URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2022-06-30 20:21:05	204.76.203.6		SBL673234	AS51396 PFCLOUD	NL	yes

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2022-10-06 10:59:05	http://204.76.203.6//gigasex.x86	Offline	ddos elf mirai	Gandylyan1
2022-10-04 22:15:05	http://204.76.203.6/gigasex.sparc	Offline	elf gafgyt mirai	r3dbU7z
2022-10-04 22:07:05	http://204.76.203.6/gigasex.ppc	Offline	elf mirai	r3dbU7z
2022-10-04 22:07:05	http://204.76.203.6/gigasex.sh4	Offline	elf mirai	r3dbU7z
2022-10-04 22:07:05	http://204.76.203.6/gigasex.mpsl	Offline	elf mirai	r3dbU7z
2022-10-04 22:07:05	http://204.76.203.6/gigasex.i686	Offline	elf gafgyt mirai	r3dbU7z
2022-10-04 22:07:05	http://204.76.203.6/gigasex.m68k	Offline	elf mirai	r3dbU7z
2022-10-04 22:07:05	http://204.76.203.6/gigasex.mips	Offline	elf mirai	r3dbU7z
2022-10-04 22:06:04	http://204.76.203.6/gigasex.arm4	Offline	elf gafgyt mirai	r3dbU7z
2022-10-04 22:06:04	http://204.76.203.6/gigasex.arm7	Offline	elf gafgyt mirai	r3dbU7z
2022-10-04 22:06:04	http://204.76.203.6/gigasex.arm6	Offline	elf gafgyt mirai	r3dbU7z
2022-10-04 22:06:04	http://204.76.203.6/gigasex.arm5	Offline	elf mirai	r3dbU7z
2022-10-04 22:06:04	http://204.76.203.6/gigasex.i586	Offline	elf mirai	r3dbU7z
2022-06-30 20:21:05	http://204.76.203.6/bins/ZG9zx86	Offline	ddos mirai	Gandylyan1
2022-06-30 20:21:05	http://204.76.203.6/bins/ZG9zarm	Offline	ddos mirai	Gandylyan1
2022-06-30 20:21:05	http://204.76.203.6/bins/ZG9zmpsl	Offline	ddos mirai	Gandylyan1
2022-06-30 20:21:05	http://204.76.203.6/bins/ZG9zarm5	Offline	ddos mirai	Gandylyan1
2022-06-30 20:21:05	http://204.76.203.6/bins/ZG9zmips	Offline	ddos mirai	Gandylyan1

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2022-10-06 10:59:05	8e44dbc5a58f8c509c858b7bcf9123669773e316bdeaf32ee84d9e40d9881f71	elf		Mirai
2022-10-04 22:15:05	017f4cfa1837951a10bd1c1ae0a05be290964c40bd4e569dbd78ae2d335a1342	elf		Mirai
2022-10-04 22:07:05	4959d5f656ea93d015ae61cdbbca6069e6bf014bca828f1ce73d5d717218c527	elf		Mirai
2022-10-04 22:07:05	8e3ab0350c8337783c5856336dd303b2fb6de032e885e342883c15d84db94943	elf		Mirai
2022-10-04 22:07:05	4ebaffca0ed347c84e2b310d6019598308f215b5360cdd100c74c642a5c4d515	elf		Mirai
2022-10-04 22:07:05	8819400bb15addb722407fa4849a49a7c1d799dba860ae9f5c61ae7ab5920da6	elf		Gafgyt
2022-10-04 22:07:05	467baea36295bfded4940129dafb455ebf1b79e3e24b057ae3ad452823192f2b	elf
2022-10-04 22:07:05	8cd3473c6b026bb780d5d2e7e290708f5236f91721850e93958c16a146b9fe0a	elf
2022-10-04 22:06:04	09f48444f993973e4d8a3afc83063f1c60d4ecab52eaec5bd0daa489285e9b78	elf		Gafgyt
2022-10-04 22:06:04	a66b08149f43d12d8b891eb12e6e3ccdf092e6f04200a36916828fba9eed47f3	elf		Gafgyt
2022-10-04 22:06:04	d4179d3b7cc3752769dcb5b8edee983bf5063c8028ed5a2678bc4050e5ee1077	elf		Gafgyt
2022-10-04 22:06:04	274001347b5da27fece39d535c1028e0b9742c6c60f697fe24f77c9cd4820703	elf
2022-10-04 22:06:04	c45b35da53e4458a5f91bd22c50af5cea9fc70bc448d5172d529c1bd6da34d45	elf		Mirai
2022-06-30 20:21:05	f0efa3f87c423be7b37a345bf1400a09ef78c822e99233af06e3601e65f06e8a	elf		Mirai
2022-06-30 20:21:05	4485068a5b079e206e3691a72d3c6cdba7c14ee9d69bb466e00fc6dd60c2087e	elf		Mirai
2022-06-30 20:21:05	898a92a6c7ab07b51f49f3dae8c7a3a8d5d8ffc25b21bfcba75675be2d72ec5d	elf
2022-06-30 20:21:04	fd6e38712e5918353230f4c1d9d6d17e135b68b9f15754f30f741a92b115c323	elf
2022-06-30 20:21:04	2d6b9635a453f64e860fd57b3bd3960207b2d4a0928a1d03d4a78dc059f333eb	elf