URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	107.189.13.118
Firstseen:	2022-02-12 20:02:03 UTC
Total malware sites :	18
Online malware sites :	0 (0%)
Offline Malware sites :	18 (100%)

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2022-02-12 20:02:06	107.189.13.118	lux2.secure.or.id	Not listed	AS53667 PONYNET	LU	yes

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2022-02-20 09:38:04	http://107.189.13.118/u0x	Offline	BillGates ddos elf trojan	Gandylyan1
2022-02-20 09:36:04	http://107.189.13.118/s0x	Offline	BillGates ddos elf trojan	Gandylyan1
2022-02-20 07:18:03	http://107.189.13.118/udp/Mips	Offline		hamz010
2022-02-20 07:18:03	http://107.189.13.118/udp/svcyr.exe	Offline		hamz010
2022-02-20 07:18:03	http://107.189.13.118/udp/ARM6	Offline		hamz010
2022-02-18 21:20:05	http://107.189.13.118/lqarm	Offline	ddos elf mrblack trojan	Gandylyan1
2022-02-18 10:05:04	http://107.189.13.118/ARM6?ddos	Offline	ddos ddos.tf elf trojan	Gandylyan1
2022-02-17 20:29:04	http://107.189.13.118/udp/ARM4	Offline	ddos elf trojan	Gandylyan1
2022-02-16 19:04:04	http://107.189.13.118/wget.sh	Offline	shellscript	Gandylyan1
2022-02-15 09:09:03	http://107.189.13.118//wormr.exe	Offline	ddos exe trojan	Gandylyan1
2022-02-14 13:57:04	http://107.189.13.118/Linux	Offline	ddos elf trojan	Gandylyan1
2022-02-14 13:53:05	http://107.189.13.118/JrLinux	Offline	ddos ddos.tf elf trojan	Gandylyan1
2022-02-14 08:16:33	http://107.189.13.118/svcyr.exe	Offline	exe	hamz010
2022-02-14 08:16:03	http://107.189.13.118/wormr.exe	Offline	exe	hamz010
2022-02-13 17:11:52	http://107.189.13.118/sys	Offline	ddos ddos.tf elf mirai trojan	Gandylyan1
2022-02-12 20:02:06	http://107.189.13.118/Mips	Offline	gafgyt	hamz010
2022-02-12 20:02:06	http://107.189.13.118/ARM4	Offline	arm ddos.tf	hamz010
2022-02-12 20:02:06	http://107.189.13.118/ARM6	Offline	arm ddos.tf	hamz010

