URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2025-03-20 09:58:17	69.48.201.40	ip69-48-201-40.pbiaas.com	Not listed	AS8560 IONOS-AS	US	yes

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2025-04-27 23:59:32	http://69.48.201.40/255/ssen/oybestgirlformybes...	Offline		DaveLikesMalwre
2025-03-20 10:00:10	http://69.48.201.40/255/ssen/oybestgirlformybes...	Offline	doc RemcosRAT	NDA0E
2025-03-20 09:59:12	http://69.48.201.40/255/hemybestgirlformybestki...	Offline	hta RemcosRAT	NDA0E
2025-03-20 09:59:06	http://69.48.201.40/255/mybestgirlformybestkiss...	Offline	ascii Encoded RemcosRAT rev-base64-loader	NDA0E
2025-03-20 09:58:18	http://69.48.201.40/xampp/c/ENCRYPTION01.jpg	Offline	ascii Encoded jpg-base64-loader	NDA0E
2025-03-20 09:58:17	http://69.48.201.40/xampp/c/new_image.jpg	Offline	ascii Encoded jpg-base64-loader	NDA0E

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2025-03-20 10:26:01	c1821b2389018bb005e46d5392fc14878c05dcba9aa64e847fb563301b0b036b	txt		RemcosRAT
2025-03-20 10:00:10	a24310c67d333ac8b3ffd7b1a9d0354a7024d24dcc062774ca0fe6d0f67f05cf	rtf		RemcosRAT
2025-03-20 09:59:11	52735867c3b5666531b495c5954353cd364315de484d930102936685e28efe4c	hta		RemcosRAT
2025-03-20 09:58:17	0ff5dd1787acc886a586282858112c6f73b48c31093080d2d8a6e66f018ce8c7	jpg
2025-03-20 09:58:16	bac526ce5b84717f141b16543f67a6c1462a558f9c28719cb813eb337babe39e	jpg