URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2022-04-21 08:27:06	103.207.37.94		Not listed	AS135905 VNPT-AS-VN	VN	yes

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2022-05-23 02:21:34	http://103.207.37.94:33572/KUNG/bin.exe	Offline	exe	AndreGironda
2022-04-29 07:19:06	http://103.207.37.94/wndcloud/.wininit.exe	Offline	exe Loki opendir	abuse_ch
2022-04-28 06:56:06	http://103.207.37.94/datachecking/.wininit.exe	Offline	exe Loki opendir	abuse_ch
2022-04-27 07:30:06	http://103.207.37.94/docline/.wininit.exe	Offline	exe Loki opendir	abuse_ch
2022-04-26 04:46:06	http://103.207.37.94/datalog/.wininit.exe	Offline	exe Loki opendir	abuse_ch
2022-04-21 08:27:06	http://103.207.37.94/clouddoc/.wininit.exe	Offline	exe Loki opendir	abuse_ch

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2022-04-29 07:19:06	d0f779b3094169509081933a464adf6aded9401e2f5025659ae077a62490455f	exe		Loki
2022-04-28 06:56:06	521ccdb210774fb91acb91d9d615bd5ce0e3bc437ea239859e9dd7a35fcdf671	exe		Loki
2022-04-27 07:30:06	5df9a9cbdb2300536008053d22b26d1dfef7eea66e35eb5b1dc74af5d1e4aa68	exe		Loki
2022-04-26 04:46:06	116d2d9fdf0c84a4d7f2f8796aa6ba3dc3063af6406daadba0c616e8d1625057	exe		Loki
2022-04-25 22:47:23	116d2d9fdf0c84a4d7f2f8796aa6ba3dc3063af6406daadba0c616e8d1625057	exe		Loki
2022-04-21 08:27:05	f6221f215ed77c7058e664aeeae78ff476a610881fbb6ac78d7d9a8de821eb37	exe		Loki