URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2021-10-29 18:26:04	103.171.0.220		Not listed	AS63737 VIETSERVER-AS-VN	VN	yes

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2021-11-08 16:18:07	http://103.171.0.220/4447/vbc.exe	Offline	Formbook	AndreGironda
2021-11-01 11:34:04	http://103.171.0.220/documents/invoice_00089988...	Offline	RTF	zbetcheckin
2021-11-01 11:10:06	http://103.171.0.220/0077/vbc.exe	Offline	32 exe	zbetcheckin
2021-10-29 19:01:04	http://103.171.0.220/receipt/invoice_008789000.wbk	Offline	RTF	zbetcheckin
2021-10-29 18:27:06	http://103.171.0.220/0011/vbc.exe	Offline	exe Formbook opendir	abuse_ch
2021-10-29 18:26:04	http://103.171.0.220/receipt/0011.wbk	Offline	Formbook opendir RTF	abuse_ch

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2021-11-08 16:18:07	c0fe9fc0898366e738c7e5f93fb9da45e7c521f3fa339ff43d861682264c16a9	exe
2021-11-01 11:34:04	d84d50f6bab632f52dc445025a63d8d5cfd537fefaf380cad2f6710b57939b14	rtf
2021-11-01 11:10:06	022d7091ab57e1d587d6526f78799715e8e43b4d0fc8914161688ce2a1718881	exe
2021-10-29 19:01:04	afb43d1988553bf4fe7f4d9e4422b7c39651259de1ed558628b67cb340aac398	rtf
2021-10-29 18:27:06	eed781a42769761d30787cecd662c5b6ba70589724a456d09ae008e1bd68835f	exe
2021-10-29 18:26:04	3b581601796d4459571b4079419ea4e33065675c4dfb309877bace18fc8d1f63	rtf		Formbook