URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	103.153.79.104
Firstseen:	2022-01-11 14:17:03 UTC
Total malware sites :	17
Online malware sites :	0 (0%)
Offline Malware sites :	17 (100%)

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2022-01-11 14:17:08	103.153.79.104		Not listed	AS135905 VNPT-AS-VN	VN	yes

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2022-03-11 12:36:33	http://103.153.79.104/365Cloud/csrss.exe	Offline		c_APT_ure
2022-03-11 12:36:33	http://103.153.79.104/win_explorer/csrss.exe	Offline		c_APT_ure
2022-02-08 08:27:05	http://103.153.79.104/Office365/csrss.exe	Offline	exe Loki opendir	abuse_ch
2022-02-04 08:58:06	http://103.153.79.104/win-explorer10/csrss.exe	Offline	exe opendir Quakbot	abuse_ch
2022-02-01 11:50:08	http://103.153.79.104/intelpro/vbc.exe	Offline	32 exe Loki	zbetcheckin
2022-02-01 09:46:07	http://103.153.79.104/explorer/csrss.exe	Offline	Loki lokibot	Anonymous
2022-01-28 08:55:05	http://103.153.79.104/googleCRC/csrss.exe	Offline	exe Loki opendir	abuse_ch
2022-01-27 13:33:07	http://103.153.79.104/glcouldB2/csrss.exe	Offline	exe Loki opendir	abuse_ch
2022-01-26 17:34:06	http://103.153.79.104/gcould/csrss.exe	Offline	32 exe Loki	zbetcheckin
2022-01-26 14:50:06	http://103.153.79.104/couldA9/csrss.exe	Offline	exe Loki opendir	abuse_ch
2022-01-24 07:07:14	http://103.153.79.104/googlecould/csrss.exe	Offline	exe Loki opendir	abuse_ch
2022-01-21 10:26:06	http://103.153.79.104/intel087(R)/csrss.exe	Offline	exe Loki opendir	abuse_ch
2022-01-20 08:29:06	http://103.153.79.104/intel(R)/csrss.exe	Offline	exe Loki opendir	abuse_ch
2022-01-19 17:22:04	http://103.153.79.104/intelpro/csrss.exe	Offline		c_APT_ure
2022-01-18 16:31:05	http://103.153.79.104/oswindows10pro/csrss.exe	Offline	exe Loki opendir	abuse_ch
2022-01-12 09:08:05	http://103.153.79.104/wwindows8/csrss.exe	Offline	exe Loki opendir	abuse_ch
2022-01-11 14:17:08	http://103.153.79.104/windows10/csrss.exe	Offline	Loki lokibot	James_inthe_box

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Signature
2022-02-08 08:27:05	c0a34205dcdb437a5fc7221134ba0ff9708ea90c89734e4654388b2cc830e45d	exe	Loki
2022-02-04 08:58:06	736330aaa3a4683d3cc866153510763351a60062a236d22b12f4fe0f10853582	exe	Quakbot
2022-02-01 11:50:08	ce5a9a9a84c690cb5d2bb2f7089f6777575262eb56a8e066d1bb5a143991efd6	exe	Loki
2022-02-01 09:46:07	98a038df52e018cc039f2807a808c75c85c74f2d0a6dd3f406bec67a83a42aeb	exe	Loki
2022-01-28 08:55:05	d16f89c837232783bc9047364818714d786ba3dd382f62bcbe77ac416f4d4bda	exe	Loki
2022-01-27 13:33:07	2a6d83000aeecac2566e970e0dd21b62779cc32cf7261e9bf9276de5b96a79d1	exe	Loki
2022-01-26 17:34:06	669cbaf863c1884d819bf663114e4e2839d4c27a33cc4479df91b70c62fbbb6b	exe	Loki
2022-01-26 14:50:06	7eba58136282484386fc69526fe5ead87a86d69f806ebc4e221e0879f895bfe4	exe	Loki
2022-01-24 07:07:14	07ee89d7e9f665215c8cb4bb5290b358fe59d33231b7ede4a3cb415afb928054	exe	Loki
2022-01-22 06:53:11	632956665873dc83a8ebc4b2d8f4d0ddbd3e838f867f68db01bb46ebbc5a4f24	exe
2022-01-21 10:26:06	21a1ab9591985a3a8494a76890362732411219d054d580ad195597fb8add76d3	exe	Loki
2022-01-20 08:29:06	b8f4efdf0e587bd2f32fd55618c5f40b5934353699ab6e4288ab47a5acb9e295	exe	Loki
2022-01-19 18:18:22	71350fb9b917fd34c1fa57e81e9a294d0c292c3ac8dc7aa007f121fd8ae9ed98	exe
2022-01-18 16:31:05	1f105502087993709840bc30bc022d2d5b54e4db4351435e44034e26a4d48fbb	exe	Loki
2022-01-12 09:08:05	3ed48959f718691c6c915222ce6fdb43adbfa637684e953a5a7558aae4c9cd68	exe	Loki
2022-01-11 14:17:07	291df8186e62df74b8fcf2c361c6913b9b73e3e864dde58eb63d5c3159a4c32d	exe	Loki