URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host: 121.40.127.134
Firstseen:2024-10-05 14:03:04 UTC
Total malware sites :2
Online malware sites :1 (50%)
Offline Malware sites :1 (50%)
Newest active malware site :2024-10-05 14:03:14 UTC
Oldest active malware site :2024-10-05 14:03:14 UTC (Age: 1 year, 7 month, 29 days, 11 hours, 26 minutes)

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)IP addressHostnameSBLASNCountryActive?
2024-10-05 14:03:14 121.40.127.134Not listedAS37963 ALIBABA-CN-NET- CNyes

Malware URLs

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)URLStatusTagsReporter
2025-06-02 04:45:06http://121.40.127.134:6666/02.08.2022.exeOfflinecensys CobaltStrike ext DaveLikesMalwre
2024-10-05 14:03:14http://121.40.127.134:4567/02.08.2022.exeOnlineCobaltStrike ext abus3reports

The table below shows recent payloads delivery by this host.

Firstseen (UTC)SHA256 hashFile typeBazaarSignature
2026-05-27 13:56:5558c6597624fad60cce2a979ec24be690f4b27096132e49a1b850fcea8375d533unknown  
2026-05-27 06:45:573db7d81a6132ce0a98ab86c392d21cbba595f6fd10a6e8d9fa8c434610add016unknown  
2025-10-15 22:50:182b5284e212fd05448dbe1807bb35469ecdbb27de1617b39276a300ad6d9cef98unknown  
2025-08-11 22:52:07003d77b08c35b75da6aa617eaab85dcc0a5e3e502ef0ae04dd5797a5bbd8017aunknown  
2025-06-02 04:45:068f71983af325073ff0e361dffaec07f68d2557a0f61a1d89d92ec68edc24d88cunknown  
2024-10-05 14:03:1398c420047de4227af0ce46cadc37e2a8df9d80db4e5c5461f18574c83d2c162cunknown