URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	168.121.168.84
Firstseen:	2025-10-04 04:20:19 UTC
Total malware sites :	14
Online malware sites :	11 (79%)
Offline Malware sites :	3 (21%)
Newest active malware site :	2025-10-04 05:11:26 UTC
Oldest active malware site :	2025-10-04 04:20:22 UTC (Age: 7 months, 26 days, 19 hours, 11 minutes)

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2025-10-04 04:20:22	168.121.168.84		Not listed	AS52545 BJ_NET_Provedor_de_Internet_Ltda._-_ME	BR	yes

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2025-10-04 05:11:26	http://168.121.168.84:8081/info.zip	Online	CoinMiner zip	Riordz
2025-10-04 05:08:17	http://168.121.168.84:8081/Photo.scr	Online	CoinMiner	Riordz
2025-10-04 05:06:02	http://168.121.168.84:8081/Photo.lnk	Online	CoinMiner	Riordz
2025-10-04 05:05:09	http://168.121.168.84:8081/AV.lnk	Online	CoinMiner	Riordz
2025-10-04 04:59:10	http://168.121.168.84/Photo.scr	Offline	CoinMiner	Riordz
2025-10-04 04:51:11	http://168.121.168.84/AV.scr	Offline	CoinMiner	Riordz
2025-10-04 04:46:49	http://168.121.168.84:8081/Video.lnk	Online	CoinMiner	Riordz
2025-10-04 04:44:20	http://168.121.168.84/Video.scr	Online	CoinMiner	Riordz
2025-10-04 04:37:11	http://168.121.168.84:8081/AV.scr	Offline	CoinMiner	Riordz
2025-10-04 04:35:37	http://168.121.168.84:8081/Video.scr	Online	CoinMiner	Riordz
2025-10-04 04:34:26	http://168.121.168.84/info.zip	Online	CoinMiner zip	Riordz
2025-10-04 04:27:04	http://168.121.168.84/Video.lnk	Online	CoinMiner	Riordz
2025-10-04 04:22:16	http://168.121.168.84/AV.lnk	Online	CoinMiner	Riordz
2025-10-04 04:20:22	http://168.121.168.84/Photo.lnk	Online	CoinMiner	Riordz

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Signature
2026-05-28 08:23:28	5d9fe2735d4399d98e6e6a792b1feb26d6f2d9a5d77944ecacb4b4837e5e5fca	exe	CoinMiner
2026-05-28 02:01:16	5d9fe2735d4399d98e6e6a792b1feb26d6f2d9a5d77944ecacb4b4837e5e5fca	exe	CoinMiner
2026-05-28 01:58:22	5d9fe2735d4399d98e6e6a792b1feb26d6f2d9a5d77944ecacb4b4837e5e5fca	exe	CoinMiner
2026-05-28 01:57:12	5d9fe2735d4399d98e6e6a792b1feb26d6f2d9a5d77944ecacb4b4837e5e5fca	exe	CoinMiner
2025-10-04 05:11:26	b914abc696286a639a847d2e3a4a36ff682f30a87b08c4ffc61f2e0cf5e7ec5f	zip
2025-10-04 05:08:17	807126cbae47c03c99590d081b82d5761e0b9c57a92736fc8516cf41bc564a7d	exe	CoinMiner
2025-10-04 05:06:02	00401651af3194ede5157004b6dbe1edf836a94ca182221f2c034201fe55e4dc	lnk
2025-10-04 05:05:09	00401651af3194ede5157004b6dbe1edf836a94ca182221f2c034201fe55e4dc	lnk
2025-10-04 04:59:10	807126cbae47c03c99590d081b82d5761e0b9c57a92736fc8516cf41bc564a7d	exe	CoinMiner
2025-10-04 04:51:11	af94ddf7c35b9d9f016a5a4b232b43e071d59c6beb1560ba76df20df7b49ca4c	exe	CoinMiner
2025-10-04 04:46:48	00401651af3194ede5157004b6dbe1edf836a94ca182221f2c034201fe55e4dc	lnk
2025-10-04 04:44:20	af94ddf7c35b9d9f016a5a4b232b43e071d59c6beb1560ba76df20df7b49ca4c	exe	CoinMiner
2025-10-04 04:37:11	af94ddf7c35b9d9f016a5a4b232b43e071d59c6beb1560ba76df20df7b49ca4c	exe	CoinMiner
2025-10-04 04:35:37	af94ddf7c35b9d9f016a5a4b232b43e071d59c6beb1560ba76df20df7b49ca4c	exe	CoinMiner
2025-10-04 04:34:26	b914abc696286a639a847d2e3a4a36ff682f30a87b08c4ffc61f2e0cf5e7ec5f	zip
2025-10-04 04:27:04	00401651af3194ede5157004b6dbe1edf836a94ca182221f2c034201fe55e4dc	lnk
2025-10-04 04:22:16	00401651af3194ede5157004b6dbe1edf836a94ca182221f2c034201fe55e4dc	lnk
2025-10-04 04:20:21	00401651af3194ede5157004b6dbe1edf836a94ca182221f2c034201fe55e4dc	lnk