URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2025-04-29 17:16:14	46.5.200.150	ip-046-005-200-150.um12.pools.vodafone-ip.de	Not listed	AS3209 VODANET	DE	yes
2022-02-11 08:28:12	46.246.84.3	c-46-246-84-3.ip4.frootvpn.com	Not listed	AS42708 GLESYS	SE	no
2022-02-07 14:03:46	46.246.26.16	c-46-246-26-16.ip4.frootvpn.com	Not listed	AS42708 GLESYS	SE	no
2022-02-05 02:53:52	46.246.26.18	c-46-246-26-18.ip4.frootvpn.com	Not listed	AS42708 GLESYS	SE	no
2021-10-30 16:55:33	46.246.12.16	c-46-246-12-16.ip4.frootvpn.com	Not listed	AS42708 GLESYS	SE	no
2022-01-28 10:12:52	46.246.80.15	c-46-246-80-15.ip4.frootvpn.com	Not listed	AS42708 GLESYS	SE	no
2021-07-24 03:38:55	46.246.6.10	c-46-246-6-10.ip4.frootvpn.com	Not listed	AS42708 GLESYS	SE	no
2022-01-05 11:25:47	46.246.4.20	c-46-246-4-20.ip4.frootvpn.com	Not listed	AS42708 GLESYS	SE	no
2022-01-20 15:47:57	46.246.86.20	c-46-246-86-20.ip4.frootvpn.com	Not listed	AS42708 GLESYS	SE	no
2022-01-15 16:42:05	46.246.26.22	c-46-246-26-22.ip4.frootvpn.com	Not listed	AS42708 GLESYS	SE	no

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2021-07-21 15:06:06	https://ant-ec.duckdns.org/Winver.exe	Offline	32 exe njRAT	zbetcheckin

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2021-07-21 15:06:06	4f0e5aa77c0e9894c311e8ba4daadeeb5d8b7a6f583cf087a5c90547cfe54708	exe		njrat