URLhaus Database
Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).
Database Entry
| Host: | mreow.store |
|---|---|
| Domain registrar: | Namecheap  |
| Domain registration date: | 2025-11-06 22:42:43 UTC |
| Abuse complaint sent to registrar: | Yes (2025-11-08 07:58:01 UTC to abuse{at}namecheap[dot]com) |
| Spamhaus DBL : | Botnet C&C domain |
| SURBL : | Not blocked |
| Quad9 : | Status unknown |
| AdGuard : | Not blocked |
| Cloudflare : | Blocked |
| ProtonDNS : | Status unknown |
| OpenBLD : | Blocked |
| DNS4EU : | Not blocked |
| Control D HaGeZi : | Not blocked |
| Firstseen: | 2025-11-08 07:52:04 UTC |
| Total malware sites : | 9 |
| Online malware sites : | 0 (0%) |
| Offline Malware sites : | 9 (100%) |
| A record(s) observed : | 4 |
IP addresses
The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.
| Firstseen (UTC) | IP address | Hostname | SBL | ASN | Country | Active? |
|---|---|---|---|---|---|---|
| 2025-11-10 10:53:34 | 104.131.68.180 | Not listed | AS14061 DIGITALOCEAN-ASN | US | no | |
| 2025-11-10 10:53:34 | 178.62.201.34 | Not listed | AS14061 DIGITALOCEAN-ASN |  NL | no | |
| 2025-11-10 10:53:34 | 45.77.249.79 | 45.77.249.79.vultrusercontent.com | Not listed | AS20473 AS-VULTR |  SG | no |
| 2025-11-08 07:52:08 | 69.5.189.168 | VPS-goHyxAcl | SBL682243 | AS42624 swissnetwork02 |  SC | no |
Malware URLs
The table below shows all malware URLs that are associated with this particular host.
| Dateadded (UTC) | URL | Status | Tags | Reporter |
|---|---|---|---|---|
| 2025-11-08 07:53:05 | http://mreow.store/frost.armv5 | Offline | botnetdomain mirai  Ngioweb |  asyncthecatlol |
| 2025-11-08 07:52:08 | http://mreow.store/frost.mips | Offline | botnetdomain mirai | asyncthecatlol |
| 2025-11-08 07:52:08 | http://mreow.store/frost.armv6 | Offline | botnetdomain mirai Ngioweb | asyncthecatlol |
| 2025-11-08 07:52:08 | http://mreow.store/frost.x86_64 | Offline | botnetdomain mirai | asyncthecatlol |
| 2025-11-08 07:52:08 | http://mreow.store/frost.mipsel | Offline | botnetdomain mirai | asyncthecatlol |
| 2025-11-08 07:52:08 | http://mreow.store/frost.x86 | Offline | botnetdomain mirai | asyncthecatlol |
| 2025-11-08 07:52:08 | http://mreow.store/router-atemi-rep.sh | Offline | botnetdomain mirai Ngioweb | asyncthecatlol |
| 2025-11-08 07:52:08 | http://mreow.store/frost.armv7 | Offline | botnetdomain mirai Ngioweb | asyncthecatlol |
| 2025-11-08 07:52:08 | http://mreow.store/frost.aarch64 | Offline | botnetdomain mirai | asyncthecatlol |
The table below shows recent payloads delivery by this host.
| Firstseen (UTC) | SHA256 hash | File type | Bazaar | Signature |
|---|---|---|---|---|
| 2025-11-08 11:40:05 | e513b052f35bbac9e2678b3197867ee47ec0354c58af44d6c1574633f96de934 | sh | Ngioweb | |
| 2025-11-08 07:53:05 | 966770e3938bb350119a960948a15421d9c6e0944c4d49f5aa631d3bd9fee703 | elf | Ngioweb | |
| 2025-11-08 07:52:08 | e1c3f7b42e3266079e0800de42709d05cd0a509fe179ab6b078a6bb4a19a2407 | sh | Ngioweb | |
| 2025-11-08 07:52:08 | d0ca62e68e235aca958e3877ae7ed505c5667207c95d34907bc806e5ffa0b21b | elf | Ngioweb | |
| 2025-11-08 07:52:08 | 7997eca9041eb31e0264e9273d28e3b672f6f6cb206919ea1167610cfa601f93 | elf | Mirai | |
| 2025-11-08 07:52:07 | 16c193e0951e4649d08312856bba21449eeb11068838c6079d77bf88cb37086f | elf | ||
| 2025-11-08 07:52:07 | f08d8c43beedbc8d45ea133b44dd09e13d80d725846eac7615141dee9064907e | elf | Ngioweb | |
| 2025-11-08 07:52:07 | a85c562d0b13602adfad63635f895ba1fcd8f4780121f7f98febc10fbfba1819 | elf | Mirai | |
| 2025-11-08 07:52:07 | 8758eddd99d34eae170f69fe5c58231a546fef0f56a7e30eefac59ef10ca906b | elf | Mirai | |
| 2025-11-08 07:52:07 | 296d6af5b711aada05ec72d517af8b677c32d4f894fda2934ad5289b7f671619 | elf | Mirai |