URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	5.253.86.21
Firstseen:	2025-10-10 21:32:04 UTC
Total malware sites :	39
Online malware sites :	0 (0%)
Offline Malware sites :	39 (100%)

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2025-10-10 21:32:06	5.253.86.21		Not listed	AS213438 colocatel-inc	US	yes

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2025-10-21 16:43:07	http://5.253.86.21/arm5	Offline	elf mirai	BlinkzSec
2025-10-21 16:43:05	http://5.253.86.21/ftpget.sh	Offline	sh	BlinkzSec
2025-10-21 16:43:05	http://5.253.86.21/curl.sh	Offline	sh	BlinkzSec
2025-10-18 15:45:26	http://5.253.86.21/bot.i686	Offline	elf mirai ua-wget	abuse_ch
2025-10-18 15:45:26	http://5.253.86.21/bot.i586	Offline	elf mirai ua-wget	abuse_ch
2025-10-18 15:45:26	http://5.253.86.21/bot.armv7l	Offline	elf mirai ua-wget	abuse_ch
2025-10-18 15:45:26	http://5.253.86.21/bot.mips	Offline	elf mirai ua-wget	abuse_ch
2025-10-18 15:45:26	http://5.253.86.21/bot.mipsel	Offline	elf mirai ua-wget	abuse_ch
2025-10-18 15:45:26	http://5.253.86.21/bot.armv4l	Offline	elf mirai ua-wget	abuse_ch
2025-10-18 15:45:25	http://5.253.86.21/bot.armv5l	Offline	elf ua-wget	abuse_ch
2025-10-13 18:56:44	http://5.253.86.21/T	Offline	elf gafgyt	BlinkzSec
2025-10-13 18:54:49	http://5.253.86.21/lol	Offline	elf gafgyt	BlinkzSec
2025-10-11 06:47:20	http://5.253.86.21/DFhxdhdf	Offline	elf ua-wget	abuse_ch
2025-10-11 06:47:19	http://5.253.86.21/bins/keksec.x86	Offline	elf ua-wget	abuse_ch
2025-10-11 06:47:19	http://5.253.86.21/bins/keksec.arm5	Offline	elf ua-wget	abuse_ch
2025-10-11 06:47:19	http://5.253.86.21/bins/keksec.i586	Offline	elf ua-wget	abuse_ch
2025-10-11 06:47:17	http://5.253.86.21/bins/keksec.spc	Offline	elf ua-wget	abuse_ch
2025-10-11 06:47:16	http://5.253.86.21/bins/keksec.mips	Offline	elf ua-wget	abuse_ch
2025-10-11 06:47:16	http://5.253.86.21/bins/keksec.ppc-440fp	Offline	elf ua-wget	abuse_ch
2025-10-11 06:47:16	http://5.253.86.21/bins/keksec.arm7	Offline	elf ua-wget	abuse_ch
2025-10-11 06:47:16	http://5.253.86.21/JIPJIPJj	Offline	elf ua-wget	abuse_ch
2025-10-11 06:47:12	http://5.253.86.21/jhUOH	Offline	elf ua-wget	abuse_ch
2025-10-11 06:47:12	http://5.253.86.21/GHfjfgvj	Offline	elf ua-wget	abuse_ch
2025-10-11 06:47:12	http://5.253.86.21/UYyuyioy	Offline	elf ua-wget	abuse_ch
2025-10-11 06:47:12	http://5.253.86.21/bins/keksec.mpsl	Offline	elf ua-wget	abuse_ch
2025-10-11 06:47:12	http://5.253.86.21/bins/keksec.arm	Offline	elf ua-wget	abuse_ch
2025-10-11 06:47:11	http://5.253.86.21/bins/keksec.ppc	Offline	elf ua-wget	abuse_ch
2025-10-11 06:47:11	http://5.253.86.21/FTUdftui	Offline	elf ua-wget	abuse_ch
2025-10-11 06:47:11	http://5.253.86.21/FDFDHFC	Offline	elf ua-wget	abuse_ch
2025-10-11 06:47:11	http://5.253.86.21/JIPJuipjh	Offline	elf ua-wget	abuse_ch
2025-10-11 06:47:11	http://5.253.86.21/bins/keksec.sh4	Offline	elf ua-wget	abuse_ch
2025-10-11 06:47:11	http://5.253.86.21/RYrydry	Offline	elf ua-wget	abuse_ch
2025-10-11 06:47:06	http://5.253.86.21/bins/keksec.x64	Offline	elf ua-wget	abuse_ch
2025-10-11 06:47:06	http://5.253.86.21/bins/keksec.m68k	Offline	elf ua-wget	abuse_ch
2025-10-10 21:32:20	http://5.253.86.21/update.sh	Offline	mirai opendir	DaveLikesMalwre
2025-10-10 21:32:19	http://5.253.86.21/bins/XDzdfxzf	Offline	gafgyt opendir	DaveLikesMalwre
2025-10-10 21:32:06	http://5.253.86.21/a.out	Offline	gafgyt opendir	DaveLikesMalwre
2025-10-10 21:32:06	http://5.253.86.21/XDzdfxzf	Offline	gafgyt opendir	DaveLikesMalwre
2025-10-10 21:32:06	http://5.253.86.21/bins.sh	Offline	gafgyt mirai opendir	DaveLikesMalwre

