URLhaus Database

You are currently viewing the URLhaus database entry for http://196.251.115.216/bins/xnxnxnxnxnxnxnxnsh2xnxn which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

ID:	3688042
URL:	http://196.251.115.216/bins/xnxnxnxnxnxnxnxnsh2xnxn
URL Status:	Offline
Host:	196.251.115.216
Date added:	2025-10-26 17:00:30 UTC
Last online:	2025-10-31 10:XX:XX UTC
Threat:	Malware download
Reporter:	abuse_ch
Abuse complaint sent (?):	Yes (2025-10-27 06:25:17 UTC to abuse{at}nybula[dot]com)
Takedown time:	4 days, 4 hours, 31 minutes (down since 2025-10-31 10:56:24 UTC)
Tags:	elf mirai ua-wget

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Bazaar	Signature
2025-10-28	n/a	elf	2a344233a93dd8f98b6797e4aa5ed6f21d2360972d150bd268537a3881dc74f0	14.75%		Mirai
2025-10-28	n/a	elf	2f36c84ecd116c670a65ec78304566245b985d0638325c526af1d18b5546bc8e	n/a		Mirai
2025-10-28	n/a	elf	6dc5161cbd963fd9ff0fbb5c1edaa0d4c15087c9ed8b3d90a9c75eb42915e615	n/a		Mirai
2025-10-27	n/a	elf	8d93deb51d6c2d91b6bac9cf65b60e4ad89bb082ddb4d15f9d9a3b14df3ea478	17.19%		Mirai