URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	165.154.184.75
Firstseen:	2024-12-01 12:04:04 UTC
Total malware sites :	20
Online malware sites :	9 (45%)
Offline Malware sites :	11 (55%)
Newest active malware site :	2025-03-01 08:58:47 UTC
Oldest active malware site :	2024-12-02 12:07:10 UTC (Age: 1 year, 6 month, 1 days, 10 hours, 53 minutes)

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2024-12-01 12:04:06	165.154.184.75		SBL627126	AS135377 UCLOUD-HK-AS-AP	TH	yes

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2025-03-01 08:58:47	http://165.154.184.75/NEW/plugin2.plg	Online	opendir	skocherhan
2025-03-01 08:58:29	http://165.154.184.75/NEW/plugin2.dll	Online	opendir	skocherhan
2025-03-01 08:58:29	http://165.154.184.75/NEW/plugin1.plg	Online	opendir	skocherhan
2025-03-01 08:58:19	http://165.154.184.75/NEW/plugin3.plg	Online	opendir	skocherhan
2025-03-01 08:58:18	http://165.154.184.75/NEW/plugin1.dll	Online	opendir	skocherhan
2025-03-01 08:58:07	http://165.154.184.75/NEW/plugin3.dll	Online	opendir	skocherhan
2024-12-10 09:18:11	http://165.154.184.75/node/AutoHotkeyU64.exe	Offline	opendir	abus3reports
2024-12-10 09:18:09	http://165.154.184.75/node/Setup.exe	Offline	opendir	abus3reports
2024-12-10 09:18:07	http://165.154.184.75/node/Screenshot_4.jpg	Offline	opendir	abus3reports
2024-12-10 09:18:05	http://165.154.184.75/node/Setup.ahk	Offline	opendir	abus3reports
2024-12-10 09:18:05	http://165.154.184.75/node/AutoHotkeyU64.ahk	Offline	opendir	abus3reports
2024-12-02 12:07:33	http://165.154.184.75/m2/plugin2.dll	Online		lontze7
2024-12-02 12:07:32	http://165.154.184.75/m2/plugin1.dll	Online		lontze7
2024-12-02 12:07:31	http://165.154.184.75/plugin1.dll	Offline		lontze7
2024-12-02 12:07:28	http://165.154.184.75/plugin2.dll	Offline		lontze7
2024-12-02 12:07:10	http://165.154.184.75/plugin3.dll	Offline		lontze7
2024-12-02 12:07:10	http://165.154.184.75/m2/plugin3.dll	Online		lontze7
2024-12-01 12:04:13	http://165.154.184.75/aaaaaa.zip	Offline	ua-wget XenArmor zip	BlinkzSec
2024-12-01 12:04:08	http://165.154.184.75/get.zip	Offline	ua-wget zip	BlinkzSec
2024-12-01 12:04:06	http://165.154.184.75/SearchUII.exe	Offline	exe njRAT ua-wget	BlinkzSec

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Signature
2025-12-31 01:49:13	09c63a35f9e12852820af209aab304b046d87c416a79820dfbc6cea4f7c72111	unknown
2025-12-31 01:39:56	2a295f35df7a8451da3f91ce5a0c762f08fb0da11e9c3ae7885e694043e3db40	unknown
2025-12-31 00:09:00	7769dd7ee751fc93f926b69a744c5bbb866406072b474f4027726f6c03ceaa42	unknown
2025-05-30 12:42:57	10efc95a14fd7f4ceb0f699922d978b2417d0911dfe395128674cc754647bbd3	unknown
2025-05-17 00:54:02	3d2a6b577b2dcfeae8462862889d385559645b2ebec80eddab5e1a0ed4d6677d	unknown
2025-05-09 09:05:16	8cbfc4e77a04cc17aa975ad7c180f28b9a9f2bac9998df990258b659b4c3dea7	unknown
2025-03-25 02:13:10	1d74e0d1befa5f9b11ce881798c5e66a4d18c7dff934b7b33a6aed901aac8664	unknown
2025-03-01 08:58:47	4c5f52ebbc377c051322d5d2cd24eaa377787f94bbbd33323486124684ab5ada	unknown
2025-03-01 08:58:29	e1416635514d74ec8b143b256386dd442c77386b3162fe5fe141319eda99dabb	unknown
2025-03-01 08:58:29	fd9a98108e73d5315dc22c4354d958c587c29d7dcb24d14148965e285503f9ec	unknown
2025-03-01 08:58:19	89f5916b856731f13a6867ea9099a90154a4edd13e57b82ad1d450cebd973c13	unknown
2025-03-01 08:58:18	dffa09f3948de1576fb7e2d3a8f0c88f17b73011b8f7c1714a4d9cfaf116cb32	unknown
2025-03-01 08:58:07	b73c616f4c83334dacc96e4d54c9ce6544f7c4f677515ee306ad0cb5acc8093f	unknown
2024-12-10 09:18:11	effdea83c6b7a1dc2ce9e9d40e91dfd59bed9fcbd580903423648b7ca97d9696	exe
2024-12-10 09:18:09	effdea83c6b7a1dc2ce9e9d40e91dfd59bed9fcbd580903423648b7ca97d9696	exe
2024-12-02 12:07:33	e1416635514d74ec8b143b256386dd442c77386b3162fe5fe141319eda99dabb	unknown
2024-12-02 12:07:32	dffa09f3948de1576fb7e2d3a8f0c88f17b73011b8f7c1714a4d9cfaf116cb32	unknown
2024-12-02 12:07:31	dffa09f3948de1576fb7e2d3a8f0c88f17b73011b8f7c1714a4d9cfaf116cb32	unknown
2024-12-02 12:07:28	e1416635514d74ec8b143b256386dd442c77386b3162fe5fe141319eda99dabb	unknown
2024-12-02 12:07:10	b73c616f4c83334dacc96e4d54c9ce6544f7c4f677515ee306ad0cb5acc8093f	unknown
2024-12-02 12:07:10	b73c616f4c83334dacc96e4d54c9ce6544f7c4f677515ee306ad0cb5acc8093f	unknown
2024-12-01 12:04:13	3bfd2e503020274ee74f3d2015317fd549acc64eb760afa07c0bac637a3110dd	zip	XenArmor
2024-12-01 12:04:08	b3afe2321e65af26715ba0f538f790e768f2bdf486cf849af4e15e3a19979efa	zip
2024-12-01 12:04:06	ff4bc7221036ee331d8b913f12aec34493c11b6c2655dc15cf4281a6306126ab	exe	njrat