URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2026-03-10 15:56:08	85.137.253.58	de-17.hosted-by.shinomiya-hosting.com	Not listed	AS215428 shinomiya	DE	yes

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2026-03-10 15:56:13	http://85.137.253.58:9000/Test.apk	Offline	CoinMiner	juroots
2026-03-10 15:56:09	http://85.137.253.58:9000/svchost.exe	Offline	AsyncRAT	juroots
2026-03-10 15:56:08	http://85.137.253.58:9000/csrss.exe	Offline	njRAT	juroots
2026-03-10 15:56:08	http://85.137.253.58:9000/updater.exe	Offline		juroots
2026-03-10 15:56:08	http://85.137.253.58:9000/XClient.exe	Offline	AsyncRAT	juroots
2026-03-10 15:56:08	http://85.137.253.58:9000/f6l62sJS.exe	Offline		juroots

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2026-03-10 15:56:13	aa56f350882ce63429c6626567487b041f06168bb60f4fc371a262eabadfa660	zip		CoinMiner
2026-03-10 15:56:08	08ea1961754e92d523304e1b5cb0f8eee3df198f46b0f495ad02f335ca885d54	exe		njrat
2026-03-10 15:56:08	4959425cfe2d5c25c90c20fbb0ec8aad78afee7bc7a6d8b70498fff4b63c4d31	exe
2026-03-10 15:56:08	ab698f4886e3adbe6babe8f2a2cd1324a8c06ef68227408af2ce7b1671cf5178	exe		AsyncRAT
2026-03-10 15:56:08	f2ffb420a9c80c6f634453f0daf3891235e68b6849e6519a0b4036cdd85b5cf0	exe
2026-03-10 15:56:08	8f1cd9f9d91183640475d4226a734868375f5b6cc15d8ed861ce711a589e54c7	exe		AsyncRAT