URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host: 192.3.245.192
Firstseen:2022-05-23 13:37:03 UTC
Total malware sites :5
Online malware sites :0 (0%)
Offline Malware sites :5 (100%)

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)IP addressHostnameSBLASNCountryActive?
2022-05-23 13:37:06 192.3.245.192192-3-245-192-host.colocrossing.comNot listedAS36352 AS-COLOCROSSING- USyes

Malware URLs

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)URLStatusTagsReporter
2022-06-16 06:55:06http://192.3.245.192/191/vbc.exeOfflineexe Loki ext opendir abuse_ch
2022-06-16 06:54:05http://192.3.245.192/190/vbc.exeOfflineexe Loki ext opendir abuse_ch
2022-06-09 10:05:05http://192.3.245.192/211/vbc.exeOffline32 exe Loki ext zbetcheckin
2022-06-09 07:51:05http://192.3.245.192/167/vbc.exeOfflineexe Loki ext opendir abuse_ch
2022-05-23 13:37:06http://192.3.245.192/102/vbc.exeOfflineexe Loki ext opendir abuse_ch

The table below shows recent payloads delivery by this host.

Firstseen (UTC)SHA256 hashFile typeBazaarSignature
2022-06-16 06:55:067d1c63e7b000ba3894af9d2dcde9a7ceefb0a31b6f3bab3fae58005d92668115exeLoki
2022-06-16 06:54:05a08e999b1e5563dbdbc9f48633cff9240c6359cee15056c314224b68a6516572exeLoki
2022-06-09 10:05:059838ba34c89432853bf5f65e0dd54f4f5ca540e886a18b31ab96b007dcbf05d5exeLoki
2022-06-09 07:51:059ff7c6e1141e67646bf9cc1887dd744b764985c26f3b5b70c5b257da1a83c523exeLoki
2022-05-23 13:37:05c9b2f1123369973f964b28ea6ca2d213558d86c6e5aea6a93cbeaf971d4c7a1dexeLoki