URLhaus Database
Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).
Database Entry
| Host: | 96.44.159.216 |
|---|---|
| Firstseen: | 2025-09-11 14:47:05 UTC |
| Total malware sites : | 10 |
| Online malware sites : | 0 (0%) |
| Offline Malware sites : | 10 (100%) |
IP addresses
The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.
| Firstseen (UTC) | IP address | Hostname | SBL | ASN | Country | Active? |
|---|---|---|---|---|---|---|
| 2025-09-11 14:47:07 | 96.44.159.216 | 96-44-159-216-host.colocrossing.com | Not listed | AS36352 AS-COLOCROSSING |  CA | yes |
Malware URLs
The table below shows all malware URLs that are associated with this particular host.
The table below shows recent payloads delivery by this host.
| Firstseen (UTC) | SHA256 hash | File type | Bazaar | Signature |
|---|---|---|---|---|
| 2025-10-07 07:17:13 | be251e29d3d059492a6841f043a1ff9a6b778b53f80beee6b675adbb6d7d8a8d | html | RemcosRAT | |
| 2025-09-24 17:03:07 | b6e3aeb15652420e1cb2168e8bed1e51b0bd5cb72e484fbb1aed6354d6ee3ee2 | hta | RemcosRAT | |
| 2025-09-18 14:32:05 | d21366370d4f886c2d4c4f572a3730c3fb12656dd67e0ada8fd97f196c45369c | hta | PureLogsStealer | |
| 2025-09-16 08:31:10 | fe1db4d0748048623affd15250801b749f8616b395c66258ba8ca685ffe5e0b7 | html | RemcosRAT | |
| 2025-09-15 08:28:07 | 5bf63ed5ed8cbc7762a318c8ef7bcc8423a0894a5215d191da0839d3704f8dd4 | txt | ||
| 2025-09-12 14:50:08 | b7166b32928d48798102b536b43f3ee75db1968eade2388a22b94bfc007854e2 | hta | RemcosRAT | |
| 2025-09-12 08:55:09 | 5bf63ed5ed8cbc7762a318c8ef7bcc8423a0894a5215d191da0839d3704f8dd4 | txt | ||
| 2025-09-11 14:47:07 | 9061c74abcc099b38c696f0d2738ad482f39b707cb943babaf20ff9e2f115054 | html | RemcosRAT |