URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2025-09-10 20:04:48	15.197.240.20	acf3b736b777428f5.awsglobalaccelerator.com	Not listed	AS16509 AMAZON-02	US	no
2021-01-27 14:22:14	162.251.85.205	md-94.webhostbox.net	Not listed	AS46606 UNIFIEDLAYER-AS-1	US	no

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2021-01-27 21:03:06	https://afrisave.theharbourrestaurant.com/feinl...	Offline	Dridex	Cryptolaemus1
2021-01-27 14:22:14	https://afrisave.theharbourrestaurant.com/feizn...	Offline	Dridex	stoerchl

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2021-01-28 15:43:45	d38482b2ee3862fb7d2823365820cad52050abb419dae03bde2cf75f5af607f6	dll		Dridex
2021-01-28 07:11:05	d987da2edc194b08694df2c82f0bdffe81e26a7ce0f76cf26336f5cb18084bb3	dll		Dridex
2021-01-27 20:40:00	661fd79c0129401947b43d2212f5156616dc88e7d38f8b65499e6e0f0b93e39e	dll		Dridex
2021-01-27 18:14:08	5fc8b21e4976f8210d3b9ab1f9400a0fcabd720f1c3611147daa72e9a8e5624a	dll		Dridex
2021-01-27 16:54:33	db083ff72ed474c920a260d3e6e0786aca0c7065edec4eae5974e418ce91d269	dll		Dridex
2021-01-27 16:13:38	029ae6ff82c941c83049b7387d1d3f367077e9c27645e2c951ac8a9f8ac51d5b	dll		Dridex
2021-01-27 15:18:11	ee0d0cdb50a25529043244c035bafe10936194d268ebcce2cd55387e3491ba5d	dll		Dridex
2021-01-27 14:22:14	656e8cfb9d183adf792ed933c5c177190f10064cbff62090977f2174cce9df0d	dll		Dridex