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Signature
2025-10-21 22:35:06	8781e8ac38ff72fe2168e3b62b75db47ff3bbb90da29ce18fc4732dd261ce7f1	txt
2025-10-21 21:57:11	3e7604bb6c92991a3f49ae46e4e76f4a67c5711c11becad6f5e0cc2441965fec	txt
2025-10-21 16:43:06	089c0265fe505a1bcb043536edea7517211632f208467fa52491697f36b02c0e	elf	Mirai
2025-10-18 15:45:26	34c7bfb6808bb3b027bb6c7551cfc92e02f1748d314fe65883a01c6738c8aaea	elf	Mirai
2025-10-18 15:45:26	533000a78d42bee90839ed417fb216bf9dbb6afdbb5e285efe3bda5a24d8e0a5	elf	Mirai
2025-10-18 15:45:26	c4381c1d7a61c78e12a7b903d1f5ab531c7605a814022e90f3020d0a3c3d8a15	elf	Mirai
2025-10-18 15:45:26	eaf3447663d95584650861c8c2afa0cceff6df64e0215b27ebbfa777a0c65ec7	elf	Mirai
2025-10-18 15:45:26	b399eaf6238be55d5967d150d8ddce452ca38d9d283b5ed0a4693fecd86a8819	elf	Mirai
2025-10-18 15:45:26	e827115ddaece0476a81cd528961283e570eaa9339fb58b483c02630889064a0	elf	Mirai
2025-10-18 10:06:58	fc715a7ebcb71d9020169f9bd23d12f3dfeb0aa311785cb93d5725f1b2bfe5b8	sh	Mirai
2025-10-13 18:56:44	dcb9ffa705448d13eb89e12d853615e8d21c429a91a60d7bd80add94d8c4bce4	elf	Gafgyt
2025-10-13 18:54:49	210b2a799c3a67f16ce82924b0d71fee35c26402130839cf6dd3aeb3c9a859d7	elf	Gafgyt
2025-10-10 21:32:20	725e6681c2ee8b785825687ecf79a3ced0bf2e9ccf283ca7f5b4efa0bb45ef0a	sh	Mirai
2025-10-10 21:32:19	1b37a8704c9441ad299d064a8e910ac528deb4efe1c6fb5c4478279f31828e63	elf	Gafgyt
2025-10-10 21:32:06	183cc6fc1130e68338d3673193df2d7f591d22143f5fd72875c37843553d5e1a	elf	Gafgyt
2025-10-10 21:32:06	1b37a8704c9441ad299d064a8e910ac528deb4efe1c6fb5c4478279f31828e63	elf	Gafgyt
2025-10-10 21:32:06	fc762805251333e8c824f3ed52e0171d2e24f06fe527fc43f3c2eb6dad20f15e	sh	Gafgyt