URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	161.97.149.138
Firstseen:	2025-09-29 15:01:05 UTC
Total malware sites :	18
Online malware sites :	0 (0%)
Offline Malware sites :	18 (100%)

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2025-09-29 15:01:13	161.97.149.138	vmi2815053.contaboserver.net	Not listed	AS51167 CONTABO	FR	yes

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2025-09-30 05:45:21	http://161.97.149.138/systemcl/spc	Offline	elf ua-wget	abuse_ch
2025-09-30 05:45:20	http://161.97.149.138/systemcl/sh4	Offline	elf ua-wget	abuse_ch
2025-09-29 18:15:18	http://161.97.149.138/systemcl/x86_64	Offline	elf mirai	BlinkzSec
2025-09-29 18:14:16	http://161.97.149.138/c.sh	Offline	mirai sh	BlinkzSec
2025-09-29 18:14:15	http://161.97.149.138/iot.sh	Offline	mirai sh	BlinkzSec
2025-09-29 18:14:15	http://161.97.149.138/systemcl/ppc	Offline	elf mirai	BlinkzSec
2025-09-29 18:14:15	http://161.97.149.138/test.sh	Offline	mirai sh	BlinkzSec
2025-09-29 18:14:15	http://161.97.149.138/wget.sh	Offline	mirai sh	BlinkzSec
2025-09-29 18:14:15	http://161.97.149.138/w.sh	Offline	mirai sh	BlinkzSec
2025-09-29 18:13:17	http://161.97.149.138/systemcl/arc	Offline	elf mirai	BlinkzSec
2025-09-29 18:13:17	http://161.97.149.138/systemcl/m68k	Offline	elf mirai	BlinkzSec
2025-09-29 18:13:17	http://161.97.149.138/systemcl/arm5	Offline	elf mirai	BlinkzSec
2025-09-29 18:13:17	http://161.97.149.138/systemcl/arm6	Offline	elf mirai	BlinkzSec
2025-09-29 18:13:17	http://161.97.149.138/systemcl/mpsl	Offline	elf mirai	BlinkzSec
2025-09-29 18:13:17	http://161.97.149.138/systemcl/arm7	Offline	elf mirai	BlinkzSec
2025-09-29 15:01:17	http://161.97.149.138/systemcl/arm	Offline	32-bit elf mirai Mozi	threatquery
2025-09-29 15:01:16	http://161.97.149.138/systemcl/mips	Offline	32-bit elf mirai Mozi	threatquery
2025-09-29 15:01:13	http://161.97.149.138/systemcl/x86	Offline	32-bit elf mirai Mozi	threatquery

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Signature
2025-09-29 18:15:17	d167fe5abe306825e029bd799bb645048ccae15dca31ea4ac9fcb8b416142a3a	elf	Mirai
2025-09-29 18:14:16	efc7d25ea48997d056352f9f02883ee0d88fcbf565b74f57499fbb02d7d0284a	sh	Mirai
2025-09-29 18:14:15	236e422e0583d61fdb88f2503aa28f1fa6cc44a212fc610ad22e23fe31395156	sh	Mirai
2025-09-29 18:14:15	01de46acf9eab70439e209566e88acb3f331f1901fe26c619a787156f01bece6	sh	Mirai
2025-09-29 18:14:15	96387a326a3dbea1e9f5ac20e8dbaba68ec070c59e4f21ef9bd68b4b9a97f0b6	sh	Mirai
2025-09-29 18:14:15	1551d33d26531767211244f0e646501a707170399859c9866ac1e704888d1939	sh	Mirai
2025-09-29 18:14:15	dcd7d4b917223e33897da06b7fdb676d16aa4d7afc0276bb4525c275b0a45b10	elf	Mirai
2025-09-29 18:13:17	527debaef309134677a1c3a450dc5aea1f3a2a6f742fad86a20c80274c749630	elf	Mirai
2025-09-29 18:13:17	c5da1b833565988e4bb1729244b07d55ff21148392a7143ff5aab70f43788d6b	elf	Mirai
2025-09-29 18:13:17	899c7e47c4e8f921e14bed7dcca677ed995ead6369168433011cac67ef6e5a59	elf	Mirai
2025-09-29 18:13:17	4b3fafa6af227c69f3164a2b4f85e7024361a714347c7f691099ed80736916ab	elf	Mirai
2025-09-29 18:13:17	b819a17fd9314f13890dce05291b4c14b40477f0546c7481b4c2af576928244e	elf	Mirai
2025-09-29 18:13:17	62fe11867609d9e615a9e4356e2770c1186cf083109c2aa6e06bd3273969246c	elf	Mirai
2025-09-29 15:01:17	0aa6fd4f78bcee9f77a93153de85f0db4aa2e42464afcad9564ef46528697d44	elf	Mirai
2025-09-29 15:01:16	dc49d000be3daa749c372da39aad50bc49e8d944c7c868fb70b7d15e159d79d3	elf	Mirai
2025-09-29 15:01:13	d167fe5abe306825e029bd799bb645048ccae15dca31ea4ac9fcb8b416142a3a	elf	Mirai