URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host: 87.121.84.80
Firstseen:2025-11-08 02:36:04 UTC
Total malware sites :15
Online malware sites :0 (0%)
Offline Malware sites :15 (100%)

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)IP addressHostnameSBLASNCountryActive?
2025-11-08 02:36:06 87.121.84.80SBL683025AS215925 VPSVAULTHOST- USyes

Malware URLs

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)URLStatusTagsReporter
2026-03-02 06:48:15http://87.121.84.80/x86Offline32-bit elf mirai ext Mozi ext x86 Anonymous
2025-11-08 07:52:08http://87.121.84.80/router-atemi-rep.shOfflinemirai ext Ngioweb asyncthecatlol
2025-11-08 02:36:08http://87.121.84.80/frost.x86Offlineelf geofenced mirai ext ua-wget USA botnetkiller
2025-11-08 02:36:08http://87.121.84.80/frost.x86_64Offlineelf geofenced mirai ext ua-wget USA botnetkiller
2025-11-08 02:36:08http://87.121.84.80/frost.armv7Offlineelf geofenced Ngioweb ua-wget USA botnetkiller
2025-11-08 02:36:08http://87.121.84.80/frost.armv6Offlineelf geofenced Ngioweb ua-wget USA botnetkiller
2025-11-08 02:36:08http://87.121.84.80/frost.mipselOfflineelf geofenced mirai ext ua-wget USA botnetkiller
2025-11-08 02:36:08http://87.121.84.80/ipcam.goahead-rep.shOfflinegeofenced Ngioweb sh ua-wget USA botnetkiller
2025-11-08 02:36:08http://87.121.84.80/dvr.jaws.shOfflinegeofenced Ngioweb sh ua-wget USA botnetkiller
2025-11-08 02:36:08http://87.121.84.80/frost.aarch64Offlineelf geofenced mirai ext ua-wget USA botnetkiller
2025-11-08 02:36:08http://87.121.84.80/frost.armv5Offlineelf geofenced Ngioweb ua-wget USA botnetkiller
2025-11-08 02:36:07http://87.121.84.80/dvr.tvt-rep.shOfflinegeofenced Ngioweb sh ua-wget USA botnetkiller
2025-11-08 02:36:06http://87.121.84.80/dvr.lilin-rep.shOfflinegeofenced Ngioweb sh ua-wget USA botnetkiller
2025-11-08 02:36:06http://87.121.84.80/router.lblink-rep.shOfflinegeofenced Ngioweb sh ua-wget USA botnetkiller
2025-11-08 02:36:06http://87.121.84.80/frost.mipsOfflineelf geofenced ua-wget USA botnetkiller

The table below shows recent payloads delivery by this host.

Firstseen (UTC)SHA256 hashFile typeBazaarSignature
2026-03-02 06:48:15e8bb69991932216c904ad7e57149f619cc2d76b5cbfe2ce959560bca126d20d9elf 
2025-11-08 13:34:33925d5525563d3438245bfc9bd409a5b126b96cf449f7d540bffe284f56d5745dshNgioweb
2025-11-08 11:23:56f423bf3c71770f069ab5d6bd0109c000c0f97234ee6a8d543d769d195e18ddafshNgioweb
2025-11-08 11:21:42a9e190994f75b7b2aea999b99674b344b064f4c87279729e76d3dbdd4d322e60shNgioweb
2025-11-08 07:52:087b43d80550bca89fecb7ae2fb40c74fa308216400491e0ad84dcacc2b2e166b2shNgioweb
2025-11-08 07:21:36a8e87888e8e4cea9a8afacad551c18d2b1ccf0fd763a5f2d3000b5fa8869514dshNgioweb
2025-11-08 07:17:40119031d11c894b585fd88084898929a892beb5b9df57e56b779d8aaa3dae9ba6shNgioweb
2025-11-08 07:03:36d38c1a2f7cff1e5188eb3cf98f0e515a82fd368d77229bec1c1d41c899ed2b62shNgioweb
2025-11-08 06:37:444a96f132025ca1ec8c7efa747c130bffb7e39fb1992e8d08db20926e9f494dbeshNgioweb
2025-11-08 02:36:088758eddd99d34eae170f69fe5c58231a546fef0f56a7e30eefac59ef10ca906belfMirai
2025-11-08 02:36:08f08d8c43beedbc8d45ea133b44dd09e13d80d725846eac7615141dee9064907eelfNgioweb
2025-11-08 02:36:08d0ca62e68e235aca958e3877ae7ed505c5667207c95d34907bc806e5ffa0b21belfNgioweb
2025-11-08 02:36:087997eca9041eb31e0264e9273d28e3b672f6f6cb206919ea1167610cfa601f93elfMirai
2025-11-08 02:36:08966770e3938bb350119a960948a15421d9c6e0944c4d49f5aa631d3bd9fee703elfNgioweb
2025-11-08 02:36:08a85c562d0b13602adfad63635f895ba1fcd8f4780121f7f98febc10fbfba1819elfMirai
2025-11-08 02:36:08296d6af5b711aada05ec72d517af8b677c32d4f894fda2934ad5289b7f671619elfMirai
2025-11-08 02:36:0616c193e0951e4649d08312856bba21449eeb11068838c6079d77bf88cb37086felf