URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	85.208.136.172
Firstseen:	2022-11-20 07:48:03 UTC
Total malware sites :	5
Online malware sites :	0 (0%)
Offline Malware sites :	5 (100%)

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2022-11-20 07:48:09	85.208.136.172		Not listed	AS214238 iwihost	BG	yes

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2022-11-24 16:37:04	http://85.208.136.172/HHC.exe	Offline	.net exe msil RemcosRAT	jstrosch
2022-11-23 11:13:04	http://85.208.136.172/EEW.exe	Offline	exe rat RemcosRAT	abuse_ch
2022-11-23 01:17:04	http://85.208.136.172/JHH.exe	Offline	32 AgentTesla exe	zbetcheckin
2022-11-21 12:57:04	http://85.208.136.172/MJH.exe	Offline	exe RemcosRAT	abuse_ch
2022-11-20 07:48:09	http://85.208.136.172/KGG.exe	Offline	exe rat RemcosRAT	abuse_ch

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Signature
2022-11-30 11:40:05	0ee05e5c62ae8786f7d318ea48edf16fcc47d6031e13a9dae563ec8efbcb3e56	exe
2022-11-24 16:37:04	4d87f600c35b4b795142195bbe75c8e1a80f3c587c0c5eea6afa20d2f6587861	exe	RemcosRAT
2022-11-23 11:13:04	58c07a9579110d38370f1050906a397ce8692681b20083f335d2f122bc570b80	exe	RemcosRAT
2022-11-23 01:17:03	11f6cb0d750e849618ab6c37df07bef4ca9b1712009eb99c48c42aa1623c13f9	exe	AgentTesla
2022-11-21 12:57:04	9fec5812edfeeb0213c87e2e65222953f9932e773b86d8b1d900576f6ca92761	exe	RemcosRAT
2022-11-20 07:48:04	36ec7e3117bba832beb028a1c41b9d183fe7afab6effccffdf7b03eb7ed385f1	exe	RemcosRAT