URLhaus Database
Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).
Database Entry
IP addresses
The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.
| Firstseen (UTC) | IP address | Hostname | SBL | ASN | Country | Active? |
|---|---|---|---|---|---|---|
| 2025-05-17 13:45:22 | 195.250.27.46 | s3450.mex1.stableserver.net | Not listed | AS211126 WHG-MEX |  MX | yes |
| 2023-06-28 09:32:21 | 91.195.240.12 | Not listed | AS47846 SEDO-AS |  DE | no | |
| 2025-05-08 15:20:22 | 195.250.27.44 | s3448.mex1.stableserver.net | Not listed | AS211126 WHG-MEX | MX | no |
| 2025-04-28 03:35:15 | 195.250.27.29 | s3417.mex1.stableserver.net | Not listed | AS211126 WHG-MEX | MX | no |
| 2023-05-25 01:32:50 | 92.38.150.180 | s685.gru5.mysecurecloudhost.com | Not listed | AS199524 GCORE |  BR | no |
| 2023-02-11 11:45:31 | 185.151.30.195 | 185-151-30-195.ptr4.stackcp.net | Not listed | AS48254 TWENTYI |  GB | no |
| 2022-05-20 02:46:49 | 148.163.69.161 | . | Not listed | AS53755 IOFLOOD |  US | no |
| 2022-03-18 10:40:07 | 148.163.69.135 | usvip2.noc84.com | Not listed | AS53755 IOFLOOD | US | no |
Malware URLs
The table below shows all malware URLs that are associated with this particular host.
| Dateadded (UTC) | URL | Status | Tags | Reporter |
|---|---|---|---|---|
| 2022-03-18 13:34:06 | http://amautatravel.com/cgi-bin/WhWIic/ | Offline | dll emotet  epoch4 heodo |  Cryptolaemus1 |
| 2022-03-18 10:40:07 | https://amautatravel.com/cgi-bin/WhWIic/ | Offline | dll emotet epoch4 heodo | Cryptolaemus1 |
The table below shows recent payloads delivery by this host.