URLhaus Database
Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).
Database Entry
| Host: | sec.xiaoshabi.nl |
|---|---|
| Spamhaus DBL : | Abused domain (malware) |
| SURBL : | Blocked |
| Quad9 : | Blocked |
| AdGuard : | Blocked |
| Cloudflare : | Blocked |
| ProtonDNS : | Blocked |
| OpenBLD : | Blocked |
| DNS4EU : | Not blocked |
| Control D HaGeZi : | Not blocked |
| Firstseen: | 2024-10-27 10:27:04 UTC |
| Total malware sites : | 7 |
| Online malware sites : | 3 (43%) |
| Offline Malware sites : | 4 (57%) |
| Newest active malware site : | 2024-10-27 10:27:06 UTC |
| Oldest active malware site : | 2024-10-27 10:27:06 UTC (Age: 1 year, 7 month, 7 days, 5 hours, 47 minutes) |
| A record(s) observed : | 15 |
IP addresses
The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.
| Firstseen (UTC) | IP address | Hostname | SBL | ASN | Country | Active? |
|---|---|---|---|---|---|---|
| 2025-11-12 11:59:17 | 45.221.99.101 | spk.cloudie.hk | Not listed | AS140869 TGL-AS-AP |  ZA | yes |
| 2025-11-12 07:05:22 | 188.114.96.3 | SBL690066 | AS13335 CLOUDFLARENET | n/a | no | |
| 2025-11-12 07:05:23 | 188.114.97.3 | SBL691350 | AS13335 CLOUDFLARENET | n/a | no | |
| 2025-09-05 20:26:20 | 103.119.13.4 | unknown.itsidc.com | Not listed | AS140869 TGL-AS-AP |  US | no |
| 2025-03-23 12:35:54 | 156.225.81.99 | Not listed | AS140869 TGL-AS-AP |  HK | no | |
| 2024-12-01 09:26:40 | 65.75.209.59 | Not listed | AS50131 SPARTANHOST | US | no | |
| 2024-11-20 09:05:54 | 111.243.73.205 | 111-243-73-205.dynamic-ip.hinet.net | Not listed | AS3462 HINET |  TW | no |
| 2024-11-20 01:56:08 | 111.243.112.21 | 111-243-112-21.dynamic-ip.hinet.net | Not listed | AS3462 HINET | TW | no |
| 2024-11-06 02:41:53 | 111.243.89.152 | 111-243-89-152.dynamic-ip.hinet.net | Not listed | AS3462 HINET | TW | no |
| 2024-11-06 02:00:39 | 1.162.152.138 | 1-162-152-138.dynamic-ip.hinet.net | Not listed | AS3462 HINET | TW | no |
Malware URLs
The table below shows all malware URLs that are associated with this particular host.
| Dateadded (UTC) | URL | Status | Tags | Reporter |
|---|---|---|---|---|
| 2024-10-27 10:28:06 | http://sec.xiaoshabi.nl/javaw2/WinRing0x64.sys | Offline | kinsing  Threatactors |  abus3reports |
| 2024-10-27 10:27:14 | http://sec.xiaoshabi.nl/javaw2/javaw | Offline | kinsing Threatactors | abus3reports |
| 2024-10-27 10:27:06 | http://sec.xiaoshabi.nl/inst.xsl | Offline | kinsing Threatactors | abus3reports |
| 2024-10-27 10:27:06 | http://sec.xiaoshabi.nl/javaw2/net/inst.xsl | Offline | kinsing Threatactors | abus3reports |
| 2024-10-27 10:27:06 | http://sec.xiaoshabi.nl/javaw2/net/net.xsl | Online | kinsing Threatactors | abus3reports |
| 2024-10-27 10:27:06 | http://sec.xiaoshabi.nl/javaw2/inst.ps1 | Online | CoinMiner kinsing Threatactors | abus3reports |
| 2024-10-27 10:27:06 | http://sec.xiaoshabi.nl/javaw2/instance.ps1 | Online | CoinMiner kinsing Threatactors | abus3reports |
The table below shows recent payloads delivery by this host.
| Firstseen (UTC) | SHA256 hash | File type | Bazaar | Signature |
|---|---|---|---|---|
| 2025-08-16 12:40:53 | 2378a7eb839ec9e297bbb7a22c781bfa6b47a680e09db2241b275029dd1171f7 | txt | CoinMiner | |
| 2025-08-14 19:08:44 | 47f8a8746d607f8ed4919c0779fb893cc0d05354a75f81a54179727fc8a5515f | txt | ||
| 2025-08-14 17:44:54 | 5e2a0d90be151558ff3b2b672d93ec4be59562a1c146418833500f3135e1ae31 | txt | CoinMiner | |
| 2024-10-27 10:28:06 | 11bd2c9f9e2397c9a16e0990e4ed2cf0679498fe0fd418a3dfdac60b5c160ee5 | exe | ||
| 2024-10-27 10:27:14 | f6f35b7b590d05a124e84b452e88c6aa1096c507fe9f08f33525138037c95e61 | exe |