URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host: 103.94.127.58
Firstseen:2022-01-19 15:17:03 UTC
Total malware sites :16
Online malware sites :0 (0%)
Offline Malware sites :16 (100%)

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)IP addressHostnameSBLASNCountryActive?
2022-01-19 15:17:13 103.94.127.58Not listedAS9341 ICONPLN-ID-AP-ISP- IDyes

Malware URLs

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)URLStatusTagsReporter
2022-04-29 13:59:04http://103.94.127.58/jang.exeOfflineexe Formbook ext abuse_ch
2022-04-14 10:19:07http://103.94.127.58/nemcsa.exeOfflineexe Formbook ext abuse_ch
2022-04-11 07:32:05http://103.94.127.58/ope.exeOfflineexe Formbook ext abuse_ch
2022-04-07 07:36:05http://103.94.127.58/ooc.exeOfflineexe Formbook ext abuse_ch
2022-04-04 15:48:04http://103.94.127.58/macmac.exeOfflineexe Formbook ext abuse_ch
2022-03-29 09:04:05http://103.94.127.58/dhmax.exeOfflineFormbook ext Cryptolaemus1
2022-03-28 07:16:05http://103.94.127.58/iknn.exeOfflineexe Formbook ext abuse_ch
2022-03-24 16:44:05http://103.94.127.58/nasm.exeOfflineexe NanoCore ext abuse_ch
2022-03-21 18:29:14http://103.94.127.58/nnpvol.exeOfflineexe NanoCore ext rat abuse_ch
2022-02-23 12:42:05http://103.94.127.58/max.exeOfflineAgentTesla ext exe abuse_ch
2022-02-07 10:04:08http://103.94.127.58/Oo.exeOfflineAgentTesla ext exe abuse_ch
2022-01-26 19:09:05http://103.94.127.58/sii.exeOffline32 exe Formbook ext zbetcheckin
2022-01-26 13:32:08http://103.94.127.58/bino.exeOfflineAgentTesla ext exe abuse_ch
2022-01-19 18:21:05http://103.94.127.58/cuvo.exeOffline32 exe Formbook ext zbetcheckin
2022-01-19 18:20:06http://103.94.127.58/nuvo.exeOffline32 exe Formbook ext zbetcheckin
2022-01-19 15:17:13http://103.94.127.58/mxvo.exeOfflineAgentTesla ext James_inthe_box

The table below shows recent payloads delivery by this host.

Firstseen (UTC)SHA256 hashFile typeBazaarSignature
2022-04-29 13:59:0451a4706290a1e3d57684d218dc1bc95bb7435ae9108a1d845d6eaa88fdddcb40exeFormbook
2022-04-16 04:08:20d84b6f3b066ab525f9a42b819e618196568925ebe76eafb545ce8376f1ea223cexe 
2022-04-14 10:19:07c8f9dc774ab6e27b3116b72c28e68a88e087bc1648c1a96509c26e33575ba9ccexeFormbook
2022-04-11 07:32:059109f3ebb2adae9285c464b1b111e41d7f2a77ce8f686d98110d788786ef9b70exeFormbook
2022-04-07 07:36:051c2f6b38af555e63c11d8dd6bebf23031802d079556720108ba51d5d87418fdcexeFormbook
2022-04-04 15:48:0438417f3b43b2e2dbc8cd0ddd685198a5b2db8f268a36fdf30322c7acea5b057bexeFormbook
2022-03-29 09:04:0551ca9a86ecb638b2805cd27a752159a05d4a3317c11ea43fb0f0cca78601c8dcexeFormbook
2022-03-28 07:16:05cc7308b7f5cd8fdd0916e83b1463f989c3aa03ef2516c6f2a24db3ebe62a41f3exeFormbook
2022-03-24 16:44:051605f0e74c7088b8a2ca7190b71c83f8dc0381e57d817df3530bda4ac5737511exeNanoCore
2022-03-21 18:29:147322d30c00e551257cc11e0d23d3620944b215c3dc8b48f2294afdcb605656dfexeNanoCore
2022-02-23 12:42:057059762099ba6305d6840c56644eca59ede7f3babfce852d87a4f4963221b5c0exeAgentTesla
2022-02-07 10:04:083c32f39b40085f624b670e46aad9b762c0e379332595c13480a700c320474209exeAgentTesla
2022-01-30 14:53:4343117ea216c62d9b455d3a38ce9c9f54db77121e2a6b865a1c1b0334a93f5db4exe  
2022-01-26 19:09:05f7d92bdb9870269bf1d06047d8dc41b287727612f0de238efbd59ef4767c7b03exeFormbook
2022-01-26 13:32:071b2a20896a6c444a54262ee586d8cf3b5da25c93d12527d6e7eb23053ee87974exeAgentTesla
2022-01-19 18:21:05c6d0861ae7de13673ba678e5460d94433a6a873d461015070cc95fe174015991exeFormbook
2022-01-19 18:20:068392408d685d10ddf024a7e4f47976e03a00fd787bd4ee0932766c4b9b278bc0exeFormbook
2022-01-19 15:17:11841f9f73c023feb0be61101b2c25b5405d7f999a756721d88feb146038c9dbdaexeAgentTesla