URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	85.11.167.21
Firstseen:	2026-04-18 01:37:04 UTC
Total malware sites :	14
Online malware sites :	0 (0%)
Offline Malware sites :	14 (100%)

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2026-04-18 01:37:14	85.11.167.21	baulk-bended.northernlettings.com	SBL694610	AS213438 colocatel-inc	BG	yes

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2026-04-19 11:29:27	http://85.11.167.21/scar	Offline	elf ua-wget	abuse_ch
2026-04-19 11:29:08	http://85.11.167.21/x86	Offline	elf ua-wget	abuse_ch
2026-04-18 04:17:13	http://85.11.167.21/sex.sh	Offline	85-11-167-21 gafgyt sh ua-wget	BlinkzSec
2026-04-18 04:17:13	http://85.11.167.21/dc	Offline	85-11-167-21 elf gafgyt ua-wget	BlinkzSec
2026-04-18 04:17:13	http://85.11.167.21/mips	Offline	85-11-167-21 elf gafgyt ua-wget	BlinkzSec
2026-04-18 01:39:06	http://85.11.167.21/m68k	Offline	elf gafgyt ua-wget	ClearlyNotB
2026-04-18 01:38:16	http://85.11.167.21/arm61	Offline	elf gafgyt ua-wget	ClearlyNotB
2026-04-18 01:38:16	http://85.11.167.21/586	Offline	elf gafgyt ua-wget	ClearlyNotB
2026-04-18 01:38:16	http://85.11.167.21/dss	Offline	elf gafgyt ua-wget	ClearlyNotB
2026-04-18 01:38:16	http://85.11.167.21/sh4	Offline	elf gafgyt ua-wget	ClearlyNotB
2026-04-18 01:38:16	http://85.11.167.21/mipsel	Offline	elf gafgyt ua-wget	ClearlyNotB
2026-04-18 01:38:16	http://85.11.167.21/ppc	Offline	elf gafgyt ua-wget	ClearlyNotB
2026-04-18 01:38:16	http://85.11.167.21/co	Offline	elf gafgyt ua-wget	ClearlyNotB
2026-04-18 01:37:14	http://85.11.167.21/i686	Offline	elf gafgyt ua-wget	ClearlyNotB

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Signature
2026-04-18 04:17:13	12e63d51aa7c94004be7649e6a1362429a567cc842ea42c94210690e427cdfa6	sh	Gafgyt
2026-04-18 04:17:13	83738b72e30428025b3d3380f49ab28cdaab11f86e94a182dd6461ab8eac9bc5	elf	Gafgyt
2026-04-18 04:17:13	9dc5a09803bedff1e6edcb2fb8d490816e545cb4d0dfe238cd8410051db0fa9a	elf	Gafgyt
2026-04-18 01:39:06	d55090f67a3883c43148e37fcc766053ce291e0a5e899f65c740983223d902ed	elf	Gafgyt
2026-04-18 01:38:16	1cf27b83f6d0ab542fcaeeb61459cd172defcd1cfbeadf1a248f4b20e8178b75	elf	Gafgyt
2026-04-18 01:38:16	2225e62d389c91d864b1674419559a3336fd05af76020f4bf1b1d8b2707146f4	elf	Gafgyt
2026-04-18 01:38:16	f0d65338065ee6726d47d1522450f0dbc8e4821dcf99a236e0290e1728e6e60a	elf	Gafgyt
2026-04-18 01:38:16	a1ff3a7eb9e3f77487a2b92a4fa58cee4220726bc4e06547e0a49707af6ee1a6	elf	Gafgyt
2026-04-18 01:38:16	fb2e27e8d47838721bba3a9e51c7ead6e214ef54ca80665b3165ec3a9f1ef201	elf	Gafgyt
2026-04-18 01:38:16	b9d555c83c3b7769d4616af6c501ae8381a359582020a1168900e1b888e048d9	elf	Gafgyt
2026-04-18 01:38:16	bd888ba6f238ae46f62b918794d7788d46e35cc54dcfd5dfd74b41e0668898ca	elf	Gafgyt
2026-04-18 01:37:13	237baa9e4af13c1326f7421d474401b06d836c7337b76b222d8676655392881e	elf	Gafgyt