URLhaus Database

You are currently viewing the URLhaus database entry for http://156.253.250.62/uploads/XClient.vbs which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	3420649
URL:	http://156.253.250.62/uploads/XClient.vbs
URL Status:	Offline
Host:	156.253.250.62
Date added:	2025-01-30 23:26:09 UTC
Last online:	2025-02-02 22:XX:XX UTC
Threat:	Malware download
Reporter:	DaveLikesMalwre
Abuse complaint sent (?):	Yes (2025-01-30 23:27:06 UTC to abusepoc{at}afrinic[dot]net)
Takedown time:	2 days, 22 hours, 35 minutes (down since 2025-02-02 22:02:53 UTC)
Tags:	ascii opendir vbs xworm

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2025-02-01	n/a	txt	42941120b46a11360e55a69f5e1acb7b84b52b64d62651976555e7f84ee25042	n/a
2025-02-01	n/a	txt	351b3c39e992d9e9faabb9e98d4540ef5e65ffa40faba64a7f6dcefc24f5efba	n/a
2025-02-01	n/a	txt	b8653049a6f428916c1215edd2331a5720cf2af28b2b5185f41f9226e5a8cf42	n/a
2025-01-31	n/a	txt	1ccc3473a2f5d29645e5f427e5520f496b4c373981d3e5fa12ef4a4ce3086a88	4.92%
2025-01-30	n/a	txt	9323f444027985546bf287c991a42abe1c54a29a8775cda01da9fe7821c516d9	5.00%	XWorm