URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	181.223.9.36
Firstseen:	2025-08-23 12:14:05 UTC
Total malware sites :	3
Online malware sites :	1 (33%)
Offline Malware sites :	2 (67%)
Newest active malware site :	2025-08-23 12:14:08 UTC
Oldest active malware site :	2025-08-23 12:14:08 UTC (Age: 3 months, 21 days, 7 hours, 52 minutes)

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2025-08-23 12:14:08	181.223.9.36	b5df0924.virtua.com.br	Not listed	AS28573 Claro_NXT_Telecomunicacoes_Ltda	BR	yes

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2025-08-23 12:14:22	http://181.223.9.36:9000/linux	Offline	Sliver ua-wget	BlinkzSec
2025-08-23 12:14:19	http://181.223.9.36:9000/file.exe	Offline	Sliver ua-wget	BlinkzSec
2025-08-23 12:14:08	http://181.223.9.36:9000/script2	Online	sh Sliver ua-wget	BlinkzSec

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Signature
2025-09-20 16:03:44	9c28f5ed474b49083d5ecc0259d87379101e90ad12f1372b754a115cfe5694a3	exe	Sliver
2025-09-12 03:35:42	a62be453d1c56ee06ffec886288a1a6ce5bf1af7be8554c883af6c1b634764d0	elf
2025-08-24 19:52:29	48368be04445e66954f72073e04dae6f2b71f436c2b128e5158f53ccf6fa9935	sh	Sliver
2025-08-23 12:14:22	cd757c1ef9cc99018ea1ef52e85208264c2f1724470027ceabd2eabde30b7f70	elf	Sliver
2025-08-23 12:14:19	cd3718dc391f982c7843289221ca30666be93007a4e7ba0b9d5a6b69f25cefd7	exe	Sliver
2025-08-23 12:14:07	6bcae8f7016b166affdff426d2269c23feb5fcf5f482ee809976adea3e0f9453	sh	Sliver