URLhaus Database
Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).
Database Entry
| Host: | 45.90.216.164 |
|---|---|
| Firstseen: | 2025-12-10 15:30:05 UTC |
| Total malware sites : | 9 |
| Online malware sites : | 0 (0%) |
| Offline Malware sites : | 9 (100%) |
IP addresses
The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.
| Firstseen (UTC) | IP address | Hostname | SBL | ASN | Country | Active? |
|---|---|---|---|---|---|---|
| 2025-12-10 15:30:22 | 45.90.216.164 | vm3391128.firstbyte.club | Not listed | AS205090 FIRST-SERVER-EUROPE |  RU | yes |
Malware URLs
The table below shows all malware URLs that are associated with this particular host.
| Dateadded (UTC) | URL | Status | Tags | Reporter |
|---|---|---|---|---|
| 2025-12-10 15:31:13 | http://45.90.216.164/bot/bot.bin.enc | Offline | huntio opendir |  Riordz |
| 2025-12-10 15:31:13 | http://45.90.216.164/bot/steal.bin.enc | Offline | huntio opendir | Riordz |
| 2025-12-10 15:31:12 | http://45.90.216.164/bot/bot.exe | Offline | huntio opendir | Riordz |
| 2025-12-10 15:31:12 | http://45.90.216.164/bot/radmin.bin.enc | Offline | huntio opendir | Riordz |
| 2025-12-10 15:30:30 | http://45.90.216.164/bot/miner/RuntimeBroker.exe | Offline | CoinMiner huntio opendir | Riordz |
| 2025-12-10 15:30:29 | http://45.90.216.164/bot/miner/RuntimeBrokerr.exe | Offline | CoinMiner huntio opendir | Riordz |
| 2025-12-10 15:30:23 | http://45.90.216.164/bot/info.bin.enc | Offline | huntio opendir | Riordz |
| 2025-12-10 15:30:23 | http://45.90.216.164/bot/inf.bin.enc | Offline | huntio opendir | Riordz |
| 2025-12-10 15:30:22 | http://45.90.216.164/bot/net_inf.bin.enc | Offline | huntio opendir | Riordz |
The table below shows recent payloads delivery by this host.
| Firstseen (UTC) | SHA256 hash | File type | Bazaar | Signature |
|---|---|---|---|---|
| 2025-12-10 15:31:13 | d114be2fac3246f1d403c6e9e278b2395e3e6d3b61665e6ba06aa3f463a09502 | unknown | ||
| 2025-12-10 15:31:12 | f36e368242cbaa100769cadb51b6509a7e25cc34830b5da5dc79c5f7a95ece97 | exe | ||
| 2025-12-10 15:31:12 | 5f14fd1a78f519bfaecefdc0f3e253c2f20a6b34d4a39b2b2ec2d13b3fdd682a | unknown | ||
| 2025-12-10 15:31:12 | 70bc3a2cce96bece7634d3616601793e0ece1531ceb0bf20cf41b89d9c94b677 | unknown | ||
| 2025-12-10 15:30:30 | f29d673b032f7ff763dec032aefd6c5759a1583b211625f7f770017bedf03689 | exe | CoinMiner | |
| 2025-12-10 15:30:29 | f29d673b032f7ff763dec032aefd6c5759a1583b211625f7f770017bedf03689 | exe | CoinMiner | |
| 2025-12-10 15:30:22 | 19020efa6cc8121d5bb2d8f82154ed7be0d7b048dccfba8df5a8a708f2f46134 | unknown | ||
| 2025-12-10 15:30:22 | 17e5a14d9a88d51f035769fc673bd1f73913f7b092be9400f7385df50ec848c5 | unknown | ||
| 2025-12-10 15:30:21 | 9b03d1fdbd7869a1057836b7281c59d680118cb54a8d03cc3deedadc4ef0231c | unknown |