URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	20.51.217.113
Firstseen:	2021-12-09 13:53:03 UTC
Total malware sites :	28
Online malware sites :	0 (0%)
Offline Malware sites :	28 (100%)

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2021-12-09 13:53:04	20.51.217.113		Not listed	AS8075 MICROSOFT-CORP-MSN-AS-BLOCK	US	yes

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2022-03-11 12:36:34	http://20.51.217.113/xse/Feeut.log	Offline		c_APT_ure
2022-03-11 12:36:33	http://20.51.217.113/gou/examle.hta	Offline		c_APT_ure
2022-02-03 13:30:04	http://20.51.217.113/hub/Ngsvpxd.log	Offline	exe	vxvault
2022-02-03 13:24:04	http://20.51.217.113/fc/Xxzjxsyby.exe	Offline	exe Formbook	vxvault
2022-02-03 13:22:05	http://20.51.217.113/ome/Xxzjxsyby.jpg	Offline	exe	vxvault
2022-02-02 10:54:05	http://20.51.217.113/vv/dcs.exe	Offline	32 AveMariaRAT exe	zbetcheckin
2022-01-31 09:26:07	http://20.51.217.113/sub/sub.exe	Offline	AveMariaRAT exe opendir rat	abuse_ch
2022-01-29 09:40:05	http://20.51.217.113/fuue/Feeut.exe	Offline	32 AveMariaRAT exe	zbetcheckin
2022-01-27 13:08:03	http://20.51.217.113/gyg/Edutr.log	Offline	AveMariaRAT encrypted opendir rat	abuse_ch
2022-01-26 21:17:05	http://20.51.217.113/cih/Cihyp.exe	Offline	32 exe Formbook	zbetcheckin
2022-01-26 21:16:04	http://20.51.217.113/ris/ume.exe	Offline	32 AveMariaRAT exe	zbetcheckin
2022-01-26 20:16:04	http://20.51.217.113/Edutr/Edutr.exe	Offline	AveMariaRAT lnk lnk-powershell lnk-ps-hta	c_APT_ure
2022-01-26 19:29:03	http://20.51.217.113/imx/list.hta	Offline	lnk lnk-powershell	c_APT_ure
2022-01-19 15:55:06	http://20.51.217.113/mko/fil.exe	Offline	32 DBatLoader exe	zbetcheckin
2022-01-19 15:55:05	http://20.51.217.113/ivo/Wuhtqscwk.exe	Offline	32 AveMariaRAT exe	zbetcheckin
2022-01-19 15:15:04	http://20.51.217.113/bo/Xjtucvnat.exe	Offline	32 AveMariaRAT exe	zbetcheckin
2022-01-15 09:12:04	http://20.51.217.113/imk/Azouu.jpeg	Offline	AveMariaRAT encrypted opendir rat	abuse_ch
2022-01-15 08:39:04	http://20.51.217.113/wo/Dfflc.jpeg	Offline	AveMariaRAT encrypted rat	abuse_ch
2022-01-14 20:58:04	http://20.51.217.113/js/Dfflc.exe	Offline	32 AveMariaRAT exe	zbetcheckin
2022-01-14 13:40:05	http://20.51.217.113/azu/Azouu.com	Offline	32 AveMariaRAT exe	zbetcheckin
2022-01-07 07:21:33	http://20.51.217.113/tol/images.exe	Offline	exe	abuse_ch
2021-12-28 07:24:04	http://20.51.217.113/tos/docs.exe	Offline	AveMariaRAT exe opendir rat	abuse_ch
2021-12-20 18:27:03	http://20.51.217.113/ncx/ConsoleApp19.exe	Offline	32 AveMariaRAT exe	zbetcheckin
2021-12-20 09:21:03	http://20.51.217.113/mac/mac.exe	Offline	AveMariaRAT exe rat	abuse_ch
2021-12-13 17:42:04	http://20.51.217.113/kcx/ConsoleApp2.exe	Offline	exe Formbook opendir	abuse_ch
2021-12-13 17:42:04	http://20.51.217.113/xvx/ConsoleApp2.bin	Offline	encrypted Formbook opendir	abuse_ch
2021-12-10 06:46:04	http://20.51.217.113/ado/ConsoleApp13.exe	Offline	32 exe Formbook	zbetcheckin
2021-12-09 13:53:04	http://20.51.217.113/mjn/music.exe	Offline	AveMariaRAT exe opendir	abuse_ch

