URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2025-10-03 01:35:00	13.248.169.48	a904c694c05102f30.awsglobalaccelerator.com	Not listed	AS16509 AMAZON-02	US	yes
2025-10-03 01:35:00	76.223.54.146	a904c694c05102f30.awsglobalaccelerator.com	Not listed	AS16509 AMAZON-02	US	yes
2025-05-05 11:38:24	159.89.244.183		Not listed	AS14061 DIGITALOCEAN-ASN	US	no
2025-05-05 11:38:24	164.90.244.158		Not listed	AS14061 DIGITALOCEAN-ASN	US	no
2020-06-12 19:16:45	50.31.1.32	mts-trade.ru	Not listed	AS32748 STEADFAST	US	no
2020-05-25 08:58:35	185.220.34.173	vps28012.vpsville.ru	Not listed	AS59504 vpsville-AS	RU	no
2020-05-25 08:58:36	89.111.133.39		Not listed	AS48287 RU-CENTER	RU	no
2020-05-25 13:05:41	91.134.235.183		Not listed	AS16276 OVH	FR	no
2020-05-25 08:58:36	46.254.16.141	news.med-std.ru	Not listed	AS210079 EUROBYTE	RU	no
2025-10-01 17:23:59	166.117.110.61		Not listed	AS16509 AMAZON-02	US	no

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2020-05-25 08:58:36	http://gstat.echowin.com/autorizz0.exe	Offline	exe geofenced Gozi ISFB ITA ursnif	abuse_ch

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2020-05-25 12:20:08	38ac80ebfd8a0367ea8f3d3bd5551c107a8df384a0bbbfba742709ceeca7b97e	exe		Gozi
2020-05-25 09:15:38	47d181d5fc9db787cee7a1faa405a9ed2de1eda1b933961797c0b70465fc29c4	exe		Gozi
2020-05-25 09:00:10	20dedbcf8f882c369ee43d576b08bf1f70a7a7022503c740f2acaa14b1b8da19	exe		Gozi