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Signature
2022-02-23 08:10:43	de3f30727670d7182f22becd7a91401736d4714b3c920d23965ded7b1e885473	elf
2022-02-20 09:38:04	8191c27aa7d7a53cb39d674dfc6391219a881b5bcadcc45afca76ea10bbf38ae	elf	BillGates
2022-02-20 09:36:04	c02c1a13a04ca7b5786ce763f8c5266f13468c4ef4b826c53206ed88cb7baf94	elf	BillGates
2022-02-19 19:53:04	58a073e83519546ef94b331548839a140d7e8deb7a17556a160c8bdc5691ff31	elf
2022-02-18 21:20:05	6e9f8c3d49e1b4051eac081a8fc4a0ecc474bf76d73787f8cab973ef13a969f3	elf	MrBlack
2022-02-18 10:51:26	d462eb0e7239bd0cc87eb1dbdf4ab6740e660f15a046daf7d11f790293866d4f	elf	DDoS.TF
2022-02-18 10:05:04	d462eb0e7239bd0cc87eb1dbdf4ab6740e660f15a046daf7d11f790293866d4f	elf	DDoS.TF
2022-02-18 08:42:17	40e2d1fd990a3b6b19ca5b1935cb3a78ecd964db5aa4882078e322ed8fc3e5ef	elf
2022-02-18 06:10:03	d031ccff0f469a6e012f3bb219abc4c3109a03db3a1843c57e7f8347f243b201	elf
2022-02-18 04:54:47	69265a572ec73c8e8fdae521632922a227f2df8be5788e37d7174e41d69a1cb9	elf
2022-02-17 20:29:04	40e2d1fd990a3b6b19ca5b1935cb3a78ecd964db5aa4882078e322ed8fc3e5ef	elf
2022-02-16 19:04:04	56162b255de9aaec5fe2cb7acb06b02b95a488855cf7dfb3e99d9ccd5c6d0adb	unknown
2022-02-15 22:43:07	2efef0986635f9c2c6985a72c0aafd41194a9604a7cdffc9c15d833d884e9379	elf	DDoS.TF
2022-02-15 14:49:29	4e16b0c8b551555ffa22b80654c49076993697eeb9d7871eb9dbf45f77d81e93	elf	DDoS.TF
2022-02-15 14:03:07	025cf3a902bf55911a0234599a73e0a95ca635cfb5c2b30475933064eed67e2f	elf	DDoS.TF
2022-02-15 13:58:52	2ebe51616fd5ae107a741fcf4e49f3f059ea59b986e8d0b7f787bd2eb3011ac5	elf	Gafgyt
2022-02-15 13:57:36	28c7cf44b3e807123147ceff617a2939f7a1c5ede1ba93044e93374d2a6e1d43	exe
2022-02-15 09:09:03	e0e4f4581764ecc5c601b8591362abf3bbfaa684cc059fd7fb71572a3621001b	exe
2022-02-15 06:01:29	e22599a0a996b7d936da2b740d83a704e811e7c666c873f9f6c84cb7036e3193	elf
2022-02-15 06:01:29	15f3b1892d0bdc6f9783821e286bdbc29720b0021de7adafa29ef85b38ce0796	elf
2022-02-15 06:01:28	ca0368c9d460a8f2a6b4d90ad3311abe279eba16e4e9554b3d935fec6b3fc91e	elf
2022-02-15 06:01:28	8d92d9fac06779fbd13f548b3ffbe5c119ce0a1a152c92a848e32e961a432b59	elf
2022-02-15 05:53:24	8303301d11b8a8cd955e5c6fb173a3629bc12a3c41ef26a84ccf958b46f5079b	elf
2022-02-15 05:46:11	8ab7dcd16ac2caa1d5c29463246d8ba782028890b3ce6ac722afd0d26f028339	exe
2022-02-15 05:03:01	c9fc78840dc8310cfadfc2432522509dc2af91aa0a91241b34bdbe55bc703a5a	exe
2022-02-15 01:56:59	b92293886392f55a4b6c1ca7cd442245749f681b061d18748914f9182c8fb7e4	elf
2022-02-14 22:21:14	431a06b67e61d63df4df43f1bfa9e95147e045d40e462d63001b48dc034566de	elf
2022-02-14 13:57:04	f17fda9dea90ed6c04bd61176c26b8fc32f00124f47f36ace241597a8b1fa7a6	elf
2022-02-14 13:53:05	6178dbd74b5957692452ebe80136adf90426b146f888b9df5ed6c5581b68c318	elf	DDoS.TF
2022-02-14 07:24:56	c91beacc451682e88c439cc3ab0bbb2e2af4bb8cdedf197d7cf3ebcaef03b29c	elf
2022-02-13 19:20:18	6429f03a90a3e632dd0f7b405cc6372947e5a6d19c944f955376f9efa767c7e2	elf	Mirai
2022-02-13 17:11:52	c6c3eefd08f5543b0c79d2a5233d597c875f67b7a24b5ee29012e0e1b91e5111	elf	DDoS.TF
2022-02-13 04:07:11	a38229eb3e301f801cf632b2b1ce010f89a1fbb84510064249689624987c44ed	elf
2022-02-13 03:53:28	4cabe297785d13503c01acf88ae64ec2ef6b09323a853040d4205b8957387699	elf
2022-02-13 03:08:14	9e1e4965daaccc59995afd6ae26275096c16ec3e385c22a30bb6dcf9b43aa071	elf
2022-02-12 20:02:05	8e841953e5c6086a865a4cfd177a7dc05533978f94d2ad40b7a01e981c6648ea	elf
2022-02-12 20:02:05	5af83dd8c41a0dcbc44ebb5478781c17ae2886e703d6e56c350e47089a192f6d	elf	DDoS.TF
2022-02-12 20:02:05	8e46ab23b077fc9572447491b4190ea140223eb0f9da037619804caa633ddcad	elf	DDoS.TF