URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	libs.9tb.org
Domain registrar:	Gname
Domain registration date:	2025-11-02 16:58:40 UTC
Abuse complaint sent?:	Yes (2026-03-19 21:10:02 UTC to ops{at}pir[dot]org)
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Status unknown
AdGuard :	Status unknown
Cloudflare :	Not blocked
ProtonDNS :	Status unknown
OpenBLD :	Blocked
DNS4EU :	Not blocked
Control D HaGeZi :	Not blocked
Firstseen:	2026-03-19 21:09:05 UTC
Total malware sites :	15
Online malware sites :	0 (0%)
Offline Malware sites :	15 (100%)
A record(s) observed :	4

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2026-03-22 14:39:55	144.31.4.224	s210715.love-is.nexus	Not listed	AS215730 H2NEXUS-AS	PL	no
2026-03-21 08:25:13	142.248.148.126		Not listed	AS49304 SAKURA-AS	JP	no
2026-03-21 02:33:31	142.248.149.134		Not listed	AS49304 SAKURA-AS	JP	no
2026-03-19 21:09:21	139.162.114.163	139-162-114-163.ip.linodeusercontent.com	Not listed	AS63949 AKAMAI-LINODE-AP	JP	no

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2026-03-19 21:25:24	http://libs.9tb.org/linux_386	Offline	elf mirai ua-wget x86	botnetkiller
2026-03-19 21:25:24	http://libs.9tb.org/linux_arm7	Offline	arm elf gafgyt mirai ua-wget	botnetkiller
2026-03-19 21:25:24	http://libs.9tb.org/linux_amd64	Offline	elf mirai ua-wget x86	botnetkiller
2026-03-19 21:09:27	http://libs.9tb.org/linux_ppc64el	Offline	elf mirai PowerPC ua-wget	botnetkiller
2026-03-19 21:09:27	http://libs.9tb.org/linux_aarch64	Offline	arm elf mirai ua-wget	botnetkiller
2026-03-19 21:09:27	http://libs.9tb.org/linux_mips_hardfloat	Offline	elf mips mirai ua-wget	botnetkiller
2026-03-19 21:09:27	http://libs.9tb.org/linux_mipsel_softfloat	Offline	elf mips mirai ua-wget	botnetkiller
2026-03-19 21:09:27	http://libs.9tb.org/linux_mipsel_hardfloat	Offline	elf mips mirai ua-wget	botnetkiller
2026-03-19 21:09:27	http://libs.9tb.org/linux_arm6	Offline	arm elf gafgyt mirai ua-wget	botnetkiller
2026-03-19 21:09:27	http://libs.9tb.org/linux_arm5	Offline	arm elf gafgyt mirai ua-wget	botnetkiller
2026-03-19 21:09:27	http://libs.9tb.org/linux_mips64	Offline	elf mips mirai ua-wget	botnetkiller
2026-03-19 21:09:27	http://libs.9tb.org/linux_mips64el	Offline	elf mips mirai ua-wget	botnetkiller
2026-03-19 21:09:27	http://libs.9tb.org/linux_ppc64	Offline	elf mirai PowerPC ua-wget	botnetkiller
2026-03-19 21:09:22	http://libs.9tb.org/linux_mips_softfloat	Offline	elf mips mirai ua-wget	botnetkiller
2026-03-19 21:09:21	http://libs.9tb.org/dddd.sh	Offline	mirai sh ua-wget	botnetkiller

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2026-03-20 07:49:05	a61c74d12b3e33d976eac340cb3039a7ef455b7bc362f4b956083e45de566a2c	elf
2026-03-20 07:36:55	d58724360b47456e9f5162b1ff011a2ae8b797be15a37ed80d01d96fb7faac5f	elf		Gafgyt
2026-03-20 07:25:40	87bcfcd7e978dc58619b9ec918d47cc6ef8af704baa89fcd9eb0d3e49db86305	elf
2026-03-20 07:22:03	dcf5df996a112e892bae324b5e3c0664ad4d4f9f473494bcaad1cac3adedb512	elf
2026-03-20 07:14:06	471ad160762a5c3f541d4e76ee086ee351da2e280daf11d6d009f89366395d83	elf		Gafgyt
2026-03-20 07:01:44	ad70845892f5115877371e98bfb51492add9182a6cf4cf5f8001138af5b509da	elf		Gafgyt
2026-03-20 06:50:46	4a665feddc2f1e4ed7665f49c2dfae1d05b11d6fe921e2e4f7ae1798fee0c89a	elf
2026-03-20 06:48:49	4ddefa7635a60e03ff39678587427cc09f810a65b1c33e1d065174fbf98042ef	elf
2026-03-20 06:44:23	c69e69dc3ae7633b9476072001c4eaaeb8dd8c85700b97484dfdda3d86fe6fec	elf
2026-03-20 06:42:51	19d22973789738ba9081ebaee823230512489ecfc680d51144cb3d9bcd4cc833	elf
2026-03-20 06:37:25	8a18e3f3a41b64fa23d231fdc33a941b7b5f5252374c6180a3c63b4f6a99d68d	elf
2026-03-20 06:35:14	9ddb3ce1d5a6b94de8e55c093b20ff289872814d4d2f849407e08e87b6159650	elf
2026-03-19 21:25:24	0090764bcf2db6ec2c2dfac1726190d219b05174727f330c998452cef71edab2	elf		Gafgyt
2026-03-19 21:25:24	c8f3b84814fe469e2d551c141b37bf74e350bfeafb31a530d2582788cc445789	elf
2026-03-19 21:25:24	48bb77a7a55300ad0acdac1e8d80f3afd68e143cd5bb6512c7e6f71a554544bf	elf
2026-03-19 21:09:27	8c2ebd1990cb95e7ded08c14cf1a273921fb14a941f280f60e8fbcea4a9961e4	elf
2026-03-19 21:09:27	693804fcbbb4d97efbeb03d2b30f858de871460f58cfbb90e36d9042a20953ed	elf
2026-03-19 21:09:27	b1599da80f790e8ec4057e2f8794c81a1b03cba12efe57f754e62626ef6b74ea	elf
2026-03-19 21:09:27	b7a92042924957d6e8a5afa3948abf767cb7b304f73445f0ff0d6001a68527c4	elf
2026-03-19 21:09:27	7b45e5dc85e06ce7d05fef0596066df3a584200b25d9808051253152e886a963	elf
2026-03-19 21:09:27	ea67345e99150d5d38382dcad1e508784a28ea8347440191d0c698a57c4b2cff	elf
2026-03-19 21:09:26	1d820e6c99e11b266ca47a7e465dd965a282805b3d60179f5c08101e395457e3	elf
2026-03-19 21:09:26	d14f2cbe763c083e82375e4b6fa19386d8514e1b35a87e6d5e42d465a48e818c	elf
2026-03-19 21:09:26	bd6f00168e9e92434533fc1cbe5933c22bdde8239e7d6b7bf7e26b761723e0c0	elf
2026-03-19 21:09:26	7c00939422d1e1c2c1720e3322ca50ca660de227730b48694d28b841a572f1f5	elf
2026-03-19 21:09:22	baa2f8273b8052d53401e12d1d22640c0b3a44c3cb1e396baa95bcdd8322eeda	elf
2026-03-19 21:09:21	0e7af68125450f1a0071d23518fa90f4c9f7d6342d7edd077cc4888e8da1ca2c	sh