URLhaus Database

You are currently viewing the URLhaus database entry for http://195.20.16.153/svchost.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry



Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:2736778
URL: http://195.20.16.153/svchost.exe
URL Status:Offline
Host: 195.20.16.153
Date added:2023-12-02 16:55:09 UTC
Last online:2024-05-04 20:XX:XX UTC
Threat:Malware download Malware download
Reporter: abuse_ch
Abuse complaint sent (?): Yes (2023-12-02 16:56:05 UTC to support{at}zerohost[dot]network)
Takedown time:5 months, 4 days, 3 hours, 25 minutes Bad (down since 2024-05-04 20:21:07 UTC)
Tags:BVnUqo--FernandoKappuccino Lumma njRAT link zgRAT

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2024-04-27n/aexe ddc874791d93bf8107dfa98b1f025cc05375d420c59563128b2d8596a571465fn/a 
2024-04-25n/aexe 68e1a8039024a9950099e6447197ae941db2f324c7661c2c275a37696f2d3cden/a 
2024-03-20n/aexe 19dfa0465e5488ed7811f07b7860757f4d4ad0314426aec678b45f37fa99d41dn/a 
2024-03-19n/aexe be3b53173c4781cb2447dc7280684a884cb65d5e54af52807dd64493494d2e35n/a 
2024-03-18n/aexe c46d1216e7e77c58f65d886c44aa08f9201722042db3afb982582a2c03584e5dn/a 
2024-03-18n/aexe 25006d905981dca37f6b3f4a3d1f6e6fe423da146c8c9b68550f022f11f463b2n/a 
2024-03-18n/aexe 876b6e8b524f51bb3b650838da3859b4194f4093f56458fe2564450397ce4d84n/a 
2024-03-17n/aexe 57a16956410980f78cd7f150ecfb0bc354b38d079058d74160f562dc6114e3a3n/a 
2024-03-16n/aexe 64edff45b16efb51ba982798646b1053516cf2a4e8762ed4415739b43a524309n/a 
2024-03-16n/aexe 505c9510418cf9bd2d75f2770f451533561ee670f154034277bc645f1e8efd0bn/a 
2024-03-16n/aexe f578bd287c6e5c5accd9d6bbabe4cb344677de78e31221d4b168aa5018629394n/a 
2024-03-15n/aexe 028511b48889e0ec05045b5d554fb2752108fa2839843357005fafe8799a2ac1n/a 
2024-03-14n/aexe 31de002383b766bb5363042e6b43b71745e07144e0b8e2917b78cb80e4117d70n/a 
2024-03-14n/aexe 2e5efac3b3dd32c84eea2bb1929bb4cab7ef53ab803d7b703ec6b1c97d786379n/a 
2024-03-14n/aexe d96ee27c4ed8d39771c93186f7bcdedb7d1db87b299148c1d21a249acb4325f2n/a 
2024-03-09n/aexe 36fb77c427020d85e61482f25c7e8127221e1d48c358be97728068e6a487b711n/a 
2024-02-19n/aexe 85678c213dc5d11411070297d3e899c3c052dee7a2ff1a0ccc26990c7c5f9aa3n/azgRAT
2024-01-24n/aexe 9fa53b063ede5c4a7d1d54a6d296a04073854a7d990f2802c16016ca79d31ddfn/a zgRAT
2024-01-11n/aexe 0715f3210c4a1ec5e15a7fc8e4121b8046529addd83f272d68fe6f13fbd1f05fn/a njrat
2023-12-02n/aexe 6ad9ac5ab7a0071a789065d1fe2fde732d88be8faaf4e875e3097157bee34d38Virustotal results 78.87%njrat