URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	139.199.191.164
Firstseen:	2025-12-25 09:22:04 UTC
Total malware sites :	3
Online malware sites :	3 (100%)
Offline Malware sites :	0 (0%)
Newest active malware site :	2025-12-25 09:22:36 UTC
Oldest active malware site :	2025-12-25 09:22:13 UTC (Age: 1 month, 12 days, 21 hours, 27 minutes)

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2025-12-25 09:22:13	139.199.191.164		Not listed	AS45090 TENCENT-NET-AP	CN	yes

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2025-12-25 09:22:36	http://139.199.191.164:98/%E6%83%85%E7%BC%98%E6...	Online	huntio opendir	BlinkzSec
2025-12-25 09:22:18	http://139.199.191.164:98/%E7%8C%B4%E5%AD%90/%E...	Online	huntio opendir xred	BlinkzSec
2025-12-25 09:22:13	http://139.199.191.164:98/1/%E6%A2%A6%E5%B9%BB%...	Online	huntio opendir	BlinkzSec

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Signature
2026-02-05 06:05:02	060754798d0960c49b43b08dcf01ef8358a9ad152975a4becad76bae8a6ce9c7	exe	XRed
2025-12-25 09:22:36	37a7ba49d9e9ad1131fb4e6bc0bf76c079ff112be0aaed163ddd32d4096dab13	exe
2025-12-25 09:22:18	0ba06445e160dd873f585fe3dd6251c01a1db0a62ed52fbf1468f231d2c56b45	exe
2025-12-25 09:22:12	0ba06445e160dd873f585fe3dd6251c01a1db0a62ed52fbf1468f231d2c56b45	exe