URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	202.55.134.54
Firstseen:	2021-10-14 11:07:03 UTC
Total malware sites :	13
Online malware sites :	0 (0%)
Offline Malware sites :	13 (100%)

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2021-10-14 11:07:13	202.55.134.54		SBL534430	AS63737 VIETSERVER-AS-VN	VN	yes

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2021-11-09 04:50:10	http://202.55.134.54/3331/vbc.exe	Offline	exe Loki lokibot LokiPWS	AndreGironda
2021-11-08 09:23:06	http://202.55.134.54/2228/vbc.exe	Offline	exe Loki opendir	abuse_ch
2021-11-04 06:02:06	http://202.55.134.54/08888/vbc.exe	Offline	exe Loki opendir	abuse_ch
2021-11-02 08:23:07	http://202.55.134.54/77077/vbc.exe	Offline	exe Loki opendir	abuse_ch
2021-11-01 09:16:07	http://202.55.134.54/0077/vbc.exe	Offline	exe Loki opendir	abuse_ch
2021-10-25 07:09:17	http://202.55.134.54/0010/vbc.exe	Offline	exe Loki opendir	abuse_ch
2021-10-25 06:17:11	http://202.55.134.54/009/vbc.exe	Offline	Formbook	AndreGironda
2021-10-22 08:37:14	http://202.55.134.54/005/vbc.exe	Offline	exe Loki opendir	abuse_ch
2021-10-21 08:48:12	http://202.55.134.54/005005/vbc.exe	Offline	exe Formbook opendir	abuse_ch
2021-10-21 08:35:14	http://202.55.134.54/0098900/vbc.exe	Offline	exe Loki opendir	abuse_ch
2021-10-18 08:21:09	http://202.55.134.54/0090090/vbc.exe	Offline	exe Loki opendir	abuse_ch
2021-10-14 13:51:06	http://202.55.134.54/008008/vbc.exe	Offline	32 exe Formbook	zbetcheckin
2021-10-14 11:07:13	http://202.55.134.54/005000/vbc.exe	Offline	exe Formbook opendir	abuse_ch

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Signature
2021-11-09 04:50:10	282b2c8f35139c3a89785d6f043b15ae8d6eed0c9e6242382a4a6ec153bbeca6	exe	Loki
2021-11-08 09:23:06	08a432fce2ce0eddb6a02573a6a44d4a443f4476fd9a7f9902386747c4f38de5	exe	Loki
2021-11-04 06:02:06	cffbf152c52afdee21ac3423d65f5d6a947342dfb1dd3871c18c8148713c02bc	exe	Loki
2021-11-02 08:23:07	5342d363c887bc5df6640a5d0a7ae4dc5c9344615df002af7dbbb8aa7e669967	exe	Loki
2021-11-01 11:37:02	3caadf2ce7381843382ab0757f22d2cb3a699b1e055163dd44c204c9834c4a4b	exe
2021-11-01 09:16:07	2ef14b8f3874b9f72e814af5e868f30973c3e9db9f812d037fb3485f1487eca9	exe	Loki
2021-10-29 00:44:05	99d9efe5477edafdec137e05fac1b92e37a4a2fde0d65d80859fe0fb046620b9	exe	Loki
2021-10-28 15:31:50	f2d2638afb528c7476c9ee8e83ddb20e686b0b05f53f2f966fd9eb962427f8aa	exe
2021-10-25 07:09:17	6b52710407ef9ac5e2f4054b1faddb2d3a935f5e8c0ca1ec15a7dcf56aa4368f	exe	Loki
2021-10-25 06:17:10	f2d2638afb528c7476c9ee8e83ddb20e686b0b05f53f2f966fd9eb962427f8aa	exe
2021-10-22 08:37:14	2587179c5c51388c763787aaf3449a1c61b710db165a53ffb7510c1eadfebf01	exe	Loki
2021-10-21 08:48:12	0997b2cc23e6aa9743c78ccaba88fb036bc03937011a12bbb367e6b457461c0b	exe	Formbook
2021-10-21 08:35:14	7cf06b90a5f6e000c6ba7d7af40eddbf37c90f6b17fe4bf4069260856a33525c	exe	Loki
2021-10-18 08:21:09	9149dc6a1571916bf7077d6bed5b4758613b5a4cba36349dfd3433e1bbafae5e	exe	Loki
2021-10-14 13:51:06	ad1a7132112ed0a17f526989f2f50b61a43c71180de093582866b4541c24adc7	exe	Formbook
2021-10-14 11:07:10	f6d328b383e179f3c0918c3e97964151319444ea9f22e0d667c831dfe8d26069	exe	Formbook