URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2025-04-18 05:16:03	http://196.251.69.157/cron	Offline	elf ua-wget	abuse_ch
2025-04-18 05:16:03	http://196.251.69.157/wget	Offline	elf ua-wget	abuse_ch
2025-04-18 05:16:03	http://196.251.69.157/apache2	Offline	elf ua-wget	abuse_ch
2025-04-18 05:16:03	http://196.251.69.157/sh	Offline	elf ua-wget	abuse_ch
2025-04-18 05:16:03	http://196.251.69.157/ftp	Offline	elf ua-wget	abuse_ch
2025-04-18 05:16:03	http://196.251.69.157/nut	Offline	elf ua-wget	abuse_ch
2025-04-18 05:16:03	http://196.251.69.157/sshd	Offline	elf ua-wget	abuse_ch
2025-04-18 05:16:03	http://196.251.69.157/pftp	Offline	elf ua-wget	abuse_ch
2025-04-18 05:16:03	http://196.251.69.157/bash	Offline	elf ua-wget	abuse_ch
2025-04-18 05:16:03	http://196.251.69.157/telnetd	Offline	elf ua-wget	abuse_ch
2025-04-18 05:16:03	http://196.251.69.157/openssh	Offline	elf ua-wget	abuse_ch
2025-04-18 05:16:03	http://196.251.69.157/ntpd	Offline	elf ua-wget	abuse_ch
2025-04-17 14:29:04	http://196.251.69.157/bins.sh	Offline	gafgyt sh	NDA0E
2025-04-17 14:16:05	http://196.251.69.157/tftp	Offline	elf gafgyt	NDA0E

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2025-04-17 14:29:04	ff5b53d7f961512056919faa36075109dae2b1859011a179444657d33c7226be	sh		Gafgyt
2025-04-17 14:16:04	221b2b8ec945324c54d467df7fbeb4d7a8eb97e20c3a2a2dd0a9b09c599e0cfd	elf		Gafgyt