URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2025-11-20 07:09:05	196.251.107.94		SBL678968	AS214351 FEMOIT	DE	yes

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2025-11-20 07:09:17	http://196.251.107.94:5553/e39f572c3d0340f18606...	Online	dropped-by-donutloader	abuse_ch
2025-11-20 07:09:08	http://196.251.107.94:5553/c3756a729c074f17956a...	Online	donutloader dropped-by-donutloader	abuse_ch
2025-11-20 07:09:07	http://196.251.107.94:5553/b5e36a1b20c5408f8914...	Online	donutloader dropped-by-donutloader	abuse_ch
2025-11-20 07:09:07	http://196.251.107.94:5553/2ac4a11906954d1c954c...	Online	dropped-by-donutloader	abuse_ch
2025-11-20 07:09:05	http://196.251.107.94:5553/gimger.exe	Offline	dropped-by-donutloader	abuse_ch

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2025-11-20 07:09:17	23c9f46f71159e646579cfb1327393cae34ac66bac183831852d7121beba935a	unknown
2025-11-20 07:09:08	7bd1a323e9a3b32c257589cd85abe3064d97dadb3cbc24096a7e946e79a22df1	exe		DonutLoader
2025-11-20 07:09:07	fb790e2db7ebb409abb155124f071c94f9e9275f17f277ca842d1bf9bded4940	exe		DonutLoader
2025-11-20 07:09:07	8f258a2c054422d6c511062fed1a48842d6aa4030adb7ccd61dabd4cb0a1e048	unknown