URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	cnc.ghty.online
Domain registrar:	Namecheap
Domain registration date:	2024-09-03 08:57:08 UTC
Abuse complaint sent to registrar:	Yes (2024-09-04 22:46:02 UTC to abuse{at}namecheap[dot]com)
Domain registry:	Radix
Abuse complaint sent to registry:	Yes (2024-09-04 22:46:02 UTC to abuse[dot]alert{at}radix[dot]email)
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Not blocked
AdGuard :	Not blocked
Cloudflare :	Blocked
ProtonDNS :	Not blocked
OpenBLD :	Not blocked
DNS4EU :	Not blocked
Control D HaGeZi :	Not blocked
Firstseen:	2024-09-04 22:43:03 UTC
Total malware sites :	10
Online malware sites :	0 (0%)
Offline Malware sites :	10 (100%)
A record(s) observed :	2

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2025-11-28 05:03:22	34.41.139.193	193.139.41.34.bc.googleusercontent.com	Not listed	AS396982 GOOGLE-CLOUD-PLATFORM	US	yes
2024-09-04 22:43:05	5.59.248.92	it-pom-server.powered-by.c1vhosting.it	Not listed	AS212271 C1V	IT	no

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2024-09-04 22:43:08	http://cnc.ghty.online/c.arm6	Offline	botnetdomain c elf HoneypotV3 mirai	NDA0E
2024-09-04 22:43:08	http://cnc.ghty.online/c.arm7	Offline	botnetdomain c elf HoneypotV3 mirai	NDA0E
2024-09-04 22:43:08	http://cnc.ghty.online/c.arm5	Offline	botnetdomain c elf HoneypotV3 mirai	NDA0E
2024-09-04 22:43:07	http://cnc.ghty.online/c.m68k	Offline	botnetdomain c elf HoneypotV3 mirai	NDA0E
2024-09-04 22:43:06	http://cnc.ghty.online/c.x86	Offline	botnetdomain c elf HoneypotV3 mirai	NDA0E
2024-09-04 22:43:06	http://cnc.ghty.online/c.mips	Offline	botnetdomain c elf HoneypotV3 mirai	NDA0E
2024-09-04 22:43:06	http://cnc.ghty.online/c.mpsl	Offline	botnetdomain c elf HoneypotV3 mirai	NDA0E
2024-09-04 22:43:06	http://cnc.ghty.online/c.spc	Offline	botnetdomain c elf HoneypotV3 mirai	NDA0E
2024-09-04 22:43:06	http://cnc.ghty.online/c.ppc	Offline	botnetdomain c elf HoneypotV3 mirai	NDA0E
2024-09-04 22:43:05	http://cnc.ghty.online/c.arm	Offline	botnetdomain c elf HoneypotV3 mirai	NDA0E

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2024-09-04 22:43:08	6288acb6cba9348a2b4da51bdc63250f14726f9a63c0eadd9bf364020111f73d	elf		Mirai
2024-09-04 22:43:08	0aa7304453ec3340cb88c54191f6170b3a1ca1bbc175f1ea70484f114b16923b	elf		Mirai
2024-09-04 22:43:08	0d99ecb3c631baac1bd3e8c863bfe0087729d7af9fe005fc6d58712d493a70d4	elf		Mirai
2024-09-04 22:43:07	65b126e31c5d791273b6f2f9dc78fdb0fbb93793d64ca4ab5ffafd5c14c61d49	elf		Mirai
2024-09-04 22:43:06	49793e729a5e01743459de312465789669c0fb3186997c950bd3313d35f940ab	elf		Mirai
2024-09-04 22:43:06	3bcfc04e63b6d9007ce4c63b9334ce56b333dfc2f54997b311d698fde4a3934a	elf		Mirai
2024-09-04 22:43:06	5354dc283ac0fa5135d4a4967536f02048a8a8a1d3eb1c6eb37a869367f04f26	elf		Mirai
2024-09-04 22:43:06	eb08bbbfda950f2d70ff145f009374326a04b40ec03a4306cac65d681259ca59	elf		Mirai
2024-09-04 22:43:05	f5f9ac8f0c797fe180a544cef5a468c69305ff60be17d2f89dfe55a0e474feae	elf		Mirai
2024-09-04 22:43:05	b6de5cf6c8b7f0aa0483d8ca388405c7c966ce67a1e6ac3392453b9ca169bb83	elf		Mirai