URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2021-10-21 18:13:04	192.227.228.37	amrutgers.com	Not listed	AS36352 AS-COLOCROSSING	US	yes

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2021-11-22 16:51:05	http://192.227.228.37/588885/vbc.exe	Offline	AgentTesla exe	abuse_ch
2021-11-16 14:11:04	http://192.227.228.37/5444/vbc.exe	Offline	exe Loki opendir	abuse_ch
2021-11-15 08:48:05	http://192.227.228.37/7776/vbc.exe	Offline	exe Loki opendir	abuse_ch
2021-11-08 09:24:04	http://192.227.228.37/1119/vbc.exe	Offline	exe Loki opendir	abuse_ch
2021-10-25 07:09:05	http://192.227.228.37/009/vbc.exe	Offline	exe Loki opendir	abuse_ch
2021-10-21 18:13:05	http://192.227.228.37/005/vbc.exe	Offline	exe Loki opendir	abuse_ch

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2021-11-22 16:51:05	7e95915b3b6422ea0b94894c60ae2595756dd9c0b5fd2688b552ae8b455245e7	exe
2021-11-16 14:11:04	baa7a0fc43efac46f018eea0d3affe838754c5d375a1f3e9924a849c9d4b6ebc	exe		Loki
2021-11-15 08:48:05	c6030629e95fca38d4916ce79c7ef1424675cd8403d0e88b36b647df612c33f3	exe		Loki
2021-11-08 09:24:04	c996958847954d1197a2214aa5d513d58c4367b9813b8124bf77d52711c3b83c	exe		Loki
2021-10-25 07:09:05	56c19e2e628b52c856c87a84e8bd57ddda5f5003c0632382f1d313be307b4cde	exe		Loki
2021-10-21 18:13:04	463688d6dfb7d1afcb6e3b13110542de17dd81cd271a79beb55d2916b5563c4c	exe		Loki