URLhaus Database
Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).
Database Entry
IP addresses
The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.
| Firstseen (UTC) | IP address | Hostname | SBL | ASN | Country | Active? |
|---|---|---|---|---|---|---|
| 2025-04-27 20:12:05 | 15.197.148.33 | a2aa9ff50de748dbe.awsglobalaccelerator.com | Not listed | AS16509 AMAZON-02 |  US | yes |
| 2025-04-27 20:12:05 | 3.33.130.190 | a2aa9ff50de748dbe.awsglobalaccelerator.com | Not listed | AS16509 AMAZON-02 | US | yes |
| 2020-03-20 21:07:02 | 34.206.12.234 | ec2-34-206-12-234.compute-1.amazonaws.com | Not listed | AS16509 AMAZON-02 | US | no |
| 2020-02-04 01:09:39 | 35.169.58.188 | ec2-35-169-58-188.compute-1.amazonaws.com | Not listed | AS16509 AMAZON-02 | US | no |
| 2020-02-04 01:09:39 | 54.208.77.124 | ec2-54-208-77-124.compute-1.amazonaws.com | Not listed | AS14618 AMAZON-AES | US | no |
| 2019-08-12 12:04:35 | 184.168.221.54 | 54.221.168.184.host.secureserver.net | Not listed | AS26496 AS-26496-GO-DADDY-COM-LLC | US | no |
| 2019-08-15 15:22:07 | 50.63.202.41 | 41.202.63.50.host.secureserver.net | Not listed | AS26496 AS-26496-GO-DADDY-COM-LLC | US | no |
| 2019-08-16 10:33:00 | 184.168.221.47 | 47.221.168.184.host.secureserver.net | Not listed | AS26496 AS-26496-GO-DADDY-COM-LLC | US | no |
| 2019-08-11 07:43:11 | 184.168.221.55 | 55.221.168.184.host.secureserver.net | Not listed | AS26496 AS-26496-GO-DADDY-COM-LLC | US | no |
| 2019-07-12 06:38:33 | 184.168.221.90 | 90.221.168.184.host.secureserver.net | Not listed | AS26496 AS-26496-GO-DADDY-COM-LLC | US | no |
Malware URLs
The table below shows all malware URLs that are associated with this particular host.
| Dateadded (UTC) | URL | Status | Tags | Reporter |
|---|---|---|---|---|
| 2019-05-07 14:10:07 | http://gameforte.com/rsjcz/esp/WZtveSVOLyQrLUMH... | Offline | doc emotet  epoch2 heodo |  Cryptolaemus1 |
The table below shows recent payloads delivery by this host.
| Firstseen (UTC) | SHA256 hash | File type | Bazaar | Signature |
|---|---|---|---|---|
| 2019-11-30 12:59:19 | 7ded3cb980c4ec6d17654902190e8f6e883916b1323d3ac58e484222427a0d86 | html | ||
| 2019-05-07 19:57:04 | f0e05fcf22d473ad5eb79a73fc82818bdf3555325d04a54b965953de5bdc8c4b | doc | Heodo | |
| 2019-05-07 19:11:05 | f412a78d93f03f39f6a58c865c75d6481a3ecfb83a3fdbf1ed32c0c546a773f5 | doc | Heodo | |
| 2019-05-07 16:09:28 | d24af13e71c753092d182b549e9be0c54654f175f581ed439c8e826fbaa1e604 | doc | Heodo | |
| 2019-05-07 15:23:08 | 4196c7477de08eff64b2a769a48f21543127f12c6058644082ade360ac5810e7 | doc | Heodo | |
| 2019-05-07 14:36:12 | 22acd9dfb71a2c0c1a0ce6d0d750ba554e517075ec6958d107956776cacd8e37 | doc | ||
| 2019-05-07 14:10:07 | 79e388831a0b0044d7412d5b6719559e5925a1cdd6e4e97094694a8913513af1 | doc | Heodo |