IP report

142.248.80.144

payload staging host

This IP has not connected to our sensors directly. It appears as a malware staging host inside captured payloads.

Referenced in captured payloads

Our honeypots were instructed to download malware from this host. It has not connected to our sensors itself; it appears as the download target inside 1 captured dropper payload.

File	SHA-256	VT	Via	First seen
92945	aa06874309e93840…	32/75	tftp	2026-05-12
hxxp[://]142[.]248[.]80[.]144/lol[.]sh

See all captured payloads →

Try another

Look up a different IP

Or pick from the top 10 attackers live right now.

Build with the data

Get an API key

MCP for Claude / Cursor or raw HTTP JSON-RPC.