URLhaus Database
Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).
Database Entry
IP addresses
The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.
| Firstseen (UTC) | IP address | Hostname | SBL | ASN | Country | Active? |
|---|---|---|---|---|---|---|
| 2025-11-06 00:12:43 | 52.57.198.76 | ec2-52-57-198-76.eu-central-1.compute.amazonaws.com | Not listed | AS16509 AMAZON-02 |  DE | yes |
| 2025-11-06 00:12:43 | 18.196.118.76 | ec2-18-196-118-76.eu-central-1.compute.amazonaws.com | Not listed | AS16509 AMAZON-02 | DE | yes |
| 2025-11-12 03:36:48 | 35.157.17.158 | ec2-35-157-17-158.eu-central-1.compute.amazonaws.com | Not listed | AS16509 AMAZON-02 | DE | yes |
| 2025-10-29 17:41:18 | 3.125.67.28 | ec2-3-125-67-28.eu-central-1.compute.amazonaws.com | Not listed | AS16509 AMAZON-02 | DE | no |
| 2025-10-23 08:10:42 | 3.69.59.16 | ec2-3-69-59-16.eu-central-1.compute.amazonaws.com | Not listed | AS16509 AMAZON-02 | DE | no |
| 2025-10-23 08:10:42 | 3.120.103.200 | ec2-3-120-103-200.eu-central-1.compute.amazonaws.com | Not listed | AS16509 AMAZON-02 | DE | no |
| 2025-10-19 11:46:26 | 18.196.178.230 | ec2-18-196-178-230.eu-central-1.compute.amazonaws.com | Not listed | AS16509 AMAZON-02 | DE | no |
| 2025-10-09 13:44:41 | 3.127.141.21 | ec2-3-127-141-21.eu-central-1.compute.amazonaws.com | Not listed | AS16509 AMAZON-02 | DE | no |
| 2025-10-09 13:44:40 | 35.158.200.89 | ec2-35-158-200-89.eu-central-1.compute.amazonaws.com | Not listed | AS16509 AMAZON-02 | DE | no |
| 2025-10-09 13:44:41 | 54.93.135.239 | ec2-54-93-135-239.eu-central-1.compute.amazonaws.com | Not listed | AS16509 AMAZON-02 | DE | no |
Malware URLs
The table below shows all malware URLs that are associated with this particular host.
| Dateadded (UTC) | URL | Status | Tags | Reporter |
|---|---|---|---|---|
| 2020-08-11 10:38:36 | https://blog.rabota.md/js/uikit/public/ | Offline | doc emotet  epoch2 heodo |  spamhaus |
The table below shows recent payloads delivery by this host.
| Firstseen (UTC) | SHA256 hash | File type | Bazaar | Signature |
|---|---|---|---|---|
| 2020-08-11 15:53:29 | 208687883ec482d8ef391621a964345892dc3af09bbb0797af59fb18935df319 | doc | Heodo | |
| 2020-08-11 15:40:01 | 2cee94dcc3b71779bc2314dfd47fa9e17f89e3344ff4a3f00a21ab86f5bff9e1 | doc | Heodo | |
| 2020-08-11 15:23:21 | 3cbbd9298f3b6d77456b687dba10ecf5f45614573ed3be647167c5e96ef16552 | doc | Heodo | |
| 2020-08-11 15:05:38 | 8bfd3587537db9be73cc189509eab9796c40a95566b79753724b36ce7dce7c19 | doc | Heodo | |
| 2020-08-11 13:34:46 | 1c038e6271ca068993b3ed5c1b5b148ee3d9b310bdd8aebe764253795aff2eaa | doc | Heodo | |
| 2020-08-11 12:03:06 | 2b773fc9f00dc3faefe05dca9697347ab80fb8224235bd96dec05698ea4139f8 | doc | Heodo | |
| 2020-08-11 11:43:45 | f266dfe6eca386777143d38c655e759b22fba117bcd9138c44354938222c1673 | doc | Heodo | |
| 2020-08-11 11:15:39 | 1455b3fed34c9f9524557c1681b4ea63f86ce164113c4c2c15bcf5e70d14b251 | doc | Heodo | |
| 2020-08-11 10:56:00 | c4c90085f1c458859b18e0503f5505debd672b4ad9c0b13a043b89a9e7bceb72 | doc | Heodo | |
| 2020-08-11 10:38:34 | 2523cc27570a391a84abd65e82fb1a231337b2a5361915a4de35de9e73a22a60 | doc | Heodo |