URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	ormtravel.com
Domain registrar:	GMO Internet
Domain registration date:	2013-05-31 09:30:44 UTC
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Not blocked
AdGuard :	Not blocked
Cloudflare :	Not blocked
ProtonDNS :	Not blocked
OpenBLD :	Not blocked
DNS4EU :	Blocked
Control D HaGeZi :	Not blocked
Firstseen:	2023-06-13 17:52:32 UTC
Total malware sites :	1
A record(s) observed :	2

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2025-04-27 19:24:51	163.44.198.50		Not listed	AS135161 GMO-Z-COM-TH	TH	yes
2023-06-13 17:52:39	163.44.198.42	cpanel03wh.bkk1.cloud.z.com	Not listed	AS135161 GMO-Z-COM-TH	TH	no

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2023-06-13 17:52:39	https://ormtravel.com/iat/	Offline	BB32 geofenced js Qakbot Quakbot USA	Cryptolaemus1

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2023-06-15 15:15:47	9d3683a269d2a0e015bc4ae8a3516b0f378f805c5f910e295bb82f8391062f49	zip		Quakbot
2023-06-15 14:17:46	554cd23e1ded73971d74e091da1ea19ad62c40e05652800ef1a2461656ed6b78	zip		Quakbot
2023-06-15 13:06:16	b6c0cfb04e491d2aafdfd45f6725556d7273cbb2c6490e7de6ac7bfb5199abcf	js		Quakbot
2023-06-15 11:07:11	dd86206484a4459522350b341026bbd7ba271a1c60b2af71ed81e7d981f5201b	js		Quakbot
2023-06-15 10:40:00	b6da8bcd11a54d80dac6eb0be014c87f445fff2c9ac289bb338efb12d7ba116e	js		Quakbot
2023-06-15 08:08:24	7913e0875c1838d4152a78f8cff1f5766fbd61b8f2cc84aeef06366bfa7d47ef	js		Quakbot
2023-06-14 22:15:35	cf59b7b68f3e6679c18db893a7990e97c3c0f712400ba52e2488bb591710279a	js
2023-06-14 13:20:05	663be6530cfc32336c0ef50ef11b41ae3f7fad0d543735fb5fc19c9f8ade29f8	js		Quakbot
2023-06-14 12:35:24	b6486397ece20221c30e7620d661c5dd5911b634831c715818facd9f6e7cd8a5	zip		Quakbot
2023-06-14 11:31:05	f3c89b57ec700157818293b4ab3cc6998e1cc99bce9e06431180baed8e8f8333	js		Quakbot
2023-06-14 10:17:43	e918e17a0a639c0f284a76059249a8398b71eb09bb54e4409fe6ae526a332431	js		Quakbot
2023-06-14 08:36:12	ace189f15cf0a9d4524c9807a5c89842103e12be060ea33e270b0ae5c4c36d53	js
2023-06-14 07:21:03	3b4e67fd941416d3d7c685fa8ce18c84f2b82364abce51234063e2482eeb801b	js		Quakbot
2023-06-14 06:29:16	2dc927c46ac6cd140d42396e6735b2fd513aceaee58df8abce585028c78d98eb	js		Quakbot
2023-06-14 06:16:43	bc7f8a0c0173cdb7fe20372bc4ed888006702d7882dd8a12d619afd70fbf1024	js		Quakbot
2023-06-14 05:28:43	c1635e35e5061a90a5f2ed1ec06b1835ad987bdaf6cb936bd10b1eca1ee3aa84	js		Quakbot
2023-06-14 04:30:47	b3211a16069b7928e1bd457442e5816b09d29ed9baa96db0c8feea2e00069609	js		Quakbot
2023-06-14 03:44:29	0844e94ba68d1390cfd3197f9bf9bdebe3c09041a2de26f8d3f5f5393c03e131	js		Quakbot
2023-06-14 02:07:14	bf21e6cc9e1e759226f1e8a3edcec492015c1636ae1c23a01b471f20a03b47ef	js		Quakbot
2023-06-14 01:59:56	ed907ebfe6f162d5609db5778bb3098592a86f8c8b3dac1c2d5e3eaf938b3a82	js		Quakbot
2023-06-14 00:59:02	cea0787fe709eb7bd1f4572d915f64c70f3fb2d0467373885c3f452c7b7064f7	js		Quakbot
2023-06-13 23:08:08	a03fb947611acd929d3f687dcb4e0ad9d229dd0b13c940713ec8ceb2bf94eded	js		Quakbot
2023-06-13 21:51:29	62356922472019adcfac4e233a2aabc0eca414f713a656412ee5b5a77dcb4658	js		Quakbot
2023-06-13 21:33:52	ff31f3f315d1b88637d95129cfff075d737e697766188d8b72a39a806058f069	js		Quakbot
2023-06-13 20:11:08	b7d3d9170b9c0608e3fdd7305a783e833cb0797041f5c18547800b53269c7a3a	js		Quakbot
2023-06-13 17:52:38	e03dddc50009d64296028b01adaccdb4df369e4dcaac06a1cb0a3acaa046a9c7	js