URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2025-04-27 09:52:11	81.19.159.22	www22sni.world4you.com	Not listed	AS8560 IONOS-AS	AT	yes
2019-02-26 15:55:23	81.19.145.42	www22.world4you.com	Not listed	AS8560 IONOS-AS	AT	no

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2019-03-12 11:24:57	http://www.sick-midsummer.at/templates/sick_mid...	Offline	js Ransomware RUS Troldesh zip	Anonymous
2019-03-12 01:34:34	http://www.sick-midsummer.at/templates/sick_mid...	Offline	js RUS Troldesh zip	Anonymous
2019-03-12 01:32:21	http://www.sick-midsummer.at/templates/sick_mid...	Offline	js RUS Troldesh zip	Anonymous
2019-02-26 15:55:23	http://www.sick-midsummer.at/templates/sick_mid...	Offline	exe Ransomware Troldesh	abuse_ch

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2019-03-12 01:34:34	a31afa73305b939ea16dd6654eacb16e1a04a513c5e647fdba39f4e3b870aa09	zip
2019-03-12 01:32:21	510d3dac36d978818470d4420e7b95ec8b36739a56e2c7c823e0bcd45671c563	zip
2019-03-09 02:29:34	244e8222eeb474a1b44ed66fdb5f775a82bfa948149b0d25a25a060169aadc68	exe
2019-02-26 15:55:23	73c904d658efa66370dfe8ec83a39c3038343b03e5509fa3280c85bd76790b32	exe		Ransomware.Troldesh