URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	103.165.81.230
Firstseen:	2025-07-05 00:41:04 UTC
Total malware sites :	17
Online malware sites :	11 (65%)
Offline Malware sites :	6 (35%)
Newest active malware site :	2025-12-12 15:09:34 UTC
Oldest active malware site :	2025-07-05 00:41:06 UTC (Age: 9 months, 1 days, 5 hours, 11 minutes)

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2025-07-05 00:41:06	103.165.81.230		Not listed	AS135097 MYCLOUD-AS-AP	HK	yes

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2025-12-12 15:09:34	http://103.165.81.230:8000/JYso-1.3.6.jar	Online	opendir	juroots
2025-12-12 08:56:45	http://103.165.81.230:8000/JNDIExploit-1.4-SNAP...	Online	opendir	juroots
2025-12-12 07:56:59	http://103.165.81.230:8000/traitor	Online	opendir traitor	juroots
2025-12-12 07:55:10	http://103.165.81.230:8000/linpeas	Online	opendir	juroots
2025-12-12 07:54:10	http://103.165.81.230:8000/exp	Online	opendir	juroots
2025-12-12 07:54:08	http://103.165.81.230:8000/csrss.exe	Online	Metasploit opendir	juroots
2025-12-12 07:54:06	http://103.165.81.230:8000/ek_xz.php	Offline	opendir	juroots
2025-12-12 07:54:06	http://103.165.81.230:8000/hx2.php	Offline	opendir	juroots
2025-12-12 07:54:06	http://103.165.81.230:8000/mem.php	Offline	opendir	juroots
2025-07-05 00:42:17	http://103.165.81.230:8000/asp.gif	Online	opendir	Riordz
2025-07-05 00:41:46	http://103.165.81.230:8000/mianasp.asp	Offline	opendir	Riordz
2025-07-05 00:41:41	http://103.165.81.230:8000/ekaspx.jpg	Online	opendir	Riordz
2025-07-05 00:41:37	http://103.165.81.230:8000/mshell.elf	Online	ConnectBack opendir	Riordz
2025-07-05 00:41:23	http://103.165.81.230:8000/ekasp.jpg	Offline	opendir	Riordz
2025-07-05 00:41:16	http://103.165.81.230:8000/ek.jspx	Online	opendir	Riordz
2025-07-05 00:41:10	http://103.165.81.230:8000/exploit.c	Offline	opendir	Riordz
2025-07-05 00:41:06	http://103.165.81.230:8000/ek.jsp	Online	opendir	Riordz

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Signature
2026-02-04 07:00:47	b2f0c07edc2ba50c40978745f9b0bedc89338c206d3e1e508bf1a0564b499322	zip
2025-12-13 09:15:17	145fea12547e8a3eed5f7be16ce2fdf408908b36d649761dc3e131f4c7fec97a	zip
2025-12-12 08:56:45	14d09d3fec4cd58a62593c612be36c0847f877b285f2e15f46845caed65daff8	zip
2025-12-12 07:56:59	fdfbfc07248c3359d9f1f536a406d4268f01ed63a856bd6cef9dccb3cf4f2376	elf	Traitor
2025-12-12 07:55:10	046f841782518838690b1ad7916ea33c68cd32cfdd9c87aabc7d85425b0f20ed	elf
2025-12-12 07:54:08	6fe0979ca1b04c607246dd18e92c43b1a5ffa4a2d84cb34620b1317a9e547b44	exe	Metasploit
2025-12-12 07:54:08	817dc99600c35a9dd339fc44dadfa343584f9cdb32d022922a1bdf172e5ea7db	elf
2025-08-14 16:09:54	fb9c77e05b5f02fa4a6766bab85778eef19329a9cfb4ca60799378de4b8ac468	txt
2025-08-14 16:08:12	0203701bfd3af57a4f0998ca7485f41bae4f19eacd325acdfe4425d731b8a56e	html
2025-07-05 00:42:17	b38d6c7993c9c511c190c987477650a54a62a69cc634c7d21eaa542282ef8234	unknown
2025-07-05 00:41:41	83b92a98e2df3a7248e9ce5fec93b402229de09134d39604d711f4402bb2836a	unknown
2025-07-05 00:41:36	f9d39bd2cb0da8e023e6a968a515dab56a6b8bc4fec90deb340a7bfbb7ea112a	elf	ConnectBack