URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2025-10-14 18:31:45	104.21.5.141		Not listed	AS13335 CLOUDFLARENET	n/a	yes
2025-10-14 18:31:45	172.67.154.165		Not listed	AS13335 CLOUDFLARENET	n/a	yes
2025-04-28 02:33:50	38.14.223.218		Not listed	AS400619 AROSS-AS	US	no
2023-06-10 14:01:01	156.226.123.39		Not listed	AS135097 MYCLOUD-AS-AP	HK	no
2023-06-01 07:26:32	142.4.119.253		Not listed	AS54600 PEG-SV	US	no
2022-04-16 23:04:41	43.241.18.115		Not listed	AS134771 CHINATELECOM-ZHEJIANG-WENZHOU-IDC	CN	no
2022-03-04 16:28:54	94.23.253.55		Not listed	AS16276 OVH	FR	no
2021-11-30 18:25:17	150.138.219.113		Not listed	AS58540 CHINATELECOM-SHANDONG-JINAN-IDC	CN	no
2022-01-24 15:52:25	113.106.101.124		Not listed	AS4134 CHINANET-BACKBONE	CN	no
2022-01-24 15:35:54	113.106.101.120		Not listed	AS4134 CHINANET-BACKBONE	CN	no

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2021-11-28 20:17:13	http://cdn.riowt.top/Update.exe	Offline	exe	Cryptolaemus1

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2021-12-02 07:39:57	85e15b3eb8e24cb121a4da1a853fd56098881c49ad05a2d60047c241fd76302b	exe
2021-12-02 04:31:44	8717572cb2b24423c781f13c1cd81b0333403977da22d5cff9f434f45005cb37	exe
2021-12-02 01:38:23	371bd341beba563c7efca284d91abb0acdb6b2ed2e41ad2822ef2f79bc6cac79	exe
2021-11-28 20:28:57	7c28b994aeb3a85e37225cc20bae2232f97e23f115c2a409da31f353140c631e	exe