URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2025-07-25 06:37:05	62.113.66.137	host137-66-113-62.avntg.mts.ru	Not listed	AS60490 MTS-CLOUD	RU	yes

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2025-07-31 10:40:11	http://62.113.66.137/comhost.exe	Offline	Ligolo malware opendir	Joker
2025-07-31 10:40:10	http://62.113.66.137/ServiceUpdateWindows.vbs	Offline	Ligolo malware opendir trojan	Joker
2025-07-25 06:37:11	http://62.113.66.137/WindowsUpdateService.ps1	Offline	opendir	DaveLikesMalwre
2025-07-25 06:37:05	http://62.113.66.137/WindowsUpdateService.vbs	Offline	opendir	DaveLikesMalwre

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2025-08-18 14:31:25	561b9635f3dc9faccf203e4bae11aca8a1e1e4caacbfd7ab7e75f4cfbaabfb50	txt		Ligolo
2025-08-18 14:21:09	9de8bbc961ff450332f40935b739d6d546f4b2abf45aec713e86b37b0799526d	exe		Ligolo
2025-08-08 12:00:33	803bd2bd9f93e6ab794dc7af1686b127c6fc2ddd5bf0e934cda0b582a879ba41	exe
2025-08-04 11:42:25	123901fa1f91f68dacd9ec972e2137be7e1586f69e419fc12d82ab362ace0ba9	exe		Ligolo
2025-08-01 10:56:15	40d4d7b0bc47b1d30167dd7fc9bd6bd34d99b8e0ae2c4537f94716e58e7a5aeb	txt		Ligolo
2025-07-30 17:49:59	821f1ee371482bfa9b5ff1aff33705ed16e0147a9375d7a9969974c43b9e16e8	ps
2025-07-25 06:37:11	0bce0e213690120afc94b53390d93a8874562de5ddcc5511c7b9b9d95cf8a15d	ps