URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host: bundle.kpzip.com
Spamhaus DBL :Abused domain (malware)
SURBL :Blocked
Quad9 :Blocked
AdGuard :Not blocked
Cloudflare :Blocked
ProtonDNS :Blocked
OpenBLD :Blocked
DNS4EU :Not blocked
Control D HaGeZi :Not blocked
Firstseen:2019-01-18 17:23:01 UTC
Total malware sites :1
A record(s) observed :123

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)IP addressHostnameSBLASNCountryActive?
2025-06-01 12:25:14 122.188.45.65Not listedAS4837 CHINA169-Backbone- CNyes
2026-05-20 07:46:26 218.24.84.231Not listedAS4837 CHINA169-Backbone- CNyes
2026-05-07 17:50:17 123.148.116.52Not listedAS4837 CHINA169-Backbone- CNno
2025-12-01 22:32:47 59.80.44.245Not listedAS134542 UNICOM-GUIAN- CNno
2025-04-27 16:34:14 61.161.0.182182.0.161.61.adsl-pool.jlccptt.net.cnNot listedAS4837 CHINA169-Backbone- CNno
2025-05-08 18:17:51 39.91.140.90Not listedAS4837 CHINA169-Backbone- CNno
2025-05-07 02:08:37 59.80.47.66Not listedAS134542 UNICOM-GUIAN- CNno
2025-04-27 16:34:14 60.25.93.78no-dataNot listedAS4837 CHINA169-Backbone- CNno
2019-07-23 15:16:02 1.31.130.139Not listedAS4837 CHINA169-Backbone- CNno
2019-12-11 19:16:50 121.29.54.10Not listedAS4837 CHINA169-Backbone- CNno

Malware URLs

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)URLStatusTagsReporter
2019-01-18 17:23:06http://bundle.kpzip.com/n/tui/ciqinmishi/6/cqms...Onlineexe nitol ext zbetcheckin

The table below shows recent payloads delivery by this host.

Firstseen (UTC)SHA256 hashFile typeBazaarSignature
2019-01-18 17:23:050f4c2554242e9848a9f0c7f101f885e4aaa52ab13122340c6bf50932acc4b6f9exe Nitol