URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	kronicxleopard.win
Domain registrar:	Cloudflare
Domain registration date:	2025-11-25 00:09:33 UTC
Spamhaus DBL :	Abused domain (malware)
SURBL :	Not blocked
Quad9 :	Blocked
AdGuard :	Not blocked
Cloudflare :	Not blocked
ProtonDNS :	Blocked
OpenBLD :	Blocked
DNS4EU :	Blocked
Control D HaGeZi :	Blocked
Firstseen:	2025-12-11 00:09:06 UTC
Total malware sites :	16
Online malware sites :	0 (0%)
Offline Malware sites :	16 (100%)
A record(s) observed :	4

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2025-12-12 03:23:44	41.216.189.156		Not listed	AS211138 PRIVATEHOSTING-NET	DE	yes
2025-12-11 00:09:10	41.216.189.159		Not listed	AS211138 PRIVATEHOSTING-NET	DE	no
2025-12-12 03:12:36	104.21.23.128		Not listed	AS13335 CLOUDFLARENET	n/a	no
2025-12-12 03:12:36	172.67.211.71		Not listed	AS13335 CLOUDFLARENET	n/a	no

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2025-12-11 00:25:14	http://kronicxleopard.win/bins/Labelloperc80.arm5	Offline	botnetdomain mirai opendir	DaveLikesMalwre
2025-12-11 00:25:13	http://kronicxleopard.win/bins/Labelloperc80.ppc	Offline	botnetdomain mirai opendir	DaveLikesMalwre
2025-12-11 00:25:13	http://kronicxleopard.win/bins/Labelloperc80.arm	Offline	botnetdomain mirai opendir	DaveLikesMalwre
2025-12-11 00:25:12	http://kronicxleopard.win/bins/Labelloperc80.spc	Offline	botnetdomain mirai opendir	DaveLikesMalwre
2025-12-11 00:25:12	http://kronicxleopard.win/bins/Labelloperc80.i686	Offline	botnetdomain mirai opendir	DaveLikesMalwre
2025-12-11 00:09:17	http://kronicxleopard.win/1.sh	Offline	botnetdomain mirai opendir	DaveLikesMalwre
2025-12-11 00:09:17	http://kronicxleopard.win/bins/Labelloperc80.mips	Offline	botnetdomain mirai opendir	DaveLikesMalwre
2025-12-11 00:09:13	http://kronicxleopard.win/bins/Labelloperc80.sh4	Offline	botnetdomain mirai opendir	DaveLikesMalwre
2025-12-11 00:09:10	http://kronicxleopard.win/bins/Labelloperc80.x86	Offline	botnetdomain mirai opendir	DaveLikesMalwre
2025-12-11 00:09:10	http://kronicxleopard.win/bins/Labelloperc80.arm7	Offline	botnetdomain mirai opendir	DaveLikesMalwre
2025-12-11 00:09:10	http://kronicxleopard.win/bins/Labelloperc80.m68k	Offline	botnetdomain mirai opendir	DaveLikesMalwre
2025-12-11 00:09:10	http://kronicxleopard.win/bins/Labelloperc80.mpsl	Offline	botnetdomain mirai opendir	DaveLikesMalwre
2025-12-11 00:09:10	http://kronicxleopard.win/bins/Labelloperc80.arc	Offline	botnetdomain mirai opendir	DaveLikesMalwre
2025-12-11 00:09:10	http://kronicxleopard.win/bins/Labelloperc80.arm6	Offline	botnetdomain mirai opendir	DaveLikesMalwre
2025-12-11 00:09:10	http://kronicxleopard.win/bins/Labelloperc80.x8...	Offline	botnetdomain mirai opendir	DaveLikesMalwre
2025-12-11 00:09:10	http://kronicxleopard.win/bins/debug	Offline	botnetdomain mirai opendir	DaveLikesMalwre

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2025-12-28 00:54:44	bfb04c46cee4523982d19d0a47be747fb4988dfb41c8bf332895cb5c9e794a2b	sh		Mirai
2025-12-12 05:58:39	00a1aa6c3fa89b463361ea87cf05a93a1ae101ffec1643d9d1c0d71f92da7134	sh		Mirai
2025-12-11 00:25:13	e89efbbf11161b974c87724f649921e6c7a883f967cb96fc21ecb8530aa5832c	elf		Mirai
2025-12-11 00:25:12	53ec40805ac9f295e59feb1be2ec23feeb3cb5482edba12cd3a731655b45c5d1	elf		Mirai
2025-12-11 00:25:12	2b6a81fee8092f828d219737cc8c8c2c343bad0a3c57bded03b8b0747c7e965f	elf		Mirai
2025-12-11 00:25:12	e7fc58702e5d3c20e362541f7b42d0e70c5cda840b33b358bee32d0aac623e17	elf		Mirai
2025-12-11 00:25:12	df7d333afd2610426cf8a273976eea8c200acf87ddc9589eca2a945d77335bef	elf		Mirai
2025-12-11 00:09:17	886635513c57cbfd93b2a3fc7e2ab13ed5cdd1c3057aa2d09e29a5c0f89c7446	sh		Mirai
2025-12-11 00:09:17	b9d3b71c76e6817123d63ca9a144e63d9046cdcab4fb303bdafda3ef9285229d	elf		Mirai
2025-12-11 00:09:13	c8e78b47bea8e92afdf0c5915e0e879dfbfa948609292b5c98f970589d3e57ad	elf		Mirai
2025-12-11 00:09:10	627fd3dca685867a5c213225131ffe06ee2cfbb07adb305ca648fa994e8c9ebf	elf		Mirai
2025-12-11 00:09:10	7676841f8e7626e986a9c57496d26540e1b129c48ce73249127bbf1ef38e1b67	elf		Mirai
2025-12-11 00:09:10	23b2e1766934aa79bd8980e7bab4b7b5b3951a3384e06231dd70534d9c64bf07	elf		Mirai
2025-12-11 00:09:10	d3e66628e921e3740a78c8112484767e0450d6b5581a526a5a08a4b00f122b11	elf		Mirai
2025-12-11 00:09:10	258a424c4ecd010eb0057cd1f63203d2196e48ad9fcfb50b17c232c34915bd32	elf		Mirai
2025-12-11 00:09:10	f9a480310942ffb850aa7ada066444b580352da1b0e94a0975ca596bdfd90ebb	elf		Mirai
2025-12-11 00:09:10	b1e74339f6432874ce49cf0533a98090ab37f52122da418019152d5e8d7a5b6b	elf		Mirai
2025-12-11 00:09:09	1a6d76a78bfaf4d04fab8fb25c42a0ff9999bf908fc28f03dc6623b5c47e007c	elf		Mirai