URLhaus Database
Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).
Database Entry
IP addresses
The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.
| Firstseen (UTC) | IP address | Hostname | SBL | ASN | Country | Active? |
|---|---|---|---|---|---|---|
| 2025-11-15 03:49:43 | 140.188.66.228 | Not listed | AS54600 PEG-SV |  US | yes | |
| 2025-04-27 12:55:22 | 108.186.180.125 | Not listed | AS54600 PEG-SV | US | no | |
| 2019-06-15 08:12:04 | 47.91.170.222 | Not listed | AS45102 ALIBABA-CN-NET |  HK | no | |
| 2019-02-22 14:59:19 | 61.188.39.136 | 136.39.188.61.broad.nj.sc.dynamic.163data.com.cn | Not listed | AS38283 CHINANET-SCIDC-AS-AP |  CN | no |
Malware URLs
The table below shows all malware URLs that are associated with this particular host.
| Dateadded (UTC) | URL | Status | Tags | Reporter |
|---|---|---|---|---|
| 2019-02-25 16:53:11 | http://m.szbabaoli.com/En_us/xerox/New_invoice/... | Offline | heodo  |  spamhaus |
| 2019-02-22 14:59:19 | http://m.szbabaoli.com/organization/accounts/se... | Offline | emotet epoch1 heodo |  Cryptolaemus1 |
The table below shows recent payloads delivery by this host.
| Firstseen (UTC) | SHA256 hash | File type | Bazaar | Signature |
|---|---|---|---|---|
| 2019-03-06 08:37:54 | cb02b9aaa4937f5c875fd7d1bb1c73ff7ecb96c77ef8a742f6591affc76edaf1 | unknown | ||
| 2019-03-06 08:14:07 | 5d4f0571642a232dffa2a095f79cec883f205b3e1a4cb1d70d0547661743f908 | unknown | ||
| 2019-03-06 07:01:57 | 85601745029bc2ccca42a73a36067ff5ea442fd2fd45831d465589428c6e81ae | unknown | ||
| 2019-02-27 13:41:38 | d2ff05ca4592e4f36a5b5da1ca5229c5b6c464d7871fb3b60f5ec440c1afae1e | docx | ||
| 2019-02-25 20:26:42 | 921c5e924e9c404e3aaa8bdae58c88dbd296963a1995a1877d9a597b5d1d9b73 | docx |