URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	107.172.81.7
Firstseen:	2023-03-03 14:11:04 UTC
Total malware sites :	4
Online malware sites :	0 (0%)
Offline Malware sites :	4 (100%)

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2023-03-03 14:11:11	107.172.81.7	107-172-81-7-host.colocrossing.com	Not listed	AS36352 AS-COLOCROSSING	US	yes

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2023-03-06 10:18:06	http://107.172.81.7/1522/vbc.exe	Offline	exe Loki opendir	abuse_ch
2023-03-04 05:50:06	http://107.172.81.7/cc............................	Offline	RTF	zbetcheckin
2023-03-03 15:33:05	http://107.172.81.7/2030/vbc.exe	Offline	exe Loki opendir	abuse_ch
2023-03-03 14:11:11	http://107.172.81.7/2031/vbc.exe	Offline	Loki lokibot	James_inthe_box

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Signature
2023-03-06 10:18:05	213733de61216a784d1133b8fcfcf7fdb5df435edad425bb3476b250a86e18f8	exe	Loki
2023-03-04 05:50:06	46e413bc266891295b80f03d7fc987bde2d18f979a0709942d7d799ef787ba9b	rtf
2023-03-03 17:42:44	8b5d2f25a3b2c3ca76ff1815a0a45442bd4e1e8b74709af37670208f397f4ad5	exe	Loki
2023-03-03 15:33:05	99e2a2ff576947884f1b3019b01893b5e1df07e20187c9de9f274bbb971118db	exe	Loki
2023-03-03 14:11:05	ef683b83b977511f40064d0b2b35c9147c5eb3b0b54fa538be2147fef93b3089	exe	Loki