URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	94.156.66.100
Firstseen:	2024-08-06 18:28:04 UTC
Total malware sites :	19
Online malware sites :	0 (0%)
Offline Malware sites :	19 (100%)

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2024-08-06 18:28:07	94.156.66.100		Not listed	AS50837 CLOUDSIGMA-AS	SA	yes

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2024-08-06 18:28:44	http://94.156.66.100:8080/systems.tar.gz	Offline	opendir	abus3reports
2024-08-06 18:28:34	http://94.156.66.100:8080/.old/server.py	Offline	opendir	abus3reports
2024-08-06 18:28:21	http://94.156.66.100:8080/KoviD.tar.gz	Offline	opendir	abus3reports
2024-08-06 18:28:20	http://94.156.66.100:8888/%2477tor.exe	Offline	opendir	abus3reports
2024-08-06 18:28:16	http://94.156.66.100:8888/%2477xmrig.exe	Offline	opendir	abus3reports
2024-08-06 18:28:16	http://94.156.66.100:8080/server.py	Offline	opendir	abus3reports
2024-08-06 18:28:14	http://94.156.66.100:8080/xmrig-tor.tar.gz	Offline	opendir	abus3reports
2024-08-06 18:28:14	http://94.156.66.100:8888/Install.exe	Offline	opendir	abus3reports
2024-08-06 18:28:13	http://94.156.66.100:8888/libstdc%2B%2B-6.dll	Offline	opendir	abus3reports
2024-08-06 18:28:13	http://94.156.66.100:8888/libgcc_s_dw2-1.dll	Offline	opendir	abus3reports
2024-08-06 18:28:13	http://94.156.66.100:8888/old/system.vbs	Offline	opendir	abus3reports
2024-08-06 18:28:12	http://94.156.66.100:8888/admin.bat	Offline	opendir	abus3reports
2024-08-06 18:28:12	http://94.156.66.100:8888/old/curl-rk-script.sh	Offline	opendir	abus3reports
2024-08-06 18:28:10	http://94.156.66.100:8888/server.py	Offline	opendir	abus3reports
2024-08-06 18:28:10	http://94.156.66.100:8888/old/server.py	Offline	opendir	abus3reports
2024-08-06 18:28:08	http://94.156.66.100:8888/lib.bat	Offline	opendir	abus3reports
2024-08-06 18:28:08	http://94.156.66.100:8888/old/rk-script.sh	Offline	opendir	abus3reports
2024-08-06 18:28:08	http://94.156.66.100:8080/xmrig-hiding.tar.gz	Offline	opendir	abus3reports
2024-08-06 18:28:07	http://94.156.66.100:8888/WinRing0x64.sys	Offline	CoinMiner exe opendir sys VulnDriver xmrig	abus3reports

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type
2024-08-06 18:28:44	ebbcb623a7cb71513c0b9630cc9df804b25d13c61f07c2b1d15a2e6840090855	unknown
2024-08-06 18:28:21	a4e046cce456e0f40d73c7484b89703ede97d327255734e8de0dd4eaf47c4dd4	unknown
2024-08-06 18:28:19	262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5	exe
2024-08-06 18:28:16	810838fe05bf0fac2ca9659efa6d2d5bb6f0e324ce9330ad1ba6ec636844fb84	exe
2024-08-06 18:28:14	bef6981d4927e5d446076c4e29ff90e2125d6f77687c85622996ad5175a16cd0	exe
2024-08-06 18:28:14	5754ecf4c73de38e6d0a7647ea34cdad9219fc91dc1172373d453ef25260233f	unknown
2024-08-06 18:28:13	d0de05720c15f6b7105b90eaf005952beb73161df5d1b24eecd5bb892e1c6c8e	dll
2024-08-06 18:28:13	a46d1688b40cf546234c816c2385978a7ecc8b3f97ae8c29aae5a42c7ce2d3dd	dll
2024-08-06 18:28:12	b37a1a08fb93beaa18a4f58eedc732db49ecb8d120bc772e318115c4a0e54e4f	sh
2024-08-06 18:28:12	81171760beda5cf432f61f4af044f785bc4548bb05fd0730042944cd854aa49f	bat
2024-08-06 18:28:12	bafd74790fa95d49afac2710dd231ec413dfd0078b57efd75e20704e28a36fe8	txt
2024-08-06 18:28:07	11bd2c9f9e2397c9a16e0990e4ed2cf0679498fe0fd418a3dfdac60b5c160ee5	exe
2024-08-06 18:28:07	c88135d99e68bc90db85c95810e4297a4f0a685bb364d5456153d126d0f76e46	unknown
2024-08-06 18:28:07	bfa36b7d04e2dcd9d1d8c275e3cdf2bc62e2ea96ddb5910cc3ac393ea1ff9e7f	sh
2024-08-06 18:28:07	3792a3762b5dd1e130f052ac0d5d1e7992aebbfa6568c0e48060b507b5b1f400	bat