URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	23.95.122.242
Firstseen:	2023-05-24 15:45:06 UTC
Total malware sites :	4
Online malware sites :	0 (0%)
Offline Malware sites :	4 (100%)

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2023-05-24 15:45:12	23.95.122.242	23-95-122-242-host.colocrossing.com	Not listed	AS36352 AS-COLOCROSSING	US	yes

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2023-05-25 04:30:14	http://23.95.122.242/1210/INET_CACHE.exe	Offline	32 exe RemcosRAT	zbetcheckin
2023-05-25 03:44:05	http://23.95.122.242/88/vbc.exe	Offline	32 exe RemcosRAT	zbetcheckin
2023-05-24 17:10:08	http://23.95.122.242/271/CK_CACHE.exe	Offline	DarkTortilla exe opendir rat RemcosRAT	abuse_ch
2023-05-24 15:45:12	http://23.95.122.242/ij/ijijijijijijijijijijiji...	Offline	doc opendir rat RemcosRAT	abuse_ch

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Signature
2023-05-25 04:30:14	87216060e8612f76a973916a50c96b8066c2891b3d19e779cbe122019e48157a	exe	RemcosRAT
2023-05-25 03:44:05	3af90f03d3c66f34961a6a9f07d2df0b51fdebf346900bb5cf564c8956a32a50	exe	RemcosRAT
2023-05-24 17:46:13	30aa6ed4bf80553de2406b91601d215de6ea9f682af906e83c5e7773c8d13037	exe	DarkTortilla
2023-05-24 16:21:09	667a53cc4d5c8428f4da74f07e018bde991b06288f96532ae7a21dce1f161e13	rtf	RemcosRAT