URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2025-07-24 18:34:32	162.0.232.184	premium277-1.web-hosting.com	Not listed	AS22612 NAMECHEAP-NET	US	yes
2025-07-11 14:18:28	66.29.153.138	premium321-5.web-hosting.com	Not listed	AS22612 NAMECHEAP-NET	US	no
2025-06-24 23:13:48	192.64.119.154		Not listed	AS22612 NAMECHEAP-NET	US	no
2022-09-27 23:39:31	209.99.40.222	209-99-40-222.fwd.datafoundry.com	Not listed	AS23005 SWITCH-LTD	US	no
2022-03-26 02:57:28	2.57.90.16		Not listed	AS47583 AS-HOSTINGER	GB	no
2021-03-24 15:07:28	185.224.138.108		Not listed	AS47583 AS-HOSTINGER	NL	no

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2021-03-24 15:07:28	https://europeanzonexxi.com/fcbzt5j.rar	Offline	Dridex	reecdeep

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2021-03-30 09:26:41	854d8ea55c88f9c6714e2b1babda6d6b394aa35ef671184a5c000e60b03f2879	dll		Dridex
2021-03-24 20:20:20	ed5fb363f765e5ebf27d230bbe96cdb77be2a424ff7b7008a70ab3f2a56c25e4	dll		Dridex
2021-03-24 17:58:41	233328d53aa34b48abe13148d5caa0ab3e55f656da72e3c6a77b61f2938a1342	dll		Dridex
2021-03-24 16:07:24	d1fe195f615224b811ad982dcbcbc4551a4f9d3383e5a120a8f331b7d044d917	dll		Dridex
2021-03-24 15:07:27	c3f09c266461ecb0546e660caafbd91e4d05f58d8bc7291ee718e55b2767dcce	dll		Dridex