URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2025-12-10 04:31:06	51.81.104.115	game.youcantdownmy.ovh	Not listed	AS16276 OVH	US	yes

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2025-12-15 13:32:13	http://51.81.104.115/nuts/poop	Offline	CoinMiner ua-wget	abuse_ch
2025-12-12 00:51:09	http://51.81.104.115/nuts/x	Offline	CoinMiner elf geofenced ua-wget USA x86	botnetkiller
2025-12-12 00:50:07	http://51.81.104.115/nuts/lc	Offline	CoinMiner config geofenced json ua-wget USA	botnetkiller
2025-12-10 04:31:06	http://51.81.104.115/nuts/bolts	Offline	CVE-2025-55182 ua-wget	abuse_ch
2025-12-10 04:31:06	http://51.81.104.115/nuts/x86	Offline	CVE-2025-55182 mirai ua-wget	abuse_ch

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2025-12-15 13:32:13	895f8dff9cd26424b691a401c92fa7745e693275c38caf6a6aff277eadf2a70b	elf		CoinMiner
2025-12-13 05:16:05	d2942d3b9b2e2dc98a34dc5a0d35c0ff7cb5ab419dfba7b1fca32fb6927732c4	elf		Mirai
2025-12-12 06:33:42	39a8e7126fd6c0b6d6f98a9fd05a0ffd64a03ffc4a7082dbfbe7d28274581cf0	json
2025-12-12 00:51:09	aa6e0f4939135feed4c771e4e4e9c22b6cedceb437628c70a85aeb6f1fe728fa	elf		CoinMiner
2025-12-12 00:50:07	318320a09de5778af0bf3e4853d270fd2d390e176822dec51e0545e038232666	json
2025-12-11 04:56:05	858874057e3df990ccd7958a38936545938630410bde0c0c4b116f92733b1ddb	elf		Mirai