URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host: 101.37.34.164
Firstseen:2024-12-13 08:48:04 UTC
Total malware sites :6
Online malware sites :0 (0%)
Offline Malware sites :6 (100%)

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)IP addressHostnameSBLASNCountryActive?
2024-12-13 08:48:07 101.37.34.164Not listedAS37963 ALIBABA-CN-NET- CNyes

Malware URLs

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)URLStatusTagsReporter
2024-12-30 22:42:06http://101.37.34.164:9000/1.batOfflineopendir DaveLikesMalwre
2024-12-16 17:37:18https://101.37.34.164:47535/02.08.2022.exeOfflinecensys CobaltStrike ext shellcode NDA0E
2024-12-16 11:17:08http://101.37.34.164:9000/nohup.outOfflineopendir abus3reports
2024-12-16 11:17:04http://101.37.34.164:9000/2.exeOfflineopendir abus3reports
2024-12-13 08:48:14http://101.37.34.164:9000/1.exeOfflineCobaltStrike ext malware opendir Joker
2024-12-13 08:48:07http://101.37.34.164:9000/3.exeOfflineCobaltStrike ext malware opendir Joker

The table below shows recent payloads delivery by this host.

Firstseen (UTC)SHA256 hashFile typeBazaarSignature
2024-12-30 22:42:06ce0687a3078756b837540ad76edc2dced4711146a67556822b6cefd61c07b06ebat 
2024-12-16 17:37:1887d5c0313c6c35fede137b19707896f1c9f94fb5d01d8532a4ece497df38b2fdunknown  
2024-12-13 08:48:143f5ec924b13c5618c7a5b6cabfd25feaa105ddb199cf3b878034c0d181842a4cexeCobaltStrike
2024-12-13 08:48:075e1945f75e150219770e0e9537fc7674ebeb80a1c207982488c8d1d9e9334607exeCobaltStrike