URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	152.136.159.25
Firstseen:	2024-08-04 18:52:04 UTC
Total malware sites :	16
Online malware sites :	0 (0%)
Offline Malware sites :	16 (100%)

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2024-08-04 18:52:09	152.136.159.25		Not listed	AS45090 TENCENT-NET-AP	CN	yes

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2026-01-21 17:14:08	http://152.136.159.25/02.08.2022.exe	Offline	censys CobaltStrike	DaveLikesMalwre
2025-10-06 17:04:09	http://152.136.159.25:6666/02.08.2022.exe	Offline	censys CobaltStrike	DaveLikesMalwre
2025-10-03 17:29:11	http://152.136.159.25:7777/02.08.2022.exe	Offline	censys CobaltStrike	DaveLikesMalwre
2025-01-30 00:17:07	http://152.136.159.25:4455/02.08.2022.exe	Offline	censys CobaltStrike shellcode	DaveLikesMalwre
2024-08-04 18:52:09	http://152.136.159.25:8081/shell.txt	Offline	c2 opendir	abus3reports
2024-08-04 18:52:09	http://152.136.159.25:8081/123.txt	Offline	c2 opendir	abus3reports
2024-08-04 18:52:09	http://152.136.159.25:8081/apc.jpg	Offline	c2 opendir	abus3reports
2024-08-04 18:52:09	http://152.136.159.25:8081/222.txt	Offline	c2 opendir	abus3reports
2024-08-04 18:52:09	http://152.136.159.25:8081/update.txt	Offline	c2 opendir	abus3reports
2024-08-04 18:52:09	http://152.136.159.25:8081/demo.exe	Offline	c2 Cobalt strike opendir	abus3reports
2024-08-04 18:52:09	http://152.136.159.25:8081/abc.jpg	Offline	c2 opendir	abus3reports
2024-08-04 18:52:09	http://152.136.159.25:8081/RingQ.exe	Offline	c2 opendir	abus3reports
2024-08-04 18:52:09	http://152.136.159.25:8081/main.txt	Offline	c2 opendir	abus3reports
2024-08-04 18:52:09	http://152.136.159.25:8081/temp.txt	Offline	c2 opendir	abus3reports
2024-08-04 18:52:09	http://152.136.159.25:8081/shell.war	Offline	c2 opendir	abus3reports
2024-08-04 18:52:09	http://152.136.159.25:8081/portmap	Offline	c2 opendir	abus3reports

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Signature
2026-01-21 17:14:08	1ab8154d68897b6f3668428554c4b967587e189533218bc166247bd2e4d61b82	unknown
2025-10-06 17:04:09	e365e16bac6ed94cb56d3aecf8f883b313326fc6e23ce7ca061af2b08e6893dd	unknown
2025-10-03 17:29:11	c229af05db5ec53f92b0ea63fa50ba38ccde0445ac7f6c5e108cc1715de9f55c	unknown
2025-09-15 10:11:41	d76dcacb338ecb06a25701f7743ef4351f8b28ce54bd8ee9733166f0f73631bb	unknown
2025-09-13 07:48:27	3faf1cd6332f63fdf53c2757fb6c7aa565a84003f5339cdc70afabf51b8fff8c	unknown
2025-07-25 22:53:39	da3fd541e11c50e95d301e0a1623c0a24e2c8ccb8a89285b1c449a61e90cdc68	unknown
2025-07-24 13:24:30	5d16bafe8ec06b7ad5b2e5893fb5b766b8a79f4a134a446ea5d5d25094300f81	unknown
2025-07-22 16:22:22	31ab043bd36f39780bbd86c504d4c105996c93f33e7509d678b905ef78640530	unknown
2025-07-22 11:21:54	079ee04ab2c30eb51b24c9ef2a479f97a0fe260af79b6583f9776ccd635958d9	unknown
2025-07-22 05:21:42	8b7b91b621d744f02b72513bd690ea193b77df8202028a807b8c0438f0e5bb1d	unknown
2025-07-06 19:27:53	5d14001737d4b5e8f85559d87d33ba5d9d24afc3d1ff6cd46d558b7f5f943121	unknown
2025-04-10 13:15:21	a491f1d53159a851d2c5d7105411a545a946c756861317fdd3c245cd945468ae	unknown
2025-03-24 15:32:28	a59188f89cd7d34b34f79126ffd73bf5b9da6ff178d3e53f28beb92d481afdab	unknown
2025-03-07 01:15:24	fb0dde98b76c7bfd5213d050953557b71c000f96990e28186a6cf329bc3eba15	unknown
2025-02-14 05:08:58	74b5f4bc4bc0072bde933fa6e5290a81b41b9688e6a617f29d9a51d868902c2b	unknown
2025-01-30 00:17:07	ff3c445bfa018a040cf58803f8e51ba41e877cc96c4477cbf9e3d48f08ba78ca	unknown
2024-08-04 18:52:07	c8009295795a41ddf450d7e6fd947d17f0a344aedb28cb1f1d00d5b28d225acd	exe	Cobalt Strike
2024-08-04 18:52:07	9f3ff0d556c1dddca6a8b1f9c9a9b3b51b9eb1f56c350981454d4a6cabc6ac40	unknown
2024-08-04 18:52:07	c5004bdf7845cddf0075a993b6f8ea8103c6d8fc76ccedc973e2a2bbf465bf9c	exe
2024-08-04 18:52:05	3f5d9290e79763476f08b0e536a9670740ec2a134b31695a523d4e6b5864a07b	elf
2024-08-04 18:52:05	133ee2336014b8997b2bca2999c61346f3d249177f187bade1316d11e2c45cc5	unknown
2024-08-04 18:52:05	5eafd13b7b30f559fa12bcc34faa8e1f46a775ea4f2f5252ca914f05ce980306	unknown