URLhaus Database
Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).
Database Entry
IP addresses
The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.
| Firstseen (UTC) | IP address | Hostname | SBL | ASN | Country | Active? |
|---|---|---|---|---|---|---|
| 2025-08-06 12:49:15 | 51.79.228.20 | ns5004965.ip-51-79-228.net | Not listed | AS16276 OVH |  SG | yes |
Malware URLs
The table below shows all malware URLs that are associated with this particular host.
| Dateadded (UTC) | URL | Status | Tags | Reporter |
|---|---|---|---|---|
| 2025-08-06 12:49:19 | http://ns5004965.ip-51-79-228.net:17701/xlfrc64... | Offline | ua-wget |  BlinkzSec |
| 2025-08-06 12:49:16 | http://ns5004965.ip-51-79-228.net:17701/10.exe | Offline | CobaltStrike  ua-wget | BlinkzSec |
| 2025-08-06 12:49:16 | http://ns5004965.ip-51-79-228.net:17701/88.exe | Offline | CobaltStrike ua-wget | BlinkzSec |
| 2025-08-06 12:49:15 | http://ns5004965.ip-51-79-228.net:17701/nc64.exe | Offline | ua-wget | BlinkzSec |
The table below shows recent payloads delivery by this host.
| Firstseen (UTC) | SHA256 hash | File type | Bazaar | Signature |
|---|---|---|---|---|
| 2025-08-06 12:49:19 | fd10120afcad7ce9f20aed34679bbeef3173009f7b78caee40aae285512503d0 | exe | ||
| 2025-08-06 12:49:16 | 2df98b623cd8011af0d609879eefbff634b1ff9a36566de1f98b33411905c604 | exe | CobaltStrike | |
| 2025-08-06 12:49:15 | ef4104e60bec9b76c4c170463700002f2fb0d7098fc0a5bd1e2947787b5319c0 | exe | CobaltStrike | |
| 2025-08-06 12:49:13 | 3e59379f585ebf0becb6b4e06d0fbbf806de28a4bb256e837b4555f1b4245571 | exe |