URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2025-07-14 10:04:10	52.16.171.153	ec2-52-16-171-153.eu-west-1.compute.amazonaws.com	Not listed	AS16509 AMAZON-02	IE	yes
2025-06-18 06:56:20	34.41.139.193	193.139.41.34.bc.googleusercontent.com	Not listed	AS396982 GOOGLE-CLOUD-PLATFORM	US	no
2025-06-18 06:56:20	34.159.223.43	43.223.159.34.bc.googleusercontent.com	Not listed	AS396982 GOOGLE-CLOUD-PLATFORM	DE	no
2025-04-29 23:14:02	34.132.102.6	6.102.132.34.bc.googleusercontent.com	Not listed	AS396982 GOOGLE-CLOUD-PLATFORM	US	no
2025-04-29 23:14:02	34.136.111.81	81.111.136.34.bc.googleusercontent.com	Not listed	AS396982 GOOGLE-CLOUD-PLATFORM	US	no
2021-01-22 06:50:04	62.173.148.91		Not listed	AS34300 SPACENET-AS	RU	no

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2021-01-22 06:50:04	http://linelectriciti.casa/pan0ramic0.jpg	Offline	dll geofenced Gozi ISFB ITA ursnif	JAMESWT_MHT

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2025-10-25 13:34:13	1687bf406aacd5ceef4f5b9ff8f67885969ad4d19ef73f42d3d23f7c52253305	unknown
2021-01-22 10:20:25	63bee368085136ef7eed0823b6d8fb25ffecfd6f6d9050ee26f782e2b35df9a4	dll		Gozi
2021-01-22 09:16:41	8baffba2ed672607e1535dcbfcc47a264e7b8941f63cf181814d7365e8627d05	exe		Gozi
2021-01-22 07:00:35	ca3408df31dc066d6ec4feea0388ca8d0cf5d35393bd5a6f1979b9af590f7615	exe		Gozi