URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	176.65.149.4.ptr.pfcloud.network
Spamhaus DBL :	Botnet C&C domain
SURBL :	Not blocked
Quad9 :	Blocked
AdGuard :	Not blocked
Cloudflare :	Not blocked
ProtonDNS :	Not blocked
OpenBLD :	Blocked
DNS4EU :	Not blocked
Control D HaGeZi :	Not blocked
Firstseen:	2025-12-09 02:40:05 UTC
Total malware sites :	13
Online malware sites :	0 (0%)
Offline Malware sites :	13 (100%)
A record(s) observed :	1

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2025-12-09 02:40:09	176.65.149.4	176.65.149.4.ptr.pfcloud.network	SBL679274	AS51396 PFCLOUD	NL	yes

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2025-12-09 02:41:12	http://176.65.149.4.ptr.pfcloud.network/bins/De...	Offline	elf geofenced mips mirai ua-wget USA	botnetkiller
2025-12-09 02:41:05	http://176.65.149.4.ptr.pfcloud.network/bins.sh	Offline	geofenced mirai sh ua-wget USA	botnetkiller
2025-12-09 02:40:14	http://176.65.149.4.ptr.pfcloud.network/bins/De...	Offline	elf gafgyt geofenced m68k mirai ua-wget USA	botnetkiller
2025-12-09 02:40:13	http://176.65.149.4.ptr.pfcloud.network/bins/De...	Offline	arm elf geofenced mirai ua-wget USA	botnetkiller
2025-12-09 02:40:13	http://176.65.149.4.ptr.pfcloud.network/bins/De...	Offline	arm elf geofenced mirai ua-wget USA	botnetkiller
2025-12-09 02:40:13	http://176.65.149.4.ptr.pfcloud.network/bins/De...	Offline	elf gafgyt geofenced mirai SuperH ua-wget USA	botnetkiller
2025-12-09 02:40:13	http://176.65.149.4.ptr.pfcloud.network/bins/De...	Offline	elf geofenced mips mirai ua-wget USA	botnetkiller
2025-12-09 02:40:13	http://176.65.149.4.ptr.pfcloud.network/bins/De...	Offline	elf geofenced mirai ua-wget USA x86	botnetkiller
2025-12-09 02:40:13	http://176.65.149.4.ptr.pfcloud.network/bins/De...	Offline	elf gafgyt geofenced mirai PowerPC ua-wget USA	botnetkiller
2025-12-09 02:40:13	http://176.65.149.4.ptr.pfcloud.network/bins/De...	Offline	arm elf geofenced mirai ua-wget USA	botnetkiller
2025-12-09 02:40:09	http://176.65.149.4.ptr.pfcloud.network/c.sh	Offline	geofenced sh ua-wget USA	botnetkiller
2025-12-09 02:40:09	http://176.65.149.4.ptr.pfcloud.network/wget.sh	Offline	geofenced sh ua-wget USA	botnetkiller
2025-12-09 02:40:09	http://176.65.149.4.ptr.pfcloud.network/w.sh	Offline	geofenced sh ua-wget USA	botnetkiller

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Signature
2025-12-09 02:41:12	dfb90637ed3fa4e0d49aa81b02d16858a43c61a1541cd359f22b76dc06c97540	elf	Mirai
2025-12-09 02:40:14	ebee38f02beecf097992c4ea94e6b3dcf860349c4ba6b336bdc9c34f9dce7fd9	elf	Gafgyt
2025-12-09 02:40:13	997433271601e11425f3111cedeaf929a79b978d76fb6f5f399a0a03585aa40c	elf	Mirai
2025-12-09 02:40:13	2df8a7ceba4b1648f689d6fcee1ee41d0ca9d7bdc611a65c6c3d80c17ca89cf0	elf	Mirai
2025-12-09 02:40:13	b3af2b24fce06e94f7484946a35ee51944676105381934eb74681958ed0b03d2	elf	Gafgyt
2025-12-09 02:40:13	f60e4dfdc819a1ff12064faabbfd14a1ddf90ff5af5d9098718e5e611f0c8066	elf	Mirai
2025-12-09 02:40:13	87512d3762057f799ed76d9310d94c8ae3798623259cff636a68001958b7ed47	elf	Mirai
2025-12-09 02:40:13	0dad2706685517f94f0c628f83fad5da211a30ea0621a032a467c958bd2efb66	elf	Gafgyt
2025-12-09 02:40:13	432420c135f443d59d76544b0d73e8eb530d9eae7648f7e838015fc706b1eb85	elf	Mirai