URLhaus Database
Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).
Database Entry
| Host: | atm.rip |
|---|---|
| Spamhaus DBL : | Not blocked |
| SURBL : | Not blocked |
| Quad9 : | Not blocked |
| AdGuard : | Not blocked |
| Cloudflare : | Blocked |
| ProtonDNS : | Blocked |
| OpenBLD : | Blocked |
| DNS4EU : | Blocked |
| Control D HaGeZi : | Not blocked |
| Firstseen: | 2025-08-20 08:35:07 UTC |
| Total malware sites : | 10 |
| Online malware sites : | 0 (0%) |
| Offline Malware sites : | 10 (100%) |
| A record(s) observed : | 2 |
IP addresses
The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.
| Firstseen (UTC) | IP address | Hostname | SBL | ASN | Country | Active? |
|---|---|---|---|---|---|---|
| 2025-08-20 08:35:18 | 104.21.8.15 | Not listed | AS13335 CLOUDFLARENET | n/a | yes | |
| 2025-08-20 08:35:18 | 172.67.156.160 | Not listed | AS13335 CLOUDFLARENET | n/a | yes |
Malware URLs
The table below shows all malware URLs that are associated with this particular host.
| Dateadded (UTC) | URL | Status | Tags | Reporter |
|---|---|---|---|---|
| 2025-08-20 10:23:35 | https://atm.rip/e3111e7e7c524639432ddb72f49ea8e... | Offline | msi Rhadamanthys | Anonymous |
| 2025-08-20 10:23:21 | https://atm.rip/4daf0e47f2e3b51f98e0965428a824c... | Offline | msi Rhadamanthys | Anonymous |
| 2025-08-20 10:23:21 | https://atm.rip/37274433de6bab4d6aadc1e8efcb54e... | Offline | exe | Anonymous |
| 2025-08-20 10:23:17 | https://atm.rip/ec1070de9e6af232f8361aa75b44ab4... | Offline | exe | Anonymous |
| 2025-08-20 10:23:16 | https://atm.rip/6a4b9c571e24d08bfd23d8715370a49... | Offline | exe | Anonymous |
| 2025-08-20 10:23:16 | https://atm.rip/107a8980ade49ca412c2828c3dca7e8... | Offline | exe | Anonymous |
| 2025-08-20 10:23:15 | https://atm.rip/3898a509aed3d2b121dc3f1ed25ec48... | Offline | msi Rhadamanthys | Anonymous |
| 2025-08-20 10:23:13 | https://atm.rip/bc9ef680929e689030ef82f016f5459... | Offline | exe | Anonymous |
| 2025-08-20 10:23:11 | https://atm.rip/0553146fab28aaf84c01fb0559b35e9... | Offline | exe | Anonymous |
| 2025-08-20 08:35:18 | https://atm.rip/75ddcecd61e497005b78ad198c83f85... | Offline | exe GenesisStealer | Anonymous |
The table below shows recent payloads delivery by this host.
| Firstseen (UTC) | SHA256 hash | File type | Bazaar | Signature |
|---|---|---|---|---|
| 2025-08-20 10:23:34 | a846346e7b52c07ee40c9bfddfc00078b0cb891214ebd34b77dcd3532a38c57c | msi | Rhadamanthys | |
| 2025-08-20 10:23:21 | c2aab7f25230b2cac2abeedac1309f1be0701cb6593684886bd0a73182480de1 | msi | Rhadamanthys | |
| 2025-08-20 10:23:15 | 0955b2e9f532c0401c7b12ba899674145e1c6ae2e6fa30cf03b2a636eaacc4fa | msi | Rhadamanthys | |
| 2025-08-20 08:35:18 | 24c0ba6060643f5428f88a293ff4ee911bc1a3cb06e077468b3042b7700537f0 | exe | GenesisStealer |