URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	104.168.32.66
Firstseen:	2022-01-03 12:40:03 UTC
Total malware sites :	13
Online malware sites :	0 (0%)
Offline Malware sites :	13 (100%)

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2022-01-03 12:40:05	104.168.32.66	104-168-32-66-host.colocrossing.com	Not listed	AS36352 AS-COLOCROSSING	US	yes

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2022-03-02 19:08:05	http://104.168.32.66/__cloud88save/.csrss.exe	Offline	exe Loki opendir	abuse_ch
2022-03-01 09:08:04	http://104.168.32.66/cloud_save/.csrss.exe	Offline	exe Loki opendir	abuse_ch
2022-02-28 03:07:05	http://104.168.32.66/space360/.csrss.exe	Offline	exe Loki lokibot LokiPWS	AndreGironda
2022-02-25 06:07:04	http://104.168.32.66/mscloudX_/.csrss.exe	Offline	exe Loki	abuse_ch
2022-02-24 08:22:05	http://104.168.32.66/365cloud/.csrss.exe	Offline	exe Loki opendir	abuse_ch
2022-02-23 12:51:04	http://104.168.32.66/cloudspace__/.csrss.exe	Offline	exe Loki opendir	abuse_ch
2022-02-22 15:34:05	http://104.168.32.66/_spaceX2__/.csrss.exe	Offline	exe Loki lokibot LokiPWS	AndreGironda
2022-01-12 11:04:05	http://104.168.32.66/5500/vbcff.exe	Offline	32 AgentTesla exe	zbetcheckin
2022-01-12 09:16:06	http://104.168.32.66/6600/vbc.bk.exe	Offline	exe opendir	abuse_ch
2022-01-12 09:15:05	http://104.168.32.66/6600/vbc.exe	Offline	exe Loki opendir	abuse_ch
2022-01-10 15:28:06	http://104.168.32.66/5500/vbc.bk.exe	Offline	exe opendir	abuse_ch
2022-01-10 15:27:04	http://104.168.32.66/5500/vbc.exe	Offline	AgentTesla exe opendir	abuse_ch
2022-01-03 12:40:05	http://104.168.32.66/20222/vbc.exe	Offline	exe Loki	abuse_ch

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Signature
2022-03-03 01:01:00	c112d1b9929f4ab49266606f30b7a3bf303de2f4e35dd237fcd397f193a1084b	exe	Loki
2022-03-02 19:08:05	87e99c12ae59079e3c1eb5ad0d43ceaf907f0eae3dcebe0d33fd17f3f42b7d48	exe	Loki
2022-03-02 02:51:04	a5114e067779f3d996b8065d548337e86c69212fa29b1fb0a814f383baa1f7ca	exe	Loki
2022-03-01 09:08:04	80b3d09d590350e23fc0d25b2e71f3f038a741503bab97caac2a9287474f8d7c	exe	Loki
2022-02-28 07:45:29	25da3411fc286610b0eb8361fb1eda38ee4e260c0379a685bb84906b31d7041f	exe	Loki
2022-02-28 05:33:08	a7b27ce151d02e27ff6c9de281223ffcddc11284a4056729d1a305fed2e43639	exe	Loki
2022-02-28 03:07:05	0ca32832b9e27eb9eb610e5cbf53d25e34cb06b6b0edd1b024b6762e8455799b	exe	Loki
2022-02-25 06:07:04	dfd1a15b039b2d2769b3e8ef711caa33b1fbc58a75da4c734517b2001a506ca0	exe	Loki
2022-02-24 10:00:36	dd555b4b4a68ce3505b66201f994671b3887ab2ff4b3278f2098a20d6057c918	exe	Loki
2022-02-24 08:22:05	e47e6723411dc62dcf6e313eaea8678871b21330a18ea4a74dc2bab245239049	exe	Loki
2022-02-23 12:51:04	05e9a8f33a8a378d7d2232155b1e41835293f7afcb007d18c9fcc001f61944a9	exe	Loki
2022-02-22 15:34:05	f325f118ddd27282969ef3c04032349cfeacf3dc7932f0443d6126a4788cbbda	exe	Loki
2022-01-12 11:04:05	1e4ef20cf1e89bb608d1ace96727cad4f443f60a3b41f2cfbbd9a62c262f4c3f	exe	AgentTesla
2022-01-12 09:16:06	f2d2638afb528c7476c9ee8e83ddb20e686b0b05f53f2f966fd9eb962427f8aa	exe
2022-01-12 09:15:05	965de97271f1f38f4a967f5301237a77b00fb891065a96b9eb2fcc1702e4a512	exe	Loki
2022-01-10 23:39:57	98c980da43f065cacb122d67ea26a4761e9df9528936b96f45fb92d33e8e0b5e	exe
2022-01-10 15:28:06	f2d2638afb528c7476c9ee8e83ddb20e686b0b05f53f2f966fd9eb962427f8aa	exe
2022-01-10 15:27:04	1e4ef20cf1e89bb608d1ace96727cad4f443f60a3b41f2cfbbd9a62c262f4c3f	exe	AgentTesla
2022-01-03 12:40:04	d75f3fa994fec99e6ea86198ce856501a41e70f61b668faf58a233f5c7e6806d	exe	Loki