URLhaus Database
Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).
Database Entry
| Host: | 165.154.125.212 |
|---|---|
| Firstseen: | 2025-10-15 17:23:03 UTC |
| Total malware sites : | 2 |
| Online malware sites : | 1 (50%) |
| Offline Malware sites : | 1 (50%) |
| Newest active malware site : | 2025-11-18 16:34:15 UTC |
| Oldest active malware site : | 2025-11-18 16:34:15 UTC (Age: 14 hours, 41 minutes) |
IP addresses
The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.
| Firstseen (UTC) | IP address | Hostname | SBL | ASN | Country | Active? |
|---|---|---|---|---|---|---|
| 2025-10-15 17:23:31 | 165.154.125.212 | SBL655843 | AS135377 UCLOUD-HK-AS-AP |  HK | yes |
Malware URLs
The table below shows all malware URLs that are associated with this particular host.
| Dateadded (UTC) | URL | Status | Tags | Reporter |
|---|---|---|---|---|
| 2025-11-18 16:34:15 | http://165.154.125.212:8080/02.08.2022.exe | Online | censys CobaltStrike  |  DaveLikesMalwre |
| 2025-10-15 17:23:31 | http://165.154.125.212:445/02.08.2022.exe | Offline | censys CobaltStrike | DaveLikesMalwre |
The table below shows recent payloads delivery by this host.
| Firstseen (UTC) | SHA256 hash | File type | Bazaar | Signature |
|---|---|---|---|---|
| 2025-11-18 16:34:14 | 5b48b14f8f1726f9def50f7f9dc6468592464280fab0868b87f7143ae3c881b0 | unknown | ||
| 2025-10-21 11:28:03 | 4723a201ecd411e08057b34cfd0d00a57f01210d216af5fd454fef2477e4d3cf | unknown | ||
| 2025-10-20 16:47:04 | 978d42ecc9a2c3f9f90e522670847d547af8e1db3cb0ee496f7ca45b69309f47 | unknown | ||
| 2025-10-16 00:06:07 | 84fca2e6f8e5480c26e7abee0e9d7aa081e4ccc1519aa4b8cc68ec33ed0f6c5d | unknown |