URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2022-11-16 18:12:11	103.180.133.133		Not listed	AS135905 VNPT-AS-VN	VN	yes

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2022-11-23 06:27:11	http://103.180.133.133/microsoft/vbc.exe	Offline	.net exe msil x64	jstrosch
2022-11-21 10:54:05	http://103.180.133.133/documment/vbc.exe	Offline	exe Formbook opendir	abuse_ch
2022-11-18 23:07:55	http://103.180.133.133/froffice3665/vbc.exe	Offline	AgentTesla exe opendir	abuse_ch
2022-11-18 23:03:18	http://103.180.133.133/office365/vbc.exe	Offline	AgentTesla exe opendir	abuse_ch
2022-11-16 18:12:11	http://103.180.133.133/Gspace/vbc.exe	Offline	exe Formbook opendir	abuse_ch

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2022-11-23 06:27:11	dd0b616d4670cc2a099d29be0e360c74b8bef701612602c360894221057a8ec2	exe
2022-11-21 15:37:28	d3ecc8ef7a03d994e23d81232cd4ef261897208229197f2c9506178b9e91a670	exe		Formbook
2022-11-21 10:54:04	2c20d940cbbd88990618cf5a36c0d5e66c741448be48a8811b8e3084ce23fad4	exe		Formbook
2022-11-18 23:07:55	4da7f43fa70121be771a3049f7c19e864332e5311f14ee1eac2ea25d5349df31	exe		AgentTesla
2022-11-18 23:03:18	8755b249212ed03acf40d6c02894ec5a48f62312d7f4dfb802cb17886d8c922f	exe		AgentTesla
2022-11-16 18:12:08	e29feb7fcc81e09ebf6a86b0d620c54e1a134ab98cbd9c13323bf5a6ae7e9088	exe		Formbook