URLhaus Database
Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).
Database Entry
| Host: | cat.xiaoshabi.nl |
|---|---|
| Spamhaus DBL : | Abused domain (botnet C&C) |
| SURBL : | Blocked |
| Quad9 : | Blocked |
| AdGuard : | Blocked |
| Cloudflare : | Blocked |
| ProtonDNS : | Blocked |
| OpenBLD : | Blocked |
| DNS4EU : | Not blocked |
| Control D HaGeZi : | Not blocked |
| Firstseen: | 2024-10-27 10:27:04 UTC |
| Total malware sites : | 11 |
| Online malware sites : | 5 (45%) |
| Offline Malware sites : | 6 (55%) |
| Newest active malware site : | 2025-08-16 12:45:13 UTC |
| Oldest active malware site : | 2024-10-27 10:27:06 UTC (Age: 1 year, 7 month, 7 days, 8 hours, 32 minutes) |
| A record(s) observed : | 14 |
IP addresses
The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.
| Firstseen (UTC) | IP address | Hostname | SBL | ASN | Country | Active? |
|---|---|---|---|---|---|---|
| 2025-11-12 10:47:21 | 45.221.99.101 | spk.cloudie.hk | Not listed | AS140869 TGL-AS-AP |  ZA | yes |
| 2025-11-12 06:55:44 | 188.114.96.3 | SBL690066 | AS13335 CLOUDFLARENET | n/a | no | |
| 2025-11-12 06:55:44 | 188.114.97.3 | SBL691350 | AS13335 CLOUDFLARENET | n/a | no | |
| 2025-09-05 20:10:11 | 103.119.13.4 | unknown.itsidc.com | Not listed | AS140869 TGL-AS-AP |  US | no |
| 2025-03-23 14:14:29 | 156.225.81.99 | Not listed | AS140869 TGL-AS-AP |  HK | no | |
| 2024-12-01 08:39:15 | 65.75.209.59 | Not listed | AS50131 SPARTANHOST | US | no | |
| 2024-11-20 09:08:04 | 111.243.73.205 | 111-243-73-205.dynamic-ip.hinet.net | Not listed | AS3462 HINET |  TW | no |
| 2024-11-20 01:58:04 | 111.243.112.21 | 111-243-112-21.dynamic-ip.hinet.net | Not listed | AS3462 HINET | TW | no |
| 2024-11-06 02:56:19 | 111.243.89.152 | 111-243-89-152.dynamic-ip.hinet.net | Not listed | AS3462 HINET | TW | no |
| 2024-11-05 12:21:45 | 111.243.111.27 | 111-243-111-27.dynamic-ip.hinet.net | Not listed | AS3462 HINET | TW | no |
Malware URLs
The table below shows all malware URLs that are associated with this particular host.
The table below shows recent payloads delivery by this host.
| Firstseen (UTC) | SHA256 hash | File type | Bazaar | Signature |
|---|---|---|---|---|
| 2026-05-13 12:34:57 | 33f33aaad09da262eb33c93e4a874bc9b0d643abeaf0947a6e516a89005c8943 | txt | ||
| 2025-11-12 13:19:50 | 70aa17e6f31da093b71ad1b1ed52e21d69aadd48e8cbba250645d356a2300173 | txt | ||
| 2025-11-12 12:44:14 | 03a5c2bd370a7f4eabf99881f9ffa15e95959c47fd719776c72b39a81e4a32b3 | txt | ||
| 2025-11-12 11:54:26 | 0a798aca4c5bc3060332c4b31601d5a87a81667474fd746c96b95f35b624a51e | txt | ||
| 2025-08-16 12:45:13 | f18441a466b80196a75f442895322175d7f46a33abffa71459f1df9eca8daa06 | txt | CoinMiner | |
| 2025-08-15 22:58:08 | ee85d17b221ecb25dd444c07eb912ecd0a669fd5baa028e858d9ba364460b697 | txt | ||
| 2025-08-15 15:58:43 | b1d5dbabbaeb15c42df3dddc2a6c2a714c3b5ac72d59d5b5c254bb720fe43879 | txt | ||
| 2025-08-15 11:06:37 | b21f0054ba28ca4a6b2185bd77736885d353a90ec6f3cd82259e9cff5f68de68 | txt | ||
| 2024-10-27 10:27:12 | 99ddc0c50b140f2ca608125dd7208838564a2ed060156f2dbc89c5bc2e64cdf6 | txt |