URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	51.250.28.5
Firstseen:	2021-12-21 14:00:11 UTC
Total malware sites :	3
Online malware sites :	0 (0%)
Offline Malware sites :	3 (100%)

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2021-12-21 14:00:17	51.250.28.5		Not listed	AS200350 YandexCloud	RU	yes

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2021-12-21 14:38:14	http://51.250.28.5/.l/log	Offline	CVE-2021-44228 log4j Muhstik sh Tsunami	tolisec
2021-12-21 14:01:04	http://51.250.28.5/.l/pty4	Offline	CVE-2021-44228 elf log4j Muhstik Tsunami	tolisec
2021-12-21 14:00:17	http://51.250.28.5/.l/pty3	Offline	CVE-2021-44228 elf log4j Muhstik Tsunami	tolisec

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Signature
2021-12-23 16:05:21	fc669beaa2f84e08fcea799498c85374e1a3406441ed9aa5d53b7667265bff41	unknown
2021-12-23 07:24:18	c01fa3e23232da79e1ee1e722050ab8ac09b90bfebbf93a440bc1316ef7a127c	elf	Tsunami
2021-12-23 07:16:20	601a9a769138a444dd359058dee0b4d797f8aef42d7c22dfb469bbaf55695ed6	elf	Tsunami
2021-12-21 14:38:14	db0e6eb3c00be4129cad78cb9708ce6ef8bb02b1ed718d43ec86391737b8a27d	unknown
2021-12-21 14:01:04	b30702b6432c4a5ca65ebc060b72f28ba71f60b20bb38b6f858af5e6aa61896f	elf	Tsunami
2021-12-21 14:00:16	4a719439027a279b14a05d650691bed6e0a437ae87fb55895406616a55c6c720	elf