URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2026-01-22 09:01:19	104.218.50.158	vps3234732.trouble-free.net	Not listed	AS19318 IS-AS-1	US	yes

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2026-01-22 09:23:14	http://104.218.50.158/bins/arm64	Online	DDoSAgent elf ua-wget	BlinkzSec
2026-01-22 09:23:14	http://104.218.50.158/bins/amd64	Online	DDoSAgent elf ua-wget	BlinkzSec
2026-01-22 09:23:11	http://104.218.50.158/bins/arm7	Online	DDoSAgent elf ua-wget	BlinkzSec
2026-01-22 09:23:10	http://104.218.50.158/bins/x86	Online	DDoSAgent elf ua-wget	BlinkzSec
2026-01-22 09:01:19	http://104.218.50.158/bins/mips	Online	32-bit DDoSAgent elf Mozi	threatquery

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2026-01-22 09:23:14	6b46f35dd04432edf5983bb29878c8ce473b3003a1147f75222fd47b33dc9932	elf		DDoSAgent
2026-01-22 09:23:14	abd84d62cfb15177596c7c44553c968231b8878a1d74735c27154db7e3be2782	elf		DDoSAgent
2026-01-22 09:23:11	3d27fc410afed48b4cff6a6db1c4fa9df0e58bf10a7987bc4808291d202802c7	elf		DDoSAgent
2026-01-22 09:23:10	329ca32589da91c2d5bfbee4cffb87d61e8dd0185108542a066c8ee86c82277f	elf		DDoSAgent
2026-01-22 09:01:18	576d26ad1e998c48b2f174b9caead5cb0e50f9af8b26bfad909590a58a1ed970	elf		DDoSAgent