URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	185.196.11.126
Firstseen:	2025-12-28 11:30:06 UTC
Total malware sites :	25
Online malware sites :	0 (0%)
Offline Malware sites :	25 (100%)

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2025-12-28 11:30:21	185.196.11.126	marlboro	SBL640645	AS42624 swissnetwork02	CH	yes

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2025-12-29 12:06:37	http://185.196.11.126/bins/.mpsl	Offline	elf ua-wget	NDA0E
2025-12-29 12:06:37	http://185.196.11.126/bins/.x64	Offline	elf ua-wget	NDA0E
2025-12-29 12:06:37	http://185.196.11.126/bins/.spc	Offline	elf ua-wget	NDA0E
2025-12-29 12:06:36	http://185.196.11.126/bins/.i586	Offline	elf ua-wget	NDA0E
2025-12-29 12:06:36	http://185.196.11.126/bins/.mips	Offline	elf ua-wget	NDA0E
2025-12-29 12:06:36	http://185.196.11.126/bins/.x86	Offline	elf ua-wget	NDA0E
2025-12-29 12:06:36	http://185.196.11.126/bins/.sh4	Offline	elf ua-wget	NDA0E
2025-12-29 12:06:35	http://185.196.11.126/bins/.arm7	Offline	elf ua-wget	NDA0E
2025-12-29 12:06:35	http://185.196.11.126/bins/.m68k	Offline	elf ua-wget	NDA0E
2025-12-29 12:06:34	http://185.196.11.126/bins/.arm5	Offline	elf ua-wget	NDA0E
2025-12-29 12:06:33	http://185.196.11.126/bins/.ppc	Offline	elf ua-wget	NDA0E
2025-12-29 12:06:33	http://185.196.11.126/bins/.arm	Offline	elf ua-wget	NDA0E
2025-12-29 07:40:34	http://185.196.11.126/bins/hoho.mpsl	Offline	elf ua-wget	abuse_ch
2025-12-29 07:40:34	http://185.196.11.126/bins/hoho.arm7	Offline	elf ua-wget	abuse_ch
2025-12-29 07:40:33	http://185.196.11.126/bins/hoho.ppc	Offline	elf ua-wget	abuse_ch
2025-12-29 07:40:33	http://185.196.11.126/bins/hoho.sh4	Offline	elf ua-wget	abuse_ch
2025-12-29 07:40:33	http://185.196.11.126/bins/hoho.arm5	Offline	elf ua-wget	abuse_ch
2025-12-29 07:40:33	http://185.196.11.126/bins/hoho.mips	Offline	elf ua-wget	abuse_ch
2025-12-29 07:40:33	http://185.196.11.126/bins/hoho.x86	Offline	elf ua-wget	abuse_ch
2025-12-29 07:40:32	http://185.196.11.126/bins/hoho.spc	Offline	elf ua-wget	abuse_ch
2025-12-29 07:40:32	http://185.196.11.126/bins/hoho.arm	Offline	elf ua-wget	abuse_ch
2025-12-29 07:40:32	http://185.196.11.126/bins/hoho.arm6	Offline	elf ua-wget	abuse_ch
2025-12-29 07:40:32	http://185.196.11.126/bins/hoho.m68k	Offline	elf ua-wget	abuse_ch
2025-12-29 07:40:21	http://185.196.11.126/bins/.ppc-440fp	Offline	ascii	geenensp
2025-12-28 11:30:21	http://185.196.11.126/wget.sh	Offline	ascii	geenensp

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2025-12-28 13:48:33	0fc753e522b72222dc3ff1e4a1f3463db8e72a79f54eb3dedf901e13ec6af4e3	sh