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Signature
2022-02-03 13:30:04	8b7b8ec3a8439459d15ed64dfe7eeeb68748d403c133ff2615f08ac8d61d24c5	unknown
2022-02-03 13:24:04	d54ba0a6fa5afd571a0799253f94562b50d30842a6d66ba1af62419ed7713131	exe	Formbook
2022-02-03 13:22:04	62156a44bffc69462719d3cd14f7eb8fa50c9c5e6a33610c3acc6cdfdec83216	unknown
2022-02-02 10:54:05	799ad611c58e732adb2d296f4f4050b9d7b869ab34272ae51fc2c1c818be33f1	exe	AveMariaRAT
2022-01-31 09:26:07	69142989b11074332c57d4f64b2ce684dbc998af67928c3f38a2f7a6b05644c0	exe	AveMariaRAT
2022-01-29 09:40:05	fb47f25a2cc4590578cf0b81565ad690fc366eb41e8e04a358962287a1b420c3	exe	AveMariaRAT
2022-01-27 13:08:03	0850b5e7249cae2625029105f013b415d727a88dbf7d1f9b570038dbfa95c877	unknown
2022-01-26 21:17:04	d44f233d2ef931ed5471cf2be98fb8c2afd6754200f6a46585c2b3114b05e133	exe	Formbook
2022-01-26 21:16:04	94ca0af32ea93d62fa355e450747ae9755c5dcd09e7b4186cd5bd04d7fc56565	exe	AveMariaRAT
2022-01-26 20:16:04	9d232d11c70c8808c30aeab8912fc3d9b3591a019f3b8bc4fa706c58027c6b08	exe	AveMariaRAT
2022-01-19 15:55:06	1c031e5ad00a53c0138ec05e36045979a920dfabeed6751292c59b695af80291	exe	DBatLoader
2022-01-19 15:55:04	f2734679038b2a166385da83a40a1bb911754ea23221bba831cc9fdee3f171a9	exe	AveMariaRAT
2022-01-19 15:15:04	d7ccb616fe7cb8a33d18db6b40c9221db0d7eab713d189306fd7e7565c5d2da8	exe	AveMariaRAT
2022-01-15 09:12:04	dafe517cf611b0999d51ca110dbc6b6e237a1c71b17a8e10cc0b584f1e71f2e3	unknown
2022-01-15 08:39:04	44949674f45f77ffd9ac1a80759344360bd4b3f6dc1596cfdbcd0fe2dc50f869	unknown
2022-01-14 20:58:04	0f8b4257876ebc535c59a2e876b051446268ccd7c27b3e752ab13a07bec71926	exe	AveMariaRAT
2022-01-14 13:40:05	076912a40250b0642e4aa604aa87af7b7118bda81c747fa65f3ab07048ae5a10	exe	AveMariaRAT
2021-12-28 07:24:04	f732f4cd538d19a8d4e8e24c244d5b3c9bd378208e3369ba8e24c4cc0300b1f7	exe	AveMariaRAT
2021-12-20 18:27:03	270e570dfc6296988b94fab25360e882b2633d90650f533663396491cc714b1f	exe	AveMariaRAT
2021-12-13 17:42:04	1e614cf564bedf5c140013cb4227786b5975d2b61757ed7f9ce8cf5d9fdcffe3	exe	Formbook
2021-12-13 17:42:04	e53e4eedecb47ffc247af575e637eb5c1d7688f7b7c2e07cc88b2efb759a3a7f	unknown
2021-12-10 06:46:04	aea82dc29f0c4463b5d09b61c695b488be9eb1b07e1868c1c4ef72523c853cd9	exe	Formbook
2021-12-09 13:53:03	d4f410bfc8af1bdeae99baae02ea2df264603577df0a36d48701fde4d71fbb77	exe	AveMariaRAT