URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host: 124.220.6.158
Firstseen:2024-09-15 17:22:03 UTC
Total malware sites :2
Online malware sites :2 (100%)
Offline Malware sites :0 (0%)
Newest active malware site :2024-09-15 17:22:11 UTC
Oldest active malware site :2024-09-15 17:22:11 UTC (Age: 1 year, 8 month, 19 days, 12 hours, 46 minutes)

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)IP addressHostnameSBLASNCountryActive?
2024-09-15 17:22:11 124.220.6.158Not listedAS45090 TENCENT-NET-AP- CNyes

Malware URLs

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)URLStatusTagsReporter
2024-09-15 17:22:11http://124.220.6.158/02.08.2022.exeOnlineCobaltStrike ext shellcode NDA0E
2024-09-15 17:22:11https://124.220.6.158/02.08.2022.exeOnlineCobaltStrike ext shellcode NDA0E

The table below shows recent payloads delivery by this host.

Firstseen (UTC)SHA256 hashFile typeBazaarSignature
2026-05-13 17:33:46e2afe3328493084a572093a4dbe855c7c3ebc098b0a6a80af124ded97bab4b85unknown  
2026-05-13 05:54:214181039ed8fdbe91dd2ce43dc3be3bb13cb140e77f94d6d8515d67db7d460cabunknown  
2024-10-11 03:21:17c5ca8b7bbd820965220a4d146b2305e5a79430e4416db7e1a64a11d5a3a4e29eunknown  
2024-09-15 17:22:11c475da556dfa17f86f6042c3dfc09a0ae3531065569df5da71545eff59c6c86cunknown 
2024-09-15 17:22:1159bae9be7a2733552c1cb99e2a8a00367221bc7ce28ef8d1358ef96472e9f97cunknown