URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host: 81.161.229.156
Firstseen:2022-09-09 10:05:04 UTC
Total malware sites :16
Online malware sites :0 (0%)
Offline Malware sites :16 (100%)

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)IP addressHostnameSBLASNCountryActive?
2022-09-09 10:05:06 81.161.229.156Not listedAS20860 IOMART-AS- BGyes

Malware URLs

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)URLStatusTagsReporter
2022-09-11 15:25:04http://81.161.229.156/MMY.exeOffline32 exe RemcosRAT ext zbetcheckin
2022-09-10 01:39:04http://81.161.229.156/MMB.exeOffline32 exe RemcosRAT ext zbetcheckin
2022-09-10 01:39:04http://81.161.229.156/HHH.exeOffline32 exe GuLoader ext zbetcheckin
2022-09-10 01:38:04http://81.161.229.156/UUG.exeOffline32 exe RemcosRAT ext zbetcheckin
2022-09-10 01:38:04http://81.161.229.156/MMV.exeOffline32 exe RemcosRAT ext zbetcheckin
2022-09-10 01:38:04http://81.161.229.156/HHV.exeOffline32 exe GuLoader ext zbetcheckin
2022-09-10 01:38:03http://81.161.229.156/EEF.exeOffline32 exe GuLoader ext zbetcheckin
2022-09-10 01:21:04http://81.161.229.156/URR.exeOffline32 exe GuLoader ext zbetcheckin
2022-09-10 01:21:04http://81.161.229.156/bbb.exeOffline32 exe RemcosRAT ext zbetcheckin
2022-09-10 01:20:08http://81.161.229.156/MMQ.exeOffline32 exe RemcosRAT ext zbetcheckin
2022-09-10 01:20:07http://81.161.229.156/eew.exeOffline32 exe GuLoader ext zbetcheckin
2022-09-10 01:20:07http://81.161.229.156/MMU.exeOffline32 exe RemcosRAT ext zbetcheckin
2022-09-10 01:07:05http://81.161.229.156/HBB.exeOffline32 exe GuLoader ext zbetcheckin
2022-09-10 01:07:05http://81.161.229.156/mmk.exeOffline32 exe RemcosRAT ext zbetcheckin
2022-09-10 01:07:04http://81.161.229.156/HHX.exeOffline32 exe GuLoader ext zbetcheckin
2022-09-09 10:05:06http://81.161.229.156/HYY.exeOfflineGuLoader ext Anonymous

The table below shows recent payloads delivery by this host.

Firstseen (UTC)SHA256 hashFile typeBazaarSignature
2022-09-11 15:25:0424668000291c63d17497280863b4abb8001268e80cd185f2e9185e50115aafccexeRemcosRAT
2022-09-10 01:39:047f89f38c1c2a3e42e7fe2d1c286816361fe77aa49d1d474de200df6eb2dbda81exeRemcosRAT
2022-09-10 01:39:04b17de6384fa619dff0fe5e40d5e8f228eff8bb9544fa73e955a12f30018b8597exeGuLoader
2022-09-10 01:38:04e1eb708f47303b831f6eb0ddc846e21782e8f727dcb0088fcb997c3bf0d4dbd3exeRemcosRAT
2022-09-10 01:38:0459513bfeaf670993430990ea716bf0f17472ee43169c1722350e345066f0e337exeGuLoader
2022-09-10 01:38:031a6a26126907eba868eb76873864deedc4170c3da63c3bce70d7fe0d9adaeeceexeGuLoader
2022-09-10 01:38:03fe800049d4ece336205fd83c50c747fc4f7f18e4cb2f2e80f37d0ec1700166d1exeRemcosRAT
2022-09-10 01:21:047fa4a11b501e03019ad7b90d08c297554cd7c5e9b49de7aacfba190db630e5a4exeGuLoader
2022-09-10 01:21:049d724226a2a3c8676d4a58b64b636d9dcc178c1d40fcf321309afa14505cf285exeRemcosRAT
2022-09-10 01:20:08e1eb708f47303b831f6eb0ddc846e21782e8f727dcb0088fcb997c3bf0d4dbd3exeRemcosRAT
2022-09-10 01:20:072dc3154ffa4a3fc2533b7b221f215b41d6c21b70acb780fa8f46b212cb798b94exeGuLoader
2022-09-10 01:20:07e1eb708f47303b831f6eb0ddc846e21782e8f727dcb0088fcb997c3bf0d4dbd3exeRemcosRAT
2022-09-10 01:07:05e1eb708f47303b831f6eb0ddc846e21782e8f727dcb0088fcb997c3bf0d4dbd3exeRemcosRAT
2022-09-10 01:07:04b3c83ca8ac0be1a91267ff0c5f12e3db8b08b4fa0c8c44df69a4a358c946bbeeexeGuLoader
2022-09-10 01:07:044dcf685ec146dd3a0b5cf5869bbda64af27223b16963e629df4f6103c8537208exeGuLoader
2022-09-09 10:05:06f857890d674a9d4abd8ef6d735c7c03eef0a75777c64cb4a62917d12b68dcbfaexeGuLoader