URLhaus Database
Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).
Database Entry
| Host: | 95.213.145.101 |
|---|---|
| Firstseen: | 2022-10-17 19:02:03 UTC |
| Total malware sites : | 5 |
| Online malware sites : | 0 (0%) |
| Offline Malware sites : | 5 (100%) |
IP addresses
The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.
| Firstseen (UTC) | IP address | Hostname | SBL | ASN | Country | Active? |
|---|---|---|---|---|---|---|
| 2022-10-17 19:02:34 | 95.213.145.101 | SBL693782 | AS49505 SELECTEL |  RU | yes |
Malware URLs
The table below shows all malware URLs that are associated with this particular host.
| Dateadded (UTC) | URL | Status | Tags | Reporter |
|---|---|---|---|---|
| 2022-10-18 05:46:33 | http://95.213.145.101:8000/64ME_bul/64ME_bul1.exe | Offline | 32 exe MedusaLocker |  zbetcheckin |
| 2022-10-18 05:34:34 | http://95.213.145.101:8000/64ME_bul/64ME_bul2.exe | Offline | 32 exe MedusaLocker Ransomware.MedusaLocker | zbetcheckin |
| 2022-10-18 04:09:34 | http://95.213.145.101:8000/artifact.exe | Offline | 32 CobaltStrike  exe | zbetcheckin |
| 2022-10-17 19:02:34 | http://95.213.145.101:8000/PoshC2.bat | Offline |  abuse_ch | |
| 2022-10-17 19:02:34 | http://95.213.145.101:8000/dropper_cs.exe | Offline | exe XFilesStealer | abuse_ch |
The table below shows recent payloads delivery by this host.
| Firstseen (UTC) | SHA256 hash | File type | Bazaar | Signature |
|---|---|---|---|---|
| 2023-01-12 11:21:46 | a51a7662d835e2db5159392b104f7e30cfa931341d3bf7c30d5667c7c2b3397f | exe | ||
| 2022-11-25 04:37:17 | c8606469227b4753387daac9d45ddeb233f4149d11a5e361284ca6c3c5280bc6 | ps | ||
| 2022-11-16 19:10:35 | f349fe5c2fc7f21ab409c1bf4fda528be3b8c36e66b50bca33c921ed9a399042 | exe | ||
| 2022-10-23 22:36:33 | 2a2f594dc53b5be16a0ca9e5feaa1387012c1e5f1d50a0168aa3991c47966a67 | exe | CobaltStrike | |
| 2022-10-18 08:51:11 | 2e9fceb91d4378a4e67250f0cb633a020be6eb1c57237272a50cb4db36997db7 | exe | MedusaLocker | |
| 2022-10-18 07:00:55 | a533f9ae8f269f97eeb35ddac6d1d955924f6eea1794b8a227457e95cf524d44 | exe | Ransomware.MedusaLocker | |
| 2022-10-17 19:08:00 | 68a2c4cce8c8e8cdf819d8b4f8ab88c0c851fb4ca0dcc07d562a6befc4172380 | exe | XFilesStealer | |
| 2022-10-17 19:07:59 | 56b823c64968f9eb87a57b688e569eb7040501f291be4606cb226ff281eaffb4 | ps |