URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host: 176.65.139.50
Firstseen:2026-04-24 09:27:05 UTC
Total malware sites :15
Online malware sites :14 (93%)
Offline Malware sites :1 (7%)
Newest active malware site :2026-05-26 19:48:19 UTC
Oldest active malware site :2026-05-26 02:47:25 UTC (Age: 1 day, 20 hours, 13 minutes)

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)IP addressHostnameSBLASNCountryActive?
2026-04-24 09:27:17 176.65.139.50SBL679274AS214472 STORMINDUSTRIES- LUyes

Malware URLs

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)URLStatusTagsReporter
2026-05-26 19:48:19http://176.65.139.50/FBI.sparcOnline176-65-139-50 elf gafgyt ext ua-wget BlinkzSec
2026-05-26 02:49:20http://176.65.139.50/FBI.arm7Onlinearm elf gafgyt ext mirai ext ua-wget botnetkiller
2026-05-26 02:48:23http://176.65.139.50/FBI.arm5Onlinearm elf gafgyt ext mirai ext ua-wget botnetkiller
2026-05-26 02:48:22http://176.65.139.50/FBI.mipsOnlineelf gafgyt ext mips mirai ext ua-wget botnetkiller
2026-05-26 02:48:22http://176.65.139.50/FBI.x86Onlineelf mirai ext ua-wget x86 botnetkiller
2026-05-26 02:48:22http://176.65.139.50/FBI.m68kOnlineelf gafgyt ext m68k mirai ext ua-wget botnetkiller
2026-05-26 02:48:22http://176.65.139.50/FBI.x86_64Onlineelf gafgyt ext mirai ext ua-wget x86 botnetkiller
2026-05-26 02:48:22http://176.65.139.50/FBI.i686Onlineelf gafgyt ext mirai ext ua-wget x86 botnetkiller
2026-05-26 02:48:22http://176.65.139.50/FBI.armOnlinearm elf gafgyt ext mirai ext ua-wget botnetkiller
2026-05-26 02:48:22http://176.65.139.50/mis.shOnlinegafgyt ext sh ua-wget botnetkiller
2026-05-26 02:48:22http://176.65.139.50/FBI.arm6Onlinearm elf gafgyt ext mirai ext ua-wget botnetkiller
2026-05-26 02:48:22http://176.65.139.50/FBI.ppcOnlineelf gafgyt ext mirai ext PowerPC ua-wget botnetkiller
2026-05-26 02:48:16http://176.65.139.50/FBI.mipselOnlineelf gafgyt ext mips mirai ext ua-wget botnetkiller
2026-05-26 02:47:25http://176.65.139.50/FBI.sh4Onlineelf gafgyt ext mirai ext SuperH ua-wget botnetkiller
2026-04-24 09:27:17http://176.65.139.50/arm7Offline176-65-139-50 elf mirai ext ua-wget BlinkzSec

The table below shows recent payloads delivery by this host.

Firstseen (UTC)SHA256 hashFile typeBazaarSignature
2026-05-27 02:08:33c348afc647f8b4b46885fb04a34efb1df58365d1ab8fd50d0b8ff1b742188ae7elfGafgyt
2026-05-26 02:49:20a81b4478f1d7d49a83d9e38dabc32b5e761a690215cf6e3019c388615c26e22belfGafgyt
2026-05-26 02:48:23745401979abe0927afb529af9c37c86cc2b357a717685ab962f19ecc4e815c58elfGafgyt
2026-05-26 02:48:227766c414a9bb72ece62ae26fd2af531c6f02032fba786ded349361020dcecf59elfGafgyt
2026-05-26 02:48:229319d7e9c34bfb654694d662d26049bfe4f08f21ad310d7a6a3ad780e5664090elfGafgyt
2026-05-26 02:48:22481523616cea98d994f74265c09efa2aec5a69ecc679ecf7f9555a46b54aaa2belfGafgyt
2026-05-26 02:48:2259bebfb7e2c968216b8f81e7633f5d0cb24256707d1744a90a3cc06af636c1a8elfGafgyt
2026-05-26 02:48:2237213df6ffed3fae7896c9008dd1c28ec9ea37e123293e0d4fef025c09086f67elfGafgyt
2026-05-26 02:48:2295ac5f324acd8d78c3e1535214a01ca1ac205943eab62bda62892b35dfadcf51shGafgyt
2026-05-26 02:48:22d002a139db788676ac663843eb1a89b8e8f7f2fa37afb8dd9416ddbccd81e57belfGafgyt
2026-05-26 02:48:22e315dcde7eafda86084fd24beb16cdabd3af1f2ed8edcb9f18495ffd84e002b1elfGafgyt
2026-05-26 02:48:21b188505a034e2706dee63fb0d3438f7f06cdb54e4bdf65fbf200fea4dd1ce313elfMirai
2026-05-26 02:48:1697f2be2f95ba20aa43081b901218abe5c94b75b0fb789537dbef7e015ce74de8elfGafgyt
2026-05-26 02:47:257e520534922ce97a7db8740c221d3b16b3545bb86a24bba936684d4db22d28e0elfGafgyt
2026-04-24 09:27:17ce270a97a9bfa060a03ee970d92b11b5af10820de59a6b4366674e65846c7080elfMirai