URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host: 45.79.191.142
Firstseen:2023-10-10 10:39:04 UTC
Total malware sites :5
Online malware sites :0 (0%)
Offline Malware sites :5 (100%)

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)IP addressHostnameSBLASNCountryActive?
2023-10-10 10:39:05 45.79.191.14245-79-191-142.ip.linodeusercontent.comNot listedAS63949 AKAMAI-LINODE-AP- USyes

Malware URLs

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)URLStatusTagsReporter
2023-10-10 10:40:10http://45.79.191.142/exp/Qouharnshig.pifOfflineopendir abuse_ch
2023-10-10 10:40:08http://45.79.191.142/exp/general.docxOfflinedocx Loki ext opendir abuse_ch
2023-10-10 10:40:08http://45.79.191.142/exp/screen%20putty.scrOfflineopendir abuse_ch
2023-10-10 10:39:07http://45.79.191.142/exp/screen.scrOfflineLoki ext opendir abuse_ch
2023-10-10 10:39:05http://45.79.191.142/exp/X0.x0.x0.x0.docOfflinedoc Loki ext opendir abuse_ch

The table below shows recent payloads delivery by this host.

Firstseen (UTC)SHA256 hashFile typeBazaarSignature
2023-10-10 10:40:1054a730e5183a57a65dc6fa64170a3d75fa870677fb54d563b3b867a2d6208548exe 
2023-10-10 10:40:085f5f7f369c6cffd35557784e7e07404e2ff76414e84b7f7afe6f7e13fd491289docxLoki
2023-10-10 10:40:0802522d0f348287c34fe5151fcd556f2f9fb9efe532af705638ea0f2a39dd2434exe 
2023-10-10 10:39:07e3918d1a379ce63babeab599ef8897ce97001017680702dfc8b5ca8ff1808b54exeLoki
2023-10-10 10:39:05114d6a5ac087b787fce35717a50cc1ed4ca7f417432fe3a3da9587d007270590unknown