URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	221.158.86.16
Firstseen:	2024-06-08 08:00:09 UTC
Total malware sites :	5
Online malware sites :	0 (0%)
Offline Malware sites :	5 (100%)

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2024-06-08 08:00:25	221.158.86.16		Not listed	AS4766 KIXS-AS-KR	KR	yes

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2024-06-26 08:00:21	http://221.158.86.16:1189/svchcst.exe	Offline	Gh0stRAT	misa11n
2024-06-23 08:00:17	http://221.158.86.16:7762/svchost.exe	Offline	Gh0stRAT	misa11n
2024-06-18 08:00:17	http://221.158.86.16:2266/AV520.exe	Offline	Gh0stRAT	misa11n
2024-06-13 08:00:28	http://221.158.86.16:7744/svchvst.exe	Offline	Gh0stRAT	misa11n
2024-06-08 08:00:25	http://221.158.86.16:4466/svchost.exe	Offline	Gh0stRAT	misa11n

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Signature
2024-06-26 08:00:21	0e4db144b872080e865f2ce5d7dc2edeb47eb304d109c3f16c82c04ce626644f	exe	Gh0stRAT
2024-06-23 08:00:17	0e4db144b872080e865f2ce5d7dc2edeb47eb304d109c3f16c82c04ce626644f	exe	Gh0stRAT
2024-06-18 08:00:17	0e4db144b872080e865f2ce5d7dc2edeb47eb304d109c3f16c82c04ce626644f	exe	Gh0stRAT
2024-06-13 08:00:28	fc35c926288af736d9772f5a014d3cb703899feb7b5f7613d671381c1dfe9c50	exe	Gh0stRAT
2024-06-08 08:00:22	fc35c926288af736d9772f5a014d3cb703899feb7b5f7613d671381c1dfe9c50	exe	Gh0stRAT