URLhaus Database
Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).
Database Entry
IP addresses
The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.
| Firstseen (UTC) | IP address | Hostname | SBL | ASN | Country | Active? |
|---|---|---|---|---|---|---|
| 2025-11-11 22:05:19 | 3.222.192.211 | ec2-3-222-192-211.compute-1.amazonaws.com | Not listed | AS16509 AMAZON-02 |  US | yes |
| 2020-04-06 06:57:04 | 185.55.227.103 | dey.dnswebhost.com | Not listed | AS201999 Serverpars |  IR | no |
Malware URLs
The table below shows all malware URLs that are associated with this particular host.
| Dateadded (UTC) | URL | Status | Tags | Reporter |
|---|---|---|---|---|
| 2020-05-25 08:43:03 | http://irangoodshop.com/debere_eSgLdu72.bin | Offline | encrypted GuLoader  |  abuse_ch |
| 2020-05-25 08:26:27 | http://irangoodshop.com/ebukaaa_GnXduS113.bin | Offline | encrypted GuLoader | abuse_ch |
| 2020-04-06 13:56:31 | https://irangoodshop.com/Backdoordebere_encrypt... | Offline | encrypted GuLoader RemcosRAT | abuse_ch |
| 2020-04-06 06:57:04 | https://irangoodshop.com/Backdoordebere_encrypt... | Offline | encrypted GuLoader RemcosRAT | abuse_ch |
The table below shows recent payloads delivery by this host.
| Firstseen (UTC) | SHA256 hash | File type | Bazaar | Signature |
|---|---|---|---|---|
| 2020-05-25 08:43:03 | 4bd95d289b8969de8540d2f6519027f54030eac675294b3ba2b14f4d2f4cd18f | unknown | ||
| 2020-05-25 08:26:27 | 1b40aeff3c66bcb70caad148f5191620c0fd20d220093c2c2d7ce3ed92ce7f86 | unknown | ||
| 2020-04-06 13:56:31 | 9977e868980b351cfbc6991293e1b35b37145695260249f0db14533dc3f0e280 | unknown | ||
| 2020-04-06 06:57:04 | b33c1be9a85146084f738e71c9e3197737b6cb7f99b75a34d8876a35dbad010c | unknown |