URLhaus Database
Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).
Database Entry
| Host: | file.uhsea.com |
|---|---|
| Spamhaus DBL : | Abused domain (malware) |
| SURBL : | Not blocked |
| Quad9 : | Blocked |
| AdGuard : | Blocked |
| Cloudflare : | Blocked |
| ProtonDNS : | Blocked |
| OpenBLD : | Blocked |
| DNS4EU : | Blocked |
| Control D HaGeZi : | Not blocked |
| Firstseen: | 2025-06-25 16:42:05 UTC |
| Total malware sites : | 2 |
| Online malware sites : | 1 (50%) |
| Offline Malware sites : | 1 (50%) |
| Newest active malware site : | 2025-08-19 05:41:10 UTC |
| Oldest active malware site : | 2025-08-19 05:41:10 UTC (Age: 4 months, 0 days, 1 hours, 38 minutes) |
| A record(s) observed : | 5 |
IP addresses
The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.
| Firstseen (UTC) | IP address | Hostname | SBL | ASN | Country | Active? |
|---|---|---|---|---|---|---|
| 2025-07-23 19:46:53 | 152.89.168.48 | it-pom-server.powered-by.c1vhosting.it | Not listed | AS212271 C1V |  IT | yes |
| 2025-11-04 07:55:47 | 107.172.224.142 | 107-172-224-142-host.colocrossing.com | Not listed | AS36352 AS-COLOCROSSING |  US | no |
| 2025-07-23 10:42:24 | 2.57.123.4 | Not listed | AS24961 MYLOC-AS |  RO | no | |
| 2025-07-02 11:37:04 | 107.174.52.171 | 107-174-52-171-host.colocrossing.com | Not listed | AS36352 AS-COLOCROSSING | US | no |
| 2025-06-25 16:42:11 | 107.175.6.14 | 107-175-6-14-host.colocrossing.com | Not listed | AS36352 AS-COLOCROSSING | US | no |
Malware URLs
The table below shows all malware URLs that are associated with this particular host.
| Dateadded (UTC) | URL | Status | Tags | Reporter |
|---|---|---|---|---|
| 2025-08-19 05:41:10 | http://file.uhsea.com/2508/9e3363f017c60726bf61... | Online | elf geofenced mips mirai  ua-wget USA |  botnetkiller |
| 2025-06-25 16:42:11 | http://file.uhsea.com/2506/88ca48486d2b48bb81ef... | Offline | mirai publicsrc qbot shitbins |  FrostedFlakes666 |
The table below shows recent payloads delivery by this host.
| Firstseen (UTC) | SHA256 hash | File type | Bazaar | Signature |
|---|---|---|---|---|
| 2025-08-19 05:41:10 | 47ab9709fe9e56721c2467d24b8544b0bd8b1d076bf4223eca714392bd074d62 | elf | Mirai | |
| 2025-06-25 16:42:11 | ce31a93e78131f90cc827436f8a92fba0714ea31f17bd8269af3af99a1979979 | elf |