URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry


Host: 23.95.122.247
Firstseen:2022-10-27 16:01:04 UTC
Total malware sites :4
Online malware sites :0 (0%)
Offline Malware sites :4 (100%)

IP addresses


The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)IP addressHostnameSBLASNCountryActive?
2022-10-27 16:01:07 23.95.122.24723-95-122-247-host.colocrossing.comNot listedAS36352 AS-COLOCROSSING- USyes

Malware URLs


The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)URLStatusTagsReporter
2022-10-29 19:09:04http://23.95.122.247/770/vbc.exeOfflineexe Loki ext opendir abuse_ch
2022-10-29 14:58:04http://23.95.122.247/xzswqqazzza_sxcvbnzazazzzz...OfflineLoki ext RTF jstrosch
2022-10-29 14:58:04http://23.95.122.247/xzswqqazzza_sxcvbnzazazzzz...OfflineRTF jstrosch
2022-10-27 16:01:07http://23.95.122.247/120/vbc.exeOfflineexe Loki ext jstrosch

The table below shows recent payloads delivery by this host.

Firstseen (UTC)SHA256 hashFile typeBazaarSignature
2022-10-29 19:09:04ed8a6023367531035e8bcd70703b283fd728d4cf9b97368d3c92338133b8ca88exeLoki
2022-10-29 14:58:04931bde5bbc7a01a7878492bfd9d6508479c499412302860f444c31a7d27cc318unknownLoki
2022-10-29 14:58:045ac99eae1547a0fb06d8ae2972a78ef3e913b552a28c1dcc4c84161a3824ed40unknown 
2022-10-27 16:01:060c4bc75cd93b9dea8360d6d050f5d92addbd99538b75b405dae6b6f22055c020exeLoki