URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2025-04-27 13:13:19	13.248.169.48	a904c694c05102f30.awsglobalaccelerator.com	Not listed	AS16509 AMAZON-02	US	yes
2025-04-27 13:13:19	76.223.54.146	a904c694c05102f30.awsglobalaccelerator.com	Not listed	AS16509 AMAZON-02	US	yes
2025-09-06 14:30:33	166.117.110.61		Not listed	AS16509 AMAZON-02	US	no
2025-09-06 14:30:33	99.83.161.153	a2b7bf3398455f345.awsglobalaccelerator.com	Not listed	AS16509 AMAZON-02	US	no
2020-09-20 09:02:23	34.102.136.180	180.136.102.34.bc.googleusercontent.com	Not listed	AS396982 GOOGLE-CLOUD-PLATFORM	US	no
2020-09-16 11:25:35	172.67.136.125		Not listed	AS13335 CLOUDFLARENET	n/a	no
2020-09-17 08:28:03	158.69.153.249		Not listed	AS16276 OVH	CA	no

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2020-09-16 11:25:35	https://mangacrush.com/wp-content/Document/Et2a...	Offline	doc emotet epoch1 heodo	Cryptolaemus1

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2020-09-16 12:06:02	713f58d4582847587a9672a604bd31ce604ee2c1e3a3781ef7c17ac2a25aac59	doc		Heodo
2020-09-16 11:48:51	d0b498f52359929c28147dc98237acd28807ec11e4f92c158684a280c8f637d4	doc		Heodo
2020-09-16 11:33:26	45af7091348e94523fcf93e8b5a0b895bfb10b778f2af8e04996845c8ee1e1d5	doc		Heodo
2020-09-16 11:25:34	219b5d039e4a109011e021799762a7dddecbc2c5e6f75294daac8bb6454790a5	doc		Heodo