URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	65.20.105.177
Firstseen:	2026-05-27 20:07:04 UTC
Total malware sites :	4
Online malware sites :	0 (0%)
Offline Malware sites :	4 (100%)

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2026-05-27 20:07:10	65.20.105.177	65.20.105.177.vultrusercontent.com	Not listed	AS20473 AS-VULTR	ES	yes

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2026-05-27 20:07:13	http://65.20.105.177:8080/cloud/Screenshot_25_0...	Offline	lnk ocx opendir WsgiDAV	DaveLikesMalwre
2026-05-27 20:07:12	http://65.20.105.177:8080/cloud/712419111124.ocx	Offline	lnk ocx opendir WsgiDAV	DaveLikesMalwre
2026-05-27 20:07:10	http://65.20.105.177:8080/cloud/mscom.ocx	Offline	lnk ocx opendir WsgiDAV	DaveLikesMalwre
2026-05-27 20:07:10	http://65.20.105.177:8080/cloud/mscomctl.ocx	Offline	lnk ocx opendir WsgiDAV	DaveLikesMalwre

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type
2026-05-27 20:07:10	be7b80f42b0d859b7afaeefca04e46dc10fb5c0a532692bbbfef2924254d1175	dll
2026-05-27 20:07:10	d64a7e0299a537e211114baaa7f1341f5018a1e432d39d6aebb26b1c98c38da2	dll
2026-05-27 20:07:09	6922b319dc96d020738bcf466c4d6d9233e4767b68592e1fd9258a232f166ce1	dll
2026-05-27 20:07:09	a232f568b4a04e9a6914db41d63353019037e8cff4cc3b7af3d692746a32b796	lnk