URLhaus Database
Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).
Database Entry
| Host: | win.down.55kantu.com |
|---|---|
| Domain registrar: | Alibaba  |
| Domain registration date: | 2020-09-01 16:12:25 UTC |
| Spamhaus DBL : | Abused domain (malware) |
| SURBL : | Blocked |
| Quad9 : | Blocked |
| AdGuard : | Not blocked |
| Cloudflare : | Not blocked |
| ProtonDNS : | Blocked |
| OpenBLD : | Blocked |
| DNS4EU : | Not blocked |
| Control D HaGeZi : | Not blocked |
| Firstseen: | 2024-10-10 20:09:05 UTC |
| Total malware sites : | 1 |
| A record(s) observed : | 37 |
IP addresses
The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.
| Firstseen (UTC) | IP address | Hostname | SBL | ASN | Country | Active? |
|---|---|---|---|---|---|---|
| 2025-09-15 07:48:10 | 168.235.193.211 | Not listed | AS54994 ML-1432-54994 |  CA | yes | |
| 2025-04-10 19:19:43 | 168.235.193.153 | Not listed | AS54994 ML-1432-54994 | CA | yes | |
| 2025-10-20 17:54:29 | 138.113.20.175 | Not listed | AS54994 ML-1432-54994 |  GB | no | |
| 2024-10-29 19:37:07 | 138.113.20.17 | Not listed | AS54994 ML-1432-54994 | GB | no | |
| 2025-11-13 06:54:29 | 168.235.193.235 | Not listed | AS54994 ML-1432-54994 | CA | no | |
| 2024-12-27 15:21:12 | 138.113.20.128 | Not listed | AS54994 ML-1432-54994 | GB | no | |
| 2025-02-27 15:33:04 | 138.113.20.22 | Not listed | AS54994 ML-1432-54994 | GB | no | |
| 2024-10-23 20:15:57 | 138.113.20.168 | Not listed | AS54994 ML-1432-54994 | GB | no | |
| 2025-11-26 00:08:38 | 168.235.193.234 | Not listed | AS54994 ML-1432-54994 | CA | no | |
| 2025-11-22 03:35:12 | 168.235.193.214 | Not listed | AS54994 ML-1432-54994 | CA | no |
Malware URLs
The table below shows all malware URLs that are associated with this particular host.
| Dateadded (UTC) | URL | Status | Tags | Reporter |
|---|---|---|---|---|
| 2024-10-10 20:09:18 | http://win.down.55kantu.com/winassist/login/log... | Online | adware Amadey |  abus3reports |
The table below shows recent payloads delivery by this host.
| Firstseen (UTC) | SHA256 hash | File type | Bazaar | Signature |
|---|---|---|---|---|
| 2024-12-24 07:19:09 | 2c209d018dc8be8c3faea4f1d9522e57ff0a42e0b30bf356b74e81bef76757d5 | 7z | Amadey | |
| 2024-10-10 20:09:18 | c5710894ae0a159d8db9137fc0a15a088426993b8381401ea9d4497a853339b4 | 7z |