URLhaus Database

You are currently viewing the URLhaus database entry for http://87.120.120.56/crypt/IK.ps1 which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	3425213
URL:	http://87.120.120.56/crypt/IK.ps1
URL Status:	Offline
Host:	87.120.120.56
Date added:	2025-02-03 06:57:04 UTC
Last online:	2025-02-13 11:XX:XX UTC
Threat:	Malware download
Reporter:	abuse_ch
Abuse complaint sent (?):	Yes (2025-02-03 06:58:06 UTC to abuse{at}zhongguancun[dot]asia)
Takedown time:	10 days, 5 hours, 1 minutes (down since 2025-02-13 11:59:52 UTC)
Tags:	ascii Formbook opendir powershell ps1

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT
2025-02-11	n/a	ps1	7d10c371c7e131dda8b435b80c44dbcc9b64482477733c9ba4f6c557b7958219	n/a
2025-02-10	n/a	ps1	9816ae6d452b98cb99b1875e0fe3d3bdc04972eb1f07b5994baf58adf15facf2	n/a
2025-02-05	n/a	ps1	b8980a83158d08ba21de39b3573900047c5593fdaf8736a73bc9cdb2976194e8	n/a
2025-02-04	n/a	ps1	b71234456bb117c0ddb29a1fdb1222cad1ec51e9ff67b0d52a79357b214c8841	n/a
2025-02-03	n/a	ps1	885ed5b4625cc9dcc972bdb26e315d21d9f47d2a71db7fb603bdc04c7ee897ca	n/a
2025-02-03	n/a	ps1	1a12e9ddf2d8679ad432ea2fdf0ac183c574d9fb955cd3f9b1874fb9d772fb40	31.15%