URLhaus Database

You are currently viewing the URLhaus database entry for http://23.249.161.109/jhonvn/vbs.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry




ID:36222
URL: http://23.249.161.109/jhonvn/vbs.exe
URL Status:Offline
Host: 23.249.161.109
Date added:2018-07-26 10:45:46 UTC
Threat:Malware download Malware download
Google Safe Browsing:Clean
Spamhaus DBL:Unknown
SURBL:Not listed
Reporter:@lovemalware
Abuse complaint sent (?): Yes (2018-07-26 10:48:05 UTC to support{at}vpsace[dot]com)
Tags:exe lokibot link Pony link

Payload delivery


The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTSignature
2018-08-21n/aexe d29dd6ddae8bccc7df405c7c020a4702a6e9a96c7ede89ef4307542f15fad0e6n/aDownloader.Pony
2018-08-15n/aexe 650b7391a299356cf872be83681df4999c200eeea6cabfb232ae0409a0dcec5dn/aDownloader.Pony
2018-08-07n/aexe 041bc70bce141c6b7b9db68e56ce764aa453d224b0bc4616c00925ba7e1a6322n/a
2018-07-26n/aexe 4551a59a881d6b2f839d8665ae7f2df44d8e814842ed1d653919dd0775593ad8Virustotal results 50.00%Downloader.Pony