URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	theipgenerators.com
Domain registrar:	1&1 IONOS
Domain registration date:	2025-05-07 04:26:42 UTC
Abuse complaint sent to registrar:	Yes (2025-05-12 06:31:02 UTC to abuse{at}ionos[dot]com)
Domain registry:	VeriSign Global Registry Services
Abuse complaint sent to registry:	Yes (2025-05-12 06:31:02 UTC to info{at}verisign-grs[dot]com)
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Not blocked
AdGuard :	Not blocked
Cloudflare :	Not blocked
ProtonDNS :	Not blocked
OpenBLD :	Blocked
DNS4EU :	Blocked
Control D HaGeZi :	Not blocked
Firstseen:	2018-05-09 15:50:01 UTC
Total malware sites :	17
Online malware sites :	0 (0%)
Offline Malware sites :	17 (100%)
A record(s) observed :	4

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2025-05-07 06:22:06	217.154.201.107	ip217.154.201-107.pbiaas.com	Not listed	AS8560 IONOS-AS	DE	yes
2019-11-08 11:37:04	74.220.199.6	parking.bluehost.com	Not listed	AS46606 UNIFIEDLAYER-AS-1	US	no
2019-01-25 01:23:53	162.241.235.118	server.kimo002.com	Not listed	AS19871 NETWORK-SOLUTIONS-HOSTING	US	no
2018-05-09 15:50:45	162.241.234.99	server.gad33.org	Not listed	AS19871 NETWORK-SOLUTIONS-HOSTING	US	no

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2025-06-24 12:50:05	https://theipgenerators.com/uploads/uptownwealt...	Offline	rev-base64-loader xworm	abuse_ch
2025-05-26 15:20:11	https://theipgenerators.com/uploads/onedrives.jpg	Offline	rat RemcosRAT rev-base64-loader	abuse_ch
2025-05-23 05:53:11	https://theipgenerators.com/uploads/onedriverse...	Offline	rat RemcosRAT rev-base64-loader	abuse_ch
2025-05-12 06:28:08	https://theipgenerators.com/uploads/onlineboss.txt	Offline	ascii AsyncRAT Encoded rev-base64-loader xworm	abuse_ch
2018-05-23 06:08:29	http://theipgenerators.com/svchost.exe	Offline	HawkEye RemcosRAT	JAMESWT_MHT
2018-05-23 06:07:42	http://theipgenerators.com/Adobe.exe	Offline		JAMESWT_MHT
2018-05-22 21:17:45	http://theipgenerators.com/smss.exe	Offline		JayTHL
2018-05-22 21:16:36	http://theipgenerators.com/winlogonn.exe	Offline	NetWire	JayTHL
2018-05-22 21:16:21	http://theipgenerators.com/dwm.exe	Offline	NetWire	JayTHL
2018-05-22 21:16:06	http://theipgenerators.com/POS.exe	Offline		JayTHL
2018-05-22 21:15:37	http://theipgenerators.com/PC.exe	Offline	RemcosRAT	JayTHL
2018-05-22 21:14:37	http://theipgenerators.com/Orders.exe	Offline		JayTHL
2018-05-22 21:13:44	http://theipgenerators.com/INVOICE.exe	Offline		JayTHL
2018-05-22 21:13:22	http://theipgenerators.com/App.exe	Offline		JayTHL
2018-05-22 21:12:32	http://theipgenerators.com/0.msi	Offline		JayTHL
2018-05-21 16:47:45	http://theipgenerators.com/winlogon.exe	Offline	exe NetWire Pony	lovemalware
2018-05-09 15:50:45	http://theipgenerators.com/apps.exe	Offline	exe RemcosRAT	abuse_ch

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Signature
2025-06-24 21:59:20	cda30462d6c08dba8782ac1cdb1db489eb3a5efe7b5f1173a678670a31c1354e	txt
2025-05-29 12:12:35	6567a506a59613da7c5cab6b7ed11ec614fee5c18dac468a962d0035fe9483fd	txt
2025-05-29 06:43:05	f4f751ce7af377e18e3cee19147c61b17c328775bb6e35adb2f73c8418cc1ee8	txt
2025-05-26 15:20:11	ab757a1c148a2499113be44c5405f107d6defa70c21f7b5902302028ae8e0a7f	txt	RemcosRAT
2025-05-24 00:09:00	3fd0f55a49f5ab1cef61bf728968749532ceaea909cb0764aa507a4198e2e7df	txt	RemcosRAT
2025-05-23 05:53:11	82df4d612893a0973fe9341b91d06c39e7512f7a510e9317732f523b0e61c07d	txt	RemcosRAT
2025-05-12 06:28:08	95ad39975c81ea591ea6d707b3a6fc104704d374d2a77945d3763def913b759a	txt	AsyncRAT