offline Malware sites :15 (100%)

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)IP addressHostnameSBLASNCountryActive?
2023-08-03 07:45:36 23.94.148.6123-94-148-61-host.colocrossing.comNot listedAS36352 AS-COLOCROSSING- USyes

Malware URLs

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)URLStatusTagsReporter
2023-08-11 08:40:08http://23.94.148.61/977/gucc.exeOffline32 AgentTesla ext exe zbetcheckin
2023-08-11 03:56:05http://23.94.148.61/450/msedge.exeOffline32 AgentTesla ext exe zbetcheckin
2023-08-10 16:46:05http://23.94.148.61/SSP/1/0000000000000%23%23%2...Offlinedoc opendir abuse_ch
2023-08-10 13:46:06http://23.94.148.61/978/gucc.exeOfflineAgentTesla ext James_inthe_box
2023-08-08 13:39:05http://23.94.148.61/RSS/i/000000000000000%23%23...Offlinedoc opendir abuse_ch
2023-08-08 06:37:10http://23.94.148.61/RSS/j/000000000000000%23%23...OfflineAgentTesla ext RTF zbetcheckin
2023-08-07 14:18:06http://23.94.148.61/599/ChromeSetup.exeOfflineAgentTesla ext James_inthe_box
2023-08-05 05:20:09http://23.94.148.61/800/ChromeSetup.exeOffline32 exe Formbook ext zbetcheckin
2023-08-04 03:46:06http://23.94.148.61/IRT/940000000q0q0q0q0q0q00q...OfflineAgentTesla ext doc opendir abuse_ch
2023-08-04 03:46:06http://23.94.148.61/IRT/95000000q0q0q00q0q0q%23...OfflineAgentTesla ext doc opendir abuse_ch
2023-08-04 03:46:06http://23.94.148.61/950/ChromeSetup.exeOfflineAgentTesla ext exe opendir abuse_ch
2023-08-03 13:21:07http://23.94.148.61/940/ChromeSetup.exeOfflineAgentTesla ext James_inthe_box
2023-08-03 07:46:17http://23.94.148.61/RTG/1/012004040003030030%23...Offlinedoc opendir abuse_ch
2023-08-03 07:46:13http://23.94.148.61/RTG/2/810000000%23%23%23%23...OfflineAgentTesla ext doc opendir abuse_ch
2023-08-03 07:45:36http://23.94.148.61/810/ChromeSetup.exeOfflineAgentTesla ext exe opendir abuse_ch

The table below shows recent payloads delivery by this host.

Firstseen (UTC)SHA256 hashFile typeBazaarSignature
2023-08-11 08:40:08bb3ad299931a36ff4cf024e92ab9cf3e395fbff5d8e5cc4b5686447524732646exeAgentTesla
2023-08-11 03:56:054fb0b8522760a6193d82fa7eb4cd3c750979b83c817676965279f39d4d44ee05exeAgentTesla
2023-08-10 16:46:055fda438f25d4fcc180270eaffc30938a9678d722dea4b0308c6ad50a42a2b206unknown  
2023-08-10 13:46:05db77d447402dda806b6817fba4b619789e8af03233d9a08414d400538b2bedbcexeAgentTesla
2023-08-08 13:39:05d31e495335759e79d509741d23e6b8c747406a12f1044e0857717527874cd625unknown  
2023-08-08 06:37:107b894d774bf391f6a133e0f8901e0807ef75996cea19e865efee1f804bc300e3rtfAgentTesla
2023-08-07 14:18:05be9496d0210e6343ea547889586015ab09bd8d25061f154a3f9f0922ea5a61deexeAgentTesla
2023-08-05 05:20:0966daa727802e8f1b27219b0d589be52f080ae995f4b7392fca76b21511bab088exeFormbook
2023-08-04 03:46:065569d173e71c16847d1e3ccf44917e6011d80bb9f062b9e0e18b4bb5c289552funknown  
2023-08-04 03:46:0658fd81b3dab9a0a782d4ba5add432bec81dfcbe752287fbb16cbcf165aca3fa1exeAgentTesla
2023-08-03 13:21:07f25d6018d3bab1f7651937b7b8e618979ea3c45b06e42e3d93e8b59cac9d46c3exeAgentTesla
2023-08-03 09:24:42a279d0d918c8c3e075235db70b6c8086c4ca6332973c08035c6696c63315f85dexeAgentTesla
2023-08-03 08:25:286a72f999168bda694409c3df5383ca6b0f062a62c535bec85aa1b76ae0bbd70cexeAgentTesla
2023-08-03 07:46:17a84d393d443ffb98dc2bd25b138e1027d38e36e34988aeb15f3eaa381faad917unknown  
2023-08-03 07:46:127433318a5b28a2e79e9720877eef4001cb2dbf148d894bbd38a4085242e4b6b2unknown