URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host: 103.99.0.198
Firstseen:2022-05-08 23:34:03 UTC
Total malware sites :8
Online malware sites :0 (0%)
Offline Malware sites :8 (100%)

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)IP addressHostnameSBLASNCountryActive?
2022-05-08 23:34:07 103.99.0.198Not listedAS135905 VNPT-AS-VN- VNyes

Malware URLs

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)URLStatusTagsReporter
2022-05-19 15:41:06http://103.99.0.198/data_on_space/.wininit.exeOffline32 exe Loki ext zbetcheckin
2022-05-19 15:28:12http://103.99.0.198/winstream/.wininit.exeOffline32 exe Loki ext zbetcheckin
2022-05-19 13:51:07http://103.99.0.198/cloudprotect/.wininit.exeOfflineexe Loki ext opendir abuse_ch
2022-05-19 13:51:06http://103.99.0.198/filespace/.wininit.exeOfflineexe Loki ext opendir abuse_ch
2022-05-13 14:54:05http://103.99.0.198/__cloud_for_file/.wininit.exeOfflineexe Loki ext opendir abuse_ch
2022-05-12 07:14:06http://103.99.0.198/cloudfile/.wininit.exeOfflineexe Loki ext opendir abuse_ch
2022-05-10 02:49:06http://103.99.0.198/365space/.wininit.exeOffline32 exe Loki ext zbetcheckin
2022-05-08 23:34:07http://103.99.0.198/clouddoc/.wininit.exeOffline32 exe Loki ext zbetcheckin

The table below shows recent payloads delivery by this host.

Firstseen (UTC)SHA256 hashFile typeBazaarSignature
2022-05-21 04:49:512ba7d857f119b274629611a9d7ebe765008ea58b3644c15e1b7537a2686349a9exe  
2022-05-19 15:41:069d9207135413e04505d2b2bd706d98fd502d6744cddd02df91eada0ffa0dfe8cexeLoki
2022-05-19 15:28:129d9207135413e04505d2b2bd706d98fd502d6744cddd02df91eada0ffa0dfe8cexeLoki
2022-05-19 13:51:07b5431e883d9ab03de5c5ef11015f14375e97b5f5ac13a5dc6ff3ea7da730239eexeLoki
2022-05-19 13:51:069d9207135413e04505d2b2bd706d98fd502d6744cddd02df91eada0ffa0dfe8cexeLoki
2022-05-15 23:11:1082bad855f93e4c83a4c31ae2b11e7a9cb0e7802b665aa7ed789d3c4a1f4182ddexeLoki
2022-05-13 14:54:05c34db222388b0ac3b10e12c1e05f170582d4c62432a1eda3bf50cb72dd5cfac6exeLoki
2022-05-12 07:14:06757fc87b84637e676cdde3f95c42fbead2a1cce23c9b0b8026bc16787c12d216exeLoki
2022-05-11 23:51:59757fc87b84637e676cdde3f95c42fbead2a1cce23c9b0b8026bc16787c12d216exeLoki
2022-05-11 23:39:22757fc87b84637e676cdde3f95c42fbead2a1cce23c9b0b8026bc16787c12d216exeLoki
2022-05-11 23:01:23db6e5c5a36f68f6857d8d55939c66418dbb02d55644e05e99eae8849427f5f65exe  
2022-05-11 22:55:30db6e5c5a36f68f6857d8d55939c66418dbb02d55644e05e99eae8849427f5f65exe  
2022-05-10 02:49:063fbfb6caff4c69d46006ac7437215a735163505df75d6e27d805de739001cc4fexeLoki
2022-05-10 01:04:563fbfb6caff4c69d46006ac7437215a735163505df75d6e27d805de739001cc4fexeLoki
2022-05-09 22:15:208ed4522efe2442d50508bde3dab7bf11f630555eeb2fd453cafbd339b6d0f8d6exeLoki
2022-05-08 23:34:06ac6f7571c4ce13a3cac40119e91c79961abdf578b2f085af53c316c6943ffbb5exeLoki