URLhaus Database
Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).
Database Entry
| Host: | 104.168.7.52 |
|---|---|
| Firstseen: | 2024-11-05 07:29:04 UTC |
| Total malware sites : | 9 |
| Online malware sites : | 0 (0%) |
| Offline Malware sites : | 9 (100%) |
IP addresses
The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.
| Firstseen (UTC) | IP address | Hostname | SBL | ASN | Country | Active? |
|---|---|---|---|---|---|---|
| 2024-11-05 07:29:07 | 104.168.7.52 | 104-168-7-52-host.colocrossing.com | Not listed | AS36352 AS-COLOCROSSING |  US | yes |
Malware URLs
The table below shows all malware URLs that are associated with this particular host.
| Dateadded (UTC) | URL | Status | Tags | Reporter |
|---|---|---|---|---|
| 2024-11-10 10:51:07 | http://104.168.7.52/120/LLGLK.txt | Offline | Loki  rev-base64-loader |  abus3reports |
| 2024-11-09 12:53:04 | http://104.168.7.52/130/seethebestthingsevermad... | Offline | abus3reports | |
| 2024-11-09 08:23:05 | http://104.168.7.52/120/picturewithmebackwithne... | Offline | Loki |  abuse_ch |
| 2024-11-08 07:17:11 | http://104.168.7.52/120/vc/seethegoodthingswhic... | Offline | CobaltStrike Loki RemcosRAT |  Riordz |
| 2024-11-07 15:21:11 | http://104.168.7.52/130/SMPLLEL.txt | Offline | Encoded exe Loki rev-base64-loader rev_base_64 | Riordz |
| 2024-11-07 15:21:10 | http://104.168.7.52/130/uh/seethebestpartentire... | Offline | hta Loki | Riordz |
| 2024-11-05 07:38:07 | http://104.168.7.52/35/SMPLLU.txt | Offline | Loki rev-base64-loader | abus3reports |
| 2024-11-05 07:30:09 | http://104.168.7.52/35/picturewithattitudeevenb... | Offline | Loki | abuse_ch |
| 2024-11-05 07:29:07 | http://104.168.7.52/35/ew/bestgreetingwithbestt... | Offline | hta Loki | abuse_ch |
The table below shows recent payloads delivery by this host.
| Firstseen (UTC) | SHA256 hash | File type | Bazaar | Signature |
|---|---|---|---|---|
| 2024-11-10 10:51:06 | 2c81ba7f9716fbc1aab98d3cbe332f196a0c4ba623a6879e4902adfc5aa38233 | txt | Loki | |
| 2024-11-08 07:17:11 | 3b5f33baf9dbcbe033909735e6238ecf8c3f5aaf915d7298157fb07e034cf2bb | hta | Loki | |
| 2024-11-07 15:21:11 | df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f | txt | Loki | |
| 2024-11-07 15:21:10 | 534eb483ce1b60f8fdaf67d6a9bbbe6b100247860f85706d2a0dbd86e55de528 | hta | Loki | |
| 2024-11-06 03:19:43 | 9c10d345634d09e081eba31fe28bf2c7e64dec5100bae75cd0705711ea8802f2 | hta | Loki | |
| 2024-11-05 07:38:07 | df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f | txt | Loki | |
| 2024-11-05 07:29:06 | 706e2d312d3693ccd38e6b489e13e12db863b723865f7f05580bcdc1c779a342 | hta | Loki |